00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
#include <linux/types.h>
00012
#include <linux/version.h>
00013
#include <linux/fs.h>
00014
#include <linux/sched.h>
00015
#include <linux/quotaops.h>
00016
#include <linux/proc_fs.h>
00017
#include <linux/msdos_fs.h>
00018
#include <linux/iso_fs.h>
00019
#include <linux/nfs_fs.h>
00020
#include <linux/ext2_fs.h>
00021
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00022
#include <linux/coda.h>
00023
#include <linux/initrd.h>
00024
#include <linux/security.h>
00025
00026
#include <linux/syscalls.h>
00027
#endif
00028
#include <linux/coda_psdev.h>
00029
#include <linux/ncp_fs.h>
00030
#include <linux/smb.h>
00031
#include <linux/dnotify.h>
00032
#include <linux/mm.h>
00033
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00034
#include <linux/blkdev.h>
00035
#else
00036
#include <linux/blk.h>
00037
#endif
00038
#include <linux/init.h>
00039
#include <linux/config.h>
00040
#include <linux/module.h>
00041
#include <linux/netdevice.h>
00042
#include <linux/inetdevice.h>
00043
#include <asm/uaccess.h>
00044
#include <asm/atomic.h>
00045
#include <rsbac/types.h>
00046
#include <rsbac/aci.h>
00047
#include <rsbac/aci_data_structures.h>
00048
#include <rsbac/error.h>
00049
#include <rsbac/helpers.h>
00050
#include <rsbac/fs.h>
00051
#include <rsbac/getname.h>
00052
#include <rsbac/net_getname.h>
00053
#include <rsbac/adf.h>
00054
#include <rsbac/adf_main.h>
00055
#include <rsbac/reg.h>
00056
#include <rsbac/rkmem.h>
00057
#include <rsbac/gen_lists.h>
00058
#include <linux/string.h>
00059
#include <linux/kdev_t.h>
00060
#include <linux/smp_lock.h>
00061
00062
#ifdef CONFIG_RSBAC_MAC
00063
#include <rsbac/mac.h>
00064
#endif
00065
00066
#ifdef CONFIG_RSBAC_PM
00067
#include <rsbac/pm.h>
00068
#endif
00069
00070
#if defined(CONFIG_RSBAC_RC)
00071
#include <rsbac/rc.h>
00072
#endif
00073
00074
#if defined(CONFIG_RSBAC_AUTH)
00075
#include <rsbac/auth.h>
00076
#endif
00077
00078
#if defined(CONFIG_RSBAC_ACL)
00079
#include <rsbac/acl.h>
00080
#endif
00081
00082
#if defined(CONFIG_RSBAC_PAX) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
00083
#include <rsbac/pax.h>
00084
#endif
00085
00086
#if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
00087
#include <linux/unistd.h>
00088
#include <linux/timer.h>
00089
static u_int auto_interval = CONFIG_RSBAC_AUTO_WRITE * HZ;
00090
#endif
00091
00092
#if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
00093
|| defined(CONFIG_RSBAC_INIT_THREAD)
00094
static DECLARE_WAIT_QUEUE_HEAD(rsbacd_wait);
00095
static struct timer_list rsbac_timer;
00096
#endif
00097
00098
#if defined(CONFIG_RSBAC_NET_OBJ)
00099
#include <rsbac/network.h>
00100
#endif
00101
00102
00103
00104
00105
00106
00107
00108
00109
00110 static boolean rsbac_initialized =
FALSE;
00111
00112 static char compiled_modules[80];
00113
00114 kdev_t
rsbac_root_dev;
00115
#if defined(CONFIG_RSBAC_REG)
00116
EXPORT_SYMBOL(rsbac_root_dev);
00117
#endif
00118
DECLARE_MUTEX(rsbac_write_sem);
00119
00120 static struct rsbac_device_list_head_t
device_list_head;
00121 static struct rsbac_dev_handles_t
dev_handles;
00122 static struct rsbac_ipc_handles_t
ipc_handles;
00123 static struct rsbac_user_handles_t
user_handles;
00124 static struct rsbac_process_handles_t
process_handles;
00125
00126
#ifdef CONFIG_RSBAC_NET_DEV
00127
static struct rsbac_netdev_handles_t netdev_handles;
00128
#endif
00129
#ifdef CONFIG_RSBAC_NET_OBJ
00130
static rsbac_list_handle_t net_temp_handle;
00131
static struct rsbac_nettemp_handles_t nettemp_handles;
00132
static struct rsbac_lnetobj_handles_t lnetobj_handles;
00133
static struct rsbac_rnetobj_handles_t rnetobj_handles;
00134
#endif
00135
00136
00137
00138
00139 static struct rsbac_gen_fd_aci_t def_gen_root_dir_aci =
DEFAULT_GEN_ROOT_DIR_ACI;
00140
00141
#if defined(CONFIG_RSBAC_MAC)
00142
static struct rsbac_mac_fd_aci_t def_mac_root_dir_aci = DEFAULT_MAC_ROOT_DIR_ACI;
00143
#endif
00144
#if defined(CONFIG_RSBAC_RC)
00145
static struct rsbac_rc_fd_aci_t def_rc_root_dir_aci = DEFAULT_RC_ROOT_DIR_ACI;
00146
#endif
00147
00148
#if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00149
#include <rsbac/proc_fs.h>
00150
00151
#ifdef CONFIG_RSBAC_XSTATS
00152
static u_long get_attr_count[
T_NONE] = {0,0,0,0,0,0,0};
00153
static u_long set_attr_count[
T_NONE] = {0,0,0,0,0,0,0};
00154
static u_long remove_count[
T_NONE] = {0,0,0,0,0,0,0};
00155
#endif
00156
00157
#if defined(CONFIG_RSBAC_REG)
00158
EXPORT_SYMBOL(proc_rsbac_root_p);
00159
#endif
00160
struct proc_dir_entry *
proc_rsbac_root_p =
NULL;
00161
00162
#if defined(CONFIG_RSBAC_REG)
00163
EXPORT_SYMBOL(proc_rsbac_backup_p);
00164
#endif
00165
struct proc_dir_entry *
proc_rsbac_backup_p =
NULL;
00166
00167
#endif
00168
00169
#ifdef CONFIG_DEVFS_MOUNT
00170
#include <linux/devfs_fs_kernel.h>
00171
static struct dentry * devfs_covered_p =
NULL;
00172
static struct super_block * devfs_sb_p =
NULL;
00173
#endif
00174
00175
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00176 static struct dentry *
sysfs_covered_p =
NULL;
00177 static struct super_block *
sysfs_sb_p =
NULL;
00178
#endif
00179
00180
#ifdef CONFIG_RSBAC_MAC
00181
static struct rsbac_mac_process_aci_t mac_init_p_aci = DEFAULT_MAC_P_INIT_ACI;
00182
#endif
00183
#ifdef CONFIG_RSBAC_RC
00184
static struct rsbac_rc_process_aci_t rc_kernel_p_aci = DEFAULT_RC_P_KERNEL_ACI;
00185
#endif
00186
00187
00188
00189
00190
00191
static struct rsbac_device_list_item_t *
lookup_device(kdev_t);
00192
00193
00194
00195
00196
00197 static inline int gen_fd_hash(u_long inode)
00198 {
00199
return(inode % RSBAC_GEN_NR_FD_LISTS);
00200 }
00201
#if defined(CONFIG_RSBAC_MAC)
00202
static inline int mac_fd_hash(u_long inode)
00203 {
00204
return(inode % RSBAC_MAC_NR_FD_LISTS);
00205 }
00206
static inline int mac_p_hash(
rsbac_pid_t pid)
00207 {
00208
return(pid % CONFIG_RSBAC_MAC_NR_P_LISTS);
00209 }
00210
#endif
00211
#if defined(CONFIG_RSBAC_FC)
00212
static inline int fc_fd_hash(u_long inode)
00213 {
00214
return(inode % RSBAC_FC_NR_FD_LISTS);
00215 }
00216
#endif
00217
#if defined(CONFIG_RSBAC_SIM)
00218
static inline int sim_fd_hash(u_long inode)
00219 {
00220
return(inode % RSBAC_SIM_NR_FD_LISTS);
00221 }
00222
#endif
00223
#if defined(CONFIG_RSBAC_PM)
00224
static inline int pm_fd_hash(u_long inode)
00225 {
00226
return(inode % RSBAC_PM_NR_FD_LISTS);
00227 }
00228
#endif
00229
#if defined(CONFIG_RSBAC_DAZ)
00230
static inline int daz_fd_hash(u_long inode)
00231 {
00232
return(inode % RSBAC_DAZ_NR_FD_LISTS);
00233 }
00234
#if defined(CONFIG_RSBAC_DAZ_CACHE)
00235
static inline int daz_scanned_fd_hash(u_long inode)
00236 {
00237
return(inode % RSBAC_DAZ_SCANNED_NR_FD_LISTS);
00238 }
00239
#endif
00240
#endif
00241
#if defined(CONFIG_RSBAC_FF)
00242
static inline int ff_fd_hash(u_long inode)
00243 {
00244
return(inode % RSBAC_FF_NR_FD_LISTS);
00245 }
00246
#endif
00247
#if defined(CONFIG_RSBAC_RC)
00248
static inline int rc_fd_hash(u_long inode)
00249 {
00250
return(inode % RSBAC_RC_NR_FD_LISTS);
00251 }
00252
static inline int rc_p_hash(
rsbac_pid_t pid)
00253 {
00254
return(pid % CONFIG_RSBAC_RC_NR_P_LISTS);
00255 }
00256
#endif
00257
#if defined(CONFIG_RSBAC_AUTH)
00258
static inline int auth_fd_hash(u_long inode)
00259 {
00260
return(inode % RSBAC_AUTH_NR_FD_LISTS);
00261 }
00262
#endif
00263
#if defined(CONFIG_RSBAC_CAP)
00264
static inline int cap_fd_hash(u_long inode)
00265 {
00266
return(inode % RSBAC_CAP_NR_FD_LISTS);
00267 }
00268
#endif
00269
#if defined(CONFIG_RSBAC_JAIL)
00270
static inline int jail_p_hash(
rsbac_pid_t pid)
00271 {
00272
return(pid % CONFIG_RSBAC_JAIL_NR_P_LISTS);
00273 }
00274
#endif
00275
#if defined(CONFIG_RSBAC_PAX)
00276
static inline int pax_fd_hash(u_long inode)
00277 {
00278
return(inode % RSBAC_PAX_NR_FD_LISTS);
00279 }
00280
#endif
00281
#if defined(CONFIG_RSBAC_RES)
00282
static inline int res_fd_hash(u_long inode)
00283 {
00284
return(inode % RSBAC_RES_NR_FD_LISTS);
00285 }
00286
#endif
00287
00288
00289
00290
00291
00292
00293
00294
00295
00296
00297 boolean writable(
struct super_block * sb_p)
00298 {
00299
#ifdef CONFIG_RSBAC_NO_WRITE
00300
return(
FALSE);
00301
#else
00302
if (!sb_p || !sb_p->s_dev)
00303
return(
FALSE);
00304
if (
00305
rsbac_debug_no_write ||
00306 (sb_p->s_flags & MS_RDONLY)
00307 || in_interrupt())
00308
return(
FALSE);
00309
if ( !MAJOR(sb_p->s_dev)
00310 #ifndef CONFIG_RSBAC_MSDOS_WRITE
00311 || (sb_p->s_magic == MSDOS_SUPER_MAGIC)
00312
#endif
00313
|| (sb_p->s_magic ==
SOCKFS_MAGIC)
00314 || (sb_p->s_magic == PIPEFS_MAGIC)
00315
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00316
|| (sb_p->s_magic ==
SYSFS_MAGIC)
00317
#endif
00318
|| (sb_p->s_magic == NFS_SUPER_MAGIC)
00319 || (sb_p->s_magic == CODA_SUPER_MAGIC)
00320 || (sb_p->s_magic == NCP_SUPER_MAGIC)
00321 || (sb_p->s_magic == SMB_SUPER_MAGIC)
00322 || (sb_p->s_magic == ISOFS_SUPER_MAGIC))
00323
return(
FALSE);
00324
else
00325
return(
TRUE);
00326
#endif
00327
}
00328
00329
00330
00331
00332
00333
00334 static int lookup_aci_path_dentry(
struct super_block * sb_p,
00335
struct dentry ** dir_dentry_pp,
00336
boolean create_dir,
00337 kdev_t kdev)
00338 {
00339
struct dentry * dir_dentry_p =
NULL;
00340
struct dentry * root_dentry_p =
NULL;
00341
int err=0;
00342
struct rsbac_device_list_item_t * device_p;
00343 u_long dflags;
00344
00345
if(!dir_dentry_pp)
00346
return(-
RSBAC_EINVALIDPOINTER);
00347
00348
if(!sb_p)
00349 {
00350 sb_p =
rsbac_get_super_block(kdev);
00351
if (!sb_p)
00352 {
00353
#ifdef CONFIG_RSBAC_RMSG
00354
rsbac_printk(KERN_WARNING
00355
"lookup_aci_path_dentry(): invalid device %02u:%02u\n",
00356 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00357
#endif
00358
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00359
if (!rsbac_nosyslog)
00360
#endif
00361
printk(KERN_WARNING
00362
"lookup_aci_path_dentry(): invalid device %02u:%02u\n",
00363 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00364
return (-
RSBAC_EINVALIDDEV);
00365 }
00366 }
00367
00368
00369
if( (sb_p->s_magic == PIPEFS_MAGIC)
00370 || (sb_p->s_magic ==
SOCKFS_MAGIC)
00371 )
00372 {
00373
return -
RSBAC_ENOTFOUND;
00374 }
00375
00376 rsbac_read_lock(&
device_list_head.lock, &dflags);
00377 device_p =
lookup_device(kdev);
00378
if(!device_p)
00379 {
00380
#ifdef CONFIG_RSBAC_RMSG
00381
rsbac_printk(KERN_WARNING
00382
"lookup_aci_path_dentry(): No entry for device %02u:%02u\n",
00383 MAJOR(kdev), MINOR(kdev));
00384
#endif
00385
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00386
if (!rsbac_nosyslog)
00387
#endif
00388
printk(KERN_WARNING
00389
"lookup_aci_path_dentry(): No entry for device %02u:%02u\n",
00390 MAJOR(kdev), MINOR(kdev));
00391 rsbac_read_unlock(&
device_list_head.lock, &dflags);
00392
return(-
RSBAC_EINVALIDDEV);
00393 }
00394
00395
if(device_p->rsbac_dir_dentry_p)
00396 {
00397 *dir_dentry_pp = device_p->rsbac_dir_dentry_p;
00398
#ifdef CONFIG_RSBAC_DEBUG
00399
if(rsbac_debug_ds)
00400 {
00401
#ifdef CONFIG_RSBAC_RMSG
00402
rsbac_printk(KERN_DEBUG
00403
"lookup_aci_path_dentry(): device_p->rsbac_dir_dentry_p->d_count for device %02u:%02u is %i!\n",
00404 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00405 atomic_read(&device_p->rsbac_dir_dentry_p->d_count));
00406
#endif
00407
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00408
if (!rsbac_nosyslog)
00409
#endif
00410
printk(KERN_DEBUG
00411
"lookup_aci_path_dentry(): device_p->rsbac_dir_dentry_p->d_count for device %02u:%02u is %i!\n",
00412 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00413 atomic_read(&device_p->rsbac_dir_dentry_p->d_count));
00414 }
00415
#endif
00416
rsbac_read_unlock(&
device_list_head.lock, &dflags);
00417
return(0);
00418 }
00419
00420 rsbac_read_unlock(&
device_list_head.lock, &dflags);
00421
00422
#ifdef CONFIG_RSBAC_DEBUG
00423
if(rsbac_debug_ds)
00424 {
00425
#ifdef CONFIG_RSBAC_RMSG
00426
rsbac_printk(KERN_DEBUG
00427
"lookup_aci_path_dentry(): first time lookup for or non-existing %s on device %02u:%02u!\n",
00428 RSBAC_ACI_PATH,
00429 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00430
#endif
00431
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00432
if (!rsbac_nosyslog)
00433
#endif
00434
printk(KERN_DEBUG
00435
"lookup_aci_path_dentry(): first time lookup for or non-existing %s on device %02u:%02u!\n",
00436 RSBAC_ACI_PATH,
00437 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00438 }
00439
#endif
00440
if (!sb_p->s_root)
00441 {
00442
#ifdef CONFIG_RSBAC_RMSG
00443
rsbac_printk(KERN_WARNING
00444
"lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n",
00445 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00446
#endif
00447
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00448
if (!rsbac_nosyslog)
00449
#endif
00450
printk(KERN_WARNING
00451
"lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n",
00452 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00453 err = -
RSBAC_EINVALIDDEV;
00454
goto out;
00455 }
00456
00457
if (!sb_p->s_root->d_inode)
00458 {
00459
#ifdef CONFIG_RSBAC_RMSG
00460
rsbac_printk(KERN_WARNING
00461
"lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n",
00462 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00463
#endif
00464
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00465
if (!rsbac_nosyslog)
00466
#endif
00467
printk(KERN_WARNING
00468
"lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n",
00469 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00470 err = -
RSBAC_EINVALIDDEV;
00471
goto out;
00472 }
00473
00474
00475
#ifdef CONFIG_RSBAC_DEBUG
00476
if(rsbac_debug_ds)
00477 {
00478
#ifdef CONFIG_RSBAC_RMSG
00479
rsbac_printk(KERN_DEBUG
00480
"lookup_aci_path_dentry(): lookup rsbac path %s for device %02u:%02u, sb_p->s_root->d_count is %i!\n",
00481 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00482 atomic_read(&sb_p->s_root->d_count));
00483
#endif
00484
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00485
if (!rsbac_nosyslog)
00486
#endif
00487
printk(KERN_DEBUG
00488
"lookup_aci_path_dentry(): lookup rsbac path %s for device %02u:%02u, sb_p->s_root->d_count is %i!\n",
00489 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00490 atomic_read(&sb_p->s_root->d_count));
00491 }
00492
#endif
00493
dir_dentry_p =
rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root, strlen(RSBAC_ACI_PATH));
00494
if(IS_ERR(dir_dentry_p))
00495
switch(PTR_ERR(dir_dentry_p))
00496 {
00497
case -ENOENT:
00498
case -ENOTDIR:
00499 err = -
RSBAC_ENOTFOUND;
00500
goto out;
00501
case -ENOMEM:
00502
#ifdef CONFIG_RSBAC_RMSG
00503
rsbac_printk(KERN_WARNING
00504
"lookup_aci_path_dentry(): memory allocation error!\n");
00505
#endif
00506
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00507
if (!rsbac_nosyslog)
00508
#endif
00509
printk(KERN_WARNING
00510
"lookup_aci_path_dentry(): memory allocation error!\n");
00511 err = -
RSBAC_ENOROOTDIR;
00512
goto out;
00513
case -ENAMETOOLONG:
00514
#ifdef CONFIG_RSBAC_RMSG
00515
rsbac_printk(KERN_WARNING
00516
"lookup_aci_path_dentry(): ACI_PATH too long on fs!\n");
00517
#endif
00518
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00519
if (!rsbac_nosyslog)
00520
#endif
00521
printk(KERN_WARNING
00522
"lookup_aci_path_dentry(): ACI_PATH too long on fs!\n");
00523 err = -
RSBAC_EPATHTOOLONG;
00524
goto out;
00525
case -EACCES:
00526
#ifdef CONFIG_RSBAC_RMSG
00527
rsbac_printk(KERN_WARNING
00528
"lookup_aci_path_dentry(): No access to ACI_PATH!\n");
00529
#endif
00530
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00531
if (!rsbac_nosyslog)
00532
#endif
00533
printk(KERN_WARNING
00534
"lookup_aci_path_dentry(): No access to ACI_PATH!\n");
00535 err = -
RSBAC_EACCESS;
00536
goto out;
00537
default:
00538
#ifdef CONFIG_RSBAC_RMSG
00539
rsbac_printk(KERN_WARNING
00540
"lookup_aci_path_dentry(): Error on root dir: %li!\n",
00541 PTR_ERR(dir_dentry_p));
00542
#endif
00543
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00544
if (!rsbac_nosyslog)
00545
#endif
00546
printk(KERN_WARNING
00547
"lookup_aci_path_dentry(): Error on root dir: %li!\n",
00548 PTR_ERR(dir_dentry_p));
00549 err = -
RSBAC_ENOROOTDIR;
00550
goto out;
00551 }
00552
00553
if (!dir_dentry_p)
00554 {
00555
#ifdef CONFIG_RSBAC_RMSG
00556
rsbac_printk(KERN_WARNING
00557
"lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n");
00558
#endif
00559
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00560
if (!rsbac_nosyslog)
00561
#endif
00562
printk(KERN_WARNING
00563
"lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n");
00564 err = -
RSBAC_EINVALIDPOINTER;
00565
goto out;
00566 }
00567
if (!dir_dentry_p->d_inode)
00568 {
00569
00570
if (!create_dir)
00571 {
00572 err = -
RSBAC_ENOTFOUND;
00573
goto out_dir_dput;
00574 }
00575
#ifdef CONFIG_RSBAC_DEBUG
00576
if(rsbac_debug_ds)
00577 {
00578
#ifdef CONFIG_RSBAC_RMSG
00579
rsbac_printk(KERN_DEBUG
00580
"lookup_aci_path_dentry(): try to create dir, first test writable!\n");
00581
#endif
00582
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00583
if (!rsbac_nosyslog)
00584
#endif
00585
printk(KERN_DEBUG
00586
"lookup_aci_path_dentry(): try to create dir, first test writable!\n");
00587 }
00588
#endif
00589
00590
if (!
writable(sb_p))
00591 {
00592 err = -
RSBAC_ENOTWRITABLE;
00593
goto out_dir_dput;
00594 }
00595 root_dentry_p = lock_parent(dir_dentry_p);
00596 err = PTR_ERR(root_dentry_p);
00597
if ( IS_ERR(root_dentry_p))
00598 {
00599 err = -
RSBAC_ECOULDNOTCREATEPATH;
00600
goto out_dir_dput;
00601 }
00602
if ( !root_dentry_p->d_inode
00603 || !root_dentry_p->d_inode->i_op
00604 || !root_dentry_p->d_inode->i_op->mkdir)
00605 {
00606 unlock_dir(root_dentry_p);
00607 err = -
RSBAC_ECOULDNOTCREATEPATH;
00608
goto out_dir_dput;
00609 }
00610 DQUOT_INIT(root_dentry_p->d_inode);
00611 err = root_dentry_p->d_inode->i_op->mkdir(root_dentry_p->d_inode,
00612 dir_dentry_p,
00613 RSBAC_ACI_DIR_MODE);
00614 unlock_dir(root_dentry_p);
00615
if (err)
00616 {
00617 err = -
RSBAC_ECOULDNOTCREATEPATH;
00618
goto out_dir_dput;
00619 }
00620 }
00621
else
00622 {
00623
if(!S_ISDIR(dir_dentry_p->d_inode->i_mode))
00624 {
00625
#ifdef CONFIG_RSBAC_RMSG
00626
rsbac_printk(KERN_WARNING
00627
"lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n",
00628 RSBAC_ACI_PATH,
00629 MAJOR(sb_p->s_dev),
00630 MINOR(sb_p->s_dev));
00631
#endif
00632
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00633
if (!rsbac_nosyslog)
00634
#endif
00635
printk(KERN_WARNING
00636
"lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n",
00637 RSBAC_ACI_PATH,
00638 MAJOR(sb_p->s_dev),
00639 MINOR(sb_p->s_dev));
00640 err = -
RSBAC_EACCESS;
00641
goto out_dir_dput;
00642 }
00643 }
00644
#ifdef CONFIG_RSBAC_DEBUG
00645
if(rsbac_debug_ds)
00646 {
00647
#ifdef CONFIG_RSBAC_RMSG
00648
rsbac_printk(KERN_DEBUG
00649
"lookup_aci_path_dentry(): dir_dentry_p->d_count is %i!\n",
00650 atomic_read(&dir_dentry_p->d_count));
00651 rsbac_printk(KERN_DEBUG
00652
"lookup_aci_path_dentry(): sb_p->s_root->d_count is now %i!\n",
00653 atomic_read(&sb_p->s_root->d_count));
00654
#endif
00655
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00656
if (!rsbac_nosyslog)
00657
#endif
00658
{
00659 printk(KERN_DEBUG
00660
"lookup_aci_path_dentry(): dir_dentry_p->d_count is %i!\n",
00661 atomic_read(&dir_dentry_p->d_count));
00662 printk(KERN_DEBUG
00663
"lookup_aci_path_dentry(): sb_p->s_root->d_count is now %i!\n",
00664 atomic_read(&sb_p->s_root->d_count));
00665 }
00666 }
00667
#endif
00668
00669
00670 *dir_dentry_pp = dir_dentry_p;
00671
00672
00673 rsbac_read_lock(&
device_list_head.lock, &dflags);
00674 device_p =
lookup_device(kdev);
00675
if(device_p && !device_p->rsbac_dir_dentry_p)
00676 {
00677 device_p->rsbac_dir_dentry_p = dir_dentry_p;
00678 device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino;
00679 }
00680 rsbac_read_unlock(&
device_list_head.lock, &dflags);
00681
00682 out:
00683
return (err);
00684
00685 out_dir_dput:
00686 dput(dir_dentry_p);
00687
goto out;
00688 }
00689
00690
00691
00692
00693
00694
00695
00696
00697
00698
00699 static struct rsbac_device_list_item_t *
lookup_device(kdev_t kdev)
00700 {
00701
struct rsbac_device_list_item_t * curr =
device_list_head.curr;
00702
00703
00704
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00705
if(! (curr && (MAJOR(curr->id) == MAJOR(kdev)) && (MINOR(curr->id) == MINOR(kdev)) ) )
00706
#else
00707
if(! (curr && (curr->id == kdev) ) )
00708
#endif
00709
{
00710 curr =
device_list_head.head;
00711
while ( curr
00712 && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00713 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00714 )
00715 )
00716 {
00717 curr = curr->next;
00718 }
00719
if (curr)
00720
device_list_head.curr=curr;
00721 }
00722
00723
return (curr);
00724 };
00725
00726 static int dev_compare(
void * desc1,
void * desc2)
00727 {
00728
int result;
00729
struct rsbac_dev_desc_t * i_desc1 = desc1;
00730
struct rsbac_dev_desc_t * i_desc2 = desc2;
00731
00732 result = memcmp(&i_desc1->type,
00733 &i_desc2->type,
00734
sizeof(i_desc1->type));
00735
if(result)
00736
return result;
00737 result = memcmp(&i_desc1->major,
00738 &i_desc2->major,
00739
sizeof(i_desc1->major));
00740
if(result)
00741
return result;
00742
return memcmp(&i_desc1->minor,
00743 &i_desc2->minor,
00744
sizeof(i_desc1->minor));
00745 }
00746
00747 static int ipc_compare(
void * desc1,
void * desc2)
00748 {
00749
int result;
00750
struct rsbac_ipc_t * i_desc1 = desc1;
00751
struct rsbac_ipc_t * i_desc2 = desc2;
00752
00753 result = memcmp(&i_desc1->type,
00754 &i_desc2->type,
00755
sizeof(i_desc1->type));
00756
if(result)
00757
return result;
00758
else
00759
return memcmp(&i_desc1->id.id_nr,
00760 &i_desc2->id.id_nr,
00761
sizeof(i_desc1->id.id_nr));
00762 }
00763
00764
#ifdef CONFIG_RSBAC_NET_DEV
00765
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG) || defined(CONFIG_RSBAC_RC)
00766
static int netdev_compare(
void * desc1,
void * desc2)
00767 {
00768
return strncmp(desc1,
00769 desc2,
00770 RSBAC_IFNAMSIZ);
00771 }
00772
#endif
00773
#endif
00774
00775
00776
00777
00778 static int gen_fd_conv(
00779
void * old_desc,
00780
void * old_data,
00781
void * new_desc,
00782
void * new_data)
00783 {
00784
struct rsbac_gen_fd_aci_t * new_aci = new_data;
00785
struct rsbac_gen_fd_old_aci_t * old_aci = old_data;
00786
00787 memcpy(new_desc, old_desc,
sizeof(
rsbac_inode_nr_t));
00788 new_aci->log_array_low = old_aci->log_array_low;
00789 new_aci->log_array_high = old_aci->log_array_high;
00790 new_aci->log_program_based = old_aci->log_program_based;
00791 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00792 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00793 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00794 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00795 new_aci->fake_root_uid =
FR_off;
00796
return 0;
00797 }
00798
00799 static int gen_fd_old_conv(
00800
void * old_desc,
00801
void * old_data,
00802
void * new_desc,
00803
void * new_data)
00804 {
00805
struct rsbac_gen_fd_aci_t * new_aci = new_data;
00806
struct rsbac_gen_fd_old_old_aci_t * old_aci = old_data;
00807
00808 memcpy(new_desc, old_desc,
sizeof(
rsbac_inode_nr_t));
00809 new_aci->log_array_low = old_aci->log_array_low;
00810 new_aci->log_array_high = old_aci->log_array_high;
00811 new_aci->log_program_based = old_aci->log_program_based;
00812 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00813 new_aci->symlink_add_mac_level =
FALSE;
00814 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00815 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00816 new_aci->fake_root_uid =
FR_off;
00817
return 0;
00818 }
00819
00820 static int gen_fd_old_old_conv(
00821
void * old_desc,
00822
void * old_data,
00823
void * new_desc,
00824
void * new_data)
00825 {
00826
struct rsbac_gen_fd_aci_t * new_aci = new_data;
00827
struct rsbac_gen_fd_old_old_old_aci_t * old_aci = old_data;
00828
00829 memcpy(new_desc, old_desc,
sizeof(
rsbac_inode_nr_t));
00830 new_aci->log_array_low = old_aci->log_array_low;
00831 new_aci->log_array_high = old_aci->log_array_high;
00832 new_aci->log_program_based = old_aci->log_program_based;
00833 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00834 new_aci->symlink_add_mac_level =
FALSE;
00835 new_aci->symlink_add_rc_role =
FALSE;
00836 new_aci->linux_dac_disable =
LDD_false;
00837 new_aci->fake_root_uid =
FR_off;
00838
return 0;
00839 }
00840
00841 static int gen_fd_old_old_old_conv(
00842
void * old_desc,
00843
void * old_data,
00844
void * new_desc,
00845
void * new_data)
00846 {
00847
struct rsbac_gen_fd_aci_t * new_aci = new_data;
00848
struct rsbac_gen_fd_old_old_old_old_aci_t * old_aci = old_data;
00849
00850 memcpy(new_desc, old_desc,
sizeof(
rsbac_inode_nr_t));
00851 new_aci->log_array_low = old_aci->log_array_low;
00852 new_aci->log_array_high = old_aci->log_array_high;
00853 new_aci->log_program_based = old_aci->log_program_based;
00854 new_aci->symlink_add_uid =
FALSE;
00855 new_aci->symlink_add_mac_level =
FALSE;
00856 new_aci->symlink_add_rc_role =
FALSE;
00857 new_aci->linux_dac_disable =
LDD_false;
00858 new_aci->fake_root_uid =
FR_off;
00859
return 0;
00860 }
00861
00862 rsbac_list_conv_function_t *
gen_fd_get_conv(
rsbac_version_t old_version)
00863 {
00864
switch(old_version)
00865 {
00866
case RSBAC_GEN_FD_OLD_ACI_VERSION:
00867
return gen_fd_conv;
00868
case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION:
00869
return gen_fd_old_conv;
00870
case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION:
00871
return gen_fd_old_old_conv;
00872
case RSBAC_GEN_FD_OLD_OLD_OLD_OLD_ACI_VERSION:
00873
return gen_fd_old_old_old_conv;
00874
default:
00875
return NULL;
00876 }
00877 }
00878
00879 static int gen_dev_conv(
00880
void * old_desc,
00881
void * old_data,
00882
void * new_desc,
00883
void * new_data)
00884 {
00885
struct rsbac_dev_desc_t *
new = new_desc;
00886
struct rsbac_dev_t * old = old_desc;
00887
00888 memcpy(new_data, old_data,
sizeof(
struct rsbac_gen_dev_aci_t));
00889
new->type = old->type;
00890
new->major = RSBAC_MAJOR(old->id);
00891
new->minor = RSBAC_MINOR(old->id);
00892
return 0;
00893 }
00894
00895 rsbac_list_conv_function_t *
gen_dev_get_conv(
rsbac_version_t old_version)
00896 {
00897
switch(old_version)
00898 {
00899
case RSBAC_GEN_DEV_OLD_ACI_VERSION:
00900
return gen_dev_conv;
00901
default:
00902
return NULL;
00903 }
00904 }
00905
00906
#ifdef CONFIG_RSBAC_MAC
00907
static int mac_old_fd_conv(
00908
void * old_desc,
00909
void * old_data,
00910
void * new_desc,
00911
void * new_data)
00912 {
00913
struct rsbac_mac_fd_aci_t * new_aci = new_data;
00914
struct rsbac_mac_fd_old_aci_t * old_aci = old_data;
00915
00916 memcpy(new_desc, old_desc,
sizeof(
rsbac_inode_nr_t));
00917 new_aci->sec_level = old_aci->sec_level;
00918 new_aci->mac_categories = old_aci->mac_categories;
00919 new_aci->mac_auto = old_aci->mac_auto;
00920 new_aci->mac_prop_trusted = old_aci->mac_prop_trusted;
00921 new_aci->mac_file_flags = old_aci->mac_file_flags;
00922
return 0;
00923 }
00924
00925
static int mac_old_old_fd_conv(
00926
void * old_desc,
00927
void * old_data,
00928
void * new_desc,
00929
void * new_data)
00930 {
00931
struct rsbac_mac_fd_aci_t * new_aci = new_data;
00932
struct rsbac_mac_fd_old_old_aci_t * old_aci = old_data;
00933
00934 memcpy(new_desc, old_desc,
sizeof(
rsbac_inode_nr_t));
00935 new_aci->sec_level = old_aci->sec_level;
00936 new_aci->mac_categories = old_aci->mac_categories;
00937 new_aci->mac_auto = old_aci->mac_auto;
00938 new_aci->mac_prop_trusted =
FALSE;
00939
if(old_aci->mac_shared)
00940 new_aci->mac_file_flags =
MAC_write_up;
00941
else
00942 new_aci->mac_file_flags = 0;
00943
return 0;
00944 }
00945
00946
static int mac_old_old_old_fd_conv(
00947
void * old_desc,
00948
void * old_data,
00949
void * new_desc,
00950
void * new_data)
00951 {
00952
struct rsbac_mac_fd_aci_t * new_aci = new_data;
00953
struct rsbac_mac_fd_old_old_old_aci_t * old_aci = old_data;
00954
00955 memcpy(new_desc, old_desc,
sizeof(
rsbac_inode_nr_t));
00956 new_aci->sec_level = old_aci->sec_level;
00957 new_aci->mac_categories = old_aci->mac_categories;
00958 new_aci->mac_auto = old_aci->mac_auto;
00959 new_aci->mac_prop_trusted =
FALSE;
00960 new_aci->mac_file_flags = 0;
00961
return 0;
00962 }
00963
00964
rsbac_list_conv_function_t * mac_fd_get_conv(
rsbac_version_t old_version)
00965 {
00966
switch(old_version)
00967 {
00968
case RSBAC_MAC_FD_OLD_ACI_VERSION:
00969
return mac_old_fd_conv;
00970
case RSBAC_MAC_FD_OLD_OLD_ACI_VERSION:
00971
return mac_old_old_fd_conv;
00972
case RSBAC_MAC_FD_OLD_OLD_OLD_ACI_VERSION:
00973
return mac_old_old_old_fd_conv;
00974
default:
00975
return NULL;
00976 }
00977 }
00978
00979
static int mac_dev_conv(
00980
void * old_desc,
00981
void * old_data,
00982
void * new_desc,
00983
void * new_data)
00984 {
00985
struct rsbac_dev_desc_t *
new = new_desc;
00986
struct rsbac_dev_t * old = old_desc;
00987
00988 memcpy(new_data, old_data,
sizeof(
struct rsbac_mac_dev_aci_t));
00989
new->type = old->type;
00990
new->major = RSBAC_MAJOR(old->id);
00991
new->minor = RSBAC_MINOR(old->id);
00992
return 0;
00993 }
00994
00995
rsbac_list_conv_function_t * mac_dev_get_conv(
rsbac_version_t old_version)
00996 {
00997
switch(old_version)
00998 {
00999
case RSBAC_MAC_DEV_OLD_ACI_VERSION:
01000
return mac_dev_conv;
01001
default:
01002
return NULL;
01003 }
01004 }
01005
01006
static int mac_old_user_conv(
01007
void * old_desc,
01008
void * old_data,
01009
void * new_desc,
01010
void * new_data)
01011 {
01012
struct rsbac_mac_user_aci_t * new_aci = new_data;
01013
struct rsbac_mac_user_old_aci_t * old_aci = old_data;
01014
01015 memcpy(new_desc, old_desc,
sizeof(
rsbac_uid_t));
01016 new_aci->security_level = old_aci->access_appr;
01017 new_aci->initial_security_level = old_aci->access_appr;
01018 new_aci->min_security_level = old_aci->min_access_appr;
01019 new_aci->mac_categories = old_aci->mac_categories;
01020 new_aci->mac_initial_categories = old_aci->mac_categories;
01021 new_aci->mac_min_categories = old_aci->mac_min_categories;
01022 new_aci->system_role = old_aci->system_role;
01023 new_aci->mac_user_flags =
RSBAC_MAC_DEF_U_FLAGS;
01024
if(old_aci->mac_allow_auto)
01025 new_aci->mac_user_flags |=
MAC_allow_auto;
01026
return 0;
01027 }
01028
01029
static int mac_old_old_user_conv(
01030
void * old_desc,
01031
void * old_data,
01032
void * new_desc,
01033
void * new_data)
01034 {
01035
struct rsbac_mac_user_aci_t * new_aci = new_data;
01036
struct rsbac_mac_user_old_old_aci_t * old_aci = old_data;
01037
01038 memcpy(new_desc, old_desc,
sizeof(
rsbac_uid_t));
01039 new_aci->security_level = old_aci->access_appr;
01040 new_aci->initial_security_level = old_aci->access_appr;
01041 new_aci->min_security_level = old_aci->min_access_appr;
01042 new_aci->mac_categories = old_aci->mac_categories;
01043 new_aci->mac_initial_categories = old_aci->mac_categories;
01044 new_aci->mac_min_categories = old_aci->mac_min_categories;
01045 new_aci->system_role = old_aci->system_role;
01046 new_aci->mac_user_flags =
RSBAC_MAC_DEF_U_FLAGS;
01047
return 0;
01048 }
01049
01050
static int mac_old_old_old_user_conv(
01051
void * old_desc,
01052
void * old_data,
01053
void * new_desc,
01054
void * new_data)
01055 {
01056
struct rsbac_mac_user_aci_t * new_aci = new_data;
01057
struct rsbac_mac_user_old_old_old_aci_t * old_aci = old_data;
01058
01059 memcpy(new_desc, old_desc,
sizeof(
rsbac_uid_t));
01060 new_aci->security_level = old_aci->access_appr;
01061 new_aci->initial_security_level = old_aci->access_appr;
01062 new_aci->min_security_level =
SL_unclassified;
01063 new_aci->mac_categories = old_aci->mac_categories;
01064 new_aci->mac_initial_categories = old_aci->mac_categories;
01065 new_aci->mac_min_categories =
RSBAC_MAC_MIN_CAT_VECTOR;
01066 new_aci->system_role = old_aci->system_role;
01067 new_aci->mac_user_flags =
RSBAC_MAC_DEF_U_FLAGS;
01068
return 0;
01069 }
01070
01071
rsbac_list_conv_function_t * mac_user_get_conv(
rsbac_version_t old_version)
01072 {
01073
switch(old_version)
01074 {
01075
case RSBAC_MAC_USER_OLD_ACI_VERSION:
01076
return mac_old_user_conv;
01077
case RSBAC_MAC_USER_OLD_OLD_ACI_VERSION:
01078
return mac_old_old_user_conv;
01079
case RSBAC_MAC_USER_OLD_OLD_OLD_ACI_VERSION:
01080
return mac_old_old_old_user_conv;
01081
default:
01082
return NULL;
01083 }
01084 }
01085
#endif
01086
01087
#ifdef CONFIG_RSBAC_FC
01088
static int fc_dev_conv(
01089
void * old_desc,
01090
void * old_data,
01091
void * new_desc,
01092
void * new_data)
01093 {
01094
struct rsbac_dev_desc_t *
new = new_desc;
01095
struct rsbac_dev_t * old = old_desc;
01096
01097 memcpy(new_data, old_data,
sizeof(
rsbac_fc_oc_t));
01098
new->type = old->type;
01099
new->major = RSBAC_MAJOR(old->id);
01100
new->minor = RSBAC_MINOR(old->id);
01101
return 0;
01102 }
01103
01104
rsbac_list_conv_function_t * fc_dev_get_conv(
rsbac_version_t old_version)
01105 {
01106
switch(old_version)
01107 {
01108
case RSBAC_FC_DEV_OLD_ACI_VERSION:
01109
return fc_dev_conv;
01110
default:
01111
return NULL;
01112 }
01113 }
01114
#endif
01115
01116
#ifdef CONFIG_RSBAC_SIM
01117
static int sim_dev_conv(
01118
void * old_desc,
01119
void * old_data,
01120
void * new_desc,
01121
void * new_data)
01122 {
01123
struct rsbac_dev_desc_t *
new = new_desc;
01124
struct rsbac_dev_t * old = old_desc;
01125
01126 memcpy(new_data, old_data,
sizeof(
rsbac_sim_dt_t));
01127
new->type = old->type;
01128
new->major = RSBAC_MAJOR(old->id);
01129
new->minor = RSBAC_MINOR(old->id);
01130
return 0;
01131 }
01132
01133
rsbac_list_conv_function_t * sim_dev_get_conv(
rsbac_version_t old_version)
01134 {
01135
switch(old_version)
01136 {
01137
case RSBAC_SIM_DEV_OLD_ACI_VERSION:
01138
return sim_dev_conv;
01139
default:
01140
return NULL;
01141 }
01142 }
01143
#endif
01144
01145
#ifdef CONFIG_RSBAC_PM
01146
static int pm_dev_conv(
01147
void * old_desc,
01148
void * old_data,
01149
void * new_desc,
01150
void * new_data)
01151 {
01152
struct rsbac_dev_desc_t *
new = new_desc;
01153
struct rsbac_dev_t * old = old_desc;
01154
01155 memcpy(new_data, old_data,
sizeof(
struct rsbac_pm_dev_aci_t));
01156
new->type = old->type;
01157
new->major = RSBAC_MAJOR(old->id);
01158
new->minor = RSBAC_MINOR(old->id);
01159
return 0;
01160 }
01161
01162
rsbac_list_conv_function_t * pm_dev_get_conv(
rsbac_version_t old_version)
01163 {
01164
switch(old_version)
01165 {
01166
case RSBAC_PM_DEV_OLD_ACI_VERSION:
01167
return pm_dev_conv;
01168
default:
01169
return NULL;
01170 }
01171 }
01172
#endif
01173
01174
#ifdef CONFIG_RSBAC_RC
01175
static int rc_dev_conv(
01176
void * old_desc,
01177
void * old_data,
01178
void * new_desc,
01179
void * new_data)
01180 {
01181
struct rsbac_dev_desc_t *
new = new_desc;
01182
struct rsbac_dev_t * old = old_desc;
01183
01184 memcpy(new_data, old_data,
sizeof(
rsbac_rc_type_id_t));
01185
new->type = old->type;
01186
new->major = RSBAC_MAJOR(old->id);
01187
new->minor = RSBAC_MINOR(old->id);
01188
return 0;
01189 }
01190
01191
rsbac_list_conv_function_t * rc_dev_get_conv(
rsbac_version_t old_version)
01192 {
01193
switch(old_version)
01194 {
01195
case RSBAC_RC_DEV_OLD_ACI_VERSION:
01196
return rc_dev_conv;
01197
default:
01198
return NULL;
01199 }
01200 }
01201
01202
static int rc_user_conv(
01203
void * old_desc,
01204
void * old_data,
01205
void * new_desc,
01206
void * new_data)
01207 {
01208
struct rsbac_rc_user_aci_t * new_aci = new_data;
01209
rsbac_rc_role_id_t * old_aci = old_data;
01210
01211 memcpy(new_desc, old_desc,
sizeof(
rsbac_uid_t));
01212 new_aci->rc_role = *old_aci;
01213 new_aci->rc_type =
RSBAC_RC_GENERAL_TYPE;
01214
return 0;
01215 }
01216
01217
rsbac_list_conv_function_t * rc_user_get_conv(
rsbac_version_t old_version)
01218 {
01219
switch(old_version)
01220 {
01221
case RSBAC_RC_USER_OLD_ACI_VERSION:
01222
return rc_user_conv;
01223
default:
01224
return NULL;
01225 }
01226 }
01227
#endif
01228
01229
#ifdef CONFIG_RSBAC_AUTH
01230
static int auth_old_fd_conv(
01231
void * old_desc,
01232
void * old_data,
01233
void * new_desc,
01234
void * new_data)
01235 {
01236
struct rsbac_auth_fd_aci_t * new_aci = new_data;
01237
struct rsbac_auth_fd_old_aci_t * old_aci = old_data;
01238
01239 memcpy(new_desc, old_desc,
sizeof(
rsbac_inode_nr_t));
01240 new_aci->auth_may_setuid = old_aci->auth_may_setuid;
01241 new_aci->auth_may_set_cap = old_aci->auth_may_set_cap;
01242 new_aci->auth_learn =
FALSE;
01243
return 0;
01244 }
01245
01246
rsbac_list_conv_function_t * auth_fd_get_conv(
rsbac_version_t old_version)
01247 {
01248
switch(old_version)
01249 {
01250
case RSBAC_AUTH_FD_OLD_ACI_VERSION:
01251
return auth_old_fd_conv;
01252
default:
01253
return NULL;
01254 }
01255 }
01256
01257
#endif
01258
01259
01260
01261
01262
01263
01264
01265
01266
01267
01268
01269
01270 static int register_fd_lists(
struct rsbac_device_list_item_t * device_p,
01271 kdev_t kdev)
01272 {
01273
char * name;
01274
int err = 0;
01275
int tmperr;
01276 u_int file_no;
01277
struct rsbac_list_info_t * info_p;
01278
if(!device_p)
01279
return(-
RSBAC_EINVALIDPOINTER);
01280 name =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01281
if(!name)
01282
return -
RSBAC_ENOMEM;
01283 info_p =
rsbac_kmalloc(
sizeof(*info_p));
01284
if(!info_p)
01285 {
01286
rsbac_kfree(name);
01287
return -
RSBAC_ENOMEM;
01288 }
01289
01290
01291 {
01292
struct rsbac_gen_fd_aci_t def_gen_fd_aci =
DEFAULT_GEN_FD_ACI;
01293
01294
for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++)
01295 {
01296
01297 sprintf(name,
"%s%u", RSBAC_GEN_FD_NAME, file_no);
01298 info_p->version =
RSBAC_GEN_FD_ACI_VERSION;
01299 info_p->key =
RSBAC_GEN_FD_ACI_KEY;
01300 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01301 info_p->data_size =
sizeof(
struct rsbac_gen_fd_aci_t);
01302 info_p->max_age = 0;
01303 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01304 &(device_p->handles.gen[file_no]),
01305 info_p,
01306
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01307
rsbac_list_compare_u32,
01308
gen_fd_get_conv,
01309 &def_gen_fd_aci,
01310 name,
01311 kdev);
01312
if(tmperr)
01313 {
01314
char * tmp;
01315
01316 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01317
if(tmp)
01318 {
01319
#ifdef CONFIG_RSBAC_RMSG
01320
rsbac_printk(KERN_WARNING
01321
"register_fd_lists(): registering general list %u for device %02u:%02u failed with error %s!\n",
01322 file_no,
01323 RSBAC_MAJOR(kdev),
01324 RSBAC_MINOR(kdev),
01325
get_error_name(tmp, tmperr));
01326
#endif
01327
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01328
if (!rsbac_nosyslog)
01329
#endif
01330
printk(KERN_WARNING
01331
"register_fd_lists(): registering general list %u for device %02u:%02u failed with error %s!\n",
01332 file_no,
01333 RSBAC_MAJOR(kdev),
01334 RSBAC_MINOR(kdev),
01335
get_error_name(tmp, tmperr));
01336
rsbac_kfree(tmp);
01337 }
01338 err = tmperr;
01339 }
01340 }
01341 }
01342
01343
#if defined(CONFIG_RSBAC_MAC)
01344
{
01345
struct rsbac_mac_fd_aci_t def_mac_fd_aci = DEFAULT_MAC_FD_ACI;
01346
01347
01348
for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++)
01349 {
01350
01351 sprintf(name,
"%s%u", RSBAC_MAC_FD_NAME, file_no);
01352 info_p->version = RSBAC_MAC_FD_ACI_VERSION;
01353 info_p->key = RSBAC_MAC_FD_ACI_KEY;
01354 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01355 info_p->data_size =
sizeof(
struct rsbac_mac_fd_aci_t);
01356 info_p->max_age = 0;
01357 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01358 &(device_p->handles.mac[file_no]),
01359 info_p,
01360
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01361
rsbac_list_compare_u32,
01362 mac_fd_get_conv,
01363 &def_mac_fd_aci,
01364 name,
01365 kdev);
01366
if(tmperr)
01367 {
01368
char * tmp;
01369
01370 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01371
if(tmp)
01372 {
01373
#ifdef CONFIG_RSBAC_RMSG
01374
rsbac_printk(KERN_WARNING
01375
"register_fd_lists(): registering MAC list %u for device %02u:%02u failed with error %s!\n",
01376 file_no,
01377 RSBAC_MAJOR(kdev),
01378 RSBAC_MINOR(kdev),
01379
get_error_name(tmp, tmperr));
01380
#endif
01381
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01382
if (!rsbac_nosyslog)
01383
#endif
01384
printk(KERN_WARNING
01385
"register_fd_lists(): registering MAC list %u for device %02u:%02u failed with error %s!\n",
01386 file_no,
01387 RSBAC_MAJOR(kdev),
01388 RSBAC_MINOR(kdev),
01389
get_error_name(tmp, tmperr));
01390
rsbac_kfree(tmp);
01391 }
01392 err = tmperr;
01393 }
01394 }
01395 }
01396
#endif
01397
01398
#if defined(CONFIG_RSBAC_FC)
01399
{
01400
rsbac_fc_oc_t def_fc_fd_aci =
RSBAC_FC_OC_DEF;
01401
01402
01403
for (file_no = 0; file_no < RSBAC_FC_NR_FD_LISTS; file_no++)
01404 {
01405
01406 sprintf(name,
"%s%u", RSBAC_FC_FD_NAME, file_no);
01407 info_p->version = RSBAC_FC_FD_ACI_VERSION;
01408 info_p->key = RSBAC_FC_FD_ACI_KEY;
01409 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01410 info_p->data_size =
sizeof(
rsbac_fc_oc_t);
01411 info_p->max_age = 0;
01412 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01413 &(device_p->handles.fc[file_no]),
01414 info_p,
01415
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01416
rsbac_list_compare_u32,
01417
NULL,
01418 &def_fc_fd_aci,
01419 name,
01420 kdev);
01421
if(tmperr)
01422 {
01423
char * tmp;
01424
01425 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01426
if(tmp)
01427 {
01428
#ifdef CONFIG_RSBAC_RMSG
01429
rsbac_printk(KERN_WARNING
01430
"register_fd_lists(): registering FC list %u for device %02u:%02u failed with error %s!\n",
01431 file_no,
01432 RSBAC_MAJOR(kdev),
01433 RSBAC_MINOR(kdev),
01434
get_error_name(tmp, tmperr));
01435
#endif
01436
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01437
if (!rsbac_nosyslog)
01438
#endif
01439
printk(KERN_WARNING
01440
"register_fd_lists(): registering FC list %u for device %02u:%02u failed with error %s!\n",
01441 file_no,
01442 RSBAC_MAJOR(kdev),
01443 RSBAC_MINOR(kdev),
01444
get_error_name(tmp, tmperr));
01445
rsbac_kfree(tmp);
01446 }
01447 err = tmperr;
01448 }
01449 }
01450 }
01451
#endif
01452
01453
#if defined(CONFIG_RSBAC_SIM)
01454
{
01455
rsbac_sim_dt_t def_sim_fd_aci =
RSBAC_SIM_DT_DEF;
01456
01457
01458
for (file_no = 0; file_no < RSBAC_SIM_NR_FD_LISTS; file_no++)
01459 {
01460
01461 sprintf(name,
"%s%u", RSBAC_SIM_FD_NAME, file_no);
01462 info_p->version = RSBAC_SIM_FD_ACI_VERSION;
01463 info_p->key = RSBAC_SIM_FD_ACI_KEY;
01464 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01465 info_p->data_size =
sizeof(
rsbac_sim_dt_t);
01466 info_p->max_age = 0;
01467 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01468 &(device_p->handles.sim[file_no]),
01469 info_p,
01470
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01471
rsbac_list_compare_u32,
01472
NULL,
01473 &def_sim_fd_aci,
01474 name,
01475 kdev);
01476
if(tmperr)
01477 {
01478
char * tmp;
01479
01480 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01481
if(tmp)
01482 {
01483
#ifdef CONFIG_RSBAC_RMSG
01484
rsbac_printk(KERN_WARNING
01485
"register_fd_lists(): registering SIM list %u for device %02u:%02u failed with error %s!\n",
01486 file_no,
01487 RSBAC_MAJOR(kdev),
01488 RSBAC_MINOR(kdev),
01489
get_error_name(tmp, tmperr));
01490
#endif
01491
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01492
if (!rsbac_nosyslog)
01493
#endif
01494
printk(KERN_WARNING
01495
"register_fd_lists(): registering SIM list %u for device %02u:%02u failed with error %s!\n",
01496 file_no,
01497 RSBAC_MAJOR(kdev),
01498 RSBAC_MINOR(kdev),
01499
get_error_name(tmp, tmperr));
01500
rsbac_kfree(tmp);
01501 }
01502 err = tmperr;
01503 }
01504 }
01505 }
01506
#endif
01507
01508
#if defined(CONFIG_RSBAC_PM)
01509
{
01510
struct rsbac_pm_fd_aci_t def_pm_fd_aci = DEFAULT_PM_FD_ACI;
01511
01512
01513
for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++)
01514 {
01515
01516 sprintf(name,
"%s%u", RSBAC_PM_FD_NAME, file_no);
01517 info_p->version = RSBAC_PM_FD_ACI_VERSION;
01518 info_p->key = RSBAC_PM_FD_ACI_KEY;
01519 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01520 info_p->data_size =
sizeof(
struct rsbac_pm_fd_aci_t);
01521 info_p->max_age = 0;
01522 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01523 &(device_p->handles.pm[file_no]),
01524 info_p,
01525
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01526
rsbac_list_compare_u32,
01527
NULL,
01528 &def_pm_fd_aci,
01529 name,
01530 kdev);
01531
if(tmperr)
01532 {
01533
char * tmp;
01534
01535 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01536
if(tmp)
01537 {
01538
#ifdef CONFIG_RSBAC_RMSG
01539
rsbac_printk(KERN_WARNING
01540
"register_fd_lists(): registering PM list %u for device %02u:%02u failed with error %s!\n",
01541 file_no,
01542 RSBAC_MAJOR(kdev),
01543 RSBAC_MINOR(kdev),
01544
get_error_name(tmp, tmperr));
01545
#endif
01546
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01547
if (!rsbac_nosyslog)
01548
#endif
01549
printk(KERN_WARNING
01550
"register_fd_lists(): registering PM list %u for device %02u:%02u failed with error %s!\n",
01551 file_no,
01552 RSBAC_MAJOR(kdev),
01553 RSBAC_MINOR(kdev),
01554
get_error_name(tmp, tmperr));
01555
rsbac_kfree(tmp);
01556 }
01557 err = tmperr;
01558 }
01559 }
01560 }
01561
#endif
01562
01563
#if defined(CONFIG_RSBAC_DAZ)
01564
{
01565
struct rsbac_daz_fd_aci_t def_daz_fd_aci = DEFAULT_DAZ_FD_ACI;
01566
01567
for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++)
01568 {
01569
01570 sprintf(name,
"%s%u", RSBAC_DAZ_FD_NAME, file_no);
01571 info_p->version = RSBAC_DAZ_FD_ACI_VERSION;
01572 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01573 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01574 info_p->data_size =
sizeof(
struct rsbac_daz_fd_aci_t);
01575 info_p->max_age = 0;
01576 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01577 &(device_p->handles.daz[file_no]),
01578 info_p,
01579
RSBAC_LIST_PERSIST |
01580
RSBAC_LIST_DEF_DATA,
01581
rsbac_list_compare_u32,
01582
NULL,
01583 &def_daz_fd_aci,
01584 name,
01585 kdev);
01586
if(tmperr)
01587 {
01588
char * tmp;
01589
01590 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01591
if(tmp)
01592 {
01593
#ifdef CONFIG_RSBAC_RMSG
01594
rsbac_printk(KERN_WARNING
01595
"register_fd_lists(): registering DAZ list %u for device %02u:%02u failed with error %s!\n",
01596 file_no,
01597 RSBAC_MAJOR(kdev),
01598 RSBAC_MINOR(kdev),
01599
get_error_name(tmp, tmperr));
01600
#endif
01601
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01602
if (!rsbac_nosyslog)
01603
#endif
01604
printk(KERN_WARNING
01605
"register_fd_lists(): registering DAZ list %u for device %02u:%02u failed with error %s!\n",
01606 file_no,
01607 RSBAC_MAJOR(kdev),
01608 RSBAC_MINOR(kdev),
01609
get_error_name(tmp, tmperr));
01610
rsbac_kfree(tmp);
01611 }
01612 err = tmperr;
01613 }
01614 }
01615 }
01616
#if defined(CONFIG_RSBAC_DAZ_CACHE)
01617
{
01618
rsbac_daz_scanned_t def_daz_scanned_fd_aci =
DEFAULT_DAZ_FD_SCANNED;
01619
01620
01621
for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++)
01622 {
01623
01624 sprintf(name,
"%s%u", RSBAC_DAZ_SCANNED_FD_NAME, file_no);
01625 info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION;
01626 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01627 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01628 info_p->data_size =
sizeof(
rsbac_daz_scanned_t);
01629 info_p->max_age = 0;
01630 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01631 &(device_p->handles.dazs[file_no]),
01632 info_p,
01633 #ifdef CONFIG_RSBAC_DAZ_PERSIST
01634
RSBAC_LIST_PERSIST |
01635 #endif
01636
RSBAC_LIST_DEF_DATA,
01637
rsbac_list_compare_u32,
01638
NULL,
01639 &def_daz_scanned_fd_aci,
01640 name,
01641 kdev);
01642
if(tmperr)
01643 {
01644
char * tmp;
01645
01646 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01647
if(tmp)
01648 {
01649
#ifdef CONFIG_RSBAC_RMSG
01650
rsbac_printk(KERN_WARNING
01651
"register_fd_lists(): registering DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
01652 file_no,
01653 RSBAC_MAJOR(kdev),
01654 RSBAC_MINOR(kdev),
01655
get_error_name(tmp, tmperr));
01656
#endif
01657
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01658
if (!rsbac_nosyslog)
01659
#endif
01660
printk(KERN_WARNING
01661
"register_fd_lists(): registering DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
01662 file_no,
01663 RSBAC_MAJOR(kdev),
01664 RSBAC_MINOR(kdev),
01665
get_error_name(tmp, tmperr));
01666
rsbac_kfree(tmp);
01667 }
01668 err = tmperr;
01669 }
01670 }
01671 }
01672
#endif
01673
#endif
01674
01675
#if defined(CONFIG_RSBAC_FF)
01676
{
01677
rsbac_ff_flags_t def_ff_fd_aci =
RSBAC_FF_DEF;
01678
01679
01680
for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++)
01681 {
01682
01683 sprintf(name,
"%s%u", RSBAC_FF_FD_NAME, file_no);
01684 info_p->version = RSBAC_FF_FD_ACI_VERSION;
01685 info_p->key = RSBAC_FF_FD_ACI_KEY;
01686 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01687 info_p->data_size =
sizeof(
rsbac_ff_flags_t);
01688 info_p->max_age = 0;
01689 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01690 &(device_p->handles.ff[file_no]),
01691 info_p,
01692
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01693
rsbac_list_compare_u32,
01694
NULL,
01695 &def_ff_fd_aci,
01696 name,
01697 kdev);
01698
if(tmperr)
01699 {
01700
char * tmp;
01701
01702 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01703
if(tmp)
01704 {
01705
#ifdef CONFIG_RSBAC_RMSG
01706
rsbac_printk(KERN_WARNING
01707
"register_fd_lists(): registering FF list %u for device %02u:%02u failed with error %s!\n",
01708 file_no,
01709 RSBAC_MAJOR(kdev),
01710 RSBAC_MINOR(kdev),
01711
get_error_name(tmp, tmperr));
01712
#endif
01713
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01714
if (!rsbac_nosyslog)
01715
#endif
01716
printk(KERN_WARNING
01717
"register_fd_lists(): registering FF list %u for device %02u:%02u failed with error %s!\n",
01718 file_no,
01719 RSBAC_MAJOR(kdev),
01720 RSBAC_MINOR(kdev),
01721
get_error_name(tmp, tmperr));
01722
rsbac_kfree(tmp);
01723 }
01724 err = tmperr;
01725 }
01726 }
01727 }
01728
#endif
01729
01730
#if defined(CONFIG_RSBAC_RC)
01731
{
01732
struct rsbac_rc_fd_aci_t def_rc_fd_aci = DEFAULT_RC_FD_ACI;
01733
01734
01735
for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++)
01736 {
01737
01738 sprintf(name,
"%s%u", RSBAC_RC_FD_NAME, file_no);
01739 info_p->version = RSBAC_RC_FD_ACI_VERSION;
01740 info_p->key = RSBAC_RC_FD_ACI_KEY;
01741 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01742 info_p->data_size =
sizeof(
struct rsbac_rc_fd_aci_t);
01743 info_p->max_age = 0;
01744 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01745 &(device_p->handles.rc[file_no]),
01746 info_p,
01747
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01748
rsbac_list_compare_u32,
01749
NULL,
01750 &def_rc_fd_aci,
01751 name,
01752 kdev);
01753
if(tmperr)
01754 {
01755
char * tmp;
01756
01757 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01758
if(tmp)
01759 {
01760
#ifdef CONFIG_RSBAC_RMSG
01761
rsbac_printk(KERN_WARNING
01762
"register_fd_lists(): registering RC list %u for device %02u:%02u failed with error %s!\n",
01763 file_no,
01764 RSBAC_MAJOR(kdev),
01765 RSBAC_MINOR(kdev),
01766
get_error_name(tmp, tmperr));
01767
#endif
01768
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01769
if (!rsbac_nosyslog)
01770
#endif
01771
printk(KERN_WARNING
01772
"register_fd_lists(): registering RC list %u for device %02u:%02u failed with error %s!\n",
01773 file_no,
01774 RSBAC_MAJOR(kdev),
01775 RSBAC_MINOR(kdev),
01776
get_error_name(tmp, tmperr));
01777
rsbac_kfree(tmp);
01778 }
01779 err = tmperr;
01780 }
01781 }
01782 }
01783
#endif
01784
01785
#if defined(CONFIG_RSBAC_AUTH)
01786
{
01787
struct rsbac_auth_fd_aci_t def_auth_fd_aci = DEFAULT_AUTH_FD_ACI;
01788
01789
01790
for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++)
01791 {
01792
01793 sprintf(name,
"%s%u", RSBAC_AUTH_FD_NAME, file_no);
01794 info_p->version = RSBAC_AUTH_FD_ACI_VERSION;
01795 info_p->key = RSBAC_AUTH_FD_ACI_KEY;
01796 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01797 info_p->data_size =
sizeof(
struct rsbac_auth_fd_aci_t);
01798 info_p->max_age = 0;
01799 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01800 &(device_p->handles.auth[file_no]),
01801 info_p,
01802
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01803
rsbac_list_compare_u32,
01804 auth_fd_get_conv,
01805 &def_auth_fd_aci,
01806 name,
01807 kdev);
01808
if(tmperr)
01809 {
01810
char * tmp;
01811
01812 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01813
if(tmp)
01814 {
01815
#ifdef CONFIG_RSBAC_RMSG
01816
rsbac_printk(KERN_WARNING
01817
"register_fd_lists(): registering AUTH list %u for device %02u:%02u failed with error %s!\n",
01818 file_no,
01819 RSBAC_MAJOR(kdev),
01820 RSBAC_MINOR(kdev),
01821
get_error_name(tmp, tmperr));
01822
#endif
01823
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01824
if (!rsbac_nosyslog)
01825
#endif
01826
printk(KERN_WARNING
01827
"register_fd_lists(): registering AUTH list %u for device %02u:%02u failed with error %s!\n",
01828 file_no,
01829 RSBAC_MAJOR(kdev),
01830 RSBAC_MINOR(kdev),
01831
get_error_name(tmp, tmperr));
01832
rsbac_kfree(tmp);
01833 }
01834 err = tmperr;
01835 }
01836 }
01837 }
01838
#endif
01839
01840
#if defined(CONFIG_RSBAC_CAP)
01841
{
01842
struct rsbac_cap_fd_aci_t def_cap_fd_aci = DEFAULT_CAP_FD_ACI;
01843
01844
01845
for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++)
01846 {
01847
01848 sprintf(name,
"%s%u", RSBAC_CAP_FD_NAME, file_no);
01849 info_p->version = RSBAC_CAP_FD_ACI_VERSION;
01850 info_p->key = RSBAC_CAP_FD_ACI_KEY;
01851 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01852 info_p->data_size =
sizeof(
struct rsbac_cap_fd_aci_t);
01853 info_p->max_age = 0;
01854 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01855 &(device_p->handles.cap[file_no]),
01856 info_p,
01857
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01858
rsbac_list_compare_u32,
01859
NULL,
01860 &def_cap_fd_aci,
01861 name,
01862 kdev);
01863
if(tmperr)
01864 {
01865
char * tmp;
01866
01867 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01868
if(tmp)
01869 {
01870
#ifdef CONFIG_RSBAC_RMSG
01871
rsbac_printk(KERN_WARNING
01872
"register_fd_lists(): registering CAP list %u for device %02u:%02u failed with error %s!\n",
01873 file_no,
01874 RSBAC_MAJOR(kdev),
01875 RSBAC_MINOR(kdev),
01876
get_error_name(tmp, tmperr));
01877
#endif
01878
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01879
if (!rsbac_nosyslog)
01880
#endif
01881
printk(KERN_WARNING
01882
"register_fd_lists(): registering CAP list %u for device %02u:%02u failed with error %s!\n",
01883 file_no,
01884 RSBAC_MAJOR(kdev),
01885 RSBAC_MINOR(kdev),
01886
get_error_name(tmp, tmperr));
01887
rsbac_kfree(tmp);
01888 }
01889 err = tmperr;
01890 }
01891 }
01892 }
01893
#endif
01894
01895
#if defined(CONFIG_RSBAC_PAX)
01896
{
01897
rsbac_pax_flags_t def_pax_fd_aci =
RSBAC_PAX_DEF_FLAGS;
01898
01899
01900
for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++)
01901 {
01902
01903 sprintf(name,
"%s%u", RSBAC_PAX_FD_NAME, file_no);
01904 info_p->version = RSBAC_PAX_FD_ACI_VERSION;
01905 info_p->key = RSBAC_PAX_FD_ACI_KEY;
01906 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01907 info_p->data_size =
sizeof(
rsbac_pax_flags_t);
01908 info_p->max_age = 0;
01909 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01910 &(device_p->handles.pax[file_no]),
01911 info_p,
01912
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01913
rsbac_list_compare_u32,
01914
NULL,
01915 &def_pax_fd_aci,
01916 name,
01917 kdev);
01918
if(tmperr)
01919 {
01920
char * tmp;
01921
01922 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01923
if(tmp)
01924 {
01925
#ifdef CONFIG_RSBAC_RMSG
01926
rsbac_printk(KERN_WARNING
01927
"register_fd_lists(): registering PAX list %u for device %02u:%02u failed with error %s!\n",
01928 file_no,
01929 RSBAC_MAJOR(kdev),
01930 RSBAC_MINOR(kdev),
01931
get_error_name(tmp, tmperr));
01932
#endif
01933
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01934
if (!rsbac_nosyslog)
01935
#endif
01936
printk(KERN_WARNING
01937
"register_fd_lists(): registering PAX list %u for device %02u:%02u failed with error %s!\n",
01938 file_no,
01939 RSBAC_MAJOR(kdev),
01940 RSBAC_MINOR(kdev),
01941
get_error_name(tmp, tmperr));
01942
rsbac_kfree(tmp);
01943 }
01944 err = tmperr;
01945 }
01946 }
01947 }
01948
#endif
01949
01950
#if defined(CONFIG_RSBAC_RES)
01951
{
01952
struct rsbac_res_fd_aci_t def_res_fd_aci = DEFAULT_RES_FD_ACI;
01953
01954
01955
for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++)
01956 {
01957
01958 sprintf(name,
"%s%u", RSBAC_RES_FD_NAME, file_no);
01959 info_p->version = RSBAC_RES_FD_ACI_VERSION;
01960 info_p->key = RSBAC_RES_FD_ACI_KEY;
01961 info_p->desc_size =
sizeof(
rsbac_inode_nr_t);
01962 info_p->data_size =
sizeof(
struct rsbac_res_fd_aci_t);
01963 info_p->max_age = 0;
01964 tmperr =
rsbac_list_register(
RSBAC_LIST_VERSION,
01965 &(device_p->handles.res[file_no]),
01966 info_p,
01967
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
01968
rsbac_list_compare_u32,
01969
NULL,
01970 &def_res_fd_aci,
01971 name,
01972 kdev);
01973
if(tmperr)
01974 {
01975
char * tmp;
01976
01977 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01978
if(tmp)
01979 {
01980
#ifdef CONFIG_RSBAC_RMSG
01981
rsbac_printk(KERN_WARNING
01982
"register_fd_lists(): registering RES list %u for device %02u:%02u failed with error %s!\n",
01983 file_no,
01984 RSBAC_MAJOR(kdev),
01985 RSBAC_MINOR(kdev),
01986
get_error_name(tmp, tmperr));
01987
#endif
01988
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01989
if (!rsbac_nosyslog)
01990
#endif
01991
printk(KERN_WARNING
01992
"register_fd_lists(): registering RES list %u for device %02u:%02u failed with error %s!\n",
01993 file_no,
01994 RSBAC_MAJOR(kdev),
01995 RSBAC_MINOR(kdev),
01996
get_error_name(tmp, tmperr));
01997
rsbac_kfree(tmp);
01998 }
01999 err = tmperr;
02000 }
02001 }
02002 }
02003
#endif
02004
02005
return err;
02006 }
02007
02008
02009
02010
02011 static int aci_detach_fd_lists(
struct rsbac_device_list_item_t * device_p)
02012 {
02013
int err = 0;
02014
int tmperr;
02015 u_int file_no;
02016
02017
if(!device_p)
02018
return(-
RSBAC_EINVALIDPOINTER);
02019
02020
02021
for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++)
02022 {
02023 tmperr =
rsbac_list_detach(&device_p->handles.gen[file_no],
02024
RSBAC_GEN_FD_ACI_KEY);
02025
if(tmperr)
02026 {
02027
char * tmp;
02028
02029 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02030
if(tmp)
02031 {
02032
#ifdef CONFIG_RSBAC_RMSG
02033
rsbac_printk(KERN_WARNING
02034
"detach_fd_lists(): detaching from general list %u for device %02u:%02u failed with error %s!\n",
02035 file_no,
02036 RSBAC_MAJOR(device_p->id),
02037 RSBAC_MINOR(device_p->id),
02038
get_error_name(tmp, tmperr));
02039
#endif
02040
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02041
if (!rsbac_nosyslog)
02042
#endif
02043
printk(KERN_WARNING
02044
"detach_fd_lists(): detaching from general list %u for device %02u:%02u failed with error %s!\n",
02045 file_no,
02046 RSBAC_MAJOR(device_p->id),
02047 RSBAC_MINOR(device_p->id),
02048
get_error_name(tmp, tmperr));
02049
rsbac_kfree(tmp);
02050 }
02051 err = tmperr;
02052 }
02053 }
02054
02055
#if defined(CONFIG_RSBAC_MAC)
02056
02057
for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++)
02058 {
02059 tmperr =
rsbac_list_detach(&device_p->handles.mac[file_no],
02060 RSBAC_MAC_FD_ACI_KEY);
02061
if(tmperr)
02062 {
02063
char * tmp;
02064
02065 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02066
if(tmp)
02067 {
02068
#ifdef CONFIG_RSBAC_RMSG
02069
rsbac_printk(KERN_WARNING
02070
"detach_fd_lists(): detaching from MAC list %u for device %02u:%02u failed with error %s!\n",
02071 file_no,
02072 RSBAC_MAJOR(device_p->id),
02073 RSBAC_MINOR(device_p->id),
02074
get_error_name(tmp, tmperr));
02075
#endif
02076
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02077
if (!rsbac_nosyslog)
02078
#endif
02079
printk(KERN_WARNING
02080
"detach_fd_lists(): detaching from MAC list %u for device %02u:%02u failed with error %s!\n",
02081 file_no,
02082 RSBAC_MAJOR(device_p->id),
02083 RSBAC_MINOR(device_p->id),
02084
get_error_name(tmp, tmperr));
02085
rsbac_kfree(tmp);
02086 }
02087 err = tmperr;
02088 }
02089 }
02090
#endif
02091
02092
#if defined(CONFIG_RSBAC_FC)
02093
02094
for (file_no = 0; file_no < RSBAC_FC_NR_FD_LISTS; file_no++)
02095 {
02096 tmperr =
rsbac_list_detach(&device_p->handles.fc[file_no],
02097 RSBAC_FC_FD_ACI_KEY);
02098
if(tmperr)
02099 {
02100
char * tmp;
02101
02102 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02103
if(tmp)
02104 {
02105
#ifdef CONFIG_RSBAC_RMSG
02106
rsbac_printk(KERN_WARNING
02107
"detach_fd_lists(): detaching from FC list %u for device %02u:%02u failed with error %s!\n",
02108 file_no,
02109 RSBAC_MAJOR(device_p->id),
02110 RSBAC_MINOR(device_p->id),
02111
get_error_name(tmp, tmperr));
02112
#endif
02113
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02114
if (!rsbac_nosyslog)
02115
#endif
02116
printk(KERN_WARNING
02117
"detach_fd_lists(): detaching from FC list %u for device %02u:%02u failed with error %s!\n",
02118 file_no,
02119 RSBAC_MAJOR(device_p->id),
02120 RSBAC_MINOR(device_p->id),
02121
get_error_name(tmp, tmperr));
02122
rsbac_kfree(tmp);
02123 }
02124 err = tmperr;
02125 }
02126 }
02127
#endif
02128
02129
#if defined(CONFIG_RSBAC_SIM)
02130
02131
for (file_no = 0; file_no < RSBAC_SIM_NR_FD_LISTS; file_no++)
02132 {
02133 tmperr =
rsbac_list_detach(&device_p->handles.sim[file_no],
02134 RSBAC_SIM_FD_ACI_KEY);
02135
if(tmperr)
02136 {
02137
char * tmp;
02138
02139 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02140
if(tmp)
02141 {
02142
#ifdef CONFIG_RSBAC_RMSG
02143
rsbac_printk(KERN_WARNING
02144
"detach_fd_lists(): detaching from SIM list %u for device %02u:%02u failed with error %s!\n",
02145 file_no,
02146 RSBAC_MAJOR(device_p->id),
02147 RSBAC_MINOR(device_p->id),
02148
get_error_name(tmp, tmperr));
02149
#endif
02150
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02151
if (!rsbac_nosyslog)
02152
#endif
02153
printk(KERN_WARNING
02154
"detach_fd_lists(): detaching from SIM list %u for device %02u:%02u failed with error %s!\n",
02155 file_no,
02156 RSBAC_MAJOR(device_p->id),
02157 RSBAC_MINOR(device_p->id),
02158
get_error_name(tmp, tmperr));
02159
rsbac_kfree(tmp);
02160 }
02161 err = tmperr;
02162 }
02163 }
02164
#endif
02165
02166
#if defined(CONFIG_RSBAC_PM)
02167
02168
for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++)
02169 {
02170 tmperr =
rsbac_list_detach(&device_p->handles.pm[file_no],
02171 RSBAC_PM_FD_ACI_KEY);
02172
if(tmperr)
02173 {
02174
char * tmp;
02175
02176 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02177
if(tmp)
02178 {
02179
#ifdef CONFIG_RSBAC_RMSG
02180
rsbac_printk(KERN_WARNING
02181
"detach_fd_lists(): detaching from PM list %u for device %02u:%02u failed with error %s!\n",
02182 file_no,
02183 RSBAC_MAJOR(device_p->id),
02184 RSBAC_MINOR(device_p->id),
02185
get_error_name(tmp, tmperr));
02186
#endif
02187
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02188
if (!rsbac_nosyslog)
02189
#endif
02190
printk(KERN_WARNING
02191
"detach_fd_lists(): detaching from PM list %u for device %02u:%02u failed with error %s!\n",
02192 file_no,
02193 RSBAC_MAJOR(device_p->id),
02194 RSBAC_MINOR(device_p->id),
02195
get_error_name(tmp, tmperr));
02196
rsbac_kfree(tmp);
02197 }
02198 err = tmperr;
02199 }
02200 }
02201
#endif
02202
02203
#if defined(CONFIG_RSBAC_DAZ)
02204
02205
for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++)
02206 {
02207 tmperr =
rsbac_list_detach(&device_p->handles.daz[file_no],
02208 RSBAC_DAZ_FD_ACI_KEY);
02209
if(tmperr)
02210 {
02211
char * tmp;
02212
02213 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02214
if(tmp)
02215 {
02216
#ifdef CONFIG_RSBAC_RMSG
02217
rsbac_printk(KERN_WARNING
02218
"detach_fd_lists(): detaching from DAZ list %u for device %02u:%02u failed with error %s!\n",
02219 file_no,
02220 RSBAC_MAJOR(device_p->id),
02221 RSBAC_MINOR(device_p->id),
02222
get_error_name(tmp, tmperr));
02223
#endif
02224
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02225
if (!rsbac_nosyslog)
02226
#endif
02227
printk(KERN_WARNING
02228
"detach_fd_lists(): detaching from DAZ list %u for device %02u:%02u failed with error %s!\n",
02229 file_no,
02230 RSBAC_MAJOR(device_p->id),
02231 RSBAC_MINOR(device_p->id),
02232
get_error_name(tmp, tmperr));
02233
rsbac_kfree(tmp);
02234 }
02235 err = tmperr;
02236 }
02237 }
02238
#if defined(CONFIG_RSBAC_DAZ_CACHE)
02239
02240
for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++)
02241 {
02242 tmperr =
rsbac_list_detach(&device_p->handles.dazs[file_no],
02243 RSBAC_DAZ_FD_ACI_KEY);
02244
if(tmperr)
02245 {
02246
char * tmp;
02247
02248 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02249
if(tmp)
02250 {
02251
#ifdef CONFIG_RSBAC_RMSG
02252
rsbac_printk(KERN_WARNING
02253
"detach_fd_lists(): detaching from DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
02254 file_no,
02255 RSBAC_MAJOR(device_p->id),
02256 RSBAC_MINOR(device_p->id),
02257
get_error_name(tmp, tmperr));
02258
#endif
02259
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02260
if (!rsbac_nosyslog)
02261
#endif
02262
printk(KERN_WARNING
02263
"detach_fd_lists(): detaching from DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
02264 file_no,
02265 RSBAC_MAJOR(device_p->id),
02266 RSBAC_MINOR(device_p->id),
02267
get_error_name(tmp, tmperr));
02268
rsbac_kfree(tmp);
02269 }
02270 err = tmperr;
02271 }
02272 }
02273
#endif
02274
#endif
02275
02276
#if defined(CONFIG_RSBAC_FF)
02277
02278
for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++)
02279 {
02280 tmperr =
rsbac_list_detach(&device_p->handles.ff[file_no],
02281 RSBAC_FF_FD_ACI_KEY);
02282
if(tmperr)
02283 {
02284
char * tmp;
02285
02286 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02287
if(tmp)
02288 {
02289
#ifdef CONFIG_RSBAC_RMSG
02290
rsbac_printk(KERN_WARNING
02291
"detach_fd_lists(): detaching from FF list %u for device %02u:%02u failed with error %s!\n",
02292 file_no,
02293 RSBAC_MAJOR(device_p->id),
02294 RSBAC_MINOR(device_p->id),
02295
get_error_name(tmp, tmperr));
02296
#endif
02297
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02298
if (!rsbac_nosyslog)
02299
#endif
02300
printk(KERN_WARNING
02301
"detach_fd_lists(): detaching from FF list %u for device %02u:%02u failed with error %s!\n",
02302 file_no,
02303 RSBAC_MAJOR(device_p->id),
02304 RSBAC_MINOR(device_p->id),
02305
get_error_name(tmp, tmperr));
02306
rsbac_kfree(tmp);
02307 }
02308 err = tmperr;
02309 }
02310 }
02311
#endif
02312
02313
#if defined(CONFIG_RSBAC_RC)
02314
02315
for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++)
02316 {
02317 tmperr =
rsbac_list_detach(&device_p->handles.rc[file_no],
02318 RSBAC_RC_FD_ACI_KEY);
02319
if(tmperr)
02320 {
02321
char * tmp;
02322
02323 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02324
if(tmp)
02325 {
02326
#ifdef CONFIG_RSBAC_RMSG
02327
rsbac_printk(KERN_WARNING
02328
"detach_fd_lists(): detaching from RC list %u for device %02u:%02u failed with error %s!\n",
02329 file_no,
02330 RSBAC_MAJOR(device_p->id),
02331 RSBAC_MINOR(device_p->id),
02332
get_error_name(tmp, tmperr));
02333
#endif
02334
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02335
if (!rsbac_nosyslog)
02336
#endif
02337
printk(KERN_WARNING
02338
"detach_fd_lists(): detaching from RC list %u for device %02u:%02u failed with error %s!\n",
02339 file_no,
02340 RSBAC_MAJOR(device_p->id),
02341 RSBAC_MINOR(device_p->id),
02342
get_error_name(tmp, tmperr));
02343
rsbac_kfree(tmp);
02344 }
02345 err = tmperr;
02346 }
02347 }
02348
#endif
02349
02350
#if defined(CONFIG_RSBAC_AUTH)
02351
02352
for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++)
02353 {
02354 tmperr =
rsbac_list_detach(&device_p->handles.auth[file_no],
02355 RSBAC_AUTH_FD_ACI_KEY);
02356
if(tmperr)
02357 {
02358
char * tmp;
02359
02360 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02361
if(tmp)
02362 {
02363
#ifdef CONFIG_RSBAC_RMSG
02364
rsbac_printk(KERN_WARNING
02365
"detach_fd_lists(): detaching from AUTH list %u for device %02u:%02u failed with error %s!\n",
02366 file_no,
02367 RSBAC_MAJOR(device_p->id),
02368 RSBAC_MINOR(device_p->id),
02369
get_error_name(tmp, tmperr));
02370
#endif
02371
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02372
if (!rsbac_nosyslog)
02373
#endif
02374
printk(KERN_WARNING
02375
"detach_fd_lists(): detaching from AUTH list %u for device %02u:%02u failed with error %s!\n",
02376 file_no,
02377 RSBAC_MAJOR(device_p->id),
02378 RSBAC_MINOR(device_p->id),
02379
get_error_name(tmp, tmperr));
02380
rsbac_kfree(tmp);
02381 }
02382 err = tmperr;
02383 }
02384 }
02385
#endif
02386
02387
#if defined(CONFIG_RSBAC_CAP)
02388
02389
for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++)
02390 {
02391 tmperr =
rsbac_list_detach(&device_p->handles.cap[file_no],
02392 RSBAC_CAP_FD_ACI_KEY);
02393
if(tmperr)
02394 {
02395
char * tmp;
02396
02397 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02398
if(tmp)
02399 {
02400
#ifdef CONFIG_RSBAC_RMSG
02401
rsbac_printk(KERN_WARNING
02402
"detach_fd_lists(): detaching from CAP list %u for device %02u:%02u failed with error %s!\n",
02403 file_no,
02404 RSBAC_MAJOR(device_p->id),
02405 RSBAC_MINOR(device_p->id),
02406
get_error_name(tmp, tmperr));
02407
#endif
02408
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02409
if (!rsbac_nosyslog)
02410
#endif
02411
printk(KERN_WARNING
02412
"detach_fd_lists(): detaching from CAP list %u for device %02u:%02u failed with error %s!\n",
02413 file_no,
02414 RSBAC_MAJOR(device_p->id),
02415 RSBAC_MINOR(device_p->id),
02416
get_error_name(tmp, tmperr));
02417
rsbac_kfree(tmp);
02418 }
02419 err = tmperr;
02420 }
02421 }
02422
#endif
02423
02424
#if defined(CONFIG_RSBAC_PAX)
02425
02426
for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++)
02427 {
02428 tmperr =
rsbac_list_detach(&device_p->handles.pax[file_no],
02429 RSBAC_PAX_FD_ACI_KEY);
02430
if(tmperr)
02431 {
02432
char * tmp;
02433
02434 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02435
if(tmp)
02436 {
02437
#ifdef CONFIG_RSBAC_RMSG
02438
rsbac_printk(KERN_WARNING
02439
"detach_fd_lists(): detaching from PAX list %u for device %02u:%02u failed with error %s!\n",
02440 file_no,
02441 RSBAC_MAJOR(device_p->id),
02442 RSBAC_MINOR(device_p->id),
02443
get_error_name(tmp, tmperr));
02444
#endif
02445
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02446
if (!rsbac_nosyslog)
02447
#endif
02448
printk(KERN_WARNING
02449
"detach_fd_lists(): detaching from PAX list %u for device %02u:%02u failed with error %s!\n",
02450 file_no,
02451 RSBAC_MAJOR(device_p->id),
02452 RSBAC_MINOR(device_p->id),
02453
get_error_name(tmp, tmperr));
02454
rsbac_kfree(tmp);
02455 }
02456 err = tmperr;
02457 }
02458 }
02459
#endif
02460
02461
#if defined(CONFIG_RSBAC_RES)
02462
02463
for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++)
02464 {
02465 tmperr =
rsbac_list_detach(&device_p->handles.res[file_no],
02466 RSBAC_RES_FD_ACI_KEY);
02467
if(tmperr)
02468 {
02469
char * tmp;
02470
02471 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02472
if(tmp)
02473 {
02474
#ifdef CONFIG_RSBAC_RMSG
02475
rsbac_printk(KERN_WARNING
02476
"detach_fd_lists(): detaching from RES list %u for device %02u:%02u failed with error %s!\n",
02477 file_no,
02478 RSBAC_MAJOR(device_p->id),
02479 RSBAC_MINOR(device_p->id),
02480
get_error_name(tmp, tmperr));
02481
#endif
02482
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02483
if (!rsbac_nosyslog)
02484
#endif
02485
printk(KERN_WARNING
02486
"detach_fd_lists(): detaching from RES list %u for device %02u:%02u failed with error %s!\n",
02487 file_no,
02488 RSBAC_MAJOR(device_p->id),
02489 RSBAC_MINOR(device_p->id),
02490
get_error_name(tmp, tmperr));
02491
rsbac_kfree(tmp);
02492 }
02493 err = tmperr;
02494 }
02495 }
02496
#endif
02497
02498
return err;
02499 }
02500
02501
02502
02503
static struct rsbac_device_list_item_t
02504 *
create_device_item(
struct super_block * sb_p,
struct dentry * d_covers)
02505 {
02506
struct rsbac_device_list_item_t * new_item_p;
02507
02508
if(!sb_p)
02509
return NULL;
02510
02511
if ( !(new_item_p = (
struct rsbac_device_list_item_t *)
02512
rsbac_kmalloc(
sizeof(*new_item_p)) ) )
02513
return(
NULL);
02514
02515 memset(new_item_p, 0,
sizeof(*new_item_p));
02516 new_item_p->id = sb_p->s_dev;
02517 new_item_p->sb_p = sb_p;
02518 new_item_p->d_covers = d_covers;
02519 new_item_p->mount_count = 1;
02520
02521
return(new_item_p);
02522 };
02523
02524
02525
static struct rsbac_device_list_item_t
02526 *
add_device_item(
struct rsbac_device_list_item_t * device_p)
02527 {
02528
if (!device_p)
02529
return(
NULL);
02530
02531
02532
if (!
device_list_head.head)
02533 {
02534
device_list_head.head=device_p;
02535
device_list_head.tail=device_p;
02536
device_list_head.curr=device_p;
02537
device_list_head.count=1;
02538 device_p->prev=
NULL;
02539 device_p->next=
NULL;
02540 }
02541
else
02542 {
02543 device_p->prev=
device_list_head.tail;
02544 device_p->next=
NULL;
02545
device_list_head.tail->next=device_p;
02546
device_list_head.tail=device_p;
02547
device_list_head.curr=device_p;
02548
device_list_head.count++;
02549 };
02550
return(device_p);
02551 };
02552
02553
02554
02555
02556
02557
02558
02559
02560 static void clear_device_item(
struct rsbac_device_list_item_t * item_p)
02561 {
02562
if(!item_p)
02563
return;
02564
02565
02566
if(item_p->rsbac_dir_dentry_p)
02567 dput(item_p->rsbac_dir_dentry_p);
02568
02569
rsbac_kfree(item_p);
02570 };
02571
02572 static void remove_device_item(kdev_t kdev)
02573 {
02574
struct rsbac_device_list_item_t * item_p;
02575
02576
02577
if ( (item_p =
lookup_device(kdev)) )
02578 {
02579
if (
device_list_head.head == item_p)
02580 {
02581
if (
device_list_head.tail == item_p)
02582 {
02583
device_list_head.head =
NULL;
02584
device_list_head.tail =
NULL;
02585 }
02586
else
02587 {
02588 item_p->next->prev =
NULL;
02589
device_list_head.head = item_p->next;
02590 };
02591 }
02592
else
02593 {
02594
if (
device_list_head.tail == item_p)
02595 {
02596 item_p->prev->next =
NULL;
02597
device_list_head.tail = item_p->prev;
02598 }
02599
else
02600 {
02601 item_p->prev->next = item_p->next;
02602 item_p->next->prev = item_p->prev;
02603 };
02604 };
02605
02606
02607
device_list_head.curr=
NULL;
02608
02609
device_list_head.count--;
02610
02611
02612
aci_detach_fd_lists(item_p);
02613
02614
02615
clear_device_item(item_p);
02616 };
02617
02618 };
02619
02620
02621
02622
02623
02624
02625 static int rsbac_clear_file(
struct dentry *dentry)
02626 {
02627
struct inode *inode = dentry->d_inode;
02628
int error;
02629
struct iattr newattrs;
02630
02631 down(&inode->i_sem);
02632 newattrs.ia_size = 0;
02633 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
02634 error = notify_change(dentry, &newattrs);
02635 up(&inode->i_sem);
02636
return error;
02637 }
02638
02639 static void wakeup_auto(u_long dummy)
02640 {
02641 wake_up((
void *) dummy);
02642 }
02643
02644
#if defined(CONFIG_RSBAC_REG)
02645
EXPORT_SYMBOL(rsbac_get_super_block);
02646
#endif
02647 struct super_block *
rsbac_get_super_block(kdev_t kdev)
02648 {
02649
struct rsbac_device_list_item_t * device_p;
02650 u_long dflags;
02651
struct super_block * sb_p;
02652
02653
if(RSBAC_IS_AUTO_DEV(kdev))
02654
return NULL;
02655
02656
02657 rsbac_read_lock(&
device_list_head.lock, &dflags);
02658 device_p =
lookup_device(kdev);
02659
if (!device_p)
02660 {
02661 rsbac_read_unlock(&
device_list_head.lock, &dflags);
02662 down(&
rsbac_write_sem);
02663 up(&
rsbac_write_sem);
02664
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02665
sb_p = user_get_super(kdev);
02666
#else
02667
sb_p = get_super(kdev);
02668
#endif
02669
if(!sb_p)
02670 {
02671 DECLARE_WAIT_QUEUE_HEAD(auto_wait);
02672
struct timer_list auto_timer;
02673
02674
#ifdef CONFIG_RSBAC_RMSG
02675
rsbac_printk(KERN_INFO
02676
"rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n",
02677 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02678
#endif
02679
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02680
if (!rsbac_nosyslog)
02681
#endif
02682
printk(KERN_INFO
02683
"rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n",
02684 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02685 init_timer(&auto_timer);
02686 auto_timer.function =
wakeup_auto;
02687 auto_timer.data = (u_long) &auto_wait;
02688 auto_timer.expires = jiffies + HZ;
02689 add_timer(&auto_timer);
02690 interruptible_sleep_on(&auto_wait);
02691
02692
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02693
sb_p = user_get_super(kdev);
02694
#else
02695
sb_p = get_super(kdev);
02696
#endif
02697
}
02698
if(sb_p)
02699 {
02700 device_p =
lookup_device(kdev);
02701
if (!device_p)
02702 {
02703
#ifdef CONFIG_RSBAC_RMSG
02704
rsbac_printk(KERN_INFO
02705
"rsbac_get_super_block(): auto-mounting device %02u:%02u\n",
02706 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02707
#endif
02708
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02709
if (!rsbac_nosyslog)
02710
#endif
02711
printk(KERN_INFO
02712
"rsbac_get_super_block(): auto-mounting device %02u:%02u\n",
02713 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02714
rsbac_mount(sb_p,
NULL);
02715 }
02716
02717 drop_super(sb_p);
02718 rsbac_read_lock(&
device_list_head.lock, &dflags);
02719 device_p =
lookup_device(kdev);
02720
if (!device_p)
02721 {
02722
#ifdef CONFIG_RSBAC_RMSG
02723
rsbac_printk(KERN_WARNING
02724
"rsbac_get_super_block(): unknown device %02u:%02u\n",
02725 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02726
#endif
02727
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02728
if (!rsbac_nosyslog)
02729
#endif
02730
printk(KERN_WARNING
02731
"rsbac_get_super_block(): unknown device %02u:%02u\n",
02732 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02733 rsbac_read_unlock(&
device_list_head.lock, &dflags);
02734
return NULL;
02735 }
02736 }
02737
else
02738 {
02739
return NULL;
02740 }
02741 }
02742 sb_p = device_p->sb_p;
02743 rsbac_read_unlock(&
device_list_head.lock, &dflags);
02744
return sb_p;
02745 }
02746
02747
#if defined(CONFIG_RSBAC_REG)
02748
EXPORT_SYMBOL(rsbac_read_open);
02749
#endif
02750 int rsbac_read_open(
char * name,
02751
struct file * file_p,
02752 kdev_t kdev)
02753 {
02754
struct dentry * dir_dentry_p;
02755
struct dentry * file_dentry_p;
02756
int tmperr, err;
02757
02758
if(!name || !file_p)
02759 {
02760
#ifdef CONFIG_RSBAC_DEBUG
02761
if (rsbac_debug_ds)
02762 {
02763
#ifdef CONFIG_RSBAC_RMSG
02764
rsbac_printk(KERN_DEBUG
"rsbac_read_open(): called with NULL pointer!");
02765
#endif
02766
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02767
if (!rsbac_nosyslog)
02768
#endif
02769
printk(KERN_DEBUG
"rsbac_read_open(): called with NULL pointer!");
02770 }
02771
#endif
02772
return(-
RSBAC_EINVALIDPOINTER);
02773 }
02774
02775
02776
if ((err=
lookup_aci_path_dentry(
NULL, &dir_dentry_p,
FALSE, kdev)))
02777 {
02778
return(err);
02779 }
02780
02781
02782
02783 file_dentry_p =
rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02784
if (!file_dentry_p || IS_ERR (file_dentry_p))
02785 {
02786
return(-
RSBAC_EREADFAILED);
02787 }
02788
if (!file_dentry_p->d_inode)
02789 {
02790
char * bname;
02791
int name_len = strlen(name);
02792
02793 dput(file_dentry_p);
02794 bname =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02795
if(!bname)
02796 {
02797
return -
RSBAC_ENOMEM;
02798 }
02799
02800 strcpy(bname,name);
02801 bname[name_len] =
'b';
02802 name_len++;
02803 bname[name_len] = (
char) 0;
02804
#ifdef CONFIG_RSBAC_DEBUG
02805
if (rsbac_debug_ds)
02806 {
02807
#ifdef CONFIG_RSBAC_RMSG
02808
rsbac_printk(KERN_DEBUG
"rsbac_read_open(): could not lookup file %s, trying backup %s\n",
02809 name,bname);
02810
#endif
02811
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02812
if (!rsbac_nosyslog)
02813
#endif
02814
printk(KERN_DEBUG
"rsbac_read_open(): could not lookup file %s, trying backup %s\n",
02815 name,bname);
02816 }
02817
#endif
02818
file_dentry_p =
rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname));
02819
rsbac_kfree(bname);
02820
if (!file_dentry_p || IS_ERR (file_dentry_p))
02821 {
02822
return(-
RSBAC_EREADFAILED);
02823 }
02824
if (!file_dentry_p->d_inode)
02825 {
02826
#ifdef CONFIG_RSBAC_DEBUG
02827
if (rsbac_debug_ds)
02828 {
02829
#ifdef CONFIG_RSBAC_RMSG
02830
rsbac_printk(KERN_DEBUG
"rsbac_read_open(): could not lookup backup file %sb\n",
02831 name);
02832
#endif
02833
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02834
if (!rsbac_nosyslog)
02835
#endif
02836
printk(KERN_DEBUG
"rsbac_read_open(): could not lookup backup file %sb\n",
02837 name);
02838 }
02839
#endif
02840
dput(file_dentry_p);
02841
return(-
RSBAC_ENOTFOUND);
02842 }
02843 }
02844
if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) )
02845 {
02846
#ifdef CONFIG_RSBAC_RMSG
02847
rsbac_printk(KERN_WARNING
"rsbac_read_open(): expected file is not a file!\n");
02848
#endif
02849
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02850
if (!rsbac_nosyslog)
02851
#endif
02852
printk(KERN_WARNING
"rsbac_read_open(): expected file is not a file!\n");
02853 dput(file_dentry_p);
02854
return(-
RSBAC_EREADFAILED);
02855 }
02856
02857
02858
02859
if ((tmperr =
init_private_file(file_p, file_dentry_p,O_RDONLY)))
02860 {
02861 dput(file_dentry_p);
02862
#ifdef CONFIG_RSBAC_RMSG
02863
rsbac_printk(KERN_WARNING
"rsbac_read_open(): could not open file '%s'!\n", name);
02864
#endif
02865
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02866
if (!rsbac_nosyslog)
02867
#endif
02868
printk(KERN_WARNING
"rsbac_read_open(): could not open file '%s'!\n", name);
02869
return -
RSBAC_EREADFAILED;
02870 }
02871
02872
02873
if ((!file_p->f_op) || (!file_p->f_op->read))
02874 {
02875
if (!file_p->f_op)
02876 {
02877
#ifdef CONFIG_RSBAC_RMSG
02878
rsbac_printk(KERN_WARNING
"rsbac_read_open(): no f_op for file '%s'!\n", name);
02879
#endif
02880
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02881
if (!rsbac_nosyslog)
02882
#endif
02883
printk(KERN_WARNING
"rsbac_read_open(): no f_op for file '%s'!\n", name);
02884 }
02885
else
02886 {
02887
#ifdef CONFIG_RSBAC_RMSG
02888
rsbac_printk(KERN_WARNING
"rsbac_read_open(): no file read func for file '%s'!\n", name);
02889
#endif
02890
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02891
if (!rsbac_nosyslog)
02892
#endif
02893
printk(KERN_WARNING
"rsbac_read_open(): no file read func for file '%s'!\n", name);
02894
if (file_p->f_op->release)
02895 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02896 }
02897 dput(file_dentry_p);
02898
return -
RSBAC_EREADFAILED;
02899 }
02900
return 0;
02901 }
02902
02903
02904
#ifndef check_parent
02905
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02906 #define check_parent(dir, dentry) \
02907
((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket))
02908
#else
02909
#define check_parent(dir, dentry) \
02910
((dir) == (dentry)->d_parent && !list_empty(&dentry->d_hash))
02911
#endif
02912
#endif
02913
02914
#if defined(CONFIG_RSBAC_REG)
02915
EXPORT_SYMBOL(rsbac_write_open);
02916
#endif
02917 int rsbac_write_open(
char * name,
02918
struct file * file_p,
02919 kdev_t kdev)
02920 {
02921
struct dentry * dir_dentry_p =
NULL;
02922
struct dentry * ldir_dentry_p =
NULL;
02923
struct dentry * file_dentry_p =
NULL;
02924
int err = 0;
02925
int tmperr = 0;
02926
struct super_block * sb_p;
02927
02928
if(!file_p || !name)
02929 {
02930
#ifdef CONFIG_RSBAC_DEBUG
02931
if (rsbac_debug_write)
02932 {
02933
#ifdef CONFIG_RSBAC_RMSG
02934
rsbac_printk(KERN_DEBUG
"rsbac_write_open(): called with NULL pointer!\n");
02935
#endif
02936
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02937
if (!rsbac_nosyslog)
02938
#endif
02939
printk(KERN_DEBUG
"rsbac_write_open(): called with NULL pointer!\n");
02940 }
02941
#endif
02942
return(-
RSBAC_EINVALIDPOINTER);
02943 }
02944
02945
02946 sb_p =
rsbac_get_super_block(kdev);
02947
if (!sb_p)
02948 {
02949
#ifdef CONFIG_RSBAC_RMSG
02950
rsbac_printk(KERN_WARNING
02951
"rsbac_write_open(): invalid device %02u:%02u\n",
02952 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02953
#endif
02954
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02955
if (!rsbac_nosyslog)
02956
#endif
02957
printk(KERN_WARNING
02958
"rsbac_write_open(): invalid device %02u:%02u\n",
02959 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02960
return (-
RSBAC_EINVALIDDEV);
02961 }
02962
if(!
writable(sb_p))
02963 {
02964
#ifdef CONFIG_RSBAC_DEBUG
02965
if (rsbac_debug_write)
02966 {
02967
#ifdef CONFIG_RSBAC_RMSG
02968
rsbac_printk(KERN_DEBUG
02969
"rsbac_write_open(): called for non-writable device\n");
02970
#endif
02971
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02972
if (!rsbac_nosyslog)
02973
#endif
02974
printk(KERN_DEBUG
02975
"rsbac_write_open(): called for non-writable device\n");
02976 }
02977
#endif
02978
err = -
RSBAC_ENOTWRITABLE;
02979
goto out;
02980 }
02981
02982
02983
02984
if ((tmperr =
lookup_aci_path_dentry(sb_p, &dir_dentry_p,
TRUE,
02985 kdev)))
02986 {
02987 err = tmperr;
02988
goto out;
02989 }
02990
02991
02992
02993 file_dentry_p =
rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02994
if (!file_dentry_p || IS_ERR(file_dentry_p))
02995 {
02996
#ifdef CONFIG_RSBAC_DEBUG
02997
if (rsbac_debug_write)
02998 {
02999
#ifdef CONFIG_RSBAC_RMSG
03000
rsbac_printk(KERN_DEBUG
03001
"rsbac_write_open(): lookup of %s returned error %li\n",
03002 name, PTR_ERR(file_dentry_p));
03003
#endif
03004
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03005
if (!rsbac_nosyslog)
03006
#endif
03007
printk(KERN_DEBUG
03008
"rsbac_write_open(): lookup of %s returned error %li\n",
03009 name, PTR_ERR(file_dentry_p));
03010 }
03011
#endif
03012
err = -
RSBAC_EWRITEFAILED;
03013
goto out;
03014 }
03015
03016
#if 1
03017
if (file_dentry_p->d_inode)
03018 {
03019
if ( !dir_dentry_p->d_inode->i_op
03020 || !dir_dentry_p->d_inode->i_op->rename)
03021 {
03022
#ifdef CONFIG_RSBAC_RMSG
03023
rsbac_printk(KERN_WARNING
03024
"rsbac_write_open(): File system supports no rename - no backup of %s made!",
03025 name);
03026
#endif
03027
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03028
if (!rsbac_nosyslog)
03029
#endif
03030
printk(KERN_WARNING
03031
"rsbac_write_open(): File system supports no rename - no backup of %s made!",
03032 name);
03033 }
03034
else
03035 {
03036
char * bname;
03037
int name_len = strlen(name);
03038
struct dentry * new_file_dentry_p =
NULL;
03039
struct dentry * old_dir_p, * new_dir_p;
03040
03041 bname =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
03042
if(!bname)
03043 {
03044 err = -
RSBAC_ENOMEM;
03045
goto out_dput;
03046 }
03047 strcpy(bname,name);
03048 bname[name_len] =
'b';
03049 bname[name_len+1] = (
char) 0;
03050 new_file_dentry_p =
rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname));
03051
if(new_file_dentry_p && !IS_ERR(new_file_dentry_p))
03052 {
03053
03054 old_dir_p = dget(file_dentry_p->d_parent);
03055 new_dir_p = dget(new_file_dentry_p->d_parent);
03056 double_lock(new_dir_p, old_dir_p);
03057
03058 DQUOT_INIT(old_dir_p->d_inode);
03059 DQUOT_INIT(new_dir_p->d_inode);
03060
03061
03062
03063
03064 err = dir_dentry_p->d_inode->i_op->rename(old_dir_p->d_inode,
03065 file_dentry_p,
03066 new_dir_p->d_inode,
03067 new_file_dentry_p);
03068
03069 double_unlock(new_dir_p, old_dir_p);
03070
if(err)
03071 {
03072
#ifdef CONFIG_RSBAC_RMSG
03073
rsbac_printk(KERN_WARNING
03074
"rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n",
03075 name,bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
03076
#endif
03077
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03078
if (!rsbac_nosyslog)
03079
#endif
03080
printk(KERN_WARNING
03081
"rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n",
03082 name,bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
03083 }
03084
else
03085 {
03086
03087
if (!(sb_p->s_type->fs_flags & FS_ODD_RENAME))
03088 d_move(file_dentry_p, new_file_dentry_p);
03089 inode_dir_notify(old_dir_p->d_inode, DN_RENAME);
03090 }
03091 dput(new_file_dentry_p);
03092 dput(file_dentry_p);
03093
03094 file_dentry_p =
rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
03095
if (!file_dentry_p || IS_ERR (file_dentry_p))
03096 {
03097
#ifdef CONFIG_RSBAC_DEBUG
03098
if (rsbac_debug_write)
03099 {
03100
#ifdef CONFIG_RSBAC_RMSG
03101
rsbac_printk(KERN_DEBUG
03102
"rsbac_write_open(): relookup of %s returned error %li\n",
03103 name, PTR_ERR(file_dentry_p));
03104
#endif
03105
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03106
if (!rsbac_nosyslog)
03107
#endif
03108
printk(KERN_DEBUG
03109
"rsbac_write_open(): relookup of %s returned error %li\n",
03110 name, PTR_ERR(file_dentry_p));
03111 }
03112
#endif
03113
err = -
RSBAC_EWRITEFAILED;
03114
goto out;
03115 }
03116
if (file_dentry_p->d_inode)
03117 {
03118
#ifdef CONFIG_RSBAC_RMSG
03119
rsbac_printk(KERN_WARNING
03120
"rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n",
03121 name, file_dentry_p->d_inode->i_ino);
03122
#endif
03123
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03124
if (!rsbac_nosyslog)
03125
#endif
03126
printk(KERN_WARNING
03127
"rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n",
03128 name, file_dentry_p->d_inode->i_ino);
03129
03130
if ( !dir_dentry_p->d_inode->i_op
03131 || !dir_dentry_p->d_inode->i_op->unlink)
03132 {
03133
#ifdef CONFIG_RSBAC_RMSG
03134
rsbac_printk(KERN_WARNING
03135
"rsbac_write_open(): File system supports no unlink - %s not deleted!",
03136 name);
03137
#endif
03138
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03139
if (!rsbac_nosyslog)
03140
#endif
03141
printk(KERN_WARNING
03142
"rsbac_write_open(): File system supports no unlink - %s not deleted!",
03143 name);
03144
rsbac_kfree(bname);
03145 err = -
RSBAC_EWRITEFAILED;
03146
goto out_dput;
03147 }
03148
else
03149 {
03150 old_dir_p = lock_parent(file_dentry_p);
03151
03152 DQUOT_INIT(old_dir_p->d_inode);
03153 err = -ENOENT;
03154
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
03155
if (
check_parent(old_dir_p, file_dentry_p))
03156 {
03157
#endif
03158
err = dir_dentry_p->d_inode->i_op->unlink(old_dir_p->d_inode,
03159 file_dentry_p);
03160
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
03161
}
03162
else
03163 {
03164
#ifdef CONFIG_RSBAC_RMSG
03165
rsbac_printk(KERN_WARNING
03166
"rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n",
03167 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
03168
#endif
03169
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03170
if (!rsbac_nosyslog)
03171
#endif
03172
printk(KERN_WARNING
03173
"rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n",
03174 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
03175 }
03176
#endif
03177
03178 unlock_dir(old_dir_p);
03179
03180 dput(file_dentry_p);
03181
if(err)
03182 {
03183
#ifdef CONFIG_RSBAC_RMSG
03184
rsbac_printk(KERN_WARNING
03185
"rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n",
03186 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
03187
#endif
03188
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03189
if (!rsbac_nosyslog)
03190
#endif
03191
printk(KERN_WARNING
03192
"rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n",
03193 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
03194 }
03195
03196 file_dentry_p =
rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
03197
if (!file_dentry_p || IS_ERR (file_dentry_p))
03198 {
03199
#ifdef CONFIG_RSBAC_DEBUG
03200
if (rsbac_debug_write)
03201 {
03202
#ifdef CONFIG_RSBAC_RMSG
03203
rsbac_printk(KERN_DEBUG
03204
"rsbac_write_open(): relookup of %s returned error %li\n",
03205 name, PTR_ERR(file_dentry_p));
03206
#endif
03207
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03208
if (!rsbac_nosyslog)
03209
#endif
03210
printk(KERN_DEBUG
03211
"rsbac_write_open(): relookup of %s returned error %li\n",
03212 name, PTR_ERR(file_dentry_p));
03213 }
03214
#endif
03215
rsbac_kfree(bname);
03216 err = -
RSBAC_EWRITEFAILED;
03217
goto out;
03218 }
03219
if (file_dentry_p->d_inode)
03220 {
03221
#ifdef CONFIG_RSBAC_RMSG
03222
rsbac_printk(KERN_WARNING
03223
"rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n",
03224 name, file_dentry_p->d_inode->i_ino);
03225
#endif
03226
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03227
if (!rsbac_nosyslog)
03228
#endif
03229
printk(KERN_WARNING
03230
"rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n",
03231 name, file_dentry_p->d_inode->i_ino);
03232
rsbac_kfree(bname);
03233 err = -
RSBAC_EWRITEFAILED;
03234
goto out_dput;
03235 }
03236 }
03237 }
03238 }
03239
else
03240 {
03241
#ifdef CONFIG_RSBAC_RMSG
03242
rsbac_printk(KERN_WARNING
03243
"rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n",
03244 bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), PTR_ERR(new_file_dentry_p));
03245
#endif
03246
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03247
if (!rsbac_nosyslog)
03248
#endif
03249
printk(KERN_WARNING
03250
"rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n",
03251 bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), PTR_ERR(new_file_dentry_p));
03252 }
03253
rsbac_kfree(bname);
03254 }
03255 }
03256
#endif
03257
03258
if(!file_dentry_p->d_inode)
03259 {
03260
03261
if ( !dir_dentry_p->d_inode->i_op
03262 || !dir_dentry_p->d_inode->i_op->create)
03263 {
03264
#ifdef CONFIG_RSBAC_RMSG
03265
rsbac_printk(KERN_WARNING
"%s\n",
03266
"rsbac_write_open(): File system supports no create!");
03267
#endif
03268
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03269
if (!rsbac_nosyslog)
03270
#endif
03271
printk(KERN_WARNING
"%s\n",
03272
"rsbac_write_open(): File system supports no create!");
03273 err = -
RSBAC_EWRITEFAILED;
03274
goto out_dput;
03275 }
03276
03277
03278 ldir_dentry_p = lock_parent(file_dentry_p);
03279
if(IS_ERR(ldir_dentry_p))
03280 {
03281
#ifdef CONFIG_RSBAC_DEBUG
03282
if (rsbac_debug_write)
03283 {
03284
#ifdef CONFIG_RSBAC_RMSG
03285
rsbac_printk(KERN_DEBUG
03286
"rsbac_write_open(): lock_parent of %s returned error %li\n",
03287 name, PTR_ERR(ldir_dentry_p));
03288
#endif
03289
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03290
if (!rsbac_nosyslog)
03291
#endif
03292
printk(KERN_DEBUG
03293
"rsbac_write_open(): lock_parent of %s returned error %li\n",
03294 name, PTR_ERR(ldir_dentry_p));
03295 }
03296
#endif
03297
err = -
RSBAC_EWRITEFAILED;
03298
goto out_dput;
03299 }
03300
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
03301
if (!
check_parent(ldir_dentry_p, file_dentry_p))
03302 {
03303
#ifdef CONFIG_RSBAC_DEBUG
03304
if (rsbac_debug_write)
03305 {
03306
#ifdef CONFIG_RSBAC_RMSG
03307
rsbac_printk(KERN_DEBUG
03308
"rsbac_write_open(): check_parent of %s returned error\n",
03309 name);
03310
#endif
03311
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03312
if (!rsbac_nosyslog)
03313
#endif
03314
printk(KERN_DEBUG
03315
"rsbac_write_open(): check_parent of %s returned error\n",
03316 name);
03317 }
03318
#endif
03319
unlock_dir(ldir_dentry_p);
03320 err = -
RSBAC_EWRITEFAILED;
03321
goto out_dput;
03322 }
03323
#endif
03324
03325
03326
03327
03328
03329 DQUOT_INIT(ldir_dentry_p->d_inode);
03330
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03331
err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode,
03332 file_dentry_p,
03333 RSBAC_ACI_FILE_MODE,
03334
NULL);
03335
#else
03336
err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode,
03337 file_dentry_p,
03338 RSBAC_ACI_FILE_MODE);
03339
#endif
03340
unlock_dir(ldir_dentry_p);
03341
03342
if (err)
03343 {
03344
goto out_dput;
03345 }
03346
03347 }
03348
03349
if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) )
03350 {
03351
#ifdef CONFIG_RSBAC_RMSG
03352
rsbac_printk(KERN_WARNING
03353
"rsbac_write_open(): expected file is not a file, mode is %o!\n",
03354 file_dentry_p->d_inode->i_mode);
03355
#endif
03356
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03357
if (!rsbac_nosyslog)
03358
#endif
03359
printk(KERN_WARNING
03360
"rsbac_write_open(): expected file is not a file, mode is %o!\n",
03361 file_dentry_p->d_inode->i_mode);
03362 err = -
RSBAC_EWRITEFAILED;
03363
goto out_dput;
03364 }
03365
03366
03367
if ((tmperr =
init_private_file(file_p, file_dentry_p,O_RDONLY)))
03368 {
03369
#ifdef CONFIG_RSBAC_RMSG
03370
rsbac_printk(KERN_WARNING
"rsbac_write_open(): could not init file!\n");
03371
#endif
03372
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03373
if (!rsbac_nosyslog)
03374
#endif
03375
printk(KERN_WARNING
"rsbac_write_open(): could not init file!\n");
03376 err = -
RSBAC_EWRITEFAILED;
03377
goto out_dput;
03378 }
03379
03380
03381
if ((!file_p->f_op) || (!file_p->f_op->write))
03382 {
03383
#ifdef CONFIG_RSBAC_RMSG
03384
rsbac_printk(KERN_WARNING
03385
"rsbac_write_open(): file write function missing!\n");
03386
#endif
03387
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03388
if (!rsbac_nosyslog)
03389
#endif
03390
printk(KERN_WARNING
03391
"rsbac_write_open(): file write function missing!\n");
03392
if(file_p->f_op && file_p->f_op->release)
03393 {
03394 file_p->f_op->release(file_dentry_p->d_inode, file_p);
03395 }
03396 err = -
RSBAC_EWRITEFAILED;
03397
goto out_dput;
03398 }
03399
03400
03401
03402
03403
03404
if (get_write_access(file_dentry_p->d_inode))
03405 {
03406
#ifdef CONFIG_RSBAC_RMSG
03407
rsbac_printk(KERN_WARNING
03408
"rsbac_write_open(): could not get write access!\n");
03409
#endif
03410
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03411
if (!rsbac_nosyslog)
03412
#endif
03413
printk(KERN_WARNING
03414
"rsbac_write_open(): could not get write access!\n");
03415
if (file_p->f_op->release)
03416 file_p->f_op->release(file_dentry_p->d_inode, file_p);
03417 err = -
RSBAC_EWRITEFAILED;
03418
goto out_dput;
03419 }
03420
03421
if(
rsbac_clear_file(file_dentry_p))
03422 {
03423
if (file_p->f_op->release)
03424 file_p->f_op->release(file_dentry_p->d_inode, file_p);
03425 put_write_access(file_dentry_p->d_inode);
03426
#ifdef CONFIG_RSBAC_RMSG
03427
rsbac_printk(KERN_WARNING
03428
"rsbac_write_open(): could not truncate!\n");
03429
#endif
03430
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03431
if (!rsbac_nosyslog)
03432
#endif
03433
printk(KERN_WARNING
03434
"rsbac_write_open(): could not truncate!\n");
03435 err = -
RSBAC_EWRITEFAILED;
03436
goto out_dput;
03437 }
03438
03439 file_p->f_flags |= O_SYNC;
03440
03441 out:
03442
return err;
03443
03444 out_dput:
03445 dput(file_dentry_p);
03446
goto out;
03447 }
03448
03449
03450
#if defined(CONFIG_RSBAC_REG)
03451
EXPORT_SYMBOL(rsbac_read_close);
03452
#endif
03453 void rsbac_read_close(
struct file * file_p)
03454 {
03455
03456
struct dentry * dentry = file_p->f_dentry;
03457
struct inode * inode = dentry->d_inode;
03458
03459
if (file_p->f_op && file_p->f_op->release)
03460 file_p->f_op->release(inode, file_p);
03461 file_p->f_dentry =
NULL;
03462
if (file_p->f_mode & FMODE_WRITE)
03463 put_write_access(inode);
03464 dput(dentry);
03465 }
03466
03467
#if defined(CONFIG_RSBAC_REG)
03468
EXPORT_SYMBOL(rsbac_write_close);
03469
#endif
03470 void rsbac_write_close(
struct file * file_p)
03471 {
03472
rsbac_read_close(file_p);
03473 }
03474
03475
#if defined(CONFIG_RSBAC_REG)
03476
EXPORT_SYMBOL(rsbac_get_full_path);
03477
#endif
03478 int rsbac_get_full_path(
struct dentry * dentry_p,
char path[],
int maxlen)
03479 {
03480
int len=0;
03481
char * i_path;
03482
int tmplen=0;
03483
03484
if(!dentry_p || !path)
03485
return -
RSBAC_EINVALIDPOINTER;
03486
if(maxlen <= 0)
03487
return -
RSBAC_EINVALIDVALUE;
03488 i_path =
rsbac_kmalloc(maxlen +
RSBAC_MAXNAMELEN);
03489
if(!i_path)
03490
return -
RSBAC_ENOMEM;
03491
03492 path[0] = 0;
03493
03494
while(dentry_p && (len<maxlen) && dentry_p->d_name.len && dentry_p->d_name.name)
03495 {
03496 tmplen = dentry_p->d_name.len;
03497
if((tmplen+1) > (maxlen-len))
03498 {
03499
rsbac_kfree(i_path);
03500
return(len);
03501 }
03502 strncpy(i_path, dentry_p->d_name.name, tmplen);
03503
if(len && (i_path[tmplen-1] !=
'/'))
03504 {
03505 i_path[tmplen] =
'/';
03506 tmplen++;
03507 }
03508 i_path[tmplen]=0;
03509 strcat(i_path, path);
03510 strcpy(path, i_path);
03511 len += tmplen;
03512
if( dentry_p->d_parent
03513 && (dentry_p->d_parent != dentry_p)
03514 && (dentry_p->d_sb->s_root != dentry_p)
03515 )
03516 dentry_p = dentry_p->d_parent;
03517
else
03518 {
03519
struct rsbac_device_list_item_t * device_p;
03520
03521 device_p =
lookup_device(dentry_p->d_sb->s_dev);
03522
if( device_p
03523 && device_p->d_covers
03524 )
03525 dentry_p = device_p->d_covers;
03526
else
03527
break;
03528 }
03529 }
03530
rsbac_kfree(i_path);
03531
return(len);
03532 };
03533
03534
#if defined(CONFIG_RSBAC_REG)
03535
EXPORT_SYMBOL(rsbac_get_full_path_length);
03536
#endif
03537 int rsbac_get_full_path_length(
struct dentry * dentry_p)
03538 {
03539
int len=0;
03540
int tmplen=0;
03541
03542
if(!dentry_p)
03543
return -
RSBAC_EINVALIDPOINTER;
03544
03545
while(dentry_p && dentry_p->d_name.len && dentry_p->d_name.name)
03546 {
03547 tmplen = dentry_p->d_name.len;
03548
if(len && (dentry_p->d_name.name[tmplen-1] !=
'/'))
03549 {
03550 tmplen++;
03551 }
03552 len += tmplen;
03553
if( dentry_p->d_parent
03554 && (dentry_p->d_parent != dentry_p)
03555 && (dentry_p->d_sb->s_root != dentry_p)
03556 )
03557 dentry_p = dentry_p->d_parent;
03558
else
03559 {
03560
struct rsbac_device_list_item_t * device_p;
03561
03562 device_p =
lookup_device(dentry_p->d_sb->s_dev);
03563
if( device_p
03564 && device_p->d_covers
03565 )
03566 dentry_p = device_p->d_covers;
03567
else
03568
break;
03569 }
03570 }
03571
return(len);
03572 };
03573
03574
03575
03576
03577
03578
#if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
03579
static int
03580 devices_proc_info(
char *buffer,
char **start, off_t offset,
int length)
03581 {
03582
int len = 0;
03583 off_t pos = 0;
03584 off_t begin = 0;
03585
struct rsbac_device_list_item_t * device_p;
03586 u_long dflags;
03587
03588
if (!
rsbac_initialized)
return (-ENOSYS);
03589
03590 len += sprintf(buffer,
"%u RSBAC Devices\n---------------\n",
03591
device_list_head.count);
03592
03593
03594 rsbac_read_lock(&
device_list_head.lock, &dflags);
03595
03596
for (device_p =
device_list_head.head; device_p; device_p = device_p->next)
03597 {
03598
if(device_p->sb_p && device_p->sb_p->s_type && device_p->sb_p->s_type->name)
03599 len += sprintf(buffer + len,
"%02u:%02u with mount_count = %u, d_covers = %p, fs_type = %s\n",
03600 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
03601 device_p->mount_count,
03602 device_p->d_covers,
03603 device_p->sb_p->s_type->name);
03604
else
03605 len += sprintf(buffer + len,
"%02u:%02u with mount_count = %u, d_covers = %p\n",
03606 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
03607 device_p->mount_count,
03608 device_p->d_covers);
03609 pos = begin + len;
03610
if (pos < offset)
03611 {
03612 len = 0;
03613 begin = pos;
03614 }
03615
if (pos > offset+length)
break;
03616 }
03617
03618
03619 rsbac_read_unlock(&
device_list_head.lock, &dflags);
03620
03621 *start = buffer + (offset - begin);
03622 len -= (offset - begin);
03623
03624
if (len > length)
03625 len = length;
03626
return len;
03627 }
03628
03629
static int
03630 stats_proc_info(
char *buffer,
char **start, off_t offset,
int length)
03631 {
03632 u_int len = 0;
03633 off_t pos = 0;
03634 off_t begin = 0;
03635
struct rsbac_device_list_item_t * device_p;
03636
int i;
03637 u_long fd_count, fd_dev_count, fd_sum = 0;
03638 u_long sum = 0;
03639 u_long total_sum = 0;
03640
long tmp_count;
03641 u_long dflags;
03642
03643
union rsbac_target_id_t rsbac_target_id;
03644
union rsbac_attribute_value_t rsbac_attribute_value;
03645
03646
if (!
rsbac_initialized)
return (-ENOSYS);
03647
03648
#ifdef CONFIG_RSBAC_DEBUG
03649
if (rsbac_debug_aef)
03650 {
03651
#ifdef CONFIG_RSBAC_RMSG
03652
rsbac_printk(KERN_DEBUG
"stats_proc_info(): calling ADF\n");
03653
#endif
03654
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03655
if (!rsbac_nosyslog)
03656
#endif
03657
printk(KERN_DEBUG
"stats_proc_info(): calling ADF\n");
03658 }
03659
#endif
03660
rsbac_target_id.
scd =
ST_rsbac;
03661 rsbac_attribute_value.
dummy = 0;
03662
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
03663 current->pid,
03664 T_SCD,
03665 rsbac_target_id,
03666 A_none,
03667 rsbac_attribute_value))
03668 {
03669
return -EPERM;
03670 }
03671
03672
#ifdef CONFIG_RSBAC_MAINT
03673
len = sprintf(buffer,
"RSBAC Status\n------------\nRSBAC Version: %s (Maintenance Mode)\nSupported Modules:%s\n",
03674 RSBAC_VERSION, compiled_modules);
03675
#else
03676
len = sprintf(buffer,
"RSBAC Status\n------------\nRSBAC Version: %s\nCompiled Modules:%s\n",
03677 RSBAC_VERSION, compiled_modules);
03678
#endif
03679
pos = begin + len;
03680
if (pos < offset)
03681 {
03682 len = 0;
03683 begin = pos;
03684 }
03685
if (pos > offset+length)
03686
goto out;
03687
03688
#ifdef CONFIG_RSBAC_SWITCH
03689
{
03690
char * active_modules;
03691
03692 active_modules =
rsbac_kmalloc(RSBAC_MAXNAMELEN);
03693
if(active_modules)
03694 {
03695 active_modules[0] = (
char) 0;
03696
#ifdef CONFIG_RSBAC_REG
03697
strcat(active_modules,
" REG");
03698
#endif
03699
#ifdef CONFIG_RSBAC_MAC
03700
if(rsbac_switch_mac)
03701
#ifdef CONFIG_RSBAC_MAC_LIGHT
03702
strcat(active_modules,
" MAC-L");
03703
#else
03704
strcat(active_modules,
" MAC");
03705
#endif
03706
#endif
03707
#ifdef CONFIG_RSBAC_FC
03708
if(rsbac_switch_fc)
03709 strcat(active_modules,
" FC");
03710
#endif
03711
#ifdef CONFIG_RSBAC_SIM
03712
if(rsbac_switch_sim)
03713 strcat(active_modules,
" SIM");
03714
#endif
03715
#ifdef CONFIG_RSBAC_PM
03716
if(rsbac_switch_pm)
03717 strcat(active_modules,
" PM");
03718
#endif
03719
#ifdef CONFIG_RSBAC_DAZ
03720
if(rsbac_switch_daz)
03721 strcat(active_modules,
" DAZ");
03722
#endif
03723
#ifdef CONFIG_RSBAC_FF
03724
if(rsbac_switch_ff)
03725 strcat(active_modules,
" FF");
03726
#endif
03727
#ifdef CONFIG_RSBAC_RC
03728
if(rsbac_switch_rc)
03729 strcat(active_modules,
" RC");
03730
#endif
03731
#ifdef CONFIG_RSBAC_AUTH
03732
if(rsbac_switch_auth)
03733 strcat(active_modules,
" AUTH");
03734
#endif
03735
#ifdef CONFIG_RSBAC_ACL
03736
if(rsbac_switch_acl)
03737 strcat(active_modules,
" ACL");
03738
#endif
03739
#ifdef CONFIG_RSBAC_CAP
03740
if(rsbac_switch_cap)
03741 strcat(active_modules,
" CAP");
03742
#endif
03743
#ifdef CONFIG_RSBAC_JAIL
03744
if(rsbac_switch_jail)
03745 strcat(active_modules,
" JAIL");
03746
#endif
03747
#ifdef CONFIG_RSBAC_RES
03748
if(rsbac_switch_res)
03749 strcat(active_modules,
" RES");
03750
#endif
03751
#ifdef CONFIG_RSBAC_PAX
03752
if(rsbac_switch_pax)
03753 strcat(active_modules,
" PAX");
03754
#endif
03755
len += sprintf(buffer+len,
"Active Modules: %s\n",
03756 active_modules);
03757
rsbac_kfree(active_modules);
03758 pos = begin + len;
03759
if (pos < offset)
03760 {
03761 len = 0;
03762 begin = pos;
03763 }
03764
if (pos > offset+length)
03765
goto out;
03766 }
03767 }
03768
#else
03769
len += sprintf(buffer+len,
"All modules active (no switching)\n");
03770 pos = begin + len;
03771
if (pos < offset)
03772 {
03773 len = 0;
03774 begin = pos;
03775 }
03776
if (pos > offset+length)
03777
goto out;
03778
#endif
03779
03780
#ifdef CONFIG_RSBAC_SOFTMODE
03781
if(rsbac_softmode)
03782 {
03783
#ifdef CONFIG_RSBAC_SOFTMODE_IND
03784
len += sprintf(buffer+len,
"Global softmode is enabled\n");
03785
#else
03786
len += sprintf(buffer+len,
"Softmode is enabled\n");
03787
#endif
03788
pos = begin + len;
03789
if (pos < offset)
03790 {
03791 len = 0;
03792 begin = pos;
03793 }
03794
if (pos > offset+length)
03795
goto out;
03796 }
03797
else
03798 {
03799
#ifdef CONFIG_RSBAC_SOFTMODE_IND
03800
len += sprintf(buffer+len,
"Global softmode is disabled\n");
03801
#else
03802
len += sprintf(buffer+len,
"Softmode is disabled\n");
03803
#endif
03804
pos = begin + len;
03805
if (pos < offset)
03806 {
03807 len = 0;
03808 begin = pos;
03809 }
03810
if (pos > offset+length)
03811
goto out;
03812 }
03813
#ifdef CONFIG_RSBAC_SOFTMODE_IND
03814
{
03815
char * tmp;
03816
03817 tmp =
rsbac_kmalloc(RSBAC_MAXNAMELEN);
03818
if(tmp)
03819 {
03820 len += sprintf(buffer+len,
"Individual softmode enabled for:");
03821
for(i=0; i<=
RSBAC_MAX_MOD; i++)
03822
if(rsbac_ind_softmode[i])
03823 len += sprintf(buffer+len,
" %s",
get_switch_target_name(tmp, i));
03824
rsbac_kfree(tmp);
03825 len += sprintf(buffer+len,
"\n");
03826 pos = begin + len;
03827
if (pos < offset)
03828 {
03829 len = 0;
03830 begin = pos;
03831 }
03832
if (pos > offset+length)
03833
goto out;
03834 }
03835 }
03836
#endif
03837
#endif
03838
03839 len += sprintf(buffer+len,
"\n");
03840
03841
03842 rsbac_read_lock(&
device_list_head.lock, &dflags);
03843
03844 device_p =
device_list_head.head;
03845
if(device_p)
03846 len += sprintf(buffer + len,
"FD items:\n");
03847
while (device_p)
03848 {
03849 fd_dev_count = 0;
03850
03851 fd_count = 0;
03852
for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
03853 {
03854 tmp_count =
rsbac_list_count(device_p->handles.gen[i]);
03855
if(tmp_count > 0)
03856 fd_count+=tmp_count;
03857 };
03858 len += sprintf(buffer + len,
"Dev %02u:%02u: %lu GEN",
03859 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
03860 fd_dev_count += fd_count;
03861
03862
#if defined(CONFIG_RSBAC_MAC)
03863
fd_count = 0;
03864
for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
03865 {
03866 tmp_count =
rsbac_list_count(device_p->handles.mac[i]);
03867
if(tmp_count > 0)
03868 fd_count+=tmp_count;
03869 };
03870 len += sprintf(buffer + len,
", %lu MAC",
03871 fd_count);
03872 fd_dev_count += fd_count;
03873
#endif
03874
03875
#if defined(CONFIG_RSBAC_FC)
03876
fd_count = 0;
03877
for (i=0; i < RSBAC_FC_NR_FD_LISTS; i++)
03878 {
03879 tmp_count =
rsbac_list_count(device_p->handles.fc[i]);
03880
if(tmp_count > 0)
03881 fd_count+=tmp_count;
03882 };
03883 len += sprintf(buffer + len,
", %lu FC",
03884 fd_count);
03885 fd_dev_count += fd_count;
03886
#endif
03887
03888
#if defined(CONFIG_RSBAC_SIM)
03889
fd_count = 0;
03890
for (i=0; i < RSBAC_SIM_NR_FD_LISTS; i++)
03891 {
03892 tmp_count =
rsbac_list_count(device_p->handles.sim[i]);
03893
if(tmp_count > 0)
03894 fd_count+=tmp_count;
03895 };
03896 len += sprintf(buffer + len,
", %lu SIM",
03897 fd_count);
03898 fd_dev_count += fd_count;
03899
#endif
03900
03901
#if defined(CONFIG_RSBAC_PM)
03902
fd_count = 0;
03903
for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
03904 {
03905 tmp_count =
rsbac_list_count(device_p->handles.pm[i]);
03906
if(tmp_count > 0)
03907 fd_count+=tmp_count;
03908 };
03909 len += sprintf(buffer + len,
", %lu PM",
03910 fd_count);
03911 fd_dev_count += fd_count;
03912
#endif
03913
03914
#if defined(CONFIG_RSBAC_DAZ)
03915
fd_count = 0;
03916
for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
03917 {
03918 tmp_count =
rsbac_list_count(device_p->handles.daz[i]);
03919
if(tmp_count > 0)
03920 fd_count+=tmp_count;
03921 };
03922 len += sprintf(buffer + len,
", %lu DAZ",
03923 fd_count);
03924 fd_dev_count += fd_count;
03925
#if defined(CONFIG_RSBAC_DAZ_CACHE)
03926
fd_count = 0;
03927
for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
03928 {
03929 tmp_count =
rsbac_list_count(device_p->handles.dazs[i]);
03930
if(tmp_count > 0)
03931 fd_count+=tmp_count;
03932 };
03933 len += sprintf(buffer + len,
", %lu DAZ_SCANNED",
03934 fd_count);
03935 fd_dev_count += fd_count;
03936
#endif
03937
#endif
03938
03939
#if defined(CONFIG_RSBAC_FF)
03940
fd_count = 0;
03941
for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
03942 {
03943 tmp_count =
rsbac_list_count(device_p->handles.ff[i]);
03944
if(tmp_count > 0)
03945 fd_count+=tmp_count;
03946 };
03947 len += sprintf(buffer + len,
", %lu FF",
03948 fd_count);
03949 fd_dev_count += fd_count;
03950
#endif
03951
03952
#if defined(CONFIG_RSBAC_RC)
03953
fd_count = 0;
03954
for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
03955 {
03956 tmp_count =
rsbac_list_count(device_p->handles.rc[i]);
03957
if(tmp_count > 0)
03958 fd_count+=tmp_count;
03959 };
03960 len += sprintf(buffer + len,
", %lu RC",
03961 fd_count);
03962 fd_dev_count += fd_count;
03963
#endif
03964
03965
#if defined(CONFIG_RSBAC_AUTH)
03966
fd_count = 0;
03967
for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
03968 {
03969 tmp_count =
rsbac_list_count(device_p->handles.auth[i]);
03970
if(tmp_count > 0)
03971 fd_count+=tmp_count;
03972 };
03973 len += sprintf(buffer + len,
", %lu AUTH",
03974 fd_count);
03975 fd_dev_count += fd_count;
03976
#endif
03977
03978
#if defined(CONFIG_RSBAC_CAP)
03979
fd_count = 0;
03980
for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
03981 {
03982 tmp_count =
rsbac_list_count(device_p->handles.cap[i]);
03983
if(tmp_count > 0)
03984 fd_count+=tmp_count;
03985 };
03986 len += sprintf(buffer + len,
", %lu CAP",
03987 fd_count);
03988 fd_dev_count += fd_count;
03989
#endif
03990
03991
#if defined(CONFIG_RSBAC_RES)
03992
fd_count = 0;
03993
for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
03994 {
03995 tmp_count =
rsbac_list_count(device_p->handles.res[i]);
03996
if(tmp_count > 0)
03997 fd_count+=tmp_count;
03998 };
03999 len += sprintf(buffer + len,
", %lu RES",
04000 fd_count);
04001 fd_dev_count += fd_count;
04002
#endif
04003
04004
#if defined(CONFIG_RSBAC_PAX)
04005
fd_count = 0;
04006
for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
04007 {
04008 tmp_count =
rsbac_list_count(device_p->handles.pax[i]);
04009
if(tmp_count > 0)
04010 fd_count+=tmp_count;
04011 };
04012 len += sprintf(buffer + len,
", %lu PAX",
04013 fd_count);
04014 fd_dev_count += fd_count;
04015
#endif
04016
04017 len += sprintf(buffer + len,
", %lu total\n",
04018 fd_dev_count);
04019 pos = begin + len;
04020
if (pos < offset)
04021 {
04022 len = 0;
04023 begin = pos;
04024 }
04025
if (pos > offset+length)
04026 {
04027
04028 rsbac_read_unlock(&
device_list_head.lock, &dflags);
04029
goto out;
04030 }
04031 fd_sum += fd_dev_count;
04032 device_p = device_p->next;
04033 };
04034 len += sprintf(buffer + len,
"Sum of %u Devices with %lu fd-items\n\n",
04035
device_list_head.count, fd_sum);
04036 total_sum += fd_sum;
04037
04038 rsbac_read_unlock(&
device_list_head.lock, &dflags);
04039 pos = begin + len;
04040
if (pos < offset)
04041 {
04042 len = 0;
04043 begin = pos;
04044 }
04045
if (pos > offset+length)
04046
goto out;
04047
04048
04049 sum = 0;
04050 tmp_count =
rsbac_list_count(
dev_handles.gen);
04051 len += sprintf(buffer + len,
"DEV: %lu GEN",
04052 tmp_count);
04053 sum += tmp_count;
04054
#if defined(CONFIG_RSBAC_MAC)
04055
tmp_count =
rsbac_list_count(
dev_handles.mac);
04056 len += sprintf(buffer + len,
", %lu MAC",
04057 tmp_count);
04058 sum += tmp_count;
04059
#endif
04060
#if defined(CONFIG_RSBAC_FC)
04061
tmp_count =
rsbac_list_count(
dev_handles.fc);
04062 len += sprintf(buffer + len,
", %lu FC",
04063 tmp_count);
04064 sum += tmp_count;
04065
#endif
04066
#if defined(CONFIG_RSBAC_SIM)
04067
tmp_count =
rsbac_list_count(
dev_handles.sim);
04068 len += sprintf(buffer + len,
", %lu SIM",
04069 tmp_count);
04070 sum += tmp_count;
04071
#endif
04072
#if defined(CONFIG_RSBAC_PM)
04073
tmp_count =
rsbac_list_count(
dev_handles.pm);
04074 len += sprintf(buffer + len,
", %lu PM",
04075 tmp_count);
04076 sum += tmp_count;
04077
#endif
04078
#if defined(CONFIG_RSBAC_RC)
04079
tmp_count =
rsbac_list_count(
dev_handles.rc);
04080 len += sprintf(buffer + len,
", %lu RC",
04081 tmp_count);
04082 sum += tmp_count;
04083
#endif
04084
len += sprintf(buffer + len,
", %lu total\n",
04085 sum);
04086 total_sum += sum;
04087 pos = begin + len;
04088
if (pos < offset)
04089 {
04090 len = 0;
04091 begin = pos;
04092 }
04093
if (pos > offset+length)
04094
goto out;
04095
04096
04097 sum = 0;
04098 len += sprintf(buffer + len,
"IPC: 0 GEN");
04099
#if defined(CONFIG_RSBAC_MAC)
04100
tmp_count =
rsbac_list_count(
ipc_handles.mac);
04101 len += sprintf(buffer + len,
", %lu MAC",
04102 tmp_count);
04103 sum += tmp_count;
04104
#endif
04105
#if defined(CONFIG_RSBAC_FC)
04106
tmp_count =
rsbac_list_count(
ipc_handles.fc);
04107 len += sprintf(buffer + len,
", %lu FC",
04108 tmp_count);
04109 sum += tmp_count;
04110
#endif
04111
#if defined(CONFIG_RSBAC_SIM)
04112
tmp_count =
rsbac_list_count(
ipc_handles.sim);
04113 len += sprintf(buffer + len,
", %lu SIM",
04114 tmp_count);
04115 sum += tmp_count;
04116
#endif
04117
#if defined(CONFIG_RSBAC_PM)
04118
tmp_count =
rsbac_list_count(
ipc_handles.pm);
04119 len += sprintf(buffer + len,
", %lu PM",
04120 tmp_count);
04121 sum += tmp_count;
04122
#endif
04123
#if defined(CONFIG_RSBAC_RC)
04124
tmp_count =
rsbac_list_count(
ipc_handles.rc);
04125 len += sprintf(buffer + len,
", %lu RC",
04126 tmp_count);
04127 sum += tmp_count;
04128
#endif
04129
#if defined(CONFIG_RSBAC_JAIL)
04130
tmp_count =
rsbac_list_count(
ipc_handles.jail);
04131 len += sprintf(buffer + len,
", %lu JAIL",
04132 tmp_count);
04133 sum += tmp_count;
04134
#endif
04135
len += sprintf(buffer + len,
", %lu total\n",
04136 sum);
04137 total_sum += sum;
04138 pos = begin + len;
04139
if (pos < offset)
04140 {
04141 len = 0;
04142 begin = pos;
04143 }
04144
if (pos > offset+length)
04145
goto out;
04146
04147
04148 sum = 0;
04149 tmp_count =
rsbac_list_count(
user_handles.gen);
04150 len += sprintf(buffer + len,
"USER: %lu GEN",
04151 tmp_count);
04152 sum += tmp_count;
04153
#if defined(CONFIG_RSBAC_MAC)
04154
tmp_count =
rsbac_list_count(
user_handles.mac);
04155 len += sprintf(buffer + len,
", %lu MAC",
04156 tmp_count);
04157 sum += tmp_count;
04158
#endif
04159
#if defined(CONFIG_RSBAC_FC)
04160
tmp_count =
rsbac_list_count(
user_handles.fc);
04161 len += sprintf(buffer + len,
", %lu FC",
04162 tmp_count);
04163 sum += tmp_count;
04164
#endif
04165
#if defined(CONFIG_RSBAC_SIM)
04166
tmp_count =
rsbac_list_count(
user_handles.sim);
04167 len += sprintf(buffer + len,
", %lu SIM",
04168 tmp_count);
04169 sum += tmp_count;
04170
#endif
04171
#if defined(CONFIG_RSBAC_PM)
04172
tmp_count =
rsbac_list_count(
user_handles.pm);
04173 len += sprintf(buffer + len,
", %lu PM",
04174 tmp_count);
04175 sum += tmp_count;
04176
#endif
04177
#if defined(CONFIG_RSBAC_DAZ)
04178
tmp_count =
rsbac_list_count(
user_handles.daz);
04179 len += sprintf(buffer + len,
", %lu DAZ",
04180 tmp_count);
04181 sum += tmp_count;
04182
#endif
04183
#if defined(CONFIG_RSBAC_FF)
04184
tmp_count =
rsbac_list_count(
user_handles.ff);
04185 len += sprintf(buffer + len,
", %lu FF",
04186 tmp_count);
04187 sum += tmp_count;
04188
#endif
04189
#if defined(CONFIG_RSBAC_RC)
04190
tmp_count =
rsbac_list_count(
user_handles.rc);
04191 len += sprintf(buffer + len,
", %lu RC",
04192 tmp_count);
04193 sum += tmp_count;
04194
#endif
04195
#if defined(CONFIG_RSBAC_AUTH)
04196
tmp_count =
rsbac_list_count(
user_handles.auth);
04197 len += sprintf(buffer + len,
", %lu AUTH",
04198 tmp_count);
04199 sum += tmp_count;
04200
#endif
04201
#if defined(CONFIG_RSBAC_CAP)
04202
tmp_count =
rsbac_list_count(
user_handles.cap);
04203 len += sprintf(buffer + len,
", %lu CAP",
04204 tmp_count);
04205 sum += tmp_count;
04206
#endif
04207
#if defined(CONFIG_RSBAC_JAIL)
04208
tmp_count =
rsbac_list_count(
user_handles.jail);
04209 len += sprintf(buffer + len,
", %lu JAIL",
04210 tmp_count);
04211 sum += tmp_count;
04212
#endif
04213
#if defined(CONFIG_RSBAC_RES)
04214
tmp_count =
rsbac_list_count(
user_handles.res);
04215 len += sprintf(buffer + len,
", %lu RES",
04216 tmp_count);
04217 sum += tmp_count;
04218
#endif
04219
#if defined(CONFIG_RSBAC_PAX)
04220
tmp_count =
rsbac_list_count(
user_handles.pax);
04221 len += sprintf(buffer + len,
", %lu PAX",
04222 tmp_count);
04223 sum += tmp_count;
04224
#endif
04225
len += sprintf(buffer + len,
", %lu total\n",
04226 sum);
04227 total_sum += sum;
04228 pos = begin + len;
04229
if (pos < offset)
04230 {
04231 len = 0;
04232 begin = pos;
04233 }
04234
if (pos > offset+length)
04235
goto out;
04236
04237
04238 sum = 0;
04239 tmp_count =
rsbac_list_count(
process_handles.gen);
04240 len += sprintf(buffer + len,
"PROCESS: %lu GEN",
04241 tmp_count);
04242 sum += tmp_count;
04243
#if defined(CONFIG_RSBAC_MAC)
04244
tmp_count = 0;
04245
for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
04246 tmp_count +=
rsbac_list_count(
process_handles.mac[i]);
04247 len += sprintf(buffer + len,
", %lu MAC",
04248 tmp_count);
04249 sum += tmp_count;
04250
#endif
04251
#if defined(CONFIG_RSBAC_PM)
04252
tmp_count =
rsbac_list_count(
process_handles.pm);
04253 len += sprintf(buffer + len,
", %lu PM",
04254 tmp_count);
04255 sum += tmp_count;
04256
#endif
04257
#if defined(CONFIG_RSBAC_DAZ)
04258
tmp_count =
rsbac_list_count(
process_handles.daz);
04259 len += sprintf(buffer + len,
", %lu DAZ",
04260 tmp_count);
04261 sum += tmp_count;
04262
#endif
04263
#if defined(CONFIG_RSBAC_RC)
04264
tmp_count = 0;
04265
for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
04266 tmp_count +=
rsbac_list_count(
process_handles.rc[i]);
04267 len += sprintf(buffer + len,
", %lu RC",
04268 tmp_count);
04269 sum += tmp_count;
04270
#endif
04271
#if defined(CONFIG_RSBAC_AUTH)
04272
tmp_count =
rsbac_list_count(
process_handles.auth);
04273 len += sprintf(buffer + len,
", %lu AUTH",
04274 tmp_count);
04275 sum += tmp_count;
04276
#endif
04277
#if defined(CONFIG_RSBAC_CAP)
04278
tmp_count =
rsbac_list_count(
process_handles.cap);
04279 len += sprintf(buffer + len,
", %lu CAP",
04280 tmp_count);
04281 sum += tmp_count;
04282
#endif
04283
#if defined(CONFIG_RSBAC_JAIL)
04284
tmp_count = 0;
04285
for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
04286 tmp_count +=
rsbac_list_count(
process_handles.jail[i]);
04287 len += sprintf(buffer + len,
", %lu JAIL",
04288 tmp_count);
04289 sum += tmp_count;
04290
#endif
04291
len += sprintf(buffer + len,
", %lu total\n",
04292 sum);
04293 total_sum += sum;
04294 pos = begin + len;
04295
if (pos < offset)
04296 {
04297 len = 0;
04298 begin = pos;
04299 }
04300
if (pos > offset+length)
04301
goto out;
04302
04303
#if defined(CONFIG_RSBAC_NET_DEV)
04304
04305 sum = 0;
04306
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
04307
tmp_count =
rsbac_list_count(netdev_handles.gen);
04308 len += sprintf(buffer + len,
"NETDEV: %lu GEN, ",
04309 tmp_count);
04310 sum += tmp_count;
04311
#else
04312
len += sprintf(buffer + len,
"NETDEV: ");
04313
#endif
04314
#if defined(CONFIG_RSBAC_RC)
04315
tmp_count =
rsbac_list_count(netdev_handles.rc);
04316 len += sprintf(buffer + len,
"%lu RC, ",
04317 tmp_count);
04318 sum += tmp_count;
04319
#endif
04320
len += sprintf(buffer + len,
"%lu total\n",
04321 sum);
04322 total_sum += sum;
04323 pos = begin + len;
04324
if (pos < offset)
04325 {
04326 len = 0;
04327 begin = pos;
04328 }
04329
if (pos > offset+length)
04330
goto out;
04331
04332
#endif
04333
04334
#if defined(CONFIG_RSBAC_NET_OBJ)
04335
04336 tmp_count =
rsbac_list_count(net_temp_handle);
04337 len += sprintf(buffer + len,
"%lu Network Templates\n",
04338 tmp_count);
04339
04340
04341 sum = 0;
04342
#if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
04343
tmp_count =
rsbac_list_count(nettemp_handles.gen);
04344 len += sprintf(buffer + len,
"NETTEMP: %lu GEN, ",
04345 tmp_count);
04346 sum += tmp_count;
04347
#else
04348
len += sprintf(buffer + len,
"NETTEMP: ");
04349
#endif
04350
#if defined(CONFIG_RSBAC_MAC)
04351
tmp_count =
rsbac_list_count(nettemp_handles.mac);
04352 len += sprintf(buffer + len,
"%lu MAC, ",
04353 tmp_count);
04354 sum += tmp_count;
04355
#endif
04356
#if defined(CONFIG_RSBAC_FC)
04357
tmp_count =
rsbac_list_count(nettemp_handles.fc);
04358 len += sprintf(buffer + len,
"%lu FC, ",
04359 tmp_count);
04360 sum += tmp_count;
04361
#endif
04362
#if defined(CONFIG_RSBAC_SIM)
04363
tmp_count =
rsbac_list_count(nettemp_handles.sim);
04364 len += sprintf(buffer + len,
"%lu SIM, ",
04365 tmp_count);
04366 sum += tmp_count;
04367
#endif
04368
#if defined(CONFIG_RSBAC_PM)
04369
tmp_count =
rsbac_list_count(nettemp_handles.pm);
04370 len += sprintf(buffer + len,
"%lu PM, ",
04371 tmp_count);
04372 sum += tmp_count;
04373
#endif
04374
#if defined(CONFIG_RSBAC_RC)
04375
tmp_count =
rsbac_list_count(nettemp_handles.rc);
04376 len += sprintf(buffer + len,
"%lu RC, ",
04377 tmp_count);
04378 sum += tmp_count;
04379
#endif
04380
len += sprintf(buffer + len,
"%lu total\n",
04381 sum);
04382 total_sum += sum;
04383 pos = begin + len;
04384
if (pos < offset)
04385 {
04386 len = 0;
04387 begin = pos;
04388 }
04389
if (pos > offset+length)
04390
goto out;
04391
04392
04393 sum = 0;
04394 len += sprintf(buffer + len,
"LNETOBJ: ");
04395
#if defined(CONFIG_RSBAC_MAC)
04396
tmp_count =
rsbac_list_count(lnetobj_handles.mac);
04397 len += sprintf(buffer + len,
"%lu MAC, ",
04398 tmp_count);
04399 sum += tmp_count;
04400
#endif
04401
#if defined(CONFIG_RSBAC_FC)
04402
tmp_count =
rsbac_list_count(lnetobj_handles.fc);
04403 len += sprintf(buffer + len,
"%lu FC, ",
04404 tmp_count);
04405 sum += tmp_count;
04406
#endif
04407
#if defined(CONFIG_RSBAC_SIM)
04408
tmp_count =
rsbac_list_count(lnetobj_handles.sim);
04409 len += sprintf(buffer + len,
"%lu SIM, ",
04410 tmp_count);
04411 sum += tmp_count;
04412
#endif
04413
#if defined(CONFIG_RSBAC_PM)
04414
tmp_count =
rsbac_list_count(lnetobj_handles.pm);
04415 len += sprintf(buffer + len,
"%lu PM, ",
04416 tmp_count);
04417 sum += tmp_count;
04418
#endif
04419
#if defined(CONFIG_RSBAC_RC)
04420
tmp_count =
rsbac_list_count(lnetobj_handles.rc);
04421 len += sprintf(buffer + len,
"%lu RC, ",
04422 tmp_count);
04423 sum += tmp_count;
04424
#endif
04425
len += sprintf(buffer + len,
"%lu total\n",
04426 sum);
04427 total_sum += sum;
04428 pos = begin + len;
04429
if (pos < offset)
04430 {
04431 len = 0;
04432 begin = pos;
04433 }
04434
if (pos > offset+length)
04435
goto out;
04436
04437
04438 sum = 0;
04439 len += sprintf(buffer + len,
"RNETOBJ: ");
04440
#if defined(CONFIG_RSBAC_MAC)
04441
tmp_count =
rsbac_list_count(rnetobj_handles.mac);
04442 len += sprintf(buffer + len,
"%lu MAC, ",
04443 tmp_count);
04444 sum += tmp_count;
04445
#endif
04446
#if defined(CONFIG_RSBAC_FC)
04447
tmp_count =
rsbac_list_count(rnetobj_handles.fc);
04448 len += sprintf(buffer + len,
"%lu FC, ",
04449 tmp_count);
04450 sum += tmp_count;
04451
#endif
04452
#if defined(CONFIG_RSBAC_SIM)
04453
tmp_count =
rsbac_list_count(rnetobj_handles.sim);
04454 len += sprintf(buffer + len,
"%lu SIM, ",
04455 tmp_count);
04456 sum += tmp_count;
04457
#endif
04458
#if defined(CONFIG_RSBAC_PM)
04459
tmp_count =
rsbac_list_count(rnetobj_handles.pm);
04460 len += sprintf(buffer + len,
"%lu PM, ",
04461 tmp_count);
04462 sum += tmp_count;
04463
#endif
04464
#if defined(CONFIG_RSBAC_RC)
04465
tmp_count =
rsbac_list_count(rnetobj_handles.rc);
04466 len += sprintf(buffer + len,
"%lu RC, ",
04467 tmp_count);
04468 sum += tmp_count;
04469
#endif
04470
len += sprintf(buffer + len,
"%lu total\n",
04471 sum);
04472 total_sum += sum;
04473 pos = begin + len;
04474
if (pos < offset)
04475 {
04476 len = 0;
04477 begin = pos;
04478 }
04479
if (pos > offset+length)
04480
goto out;
04481
04482
#endif
04483
04484 len += sprintf(buffer + len,
04485
"Total sum of %lu registered rsbac-items\n",
04486 total_sum);
04487 pos = begin + len;
04488
if (pos < offset)
04489 {
04490 len = 0;
04491 begin = pos;
04492 }
04493
if (pos > offset+length)
04494
goto out;
04495
04496 len += sprintf(buffer + len,
04497
"\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
04498 rsbac_adf_request_count[T_FILE],
04499 rsbac_adf_request_count[T_DIR],
04500 rsbac_adf_request_count[T_FIFO],
04501 rsbac_adf_request_count[T_SYMLINK],
04502 rsbac_adf_request_count[T_DEV],
04503 rsbac_adf_request_count[T_IPC],
04504 rsbac_adf_request_count[T_SCD],
04505 rsbac_adf_request_count[T_USER],
04506 rsbac_adf_request_count[T_PROCESS],
04507 rsbac_adf_request_count[T_NETDEV],
04508 rsbac_adf_request_count[T_NETTEMP],
04509 rsbac_adf_request_count[T_NETOBJ]);
04510 pos = begin + len;
04511
if (pos < offset)
04512 {
04513 len = 0;
04514 begin = pos;
04515 }
04516
if (pos > offset+length)
04517
goto out;
04518
04519 len += sprintf(buffer + len,
04520
"adf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
04521 rsbac_adf_set_attr_count[T_FILE],
04522 rsbac_adf_set_attr_count[T_DIR],
04523 rsbac_adf_set_attr_count[T_FIFO],
04524 rsbac_adf_set_attr_count[T_SYMLINK],
04525 rsbac_adf_set_attr_count[T_DEV],
04526 rsbac_adf_set_attr_count[T_IPC],
04527 rsbac_adf_set_attr_count[T_SCD],
04528 rsbac_adf_set_attr_count[T_USER],
04529 rsbac_adf_set_attr_count[T_PROCESS],
04530 rsbac_adf_set_attr_count[T_NETDEV],
04531 rsbac_adf_set_attr_count[T_NETTEMP],
04532 rsbac_adf_set_attr_count[T_NETOBJ]);
04533 pos = begin + len;
04534
if (pos < offset)
04535 {
04536 len = 0;
04537 begin = pos;
04538 }
04539
04540 out:
04541 *start = buffer + (offset - begin);
04542 len -= (offset - begin);
04543
04544
if (len > length)
04545 len = length;
04546
return len;
04547 }
04548
04549
static int
04550 active_proc_info(
char *buffer,
char **start, off_t offset,
int length)
04551 {
04552 u_int len = 0;
04553 off_t pos = 0;
04554 off_t begin = 0;
04555
04556
union rsbac_target_id_t rsbac_target_id;
04557
union rsbac_attribute_value_t rsbac_attribute_value;
04558
04559
if (!
rsbac_initialized)
return (-ENOSYS);
04560
04561
#ifdef CONFIG_RSBAC_DEBUG
04562
if (rsbac_debug_aef)
04563 {
04564
#ifdef CONFIG_RSBAC_RMSG
04565
rsbac_printk(KERN_DEBUG
"stats_proc_info(): calling ADF\n");
04566
#endif
04567
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04568
if (!rsbac_nosyslog)
04569
#endif
04570
printk(KERN_DEBUG
"stats_proc_info(): calling ADF\n");
04571 }
04572
#endif
04573
rsbac_target_id.
scd =
ST_rsbac;
04574 rsbac_attribute_value.
dummy = 0;
04575
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
04576 current->pid,
04577 T_SCD,
04578 rsbac_target_id,
04579 A_none,
04580 rsbac_attribute_value))
04581 {
04582
return -EPERM;
04583 }
04584
04585 len = sprintf(buffer,
"Version: %s\n",
04586 RSBAC_VERSION);
04587
#ifdef CONFIG_RSBAC_MAINT
04588
len += sprintf(buffer+len,
"Mode: Maintenance\n");
04589 len += sprintf(buffer+len,
"Softmode: unavailable\n");
04590
#else
04591
#ifdef CONFIG_RSBAC_SOFTMODE
04592
if(rsbac_softmode)
04593 len += sprintf(buffer+len,
"Mode: Softmode\n");
04594
else
04595
#endif
04596
len += sprintf(buffer+len,
"Mode: Secure\n");
04597
#ifdef CONFIG_RSBAC_SOFTMODE
04598
len += sprintf(buffer+len,
"Softmode: available\n");
04599
#else
04600
len += sprintf(buffer+len,
"Softmode: unavailable\n");
04601
#endif
04602
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04603
len += sprintf(buffer+len,
"Ind-Soft: available\n");
04604
#else
04605
len += sprintf(buffer+len,
"Ind-Soft: unavailable\n");
04606
#endif
04607
#endif
04608
pos = begin + len;
04609
if (pos < offset)
04610 {
04611 len = 0;
04612 begin = pos;
04613 }
04614
if (pos > offset+length)
04615
goto out;
04616
04617
#ifdef CONFIG_RSBAC_REG
04618
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04619
if(rsbac_ind_softmode[
REG])
04620 len += sprintf(buffer+len,
"Module: REG softmode\n");
04621
else
04622
#endif
04623
len += sprintf(buffer+len,
"Module: REG on\n");
04624
#endif
04625
04626
#ifdef CONFIG_RSBAC_MAC
04627
#ifdef CONFIG_RSBAC_SWITCH
04628
if(!rsbac_switch_mac)
04629 len += sprintf(buffer+len,
"Module: MAC off\n");
04630
else
04631
#endif
04632
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04633
if(rsbac_ind_softmode[
MAC])
04634 len += sprintf(buffer+len,
"Module: MAC softmode\n");
04635
else
04636
#endif
04637
len += sprintf(buffer+len,
"Module: MAC on\n");
04638
#endif
04639
04640
#ifdef CONFIG_RSBAC_FC
04641
#ifdef CONFIG_RSBAC_SWITCH
04642
if(!rsbac_switch_fc)
04643 len += sprintf(buffer+len,
"Module: FC off\n");
04644
else
04645
#endif
04646
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04647
if(rsbac_ind_softmode[
FC])
04648 len += sprintf(buffer+len,
"Module: FC softmode\n");
04649
else
04650
#endif
04651
len += sprintf(buffer+len,
"Module: FC on\n");
04652
#endif
04653
04654
#ifdef CONFIG_RSBAC_SIM
04655
#ifdef CONFIG_RSBAC_SWITCH
04656
if(!rsbac_switch_sim)
04657 len += sprintf(buffer+len,
"Module: SIM off\n");
04658
else
04659
#endif
04660
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04661
if(rsbac_ind_softmode[
SIM])
04662 len += sprintf(buffer+len,
"Module: SIM softmode\n");
04663
else
04664
#endif
04665
len += sprintf(buffer+len,
"Module: SIM on\n");
04666
#endif
04667
04668
#ifdef CONFIG_RSBAC_PM
04669
#ifdef CONFIG_RSBAC_SWITCH
04670
if(!rsbac_switch_pm)
04671 len += sprintf(buffer+len,
"Module: PM off\n");
04672
else
04673
#endif
04674
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04675
if(rsbac_ind_softmode[
PM])
04676 len += sprintf(buffer+len,
"Module: PM softmode\n");
04677
else
04678
#endif
04679
len += sprintf(buffer+len,
"Module: PM on\n");
04680
#endif
04681
04682
#ifdef CONFIG_RSBAC_DAZ
04683
#ifdef CONFIG_RSBAC_SWITCH
04684
if(!rsbac_switch_daz)
04685 len += sprintf(buffer+len,
"Module: DAZ off\n");
04686
else
04687
#endif
04688
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04689
if(rsbac_ind_softmode[
DAZ])
04690 len += sprintf(buffer+len,
"Module: DAZ softmode\n");
04691
else
04692
#endif
04693
len += sprintf(buffer+len,
"Module: DAZ on\n");
04694
#endif
04695
04696
#ifdef CONFIG_RSBAC_FF
04697
#ifdef CONFIG_RSBAC_SWITCH
04698
if(!rsbac_switch_ff)
04699 len += sprintf(buffer+len,
"Module: FF off\n");
04700
else
04701
#endif
04702
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04703
if(rsbac_ind_softmode[
FF])
04704 len += sprintf(buffer+len,
"Module: FF softmode\n");
04705
else
04706
#endif
04707
len += sprintf(buffer+len,
"Module: FF on\n");
04708
#endif
04709
04710
#ifdef CONFIG_RSBAC_RC
04711
#ifdef CONFIG_RSBAC_SWITCH
04712
if(!rsbac_switch_rc)
04713 len += sprintf(buffer+len,
"Module: RC off\n");
04714
else
04715
#endif
04716
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04717
if(rsbac_ind_softmode[
RC])
04718 len += sprintf(buffer+len,
"Module: RC softmode\n");
04719
else
04720
#endif
04721
len += sprintf(buffer+len,
"Module: RC on\n");
04722
#endif
04723
04724
#ifdef CONFIG_RSBAC_AUTH
04725
#ifdef CONFIG_RSBAC_SWITCH
04726
if(!rsbac_switch_auth)
04727 len += sprintf(buffer+len,
"Module: AUTH off\n");
04728
else
04729
#endif
04730
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04731
if(rsbac_ind_softmode[
AUTH])
04732 len += sprintf(buffer+len,
"Module: AUTH softmode\n");
04733
else
04734
#endif
04735
len += sprintf(buffer+len,
"Module: AUTH on\n");
04736
#endif
04737
04738
#ifdef CONFIG_RSBAC_ACL
04739
#ifdef CONFIG_RSBAC_SWITCH
04740
if(!rsbac_switch_acl)
04741 len += sprintf(buffer+len,
"Module: ACL off\n");
04742
else
04743
#endif
04744
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04745
if(rsbac_ind_softmode[
ACL])
04746 len += sprintf(buffer+len,
"Module: ACL softmode\n");
04747
else
04748
#endif
04749
len += sprintf(buffer+len,
"Module: ACL on\n");
04750
#endif
04751
04752
#ifdef CONFIG_RSBAC_CAP
04753
#ifdef CONFIG_RSBAC_SWITCH
04754
if(!rsbac_switch_cap)
04755 len += sprintf(buffer+len,
"Module: CAP off\n");
04756
else
04757
#endif
04758
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04759
if(rsbac_ind_softmode[
CAP])
04760 len += sprintf(buffer+len,
"Module: CAP softmode\n");
04761
else
04762
#endif
04763
len += sprintf(buffer+len,
"Module: CAP on\n");
04764
#endif
04765
04766
#ifdef CONFIG_RSBAC_JAIL
04767
#ifdef CONFIG_RSBAC_SWITCH
04768
if(!rsbac_switch_jail)
04769 len += sprintf(buffer+len,
"Module: JAIL off\n");
04770
else
04771
#endif
04772
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04773
if(rsbac_ind_softmode[
JAIL])
04774 len += sprintf(buffer+len,
"Module: JAIL softmode\n");
04775
else
04776
#endif
04777
len += sprintf(buffer+len,
"Module: JAIL on\n");
04778
#endif
04779
04780
#ifdef CONFIG_RSBAC_RES
04781
#ifdef CONFIG_RSBAC_SWITCH
04782
if(!rsbac_switch_res)
04783 len += sprintf(buffer+len,
"Module: RES off\n");
04784
else
04785
#endif
04786
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04787
if(rsbac_ind_softmode[
RES])
04788 len += sprintf(buffer+len,
"Module: RES softmode\n");
04789
else
04790
#endif
04791
len += sprintf(buffer+len,
"Module: RES on\n");
04792
#endif
04793
04794
#ifdef CONFIG_RSBAC_PAX
04795
#ifdef CONFIG_RSBAC_SWITCH
04796
if(!rsbac_switch_pax)
04797 len += sprintf(buffer+len,
"Module: PAX off\n");
04798
else
04799
#endif
04800
#ifdef CONFIG_RSBAC_SOFTMODE_IND
04801
if(rsbac_ind_softmode[
PAX])
04802 len += sprintf(buffer+len,
"Module: PAX softmode\n");
04803
else
04804
#endif
04805
len += sprintf(buffer+len,
"Module: PAX on\n");
04806
#endif
04807
04808 pos = begin + len;
04809
if (pos < offset)
04810 {
04811 len = 0;
04812 begin = pos;
04813 }
04814
04815 out:
04816 *start = buffer + (offset - begin);
04817 len -= (offset - begin);
04818
04819
if (len > length)
04820 len = length;
04821
return len;
04822 }
04823
04824
#ifdef CONFIG_RSBAC_XSTATS
04825
static int
04826 xstats_proc_info(
char *buffer,
char **start, off_t offset,
int length)
04827 {
04828 u_int len = 0;
04829 off_t pos = 0;
04830 off_t begin = 0;
04831
int i,j;
04832
char name[80];
04833
union rsbac_target_id_t rsbac_target_id;
04834
union rsbac_attribute_value_t rsbac_attribute_value;
04835
04836
if (!
rsbac_initialized)
return (-ENOSYS);
04837
04838
#ifdef CONFIG_RSBAC_DEBUG
04839
if (rsbac_debug_aef)
04840 {
04841
#ifdef CONFIG_RSBAC_RMSG
04842
rsbac_printk(KERN_DEBUG
"xstats_proc_info(): calling ADF\n");
04843
#endif
04844
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04845
if (!rsbac_nosyslog)
04846
#endif
04847
printk(KERN_DEBUG
"xstats_proc_info(): calling ADF\n");
04848 }
04849
#endif
04850
rsbac_target_id.
scd =
ST_rsbac;
04851 rsbac_attribute_value.
dummy = 0;
04852
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
04853 current->pid,
04854 T_SCD,
04855 rsbac_target_id,
04856 A_none,
04857 rsbac_attribute_value))
04858 {
04859
return -EPERM;
04860 }
04861
04862 len += sprintf(buffer,
04863
"RSBAC ADF call Statistics\n-------------------------\nadf_request table:\n");
04864 pos = begin + len;
04865
if (pos < offset)
04866 {
04867 len = 0;
04868 begin = pos;
04869 }
04870
if (pos > offset+length)
04871
goto out;
04872
04873 len += sprintf(buffer + len,
"Request /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tNONE");
04874 pos = begin + len;
04875
if (pos < offset)
04876 {
04877 len = 0;
04878 begin = pos;
04879 }
04880
if (pos > offset+length)
04881
goto out;
04882
04883
for(i=0;i<
R_NONE;i++)
04884 {
04885
get_request_name(name, i);
04886 name[15]=0;
04887 len += sprintf(buffer + len,
"\n%-14s\t",name);
04888 pos = begin + len;
04889
if (pos < offset)
04890 {
04891 len = 0;
04892 begin = pos;
04893 }
04894
if (pos > offset+length)
04895
goto out;
04896
for(j=0;j<=
T_NONE;j++)
04897 {
04898
if( (j ==
T_NETTEMP_NT)
04899 || (j ==
T_FD)
04900 )
04901
continue;
04902 len += sprintf(buffer + len,
"%lu\t",
04903 rsbac_adf_request_xcount[j][i]);
04904 pos = begin + len;
04905
if (pos < offset)
04906 {
04907 len = 0;
04908 begin = pos;
04909 }
04910
if (pos > offset+length)
04911
goto out;
04912 }
04913 }
04914
04915 len += sprintf(buffer + len,
04916
"\n\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, none: %lu\n",
04917 rsbac_adf_request_count[T_FILE],
04918 rsbac_adf_request_count[T_DIR],
04919 rsbac_adf_request_count[T_FIFO],
04920 rsbac_adf_request_count[T_SYMLINK],
04921 rsbac_adf_request_count[T_DEV],
04922 rsbac_adf_request_count[T_IPC],
04923 rsbac_adf_request_count[T_SCD],
04924 rsbac_adf_request_count[T_USER],
04925 rsbac_adf_request_count[T_PROCESS],
04926 rsbac_adf_request_count[T_NETDEV],
04927 rsbac_adf_request_count[T_NETTEMP],
04928 rsbac_adf_request_count[T_NETOBJ],
04929 rsbac_adf_request_count[T_NONE]);
04930 pos = begin + len;
04931
if (pos < offset)
04932 {
04933 len = 0;
04934 begin = pos;
04935 }
04936
if (pos > offset+length)
04937
goto out;
04938
04939 len += sprintf(buffer+len,
04940
"\n\nadf_set_attr table:\nRequest /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tNONE");
04941 pos = begin + len;
04942
if (pos < offset)
04943 {
04944 len = 0;
04945 begin = pos;
04946 }
04947
if (pos > offset+length)
04948
goto out;
04949
04950
for(i=0;i<
R_NONE;i++)
04951 {
04952
get_request_name(name, i);
04953 name[15]=0;
04954 len += sprintf(buffer + len,
"\n%-14s\t",name);
04955 pos = begin + len;
04956
if (pos < offset)
04957 {
04958 len = 0;
04959 begin = pos;
04960 }
04961
if (pos > offset+length)
04962
goto out;
04963
for(j=0;j<=
T_NONE;j++)
04964 {
04965
if( (j ==
T_NETTEMP_NT)
04966 || (j ==
T_FD)
04967 )
04968
continue;
04969 len += sprintf(buffer + len,
"%lu\t",
04970 rsbac_adf_set_attr_xcount[j][i]);
04971 pos = begin + len;
04972
if (pos < offset)
04973 {
04974 len = 0;
04975 begin = pos;
04976 }
04977
if (pos > offset+length)
04978
goto out;
04979 }
04980 }
04981
04982 len += sprintf(buffer + len,
04983
"\n\nadf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, none: %lu\n",
04984 rsbac_adf_set_attr_count[T_FILE],
04985 rsbac_adf_set_attr_count[T_DIR],
04986 rsbac_adf_set_attr_count[T_FIFO],
04987 rsbac_adf_set_attr_count[T_SYMLINK],
04988 rsbac_adf_set_attr_count[T_DEV],
04989 rsbac_adf_set_attr_count[T_IPC],
04990 rsbac_adf_set_attr_count[T_SCD],
04991 rsbac_adf_set_attr_count[T_USER],
04992 rsbac_adf_set_attr_count[T_PROCESS],
04993 rsbac_adf_set_attr_count[T_NETDEV],
04994 rsbac_adf_set_attr_count[T_NETTEMP],
04995 rsbac_adf_set_attr_count[T_NETOBJ],
04996 rsbac_adf_set_attr_count[T_NONE]);
04997 pos = begin + len;
04998
if (pos < offset)
04999 {
05000 len = 0;
05001 begin = pos;
05002 }
05003
if (pos > offset+length)
05004
goto out;
05005
05006 len += sprintf(buffer + len,
05007
"\n\nData Structures:\nrsbac_get_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
05008 get_attr_count[T_FILE],
05009 get_attr_count[T_DIR],
05010 get_attr_count[T_FIFO],
05011 get_attr_count[T_SYMLINK],
05012 get_attr_count[T_DEV],
05013 get_attr_count[T_IPC],
05014 get_attr_count[T_SCD],
05015 get_attr_count[T_USER],
05016 get_attr_count[T_PROCESS],
05017 get_attr_count[T_NETDEV],
05018 get_attr_count[T_NETTEMP],
05019 get_attr_count[T_NETOBJ]);
05020 pos = begin + len;
05021
if (pos < offset)
05022 {
05023 len = 0;
05024 begin = pos;
05025 }
05026
if (pos > offset+length)
05027
goto out;
05028
05029 len += sprintf(buffer + len,
05030
"\nrsbac_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
05031 set_attr_count[T_FILE],
05032 set_attr_count[T_DIR],
05033 set_attr_count[T_FIFO],
05034 set_attr_count[T_SYMLINK],
05035 set_attr_count[T_DEV],
05036 set_attr_count[T_IPC],
05037 set_attr_count[T_SCD],
05038 set_attr_count[T_USER],
05039 set_attr_count[T_PROCESS],
05040 set_attr_count[T_NETDEV],
05041 set_attr_count[T_NETTEMP],
05042 set_attr_count[T_NETOBJ]);
05043 pos = begin + len;
05044
if (pos < offset)
05045 {
05046 len = 0;
05047 begin = pos;
05048 }
05049
if (pos > offset+length)
05050
goto out;
05051
05052 len += sprintf(buffer + len,
05053
"\nrsbac_remove_target calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
05054 remove_count[T_FILE],
05055 remove_count[T_DIR],
05056 remove_count[T_FIFO],
05057 remove_count[T_SYMLINK],
05058 remove_count[T_DEV],
05059 remove_count[T_IPC],
05060 remove_count[T_SCD],
05061 remove_count[T_USER],
05062 remove_count[T_PROCESS],
05063 remove_count[T_NETDEV],
05064 remove_count[T_NETTEMP],
05065 remove_count[T_NETOBJ]);
05066 pos = begin + len;
05067
if (pos < offset)
05068 {
05069 len = 0;
05070 begin = pos;
05071 }
05072
05073 out:
05074 *start = buffer + (offset - begin);
05075 len -= (offset - begin);
05076
05077
if (len > length)
05078 len = length;
05079
return len;
05080 }
05081
#endif
05082
05083
#if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
05084
static int
05085 auto_write_proc_info(
char *buffer,
char **start, off_t offset,
int length)
05086 {
05087
int len = 0;
05088 off_t pos = 0;
05089 off_t begin = 0;
05090
05091
union rsbac_target_id_t rsbac_target_id;
05092
union rsbac_attribute_value_t rsbac_attribute_value;
05093
05094
if (!
rsbac_initialized)
return (-ENOSYS);
05095
05096
#ifdef CONFIG_RSBAC_DEBUG
05097
if (rsbac_debug_aef)
05098 {
05099
#ifdef CONFIG_RSBAC_RMSG
05100
rsbac_printk(KERN_DEBUG
"auto_write_proc_info(): calling ADF\n");
05101
#endif
05102
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05103
if (!rsbac_nosyslog)
05104
#endif
05105
printk(KERN_DEBUG
"auto_write_proc_info(): calling ADF\n");
05106 }
05107
#endif
05108
rsbac_target_id.
scd =
ST_rsbac;
05109 rsbac_attribute_value.
dummy = 0;
05110
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
05111 current->pid,
05112 T_SCD,
05113 rsbac_target_id,
05114 A_none,
05115 rsbac_attribute_value))
05116 {
05117
return -EPERM;
05118 }
05119
05120 len = sprintf(buffer,
"RSBAC auto write settings\n-------------------------\n");
05121 pos = begin + len;
05122
if (pos < offset)
05123 {
05124 len = 0;
05125 begin = pos;
05126 }
05127
if (pos > offset+length)
05128
goto out;
05129
05130 len += sprintf(buffer + len,
"auto interval %u jiffies (%i jiffies = 1 second)\n",
05131 auto_interval, HZ);
05132 pos = begin + len;
05133
if (pos < offset)
05134 {
05135 len = 0;
05136 begin = pos;
05137 }
05138
if (pos > offset+length)
05139
goto out;
05140
05141
#ifdef CONFIG_RSBAC_DEBUG
05142
len += sprintf(buffer + len,
"debug level is %i\n",
05143 rsbac_debug_auto);
05144 pos = begin + len;
05145
if (pos < offset)
05146 {
05147 len = 0;
05148 begin = pos;
05149 }
05150
#endif
05151
05152 out:
05153 *start = buffer + (offset - begin);
05154 len -= (offset - begin);
05155
05156
if (len > length)
05157 len = length;
05158
return len;
05159 }
05160
05161
static ssize_t auto_write_proc_write(
struct file * file,
const char * buf,
05162 u_long count,
void *ppos)
05163 {
05164 ssize_t err = -EINVAL;
05165
char * k_buf;
05166
char * p;
05167
05168
union rsbac_target_id_t rsbac_target_id;
05169
union rsbac_attribute_value_t rsbac_attribute_value;
05170
05171
if(count >
PROC_BLOCK_SIZE) {
05172
return(-EOVERFLOW);
05173 }
05174
05175
if (!(k_buf = (
char *) __get_free_page(GFP_KERNEL)))
05176
return(-ENOMEM);
05177 copy_from_user(k_buf, buf, count);
05178
05179
if(count < 13 || strncmp(
"auto", k_buf, 4))
05180 {
05181
goto out;
05182 }
05183
if (!
rsbac_initialized)
05184 {
05185 err=-ENOSYS;
05186
goto out;
05187 }
05188
05189
#ifdef CONFIG_RSBAC_DEBUG
05190
if (rsbac_debug_aef)
05191 {
05192
#ifdef CONFIG_RSBAC_RMSG
05193
rsbac_printk(KERN_DEBUG
"auto_write_proc_write(): calling ADF\n");
05194
#endif
05195
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05196
if (!rsbac_nosyslog)
05197
#endif
05198
printk(KERN_DEBUG
"auto_write_proc_write(): calling ADF\n");
05199 }
05200
#endif
05201
rsbac_target_id.
scd =
ST_rsbac;
05202 rsbac_attribute_value.
dummy = 0;
05203
if (!
rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
05204 current->pid,
05205 T_SCD,
05206 rsbac_target_id,
05207 A_none,
05208 rsbac_attribute_value))
05209 {
05210 err = -EPERM;
05211
goto out;
05212 }
05213
05214
05215
05216
05217
05218
if(!strncmp(
"interval", k_buf + 5, 8))
05219 {
05220
unsigned int interval;
05221
05222 p = k_buf + 5 + 9;
05223
05224
if( *p ==
'\0' )
05225
goto out;
05226
05227 interval = simple_strtoul(p, NULL, 0);
05228
05229
if(interval >= HZ)
05230 {
05231
#ifdef CONFIG_RSBAC_RMSG
05232
rsbac_printk(KERN_INFO
05233
"auto_write_proc_write(): setting auto write interval to %u\n",
05234 interval);
05235
#endif
05236
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05237
if (!rsbac_nosyslog)
05238
#endif
05239
printk(KERN_INFO
05240
"auto_write_proc_write(): setting auto write interval to %u\n",
05241 interval);
05242 auto_interval = interval;
05243 err = count;
05244
goto out;
05245 }
05246
else
05247 {
05248
#ifdef CONFIG_RSBAC_RMSG
05249
rsbac_printk(KERN_INFO
05250
"auto_write_proc_write(): rejecting too short auto write interval %u (min. %i)\n",
05251 interval, HZ);
05252
#endif
05253
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05254
if (!rsbac_nosyslog)
05255
#endif
05256
printk(KERN_INFO
05257
"auto_write_proc_write(): rejecting too short auto write interval %u (min. %i)\n",
05258 interval, HZ);
05259
goto out;
05260 }
05261 }
05262
05263
#ifdef CONFIG_RSBAC_DEBUG
05264
05265
05266
05267
05268
if(!strncmp(
"debug", k_buf + 5, 5))
05269 {
05270
unsigned int debug_level;
05271
05272 p = k_buf + 5 + 6;
05273
05274
if( *p ==
'\0' )
05275
goto out;
05276
05277 debug_level = simple_strtoul(p, NULL, 0);
05278
05279
if(!debug_level || (debug_level == 1))
05280 {
05281
#ifdef CONFIG_RSBAC_RMSG
05282
rsbac_printk(KERN_INFO
05283
"auto_write_proc_write(): setting rsbac_debug_auto to %u\n",
05284 debug_level);
05285
#endif
05286
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05287
if (!rsbac_nosyslog)
05288
#endif
05289
printk(KERN_INFO
05290
"auto_write_proc_write(): setting rsbac_debug_auto to %u\n",
05291 debug_level);
05292 rsbac_debug_auto = debug_level;
05293 err = count;
05294 }
05295
else
05296 {
05297
#ifdef CONFIG_RSBAC_RMSG
05298
rsbac_printk(KERN_INFO
05299
"auto_write_proc_write(): rejecting invalid debug level (should be 0 or 1)\n");
05300
#endif
05301
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05302
if (!rsbac_nosyslog)
05303
#endif
05304
printk(KERN_INFO
05305
"auto_write_proc_write(): rejecting invalid debug level (should be 0 or 1)\n");
05306 }
05307 }
05308
#endif
05309
05310 out:
05311 free_page((ulong) k_buf);
05312
return(err);
05313 }
05314
#endif
05315
05316
static int
05317 versions_proc_info(
char *buffer,
char **start, off_t offset,
int length)
05318 {
05319
int len = 0;
05320 off_t pos = 0;
05321 off_t begin = 0;
05322
05323
union rsbac_target_id_t rsbac_target_id;
05324
union rsbac_attribute_value_t rsbac_attribute_value;
05325
05326
if (!
rsbac_initialized)
return (-ENOSYS);
05327
05328
#ifdef CONFIG_RSBAC_DEBUG
05329
if (rsbac_debug_aef)
05330 {
05331
#ifdef CONFIG_RSBAC_RMSG
05332
rsbac_printk(KERN_DEBUG
"versions_proc_info(): calling ADF\n");
05333
#endif
05334
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05335
if (!rsbac_nosyslog)
05336
#endif
05337
printk(KERN_DEBUG
"versions_proc_info(): calling ADF\n");
05338 }
05339
#endif
05340
rsbac_target_id.
scd =
ST_rsbac;
05341 rsbac_attribute_value.
dummy = 0;
05342
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
05343 current->pid,
05344 T_SCD,
05345 rsbac_target_id,
05346 A_none,
05347 rsbac_attribute_value))
05348 {
05349
return -EPERM;
05350 }
05351
05352 len = sprintf(buffer,
05353
"RSBAC version settings (%s)\n----------------------\n",
05354 RSBAC_VERSION);
05355 pos = begin + len;
05356
if (pos < offset)
05357 {
05358 len = 0;
05359 begin = pos;
05360 }
05361
if (pos > offset+length)
05362
goto out;
05363
05364 len += sprintf(buffer + len,
"FD lists:\nGEN aci version is %i, aci entry size is %i, %i lists per device\n",
05365 RSBAC_GEN_FD_ACI_VERSION,
sizeof(
struct rsbac_gen_fd_aci_t), RSBAC_GEN_NR_FD_LISTS);
05366 pos = begin + len;
05367
if (pos < offset)
05368 {
05369 len = 0;
05370 begin = pos;
05371 }
05372
if (pos > offset+length)
05373
goto out;
05374
#if defined(CONFIG_RSBAC_MAC)
05375
len += sprintf(buffer + len,
"MAC aci version is %i, aci entry size is %i, %i lists per device\n",
05376 RSBAC_MAC_FD_ACI_VERSION,
sizeof(
struct rsbac_mac_fd_aci_t), RSBAC_MAC_NR_FD_LISTS);
05377 pos = begin + len;
05378
if (pos < offset)
05379 {
05380 len = 0;
05381 begin = pos;
05382 }
05383
if (pos > offset+length)
05384
goto out;
05385
#endif
05386
#if defined(CONFIG_RSBAC_FC)
05387
len += sprintf(buffer + len,
"FC aci version is %i, aci entry size is %i, %i lists per device\n",
05388 RSBAC_FC_FD_ACI_VERSION,
sizeof(
rsbac_fc_oc_t), RSBAC_FC_NR_FD_LISTS);
05389 pos = begin + len;
05390
if (pos < offset)
05391 {
05392 len = 0;
05393 begin = pos;
05394 }
05395
if (pos > offset+length)
05396
goto out;
05397
#endif
05398
#if defined(CONFIG_RSBAC_SIM)
05399
len += sprintf(buffer + len,
"SIM aci version is %i, aci entry size is %i, %i lists per device\n",
05400 RSBAC_SIM_FD_ACI_VERSION,
sizeof(
rsbac_sim_dt_t), RSBAC_SIM_NR_FD_LISTS);
05401 pos = begin + len;
05402
if (pos < offset)
05403 {
05404 len = 0;
05405 begin = pos;
05406 }
05407
if (pos > offset+length)
05408
goto out;
05409
#endif
05410
#if defined(CONFIG_RSBAC_PM)
05411
len += sprintf(buffer + len,
"PM aci version is %i, aci entry size is %i, %i lists per device\n",
05412 RSBAC_PM_FD_ACI_VERSION,
sizeof(
struct rsbac_pm_fd_aci_t), RSBAC_PM_NR_FD_LISTS);
05413 pos = begin + len;
05414
if (pos < offset)
05415 {
05416 len = 0;
05417 begin = pos;
05418 }
05419
if (pos > offset+length)
05420
goto out;
05421
#endif
05422
#if defined(CONFIG_RSBAC_DAZ)
05423
len += sprintf(buffer + len,
"DAZ aci version is %i, aci entry size is %i, %i lists per device\n",
05424 RSBAC_DAZ_FD_ACI_VERSION,
sizeof(
struct rsbac_daz_fd_aci_t), RSBAC_DAZ_NR_FD_LISTS);
05425 pos = begin + len;
05426
if (pos < offset)
05427 {
05428 len = 0;
05429 begin = pos;
05430 }
05431
if (pos > offset+length)
05432
goto out;
05433
#if defined(CONFIG_RSBAC_DAZ_CACHE)
05434
len += sprintf(buffer + len,
"DAZS aci version is %i, aci entry size is %i, %i lists per device\n",
05435 RSBAC_DAZ_SCANNED_FD_ACI_VERSION,
05436
sizeof(
rsbac_daz_scanned_t),
05437 RSBAC_DAZ_SCANNED_NR_FD_LISTS);
05438 pos = begin + len;
05439
if (pos < offset)
05440 {
05441 len = 0;
05442 begin = pos;
05443 }
05444
if (pos > offset+length)
05445
goto out;
05446
#endif
05447
#endif
05448
#if defined(CONFIG_RSBAC_FF)
05449
len += sprintf(buffer + len,
"FF aci version is %i, aci entry size is %i, %i lists per device\n",
05450 RSBAC_FF_FD_ACI_VERSION,
sizeof(
rsbac_ff_flags_t), RSBAC_FF_NR_FD_LISTS);
05451 pos = begin + len;
05452
if (pos < offset)
05453 {
05454 len = 0;
05455 begin = pos;
05456 }
05457
if (pos > offset+length)
05458
goto out;
05459
#endif
05460
#if defined(CONFIG_RSBAC_RC)
05461
len += sprintf(buffer + len,
"RC aci version is %i, aci entry size is %i, %i lists per device\n",
05462 RSBAC_RC_FD_ACI_VERSION,
sizeof(
struct rsbac_rc_fd_aci_t), RSBAC_RC_NR_FD_LISTS);
05463 pos = begin + len;
05464
if (pos < offset)
05465 {
05466 len = 0;
05467 begin = pos;
05468 }
05469
if (pos > offset+length)
05470
goto out;
05471
#endif
05472
#if defined(CONFIG_RSBAC_AUTH)
05473
len += sprintf(buffer + len,
"AUTH aci version is %i, aci entry size is %i, %i lists per device\n",
05474 RSBAC_AUTH_FD_ACI_VERSION,
sizeof(
struct rsbac_auth_fd_aci_t), RSBAC_AUTH_NR_FD_LISTS);
05475 pos = begin + len;
05476
if (pos < offset)
05477 {
05478 len = 0;
05479 begin = pos;
05480 }
05481
if (pos > offset+length)
05482
goto out;
05483
#endif
05484
#if defined(CONFIG_RSBAC_CAP)
05485
len += sprintf(buffer + len,
"CAP aci version is %i, aci entry size is %i, %i lists per device\n",
05486 RSBAC_CAP_FD_ACI_VERSION,
sizeof(
struct rsbac_cap_fd_aci_t), RSBAC_CAP_NR_FD_LISTS);
05487 pos = begin + len;
05488
if (pos < offset)
05489 {
05490 len = 0;
05491 begin = pos;
05492 }
05493
if (pos > offset+length)
05494
goto out;
05495
#endif
05496
#if defined(CONFIG_RSBAC_PAX)
05497
len += sprintf(buffer + len,
"PAX aci version is %i, aci entry size is %i, %i lists per device\n",
05498 RSBAC_PAX_FD_ACI_VERSION,
sizeof(
rsbac_pax_flags_t), RSBAC_PAX_NR_FD_LISTS);
05499 pos = begin + len;
05500
if (pos < offset)
05501 {
05502 len = 0;
05503 begin = pos;
05504 }
05505
if (pos > offset+length)
05506
goto out;
05507
#endif
05508
#if defined(CONFIG_RSBAC_RES)
05509
len += sprintf(buffer + len,
"RES aci version is %i, aci entry size is %i, %i lists per device\n",
05510 RSBAC_RES_FD_ACI_VERSION,
sizeof(
struct rsbac_res_fd_aci_t), RSBAC_RES_NR_FD_LISTS);
05511 pos = begin + len;
05512
if (pos < offset)
05513 {
05514 len = 0;
05515 begin = pos;
05516 }
05517
if (pos > offset+length)
05518
goto out;
05519
#endif
05520
05521
05522 len += sprintf(buffer + len,
"\nDEV lists:\nGEN aci version is %i, aci entry size is %i\n",
05523 RSBAC_GEN_DEV_ACI_VERSION,
sizeof(
struct rsbac_gen_dev_aci_t));
05524 pos = begin + len;
05525
if (pos < offset)
05526 {
05527 len = 0;
05528 begin = pos;
05529 }
05530
if (pos > offset+length)
05531
goto out;
05532
#if defined(CONFIG_RSBAC_MAC)
05533
len += sprintf(buffer + len,
"MAC aci version is %i, aci entry size is %i\n",
05534 RSBAC_MAC_DEV_ACI_VERSION,
sizeof(
struct rsbac_mac_dev_aci_t));
05535 pos = begin + len;
05536
if (pos < offset)
05537 {
05538 len = 0;
05539 begin = pos;
05540 }
05541
if (pos > offset+length)
05542
goto out;
05543
#endif
05544
#if defined(CONFIG_RSBAC_FC)
05545
len += sprintf(buffer + len,
"FC aci version is %i, aci entry size is %i\n",
05546 RSBAC_FC_DEV_ACI_VERSION,
sizeof(
rsbac_fc_oc_t));
05547 pos = begin + len;
05548
if (pos < offset)
05549 {
05550 len = 0;
05551 begin = pos;
05552 }
05553
if (pos > offset+length)
05554
goto out;
05555
#endif
05556
#if defined(CONFIG_RSBAC_SIM)
05557
len += sprintf(buffer + len,
"SIM aci version is %i, aci entry size is %i\n",
05558 RSBAC_SIM_DEV_ACI_VERSION,
sizeof(
rsbac_sim_dt_t));
05559 pos = begin + len;
05560
if (pos < offset)
05561 {
05562 len = 0;
05563 begin = pos;
05564 }
05565
if (pos > offset+length)
05566
goto out;
05567
#endif
05568
#if defined(CONFIG_RSBAC_PM)
05569
len += sprintf(buffer + len,
"PM aci version is %i, aci entry size is %i\n",
05570 RSBAC_PM_DEV_ACI_VERSION,
sizeof(
struct rsbac_pm_dev_aci_t));
05571 pos = begin + len;
05572
if (pos < offset)
05573 {
05574 len = 0;
05575 begin = pos;
05576 }
05577
if (pos > offset+length)
05578
goto out;
05579
#endif
05580
#if defined(CONFIG_RSBAC_RC)
05581
len += sprintf(buffer + len,
"RC aci version is %i, aci entry size is %i\n",
05582 RSBAC_RC_DEV_ACI_VERSION,
sizeof(
rsbac_rc_type_id_t));
05583 pos = begin + len;
05584
if (pos < offset)
05585 {
05586 len = 0;
05587 begin = pos;
05588 }
05589
if (pos > offset+length)
05590
goto out;
05591
#endif
05592
05593
05594 len += sprintf(buffer + len,
"\nIPC lists:\n");
05595 pos = begin + len;
05596
if (pos < offset)
05597 {
05598 len = 0;
05599 begin = pos;
05600 }
05601
if (pos > offset+length)
05602
goto out;
05603
#if defined(CONFIG_RSBAC_MAC)
05604
len += sprintf(buffer + len,
"MAC aci version is %i, aci entry size is %i\n",
05605 RSBAC_MAC_IPC_ACI_VERSION,
sizeof(
struct rsbac_mac_ipc_aci_t));
05606 pos = begin + len;
05607
if (pos < offset)
05608 {
05609 len = 0;
05610 begin = pos;
05611 }
05612
if (pos > offset+length)
05613
goto out;
05614
#endif
05615
#if defined(CONFIG_RSBAC_FC)
05616
len += sprintf(buffer + len,
"FC aci version is %i, aci entry size is %i\n",
05617 RSBAC_FC_IPC_ACI_VERSION,
sizeof(
rsbac_fc_oc_t));
05618 pos = begin + len;
05619
if (pos < offset)
05620 {
05621 len = 0;
05622 begin = pos;
05623 }
05624
if (pos > offset+length)
05625
goto out;
05626
#endif
05627
#if defined(CONFIG_RSBAC_SIM)
05628
len += sprintf(buffer + len,
"SIM aci version is %i, aci entry size is %i\n",
05629 RSBAC_SIM_IPC_ACI_VERSION,
sizeof(
rsbac_sim_dt_t));
05630 pos = begin + len;
05631
if (pos < offset)
05632 {
05633 len = 0;
05634 begin = pos;
05635 }
05636
if (pos > offset+length)
05637
goto out;
05638
#endif
05639
#if defined(CONFIG_RSBAC_PM)
05640
len += sprintf(buffer + len,
"PM aci version is %i, aci entry size is %i\n",
05641 RSBAC_PM_IPC_ACI_VERSION,
sizeof(
struct rsbac_pm_ipc_aci_t));
05642 pos = begin + len;
05643
if (pos < offset)
05644 {
05645 len = 0;
05646 begin = pos;
05647 }
05648
if (pos > offset+length)
05649
goto out;
05650
#endif
05651
#if defined(CONFIG_RSBAC_RC)
05652
len += sprintf(buffer + len,
"RC aci version is %i, aci entry size is %i\n",
05653 RSBAC_RC_IPC_ACI_VERSION,
sizeof(
rsbac_rc_type_id_t));
05654 pos = begin + len;
05655
if (pos < offset)
05656 {
05657 len = 0;
05658 begin = pos;
05659 }
05660
if (pos > offset+length)
05661
goto out;
05662
#endif
05663
#if defined(CONFIG_RSBAC_JAIL)
05664
len += sprintf(buffer + len,
"JAIL aci version is %i, aci entry size is %i\n",
05665 RSBAC_JAIL_IPC_ACI_VERSION,
sizeof(
rsbac_jail_id_t));
05666 pos = begin + len;
05667
if (pos < offset)
05668 {
05669 len = 0;
05670 begin = pos;
05671 }
05672
if (pos > offset+length)
05673
goto out;
05674
#endif
05675
05676
05677 len += sprintf(buffer + len,
"\nUSER lists:\nGEN aci version is %i, aci entry size is %i\n",
05678 RSBAC_GEN_USER_ACI_VERSION,
sizeof(
struct rsbac_gen_user_aci_t));
05679 pos = begin + len;
05680
if (pos < offset)
05681 {
05682 len = 0;
05683 begin = pos;
05684 }
05685
if (pos > offset+length)
05686
goto out;
05687
#if defined(CONFIG_RSBAC_MAC)
05688
len += sprintf(buffer + len,
"MAC aci version is %i, aci entry size is %i\n",
05689 RSBAC_MAC_USER_ACI_VERSION,
sizeof(
struct rsbac_mac_user_aci_t));
05690 pos = begin + len;
05691
if (pos < offset)
05692 {
05693 len = 0;
05694 begin = pos;
05695 }
05696
if (pos > offset+length)
05697
goto out;
05698
#endif
05699
#if defined(CONFIG_RSBAC_FC)
05700
len += sprintf(buffer + len,
"FC aci version is %i, aci entry size is %i\n",
05701 RSBAC_FC_USER_ACI_VERSION,
sizeof(
rsbac_system_role_int_t));
05702 pos = begin + len;
05703
if (pos < offset)
05704 {
05705 len = 0;
05706 begin = pos;
05707 }
05708
if (pos > offset+length)
05709
goto out;
05710
#endif
05711
#if defined(CONFIG_RSBAC_SIM)
05712
len += sprintf(buffer + len,
"SIM aci version is %i, aci entry size is %i\n",
05713 RSBAC_SIM_USER_ACI_VERSION,
sizeof(
rsbac_system_role_int_t));
05714 pos = begin + len;
05715
if (pos < offset)
05716 {
05717 len = 0;
05718 begin = pos;
05719 }
05720
if (pos > offset+length)
05721
goto out;
05722
#endif
05723
#if defined(CONFIG_RSBAC_PM)
05724
len += sprintf(buffer + len,
"PM aci version is %i, aci entry size is %i\n",
05725 RSBAC_PM_USER_ACI_VERSION,
sizeof(
struct rsbac_pm_user_aci_t));
05726 pos = begin + len;
05727
if (pos < offset)
05728 {
05729 len = 0;
05730 begin = pos;
05731 }
05732
if (pos > offset+length)
05733
goto out;
05734
#endif
05735
#if defined(CONFIG_RSBAC_DAZ)
05736
len += sprintf(buffer + len,
"DAZ aci version is %i, aci entry size is %i\n",
05737 RSBAC_DAZ_USER_ACI_VERSION,
sizeof(
rsbac_system_role_int_t));
05738 pos = begin + len;
05739
if (pos < offset)
05740 {
05741 len = 0;
05742 begin = pos;
05743 }
05744
if (pos > offset+length)
05745
goto out;
05746
#endif
05747
#if defined(CONFIG_RSBAC_RC)
05748
len += sprintf(buffer + len,
"RC aci version is %i, aci entry size is %i\n",
05749 RSBAC_RC_USER_ACI_VERSION,
sizeof(
rsbac_rc_role_id_t));
05750 pos = begin + len;
05751
if (pos < offset)
05752 {
05753 len = 0;
05754 begin = pos;
05755 }
05756
if (pos > offset+length)
05757
goto out;
05758
#endif
05759
#if defined(CONFIG_RSBAC_AUTH)
05760
len += sprintf(buffer + len,
"AUTH aci version is %i, aci entry size is %i\n",
05761 RSBAC_AUTH_USER_ACI_VERSION,
sizeof(
rsbac_system_role_int_t));
05762 pos = begin + len;
05763
if (pos < offset)
05764 {
05765 len = 0;
05766 begin = pos;
05767 }
05768
if (pos > offset+length)
05769
goto out;
05770
#endif
05771
#if defined(CONFIG_RSBAC_CAP)
05772
len += sprintf(buffer + len,
"CAP aci version is %i, aci entry size is %i\n",
05773 RSBAC_CAP_USER_ACI_VERSION,
sizeof(
struct rsbac_cap_user_aci_t));
05774 pos = begin + len;
05775
if (pos < offset)
05776 {
05777 len = 0;
05778 begin = pos;
05779 }
05780
if (pos > offset+length)
05781
goto out;
05782
#endif
05783
#if defined(CONFIG_RSBAC_JAIL)
05784
len += sprintf(buffer + len,
"JAIL aci version is %i, aci entry size is %i\n",
05785 RSBAC_JAIL_USER_ACI_VERSION,
sizeof(
rsbac_system_role_int_t));
05786 pos = begin + len;
05787
if (pos < offset)
05788 {
05789 len = 0;
05790 begin = pos;
05791 }
05792
if (pos > offset+length)
05793
goto out;
05794
#endif
05795
#if defined(CONFIG_RSBAC_PAX)
05796
len += sprintf(buffer + len,
"PAX aci version is %i, aci entry size is %i\n",
05797 RSBAC_PAX_USER_ACI_VERSION,
sizeof(
rsbac_system_role_int_t));
05798 pos = begin + len;
05799
if (pos < offset)
05800 {
05801 len = 0;
05802 begin = pos;
05803 }
05804
if (pos > offset+length)
05805
goto out;
05806
#endif
05807
#if defined(CONFIG_RSBAC_RES)
05808
len += sprintf(buffer + len,
"RES aci version is %i, aci entry size is %i\n",
05809 RSBAC_RES_USER_ACI_VERSION,
sizeof(
struct rsbac_res_user_aci_t));
05810 pos = begin + len;
05811
if (pos < offset)
05812 {
05813 len = 0;
05814 begin = pos;
05815 }
05816
if (pos > offset+length)
05817
goto out;
05818
#endif
05819
05820
05821 len += sprintf(buffer + len,
"\nPROCESS lists:\nGEN aci version is %i, aci entry size is %i\n",
05822 RSBAC_GEN_PROCESS_ACI_VERSION,
sizeof(
rsbac_request_vector_t));
05823 pos = begin + len;
05824
if (pos < offset)
05825 {
05826 len = 0;
05827 begin = pos;
05828 }
05829
if (pos > offset+length)
05830
goto out;
05831
#if defined(CONFIG_RSBAC_MAC)
05832
len += sprintf(buffer + len,
"MAC aci version is %u, aci entry size is %u, number of lists is %u\n",
05833 RSBAC_MAC_PROCESS_ACI_VERSION,
05834
sizeof(
struct rsbac_mac_process_aci_t),
05835 CONFIG_RSBAC_MAC_NR_P_LISTS);
05836 pos = begin + len;
05837
if (pos < offset)
05838 {
05839 len = 0;
05840 begin = pos;
05841 }
05842
if (pos > offset+length)
05843
goto out;
05844
#endif
05845
#if defined(CONFIG_RSBAC_PM)
05846
len += sprintf(buffer + len,
"PM aci version is %i, aci entry size is %i\n",
05847 RSBAC_PM_PROCESS_ACI_VERSION,
sizeof(
struct rsbac_pm_process_aci_t));
05848 pos = begin + len;
05849
if (pos < offset)
05850 {
05851 len = 0;
05852 begin = pos;
05853 }
05854
if (pos > offset+length)
05855
goto out;
05856
#endif
05857
#if defined(CONFIG_RSBAC_RC)
05858
len += sprintf(buffer + len,
"RC aci version is %u, aci entry size is %u, number of lists is %u\n",
05859 RSBAC_RC_PROCESS_ACI_VERSION,
05860
sizeof(
struct rsbac_rc_process_aci_t),
05861 CONFIG_RSBAC_RC_NR_P_LISTS);
05862 pos = begin + len;
05863
if (pos < offset)
05864 {
05865 len = 0;
05866 begin = pos;
05867 }
05868
if (pos > offset+length)
05869
goto out;
05870
#endif
05871
#if defined(CONFIG_RSBAC_AUTH)
05872
len += sprintf(buffer + len,
"AUTH aci version is %i, aci entry size is %i\n",
05873 RSBAC_AUTH_PROCESS_ACI_VERSION,
sizeof(
struct rsbac_auth_process_aci_t));
05874 pos = begin + len;
05875
if (pos < offset)
05876 {
05877 len = 0;
05878 begin = pos;
05879 }
05880
if (pos > offset+length)
05881
goto out;
05882
#endif
05883
#if defined(CONFIG_RSBAC_CAP)
05884
len += sprintf(buffer + len,
"CAP aci version is %i, aci entry size is %i\n",
05885 RSBAC_CAP_PROCESS_ACI_VERSION,
sizeof(
struct rsbac_cap_process_aci_t));
05886 pos = begin + len;
05887
if (pos < offset)
05888 {
05889 len = 0;
05890 begin = pos;
05891 }
05892
if (pos > offset+length)
05893
goto out;
05894
#endif
05895
#if defined(CONFIG_RSBAC_JAIL)
05896
len += sprintf(buffer + len,
"JAIL aci version is %u, aci entry size is %u, number of lists is %u\n",
05897 RSBAC_JAIL_PROCESS_ACI_VERSION,
05898
sizeof(
struct rsbac_jail_process_aci_t),
05899 CONFIG_RSBAC_JAIL_NR_P_LISTS);
05900 pos = begin + len;
05901
if (pos < offset)
05902 {
05903 len = 0;
05904 begin = pos;
05905 }
05906
if (pos > offset+length)
05907
goto out;
05908
#endif
05909
05910
#if defined(CONFIG_RSBAC_NET_DEV)
05911
len += sprintf(buffer + len,
"\nNETDEV lists:\n");
05912 pos = begin + len;
05913
if (pos < offset)
05914 {
05915 len = 0;
05916 begin = pos;
05917 }
05918
if (pos > offset+length)
05919
goto out;
05920
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
05921
len += sprintf(buffer + len,
"GEN aci version is %i, aci entry size is %i\n",
05922 RSBAC_GEN_NETDEV_ACI_VERSION,
sizeof(
struct rsbac_gen_netdev_aci_t));
05923 pos = begin + len;
05924
if (pos < offset)
05925 {
05926 len = 0;
05927 begin = pos;
05928 }
05929
if (pos > offset+length)
05930
goto out;
05931
#endif
05932
#if defined(CONFIG_RSBAC_RC)
05933
len += sprintf(buffer + len,
"RC aci version is %i, aci entry size is %i\n",
05934 RSBAC_RC_NETDEV_ACI_VERSION,
sizeof(
rsbac_rc_type_id_t));
05935 pos = begin + len;
05936
if (pos < offset)
05937 {
05938 len = 0;
05939 begin = pos;
05940 }
05941
if (pos > offset+length)
05942
goto out;
05943
#endif
05944
#endif
05945
05946
#if defined(CONFIG_RSBAC_NET_OBJ)
05947
len += sprintf(buffer + len,
"\nNetwork Template list: version is %i, data size is %i\n",
05948 RSBAC_NET_TEMP_VERSION,
sizeof(
struct rsbac_net_temp_data_t));
05949 pos = begin + len;
05950
if (pos < offset)
05951 {
05952 len = 0;
05953 begin = pos;
05954 }
05955
if (pos > offset+length)
05956
goto out;
05957 len += sprintf(buffer + len,
"\nNETOBJ lists:\nGEN aci version is %i, aci entry size is %i\n",
05958 RSBAC_GEN_NETOBJ_ACI_VERSION,
sizeof(
struct rsbac_gen_netobj_aci_t));
05959 pos = begin + len;
05960
if (pos < offset)
05961 {
05962 len = 0;
05963 begin = pos;
05964 }
05965
if (pos > offset+length)
05966
goto out;
05967
#if defined(CONFIG_RSBAC_MAC)
05968
len += sprintf(buffer + len,
"MAC aci version is %i, aci entry size is %i\n",
05969 RSBAC_MAC_NETOBJ_ACI_VERSION,
sizeof(
struct rsbac_mac_netobj_aci_t));
05970 pos = begin + len;
05971
if (pos < offset)
05972 {
05973 len = 0;
05974 begin = pos;
05975 }
05976
if (pos > offset+length)
05977
goto out;
05978
#endif
05979
#if defined(CONFIG_RSBAC_FC)
05980
len += sprintf(buffer + len,
"FC aci version is %i, aci entry size is %i\n",
05981 RSBAC_FC_NETOBJ_ACI_VERSION,
sizeof(
rsbac_fc_oc_t));
05982 pos = begin + len;
05983
if (pos < offset)
05984 {
05985 len = 0;
05986 begin = pos;
05987 }
05988
if (pos > offset+length)
05989
goto out;
05990
#endif
05991
#if defined(CONFIG_RSBAC_SIM)
05992
len += sprintf(buffer + len,
"SIM aci version is %i, aci entry size is %i\n",
05993 RSBAC_SIM_NETOBJ_ACI_VERSION,
sizeof(
rsbac_sim_dt_t));
05994 pos = begin + len;
05995
if (pos < offset)
05996 {
05997 len = 0;
05998 begin = pos;
05999 }
06000
if (pos > offset+length)
06001
goto out;
06002
#endif
06003
#if defined(CONFIG_RSBAC_PM)
06004
len += sprintf(buffer + len,
"PM aci version is %i, aci entry size is %i\n",
06005 RSBAC_PM_NETOBJ_ACI_VERSION,
sizeof(
struct rsbac_pm_netobj_aci_t));
06006 pos = begin + len;
06007
if (pos < offset)
06008 {
06009 len = 0;
06010 begin = pos;
06011 }
06012
if (pos > offset+length)
06013
goto out;
06014
#endif
06015
#if defined(CONFIG_RSBAC_RC)
06016
len += sprintf(buffer + len,
"RC aci version is %i, aci entry size is %i\n",
06017 RSBAC_RC_NETOBJ_ACI_VERSION,
sizeof(
rsbac_rc_type_id_t));
06018 pos = begin + len;
06019
if (pos < offset)
06020 {
06021 len = 0;
06022 begin = pos;
06023 }
06024
if (pos > offset+length)
06025
goto out;
06026
#endif
06027
#endif
06028
06029 len += sprintf(buffer + len,
"\nlog_levels array: version is %i, array size is %i\n",
06030 RSBAC_LOG_LEVEL_VERSION, R_NONE * (T_NONE+1) *
sizeof(
rsbac_enum_t));
06031 pos = begin + len;
06032
if (pos < offset)
06033 {
06034 len = 0;
06035 begin = pos;
06036 }
06037
06038 out:
06039 *start = buffer + (offset - begin);
06040 len -= (offset - begin);
06041
06042
if (len > length)
06043 len = length;
06044
return len;
06045 }
06046
06047
#ifdef CONFIG_RSBAC_NET_OBJ
06048
static int
06049 net_temp_proc_info(
char *buffer,
char **start, off_t offset,
int length)
06050 {
06051 u_int len = 0;
06052 off_t pos = 0;
06053 off_t begin = 0;
06054
rsbac_net_temp_id_t * temp_array;
06055
long count;
06056
06057
union rsbac_target_id_t rsbac_target_id;
06058
union rsbac_attribute_value_t rsbac_attribute_value;
06059
06060
if (!
rsbac_initialized)
return (-ENOSYS);
06061
06062
#ifdef CONFIG_RSBAC_DEBUG
06063
if (rsbac_debug_aef)
06064 {
06065
#ifdef CONFIG_RSBAC_RMSG
06066
rsbac_printk(KERN_DEBUG
"net_temp_proc_info(): calling ADF\n");
06067
#endif
06068
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06069
if (!rsbac_nosyslog)
06070
#endif
06071
printk(KERN_DEBUG
"net_temp_proc_info(): calling ADF\n");
06072 }
06073
#endif
06074
rsbac_target_id.
scd =
ST_rsbac;
06075 rsbac_attribute_value.
dummy = 0;
06076
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
06077 current->pid,
06078 T_SCD,
06079 rsbac_target_id,
06080 A_none,
06081 rsbac_attribute_value))
06082 {
06083
return -EPERM;
06084 }
06085
06086 len = sprintf(buffer,
"Network Templates\n-----------------\n");
06087 pos = begin + len;
06088
if (pos < offset)
06089 {
06090 len = 0;
06091 begin = pos;
06092 }
06093
if (pos > offset+length)
06094
goto out;
06095
06096 count =
rsbac_list_get_all_desc(net_temp_handle, (
void **) &temp_array);
06097
if(count > 0)
06098 {
06099 __u32 i;
06100
struct rsbac_net_temp_data_t data;
06101
06102
for(i=0; i < count; i++)
06103 {
06104
if(!
rsbac_list_get_data(net_temp_handle, &temp_array[i], &data))
06105 {
06106 len += sprintf(buffer + len,
"%10u %s\n",
06107 temp_array[i], data.
name);
06108 pos = begin + len;
06109
if (pos < offset)
06110 {
06111 len = 0;
06112 begin = pos;
06113 }
06114
if (pos > offset+length)
06115 {
06116
rsbac_vfree(temp_array);
06117
goto out;
06118 }
06119 }
06120 }
06121
rsbac_vfree(temp_array);
06122 }
06123 len += sprintf(buffer + len,
"%lu templates\n",
06124 count);
06125 pos = begin + len;
06126
if (pos < offset)
06127 {
06128 len = 0;
06129 begin = pos;
06130 }
06131
06132 out:
06133 *start = buffer + (offset - begin);
06134 len -= (offset - begin);
06135
06136
if (len > length)
06137 len = length;
06138
return len;
06139 }
06140
#endif
06141
06142
#ifdef CONFIG_RSBAC_JAIL
06143
static int
06144 jail_proc_info(
char *buffer,
char **start, off_t offset,
int length)
06145 {
06146 u_int len = 0;
06147 off_t pos = 0;
06148 off_t begin = 0;
06149
rsbac_pid_t * pid_array;
06150
struct rsbac_ipc_t * ipc_array;
06151 u_long count = 0;
06152 u_int i;
06153 u_int j;
06154
long subcount;
06155
struct rsbac_jail_process_aci_t data;
06156
union rsbac_target_id_t rsbac_target_id;
06157
union rsbac_attribute_value_t rsbac_attribute_value;
06158
06159
if (!
rsbac_initialized)
return (-ENOSYS);
06160
06161
#ifdef CONFIG_RSBAC_DEBUG
06162
if (rsbac_debug_aef)
06163 {
06164
#ifdef CONFIG_RSBAC_RMSG
06165
rsbac_printk(KERN_DEBUG
"jail_proc_info(): calling ADF\n");
06166
#endif
06167
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06168
if (!rsbac_nosyslog)
06169
#endif
06170
printk(KERN_DEBUG
"jail_proc_info(): calling ADF\n");
06171 }
06172
#endif
06173
rsbac_target_id.
scd =
ST_rsbac;
06174 rsbac_attribute_value.
dummy = 0;
06175
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
06176 current->pid,
06177 T_SCD,
06178 rsbac_target_id,
06179 A_none,
06180 rsbac_attribute_value))
06181 {
06182
return -EPERM;
06183 }
06184
06185 len = sprintf(buffer,
"JAILed Processes\n----------------\nPID Jail-ID Flags Max Caps IP\n");
06186 pos = begin + len;
06187
if (pos < offset)
06188 {
06189 len = 0;
06190 begin = pos;
06191 }
06192
if (pos > offset+length)
06193
goto out;
06194
06195
for(j=0; j<CONFIG_RSBAC_JAIL_NR_P_LISTS; j++)
06196 {
06197 subcount =
rsbac_list_get_all_desc(
process_handles.jail[j], (
void **) &pid_array);
06198
if(subcount > 0)
06199 {
06200
for(i=0; i < subcount; i++)
06201 {
06202
if(!
rsbac_list_get_data(
process_handles.jail[j], &pid_array[i], &data))
06203 {
06204 len += sprintf(buffer + len,
"%-5u %-10u %-7u %-10i %u.%u.%u.%u\n",
06205 pid_array[i],
06206 data.id,
06207 data.flags,
06208 data.max_caps,
06209
NIPQUAD(data.ip));
06210 pos = begin + len;
06211
if (pos < offset)
06212 {
06213 len = 0;
06214 begin = pos;
06215 }
06216
if (pos > offset+length)
06217 {
06218
rsbac_vfree(pid_array);
06219
goto out;
06220 }
06221 }
06222 }
06223 count += subcount;
06224 }
06225
rsbac_vfree(pid_array);
06226 }
06227 len += sprintf(buffer + len,
"%lu jailed processes\n",
06228 count);
06229 pos = begin + len;
06230
if (pos < offset)
06231 {
06232 len = 0;
06233 begin = pos;
06234 }
06235
if (pos > offset+length)
06236
goto out;
06237
06238 len += sprintf(buffer + len,
"\nJAIL IPCs\n---------\nType IPC-ID Jail-ID\n");
06239 pos = begin + len;
06240
if (pos < offset)
06241 {
06242 len = 0;
06243 begin = pos;
06244 }
06245
if (pos > offset+length)
06246
goto out;
06247
06248 count =
rsbac_list_get_all_desc(
ipc_handles.jail, (
void **) &ipc_array);
06249
if(count > 0)
06250 {
06251 __u32 i;
06252
rsbac_jail_id_t data;
06253
char tmp[
RSBAC_MAXNAMELEN];
06254
06255
for(i=0; i < count; i++)
06256 {
06257
if(!
rsbac_list_get_data(
ipc_handles.jail, &ipc_array[i], &data))
06258 {
06259 len += sprintf(buffer + len,
"%-5s %-10lu %-10u\n",
06260
get_ipc_target_name(tmp, ipc_array[i].type),
06261 ipc_array[i].
id.id_nr,
06262 data);
06263 pos = begin + len;
06264
if (pos < offset)
06265 {
06266 len = 0;
06267 begin = pos;
06268 }
06269
if (pos > offset+length)
06270 {
06271
rsbac_vfree(ipc_array);
06272
goto out;
06273 }
06274 }
06275 }
06276
rsbac_vfree(ipc_array);
06277 }
06278 len += sprintf(buffer + len,
"%lu JAIL IPCs\n",
06279 count);
06280 pos = begin + len;
06281
if (pos < offset)
06282 {
06283 len = 0;
06284 begin = pos;
06285 }
06286
if (pos > offset+length)
06287
goto out;
06288 out:
06289 *start = buffer + (offset - begin);
06290 len -= (offset - begin);
06291
06292
if (len > length)
06293 len = length;
06294
return len;
06295 }
06296
#endif
06297
06298
#ifdef CONFIG_RSBAC_PAX
06299
static int
06300 pax_proc_info(
char *buffer,
char **start, off_t offset,
int length)
06301 {
06302
int len = 0;
06303 off_t pos = 0;
06304 off_t begin = 0;
06305
06306
union rsbac_target_id_t rsbac_target_id;
06307
union rsbac_attribute_value_t rsbac_attribute_value;
06308
06309
if (!
rsbac_is_initialized())
06310
return (-ENOSYS);
06311
06312 rsbac_target_id.
scd =
ST_rsbac;
06313 rsbac_attribute_value.
dummy = 0;
06314
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
06315 current->pid,
06316 T_SCD,
06317 rsbac_target_id,
06318 A_none,
06319 rsbac_attribute_value))
06320 {
06321
return -EPERM;
06322 }
06323 len += sprintf(buffer,
"RSBAC PaX module\n----------------\n");
06324 pos = begin + len;
06325
if (pos < offset)
06326 {
06327 len = 0;
06328 begin = pos;
06329 }
06330
if (pos > offset+length)
06331
goto out;
06332
06333 len += sprintf(buffer + len,
"%li user list items.\n",
06334
rsbac_list_count(
user_handles.pax));
06335 pos = begin + len;
06336
if (pos < offset)
06337 {
06338 len = 0;
06339 begin = pos;
06340 }
06341
if (pos > offset+length)
06342
goto out;
06343
06344 out:
06345 *start = buffer + (offset - begin);
06346 len -= (offset - begin);
06347
06348
if (len > length)
06349 len = length;
06350
return len;
06351 }
06352
#endif
06353
06354
static int register_all_rsbac_proc(
void)
06355 {
06356
struct proc_dir_entry * tmp_entry_p;
06357
06358
proc_rsbac_root_p = create_proc_entry(
"rsbac-info",
06359 S_IFDIR | S_IRUGO | S_IXUGO,
06360 &proc_root);
06361
if(!
proc_rsbac_root_p)
06362
return -
RSBAC_ECOULDNOTADDITEM;
06363
06364
proc_rsbac_backup_p = create_proc_entry(
"backup",
06365 S_IFDIR | S_IRUGO | S_IXUGO,
06366 proc_rsbac_root_p);
06367
if(!
proc_rsbac_root_p)
06368
return -
RSBAC_ECOULDNOTADDITEM;
06369
06370 tmp_entry_p = create_proc_entry(
"devices",
06371 S_IFREG | S_IRUGO,
06372 proc_rsbac_root_p);
06373
if(!tmp_entry_p)
06374
return -
RSBAC_ECOULDNOTADDITEM;
06375 tmp_entry_p->get_info = devices_proc_info;
06376
06377 tmp_entry_p = create_proc_entry(
"stats",
06378 S_IFREG | S_IRUGO,
06379 proc_rsbac_root_p);
06380
if(!tmp_entry_p)
06381
return -
RSBAC_ECOULDNOTADDITEM;
06382 tmp_entry_p->get_info = stats_proc_info;
06383
06384 tmp_entry_p = create_proc_entry(
"active",
06385 S_IFREG | S_IRUGO,
06386 proc_rsbac_root_p);
06387
if(!tmp_entry_p)
06388
return -
RSBAC_ECOULDNOTADDITEM;
06389 tmp_entry_p->get_info = active_proc_info;
06390
06391
#ifdef CONFIG_RSBAC_XSTATS
06392
tmp_entry_p = create_proc_entry(
"xstats",
06393 S_IFREG | S_IRUGO,
06394 proc_rsbac_root_p);
06395
if(!tmp_entry_p)
06396
return -
RSBAC_ECOULDNOTADDITEM;
06397 tmp_entry_p->get_info = xstats_proc_info;
06398
#endif
06399
#if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
06400
tmp_entry_p = create_proc_entry(
"auto_write",
06401 S_IFREG | S_IRUGO | S_IWUGO,
06402 proc_rsbac_root_p);
06403
if(!tmp_entry_p)
06404
return -
RSBAC_ECOULDNOTADDITEM;
06405 tmp_entry_p->get_info = auto_write_proc_info;
06406 tmp_entry_p->write_proc = auto_write_proc_write;
06407
#endif
06408
tmp_entry_p = create_proc_entry(
"versions",
06409 S_IFREG | S_IRUGO,
06410 proc_rsbac_root_p);
06411
if(!tmp_entry_p)
06412
return -
RSBAC_ECOULDNOTADDITEM;
06413 tmp_entry_p->get_info = versions_proc_info;
06414
06415
#ifdef CONFIG_RSBAC_NET_OBJ
06416
tmp_entry_p = create_proc_entry(
"net_temp",
06417 S_IFREG | S_IRUGO,
06418 proc_rsbac_root_p);
06419
if(!tmp_entry_p)
06420
return -
RSBAC_ECOULDNOTADDITEM;
06421 tmp_entry_p->get_info = net_temp_proc_info;
06422
#endif
06423
#ifdef CONFIG_RSBAC_JAIL
06424
tmp_entry_p = create_proc_entry(
"jails",
06425 S_IFREG | S_IRUGO,
06426 proc_rsbac_root_p);
06427
if(!tmp_entry_p)
06428
return -
RSBAC_ECOULDNOTADDITEM;
06429 tmp_entry_p->get_info = jail_proc_info;
06430
#endif
06431
#ifdef CONFIG_RSBAC_PAX
06432
tmp_entry_p = create_proc_entry(
"pax",
06433 S_IFREG | S_IRUGO,
06434 proc_rsbac_root_p);
06435
if(!tmp_entry_p)
06436
return -
RSBAC_ECOULDNOTADDITEM;
06437 tmp_entry_p->get_info = pax_proc_info;
06438
#endif
06439
06440
return(0);
06441 }
06442
06443
06444
06445
06446
06447
06448
06449
06450
06451
06452
06453
06454
06455
06456
06457
06458
06459
06460
06461
06462
06463
06464
06465
#endif
06466
06467
06468
06469
06470
06471
06472
06473
06474
06475
06476
06477
06478
06479
06480
06481
#if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
06482
#ifdef CONFIG_RSBAC_INIT_DELAY
06483
int rsbac_init_daz(
void);
06484
#else
06485
int __init
rsbac_init_daz(
void);
06486
#endif
06487
#endif
06488
06489
#ifdef CONFIG_RSBAC_INIT_DELAY
06490
static void registration_error(
int err,
char * listname)
06491 #
else
06492 static void __init
registration_error(
int err,
char * listname)
06493 #endif
06494 {
06495
if(err < 0)
06496 {
06497
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
06498
06499
if(tmp)
06500 {
06501
#ifdef CONFIG_RSBAC_RMSG
06502
rsbac_printk(KERN_WARNING
06503
"rsbac_do_init(): Registering %s list failed with error %s\n",
06504 listname,
06505
get_error_name(tmp, err));
06506
#endif
06507
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06508
if (!rsbac_nosyslog)
06509
#endif
06510
printk(KERN_WARNING
06511
"rsbac_do_init(): Registering %s list failed with error %s\n",
06512 listname,
06513
get_error_name(tmp, err));
06514
rsbac_kfree(tmp);
06515 }
06516 }
06517 }
06518
06519
#ifdef CONFIG_RSBAC_INIT_DELAY
06520
static int rsbac_do_init(
void)
06521 #
else
06522 static int __init
rsbac_do_init(
void)
06523 #endif
06524 {
06525
int err = 0;
06526
struct rsbac_device_list_item_t * device_p;
06527
struct rsbac_device_list_item_t * new_device_p;
06528 u_long flags;
06529
struct rsbac_list_info_t * list_info_p;
06530
struct super_block * sb_p;
06531
06532
#ifdef CONFIG_RSBAC_DEBUG
06533
if(rsbac_debug_stack)
06534 {
06535
unsigned long * n;
06536
06537 n = (
unsigned long *) (current+1);
06538
while (!*n)
06539 n++;
06540
#ifdef CONFIG_RSBAC_RMSG
06541
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack: %lu\n",
06542 (
unsigned long) n - (
unsigned long)(current+1));
06543
#endif
06544
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06545
if (!rsbac_nosyslog)
06546
#endif
06547
printk(KERN_DEBUG
"rsbac_do_init: free stack: %lu\n",
06548 (
unsigned long) n - (
unsigned long)(current+1));
06549 }
06550
#endif
06551
list_info_p = kmalloc(
sizeof(*list_info_p), GFP_KERNEL);
06552
if(!list_info_p)
06553 {
06554
return -ENOMEM;
06555 }
06556
compiled_modules[0] = (
char) 0;
06557
#ifdef CONFIG_RSBAC_REG
06558
strcat(
compiled_modules,
" REG");
06559
#endif
06560
#ifdef CONFIG_RSBAC_MAC
06561
#ifdef CONFIG_RSBAC_MAC_LIGHT
06562
strcat(
compiled_modules,
" MAC-L");
06563
#else
06564
strcat(
compiled_modules,
" MAC");
06565
#endif
06566
#endif
06567
#ifdef CONFIG_RSBAC_FC
06568
strcat(
compiled_modules,
" FC");
06569
#endif
06570
#ifdef CONFIG_RSBAC_SIM
06571
strcat(
compiled_modules,
" SIM");
06572
#endif
06573
#ifdef CONFIG_RSBAC_PM
06574
strcat(
compiled_modules,
" PM");
06575
#endif
06576
#ifdef CONFIG_RSBAC_DAZ
06577
strcat(
compiled_modules,
" DAZ");
06578
#endif
06579
#ifdef CONFIG_RSBAC_FF
06580
strcat(
compiled_modules,
" FF");
06581
#endif
06582
#ifdef CONFIG_RSBAC_RC
06583
strcat(
compiled_modules,
" RC");
06584
#endif
06585
#ifdef CONFIG_RSBAC_AUTH
06586
strcat(
compiled_modules,
" AUTH");
06587
#endif
06588
#ifdef CONFIG_RSBAC_ACL
06589
strcat(
compiled_modules,
" ACL");
06590
#endif
06591
#ifdef CONFIG_RSBAC_CAP
06592
strcat(
compiled_modules,
" CAP");
06593
#endif
06594
#ifdef CONFIG_RSBAC_JAIL
06595
strcat(
compiled_modules,
" JAIL");
06596
#endif
06597
#ifdef CONFIG_RSBAC_RES
06598
strcat(
compiled_modules,
" RES");
06599
#endif
06600
#ifdef CONFIG_RSBAC_PAX
06601
strcat(
compiled_modules,
" PAX");
06602
#endif
06603
#ifdef CONFIG_RSBAC_MAINT
06604
#ifdef CONFIG_RSBAC_RMSG
06605
rsbac_printk(KERN_INFO
06606
"rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
06607
RSBAC_VERSION);
06608 rsbac_printk(KERN_INFO
06609
"rsbac_do_init(): Supported module data structures:%s\n",
06610
compiled_modules);
06611
#endif
06612
printk(KERN_INFO
06613
"rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
06614
RSBAC_VERSION);
06615
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06616
if (!rsbac_nosyslog)
06617
#endif
06618
printk(KERN_INFO
06619
"rsbac_do_init(): Supported module data structures:%s\n",
06620
compiled_modules);
06621
#else
06622
#ifdef CONFIG_RSBAC_RMSG
06623
rsbac_printk(KERN_INFO
06624
"rsbac_do_init(): Initializing RSBAC %s\n",
06625
RSBAC_VERSION);
06626 rsbac_printk(KERN_INFO
06627
"rsbac_do_init(): compiled modules:%s\n",
06628
compiled_modules);
06629
#endif
06630
printk(KERN_INFO
06631
"rsbac_do_init(): Initializing RSBAC %s\n",
06632
RSBAC_VERSION);
06633
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06634
if (!rsbac_nosyslog)
06635
#endif
06636
printk(KERN_INFO
06637
"rsbac_do_init(): compiled modules:%s\n",
06638
compiled_modules);
06639
#endif
06640
06641
06642
#ifdef CONFIG_RSBAC_RMSG
06643
rsbac_printk(KERN_INFO
06644
"rsbac_do_init(): Initializing memory slabs\n");
06645
#endif
06646
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06647
if (!rsbac_nosyslog)
06648
#endif
06649
printk(KERN_INFO
06650
"rsbac_do_init(): Initializing memory slabs\n");
06651
rsbac_kmem_cache_sizes_init();
06652
06653
06654
device_list_head.lock = RW_LOCK_UNLOCKED;
06655
device_list_head.head =
NULL;
06656
device_list_head.tail =
NULL;
06657
device_list_head.curr =
NULL;
06658
device_list_head.count = 0;
06659
06660
#if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
06661
#ifdef CONFIG_RSBAC_DEBUG
06662
if(rsbac_debug_stack)
06663 {
06664
unsigned long * n = (
unsigned long *) (current+1);
06665
06666
while (!*n)
06667 n++;
06668
#ifdef CONFIG_RSBAC_RMSG
06669
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before registering proc dir: %lu\n",
06670 (
unsigned long) n - (
unsigned long)(current+1));
06671
#endif
06672
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06673
if (!rsbac_nosyslog)
06674
#endif
06675
printk(KERN_DEBUG
"rsbac_do_init: free stack before registering proc dir: %lu\n",
06676 (
unsigned long) n - (
unsigned long)(current+1));
06677 }
06678
#endif
06679
#ifdef CONFIG_RSBAC_RMSG
06680
rsbac_printk(KERN_INFO
"rsbac_do_init(): Registering RSBAC proc dir\n");
06681
#endif
06682
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06683
if (!rsbac_nosyslog)
06684
#endif
06685
printk(KERN_INFO
"rsbac_do_init(): Registering RSBAC proc dir\n");
06686 register_all_rsbac_proc();
06687
#endif
06688
06689
#ifdef CONFIG_RSBAC_DEBUG
06690
if(rsbac_debug_stack)
06691 {
06692
unsigned long * n = (
unsigned long *) (current+1);
06693
06694
while (!*n)
06695 n++;
06696
#ifdef CONFIG_RSBAC_RMSG
06697
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before get_super: %lu\n",
06698 (
unsigned long) n - (
unsigned long)(current+1));
06699
#endif
06700
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06701
if (!rsbac_nosyslog)
06702
#endif
06703
printk(KERN_DEBUG
"rsbac_do_init: free stack before get_super: %lu\n",
06704 (
unsigned long) n - (
unsigned long)(current+1));
06705 }
06706
#endif
06707
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
06708
sb_p = user_get_super(
rsbac_root_dev);
06709
#else
06710
sb_p = get_super(
rsbac_root_dev);
06711
#endif
06712
if(!sb_p)
06713 {
06714 kfree(list_info_p);
06715
return -
RSBAC_ENOROOTDEV;
06716 }
06717
06718
#ifdef CONFIG_RSBAC_DEBUG
06719
if (rsbac_debug_ds)
06720 {
06721
#ifdef CONFIG_RSBAC_RMSG
06722
rsbac_printk(KERN_DEBUG
06723
"rsbac_do_init(): reading aci from device number %02u:%02u\n",
06724 RSBAC_MAJOR(
rsbac_root_dev),
06725 RSBAC_MINOR(
rsbac_root_dev));
06726
#endif
06727
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06728
if (!rsbac_nosyslog)
06729
#endif
06730
printk(KERN_DEBUG
06731
"rsbac_do_init(): reading aci from device number %02u:%02u\n",
06732 RSBAC_MAJOR(
rsbac_root_dev),
06733 RSBAC_MINOR(
rsbac_root_dev));
06734 }
06735
#endif
06736
06737 new_device_p =
create_device_item(sb_p,
NULL);
06738
if (!new_device_p)
06739 {
06740
#ifdef CONFIG_RSBAC_RMSG
06741
rsbac_printk(KERN_CRIT
"rsbac_do_init(): Could not alloc device item!\n");
06742
#endif
06743
printk(KERN_CRIT
"rsbac_do_init(): Could not alloc device item!\n");
06744 err = -
RSBAC_ECOULDNOTADDDEVICE;
06745
goto out_free;
06746 }
06747
#ifdef CONFIG_RSBAC_DEBUG
06748
if(rsbac_debug_stack)
06749 {
06750
unsigned long * n = (
unsigned long *) (current+1);
06751
06752
while (!*n)
06753 n++;
06754
#ifdef CONFIG_RSBAC_RMSG
06755
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before register_fd_lists: %lu\n",
06756 (
unsigned long) n - (
unsigned long)(current+1));
06757
#endif
06758
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06759
if (!rsbac_nosyslog)
06760
#endif
06761
printk(KERN_DEBUG
"rsbac_do_init: free stack before register_fd_lists: %lu\n",
06762 (
unsigned long) n - (
unsigned long)(current+1));
06763 }
06764
#endif
06765
06766
06767 rsbac_write_lock(&
device_list_head.lock, &flags);
06768
06769 device_p =
add_device_item(new_device_p);
06770
06771 rsbac_write_unlock(&
device_list_head.lock, &flags);
06772
if (!device_p)
06773 {
06774
#ifdef CONFIG_RSBAC_RMSG
06775
rsbac_printk(KERN_CRIT
"rsbac_do_init(): Could not add device!\n");
06776
#endif
06777
printk(KERN_CRIT
"rsbac_do_init(): Could not add device!\n");
06778
clear_device_item(new_device_p);
06779 err = -
RSBAC_ECOULDNOTADDDEVICE;
06780
goto out_free;
06781 }
06782
06783
06784
#ifdef CONFIG_RSBAC_RMSG
06785
rsbac_printk(KERN_INFO
06786
"rsbac_do_init(): Initializing generic lists\n");
06787
#endif
06788
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06789
if (!rsbac_nosyslog)
06790
#endif
06791
printk(KERN_INFO
06792
"rsbac_do_init(): Initializing generic lists\n");
06793
rsbac_list_init();
06794
06795
#ifdef CONFIG_RSBAC_DEBUG
06796
if(rsbac_debug_stack)
06797 {
06798
unsigned long * n = (
unsigned long *) (current+1);
06799
06800
while (!*n)
06801 n++;
06802
#ifdef CONFIG_RSBAC_RMSG
06803
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before init_debug: %lu\n",
06804 (
unsigned long) n - (
unsigned long)(current+1));
06805
#endif
06806
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06807
if (!rsbac_nosyslog)
06808
#endif
06809
printk(KERN_DEBUG
"rsbac_do_init: free stack before init_debug: %lu\n",
06810 (
unsigned long) n - (
unsigned long)(current+1));
06811 }
06812
#endif
06813
rsbac_init_debug();
06814
06815
#ifdef CONFIG_RSBAC_RMSG
06816
rsbac_printk(KERN_INFO
06817
"rsbac_do_init(): reading FD attributes from root dev\n");
06818
#endif
06819
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06820
if (!rsbac_nosyslog)
06821
#endif
06822
printk(KERN_INFO
06823
"rsbac_do_init(): reading FD attributes from root dev\n");
06824
06825
06826
if((err =
register_fd_lists(device_p,
rsbac_root_dev)))
06827 {
06828
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
06829
06830
if(tmp)
06831 {
06832
#ifdef CONFIG_RSBAC_RMSG
06833
rsbac_printk(KERN_WARNING
06834
"rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n",
06835 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev),
get_error_name(tmp,err));
06836
#endif
06837
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06838
if (!rsbac_nosyslog)
06839
#endif
06840
printk(KERN_WARNING
06841
"rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n",
06842 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev),
get_error_name(tmp,err));
06843
rsbac_kfree(tmp);
06844 }
06845 }
06846
06847
#ifdef CONFIG_RSBAC_DEBUG
06848
if(rsbac_debug_stack)
06849 {
06850
unsigned long * n = (
unsigned long *) (current+1);
06851
06852
while (!*n)
06853 n++;
06854
#ifdef CONFIG_RSBAC_RMSG
06855
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before DEV lists registration: %lu\n",
06856 (
unsigned long) n - (
unsigned long)(current+1));
06857
#endif
06858
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06859
if (!rsbac_nosyslog)
06860
#endif
06861
printk(KERN_DEBUG
"rsbac_do_init: free stack before DEV lists registration: %lu\n",
06862 (
unsigned long) n - (
unsigned long)(current+1));
06863 }
06864
#endif
06865
#ifdef CONFIG_RSBAC_DEBUG
06866
if (rsbac_debug_ds)
06867 {
06868
#ifdef CONFIG_RSBAC_RMSG
06869
rsbac_printk(KERN_DEBUG
"rsbac_do_init(): registering DEV lists\n");
06870
#endif
06871
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06872
if (!rsbac_nosyslog)
06873
#endif
06874
printk(KERN_DEBUG
"rsbac_do_init(): registering DEV lists\n");
06875 }
06876
#endif
06877
{
06878
struct rsbac_gen_dev_aci_t def_aci =
DEFAULT_GEN_DEV_ACI;
06879
06880 list_info_p->version =
RSBAC_GEN_DEV_ACI_VERSION;
06881 list_info_p->key =
RSBAC_GEN_DEV_ACI_KEY;
06882 list_info_p->desc_size =
sizeof(
struct rsbac_dev_desc_t);
06883 list_info_p->data_size =
sizeof(
struct rsbac_gen_dev_aci_t);
06884 list_info_p->max_age = 0;
06885 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
06886 &
dev_handles.gen,
06887 list_info_p,
06888 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06889
RSBAC_LIST_BACKUP |
06890 #endif
06891
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
06892
dev_compare,
06893
gen_dev_get_conv,
06894 &def_aci,
06895
RSBAC_GEN_ACI_DEV_NAME,
06896 RSBAC_AUTO_DEV);
06897
if(err)
06898 {
06899
registration_error(err,
"DEV General");
06900 }
06901 }
06902
#if defined(CONFIG_RSBAC_MAC)
06903
{
06904
struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI;
06905
06906 list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION;
06907 list_info_p->key = RSBAC_MAC_DEV_ACI_KEY;
06908 list_info_p->desc_size =
sizeof(
struct rsbac_dev_desc_t);
06909 list_info_p->data_size =
sizeof(
struct rsbac_mac_dev_aci_t);
06910 list_info_p->max_age = 0;
06911 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
06912 &
dev_handles.mac,
06913 list_info_p,
06914 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06915
RSBAC_LIST_BACKUP |
06916 #endif
06917
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
06918
dev_compare,
06919 mac_dev_get_conv,
06920 &def_aci,
06921
RSBAC_MAC_ACI_DEV_NAME,
06922 RSBAC_AUTO_DEV);
06923
if(err)
06924 {
06925
registration_error(err,
"DEV MAC");
06926 }
06927 }
06928
#endif
06929
#if defined(CONFIG_RSBAC_FC)
06930
{
06931
rsbac_fc_oc_t def_aci =
RSBAC_FC_OC_ROOT_DEF;
06932
06933 list_info_p->version = RSBAC_FC_DEV_ACI_VERSION;
06934 list_info_p->key = RSBAC_FC_DEV_ACI_KEY;
06935 list_info_p->desc_size =
sizeof(
struct rsbac_dev_desc_t);
06936 list_info_p->data_size =
sizeof(
rsbac_fc_oc_t);
06937 list_info_p->max_age = 0;
06938 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
06939 &
dev_handles.fc,
06940 list_info_p,
06941 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06942
RSBAC_LIST_BACKUP |
06943 #endif
06944
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
06945
dev_compare,
06946 fc_dev_get_conv,
06947 &def_aci,
06948
RSBAC_FC_ACI_DEV_NAME,
06949 RSBAC_AUTO_DEV);
06950
if(err)
06951 {
06952
registration_error(err,
"DEV FC");
06953 }
06954 }
06955
#endif
06956
#if defined(CONFIG_RSBAC_SIM)
06957
{
06958
rsbac_sim_dt_t def_aci =
RSBAC_SIM_DT_ROOT_DEF;
06959
06960 list_info_p->version = RSBAC_SIM_DEV_ACI_VERSION;
06961 list_info_p->key = RSBAC_SIM_DEV_ACI_KEY;
06962 list_info_p->desc_size =
sizeof(
struct rsbac_dev_desc_t);
06963 list_info_p->data_size =
sizeof(
rsbac_sim_dt_t);
06964 list_info_p->max_age = 0;
06965 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
06966 &
dev_handles.sim,
06967 list_info_p,
06968 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06969
RSBAC_LIST_BACKUP |
06970 #endif
06971
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
06972
dev_compare,
06973 sim_dev_get_conv,
06974 &def_aci,
06975
RSBAC_SIM_ACI_DEV_NAME,
06976 RSBAC_AUTO_DEV);
06977
if(err)
06978 {
06979
registration_error(err,
"DEV SIM");
06980 }
06981 }
06982
#endif
06983
#if defined(CONFIG_RSBAC_PM)
06984
{
06985
struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI;
06986
06987 list_info_p->version = RSBAC_PM_DEV_ACI_VERSION;
06988 list_info_p->key = RSBAC_PM_DEV_ACI_KEY;
06989 list_info_p->desc_size =
sizeof(
struct rsbac_dev_desc_t);
06990 list_info_p->data_size =
sizeof(
struct rsbac_pm_dev_aci_t);
06991 list_info_p->max_age = 0;
06992 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
06993 &
dev_handles.pm,
06994 list_info_p,
06995 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06996
RSBAC_LIST_BACKUP |
06997 #endif
06998
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
06999
dev_compare,
07000 pm_dev_get_conv,
07001 &def_aci,
07002
RSBAC_PM_ACI_DEV_NAME,
07003 RSBAC_AUTO_DEV);
07004
if(err)
07005 {
07006
registration_error(err,
"DEV PM");
07007 }
07008 }
07009
#endif
07010
#if defined(CONFIG_RSBAC_RC)
07011
{
07012
rsbac_rc_type_id_t def_aci =
RSBAC_RC_GENERAL_TYPE;
07013
07014 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
07015 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
07016 list_info_p->desc_size =
sizeof(
struct rsbac_dev_desc_t);
07017 list_info_p->data_size =
sizeof(
rsbac_rc_type_id_t);
07018 list_info_p->max_age = 0;
07019 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07020 &
dev_handles.rc,
07021 list_info_p,
07022 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07023
RSBAC_LIST_BACKUP |
07024 #endif
07025
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07026
dev_compare,
07027 rc_dev_get_conv,
07028 &def_aci,
07029
RSBAC_RC_ACI_DEV_NAME,
07030 RSBAC_AUTO_DEV);
07031
if(err)
07032 {
07033
registration_error(err,
"DEV RC");
07034 }
07035 }
07036
#endif
07037
07038
#ifdef CONFIG_RSBAC_DEBUG
07039
if(rsbac_debug_stack)
07040 {
07041
unsigned long * n = (
unsigned long *) (current+1);
07042
07043
while (!*n)
07044 n++;
07045
#ifdef CONFIG_RSBAC_RMSG
07046
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before registering IPC lists: %lu\n",
07047 (
unsigned long) n - (
unsigned long)(current+1));
07048
#endif
07049
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07050
if (!rsbac_nosyslog)
07051
#endif
07052
printk(KERN_DEBUG
"rsbac_do_init: free stack before registering IPC lists: %lu\n",
07053 (
unsigned long) n - (
unsigned long)(current+1));
07054 }
07055
#endif
07056
07057
#ifdef CONFIG_RSBAC_DEBUG
07058
if (rsbac_debug_ds)
07059 {
07060
#ifdef CONFIG_RSBAC_RMSG
07061
rsbac_printk(KERN_DEBUG
"rsbac_do_init(): registering IPC lists\n");
07062
#endif
07063
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07064
if (!rsbac_nosyslog)
07065
#endif
07066
printk(KERN_DEBUG
"rsbac_do_init(): registering IPC lists\n");
07067 }
07068
#endif
07069
#if defined(CONFIG_RSBAC_MAC)
07070
{
07071
struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI;
07072
07073 list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION;
07074 list_info_p->key = RSBAC_MAC_IPC_ACI_KEY;
07075 list_info_p->desc_size =
sizeof(
struct rsbac_ipc_t);
07076 list_info_p->data_size =
sizeof(
struct rsbac_mac_ipc_aci_t);
07077 list_info_p->max_age = 0;
07078 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07079 &
ipc_handles.mac,
07080 list_info_p,
07081
RSBAC_LIST_DEF_DATA,
07082
ipc_compare,
07083
NULL,
07084 &def_aci,
07085
RSBAC_MAC_ACI_IPC_NAME,
07086 RSBAC_AUTO_DEV);
07087
if(err)
07088 {
07089
registration_error(err,
"IPC MAC");
07090 }
07091 }
07092
#endif
07093
#if defined(CONFIG_RSBAC_FC)
07094
{
07095
rsbac_fc_oc_t def_aci =
RSBAC_FC_OC_ROOT_DEF;
07096
07097 list_info_p->version = RSBAC_FC_IPC_ACI_VERSION;
07098 list_info_p->key = RSBAC_FC_IPC_ACI_KEY;
07099 list_info_p->desc_size =
sizeof(
struct rsbac_ipc_t);
07100 list_info_p->data_size =
sizeof(
rsbac_fc_oc_t);
07101 list_info_p->max_age = 0;
07102 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07103 &
ipc_handles.fc,
07104 list_info_p,
07105
RSBAC_LIST_DEF_DATA,
07106
ipc_compare,
07107
NULL,
07108 &def_aci,
07109
RSBAC_FC_ACI_IPC_NAME,
07110 RSBAC_AUTO_DEV);
07111
if(err)
07112 {
07113
registration_error(err,
"IPC FC");
07114 }
07115 }
07116
#endif
07117
#if defined(CONFIG_RSBAC_SIM)
07118
{
07119
rsbac_sim_dt_t def_aci =
RSBAC_SIM_DT_ROOT_DEF;
07120
07121 list_info_p->version = RSBAC_SIM_IPC_ACI_VERSION;
07122 list_info_p->key = RSBAC_SIM_IPC_ACI_KEY;
07123 list_info_p->desc_size =
sizeof(
struct rsbac_ipc_t);
07124 list_info_p->data_size =
sizeof(
rsbac_sim_dt_t);
07125 list_info_p->max_age = 0;
07126 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07127 &
ipc_handles.sim,
07128 list_info_p,
07129
RSBAC_LIST_DEF_DATA,
07130
ipc_compare,
07131
NULL,
07132 &def_aci,
07133
RSBAC_SIM_ACI_IPC_NAME,
07134 RSBAC_AUTO_DEV);
07135
if(err)
07136 {
07137
registration_error(err,
"IPC SIM");
07138 }
07139 }
07140
#endif
07141
#if defined(CONFIG_RSBAC_PM)
07142
{
07143
struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI;
07144
07145 list_info_p->version = RSBAC_PM_IPC_ACI_VERSION;
07146 list_info_p->key = RSBAC_PM_IPC_ACI_KEY;
07147 list_info_p->desc_size =
sizeof(
struct rsbac_ipc_t);
07148 list_info_p->data_size =
sizeof(
struct rsbac_pm_ipc_aci_t);
07149 list_info_p->max_age = 0;
07150 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07151 &
ipc_handles.pm,
07152 list_info_p,
07153
RSBAC_LIST_DEF_DATA,
07154
ipc_compare,
07155
NULL,
07156 &def_aci,
07157
RSBAC_PM_ACI_IPC_NAME,
07158 RSBAC_AUTO_DEV);
07159
if(err)
07160 {
07161
registration_error(err,
"IPC PM");
07162 }
07163 }
07164
#endif
07165
#if defined(CONFIG_RSBAC_RC)
07166
{
07167
rsbac_rc_type_id_t def_aci =
RSBAC_RC_GENERAL_TYPE;
07168
07169 list_info_p->version = RSBAC_RC_IPC_ACI_VERSION;
07170 list_info_p->key = RSBAC_RC_IPC_ACI_KEY;
07171 list_info_p->desc_size =
sizeof(
struct rsbac_ipc_t);
07172 list_info_p->data_size =
sizeof(
rsbac_rc_type_id_t);
07173 list_info_p->max_age = 0;
07174 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07175 &
ipc_handles.rc,
07176 list_info_p,
07177
RSBAC_LIST_DEF_DATA,
07178
ipc_compare,
07179
NULL,
07180 &def_aci,
07181
RSBAC_RC_ACI_IPC_NAME,
07182 RSBAC_AUTO_DEV);
07183
if(err)
07184 {
07185
registration_error(err,
"IPC RC");
07186 }
07187 }
07188
#endif
07189
#if defined(CONFIG_RSBAC_JAIL)
07190
{
07191
rsbac_jail_id_t def_aci =
RSBAC_JAIL_DEF_ID;
07192
07193 list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION;
07194 list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY;
07195 list_info_p->desc_size =
sizeof(
struct rsbac_ipc_t);
07196 list_info_p->data_size =
sizeof(
rsbac_jail_id_t);
07197 list_info_p->max_age = 0;
07198 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07199 &
ipc_handles.jail,
07200 list_info_p,
07201
RSBAC_LIST_DEF_DATA,
07202
ipc_compare,
07203
NULL,
07204 &def_aci,
07205
RSBAC_JAIL_ACI_IPC_NAME,
07206 RSBAC_AUTO_DEV);
07207
if(err)
07208 {
07209
registration_error(err,
"IPC JAIL");
07210 }
07211 }
07212
#endif
07213
07214
07215
#ifdef CONFIG_RSBAC_DEBUG
07216
if(rsbac_debug_stack)
07217 {
07218
unsigned long * n = (
unsigned long *) (current+1);
07219
07220
while (!*n)
07221 n++;
07222
#ifdef CONFIG_RSBAC_RMSG
07223
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before registering USER lists: %lu\n",
07224 (
unsigned long) n - (
unsigned long)(current+1));
07225
#endif
07226
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07227
if (!rsbac_nosyslog)
07228
#endif
07229
printk(KERN_DEBUG
"rsbac_do_init: free stack before registering USER lists: %lu\n",
07230 (
unsigned long) n - (
unsigned long)(current+1));
07231 }
07232
#endif
07233
07234
#ifdef CONFIG_RSBAC_DEBUG
07235
if (rsbac_debug_ds)
07236 {
07237
#ifdef CONFIG_RSBAC_RMSG
07238
rsbac_printk(KERN_DEBUG
"rsbac_do_init(): registering USER lists\n");
07239
#endif
07240
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07241
if (!rsbac_nosyslog)
07242
#endif
07243
printk(KERN_DEBUG
"rsbac_do_init(): registering USER lists\n");
07244 }
07245
#endif
07246
07247 {
07248
struct rsbac_gen_user_aci_t def_aci =
DEFAULT_GEN_U_ACI;
07249
07250 list_info_p->version =
RSBAC_GEN_USER_ACI_VERSION;
07251 list_info_p->key =
RSBAC_GEN_USER_ACI_KEY;
07252 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07253 list_info_p->data_size =
sizeof(
struct rsbac_gen_user_aci_t);
07254 list_info_p->max_age = 0;
07255 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07256 &
user_handles.gen,
07257 list_info_p,
07258 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07259
RSBAC_LIST_BACKUP |
07260 #endif
07261
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07262
rsbac_list_compare_u32,
07263
NULL,
07264 &def_aci,
07265
RSBAC_GEN_ACI_USER_NAME,
07266 RSBAC_AUTO_DEV);
07267
if(err)
07268 {
07269
registration_error(err,
"USER General");
07270 }
07271 }
07272
#if defined(CONFIG_RSBAC_MAC)
07273
{
07274
struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI;
07275
07276 list_info_p->version = RSBAC_MAC_USER_ACI_VERSION;
07277 list_info_p->key = RSBAC_MAC_USER_ACI_KEY;
07278 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07279 list_info_p->data_size =
sizeof(
struct rsbac_mac_user_aci_t);
07280 list_info_p->max_age = 0;
07281 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07282 &
user_handles.mac,
07283 list_info_p,
07284 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07285
RSBAC_LIST_BACKUP |
07286 #endif
07287
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07288
rsbac_list_compare_u32,
07289 mac_user_get_conv,
07290 &def_aci,
07291
RSBAC_MAC_ACI_USER_NAME,
07292 RSBAC_AUTO_DEV);
07293
if(err)
07294 {
07295
registration_error(err,
"USER MAC");
07296 }
07297
else
07298
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.mac))
07299 {
07300
struct rsbac_mac_user_aci_t sysadm_aci = DEFAULT_MAC_U_SYSADM_ACI;
07301
struct rsbac_mac_user_aci_t secoff_aci = DEFAULT_MAC_U_SECOFF_ACI;
07302
struct rsbac_mac_user_aci_t auditor_aci = DEFAULT_MAC_U_AUDITOR_ACI;
07303
rsbac_uid_t user;
07304
07305
#ifdef CONFIG_RSBAC_RMSG
07306
rsbac_printk(KERN_WARNING
07307
"rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n");
07308
#endif
07309
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07310
if (!rsbac_nosyslog)
07311
#endif
07312
printk(KERN_WARNING
07313
"rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n");
07314 user =
RSBAC_SYSADM_UID;
07315
if(
rsbac_list_add(
user_handles.mac, &user, &sysadm_aci))
07316 printk(KERN_WARNING
07317
"rsbac_do_init(): SYSADM USER MAC entry could not be added!\n");
07318 user =
RSBAC_SECOFF_UID;
07319
if(
rsbac_list_add(
user_handles.mac, &user, &secoff_aci))
07320 printk(KERN_WARNING
07321
"rsbac_do_init(): SECOFF USER MAC entry could not be added!\n");
07322 user =
RSBAC_AUDITOR_UID;
07323
if(
rsbac_list_add(
user_handles.mac, &user, &auditor_aci))
07324 printk(KERN_WARNING
07325
"rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n");
07326 }
07327 }
07328
#endif
07329
#if defined(CONFIG_RSBAC_FC)
07330
{
07331
rsbac_system_role_int_t def_aci =
SR_user;
07332
07333 list_info_p->version = RSBAC_FC_USER_ACI_VERSION;
07334 list_info_p->key = RSBAC_FC_USER_ACI_KEY;
07335 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07336 list_info_p->data_size =
sizeof(
rsbac_system_role_int_t);
07337 list_info_p->max_age = 0;
07338 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07339 &
user_handles.fc,
07340 list_info_p,
07341 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07342
RSBAC_LIST_BACKUP |
07343 #endif
07344
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07345
rsbac_list_compare_u32,
07346
NULL,
07347 &def_aci,
07348
RSBAC_FC_ACI_USER_NAME,
07349 RSBAC_AUTO_DEV);
07350
if(err)
07351 {
07352
registration_error(err,
"USER FC");
07353 }
07354
else
07355
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.fc))
07356 {
07357
rsbac_uid_t user;
07358
rsbac_system_role_int_t role;
07359
07360
#ifdef CONFIG_RSBAC_RMSG
07361
rsbac_printk(KERN_WARNING
07362
"rsbac_do_init(): USER FC ACI could not be read - generating standard entries!\n");
07363
#endif
07364
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07365
if (!rsbac_nosyslog)
07366
#endif
07367
printk(KERN_WARNING
07368
"rsbac_do_init(): USER FC ACI could not be read - generating standard entries!\n");
07369 user =
RSBAC_SYSADM_UID;
07370 role =
SR_administrator;
07371
if(
rsbac_list_add(
user_handles.fc, &user, &role))
07372 printk(KERN_WARNING
07373
"rsbac_do_init(): SYSADM USER FC entry could not be added!\n");
07374 user =
RSBAC_BIN_UID;
07375 role =
SR_administrator;
07376
if(
rsbac_list_add(
user_handles.fc, &user, &role))
07377 printk(KERN_WARNING
07378
"rsbac_do_init(): BIN USER FC entry could not be added!\n");
07379 user =
RSBAC_SECOFF_UID;
07380 role =
SR_security_officer;
07381
if(
rsbac_list_add(
user_handles.fc, &user, &role))
07382 printk(KERN_WARNING
07383
"rsbac_do_init(): SECOFF USER FC entry could not be added!\n");
07384 user =
RSBAC_AUDITOR_UID;
07385 role =
SR_auditor;
07386
if(
rsbac_list_add(
user_handles.fc, &user, &role))
07387 printk(KERN_WARNING
07388
"rsbac_do_init(): AUDITOR USER FC entry could not be added!\n");
07389 }
07390 }
07391
#endif
07392
#if defined(CONFIG_RSBAC_SIM)
07393
{
07394
rsbac_system_role_int_t def_aci =
SR_user;
07395
07396 list_info_p->version = RSBAC_SIM_USER_ACI_VERSION;
07397 list_info_p->key = RSBAC_SIM_USER_ACI_KEY;
07398 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07399 list_info_p->data_size =
sizeof(
rsbac_system_role_int_t);
07400 list_info_p->max_age = 0;
07401 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07402 &
user_handles.sim,
07403 list_info_p,
07404 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07405
RSBAC_LIST_BACKUP |
07406 #endif
07407
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07408
rsbac_list_compare_u32,
07409
NULL,
07410 &def_aci,
07411
RSBAC_SIM_ACI_USER_NAME,
07412 RSBAC_AUTO_DEV);
07413
if(err)
07414 {
07415
registration_error(err,
"USER SIM");
07416 }
07417
else
07418
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.sim))
07419 {
07420
rsbac_uid_t user;
07421
rsbac_system_role_int_t role;
07422
07423
#ifdef CONFIG_RSBAC_RMSG
07424
rsbac_printk(KERN_WARNING
07425
"rsbac_do_init(): USER SIM ACI could not be read - generating standard entries!\n");
07426
#endif
07427
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07428
if (!rsbac_nosyslog)
07429
#endif
07430
printk(KERN_WARNING
07431
"rsbac_do_init(): USER SIM ACI could not be read - generating standard entries!\n");
07432 user =
RSBAC_SYSADM_UID;
07433 role =
SR_administrator;
07434
if(
rsbac_list_add(
user_handles.sim, &user, &role))
07435 printk(KERN_WARNING
07436
"rsbac_do_init(): SYSADM USER SIM entry could not be added!\n");
07437 user =
RSBAC_SECOFF_UID;
07438 role =
SR_security_officer;
07439
if(
rsbac_list_add(
user_handles.sim, &user, &role))
07440 printk(KERN_WARNING
07441
"rsbac_do_init(): SECOFF USER SIM entry could not be added!\n");
07442 user =
RSBAC_AUDITOR_UID;
07443 role =
SR_auditor;
07444
if(
rsbac_list_add(
user_handles.sim, &user, &role))
07445 printk(KERN_WARNING
07446
"rsbac_do_init(): AUDITOR USER SIM entry could not be added!\n");
07447 }
07448 }
07449
#endif
07450
#if defined(CONFIG_RSBAC_PM)
07451
{
07452
struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI;
07453
07454 list_info_p->version = RSBAC_PM_USER_ACI_VERSION;
07455 list_info_p->key = RSBAC_PM_USER_ACI_KEY;
07456 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07457 list_info_p->data_size =
sizeof(
struct rsbac_pm_user_aci_t);
07458 list_info_p->max_age = 0;
07459 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07460 &
user_handles.pm,
07461 list_info_p,
07462 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07463
RSBAC_LIST_BACKUP |
07464 #endif
07465
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07466
rsbac_list_compare_u32,
07467
NULL,
07468 &def_aci,
07469
RSBAC_PM_ACI_USER_NAME,
07470 RSBAC_AUTO_DEV);
07471
if(err)
07472 {
07473
registration_error(err,
"USER PM");
07474 }
07475
else
07476
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.pm))
07477 {
07478
struct rsbac_pm_user_aci_t sysadm_aci = DEFAULT_PM_U_SYSADM_ACI;
07479
struct rsbac_pm_user_aci_t secoff_aci = DEFAULT_PM_U_SECOFF_ACI;
07480
struct rsbac_pm_user_aci_t dataprot_aci = DEFAULT_PM_U_DATAPROT_ACI;
07481
struct rsbac_pm_user_aci_t tpman_aci = DEFAULT_PM_U_TPMAN_ACI;
07482
rsbac_uid_t user;
07483
07484
#ifdef CONFIG_RSBAC_RMSG
07485
rsbac_printk(KERN_WARNING
07486
"rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n");
07487
#endif
07488
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07489
if (!rsbac_nosyslog)
07490
#endif
07491
printk(KERN_WARNING
07492
"rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n");
07493 user =
RSBAC_SYSADM_UID;
07494
if(
rsbac_list_add(
user_handles.pm, &user, &sysadm_aci))
07495 printk(KERN_WARNING
07496
"rsbac_do_init(): SYSADM USER PM entry could not be added!\n");
07497 user =
RSBAC_SECOFF_UID;
07498
if(
rsbac_list_add(
user_handles.pm, &user, &secoff_aci))
07499 printk(KERN_WARNING
07500
"rsbac_do_init(): SECOFF USER PM entry could not be added!\n");
07501 user =
RSBAC_DATAPROT_UID;
07502
if(
rsbac_list_add(
user_handles.pm, &user, &dataprot_aci))
07503 printk(KERN_WARNING
07504
"rsbac_do_init(): DATAPROT USER PM entry could not be added!\n");
07505 user =
RSBAC_TPMAN_UID;
07506
if(
rsbac_list_add(
user_handles.pm, &user, &tpman_aci))
07507 printk(KERN_WARNING
07508
"rsbac_do_init(): TPMAN USER PM entry could not be added!\n");
07509 }
07510 }
07511
#endif
07512
#if defined(CONFIG_RSBAC_DAZ)
07513
{
07514
rsbac_system_role_int_t def_aci =
SR_user;
07515
07516 list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION;
07517 list_info_p->key = RSBAC_DAZ_USER_ACI_KEY;
07518 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07519 list_info_p->data_size =
sizeof(
rsbac_system_role_int_t);
07520 list_info_p->max_age = 0;
07521 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07522 &
user_handles.daz,
07523 list_info_p,
07524 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07525
RSBAC_LIST_BACKUP |
07526 #endif
07527
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07528
rsbac_list_compare_u32,
07529
NULL,
07530 &def_aci,
07531
RSBAC_DAZ_ACI_USER_NAME,
07532 RSBAC_AUTO_DEV);
07533
if(err)
07534 {
07535
registration_error(err,
"USER DAZ");
07536 }
07537
else
07538
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.daz))
07539 {
07540
rsbac_uid_t user;
07541
rsbac_system_role_int_t role;
07542
07543
#ifdef CONFIG_RSBAC_RMSG
07544
rsbac_printk(KERN_WARNING
07545
"rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n");
07546
#endif
07547
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07548
if (!rsbac_nosyslog)
07549
#endif
07550
printk(KERN_WARNING
07551
"rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n");
07552 user =
RSBAC_SYSADM_UID;
07553 role =
SR_administrator;
07554
if(
rsbac_list_add(
user_handles.daz, &user, &role))
07555 printk(KERN_WARNING
07556
"rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n");
07557 user =
RSBAC_SECOFF_UID;
07558 role =
SR_security_officer;
07559
if(
rsbac_list_add(
user_handles.daz, &user, &role))
07560 printk(KERN_WARNING
07561
"rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n");
07562 }
07563 }
07564
#endif
07565
#if defined(CONFIG_RSBAC_FF)
07566
{
07567
rsbac_system_role_int_t def_aci =
SR_user;
07568
07569 list_info_p->version = RSBAC_FF_USER_ACI_VERSION;
07570 list_info_p->key = RSBAC_FF_USER_ACI_KEY;
07571 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07572 list_info_p->data_size =
sizeof(
rsbac_system_role_int_t);
07573 list_info_p->max_age = 0;
07574 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07575 &
user_handles.ff,
07576 list_info_p,
07577 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07578
RSBAC_LIST_BACKUP |
07579 #endif
07580
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07581
rsbac_list_compare_u32,
07582
NULL,
07583 &def_aci,
07584
RSBAC_FF_ACI_USER_NAME,
07585 RSBAC_AUTO_DEV);
07586
if(err)
07587 {
07588
registration_error(err,
"USER FF");
07589 }
07590
else
07591
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.ff))
07592 {
07593
rsbac_uid_t user;
07594
rsbac_system_role_int_t role;
07595
07596
#ifdef CONFIG_RSBAC_RMSG
07597
rsbac_printk(KERN_WARNING
07598
"rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n");
07599
#endif
07600
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07601
if (!rsbac_nosyslog)
07602
#endif
07603
printk(KERN_WARNING
07604
"rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n");
07605 user =
RSBAC_SYSADM_UID;
07606 role =
SR_administrator;
07607
if(
rsbac_list_add(
user_handles.ff, &user, &role))
07608 printk(KERN_WARNING
07609
"rsbac_do_init(): SYSADM USER FF entry could not be added!\n");
07610 user =
RSBAC_SECOFF_UID;
07611 role =
SR_security_officer;
07612
if(
rsbac_list_add(
user_handles.ff, &user, &role))
07613 printk(KERN_WARNING
07614
"rsbac_do_init(): SECOFF USER FF entry could not be added!\n");
07615 user =
RSBAC_AUDITOR_UID;
07616 role =
SR_auditor;
07617
if(
rsbac_list_add(
user_handles.ff, &user, &role))
07618 printk(KERN_WARNING
07619
"rsbac_do_init(): AUDITOR USER FF entry could not be added!\n");
07620 }
07621 }
07622
#endif
07623
#if defined(CONFIG_RSBAC_RC)
07624
{
07625
struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI;
07626
07627 list_info_p->version = RSBAC_RC_USER_ACI_VERSION;
07628 list_info_p->key = RSBAC_RC_USER_ACI_KEY;
07629 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07630 list_info_p->data_size =
sizeof(
struct rsbac_rc_user_aci_t);
07631 list_info_p->max_age = 0;
07632 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07633 &
user_handles.rc,
07634 list_info_p,
07635 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07636
RSBAC_LIST_BACKUP |
07637 #endif
07638
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07639
rsbac_list_compare_u32,
07640 rc_user_get_conv,
07641 &def_aci,
07642
RSBAC_RC_ACI_USER_NAME,
07643 RSBAC_AUTO_DEV);
07644
if(err)
07645 {
07646
registration_error(err,
"USER RC");
07647 }
07648
else
07649
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.rc))
07650 {
07651
rsbac_uid_t user;
07652
struct rsbac_rc_user_aci_t sysadm_aci = DEFAULT_RC_U_SYSADM_ACI;
07653
struct rsbac_rc_user_aci_t secoff_aci = DEFAULT_RC_U_SECOFF_ACI;
07654
struct rsbac_rc_user_aci_t auditor_aci = DEFAULT_RC_U_AUDITOR_ACI;
07655
07656
#ifdef CONFIG_RSBAC_RMSG
07657
rsbac_printk(KERN_WARNING
07658
"rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n");
07659
#endif
07660
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07661
if (!rsbac_nosyslog)
07662
#endif
07663
printk(KERN_WARNING
07664
"rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n");
07665 user =
RSBAC_SYSADM_UID;
07666
if(
rsbac_list_add(
user_handles.rc, &user, &sysadm_aci))
07667 printk(KERN_WARNING
07668
"rsbac_do_init(): SYSADM USER RC entry could not be added!\n");
07669 user =
RSBAC_SECOFF_UID;
07670
if(
rsbac_list_add(
user_handles.rc, &user, &secoff_aci))
07671 printk(KERN_WARNING
07672
"rsbac_do_init(): SECOFF USER RC entry could not be added!\n");
07673 user =
RSBAC_AUDITOR_UID;
07674
if(
rsbac_list_add(
user_handles.rc, &user, &auditor_aci))
07675 printk(KERN_WARNING
07676
"rsbac_do_init(): AUDITOR USER RC entry could not be added!\n");
07677 }
07678 }
07679
#endif
07680
#if defined(CONFIG_RSBAC_AUTH)
07681
{
07682
rsbac_system_role_int_t def_aci =
SR_user;
07683
07684 list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION;
07685 list_info_p->key = RSBAC_AUTH_USER_ACI_KEY;
07686 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07687 list_info_p->data_size =
sizeof(
rsbac_system_role_int_t);
07688 list_info_p->max_age = 0;
07689 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07690 &
user_handles.auth,
07691 list_info_p,
07692 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07693
RSBAC_LIST_BACKUP |
07694 #endif
07695
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07696
rsbac_list_compare_u32,
07697
NULL,
07698 &def_aci,
07699
RSBAC_AUTH_ACI_USER_NAME,
07700 RSBAC_AUTO_DEV);
07701
if(err)
07702 {
07703
registration_error(err,
"USER AUTH");
07704 }
07705
else
07706
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.auth))
07707 {
07708
rsbac_uid_t user;
07709
rsbac_system_role_int_t role;
07710
07711
#ifdef CONFIG_RSBAC_RMSG
07712
rsbac_printk(KERN_WARNING
07713
"rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n");
07714
#endif
07715
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07716
if (!rsbac_nosyslog)
07717
#endif
07718
printk(KERN_WARNING
07719
"rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n");
07720 user =
RSBAC_SYSADM_UID;
07721 role =
SR_administrator;
07722
if(
rsbac_list_add(
user_handles.auth, &user, &role))
07723 printk(KERN_WARNING
07724
"rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n");
07725 user =
RSBAC_SECOFF_UID;
07726 role =
SR_security_officer;
07727
if(
rsbac_list_add(
user_handles.auth, &user, &role))
07728 printk(KERN_WARNING
07729
"rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n");
07730 user =
RSBAC_AUDITOR_UID;
07731 role =
SR_auditor;
07732
if(
rsbac_list_add(
user_handles.auth, &user, &role))
07733 printk(KERN_WARNING
07734
"rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n");
07735 }
07736 }
07737
#endif
07738
#if defined(CONFIG_RSBAC_CAP)
07739
{
07740
struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI;
07741
07742 list_info_p->version = RSBAC_CAP_USER_ACI_VERSION;
07743 list_info_p->key = RSBAC_CAP_USER_ACI_KEY;
07744 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07745 list_info_p->data_size =
sizeof(
struct rsbac_cap_user_aci_t);
07746 list_info_p->max_age = 0;
07747 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07748 &
user_handles.cap,
07749 list_info_p,
07750 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07751
RSBAC_LIST_BACKUP |
07752 #endif
07753
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07754
rsbac_list_compare_u32,
07755
NULL,
07756 &def_aci,
07757
RSBAC_CAP_ACI_USER_NAME,
07758 RSBAC_AUTO_DEV);
07759
if(err)
07760 {
07761
registration_error(err,
"USER CAP");
07762 }
07763
else
07764
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.cap))
07765 {
07766
struct rsbac_cap_user_aci_t sysadm_aci = DEFAULT_CAP_U_SYSADM_ACI;
07767
struct rsbac_cap_user_aci_t secoff_aci = DEFAULT_CAP_U_SECOFF_ACI;
07768
struct rsbac_cap_user_aci_t auditor_aci = DEFAULT_CAP_U_AUDITOR_ACI;
07769
rsbac_uid_t user;
07770
07771
#ifdef CONFIG_RSBAC_RMSG
07772
rsbac_printk(KERN_WARNING
07773
"rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
07774
#endif
07775
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07776
if (!rsbac_nosyslog)
07777
#endif
07778
printk(KERN_WARNING
07779
"rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
07780 user =
RSBAC_SYSADM_UID;
07781
if(
rsbac_list_add(
user_handles.cap, &user, &sysadm_aci))
07782 printk(KERN_WARNING
07783
"rsbac_do_init(): SYSADM USER CAP entry could not be added!\n");
07784 user =
RSBAC_SECOFF_UID;
07785
if(
rsbac_list_add(
user_handles.cap, &user, &secoff_aci))
07786 printk(KERN_WARNING
07787
"rsbac_do_init(): SECOFF USER CAP entry could not be added!\n");
07788 user =
RSBAC_AUDITOR_UID;
07789
if(
rsbac_list_add(
user_handles.cap, &user, &auditor_aci))
07790 printk(KERN_WARNING
07791
"rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n");
07792 }
07793 }
07794
#endif
07795
#if defined(CONFIG_RSBAC_JAIL)
07796
{
07797
rsbac_system_role_int_t def_aci =
SR_user;
07798
07799 list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION;
07800 list_info_p->key = RSBAC_JAIL_USER_ACI_KEY;
07801 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07802 list_info_p->data_size =
sizeof(
rsbac_system_role_int_t);
07803 list_info_p->max_age = 0;
07804 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07805 &
user_handles.jail,
07806 list_info_p,
07807 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07808
RSBAC_LIST_BACKUP |
07809 #endif
07810
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07811
rsbac_list_compare_u32,
07812
NULL,
07813 &def_aci,
07814
RSBAC_JAIL_ACI_USER_NAME,
07815 RSBAC_AUTO_DEV);
07816
if(err)
07817 {
07818
registration_error(err,
"USER JAIL");
07819 }
07820
else
07821
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.jail))
07822 {
07823
rsbac_uid_t user;
07824
rsbac_system_role_int_t role;
07825
07826
#ifdef CONFIG_RSBAC_RMSG
07827
rsbac_printk(KERN_WARNING
07828
"rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n");
07829
#endif
07830
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07831
if (!rsbac_nosyslog)
07832
#endif
07833
printk(KERN_WARNING
07834
"rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n");
07835 user =
RSBAC_SYSADM_UID;
07836 role =
SR_administrator;
07837
if(
rsbac_list_add(
user_handles.jail, &user, &role))
07838 printk(KERN_WARNING
07839
"rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n");
07840 user =
RSBAC_SECOFF_UID;
07841 role =
SR_security_officer;
07842
if(
rsbac_list_add(
user_handles.jail, &user, &role))
07843 printk(KERN_WARNING
07844
"rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n");
07845 }
07846 }
07847
#endif
07848
#if defined(CONFIG_RSBAC_RES)
07849
{
07850 list_info_p->version = RSBAC_RES_USER_ACI_VERSION;
07851 list_info_p->key = RSBAC_RES_USER_ACI_KEY;
07852 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07853 list_info_p->data_size =
sizeof(
struct rsbac_res_user_aci_t);
07854 list_info_p->max_age = 0;
07855 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07856 &
user_handles.res,
07857 list_info_p,
07858 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07859
RSBAC_LIST_BACKUP |
07860 #endif
07861
RSBAC_LIST_PERSIST,
07862
rsbac_list_compare_u32,
07863
NULL,
07864
NULL,
07865
RSBAC_RES_ACI_USER_NAME,
07866 RSBAC_AUTO_DEV);
07867
if(err)
07868 {
07869
registration_error(err,
"USER RES");
07870 }
07871
else
07872
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.res))
07873 {
07874
struct rsbac_res_user_aci_t sysadm_aci = DEFAULT_RES_U_SYSADM_ACI;
07875
struct rsbac_res_user_aci_t secoff_aci = DEFAULT_RES_U_SECOFF_ACI;
07876
rsbac_uid_t user;
07877
07878
#ifdef CONFIG_RSBAC_RMSG
07879
rsbac_printk(KERN_WARNING
07880
"rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
07881
#endif
07882
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07883
if (!rsbac_nosyslog)
07884
#endif
07885
printk(KERN_WARNING
07886
"rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
07887 user =
RSBAC_SYSADM_UID;
07888
if(
rsbac_list_add(
user_handles.res, &user, &sysadm_aci))
07889 printk(KERN_WARNING
07890
"rsbac_do_init(): SYSADM USER RES entry could not be added!\n");
07891 user =
RSBAC_SECOFF_UID;
07892
if(
rsbac_list_add(
user_handles.res, &user, &secoff_aci))
07893 printk(KERN_WARNING
07894
"rsbac_do_init(): SECOFF USER RES entry could not be added!\n");
07895 }
07896 }
07897
#endif
07898
#if defined(CONFIG_RSBAC_PAX)
07899
{
07900
rsbac_system_role_int_t def_aci =
SR_user;
07901
07902 list_info_p->version = RSBAC_PAX_USER_ACI_VERSION;
07903 list_info_p->key = RSBAC_PAX_USER_ACI_KEY;
07904 list_info_p->desc_size =
sizeof(
rsbac_uid_t);
07905 list_info_p->data_size =
sizeof(
rsbac_system_role_int_t);
07906 list_info_p->max_age = 0;
07907 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07908 &
user_handles.pax,
07909 list_info_p,
07910 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07911
RSBAC_LIST_BACKUP |
07912 #endif
07913
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
07914
rsbac_list_compare_u32,
07915
NULL,
07916 &def_aci,
07917
RSBAC_PAX_ACI_USER_NAME,
07918 RSBAC_AUTO_DEV);
07919
if(err)
07920 {
07921
registration_error(err,
"USER PAX");
07922 }
07923
else
07924
if(!
rsbac_no_defaults && !
rsbac_list_count(
user_handles.pax))
07925 {
07926
rsbac_uid_t user;
07927
rsbac_system_role_int_t role;
07928
07929
#ifdef CONFIG_RSBAC_RMSG
07930
rsbac_printk(KERN_WARNING
07931
"rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n");
07932
#endif
07933
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07934
if (!rsbac_nosyslog)
07935
#endif
07936
printk(KERN_WARNING
07937
"rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n");
07938 user =
RSBAC_SYSADM_UID;
07939 role =
SR_administrator;
07940
if(
rsbac_list_add(
user_handles.pax, &user, &role))
07941 printk(KERN_WARNING
07942
"rsbac_do_init(): SYSADM USER PAX entry could not be added!\n");
07943 user =
RSBAC_SECOFF_UID;
07944 role =
SR_security_officer;
07945
if(
rsbac_list_add(
user_handles.pax, &user, &role))
07946 printk(KERN_WARNING
07947
"rsbac_do_init(): SECOFF USER PAX entry could not be added!\n");
07948 }
07949 }
07950
#endif
07951
07952
#ifdef CONFIG_RSBAC_DEBUG
07953
if(rsbac_debug_stack)
07954 {
07955
unsigned long * n = (
unsigned long *) (current+1);
07956
07957
while (!*n)
07958 n++;
07959
#ifdef CONFIG_RSBAC_RMSG
07960
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before registering PROCESS aci: %lu\n",
07961 (
unsigned long) n - (
unsigned long)(current+1));
07962
#endif
07963
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07964
if (!rsbac_nosyslog)
07965
#endif
07966
printk(KERN_DEBUG
"rsbac_do_init: free stack before registering PROCESS aci: %lu\n",
07967 (
unsigned long) n - (
unsigned long)(current+1));
07968 }
07969
#endif
07970
07971
#ifdef CONFIG_RSBAC_DEBUG
07972
if (rsbac_debug_ds)
07973 {
07974
#ifdef CONFIG_RSBAC_RMSG
07975
rsbac_printk(KERN_DEBUG
"rsbac_do_init(): registering PROCESS lists\n");
07976
#endif
07977
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07978
if (!rsbac_nosyslog)
07979
#endif
07980
printk(KERN_DEBUG
"rsbac_do_init(): registering PROCESS lists\n");
07981 }
07982
#endif
07983
{
07984
struct rsbac_gen_process_aci_t def_aci =
DEFAULT_GEN_P_ACI;
07985
07986 list_info_p->version =
RSBAC_GEN_PROCESS_ACI_VERSION;
07987 list_info_p->key =
RSBAC_GEN_PROCESS_ACI_KEY;
07988 list_info_p->desc_size =
sizeof(
rsbac_pid_t);
07989 list_info_p->data_size =
sizeof(
struct rsbac_gen_process_aci_t);
07990 list_info_p->max_age = 0;
07991 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
07992 &
process_handles.gen,
07993 list_info_p,
07994
RSBAC_LIST_DEF_DATA,
07995
rsbac_list_compare_u32,
07996
NULL,
07997 &def_aci,
07998
RSBAC_GEN_ACI_PROCESS_NAME,
07999 RSBAC_AUTO_DEV);
08000
if(err)
08001 {
08002
registration_error(err,
"PROCESS General");
08003 }
08004 }
08005
#if defined(CONFIG_RSBAC_MAC)
08006
{
08007
struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI;
08008
char name[
RSBAC_MAXNAMELEN];
08009
int i;
08010
08011 list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION;
08012 list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY;
08013 list_info_p->desc_size =
sizeof(
rsbac_pid_t);
08014 list_info_p->data_size =
sizeof(
struct rsbac_mac_process_aci_t);
08015 list_info_p->max_age = 0;
08016
for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
08017 {
08018 sprintf(name,
"%s%u",
RSBAC_MAC_ACI_PROCESS_NAME, i);
08019
08020 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08021 &
process_handles.mac[i],
08022 list_info_p,
08023
RSBAC_LIST_DEF_DATA,
08024
rsbac_list_compare_u32,
08025
NULL,
08026 &def_aci,
08027 name,
08028 RSBAC_AUTO_DEV);
08029
if(err)
08030 {
08031
registration_error(err,
"PROCESS MAC");
08032 }
08033 }
08034 }
08035
#endif
08036
#if defined(CONFIG_RSBAC_PM)
08037
{
08038
struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI;
08039
08040 list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION;
08041 list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY;
08042 list_info_p->desc_size =
sizeof(
rsbac_pid_t);
08043 list_info_p->data_size =
sizeof(
struct rsbac_pm_process_aci_t);
08044 list_info_p->max_age = 0;
08045 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08046 &
process_handles.pm,
08047 list_info_p,
08048
RSBAC_LIST_DEF_DATA,
08049
rsbac_list_compare_u32,
08050
NULL,
08051 &def_aci,
08052
RSBAC_PM_ACI_PROCESS_NAME,
08053 RSBAC_AUTO_DEV);
08054
if(err)
08055 {
08056
registration_error(err,
"PROCESS PM");
08057 }
08058 }
08059
#endif
08060
#if defined(CONFIG_RSBAC_DAZ)
08061
{
08062
struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI;
08063
08064 list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION;
08065 list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY;
08066 list_info_p->desc_size =
sizeof(
rsbac_pid_t);
08067 list_info_p->data_size =
sizeof(
struct rsbac_daz_process_aci_t);
08068 list_info_p->max_age = 0;
08069 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08070 &
process_handles.daz,
08071 list_info_p,
08072
RSBAC_LIST_DEF_DATA,
08073
rsbac_list_compare_u32,
08074
NULL,
08075 &def_aci,
08076
RSBAC_DAZ_ACI_PROCESS_NAME,
08077 RSBAC_AUTO_DEV);
08078
if(err)
08079 {
08080
registration_error(err,
"PROCESS DAZ");
08081 }
08082 }
08083
#endif
08084
#if defined(CONFIG_RSBAC_RC)
08085
{
08086
struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI;
08087
char name[
RSBAC_MAXNAMELEN];
08088
int i;
08089
08090 list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION;
08091 list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY;
08092 list_info_p->desc_size =
sizeof(
rsbac_pid_t);
08093 list_info_p->data_size =
sizeof(
struct rsbac_rc_process_aci_t);
08094 list_info_p->max_age = 0;
08095
for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
08096 {
08097 sprintf(name,
"%s%u",
RSBAC_RC_ACI_PROCESS_NAME, i);
08098 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08099 &
process_handles.rc[i],
08100 list_info_p,
08101
RSBAC_LIST_DEF_DATA,
08102
rsbac_list_compare_u32,
08103
NULL,
08104 &def_aci,
08105 name,
08106 RSBAC_AUTO_DEV);
08107
if(err)
08108 {
08109
registration_error(err,
"PROCESS RC");
08110 }
08111 }
08112 }
08113
#endif
08114
#if defined(CONFIG_RSBAC_AUTH)
08115
{
08116
struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI;
08117
08118 list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION;
08119 list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY;
08120 list_info_p->desc_size =
sizeof(
rsbac_pid_t);
08121 list_info_p->data_size =
sizeof(
struct rsbac_auth_process_aci_t);
08122 list_info_p->max_age = 0;
08123 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08124 &
process_handles.auth,
08125 list_info_p,
08126
RSBAC_LIST_DEF_DATA,
08127
rsbac_list_compare_u32,
08128
NULL,
08129 &def_aci,
08130
RSBAC_AUTH_ACI_PROCESS_NAME,
08131 RSBAC_AUTO_DEV);
08132
if(err)
08133 {
08134
registration_error(err,
"PROCESS AUTH");
08135 }
08136 }
08137
#endif
08138
#if defined(CONFIG_RSBAC_CAP)
08139
{
08140
struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI;
08141
08142
#if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
08143
if(rsbac_cap_process_hiding)
08144 def_aci.cap_process_hiding =
PH_from_other_users;
08145
#endif
08146
list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION;
08147 list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY;
08148 list_info_p->desc_size =
sizeof(
rsbac_pid_t);
08149 list_info_p->data_size =
sizeof(
struct rsbac_cap_process_aci_t);
08150 list_info_p->max_age = 0;
08151 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08152 &
process_handles.cap,
08153 list_info_p,
08154
RSBAC_LIST_DEF_DATA,
08155
rsbac_list_compare_u32,
08156
NULL,
08157 &def_aci,
08158
RSBAC_CAP_ACI_PROCESS_NAME,
08159 RSBAC_AUTO_DEV);
08160
if(err)
08161 {
08162
registration_error(err,
"PROCESS CAP");
08163 }
08164 }
08165
#endif
08166
#if defined(CONFIG_RSBAC_JAIL)
08167
{
08168
struct rsbac_jail_process_aci_t def_aci = DEFAULT_JAIL_P_ACI;
08169
char name[
RSBAC_MAXNAMELEN];
08170
int i;
08171
08172 list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION;
08173 list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY;
08174 list_info_p->desc_size =
sizeof(
rsbac_pid_t);
08175 list_info_p->data_size =
sizeof(
struct rsbac_jail_process_aci_t);
08176 list_info_p->max_age = 0;
08177
for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
08178 {
08179 sprintf(name,
"%s%u",
RSBAC_JAIL_ACI_PROCESS_NAME, i);
08180 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08181 &
process_handles.jail[i],
08182 list_info_p,
08183
RSBAC_LIST_DEF_DATA,
08184
rsbac_list_compare_u32,
08185
NULL,
08186 &def_aci,
08187 name,
08188 RSBAC_AUTO_DEV);
08189
if(err)
08190 {
08191
registration_error(err,
"PROCESS JAIL");
08192 }
08193 }
08194 }
08195
#endif
08196
08197
08198
#ifdef CONFIG_RSBAC_NET_DEV
08199
#ifdef CONFIG_RSBAC_DEBUG
08200
if (rsbac_debug_ds)
08201 {
08202
#ifdef CONFIG_RSBAC_RMSG
08203
rsbac_printk(KERN_DEBUG
"rsbac_do_init(): registering NETDEV lists\n");
08204
#endif
08205
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08206
if (!rsbac_nosyslog)
08207
#endif
08208
printk(KERN_DEBUG
"rsbac_do_init(): registering NETDEV lists\n");
08209 }
08210
#endif
08211
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
08212
{
08213
struct rsbac_gen_netdev_aci_t def_aci =
DEFAULT_GEN_NETDEV_ACI;
08214
08215 list_info_p->version =
RSBAC_GEN_NETDEV_ACI_VERSION;
08216 list_info_p->key =
RSBAC_GEN_NETDEV_ACI_KEY;
08217 list_info_p->desc_size =
sizeof(
rsbac_netdev_id_t);
08218 list_info_p->data_size =
sizeof(
struct rsbac_gen_netdev_aci_t);
08219 list_info_p->max_age = 0;
08220 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08221 &netdev_handles.gen,
08222 list_info_p,
08223
RSBAC_LIST_BACKUP |
08224
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
08225 netdev_compare,
08226
NULL,
08227 &def_aci,
08228
RSBAC_GEN_ACI_NETDEV_NAME,
08229 RSBAC_AUTO_DEV);
08230
if(err)
08231 {
08232
registration_error(err,
"NETDEV General");
08233 }
08234 }
08235
#endif
08236
#if defined(CONFIG_RSBAC_RC)
08237
{
08238
rsbac_rc_type_id_t def_aci =
RSBAC_RC_GENERAL_TYPE;
08239
08240 list_info_p->version = RSBAC_RC_NETDEV_ACI_VERSION;
08241 list_info_p->key = RSBAC_RC_NETDEV_ACI_KEY;
08242 list_info_p->desc_size =
sizeof(
rsbac_netdev_id_t);
08243 list_info_p->data_size =
sizeof(
rsbac_rc_type_id_t);
08244 list_info_p->max_age = 0;
08245 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08246 &netdev_handles.rc,
08247 list_info_p,
08248
RSBAC_LIST_BACKUP |
08249
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
08250 netdev_compare,
08251
NULL,
08252 &def_aci,
08253
RSBAC_RC_ACI_NETDEV_NAME,
08254 RSBAC_AUTO_DEV);
08255
if(err)
08256 {
08257
registration_error(err,
"NETDEV RC");
08258 }
08259 }
08260
#endif
08261
#endif
08262
08263
#ifdef CONFIG_RSBAC_NET_OBJ
08264
#ifdef CONFIG_RSBAC_DEBUG
08265
if (rsbac_debug_ds)
08266 {
08267
#ifdef CONFIG_RSBAC_RMSG
08268
rsbac_printk(KERN_DEBUG
"rsbac_do_init(): registering network template list\n");
08269
#endif
08270
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08271
if (!rsbac_nosyslog)
08272
#endif
08273
printk(KERN_DEBUG
"rsbac_do_init(): registering network template list\n");
08274 }
08275
#endif
08276
list_info_p->version =
RSBAC_NET_TEMP_VERSION;
08277 list_info_p->key =
RSBAC_NET_TEMP_KEY;
08278 list_info_p->desc_size =
sizeof(
rsbac_net_temp_id_t);
08279 list_info_p->data_size =
sizeof(
struct rsbac_net_temp_data_t);
08280 list_info_p->max_age = 0;
08281 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08282 &net_temp_handle,
08283 list_info_p,
08284
RSBAC_LIST_BACKUP |
08285
RSBAC_LIST_PERSIST,
08286
rsbac_list_compare_u32,
08287
NULL,
08288
NULL,
08289
RSBAC_NET_TEMP_NAME,
08290 RSBAC_AUTO_DEV);
08291
if(err)
08292 {
08293
registration_error(err,
"Network Template");
08294 }
08295
else
08296
if(!
rsbac_no_defaults && !
rsbac_list_count(net_temp_handle))
08297 {
08298
rsbac_net_temp_id_t id;
08299
struct rsbac_net_temp_data_t unix_data =
RSBAC_NET_TEMP_UNIX_DATA;
08300
struct rsbac_net_temp_data_t lnet_data =
RSBAC_NET_TEMP_LNET_DATA;
08301
struct rsbac_net_temp_data_t lan_data =
RSBAC_NET_TEMP_LAN_DATA;
08302
struct rsbac_net_temp_data_t auto_data =
RSBAC_NET_TEMP_AUTO_DATA;
08303
struct rsbac_net_temp_data_t inet_data =
RSBAC_NET_TEMP_INET_DATA;
08304
struct rsbac_net_temp_data_t all_data =
RSBAC_NET_TEMP_ALL_DATA;
08305
08306
#ifdef CONFIG_RSBAC_RMSG
08307
rsbac_printk(KERN_WARNING
08308
"rsbac_do_init(): Network Templates could not be read - generating standard entries!\n");
08309
#endif
08310
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08311
if (!rsbac_nosyslog)
08312
#endif
08313
printk(KERN_WARNING
08314
"rsbac_do_init(): Network Templates could not be read - generating standard entries!\n");
08315
id =
RSBAC_NET_TEMP_UNIX_ID;
08316
rsbac_list_add(net_temp_handle, &
id, &unix_data);
08317
id =
RSBAC_NET_TEMP_LNET_ID;
08318 rsbac_net_str_to_inet(
RSBAC_NET_TEMP_LNET_ADDRESS, (__u32 *) lnet_data.
address);
08319
rsbac_list_add(net_temp_handle, &
id, &lnet_data);
08320
id =
RSBAC_NET_TEMP_LAN_ID;
08321 rsbac_net_str_to_inet(
RSBAC_NET_TEMP_LAN_ADDRESS, (__u32 *) lan_data.
address);
08322
rsbac_list_add(net_temp_handle, &
id, &lan_data);
08323
id =
RSBAC_NET_TEMP_AUTO_ID;
08324 rsbac_net_str_to_inet(
RSBAC_NET_TEMP_AUTO_ADDRESS, (__u32 *) auto_data.
address);
08325
rsbac_list_add(net_temp_handle, &
id, &auto_data);
08326
id =
RSBAC_NET_TEMP_INET_ID;
08327
rsbac_list_add(net_temp_handle, &
id, &inet_data);
08328
id =
RSBAC_NET_TEMP_ALL_ID;
08329
rsbac_list_add(net_temp_handle, &
id, &all_data);
08330 }
08331
08332
#ifdef CONFIG_RSBAC_DEBUG
08333
if (rsbac_debug_ds)
08334 {
08335
#ifdef CONFIG_RSBAC_RMSG
08336
rsbac_printk(KERN_DEBUG
"rsbac_do_init(): registering NETTEMP lists\n");
08337
#endif
08338
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08339
if (!rsbac_nosyslog)
08340
#endif
08341
printk(KERN_DEBUG
"rsbac_do_init(): registering NETTEMP lists\n");
08342 }
08343
#endif
08344
08345
#if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
08346
{
08347
struct rsbac_gen_netobj_aci_t def_aci =
DEFAULT_GEN_NETOBJ_ACI;
08348
08349 list_info_p->version =
RSBAC_GEN_NETOBJ_ACI_VERSION;
08350 list_info_p->key =
RSBAC_GEN_NETOBJ_ACI_KEY;
08351 list_info_p->desc_size =
sizeof(
rsbac_net_temp_id_t);
08352 list_info_p->data_size =
sizeof(
struct rsbac_gen_netobj_aci_t);
08353 list_info_p->max_age = 0;
08354 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08355 &nettemp_handles.gen,
08356 list_info_p,
08357
RSBAC_LIST_BACKUP |
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
08358
rsbac_list_compare_u32,
08359
NULL,
08360 &def_aci,
08361
RSBAC_GEN_ACI_NETTEMP_NAME,
08362 RSBAC_AUTO_DEV);
08363
if(err)
08364 {
08365
registration_error(err,
"NETTEMP GEN");
08366 }
08367 }
08368
#endif
08369
#if defined(CONFIG_RSBAC_MAC)
08370
{
08371
struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
08372
08373 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
08374 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
08375 list_info_p->desc_size =
sizeof(
rsbac_net_temp_id_t);
08376 list_info_p->data_size =
sizeof(
struct rsbac_mac_netobj_aci_t);
08377 list_info_p->max_age = 0;
08378 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08379 &nettemp_handles.mac,
08380 list_info_p,
08381
RSBAC_LIST_BACKUP |
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
08382
rsbac_list_compare_u32,
08383
NULL,
08384 &def_aci,
08385
RSBAC_MAC_ACI_NETTEMP_NAME,
08386 RSBAC_AUTO_DEV);
08387
if(err)
08388 {
08389
registration_error(err,
"NETTEMP MAC");
08390 }
08391 }
08392
#endif
08393
#if defined(CONFIG_RSBAC_FC)
08394
{
08395
rsbac_fc_oc_t def_aci =
RSBAC_FC_OC_ROOT_DEF;
08396
08397 list_info_p->version = RSBAC_FC_NETOBJ_ACI_VERSION;
08398 list_info_p->key = RSBAC_FC_NETOBJ_ACI_KEY;
08399 list_info_p->desc_size =
sizeof(
rsbac_net_temp_id_t);
08400 list_info_p->data_size =
sizeof(
rsbac_fc_oc_t);
08401 list_info_p->max_age = 0;
08402 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08403 &nettemp_handles.fc,
08404 list_info_p,
08405
RSBAC_LIST_BACKUP |
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
08406
rsbac_list_compare_u32,
08407
NULL,
08408 &def_aci,
08409
RSBAC_FC_ACI_NETTEMP_NAME,
08410 RSBAC_AUTO_DEV);
08411
if(err)
08412 {
08413
registration_error(err,
"NETTEMP FC");
08414 }
08415 }
08416
#endif
08417
#if defined(CONFIG_RSBAC_SIM)
08418
{
08419
rsbac_sim_dt_t def_aci =
RSBAC_SIM_DT_ROOT_DEF;
08420
08421 list_info_p->version = RSBAC_SIM_NETOBJ_ACI_VERSION;
08422 list_info_p->key = RSBAC_SIM_NETOBJ_ACI_KEY;
08423 list_info_p->desc_size =
sizeof(
rsbac_net_temp_id_t);
08424 list_info_p->data_size =
sizeof(
rsbac_sim_dt_t);
08425 list_info_p->max_age = 0;
08426 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08427 &nettemp_handles.sim,
08428 list_info_p,
08429
RSBAC_LIST_BACKUP |
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
08430
rsbac_list_compare_u32,
08431
NULL,
08432 &def_aci,
08433
RSBAC_SIM_ACI_NETTEMP_NAME,
08434 RSBAC_AUTO_DEV);
08435
if(err)
08436 {
08437
registration_error(err,
"NETTEMP SIM");
08438 }
08439 }
08440
#endif
08441
#if defined(CONFIG_RSBAC_PM)
08442
{
08443
struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
08444
08445 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
08446 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
08447 list_info_p->desc_size =
sizeof(
rsbac_net_temp_id_t);
08448 list_info_p->data_size =
sizeof(
struct rsbac_pm_netobj_aci_t);
08449 list_info_p->max_age = 0;
08450 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08451 &nettemp_handles.pm,
08452 list_info_p,
08453
RSBAC_LIST_BACKUP |
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
08454
rsbac_list_compare_u32,
08455
NULL,
08456 &def_aci,
08457
RSBAC_PM_ACI_NETTEMP_NAME,
08458 RSBAC_AUTO_DEV);
08459
if(err)
08460 {
08461
registration_error(err,
"NETTEMP PM");
08462 }
08463 }
08464
#endif
08465
#if defined(CONFIG_RSBAC_RC)
08466
{
08467
struct rsbac_rc_nettemp_aci_t def_aci = DEFAULT_RC_NETTEMP_ACI;
08468
08469 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
08470 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
08471 list_info_p->desc_size =
sizeof(
rsbac_net_temp_id_t);
08472 list_info_p->data_size =
sizeof(
struct rsbac_rc_nettemp_aci_t);
08473 list_info_p->max_age = 0;
08474 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08475 &nettemp_handles.rc,
08476 list_info_p,
08477
RSBAC_LIST_BACKUP |
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
08478
rsbac_list_compare_u32,
08479
NULL,
08480 &def_aci,
08481
RSBAC_RC_ACI_NETTEMP_NAME,
08482 RSBAC_AUTO_DEV);
08483
if(err)
08484 {
08485
registration_error(err,
"NETTEMP RC");
08486 }
08487 }
08488
#endif
08489
08490
#ifdef CONFIG_RSBAC_DEBUG
08491
if (rsbac_debug_ds)
08492 {
08493
#ifdef CONFIG_RSBAC_RMSG
08494
rsbac_printk(KERN_DEBUG
"rsbac_do_init(): registering local NETOBJ lists\n");
08495
#endif
08496
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08497
if (!rsbac_nosyslog)
08498
#endif
08499
printk(KERN_DEBUG
"rsbac_do_init(): registering local NETOBJ lists\n");
08500 }
08501
#endif
08502
#if defined(CONFIG_RSBAC_MAC)
08503
{
08504
struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
08505
08506 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
08507 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
08508 list_info_p->desc_size =
sizeof(
rsbac_net_obj_id_t);
08509 list_info_p->data_size =
sizeof(
struct rsbac_mac_netobj_aci_t);
08510 list_info_p->max_age = 0;
08511 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08512 &lnetobj_handles.mac,
08513 list_info_p,
08514 0,
08515
rsbac_list_compare_u32,
08516
NULL,
08517 &def_aci,
08518
RSBAC_MAC_ACI_LNETOBJ_NAME,
08519 RSBAC_AUTO_DEV);
08520
if(err)
08521 {
08522
registration_error(err,
"LNETOBJ MAC");
08523 }
08524 }
08525
#endif
08526
#if defined(CONFIG_RSBAC_FC)
08527
{
08528
rsbac_fc_oc_t def_aci =
RSBAC_FC_OC_ROOT_DEF;
08529
08530 list_info_p->version = RSBAC_FC_NETOBJ_ACI_VERSION;
08531 list_info_p->key = RSBAC_FC_NETOBJ_ACI_KEY;
08532 list_info_p->desc_size =
sizeof(
rsbac_net_obj_id_t);
08533 list_info_p->data_size =
sizeof(
rsbac_fc_oc_t);
08534 list_info_p->max_age = 0;
08535 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08536 &lnetobj_handles.fc,
08537 list_info_p,
08538 0,
08539
rsbac_list_compare_u32,
08540
NULL,
08541 &def_aci,
08542
RSBAC_FC_ACI_LNETOBJ_NAME,
08543 RSBAC_AUTO_DEV);
08544
if(err)
08545 {
08546
registration_error(err,
"LNETOBJ FC");
08547 }
08548 }
08549
#endif
08550
#if defined(CONFIG_RSBAC_SIM)
08551
{
08552
rsbac_sim_dt_t def_aci =
RSBAC_SIM_DT_ROOT_DEF;
08553
08554 list_info_p->version = RSBAC_SIM_NETOBJ_ACI_VERSION;
08555 list_info_p->key = RSBAC_SIM_NETOBJ_ACI_KEY;
08556 list_info_p->desc_size =
sizeof(
rsbac_net_obj_id_t);
08557 list_info_p->data_size =
sizeof(
rsbac_sim_dt_t);
08558 list_info_p->max_age = 0;
08559 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08560 &lnetobj_handles.sim,
08561 list_info_p,
08562 0,
08563
rsbac_list_compare_u32,
08564
NULL,
08565 &def_aci,
08566
RSBAC_SIM_ACI_LNETOBJ_NAME,
08567 RSBAC_AUTO_DEV);
08568
if(err)
08569 {
08570
registration_error(err,
"LNETOBJ SIM");
08571 }
08572 }
08573
#endif
08574
#if defined(CONFIG_RSBAC_PM)
08575
{
08576
struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
08577
08578 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
08579 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
08580 list_info_p->desc_size =
sizeof(
rsbac_net_obj_id_t);
08581 list_info_p->data_size =
sizeof(
struct rsbac_pm_netobj_aci_t);
08582 list_info_p->max_age = 0;
08583 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08584 &lnetobj_handles.pm,
08585 list_info_p,
08586 0,
08587
rsbac_list_compare_u32,
08588
NULL,
08589 &def_aci,
08590
RSBAC_PM_ACI_LNETOBJ_NAME,
08591 RSBAC_AUTO_DEV);
08592
if(err)
08593 {
08594
registration_error(err,
"LNETOBJ PM");
08595 }
08596 }
08597
#endif
08598
#if defined(CONFIG_RSBAC_RC)
08599
{
08600
rsbac_rc_type_id_t def_aci =
RSBAC_RC_GENERAL_TYPE;
08601
08602 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
08603 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
08604 list_info_p->desc_size =
sizeof(
rsbac_net_obj_id_t);
08605 list_info_p->data_size =
sizeof(
rsbac_rc_type_id_t);
08606 list_info_p->max_age = 0;
08607 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08608 &lnetobj_handles.rc,
08609 list_info_p,
08610 0,
08611
rsbac_list_compare_u32,
08612
NULL,
08613 &def_aci,
08614
RSBAC_RC_ACI_LNETOBJ_NAME,
08615 RSBAC_AUTO_DEV);
08616
if(err)
08617 {
08618
registration_error(err,
"LNETOBJ RC");
08619 }
08620 }
08621
#endif
08622
08623
#ifdef CONFIG_RSBAC_DEBUG
08624
if (rsbac_debug_ds)
08625 {
08626
#ifdef CONFIG_RSBAC_RMSG
08627
rsbac_printk(KERN_DEBUG
"rsbac_do_init(): registering remote NETOBJ lists\n");
08628
#endif
08629
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08630
if (!rsbac_nosyslog)
08631
#endif
08632
printk(KERN_DEBUG
"rsbac_do_init(): registering remote NETOBJ lists\n");
08633 }
08634
#endif
08635
#if defined(CONFIG_RSBAC_MAC)
08636
{
08637
struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
08638
08639 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
08640 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
08641 list_info_p->desc_size =
sizeof(
rsbac_net_obj_id_t);
08642 list_info_p->data_size =
sizeof(
struct rsbac_mac_netobj_aci_t);
08643 list_info_p->max_age = 0;
08644 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08645 &rnetobj_handles.mac,
08646 list_info_p,
08647 0,
08648
rsbac_list_compare_u32,
08649
NULL,
08650 &def_aci,
08651
RSBAC_MAC_ACI_RNETOBJ_NAME,
08652 RSBAC_AUTO_DEV);
08653
if(err)
08654 {
08655
registration_error(err,
"RNETOBJ MAC");
08656 }
08657 }
08658
#endif
08659
#if defined(CONFIG_RSBAC_FC)
08660
{
08661
rsbac_fc_oc_t def_aci =
RSBAC_FC_OC_ROOT_DEF;
08662
08663 list_info_p->version = RSBAC_FC_NETOBJ_ACI_VERSION;
08664 list_info_p->key = RSBAC_FC_NETOBJ_ACI_KEY;
08665 list_info_p->desc_size =
sizeof(
rsbac_net_obj_id_t);
08666 list_info_p->data_size =
sizeof(
rsbac_fc_oc_t);
08667 list_info_p->max_age = 0;
08668 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08669 &rnetobj_handles.fc,
08670 list_info_p,
08671 0,
08672
rsbac_list_compare_u32,
08673
NULL,
08674 &def_aci,
08675
RSBAC_FC_ACI_RNETOBJ_NAME,
08676 RSBAC_AUTO_DEV);
08677
if(err)
08678 {
08679
registration_error(err,
"RNETOBJ FC");
08680 }
08681 }
08682
#endif
08683
#if defined(CONFIG_RSBAC_SIM)
08684
{
08685
rsbac_sim_dt_t def_aci =
RSBAC_SIM_DT_ROOT_DEF;
08686
08687 list_info_p->version = RSBAC_SIM_NETOBJ_ACI_VERSION;
08688 list_info_p->key = RSBAC_SIM_NETOBJ_ACI_KEY;
08689 list_info_p->desc_size =
sizeof(
rsbac_net_obj_id_t);
08690 list_info_p->data_size =
sizeof(
rsbac_sim_dt_t);
08691 list_info_p->max_age = 0;
08692 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08693 &rnetobj_handles.sim,
08694 list_info_p,
08695 0,
08696
rsbac_list_compare_u32,
08697
NULL,
08698 &def_aci,
08699
RSBAC_SIM_ACI_RNETOBJ_NAME,
08700 RSBAC_AUTO_DEV);
08701
if(err)
08702 {
08703
registration_error(err,
"RNETOBJ SIM");
08704 }
08705 }
08706
#endif
08707
#if defined(CONFIG_RSBAC_PM)
08708
{
08709
struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
08710
08711 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
08712 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
08713 list_info_p->desc_size =
sizeof(
rsbac_net_obj_id_t);
08714 list_info_p->data_size =
sizeof(
struct rsbac_pm_netobj_aci_t);
08715 list_info_p->max_age = 0;
08716 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08717 &rnetobj_handles.pm,
08718 list_info_p,
08719 0,
08720
rsbac_list_compare_u32,
08721
NULL,
08722 &def_aci,
08723
RSBAC_PM_ACI_RNETOBJ_NAME,
08724 RSBAC_AUTO_DEV);
08725
if(err)
08726 {
08727
registration_error(err,
"RNETOBJ PM");
08728 }
08729 }
08730
#endif
08731
#if defined(CONFIG_RSBAC_RC)
08732
{
08733
rsbac_rc_type_id_t def_aci =
RSBAC_RC_GENERAL_TYPE;
08734
08735 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
08736 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
08737 list_info_p->desc_size =
sizeof(
rsbac_net_obj_id_t);
08738 list_info_p->data_size =
sizeof(
rsbac_rc_type_id_t);
08739 list_info_p->max_age = 0;
08740 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
08741 &rnetobj_handles.rc,
08742 list_info_p,
08743 0,
08744
rsbac_list_compare_u32,
08745
NULL,
08746 &def_aci,
08747
RSBAC_RC_ACI_RNETOBJ_NAME,
08748 RSBAC_AUTO_DEV);
08749
if(err)
08750 {
08751
registration_error(err,
"RNETOBJ RC");
08752 }
08753 }
08754
#endif
08755
#endif
08756
08757
08758
#if defined(CONFIG_RSBAC_MAC)
08759
#ifdef CONFIG_RSBAC_DEBUG
08760
if(rsbac_debug_stack)
08761 {
08762
unsigned long * n = (
unsigned long *) (current+1);
08763
08764
while (!*n)
08765 n++;
08766
#ifdef CONFIG_RSBAC_RMSG
08767
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before init_mac: %lu\n",
08768 (
unsigned long) n - (
unsigned long)(current+1));
08769
#endif
08770
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08771
if (!rsbac_nosyslog)
08772
#endif
08773
printk(KERN_DEBUG
"rsbac_do_init: free stack before init_mac: %lu\n",
08774 (
unsigned long) n - (
unsigned long)(current+1));
08775 }
08776
#endif
08777
rsbac_init_mac();
08778
#endif
08779
08780
#ifdef CONFIG_RSBAC_PM
08781
#ifdef CONFIG_RSBAC_DEBUG
08782
if(rsbac_debug_stack)
08783 {
08784
unsigned long * n = (
unsigned long *) (current+1);
08785
08786
while (!*n)
08787 n++;
08788
#ifdef CONFIG_RSBAC_RMSG
08789
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before init_pm: %lu\n",
08790 (
unsigned long) n - (
unsigned long)(current+1));
08791
#endif
08792
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08793
if (!rsbac_nosyslog)
08794
#endif
08795
printk(KERN_DEBUG
"rsbac_do_init: free stack before init_pm: %lu\n",
08796 (
unsigned long) n - (
unsigned long)(current+1));
08797 }
08798
#endif
08799
rsbac_init_pm();
08800
#endif
08801
08802
#if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
08803
#ifdef CONFIG_RSBAC_DEBUG
08804
if(rsbac_debug_stack)
08805 {
08806
unsigned long * n = (
unsigned long *) (current+1);
08807
08808
while (!*n)
08809 n++;
08810
#ifdef CONFIG_RSBAC_RMSG
08811
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before init_daz: %lu\n",
08812 (
unsigned long) n - (
unsigned long)(current+1));
08813
#endif
08814
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08815
if (!rsbac_nosyslog)
08816
#endif
08817
printk(KERN_DEBUG
"rsbac_do_init: free stack before init_daz: %lu\n",
08818 (
unsigned long) n - (
unsigned long)(current+1));
08819 }
08820
#endif
08821
rsbac_init_daz();
08822
#endif
08823
08824
#if defined(CONFIG_RSBAC_RC)
08825
#ifdef CONFIG_RSBAC_DEBUG
08826
if(rsbac_debug_stack)
08827 {
08828
unsigned long * n = (
unsigned long *) (current+1);
08829
08830
while (!*n)
08831 n++;
08832
#ifdef CONFIG_RSBAC_RMSG
08833
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before init_rc: %lu\n",
08834 (
unsigned long) n - (
unsigned long)(current+1));
08835
#endif
08836
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08837
if (!rsbac_nosyslog)
08838
#endif
08839
printk(KERN_DEBUG
"rsbac_do_init: free stack before init_rc: %lu\n",
08840 (
unsigned long) n - (
unsigned long)(current+1));
08841 }
08842
#endif
08843
rsbac_init_rc();
08844
#endif
08845
08846
#if defined(CONFIG_RSBAC_AUTH)
08847
#ifdef CONFIG_RSBAC_DEBUG
08848
if(rsbac_debug_stack)
08849 {
08850
unsigned long * n = (
unsigned long *) (current+1);
08851
08852
while (!*n)
08853 n++;
08854
#ifdef CONFIG_RSBAC_RMSG
08855
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before init_auth: %lu\n",
08856 (
unsigned long) n - (
unsigned long)(current+1));
08857
#endif
08858
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08859
if (!rsbac_nosyslog)
08860
#endif
08861
printk(KERN_DEBUG
"rsbac_do_init: free stack before init_auth: %lu\n",
08862 (
unsigned long) n - (
unsigned long)(current+1));
08863 }
08864
#endif
08865
rsbac_init_auth();
08866
if (rsbac_auth_enable_login)
08867 {
08868
struct dentry * t_dentry;
08869
struct dentry * dir_dentry =
NULL;
08870
struct rsbac_auth_fd_aci_t auth_fd_aci = DEFAULT_AUTH_FD_ACI;
08871
int list_no;
08872
08873
#ifdef CONFIG_RSBAC_RMSG
08874
rsbac_printk(KERN_WARNING
08875
"rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n",
08876
RSBAC_AUTH_LOGIN_PATH);
08877
#endif
08878
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08879
if (!rsbac_nosyslog)
08880
#endif
08881
printk(KERN_WARNING
08882
"rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n",
08883
RSBAC_AUTH_LOGIN_PATH);
08884
08885
08886
if(sb_p)
08887 {
08888 dir_dentry =
rsbac_lookup_one_len(
RSBAC_AUTH_LOGIN_PATH_DIR,
08889 sb_p->s_root,
08890 strlen(
RSBAC_AUTH_LOGIN_PATH_DIR));
08891 }
08892
if (!dir_dentry)
08893 {
08894 err = -
RSBAC_ENOTFOUND;
08895
#ifdef CONFIG_RSBAC_RMSG
08896
rsbac_printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
08897
RSBAC_AUTH_LOGIN_PATH_DIR);
08898
#endif
08899
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08900
if (!rsbac_nosyslog)
08901
#endif
08902
printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
08903
RSBAC_AUTH_LOGIN_PATH_DIR);
08904
goto auth_out;
08905 }
08906
if (IS_ERR(dir_dentry))
08907 {
08908 err = PTR_ERR(dir_dentry);
08909
#ifdef CONFIG_RSBAC_RMSG
08910
rsbac_printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n",
08911
RSBAC_AUTH_LOGIN_PATH_DIR,
08912 err);
08913
#endif
08914
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08915
if (!rsbac_nosyslog)
08916
#endif
08917
printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n",
08918
RSBAC_AUTH_LOGIN_PATH_DIR,
08919 err);
08920
goto auth_out;
08921 }
08922
if (!dir_dentry->d_inode)
08923 {
08924 err = -
RSBAC_ENOTFOUND;
08925
#ifdef CONFIG_RSBAC_RMSG
08926
rsbac_printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
08927
RSBAC_AUTH_LOGIN_PATH_DIR);
08928
#endif
08929
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08930
if (!rsbac_nosyslog)
08931
#endif
08932
printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
08933
RSBAC_AUTH_LOGIN_PATH_DIR);
08934 dput(dir_dentry);
08935
goto auth_out;
08936 }
08937 t_dentry =
rsbac_lookup_one_len(
RSBAC_AUTH_LOGIN_PATH_FILE,
08938 dir_dentry,
08939 strlen(
RSBAC_AUTH_LOGIN_PATH_FILE));
08940
if (!t_dentry)
08941 {
08942 err = -
RSBAC_ENOTFOUND;
08943
#ifdef CONFIG_RSBAC_RMSG
08944
rsbac_printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
08945
RSBAC_AUTH_LOGIN_PATH_DIR,
08946
RSBAC_AUTH_LOGIN_PATH_FILE);
08947
#endif
08948
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08949
if (!rsbac_nosyslog)
08950
#endif
08951
printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
08952
RSBAC_AUTH_LOGIN_PATH_DIR,
08953
RSBAC_AUTH_LOGIN_PATH_FILE);
08954
goto auth_out;
08955 }
08956
if (IS_ERR(t_dentry))
08957 {
08958 err = PTR_ERR(t_dentry);
08959
#ifdef CONFIG_RSBAC_RMSG
08960
rsbac_printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n",
08961
RSBAC_AUTH_LOGIN_PATH_DIR,
08962
RSBAC_AUTH_LOGIN_PATH_FILE,
08963 err);
08964
#endif
08965
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08966
if (!rsbac_nosyslog)
08967
#endif
08968
printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n",
08969
RSBAC_AUTH_LOGIN_PATH_DIR,
08970
RSBAC_AUTH_LOGIN_PATH_FILE,
08971 err);
08972
goto auth_out;
08973 }
08974
if (!t_dentry->d_inode)
08975 {
08976 err = -
RSBAC_ENOTFOUND;
08977
#ifdef CONFIG_RSBAC_RMSG
08978
rsbac_printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
08979
RSBAC_AUTH_LOGIN_PATH_DIR,
08980
RSBAC_AUTH_LOGIN_PATH_FILE);
08981
#endif
08982
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08983
if (!rsbac_nosyslog)
08984
#endif
08985
printk(KERN_WARNING
"rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
08986
RSBAC_AUTH_LOGIN_PATH_DIR,
08987
RSBAC_AUTH_LOGIN_PATH_FILE);
08988 dput(t_dentry);
08989
goto auth_out;
08990 }
08991
08992
if (!t_dentry->d_inode)
08993 {
08994
#ifdef CONFIG_RSBAC_RMSG
08995
rsbac_printk(KERN_WARNING
"rsbac_do_init(): file %s not found\n",
08996
RSBAC_AUTH_LOGIN_PATH);
08997
#endif
08998
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08999
if (!rsbac_nosyslog)
09000
#endif
09001
printk(KERN_WARNING
"rsbac_do_init(): file %s not found\n",
09002
RSBAC_AUTH_LOGIN_PATH);
09003 err = -
RSBAC_EINVALIDTARGET;
09004
goto auth_out_dput;
09005 }
09006
09007
if (!S_ISREG(t_dentry->d_inode->i_mode))
09008 {
09009
#ifdef CONFIG_RSBAC_RMSG
09010
rsbac_printk(KERN_WARNING
"rsbac_do_init(): %s is no file\n",
RSBAC_AUTH_LOGIN_PATH);
09011
#endif
09012
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09013
if (!rsbac_nosyslog)
09014
#endif
09015
printk(KERN_WARNING
"rsbac_do_init(): %s is no file\n",
RSBAC_AUTH_LOGIN_PATH);
09016 err = -
RSBAC_EINVALIDTARGET;
09017
goto auth_out_dput;
09018 }
09019 list_no = auth_fd_hash(t_dentry->d_inode->i_ino);
09020
rsbac_list_get_data(device_p->handles.auth[list_no],
09021 &t_dentry->d_inode->i_ino,
09022 &auth_fd_aci);
09023 auth_fd_aci.auth_may_setuid =
TRUE;
09024
if(
rsbac_list_add(device_p->handles.auth[list_no],
09025 &t_dentry->d_inode->i_ino,
09026 &auth_fd_aci))
09027 {
09028
#ifdef CONFIG_RSBAC_RMSG
09029
rsbac_printk(KERN_WARNING
09030
"rsbac_do_init(): Could not add AUTH file/dir item!\n");
09031
#endif
09032
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09033
if (!rsbac_nosyslog)
09034
#endif
09035
printk(KERN_WARNING
09036
"rsbac_do_init(): Could not add AUTH file/dir item!\n");
09037 err = -
RSBAC_ECOULDNOTADDITEM;
09038 }
09039
09040 auth_out_dput:
09041 auth_out:
09042 { }
09043 }
09044
#endif
09045
09046
#if defined(CONFIG_RSBAC_ACL)
09047
#ifdef CONFIG_RSBAC_DEBUG
09048
if(rsbac_debug_stack)
09049 {
09050
unsigned long * n = (
unsigned long *) (current+1);
09051
09052
while (!*n)
09053 n++;
09054
#ifdef CONFIG_RSBAC_RMSG
09055
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before init_acl: %lu\n",
09056 (
unsigned long) n - (
unsigned long)(current+1));
09057
#endif
09058
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09059
if (!rsbac_nosyslog)
09060
#endif
09061
printk(KERN_DEBUG
"rsbac_do_init: free stack before init_acl: %lu\n",
09062 (
unsigned long) n - (
unsigned long)(current+1));
09063 }
09064
#endif
09065
rsbac_init_acl();
09066
#endif
09067
09068
09069
#ifdef CONFIG_RSBAC_DEBUG
09070
if(rsbac_debug_stack)
09071 {
09072
unsigned long * n = (
unsigned long *) (current+1);
09073
09074
while (!*n)
09075 n++;
09076
#ifdef CONFIG_RSBAC_RMSG
09077
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before init_adf: %lu\n",
09078 (
unsigned long) n - (
unsigned long)(current+1));
09079
#endif
09080
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09081
if (!rsbac_nosyslog)
09082
#endif
09083
printk(KERN_DEBUG
"rsbac_do_init: free stack before init_adf: %lu\n",
09084 (
unsigned long) n - (
unsigned long)(current+1));
09085 }
09086
#endif
09087
rsbac_init_adf();
09088
09089
09090 drop_super(sb_p);
09091
09092
#if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS)
09093
pax_set_flags_func =
rsbac_pax_set_flags_func;
09094
#endif
09095
09096
09097
rsbac_initialized =
TRUE;
09098
09099
09100
#ifdef CONFIG_BLK_DEV_INITRD
09101
if(initrd_start)
09102 {
09103
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09104
sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,0));
09105
#else
09106
sb_p = get_super(MKDEV(RAMDISK_MAJOR,0));
09107
#endif
09108
if(sb_p)
09109 {
09110
rsbac_mount(sb_p,
NULL);
09111 drop_super(sb_p);
09112 }
09113
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09114
sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR));
09115
#else
09116
sb_p = get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR));
09117
#endif
09118
if(sb_p)
09119 {
09120
rsbac_mount(sb_p,
NULL);
09121 drop_super(sb_p);
09122 }
09123 }
09124
#endif
09125
09126
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09127
09128
if(
sysfs_covered_p
09129 &&
sysfs_sb_p
09130 )
09131 {
09132
#ifdef CONFIG_RSBAC_RMSG
09133
rsbac_printk(KERN_WARNING
"rsbac_do_init(): automounting sysfs device %02u:%02u\n",
09134 MAJOR(
sysfs_sb_p->s_dev), MINOR(
sysfs_sb_p->s_dev));
09135
#endif
09136
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09137
if (!rsbac_nosyslog)
09138
#endif
09139
printk(KERN_WARNING
"rsbac_do_init(): automounting sysfs device %02u:%02u\n",
09140 MAJOR(
sysfs_sb_p->s_dev), MINOR(
sysfs_sb_p->s_dev));
09141
rsbac_mount(
sysfs_sb_p,
sysfs_covered_p);
09142 }
09143
#endif
09144
09145
09146
#ifdef CONFIG_DEVFS_MOUNT
09147
if( devfs_covered_p
09148 && devfs_sb_p
09149 )
09150 {
09151
#ifdef CONFIG_RSBAC_RMSG
09152
rsbac_printk(KERN_WARNING
"rsbac_do_init(): automounting devfs device %02u:%02u\n",
09153 MAJOR(devfs_sb_p->s_dev), MINOR(devfs_sb_p->s_dev));
09154
#endif
09155
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09156
if (!rsbac_nosyslog)
09157
#endif
09158
printk(KERN_WARNING
"rsbac_do_init(): automounting devfs device %02u:%02u\n",
09159 MAJOR(devfs_sb_p->s_dev), MINOR(devfs_sb_p->s_dev));
09160
rsbac_mount(devfs_sb_p, devfs_covered_p);
09161 }
09162
#endif
09163
09164
09165
#ifdef CONFIG_RSBAC_INIT_CHECK
09166
#ifdef CONFIG_RSBAC_DEBUG
09167
if(rsbac_debug_stack)
09168 {
09169
unsigned long * n = (
unsigned long *) (current+1);
09170
09171
while (!*n)
09172 n++;
09173
#ifdef CONFIG_RSBAC_RMSG
09174
rsbac_printk(KERN_DEBUG
"rsbac_do_init: free stack before rsbac_check: %lu\n",
09175 (
unsigned long) n - (
unsigned long)(current+1));
09176
#endif
09177
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09178
if (!rsbac_nosyslog)
09179
#endif
09180
printk(KERN_DEBUG
"rsbac_do_init: free stack before rsbac_check: %lu\n",
09181 (
unsigned long) n - (
unsigned long)(current+1));
09182 }
09183
#endif
09184
#ifdef CONFIG_RSBAC_RMSG
09185
rsbac_printk(KERN_INFO
"rsbac_do_init(): Forcing consistency check.\n");
09186
#endif
09187
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09188
if (!rsbac_nosyslog)
09189
#endif
09190
printk(KERN_INFO
"rsbac_do_init(): Forcing consistency check.\n");
09191
rsbac_check_lists(1);
09192
rsbac_check(1,0);
09193
09194
#if defined(CONFIG_RSBAC_AUTH)
09195
rsbac_check_auth(1,0);
09196
#endif
09197
#if defined(CONFIG_RSBAC_ACL)
09198
rsbac_check_acl(1,0);
09199
#endif
09200
#endif
09201
09202
if (!current->fs)
09203 {
09204
#ifdef CONFIG_RSBAC_RMSG
09205
rsbac_printk(KERN_WARNING
"rsbac_do_init(): current->fs is invalid!\n");
09206
#endif
09207
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09208
if (!rsbac_nosyslog)
09209
#endif
09210
printk(KERN_WARNING
"rsbac_do_init(): current->fs is invalid!\n");
09211 err = -
RSBAC_EINVALIDPOINTER;
09212 }
09213 out:
09214
09215
#ifdef CONFIG_RSBAC_RMSG
09216
rsbac_printk(KERN_INFO
"rsbac_do_init(): Ready.\n");
09217
#endif
09218
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09219
if (!rsbac_nosyslog)
09220
#endif
09221
printk(KERN_INFO
"rsbac_do_init(): Ready.\n");
09222
09223 kfree(list_info_p);
09224
return(err);
09225
09226 out_free:
09227
09228 drop_super(sb_p);
09229
goto out;
09230 };
09231
09232
09233
#if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
09234
|| defined(CONFIG_RSBAC_INIT_THREAD)
09235
09236
void wakeup_rsbacd(u_long dummy)
09237 {
09238 wake_up(&rsbacd_wait);
09239 }
09240
#endif
09241
09242
#ifdef CONFIG_RSBAC_INIT_THREAD
09243
09244
static int rsbac_initd(
void * dummy)
09245 {
09246 printk(KERN_INFO
"rsbac_initd(): Initializing.\n");
09247
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09248
daemonize(
"rsbac_initd");
09249
#else
09250
current->session = 1;
09251 current->pgrp = 1;
09252 strcpy(current->comm,
"rsbac_initd");
09253
#endif
09254
09255
09256
09257
09258
#ifdef CONFIG_RSBAC_DEBUG
09259
if(rsbac_debug_stack)
09260 {
09261
unsigned long * n = (
unsigned long *) (current+1);
09262
09263
while (!*n)
09264 n++;
09265 printk(KERN_DEBUG
"rsbac_initd: free stack before rsbac_do_init(): %lu\n",
09266 (
unsigned long) n - (
unsigned long)(current+1));
09267 }
09268
#endif
09269
09270
rsbac_do_init();
09271
09272
#ifdef CONFIG_RSBAC_DEBUG
09273
if(rsbac_debug_stack)
09274 {
09275
unsigned long * n = (
unsigned long *) (current+1);
09276
09277
while (!*n)
09278 n++;
09279 printk(KERN_DEBUG
"rsbac_initd: free stack after rsbac_do_init(): %lu\n",
09280 (
unsigned long) n - (
unsigned long)(current+1));
09281 }
09282
#endif
09283
09284 wake_up(&rsbacd_wait);
09285
09286 printk(KERN_INFO
"rsbac_initd(): Exiting.\n");
09287 do_exit(0);
09288
return 0;
09289 }
09290
#endif
09291
09292
#if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
09293
09294
static int rsbacd(
void * dummy)
09295 {
09296
struct task_struct *tsk = current;
09297
char * name =
rsbac_kmalloc(RSBAC_MAXNAMELEN);
09298
#if 0
09299
#if defined(CONFIG_RSBAC_DAZ_CACHE)
09300
rsbac_time_t daz_cleanup_time
09301 = jiffies + HZ * RSBAC_DAZ_CACHE_CLEANUP_INTERVAL;
09302
int i;
09303
struct rsbac_device_list_item_t * device_p;
09304 u_long dflags;
09305
#endif
09306
#endif
09307
09308
#ifdef CONFIG_RSBAC_RMSG
09309
rsbac_printk(KERN_INFO
"rsbacd(): Initializing.\n");
09310
#endif
09311
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09312
if (!rsbac_nosyslog)
09313
#endif
09314
printk(KERN_INFO
"rsbacd(): Initializing.\n");
09315
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09316
daemonize(
"rsbacd");
09317
#else
09318
tsk->session = 1;
09319 tsk->pgrp = 1;
09320 strcpy(tsk->comm,
"rsbacd");
09321
#endif
09322
09323
09324
09325 sys_close(0);
09326 sys_close(1);
09327 sys_close(2);
09328
#ifdef CONFIG_RSBAC_INIT_DELAY
09329
reparent_to_init();
09330
#endif
09331
09332
#ifdef CONFIG_RSBAC_DEBUG
09333
if(rsbac_debug_auto)
09334 {
09335
#ifdef CONFIG_RSBAC_RMSG
09336
rsbac_printk(KERN_DEBUG
"rsbacd(): Setting auto timer.\n");
09337
#endif
09338
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09339
if (!rsbac_nosyslog)
09340
#endif
09341
printk(KERN_DEBUG
"rsbacd(): Setting auto timer.\n");
09342 }
09343
#endif
09344
09345
#ifndef CONFIG_RSBAC_INIT_THREAD
09346
init_timer(&rsbac_timer);
09347 rsbac_timer.function =
wakeup_rsbacd;
09348 rsbac_timer.data = 0;
09349 rsbac_timer.expires = jiffies + auto_interval;
09350 add_timer(&rsbac_timer);
09351
#endif
09352
09353
#ifdef CONFIG_RSBAC_DEBUG
09354
if(rsbac_debug_stack)
09355 {
09356
unsigned long * n = (
unsigned long *) (current+1);
09357
09358
while (!*n)
09359 n++;
09360
#ifdef CONFIG_RSBAC_RMSG
09361
rsbac_printk(KERN_DEBUG
"rsbacd: free stack: %lu\n",
09362 (
unsigned long) n - (
unsigned long)(current+1));
09363
#endif
09364
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09365
if (!rsbac_nosyslog)
09366
#endif
09367
printk(KERN_DEBUG
"rsbacd: free stack: %lu\n",
09368 (
unsigned long) n - (
unsigned long)(current+1));
09369 }
09370
#endif
09371
for(;;)
09372 {
09373
09374
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09375
09376 flush_signals(tsk);
09377 spin_lock_irq(&tsk->sighand->siglock);
09378 flush_signal_handlers(tsk, 1);
09379 sigemptyset(&tsk->blocked);
09380 recalc_sigpending();
09381 spin_unlock_irq(&tsk->sighand->siglock);
09382
#else
09383
spin_lock_irq(&tsk->sigmask_lock);
09384 flush_signals(tsk);
09385 sigfillset(&tsk->blocked);
09386 recalc_sigpending(tsk);
09387 spin_unlock_irq(&tsk->sigmask_lock);
09388
#endif
09389
09390 mod_timer(&rsbac_timer, jiffies + auto_interval);
09391 interruptible_sleep_on(&rsbacd_wait);
09392
09393
09394
09395
#if 0
09396
09397
#if defined(CONFIG_RSBAC_DAZ_CACHE)
09398
if(jiffies >= daz_cleanup_time)
09399 {
09400 daz_cleanup_time = jiffies + HZ * RSBAC_DAZ_CACHE_CLEANUP_INTERVAL;
09401
#ifdef CONFIG_RSBAC_DEBUG
09402
if (rsbac_debug_auto)
09403 {
09404
#ifdef CONFIG_RSBAC_RMSG
09405
rsbac_printk(KERN_DEBUG
09406
"rsbacd(): cleaning up DAZ scanned lists\n");
09407
#endif
09408
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09409
if (!rsbac_nosyslog)
09410
#endif
09411
printk(KERN_DEBUG
09412
"rsbacd(): cleaning up DAZ scanned lists\n");
09413 }
09414
#endif
09415
09416 rsbac_read_lock(&
device_list_head.lock, &dflags);
09417
09418 device_p =
device_list_head.head;
09419
while (device_p)
09420 {
09421
for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
09422 {
09423
rsbac_list_check(device_p->handles.dazs[i], TRUE);
09424 }
09425 device_p = device_p->next;
09426 }
09427 rsbac_read_unlock(&
device_list_head.lock, &dflags);
09428 }
09429
#endif
09430
#endif
09431
09432
09433
if(
rsbac_initialized && !
rsbac_debug_no_write)
09434 {
09435
int err=0;
09436
09437
09438
09439
09440
09441
09442
09443
09444 down(&rsbac_write_sem);
09445
if(!
rsbac_debug_no_write)
09446 {
09447
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09448
err =
rsbac_write(FALSE);
09449
#else
09450
err =
rsbac_write(TRUE);
09451
#endif
09452
}
09453 up(&rsbac_write_sem);
09454
if(err < 0)
09455 {
09456
#ifdef CONFIG_RSBAC_RMSG
09457
if(name)
09458 rsbac_printk(KERN_WARNING
09459
"rsbacd(): rsbac_write returned error %s!\n",
09460
get_error_name(name,err));
09461
else
09462 rsbac_printk(KERN_WARNING
09463
"rsbacd(): rsbac_write returned error %i!\n",
09464 err);
09465
#endif
09466
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09467
if (!rsbac_nosyslog)
09468
#endif
09469
{
09470
if(name)
09471 printk(KERN_WARNING
09472
"rsbacd(): rsbac_write returned error %s!\n",
09473
get_error_name(name,err));
09474
else
09475 printk(KERN_WARNING
09476
"rsbacd(): rsbac_write returned error %i!\n",
09477 err);
09478 }
09479 }
09480
#ifdef CONFIG_RSBAC_DEBUG
09481
else
09482
if (rsbac_debug_auto && (err > 0))
09483 {
09484
#ifdef CONFIG_RSBAC_RMSG
09485
rsbac_printk(KERN_DEBUG
09486
"rsbacd(): rsbac_write() wrote %i lists\n", err);
09487
#endif
09488
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09489
if (!rsbac_nosyslog)
09490
#endif
09491
printk(KERN_DEBUG
09492
"rsbacd(): rsbac_write() wrote %i lists\n", err);
09493 }
09494
#endif
09495
}
09496 }
09497 }
09498
#endif
09499
09500
09501
09502
09503
09504
09505
09506
09507
09508
extern long sys_kill(
int pid,
int sig);
09509
09510
09511
#ifdef CONFIG_RSBAC_INIT_DELAY
09512
int rsbac_init(kdev_t root_dev)
09513 #
else
09514 int __init
rsbac_init(kdev_t root_dev)
09515 #endif
09516 {
09517
int err = 0;
09518
#if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
09519
|| defined(CONFIG_RSBAC_INIT_THREAD)
09520
rsbac_pid_t rsbacd_pid;
09521
#endif
09522
09523
if (
rsbac_initialized)
09524 {
09525 printk(KERN_WARNING
"rsbac_init(): RSBAC already initialized\n");
09526
return(-
RSBAC_EREINIT);
09527 }
09528
if (!current->fs)
09529 {
09530 printk(KERN_WARNING
"rsbac_init(): current->fs is invalid!\n");
09531
return(-
RSBAC_EINVALIDPOINTER);
09532 }
09533
09534
rsbac_root_dev = root_dev;
09535
09536
#if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
09537
|| defined(CONFIG_RSBAC_INIT_THREAD)
09538
09539 init_waitqueue_head(&rsbacd_wait);
09540
#endif
09541
09542
#ifdef CONFIG_RSBAC_INIT_THREAD
09543
09544
#ifdef CONFIG_RSBAC_MAX_INIT_TIME
09545
#endif
09546
printk(KERN_INFO
"rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
09547 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
09548 init_timer(&rsbac_timer);
09549 rsbac_timer.function =
wakeup_rsbacd;
09550 rsbac_timer.data = 0;
09551 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
09552 add_timer(&rsbac_timer);
09553
09554
09555 rsbacd_pid = kernel_thread(rsbac_initd,
NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
09556 printk(KERN_INFO
"rsbac_init(): Started rsbac_initd thread with pid %u\n",
09557 rsbacd_pid);
09558
09559
if(!
rsbac_initialized)
09560 interruptible_sleep_on(&rsbacd_wait);
09561
if(!
rsbac_initialized)
09562 {
09563 printk(KERN_ERR
09564
"rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
09565 printk(KERN_ERR
09566
"rsbac_init(): *** Killing rsbac_initd! ***\n");
09567
sys_kill(rsbacd_pid, SIGKILL);
09568
rsbac_initialized =
FALSE;
09569 }
09570
#else
09571
rsbac_do_init();
09572
#endif
09573
09574
#if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
09575
if(
rsbac_initialized)
09576 {
09577
09578 rsbacd_pid = kernel_thread(rsbacd,
NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
09579
if(rsbacd_pid < 0)
09580 {
09581
#ifdef CONFIG_RSBAC_RMSG
09582
rsbac_printk(KERN_ERR
09583
"rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
09584 rsbacd_pid);
09585
#endif
09586
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09587
if (!rsbac_nosyslog)
09588
#endif
09589
printk(KERN_ERR
09590
"rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
09591 rsbacd_pid);
09592 }
09593
else
09594 {
09595
#ifdef CONFIG_RSBAC_RMSG
09596
rsbac_printk(KERN_INFO
"rsbac_init(): Started rsbacd thread with pid %u\n",
09597 rsbacd_pid);
09598
#endif
09599
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09600
if (!rsbac_nosyslog)
09601
#endif
09602
printk(KERN_INFO
"rsbac_init(): Started rsbacd thread with pid %u\n",
09603 rsbacd_pid);
09604 }
09605 }
09606
#endif
09607
09608
09609
09610
#ifdef CONFIG_RSBAC_INIT_THREAD
09611
sys_wait4(-1,
NULL, WNOHANG,
NULL);
09612
#endif
09613
09614
09615
#if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
09616
{
09617
#ifdef CONFIG_RSBAC_MAC
09618
struct rsbac_mac_user_aci_t mac_u_aci;
09619
#endif
09620
#ifdef CONFIG_RSBAC_RC
09621
struct rsbac_rc_user_aci_t rc_u_aci;
09622
struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
09623
#endif
09624
rsbac_uid_t user =
RSBAC_SYSADM_UID;
09625
rsbac_pid_t pid = 1;
09626
struct task_struct * p;
09627
09628
#ifdef CONFIG_RSBAC_RMSG
09629
rsbac_printk(KERN_INFO
"rsbac_init(): Adjusting attributes of existing processes\n");
09630
#endif
09631
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09632
if (!rsbac_nosyslog)
09633
#endif
09634
printk(KERN_INFO
"rsbac_init(): Adjusting attributes of existing processes\n");
09635
09636
#ifdef CONFIG_RSBAC_MAC
09637
if(!
rsbac_list_get_data(
user_handles.mac, &user, &mac_u_aci))
09638 {
09639 mac_init_p_aci.owner_sec_level = mac_u_aci.security_level;
09640 mac_init_p_aci.owner_initial_sec_level = mac_u_aci.initial_security_level;
09641 mac_init_p_aci.current_sec_level = mac_u_aci.initial_security_level;
09642 mac_init_p_aci.owner_min_sec_level = mac_u_aci.min_security_level;
09643 mac_init_p_aci.mac_owner_categories = mac_u_aci.mac_categories;
09644 mac_init_p_aci.mac_owner_initial_categories = mac_u_aci.mac_initial_categories;
09645 mac_init_p_aci.mac_curr_categories = mac_u_aci.mac_initial_categories;
09646 mac_init_p_aci.mac_owner_min_categories = mac_u_aci.mac_min_categories;
09647 mac_init_p_aci.min_write_open = mac_u_aci.security_level;
09648 mac_init_p_aci.max_read_open = mac_u_aci.min_security_level;
09649 mac_init_p_aci.min_write_categories = mac_u_aci.mac_categories;
09650 mac_init_p_aci.max_read_categories = mac_u_aci.mac_min_categories;
09651 mac_init_p_aci.mac_process_flags
09652 = (mac_u_aci.mac_user_flags &
RSBAC_MAC_P_FLAGS) |
RSBAC_MAC_DEF_INIT_P_FLAGS;
09653 }
09654
#endif
09655
09656
09657
#ifdef CONFIG_RSBAC_MAC
09658
if(
rsbac_list_add(
process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
09659 printk(KERN_WARNING
09660
"rsbac_do_init(): MAC ACI for Init process 1 could not be added!");
09661
#endif
09662
#ifdef CONFIG_RSBAC_RC
09663
09664
if(
rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role))
09665 {
09666
if(!
rsbac_list_get_data(
user_handles.rc, &user, &rc_u_aci))
09667 {
09668 rc_init_p_aci.rc_role = rc_u_aci.rc_role;
09669 }
09670
else
09671 {
09672 rsbac_ds_get_error(
"rsbac_do_init",
A_rc_def_role);
09673 rc_init_p_aci.rc_role =
RSBAC_RC_GENERAL_ROLE;
09674 }
09675 }
09676 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
09677
if(
rsbac_list_add(
process_handles.rc[rc_p_hash(pid)], &pid, &rc_init_p_aci))
09678 printk(KERN_WARNING
09679
"rsbac_do_init(): RC ACI for Init process 1 could not be added!");
09680
#endif
09681
read_lock(&tasklist_lock);
09682
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09683
for_each_task(p)
09684 #
else
09685 for_each_process(p)
09686 #endif
09687 {
09688
09689
if(!p->pid || (p->pid == 1))
09690
continue;
09691 pid = p->pid;
09692
#ifdef CONFIG_RSBAC_DEBUG
09693
if (rsbac_debug_ds)
09694 {
09695
#ifdef CONFIG_RSBAC_RMSG
09696
rsbac_printk(KERN_DEBUG
"rsbac_do_init(): setting aci for process %u\n",
09697 pid);
09698
#endif
09699
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09700
if (!rsbac_nosyslog)
09701
#endif
09702
printk(KERN_DEBUG
"rsbac_do_init(): setting aci for process %u\n",
09703 pid);
09704 }
09705
#endif
09706
#ifdef CONFIG_RSBAC_MAC
09707
if(
rsbac_list_add(
process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
09708 printk(KERN_WARNING
09709
"rsbac_do_init(): MAC ACI for Init process %u could not be added!",
09710 pid);
09711
#endif
09712
#ifdef CONFIG_RSBAC_RC
09713
if(!p->mm)
09714 {
09715
if(
rsbac_list_add(
process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
09716 printk(KERN_WARNING
09717
"rsbac_do_init(): RC ACI for Kernel process %u could not be added!",
09718 pid);
09719 }
09720
#endif
09721
}
09722 read_unlock(&tasklist_lock);
09723 }
09724
#endif
09725
09726 printk(KERN_INFO
"rsbac_init(): Ready.\n");
09727
return(err);
09728 };
09729
09730
09731
09732
#if defined(CONFIG_RSBAC_REG)
09733
EXPORT_SYMBOL(rsbac_is_initialized);
09734
#endif
09735 inline boolean rsbac_is_initialized(
void)
09736 {
09737
return rsbac_initialized;
09738 };
09739
09740 int rsbac_kthread_notify(
rsbac_pid_t pid)
09741 {
09742
if (!
rsbac_initialized)
09743
return 0;
09744
09745
#ifdef CONFIG_RSBAC_MAC
09746
if(
rsbac_list_add(
process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
09747 printk(KERN_WARNING
09748
"rsbac_do_init(): MAC ACI for kernel process %u could not be added!",
09749 pid);
09750
#endif
09751
#ifdef CONFIG_RSBAC_RC
09752
if(
rsbac_list_add(
process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
09753 printk(KERN_WARNING
09754
"rsbac_do_init(): RC ACI for kernel process %u could not be added!",
09755 pid);
09756
#endif
09757
return 0;
09758 }
09759
09760
09761
09762 int rsbac_mount(
struct super_block * sb_p,
struct dentry * d_covers)
09763 {
09764
int err = 0;
09765
struct rsbac_device_list_item_t * device_p;
09766
struct rsbac_device_list_item_t * new_device_p;
09767 u_long flags;
09768
boolean old_no_write;
09769
09770
if(!sb_p)
09771 {
09772
#ifdef CONFIG_RSBAC_RMSG
09773
rsbac_printk(KERN_WARNING
09774
"rsbac_mount(): called with NULL pointer\n");
09775
#endif
09776
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09777
if (!rsbac_nosyslog)
09778
#endif
09779
printk(KERN_WARNING
09780
"rsbac_mount(): called with NULL pointer\n");
09781
return -
RSBAC_EINVALIDPOINTER;
09782 }
09783
if (!
rsbac_initialized)
09784 {
09785
#ifdef CONFIG_RSBAC_INIT_DELAY
09786
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09787
if( !RSBAC_MAJOR(rsbac_delayed_root)
09788 && !RSBAC_MINOR(rsbac_delayed_root)
09789 && rsbac_delayed_root_str[0]
09790 )
09791 {
09792
char * p = rsbac_delayed_root_str;
09793 u_int major = 0;
09794 u_int minor = 0;
09795
09796 major = simple_strtoul(p,
NULL, 0);
09797
while((*p !=
':') && (*p !=
'\0'))
09798 p++;
09799
if(*p)
09800 {
09801 p++;
09802 minor = simple_strtoul(p,
NULL, 0);
09803 }
09804 rsbac_delayed_root = RSBAC_MKDEV(major,minor);
09805 }
09806
#endif
09807
if( !rsbac_no_delay_init
09808 && ( ( !RSBAC_MAJOR(rsbac_delayed_root)
09809 && !RSBAC_MINOR(rsbac_delayed_root)
09810 && (MAJOR(sb_p->s_dev) > 1)
09811 )
09812 || ( ( RSBAC_MAJOR(rsbac_delayed_root)
09813 || RSBAC_MINOR(rsbac_delayed_root)
09814 )
09815 && ( (MAJOR(sb_p->s_dev) == RSBAC_MAJOR(rsbac_delayed_root))
09816 && ( !RSBAC_MINOR(rsbac_delayed_root)
09817 || (MINOR(sb_p->s_dev) == RSBAC_MINOR(rsbac_delayed_root))
09818 )
09819 )
09820 )
09821 )
09822 )
09823 {
09824
if(RSBAC_MAJOR(rsbac_delayed_root) || RSBAC_MINOR(rsbac_delayed_root))
09825 {
09826
#ifdef CONFIG_RSBAC_RMSG
09827
rsbac_printk(KERN_INFO
09828
"rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
09829 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
09830 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root));
09831
#endif
09832
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09833
if (!rsbac_nosyslog)
09834
#endif
09835
printk(KERN_INFO
09836
"rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
09837 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
09838 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root));
09839 }
09840
else
09841 {
09842
#ifdef CONFIG_RSBAC_RMSG
09843
rsbac_printk(KERN_INFO
09844
"rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
09845 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
09846
#endif
09847
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09848
if (!rsbac_nosyslog)
09849
#endif
09850
printk(KERN_INFO
09851
"rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
09852 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
09853 }
09854
rsbac_init(sb_p->s_dev);
09855
return 0;
09856 }
09857
#endif
09858
09859
#ifdef CONFIG_RSBAC_RMSG
09860
rsbac_printk(KERN_WARNING
09861
"rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
09862 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
09863
#endif
09864
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09865
if (!rsbac_nosyslog)
09866
#endif
09867
printk(KERN_WARNING
09868
"rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
09869 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
09870
09871
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09872
if( (sb_p->s_magic ==
SYSFS_MAGIC)
09873 && !RSBAC_MAJOR(sb_p->s_dev)
09874 )
09875 {
09876
#ifdef CONFIG_RSBAC_RMSG
09877
rsbac_printk(KERN_WARNING
09878
"rsbac_mount(): sysfs mount detected, keeping values for later use\n");
09879
#endif
09880
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09881
if (!rsbac_nosyslog)
09882
#endif
09883
printk(KERN_WARNING
09884
"rsbac_mount(): sysfs mount detected, keeping values for later use\n");
09885
sysfs_sb_p = sb_p;
09886
sysfs_covered_p = d_covers;
09887 }
09888
#endif
09889
#ifdef CONFIG_DEVFS_MOUNT
09890
if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
09891 && !RSBAC_MAJOR(sb_p->s_dev)
09892 )
09893 {
09894
#ifdef CONFIG_RSBAC_RMSG
09895
rsbac_printk(KERN_WARNING
09896
"rsbac_mount(): devfs mount detected, keeping values for later use\n");
09897
#endif
09898
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09899
if (!rsbac_nosyslog)
09900
#endif
09901
printk(KERN_WARNING
09902
"rsbac_mount(): devfs mount detected, keeping values for later use\n");
09903 devfs_sb_p = sb_p;
09904 devfs_covered_p = d_covers;
09905 }
09906
#endif
09907
return(-
RSBAC_ENOTINITIALIZED);
09908 }
09909
#ifdef CONFIG_RSBAC_DEBUG
09910
if (rsbac_debug_ds)
09911 {
09912
#ifdef CONFIG_RSBAC_RMSG
09913
rsbac_printk(KERN_DEBUG
"rsbac_mount(): mounting device %02u:%02u\n",
09914 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
09915
#endif
09916
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09917
if (!rsbac_nosyslog)
09918
#endif
09919
printk(KERN_DEBUG
"rsbac_mount(): mounting device %02u:%02u\n",
09920 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
09921 }
09922
if(rsbac_debug_stack)
09923 {
09924
unsigned long * n = (
unsigned long *) (current+1);
09925
09926
while (!*n)
09927 n++;
09928
#ifdef CONFIG_RSBAC_RMSG
09929
rsbac_printk(KERN_DEBUG
"rsbac_mount: free stack: %lu\n",
09930 (
unsigned long) n - (
unsigned long)(current+1));
09931
#endif
09932
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09933
if (!rsbac_nosyslog)
09934
#endif
09935
printk(KERN_DEBUG
"rsbac_mount: free stack: %lu\n",
09936 (
unsigned long) n - (
unsigned long)(current+1));
09937 }
09938
#endif
09939
down(&
rsbac_write_sem);
09940 old_no_write =
rsbac_debug_no_write;
09941
rsbac_debug_no_write =
TRUE;
09942 up(&
rsbac_write_sem);
09943
09944 rsbac_read_lock(&
device_list_head.lock, &flags);
09945 device_p =
lookup_device(sb_p->s_dev);
09946
09947
if(device_p)
09948 {
09949
#ifdef CONFIG_RSBAC_RMSG
09950
rsbac_printk(KERN_INFO
"rsbac_mount: repeated mount %u of device %02u:%02u\n",
09951 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
09952
#endif
09953
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09954
if (!rsbac_nosyslog)
09955
#endif
09956
printk(KERN_INFO
"rsbac_mount: repeated mount %u of device %02u:%02u\n",
09957 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
09958 device_p->mount_count++;
09959
if( d_covers
09960 && !device_p->d_covers
09961 && (MAJOR(sb_p->s_dev) != MAJOR(
rsbac_root_dev))
09962 && (MINOR(sb_p->s_dev) != MINOR(
rsbac_root_dev))
09963 )
09964 {
09965
#ifdef CONFIG_RSBAC_RMSG
09966
rsbac_printk(KERN_WARNING
"rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
09967 d_covers);
09968
#endif
09969
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09970
if (!rsbac_nosyslog)
09971
#endif
09972
printk(KERN_WARNING
"rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
09973 d_covers);
09974 device_p->d_covers = d_covers;
09975 }
09976 rsbac_read_unlock(&
device_list_head.lock, &flags);
09977 }
09978
else
09979 {
09980 rsbac_read_unlock(&
device_list_head.lock, &flags);
09981
09982 new_device_p =
create_device_item(sb_p, d_covers);
09983
#ifdef CONFIG_RSBAC_DEBUG
09984
if(rsbac_debug_stack)
09985 {
09986
unsigned long * n = (
unsigned long *) (current+1);
09987
09988
while (!*n)
09989 n++;
09990
#ifdef CONFIG_RSBAC_RMSG
09991
rsbac_printk(KERN_DEBUG
"rsbac_mount: after creating device item: free stack: %lu\n",
09992 (
unsigned long) n - (
unsigned long)(current+1));
09993
#endif
09994
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09995
if (!rsbac_nosyslog)
09996
#endif
09997
printk(KERN_DEBUG
"rsbac_mount: after creating device item: free stack: %lu\n",
09998 (
unsigned long) n - (
unsigned long)(current+1));
09999 }
10000
#endif
10001
if(!new_device_p)
10002 {
10003
rsbac_debug_no_write = old_no_write;
10004
return -
RSBAC_ECOULDNOTADDDEVICE;
10005 }
10006
10007 rsbac_read_lock(&
device_list_head.lock, &flags);
10008
10009 device_p =
lookup_device(sb_p->s_dev);
10010
if(device_p)
10011 {
10012
#ifdef CONFIG_RSBAC_RMSG
10013
rsbac_printk(KERN_WARNING
10014
"rsbac_mount(): mount race for device %02u:%02u detected!\n",
10015 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10016
#endif
10017
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10018
if (!rsbac_nosyslog)
10019
#endif
10020
printk(KERN_WARNING
10021
"rsbac_mount(): mount race for device %02u:%02u detected!\n",
10022 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10023 device_p->mount_count++;
10024 rsbac_read_unlock(&
device_list_head.lock, &flags);
10025
clear_device_item(new_device_p);
10026 }
10027
else
10028 {
10029 rsbac_read_unlock(&
device_list_head.lock, &flags);
10030 rsbac_write_lock(&
device_list_head.lock, &flags);
10031 device_p =
add_device_item(new_device_p);
10032 rsbac_write_unlock(&
device_list_head.lock, &flags);
10033
if(!device_p)
10034 {
10035
#ifdef CONFIG_RSBAC_RMSG
10036
rsbac_printk(KERN_WARNING
"rsbac_mount: adding device %02u:%02u failed!\n",
10037 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10038
#endif
10039
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10040
if (!rsbac_nosyslog)
10041
#endif
10042
printk(KERN_WARNING
"rsbac_mount: adding device %02u:%02u failed!\n",
10043 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10044
clear_device_item(new_device_p);
10045
rsbac_debug_no_write = old_no_write;
10046
return -
RSBAC_ECOULDNOTADDDEVICE;
10047 }
10048 }
10049
10050
10051
rsbac_list_mount(sb_p->s_dev);
10052
10053
10054
if((err =
register_fd_lists(new_device_p, sb_p->s_dev)))
10055 {
10056
char * tmp;
10057
10058 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
10059
if(tmp)
10060 {
10061
#ifdef CONFIG_RSBAC_RMSG
10062
rsbac_printk(KERN_WARNING
10063
"rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
10064 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
get_error_name(tmp,err));
10065
#endif
10066
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10067
if (!rsbac_nosyslog)
10068
#endif
10069
printk(KERN_WARNING
10070
"rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
10071 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
get_error_name(tmp,err));
10072
rsbac_kfree(tmp);
10073 }
10074 }
10075
#ifdef CONFIG_RSBAC_DEBUG
10076
if(rsbac_debug_stack)
10077 {
10078
unsigned long * n = (
unsigned long *) (current+1);
10079
10080
while (!*n)
10081 n++;
10082
#ifdef CONFIG_RSBAC_RMSG
10083
rsbac_printk(KERN_DEBUG
"rsbac_mount: after registering fd lists: free stack: %lu\n",
10084 (
unsigned long) n - (
unsigned long)(current+1));
10085
#endif
10086
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10087
if (!rsbac_nosyslog)
10088
#endif
10089
printk(KERN_DEBUG
"rsbac_mount: after registering fd lists: free stack: %lu\n",
10090 (
unsigned long) n - (
unsigned long)(current+1));
10091 }
10092
#endif
10093
}
10094
10095
10096
10097
#if defined(CONFIG_RSBAC_MAC)
10098
rsbac_mount_mac(sb_p->s_dev);
10099
#ifdef CONFIG_RSBAC_DEBUG
10100
if(rsbac_debug_stack)
10101 {
10102
unsigned long * n = (
unsigned long *) (current+1);
10103
10104
while (!*n)
10105 n++;
10106
#ifdef CONFIG_RSBAC_RMSG
10107
rsbac_printk(KERN_DEBUG
"rsbac_mount: after mount_mac: free stack: %lu\n",
10108 (
unsigned long) n - (
unsigned long)(current+1));
10109
#endif
10110
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10111
if (!rsbac_nosyslog)
10112
#endif
10113
printk(KERN_DEBUG
"rsbac_mount: after mount_mac: free stack: %lu\n",
10114 (
unsigned long) n - (
unsigned long)(current+1));
10115 }
10116
#endif
10117
#endif
10118
10119
#if defined(CONFIG_RSBAC_AUTH)
10120
rsbac_mount_auth(sb_p->s_dev);
10121
#ifdef CONFIG_RSBAC_DEBUG
10122
if(rsbac_debug_stack)
10123 {
10124
unsigned long * n = (
unsigned long *) (current+1);
10125
10126
while (!*n)
10127 n++;
10128
#ifdef CONFIG_RSBAC_RMSG
10129
rsbac_printk(KERN_DEBUG
"rsbac_mount: after mount_auth: free stack: %lu\n",
10130 (
unsigned long) n - (
unsigned long)(current+1));
10131
#endif
10132
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10133
if (!rsbac_nosyslog)
10134
#endif
10135
printk(KERN_DEBUG
"rsbac_mount: after mount_auth: free stack: %lu\n",
10136 (
unsigned long) n - (
unsigned long)(current+1));
10137 }
10138
#endif
10139
#endif
10140
10141
#if defined(CONFIG_RSBAC_ACL)
10142
rsbac_mount_acl(sb_p->s_dev);
10143
#ifdef CONFIG_RSBAC_DEBUG
10144
if(rsbac_debug_stack)
10145 {
10146
unsigned long * n = (
unsigned long *) (current+1);
10147
10148
while (!*n)
10149 n++;
10150
#ifdef CONFIG_RSBAC_RMSG
10151
rsbac_printk(KERN_DEBUG
"rsbac_mount: after mount_acl: free stack: %lu\n",
10152 (
unsigned long) n - (
unsigned long)(current+1));
10153
#endif
10154
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10155
if (!rsbac_nosyslog)
10156
#endif
10157
printk(KERN_DEBUG
"rsbac_mount: after mount_acl: free stack: %lu\n",
10158 (
unsigned long) n - (
unsigned long)(current+1));
10159 }
10160
#endif
10161
#endif
10162
10163
#if defined(CONFIG_RSBAC_REG)
10164
rsbac_mount_reg(sb_p->s_dev);
10165
#ifdef CONFIG_RSBAC_DEBUG
10166
if(rsbac_debug_stack)
10167 {
10168
unsigned long * n = (
unsigned long *) (current+1);
10169
10170
while (!*n)
10171 n++;
10172
#ifdef CONFIG_RSBAC_RMSG
10173
rsbac_printk(KERN_DEBUG
"rsbac_mount: after mount_reg: free stack: %lu\n",
10174 (
unsigned long) n - (
unsigned long)(current+1));
10175
#endif
10176
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10177
if (!rsbac_nosyslog)
10178
#endif
10179
printk(KERN_DEBUG
"rsbac_mount: after mount_reg: free stack: %lu\n",
10180 (
unsigned long) n - (
unsigned long)(current+1));
10181 }
10182
#endif
10183
#endif
10184
10185
rsbac_debug_no_write = old_no_write;
10186
return(err);
10187 };
10188
10189
10190
10191
10192 int rsbac_umount(
struct super_block * sb_p,
struct dentry * d_covers)
10193 {
10194 u_long flags;
10195
struct rsbac_device_list_item_t * device_p;
10196 kdev_t kdev;
10197
10198
if(!sb_p)
10199 {
10200
#ifdef CONFIG_RSBAC_RMSG
10201
rsbac_printk(KERN_WARNING
10202
"rsbac_umount(): called with NULL pointer\n");
10203
#endif
10204
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10205
if (!rsbac_nosyslog)
10206
#endif
10207
printk(KERN_WARNING
10208
"rsbac_umount(): called with NULL pointer\n");
10209
return -
RSBAC_EINVALIDPOINTER;
10210 }
10211
if (!
rsbac_initialized)
10212 {
10213
#ifdef CONFIG_RSBAC_RMSG
10214
rsbac_printk(KERN_WARNING
"rsbac_umount(): RSBAC not initialized\n");
10215
#endif
10216
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10217
if (!rsbac_nosyslog)
10218
#endif
10219
printk(KERN_WARNING
"rsbac_umount(): RSBAC not initialized\n");
10220
10221
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
10222
if( (sb_p->s_magic ==
SYSFS_MAGIC)
10223 && !RSBAC_MAJOR(sb_p->s_dev)
10224 &&
sysfs_sb_p
10225 &&
sysfs_covered_p
10226 )
10227 {
10228
#ifdef CONFIG_RSBAC_RMSG
10229
rsbac_printk(KERN_WARNING
10230
"rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
10231
#endif
10232
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10233
if (!rsbac_nosyslog)
10234
#endif
10235
printk(KERN_WARNING
10236
"rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
10237
sysfs_sb_p =
NULL;
10238
sysfs_covered_p =
NULL;
10239 }
10240
#endif
10241
#ifdef CONFIG_DEVFS_MOUNT
10242
if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
10243 && !RSBAC_MAJOR(sb_p->s_dev)
10244 && devfs_sb_p
10245 && devfs_covered_p
10246 )
10247 {
10248
#ifdef CONFIG_RSBAC_RMSG
10249
rsbac_printk(KERN_WARNING
10250
"rsbac_umount(): devfs umount detected, removing auto-mount values\n");
10251
#endif
10252
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10253
if (!rsbac_nosyslog)
10254
#endif
10255
printk(KERN_WARNING
10256
"rsbac_umount(): devfs umount detected, removing auto-mount values\n");
10257 devfs_sb_p =
NULL;
10258 devfs_covered_p =
NULL;
10259 }
10260
#endif
10261
10262
return(-
RSBAC_ENOTINITIALIZED);
10263 }
10264
10265
#ifdef CONFIG_RSBAC_DEBUG
10266
if (rsbac_debug_ds)
10267 {
10268
#ifdef CONFIG_RSBAC_RMSG
10269
rsbac_printk(KERN_DEBUG
"rsbac_umount(): umounting device %02u:%02u\n",
10270 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10271
#endif
10272
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10273
if (!rsbac_nosyslog)
10274
#endif
10275
printk(KERN_DEBUG
"rsbac_umount(): umounting device %02u:%02u\n",
10276 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10277 }
10278
#endif
10279
10280 kdev = sb_p->s_dev;
10281
10282
10283
#if defined(CONFIG_RSBAC_AUTO_WRITE)
10284
if(!
rsbac_debug_no_write)
10285 {
10286 down(&
rsbac_write_sem);
10287
10288
if(!
rsbac_debug_no_write)
10289 {
10290
rsbac_write(
TRUE);
10291 }
10292 up(&
rsbac_write_sem);
10293 }
10294
#endif
10295
10296
10297
#if defined(CONFIG_RSBAC_MAC)
10298
rsbac_umount_mac(kdev);
10299
#endif
10300
10301
#if defined(CONFIG_RSBAC_AUTH)
10302
rsbac_umount_auth(kdev);
10303
#endif
10304
10305
#if defined(CONFIG_RSBAC_ACL)
10306
rsbac_umount_acl(kdev);
10307
#endif
10308
10309
#if defined(CONFIG_RSBAC_REG)
10310
rsbac_umount_reg(kdev);
10311
#endif
10312
10313
10314 rsbac_write_lock(&
device_list_head.lock, &flags);
10315
10316 device_p =
lookup_device(kdev);
10317
if(device_p)
10318 {
10319
if(device_p->mount_count == 1)
10320 {
10321
10322
rsbac_list_umount(kdev);
10323
remove_device_item(kdev);
10324 }
10325
else
10326 {
10327
if(device_p->mount_count > 1)
10328 {
10329 device_p->mount_count--;
10330
if(device_p->d_covers == d_covers)
10331 {
10332
#ifdef CONFIG_RSBAC_RMSG
10333
rsbac_printk(KERN_WARNING
"rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
10334 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
10335
#endif
10336
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10337
if (!rsbac_nosyslog)
10338
#endif
10339
printk(KERN_WARNING
"rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
10340 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
10341 device_p->d_covers =
NULL;
10342 }
10343 }
10344
else
10345 {
10346
#ifdef CONFIG_RSBAC_RMSG
10347
printk(KERN_WARNING
"rsbac_umount: device %02u:%02u has mount_count < 1!\n",
10348 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
10349
#endif
10350
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10351
if (!rsbac_nosyslog)
10352
#endif
10353
printk(KERN_WARNING
"rsbac_umount: device %02u:%02u has mount_count < 1!\n",
10354 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
10355 }
10356 }
10357 }
10358
10359 rsbac_write_unlock(&
device_list_head.lock, &flags);
10360
10361
return(0);
10362 }
10363
10364
10365
10366
10367 int rsbac_free_dat_dentries(
void)
10368 {
10369 u_long flags;
10370
struct rsbac_device_list_item_t * device_p;
10371
10372
if (!
rsbac_initialized)
10373 {
10374
#ifdef CONFIG_RSBAC_RMSG
10375
rsbac_printk(KERN_WARNING
"rsbac_free_dat_dentry(): RSBAC not initialized\n");
10376
#endif
10377
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10378
if (!rsbac_nosyslog)
10379
#endif
10380
printk(KERN_WARNING
"rsbac_free_dat_dentry(): RSBAC not initialized\n");
10381
return(-
RSBAC_ENOTINITIALIZED);
10382 }
10383
10384
#ifdef CONFIG_RSBAC_RMSG
10385
rsbac_printk(KERN_INFO
"rsbac_free_dat_dentry(): freeing dat dir dentries\n");
10386
#endif
10387
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10388
if (!rsbac_nosyslog)
10389
#endif
10390
printk(KERN_INFO
"rsbac_free_dat_dentry(): freeing dat dir dentries\n");
10391
10392
10393 rsbac_write_lock_irq(&
device_list_head.lock, &flags);
10394
10395 device_p =
device_list_head.head;
10396
while(device_p)
10397 {
10398
if(device_p->rsbac_dir_dentry_p)
10399 {
10400 dput(device_p->rsbac_dir_dentry_p);
10401 device_p->rsbac_dir_dentry_p =
NULL;
10402 }
10403 device_p = device_p->next;
10404 }
10405
10406 rsbac_write_unlock_irq(&
device_list_head.lock, &flags);
10407
10408
return(0);
10409 }
10410
10411
10412
10413
10414 int rsbac_stats(
void)
10415 {
10416
struct rsbac_device_list_item_t * device_p;
10417
int i;
10418 u_long fd_count = 0, fd_sum = 0;
10419 u_long dev_sum = 0;
10420 u_long ipc_sum = 0;
10421 u_long user_sum = 0;
10422 u_long process_sum = 0;
10423
#if defined(CONFIG_RSBAC_NET_OBJ)
10424
u_long nettemp_sum = 0;
10425 u_long lnetobj_sum = 0;
10426 u_long rnetobj_sum = 0;
10427
#endif
10428
u_long total_sum = 0;
10429
long tmp_count;
10430 u_long dflags;
10431
10432
if (!
rsbac_initialized)
10433 {
10434 printk(KERN_WARNING
"rsbac_stats(): RSBAC not initialized\n");
10435
return(-
RSBAC_ENOTINITIALIZED);
10436 }
10437
10438 rsbac_read_lock(&
device_list_head.lock, &dflags);
10439
10440
10441
10442 device_p =
device_list_head.head;
10443
while (device_p)
10444 {
10445 fd_count = 0;
10446
for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
10447 {
10448 tmp_count =
rsbac_list_count(device_p->handles.gen[i]);
10449
if(tmp_count > 0)
10450 fd_count+=tmp_count;
10451 };
10452 printk(KERN_INFO
"Device %02u:%02u fd_items: %lu GEN",
10453 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
10454 fd_sum += fd_count;
10455
10456
#if defined(CONFIG_RSBAC_MAC)
10457
fd_count = 0;
10458
for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
10459 {
10460 tmp_count =
rsbac_list_count(device_p->handles.mac[i]);
10461
if(tmp_count > 0)
10462 fd_count+=tmp_count;
10463 };
10464 printk(
", %lu MAC",
10465 fd_count);
10466 fd_sum += fd_count;
10467
#endif
10468
10469
#if defined(CONFIG_RSBAC_FC)
10470
fd_count = 0;
10471
for (i=0; i < RSBAC_FC_NR_FD_LISTS; i++)
10472 {
10473 tmp_count =
rsbac_list_count(device_p->handles.fc[i]);
10474
if(tmp_count > 0)
10475 fd_count+=tmp_count;
10476 };
10477 printk(
", %lu FC",
10478 fd_count);
10479 fd_sum += fd_count;
10480
#endif
10481
10482
#if defined(CONFIG_RSBAC_SIM)
10483
fd_count = 0;
10484
for (i=0; i < RSBAC_SIM_NR_FD_LISTS; i++)
10485 {
10486 tmp_count =
rsbac_list_count(device_p->handles.sim[i]);
10487
if(tmp_count > 0)
10488 fd_count+=tmp_count;
10489 };
10490 printk(
", %lu SIM",
10491 fd_count);
10492 fd_sum += fd_count;
10493
#endif
10494
10495
#if defined(CONFIG_RSBAC_PM)
10496
fd_count = 0;
10497
for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
10498 {
10499 tmp_count =
rsbac_list_count(device_p->handles.pm[i]);
10500
if(tmp_count > 0)
10501 fd_count+=tmp_count;
10502 };
10503 printk(
", %lu PM",
10504 fd_count);
10505 fd_sum += fd_count;
10506
#endif
10507
10508
#if defined(CONFIG_RSBAC_DAZ)
10509
fd_count = 0;
10510
for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
10511 {
10512 tmp_count =
rsbac_list_count(device_p->handles.daz[i]);
10513
if(tmp_count > 0)
10514 fd_count+=tmp_count;
10515 };
10516 printk(
", %lu DAZ",
10517 fd_count);
10518 fd_sum += fd_count;
10519
#if defined(CONFIG_RSBAC_DAZ_CACHE)
10520
fd_count = 0;
10521
for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
10522 {
10523 tmp_count =
rsbac_list_count(device_p->handles.dazs[i]);
10524
if(tmp_count > 0)
10525 fd_count+=tmp_count;
10526 };
10527 printk(
", %lu DAZ_SCANNED",
10528 fd_count);
10529 fd_sum += fd_count;
10530
#endif
10531
#endif
10532
10533
#if defined(CONFIG_RSBAC_FF)
10534
fd_count = 0;
10535
for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
10536 {
10537 tmp_count =
rsbac_list_count(device_p->handles.ff[i]);
10538
if(tmp_count > 0)
10539 fd_count+=tmp_count;
10540 };
10541 printk(
", %lu FF",
10542 fd_count);
10543 fd_sum += fd_count;
10544
#endif
10545
10546
#if defined(CONFIG_RSBAC_RC)
10547
fd_count = 0;
10548
for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
10549 {
10550 tmp_count =
rsbac_list_count(device_p->handles.rc[i]);
10551
if(tmp_count > 0)
10552 fd_count+=tmp_count;
10553 };
10554 printk(
", %lu RC",
10555 fd_count);
10556 fd_sum += fd_count;
10557
#endif
10558
10559
#if defined(CONFIG_RSBAC_AUTH)
10560
fd_count = 0;
10561
for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
10562 {
10563 tmp_count =
rsbac_list_count(device_p->handles.auth[i]);
10564
if(tmp_count > 0)
10565 fd_count+=tmp_count;
10566 };
10567 printk(
", %lu AUTH",
10568 fd_count);
10569 fd_sum += fd_count;
10570
#endif
10571
10572
#if defined(CONFIG_RSBAC_CAP)
10573
fd_count = 0;
10574
for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
10575 {
10576 tmp_count =
rsbac_list_count(device_p->handles.cap[i]);
10577
if(tmp_count > 0)
10578 fd_count+=tmp_count;
10579 };
10580 printk(
", %lu CAP",
10581 fd_count);
10582 fd_sum += fd_count;
10583
#endif
10584
#if defined(CONFIG_RSBAC_RES)
10585
fd_count = 0;
10586
for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
10587 {
10588 tmp_count =
rsbac_list_count(device_p->handles.res[i]);
10589
if(tmp_count > 0)
10590 fd_count+=tmp_count;
10591 };
10592 printk(
", %lu RES",
10593 fd_count);
10594 fd_sum += fd_count;
10595
#endif
10596
#if defined(CONFIG_RSBAC_PAX)
10597
fd_count = 0;
10598
for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
10599 {
10600 tmp_count =
rsbac_list_count(device_p->handles.pax[i]);
10601
if(tmp_count > 0)
10602 fd_count+=tmp_count;
10603 };
10604 printk(
", %lu PAX",
10605 fd_count);
10606 fd_sum += fd_count;
10607
#endif
10608
10609 printk(
"\n");
10610 device_p = device_p->next;
10611 };
10612 printk(KERN_INFO
"rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
10613
device_list_head.count, fd_sum);
10614
10615 rsbac_read_unlock(&
device_list_head.lock, &dflags);
10616 total_sum += fd_sum;
10617
10618
10619 tmp_count =
rsbac_list_count(
dev_handles.gen);
10620 printk(KERN_INFO
"DEV items: %lu GEN",
10621 tmp_count);
10622 dev_sum += tmp_count;
10623
#if defined(CONFIG_RSBAC_MAC)
10624
tmp_count =
rsbac_list_count(
dev_handles.mac);
10625 printk(
", %lu MAC",
10626 tmp_count);
10627 dev_sum += tmp_count;
10628
#endif
10629
#if defined(CONFIG_RSBAC_FC)
10630
tmp_count =
rsbac_list_count(
dev_handles.fc);
10631 printk(
", %lu FC",
10632 tmp_count);
10633 dev_sum += tmp_count;
10634
#endif
10635
#if defined(CONFIG_RSBAC_SIM)
10636
tmp_count =
rsbac_list_count(
dev_handles.sim);
10637 printk(
", %lu SIM",
10638 tmp_count);
10639 dev_sum += tmp_count;
10640
#endif
10641
#if defined(CONFIG_RSBAC_PM)
10642
tmp_count =
rsbac_list_count(
dev_handles.pm);
10643 printk(
", %lu PM",
10644 tmp_count);
10645 dev_sum += tmp_count;
10646
#endif
10647
#if defined(CONFIG_RSBAC_RC)
10648
tmp_count =
rsbac_list_count(
dev_handles.rc);
10649 printk(
", %lu RC",
10650 tmp_count);
10651 dev_sum += tmp_count;
10652
#endif
10653
printk(
"\n");
10654 printk(KERN_INFO
"Sum of %lu DEV items\n",
10655 dev_sum);
10656 total_sum += dev_sum;
10657
10658
10659 printk(KERN_INFO
"IPC items:\nno GEN");
10660
#if defined(CONFIG_RSBAC_MAC)
10661
tmp_count =
rsbac_list_count(
ipc_handles.mac);
10662 printk(
", %lu MAC",
10663 tmp_count);
10664 ipc_sum += tmp_count;
10665
#endif
10666
#if defined(CONFIG_RSBAC_FC)
10667
tmp_count =
rsbac_list_count(
ipc_handles.fc);
10668 printk(
", %lu FC",
10669 tmp_count);
10670 ipc_sum += tmp_count;
10671
#endif
10672
#if defined(CONFIG_RSBAC_SIM)
10673
tmp_count =
rsbac_list_count(
ipc_handles.sim);
10674 printk(
", %lu SIM",
10675 tmp_count);
10676 ipc_sum += tmp_count;
10677
#endif
10678
#if defined(CONFIG_RSBAC_PM)
10679
tmp_count =
rsbac_list_count(
ipc_handles.pm);
10680 printk(
", %lu PM",
10681 tmp_count);
10682 ipc_sum += tmp_count;
10683
#endif
10684
#if defined(CONFIG_RSBAC_RC)
10685
tmp_count =
rsbac_list_count(
ipc_handles.rc);
10686 printk(
", %lu RC",
10687 tmp_count);
10688 ipc_sum += tmp_count;
10689
#endif
10690
#if defined(CONFIG_RSBAC_JAIL)
10691
tmp_count =
rsbac_list_count(
ipc_handles.jail);
10692 printk(
", %lu JAIL",
10693 tmp_count);
10694 ipc_sum += tmp_count;
10695
#endif
10696
printk(
"\n");
10697 printk(KERN_INFO
"Sum of %lu IPC items\n",
10698 ipc_sum);
10699 total_sum += ipc_sum;
10700
10701
10702 tmp_count =
rsbac_list_count(
user_handles.gen);
10703 printk(KERN_INFO
"USER items:\n%lu GEN",
10704 tmp_count);
10705 user_sum += tmp_count;
10706
#if defined(CONFIG_RSBAC_MAC)
10707
tmp_count =
rsbac_list_count(
user_handles.mac);
10708 printk(
", %lu MAC",
10709 tmp_count);
10710 user_sum += tmp_count;
10711
#endif
10712
#if defined(CONFIG_RSBAC_FC)
10713
tmp_count =
rsbac_list_count(
user_handles.fc);
10714 printk(
", %lu FC",
10715 tmp_count);
10716 user_sum += tmp_count;
10717
#endif
10718
#if defined(CONFIG_RSBAC_SIM)
10719
tmp_count =
rsbac_list_count(
user_handles.sim);
10720 printk(
", %lu SIM",
10721 tmp_count);
10722 user_sum += tmp_count;
10723
#endif
10724
#if defined(CONFIG_RSBAC_PM)
10725
tmp_count =
rsbac_list_count(
user_handles.pm);
10726 printk(
", %lu PM",
10727 tmp_count);
10728 user_sum += tmp_count;
10729
#endif
10730
#if defined(CONFIG_RSBAC_DAZ)
10731
tmp_count =
rsbac_list_count(
user_handles.daz);
10732 printk(
", %lu DAZ",
10733 tmp_count);
10734 user_sum += tmp_count;
10735
#endif
10736
#if defined(CONFIG_RSBAC_RC)
10737
tmp_count =
rsbac_list_count(
user_handles.rc);
10738 printk(
", %lu RC",
10739 tmp_count);
10740 user_sum += tmp_count;
10741
#endif
10742
#if defined(CONFIG_RSBAC_AUTH)
10743
tmp_count =
rsbac_list_count(
user_handles.auth);
10744 printk(
", %lu AUTH",
10745 tmp_count);
10746 user_sum += tmp_count;
10747
#endif
10748
#if defined(CONFIG_RSBAC_CAP)
10749
tmp_count =
rsbac_list_count(
user_handles.cap);
10750 printk(
", %lu CAP",
10751 tmp_count);
10752 user_sum += tmp_count;
10753
#endif
10754
#if defined(CONFIG_RSBAC_JAIL)
10755
tmp_count =
rsbac_list_count(
user_handles.jail);
10756 printk(
", %lu JAIL",
10757 tmp_count);
10758 user_sum += tmp_count;
10759
#endif
10760
#if defined(CONFIG_RSBAC_RES)
10761
tmp_count =
rsbac_list_count(
user_handles.res);
10762 printk(
", %lu RES",
10763 tmp_count);
10764 user_sum += tmp_count;
10765
#endif
10766
#if defined(CONFIG_RSBAC_PAX)
10767
tmp_count =
rsbac_list_count(
user_handles.pax);
10768 printk(
", %lu PAX",
10769 tmp_count);
10770 user_sum += tmp_count;
10771
#endif
10772
printk(
"\n");
10773 printk(KERN_INFO
"Sum of %lu USER items\n",
10774 user_sum);
10775 total_sum += user_sum;
10776
10777
10778 tmp_count =
rsbac_list_count(
process_handles.gen);
10779 printk(KERN_INFO
"PROCESS items:\n%lu GEN",
10780 tmp_count);
10781 process_sum += tmp_count;
10782
#if defined(CONFIG_RSBAC_MAC)
10783
tmp_count = 0;
10784
for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
10785 tmp_count +=
rsbac_list_count(
process_handles.mac[i]);
10786 printk(
", %lu MAC",
10787 tmp_count);
10788 process_sum += tmp_count;
10789
#endif
10790
#if defined(CONFIG_RSBAC_PM)
10791
tmp_count =
rsbac_list_count(
process_handles.pm);
10792 printk(
", %lu PM",
10793 tmp_count);
10794 process_sum += tmp_count;
10795
#endif
10796
#if defined(CONFIG_RSBAC_DAZ)
10797
tmp_count =
rsbac_list_count(
process_handles.daz);
10798 printk(
", %lu DAZ",
10799 tmp_count);
10800 process_sum += tmp_count;
10801
#endif
10802
#if defined(CONFIG_RSBAC_RC)
10803
tmp_count = 0;
10804
for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
10805 tmp_count +=
rsbac_list_count(
process_handles.rc[i]);
10806 printk(
", %lu RC",
10807 tmp_count);
10808 process_sum += tmp_count;
10809
#endif
10810
#if defined(CONFIG_RSBAC_AUTH)
10811
tmp_count =
rsbac_list_count(
process_handles.auth);
10812 printk(
", %lu AUTH",
10813 tmp_count);
10814 process_sum += tmp_count;
10815
#endif
10816
#if defined(CONFIG_RSBAC_CAP)
10817
tmp_count =
rsbac_list_count(
process_handles.cap);
10818 printk(
", %lu CAP",
10819 tmp_count);
10820 process_sum += tmp_count;
10821
#endif
10822
#if defined(CONFIG_RSBAC_JAIL)
10823
tmp_count = 0;
10824
for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
10825 tmp_count +=
rsbac_list_count(
process_handles.jail[i]);
10826 printk(
", %lu JAIL",
10827 tmp_count);
10828 process_sum += tmp_count;
10829
#endif
10830
printk(
"\n");
10831 printk(KERN_INFO
"Sum of %lu PROCESS items\n",
10832 process_sum);
10833 total_sum += process_sum;
10834
10835
#if defined(CONFIG_RSBAC_NET_OBJ)
10836
10837 printk(KERN_INFO
"NETTEMP items:\n");
10838
#if defined(CONFIG_RSBAC_MAC)
10839
tmp_count =
rsbac_list_count(nettemp_handles.mac);
10840 printk(
", %lu MAC",
10841 tmp_count);
10842 nettemp_sum += tmp_count;
10843
#endif
10844
#if defined(CONFIG_RSBAC_FC)
10845
tmp_count =
rsbac_list_count(nettemp_handles.fc);
10846 printk(
", %lu FC",
10847 tmp_count);
10848 nettemp_sum += tmp_count;
10849
#endif
10850
#if defined(CONFIG_RSBAC_SIM)
10851
tmp_count =
rsbac_list_count(nettemp_handles.sim);
10852 printk(
", %lu SIM",
10853 tmp_count);
10854 nettemp_sum += tmp_count;
10855
#endif
10856
#if defined(CONFIG_RSBAC_PM)
10857
tmp_count =
rsbac_list_count(nettemp_handles.pm);
10858 printk(
", %lu PM",
10859 tmp_count);
10860 nettemp_sum += tmp_count;
10861
#endif
10862
#if defined(CONFIG_RSBAC_RC)
10863
tmp_count =
rsbac_list_count(nettemp_handles.rc);
10864 printk(
", %lu RC",
10865 tmp_count);
10866 nettemp_sum += tmp_count;
10867
#endif
10868
printk(
"\n");
10869 printk(KERN_INFO
"Sum of %lu NETTEMP items\n",
10870 nettemp_sum);
10871 total_sum += nettemp_sum;
10872
10873
10874 printk(KERN_INFO
"Local NETOBJ items:\n");
10875
#if defined(CONFIG_RSBAC_MAC)
10876
tmp_count =
rsbac_list_count(lnetobj_handles.mac);
10877 printk(
", %lu MAC",
10878 tmp_count);
10879 lnetobj_sum += tmp_count;
10880
#endif
10881
#if defined(CONFIG_RSBAC_FC)
10882
tmp_count =
rsbac_list_count(lnetobj_handles.fc);
10883 printk(
", %lu FC",
10884 tmp_count);
10885 lnetobj_sum += tmp_count;
10886
#endif
10887
#if defined(CONFIG_RSBAC_SIM)
10888
tmp_count =
rsbac_list_count(lnetobj_handles.sim);
10889 printk(
", %lu SIM",
10890 tmp_count);
10891 lnetobj_sum += tmp_count;
10892
#endif
10893
#if defined(CONFIG_RSBAC_PM)
10894
tmp_count =
rsbac_list_count(lnetobj_handles.pm);
10895 printk(
", %lu PM",
10896 tmp_count);
10897 lnetobj_sum += tmp_count;
10898
#endif
10899
#if defined(CONFIG_RSBAC_RC)
10900
tmp_count =
rsbac_list_count(lnetobj_handles.rc);
10901 printk(
", %lu RC",
10902 tmp_count);
10903 lnetobj_sum += tmp_count;
10904
#endif
10905
printk(
"\n");
10906 printk(KERN_INFO
"Sum of %lu Local NETOBJ items\n",
10907 lnetobj_sum);
10908 total_sum += lnetobj_sum;
10909
10910
10911 printk(KERN_INFO
"Remote NETOBJ items:\n");
10912
#if defined(CONFIG_RSBAC_MAC)
10913
tmp_count =
rsbac_list_count(rnetobj_handles.mac);
10914 printk(
", %lu MAC",
10915 tmp_count);
10916 rnetobj_sum += tmp_count;
10917
#endif
10918
#if defined(CONFIG_RSBAC_FC)
10919
tmp_count =
rsbac_list_count(rnetobj_handles.fc);
10920 printk(
", %lu FC",
10921 tmp_count);
10922 rnetobj_sum += tmp_count;
10923
#endif
10924
#if defined(CONFIG_RSBAC_SIM)
10925
tmp_count =
rsbac_list_count(rnetobj_handles.sim);
10926 printk(
", %lu SIM",
10927 tmp_count);
10928 rnetobj_sum += tmp_count;
10929
#endif
10930
#if defined(CONFIG_RSBAC_PM)
10931
tmp_count =
rsbac_list_count(rnetobj_handles.pm);
10932 printk(
", %lu PM",
10933 tmp_count);
10934 rnetobj_sum += tmp_count;
10935
#endif
10936
#if defined(CONFIG_RSBAC_RC)
10937
tmp_count =
rsbac_list_count(rnetobj_handles.rc);
10938 printk(
", %lu RC",
10939 tmp_count);
10940 rnetobj_sum += tmp_count;
10941
#endif
10942
printk(
"\n");
10943 printk(KERN_INFO
"Sum of %lu Remote NETOBJ items\n",
10944 rnetobj_sum);
10945 total_sum += rnetobj_sum;
10946
#endif
10947
10948 printk(KERN_INFO
10949
"Total of %lu registered rsbac-items\n",
10950 total_sum);
10951
10952 printk(KERN_INFO
10953
"adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
10954
rsbac_adf_request_count[
T_FILE],
10955
rsbac_adf_request_count[
T_DIR],
10956
rsbac_adf_request_count[
T_FIFO],
10957
rsbac_adf_request_count[
T_SYMLINK],
10958
rsbac_adf_request_count[
T_DEV],
10959
rsbac_adf_request_count[
T_IPC],
10960
rsbac_adf_request_count[
T_SCD],
10961
rsbac_adf_request_count[
T_USER],
10962
rsbac_adf_request_count[
T_PROCESS],
10963
rsbac_adf_request_count[
T_NETDEV],
10964
rsbac_adf_request_count[
T_NETTEMP],
10965
rsbac_adf_request_count[
T_NETOBJ]);
10966 printk(KERN_INFO
10967
"adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
10968
rsbac_adf_set_attr_count[
T_FILE],
10969
rsbac_adf_set_attr_count[
T_DIR],
10970
rsbac_adf_set_attr_count[
T_FIFO],
10971
rsbac_adf_set_attr_count[
T_SYMLINK],
10972
rsbac_adf_set_attr_count[
T_DEV],
10973
rsbac_adf_set_attr_count[
T_IPC],
10974
rsbac_adf_set_attr_count[
T_SCD],
10975
rsbac_adf_set_attr_count[
T_USER],
10976
rsbac_adf_set_attr_count[
T_PROCESS],
10977
rsbac_adf_set_attr_count[
T_NETDEV],
10978
rsbac_adf_set_attr_count[
T_NETTEMP],
10979
rsbac_adf_set_attr_count[
T_NETOBJ]);
10980
10981
#if defined(CONFIG_RSBAC_PM)
10982
rsbac_stats_pm();
10983
#endif
10984
#if defined(CONFIG_RSBAC_RC)
10985
rsbac_stats_rc();
10986
#endif
10987
#if defined(CONFIG_RSBAC_AUTH)
10988
rsbac_stats_auth();
10989
#endif
10990
#if defined(CONFIG_RSBAC_ACL)
10991
rsbac_stats_acl();
10992
#endif
10993
return(0);
10994 };
10995
10996
10997
10998 int rsbac_check_inode(
struct super_block * sb_p,
rsbac_inode_nr_t inode)
10999 {
11000
struct inode * inode_p;
11001
int err = 0;
11002
11003
if(!sb_p)
11004
return -
RSBAC_EINVALIDPOINTER;
11005
if(!inode)
11006
return -
RSBAC_EINVALIDVALUE;
11007
if(!MAJOR(sb_p->s_dev))
11008
return 0;
11009
11010
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
11011
if(sb_p->s_op && sb_p->s_op->read_inode2)
11012
return 0;
11013
#endif
11014
inode_p = iget(sb_p, inode);
11015
if(is_bad_inode(inode_p))
11016 {
11017
return -
RSBAC_ENOTFOUND;
11018 }
11019
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
11020
11021
if(sb_p->s_magic == EXT2_SUPER_MAGIC)
11022 {
11023
if(inode_p->u.ext2_i.i_dtime)
11024 {
11025 err = -
RSBAC_ENOTFOUND;
11026 }
11027
else
11028 {
11029
if(inode_p->i_nlink <= 0)
11030 {
11031
#ifdef CONFIG_RSBAC_RMSG
11032
rsbac_printk(KERN_WARNING
11033
"rsbac_check_inode(): inode %u with nlink <= 0 on device %02u:%02u detected!\n",
11034 inode, RSBAC_MAJOR(sb_p->s_dev), RSBAC_MINOR(sb_p->s_dev));
11035
#endif
11036
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11037
if (!rsbac_nosyslog)
11038
#endif
11039
printk(KERN_WARNING
11040
"rsbac_check_inode(): inode %u with nlink <= 0 on device %02u:%02u detected!\n",
11041 inode, RSBAC_MAJOR(sb_p->s_dev), RSBAC_MINOR(sb_p->s_dev));
11042 err = -
RSBAC_ENOTFOUND;
11043 }
11044 }
11045 }
11046
#endif
11047
iput(inode_p);
11048
return err;
11049 }
11050
11051
11052
11053
11054
11055 int rsbac_check(
int correct,
int check_inode)
11056 {
11057
struct rsbac_device_list_item_t * device_p;
11058
int i;
11059
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
11060
int list_no;
11061
long desc_count;
11062 u_long fd_count = 0, fd_sum = 0, tmp_count,
11063 b_count, def_count;
11064 u_long dflags;
11065
rsbac_inode_nr_t * fd_desc_p;
11066
11067
if (!
rsbac_initialized)
11068 {
11069
#ifdef CONFIG_RSBAC_RMSG
11070
rsbac_printk(KERN_WARNING
"rsbac_check(): RSBAC not initialized\n");
11071
#endif
11072
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11073
if (!rsbac_nosyslog)
11074
#endif
11075
printk(KERN_WARNING
"rsbac_check(): RSBAC not initialized\n");
11076
return(-
RSBAC_ENOTINITIALIZED);
11077 }
11078
if (!tmp)
11079 {
11080
return(-
RSBAC_ENOMEM);
11081 }
11082 {
11083
11084 rsbac_read_lock(&
device_list_head.lock, &dflags);
11085
11086 device_p =
device_list_head.head;
11087
while (device_p)
11088 {
11089 fd_count = 0;
11090 b_count = 0;
11091 def_count = 0;
11092
if(check_inode)
11093 {
11094
if(!device_p->sb_p)
11095 {
11096
#ifdef CONFIG_RSBAC_RMSG
11097
rsbac_printk(KERN_WARNING
"rsbac_check(): no super block for device %02u:%02u!\n",
11098 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
11099
#endif
11100
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11101
if (!rsbac_nosyslog)
11102
#endif
11103
printk(KERN_WARNING
"rsbac_check(): no super block for device %02u:%02u!\n",
11104 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
11105 }
11106 }
11107
11108
11109
for(list_no = 0; list_no < RSBAC_GEN_NR_FD_LISTS; list_no++)
11110 {
11111
11112
11113 tmp_count = 0;
11114 desc_count =
rsbac_list_get_all_desc(device_p->handles.gen[list_no], (
void **) &fd_desc_p);
11115
if(desc_count > 0)
11116 {
11117
for(i=0; i<desc_count; i++)
11118 {
11119
11120
if(check_inode && device_p->sb_p)
11121 {
11122
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11123 {
11124 b_count++;
11125
if(correct)
11126 {
11127
#ifdef CONFIG_RSBAC_RMSG
11128
rsbac_printk(KERN_INFO
11129
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11130 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11131
#endif
11132
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11133
if (!rsbac_nosyslog)
11134
#endif
11135
printk(KERN_INFO
11136
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11137 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11138
rsbac_list_remove(device_p->handles.gen[list_no], &fd_desc_p[i]);
11139
continue;
11140 }
11141
else
11142 {
11143
#ifdef CONFIG_RSBAC_RMSG
11144
rsbac_printk(KERN_INFO
11145
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11146 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11147
#endif
11148
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11149
if (!rsbac_nosyslog)
11150
#endif
11151
printk(KERN_INFO
11152
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11153 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11154 }
11155 }
11156 }
11157 }
11158
11159 tmp_count++;
11160
rsbac_vfree(fd_desc_p);
11161 fd_count += desc_count;
11162 }
11163 }
11164
11165
#if defined(CONFIG_RSBAC_MAC)
11166
11167
for(list_no = 0; list_no < RSBAC_MAC_NR_FD_LISTS; list_no++)
11168 {
11169
11170
11171 tmp_count = 0;
11172 desc_count =
rsbac_list_get_all_desc(device_p->handles.mac[list_no], (
void **) &fd_desc_p);
11173
if(desc_count > 0)
11174 {
11175
for(i=0; i<desc_count; i++)
11176 {
11177
11178
if(check_inode && device_p->sb_p)
11179 {
11180
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11181 {
11182 b_count++;
11183
if(correct)
11184 {
11185
#ifdef CONFIG_RSBAC_RMSG
11186
rsbac_printk(KERN_INFO
11187
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11188 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11189
#endif
11190
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11191
if (!rsbac_nosyslog)
11192
#endif
11193
printk(KERN_INFO
11194
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11195 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11196
rsbac_list_remove(device_p->handles.mac[list_no], &fd_desc_p[i]);
11197
continue;
11198 }
11199
else
11200 {
11201
#ifdef CONFIG_RSBAC_RMSG
11202
rsbac_printk(KERN_INFO
11203
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11204 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11205
#endif
11206
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11207
if (!rsbac_nosyslog)
11208
#endif
11209
printk(KERN_INFO
11210
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11211 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11212 }
11213 }
11214 }
11215 }
11216 tmp_count++;
11217
rsbac_vfree(fd_desc_p);
11218 fd_count += desc_count;
11219 }
11220 }
11221
#endif
11222
11223
#if defined(CONFIG_RSBAC_FC)
11224
11225
for(list_no = 0; list_no < RSBAC_FC_NR_FD_LISTS; list_no++)
11226 {
11227
11228
11229 tmp_count = 0;
11230 desc_count =
rsbac_list_get_all_desc(device_p->handles.fc[list_no], (
void **) &fd_desc_p);
11231
if(desc_count > 0)
11232 {
11233
for(i=0; i<desc_count; i++)
11234 {
11235
11236
if(check_inode && device_p->sb_p)
11237 {
11238
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11239 {
11240 b_count++;
11241
if(correct)
11242 {
11243
#ifdef CONFIG_RSBAC_RMSG
11244
rsbac_printk(KERN_INFO
11245
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11246 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11247
#endif
11248
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11249
if (!rsbac_nosyslog)
11250
#endif
11251
printk(KERN_INFO
11252
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11253 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11254
rsbac_list_remove(device_p->handles.fc[list_no], &fd_desc_p[i]);
11255
continue;
11256 }
11257
else
11258 {
11259
#ifdef CONFIG_RSBAC_RMSG
11260
rsbac_printk(KERN_INFO
11261
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11262 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11263
#endif
11264
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11265
if (!rsbac_nosyslog)
11266
#endif
11267
printk(KERN_INFO
11268
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11269 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11270 }
11271 }
11272 }
11273 }
11274 tmp_count++;
11275
rsbac_vfree(fd_desc_p);
11276 fd_count += desc_count;
11277 }
11278 }
11279
#endif
11280
11281
#if defined(CONFIG_RSBAC_SIM)
11282
11283
for(list_no = 0; list_no < RSBAC_SIM_NR_FD_LISTS; list_no++)
11284 {
11285
11286
11287 tmp_count = 0;
11288 desc_count =
rsbac_list_get_all_desc(device_p->handles.sim[list_no], (
void **) &fd_desc_p);
11289
if(desc_count > 0)
11290 {
11291
for(i=0; i<desc_count; i++)
11292 {
11293
11294
if(check_inode && device_p->sb_p)
11295 {
11296
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11297 {
11298 b_count++;
11299
if(correct)
11300 {
11301
#ifdef CONFIG_RSBAC_RMSG
11302
rsbac_printk(KERN_INFO
11303
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11304 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11305
#endif
11306
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11307
if (!rsbac_nosyslog)
11308
#endif
11309
printk(KERN_INFO
11310
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11311 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11312
rsbac_list_remove(device_p->handles.sim[list_no], &fd_desc_p[i]);
11313
continue;
11314 }
11315
else
11316 {
11317
#ifdef CONFIG_RSBAC_RMSG
11318
rsbac_printk(KERN_INFO
11319
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11320 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11321
#endif
11322
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11323
if (!rsbac_nosyslog)
11324
#endif
11325
printk(KERN_INFO
11326
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11327 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11328 }
11329 }
11330 }
11331 }
11332 tmp_count++;
11333
rsbac_vfree(fd_desc_p);
11334 fd_count += desc_count;
11335 }
11336 }
11337
#endif
11338
11339
#if defined(CONFIG_RSBAC_PM)
11340
11341
for(list_no = 0; list_no < RSBAC_PM_NR_FD_LISTS; list_no++)
11342 {
11343
11344
11345 tmp_count = 0;
11346 desc_count =
rsbac_list_get_all_desc(device_p->handles.pm[list_no], (
void **) &fd_desc_p);
11347
if(desc_count > 0)
11348 {
11349
for(i=0; i<desc_count; i++)
11350 {
11351
11352
if(check_inode && device_p->sb_p)
11353 {
11354
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11355 {
11356 b_count++;
11357
if(correct)
11358 {
11359
#ifdef CONFIG_RSBAC_RMSG
11360
rsbac_printk(KERN_INFO
11361
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11362 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11363
#endif
11364
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11365
if (!rsbac_nosyslog)
11366
#endif
11367
printk(KERN_INFO
11368
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11369 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11370
rsbac_list_remove(device_p->handles.pm[list_no], &fd_desc_p[i]);
11371
continue;
11372 }
11373
else
11374 {
11375
#ifdef CONFIG_RSBAC_RMSG
11376
rsbac_printk(KERN_INFO
11377
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11378 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11379
#endif
11380
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11381
if (!rsbac_nosyslog)
11382
#endif
11383
printk(KERN_INFO
11384
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11385 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11386 }
11387 }
11388 }
11389 }
11390 tmp_count++;
11391
rsbac_vfree(fd_desc_p);
11392 fd_count += desc_count;
11393 }
11394 }
11395
#endif
11396
11397
#if defined(CONFIG_RSBAC_DAZ)
11398
11399
for(list_no = 0; list_no < RSBAC_DAZ_NR_FD_LISTS; list_no++)
11400 {
11401
11402
11403 tmp_count = 0;
11404 desc_count =
rsbac_list_get_all_desc(device_p->handles.daz[list_no], (
void **) &fd_desc_p);
11405
if(desc_count > 0)
11406 {
11407
for(i=0; i<desc_count; i++)
11408 {
11409
11410
if(check_inode && device_p->sb_p)
11411 {
11412
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11413 {
11414 b_count++;
11415
if(correct)
11416 {
11417
#ifdef CONFIG_RSBAC_RMSG
11418
rsbac_printk(KERN_INFO
11419
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11420 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11421
#endif
11422
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11423
if (!rsbac_nosyslog)
11424
#endif
11425
printk(KERN_INFO
11426
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11427 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11428
rsbac_list_remove(device_p->handles.daz[list_no], &fd_desc_p[i]);
11429
continue;
11430 }
11431
else
11432 {
11433
#ifdef CONFIG_RSBAC_RMSG
11434
rsbac_printk(KERN_INFO
11435
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11436 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11437
#endif
11438
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11439
if (!rsbac_nosyslog)
11440
#endif
11441
printk(KERN_INFO
11442
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11443 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11444 }
11445 }
11446 }
11447 }
11448 tmp_count++;
11449
rsbac_vfree(fd_desc_p);
11450 fd_count += desc_count;
11451 }
11452 }
11453
#if defined(CONFIG_RSBAC_DAZ_CACHE)
11454
11455
for(list_no = 0; list_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; list_no++)
11456 {
11457
11458
11459 tmp_count = 0;
11460 desc_count =
rsbac_list_get_all_desc(device_p->handles.dazs[list_no], (
void **) &fd_desc_p);
11461
if(desc_count > 0)
11462 {
11463
for(i=0; i<desc_count; i++)
11464 {
11465
11466
if(check_inode && device_p->sb_p)
11467 {
11468
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11469 {
11470 b_count++;
11471
if(correct)
11472 {
11473
#ifdef CONFIG_RSBAC_RMSG
11474
rsbac_printk(KERN_INFO
11475
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11476 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11477
#endif
11478
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11479
if (!rsbac_nosyslog)
11480
#endif
11481
printk(KERN_INFO
11482
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11483 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11484
rsbac_list_remove(device_p->handles.daz[list_no], &fd_desc_p[i]);
11485
continue;
11486 }
11487
else
11488 {
11489
#ifdef CONFIG_RSBAC_RMSG
11490
rsbac_printk(KERN_INFO
11491
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11492 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11493
#endif
11494
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11495
if (!rsbac_nosyslog)
11496
#endif
11497
printk(KERN_INFO
11498
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11499 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11500 }
11501 }
11502 }
11503 }
11504 tmp_count++;
11505
rsbac_vfree(fd_desc_p);
11506 fd_count += desc_count;
11507 }
11508 }
11509
#endif
11510
#endif
11511
11512
#if defined(CONFIG_RSBAC_FF)
11513
11514
for(list_no = 0; list_no < RSBAC_FF_NR_FD_LISTS; list_no++)
11515 {
11516
11517
11518 tmp_count = 0;
11519 desc_count =
rsbac_list_get_all_desc(device_p->handles.ff[list_no], (
void **) &fd_desc_p);
11520
if(desc_count > 0)
11521 {
11522
for(i=0; i<desc_count; i++)
11523 {
11524
11525
if(check_inode && device_p->sb_p)
11526 {
11527
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11528 {
11529 b_count++;
11530
if(correct)
11531 {
11532
#ifdef CONFIG_RSBAC_RMSG
11533
rsbac_printk(KERN_INFO
11534
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11535 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11536
#endif
11537
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11538
if (!rsbac_nosyslog)
11539
#endif
11540
printk(KERN_INFO
11541
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11542 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11543
rsbac_list_remove(device_p->handles.ff[list_no], &fd_desc_p[i]);
11544
continue;
11545 }
11546
else
11547 {
11548
#ifdef CONFIG_RSBAC_RMSG
11549
rsbac_printk(KERN_INFO
11550
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11551 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11552
#endif
11553
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11554
if (!rsbac_nosyslog)
11555
#endif
11556
printk(KERN_INFO
11557
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11558 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11559 }
11560 }
11561 }
11562 }
11563 tmp_count++;
11564
rsbac_vfree(fd_desc_p);
11565 fd_count += desc_count;
11566 }
11567 }
11568
#endif
11569
11570
#if defined(CONFIG_RSBAC_RC)
11571
11572
for(list_no = 0; list_no < RSBAC_RC_NR_FD_LISTS; list_no++)
11573 {
11574
11575
11576 tmp_count = 0;
11577 desc_count =
rsbac_list_get_all_desc(device_p->handles.rc[list_no], (
void **) &fd_desc_p);
11578
if(desc_count > 0)
11579 {
11580
for(i=0; i<desc_count; i++)
11581 {
11582
11583
if(check_inode && device_p->sb_p)
11584 {
11585
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11586 {
11587 b_count++;
11588
if(correct)
11589 {
11590
#ifdef CONFIG_RSBAC_RMSG
11591
rsbac_printk(KERN_INFO
11592
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11593 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11594
#endif
11595
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11596
if (!rsbac_nosyslog)
11597
#endif
11598
printk(KERN_INFO
11599
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11600 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11601
rsbac_list_remove(device_p->handles.rc[list_no], &fd_desc_p[i]);
11602
continue;
11603 }
11604
else
11605 {
11606
#ifdef CONFIG_RSBAC_RMSG
11607
rsbac_printk(KERN_INFO
11608
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11609 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11610
#endif
11611
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11612
if (!rsbac_nosyslog)
11613
#endif
11614
printk(KERN_INFO
11615
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11616 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11617 }
11618 }
11619 }
11620 }
11621 tmp_count++;
11622
rsbac_vfree(fd_desc_p);
11623 fd_count += desc_count;
11624 }
11625 }
11626
#endif
11627
11628
#if defined(CONFIG_RSBAC_AUTH)
11629
11630
for(list_no = 0; list_no < RSBAC_AUTH_NR_FD_LISTS; list_no++)
11631 {
11632
11633
11634 tmp_count = 0;
11635 desc_count =
rsbac_list_get_all_desc(device_p->handles.auth[list_no], (
void **) &fd_desc_p);
11636
if(desc_count > 0)
11637 {
11638
for(i=0; i<desc_count; i++)
11639 {
11640
11641
if(check_inode && device_p->sb_p)
11642 {
11643
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11644 {
11645 b_count++;
11646
if(correct)
11647 {
11648
#ifdef CONFIG_RSBAC_RMSG
11649
rsbac_printk(KERN_INFO
11650
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11651 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11652
#endif
11653
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11654
if (!rsbac_nosyslog)
11655
#endif
11656
printk(KERN_INFO
11657
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11658 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11659
rsbac_list_remove(device_p->handles.auth[list_no], &fd_desc_p[i]);
11660
continue;
11661 }
11662
else
11663 {
11664
#ifdef CONFIG_RSBAC_RMSG
11665
rsbac_printk(KERN_INFO
11666
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11667 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11668
#endif
11669
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11670
if (!rsbac_nosyslog)
11671
#endif
11672
printk(KERN_INFO
11673
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11674 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11675 }
11676 }
11677 }
11678 }
11679 tmp_count++;
11680
rsbac_vfree(fd_desc_p);
11681 fd_count += desc_count;
11682 }
11683 }
11684
#endif
11685
11686
#if defined(CONFIG_RSBAC_CAP)
11687
11688
for(list_no = 0; list_no < RSBAC_CAP_NR_FD_LISTS; list_no++)
11689 {
11690
11691
11692 tmp_count = 0;
11693 desc_count =
rsbac_list_get_all_desc(device_p->handles.cap[list_no], (
void **) &fd_desc_p);
11694
if(desc_count > 0)
11695 {
11696
for(i=0; i<desc_count; i++)
11697 {
11698
11699
if(check_inode && device_p->sb_p)
11700 {
11701
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11702 {
11703 b_count++;
11704
if(correct)
11705 {
11706
#ifdef CONFIG_RSBAC_RMSG
11707
rsbac_printk(KERN_INFO
11708
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11709 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11710
#endif
11711
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11712
if (!rsbac_nosyslog)
11713
#endif
11714
printk(KERN_INFO
11715
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11716 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11717
rsbac_list_remove(device_p->handles.cap[list_no], &fd_desc_p[i]);
11718
continue;
11719 }
11720
else
11721 {
11722
#ifdef CONFIG_RSBAC_RMSG
11723
rsbac_printk(KERN_INFO
11724
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11725 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11726
#endif
11727
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11728
if (!rsbac_nosyslog)
11729
#endif
11730
printk(KERN_INFO
11731
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11732 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11733 }
11734 }
11735 }
11736 }
11737 tmp_count++;
11738
rsbac_vfree(fd_desc_p);
11739 fd_count += desc_count;
11740 }
11741 }
11742
#endif
11743
#if defined(CONFIG_RSBAC_RES)
11744
11745
for(list_no = 0; list_no < RSBAC_RES_NR_FD_LISTS; list_no++)
11746 {
11747
11748
11749 tmp_count = 0;
11750 desc_count =
rsbac_list_get_all_desc(device_p->handles.res[list_no], (
void **) &fd_desc_p);
11751
if(desc_count > 0)
11752 {
11753
for(i=0; i<desc_count; i++)
11754 {
11755
11756
if(check_inode && device_p->sb_p)
11757 {
11758
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11759 {
11760 b_count++;
11761
if(correct)
11762 {
11763
#ifdef CONFIG_RSBAC_RMSG
11764
rsbac_printk(KERN_INFO
11765
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11766 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11767
#endif
11768
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11769
if (!rsbac_nosyslog)
11770
#endif
11771
printk(KERN_INFO
11772
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11773 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11774
rsbac_list_remove(device_p->handles.res[list_no], &fd_desc_p[i]);
11775
continue;
11776 }
11777
else
11778 {
11779
#ifdef CONFIG_RSBAC_RMSG
11780
rsbac_printk(KERN_INFO
11781
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11782 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11783
#endif
11784
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11785
if (!rsbac_nosyslog)
11786
#endif
11787
printk(KERN_INFO
11788
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11789 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11790 }
11791 }
11792 }
11793 }
11794 tmp_count++;
11795
rsbac_vfree(fd_desc_p);
11796 fd_count += desc_count;
11797 }
11798 }
11799
#endif
11800
#if defined(CONFIG_RSBAC_PAX)
11801
11802
for(list_no = 0; list_no < RSBAC_PAX_NR_FD_LISTS; list_no++)
11803 {
11804
11805
11806 tmp_count = 0;
11807 desc_count =
rsbac_list_get_all_desc(device_p->handles.pax[list_no], (
void **) &fd_desc_p);
11808
if(desc_count > 0)
11809 {
11810
for(i=0; i<desc_count; i++)
11811 {
11812
11813
if(check_inode && device_p->sb_p)
11814 {
11815
if(
rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11816 {
11817 b_count++;
11818
if(correct)
11819 {
11820
#ifdef CONFIG_RSBAC_RMSG
11821
rsbac_printk(KERN_INFO
11822
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11823 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11824
#endif
11825
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11826
if (!rsbac_nosyslog)
11827
#endif
11828
printk(KERN_INFO
11829
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11830 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11831
rsbac_list_remove(device_p->handles.pax[list_no], &fd_desc_p[i]);
11832
continue;
11833 }
11834
else
11835 {
11836
#ifdef CONFIG_RSBAC_RMSG
11837
rsbac_printk(KERN_INFO
11838
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11839 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11840
#endif
11841
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11842
if (!rsbac_nosyslog)
11843
#endif
11844
printk(KERN_INFO
11845
"rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11846 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11847 }
11848 }
11849 }
11850 }
11851 tmp_count++;
11852
rsbac_vfree(fd_desc_p);
11853 fd_count += desc_count;
11854 }
11855 }
11856
#endif
11857
11858
switch(correct)
11859 {
11860
case 2:
11861
#ifdef CONFIG_RSBAC_RMSG
11862
rsbac_printk(KERN_INFO
11863
"rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
11864 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
11865 b_count);
11866
#endif
11867
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11868
if (!rsbac_nosyslog)
11869
#endif
11870
printk(KERN_INFO
11871
"rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
11872 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
11873 b_count);
11874
break;
11875
case 1:
11876
#ifdef CONFIG_RSBAC_RMSG
11877
rsbac_printk(KERN_INFO
11878
"rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
11879 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
11880 b_count);
11881
#endif
11882
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11883
if (!rsbac_nosyslog)
11884
#endif
11885
printk(KERN_INFO
11886
"rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
11887 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
11888 b_count);
11889
break;
11890
default:
11891
#ifdef CONFIG_RSBAC_RMSG
11892
rsbac_printk(KERN_INFO
11893
"rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu with bad inodes)\n",
11894 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
11895 b_count);
11896
#endif
11897
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11898
if (!rsbac_nosyslog)
11899
#endif
11900
printk(KERN_INFO
11901
"rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu with bad inodes)\n",
11902 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
11903 b_count);
11904 }
11905 fd_sum += fd_count;
11906
11907 device_p = device_p->next;
11908 };
11909
#ifdef CONFIG_RSBAC_RMSG
11910
rsbac_printk(KERN_INFO
"rsbac_check(): Sum of %u Devices with %lu fd-items\n",
11911
device_list_head.count, fd_sum);
11912
#endif
11913
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11914
if (!rsbac_nosyslog)
11915
#endif
11916
printk(KERN_INFO
"rsbac_check(): Sum of %u Devices with %lu fd-items\n",
11917
device_list_head.count, fd_sum);
11918
11919 rsbac_read_unlock(&
device_list_head.lock, &dflags);
11920 }
11921
rsbac_kfree(tmp);
11922
return(0);
11923 };
11924
11925
11926
11927
11928
11929
11930
#if defined(CONFIG_RSBAC_AUTO_WRITE)
11931
int rsbac_write(
boolean need_lock)
11932 {
11933
int err=0;
11934 u_int count = 0;
11935
int subcount;
11936
11937
if (!
rsbac_initialized)
11938 {
11939
#ifdef CONFIG_RSBAC_RMSG
11940
rsbac_printk(KERN_WARNING
"rsbac_write(): RSBAC not initialized\n");
11941
#endif
11942
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11943
if (!rsbac_nosyslog)
11944
#endif
11945
printk(KERN_WARNING
"rsbac_write(): RSBAC not initialized\n");
11946
return(-
RSBAC_ENOTINITIALIZED);
11947 }
11948
if(
rsbac_debug_no_write)
11949
return 0;
11950
11951 subcount = rsbac_write_lists(need_lock);
11952
if(subcount > 0)
11953 {
11954 count += subcount;
11955 }
11956
else
11957
if(subcount < 0)
11958 {
11959 err = subcount;
11960
if(err != -
RSBAC_ENOTWRITABLE)
11961 {
11962
#ifdef CONFIG_RSBAC_RMSG
11963
rsbac_printk(KERN_WARNING
11964
"rsbac_write(): rsbac_write_lists() returned error %i\n",
11965 err);
11966
#endif
11967
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11968
if (!rsbac_nosyslog)
11969
#endif
11970
printk(KERN_WARNING
11971
"rsbac_write(): rsbac_write_lists() returned error %i\n",
11972 err);
11973 }
11974 }
11975
11976
11977
#if defined(CONFIG_RSBAC_REG)
11978
subcount = rsbac_write_reg(need_lock);
11979
if(subcount > 0)
11980 {
11981 count += subcount;
11982 }
11983
else
11984
if(subcount < 0)
11985 {
11986 err = subcount;
11987
if(err != -
RSBAC_ENOTWRITABLE)
11988 {
11989
#ifdef CONFIG_RSBAC_RMSG
11990
rsbac_printk(KERN_WARNING
11991
"rsbac_write(): rsbac_write_reg() returned error %i\n",
11992 err);
11993
#endif
11994
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11995
if (!rsbac_nosyslog)
11996
#endif
11997
printk(KERN_WARNING
11998
"rsbac_write(): rsbac_write_reg() returned error %i\n",
11999 err);
12000 }
12001 }
12002
#endif
12003
12004
#ifdef CONFIG_RSBAC_DEBUG
12005
if(rsbac_debug_write)
12006 {
12007
#ifdef CONFIG_RSBAC_RMSG
12008
rsbac_printk(KERN_DEBUG
"rsbac_write(): total of %u lists written\n",
12009 count);
12010
#endif
12011
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12012
if (!rsbac_nosyslog)
12013
#endif
12014
printk(KERN_DEBUG
"rsbac_write(): total of %u lists written\n",
12015 count);
12016 }
12017
#endif
12018
return(count);
12019 };
12020
#endif
12021
12022
12023
12024
12025
12026
12027
12028
12029
12030
12031
12032
12033
12034
12035
12036
12037
12038
12039
12040
12041
12042
12043
#if defined(CONFIG_RSBAC_REG)
12044
EXPORT_SYMBOL(rsbac_get_parent);
12045
#endif
12046 int rsbac_get_parent(
enum rsbac_target_t target,
12047
union rsbac_target_id_t tid,
12048
enum rsbac_target_t * parent_target_p,
12049
union rsbac_target_id_t * parent_tid_p)
12050 {
12051
if(!parent_target_p || !parent_tid_p)
12052
return -
RSBAC_EINVALIDPOINTER;
12053
12054
12055
12056
12057
12058
12059
12060
12061
12062
12063
12064
12065
12066
12067
12068
12069
12070
12071
switch(target)
12072 {
12073
case T_FILE:
12074
case T_DIR:
12075
case T_FIFO:
12076
case T_SYMLINK:
12077
break;
12078
default:
12079
return -
RSBAC_EINVALIDTARGET;
12080 }
12081
12082
if(!tid.file.dentry_p)
12083
return -
RSBAC_ENOTFOUND;
12084
12085 *parent_target_p =
T_DIR;
12086
12087
if( tid.file.dentry_p->d_sb
12088 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
12089 )
12090 {
12091
struct rsbac_device_list_item_t * device_p;
12092 u_long dflags;
12093
12094
12095 rsbac_read_lock(&
device_list_head.lock, &dflags);
12096
12097 device_p =
lookup_device(tid.file.device);
12098
if( !device_p
12099 || !device_p->d_covers
12100 || !device_p->d_covers->d_parent
12101 || !device_p->d_covers->d_parent->d_inode
12102 )
12103 {
12104
12105 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12106
return -
RSBAC_ENOTFOUND;
12107 }
12108 parent_tid_p->dir.device = device_p->d_covers->d_parent->d_sb->s_dev;
12109 parent_tid_p->dir.inode = device_p->d_covers->d_parent->d_inode->i_ino;
12110 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
12111
12112 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12113 }
12114
else
12115 {
12116
if(!tid.file.dentry_p->d_parent)
12117 {
12118
#ifdef CONFIG_RSBAC_RMSG
12119
rsbac_printk(KERN_WARNING
12120
"rsbac_get_parent(): oops - d_parent is NULL!\n");
12121
#endif
12122
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12123
if (!rsbac_nosyslog)
12124
#endif
12125
printk(KERN_WARNING
12126
"rsbac_get_parent(): oops - d_parent is NULL!\n");
12127
return -
RSBAC_ENOTFOUND;
12128 }
12129
if(tid.file.dentry_p == tid.file.dentry_p->d_parent)
12130 {
12131
#ifdef CONFIG_RSBAC_RMSG
12132
rsbac_printk(KERN_WARNING
12133
"rsbac_get_parent(): oops - d_parent == dentry_p!\n");
12134
#endif
12135
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12136
if (!rsbac_nosyslog)
12137
#endif
12138
printk(KERN_WARNING
12139
"rsbac_get_parent(): oops - d_parent == dentry_p!\n");
12140
return -
RSBAC_ENOTFOUND;
12141 }
12142
if(!tid.file.dentry_p->d_parent->d_inode)
12143 {
12144
#ifdef CONFIG_RSBAC_RMSG
12145
rsbac_printk(KERN_WARNING
12146
"rsbac_get_parent(): oops - d_parent has no d_inode!\n");
12147
#endif
12148
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12149
if (!rsbac_nosyslog)
12150
#endif
12151
printk(KERN_WARNING
12152
"rsbac_get_parent(): oops - d_parent has no d_inode!\n");
12153
return -
RSBAC_ENOTFOUND;
12154 }
12155 parent_tid_p->dir.device = tid.file.device;
12156 parent_tid_p->dir.inode = tid.file.dentry_p->d_parent->d_inode->i_ino;
12157 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
12158 }
12159
return 0;
12160 }
12161
12162
12163
12164
12165
#if defined(CONFIG_RSBAC_REG)
12166
EXPORT_SYMBOL(rsbac_get_attr);
12167
#endif
12168 int rsbac_get_attr(
enum rsbac_switch_target_t module,
12169
enum rsbac_target_t target,
12170
union rsbac_target_id_t tid,
12171
enum rsbac_attribute_t attr,
12172
union rsbac_attribute_value_t * value,
12173
boolean inherit)
12174 {
12175
int err = 0;
12176
struct rsbac_device_list_item_t * device_p;
12177 u_long dflags;
12178
#if defined(CONFIG_RSBAC_FF)
12179
rsbac_ff_flags_t ff_flags = 0;
12180
rsbac_ff_flags_t ff_tmp_flags;
12181
rsbac_ff_flags_t ff_mask = -1;
12182
#endif
12183
12184
if (!
rsbac_initialized)
12185 {
12186
#ifdef CONFIG_RSBAC_RMSG
12187
rsbac_printk(KERN_WARNING
"rsbac_get_attr(): RSBAC not initialized\n");
12188
#endif
12189
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12190
if (!rsbac_nosyslog)
12191
#endif
12192
printk(KERN_WARNING
"rsbac_get_attr(): RSBAC not initialized\n");
12193
return(-
RSBAC_ENOTINITIALIZED);
12194 }
12195
if (!value)
12196
return(-
RSBAC_EINVALIDPOINTER);
12197
if (in_interrupt())
12198 {
12199
#ifdef CONFIG_RSBAC_RMSG
12200
rsbac_printk(KERN_WARNING
"rsbac_get_attr(): called from interrupt!\n");
12201
#endif
12202
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12203
if (!rsbac_nosyslog)
12204
#endif
12205
printk(KERN_WARNING
"rsbac_get_attr(): called from interrupt!\n");
12206 }
12207
#ifdef CONFIG_RSBAC_XSTATS
12208
get_attr_count[target]++;
12209
#endif
12210
switch (target)
12211 {
12212
case T_FILE:
12213
case T_DIR:
12214
case T_FIFO:
12215
case T_SYMLINK:
12216
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
12217
if( !RSBAC_MAJOR(tid.file.device)
12218 && !RSBAC_MINOR(tid.file.device)
12219 )
12220
return -
RSBAC_EINVALIDDEV;
12221
#endif
12222
12223
for(;;)
12224 {
12225
12226
12227
12228
12229
12230
12231
12232
12233 rsbac_read_lock(&
device_list_head.lock, &dflags);
12234
12235
12236
12237
12238
12239
12240
12241
12242
12243
12244 device_p =
lookup_device(tid.file.device);
12245
if (!device_p)
12246 {
12247
struct super_block * sb_p;
12248
12249 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12250
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
12251
sb_p = user_get_super(tid.file.device);
12252
#else
12253
sb_p = get_super(tid.file.device);
12254
#endif
12255
if(sb_p)
12256 {
12257
#ifdef CONFIG_RSBAC_RMSG
12258
rsbac_printk(KERN_INFO
12259
"rsbac_get_attr(): auto-mounting device %02u:%02u\n",
12260 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
12261
#endif
12262
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12263
if (!rsbac_nosyslog)
12264
#endif
12265
printk(KERN_INFO
12266
"rsbac_get_attr(): auto-mounting device %02u:%02u\n",
12267 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
12268
rsbac_mount(sb_p,
NULL);
12269
12270 drop_super(sb_p);
12271 rsbac_read_lock(&
device_list_head.lock, &dflags);
12272 device_p =
lookup_device(tid.file.device);
12273
if (!device_p)
12274 {
12275
#ifdef CONFIG_RSBAC_RMSG
12276
rsbac_printk(KERN_WARNING
12277
"rsbac_get_attr(): unknown device %02u:%02u\n",
12278 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
12279
#endif
12280
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12281
if (!rsbac_nosyslog)
12282
#endif
12283
printk(KERN_WARNING
12284
"rsbac_get_attr(): unknown device %02u:%02u\n",
12285 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
12286 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12287
return -
RSBAC_EINVALIDDEV;
12288 }
12289 }
12290
else
12291
return -
RSBAC_EINVALIDDEV;
12292 }
12293
switch(module)
12294 {
12295
case GEN:
12296 {
12297
struct rsbac_gen_fd_aci_t aci =
DEFAULT_GEN_FD_ACI;
12298
12299
if(attr == A_internal)
12300 {
12301
if(!device_p->rsbac_dir_inode || !tid.file.inode)
12302 value->internal =
FALSE;
12303
else
12304
if(device_p->rsbac_dir_inode == tid.file.inode)
12305 value->internal =
TRUE;
12306
else
12307
if(inherit)
12308 {
12309
enum rsbac_target_t parent_target;
12310
union rsbac_target_id_t parent_tid;
12311
12312
12313
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
12314 {
12315
if(device_p->rsbac_dir_inode == parent_tid.file.inode)
12316 value->internal =
TRUE;
12317
else
12318 value->internal =
FALSE;
12319 }
12320
else
12321 {
12322 value->internal =
FALSE;
12323 }
12324 }
12325
else
12326 {
12327 value->internal =
FALSE;
12328 }
12329
12330
12331 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12332
return 0;
12333 }
12334
rsbac_list_get_data(device_p->handles.gen[
gen_fd_hash(tid.file.inode)],
12335 &tid.file.inode,
12336 &aci);
12337
switch (attr)
12338 {
12339
case A_log_array_low:
12340 value->
log_array_low = aci.
log_array_low;
12341
break;
12342
case A_log_array_high:
12343 value->
log_array_high = aci.
log_array_high;
12344
break;
12345
case A_log_program_based:
12346 value->
log_program_based = aci.
log_program_based;
12347
break;
12348
case A_symlink_add_uid:
12349 value->
symlink_add_uid = aci.
symlink_add_uid;
12350
break;
12351
case A_symlink_add_mac_level:
12352 value->
symlink_add_mac_level = aci.
symlink_add_mac_level;
12353
break;
12354
case A_symlink_add_rc_role:
12355 value->
symlink_add_rc_role = aci.
symlink_add_rc_role;
12356
break;
12357
case A_linux_dac_disable:
12358 value->
linux_dac_disable = aci.
linux_dac_disable;
12359
if((value->
linux_dac_disable ==
LDD_inherit) && inherit)
12360 {
12361
enum rsbac_target_t parent_target;
12362
union rsbac_target_id_t parent_tid;
12363
12364
12365 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12366
12367
12368
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
12369 {
12370 target = parent_target;
12371 tid = parent_tid;
12372
continue;
12373 }
12374
else
12375 {
12376 value->
linux_dac_disable
12377 =
def_gen_root_dir_aci.
linux_dac_disable;
12378
return 0;
12379 }
12380 }
12381
break;
12382
case A_fake_root_uid:
12383 value->
fake_root_uid = aci.
fake_root_uid;
12384
break;
12385
default:
12386 err = -
RSBAC_EINVALIDATTR;
12387 }
12388 }
12389
break;
12390
12391
#if defined(CONFIG_RSBAC_MAC)
12392
case MAC:
12393 {
12394
struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
12395
12396
rsbac_list_get_data(device_p->handles.mac[mac_fd_hash(tid.file.inode)],
12397 &tid.file.inode,
12398 &aci);
12399
switch (attr)
12400 {
12401
case A_security_level:
12402 value->
security_level = aci.sec_level;
12403
if((value->
security_level ==
SL_inherit) && inherit)
12404 {
12405
enum rsbac_target_t parent_target;
12406
union rsbac_target_id_t parent_tid;
12407
12408
12409 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12410
12411
12412
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
12413 {
12414 target = parent_target;
12415 tid = parent_tid;
12416
continue;
12417 }
12418
else
12419 {
12420 value->
security_level
12421 = def_mac_root_dir_aci.sec_level;
12422
return 0;
12423 }
12424 }
12425
break;
12426
case A_mac_categories:
12427 value->
mac_categories = aci.mac_categories;
12428
if( (value->
mac_categories ==
RSBAC_MAC_INHERIT_CAT_VECTOR)
12429 && inherit
12430 )
12431 {
12432
enum rsbac_target_t parent_target;
12433
union rsbac_target_id_t parent_tid;
12434
12435
12436 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12437
12438
12439
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
12440 {
12441 target = parent_target;
12442 tid = parent_tid;
12443
continue;
12444 }
12445
else
12446 {
12447 value->
mac_categories
12448 = def_mac_root_dir_aci.mac_categories;
12449
return 0;
12450 }
12451 }
12452
break;
12453
case A_mac_auto:
12454 value->
mac_auto = aci.mac_auto;
12455
if( (value->
mac_auto ==
MA_inherit)
12456 && inherit
12457 )
12458 {
12459
enum rsbac_target_t parent_target;
12460
union rsbac_target_id_t parent_tid;
12461
12462
12463 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12464
12465
12466
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
12467 {
12468 target = parent_target;
12469 tid = parent_tid;
12470
continue;
12471 }
12472
else
12473 {
12474 value->
mac_auto
12475 = def_mac_root_dir_aci.mac_auto;
12476
return 0;
12477 }
12478 }
12479
break;
12480
case A_mac_prop_trusted:
12481 value->
mac_prop_trusted = aci.mac_prop_trusted;
12482
break;
12483
case A_mac_file_flags:
12484 value->
mac_file_flags = aci.mac_file_flags;
12485
break;
12486
12487
default:
12488 err = -
RSBAC_EINVALIDATTR;
12489 }
12490 }
12491
break;
12492
#endif
12493
12494
#if defined(CONFIG_RSBAC_FC)
12495
case FC:
12496 {
12497
switch (attr)
12498 {
12499
case A_object_category:
12500 value->
object_category =
RSBAC_FC_OC_DEF;
12501
rsbac_list_get_data(device_p->handles.fc[fc_fd_hash(tid.file.inode)],
12502 &tid.file.inode,
12503 &value->
object_category);
12504
if((value->
object_category ==
OC_inherit) && inherit)
12505 {
12506
enum rsbac_target_t parent_target;
12507
union rsbac_target_id_t parent_tid;
12508
12509
12510 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12511
12512
12513
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
12514 {
12515 target = parent_target;
12516 tid = parent_tid;
12517
continue;
12518 }
12519
else
12520 {
12521 value->
object_category
12522 =
RSBAC_FC_OC_ROOT_DEF;
12523
return 0;
12524 }
12525 }
12526
break;
12527
12528
default:
12529 err = -
RSBAC_EINVALIDATTR;
12530 }
12531 }
12532
break;
12533
#endif
12534
12535
#if defined(CONFIG_RSBAC_SIM)
12536
case SIM:
12537 {
12538
switch (attr)
12539 {
12540
case A_data_type:
12541 value->
data_type =
RSBAC_SIM_DT_DEF;
12542
rsbac_list_get_data(device_p->handles.sim[sim_fd_hash(tid.file.inode)],
12543 &tid.file.inode,
12544 &value->
data_type);
12545
if(value->
data_type ==
DT_inherit && inherit)
12546 {
12547
enum rsbac_target_t parent_target;
12548
union rsbac_target_id_t parent_tid;
12549
12550
12551 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12552
12553
12554
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
12555 {
12556 target = parent_target;
12557 tid = parent_tid;
12558
continue;
12559 }
12560
else
12561 {
12562 value->
data_type
12563 =
RSBAC_SIM_DT_ROOT_DEF;
12564
return 0;
12565 }
12566 }
12567
break;
12568
12569
default:
12570 err = -
RSBAC_EINVALIDATTR;
12571 }
12572 }
12573
break;
12574
#endif
12575
12576
#if defined(CONFIG_RSBAC_PM)
12577
case PM:
12578 {
12579
struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
12580
12581
rsbac_list_get_data(device_p->handles.pm[pm_fd_hash(tid.file.inode)],
12582 &tid.file.inode,
12583 &aci);
12584
switch (attr)
12585 {
12586
case A_pm_object_class:
12587 value->
pm_object_class = aci.pm_object_class;
12588
break;
12589
case A_pm_tp:
12590 value->
pm_tp = aci.pm_tp;
12591
break;
12592
case A_pm_object_type:
12593 value->
pm_object_type = aci.pm_object_type;
12594
break;
12595
default:
12596 err = -
RSBAC_EINVALIDATTR;
12597 }
12598 }
12599
break;
12600
#endif
12601
12602
#if defined(CONFIG_RSBAC_DAZ)
12603
case DAZ:
12604 {
12605
#if defined(CONFIG_RSBAC_DAZ_CACHE)
12606
if(attr ==
A_daz_scanned)
12607 {
12608 err =
rsbac_list_get_data(device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)],
12609 &tid.file.inode,
12610 &value->
daz_scanned);
12611 }
12612
else
12613
#endif
12614
{
12615
struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI;
12616
12617
rsbac_list_get_data(device_p->handles.daz[daz_fd_hash(tid.file.inode)],
12618 &tid.file.inode,
12619 &aci);
12620
switch (attr)
12621 {
12622
case A_daz_scanner:
12623 value->
daz_scanner = aci.daz_scanner;
12624
break;
12625
default:
12626 err = -
RSBAC_EINVALIDATTR;
12627 }
12628 }
12629 }
12630
break;
12631
#endif
12632
12633
#if defined(CONFIG_RSBAC_FF)
12634
case FF:
12635 {
12636
switch (attr)
12637 {
12638
case A_ff_flags:
12639 ff_tmp_flags =
RSBAC_FF_DEF;
12640
rsbac_list_get_data(device_p->handles.ff[ff_fd_hash(tid.file.inode)],
12641 &tid.file.inode,
12642 &ff_tmp_flags);
12643 ff_flags |= ff_tmp_flags & ff_mask;
12644 value->
ff_flags = ff_flags;
12645
if((ff_tmp_flags &
FF_add_inherited) && inherit)
12646 {
12647
12648
if(!
rsbac_get_parent(target, tid, &target, &tid))
12649 {
12650
12651 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12652
12653 ff_mask &= ~(
FF_no_delete_or_rename |
FF_add_inherited);
12654 ff_flags &= ~(
FF_add_inherited);
12655
continue;
12656 }
12657
else
12658 value->
ff_flags &= ~(
FF_add_inherited);
12659 }
12660
break;
12661
12662
default:
12663 err = -
RSBAC_EINVALIDATTR;
12664 }
12665 }
12666
break;
12667
#endif
12668
12669
#if defined(CONFIG_RSBAC_RC)
12670
case RC:
12671 {
12672
struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
12673
12674
rsbac_list_get_data(device_p->handles.rc[rc_fd_hash(tid.file.inode)],
12675 &tid.file.inode,
12676 &aci);
12677
switch (attr)
12678 {
12679
case A_rc_type_fd:
12680 value->
rc_type_fd = aci.rc_type_fd;
12681
if(value->
rc_type_fd ==
RC_type_inherit_parent && inherit)
12682 {
12683
enum rsbac_target_t parent_target;
12684
union rsbac_target_id_t parent_tid;
12685
12686
12687 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12688
12689
12690
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
12691 {
12692 target = parent_target;
12693 tid = parent_tid;
12694
continue;
12695 }
12696
else
12697 {
12698 value->
rc_type_fd
12699 = def_rc_root_dir_aci.rc_type_fd;
12700
return 0;
12701 }
12702 }
12703
break;
12704
case A_rc_force_role:
12705 value->
rc_force_role = aci.rc_force_role;
12706
if(value->
rc_force_role ==
RC_role_inherit_parent && inherit)
12707 {
12708
enum rsbac_target_t parent_target;
12709
union rsbac_target_id_t parent_tid;
12710
12711
12712 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12713
12714
12715
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
12716 {
12717 target = parent_target;
12718 tid = parent_tid;
12719
continue;
12720 }
12721
else
12722 {
12723 value->
rc_force_role
12724 = def_rc_root_dir_aci.rc_force_role;
12725
return 0;
12726 }
12727 }
12728
break;
12729
case A_rc_initial_role:
12730 value->
rc_initial_role = aci.rc_initial_role;
12731
if(value->
rc_initial_role ==
RC_role_inherit_parent && inherit)
12732 {
12733
enum rsbac_target_t parent_target;
12734
union rsbac_target_id_t parent_tid;
12735
12736
12737 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12738
12739
12740
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
12741 {
12742 target = parent_target;
12743 tid = parent_tid;
12744
continue;
12745 }
12746
else
12747 {
12748 value->
rc_initial_role
12749 = def_rc_root_dir_aci.rc_initial_role;
12750
return 0;
12751 }
12752 }
12753
break;
12754
12755
default:
12756 err = -
RSBAC_EINVALIDATTR;
12757 }
12758 }
12759
break;
12760
#endif
12761
12762
#if defined(CONFIG_RSBAC_AUTH)
12763
case AUTH:
12764 {
12765
struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI;
12766
12767
rsbac_list_get_data(device_p->handles.auth[auth_fd_hash(tid.file.inode)],
12768 &tid.file.inode,
12769 &aci);
12770
switch (attr)
12771 {
12772
case A_auth_may_setuid:
12773 value->
auth_may_setuid = aci.auth_may_setuid;
12774
break;
12775
case A_auth_may_set_cap:
12776 value->
auth_may_set_cap = aci.auth_may_set_cap;
12777
break;
12778
case A_auth_learn:
12779 value->
auth_learn = aci.auth_learn;
12780
break;
12781
default:
12782 err = -
RSBAC_EINVALIDATTR;
12783 }
12784 }
12785
break;
12786
#endif
12787
12788
#if defined(CONFIG_RSBAC_CAP)
12789
case CAP:
12790 {
12791
struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
12792
12793
rsbac_list_get_data(device_p->handles.cap[cap_fd_hash(tid.file.inode)],
12794 &tid.file.inode,
12795 &aci);
12796
switch (attr)
12797 {
12798
case A_min_caps:
12799 value->
min_caps = aci.min_caps;
12800
break;
12801
case A_max_caps:
12802 value->
max_caps = aci.max_caps;
12803
break;
12804
default:
12805 err = -
RSBAC_EINVALIDATTR;
12806 }
12807 }
12808
break;
12809
#endif
12810
12811
#if defined(CONFIG_RSBAC_RES)
12812
case RES:
12813 {
12814
struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
12815
12816
rsbac_list_get_data(device_p->handles.res[res_fd_hash(tid.file.inode)],
12817 &tid.file.inode,
12818 &aci);
12819
switch (attr)
12820 {
12821
case A_res_min:
12822 memcpy(&value->
res_array, &aci.res_min,
sizeof(aci.res_min));
12823
break;
12824
case A_res_max:
12825 memcpy(&value->
res_array, &aci.res_max,
sizeof(aci.res_max));
12826
break;
12827
default:
12828 err = -
RSBAC_EINVALIDATTR;
12829 }
12830 }
12831
break;
12832
#endif
12833
12834
#if defined(CONFIG_RSBAC_PAX)
12835
case PAX:
12836 {
12837
switch (attr)
12838 {
12839
case A_pax_flags:
12840 value->
pax_flags =
RSBAC_PAX_DEF_FLAGS;
12841
rsbac_list_get_data(device_p->handles.pax[pax_fd_hash(tid.file.inode)],
12842 &tid.file.inode,
12843 &value->
pax_flags);
12844
break;
12845
12846
default:
12847 err = -
RSBAC_EINVALIDATTR;
12848 }
12849 }
12850
break;
12851
#endif
12852
12853
default:
12854 err = -
RSBAC_EINVALIDMODULE;
12855 }
12856
12857 rsbac_read_unlock(&
device_list_head.lock, &dflags);
12858
12859
return err;
12860 }
12861
12862
case T_DEV:
12863
12864
12865
12866
12867
12868
12869
12870
switch(module)
12871 {
12872
case GEN:
12873 {
12874
struct rsbac_gen_dev_aci_t aci =
DEFAULT_GEN_DEV_ACI;
12875
struct rsbac_dev_desc_t dev_desc;
12876
12877 dev_desc.type = tid.dev.type;
12878 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
12879 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
12880
rsbac_list_get_data(
dev_handles.gen,
12881 &dev_desc,
12882 &aci);
12883
switch (attr)
12884 {
12885
case A_log_array_low:
12886 value->
log_array_low = aci.
log_array_low;
12887
break;
12888
case A_log_array_high:
12889 value->
log_array_high = aci.
log_array_high;
12890
break;
12891
default:
12892 err = -
RSBAC_EINVALIDATTR;
12893 }
12894 }
12895
break;
12896
12897
#if defined(CONFIG_RSBAC_MAC)
12898
case MAC:
12899 {
12900
struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI;
12901
struct rsbac_dev_desc_t dev_desc;
12902
12903 dev_desc.type = tid.dev.type;
12904 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
12905 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
12906
rsbac_list_get_data(
dev_handles.mac,
12907 &dev_desc,
12908 &aci);
12909
switch (attr)
12910 {
12911
case A_security_level:
12912 value->
security_level = aci.sec_level;
12913
break;
12914
case A_mac_categories:
12915 value->
mac_categories = aci.mac_categories;
12916
break;
12917
case A_mac_check:
12918 value->
mac_check = aci.mac_check;
12919
break;
12920
12921
default:
12922 err = -
RSBAC_EINVALIDATTR;
12923 }
12924 }
12925
break;
12926
#endif
12927
12928
#if defined(CONFIG_RSBAC_FC)
12929
case FC:
12930 {
12931
rsbac_fc_oc_t fc_oc =
RSBAC_FC_OC_ROOT_DEF;
12932
struct rsbac_dev_desc_t dev_desc;
12933
12934 dev_desc.type = tid.dev.type;
12935 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
12936 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
12937
rsbac_list_get_data(
dev_handles.fc,
12938 &dev_desc,
12939 &fc_oc);
12940
switch (attr)
12941 {
12942
case A_object_category:
12943 value->
object_category = fc_oc;
12944
break;
12945
12946
default:
12947 err = -
RSBAC_EINVALIDATTR;
12948 }
12949 }
12950
break;
12951
#endif
12952
12953
#if defined(CONFIG_RSBAC_SIM)
12954
case SIM:
12955 {
12956
rsbac_sim_dt_t sim_dt =
RSBAC_SIM_DT_ROOT_DEF;
12957
struct rsbac_dev_desc_t dev_desc;
12958
12959 dev_desc.type = tid.dev.type;
12960 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
12961 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
12962
rsbac_list_get_data(
dev_handles.sim,
12963 &dev_desc,
12964 &sim_dt);
12965
switch (attr)
12966 {
12967
case A_data_type:
12968 value->
data_type = sim_dt;
12969
break;
12970
12971
default:
12972 err = -
RSBAC_EINVALIDATTR;
12973 }
12974 }
12975
break;
12976
#endif
12977
12978
#if defined(CONFIG_RSBAC_PM)
12979
case PM:
12980 {
12981
struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
12982
struct rsbac_dev_desc_t dev_desc;
12983
12984 dev_desc.type = tid.dev.type;
12985 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
12986 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
12987
rsbac_list_get_data(
dev_handles.pm,
12988 &dev_desc,
12989 &aci);
12990
switch (attr)
12991 {
12992
case A_pm_object_class:
12993 value->
pm_object_class = aci.pm_object_class;
12994
break;
12995
case A_pm_object_type:
12996 value->
pm_object_type = aci.pm_object_type;
12997
break;
12998
default:
12999 err = -
RSBAC_EINVALIDATTR;
13000 }
13001 }
13002
break;
13003
#endif
13004
13005
#if defined(CONFIG_RSBAC_RC)
13006
case RC:
13007 {
13008
rsbac_rc_type_id_t type =
RSBAC_RC_GENERAL_TYPE;
13009
struct rsbac_dev_desc_t dev_desc;
13010
13011 dev_desc.type = tid.dev.type;
13012 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
13013 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
13014
rsbac_list_get_data(
dev_handles.rc,
13015 &dev_desc,
13016 &type);
13017
switch (attr)
13018 {
13019
case A_rc_type:
13020 value->
rc_type = type;
13021
break;
13022
13023
default:
13024 err = -
RSBAC_EINVALIDATTR;
13025 }
13026 }
13027
break;
13028
#endif
13029
13030
default:
13031 err = -
RSBAC_EINVALIDMODULE;
13032 }
13033
13034
return err;
13035
13036
case T_IPC:
13037
13038
13039
13040
13041
13042
13043
13044
switch(module)
13045 {
13046
#if defined(CONFIG_RSBAC_MAC)
13047
case MAC:
13048 {
13049
struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI;
13050
13051
rsbac_list_get_data(
ipc_handles.mac,
13052 &tid.
ipc,
13053 &aci);
13054
switch (attr)
13055 {
13056
case A_security_level:
13057 value->
security_level = aci.sec_level;
13058
break;
13059
case A_mac_categories:
13060 value->
mac_categories = aci.mac_categories;
13061
break;
13062
13063
default:
13064 err = -
RSBAC_EINVALIDATTR;
13065 }
13066 }
13067
break;
13068
#endif
13069
13070
#if defined(CONFIG_RSBAC_FC)
13071
case FC:
13072 {
13073
rsbac_fc_oc_t fc_oc =
RSBAC_FC_OC_ROOT_DEF;
13074
13075
rsbac_list_get_data(
ipc_handles.fc,
13076 &tid.
ipc,
13077 &fc_oc);
13078
switch (attr)
13079 {
13080
case A_object_category:
13081 value->
object_category = fc_oc;
13082
break;
13083
13084
default:
13085 err = -
RSBAC_EINVALIDATTR;
13086 }
13087 }
13088
break;
13089
#endif
13090
13091
#if defined(CONFIG_RSBAC_SIM)
13092
case SIM:
13093 {
13094
rsbac_sim_dt_t sim_dt =
RSBAC_SIM_DT_ROOT_DEF;
13095
13096
rsbac_list_get_data(
ipc_handles.sim,
13097 &tid.
ipc,
13098 &sim_dt);
13099
switch (attr)
13100 {
13101
case A_data_type:
13102 value->
data_type = sim_dt;
13103
break;
13104
13105
default:
13106 err = -
RSBAC_EINVALIDATTR;
13107 }
13108 }
13109
break;
13110
#endif
13111
13112
#if defined(CONFIG_RSBAC_PM)
13113
case PM:
13114 {
13115
struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
13116
13117
rsbac_list_get_data(
ipc_handles.pm,
13118 &tid.
ipc,
13119 &aci);
13120
switch (attr)
13121 {
13122
case A_pm_object_class:
13123 value->
pm_object_class = aci.pm_object_class;
13124
break;
13125
case A_pm_ipc_purpose:
13126 value->
pm_ipc_purpose = aci.pm_ipc_purpose;
13127
break;
13128
case A_pm_object_type:
13129 value->
pm_object_type = aci.pm_object_type;
13130
break;
13131
default:
13132 err = -
RSBAC_EINVALIDATTR;
13133 }
13134 }
13135
break;
13136
#endif
13137
13138
#if defined(CONFIG_RSBAC_RC)
13139
case RC:
13140 {
13141
rsbac_rc_type_id_t type =
RSBAC_RC_GENERAL_TYPE;
13142
13143
rsbac_list_get_data(
ipc_handles.rc,
13144 &tid.
ipc,
13145 &type);
13146
switch (attr)
13147 {
13148
case A_rc_type:
13149 value->
rc_type = type;
13150
break;
13151
13152
default:
13153 err = -
RSBAC_EINVALIDATTR;
13154 }
13155 }
13156
break;
13157
#endif
13158
13159
#if defined(CONFIG_RSBAC_JAIL)
13160
case JAIL:
13161 {
13162
rsbac_jail_id_t id =
RSBAC_JAIL_DEF_ID;
13163
13164
rsbac_list_get_data(
ipc_handles.jail,
13165 &tid.
ipc,
13166 &
id);
13167
switch (attr)
13168 {
13169
case A_jail_id:
13170 value->
jail_id =
id;
13171
break;
13172
13173
default:
13174 err = -
RSBAC_EINVALIDATTR;
13175 }
13176 }
13177
break;
13178
#endif
13179
13180
default:
13181 err = -
RSBAC_EINVALIDMODULE;
13182 }
13183
13184
return err;
13185
13186
case T_USER:
13187
13188
13189
13190
13191
13192
13193
switch(module)
13194 {
13195
case GEN:
13196 {
13197
struct rsbac_gen_user_aci_t aci =
DEFAULT_GEN_U_ACI;
13198
13199
rsbac_list_get_data(
user_handles.gen,
13200 &tid.
user,
13201 &aci);
13202
switch (attr)
13203 {
13204
case A_pseudo:
13205 value->
pseudo = aci.
pseudo;
13206
break;
13207
case A_log_user_based:
13208 value->
log_user_based = aci.
log_user_based;
13209
break;
13210
default:
13211 err = -
RSBAC_EINVALIDATTR;
13212 }
13213 }
13214
break;
13215
13216
#if defined(CONFIG_RSBAC_MAC)
13217
case MAC:
13218 {
13219
struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI;
13220
13221
rsbac_list_get_data(
user_handles.mac,
13222 &tid.
user,
13223 &aci);
13224
switch (attr)
13225 {
13226
case A_security_level:
13227 value->
security_level = aci.security_level;
13228
break;
13229
case A_initial_security_level:
13230 value->
security_level = aci.initial_security_level;
13231
break;
13232
case A_min_security_level:
13233 value->
security_level = aci.min_security_level;
13234
break;
13235
case A_mac_categories:
13236 value->
mac_categories = aci.mac_categories;
13237
break;
13238
case A_mac_initial_categories:
13239 value->
mac_categories = aci.mac_initial_categories;
13240
break;
13241
case A_mac_min_categories:
13242 value->
mac_categories = aci.mac_min_categories;
13243
break;
13244
case A_system_role:
13245
case A_mac_role:
13246 value->
system_role = aci.system_role;
13247
break;
13248
case A_mac_user_flags:
13249 value->
mac_user_flags = aci.mac_user_flags;
13250
break;
13251
13252
default:
13253 err = -
RSBAC_EINVALIDATTR;
13254 }
13255 }
13256
break;
13257
#endif
13258
13259
#if defined(CONFIG_RSBAC_FC)
13260
case FC:
13261 {
13262
rsbac_system_role_int_t role =
SR_user;
13263
13264
rsbac_list_get_data(
user_handles.fc,
13265 &tid.
user,
13266 &role);
13267
switch (attr)
13268 {
13269
case A_system_role:
13270
case A_fc_role:
13271 value->
system_role = role;
13272
break;
13273
13274
default:
13275 err = -
RSBAC_EINVALIDATTR;
13276 }
13277 }
13278
break;
13279
#endif
13280
13281
#if defined(CONFIG_RSBAC_SIM)
13282
case SIM:
13283 {
13284
rsbac_system_role_int_t role =
SR_user;
13285
13286
rsbac_list_get_data(
user_handles.sim,
13287 &tid.
user,
13288 &role);
13289
switch (attr)
13290 {
13291
case A_system_role:
13292
case A_sim_role:
13293 value->
system_role = role;
13294
break;
13295
13296
default:
13297 err = -
RSBAC_EINVALIDATTR;
13298 }
13299 }
13300
break;
13301
#endif
13302
13303
#if defined(CONFIG_RSBAC_PM)
13304
case PM:
13305 {
13306
struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
13307
13308
rsbac_list_get_data(
user_handles.pm,
13309 &tid.
user,
13310 &aci);
13311
switch (attr)
13312 {
13313
case A_pm_task_set:
13314 value->
pm_task_set = aci.pm_task_set;
13315
break;
13316
case A_pm_role:
13317 value->
pm_role = aci.pm_role;
13318
break;
13319
default:
13320 err = -
RSBAC_EINVALIDATTR;
13321 }
13322 }
13323
break;
13324
#endif
13325
13326
#if defined(CONFIG_RSBAC_DAZ)
13327
case DAZ:
13328 {
13329
rsbac_system_role_int_t role =
SR_user;
13330
13331
rsbac_list_get_data(
user_handles.daz,
13332 &tid.
user,
13333 &role);
13334
switch (attr)
13335 {
13336
case A_system_role:
13337
case A_daz_role:
13338 value->
system_role = role;
13339
break;
13340
13341
default:
13342 err = -
RSBAC_EINVALIDATTR;
13343 }
13344 }
13345
break;
13346
#endif
13347
13348
#if defined(CONFIG_RSBAC_FF)
13349
case FF:
13350 {
13351
rsbac_system_role_int_t role =
SR_user;
13352
13353
rsbac_list_get_data(
user_handles.ff,
13354 &tid.
user,
13355 &role);
13356
switch (attr)
13357 {
13358
case A_system_role:
13359
case A_ff_role:
13360 value->
system_role = role;
13361
break;
13362
13363
default:
13364 err = -
RSBAC_EINVALIDATTR;
13365 }
13366 }
13367
break;
13368
#endif
13369
13370
#if defined(CONFIG_RSBAC_RC)
13371
case RC:
13372 {
13373
struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
13374
13375
rsbac_list_get_data(
user_handles.rc,
13376 &tid.
user,
13377 &aci);
13378
switch (attr)
13379 {
13380
case A_rc_def_role:
13381 value->
rc_def_role = aci.rc_role;
13382
break;
13383
case A_rc_type:
13384 value->
rc_type = aci.rc_type;
13385
break;
13386
default:
13387 err = -
RSBAC_EINVALIDATTR;
13388 }
13389 }
13390
break;
13391
#endif
13392
13393
#if defined(CONFIG_RSBAC_AUTH)
13394
case AUTH:
13395 {
13396
rsbac_system_role_int_t role =
SR_user;
13397
13398
rsbac_list_get_data(
user_handles.auth,
13399 &tid.
user,
13400 &role);
13401
switch (attr)
13402 {
13403
case A_system_role:
13404
case A_auth_role:
13405 value->
system_role = role;
13406
break;
13407
13408
default:
13409 err = -
RSBAC_EINVALIDATTR;
13410 }
13411 }
13412
break;
13413
#endif
13414
13415
#if defined(CONFIG_RSBAC_CAP)
13416
case CAP:
13417 {
13418
struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI;
13419
13420
rsbac_list_get_data(
user_handles.cap,
13421 &tid.
user,
13422 &aci);
13423
switch (attr)
13424 {
13425
case A_system_role:
13426
case A_cap_role:
13427 value->
system_role = aci.cap_role;
13428
break;
13429
case A_min_caps:
13430 value->
min_caps = aci.min_caps;
13431
break;
13432
case A_max_caps:
13433 value->
max_caps = aci.max_caps;
13434
break;
13435
default:
13436 err = -
RSBAC_EINVALIDATTR;
13437 }
13438 }
13439
break;
13440
#endif
13441
13442
#if defined(CONFIG_RSBAC_JAIL)
13443
case JAIL:
13444 {
13445
rsbac_system_role_int_t role =
SR_user;
13446
13447
rsbac_list_get_data(
user_handles.jail,
13448 &tid.
user,
13449 &role);
13450
switch (attr)
13451 {
13452
case A_system_role:
13453
case A_jail_role:
13454 value->
system_role = role;
13455
break;
13456
13457
default:
13458 err = -
RSBAC_EINVALIDATTR;
13459 }
13460 }
13461
break;
13462
#endif
13463
13464
#if defined(CONFIG_RSBAC_RES)
13465
case RES:
13466 {
13467
struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI;
13468
13469
if(
rsbac_list_get_data(
user_handles.res,
13470 &tid.
user,
13471 &aci)
13472 && (tid.
user !=
RSBAC_ALL_USERS)
13473 )
13474 {
13475 tid.
user =
RSBAC_ALL_USERS;
13476
rsbac_list_get_data(
user_handles.res,
13477 &tid.
user,
13478 &aci);
13479 }
13480
switch (attr)
13481 {
13482
case A_system_role:
13483
case A_res_role:
13484 value->
system_role = aci.res_role;
13485
break;
13486
case A_res_min:
13487 memcpy(&value->
res_array, &aci.res_min,
sizeof(aci.res_min));
13488
break;
13489
case A_res_max:
13490 memcpy(&value->
res_array, &aci.res_max,
sizeof(aci.res_max));
13491
break;
13492
default:
13493 err = -
RSBAC_EINVALIDATTR;
13494 }
13495 }
13496
break;
13497
#endif
13498
13499
#if defined(CONFIG_RSBAC_PAX)
13500
case PAX:
13501 {
13502
rsbac_system_role_int_t role =
SR_user;
13503
13504
rsbac_list_get_data(
user_handles.pax,
13505 &tid.
user,
13506 &role);
13507
switch (attr)
13508 {
13509
case A_system_role:
13510
case A_pax_role:
13511 value->
system_role = role;
13512
break;
13513
13514
default:
13515 err = -
RSBAC_EINVALIDATTR;
13516 }
13517 }
13518
break;
13519
#endif
13520
13521
default:
13522 err = -
RSBAC_EINVALIDMODULE;
13523 }
13524
13525
return err;
13526
13527
case T_PROCESS:
13528
13529
13530
13531
13532
13533
13534
switch(module)
13535 {
13536
case GEN:
13537 {
13538
struct rsbac_gen_process_aci_t aci =
DEFAULT_GEN_P_ACI;
13539
13540
rsbac_list_get_data(
process_handles.gen,
13541 &tid.
process,
13542 &aci);
13543
switch (attr)
13544 {
13545
case A_log_program_based:
13546 value->
log_program_based = aci.
log_program_based;
13547
break;
13548
case A_fake_root_uid:
13549 value->
fake_root_uid = aci.
fake_root_uid;
13550
break;
13551
default:
13552 err = -
RSBAC_EINVALIDATTR;
13553 }
13554 }
13555
break;
13556
13557
#if defined(CONFIG_RSBAC_MAC)
13558
case MAC:
13559 {
13560
struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI;
13561
13562
rsbac_list_get_data(
process_handles.mac[mac_p_hash(tid.
process)],
13563 &tid.
process,
13564 &aci);
13565
switch (attr)
13566 {
13567
case A_security_level:
13568 value->
security_level = aci.owner_sec_level;
13569
break;
13570
case A_initial_security_level:
13571 value->
security_level = aci.owner_initial_sec_level;
13572
break;
13573
case A_min_security_level:
13574 value->
security_level = aci.owner_min_sec_level;
13575
break;
13576
case A_mac_categories:
13577 value->
mac_categories = aci.mac_owner_categories;
13578
break;
13579
case A_mac_initial_categories:
13580 value->
mac_categories = aci.mac_owner_initial_categories;
13581
break;
13582
case A_mac_min_categories:
13583 value->
mac_categories = aci.mac_owner_min_categories;
13584
break;
13585
case A_current_sec_level:
13586 value->
current_sec_level = aci.current_sec_level;
13587
break;
13588
case A_mac_curr_categories:
13589 value->
mac_categories = aci.mac_curr_categories;
13590
break;
13591
case A_min_write_open:
13592 value->
min_write_open = aci.min_write_open;
13593
break;
13594
case A_min_write_categories:
13595 value->
mac_categories = aci.min_write_categories;
13596
break;
13597
case A_max_read_open:
13598 value->
max_read_open = aci.max_read_open;
13599
break;
13600
case A_max_read_categories:
13601 value->
mac_categories = aci.max_read_categories;
13602
break;
13603
case A_mac_process_flags:
13604 value->
mac_process_flags = aci.mac_process_flags;
13605
break;
13606
case A_mac_auto:
13607
if(aci.mac_process_flags &
MAC_auto)
13608 value->
mac_auto =
TRUE;
13609
else
13610 value->
mac_auto =
FALSE;
13611
break;
13612
13613
default:
13614 err = -
RSBAC_EINVALIDATTR;
13615 }
13616 }
13617
break;
13618
#endif
13619
13620
#if defined(CONFIG_RSBAC_PM)
13621
case PM:
13622 {
13623
struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI;
13624
13625
rsbac_list_get_data(
process_handles.pm,
13626 &tid.
process,
13627 &aci);
13628
switch (attr)
13629 {
13630
case A_pm_tp:
13631 value->
pm_tp = aci.pm_tp;
13632
break;
13633
case A_pm_current_task:
13634 value->
pm_current_task = aci.pm_current_task;
13635
break;
13636
case A_pm_process_type:
13637 value->
pm_process_type = aci.pm_process_type;
13638
break;
13639
default:
13640 err = -
RSBAC_EINVALIDATTR;
13641 }
13642 }
13643
break;
13644
#endif
13645
13646
#if defined(CONFIG_RSBAC_DAZ)
13647
case DAZ:
13648 {
13649
struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI;
13650
13651
rsbac_list_get_data(
process_handles.daz,
13652 &tid.
process,
13653 &aci);
13654
switch (attr)
13655 {
13656
case A_daz_scanner:
13657 value->
daz_scanner = aci.daz_scanner;
13658
break;
13659
default:
13660 err = -
RSBAC_EINVALIDATTR;
13661 }
13662 }
13663
break;
13664
#endif
13665
13666
#if defined(CONFIG_RSBAC_RC)
13667
case RC:
13668 {
13669
struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI;
13670
13671
rsbac_list_get_data(
process_handles.rc[rc_p_hash(tid.
process)],
13672 &tid.
process,
13673 &aci);
13674
switch (attr)
13675 {
13676
case A_rc_role:
13677 value->
rc_role = aci.rc_role;
13678
break;
13679
case A_rc_type:
13680 value->
rc_type = aci.rc_type;
13681
break;
13682
case A_rc_force_role:
13683 value->
rc_force_role = aci.rc_force_role;
13684
break;
13685
default:
13686 err = -
RSBAC_EINVALIDATTR;
13687 }
13688 }
13689
break;
13690
#endif
13691
13692
#if defined(CONFIG_RSBAC_AUTH)
13693
case AUTH:
13694 {
13695
struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI;
13696
13697
rsbac_list_get_data(
process_handles.auth,
13698 &tid.
process,
13699 &aci);
13700
switch (attr)
13701 {
13702
case A_auth_may_setuid:
13703 value->
auth_may_setuid = aci.auth_may_setuid;
13704
break;
13705
case A_auth_may_set_cap:
13706 value->
auth_may_set_cap = aci.auth_may_set_cap;
13707
break;
13708
#if defined(CONFIG_RSBAC_AUTH_LEARN)
13709
case A_auth_program_file:
13710 value->auth_program_file = aci.auth_program_file;
13711
break;
13712
case A_auth_start_uid:
13713 value->auth_start_uid = aci.auth_start_uid;
13714
break;
13715
case A_auth_learn:
13716 value->
auth_learn = aci.auth_learn;
13717
break;
13718
#else
13719
case A_auth_learn:
13720 value->
auth_learn =
FALSE;
13721
break;
13722
#endif
13723
default:
13724 err = -
RSBAC_EINVALIDATTR;
13725 }
13726 }
13727
break;
13728
#endif
13729
13730
#if defined(CONFIG_RSBAC_CAP)
13731
case CAP:
13732 {
13733
struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI;
13734
13735
rsbac_list_get_data(
process_handles.cap,
13736 &tid.
process,
13737 &aci);
13738
switch (attr)
13739 {
13740
case A_cap_process_hiding:
13741 value->
cap_process_hiding = aci.cap_process_hiding;
13742
break;
13743
default:
13744 err = -
RSBAC_EINVALIDATTR;
13745 }
13746 }
13747
break;
13748
#endif
13749
13750
#if defined(CONFIG_RSBAC_JAIL)
13751
case JAIL:
13752 {
13753
struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI;
13754
13755
rsbac_list_get_data(
process_handles.jail[jail_p_hash(tid.
process)],
13756 &tid.
process,
13757 &aci);
13758
switch (attr)
13759 {
13760
case A_jail_id:
13761 value->
jail_id = aci.id;
13762
break;
13763
case A_jail_ip:
13764 value->
jail_ip = aci.ip;
13765
break;
13766
case A_jail_flags:
13767 value->
jail_flags = aci.flags;
13768
break;
13769
case A_jail_max_caps:
13770 value->
jail_max_caps = aci.max_caps;
13771
break;
13772
default:
13773 err = -
RSBAC_EINVALIDATTR;
13774 }
13775 }
13776
break;
13777
#endif
13778
13779
#if defined(CONFIG_RSBAC_PAX)
13780
case PAX:
13781 {
13782
struct task_struct * task_p;
13783
13784
switch (attr)
13785 {
13786
case A_pax_flags:
13787 read_lock(&tasklist_lock);
13788 task_p = find_task_by_pid(tid.
process);
13789
if(task_p)
13790 value->
pax_flags = task_p->flags &
RSBAC_PAX_ALL_FLAGS;
13791
else
13792 err = -
RSBAC_EINVALIDTARGET;
13793 read_unlock(&tasklist_lock);
13794
break;
13795
default:
13796 err = -
RSBAC_EINVALIDATTR;
13797 }
13798 }
13799
break;
13800
#endif
13801
13802
default:
13803 err = -
RSBAC_EINVALIDMODULE;
13804 }
13805
return err;
13806
13807
#ifdef CONFIG_RSBAC_NET_DEV
13808
case T_NETDEV:
13809
13810
13811
13812
13813
13814
13815
13816
switch(module)
13817 {
13818
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
13819
case GEN:
13820 {
13821
struct rsbac_gen_netdev_aci_t aci =
DEFAULT_GEN_NETDEV_ACI;
13822
13823
rsbac_list_get_data(netdev_handles.gen,
13824 &tid.
netdev,
13825 &aci);
13826
switch (attr)
13827 {
13828
case A_log_array_low:
13829 value->
log_array_low = aci.
log_array_low;
13830
break;
13831
case A_log_array_high:
13832 value->
log_array_high = aci.
log_array_high;
13833
break;
13834
default:
13835 err = -
RSBAC_EINVALIDATTR;
13836 }
13837 }
13838
break;
13839
#endif
13840
#if defined(CONFIG_RSBAC_RC)
13841
case RC:
13842 {
13843
rsbac_rc_type_id_t type =
RSBAC_RC_GENERAL_TYPE;
13844
13845
rsbac_list_get_data(netdev_handles.rc,
13846 &tid.
netdev,
13847 &type);
13848
switch (attr)
13849 {
13850
case A_rc_type:
13851 value->
rc_type = type;
13852
break;
13853
13854
default:
13855 err = -
RSBAC_EINVALIDATTR;
13856 }
13857 }
13858
break;
13859
#endif
13860
13861
default:
13862 err = -
RSBAC_EINVALIDMODULE;
13863 }
13864
13865
return err;
13866
#endif
13867
13868
#ifdef CONFIG_RSBAC_NET_OBJ
13869
case T_NETTEMP:
13870
13871
13872
13873
13874
13875
13876
if( tid.
nettemp
13877 && !
rsbac_list_exist(net_temp_handle, &tid.
nettemp)
13878 )
13879
return -
RSBAC_EINVALIDTARGET;
13880
switch(module)
13881 {
13882
#if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
13883
case GEN:
13884 {
13885
struct rsbac_gen_fd_aci_t aci =
DEFAULT_GEN_NETOBJ_ACI;
13886
13887
if(tid.
nettemp)
13888
rsbac_list_get_data(nettemp_handles.gen,
13889 &tid.
nettemp,
13890 &aci);
13891
switch (attr)
13892 {
13893
case A_log_array_low:
13894 value->
log_array_low = aci.
log_array_low;
13895
break;
13896
case A_log_array_high:
13897 value->
log_array_high = aci.
log_array_high;
13898
break;
13899
default:
13900 err = -
RSBAC_EINVALIDATTR;
13901 }
13902 }
13903
break;
13904
#endif
13905
#if defined(CONFIG_RSBAC_MAC)
13906
case MAC:
13907 {
13908
struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
13909
13910
rsbac_list_get_data(nettemp_handles.mac,
13911 &tid.
nettemp,
13912 &aci);
13913
switch (attr)
13914 {
13915
case A_security_level:
13916 value->
security_level = aci.sec_level;
13917
break;
13918
case A_mac_categories:
13919 value->
mac_categories = aci.mac_categories;
13920
break;
13921
13922
default:
13923 err = -
RSBAC_EINVALIDATTR;
13924 }
13925 }
13926
break;
13927
#endif
13928
13929
#if defined(CONFIG_RSBAC_FC)
13930
case FC:
13931 {
13932
rsbac_fc_oc_t fc_oc =
RSBAC_FC_OC_ROOT_DEF;
13933
13934
rsbac_list_get_data(nettemp_handles.fc,
13935 &tid.
nettemp,
13936 &fc_oc);
13937
switch (attr)
13938 {
13939
case A_object_category:
13940 value->
object_category = fc_oc;
13941
break;
13942
13943
default:
13944 err = -
RSBAC_EINVALIDATTR;
13945 }
13946 }
13947
break;
13948
#endif
13949
13950
#if defined(CONFIG_RSBAC_SIM)
13951
case SIM:
13952 {
13953
rsbac_sim_dt_t sim_dt =
RSBAC_SIM_DT_ROOT_DEF;
13954
13955
rsbac_list_get_data(nettemp_handles.sim,
13956 &tid.
nettemp,
13957 &sim_dt);
13958
switch (attr)
13959 {
13960
case A_data_type:
13961 value->
data_type = sim_dt;
13962
break;
13963
13964
default:
13965 err = -
RSBAC_EINVALIDATTR;
13966 }
13967 }
13968
break;
13969
#endif
13970
13971
#if defined(CONFIG_RSBAC_PM)
13972
case PM:
13973 {
13974
struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
13975
13976
rsbac_list_get_data(nettemp_handles.pm,
13977 &tid.
nettemp,
13978 &aci);
13979
switch (attr)
13980 {
13981
case A_pm_object_class:
13982 value->
pm_object_class = aci.pm_object_class;
13983
break;
13984
case A_pm_ipc_purpose:
13985 value->
pm_ipc_purpose = aci.pm_ipc_purpose;
13986
break;
13987
case A_pm_object_type:
13988 value->
pm_object_type = aci.pm_object_type;
13989
break;
13990
default:
13991 err = -
RSBAC_EINVALIDATTR;
13992 }
13993 }
13994
break;
13995
#endif
13996
13997
#if defined(CONFIG_RSBAC_RC)
13998
case RC:
13999 {
14000
struct rsbac_rc_nettemp_aci_t aci = DEFAULT_RC_NETTEMP_ACI;
14001
14002
rsbac_list_get_data(nettemp_handles.rc,
14003 &tid.
nettemp,
14004 &aci);
14005
switch (attr)
14006 {
14007
case A_rc_type:
14008 value->
rc_type = aci.netobj_type;
14009
break;
14010
14011
case A_rc_type_nt:
14012 value->
rc_type = aci.nettemp_type;
14013
break;
14014
14015
default:
14016 err = -
RSBAC_EINVALIDATTR;
14017 }
14018 }
14019
break;
14020
#endif
14021
14022
default:
14023 err = -
RSBAC_EINVALIDMODULE;
14024 }
14025
return err;
14026
14027
case T_NETOBJ:
14028
14029
14030
14031
14032
14033
14034
switch(module)
14035 {
14036
#if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14037
case GEN:
14038 {
14039
struct rsbac_gen_netobj_aci_t aci =
DEFAULT_GEN_NETOBJ_ACI;
14040
rsbac_net_temp_id_t temp = 0;
14041
14042
switch (attr)
14043 {
14044
case A_local_log_array_low:
14045
case A_local_log_array_high:
14046
rsbac_net_lookup_templates(tid.
netobj,
14047 &temp,
14048
NULL);
14049
break;
14050
case A_remote_log_array_low:
14051
case A_remote_log_array_high:
14052
rsbac_net_lookup_templates(tid.
netobj,
14053
NULL,
14054 &temp);
14055
break;
14056
14057
default:
14058 err = -
RSBAC_EINVALIDATTR;
14059 }
14060
if(temp)
14061
rsbac_list_get_data(nettemp_handles.gen,
14062 &temp,
14063 &aci);
14064
switch (attr)
14065 {
14066
case A_local_log_array_low:
14067
case A_remote_log_array_low:
14068 value->
log_array_low = aci.
log_array_low;
14069
break;
14070
case A_local_log_array_high:
14071
case A_remote_log_array_high:
14072 value->
log_array_high = aci.
log_array_high;
14073
break;
14074
14075
default:
14076 err = -
RSBAC_EINVALIDATTR;
14077 }
14078 }
14079
break;
14080
#endif
14081
#if defined(CONFIG_RSBAC_MAC)
14082
case MAC:
14083 {
14084
struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
14085
14086
switch(attr)
14087 {
14088
case A_local_sec_level:
14089
case A_local_mac_categories:
14090
if(
rsbac_list_get_data(lnetobj_handles.mac,
14091 &tid.
netobj.
sock_p,
14092 &aci))
14093 {
14094
rsbac_net_temp_id_t temp = 0;
14095
14096
rsbac_net_lookup_templates(tid.
netobj,
14097 &temp,
14098
NULL);
14099
if(temp)
14100
rsbac_list_get_data(nettemp_handles.mac,
14101 &temp,
14102 &aci);
14103 }
14104
break;
14105
14106
case A_remote_sec_level:
14107
case A_remote_mac_categories:
14108
if(
rsbac_list_get_data(rnetobj_handles.mac,
14109 &tid.
netobj.
sock_p,
14110 &aci))
14111 {
14112
rsbac_net_temp_id_t temp = 0;
14113
14114
rsbac_net_lookup_templates(tid.
netobj,
14115
NULL,
14116 &temp);
14117
if(temp)
14118
rsbac_list_get_data(nettemp_handles.mac,
14119 &temp,
14120 &aci);
14121 }
14122
break;
14123
14124
default:
14125 err = -
RSBAC_EINVALIDATTR;
14126 }
14127
if(err)
14128
break;
14129
switch (attr)
14130 {
14131
case A_local_sec_level:
14132
case A_remote_sec_level:
14133 value->
security_level = aci.sec_level;
14134
break;
14135
case A_local_mac_categories:
14136
case A_remote_mac_categories:
14137 value->
mac_categories = aci.mac_categories;
14138
break;
14139
14140
default:
14141 err = -
RSBAC_EINVALIDATTR;
14142 }
14143 }
14144
break;
14145
#endif
14146
14147
#if defined(CONFIG_RSBAC_FC)
14148
case FC:
14149 {
14150
rsbac_fc_oc_t fc_oc =
RSBAC_FC_OC_ROOT_DEF;
14151
14152
switch(attr)
14153 {
14154
case A_local_object_category:
14155
if(
rsbac_list_get_data(lnetobj_handles.fc,
14156 &tid.
netobj.
sock_p,
14157 &fc_oc))
14158 {
14159
rsbac_net_temp_id_t temp = 0;
14160
14161
rsbac_net_lookup_templates(tid.
netobj,
14162 &temp,
14163
NULL);
14164
if(temp)
14165
rsbac_list_get_data(nettemp_handles.fc,
14166 &temp,
14167 &fc_oc);
14168 }
14169
break;
14170
14171
case A_remote_object_category:
14172
if(
rsbac_list_get_data(rnetobj_handles.fc,
14173 &tid.
netobj.
sock_p,
14174 &fc_oc))
14175 {
14176
rsbac_net_temp_id_t temp = 0;
14177
14178
rsbac_net_lookup_templates(tid.
netobj,
14179
NULL,
14180 &temp);
14181
if(temp)
14182
rsbac_list_get_data(nettemp_handles.fc,
14183 &temp,
14184 &fc_oc);
14185 }
14186
break;
14187
14188
default:
14189 err = -
RSBAC_EINVALIDATTR;
14190 }
14191
if(!err)
14192 value->
object_category = fc_oc;
14193 }
14194
break;
14195
#endif
14196
14197
#if defined(CONFIG_RSBAC_SIM)
14198
case SIM:
14199 {
14200
rsbac_sim_dt_t sim_dt =
RSBAC_SIM_DT_ROOT_DEF;
14201
14202
switch(attr)
14203 {
14204
case A_local_data_type:
14205
if(
rsbac_list_get_data(lnetobj_handles.sim,
14206 &tid.
netobj.
sock_p,
14207 &sim_dt))
14208 {
14209
rsbac_net_temp_id_t temp = 0;
14210
14211
rsbac_net_lookup_templates(tid.
netobj,
14212 &temp,
14213
NULL);
14214
if(temp)
14215
rsbac_list_get_data(nettemp_handles.sim,
14216 &temp,
14217 &sim_dt);
14218 }
14219
break;
14220
14221
case A_remote_data_type:
14222
if(
rsbac_list_get_data(rnetobj_handles.sim,
14223 &tid.
netobj.
sock_p,
14224 &sim_dt))
14225 {
14226
rsbac_net_temp_id_t temp = 0;
14227
14228
rsbac_net_lookup_templates(tid.
netobj,
14229
NULL,
14230 &temp);
14231
if(temp)
14232
rsbac_list_get_data(nettemp_handles.sim,
14233 &temp,
14234 &sim_dt);
14235 }
14236
break;
14237
14238
default:
14239 err = -
RSBAC_EINVALIDATTR;
14240 }
14241
if(!err)
14242 value->
data_type = sim_dt;
14243 }
14244
break;
14245
#endif
14246
14247
#if defined(CONFIG_RSBAC_PM)
14248
case PM:
14249 {
14250
struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
14251
14252
switch(attr)
14253 {
14254
case A_local_pm_object_class:
14255
case A_local_pm_ipc_purpose:
14256
case A_local_pm_object_type:
14257
if(
rsbac_list_get_data(lnetobj_handles.pm,
14258 &tid.
netobj.
sock_p,
14259 &aci))
14260 {
14261
rsbac_net_temp_id_t temp = 0;
14262
14263
rsbac_net_lookup_templates(tid.
netobj,
14264 &temp,
14265
NULL);
14266
if(temp)
14267
rsbac_list_get_data(nettemp_handles.pm,
14268 &temp,
14269 &aci);
14270 }
14271
break;
14272
14273
case A_remote_pm_object_class:
14274
case A_remote_pm_ipc_purpose:
14275
case A_remote_pm_object_type:
14276
if(
rsbac_list_get_data(rnetobj_handles.pm,
14277 &tid.
netobj.
sock_p,
14278 &aci))
14279 {
14280
rsbac_net_temp_id_t temp = 0;
14281
14282
rsbac_net_lookup_templates(tid.
netobj,
14283
NULL,
14284 &temp);
14285
if(temp)
14286
rsbac_list_get_data(nettemp_handles.pm,
14287 &temp,
14288 &aci);
14289 }
14290
break;
14291
14292
default:
14293 err = -
RSBAC_EINVALIDATTR;
14294 }
14295
if(err)
14296
break;
14297
switch (attr)
14298 {
14299
case A_local_pm_object_class:
14300
case A_remote_pm_object_class:
14301 value->
pm_object_class = aci.pm_object_class;
14302
break;
14303
case A_local_pm_ipc_purpose:
14304
case A_remote_pm_ipc_purpose:
14305 value->
pm_ipc_purpose = aci.pm_ipc_purpose;
14306
break;
14307
case A_local_pm_object_type:
14308
case A_remote_pm_object_type:
14309 value->
pm_object_type = aci.pm_object_type;
14310
break;
14311
14312
default:
14313 err = -
RSBAC_EINVALIDATTR;
14314 }
14315 }
14316
break;
14317
#endif
14318
14319
#if defined(CONFIG_RSBAC_RC)
14320
case RC:
14321 {
14322
rsbac_rc_type_id_t type =
RSBAC_RC_GENERAL_TYPE;
14323
14324
switch(attr)
14325 {
14326
case A_local_rc_type:
14327
if(
rsbac_list_get_data(lnetobj_handles.rc,
14328 &tid.
netobj.
sock_p,
14329 &type))
14330 {
14331
rsbac_net_temp_id_t temp = 0;
14332
struct rsbac_rc_nettemp_aci_t aci;
14333
14334
rsbac_net_lookup_templates(tid.
netobj,
14335 &temp,
14336
NULL);
14337
if(temp)
14338 {
14339
if(!
rsbac_list_get_data(nettemp_handles.rc,
14340 &temp,
14341 &aci))
14342 type = aci.netobj_type;
14343 }
14344 }
14345
break;
14346
14347
case A_remote_rc_type:
14348
if(
rsbac_list_get_data(rnetobj_handles.rc,
14349 &tid.
netobj.
sock_p,
14350 &type))
14351 {
14352
rsbac_net_temp_id_t temp = 0;
14353
struct rsbac_rc_nettemp_aci_t aci;
14354
14355
rsbac_net_lookup_templates(tid.
netobj,
14356
NULL,
14357 &temp);
14358
if(temp)
14359 {
14360
if(!
rsbac_list_get_data(nettemp_handles.rc,
14361 &temp,
14362 &aci))
14363 type = aci.netobj_type;
14364 }
14365 }
14366
break;
14367
14368
default:
14369 err = -
RSBAC_EINVALIDATTR;
14370 }
14371
if(!err)
14372 value->
rc_type = type;
14373 }
14374
break;
14375
#endif
14376
14377
default:
14378 err = -
RSBAC_EINVALIDMODULE;
14379 }
14380
return err;
14381
14382
#endif
14383
14384
14385
default:
14386
return(-
RSBAC_EINVALIDTARGET);
14387 }
14388
14389
return(err);
14390 };
14391
14392
14393
14394
#if defined(CONFIG_RSBAC_REG)
14395
EXPORT_SYMBOL(rsbac_set_attr);
14396
#endif
14397 int rsbac_set_attr(
enum rsbac_switch_target_t module,
14398
enum rsbac_target_t target,
14399
union rsbac_target_id_t tid,
14400
enum rsbac_attribute_t attr,
14401
union rsbac_attribute_value_t value)
14402
14403 {
14404
int err = 0;
14405
struct rsbac_device_list_item_t * device_p;
14406 u_long dflags;
14407
14408
14409
14410
14411
14412
if (!
rsbac_initialized)
14413 {
14414
#ifdef CONFIG_RSBAC_RMSG
14415
rsbac_printk(KERN_WARNING
"rsbac_set_attr(): RSBAC not initialized\n");
14416
#endif
14417
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
14418
if (!rsbac_nosyslog)
14419
#endif
14420
printk(KERN_WARNING
"rsbac_set_attr(): RSBAC not initialized\n");
14421
return(-
RSBAC_ENOTINITIALIZED);
14422 }
14423
if (in_interrupt())
14424 {
14425 printk(KERN_WARNING
"rsbac_set_attr(): called from interrupt!\n");
14426 }
14427
switch (target)
14428 {
14429
case T_FILE:
14430
case T_DIR:
14431
case T_FIFO:
14432
case T_SYMLINK:
14433
14434
14435
14436
14437
14438
14439
14440
14441 rsbac_read_lock(&
device_list_head.lock, &dflags);
14442
14443
14444
14445
14446
14447
14448
14449
14450
14451
14452 device_p =
lookup_device(tid.file.device);
14453
if (!device_p)
14454 {
14455
struct super_block * sb_p;
14456
14457 rsbac_read_unlock(&
device_list_head.lock, &dflags);
14458
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14459
sb_p = user_get_super(tid.file.device);
14460
#else
14461
sb_p = get_super(tid.file.device);
14462
#endif
14463
if(sb_p)
14464 {
14465
#ifdef CONFIG_RSBAC_RMSG
14466
rsbac_printk(KERN_INFO
14467
"rsbac_set_attr(): auto-mounting device %02u:%02u\n",
14468 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14469
#endif
14470
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
14471
if (!rsbac_nosyslog)
14472
#endif
14473
printk(KERN_INFO
14474
"rsbac_set_attr(): auto-mounting device %02u:%02u\n",
14475 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14476
rsbac_mount(sb_p,
NULL);
14477
14478 drop_super(sb_p);
14479 rsbac_read_lock(&
device_list_head.lock, &dflags);
14480 device_p =
lookup_device(tid.file.device);
14481
if (!device_p)
14482 {
14483
#ifdef CONFIG_RSBAC_RMSG
14484
rsbac_printk(KERN_WARNING
14485
"rsbac_set_attr(): unknown device %02u:%02u\n",
14486 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14487
#endif
14488
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
14489
if (!rsbac_nosyslog)
14490
#endif
14491
printk(KERN_WARNING
14492
"rsbac_set_attr(): unknown device %02u:%02u\n",
14493 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14494 rsbac_read_unlock(&
device_list_head.lock, &dflags);
14495
return -
RSBAC_EINVALIDDEV;
14496 }
14497 }
14498
else
14499
return -
RSBAC_EINVALIDDEV;
14500 }
14501
switch(module)
14502 {
14503
case GEN:
14504 {
14505
struct rsbac_gen_fd_aci_t aci =
DEFAULT_GEN_FD_ACI;
14506
14507
rsbac_list_get_data(device_p->handles.gen[
gen_fd_hash(tid.file.inode)],
14508 &tid.file.inode,
14509 &aci);
14510
switch (attr)
14511 {
14512
case A_log_array_low:
14513 aci.
log_array_low = value.
log_array_low;
14514
break;
14515
case A_log_array_high:
14516 aci.
log_array_high = value.
log_array_high;
14517
break;
14518
case A_log_program_based:
14519 aci.
log_program_based = value.
log_program_based;
14520
break;
14521
case A_symlink_add_uid:
14522 aci.
symlink_add_uid = value.
symlink_add_uid;
14523
break;
14524
case A_symlink_add_mac_level:
14525 aci.
symlink_add_mac_level = value.
symlink_add_mac_level;
14526
break;
14527
case A_symlink_add_rc_role:
14528 aci.
symlink_add_rc_role = value.
symlink_add_rc_role;
14529
break;
14530
case A_linux_dac_disable:
14531 aci.
linux_dac_disable = value.
linux_dac_disable;
14532
break;
14533
case A_fake_root_uid:
14534 aci.
fake_root_uid = value.
fake_root_uid;
14535
break;
14536
default:
14537 err = -
RSBAC_EINVALIDATTR;
14538 }
14539
if(!err)
14540 {
14541 err =
rsbac_list_add(device_p->handles.gen[
gen_fd_hash(tid.file.inode)],
14542 &tid.file.inode,
14543 &aci);
14544 }
14545 }
14546
break;
14547
14548
#if defined(CONFIG_RSBAC_MAC)
14549
case MAC:
14550 {
14551
struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
14552
14553
rsbac_list_get_data(device_p->handles.mac[mac_fd_hash(tid.file.inode)],
14554 &tid.file.inode,
14555 &aci);
14556
switch (attr)
14557 {
14558
case A_security_level:
14559 aci.sec_level = value.
security_level;
14560
break;
14561
case A_mac_categories:
14562 aci.mac_categories = value.
mac_categories;
14563
break;
14564
case A_mac_auto:
14565 aci.mac_auto = value.
mac_auto;
14566
break;
14567
case A_mac_prop_trusted:
14568 aci.mac_prop_trusted = value.
mac_prop_trusted;
14569
break;
14570
case A_mac_file_flags:
14571 aci.mac_file_flags = value.
mac_file_flags &
RSBAC_MAC_F_FLAGS;
14572
break;
14573
14574
default:
14575 err = -
RSBAC_EINVALIDATTR;
14576 }
14577
if(!err)
14578 {
14579 err =
rsbac_list_add(device_p->handles.mac[mac_fd_hash(tid.file.inode)],
14580 &tid.file.inode,
14581 &aci);
14582 }
14583 }
14584
break;
14585
#endif
14586
14587
#if defined(CONFIG_RSBAC_FC)
14588
case FC:
14589 {
14590
switch (attr)
14591 {
14592
case A_object_category:
14593 err =
rsbac_list_add(device_p->handles.fc[fc_fd_hash(tid.file.inode)],
14594 &tid.file.inode,
14595 &value.
object_category);
14596
break;
14597
14598
default:
14599 err = -
RSBAC_EINVALIDATTR;
14600 }
14601 }
14602
break;
14603
#endif
14604
14605
#if defined(CONFIG_RSBAC_SIM)
14606
case SIM:
14607 {
14608
switch (attr)
14609 {
14610
case A_data_type:
14611 err =
rsbac_list_add(device_p->handles.sim[sim_fd_hash(tid.file.inode)],
14612 &tid.file.inode,
14613 &value.
data_type);
14614
break;
14615
14616
default:
14617 err = -
RSBAC_EINVALIDATTR;
14618 }
14619 }
14620
break;
14621
#endif
14622
14623
#if defined(CONFIG_RSBAC_PM)
14624
case PM:
14625 {
14626
struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
14627
14628
rsbac_list_get_data(device_p->handles.pm[pm_fd_hash(tid.file.inode)],
14629 &tid.file.inode,
14630 &aci);
14631
switch (attr)
14632 {
14633
case A_pm_object_class:
14634 aci.pm_object_class = value.
pm_object_class;
14635
break;
14636
case A_pm_tp:
14637 aci.pm_tp = value.
pm_tp;
14638
break;
14639
case A_pm_object_type:
14640 aci.pm_object_type = value.
pm_object_type;
14641
break;
14642
default:
14643 err = -
RSBAC_EINVALIDATTR;
14644 }
14645
if(!err)
14646 {
14647 err =
rsbac_list_add(device_p->handles.pm[pm_fd_hash(tid.file.inode)],
14648 &tid.file.inode,
14649 &aci);
14650 }
14651 }
14652
break;
14653
#endif
14654
14655
#if defined(CONFIG_RSBAC_DAZ)
14656
case DAZ:
14657 {
14658
#if defined(CONFIG_RSBAC_DAZ_CACHE)
14659
if(attr ==
A_daz_scanned)
14660 {
14661 err =
rsbac_list_add_ttl(device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)],
14662 CONFIG_RSBAC_DAZ_TTL,
14663 &tid.file.inode,
14664 &value.
daz_scanned);
14665 }
14666
else
14667
#endif
14668
{
14669
struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI;
14670
14671
rsbac_list_get_data(device_p->handles.daz[daz_fd_hash(tid.file.inode)],
14672 &tid.file.inode,
14673 &aci);
14674
switch (attr)
14675 {
14676
case A_daz_scanner:
14677 aci.daz_scanner = value.
daz_scanner;
14678
break;
14679
default:
14680 err = -
RSBAC_EINVALIDATTR;
14681 }
14682
if(!err)
14683 {
14684 err =
rsbac_list_add(device_p->handles.daz[daz_fd_hash(tid.file.inode)],
14685 &tid.file.inode,
14686 &aci);
14687 }
14688 }
14689 }
14690
break;
14691
#endif
14692
14693
#if defined(CONFIG_RSBAC_FF)
14694
case FF:
14695 {
14696
switch (attr)
14697 {
14698
case A_ff_flags:
14699 err =
rsbac_list_add(device_p->handles.ff[ff_fd_hash(tid.file.inode)],
14700 &tid.file.inode,
14701 &value.
ff_flags);
14702
break;
14703
14704
default:
14705 err = -
RSBAC_EINVALIDATTR;
14706 }
14707 }
14708
break;
14709
#endif
14710
14711
#if defined(CONFIG_RSBAC_RC)
14712
case RC:
14713 {
14714
struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
14715
14716
rsbac_list_get_data(device_p->handles.rc[rc_fd_hash(tid.file.inode)],
14717 &tid.file.inode,
14718 &aci);
14719
switch (attr)
14720 {
14721
case A_rc_type_fd:
14722 aci.rc_type_fd = value.
rc_type_fd;
14723
break;
14724
case A_rc_force_role:
14725 aci.rc_force_role = value.
rc_force_role;
14726
break;
14727
case A_rc_initial_role:
14728 aci.rc_initial_role = value.
rc_initial_role;
14729
break;
14730
14731
default:
14732 err = -
RSBAC_EINVALIDATTR;
14733 }
14734
if(!err)
14735 {
14736 err =
rsbac_list_add(device_p->handles.rc[rc_fd_hash(tid.file.inode)],
14737 &tid.file.inode,
14738 &aci);
14739 }
14740 }
14741
break;
14742
#endif
14743
14744
#if defined(CONFIG_RSBAC_AUTH)
14745
case AUTH:
14746 {
14747
struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI;
14748
14749
rsbac_list_get_data(device_p->handles.auth[auth_fd_hash(tid.file.inode)],
14750 &tid.file.inode,
14751 &aci);
14752
switch (attr)
14753 {
14754
case A_auth_may_setuid:
14755 aci.auth_may_setuid = value.
auth_may_setuid;
14756
break;
14757
case A_auth_may_set_cap:
14758 aci.auth_may_set_cap = value.
auth_may_set_cap;
14759
break;
14760
case A_auth_learn:
14761 aci.auth_learn = value.
auth_learn;
14762
break;
14763
default:
14764 err = -
RSBAC_EINVALIDATTR;
14765 }
14766
if(!err)
14767 {
14768 err =
rsbac_list_add(device_p->handles.auth[auth_fd_hash(tid.file.inode)],
14769 &tid.file.inode,
14770 &aci);
14771 }
14772 }
14773
break;
14774
#endif
14775
14776
#if defined(CONFIG_RSBAC_CAP)
14777
case CAP:
14778 {
14779
struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
14780
14781
rsbac_list_get_data(device_p->handles.cap[cap_fd_hash(tid.file.inode)],
14782 &tid.file.inode,
14783 &aci);
14784
switch (attr)
14785 {
14786
case A_min_caps:
14787 aci.min_caps = value.
min_caps;
14788
break;
14789
case A_max_caps:
14790 aci.max_caps = value.
max_caps;
14791
break;
14792
default:
14793 err = -
RSBAC_EINVALIDATTR;
14794 }
14795
if(!err)
14796 {
14797 err =
rsbac_list_add(device_p->handles.cap[cap_fd_hash(tid.file.inode)],
14798 &tid.file.inode,
14799 &aci);
14800 }
14801 }
14802
break;
14803
#endif
14804
14805
#if defined(CONFIG_RSBAC_RES)
14806
case RES:
14807 {
14808
struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
14809
14810
rsbac_list_get_data(device_p->handles.res[res_fd_hash(tid.file.inode)],
14811 &tid.file.inode,
14812 &aci);
14813
switch (attr)
14814 {
14815
case A_res_min:
14816 memcpy(&aci.res_min, &value.
res_array,
sizeof(aci.res_min));
14817
break;
14818
case A_res_max:
14819 memcpy(&aci.res_max, &value.
res_array,
sizeof(aci.res_max));
14820
break;
14821
default:
14822 err = -
RSBAC_EINVALIDATTR;
14823 }
14824
if(!err)
14825 {
14826
struct rsbac_res_fd_aci_t def_aci = DEFAULT_RES_FD_ACI;
14827
14828
if(memcmp(&aci, &def_aci,
sizeof(aci)))
14829 err =
rsbac_list_add(device_p->handles.res[res_fd_hash(tid.file.inode)],
14830 &tid.file.inode,
14831 &aci);
14832 }
14833 }
14834
break;
14835
#endif
14836
14837
#if defined(CONFIG_RSBAC_PAX)
14838
case PAX:
14839 {
14840
switch (attr)
14841 {
14842
case A_pax_flags:
14843 value.
pax_flags &=
RSBAC_PAX_ALL_FLAGS;
14844 err =
rsbac_list_add(device_p->handles.pax[pax_fd_hash(tid.file.inode)],
14845 &tid.file.inode,
14846 &value.
data_type);
14847
break;
14848
14849
default:
14850 err = -
RSBAC_EINVALIDATTR;
14851 }
14852 }
14853
break;
14854
#endif
14855
14856
default:
14857 err = -
RSBAC_EINVALIDMODULE;
14858 }
14859
14860 rsbac_read_unlock(&
device_list_head.lock, &dflags);
14861
14862
break;
14863
14864
case T_DEV:
14865
14866
14867
14868
14869
14870
14871
14872
switch(module)
14873 {
14874
case GEN:
14875 {
14876
struct rsbac_gen_dev_aci_t aci =
DEFAULT_GEN_DEV_ACI;
14877
struct rsbac_dev_desc_t dev_desc;
14878
14879 dev_desc.type = tid.dev.type;
14880 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
14881 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
14882
14883
rsbac_list_get_data(
dev_handles.gen,
14884 &dev_desc,
14885 &aci);
14886
switch (attr)
14887 {
14888
case A_log_array_low:
14889 aci.
log_array_low = value.
log_array_low;
14890
break;
14891
case A_log_array_high:
14892 aci.
log_array_high = value.
log_array_high;
14893
break;
14894
default:
14895 err = -
RSBAC_EINVALIDATTR;
14896 }
14897
if(!err)
14898 {
14899 err =
rsbac_list_add(
dev_handles.gen,
14900 &dev_desc,
14901 &aci);
14902 }
14903 }
14904
break;
14905
14906
#if defined(CONFIG_RSBAC_MAC)
14907
case MAC:
14908 {
14909
struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI;
14910
struct rsbac_dev_desc_t dev_desc;
14911
14912 dev_desc.type = tid.dev.type;
14913 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
14914 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
14915
14916
rsbac_list_get_data(
dev_handles.mac,
14917 &dev_desc,
14918 &aci);
14919
switch (attr)
14920 {
14921
case A_security_level:
14922 aci.sec_level = value.
security_level;
14923
break;
14924
case A_mac_categories:
14925 aci.mac_categories = value.
mac_categories;
14926
break;
14927
case A_mac_check:
14928 aci.mac_check = value.
mac_check;
14929
break;
14930
default:
14931 err = -
RSBAC_EINVALIDATTR;
14932 }
14933
if(!err)
14934 {
14935 err =
rsbac_list_add(
dev_handles.mac,
14936 &dev_desc,
14937 &aci);
14938 }
14939 }
14940
break;
14941
#endif
14942
14943
#if defined(CONFIG_RSBAC_FC)
14944
case FC:
14945 {
14946
rsbac_fc_oc_t fc_oc = value.
object_category;
14947
struct rsbac_dev_desc_t dev_desc;
14948
14949 dev_desc.type = tid.dev.type;
14950 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
14951 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
14952
14953
switch (attr)
14954 {
14955
case A_object_category:
14956 err =
rsbac_list_add(
dev_handles.fc,
14957 &dev_desc,
14958 &fc_oc);
14959
break;
14960
default:
14961 err = -
RSBAC_EINVALIDATTR;
14962 }
14963 }
14964
break;
14965
#endif
14966
14967
#if defined(CONFIG_RSBAC_SIM)
14968
case SIM:
14969 {
14970
rsbac_sim_dt_t sim_dt = value.
data_type;
14971
struct rsbac_dev_desc_t dev_desc;
14972
14973 dev_desc.type = tid.dev.type;
14974 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
14975 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
14976
14977
switch (attr)
14978 {
14979
case A_data_type:
14980 err =
rsbac_list_add(
dev_handles.sim,
14981 &dev_desc,
14982 &sim_dt);
14983
break;
14984
default:
14985 err = -
RSBAC_EINVALIDATTR;
14986 }
14987 }
14988
break;
14989
#endif
14990
14991
#if defined(CONFIG_RSBAC_PM)
14992
case PM:
14993 {
14994
struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
14995
struct rsbac_dev_desc_t dev_desc;
14996
14997 dev_desc.type = tid.dev.type;
14998 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
14999 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
15000
15001
rsbac_list_get_data(
dev_handles.pm,
15002 &dev_desc,
15003 &aci);
15004
switch (attr)
15005 {
15006
case A_pm_object_type:
15007 aci.pm_object_type = value.
pm_object_type;
15008
break;
15009
case A_pm_object_class:
15010 aci.pm_object_class = value.
pm_object_class;
15011
break;
15012
default:
15013 err = -
RSBAC_EINVALIDATTR;
15014 }
15015
if(!err)
15016 {
15017 err =
rsbac_list_add(
dev_handles.pm,
15018 &dev_desc,
15019 &aci);
15020 }
15021 }
15022
break;
15023
#endif
15024
15025
#if defined(CONFIG_RSBAC_RC)
15026
case RC:
15027 {
15028
rsbac_rc_type_id_t type = value.
rc_type;
15029
struct rsbac_dev_desc_t dev_desc;
15030
15031 dev_desc.type = tid.dev.type;
15032 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
15033 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
15034
15035
switch (attr)
15036 {
15037
case A_rc_type:
15038 err =
rsbac_list_add(
dev_handles.rc,
15039 &dev_desc,
15040 &type);
15041
break;
15042
default:
15043 err = -
RSBAC_EINVALIDATTR;
15044 }
15045 }
15046
break;
15047
#endif
15048
15049
default:
15050 err = -
RSBAC_EINVALIDMODULE;
15051 }
15052
15053
break;
15054
15055
case T_IPC:
15056
15057
15058
15059
15060
15061
15062
switch(module)
15063 {
15064
#if defined(CONFIG_RSBAC_MAC)
15065
case MAC:
15066 {
15067
struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI;
15068
15069
rsbac_list_get_data(
ipc_handles.mac,
15070 &tid.
ipc,
15071 &aci);
15072
switch (attr)
15073 {
15074
case A_security_level:
15075 aci.sec_level = value.
security_level;
15076
break;
15077
case A_mac_categories:
15078 aci.mac_categories = value.
mac_categories;
15079
break;
15080
default:
15081 err = -
RSBAC_EINVALIDATTR;
15082 }
15083
if(!err)
15084 {
15085 err =
rsbac_list_add(
ipc_handles.mac,
15086 &tid.
ipc,
15087 &aci);
15088 }
15089 }
15090
break;
15091
#endif
15092
15093
#if defined(CONFIG_RSBAC_FC)
15094
case FC:
15095 {
15096
rsbac_fc_oc_t fc_oc = value.
object_category;
15097
15098
switch (attr)
15099 {
15100
case A_object_category:
15101 err =
rsbac_list_add(
ipc_handles.fc,
15102 &tid.
ipc,
15103 &fc_oc);
15104
break;
15105
default:
15106 err = -
RSBAC_EINVALIDATTR;
15107 }
15108 }
15109
break;
15110
#endif
15111
15112
#if defined(CONFIG_RSBAC_SIM)
15113
case SIM:
15114 {
15115
rsbac_sim_dt_t sim_dt = value.
data_type;
15116
15117
switch (attr)
15118 {
15119
case A_data_type:
15120 err =
rsbac_list_add(
ipc_handles.sim,
15121 &tid.
ipc,
15122 &sim_dt);
15123
break;
15124
default:
15125 err = -
RSBAC_EINVALIDATTR;
15126 }
15127 }
15128
break;
15129
#endif
15130
15131
#if defined(CONFIG_RSBAC_PM)
15132
case PM:
15133 {
15134
struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
15135
15136
rsbac_list_get_data(
ipc_handles.pm,
15137 &tid.
ipc,
15138 &aci);
15139
switch (attr)
15140 {
15141
case A_pm_object_type:
15142 aci.pm_object_type = value.
pm_object_type;
15143
break;
15144
case A_pm_ipc_purpose:
15145 aci.pm_ipc_purpose = value.
pm_ipc_purpose;
15146
break;
15147
case A_pm_object_class:
15148 aci.pm_object_class = value.
pm_object_class;
15149
break;
15150
default:
15151 err = -
RSBAC_EINVALIDATTR;
15152 }
15153
if(!err)
15154 {
15155 err =
rsbac_list_add(
ipc_handles.pm,
15156 &tid.
ipc,
15157 &aci);
15158 }
15159 }
15160
break;
15161
#endif
15162
15163
#if defined(CONFIG_RSBAC_RC)
15164
case RC:
15165 {
15166
rsbac_rc_type_id_t type = value.
rc_type;
15167
15168
switch (attr)
15169 {
15170
case A_rc_type:
15171 err =
rsbac_list_add(
ipc_handles.rc,
15172 &tid.
ipc,
15173 &type);
15174
break;
15175
default:
15176 err = -
RSBAC_EINVALIDATTR;
15177 }
15178 }
15179
break;
15180
#endif
15181
15182
#if defined(CONFIG_RSBAC_JAIL)
15183
case JAIL:
15184 {
15185
rsbac_jail_id_t id = value.
jail_id;
15186
15187
switch (attr)
15188 {
15189
case A_jail_id:
15190
15191
15192
15193
15194
15195
15196
15197
15198 err =
rsbac_list_add(
ipc_handles.jail,
15199 &tid.
ipc,
15200 &
id);
15201
break;
15202
default:
15203 err = -
RSBAC_EINVALIDATTR;
15204 }
15205 }
15206
break;
15207
#endif
15208
15209
default:
15210 err = -
RSBAC_EINVALIDMODULE;
15211 }
15212
15213
break;
15214
15215
case T_USER:
15216
#ifdef CONFIG_RSBAC_DEBUG
15217
15218
15219
15220
15221
15222
15223
#endif
15224
switch(module)
15225 {
15226
case GEN:
15227 {
15228
struct rsbac_gen_user_aci_t aci =
DEFAULT_GEN_U_ACI;
15229
15230
rsbac_list_get_data(
user_handles.gen,
15231 &tid.
user,
15232 &aci);
15233
switch (attr)
15234 {
15235
case A_pseudo:
15236 aci.
pseudo = value.
pseudo;
15237
break;
15238
case A_log_user_based:
15239 aci.
log_user_based = value.
log_user_based;
15240
break;
15241
default:
15242 err = -
RSBAC_EINVALIDATTR;
15243 }
15244
if(!err)
15245 {
15246 err =
rsbac_list_add(
user_handles.gen,
15247 &tid.
user,
15248 &aci);
15249 }
15250 }
15251
break;
15252
15253
#if defined(CONFIG_RSBAC_MAC)
15254
case MAC:
15255 {
15256
struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI;
15257
15258
rsbac_list_get_data(
user_handles.mac,
15259 &tid.
user,
15260 &aci);
15261
switch (attr)
15262 {
15263
case A_security_level:
15264
if(value.
security_level < aci.min_security_level)
15265 err = -
RSBAC_EINVALIDVALUE;
15266
else
15267 aci.security_level = value.
security_level;
15268
break;
15269
case A_initial_security_level:
15270
if( (value.
security_level < aci.min_security_level)
15271 || (value.
security_level > aci.security_level)
15272 )
15273 err = -
RSBAC_EINVALIDVALUE;
15274
else
15275 aci.initial_security_level = value.
security_level;
15276
break;
15277
case A_min_security_level:
15278
if(value.
security_level > aci.security_level)
15279 err = -
RSBAC_EINVALIDVALUE;
15280
else
15281 aci.min_security_level = value.
security_level;
15282
break;
15283
case A_mac_categories:
15284
if((value.
mac_categories & aci.mac_min_categories) != aci.mac_min_categories)
15285 err = -
RSBAC_EINVALIDVALUE;
15286
else
15287 aci.mac_categories = value.
mac_categories;
15288
break;
15289
case A_mac_initial_categories:
15290
if( ((value.
mac_categories & aci.mac_min_categories) != aci.mac_min_categories)
15291 || ((value.
mac_categories & aci.mac_categories) != value.
mac_categories)
15292 )
15293 err = -
RSBAC_EINVALIDVALUE;
15294
else
15295 aci.mac_initial_categories = value.
mac_categories;
15296
break;
15297
case A_mac_min_categories:
15298
if((value.
mac_categories & aci.mac_categories) != value.
mac_categories)
15299 err = -
RSBAC_EINVALIDVALUE;
15300
else
15301 aci.mac_min_categories = value.
mac_categories;
15302
break;
15303
case A_system_role:
15304
case A_mac_role:
15305 aci.system_role = value.
system_role;
15306
break;
15307
case A_mac_user_flags:
15308 aci.mac_user_flags = value.
mac_user_flags &
RSBAC_MAC_U_FLAGS;
15309
break;
15310
default:
15311 err = -
RSBAC_EINVALIDATTR;
15312 }
15313
if(!err)
15314 {
15315 err =
rsbac_list_add(
user_handles.mac,
15316 &tid.
user,
15317 &aci);
15318 }
15319 }
15320
break;
15321
#endif
15322
15323
#if defined(CONFIG_RSBAC_FC)
15324
case FC:
15325 {
15326
rsbac_system_role_int_t role = value.
system_role;
15327
15328
switch (attr)
15329 {
15330
case A_system_role:
15331
case A_fc_role:
15332 err =
rsbac_list_add(
user_handles.fc,
15333 &tid.
user,
15334 &role);
15335
break;
15336
default:
15337 err = -
RSBAC_EINVALIDATTR;
15338 }
15339 }
15340
break;
15341
#endif
15342
15343
#if defined(CONFIG_RSBAC_SIM)
15344
case SIM:
15345 {
15346
rsbac_system_role_int_t role = value.
system_role;
15347
15348
switch (attr)
15349 {
15350
case A_system_role:
15351
case A_sim_role:
15352 err =
rsbac_list_add(
user_handles.sim,
15353 &tid.
user,
15354 &role);
15355
break;
15356
default:
15357 err = -
RSBAC_EINVALIDATTR;
15358 }
15359 }
15360
break;
15361
#endif
15362
15363
#if defined(CONFIG_RSBAC_PM)
15364
case PM:
15365 {
15366
struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
15367
15368
rsbac_list_get_data(
user_handles.pm,
15369 &tid.
user,
15370 &aci);
15371
switch (attr)
15372 {
15373
case A_pm_task_set:
15374 aci.pm_task_set = value.
pm_task_set;
15375
break;
15376
case A_pm_role:
15377 aci.pm_role = value.
pm_role;
15378
break;
15379
default:
15380 err = -
RSBAC_EINVALIDATTR;
15381 }
15382
if(!err)
15383 {
15384 err =
rsbac_list_add(
user_handles.pm,
15385 &tid.
user,
15386 &aci);
15387 }
15388 }
15389
break;
15390
#endif
15391
15392
#if defined(CONFIG_RSBAC_DAZ)
15393
case DAZ:
15394 {
15395
rsbac_system_role_int_t role = value.
system_role;
15396
15397
switch (attr)
15398 {
15399
case A_system_role:
15400
case A_daz_role:
15401 err =
rsbac_list_add(
user_handles.daz,
15402 &tid.
user,
15403 &role);
15404
break;
15405
default:
15406 err = -
RSBAC_EINVALIDATTR;
15407 }
15408 }
15409
break;
15410
#endif
15411
15412
#if defined(CONFIG_RSBAC_FF)
15413
case FF:
15414 {
15415
rsbac_system_role_int_t role = value.
system_role;
15416
15417
switch (attr)
15418 {
15419
case A_system_role:
15420
case A_ff_role:
15421 err =
rsbac_list_add(
user_handles.ff,
15422 &tid.
user,
15423 &role);
15424
break;
15425
default:
15426 err = -
RSBAC_EINVALIDATTR;
15427 }
15428 }
15429
break;
15430
#endif
15431
15432
#if defined(CONFIG_RSBAC_RC)
15433
case RC:
15434 {
15435
struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
15436
15437
rsbac_list_get_data(
user_handles.rc,
15438 &tid.
user,
15439 &aci);
15440
switch (attr)
15441 {
15442
case A_rc_def_role:
15443 aci.rc_role = value.
rc_def_role;
15444
break;
15445
case A_rc_type:
15446 aci.rc_type = value.
rc_type;
15447
break;
15448
default:
15449 err = -
RSBAC_EINVALIDATTR;
15450 }
15451
if(!err)
15452 {
15453 err =
rsbac_list_add(
user_handles.rc,
15454 &tid.
user,
15455 &aci);
15456 }
15457 }
15458
break;
15459
#endif
15460
15461
#if defined(CONFIG_RSBAC_AUTH)
15462
case AUTH:
15463 {
15464
rsbac_system_role_int_t role = value.
system_role;
15465
15466
switch (attr)
15467 {
15468
case A_system_role:
15469
case A_auth_role:
15470 err =
rsbac_list_add(
user_handles.auth,
15471 &tid.
user,
15472 &role);
15473
break;
15474
default:
15475 err = -
RSBAC_EINVALIDATTR;
15476 }
15477 }
15478
break;
15479
#endif
15480
15481
#if defined(CONFIG_RSBAC_CAP)
15482
case CAP:
15483 {
15484
struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI;
15485
15486
rsbac_list_get_data(
user_handles.cap,
15487 &tid.
user,
15488 &aci);
15489
switch (attr)
15490 {
15491
case A_system_role:
15492
case A_cap_role:
15493 aci.cap_role = value.
system_role;
15494
break;
15495
case A_min_caps:
15496 aci.min_caps = value.
min_caps;
15497
break;
15498
case A_max_caps:
15499 aci.max_caps = value.
max_caps;
15500
break;
15501
default:
15502 err = -
RSBAC_EINVALIDATTR;
15503 }
15504
if(!err)
15505 {
15506 err =
rsbac_list_add(
user_handles.cap,
15507 &tid.
user,
15508 &aci);
15509 }
15510 }
15511
break;
15512
#endif
15513
15514
#if defined(CONFIG_RSBAC_JAIL)
15515
case JAIL:
15516 {
15517
rsbac_system_role_int_t role = value.
system_role;
15518
15519
switch (attr)
15520 {
15521
case A_system_role:
15522
case A_jail_role:
15523 err =
rsbac_list_add(
user_handles.jail,
15524 &tid.
user,
15525 &role);
15526
break;
15527
default:
15528 err = -
RSBAC_EINVALIDATTR;
15529 }
15530 }
15531
break;
15532
#endif
15533
15534
#if defined(CONFIG_RSBAC_RES)
15535
case RES:
15536 {
15537
struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI;
15538
15539
rsbac_list_get_data(
user_handles.res,
15540 &tid.
user,
15541 &aci);
15542
switch (attr)
15543 {
15544
case A_system_role:
15545
case A_res_role:
15546 aci.res_role = value.
system_role;
15547
break;
15548
case A_res_min:
15549 memcpy(&aci.res_min, &value.
res_array,
sizeof(aci.res_min));
15550
break;
15551
case A_res_max:
15552 memcpy(&aci.res_max, &value.
res_array,
sizeof(aci.res_max));
15553
break;
15554
default:
15555 err = -
RSBAC_EINVALIDATTR;
15556 }
15557
if(!err)
15558 {
15559
struct rsbac_res_user_aci_t def_aci = DEFAULT_RES_U_ACI;
15560
15561
if(tid.
user !=
RSBAC_ALL_USERS)
15562 {
15563
rsbac_uid_t all_users =
RSBAC_ALL_USERS;
15564
15565
rsbac_list_get_data(
user_handles.res,
15566 &all_users,
15567 &def_aci);
15568 }
15569
if(memcmp(&aci, &def_aci,
sizeof(aci)))
15570 err =
rsbac_list_add(
user_handles.res,
15571 &tid.
user,
15572 &aci);
15573
else
15574 err =
rsbac_list_remove(
user_handles.res,
15575 &tid.
user);
15576 }
15577 }
15578
break;
15579
#endif
15580
15581
#if defined(CONFIG_RSBAC_PAX)
15582
case PAX:
15583 {
15584
rsbac_system_role_int_t role = value.
system_role;
15585
15586
switch (attr)
15587 {
15588
case A_system_role:
15589
case A_pax_role:
15590 err =
rsbac_list_add(
user_handles.pax,
15591 &tid.
user,
15592 &role);
15593
break;
15594
default:
15595 err = -
RSBAC_EINVALIDATTR;
15596 }
15597 }
15598
break;
15599
#endif
15600
15601
default:
15602 err = -
RSBAC_EINVALIDMODULE;
15603 }
15604
15605
break;
15606
15607
case T_PROCESS:
15608
15609
15610
15611
15612
15613
15614
15615
if (!tid.
process)
15616 {
15617
#ifdef CONFIG_RSBAC_RMSG
15618
rsbac_printk(KERN_WARNING
15619
"rsbac_set_attr(): Trying to set attribute for process 0!\n");
15620
#endif
15621
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
15622
if (!rsbac_nosyslog)
15623
#endif
15624
printk(KERN_WARNING
15625
"rsbac_set_attr(): Trying to set attribute for process 0!\n");
15626
return -
RSBAC_EINVALIDTARGET;
15627 }
15628
switch(module)
15629 {
15630
case GEN:
15631 {
15632
struct rsbac_gen_process_aci_t aci =
DEFAULT_GEN_P_ACI;
15633
15634
rsbac_list_get_data(
process_handles.gen,
15635 &tid.
process,
15636 &aci);
15637
switch (attr)
15638 {
15639
case A_log_program_based:
15640 aci.
log_program_based = value.
log_program_based;
15641
break;
15642
case A_fake_root_uid:
15643 aci.
fake_root_uid = value.
fake_root_uid;
15644
break;
15645
default:
15646 err = -
RSBAC_EINVALIDATTR;
15647 }
15648
if(!err)
15649 {
15650 err =
rsbac_list_add(
process_handles.gen,
15651 &tid.
process,
15652 &aci);
15653 }
15654 }
15655
break;
15656
15657
#if defined(CONFIG_RSBAC_MAC)
15658
case MAC:
15659 {
15660
struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI;
15661
15662
rsbac_list_get_data(
process_handles.mac[mac_p_hash(tid.
process)],
15663 &tid.
process,
15664 &aci);
15665
switch (attr)
15666 {
15667
case A_security_level:
15668 aci.owner_sec_level = value.
security_level;
15669
break;
15670
case A_initial_security_level:
15671 aci.owner_initial_sec_level = value.
security_level;
15672
break;
15673
case A_min_security_level:
15674 aci.owner_min_sec_level = value.
security_level;
15675
break;
15676
case A_mac_categories:
15677 aci.mac_owner_categories = value.
mac_categories;
15678
break;
15679
case A_mac_initial_categories:
15680 aci.mac_owner_initial_categories = value.
mac_categories;
15681
break;
15682
case A_mac_min_categories:
15683 aci.mac_owner_min_categories = value.
mac_categories;
15684
break;
15685
case A_current_sec_level:
15686 aci.current_sec_level = value.
current_sec_level;
15687
break;
15688
case A_mac_curr_categories:
15689 aci.mac_curr_categories = value.
mac_categories;
15690
break;
15691
case A_min_write_open:
15692 aci.min_write_open = value.
min_write_open;
15693
break;
15694
case A_min_write_categories:
15695 aci.min_write_categories = value.
mac_categories;
15696
break;
15697
case A_max_read_open:
15698 aci.max_read_open = value.
max_read_open;
15699
break;
15700
case A_max_read_categories:
15701 aci.max_read_categories = value.
mac_categories;
15702
break;
15703
case A_mac_process_flags:
15704 aci.mac_process_flags = value.
mac_process_flags &
RSBAC_MAC_P_FLAGS;
15705
break;
15706
case A_mac_auto:
15707
if(value.
mac_auto)
15708 aci.mac_process_flags |=
MAC_auto;
15709
else
15710 aci.mac_process_flags &= ~
MAC_auto;
15711
break;
15712
default:
15713 err = -
RSBAC_EINVALIDATTR;
15714 }
15715
if(!err)
15716 {
15717 err =
rsbac_list_add(
process_handles.mac[mac_p_hash(tid.
process)],
15718 &tid.
process,
15719 &aci);
15720 }
15721 }
15722
break;
15723
#endif
15724
15725
#if defined(CONFIG_RSBAC_PM)
15726
case PM:
15727 {
15728
struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI;
15729
15730
rsbac_list_get_data(
process_handles.pm,
15731 &tid.
process,
15732 &aci);
15733
switch (attr)
15734 {
15735
case A_pm_tp:
15736 aci.pm_tp = value.
pm_tp;
15737
break;
15738
case A_pm_current_task:
15739 aci.pm_current_task = value.
pm_current_task;
15740
break;
15741
case A_pm_process_type:
15742 aci.pm_process_type = value.
pm_process_type;
15743
break;
15744
default:
15745 err = -
RSBAC_EINVALIDATTR;
15746 }
15747
if(!err)
15748 {
15749 err =
rsbac_list_add(
process_handles.pm,
15750 &tid.
process,
15751 &aci);
15752 }
15753 }
15754
break;
15755
#endif
15756
15757
#if defined(CONFIG_RSBAC_DAZ)
15758
case DAZ:
15759 {
15760
struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI;
15761
15762
rsbac_list_get_data(
process_handles.daz,
15763 &tid.
process,
15764 &aci);
15765
switch (attr)
15766 {
15767
case A_daz_scanner:
15768 aci.daz_scanner = value.
daz_scanner;
15769
break;
15770
default:
15771 err = -
RSBAC_EINVALIDATTR;
15772 }
15773
if(!err)
15774 {
15775 err =
rsbac_list_add(
process_handles.daz,
15776 &tid.
process,
15777 &aci);
15778 }
15779 }
15780
break;
15781
#endif
15782
15783
#if defined(CONFIG_RSBAC_RC)
15784
case RC:
15785 {
15786
struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI;
15787
15788
rsbac_list_get_data(
process_handles.rc[rc_p_hash(tid.
process)],
15789 &tid.
process,
15790 &aci);
15791
switch (attr)
15792 {
15793
case A_rc_role:
15794 aci.rc_role = value.
rc_role;
15795
break;
15796
case A_rc_type:
15797 aci.rc_type = value.
rc_type;
15798
break;
15799
case A_rc_force_role:
15800 aci.rc_force_role = value.
rc_force_role;
15801
break;
15802
default:
15803 err = -
RSBAC_EINVALIDATTR;
15804 }
15805
if(!err)
15806 {
15807 err =
rsbac_list_add(
process_handles.rc[rc_p_hash(tid.
process)],
15808 &tid.
process,
15809 &aci);
15810 }
15811 }
15812
break;
15813
#endif
15814
15815
#if defined(CONFIG_RSBAC_AUTH)
15816
case AUTH:
15817 {
15818
struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI;
15819
15820
rsbac_list_get_data(
process_handles.auth,
15821 &tid.
process,
15822 &aci);
15823
switch (attr)
15824 {
15825
case A_auth_may_setuid:
15826 aci.auth_may_setuid = value.
auth_may_setuid;
15827
break;
15828
case A_auth_may_set_cap:
15829 aci.auth_may_set_cap = value.
auth_may_set_cap;
15830
break;
15831
#if defined(CONFIG_RSBAC_AUTH_LEARN)
15832
case A_auth_program_file:
15833 aci.auth_program_file = value.auth_program_file;
15834
break;
15835
case A_auth_start_uid:
15836 aci.auth_start_uid = value.auth_start_uid;
15837
break;
15838
case A_auth_learn:
15839 aci.auth_learn = value.
auth_learn;
15840
break;
15841
#endif
15842
default:
15843 err = -
RSBAC_EINVALIDATTR;
15844 }
15845
if(!err)
15846 {
15847 err =
rsbac_list_add(
process_handles.auth,
15848 &tid.
process,
15849 &aci);
15850 }
15851 }
15852
break;
15853
#endif
15854
15855
#if defined(CONFIG_RSBAC_CAP)
15856
case CAP:
15857 {
15858
struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI;
15859
15860
rsbac_list_get_data(
process_handles.cap,
15861 &tid.
process,
15862 &aci);
15863
switch (attr)
15864 {
15865
case A_cap_process_hiding:
15866 aci.cap_process_hiding = value.
cap_process_hiding;
15867
break;
15868
default:
15869 err = -
RSBAC_EINVALIDATTR;
15870 }
15871
if(!err)
15872 {
15873 err =
rsbac_list_add(
process_handles.cap,
15874 &tid.
process,
15875 &aci);
15876 }
15877 }
15878
break;
15879
#endif
15880
15881
#if defined(CONFIG_RSBAC_JAIL)
15882
case JAIL:
15883 {
15884
struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI;
15885
15886
rsbac_list_get_data(
process_handles.jail[jail_p_hash(tid.
process)],
15887 &tid.
process,
15888 &aci);
15889
switch (attr)
15890 {
15891
case A_jail_id:
15892 aci.id = value.
jail_id;
15893
break;
15894
case A_jail_ip:
15895 aci.ip = value.
jail_ip;
15896
break;
15897
case A_jail_flags:
15898 aci.flags = value.
jail_flags;
15899
break;
15900
case A_jail_max_caps:
15901 aci.max_caps = value.
jail_max_caps;
15902
break;
15903
default:
15904 err = -
RSBAC_EINVALIDATTR;
15905 }
15906
if(!err)
15907 {
15908 err =
rsbac_list_add(
process_handles.jail[jail_p_hash(tid.
process)],
15909 &tid.
process,
15910 &aci);
15911 }
15912 }
15913
break;
15914
#endif
15915
15916
default:
15917 err = -
RSBAC_EINVALIDMODULE;
15918 }
15919
15920
break;
15921
15922
#ifdef CONFIG_RSBAC_NET_DEV
15923
case T_NETDEV:
15924
15925
15926
15927
15928
15929
15930
15931
switch(module)
15932 {
15933
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
15934
case GEN:
15935 {
15936
struct rsbac_gen_netdev_aci_t aci =
DEFAULT_GEN_NETDEV_ACI;
15937
15938
rsbac_list_get_data(netdev_handles.gen,
15939 &tid.
netdev,
15940 &aci);
15941
switch (attr)
15942 {
15943
case A_log_array_low:
15944 aci.
log_array_low = value.
log_array_low;
15945
break;
15946
case A_log_array_high:
15947 aci.
log_array_high = value.
log_array_high;
15948
break;
15949
default:
15950 err = -
RSBAC_EINVALIDATTR;
15951 }
15952
if(!err)
15953 {
15954 err =
rsbac_list_add(netdev_handles.gen,
15955 &tid.
netdev,
15956 &aci);
15957 }
15958 }
15959
break;
15960
#endif
15961
#if defined(CONFIG_RSBAC_RC)
15962
case RC:
15963 {
15964
rsbac_rc_type_id_t type = value.
rc_type;
15965
15966
switch (attr)
15967 {
15968
case A_rc_type:
15969 err =
rsbac_list_add(netdev_handles.rc,
15970 &tid.
netdev,
15971 &type);
15972
break;
15973
default:
15974 err = -
RSBAC_EINVALIDATTR;
15975 }
15976 }
15977
break;
15978
#endif
15979
15980
default:
15981 err = -
RSBAC_EINVALIDMODULE;
15982 }
15983
15984
break;
15985
#endif
15986
15987
#ifdef CONFIG_RSBAC_NET_OBJ
15988
case T_NETTEMP:
15989
15990
15991
15992
15993
15994
15995
if(!
rsbac_list_exist(net_temp_handle, &tid.
nettemp))
15996
return -
RSBAC_EINVALIDTARGET;
15997
switch(module)
15998 {
15999
#if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
16000
case GEN:
16001 {
16002
struct rsbac_gen_netobj_aci_t aci =
DEFAULT_GEN_NETOBJ_ACI;
16003
16004
rsbac_list_get_data(nettemp_handles.gen,
16005 &tid.
nettemp,
16006 &aci);
16007
switch (attr)
16008 {
16009
case A_log_array_low:
16010 aci.
log_array_low = value.
log_array_low;
16011
break;
16012
case A_log_array_high:
16013 aci.
log_array_high = value.
log_array_high;
16014
break;
16015
16016
default:
16017 err = -
RSBAC_EINVALIDATTR;
16018 }
16019
if(!err)
16020 {
16021 err =
rsbac_list_add(nettemp_handles.gen,
16022 &tid.
nettemp,
16023 &aci);
16024 }
16025 }
16026
break;
16027
#endif
16028
#if defined(CONFIG_RSBAC_MAC)
16029
case MAC:
16030 {
16031
struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
16032
16033
rsbac_list_get_data(nettemp_handles.mac,
16034 &tid.
nettemp,
16035 &aci);
16036
switch (attr)
16037 {
16038
case A_security_level:
16039 aci.sec_level = value.
security_level;
16040
break;
16041
case A_mac_categories:
16042 aci.mac_categories = value.
mac_categories;
16043
break;
16044
16045
default:
16046 err = -
RSBAC_EINVALIDATTR;
16047 }
16048
if(!err)
16049 {
16050 err =
rsbac_list_add(nettemp_handles.mac,
16051 &tid.
nettemp,
16052 &aci);
16053 }
16054 }
16055
break;
16056
#endif
16057
16058
#if defined(CONFIG_RSBAC_FC)
16059
case FC:
16060 {
16061
rsbac_fc_oc_t fc_oc = value.
object_category;
16062
16063 err =
rsbac_list_add(nettemp_handles.fc,
16064 &tid.
nettemp,
16065 &fc_oc);
16066 }
16067
break;
16068
#endif
16069
16070
#if defined(CONFIG_RSBAC_SIM)
16071
case SIM:
16072 {
16073
rsbac_sim_dt_t sim_dt = value.
data_type;
16074
16075 err =
rsbac_list_add(nettemp_handles.sim,
16076 &tid.
nettemp,
16077 &sim_dt);
16078 }
16079
break;
16080
#endif
16081
16082
#if defined(CONFIG_RSBAC_PM)
16083
case PM:
16084 {
16085
struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
16086
16087
rsbac_list_get_data(nettemp_handles.pm,
16088 &tid.
nettemp,
16089 &aci);
16090
switch (attr)
16091 {
16092
case A_pm_object_class:
16093 aci.pm_object_class = value.
pm_object_class;
16094
break;
16095
case A_pm_ipc_purpose:
16096 aci.pm_ipc_purpose = value.
pm_ipc_purpose;
16097
break;
16098
case A_pm_object_type:
16099 aci.pm_object_type = value.
pm_object_type;
16100
break;
16101
default:
16102 err = -
RSBAC_EINVALIDATTR;
16103 }
16104
if(!err)
16105 {
16106 err =
rsbac_list_add(nettemp_handles.pm,
16107 &tid.
nettemp,
16108 &aci);
16109 }
16110 }
16111
break;
16112
#endif
16113
16114
#if defined(CONFIG_RSBAC_RC)
16115
case RC:
16116 {
16117
struct rsbac_rc_nettemp_aci_t aci = DEFAULT_RC_NETTEMP_ACI;
16118
16119
rsbac_list_get_data(nettemp_handles.rc,
16120 &tid.
nettemp,
16121 &aci);
16122
switch (attr)
16123 {
16124
case A_rc_type:
16125 aci.netobj_type = value.
rc_type;
16126
break;
16127
case A_rc_type_nt:
16128 aci.nettemp_type = value.
rc_type;
16129
break;
16130
16131
default:
16132 err = -
RSBAC_EINVALIDATTR;
16133 }
16134
if(!err)
16135 {
16136 err =
rsbac_list_add(nettemp_handles.rc,
16137 &tid.
nettemp,
16138 &aci);
16139 }
16140 }
16141
break;
16142
#endif
16143
16144
default:
16145 err = -
RSBAC_EINVALIDMODULE;
16146 }
16147
break;
16148
16149
case T_NETOBJ:
16150
16151
16152
16153
16154
16155
16156
switch(module)
16157 {
16158
#if defined(CONFIG_RSBAC_MAC)
16159
case MAC:
16160 {
16161
struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
16162
16163
switch(attr)
16164 {
16165
case A_local_sec_level:
16166
case A_local_mac_categories:
16167
if(
rsbac_list_get_data(lnetobj_handles.mac,
16168 &tid.
netobj.
sock_p,
16169 &aci))
16170 {
16171
rsbac_net_temp_id_t temp = 0;
16172
16173
rsbac_net_lookup_templates(tid.
netobj,
16174 &temp,
16175
NULL);
16176
if(temp)
16177
rsbac_list_get_data(nettemp_handles.mac,
16178 &temp,
16179 &aci);
16180 }
16181
break;
16182
16183
case A_remote_sec_level:
16184
case A_remote_mac_categories:
16185
if(
rsbac_list_get_data(rnetobj_handles.mac,
16186 &tid.
netobj.
sock_p,
16187 &aci))
16188 {
16189
rsbac_net_temp_id_t temp = 0;
16190
16191
rsbac_net_lookup_templates(tid.
netobj,
16192
NULL,
16193 &temp);
16194
if(temp)
16195
rsbac_list_get_data(nettemp_handles.mac,
16196 &temp,
16197 &aci);
16198 }
16199
break;
16200
16201
default:
16202 err = -
RSBAC_EINVALIDATTR;
16203 }
16204
if(err)
16205
break;
16206 {
16207
switch (attr)
16208 {
16209
case A_local_sec_level:
16210 aci.sec_level = value.
security_level;
16211 err =
rsbac_list_add(lnetobj_handles.mac,
16212 &tid.
netobj.
sock_p,
16213 &aci);
16214
break;
16215
case A_remote_sec_level:
16216 aci.sec_level = value.
security_level;
16217 err =
rsbac_list_add(rnetobj_handles.mac,
16218 &tid.
netobj.
sock_p,
16219 &aci);
16220
break;
16221
case A_local_mac_categories:
16222 aci.mac_categories = value.
mac_categories;
16223 err =
rsbac_list_add(lnetobj_handles.mac,
16224 &tid.
netobj.
sock_p,
16225 &aci);
16226
break;
16227
case A_remote_mac_categories:
16228 aci.mac_categories = value.
mac_categories;
16229 err =
rsbac_list_add(rnetobj_handles.mac,
16230 &tid.
netobj.
sock_p,
16231 &aci);
16232
break;
16233
16234
default:
16235 err = -
RSBAC_EINVALIDATTR;
16236 }
16237 }
16238 }
16239
break;
16240
#endif
16241
16242
#if defined(CONFIG_RSBAC_FC)
16243
case FC:
16244 {
16245
rsbac_fc_oc_t fc_oc = value.
object_category;
16246
16247
switch(attr)
16248 {
16249
case A_local_object_category:
16250 err =
rsbac_list_add(lnetobj_handles.fc,
16251 &tid.
netobj.
sock_p,
16252 &fc_oc);
16253
break;
16254
16255
case A_remote_object_category:
16256 err =
rsbac_list_add(rnetobj_handles.fc,
16257 &tid.
netobj.
sock_p,
16258 &fc_oc);
16259
break;
16260
16261
default:
16262 err = -
RSBAC_EINVALIDATTR;
16263 }
16264 }
16265
break;
16266
#endif
16267
16268
#if defined(CONFIG_RSBAC_SIM)
16269
case SIM:
16270 {
16271
rsbac_sim_dt_t sim_dt = value.
data_type;
16272
16273
switch(attr)
16274 {
16275
case A_local_data_type:
16276 err =
rsbac_list_add(lnetobj_handles.sim,
16277 &tid.
netobj.
sock_p,
16278 &sim_dt);
16279
break;
16280
16281
case A_remote_data_type:
16282 err =
rsbac_list_add(rnetobj_handles.sim,
16283 &tid.
netobj.
sock_p,
16284 &sim_dt);
16285
break;
16286
16287
default:
16288 err = -
RSBAC_EINVALIDATTR;
16289 }
16290 }
16291
break;
16292
#endif
16293
16294
#if defined(CONFIG_RSBAC_PM)
16295
case PM:
16296 {
16297
struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
16298
16299
switch(attr)
16300 {
16301
case A_local_pm_object_class:
16302
case A_local_pm_ipc_purpose:
16303
case A_local_pm_object_type:
16304
if(
rsbac_list_get_data(lnetobj_handles.pm,
16305 &tid.
netobj.
sock_p,
16306 &aci))
16307 {
16308
rsbac_net_temp_id_t temp = 0;
16309
16310
rsbac_net_lookup_templates(tid.
netobj,
16311 &temp,
16312
NULL);
16313
if(temp)
16314
rsbac_list_get_data(nettemp_handles.pm,
16315 &temp,
16316 &aci);
16317 }
16318
break;
16319
16320
case A_remote_pm_object_class:
16321
case A_remote_pm_ipc_purpose:
16322
case A_remote_pm_object_type:
16323
if(
rsbac_list_get_data(rnetobj_handles.pm,
16324 &tid.
netobj.
sock_p,
16325 &aci))
16326 {
16327
rsbac_net_temp_id_t temp = 0;
16328
16329
rsbac_net_lookup_templates(tid.
netobj,
16330
NULL,
16331 &temp);
16332
if(temp)
16333
rsbac_list_get_data(nettemp_handles.pm,
16334 &temp,
16335 &aci);
16336 }
16337
break;
16338
16339
default:
16340 err = -
RSBAC_EINVALIDATTR;
16341 }
16342
if(err)
16343
break;
16344 {
16345
switch (attr)
16346 {
16347
case A_local_pm_object_class:
16348 aci.pm_object_class = value.
pm_object_class;
16349 err =
rsbac_list_add(lnetobj_handles.pm,
16350 &tid.
netobj.
sock_p,
16351 &aci);
16352
break;
16353
case A_remote_pm_object_class:
16354 aci.pm_object_class = value.
pm_object_class;
16355 err =
rsbac_list_add(rnetobj_handles.pm,
16356 &tid.
netobj.
sock_p,
16357 &aci);
16358
break;
16359
case A_local_pm_ipc_purpose:
16360 aci.pm_ipc_purpose = value.
pm_ipc_purpose;
16361 err =
rsbac_list_add(lnetobj_handles.pm,
16362 &tid.
netobj.
sock_p,
16363 &aci);
16364
break;
16365
case A_remote_pm_ipc_purpose:
16366 aci.pm_ipc_purpose = value.
pm_ipc_purpose;
16367 err =
rsbac_list_add(rnetobj_handles.pm,
16368 &tid.
netobj.
sock_p,
16369 &aci);
16370
break;
16371
case A_local_pm_object_type:
16372 aci.pm_object_type = value.
pm_object_type;
16373 err =
rsbac_list_add(lnetobj_handles.pm,
16374 &tid.
netobj.
sock_p,
16375 &aci);
16376
break;
16377
case A_remote_pm_object_type:
16378 aci.pm_object_type = value.
pm_object_type;
16379 err =
rsbac_list_add(rnetobj_handles.pm,
16380 &tid.
netobj.
sock_p,
16381 &aci);
16382
break;
16383
16384
default:
16385 err = -
RSBAC_EINVALIDATTR;
16386 }
16387 }
16388 }
16389
break;
16390
#endif
16391
16392
#if defined(CONFIG_RSBAC_RC)
16393
case RC:
16394 {
16395
rsbac_rc_type_id_t type = value.
rc_type;
16396
16397
switch(attr)
16398 {
16399
case A_local_rc_type:
16400 err =
rsbac_list_add(lnetobj_handles.rc,
16401 &tid.
netobj.
sock_p,
16402 &type);
16403
break;
16404
16405
case A_remote_rc_type:
16406 err =
rsbac_list_add(rnetobj_handles.rc,
16407 &tid.
netobj.
sock_p,
16408 &type);
16409
break;
16410
16411
default:
16412 err = -
RSBAC_EINVALIDATTR;
16413 }
16414 }
16415
break;
16416
#endif
16417
16418
default:
16419 err = -
RSBAC_EINVALIDMODULE;
16420 }
16421
break;
16422
#endif
16423
16424
16425
default:
16426
return(-
RSBAC_EINVALIDTARGET);
16427 }
16428
#ifdef CONFIG_RSBAC_XSTATS
16429
if(!err)
16430 set_attr_count[target]++;
16431
#endif
16432
return(err);
16433 };
16434
16435
16436
16437
#if defined(CONFIG_RSBAC_REG)
16438
EXPORT_SYMBOL(rsbac_remove_target);
16439
#endif
16440 int rsbac_remove_target(
enum rsbac_target_t target,
16441
union rsbac_target_id_t tid)
16442 {
16443
int error=0;
16444
struct rsbac_device_list_item_t * device_p;
16445 u_long dflags;
16446
16447
if (!
rsbac_initialized)
16448 {
16449
#ifdef CONFIG_RSBAC_RMSG
16450
rsbac_printk(KERN_WARNING
"rsbac_remove_target(): RSBAC not initialized\n");
16451
#endif
16452
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
16453
if (!rsbac_nosyslog)
16454
#endif
16455
printk(KERN_WARNING
"rsbac_remove_target(): RSBAC not initialized\n");
16456
return(-
RSBAC_ENOTINITIALIZED);
16457 }
16458
if (in_interrupt())
16459 {
16460 printk(KERN_WARNING
"rsbac_remove_target(): called from interrupt!\n");
16461 }
16462
switch (target)
16463 {
16464
case T_FILE:
16465
case T_DIR:
16466
case T_FIFO:
16467
case T_SYMLINK:
16468
16469
16470
16471
16472
16473
16474
16475
#if defined(CONFIG_RSBAC_MAC)
16476
16477
if( (target ==
T_FILE)
16478 || (target ==
T_DIR)
16479 )
16480 error =
rsbac_mac_remove_f_trusets(tid.file);
16481
#endif
16482
#if defined(CONFIG_RSBAC_AUTH)
16483
16484
if( (target ==
T_FILE)
16485 || (target ==
T_DIR)
16486 )
16487 error =
rsbac_auth_remove_f_capsets(tid.file);
16488
#endif
16489
#if defined(CONFIG_RSBAC_ACL)
16490
16491 error =
rsbac_acl_remove_acl(target, tid);
16492
#endif
16493
16494 rsbac_read_lock(&
device_list_head.lock, &dflags);
16495
16496
16497
16498 device_p =
lookup_device(tid.file.device);
16499
if (!device_p)
16500 {
16501
struct super_block * sb_p;
16502
16503 rsbac_read_unlock(&
device_list_head.lock, &dflags);
16504
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
16505
sb_p = user_get_super(tid.file.device);
16506
#else
16507
sb_p = get_super(tid.file.device);
16508
#endif
16509
if(sb_p)
16510 {
16511
#ifdef CONFIG_RSBAC_RMSG
16512
rsbac_printk(KERN_INFO
16513
"rsbac_remove_target(): auto-mounting device %02u:%02u\n",
16514 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
16515
#endif
16516
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
16517
if (!rsbac_nosyslog)
16518
#endif
16519
printk(KERN_INFO
16520
"rsbac_remove_target(): auto-mounting device %02u:%02u\n",
16521 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
16522
rsbac_mount(sb_p,
NULL);
16523
16524 drop_super(sb_p);
16525 rsbac_read_lock(&
device_list_head.lock, &dflags);
16526 device_p =
lookup_device(tid.file.device);
16527
if (!device_p)
16528 {
16529
#ifdef CONFIG_RSBAC_RMSG
16530
rsbac_printk(KERN_WARNING
16531
"rsbac_remove_target(): unknown device %02u:%02u\n",
16532 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
16533
#endif
16534
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
16535
if (!rsbac_nosyslog)
16536
#endif
16537
printk(KERN_WARNING
16538
"rsbac_remove_target(): unknown device %02u:%02u\n",
16539 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
16540 rsbac_read_unlock(&
device_list_head.lock, &dflags);
16541
return -
RSBAC_EINVALIDDEV;
16542 }
16543 }
16544
else
16545
return -
RSBAC_EINVALIDDEV;
16546 }
16547
rsbac_list_remove(device_p->handles.gen[
gen_fd_hash(tid.file.inode)],
16548 &tid.file.inode);
16549
#if defined(CONFIG_RSBAC_MAC)
16550
rsbac_list_remove(device_p->handles.mac[mac_fd_hash(tid.file.inode)],
16551 &tid.file.inode);
16552
#endif
16553
#if defined(CONFIG_RSBAC_FC)
16554
rsbac_list_remove(device_p->handles.fc[fc_fd_hash(tid.file.inode)],
16555 &tid.file.inode);
16556
#endif
16557
#if defined(CONFIG_RSBAC_SIM)
16558
rsbac_list_remove(device_p->handles.sim[sim_fd_hash(tid.file.inode)],
16559 &tid.file.inode);
16560
#endif
16561
#if defined(CONFIG_RSBAC_PM)
16562
rsbac_list_remove(device_p->handles.pm[pm_fd_hash(tid.file.inode)],
16563 &tid.file.inode);
16564
#endif
16565
#if defined(CONFIG_RSBAC_DAZ)
16566
rsbac_list_remove(device_p->handles.daz[daz_fd_hash(tid.file.inode)],
16567 &tid.file.inode);
16568
#if defined(CONFIG_RSBAC_DAZ_CACHE)
16569
rsbac_list_remove(device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)],
16570 &tid.file.inode);
16571
#endif
16572
#endif
16573
#if defined(CONFIG_RSBAC_FF)
16574
rsbac_list_remove(device_p->handles.ff[ff_fd_hash(tid.file.inode)],
16575 &tid.file.inode);
16576
#endif
16577
#if defined(CONFIG_RSBAC_RC)
16578
rsbac_list_remove(device_p->handles.rc[rc_fd_hash(tid.file.inode)],
16579 &tid.file.inode);
16580
#endif
16581
#if defined(CONFIG_RSBAC_AUTH)
16582
rsbac_list_remove(device_p->handles.auth[auth_fd_hash(tid.file.inode)],
16583 &tid.file.inode);
16584
#endif
16585
#if defined(CONFIG_RSBAC_CAP)
16586
rsbac_list_remove(device_p->handles.cap[cap_fd_hash(tid.file.inode)],
16587 &tid.file.inode);
16588
#endif
16589
#if defined(CONFIG_RSBAC_PAX)
16590
rsbac_list_remove(device_p->handles.pax[pax_fd_hash(tid.file.inode)],
16591 &tid.file.inode);
16592
#endif
16593
#if defined(CONFIG_RSBAC_RES)
16594
rsbac_list_remove(device_p->handles.res[res_fd_hash(tid.file.inode)],
16595 &tid.file.inode);
16596
#endif
16597
16598
16599 rsbac_read_unlock(&
device_list_head.lock, &dflags);
16600
break;
16601
16602
case T_DEV:
16603 {
16604
struct rsbac_dev_desc_t dev_desc;
16605
16606 dev_desc.type = tid.dev.type;
16607 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
16608 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
16609
16610
16611
16612
16613
16614
16615
rsbac_list_remove(
dev_handles.gen,
16616 &dev_desc);
16617
#if defined(CONFIG_RSBAC_MAC)
16618
rsbac_list_remove(
dev_handles.mac,
16619 &dev_desc);
16620
#endif
16621
#if defined(CONFIG_RSBAC_FC)
16622
rsbac_list_remove(
dev_handles.fc,
16623 &dev_desc);
16624
#endif
16625
#if defined(CONFIG_RSBAC_SIM)
16626
rsbac_list_remove(
dev_handles.sim,
16627 &dev_desc);
16628
#endif
16629
#if defined(CONFIG_RSBAC_PM)
16630
rsbac_list_remove(
dev_handles.pm,
16631 &dev_desc);
16632
#endif
16633
#if defined(CONFIG_RSBAC_RC)
16634
rsbac_list_remove(
dev_handles.rc,
16635 &dev_desc);
16636
#endif
16637
}
16638
break;
16639
16640
case T_IPC:
16641
16642
16643
16644
16645
16646
16647
16648
#if defined(CONFIG_RSBAC_MAC)
16649
rsbac_list_remove(
ipc_handles.mac,
16650 &tid.
ipc);
16651
#endif
16652
#if defined(CONFIG_RSBAC_FC)
16653
rsbac_list_remove(
ipc_handles.fc,
16654 &tid.
ipc);
16655
#endif
16656
#if defined(CONFIG_RSBAC_SIM)
16657
rsbac_list_remove(
ipc_handles.sim,
16658 &tid.
ipc);
16659
#endif
16660
#if defined(CONFIG_RSBAC_PM)
16661
rsbac_list_remove(
ipc_handles.pm,
16662 &tid.
ipc);
16663
#endif
16664
#if defined(CONFIG_RSBAC_RC)
16665
rsbac_list_remove(
ipc_handles.rc,
16666 &tid.
ipc);
16667
#endif
16668
#if defined(CONFIG_RSBAC_JAIL)
16669
rsbac_list_remove(
ipc_handles.jail,
16670 &tid.
ipc);
16671
#endif
16672
break;
16673
16674
case T_USER:
16675
16676
16677
16678
16679
16680
16681
rsbac_list_remove(
user_handles.gen,
16682 &tid.
user);
16683
#if defined(CONFIG_RSBAC_MAC)
16684
rsbac_list_remove(
user_handles.mac,
16685 &tid.
user);
16686
#endif
16687
#if defined(CONFIG_RSBAC_FC)
16688
rsbac_list_remove(
user_handles.fc,
16689 &tid.
user);
16690
#endif
16691
#if defined(CONFIG_RSBAC_SIM)
16692
rsbac_list_remove(
user_handles.sim,
16693 &tid.
user);
16694
#endif
16695
#if defined(CONFIG_RSBAC_PM)
16696
rsbac_list_remove(
user_handles.pm,
16697 &tid.
user);
16698
#endif
16699
#if defined(CONFIG_RSBAC_DAZ)
16700
rsbac_list_remove(
user_handles.daz,
16701 &tid.
user);
16702
#endif
16703
#if defined(CONFIG_RSBAC_FF)
16704
rsbac_list_remove(
user_handles.ff,
16705 &tid.
user);
16706
#endif
16707
#if defined(CONFIG_RSBAC_RC)
16708
rsbac_list_remove(
user_handles.rc,
16709 &tid.
user);
16710
#endif
16711
#if defined(CONFIG_RSBAC_AUTH)
16712
rsbac_list_remove(
user_handles.auth,
16713 &tid.
user);
16714
#endif
16715
#if defined(CONFIG_RSBAC_CAP)
16716
rsbac_list_remove(
user_handles.cap,
16717 &tid.
user);
16718
#endif
16719
#if defined(CONFIG_RSBAC_JAIL)
16720
rsbac_list_remove(
user_handles.jail,
16721 &tid.
user);
16722
#endif
16723
#if defined(CONFIG_RSBAC_PAX)
16724
rsbac_list_remove(
user_handles.pax,
16725 &tid.
user);
16726
#endif
16727
#if defined(CONFIG_RSBAC_RES)
16728
rsbac_list_remove(
user_handles.res,
16729 &tid.
user);
16730
#endif
16731
break;
16732
16733
case T_PROCESS:
16734
16735
16736
16737
16738
16739
16740
16741
#if defined(CONFIG_RSBAC_ACL)
16742
16743 error =
rsbac_acl_remove_acl(target, tid);
16744
#endif
16745
rsbac_list_remove(
process_handles.gen,
16746 &tid.
process);
16747
#if defined(CONFIG_RSBAC_MAC)
16748
16749 error =
rsbac_mac_remove_p_trusets(tid.
process);
16750
rsbac_list_remove(
process_handles.mac[mac_p_hash(tid.
process)],
16751 &tid.
process);
16752
#endif
16753
#if defined(CONFIG_RSBAC_PM)
16754
rsbac_list_remove(
process_handles.pm,
16755 &tid.
process);
16756
#endif
16757
#if defined(CONFIG_RSBAC_DAZ)
16758
rsbac_list_remove(
process_handles.daz,
16759 &tid.
process);
16760
#endif
16761
#if defined(CONFIG_RSBAC_RC)
16762
rsbac_list_remove(
process_handles.rc[rc_p_hash(tid.
process)],
16763 &tid.
process);
16764
#endif
16765
#if defined(CONFIG_RSBAC_AUTH)
16766
16767 error =
rsbac_auth_remove_p_capsets(tid.
process);
16768
rsbac_list_remove(
process_handles.auth,
16769 &tid.
process);
16770
#endif
16771
#if defined(CONFIG_RSBAC_CAP)
16772
rsbac_list_remove(
process_handles.cap,
16773 &tid.
process);
16774
#endif
16775
#if defined(CONFIG_RSBAC_JAIL)
16776
rsbac_list_remove(
process_handles.jail[jail_p_hash(tid.
process)],
16777 &tid.
process);
16778
#endif
16779
break;
16780
16781
#ifdef CONFIG_RSBAC_NET_DEV
16782
case T_NETDEV:
16783
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
16784
rsbac_list_remove(netdev_handles.gen,
16785 &tid.
netdev);
16786
#endif
16787
#if defined(CONFIG_RSBAC_RC)
16788
rsbac_list_remove(netdev_handles.rc,
16789 &tid.
netdev);
16790
#endif
16791
break;
16792
#endif
16793
16794
#ifdef CONFIG_RSBAC_NET_OBJ
16795
case T_NETTEMP:
16796
16797
16798
16799
16800
16801
16802
16803
#if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
16804
rsbac_list_remove(nettemp_handles.gen,
16805 &tid.
nettemp);
16806
#endif
16807
#if defined(CONFIG_RSBAC_MAC)
16808
rsbac_list_remove(nettemp_handles.mac,
16809 &tid.
nettemp);
16810
#endif
16811
#if defined(CONFIG_RSBAC_FC)
16812
rsbac_list_remove(nettemp_handles.fc,
16813 &tid.
nettemp);
16814
#endif
16815
#if defined(CONFIG_RSBAC_SIM)
16816
rsbac_list_remove(nettemp_handles.sim,
16817 &tid.
nettemp);
16818
#endif
16819
#if defined(CONFIG_RSBAC_PM)
16820
rsbac_list_remove(nettemp_handles.pm,
16821 &tid.
nettemp);
16822
#endif
16823
#if defined(CONFIG_RSBAC_RC)
16824
rsbac_list_remove(nettemp_handles.rc,
16825 &tid.
nettemp);
16826
#endif
16827
#if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
16828
rsbac_acl_remove_acl(
T_NETTEMP_NT,
16829 tid);
16830
rsbac_acl_remove_acl(
T_NETTEMP,
16831 tid);
16832
#endif
16833
break;
16834
16835
case T_NETOBJ:
16836
16837
16838
16839
16840
16841
16842
16843
#if defined(CONFIG_RSBAC_MAC)
16844
rsbac_list_remove(lnetobj_handles.mac,
16845 &tid.
netobj.
sock_p);
16846
rsbac_list_remove(rnetobj_handles.mac,
16847 &tid.
netobj.
sock_p);
16848
#endif
16849
#if defined(CONFIG_RSBAC_FC)
16850
rsbac_list_remove(lnetobj_handles.fc,
16851 &tid.
netobj.
sock_p);
16852
rsbac_list_remove(rnetobj_handles.fc,
16853 &tid.
netobj.
sock_p);
16854
#endif
16855
#if defined(CONFIG_RSBAC_SIM)
16856
rsbac_list_remove(lnetobj_handles.sim,
16857 &tid.
netobj.
sock_p);
16858
rsbac_list_remove(rnetobj_handles.sim,
16859 &tid.
netobj.
sock_p);
16860
#endif
16861
#if defined(CONFIG_RSBAC_PM)
16862
rsbac_list_remove(lnetobj_handles.pm,
16863 &tid.
netobj.
sock_p);
16864
rsbac_list_remove(rnetobj_handles.pm,
16865 &tid.
netobj.
sock_p);
16866
#endif
16867
#if defined(CONFIG_RSBAC_RC)
16868
rsbac_list_remove(lnetobj_handles.rc,
16869 &tid.
netobj.
sock_p);
16870
rsbac_list_remove(rnetobj_handles.rc,
16871 &tid.
netobj.
sock_p);
16872
#endif
16873
break;
16874
16875
#endif
16876
16877
default:
16878
return(-
RSBAC_EINVALIDTARGET);
16879 }
16880
#ifdef CONFIG_RSBAC_XSTATS
16881
remove_count[target]++;
16882
#endif
16883
return(error);
16884 };
16885
16886
16887
#ifdef CONFIG_RSBAC_NET_DEV
16888
int rsbac_net_list_all_netdev(
rsbac_netdev_id_t ** id_pp)
16889 {
16890
int count=0;
16891
int tmp_count;
16892
16893
if(id_pp)
16894 {
16895
rsbac_netdev_id_t * i_id_p =
NULL;
16896
char * pos =
NULL;
16897
int i_count = 0;
16898
#if defined(CONFIG_RSBAC_RC)
16899
u_int i;
16900
#endif
16901
16902
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
16903
tmp_count =
rsbac_list_count(netdev_handles.gen);
16904
if(tmp_count > 0)
16905 i_count += tmp_count;
16906
#endif
16907
#if defined(CONFIG_RSBAC_RC)
16908
tmp_count =
rsbac_list_count(netdev_handles.rc);
16909
if(tmp_count > 0)
16910 i_count += tmp_count;
16911
#endif
16912
if(i_count > 0)
16913 {
16914 i_count += 20;
16915 *id_pp =
rsbac_vmalloc(i_count *
sizeof(**id_pp));
16916
if(!*id_pp)
16917
return -
RSBAC_ENOMEM;
16918 pos = (
char *) *id_pp;
16919
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
16920
tmp_count =
rsbac_list_get_all_desc(netdev_handles.gen, (
void **) &i_id_p);
16921
if(tmp_count > 0)
16922 {
16923
if(tmp_count > i_count)
16924 tmp_count = i_count;
16925 memcpy(pos, i_id_p, tmp_count *
sizeof(*i_id_p));
16926
rsbac_vfree(i_id_p);
16927 count = tmp_count;
16928 i_count -= tmp_count;
16929 pos += tmp_count *
sizeof(*i_id_p);
16930 }
16931
#endif
16932
#if defined(CONFIG_RSBAC_RC)
16933
if(i_count)
16934 {
16935 tmp_count =
rsbac_list_get_all_desc(netdev_handles.rc, (
void **) &i_id_p);
16936
if(tmp_count > 0)
16937 {
16938
if(tmp_count > i_count)
16939 tmp_count = i_count;
16940
for(i=0; i< tmp_count; i++)
16941 {
16942
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
16943
if(!
rsbac_list_exist(netdev_handles.gen, &i_id_p[i]))
16944
#endif
16945
{
16946 memcpy(pos, &i_id_p[i],
sizeof(*i_id_p));
16947 pos +=
sizeof(*i_id_p);
16948 count++;
16949 }
16950 }
16951
rsbac_vfree(i_id_p);
16952 }
16953 }
16954
#endif
16955
if(!count)
16956
rsbac_vfree(*id_pp);
16957 }
16958 }
16959
else
16960 {
16961
#if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
16962
tmp_count =
rsbac_list_count(netdev_handles.gen);
16963
if(tmp_count > 0)
16964 count += tmp_count;
16965
#endif
16966
#if defined(CONFIG_RSBAC_RC)
16967
tmp_count =
rsbac_list_count(netdev_handles.rc);
16968
if(tmp_count > 0)
16969 count += tmp_count;
16970
#endif
16971
}
16972
return count;
16973 }
16974
#endif
16975
16976
#ifdef CONFIG_RSBAC_NET_OBJ
16977
16978
int rsbac_net_get_id (
struct rsbac_net_description_t desc,
16979
rsbac_net_temp_id_t * id_p)
16980 {
16981
if(!
rsbac_initialized)
16982
return -
RSBAC_ENOTINITIALIZED;
16983
if(!id_p)
16984
return -
RSBAC_EINVALIDPOINTER;
16985
if(
rsbac_list_get_desc(net_temp_handle,
16986 id_p,
16987 &desc,
16988 rsbac_net_compare_data)
16989 )
16990 *id_p =
RSBAC_NET_UNKNOWN;
16991
return 0;
16992 }
16993
16994
16995
16996
int rsbac_net_lookup_templates(
struct rsbac_net_obj_desc_t netobj,
16997
rsbac_net_temp_id_t * local_temp_p,
16998
rsbac_net_temp_id_t * remote_temp_p)
16999 {
17000
struct rsbac_net_description_t rsbac_net_desc;
17001
int err=0;
17002
struct net_device *dev;
17003
17004
if(!netobj.
sock_p || !netobj.
sock_p->sk || !netobj.
sock_p->ops)
17005
return -
RSBAC_EINVALIDPOINTER;
17006
if(!local_temp_p && !remote_temp_p)
17007
return -
RSBAC_EINVALIDVALUE;
17008
17009 rsbac_net_desc.
address_family = netobj.
sock_p->ops->family;
17010 rsbac_net_desc.
type = netobj.
sock_p->type;
17011
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
17012
rsbac_net_desc.
protocol = netobj.
sock_p->sk->sk_protocol;
17013
if(netobj.
sock_p->sk->sk_bound_dev_if)
17014 {
17015 dev = dev_get_by_index(netobj.
sock_p->sk->sk_bound_dev_if);
17016
#else
17017
rsbac_net_desc.
protocol = netobj.
sock_p->sk->protocol;
17018
if(netobj.
sock_p->sk->bound_dev_if)
17019 {
17020 dev = dev_get_by_index(netobj.
sock_p->sk->bound_dev_if);
17021
#endif
17022
if(dev)
17023 {
17024 strcpy(rsbac_net_desc.
netdev, dev->name);
17025 dev_put(dev);
17026 }
17027
else
17028 rsbac_net_desc.
netdev[0] =
RSBAC_NET_UNKNOWN;
17029 }
17030
else
17031 rsbac_net_desc.
netdev[0] =
RSBAC_NET_UNKNOWN;
17032
if(local_temp_p)
17033 {
17034
switch(rsbac_net_desc.
address_family)
17035 {
17036
case AF_INET:
17037
if(netobj.
local_addr)
17038 {
17039
struct sockaddr_in * addr = netobj.
local_addr;
17040
17041 rsbac_net_desc.
address = &addr->sin_addr.s_addr;
17042 rsbac_net_desc.
address_len =
sizeof(__u32);
17043 rsbac_net_desc.
port = ntohs(addr->sin_port);
17044 }
17045
else
17046 {
17047
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
17048
rsbac_net_desc.
address = &inet_sk(netobj.
sock_p->sk)->rcv_saddr;
17049 rsbac_net_desc.
address_len =
sizeof(__u32);
17050 rsbac_net_desc.
port = inet_sk(netobj.
sock_p->sk)->num;
17051
#else
17052
rsbac_net_desc.
address = &netobj.
sock_p->sk->rcv_saddr;
17053 rsbac_net_desc.
address_len =
sizeof(__u32);
17054 rsbac_net_desc.
port = netobj.
sock_p->sk->num;
17055
#endif
17056
}
17057 dev = ip_dev_find(*(__u32 *)rsbac_net_desc.
address);
17058
if(dev)
17059 {
17060 strcpy(rsbac_net_desc.
netdev, dev->name);
17061 dev_put(dev);
17062 }
17063
break;
17064
case AF_UNIX:
17065
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
17066
if(unix_sk(netobj.
sock_p->sk)->addr)
17067 {
17068 rsbac_net_desc.
address = unix_sk(netobj.
sock_p->sk)->addr->name[0].sun_path;
17069 rsbac_net_desc.
address_len = unix_sk(netobj.
sock_p->sk)->addr->len;
17070 }
17071
#else
17072
if(netobj.
sock_p->sk->protinfo.af_unix.addr)
17073 {
17074 rsbac_net_desc.
address = netobj.
sock_p->sk->protinfo.af_unix.addr->name[0].sun_path;
17075 rsbac_net_desc.
address_len = netobj.
sock_p->sk->protinfo.af_unix.addr->len;
17076 }
17077
#endif
17078
else
17079
if(netobj.
local_addr)
17080 {
17081
struct sockaddr_un * addr = netobj.
local_addr;
17082
17083
if(addr->sun_path)
17084 {
17085 rsbac_net_desc.
address = addr->sun_path;
17086 rsbac_net_desc.
address_len = strlen(addr->sun_path);
17087 }
17088
else
17089 {
17090 rsbac_net_desc.
address =
NULL;
17091 rsbac_net_desc.
address_len = 0;
17092 }
17093 }
17094
else
17095 {
17096 rsbac_net_desc.
address =
NULL;
17097 rsbac_net_desc.
address_len = 0;
17098 }
17099
break;
17100
17101
default:
17102 rsbac_net_desc.
address =
NULL;
17103 rsbac_net_desc.
port =
RSBAC_NET_UNKNOWN;
17104 }
17105
if((err =
rsbac_net_get_id(rsbac_net_desc, local_temp_p)))
17106 {
17107 *local_temp_p = 0;
17108
#ifdef CONFIG_RSBAC_RMSG
17109
rsbac_printk(KERN_WARNING
17110
"rsbac_net_lookup_templates(): rsbac_net_get_id for local returned error %u\n",
17111 err);
17112
#endif
17113
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
17114
if (!rsbac_nosyslog)
17115
#endif
17116
printk(KERN_WARNING
17117
"rsbac_net_lookup_templates(): rsbac_net_get_id for local returned error %u\n",
17118 err);
17119 }
17120
#ifdef CONFIG_RSBAC_DEBUG
17121
if( rsbac_debug_ds_net
17122 && (rsbac_net_desc.
address_family == AF_INET)
17123 )
17124 {
17125
#ifdef CONFIG_RSBAC_RMSG
17126
rsbac_printk(KERN_DEBUG
17127
"rsbac_net_lookup_templates(): user %u temp id for local is %u\n",
17128 current->uid, *local_temp_p);
17129
#endif
17130
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
17131
if (!rsbac_nosyslog)
17132
#endif
17133
printk(KERN_DEBUG
17134
"rsbac_net_lookup_templates(): user %u temp id for local is %u\n",
17135 current->uid, *local_temp_p);
17136 }
17137
#endif
17138
}
17139
if(remote_temp_p)
17140 {
17141
switch(rsbac_net_desc.
address_family)
17142 {
17143
case AF_INET:
17144
if(netobj.
remote_addr)
17145 {
17146
struct sockaddr_in * addr = netobj.
remote_addr;
17147
17148 rsbac_net_desc.
address = &addr->sin_addr.s_addr;
17149 rsbac_net_desc.
address_len =
sizeof(__u32);
17150 rsbac_net_desc.
port = ntohs(addr->sin_port);
17151 }
17152
else
17153 {
17154
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
17155
rsbac_net_desc.
address = &inet_sk(netobj.
sock_p->sk)->daddr;
17156 rsbac_net_desc.
address_len =
sizeof(__u32);
17157 rsbac_net_desc.
port = ntohs(inet_sk(netobj.
sock_p->sk)->dport);
17158
#else
17159
rsbac_net_desc.
address = &netobj.
sock_p->sk->daddr;
17160 rsbac_net_desc.
address_len =
sizeof(__u32);
17161 rsbac_net_desc.
port = ntohs(netobj.
sock_p->sk->dport);
17162
#endif
17163
}
17164 dev = ip_dev_find(*(__u32 *)rsbac_net_desc.
address);
17165
if(dev)
17166 {
17167 strcpy(rsbac_net_desc.
netdev, dev->name);
17168 dev_put(dev);
17169 }
17170
break;
17171
case AF_UNIX:
17172 rsbac_net_desc.
port =
RSBAC_NET_UNKNOWN;
17173
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
17174
if( (unix_sk(netobj.
sock_p->sk)->other)
17175 && (unix_sk(unix_sk(netobj.
sock_p->sk)->other)->addr)
17176 )
17177 {
17178 rsbac_net_desc.
address
17179 = unix_sk(unix_sk(netobj.
sock_p->sk)->other)->addr->name;
17180 rsbac_net_desc.
address_len
17181 = unix_sk(unix_sk(netobj.
sock_p->sk)->other)->addr->len;
17182 }
17183
#else
17184
if( (netobj.
sock_p->sk->protinfo.af_unix.other)
17185 && (netobj.
sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr)
17186 )
17187 {
17188 rsbac_net_desc.
address
17189 = netobj.
sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr->name;
17190 rsbac_net_desc.
address_len
17191 = netobj.
sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr->len;
17192 }
17193
#endif
17194
else
17195
if(netobj.
remote_addr)
17196 {
17197
struct sockaddr_un * addr = netobj.
remote_addr;
17198
17199
if(addr->sun_path)
17200 {
17201 rsbac_net_desc.
address = addr->sun_path;
17202 rsbac_net_desc.
address_len = strlen(addr->sun_path);
17203 }
17204
else
17205 {
17206 rsbac_net_desc.
address =
NULL;
17207 rsbac_net_desc.
address_len = 0;
17208 }
17209 }
17210
else
17211 {
17212 rsbac_net_desc.
address =
NULL;
17213 rsbac_net_desc.
address_len = 0;
17214 }
17215
break;
17216
17217
default:
17218 rsbac_net_desc.
address =
NULL;
17219 rsbac_net_desc.
address_len = 0;
17220 rsbac_net_desc.
port =
RSBAC_NET_UNKNOWN;
17221 }
17222
if((err =
rsbac_net_get_id(rsbac_net_desc, remote_temp_p)))
17223 {
17224 *remote_temp_p = 0;
17225
#ifdef CONFIG_RSBAC_RMSG
17226
rsbac_printk(KERN_WARNING
17227
"rsbac_net_lookup_templates(): rsbac_net_get_id for remote returned error %u\n",
17228 err);
17229
#endif
17230
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
17231
if (!rsbac_nosyslog)
17232
#endif
17233
printk(KERN_WARNING
17234
"rsbac_net_lookup_templates(): rsbac_net_get_id for remote returned error %u\n",
17235 err);
17236 }
17237
#ifdef CONFIG_RSBAC_DEBUG
17238
if( rsbac_debug_ds_net
17239 && (rsbac_net_desc.
address_family == AF_INET)
17240 )
17241 {
17242
#ifdef CONFIG_RSBAC_RMSG
17243
rsbac_printk(KERN_DEBUG
17244
"rsbac_net_lookup_templates(): user %u temp id for remote is %u\n",
17245 current->uid, *remote_temp_p);
17246
#endif
17247
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
17248
if (!rsbac_nosyslog)
17249
#endif
17250
printk(KERN_DEBUG
17251
"rsbac_net_lookup_templates(): user %u temp id for remote is %u\n",
17252 current->uid, *remote_temp_p);
17253 }
17254
#endif
17255
}
17256
return 0;
17257 }
17258
17259
void rsbac_net_obj_cleanup(
rsbac_net_obj_id_t netobj)
17260 {
17261
union rsbac_target_id_t tid;
17262
17263 tid.
netobj.
sock_p = netobj;
17264
rsbac_remove_target(T_NETOBJ, tid);
17265 }
17266
17267
int rsbac_net_template(
enum rsbac_net_temp_syscall_t call,
17268
rsbac_net_temp_id_t id,
17269
union rsbac_net_temp_syscall_data_t * data_p)
17270 {
17271
struct rsbac_net_temp_data_t int_data =
RSBAC_NET_TEMP_DEFAULT_DATA;
17272
int err;
17273
17274
switch(call)
17275 {
17276
case NTS_new_template:
17277
case NTS_check_id:
17278
break;
17279
case NTS_copy_template:
17280 err =
rsbac_list_get_data(net_temp_handle, &data_p->
id, &int_data);
17281
if(err)
17282
return err;
17283
break;
17284
default:
17285 err =
rsbac_list_get_data(net_temp_handle, &
id, &int_data);
17286
if(err)
17287
return err;
17288 }
17289
17290
switch(call)
17291 {
17292
case NTS_set_address:
17293 memcpy(&int_data.
address, &data_p->
address,
sizeof(int_data.
address));
17294
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17295
case NTS_set_address_family:
17296 int_data.
address_family = data_p->
address_family;
17297
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17298
case NTS_set_valid_len:
17299 int_data.
valid_len = data_p->
valid_len;
17300
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17301
case NTS_set_type:
17302 int_data.
type = data_p->
type;
17303
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17304
case NTS_set_protocol:
17305 int_data.
protocol = data_p->
protocol;
17306
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17307
case NTS_set_netdev:
17308 strncpy(int_data.
netdev, data_p->
netdev, RSBAC_IFNAMSIZ);
17309 int_data.
netdev[
RSBAC_IFNAMSIZ] = 0;
17310
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17311
case NTS_set_min_port:
17312 int_data.
min_port = data_p->
min_port;
17313
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17314
case NTS_set_max_port:
17315 int_data.
max_port = data_p->
max_port;
17316
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17317
case NTS_set_name:
17318 strncpy(int_data.
name, data_p->
name, RSBAC_NET_TEMP_NAMELEN - 1);
17319 int_data.
name[
RSBAC_NET_TEMP_NAMELEN - 1] = 0;
17320
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17321
case NTS_new_template:
17322
if(
rsbac_list_exist(net_temp_handle, &
id))
17323
return -
RSBAC_EEXISTS;
17324 strncpy(int_data.
name, data_p->
name, RSBAC_NET_TEMP_NAMELEN - 1);
17325 int_data.
name[
RSBAC_NET_TEMP_NAMELEN - 1] = 0;
17326
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17327
case NTS_copy_template:
17328
if(
rsbac_list_exist(net_temp_handle, &
id))
17329
return -
RSBAC_EEXISTS;
17330
return rsbac_list_add(net_temp_handle, &
id, &int_data);
17331
case NTS_delete_template:
17332
return rsbac_list_remove(net_temp_handle, &
id);
17333
case NTS_check_id:
17334
if(
rsbac_list_exist(net_temp_handle, &
id))
17335 {
17336 data_p->
id =
id;
17337
return 0;
17338 }
17339
else
17340
return -
RSBAC_ENOTFOUND;
17341
case NTS_get_address:
17342 memcpy(&data_p->
address, &int_data.
address,
sizeof(int_data.
address));
17343
return 0;
17344
case NTS_get_address_family:
17345 data_p->
address_family = int_data.
address_family;
17346
return 0;
17347
case NTS_get_valid_len:
17348 data_p->
valid_len = int_data.
valid_len;
17349
return 0;
17350
case NTS_get_type:
17351 data_p->
type = int_data.
type;
17352
return 0;
17353
case NTS_get_protocol:
17354 data_p->
protocol = int_data.
protocol;
17355
return 0;
17356
case NTS_get_netdev:
17357 strncpy(data_p->
netdev, int_data.
netdev, RSBAC_IFNAMSIZ);
17358
return 0;
17359
case NTS_get_min_port:
17360 data_p->
min_port = int_data.
min_port;
17361
return 0;
17362
case NTS_get_max_port:
17363 data_p->
max_port = int_data.
max_port;
17364
return 0;
17365
case NTS_get_name:
17366 strcpy(data_p->
name, int_data.
name);
17367
return 0;
17368
17369
default:
17370
return -
RSBAC_EINVALIDREQUEST;
17371 }
17372 }
17373
17374
int rsbac_net_list_all_template(
rsbac_net_temp_id_t ** id_pp)
17375 {
17376
if(id_pp)
17377
return rsbac_list_get_all_desc(net_temp_handle, (
void **) id_pp);
17378
else
17379
return rsbac_list_count(net_temp_handle);
17380 }
17381
17382
int rsbac_net_template_exist(
rsbac_net_temp_id_t temp)
17383 {
17384
return rsbac_list_exist(net_temp_handle, &temp);
17385 }
17386
17387
int rsbac_net_remote_request(
enum rsbac_adf_request_t request)
17388 {
17389
switch(request)
17390 {
17391
case R_ACCEPT:
17392
case R_CONNECT:
17393
case R_SEND:
17394
case R_RECEIVE:
17395
case R_READ:
17396
case R_WRITE:
17397
return TRUE;
17398
17399
default:
17400
return FALSE;
17401 }
17402 }
17403
17404
#endif
17405
17406
#if defined(CONFIG_RSBAC_DAZ_CACHE)
17407
int rsbac_daz_flush_cache(
void)
17408 {
17409
struct rsbac_device_list_item_t * device_p;
17410
long dflags;
17411 u_int i;
17412
17413
17414 rsbac_read_lock(&
device_list_head.lock, &dflags);
17415 device_p =
device_list_head.head;
17416
while(device_p)
17417 {
17418
for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
17419
rsbac_list_remove_all(device_p->handles.dazs[i]);
17420 device_p = device_p->next;
17421 }
17422 rsbac_read_unlock(&
device_list_head.lock, &dflags);
17423
return 0;
17424 }
17425
#endif
17426
17427