00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011 #include <linux/types.h>
00012 #include <linux/version.h>
00013 #include <linux/fs.h>
00014 #include <linux/sched.h>
00015 #include <linux/quotaops.h>
00016 #include <linux/proc_fs.h>
00017 #include <linux/msdos_fs.h>
00018 #include <linux/iso_fs.h>
00019 #include <linux/nfs_fs.h>
00020 #include <linux/ext2_fs.h>
00021 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00022 #include <linux/kthread.h>
00023 #include <linux/coda.h>
00024 #include <linux/initrd.h>
00025 #include <linux/security.h>
00026
00027 #include <linux/syscalls.h>
00028 #include <linux/rcupdate.h>
00029 #else
00030 #define rcu_dereference(x) x
00031 #endif
00032 #include <linux/coda_psdev.h>
00033 #include <linux/ncp_fs.h>
00034 #include <linux/smb.h>
00035 #include <linux/dnotify.h>
00036 #include <linux/mm.h>
00037 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00038 #include <linux/blkdev.h>
00039 #else
00040 #include <linux/blk.h>
00041 #endif
00042 #include <linux/init.h>
00043 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00044 #include <linux/config.h>
00045 #endif
00046 #include <linux/module.h>
00047 #include <linux/netdevice.h>
00048 #include <linux/inetdevice.h>
00049 #include <asm/uaccess.h>
00050 #include <asm/atomic.h>
00051 #include <rsbac/types.h>
00052 #include <rsbac/aci.h>
00053 #include <rsbac/aci_data_structures.h>
00054 #include <rsbac/error.h>
00055 #include <rsbac/helpers.h>
00056 #include <rsbac/fs.h>
00057 #include <rsbac/getname.h>
00058 #include <rsbac/net_getname.h>
00059 #include <rsbac/adf.h>
00060 #include <rsbac/adf_main.h>
00061 #include <rsbac/reg.h>
00062 #include <rsbac/rkmem.h>
00063 #include <rsbac/gen_lists.h>
00064 #include <rsbac/jail.h>
00065 #include <linux/string.h>
00066 #include <linux/kdev_t.h>
00067 #include <linux/smp_lock.h>
00068
00069 #ifdef CONFIG_RSBAC_MAC
00070 #include <rsbac/mac.h>
00071 #endif
00072
00073 #ifdef CONFIG_RSBAC_PM
00074 #include <rsbac/pm.h>
00075 #endif
00076
00077 #ifdef CONFIG_RSBAC_DAZ
00078 #include <rsbac/daz.h>
00079 #endif
00080
00081 #if defined(CONFIG_RSBAC_RC)
00082 #include <rsbac/rc.h>
00083 #endif
00084
00085 #if defined(CONFIG_RSBAC_AUTH)
00086 #include <rsbac/auth.h>
00087 #endif
00088
00089 #if defined(CONFIG_RSBAC_ACL)
00090 #include <rsbac/acl.h>
00091 #endif
00092
00093 #if defined(CONFIG_RSBAC_JAIL)
00094 rsbac_jail_id_t rsbac_jail_syslog_jail_id = 0;
00095 #endif
00096
00097 #if defined(CONFIG_RSBAC_PAX) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
00098 #include <rsbac/pax.h>
00099 #endif
00100
00101 #ifdef CONFIG_RSBAC_UM
00102 #include <rsbac/um.h>
00103 #endif
00104
00105 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
00106 #include <linux/unistd.h>
00107 #include <linux/timer.h>
00108 static u_int auto_interval = CONFIG_RSBAC_AUTO_WRITE * HZ;
00109 #endif
00110
00111 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
00112 || defined(CONFIG_RSBAC_INIT_THREAD)
00113 static DECLARE_WAIT_QUEUE_HEAD(rsbacd_wait);
00114 static struct timer_list rsbac_timer;
00115 #endif
00116
00117 #if defined(CONFIG_RSBAC_NET_OBJ)
00118 #include <rsbac/network.h>
00119 #endif
00120
00121 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
00122 #include <linux/freezer.h>
00123 #else
00124 static inline int try_to_freeze(void) { return 0; }
00125 #endif
00126
00127
00128
00129
00130
00131
00132
00133 #if defined(CONFIG_RSBAC_REG)
00134 EXPORT_SYMBOL(rsbac_initialized);
00135 #endif
00136 rsbac_boolean_t rsbac_initialized = FALSE;
00137
00138 static char compiled_modules[80];
00139
00140 kdev_t rsbac_root_dev;
00141 #if defined(CONFIG_RSBAC_REG)
00142 EXPORT_SYMBOL(rsbac_root_dev);
00143 #endif
00144 DECLARE_MUTEX(rsbac_write_sem);
00145
00146 static struct rsbac_device_list_head_t * device_head_p[RSBAC_NR_DEVICE_LISTS];
00147 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00148 static spinlock_t device_list_locks[RSBAC_NR_DEVICE_LISTS];
00149 #else
00150 static rwlock_t device_list_locks[RSBAC_NR_DEVICE_LISTS];
00151 #endif
00152
00153 #ifdef CONFIG_RSBAC_FD_CACHE
00154 static rsbac_list_handle_t fd_cache_handle[SW_NONE];
00155 #ifdef CONFIG_RSBAC_XSTATS
00156 static __u64 fd_cache_hits[SW_NONE];
00157 static __u64 fd_cache_misses[SW_NONE];
00158 static u_int fd_cache_invalidates;
00159 static u_int fd_cache_invalidate_alls;
00160 #endif
00161 #endif
00162
00163 static struct rsbac_dev_handles_t dev_handles;
00164 static struct rsbac_dev_handles_t dev_major_handles;
00165 static struct rsbac_ipc_handles_t ipc_handles;
00166 static struct rsbac_user_handles_t user_handles;
00167 #ifdef CONFIG_RSBAC_RC_UM_PROT
00168 static struct rsbac_group_handles_t group_handles;
00169 #endif
00170 static struct rsbac_process_handles_t process_handles;
00171
00172 #ifdef CONFIG_RSBAC_NET_DEV
00173 static struct rsbac_netdev_handles_t netdev_handles;
00174 #endif
00175 #ifdef CONFIG_RSBAC_NET_OBJ
00176 static rsbac_list_handle_t net_temp_handle;
00177 static struct rsbac_nettemp_handles_t nettemp_handles;
00178 static struct rsbac_lnetobj_handles_t lnetobj_handles;
00179 static struct rsbac_rnetobj_handles_t rnetobj_handles;
00180 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
00181 static struct rsbac_gen_netobj_aci_t def_gen_netobj_aci =
00182 DEFAULT_GEN_NETOBJ_ACI;
00183 #endif
00184 #endif
00185
00186
00187
00188
00189 static struct rsbac_gen_fd_aci_t def_gen_root_dir_aci =
00190 DEFAULT_GEN_ROOT_DIR_ACI;
00191 static struct rsbac_gen_fd_aci_t def_gen_fd_aci = DEFAULT_GEN_FD_ACI;
00192
00193 #if defined(CONFIG_RSBAC_MAC)
00194 static struct rsbac_mac_fd_aci_t def_mac_root_dir_aci =
00195 DEFAULT_MAC_ROOT_DIR_ACI;
00196 static struct rsbac_mac_fd_aci_t def_mac_fd_aci = DEFAULT_MAC_FD_ACI;
00197 #endif
00198 #if defined(CONFIG_RSBAC_DAZ)
00199 static struct rsbac_daz_fd_aci_t def_daz_root_dir_aci = DEFAULT_DAZ_ROOT_DIR_ACI;
00200 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00201 static rsbac_time_t rsbac_daz_ttl = CONFIG_RSBAC_DAZ_TTL;
00202 #endif
00203 #endif
00204 #if defined(CONFIG_RSBAC_PM)
00205 static struct rsbac_pm_fd_aci_t def_pm_fd_aci = DEFAULT_PM_FD_ACI;
00206 #endif
00207 #if defined(CONFIG_RSBAC_RC)
00208 static struct rsbac_rc_fd_aci_t def_rc_root_dir_aci =
00209 DEFAULT_RC_ROOT_DIR_ACI;
00210 static struct rsbac_rc_fd_aci_t def_rc_fd_aci = DEFAULT_RC_FD_ACI;
00211 #endif
00212 #if defined(CONFIG_RSBAC_RES)
00213 static struct rsbac_res_fd_aci_t def_res_fd_aci = DEFAULT_RES_FD_ACI;
00214 #endif
00215
00216 #if defined(CONFIG_RSBAC_PROC)
00217 #include <rsbac/proc_fs.h>
00218
00219 #ifdef CONFIG_RSBAC_XSTATS
00220 static u_long get_attr_count[T_NONE] = { 0, 0, 0, 0, 0, 0, 0 };
00221 static u_long set_attr_count[T_NONE] = { 0, 0, 0, 0, 0, 0, 0 };
00222 static u_long remove_count[T_NONE] = { 0, 0, 0, 0, 0, 0, 0 };
00223 static u_long get_parent_count = 0;
00224 #endif
00225
00226 #if defined(CONFIG_RSBAC_REG)
00227 EXPORT_SYMBOL(proc_rsbac_root_p);
00228 #endif
00229 struct proc_dir_entry *proc_rsbac_root_p = NULL;
00230
00231 #if defined(CONFIG_RSBAC_REG)
00232 EXPORT_SYMBOL(proc_rsbac_backup_p);
00233 #endif
00234 struct proc_dir_entry *proc_rsbac_backup_p = NULL;
00235
00236 #endif
00237
00238 #ifdef CONFIG_DEVFS_MOUNT
00239 #include <linux/devfs_fs_kernel.h>
00240 static struct dentry *devfs_covered_p = NULL;
00241 static struct super_block *devfs_sb_p = NULL;
00242 #endif
00243
00244 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00245 static struct dentry *sysfs_covered_p = NULL;
00246 static struct super_block *sysfs_sb_p = NULL;
00247 #endif
00248
00249 #ifdef CONFIG_RSBAC_MAC
00250 static struct rsbac_mac_process_aci_t mac_init_p_aci =
00251 DEFAULT_MAC_P_INIT_ACI;
00252 #endif
00253 #ifdef CONFIG_RSBAC_RC
00254 static struct rsbac_rc_process_aci_t rc_kernel_p_aci =
00255 DEFAULT_RC_P_KERNEL_ACI;
00256 #endif
00257
00258
00259
00260
00261
00262
00263 static struct rsbac_device_list_item_t *lookup_device(kdev_t kdev, u_int hash);
00264
00265
00266
00267
00268
00269 static u_int gen_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00270 static u_int gen_nr_p_hashes = 1;
00271
00272 #if defined(CONFIG_RSBAC_MAC)
00273 static u_int mac_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00274 static u_int mac_nr_p_hashes = 1;
00275 #endif
00276 #if defined(CONFIG_RSBAC_PM)
00277 static u_int pm_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00278 #endif
00279 #if defined(CONFIG_RSBAC_DAZ)
00280 static u_int daz_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00281
00282 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00283 static u_int daz_scanned_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00284 #endif
00285 #endif
00286 #if defined(CONFIG_RSBAC_FF)
00287 static u_int ff_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00288 #endif
00289 #if defined(CONFIG_RSBAC_RC)
00290 static u_int rc_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00291 static u_int rc_nr_p_hashes = 1;
00292 #endif
00293 #if defined(CONFIG_RSBAC_AUTH)
00294 static u_int auth_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00295 #endif
00296 #if defined(CONFIG_RSBAC_CAP)
00297 static u_int cap_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00298 #endif
00299 #if defined(CONFIG_RSBAC_JAIL)
00300 static u_int jail_nr_p_hashes = 1;
00301 #endif
00302 #if defined(CONFIG_RSBAC_PAX)
00303 static u_int pax_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00304 #endif
00305 #if defined(CONFIG_RSBAC_RES)
00306 static u_int res_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00307 #endif
00308
00309 static inline u_int device_hash(kdev_t id)
00310 {
00311 return id & (RSBAC_NR_DEVICE_LISTS - 1);
00312 }
00313
00314
00315
00316
00317
00318
00319
00320
00321
00322
00323 rsbac_boolean_t writable(struct super_block * sb_p)
00324 {
00325 #ifdef CONFIG_RSBAC_NO_WRITE
00326 return (FALSE);
00327 #else
00328 if (!sb_p || !sb_p->s_dev)
00329 return (FALSE);
00330 if (rsbac_debug_no_write || (sb_p->s_flags & MS_RDONLY)
00331 || in_interrupt())
00332 return (FALSE);
00333 if (!MAJOR(sb_p->s_dev)
00334 #ifndef CONFIG_RSBAC_MSDOS_WRITE
00335 || (sb_p->s_magic == MSDOS_SUPER_MAGIC)
00336 #endif
00337 || (sb_p->s_magic == SOCKFS_MAGIC)
00338 || (sb_p->s_magic == PIPEFS_MAGIC)
00339 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00340 || (sb_p->s_magic == SYSFS_MAGIC)
00341 #endif
00342 || (sb_p->s_magic == NFS_SUPER_MAGIC)
00343 || (sb_p->s_magic == CODA_SUPER_MAGIC)
00344 || (sb_p->s_magic == NCP_SUPER_MAGIC)
00345 || (sb_p->s_magic == SMB_SUPER_MAGIC)
00346 || (sb_p->s_magic == ISOFS_SUPER_MAGIC))
00347 return (FALSE);
00348 else
00349 return (TRUE);
00350 #endif
00351 }
00352
00353
00354
00355
00356
00357
00358 static int lookup_aci_path_dentry(struct super_block *sb_p,
00359 struct dentry **dir_dentry_pp,
00360 rsbac_boolean_t create_dir, kdev_t kdev)
00361 {
00362 struct dentry *dir_dentry_p = NULL;
00363 struct dentry *root_dentry_p = NULL;
00364 int err = 0;
00365 struct rsbac_device_list_item_t *device_p;
00366 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00367 u_long dflags;
00368 #endif
00369 u_int hash;
00370
00371 if (!dir_dentry_pp)
00372 return (-RSBAC_EINVALIDPOINTER);
00373
00374 if (!sb_p) {
00375 sb_p = rsbac_get_super_block(kdev);
00376 if (!sb_p) {
00377 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): invalid device %02u:%02u\n",
00378 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00379 return (-RSBAC_EINVALIDDEV);
00380 }
00381 }
00382
00383
00384 if ((sb_p->s_magic == PIPEFS_MAGIC)
00385 || (sb_p->s_magic == SOCKFS_MAGIC)
00386 ) {
00387 return -RSBAC_ENOTFOUND;
00388 }
00389 hash = device_hash(kdev);
00390
00391 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00392 rcu_read_lock();
00393 #else
00394 rsbac_read_lock(&device_list_locks[hash], &dflags);
00395 #endif
00396 device_p = lookup_device(kdev, hash);
00397 if (!device_p) {
00398 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): No entry for device %02u:%02u\n",
00399 MAJOR(kdev), MINOR(kdev));
00400 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00401 rcu_read_unlock();
00402 #else
00403 rsbac_read_unlock(&device_list_locks[hash], &dflags);
00404 #endif
00405 return (-RSBAC_EINVALIDDEV);
00406 }
00407
00408 if (device_p->rsbac_dir_dentry_p) {
00409 *dir_dentry_pp = device_p->rsbac_dir_dentry_p;
00410 rsbac_pr_debug(ds, "device_p->rsbac_dir_dentry_p->d_count "
00411 "for device %02u:%02u is %i!\n",
00412 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00413 atomic_read(&device_p->rsbac_dir_dentry_p->d_count));
00414 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00415 rcu_read_unlock();
00416 #else
00417 rsbac_read_unlock(&device_list_locks[hash], &dflags);
00418 #endif
00419 return 0;
00420 }
00421
00422 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00423 rcu_read_unlock();
00424 #else
00425 rsbac_read_unlock(&device_list_locks[hash], &dflags);
00426 #endif
00427 rsbac_pr_debug(ds, "first time lookup for or non-existing %s on device "
00428 "%02u:%02u!\n", RSBAC_ACI_PATH,
00429 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00430 if (!sb_p->s_root) {
00431 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n",
00432 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00433 err = -RSBAC_EINVALIDDEV;
00434 goto out;
00435 }
00436
00437 if (!sb_p->s_root->d_inode) {
00438 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n",
00439 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00440 err = -RSBAC_EINVALIDDEV;
00441 goto out;
00442 }
00443
00444
00445 rsbac_pr_debug(ds, "lookup rsbac path %s for device %02u:%02u, "
00446 "sb_p->s_root->d_count is %i!\n",
00447 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev),
00448 MINOR(sb_p->s_dev),
00449 atomic_read(&sb_p->s_root->d_count));
00450 dir_dentry_p =
00451 rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root,
00452 strlen(RSBAC_ACI_PATH));
00453 if (IS_ERR(dir_dentry_p))
00454 switch (PTR_ERR(dir_dentry_p)) {
00455 case -ENOENT:
00456 case -ENOTDIR:
00457 err = -RSBAC_ENOTFOUND;
00458 goto out;
00459 case -ENOMEM:
00460 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): memory allocation error!\n");
00461 err = -RSBAC_ENOROOTDIR;
00462 goto out;
00463 case -ENAMETOOLONG:
00464 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n");
00465 err = -RSBAC_EPATHTOOLONG;
00466 goto out;
00467 case -EACCES:
00468 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): No access to ACI_PATH!\n");
00469 err = -RSBAC_EACCESS;
00470 goto out;
00471 default:
00472 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Error on root dir: %li!\n",
00473 PTR_ERR(dir_dentry_p));
00474 err = -RSBAC_ENOROOTDIR;
00475 goto out;
00476 }
00477
00478 if (!dir_dentry_p) {
00479 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n");
00480 err = -RSBAC_EINVALIDPOINTER;
00481 goto out;
00482 }
00483 if (!dir_dentry_p->d_inode) {
00484
00485 if (!create_dir) {
00486 err = -RSBAC_ENOTFOUND;
00487 goto out_dir_dput;
00488 }
00489 rsbac_pr_debug(ds, "try to create dir, first test writable!\n");
00490
00491 if (!writable(sb_p)) {
00492 err = -RSBAC_ENOTWRITABLE;
00493 goto out_dir_dput;
00494 }
00495 root_dentry_p = lock_parent(dir_dentry_p);
00496 err = PTR_ERR(root_dentry_p);
00497 if (IS_ERR(root_dentry_p)) {
00498 err = -RSBAC_ECOULDNOTCREATEPATH;
00499 goto out_dir_dput;
00500 }
00501 if (!root_dentry_p->d_inode
00502 || !root_dentry_p->d_inode->i_op
00503 || !root_dentry_p->d_inode->i_op->mkdir) {
00504 unlock_dir(root_dentry_p);
00505 err = -RSBAC_ECOULDNOTCREATEPATH;
00506 goto out_dir_dput;
00507 }
00508 DQUOT_INIT(root_dentry_p->d_inode);
00509 err =
00510 root_dentry_p->d_inode->i_op->mkdir(root_dentry_p->
00511 d_inode,
00512 dir_dentry_p,
00513 RSBAC_ACI_DIR_MODE);
00514 unlock_dir(root_dentry_p);
00515 if (err) {
00516 err = -RSBAC_ECOULDNOTCREATEPATH;
00517 goto out_dir_dput;
00518 }
00519 } else {
00520
00521 if (!S_ISDIR(dir_dentry_p->d_inode->i_mode)) {
00522 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n",
00523 RSBAC_ACI_PATH,
00524 MAJOR(sb_p->s_dev),
00525 MINOR(sb_p->s_dev));
00526 err = -RSBAC_EACCESS;
00527 goto out_dir_dput;
00528 }
00529 }
00530 rsbac_pr_debug(ds, "dir_dentry_p->d_count is %i!\n",
00531 atomic_read(&dir_dentry_p->d_count));
00532 rsbac_pr_debug(ds, "sb_p->s_root->d_count is now %i!\n",
00533 atomic_read(&sb_p->s_root->d_count));
00534
00535
00536 *dir_dentry_pp = dir_dentry_p;
00537
00538
00539 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00540 rcu_read_lock();
00541 #else
00542 rsbac_read_lock(&device_list_locks[hash], &dflags);
00543 #endif
00544 device_p = lookup_device(kdev, hash);
00545 if (device_p && !device_p->rsbac_dir_dentry_p) {
00546 device_p->rsbac_dir_dentry_p = dir_dentry_p;
00547 device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino;
00548 }
00549 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00550 rcu_read_unlock();
00551 #else
00552 rsbac_read_unlock(&device_list_locks[hash], &dflags);
00553 #endif
00554
00555 out:
00556 return (err);
00557
00558 out_dir_dput:
00559 dput(dir_dentry_p);
00560 goto out;
00561 }
00562
00563
00564
00565
00566
00567
00568
00569 static struct rsbac_device_list_item_t *lookup_device(kdev_t kdev, u_int hash)
00570 {
00571 struct rsbac_device_list_item_t *curr = rcu_dereference(device_head_p[hash])->curr;
00572
00573
00574 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00575 if (!(curr && (MAJOR(curr->id) == MAJOR(kdev))
00576 && (MINOR(curr->id) == MINOR(kdev))))
00577 #else
00578 if (!(curr && (curr->id == kdev)))
00579 #endif
00580 {
00581 curr = rcu_dereference(device_head_p[hash])->head;
00582 while (curr
00583 && ((RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00584 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00585 )
00586 ) {
00587 curr = curr->next;
00588 }
00589 if (curr)
00590 rcu_dereference(device_head_p[hash])->curr = curr;
00591 }
00592
00593 return curr;
00594 }
00595
00596 #ifdef CONFIG_RSBAC_FD_CACHE
00597 u_int hash_fd_cache(void * desc, __u32 nr_hashes)
00598 {
00599 return ( ((struct rsbac_fd_cache_desc_t *) desc)->inode & (nr_hashes - 1) );
00600 }
00601 #endif
00602
00603 static int dev_compare(void *desc1, void *desc2)
00604 {
00605 int result;
00606 struct rsbac_dev_desc_t *i_desc1 = desc1;
00607 struct rsbac_dev_desc_t *i_desc2 = desc2;
00608
00609 result = memcmp(&i_desc1->type,
00610 &i_desc2->type, sizeof(i_desc1->type));
00611 if (result)
00612 return result;
00613 result = memcmp(&i_desc1->major,
00614 &i_desc2->major, sizeof(i_desc1->major));
00615 if (result)
00616 return result;
00617 return memcmp(&i_desc1->minor,
00618 &i_desc2->minor, sizeof(i_desc1->minor));
00619 }
00620
00621 static int dev_major_compare(void *desc1, void *desc2)
00622 {
00623 int result;
00624 struct rsbac_dev_desc_t *i_desc1 = desc1;
00625 struct rsbac_dev_desc_t *i_desc2 = desc2;
00626
00627 result = memcmp(&i_desc1->type,
00628 &i_desc2->type, sizeof(i_desc1->type));
00629 if (result)
00630 return result;
00631 return memcmp(&i_desc1->major,
00632 &i_desc2->major, sizeof(i_desc1->major));
00633 }
00634
00635 static int ipc_compare(void *desc1, void *desc2)
00636 {
00637 int result;
00638 struct rsbac_ipc_t *i_desc1 = desc1;
00639 struct rsbac_ipc_t *i_desc2 = desc2;
00640
00641 result = memcmp(&i_desc1->type,
00642 &i_desc2->type, sizeof(i_desc1->type));
00643 if (result)
00644 return result;
00645 else
00646 return memcmp(&i_desc1->id.id_nr,
00647 &i_desc2->id.id_nr,
00648 sizeof(i_desc1->id.id_nr));
00649 }
00650
00651 #ifdef CONFIG_RSBAC_NET_DEV
00652 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) || defined(CONFIG_RSBAC_RC)
00653 static int netdev_compare(void *desc1, void *desc2)
00654 {
00655 return strncmp(desc1, desc2, RSBAC_IFNAMSIZ);
00656 }
00657 #endif
00658 #endif
00659
00660
00661
00662
00663 static int gen_fd_conv(void *old_desc,
00664 void *old_data, void *new_desc, void *new_data)
00665 {
00666 struct rsbac_gen_fd_aci_t *new_aci = new_data;
00667 struct rsbac_gen_fd_old_aci_t *old_aci = old_data;
00668
00669 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00670 new_aci->log_array_low = old_aci->log_array_low;
00671 new_aci->log_array_high = old_aci->log_array_high;
00672 new_aci->log_program_based = old_aci->log_program_based;
00673 new_aci->symlink_add_remote_ip = 0;
00674 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00675 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00676 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00677 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00678 new_aci->fake_root_uid = old_aci->fake_root_uid;
00679 new_aci->auid_exempt = old_aci->auid_exempt;
00680 return 0;
00681 }
00682
00683 static int gen_fd_old_conv(void *old_desc,
00684 void *old_data, void *new_desc, void *new_data)
00685 {
00686 struct rsbac_gen_fd_aci_t *new_aci = new_data;
00687 struct rsbac_gen_fd_old_aci_t *old_aci = old_data;
00688
00689 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00690 new_aci->log_array_low = old_aci->log_array_low;
00691 new_aci->log_array_high = old_aci->log_array_high;
00692 new_aci->log_program_based = old_aci->log_program_based;
00693 new_aci->symlink_add_remote_ip = 0;
00694 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00695 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00696 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00697 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00698 new_aci->fake_root_uid = old_aci->fake_root_uid;
00699 new_aci->auid_exempt = RSBAC_NO_USER;
00700 return 0;
00701 }
00702
00703 static int gen_fd_old_old_conv(void *old_desc,
00704 void *old_data,
00705 void *new_desc, void *new_data)
00706 {
00707 struct rsbac_gen_fd_aci_t *new_aci = new_data;
00708 struct rsbac_gen_fd_old_old_aci_t *old_aci = old_data;
00709
00710 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00711 new_aci->log_array_low = old_aci->log_array_low;
00712 new_aci->log_array_high = old_aci->log_array_high;
00713 new_aci->log_program_based = old_aci->log_program_based;
00714 new_aci->symlink_add_remote_ip = 0;
00715 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00716 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00717 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00718 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00719 new_aci->fake_root_uid = FR_off;
00720 new_aci->auid_exempt = RSBAC_NO_USER;
00721 return 0;
00722 }
00723
00724 rsbac_list_conv_function_t *gen_fd_get_conv(rsbac_version_t old_version)
00725 {
00726 switch (old_version) {
00727 case RSBAC_GEN_FD_OLD_ACI_VERSION:
00728 return gen_fd_conv;
00729 case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION:
00730 return gen_fd_old_conv;
00731 case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION:
00732 return gen_fd_old_old_conv;
00733 default:
00734 return NULL;
00735 }
00736 }
00737
00738 static int gen_dev_conv(void *old_desc,
00739 void *old_data, void *new_desc, void *new_data)
00740 {
00741 struct rsbac_dev_desc_t *new = new_desc;
00742 struct rsbac_dev_t *old = old_desc;
00743
00744 memcpy(new_data, old_data, sizeof(struct rsbac_gen_dev_aci_t));
00745 new->type = old->type;
00746 new->major = RSBAC_MAJOR(old->id);
00747 new->minor = RSBAC_MINOR(old->id);
00748 return 0;
00749 }
00750
00751 rsbac_list_conv_function_t *gen_dev_get_conv(rsbac_version_t old_version)
00752 {
00753 switch (old_version) {
00754 case RSBAC_GEN_DEV_OLD_ACI_VERSION:
00755 return gen_dev_conv;
00756 default:
00757 return NULL;
00758 }
00759 }
00760
00761 #ifdef CONFIG_RSBAC_MAC
00762 static int mac_old_fd_conv(void *old_desc,
00763 void *old_data, void *new_desc, void *new_data)
00764 {
00765 struct rsbac_mac_fd_aci_t *new_aci = new_data;
00766 struct rsbac_mac_fd_old_aci_t *old_aci = old_data;
00767
00768 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00769 new_aci->sec_level = old_aci->sec_level;
00770 new_aci->mac_categories = old_aci->mac_categories;
00771 new_aci->mac_auto = old_aci->mac_auto;
00772 new_aci->mac_prop_trusted = old_aci->mac_prop_trusted;
00773 new_aci->mac_file_flags = old_aci->mac_file_flags;
00774 return 0;
00775 }
00776
00777 static int mac_old_old_fd_conv(void *old_desc,
00778 void *old_data,
00779 void *new_desc, void *new_data)
00780 {
00781 struct rsbac_mac_fd_aci_t *new_aci = new_data;
00782 struct rsbac_mac_fd_old_old_aci_t *old_aci = old_data;
00783
00784 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00785 new_aci->sec_level = old_aci->sec_level;
00786 new_aci->mac_categories = old_aci->mac_categories;
00787 new_aci->mac_auto = old_aci->mac_auto;
00788 new_aci->mac_prop_trusted = FALSE;
00789 if (old_aci->mac_shared)
00790 new_aci->mac_file_flags = MAC_write_up;
00791 else
00792 new_aci->mac_file_flags = 0;
00793 return 0;
00794 }
00795
00796 static int mac_old_old_old_fd_conv(void *old_desc,
00797 void *old_data,
00798 void *new_desc, void *new_data)
00799 {
00800 struct rsbac_mac_fd_aci_t *new_aci = new_data;
00801 struct rsbac_mac_fd_old_old_old_aci_t *old_aci = old_data;
00802
00803 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00804 new_aci->sec_level = old_aci->sec_level;
00805 new_aci->mac_categories = old_aci->mac_categories;
00806 new_aci->mac_auto = old_aci->mac_auto;
00807 new_aci->mac_prop_trusted = FALSE;
00808 new_aci->mac_file_flags = 0;
00809 return 0;
00810 }
00811
00812 rsbac_list_conv_function_t *mac_fd_get_conv(rsbac_version_t old_version)
00813 {
00814 switch (old_version) {
00815 case RSBAC_MAC_FD_OLD_ACI_VERSION:
00816 return mac_old_fd_conv;
00817 case RSBAC_MAC_FD_OLD_OLD_ACI_VERSION:
00818 return mac_old_old_fd_conv;
00819 case RSBAC_MAC_FD_OLD_OLD_OLD_ACI_VERSION:
00820 return mac_old_old_old_fd_conv;
00821 default:
00822 return NULL;
00823 }
00824 }
00825
00826 static int mac_dev_conv(void *old_desc,
00827 void *old_data, void *new_desc, void *new_data)
00828 {
00829 struct rsbac_dev_desc_t *new = new_desc;
00830 struct rsbac_dev_t *old = old_desc;
00831
00832 memcpy(new_data, old_data, sizeof(struct rsbac_mac_dev_aci_t));
00833 new->type = old->type;
00834 new->major = RSBAC_MAJOR(old->id);
00835 new->minor = RSBAC_MINOR(old->id);
00836 return 0;
00837 }
00838
00839 rsbac_list_conv_function_t *mac_dev_get_conv(rsbac_version_t old_version)
00840 {
00841 switch (old_version) {
00842 case RSBAC_MAC_DEV_OLD_ACI_VERSION:
00843 return mac_dev_conv;
00844 default:
00845 return NULL;
00846 }
00847 }
00848
00849 static int mac_old_user_conv(void *old_desc,
00850 void *old_data,
00851 void *new_desc, void *new_data)
00852 {
00853 struct rsbac_mac_user_aci_t *new_aci = new_data;
00854 struct rsbac_mac_user_old_aci_t *old_aci = old_data;
00855
00856 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00857 new_aci->security_level = old_aci->access_appr;
00858 new_aci->initial_security_level = old_aci->access_appr;
00859 new_aci->min_security_level = old_aci->min_access_appr;
00860 new_aci->mac_categories = old_aci->mac_categories;
00861 new_aci->mac_initial_categories = old_aci->mac_categories;
00862 new_aci->mac_min_categories = old_aci->mac_min_categories;
00863 new_aci->system_role = old_aci->system_role;
00864 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00865 if (old_aci->mac_allow_auto)
00866 new_aci->mac_user_flags |= MAC_allow_auto;
00867 return 0;
00868 }
00869
00870 static int mac_old_old_user_conv(void *old_desc,
00871 void *old_data,
00872 void *new_desc, void *new_data)
00873 {
00874 struct rsbac_mac_user_aci_t *new_aci = new_data;
00875 struct rsbac_mac_user_old_old_aci_t *old_aci = old_data;
00876
00877 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00878 new_aci->security_level = old_aci->access_appr;
00879 new_aci->initial_security_level = old_aci->access_appr;
00880 new_aci->min_security_level = old_aci->min_access_appr;
00881 new_aci->mac_categories = old_aci->mac_categories;
00882 new_aci->mac_initial_categories = old_aci->mac_categories;
00883 new_aci->mac_min_categories = old_aci->mac_min_categories;
00884 new_aci->system_role = old_aci->system_role;
00885 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00886 return 0;
00887 }
00888
00889 static int mac_old_old_old_user_conv(void *old_desc,
00890 void *old_data,
00891 void *new_desc, void *new_data)
00892 {
00893 struct rsbac_mac_user_aci_t *new_aci = new_data;
00894 struct rsbac_mac_user_old_old_old_aci_t *old_aci = old_data;
00895
00896 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00897 new_aci->security_level = old_aci->access_appr;
00898 new_aci->initial_security_level = old_aci->access_appr;
00899 new_aci->min_security_level = SL_unclassified;
00900 new_aci->mac_categories = old_aci->mac_categories;
00901 new_aci->mac_initial_categories = old_aci->mac_categories;
00902 new_aci->mac_min_categories = RSBAC_MAC_MIN_CAT_VECTOR;
00903 new_aci->system_role = old_aci->system_role;
00904 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00905 return 0;
00906 }
00907
00908 rsbac_list_conv_function_t *mac_user_get_conv(rsbac_version_t old_version)
00909 {
00910 switch (old_version) {
00911 case RSBAC_MAC_USER_OLD_ACI_VERSION:
00912 return mac_old_user_conv;
00913 case RSBAC_MAC_USER_OLD_OLD_ACI_VERSION:
00914 return mac_old_old_user_conv;
00915 case RSBAC_MAC_USER_OLD_OLD_OLD_ACI_VERSION:
00916 return mac_old_old_old_user_conv;
00917 default:
00918 return NULL;
00919 }
00920 }
00921 #endif
00922
00923 #ifdef CONFIG_RSBAC_PM
00924 static int pm_dev_conv(void *old_desc,
00925 void *old_data, void *new_desc, void *new_data)
00926 {
00927 struct rsbac_dev_desc_t *new = new_desc;
00928 struct rsbac_dev_t *old = old_desc;
00929
00930 memcpy(new_data, old_data, sizeof(struct rsbac_pm_dev_aci_t));
00931 new->type = old->type;
00932 new->major = RSBAC_MAJOR(old->id);
00933 new->minor = RSBAC_MINOR(old->id);
00934 return 0;
00935 }
00936
00937 rsbac_list_conv_function_t *pm_dev_get_conv(rsbac_version_t old_version)
00938 {
00939 switch (old_version) {
00940 case RSBAC_PM_DEV_OLD_ACI_VERSION:
00941 return pm_dev_conv;
00942 default:
00943 return NULL;
00944 }
00945 }
00946 #endif
00947
00948 #ifdef CONFIG_RSBAC_RC
00949 static int rc_dev_conv(void *old_desc,
00950 void *old_data, void *new_desc, void *new_data)
00951 {
00952 struct rsbac_dev_desc_t *new = new_desc;
00953 struct rsbac_dev_t *old = old_desc;
00954
00955 memcpy(new_data, old_data, sizeof(rsbac_rc_type_id_t));
00956 new->type = old->type;
00957 new->major = RSBAC_MAJOR(old->id);
00958 new->minor = RSBAC_MINOR(old->id);
00959 return 0;
00960 }
00961
00962 rsbac_list_conv_function_t *rc_dev_get_conv(rsbac_version_t old_version)
00963 {
00964 switch (old_version) {
00965 case RSBAC_RC_DEV_OLD_ACI_VERSION:
00966 return rc_dev_conv;
00967 default:
00968 return NULL;
00969 }
00970 }
00971
00972 static int rc_user_conv(void *old_desc,
00973 void *old_data, void *new_desc, void *new_data)
00974 {
00975 struct rsbac_rc_user_aci_t *new_aci = new_data;
00976 rsbac_rc_role_id_t *old_aci = old_data;
00977
00978 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00979 new_aci->rc_role = *old_aci;
00980 new_aci->rc_type = RSBAC_RC_GENERAL_TYPE;
00981 return 0;
00982 }
00983
00984 rsbac_list_conv_function_t *rc_user_get_conv(rsbac_version_t old_version)
00985 {
00986 switch (old_version) {
00987 case RSBAC_RC_USER_OLD_ACI_VERSION:
00988 return rc_user_conv;
00989 default:
00990 return NULL;
00991 }
00992 }
00993 #endif
00994
00995 #ifdef CONFIG_RSBAC_AUTH
00996 static int auth_old_fd_conv(void *old_desc,
00997 void *old_data, void *new_desc, void *new_data)
00998 {
00999 struct rsbac_auth_fd_aci_t *new_aci = new_data;
01000 struct rsbac_auth_fd_old_aci_t *old_aci = old_data;
01001
01002 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01003 new_aci->auth_may_setuid = old_aci->auth_may_setuid;
01004 new_aci->auth_may_set_cap = old_aci->auth_may_set_cap;
01005 new_aci->auth_learn = FALSE;
01006 return 0;
01007 }
01008
01009 rsbac_list_conv_function_t *auth_fd_get_conv(rsbac_version_t old_version)
01010 {
01011 switch (old_version) {
01012 case RSBAC_AUTH_FD_OLD_ACI_VERSION:
01013 return auth_old_fd_conv;
01014 default:
01015 return NULL;
01016 }
01017 }
01018
01019 #endif
01020
01021 #ifdef CONFIG_RSBAC_DAZ
01022 static int daz_old_fd_conv(
01023 void * old_desc,
01024 void * old_data,
01025 void * new_desc,
01026 void * new_data)
01027 {
01028 struct rsbac_daz_fd_aci_t * new_aci = new_data;
01029 struct rsbac_daz_fd_old_aci_t * old_aci = old_data;
01030
01031 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01032 new_aci->daz_scanner = old_aci->daz_scanner;
01033 new_aci->daz_do_scan = DEFAULT_DAZ_FD_DO_SCAN;
01034 return 0;
01035 }
01036
01037 rsbac_list_conv_function_t * daz_fd_get_conv(rsbac_version_t old_version)
01038 {
01039 switch(old_version)
01040 {
01041 case RSBAC_DAZ_FD_OLD_ACI_VERSION:
01042 return daz_old_fd_conv;
01043 default:
01044 return NULL;
01045 }
01046 }
01047 #endif
01048
01049 #ifdef CONFIG_RSBAC_CAP
01050 static int cap_old_fd_conv(void *old_desc, void *old_data, void *new_desc, void *new_data)
01051 {
01052 struct rsbac_cap_fd_aci_t *new_aci = new_data;
01053 struct rsbac_cap_fd_old_aci_t *old_aci = old_data;
01054
01055 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01056 new_aci->min_caps = old_aci->min_caps;
01057 new_aci->max_caps = old_aci->max_caps;
01058 new_aci->cap_ld_env = LD_inherit;
01059 return 0;
01060 }
01061
01062 rsbac_list_conv_function_t *cap_fd_get_conv(rsbac_version_t old_version)
01063 {
01064 switch (old_version) {
01065 case RSBAC_CAP_FD_OLD_ACI_VERSION:
01066 return cap_old_fd_conv;
01067 default:
01068 return NULL;
01069 }
01070 }
01071
01072 static int cap_old_user_conv(void *old_desc, void *old_data, void *new_desc, void *new_data)
01073 {
01074 struct rsbac_cap_user_aci_t *new_aci = new_data;
01075 struct rsbac_cap_user_old_aci_t *old_aci = old_data;
01076
01077 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01078 new_aci->cap_role = old_aci->cap_role;
01079 new_aci->min_caps = old_aci->min_caps;
01080 new_aci->max_caps = old_aci->max_caps;
01081 new_aci->cap_ld_env = LD_allow;
01082 return 0;
01083 }
01084
01085 rsbac_list_conv_function_t *cap_user_get_conv(rsbac_version_t old_version)
01086 {
01087 switch (old_version) {
01088 case RSBAC_CAP_USER_OLD_ACI_VERSION:
01089 return cap_old_user_conv;
01090 default:
01091 return NULL;
01092 }
01093 }
01094 #endif
01095
01096 #ifdef CONFIG_RSBAC_NET_OBJ
01097 static int net_temp_old_conv(void *old_desc, void *old_data, void *new_desc, void *new_data)
01098 {
01099 struct rsbac_net_temp_data_t *new_aci = new_data;
01100 struct rsbac_net_temp_old_data_t *old_aci = old_data;
01101
01102 memcpy(new_desc, old_desc, sizeof(rsbac_net_temp_id_t));
01103 new_aci->address_family = old_aci->address_family;
01104 new_aci->type = old_aci->type;
01105 new_aci->protocol = old_aci->protocol;
01106 memcpy(new_aci->netdev, old_aci->netdev, sizeof(rsbac_netdev_id_t));
01107 memcpy(new_aci->name, old_aci->name, sizeof(new_aci->name));
01108 switch(new_aci->address_family) {
01109 case AF_INET:
01110 new_aci->address.inet.nr_addr = 1;
01111 new_aci->address.inet.addr[0] = *((__u32 *) old_aci->address);
01112 new_aci->address.inet.valid_bits[0] = old_aci->valid_len;
01113 if((old_aci->min_port == 0) && (old_aci->max_port == RSBAC_NET_MAX_PORT))
01114 new_aci->ports.nr_ports = 0;
01115 else {
01116 new_aci->ports.nr_ports = 1;
01117 new_aci->ports.ports[0].min = old_aci->min_port;
01118 new_aci->ports.ports[0].max = old_aci->max_port;
01119 }
01120 break;
01121 default:
01122 memcpy(new_aci->address.other.addr, old_aci->address, sizeof(old_aci->address));
01123 new_aci->address.other.valid_len = old_aci->valid_len;
01124 new_aci->ports.nr_ports = 0;
01125 break;
01126 }
01127 return 0;
01128 }
01129
01130
01131 rsbac_list_conv_function_t *net_temp_get_conv(rsbac_version_t old_version)
01132 {
01133 switch (old_version) {
01134 case RSBAC_NET_TEMP_OLD_VERSION:
01135 return net_temp_old_conv;
01136 default:
01137 return NULL;
01138 }
01139 }
01140 #endif
01141
01142
01143
01144
01145
01146
01147
01148
01149
01150
01151
01152
01153 static int register_fd_lists(struct rsbac_device_list_item_t *device_p,
01154 kdev_t kdev)
01155 {
01156 char *name;
01157 int err = 0;
01158 int tmperr;
01159 struct rsbac_list_info_t *info_p;
01160 if (!device_p)
01161 return (-RSBAC_EINVALIDPOINTER);
01162 name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01163 if (!name)
01164 return -RSBAC_ENOMEM;
01165 info_p = rsbac_kmalloc(sizeof(*info_p));
01166 if (!info_p) {
01167 rsbac_kfree(name);
01168 return -RSBAC_ENOMEM;
01169 }
01170
01171
01172 {
01173 info_p->version = RSBAC_GEN_FD_ACI_VERSION;
01174 info_p->key = RSBAC_GEN_FD_ACI_KEY;
01175 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01176 info_p->data_size =
01177 sizeof(struct rsbac_gen_fd_aci_t);
01178 info_p->max_age = 0;
01179 gen_nr_fd_hashes = RSBAC_GEN_NR_FD_LISTS;
01180 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01181 &device_p->handles.gen,
01182 info_p,
01183 RSBAC_LIST_PERSIST |
01184 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01185 NULL,
01186 gen_fd_get_conv,
01187 &def_gen_fd_aci,
01188 RSBAC_GEN_FD_NAME,
01189 kdev,
01190 gen_nr_fd_hashes,
01191 rsbac_list_hash_fd,
01192 RSBAC_GEN_OLD_FD_NAME);
01193 if (tmperr) {
01194 char *tmp;
01195
01196 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01197 if (tmp) {
01198 rsbac_printk(KERN_WARNING "register_fd_lists(): registering general list %s for device %02u:%02u failed with error %s!\n",
01199 RSBAC_GEN_FD_NAME,
01200 RSBAC_MAJOR(kdev),
01201 RSBAC_MINOR(kdev),
01202 get_error_name(tmp,
01203 tmperr));
01204 rsbac_kfree(tmp);
01205 }
01206 err = tmperr;
01207 }
01208 }
01209
01210 #if defined(CONFIG_RSBAC_MAC)
01211 {
01212
01213 info_p->version = RSBAC_MAC_FD_ACI_VERSION;
01214 info_p->key = RSBAC_MAC_FD_ACI_KEY;
01215 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01216 info_p->data_size =
01217 sizeof(struct rsbac_mac_fd_aci_t);
01218 info_p->max_age = 0;
01219 mac_nr_fd_hashes = RSBAC_MAC_NR_FD_LISTS;
01220 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01221 &device_p->handles.mac,
01222 info_p,
01223 RSBAC_LIST_PERSIST |
01224 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01225 NULL,
01226 mac_fd_get_conv,
01227 &def_mac_fd_aci,
01228 RSBAC_MAC_FD_NAME,
01229 kdev,
01230 mac_nr_fd_hashes,
01231 rsbac_list_hash_fd,
01232 RSBAC_MAC_OLD_FD_NAME);
01233 if (tmperr) {
01234 char *tmp;
01235 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01236 if (tmp) {
01237 rsbac_printk(KERN_WARNING "register_fd_lists(): registering MAC list %s for device %02u:%02u failed with error %s!\n",
01238 RSBAC_MAC_FD_NAME,
01239 RSBAC_MAJOR(kdev),
01240 RSBAC_MINOR(kdev),
01241 get_error_name(tmp,
01242 tmperr));
01243 rsbac_kfree(tmp);
01244 }
01245 err = tmperr;
01246 }
01247 }
01248 #endif
01249
01250 #if defined(CONFIG_RSBAC_PM)
01251 {
01252
01253 info_p->version = RSBAC_PM_FD_ACI_VERSION;
01254 info_p->key = RSBAC_PM_FD_ACI_KEY;
01255 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01256 info_p->data_size =
01257 sizeof(struct rsbac_pm_fd_aci_t);
01258 info_p->max_age = 0;
01259 pm_nr_fd_hashes = RSBAC_PM_NR_FD_LISTS;
01260 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01261 &device_p->handles.pm,
01262 info_p,
01263 RSBAC_LIST_PERSIST |
01264 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01265 NULL,
01266 NULL, &def_pm_fd_aci,
01267 RSBAC_PM_FD_NAME, kdev,
01268 pm_nr_fd_hashes,
01269 rsbac_list_hash_fd,
01270 RSBAC_PM_OLD_FD_NAME);
01271 if (tmperr) {
01272 char *tmp;
01273
01274 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01275 if (tmp) {
01276 rsbac_printk(KERN_WARNING "register_fd_lists(): registering PM list %s for device %02u:%02u failed with error %s!\n",
01277 RSBAC_PM_FD_NAME,
01278 RSBAC_MAJOR(kdev),
01279 RSBAC_MINOR(kdev),
01280 get_error_name(tmp,
01281 tmperr));
01282 rsbac_kfree(tmp);
01283 }
01284 err = tmperr;
01285 }
01286 }
01287 #endif
01288
01289 #if defined(CONFIG_RSBAC_DAZ)
01290 {
01291 struct rsbac_daz_fd_aci_t def_daz_fd_aci =
01292 DEFAULT_DAZ_FD_ACI;
01293
01294 info_p->version = RSBAC_DAZ_FD_ACI_VERSION;
01295 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01296 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01297 info_p->data_size =
01298 sizeof(struct rsbac_daz_fd_aci_t);
01299 info_p->max_age = 0;
01300 daz_nr_fd_hashes = RSBAC_DAZ_NR_FD_LISTS;
01301 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01302 &device_p->handles.daz,
01303 info_p,
01304 RSBAC_LIST_PERSIST |
01305 RSBAC_LIST_DEF_DATA |
01306 RSBAC_LIST_AUTO_HASH_RESIZE,
01307 NULL,
01308 daz_fd_get_conv,
01309 &def_daz_fd_aci,
01310 RSBAC_DAZ_FD_NAME, kdev,
01311 daz_nr_fd_hashes,
01312 rsbac_list_hash_fd,
01313 RSBAC_DAZ_OLD_FD_NAME);
01314 if (tmperr) {
01315 char *tmp;
01316
01317 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01318 if (tmp) {
01319 rsbac_printk(KERN_WARNING "register_fd_lists(): registering DAZ list %s for device %02u:%02u failed with error %s!\n",
01320 RSBAC_DAZ_FD_NAME,
01321 RSBAC_MAJOR(kdev),
01322 RSBAC_MINOR(kdev),
01323 get_error_name(tmp,
01324 tmperr));
01325 rsbac_kfree(tmp);
01326 }
01327 err = tmperr;
01328 }
01329 }
01330 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01331 {
01332 rsbac_daz_scanned_t def_daz_scanned_fd_aci =
01333 DEFAULT_DAZ_FD_SCANNED;
01334
01335 info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION;
01336 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01337 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01338 info_p->data_size = sizeof(rsbac_daz_scanned_t);
01339 info_p->max_age = 0;
01340 daz_scanned_nr_fd_hashes = RSBAC_DAZ_SCANNED_NR_FD_LISTS;
01341 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01342 &device_p->handles.dazs,
01343 info_p,
01344 #ifdef CONFIG_RSBAC_DAZ_PERSIST
01345 RSBAC_LIST_PERSIST |
01346 #endif
01347 RSBAC_LIST_DEF_DATA |
01348 RSBAC_LIST_AUTO_HASH_RESIZE |
01349 RSBAC_LIST_NO_MAX,
01350 NULL,
01351 NULL,
01352 &def_daz_scanned_fd_aci,
01353 RSBAC_DAZ_SCANNED_FD_NAME, kdev,
01354 daz_scanned_nr_fd_hashes,
01355 rsbac_list_hash_fd,
01356 RSBAC_DAZ_SCANNED_OLD_FD_NAME);
01357 if (tmperr) {
01358 char *tmp;
01359
01360 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01361 if (tmp) {
01362 rsbac_printk(KERN_WARNING "register_fd_lists(): registering DAZ scanned list %s for device %02u:%02u failed with error %s!\n",
01363 RSBAC_DAZ_SCANNED_FD_NAME,
01364 RSBAC_MAJOR(kdev),
01365 RSBAC_MINOR(kdev),
01366 get_error_name(tmp,
01367 tmperr));
01368 rsbac_kfree(tmp);
01369 }
01370 err = tmperr;
01371 }
01372 }
01373 #endif
01374 #endif
01375
01376 #if defined(CONFIG_RSBAC_FF)
01377 {
01378 rsbac_ff_flags_t def_ff_fd_aci = RSBAC_FF_DEF;
01379
01380 info_p->version = RSBAC_FF_FD_ACI_VERSION;
01381 info_p->key = RSBAC_FF_FD_ACI_KEY;
01382 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01383 info_p->data_size = sizeof(rsbac_ff_flags_t);
01384 info_p->max_age = 0;
01385 ff_nr_fd_hashes = RSBAC_FF_NR_FD_LISTS;
01386 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01387 &device_p->handles.ff,
01388 info_p,
01389 RSBAC_LIST_PERSIST |
01390 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01391 NULL,
01392 NULL, &def_ff_fd_aci,
01393 RSBAC_FF_FD_NAME, kdev,
01394 ff_nr_fd_hashes,
01395 rsbac_list_hash_fd,
01396 RSBAC_FF_OLD_FD_NAME);
01397 if (tmperr) {
01398 char *tmp;
01399
01400 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01401 if (tmp) {
01402 rsbac_printk(KERN_WARNING "register_fd_lists(): registering FF list %s for device %02u:%02u failed with error %s!\n",
01403 RSBAC_FF_FD_NAME,
01404 RSBAC_MAJOR(kdev),
01405 RSBAC_MINOR(kdev),
01406 get_error_name(tmp,
01407 tmperr));
01408 rsbac_kfree(tmp);
01409 }
01410 err = tmperr;
01411 }
01412 }
01413 #endif
01414
01415 #if defined(CONFIG_RSBAC_RC)
01416 {
01417 info_p->version = RSBAC_RC_FD_ACI_VERSION;
01418 info_p->key = RSBAC_RC_FD_ACI_KEY;
01419 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01420 info_p->data_size =
01421 sizeof(struct rsbac_rc_fd_aci_t);
01422 info_p->max_age = 0;
01423 rc_nr_fd_hashes = RSBAC_RC_NR_FD_LISTS;
01424 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01425 &device_p->handles.rc,
01426 info_p,
01427 RSBAC_LIST_PERSIST |
01428 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01429 NULL,
01430 NULL, &def_rc_fd_aci,
01431 RSBAC_RC_FD_NAME, kdev,
01432 rc_nr_fd_hashes,
01433 rsbac_list_hash_fd,
01434 RSBAC_RC_OLD_FD_NAME);
01435 if (tmperr) {
01436 char *tmp;
01437
01438 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01439 if (tmp) {
01440 rsbac_printk(KERN_WARNING "register_fd_lists(): registering RC list %s for device %02u:%02u failed with error %s!\n",
01441 RSBAC_RC_FD_NAME,
01442 RSBAC_MAJOR(kdev),
01443 RSBAC_MINOR(kdev),
01444 get_error_name(tmp,
01445 tmperr));
01446 rsbac_kfree(tmp);
01447 }
01448 err = tmperr;
01449 }
01450 }
01451 #endif
01452
01453 #if defined(CONFIG_RSBAC_AUTH)
01454 {
01455 struct rsbac_auth_fd_aci_t def_auth_fd_aci =
01456 DEFAULT_AUTH_FD_ACI;
01457
01458 info_p->version = RSBAC_AUTH_FD_ACI_VERSION;
01459 info_p->key = RSBAC_AUTH_FD_ACI_KEY;
01460 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01461 info_p->data_size =
01462 sizeof(struct rsbac_auth_fd_aci_t);
01463 info_p->max_age = 0;
01464 auth_nr_fd_hashes = RSBAC_AUTH_NR_FD_LISTS;
01465 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01466 &device_p->handles.auth,
01467 info_p,
01468 RSBAC_LIST_PERSIST |
01469 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01470 NULL,
01471 auth_fd_get_conv,
01472 &def_auth_fd_aci,
01473 RSBAC_AUTH_FD_NAME, kdev,
01474 auth_nr_fd_hashes,
01475 rsbac_list_hash_fd,
01476 RSBAC_AUTH_OLD_FD_NAME);
01477 if (tmperr) {
01478 char *tmp;
01479
01480 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01481 if (tmp) {
01482 rsbac_printk(KERN_WARNING "register_fd_lists(): registering AUTH list %s for device %02u:%02u failed with error %s!\n",
01483 RSBAC_AUTH_FD_NAME,
01484 RSBAC_MAJOR(kdev),
01485 RSBAC_MINOR(kdev),
01486 get_error_name(tmp,
01487 tmperr));
01488 rsbac_kfree(tmp);
01489 }
01490 err = tmperr;
01491 }
01492 }
01493 #endif
01494
01495 #if defined(CONFIG_RSBAC_CAP)
01496 {
01497 struct rsbac_cap_fd_aci_t def_cap_fd_aci =
01498 DEFAULT_CAP_FD_ACI;
01499
01500 info_p->version = RSBAC_CAP_FD_ACI_VERSION;
01501 info_p->key = RSBAC_CAP_FD_ACI_KEY;
01502 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01503 info_p->data_size =
01504 sizeof(struct rsbac_cap_fd_aci_t);
01505 info_p->max_age = 0;
01506 cap_nr_fd_hashes = RSBAC_CAP_NR_FD_LISTS;
01507 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01508 &device_p->handles.cap,
01509 info_p,
01510 RSBAC_LIST_PERSIST |
01511 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01512 NULL,
01513 cap_fd_get_conv,
01514 &def_cap_fd_aci,
01515 RSBAC_CAP_FD_NAME, kdev,
01516 cap_nr_fd_hashes,
01517 rsbac_list_hash_fd,
01518 RSBAC_CAP_OLD_FD_NAME);
01519 if (tmperr) {
01520 char *tmp;
01521
01522 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01523 if (tmp) {
01524 rsbac_printk(KERN_WARNING "register_fd_lists(): registering CAP list %s for device %02u:%02u failed with error %s!\n",
01525 RSBAC_CAP_FD_NAME,
01526 RSBAC_MAJOR(kdev),
01527 RSBAC_MINOR(kdev),
01528 get_error_name(tmp,
01529 tmperr));
01530 rsbac_kfree(tmp);
01531 }
01532 err = tmperr;
01533 }
01534 }
01535 #endif
01536
01537 #if defined(CONFIG_RSBAC_PAX)
01538 {
01539 rsbac_pax_flags_t def_pax_fd_aci;
01540
01541 #ifdef CONFIG_RSBAC_PAX_DEFAULT
01542 def_pax_fd_aci = 0;
01543 #ifdef CONFIG_RSBAC_PAX_PAGEEXEC
01544 def_pax_fd_aci |= PF_PAX_PAGEEXEC;
01545 #endif
01546 #ifdef CONFIG_RSBAC_PAX_EMUTRAMP
01547 def_pax_fd_aci |= PF_PAX_EMUTRAMP;
01548 #endif
01549 #ifdef CONFIG_RSBAC_PAX_MPROTECT
01550 def_pax_fd_aci |= PF_PAX_MPROTECT;
01551 #endif
01552 #ifdef CONFIG_RSBAC_PAX_RANDMMAP
01553 def_pax_fd_aci |= PF_PAX_RANDMMAP;
01554 #endif
01555 #ifdef CONFIG_RSBAC_PAX_RANDEXEC
01556 def_pax_fd_aci |= PF_PAX_RANDEXEC;
01557 #endif
01558 #ifdef CONFIG_RSBAC_PAX_SEGMEXEC
01559 def_pax_fd_aci |= PF_PAX_SEGMEXEC;
01560 #endif
01561
01562 #else
01563 def_pax_fd_aci = RSBAC_PAX_DEF_FLAGS;
01564 #endif
01565
01566 info_p->version = RSBAC_PAX_FD_ACI_VERSION;
01567 info_p->key = RSBAC_PAX_FD_ACI_KEY;
01568 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01569 info_p->data_size = sizeof(rsbac_pax_flags_t);
01570 info_p->max_age = 0;
01571 pax_nr_fd_hashes = RSBAC_PAX_NR_FD_LISTS;
01572 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01573 &device_p->handles.pax,
01574 info_p,
01575 RSBAC_LIST_PERSIST |
01576 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01577 NULL,
01578 NULL, &def_pax_fd_aci,
01579 RSBAC_PAX_FD_NAME, kdev,
01580 pax_nr_fd_hashes,
01581 rsbac_list_hash_fd,
01582 RSBAC_PAX_OLD_FD_NAME);
01583 if (tmperr) {
01584 char *tmp;
01585
01586 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01587 if (tmp) {
01588 rsbac_printk(KERN_WARNING "register_fd_lists(): registering PAX list %s for device %02u:%02u failed with error %s!\n",
01589 RSBAC_PAX_FD_NAME,
01590 RSBAC_MAJOR(kdev),
01591 RSBAC_MINOR(kdev),
01592 get_error_name(tmp,
01593 tmperr));
01594 rsbac_kfree(tmp);
01595 }
01596 err = tmperr;
01597 }
01598 }
01599 #endif
01600
01601 #if defined(CONFIG_RSBAC_RES)
01602 {
01603 info_p->version = RSBAC_RES_FD_ACI_VERSION;
01604 info_p->key = RSBAC_RES_FD_ACI_KEY;
01605 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01606 info_p->data_size =
01607 sizeof(struct rsbac_res_fd_aci_t);
01608 info_p->max_age = 0;
01609 res_nr_fd_hashes = RSBAC_RES_NR_FD_LISTS;
01610 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01611 &device_p->handles.res,
01612 info_p,
01613 RSBAC_LIST_PERSIST |
01614 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01615 NULL,
01616 NULL, &def_res_fd_aci,
01617 RSBAC_RES_FD_NAME, kdev,
01618 res_nr_fd_hashes,
01619 rsbac_list_hash_fd,
01620 RSBAC_RES_OLD_FD_NAME);
01621 if (tmperr) {
01622 char *tmp;
01623
01624 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01625 if (tmp) {
01626 rsbac_printk(KERN_WARNING "register_fd_lists(): registering RES list %s for device %02u:%02u failed with error %s!\n",
01627 RSBAC_RES_FD_NAME,
01628 RSBAC_MAJOR(kdev),
01629 RSBAC_MINOR(kdev),
01630 get_error_name(tmp,
01631 tmperr));
01632 rsbac_kfree(tmp);
01633 }
01634 err = tmperr;
01635 }
01636 }
01637 #endif
01638
01639 rsbac_kfree(name);
01640 rsbac_kfree(info_p);
01641 return err;
01642 }
01643
01644
01645
01646
01647 static int aci_detach_fd_lists(struct rsbac_device_list_item_t *device_p)
01648 {
01649 int err = 0;
01650 int tmperr;
01651
01652 if (!device_p)
01653 return (-RSBAC_EINVALIDPOINTER);
01654
01655
01656 tmperr = rsbac_list_detach(&device_p->handles.gen,
01657 RSBAC_GEN_FD_ACI_KEY);
01658 if (tmperr) {
01659 char *tmp;
01660
01661 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01662 if (tmp) {
01663 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from general list %s for device %02u:%02u failed with error %s!\n",
01664 RSBAC_GEN_FD_NAME,
01665 RSBAC_MAJOR(device_p->id),
01666 RSBAC_MINOR(device_p->id),
01667 get_error_name(tmp, tmperr));
01668 rsbac_kfree(tmp);
01669 }
01670 err = tmperr;
01671 }
01672
01673 #if defined(CONFIG_RSBAC_MAC)
01674
01675 tmperr = rsbac_list_detach(&device_p->handles.mac,
01676 RSBAC_MAC_FD_ACI_KEY);
01677 if (tmperr) {
01678 char *tmp;
01679
01680 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01681 if (tmp) {
01682 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from MAC list %s for device %02u:%02u failed with error %s!\n",
01683 RSBAC_MAC_FD_NAME,
01684 RSBAC_MAJOR(device_p->id),
01685 RSBAC_MINOR(device_p->id),
01686 get_error_name(tmp, tmperr));
01687 rsbac_kfree(tmp);
01688 }
01689 err = tmperr;
01690 }
01691 #endif
01692
01693 #if defined(CONFIG_RSBAC_PM)
01694
01695 tmperr = rsbac_list_detach(&device_p->handles.pm,
01696 RSBAC_PM_FD_ACI_KEY);
01697 if (tmperr) {
01698 char *tmp;
01699
01700 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01701 if (tmp) {
01702 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from PM list %s for device %02u:%02u failed with error %s!\n",
01703 RSBAC_PM_FD_NAME,
01704 RSBAC_MAJOR(device_p->id),
01705 RSBAC_MINOR(device_p->id),
01706 get_error_name(tmp, tmperr));
01707 rsbac_kfree(tmp);
01708 }
01709 err = tmperr;
01710 }
01711 #endif
01712
01713 #if defined(CONFIG_RSBAC_DAZ)
01714
01715 tmperr = rsbac_list_detach(&device_p->handles.daz,
01716 RSBAC_DAZ_FD_ACI_KEY);
01717 if (tmperr) {
01718 char *tmp;
01719
01720 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01721 if (tmp) {
01722 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from DAZ list %s for device %02u:%02u failed with error %s!\n",
01723 RSBAC_DAZ_FD_NAME,
01724 RSBAC_MAJOR(device_p->id),
01725 RSBAC_MINOR(device_p->id),
01726 get_error_name(tmp, tmperr));
01727 rsbac_kfree(tmp);
01728 }
01729 err = tmperr;
01730 }
01731 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01732
01733 tmperr = rsbac_list_detach(&device_p->handles.dazs,
01734 RSBAC_DAZ_FD_ACI_KEY);
01735 if (tmperr) {
01736 char *tmp;
01737
01738 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01739 if (tmp) {
01740 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from DAZ scanned list %s for device %02u:%02u failed with error %s!\n",
01741 RSBAC_DAZ_SCANNED_FD_NAME,
01742 RSBAC_MAJOR(device_p->id),
01743 RSBAC_MINOR(device_p->id),
01744 get_error_name(tmp, tmperr));
01745 rsbac_kfree(tmp);
01746 }
01747 err = tmperr;
01748 }
01749 #endif
01750 #endif
01751
01752 #if defined(CONFIG_RSBAC_FF)
01753
01754 tmperr = rsbac_list_detach(&device_p->handles.ff,
01755 RSBAC_FF_FD_ACI_KEY);
01756 if (tmperr) {
01757 char *tmp;
01758
01759 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01760 if (tmp) {
01761 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from FF list %s for device %02u:%02u failed with error %s!\n",
01762 RSBAC_FF_FD_NAME,
01763 RSBAC_MAJOR(device_p->id),
01764 RSBAC_MINOR(device_p->id),
01765 get_error_name(tmp, tmperr));
01766 rsbac_kfree(tmp);
01767 }
01768 err = tmperr;
01769 }
01770 #endif
01771
01772 #if defined(CONFIG_RSBAC_RC)
01773
01774 tmperr = rsbac_list_detach(&device_p->handles.rc,
01775 RSBAC_RC_FD_ACI_KEY);
01776 if (tmperr) {
01777 char *tmp;
01778
01779 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01780 if (tmp) {
01781 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from RC list %s for device %02u:%02u failed with error %s!\n",
01782 RSBAC_RC_FD_NAME,
01783 RSBAC_MAJOR(device_p->id),
01784 RSBAC_MINOR(device_p->id),
01785 get_error_name(tmp, tmperr));
01786 rsbac_kfree(tmp);
01787 }
01788 err = tmperr;
01789 }
01790 #endif
01791
01792 #if defined(CONFIG_RSBAC_AUTH)
01793
01794 tmperr = rsbac_list_detach(&device_p->handles.auth,
01795 RSBAC_AUTH_FD_ACI_KEY);
01796 if (tmperr) {
01797 char *tmp;
01798
01799 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01800 if (tmp) {
01801 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from AUTH list %s for device %02u:%02u failed with error %s!\n",
01802 RSBAC_AUTH_FD_NAME,
01803 RSBAC_MAJOR(device_p->id),
01804 RSBAC_MINOR(device_p->id),
01805 get_error_name(tmp, tmperr));
01806 rsbac_kfree(tmp);
01807 }
01808 err = tmperr;
01809 }
01810 #endif
01811
01812 #if defined(CONFIG_RSBAC_CAP)
01813
01814 tmperr = rsbac_list_detach(&device_p->handles.cap,
01815 RSBAC_CAP_FD_ACI_KEY);
01816 if (tmperr) {
01817 char *tmp;
01818
01819 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01820 if (tmp) {
01821 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from CAP list %s for device %02u:%02u failed with error %s!\n",
01822 RSBAC_CAP_FD_NAME,
01823 RSBAC_MAJOR(device_p->id),
01824 RSBAC_MINOR(device_p->id),
01825 get_error_name(tmp, tmperr));
01826 rsbac_kfree(tmp);
01827 }
01828 err = tmperr;
01829 }
01830 #endif
01831
01832 #if defined(CONFIG_RSBAC_PAX)
01833
01834 tmperr = rsbac_list_detach(&device_p->handles.pax,
01835 RSBAC_PAX_FD_ACI_KEY);
01836 if (tmperr) {
01837 char *tmp;
01838
01839 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01840 if (tmp) {
01841 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from PAX list %s for device %02u:%02u failed with error %s!\n",
01842 RSBAC_PAX_FD_NAME,
01843 RSBAC_MAJOR(device_p->id),
01844 RSBAC_MINOR(device_p->id),
01845 get_error_name(tmp, tmperr));
01846 rsbac_kfree(tmp);
01847 }
01848 err = tmperr;
01849 }
01850 #endif
01851
01852 #if defined(CONFIG_RSBAC_RES)
01853
01854 tmperr = rsbac_list_detach(&device_p->handles.res,
01855 RSBAC_RES_FD_ACI_KEY);
01856 if (tmperr) {
01857 char *tmp;
01858
01859 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01860 if (tmp) {
01861 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from RES list %s for device %02u:%02u failed with error %s!\n",
01862 RSBAC_RES_FD_NAME,
01863 RSBAC_MAJOR(device_p->id),
01864 RSBAC_MINOR(device_p->id),
01865 get_error_name(tmp, tmperr));
01866 rsbac_kfree(tmp);
01867 }
01868 err = tmperr;
01869 }
01870 #endif
01871
01872 return err;
01873 }
01874
01875
01876
01877 static struct rsbac_device_list_item_t
01878 *create_device_item(struct super_block *sb_p, struct dentry *d_covers)
01879 {
01880 struct rsbac_device_list_item_t *new_item_p;
01881
01882 if (!sb_p)
01883 return NULL;
01884
01885 if (!(new_item_p = (struct rsbac_device_list_item_t *)
01886 rsbac_kmalloc(sizeof(*new_item_p))))
01887 return (NULL);
01888
01889 memset(new_item_p, 0, sizeof(*new_item_p));
01890 new_item_p->id = sb_p->s_dev;
01891 new_item_p->sb_p = sb_p;
01892 new_item_p->d_covers = d_covers;
01893 new_item_p->mount_count = 1;
01894
01895 return (new_item_p);
01896 }
01897
01898
01899 static struct rsbac_device_list_item_t
01900 *add_device_item(struct rsbac_device_list_item_t *device_p)
01901 {
01902 struct rsbac_device_list_head_t * new_p;
01903 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01904 struct rsbac_device_list_head_t * old_p;
01905 #else
01906 u_long flags;
01907 #endif
01908 u_int hash;
01909
01910 if (!device_p)
01911 return (NULL);
01912
01913 hash = device_hash(device_p->id);
01914 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01915 spin_lock(&device_list_locks[hash]);
01916 old_p = device_head_p[hash];
01917 new_p = rsbac_kmalloc(sizeof(*new_p));
01918 *new_p = *old_p;
01919 #else
01920 rsbac_write_lock(&device_list_locks[hash], &flags);
01921 new_p = device_head_p[hash];
01922 #endif
01923
01924 if (!new_p->head) {
01925 new_p->head = device_p;
01926 new_p->tail = device_p;
01927 new_p->curr = device_p;
01928 new_p->count = 1;
01929 device_p->prev = NULL;
01930 device_p->next = NULL;
01931 } else {
01932 device_p->prev = new_p->tail;
01933 device_p->next = NULL;
01934 new_p->tail->next = device_p;
01935 new_p->tail = device_p;
01936 new_p->curr = device_p;
01937 new_p->count++;
01938 }
01939 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01940 rcu_assign_pointer(device_head_p[hash], new_p);
01941 spin_unlock(&device_list_locks[hash]);
01942 synchronize_rcu();
01943 rsbac_kfree(old_p);
01944 #else
01945 rsbac_write_unlock(&device_list_locks[hash], &flags);
01946 #endif
01947 return (device_p);
01948 }
01949
01950
01951
01952
01953
01954
01955
01956
01957 static void clear_device_item(struct rsbac_device_list_item_t *item_p)
01958 {
01959 if (!item_p)
01960 return;
01961
01962
01963 if (item_p->rsbac_dir_dentry_p)
01964 dput(item_p->rsbac_dir_dentry_p);
01965
01966 rsbac_kfree(item_p);
01967 }
01968
01969 static void remove_device_item(kdev_t kdev)
01970 {
01971 struct rsbac_device_list_item_t *item_p;
01972 struct rsbac_device_list_head_t * new_p;
01973 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01974 struct rsbac_device_list_head_t * old_p;
01975 #endif
01976 u_int hash;
01977
01978 hash = device_hash(kdev);
01979 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01980 old_p = device_head_p[hash];
01981 new_p = rsbac_kmalloc(sizeof(*new_p));
01982 *new_p = *old_p;
01983 #else
01984 new_p = device_head_p[hash];
01985 #endif
01986
01987 if ((item_p = lookup_device(kdev, hash))) {
01988 if (new_p->head == item_p) {
01989 if (new_p->tail == item_p) {
01990 new_p->head = NULL;
01991 new_p->tail = NULL;
01992 } else {
01993 item_p->next->prev = NULL;
01994 new_p->head = item_p->next;
01995 }
01996 } else {
01997 if (new_p->tail == item_p) {
01998 item_p->prev->next = NULL;
01999 new_p->tail = item_p->prev;
02000 } else {
02001 item_p->prev->next = item_p->next;
02002 item_p->next->prev = item_p->prev;
02003 }
02004 }
02005
02006
02007 new_p->curr = NULL;
02008
02009 new_p->count--;
02010 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02011 rcu_assign_pointer(device_head_p[hash], new_p);
02012 spin_unlock(&device_list_locks[hash]);
02013 synchronize_rcu();
02014 rsbac_kfree(old_p);
02015 #endif
02016
02017 aci_detach_fd_lists(item_p);
02018
02019
02020 clear_device_item(item_p);
02021 }
02022 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02023 else
02024 spin_unlock(&device_list_locks[hash]);
02025 #endif
02026 }
02027
02028
02029
02030
02031
02032
02033 static int rsbac_clear_file(struct dentry *dentry)
02034 {
02035 struct inode *inode = dentry->d_inode;
02036 int error;
02037 struct iattr newattrs;
02038
02039 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02040 mutex_lock(&inode->i_mutex);
02041 #else
02042 down(&inode->i_sem);
02043 #endif
02044 newattrs.ia_size = 0;
02045 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
02046 error = notify_change(dentry, &newattrs);
02047 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02048 mutex_unlock(&inode->i_mutex);
02049 #else
02050 up(&inode->i_sem);
02051 #endif
02052 return error;
02053 }
02054
02055 static void wakeup_auto(u_long dummy)
02056 {
02057 wake_up((void *) dummy);
02058 }
02059
02060 #if defined(CONFIG_RSBAC_REG)
02061 EXPORT_SYMBOL(rsbac_get_super_block);
02062 #endif
02063 struct super_block *rsbac_get_super_block(kdev_t kdev)
02064 {
02065 struct rsbac_device_list_item_t *device_p;
02066 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02067 u_long dflags;
02068 #endif
02069 struct super_block *sb_p;
02070 u_int hash;
02071
02072 if (RSBAC_IS_AUTO_DEV(kdev))
02073 return NULL;
02074
02075 hash = device_hash(kdev);
02076
02077 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02078 rcu_read_lock();
02079 #else
02080 rsbac_read_lock(&device_list_locks[hash], &dflags);
02081 #endif
02082 device_p = lookup_device(kdev, hash);
02083 if (!device_p) {
02084 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02085 rcu_read_unlock();
02086 #else
02087 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02088 #endif
02089 down(&rsbac_write_sem);
02090 up(&rsbac_write_sem);
02091 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02092 sb_p = user_get_super(kdev);
02093 #else
02094 sb_p = get_super(kdev);
02095 #endif
02096 if (!sb_p) {
02097 DECLARE_WAIT_QUEUE_HEAD(auto_wait);
02098 struct timer_list auto_timer;
02099
02100 rsbac_printk(KERN_INFO "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n",
02101 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02102 init_timer(&auto_timer);
02103 auto_timer.function = wakeup_auto;
02104 auto_timer.data = (u_long) & auto_wait;
02105 auto_timer.expires = jiffies + HZ;
02106 add_timer(&auto_timer);
02107 interruptible_sleep_on(&auto_wait);
02108
02109 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02110 sb_p = user_get_super(kdev);
02111 #else
02112 sb_p = get_super(kdev);
02113 #endif
02114 }
02115 if (sb_p) {
02116 device_p = lookup_device(kdev, hash);
02117
02118 if (!device_p && (RSBAC_MAJOR(kdev) <= 1)) {
02119 rsbac_printk(KERN_INFO "rsbac_get_super_block(): auto-mounting device %02u:%02u\n",
02120 RSBAC_MAJOR(kdev),
02121 RSBAC_MINOR(kdev));
02122 rsbac_mount(sb_p, NULL);
02123 }
02124
02125 drop_super(sb_p);
02126 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02127 rcu_read_lock();
02128 #else
02129 rsbac_read_lock(&device_list_locks[hash], &dflags);
02130 #endif
02131 device_p = lookup_device(kdev, hash);
02132 if (!device_p) {
02133 rsbac_printk(KERN_WARNING "rsbac_get_super_block(): unknown device %02u:%02u\n",
02134 RSBAC_MAJOR(kdev),
02135 RSBAC_MINOR(kdev));
02136 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02137 rcu_read_unlock();
02138 #else
02139 rsbac_read_unlock(&device_list_locks[hash],
02140 &dflags);
02141 #endif
02142 return NULL;
02143 }
02144 } else {
02145 return NULL;
02146 }
02147 }
02148 sb_p = device_p->sb_p;
02149 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02150 rcu_read_unlock();
02151 #else
02152 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02153 #endif
02154 return sb_p;
02155 }
02156
02157 #if defined(CONFIG_RSBAC_REG)
02158 EXPORT_SYMBOL(rsbac_read_open);
02159 #endif
02160 int rsbac_read_open(char *name, struct file *file_p, kdev_t kdev)
02161 {
02162 struct dentry *dir_dentry_p;
02163 struct dentry *file_dentry_p;
02164 int tmperr, err;
02165
02166 if (!name || !file_p) {
02167 rsbac_pr_debug(ds, "called with NULL pointer!");
02168 return (-RSBAC_EINVALIDPOINTER);
02169 }
02170
02171
02172 if ((err =
02173 lookup_aci_path_dentry(NULL, &dir_dentry_p, FALSE, kdev))) {
02174 return (err);
02175 }
02176
02177
02178
02179 file_dentry_p =
02180 rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02181 if (!file_dentry_p || IS_ERR(file_dentry_p)) {
02182 return (-RSBAC_EREADFAILED);
02183 }
02184 if (!file_dentry_p->d_inode) {
02185 char *bname;
02186 int name_len = strlen(name);
02187
02188 dput(file_dentry_p);
02189 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02190 if (!bname) {
02191 return -RSBAC_ENOMEM;
02192 }
02193
02194 strcpy(bname, name);
02195 bname[name_len] = 'b';
02196 name_len++;
02197 bname[name_len] = (char) 0;
02198 rsbac_pr_debug(ds, "could not lookup file %s, trying backup %s\n",
02199 name, bname);
02200 file_dentry_p =
02201 rsbac_lookup_one_len(bname, dir_dentry_p,
02202 strlen(bname));
02203 rsbac_kfree(bname);
02204 if (!file_dentry_p || IS_ERR(file_dentry_p)) {
02205 return (-RSBAC_EREADFAILED);
02206 }
02207 if (!file_dentry_p->d_inode) {
02208 rsbac_pr_debug(ds, "could not lookup backup file %sb\n",
02209 name);
02210 dput(file_dentry_p);
02211 return (-RSBAC_ENOTFOUND);
02212 }
02213 }
02214 if (!(S_ISREG(file_dentry_p->d_inode->i_mode))) {
02215 rsbac_printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n");
02216 dput(file_dentry_p);
02217 return (-RSBAC_EREADFAILED);
02218 }
02219
02220
02221
02222 if ((tmperr = init_private_file(file_p, file_dentry_p, O_RDONLY))) {
02223 dput(file_dentry_p);
02224 rsbac_printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n",
02225 name);
02226 return -RSBAC_EREADFAILED;
02227 }
02228
02229
02230 if ((!file_p->f_op) || (!file_p->f_op->read)) {
02231 if (!file_p->f_op) {
02232 rsbac_printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n",
02233 name);
02234 } else {
02235 rsbac_printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n",
02236 name);
02237 if (file_p->f_op->release)
02238 file_p->f_op->release(file_dentry_p->
02239 d_inode, file_p);
02240 }
02241 dput(file_dentry_p);
02242 return -RSBAC_EREADFAILED;
02243 }
02244 return 0;
02245 }
02246
02247 #ifndef check_parent
02248 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02249 #define check_parent(dir, dentry) \
02250 ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket))
02251 #else
02252 #define check_parent(dir, dentry) \
02253 ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_hash))
02254 #endif
02255 #endif
02256
02257 #if defined(CONFIG_RSBAC_REG)
02258 EXPORT_SYMBOL(rsbac_write_open);
02259 #endif
02260 int rsbac_write_open(char *name, struct file *file_p, kdev_t kdev)
02261 {
02262 struct dentry *dir_dentry_p = NULL;
02263 struct dentry *ldir_dentry_p = NULL;
02264 struct dentry *file_dentry_p = NULL;
02265 int err = 0;
02266 int tmperr = 0;
02267 struct super_block *sb_p;
02268
02269 if (!file_p || !name) {
02270 rsbac_pr_debug(write, "called with NULL pointer!\n");
02271 return (-RSBAC_EINVALIDPOINTER);
02272 }
02273
02274
02275 sb_p = rsbac_get_super_block(kdev);
02276 if (!sb_p) {
02277 rsbac_printk(KERN_WARNING "rsbac_write_open(): invalid device %02u:%02u\n",
02278 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02279 return (-RSBAC_EINVALIDDEV);
02280 }
02281 if (!writable(sb_p)) {
02282 rsbac_pr_debug(write, "called for non-writable device\n");
02283 err = -RSBAC_ENOTWRITABLE;
02284 goto out;
02285 }
02286
02287
02288
02289 if ((tmperr = lookup_aci_path_dentry(sb_p, &dir_dentry_p, TRUE,
02290 kdev))) {
02291 err = tmperr;
02292 goto out;
02293 }
02294
02295
02296
02297 file_dentry_p =
02298 rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02299 if (!file_dentry_p || IS_ERR(file_dentry_p)) {
02300 rsbac_pr_debug(write, "lookup of %s returned error %li\n",
02301 name, PTR_ERR(file_dentry_p));
02302 err = -RSBAC_EWRITEFAILED;
02303 goto out;
02304 }
02305 #if 1
02306 if (file_dentry_p->d_inode) {
02307 if (!dir_dentry_p->d_inode->i_op
02308 || !dir_dentry_p->d_inode->i_op->rename) {
02309 rsbac_printk(KERN_WARNING "rsbac_write_open(): File system supports no rename - no backup of %s made!",
02310 name);
02311 } else {
02312 char *bname;
02313 int name_len = strlen(name);
02314 struct dentry *new_file_dentry_p = NULL;
02315 struct dentry *old_dir_p, *new_dir_p;
02316
02317 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02318 if (!bname) {
02319 err = -RSBAC_ENOMEM;
02320 goto out_dput;
02321 }
02322 strcpy(bname, name);
02323 bname[name_len] = 'b';
02324 bname[name_len + 1] = (char) 0;
02325 new_file_dentry_p =
02326 rsbac_lookup_one_len(bname, dir_dentry_p,
02327 strlen(bname));
02328 if (new_file_dentry_p
02329 && !IS_ERR(new_file_dentry_p)) {
02330
02331 old_dir_p = dget(file_dentry_p->d_parent);
02332 new_dir_p =
02333 dget(new_file_dentry_p->d_parent);
02334 double_lock(new_dir_p, old_dir_p);
02335
02336 DQUOT_INIT(old_dir_p->d_inode);
02337 DQUOT_INIT(new_dir_p->d_inode);
02338
02339
02340 err =
02341 dir_dentry_p->d_inode->i_op->
02342 rename(old_dir_p->d_inode,
02343 file_dentry_p,
02344 new_dir_p->d_inode,
02345 new_file_dentry_p);
02346
02347 double_unlock(new_dir_p, old_dir_p);
02348 if (err) {
02349 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n",
02350 name, bname,
02351 RSBAC_MAJOR(kdev),
02352 RSBAC_MINOR(kdev),
02353 err);
02354 } else {
02355
02356 if (!
02357 (sb_p->s_type->
02358 fs_flags
02359 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02360 & FS_RENAME_DOES_D_MOVE
02361 #else
02362 & FS_ODD_RENAME
02363 #endif
02364 ))
02365 d_move(file_dentry_p,
02366 new_file_dentry_p);
02367 inode_dir_notify(old_dir_p->
02368 d_inode,
02369 DN_RENAME);
02370 }
02371 dput(new_file_dentry_p);
02372 dput(file_dentry_p);
02373
02374 file_dentry_p =
02375 rsbac_lookup_one_len(name,
02376 dir_dentry_p,
02377 strlen(name));
02378 if (!file_dentry_p
02379 || IS_ERR(file_dentry_p)) {
02380 rsbac_pr_debug(write, "relookup of %s "
02381 "returned error %li\n",
02382 name,
02383 PTR_ERR(file_dentry_p));
02384 err = -RSBAC_EWRITEFAILED;
02385 goto out;
02386 }
02387 if (file_dentry_p->d_inode) {
02388 rsbac_printk(KERN_WARNING "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n",
02389 name,
02390 file_dentry_p->
02391 d_inode->i_ino);
02392
02393 if (!dir_dentry_p->d_inode->i_op
02394 || !dir_dentry_p->d_inode->
02395 i_op->unlink) {
02396 rsbac_printk(KERN_WARNING "rsbac_write_open(): File system supports no unlink - %s not deleted!",
02397 name);
02398 rsbac_kfree(bname);
02399 err = -RSBAC_EWRITEFAILED;
02400 goto out_dput;
02401 } else {
02402 old_dir_p =
02403 lock_parent
02404 (file_dentry_p);
02405
02406 DQUOT_INIT(old_dir_p->
02407 d_inode);
02408 err = -ENOENT;
02409 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02410 if (check_parent
02411 (old_dir_p,
02412 file_dentry_p)) {
02413 #endif
02414 err =
02415 dir_dentry_p->
02416 d_inode->i_op->
02417 unlink
02418 (old_dir_p->
02419 d_inode,
02420 file_dentry_p);
02421 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02422 } else {
02423 rsbac_printk
02424 (KERN_WARNING
02425 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n",
02426 name,
02427 RSBAC_MAJOR
02428 (kdev),
02429 RSBAC_MINOR
02430 (kdev));
02431 }
02432 #endif
02433
02434 unlock_dir(old_dir_p);
02435
02436 dput(file_dentry_p);
02437 if (err) {
02438 rsbac_printk
02439 (KERN_WARNING
02440 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n",
02441 name,
02442 RSBAC_MAJOR
02443 (kdev),
02444 RSBAC_MINOR
02445 (kdev), err);
02446 }
02447
02448 file_dentry_p =
02449 rsbac_lookup_one_len
02450 (name, dir_dentry_p,
02451 strlen(name));
02452 if (!file_dentry_p
02453 ||
02454 IS_ERR(file_dentry_p)) {
02455 rsbac_pr_debug(write, "relookup of %s returned error %li\n",
02456 name,
02457 PTR_ERR(file_dentry_p));
02458 rsbac_kfree(bname);
02459 err =
02460 -RSBAC_EWRITEFAILED;
02461 goto out;
02462 }
02463 if (file_dentry_p->d_inode) {
02464 rsbac_printk
02465 (KERN_WARNING
02466 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n",
02467 name,
02468 file_dentry_p->
02469 d_inode->
02470 i_ino);
02471 rsbac_kfree(bname);
02472 err =
02473 -RSBAC_EWRITEFAILED;
02474 goto out_dput;
02475 }
02476 }
02477 }
02478 } else {
02479 rsbac_printk(KERN_WARNING "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n",
02480 bname, RSBAC_MAJOR(kdev),
02481 RSBAC_MINOR(kdev),
02482 PTR_ERR(new_file_dentry_p));
02483 }
02484 rsbac_kfree(bname);
02485 }
02486 }
02487 #endif
02488
02489 if (!file_dentry_p->d_inode) {
02490
02491 if (!dir_dentry_p->d_inode->i_op
02492 || !dir_dentry_p->d_inode->i_op->create) {
02493 rsbac_printk(KERN_WARNING "%s\n",
02494 "rsbac_write_open(): File system supports no create!");
02495 err = -RSBAC_EWRITEFAILED;
02496 goto out_dput;
02497 }
02498
02499
02500 ldir_dentry_p = lock_parent(file_dentry_p);
02501 if (IS_ERR(ldir_dentry_p)) {
02502 rsbac_pr_debug(write, "lock_parent of %s returned "
02503 "error %li\n", name,
02504 PTR_ERR(ldir_dentry_p));
02505 err = -RSBAC_EWRITEFAILED;
02506 goto out_dput;
02507 }
02508 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02509 if (!check_parent(ldir_dentry_p, file_dentry_p)) {
02510 rsbac_pr_debug(write, "check_parent of %s returned "
02511 "error\n", name);
02512 unlock_dir(ldir_dentry_p);
02513 err = -RSBAC_EWRITEFAILED;
02514 goto out_dput;
02515 }
02516 #endif
02517
02518
02519 DQUOT_INIT(ldir_dentry_p->d_inode);
02520 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02521 err =
02522 dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->
02523 d_inode,
02524 file_dentry_p,
02525 RSBAC_ACI_FILE_MODE,
02526 NULL);
02527 #else
02528 err =
02529 dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->
02530 d_inode,
02531 file_dentry_p,
02532 RSBAC_ACI_FILE_MODE);
02533 #endif
02534 unlock_dir(ldir_dentry_p);
02535
02536 if (err) {
02537 goto out_dput;
02538 }
02539
02540 }
02541
02542 if (!(S_ISREG(file_dentry_p->d_inode->i_mode))) {
02543 rsbac_printk(KERN_WARNING "rsbac_write_open(): expected file is not a file, mode is %o!\n",
02544 file_dentry_p->d_inode->i_mode);
02545 err = -RSBAC_EWRITEFAILED;
02546 goto out_dput;
02547 }
02548
02549
02550 if ((tmperr = init_private_file(file_p, file_dentry_p, O_RDONLY))) {
02551 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not init file!\n");
02552 err = -RSBAC_EWRITEFAILED;
02553 goto out_dput;
02554 }
02555
02556
02557 if ((!file_p->f_op) || (!file_p->f_op->write)) {
02558 rsbac_printk(KERN_WARNING "rsbac_write_open(): file write function missing!\n");
02559 if (file_p->f_op && file_p->f_op->release) {
02560 file_p->f_op->release(file_dentry_p->d_inode,
02561 file_p);
02562 }
02563 err = -RSBAC_EWRITEFAILED;
02564 goto out_dput;
02565 }
02566
02567
02568
02569 if (get_write_access(file_dentry_p->d_inode)) {
02570 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not get write access!\n");
02571 if (file_p->f_op->release)
02572 file_p->f_op->release(file_dentry_p->d_inode,
02573 file_p);
02574 err = -RSBAC_EWRITEFAILED;
02575 goto out_dput;
02576 }
02577
02578 if (rsbac_clear_file(file_dentry_p)) {
02579 if (file_p->f_op->release)
02580 file_p->f_op->release(file_dentry_p->d_inode,
02581 file_p);
02582 put_write_access(file_dentry_p->d_inode);
02583 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not truncate!\n");
02584 err = -RSBAC_EWRITEFAILED;
02585 goto out_dput;
02586 }
02587
02588 file_p->f_flags |= O_SYNC;
02589
02590 out:
02591 return err;
02592
02593 out_dput:
02594 dput(file_dentry_p);
02595 goto out;
02596 }
02597
02598
02599 #if defined(CONFIG_RSBAC_REG)
02600 EXPORT_SYMBOL(rsbac_read_close);
02601 #endif
02602 void rsbac_read_close(struct file *file_p)
02603 {
02604
02605 struct dentry *dentry = file_p->f_dentry;
02606 struct inode *inode = dentry->d_inode;
02607
02608 if (file_p->f_op && file_p->f_op->release)
02609 file_p->f_op->release(inode, file_p);
02610 file_p->f_dentry = NULL;
02611 if (file_p->f_mode & FMODE_WRITE)
02612 put_write_access(inode);
02613 dput(dentry);
02614 }
02615
02616 #if defined(CONFIG_RSBAC_REG)
02617 EXPORT_SYMBOL(rsbac_write_close);
02618 #endif
02619 void rsbac_write_close(struct file *file_p)
02620 {
02621 rsbac_read_close(file_p);
02622 }
02623
02624 #if defined(CONFIG_RSBAC_REG)
02625 EXPORT_SYMBOL(rsbac_get_full_path);
02626 #endif
02627 int rsbac_get_full_path(struct dentry *dentry_p, char path[], int maxlen)
02628 {
02629 int len = 0;
02630 char *i_path;
02631 int tmplen = 0;
02632 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02633 union rsbac_target_id_t i_tid;
02634 union rsbac_attribute_value_t i_attr_val;
02635 #endif
02636 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02637 u_long dflags;
02638 #endif
02639
02640 if (!dentry_p || !path)
02641 return -RSBAC_EINVALIDPOINTER;
02642 if (maxlen <= 0)
02643 return -RSBAC_EINVALIDVALUE;
02644 i_path = rsbac_kmalloc(maxlen + RSBAC_MAXNAMELEN);
02645 if (!i_path)
02646 return -RSBAC_ENOMEM;
02647
02648 path[0] = 0;
02649
02650 while (dentry_p && (len < maxlen) && dentry_p->d_name.len
02651 && dentry_p->d_name.name) {
02652 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02653 if (dentry_p->d_inode
02654 && dentry_p->d_parent
02655 && dentry_p->d_parent->d_inode
02656 && (i_tid.user = dentry_p->d_inode->i_uid)
02657 && (dentry_p->d_inode->i_uid !=
02658 dentry_p->d_parent->d_inode->i_uid)
02659 && !rsbac_get_attr(SW_GEN, T_USER, i_tid, A_pseudo,
02660 &i_attr_val, FALSE)
02661 && i_attr_val.pseudo) {
02662 if ((maxlen - len) < 12) {
02663 rsbac_kfree(i_path);
02664 return (len);
02665 }
02666 tmplen =
02667 snprintf(i_path, 11, "%u", i_attr_val.pseudo);
02668 } else
02669 #endif
02670 {
02671 tmplen = dentry_p->d_name.len;
02672 if ((tmplen + 1) > (maxlen - len)) {
02673 rsbac_kfree(i_path);
02674 return (len);
02675 }
02676 strncpy(i_path, dentry_p->d_name.name, tmplen);
02677 }
02678
02679
02680 if((i_path[tmplen-1] != '/') && (tmplen != 1)) {
02681 if(len && (i_path[tmplen-1] != '/')) {
02682 i_path[tmplen] = '/';
02683 tmplen++;
02684 }
02685 i_path[tmplen]=0;
02686 strcat(i_path, path);
02687 strcpy(path, i_path);
02688 len += tmplen;
02689 }
02690 if (dentry_p->d_parent && (dentry_p->d_parent != dentry_p)
02691 && (dentry_p->d_sb->s_root != dentry_p)
02692 )
02693 dentry_p = dentry_p->d_parent;
02694 else {
02695 struct rsbac_device_list_item_t *device_p;
02696 u_int hash;
02697
02698 hash = device_hash(dentry_p->d_sb->s_dev);
02699 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02700 rcu_read_lock();
02701 #else
02702 rsbac_read_lock(&device_list_locks[hash], &dflags);
02703 #endif
02704 device_p = lookup_device(dentry_p->d_sb->s_dev, hash);
02705 if (device_p && device_p->d_covers) {
02706 dentry_p = device_p->d_covers;
02707 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02708 rcu_read_unlock();
02709 #else
02710 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02711 #endif
02712 } else {
02713 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02714 rcu_read_unlock();
02715 #else
02716 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02717 #endif
02718 break;
02719 }
02720 }
02721 }
02722
02723 i_path[tmplen]=0;
02724 strcat(i_path, path);
02725 strcpy(path, i_path);
02726
02727 rsbac_kfree(i_path);
02728 return (len);
02729 }
02730
02731 #if defined(CONFIG_RSBAC_REG)
02732 EXPORT_SYMBOL(rsbac_get_full_path_length);
02733 #endif
02734 int rsbac_get_full_path_length(struct dentry *dentry_p)
02735 {
02736 int len = 0;
02737 int tmplen = 0;
02738 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02739 u_long dflags;
02740 #endif
02741
02742 if (!dentry_p)
02743 return -RSBAC_EINVALIDPOINTER;
02744
02745 while (dentry_p && dentry_p->d_name.len && dentry_p->d_name.name) {
02746 tmplen = dentry_p->d_name.len;
02747 if (len && (dentry_p->d_name.name[tmplen - 1] != '/')) {
02748 tmplen++;
02749 }
02750 len += tmplen;
02751 if (dentry_p->d_parent && (dentry_p->d_parent != dentry_p)
02752 && (dentry_p->d_sb->s_root != dentry_p)
02753 )
02754 dentry_p = dentry_p->d_parent;
02755 else {
02756 struct rsbac_device_list_item_t *device_p;
02757 u_int hash;
02758
02759 hash = device_hash(dentry_p->d_sb->s_dev);
02760 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02761 rcu_read_lock();
02762 #else
02763 rsbac_read_lock(&device_list_locks[hash], &dflags);
02764 #endif
02765 device_p = lookup_device(dentry_p->d_sb->s_dev, hash);
02766 if (device_p && device_p->d_covers) {
02767 dentry_p = device_p->d_covers;
02768 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02769 rcu_read_unlock();
02770 #else
02771 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02772 #endif
02773 } else {
02774 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02775 rcu_read_unlock();
02776 #else
02777 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02778 #endif
02779 break;
02780 }
02781 }
02782 }
02783 return (len);
02784 }
02785
02786
02787
02788
02789
02790 #if defined(CONFIG_RSBAC_PROC)
02791 static int
02792 devices_proc_info(char *buffer, char **start, off_t offset, int length)
02793 {
02794 int len = 0;
02795 off_t pos = 0;
02796 off_t begin = 0;
02797 struct rsbac_device_list_item_t *device_p;
02798 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02799 u_long dflags;
02800 #endif
02801 u_int count = 0;
02802 u_int i;
02803
02804 if (!rsbac_initialized)
02805 return (-ENOSYS);
02806
02807 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++)
02808 count += rcu_dereference(device_head_p[i])->count;
02809 len += sprintf(buffer, "%u RSBAC Devices\n---------------\nHash size is %u\n",
02810 count, RSBAC_NR_DEVICE_LISTS);
02811
02812 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
02813 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02814 rcu_read_lock();
02815 #else
02816 rsbac_read_lock(&device_list_locks[i], &dflags);
02817 #endif
02818 for (device_p = rcu_dereference(device_head_p[i])->head; device_p;
02819 device_p = device_p->next) {
02820 if (device_p->sb_p && device_p->sb_p->s_type
02821 && device_p->sb_p->s_type->name)
02822 len +=
02823 sprintf(buffer + len,
02824 "%02u:%02u with mount_count = %u, d_covers = %p, fs_type = %s\n",
02825 RSBAC_MAJOR(device_p->id),
02826 RSBAC_MINOR(device_p->id),
02827 device_p->mount_count,
02828 device_p->d_covers,
02829 device_p->sb_p->s_type->name);
02830 else
02831 len +=
02832 sprintf(buffer + len,
02833 "%02u:%02u with mount_count = %u, d_covers = %p\n",
02834 RSBAC_MAJOR(device_p->id),
02835 RSBAC_MINOR(device_p->id),
02836 device_p->mount_count,
02837 device_p->d_covers);
02838 pos = begin + len;
02839 if (pos < offset) {
02840 len = 0;
02841 begin = pos;
02842 }
02843 if (pos > offset + length)
02844 break;
02845 }
02846 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02847 rcu_read_unlock();
02848 #else
02849 rsbac_read_unlock(&device_list_locks[i], &dflags);
02850 #endif
02851 if (pos > offset + length)
02852 break;
02853 }
02854
02855 *start = buffer + (offset - begin);
02856 len -= (offset - begin);
02857
02858 if (len > length)
02859 len = length;
02860 return len;
02861 }
02862
02863 static int
02864 stats_proc_info(char *buffer, char **start, off_t offset, int length)
02865 {
02866 u_int len = 0;
02867 off_t pos = 0;
02868 off_t begin = 0;
02869 struct rsbac_device_list_item_t *device_p;
02870 u_long fd_count, fd_dev_count, fd_sum = 0;
02871 u_long sum = 0;
02872 u_long total_sum = 0;
02873 long tmp_count;
02874 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02875 u_long dflags;
02876 #endif
02877 int i;
02878
02879 union rsbac_target_id_t rsbac_target_id;
02880 union rsbac_attribute_value_t rsbac_attribute_value;
02881
02882 if (!rsbac_initialized)
02883 return (-ENOSYS);
02884
02885 rsbac_pr_debug(aef, "calling ADF\n");
02886 rsbac_target_id.scd = ST_rsbac;
02887 rsbac_attribute_value.dummy = 0;
02888 if (!rsbac_adf_request(R_GET_STATUS_DATA,
02889 current->pid,
02890 T_SCD,
02891 rsbac_target_id,
02892 A_none, rsbac_attribute_value)) {
02893 return -EPERM;
02894 }
02895 #ifdef CONFIG_RSBAC_MAINT
02896 len =
02897 sprintf(buffer,
02898 "RSBAC Status\n------------\nRSBAC Version: %s (Maintenance Mode)\nSupported Modules:%s\n",
02899 RSBAC_VERSION, compiled_modules);
02900 #else
02901 len =
02902 sprintf(buffer,
02903 "RSBAC Status\n------------\nRSBAC Version: %s\nCompiled Modules:%s\n",
02904 RSBAC_VERSION, compiled_modules);
02905 #endif
02906 pos = begin + len;
02907 if (pos < offset) {
02908 len = 0;
02909 begin = pos;
02910 }
02911 if (pos > offset + length)
02912 goto out;
02913
02914 #ifdef CONFIG_RSBAC_SWITCH
02915 {
02916 char *active_modules;
02917
02918 active_modules = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02919 if (active_modules) {
02920 active_modules[0] = (char) 0;
02921 #ifdef CONFIG_RSBAC_REG
02922 strcat(active_modules, " REG");
02923 #endif
02924 #ifdef CONFIG_RSBAC_MAC
02925 #ifdef CONFIG_RSBAC_SWITCH_MAC
02926 if (rsbac_switch_mac)
02927 #endif
02928 #ifdef CONFIG_RSBAC_MAC_LIGHT
02929 strcat(active_modules, " MAC-L");
02930 #else
02931 strcat(active_modules, " MAC");
02932 #endif
02933 #endif
02934 #ifdef CONFIG_RSBAC_PM
02935 #ifdef CONFIG_RSBAC_SWITCH_PM
02936 if (rsbac_switch_pm)
02937 #endif
02938 strcat(active_modules, " PM");
02939 #endif
02940 #ifdef CONFIG_RSBAC_DAZ
02941 #ifdef CONFIG_RSBAC_SWITCH_DAZ
02942 if (rsbac_switch_daz)
02943 #endif
02944 strcat(active_modules, " DAZ");
02945 #endif
02946 #ifdef CONFIG_RSBAC_FF
02947 #ifdef CONFIG_RSBAC_SWITCH_FF
02948 if (rsbac_switch_ff)
02949 #endif
02950 strcat(active_modules, " FF");
02951 #endif
02952 #ifdef CONFIG_RSBAC_RC
02953 #ifdef CONFIG_RSBAC_SWITCH_RC
02954 if (rsbac_switch_rc)
02955 #endif
02956 strcat(active_modules, " RC");
02957 #endif
02958 #ifdef CONFIG_RSBAC_AUTH
02959 #ifdef CONFIG_RSBAC_SWITCH_AUTH
02960 if (rsbac_switch_auth)
02961 #endif
02962 strcat(active_modules, " AUTH");
02963 #endif
02964 #ifdef CONFIG_RSBAC_ACL
02965 #ifdef CONFIG_RSBAC_SWITCH_ACL
02966 if (rsbac_switch_acl)
02967 #endif
02968 strcat(active_modules, " ACL");
02969 #endif
02970 #ifdef CONFIG_RSBAC_CAP
02971 #ifdef CONFIG_RSBAC_SWITCH_CAP
02972 if (rsbac_switch_cap)
02973 #endif
02974 strcat(active_modules, " CAP");
02975 #endif
02976 #ifdef CONFIG_RSBAC_JAIL
02977 #ifdef CONFIG_RSBAC_SWITCH_JAIL
02978 if (rsbac_switch_jail)
02979 #endif
02980 strcat(active_modules, " JAIL");
02981 #endif
02982 #ifdef CONFIG_RSBAC_RES
02983 #ifdef CONFIG_RSBAC_SWITCH_RES
02984 if (rsbac_switch_res)
02985 #endif
02986 strcat(active_modules, " RES");
02987 #endif
02988 #ifdef CONFIG_RSBAC_PAX
02989 #ifdef CONFIG_RSBAC_SWITCH_PAX
02990 if (rsbac_switch_pax)
02991 #endif
02992 strcat(active_modules, " PAX");
02993 #endif
02994 len +=
02995 sprintf(buffer + len, "Active Modules: %s\n",
02996 active_modules);
02997 rsbac_kfree(active_modules);
02998 pos = begin + len;
02999 if (pos < offset) {
03000 len = 0;
03001 begin = pos;
03002 }
03003 if (pos > offset + length)
03004 goto out;
03005 }
03006 }
03007 #else
03008 len +=
03009 sprintf(buffer + len, "All modules active (no switching)\n");
03010 pos = begin + len;
03011 if (pos < offset) {
03012 len = 0;
03013 begin = pos;
03014 }
03015 if (pos > offset + length)
03016 goto out;
03017 #endif
03018
03019 #ifdef CONFIG_RSBAC_SOFTMODE
03020 if (rsbac_softmode) {
03021 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03022 len +=
03023 sprintf(buffer + len, "Global softmode is enabled\n");
03024 #else
03025 len += sprintf(buffer + len, "Softmode is enabled\n");
03026 #endif
03027 pos = begin + len;
03028 if (pos < offset) {
03029 len = 0;
03030 begin = pos;
03031 }
03032 if (pos > offset + length)
03033 goto out;
03034 } else {
03035 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03036 len +=
03037 sprintf(buffer + len, "Global softmode is disabled\n");
03038 #else
03039 len += sprintf(buffer + len, "Softmode is disabled\n");
03040 #endif
03041 pos = begin + len;
03042 if (pos < offset) {
03043 len = 0;
03044 begin = pos;
03045 }
03046 if (pos > offset + length)
03047 goto out;
03048 }
03049 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03050 {
03051 char *tmp;
03052
03053 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03054 if (tmp) {
03055 len +=
03056 sprintf(buffer + len,
03057 "Individual softmode enabled for:");
03058 for (i = 0; i <= RSBAC_MAX_MOD; i++)
03059 if (rsbac_ind_softmode[i])
03060 len +=
03061 sprintf(buffer + len, " %s",
03062 get_switch_target_name
03063 (tmp, i));
03064 rsbac_kfree(tmp);
03065 len += sprintf(buffer + len, "\n");
03066 pos = begin + len;
03067 if (pos < offset) {
03068 len = 0;
03069 begin = pos;
03070 }
03071 if (pos > offset + length)
03072 goto out;
03073 }
03074 }
03075 #endif
03076 #endif
03077
03078 len += sprintf(buffer + len, "\n");
03079
03080 tmp_count = 0;
03081 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
03082 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03083 rcu_read_lock();
03084 #else
03085 rsbac_read_lock(&device_list_locks[i], &dflags);
03086 #endif
03087 device_p = rcu_dereference(device_head_p[i])->head;
03088 if (device_p)
03089 len += sprintf(buffer + len, "FD items:\n");
03090 while (device_p) {
03091 fd_dev_count = 0;
03092 fd_count = rsbac_list_count(device_p->handles.gen);
03093 if (fd_count >= 0) {
03094 len += sprintf(buffer + len, "Dev %02u:%02u: %lu GEN",
03095 RSBAC_MAJOR(device_p->id),
03096 RSBAC_MINOR(device_p->id),
03097 fd_count);
03098 fd_dev_count += fd_count;
03099 }
03100
03101 #if defined(CONFIG_RSBAC_MAC)
03102 fd_count = rsbac_list_count(device_p->handles.mac);
03103 if (fd_count >= 0) {
03104 len += sprintf(buffer + len, ", %lu MAC", fd_count);
03105 fd_dev_count += fd_count;
03106 }
03107 #endif
03108
03109 #if defined(CONFIG_RSBAC_PM)
03110 fd_count = rsbac_list_count(device_p->handles.pm);
03111 if (fd_count >= 0) {
03112 len += sprintf(buffer + len, ", %lu PM", fd_count);
03113 fd_dev_count += fd_count;
03114 }
03115 #endif
03116
03117 #if defined(CONFIG_RSBAC_DAZ)
03118 fd_count = rsbac_list_count(device_p->handles.daz);
03119 if (fd_count >= 0) {
03120 len += sprintf(buffer + len, ", %lu DAZ", fd_count);
03121 fd_dev_count += fd_count;
03122 }
03123 #if defined(CONFIG_RSBAC_DAZ_CACHE)
03124 fd_count = rsbac_list_count(device_p->handles.dazs);
03125 if (fd_count >= 0) {
03126 len += sprintf(buffer + len, ", %lu DAZ SCANNED", fd_count);
03127 fd_dev_count += fd_count;
03128 }
03129 #endif
03130 #endif
03131
03132 #if defined(CONFIG_RSBAC_FF)
03133 fd_count = rsbac_list_count(device_p->handles.ff);
03134 if (fd_count >= 0) {
03135 len += sprintf(buffer + len, ", %lu FF", fd_count);
03136 fd_dev_count += fd_count;
03137 }
03138 #endif
03139
03140 #if defined(CONFIG_RSBAC_RC)
03141 fd_count = rsbac_list_count(device_p->handles.rc);
03142 if (fd_count >= 0) {
03143 len += sprintf(buffer + len, ", %lu RC", fd_count);
03144 fd_dev_count += fd_count;
03145 }
03146 #endif
03147
03148 #if defined(CONFIG_RSBAC_AUTH)
03149 fd_count = rsbac_list_count(device_p->handles.auth);
03150 if (fd_count >= 0) {
03151 len += sprintf(buffer + len, ", %lu AUTH", fd_count);
03152 fd_dev_count += fd_count;
03153 }
03154 #endif
03155
03156 #if defined(CONFIG_RSBAC_CAP)
03157 fd_count = rsbac_list_count(device_p->handles.cap);
03158 if (fd_count >= 0) {
03159 len += sprintf(buffer + len, ", %lu CAP", fd_count);
03160 fd_dev_count += fd_count;
03161 }
03162 #endif
03163
03164 #if defined(CONFIG_RSBAC_RES)
03165 fd_count = rsbac_list_count(device_p->handles.res);
03166 if (fd_count >= 0) {
03167 len += sprintf(buffer + len, ", %lu RES", fd_count);
03168 fd_dev_count += fd_count;
03169 }
03170 #endif
03171
03172 #if defined(CONFIG_RSBAC_PAX)
03173 fd_count = rsbac_list_count(device_p->handles.pax);
03174 if (fd_count >= 0) {
03175 len += sprintf(buffer + len, ", %lu PAX", fd_count);
03176 fd_dev_count += fd_count;
03177 }
03178 #endif
03179
03180 len += sprintf(buffer + len, ", %lu total\n",
03181 fd_dev_count);
03182 pos = begin + len;
03183 if (pos < offset) {
03184 len = 0;
03185 begin = pos;
03186 }
03187 if (pos > offset + length) {
03188
03189 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03190 rcu_read_unlock();
03191 #else
03192 rsbac_read_unlock(&device_list_locks[i], &dflags);
03193 #endif
03194 goto out;
03195 }
03196 fd_sum += fd_dev_count;
03197 device_p = device_p->next;
03198 }
03199 tmp_count += rcu_dereference(device_head_p[i])->count;
03200 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03201 rcu_read_unlock();
03202 #else
03203 rsbac_read_unlock(&device_list_locks[i], &dflags);
03204 #endif
03205 }
03206 len +=
03207 sprintf(buffer + len,
03208 "Sum of %lu Devices with %lu fd-items\n\n",
03209 tmp_count, fd_sum);
03210 total_sum += fd_sum;
03211 pos = begin + len;
03212 if (pos < offset) {
03213 len = 0;
03214 begin = pos;
03215 }
03216 if (pos > offset + length)
03217 goto out;
03218
03219
03220 sum = 0;
03221 tmp_count = rsbac_list_count(dev_handles.gen);
03222 len += sprintf(buffer + len, "DEV: %lu GEN", tmp_count);
03223 sum += tmp_count;
03224 #if defined(CONFIG_RSBAC_MAC)
03225 tmp_count = rsbac_list_count(dev_handles.mac);
03226 len += sprintf(buffer + len, ", %lu MAC", tmp_count);
03227 sum += tmp_count;
03228 #endif
03229 #if defined(CONFIG_RSBAC_PM)
03230 tmp_count = rsbac_list_count(dev_handles.pm);
03231 len += sprintf(buffer + len, ", %lu PM", tmp_count);
03232 sum += tmp_count;
03233 #endif
03234 #if defined(CONFIG_RSBAC_RC)
03235 tmp_count = rsbac_list_count(dev_major_handles.rc);
03236 len += sprintf(buffer + len, ", %lu major RC", tmp_count);
03237 sum += tmp_count;
03238 tmp_count = rsbac_list_count(dev_handles.rc);
03239 len += sprintf(buffer + len, ", %lu RC", tmp_count);
03240 sum += tmp_count;
03241 #endif
03242 len += sprintf(buffer + len, ", %lu total\n", sum);
03243 total_sum += sum;
03244 pos = begin + len;
03245 if (pos < offset) {
03246 len = 0;
03247 begin = pos;
03248 }
03249 if (pos > offset + length)
03250 goto out;
03251
03252
03253 sum = 0;
03254 len += sprintf(buffer + len, "IPC: 0 GEN");
03255 #if defined(CONFIG_RSBAC_MAC)
03256 tmp_count = rsbac_list_count(ipc_handles.mac);
03257 len += sprintf(buffer + len, ", %lu MAC", tmp_count);
03258 sum += tmp_count;
03259 #endif
03260 #if defined(CONFIG_RSBAC_PM)
03261 tmp_count = rsbac_list_count(ipc_handles.pm);
03262 len += sprintf(buffer + len, ", %lu PM", tmp_count);
03263 sum += tmp_count;
03264 #endif
03265 #if defined(CONFIG_RSBAC_RC)
03266 tmp_count = rsbac_list_count(ipc_handles.rc);
03267 len += sprintf(buffer + len, ", %lu RC", tmp_count);
03268 sum += tmp_count;
03269 #endif
03270 #if defined(CONFIG_RSBAC_JAIL)
03271 tmp_count = rsbac_list_count(ipc_handles.jail);
03272 len += sprintf(buffer + len, ", %lu JAIL", tmp_count);
03273 sum += tmp_count;
03274 #endif
03275 len += sprintf(buffer + len, ", %lu total\n", sum);
03276 total_sum += sum;
03277 pos = begin + len;
03278 if (pos < offset) {
03279 len = 0;
03280 begin = pos;
03281 }
03282 if (pos > offset + length)
03283 goto out;
03284
03285
03286 sum = 0;
03287 tmp_count = rsbac_list_count(user_handles.gen);
03288 len += sprintf(buffer + len, "USER: %lu GEN", tmp_count);
03289 sum += tmp_count;
03290 #if defined(CONFIG_RSBAC_MAC)
03291 tmp_count = rsbac_list_count(user_handles.mac);
03292 len += sprintf(buffer + len, ", %lu MAC", tmp_count);
03293 sum += tmp_count;
03294 #endif
03295 #if defined(CONFIG_RSBAC_PM)
03296 tmp_count = rsbac_list_count(user_handles.pm);
03297 len += sprintf(buffer + len, ", %lu PM", tmp_count);
03298 sum += tmp_count;
03299 #endif
03300 #if defined(CONFIG_RSBAC_DAZ)
03301 tmp_count = rsbac_list_count(user_handles.daz);
03302 len += sprintf(buffer + len, ", %lu DAZ", tmp_count);
03303 sum += tmp_count;
03304 #endif
03305 #if defined(CONFIG_RSBAC_FF)
03306 tmp_count = rsbac_list_count(user_handles.ff);
03307 len += sprintf(buffer + len, ", %lu FF", tmp_count);
03308 sum += tmp_count;
03309 #endif
03310 #if defined(CONFIG_RSBAC_RC)
03311 tmp_count = rsbac_list_count(user_handles.rc);
03312 len += sprintf(buffer + len, ", %lu RC", tmp_count);
03313 sum += tmp_count;
03314 #endif
03315 #if defined(CONFIG_RSBAC_AUTH)
03316 tmp_count = rsbac_list_count(user_handles.auth);
03317 len += sprintf(buffer + len, ", %lu AUTH", tmp_count);
03318 sum += tmp_count;
03319 #endif
03320 #if defined(CONFIG_RSBAC_CAP)
03321 tmp_count = rsbac_list_count(user_handles.cap);
03322 len += sprintf(buffer + len, ", %lu CAP", tmp_count);
03323 sum += tmp_count;
03324 #endif
03325 #if defined(CONFIG_RSBAC_JAIL)
03326 tmp_count = rsbac_list_count(user_handles.jail);
03327 len += sprintf(buffer + len, ", %lu JAIL", tmp_count);
03328 sum += tmp_count;
03329 #endif
03330 #if defined(CONFIG_RSBAC_RES)
03331 tmp_count = rsbac_list_count(user_handles.res);
03332 len += sprintf(buffer + len, ", %lu RES", tmp_count);
03333 sum += tmp_count;
03334 #endif
03335 #if defined(CONFIG_RSBAC_PAX)
03336 tmp_count = rsbac_list_count(user_handles.pax);
03337 len += sprintf(buffer + len, ", %lu PAX", tmp_count);
03338 sum += tmp_count;
03339 #endif
03340 len += sprintf(buffer + len, ", %lu total\n", sum);
03341 total_sum += sum;
03342 pos = begin + len;
03343 if (pos < offset) {
03344 len = 0;
03345 begin = pos;
03346 }
03347 if (pos > offset + length)
03348 goto out;
03349
03350
03351 sum = 0;
03352 tmp_count = rsbac_list_count(process_handles.gen);
03353 len += sprintf(buffer + len, "PROCESS: %lu GEN", tmp_count);
03354 sum += tmp_count;
03355 #if defined(CONFIG_RSBAC_MAC)
03356 tmp_count = rsbac_list_count(process_handles.mac);
03357 len += sprintf(buffer + len, ", %lu MAC", tmp_count);
03358 sum += tmp_count;
03359 #endif
03360 #if defined(CONFIG_RSBAC_PM)
03361 tmp_count = rsbac_list_count(process_handles.pm);
03362 len += sprintf(buffer + len, ", %lu PM", tmp_count);
03363 sum += tmp_count;
03364 #endif
03365 #if defined(CONFIG_RSBAC_DAZ)
03366 tmp_count = rsbac_list_count(process_handles.daz);
03367 len += sprintf(buffer + len, ", %lu DAZ", tmp_count);
03368 sum += tmp_count;
03369 #endif
03370 #if defined(CONFIG_RSBAC_RC)
03371 tmp_count = rsbac_list_count(process_handles.rc);
03372 len += sprintf(buffer + len, ", %lu RC", tmp_count);
03373 sum += tmp_count;
03374 #endif
03375 #if defined(CONFIG_RSBAC_AUTH)
03376 tmp_count = rsbac_list_count(process_handles.auth);
03377 len += sprintf(buffer + len, ", %lu AUTH", tmp_count);
03378 sum += tmp_count;
03379 #endif
03380 #if defined(CONFIG_RSBAC_CAP)
03381 tmp_count = rsbac_list_count(process_handles.cap);
03382 len += sprintf(buffer + len, ", %lu CAP", tmp_count);
03383 sum += tmp_count;
03384 #endif
03385 #if defined(CONFIG_RSBAC_JAIL)
03386 tmp_count = rsbac_list_count(process_handles.jail);
03387 len += sprintf(buffer + len, ", %lu JAIL", tmp_count);
03388 sum += tmp_count;
03389 #endif
03390 len += sprintf(buffer + len, ", %lu total\n", sum);
03391 total_sum += sum;
03392 pos = begin + len;
03393 if (pos < offset) {
03394 len = 0;
03395 begin = pos;
03396 }
03397 if (pos > offset + length)
03398 goto out;
03399
03400 #if defined(CONFIG_RSBAC_UM)
03401
03402 sum = 0;
03403 len += sprintf(buffer + len, "GROUP:");
03404 #if defined(CONFIG_RSBAC_RC_UM_PROT)
03405 tmp_count = rsbac_list_count(group_handles.rc);
03406 len += sprintf(buffer + len, " %lu RC,", tmp_count);
03407 sum += tmp_count;
03408 #endif
03409 len += sprintf(buffer + len, " %lu total\n", sum);
03410 total_sum += sum;
03411 pos = begin + len;
03412 if (pos < offset) {
03413 len = 0;
03414 begin = pos;
03415 }
03416 if (pos > offset + length)
03417 goto out;
03418 #endif
03419
03420 #if defined(CONFIG_RSBAC_NET_DEV)
03421
03422 sum = 0;
03423 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
03424 tmp_count = rsbac_list_count(netdev_handles.gen);
03425 len += sprintf(buffer + len, "NETDEV: %lu GEN, ", tmp_count);
03426 sum += tmp_count;
03427 #else
03428 len += sprintf(buffer + len, "NETDEV: ");
03429 #endif
03430 #if defined(CONFIG_RSBAC_RC)
03431 tmp_count = rsbac_list_count(netdev_handles.rc);
03432 len += sprintf(buffer + len, "%lu RC, ", tmp_count);
03433 sum += tmp_count;
03434 #endif
03435 len += sprintf(buffer + len, "%lu total\n", sum);
03436 total_sum += sum;
03437 pos = begin + len;
03438 if (pos < offset) {
03439 len = 0;
03440 begin = pos;
03441 }
03442 if (pos > offset + length)
03443 goto out;
03444
03445 #endif
03446
03447 #if defined(CONFIG_RSBAC_NET_OBJ)
03448
03449 tmp_count = rsbac_list_count(net_temp_handle);
03450 len += sprintf(buffer + len, "%lu Network Templates\n", tmp_count);
03451
03452
03453 sum = 0;
03454 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
03455 tmp_count = rsbac_list_count(nettemp_handles.gen);
03456 len += sprintf(buffer + len, "NETTEMP: %lu GEN, ", tmp_count);
03457 sum += tmp_count;
03458 #else
03459 len += sprintf(buffer + len, "NETTEMP: ");
03460 #endif
03461 #if defined(CONFIG_RSBAC_MAC)
03462 tmp_count = rsbac_list_count(nettemp_handles.mac);
03463 len += sprintf(buffer + len, "%lu MAC, ", tmp_count);
03464 sum += tmp_count;
03465 #endif
03466 #if defined(CONFIG_RSBAC_PM)
03467 tmp_count = rsbac_list_count(nettemp_handles.pm);
03468 len += sprintf(buffer + len, "%lu PM, ", tmp_count);
03469 sum += tmp_count;
03470 #endif
03471 #if defined(CONFIG_RSBAC_RC)
03472 tmp_count = rsbac_list_count(nettemp_handles.rc);
03473 len += sprintf(buffer + len, "%lu RC, ", tmp_count);
03474 sum += tmp_count;
03475 #endif
03476 len += sprintf(buffer + len, "%lu total\n", sum);
03477 total_sum += sum;
03478 pos = begin + len;
03479 if (pos < offset) {
03480 len = 0;
03481 begin = pos;
03482 }
03483 if (pos > offset + length)
03484 goto out;
03485
03486
03487 sum = 0;
03488 len += sprintf(buffer + len, "LNETOBJ: ");
03489 #if defined(CONFIG_RSBAC_MAC)
03490 tmp_count = rsbac_list_count(lnetobj_handles.mac);
03491 len += sprintf(buffer + len, "%lu MAC, ", tmp_count);
03492 sum += tmp_count;
03493 #endif
03494 #if defined(CONFIG_RSBAC_PM)
03495 tmp_count = rsbac_list_count(lnetobj_handles.pm);
03496 len += sprintf(buffer + len, "%lu PM, ", tmp_count);
03497 sum += tmp_count;
03498 #endif
03499 #if defined(CONFIG_RSBAC_RC)
03500 tmp_count = rsbac_list_count(lnetobj_handles.rc);
03501 len += sprintf(buffer + len, "%lu RC, ", tmp_count);
03502 sum += tmp_count;
03503 #endif
03504 len += sprintf(buffer + len, "%lu total\n", sum);
03505 total_sum += sum;
03506 pos = begin + len;
03507 if (pos < offset) {
03508 len = 0;
03509 begin = pos;
03510 }
03511 if (pos > offset + length)
03512 goto out;
03513
03514
03515 sum = 0;
03516 len += sprintf(buffer + len, "RNETOBJ: ");
03517 #if defined(CONFIG_RSBAC_MAC)
03518 tmp_count = rsbac_list_count(rnetobj_handles.mac);
03519 len += sprintf(buffer + len, "%lu MAC, ", tmp_count);
03520 sum += tmp_count;
03521 #endif
03522 #if defined(CONFIG_RSBAC_PM)
03523 tmp_count = rsbac_list_count(rnetobj_handles.pm);
03524 len += sprintf(buffer + len, "%lu PM, ", tmp_count);
03525 sum += tmp_count;
03526 #endif
03527 #if defined(CONFIG_RSBAC_RC)
03528 tmp_count = rsbac_list_count(rnetobj_handles.rc);
03529 len += sprintf(buffer + len, "%lu RC, ", tmp_count);
03530 sum += tmp_count;
03531 #endif
03532 len += sprintf(buffer + len, "%lu total\n", sum);
03533 total_sum += sum;
03534 pos = begin + len;
03535 if (pos < offset) {
03536 len = 0;
03537 begin = pos;
03538 }
03539 if (pos > offset + length)
03540 goto out;
03541
03542 #endif
03543
03544 len += sprintf(buffer + len,
03545 "Total sum of %lu registered rsbac-items\n",
03546 total_sum);
03547 pos = begin + len;
03548 if (pos < offset) {
03549 len = 0;
03550 begin = pos;
03551 }
03552 if (pos > offset + length)
03553 goto out;
03554
03555 len += sprintf(buffer + len,
03556 "\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu\n",
03557 rsbac_adf_request_count[T_FILE],
03558 rsbac_adf_request_count[T_DIR],
03559 rsbac_adf_request_count[T_FIFO],
03560 rsbac_adf_request_count[T_SYMLINK],
03561 rsbac_adf_request_count[T_DEV],
03562 rsbac_adf_request_count[T_IPC],
03563 rsbac_adf_request_count[T_SCD],
03564 rsbac_adf_request_count[T_USER],
03565 rsbac_adf_request_count[T_PROCESS],
03566 rsbac_adf_request_count[T_NETDEV],
03567 rsbac_adf_request_count[T_NETTEMP],
03568 rsbac_adf_request_count[T_NETOBJ],
03569 rsbac_adf_request_count[T_GROUP],
03570 rsbac_adf_request_count[T_UNIXSOCK]);
03571 pos = begin + len;
03572 if (pos < offset) {
03573 len = 0;
03574 begin = pos;
03575 }
03576 if (pos > offset + length)
03577 goto out;
03578
03579 len += sprintf(buffer + len,
03580 "adf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu\n",
03581 rsbac_adf_set_attr_count[T_FILE],
03582 rsbac_adf_set_attr_count[T_DIR],
03583 rsbac_adf_set_attr_count[T_FIFO],
03584 rsbac_adf_set_attr_count[T_SYMLINK],
03585 rsbac_adf_set_attr_count[T_DEV],
03586 rsbac_adf_set_attr_count[T_IPC],
03587 rsbac_adf_set_attr_count[T_SCD],
03588 rsbac_adf_set_attr_count[T_USER],
03589 rsbac_adf_set_attr_count[T_PROCESS],
03590 rsbac_adf_set_attr_count[T_NETDEV],
03591 rsbac_adf_set_attr_count[T_NETTEMP],
03592 rsbac_adf_set_attr_count[T_NETOBJ],
03593 rsbac_adf_set_attr_count[T_GROUP],
03594 rsbac_adf_set_attr_count[T_UNIXSOCK]);
03595 pos = begin + len;
03596 if (pos < offset) {
03597 len = 0;
03598 begin = pos;
03599 }
03600
03601 out:
03602 *start = buffer + (offset - begin);
03603 len -= (offset - begin);
03604
03605 if (len > length)
03606 len = length;
03607 return len;
03608 }
03609
03610 static int
03611 active_proc_info(char *buffer, char **start, off_t offset, int length)
03612 {
03613 u_int len = 0;
03614 off_t pos = 0;
03615 off_t begin = 0;
03616
03617 union rsbac_target_id_t rsbac_target_id;
03618 union rsbac_attribute_value_t rsbac_attribute_value;
03619
03620 if (!rsbac_initialized)
03621 return (-ENOSYS);
03622
03623 rsbac_pr_debug(aef, "calling ADF\n");
03624 rsbac_target_id.scd = ST_rsbac;
03625 rsbac_attribute_value.dummy = 0;
03626 if (!rsbac_adf_request(R_GET_STATUS_DATA,
03627 current->pid,
03628 T_SCD,
03629 rsbac_target_id,
03630 A_none, rsbac_attribute_value)) {
03631 return -EPERM;
03632 }
03633
03634 len = sprintf(buffer, "Version: %s\n", RSBAC_VERSION);
03635 #ifdef CONFIG_RSBAC_MAINT
03636 len += sprintf(buffer + len, "Mode: Maintenance\n");
03637 len += sprintf(buffer + len, "Softmode: unavailable\n");
03638 #else
03639 #ifdef CONFIG_RSBAC_SOFTMODE
03640 if (rsbac_softmode)
03641 len += sprintf(buffer + len, "Mode: SOFTMODE\n");
03642 else
03643 #endif
03644 len += sprintf(buffer + len, "Mode: Secure\n");
03645 #ifdef CONFIG_RSBAC_SOFTMODE
03646 len += sprintf(buffer + len, "Softmode: available\n");
03647 #else
03648 len += sprintf(buffer + len, "Softmode: unavailable\n");
03649 #endif
03650 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03651 len += sprintf(buffer + len, "Ind-Soft: available\n");
03652 #else
03653 len += sprintf(buffer + len, "Ind-Soft: unavailable\n");
03654 #endif
03655 #ifdef CONFIG_RSBAC_SWITCH
03656 len += sprintf(buffer + len, "Switching off: available for");
03657 #ifdef CONFIG_RSBAC_SWITCH_MAC
03658 #ifndef CONFIG_RSBAC_SWITCH_ON
03659 if (rsbac_switch_mac)
03660 #endif
03661 len += sprintf(buffer + len, " MAC");
03662 #endif
03663 #ifdef CONFIG_RSBAC_SWITCH_PM
03664 #ifndef CONFIG_RSBAC_SWITCH_ON
03665 if (rsbac_switch_pm)
03666 #endif
03667 len += sprintf(buffer + len, " PM");
03668 #endif
03669 #ifdef CONFIG_RSBAC_SWITCH_DAZ
03670 len += sprintf(buffer + len, " DAZ");
03671 #endif
03672 #ifdef CONFIG_RSBAC_SWITCH_FF
03673 len += sprintf(buffer + len, " FF");
03674 #endif
03675 #ifdef CONFIG_RSBAC_SWITCH_RC
03676 #ifndef CONFIG_RSBAC_SWITCH_ON
03677 if (rsbac_switch_rc)
03678 #endif
03679 len += sprintf(buffer + len, " RC");
03680 #endif
03681 #ifdef CONFIG_RSBAC_SWITCH_AUTH
03682 len += sprintf(buffer + len, " AUTH");
03683 #endif
03684 #ifdef CONFIG_RSBAC_SWITCH_ACL
03685 len += sprintf(buffer + len, " ACL");
03686 #endif
03687 #ifdef CONFIG_RSBAC_SWITCH_CAP
03688 len += sprintf(buffer + len, " CAP");
03689 #endif
03690 #ifdef CONFIG_RSBAC_SWITCH_JAIL
03691 len += sprintf(buffer + len, " JAIL");
03692 #endif
03693 #ifdef CONFIG_RSBAC_SWITCH_RES
03694 len += sprintf(buffer + len, " RES");
03695 #endif
03696 #ifdef CONFIG_RSBAC_SWITCH_PAX
03697 len += sprintf(buffer + len, " PAX");
03698 #endif
03699 len += sprintf(buffer + len, "\n");
03700 len += sprintf(buffer + len, "Switching on: available for");
03701 #ifdef CONFIG_RSBAC_SWITCH_ON
03702 #ifdef CONFIG_RSBAC_SWITCH_MAC
03703 len += sprintf(buffer + len, " MAC");
03704 #endif
03705 #ifdef CONFIG_RSBAC_SWITCH_PM
03706 len += sprintf(buffer + len, " PM");
03707 #endif
03708 #ifdef CONFIG_RSBAC_SWITCH_RC
03709 len += sprintf(buffer + len, " RC");
03710 #endif
03711 #endif
03712 #ifdef CONFIG_RSBAC_SWITCH_DAZ
03713 len += sprintf(buffer + len, " DAZ");
03714 #endif
03715 #ifdef CONFIG_RSBAC_SWITCH_FF
03716 len += sprintf(buffer + len, " FF");
03717 #endif
03718 #ifdef CONFIG_RSBAC_SWITCH_AUTH
03719 len += sprintf(buffer + len, " AUTH");
03720 #endif
03721 #ifdef CONFIG_RSBAC_SWITCH_ACL
03722 len += sprintf(buffer + len, " ACL");
03723 #endif
03724 #ifdef CONFIG_RSBAC_SWITCH_CAP
03725 len += sprintf(buffer + len, " CAP");
03726 #endif
03727 #ifdef CONFIG_RSBAC_SWITCH_JAIL
03728 len += sprintf(buffer + len, " JAIL");
03729 #endif
03730 #ifdef CONFIG_RSBAC_SWITCH_RES
03731 len += sprintf(buffer + len, " RES");
03732 #endif
03733 #ifdef CONFIG_RSBAC_SWITCH_PAX
03734 len += sprintf(buffer + len, " PAX");
03735 #endif
03736 len += sprintf(buffer + len, "\n");
03737 #else
03738 len += sprintf(buffer + len, "Switching off: unavailable\n");
03739 len += sprintf(buffer + len, "Switching on: unavailable\n");
03740 #endif
03741 #endif
03742 pos = begin + len;
03743 if (pos < offset) {
03744 len = 0;
03745 begin = pos;
03746 }
03747 if (pos > offset + length)
03748 goto out;
03749
03750 #ifdef CONFIG_RSBAC_REG
03751 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03752 if (rsbac_ind_softmode[SW_REG])
03753 len += sprintf(buffer + len, "Module: REG SOFTMODE\n");
03754 else
03755 #endif
03756 len += sprintf(buffer + len, "Module: REG on\n");
03757 #endif
03758
03759 #ifdef CONFIG_RSBAC_MAC
03760 #ifdef CONFIG_RSBAC_SWITCH_MAC
03761 if (!rsbac_switch_mac)
03762 len += sprintf(buffer + len, "Module: MAC OFF\n");
03763 else
03764 #endif
03765 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03766 if (rsbac_ind_softmode[SW_MAC])
03767 len += sprintf(buffer + len, "Module: MAC SOFTMODE\n");
03768 else
03769 #endif
03770 len += sprintf(buffer + len, "Module: MAC on\n");
03771 #endif
03772
03773 #ifdef CONFIG_RSBAC_PM
03774 #ifdef CONFIG_RSBAC_SWITCH_PM
03775 if (!rsbac_switch_pm)
03776 len += sprintf(buffer + len, "Module: PM OFF\n");
03777 else
03778 #endif
03779 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03780 if (rsbac_ind_softmode[SW_PM])
03781 len += sprintf(buffer + len, "Module: PM SOFTMODE\n");
03782 else
03783 #endif
03784 len += sprintf(buffer + len, "Module: PM on\n");
03785 #endif
03786
03787 #ifdef CONFIG_RSBAC_DAZ
03788 #ifdef CONFIG_RSBAC_SWITCH_DAZ
03789 if (!rsbac_switch_daz)
03790 len += sprintf(buffer + len, "Module: DAZ OFF\n");
03791 else
03792 #endif
03793 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03794 if (rsbac_ind_softmode[SW_DAZ])
03795 len += sprintf(buffer + len, "Module: DAZ SOFTMODE\n");
03796 else
03797 #endif
03798 len += sprintf(buffer + len, "Module: DAZ on\n");
03799 #endif
03800
03801 #ifdef CONFIG_RSBAC_FF
03802 #ifdef CONFIG_RSBAC_SWITCH_FF
03803 if (!rsbac_switch_ff)
03804 len += sprintf(buffer + len, "Module: FF OFF\n");
03805 else
03806 #endif
03807 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03808 if (rsbac_ind_softmode[SW_FF])
03809 len += sprintf(buffer + len, "Module: FF SOFTMODE\n");
03810 else
03811 #endif
03812 len += sprintf(buffer + len, "Module: FF on\n");
03813 #endif
03814
03815 #ifdef CONFIG_RSBAC_RC
03816 #ifdef CONFIG_RSBAC_SWITCH_RC
03817 if (!rsbac_switch_rc)
03818 len += sprintf(buffer + len, "Module: RC OFF\n");
03819 else
03820 #endif
03821 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03822 if (rsbac_ind_softmode[SW_RC])
03823 len += sprintf(buffer + len, "Module: RC SOFTMODE\n");
03824 else
03825 #endif
03826 len += sprintf(buffer + len, "Module: RC on\n");
03827 #endif
03828
03829 #ifdef CONFIG_RSBAC_AUTH
03830 #ifdef CONFIG_RSBAC_SWITCH_AUTH
03831 if (!rsbac_switch_auth)
03832 len += sprintf(buffer + len, "Module: AUTH OFF\n");
03833 else
03834 #endif
03835 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03836 if (rsbac_ind_softmode[SW_AUTH])
03837 len += sprintf(buffer + len, "Module: AUTH SOFTMODE\n");
03838 else
03839 #endif
03840 len += sprintf(buffer + len, "Module: AUTH on\n");
03841 #endif
03842
03843 #ifdef CONFIG_RSBAC_ACL
03844 #ifdef CONFIG_RSBAC_SWITCH_ACL
03845 if (!rsbac_switch_acl)
03846 len += sprintf(buffer + len, "Module: ACL OFF\n");
03847 else
03848 #endif
03849 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03850 if (rsbac_ind_softmode[SW_ACL])
03851 len += sprintf(buffer + len, "Module: ACL SOFTMODE\n");
03852 else
03853 #endif
03854 len += sprintf(buffer + len, "Module: ACL on\n");
03855 #endif
03856
03857 #ifdef CONFIG_RSBAC_CAP
03858 #ifdef CONFIG_RSBAC_SWITCH_CAP
03859 if (!rsbac_switch_cap)
03860 len += sprintf(buffer + len, "Module: CAP OFF\n");
03861 else
03862 #endif
03863 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03864 if (rsbac_ind_softmode[SW_CAP])
03865 len += sprintf(buffer + len, "Module: CAP SOFTMODE\n");
03866 else
03867 #endif
03868 len += sprintf(buffer + len, "Module: CAP on\n");
03869 #endif
03870
03871 #ifdef CONFIG_RSBAC_JAIL
03872 #ifdef CONFIG_RSBAC_SWITCH_JAIL
03873 if (!rsbac_switch_jail)
03874 len += sprintf(buffer + len, "Module: JAIL OFF\n");
03875 else
03876 #endif
03877 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03878 if (rsbac_ind_softmode[SW_JAIL])
03879 len += sprintf(buffer + len, "Module: JAIL SOFTMODE\n");
03880 else
03881 #endif
03882 len += sprintf(buffer + len, "Module: JAIL on\n");
03883 #endif
03884
03885 #ifdef CONFIG_RSBAC_RES
03886 #ifdef CONFIG_RSBAC_SWITCH_RES
03887 if (!rsbac_switch_res)
03888 len += sprintf(buffer + len, "Module: RES OFF\n");
03889 else
03890 #endif
03891 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03892 if (rsbac_ind_softmode[SW_RES])
03893 len += sprintf(buffer + len, "Module: RES SOFTMODE\n");
03894 else
03895 #endif
03896 len += sprintf(buffer + len, "Module: RES on\n");
03897 #endif
03898
03899 #ifdef CONFIG_RSBAC_PAX
03900 #ifdef CONFIG_RSBAC_SWITCH_PAX
03901 if (!rsbac_switch_pax)
03902 len += sprintf(buffer + len, "Module: PAX OFF\n");
03903 else
03904 #endif
03905 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03906 if (rsbac_ind_softmode[SW_PAX])
03907 len += sprintf(buffer + len, "Module: PAX SOFTMODE\n");
03908 else
03909 #endif
03910 len += sprintf(buffer + len, "Module: PAX on\n");
03911 #endif
03912
03913 pos = begin + len;
03914 if (pos < offset) {
03915 len = 0;
03916 begin = pos;
03917 }
03918
03919 out:
03920 *start = buffer + (offset - begin);
03921 len -= (offset - begin);
03922
03923 if (len > length)
03924 len = length;
03925 return len;
03926 }
03927
03928 #ifdef CONFIG_RSBAC_XSTATS
03929 static int
03930 xstats_proc_info(char *buffer, char **start, off_t offset, int length)
03931 {
03932 u_int len = 0;
03933 off_t pos = 0;
03934 off_t begin = 0;
03935 int i, j;
03936 char name[80];
03937 union rsbac_target_id_t rsbac_target_id;
03938 union rsbac_attribute_value_t rsbac_attribute_value;
03939
03940 if (!rsbac_initialized)
03941 return (-ENOSYS);
03942
03943 rsbac_pr_debug(aef, "calling ADF\n");
03944 rsbac_target_id.scd = ST_rsbac;
03945 rsbac_attribute_value.dummy = 0;
03946 if (!rsbac_adf_request(R_GET_STATUS_DATA,
03947 current->pid,
03948 T_SCD,
03949 rsbac_target_id,
03950 A_none, rsbac_attribute_value)) {
03951 return -EPERM;
03952 }
03953
03954 len += sprintf(buffer,
03955 "RSBAC ADF call Statistics\n-------------------------\nadf_request table:\n");
03956 pos = begin + len;
03957 if (pos < offset) {
03958 len = 0;
03959 begin = pos;
03960 }
03961 if (pos > offset + length)
03962 goto out;
03963
03964 len +=
03965 sprintf(buffer + len,
03966 "Request /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tGROUP\tUNIXSOCK NONE");
03967 pos = begin + len;
03968 if (pos < offset) {
03969 len = 0;
03970 begin = pos;
03971 }
03972 if (pos > offset + length)
03973 goto out;
03974
03975 for (i = 0; i < R_NONE; i++) {
03976 get_request_name(name, i);
03977 name[15] = 0;
03978 len += sprintf(buffer + len, "\n%-14s\t", name);
03979 pos = begin + len;
03980 if (pos < offset) {
03981 len = 0;
03982 begin = pos;
03983 }
03984 if (pos > offset + length)
03985 goto out;
03986 for (j = 0; j <= T_NONE; j++) {
03987 if ((j == T_NETTEMP_NT)
03988 || (j == T_FD)
03989 )
03990 continue;
03991 len += sprintf(buffer + len, "%lu\t",
03992 rsbac_adf_request_xcount[j][i]);
03993 pos = begin + len;
03994 if (pos < offset) {
03995 len = 0;
03996 begin = pos;
03997 }
03998 if (pos > offset + length)
03999 goto out;
04000 }
04001 }
04002
04003 len += sprintf(buffer + len,
04004 "\n\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu, none: %lu\n",
04005 rsbac_adf_request_count[T_FILE],
04006 rsbac_adf_request_count[T_DIR],
04007 rsbac_adf_request_count[T_FIFO],
04008 rsbac_adf_request_count[T_SYMLINK],
04009 rsbac_adf_request_count[T_DEV],
04010 rsbac_adf_request_count[T_IPC],
04011 rsbac_adf_request_count[T_SCD],
04012 rsbac_adf_request_count[T_USER],
04013 rsbac_adf_request_count[T_PROCESS],
04014 rsbac_adf_request_count[T_NETDEV],
04015 rsbac_adf_request_count[T_NETTEMP],
04016 rsbac_adf_request_count[T_NETOBJ],
04017 rsbac_adf_request_count[T_GROUP],
04018 rsbac_adf_request_count[T_UNIXSOCK],
04019 rsbac_adf_request_count[T_NONE]);
04020 pos = begin + len;
04021 if (pos < offset) {
04022 len = 0;
04023 begin = pos;
04024 }
04025 if (pos > offset + length)
04026 goto out;
04027
04028 len += sprintf(buffer + len,
04029 "\n\nadf_set_attr table:\nRequest /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tGROUP\tUNIXSOCK NONE");
04030 pos = begin + len;
04031 if (pos < offset) {
04032 len = 0;
04033 begin = pos;
04034 }
04035 if (pos > offset + length)
04036 goto out;
04037
04038 for (i = 0; i < R_NONE; i++) {
04039 get_request_name(name, i);
04040 name[15] = 0;
04041 len += sprintf(buffer + len, "\n%-14s\t", name);
04042 pos = begin + len;
04043 if (pos < offset) {
04044 len = 0;
04045 begin = pos;
04046 }
04047 if (pos > offset + length)
04048 goto out;
04049 for (j = 0; j <= T_NONE; j++) {
04050 if ((j == T_NETTEMP_NT)
04051 || (j == T_FD)
04052 )
04053 continue;
04054 len += sprintf(buffer + len, "%lu\t",
04055 rsbac_adf_set_attr_xcount[j][i]);
04056 pos = begin + len;
04057 if (pos < offset) {
04058 len = 0;
04059 begin = pos;
04060 }
04061 if (pos > offset + length)
04062 goto out;
04063 }
04064 }
04065
04066 len += sprintf(buffer + len,
04067 "\n\nadf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu, none: %lu\n",
04068 rsbac_adf_set_attr_count[T_FILE],
04069 rsbac_adf_set_attr_count[T_DIR],
04070 rsbac_adf_set_attr_count[T_FIFO],
04071 rsbac_adf_set_attr_count[T_SYMLINK],
04072 rsbac_adf_set_attr_count[T_DEV],
04073 rsbac_adf_set_attr_count[T_IPC],
04074 rsbac_adf_set_attr_count[T_SCD],
04075 rsbac_adf_set_attr_count[T_USER],
04076 rsbac_adf_set_attr_count[T_PROCESS],
04077 rsbac_adf_set_attr_count[T_NETDEV],
04078 rsbac_adf_set_attr_count[T_NETTEMP],
04079 rsbac_adf_set_attr_count[T_NETOBJ],
04080 rsbac_adf_set_attr_count[T_GROUP],
04081 rsbac_adf_set_attr_count[T_UNIXSOCK],
04082 rsbac_adf_set_attr_count[T_NONE]);
04083 pos = begin + len;
04084 if (pos < offset) {
04085 len = 0;
04086 begin = pos;
04087 }
04088 if (pos > offset + length)
04089 goto out;
04090
04091 len += sprintf(buffer + len,
04092 "\n\nData Structures:\nrsbac_get_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu\n",
04093 get_attr_count[T_FILE],
04094 get_attr_count[T_DIR],
04095 get_attr_count[T_FIFO],
04096 get_attr_count[T_SYMLINK],
04097 get_attr_count[T_DEV],
04098 get_attr_count[T_IPC],
04099 get_attr_count[T_SCD],
04100 get_attr_count[T_USER],
04101 get_attr_count[T_PROCESS],
04102 get_attr_count[T_NETDEV],
04103 get_attr_count[T_NETTEMP],
04104 get_attr_count[T_NETOBJ],
04105 get_attr_count[T_GROUP],
04106 get_attr_count[T_UNIXSOCK]);
04107 pos = begin + len;
04108 if (pos < offset) {
04109 len = 0;
04110 begin = pos;
04111 }
04112 if (pos > offset + length)
04113 goto out;
04114
04115 len += sprintf(buffer + len,
04116 "\nrsbac_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu\n",
04117 set_attr_count[T_FILE],
04118 set_attr_count[T_DIR],
04119 set_attr_count[T_FIFO],
04120 set_attr_count[T_SYMLINK],
04121 set_attr_count[T_DEV],
04122 set_attr_count[T_IPC],
04123 set_attr_count[T_SCD],
04124 set_attr_count[T_USER],
04125 set_attr_count[T_PROCESS],
04126 set_attr_count[T_NETDEV],
04127 set_attr_count[T_NETTEMP],
04128 set_attr_count[T_NETOBJ],
04129 set_attr_count[T_GROUP],
04130 set_attr_count[T_UNIXSOCK]);
04131 pos = begin + len;
04132 if (pos < offset) {
04133 len = 0;
04134 begin = pos;
04135 }
04136 if (pos > offset + length)
04137 goto out;
04138
04139 len += sprintf(buffer + len,
04140 "\nrsbac_remove_target calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu\n",
04141 remove_count[T_FILE],
04142 remove_count[T_DIR],
04143 remove_count[T_FIFO],
04144 remove_count[T_SYMLINK],
04145 remove_count[T_DEV],
04146 remove_count[T_IPC],
04147 remove_count[T_SCD],
04148 remove_count[T_USER],
04149 remove_count[T_PROCESS],
04150 remove_count[T_NETDEV],
04151 remove_count[T_NETTEMP],
04152 remove_count[T_NETOBJ],
04153 remove_count[T_GROUP],
04154 remove_count[T_UNIXSOCK]);
04155 pos = begin + len;
04156 if (pos < offset) {
04157 len = 0;
04158 begin = pos;
04159 }
04160 if (pos > offset + length)
04161 goto out;
04162
04163 len += sprintf(buffer + len,
04164 "\nrsbac_get_parent calls: %lu\n",
04165 get_parent_count);
04166 pos = begin + len;
04167 if (pos < offset) {
04168 len = 0;
04169 begin = pos;
04170 }
04171 if (pos > offset + length)
04172 goto out;
04173
04174 #ifdef CONFIG_RSBAC_FD_CACHE
04175 len += sprintf(buffer + len,
04176 "\nFD Cache hits misses items subitem hm-ratio\n");
04177 for (i = 0; i < SW_NONE; i++) {
04178 if (fd_cache_handle[i]) {
04179 __u64 tmp_hits = fd_cache_hits[i];
04180 __u64 tmp_misses = fd_cache_misses[i];
04181
04182 while ((tmp_hits > (__u32) -1) || (tmp_misses > (__u32) -1)) {
04183 tmp_hits >>= 1;
04184 tmp_misses >>= 1;
04185 }
04186 if (!tmp_misses)
04187 tmp_misses = 1;
04188 len += sprintf(buffer + len,
04189 "%-8s %-20llu %-20llu %-7lu %-7lu %u\n",
04190 get_switch_target_name(name, i),
04191 fd_cache_hits[i], fd_cache_misses[i],
04192 rsbac_list_lol_count(fd_cache_handle[i]),
04193 rsbac_list_lol_all_subcount(fd_cache_handle[i]),
04194 ((__u32) tmp_hits)/((__u32) tmp_misses));
04195 pos = begin + len;
04196 if (pos < offset) {
04197 len = 0;
04198 begin = pos;
04199 }
04200 if (pos > offset + length)
04201 goto out;
04202 }
04203 }
04204 len += sprintf(buffer + len, "\n%u fd_cache_invalidates, %u fd_cache_invalidate_alls\n",
04205 fd_cache_invalidates, fd_cache_invalidate_alls);
04206 pos = begin + len;
04207 if (pos < offset) {
04208 len = 0;
04209 begin = pos;
04210 }
04211 #endif
04212
04213 out:
04214 *start = buffer + (offset - begin);
04215 len -= (offset - begin);
04216
04217 if (len > length)
04218 len = length;
04219 return len;
04220 }
04221 #endif
04222
04223 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
04224 static int
04225 auto_write_proc_info(char *buffer, char **start, off_t offset, int length)
04226 {
04227 int len = 0;
04228 off_t pos = 0;
04229 off_t begin = 0;
04230
04231 union rsbac_target_id_t rsbac_target_id;
04232 union rsbac_attribute_value_t rsbac_attribute_value;
04233
04234 if (!rsbac_initialized)
04235 return (-ENOSYS);
04236
04237 rsbac_pr_debug(aef, "calling ADF\n");
04238 rsbac_target_id.scd = ST_rsbac;
04239 rsbac_attribute_value.dummy = 0;
04240 if (!rsbac_adf_request(R_GET_STATUS_DATA,
04241 current->pid,
04242 T_SCD,
04243 rsbac_target_id,
04244 A_none, rsbac_attribute_value)) {
04245 return -EPERM;
04246 }
04247
04248 len =
04249 sprintf(buffer,
04250 "RSBAC auto write settings\n-------------------------\n");
04251 pos = begin + len;
04252 if (pos < offset) {
04253 len = 0;
04254 begin = pos;
04255 }
04256 if (pos > offset + length)
04257 goto out;
04258
04259 len +=
04260 sprintf(buffer + len,
04261 "auto interval %u jiffies (%i jiffies = 1 second)\n",
04262 auto_interval, HZ);
04263 pos = begin + len;
04264 if (pos < offset) {
04265 len = 0;
04266 begin = pos;
04267 }
04268 if (pos > offset + length)
04269 goto out;
04270
04271 #ifdef CONFIG_RSBAC_DEBUG
04272 len += sprintf(buffer + len, "debug level is %i\n",
04273 rsbac_debug_auto);
04274 pos = begin + len;
04275 if (pos < offset) {
04276 len = 0;
04277 begin = pos;
04278 }
04279 #endif
04280
04281 out:
04282 *start = buffer + (offset - begin);
04283 len -= (offset - begin);
04284
04285 if (len > length)
04286 len = length;
04287 return len;
04288 }
04289
04290 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
04291 static int auto_write_proc_write(struct file *file, const char *buf,
04292 u_long count, void *ppos)
04293 #else
04294 static int auto_write_proc_write(struct file *file,
04295 const char __user * buf, u_long count,
04296 void *data)
04297 #endif
04298 {
04299 ssize_t err;
04300 char *k_buf;
04301 char *p;
04302
04303 union rsbac_target_id_t rsbac_target_id;
04304 union rsbac_attribute_value_t rsbac_attribute_value;
04305
04306 if (count > PROC_BLOCK_SIZE) {
04307 return (-EOVERFLOW);
04308 }
04309
04310 if (!(k_buf = (char *) __get_free_page(GFP_KERNEL)))
04311 return (-ENOMEM);
04312 err = copy_from_user(k_buf, buf, count);
04313 if (err < 0)
04314 return err;
04315
04316 err = count;
04317 if (count < 13 || strncmp("auto", k_buf, 4)) {
04318 goto out;
04319 }
04320 if (!rsbac_initialized) {
04321 err = -ENOSYS;
04322 goto out;
04323 }
04324 rsbac_pr_debug(aef, "calling ADF\n");
04325 rsbac_target_id.scd = ST_rsbac;
04326 rsbac_attribute_value.dummy = 0;
04327 if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
04328 current->pid,
04329 T_SCD,
04330 rsbac_target_id,
04331 A_none, rsbac_attribute_value)) {
04332 err = -EPERM;
04333 goto out;
04334 }
04335
04336
04337
04338
04339
04340 if (!strncmp("interval", k_buf + 5, 8)) {
04341 unsigned int interval;
04342
04343 p = k_buf + 5 + 9;
04344
04345 if (*p == '\0')
04346 goto out;
04347
04348 interval = simple_strtoul(p, NULL, 0);
04349
04350 if (interval >= HZ) {
04351 rsbac_printk(KERN_INFO "auto_write_proc_write(): setting auto write interval to %u\n",
04352 interval);
04353 auto_interval = interval;
04354 err = count;
04355 goto out;
04356 } else {
04357 rsbac_printk(KERN_INFO "auto_write_proc_write(): rejecting too short auto write interval %u (min. %i)\n",
04358 interval, HZ);
04359 goto out;
04360 }
04361 }
04362 #ifdef CONFIG_RSBAC_DEBUG
04363
04364
04365
04366
04367 if (!strncmp("debug", k_buf + 5, 5)) {
04368 unsigned int debug_level;
04369
04370 p = k_buf + 5 + 6;
04371
04372 if (*p == '\0')
04373 goto out;
04374
04375 debug_level = simple_strtoul(p, NULL, 0);
04376
04377 if (!debug_level || (debug_level == 1)) {
04378 rsbac_printk(KERN_INFO "auto_write_proc_write(): setting rsbac_debug_auto to %u\n",
04379 debug_level);
04380 rsbac_debug_auto = debug_level;
04381 err = count;
04382 } else {
04383 rsbac_printk(KERN_INFO "auto_write_proc_write(): rejecting invalid debug level (should be 0 or 1)\n");
04384 }
04385 }
04386 #endif
04387
04388 out:
04389 free_page((ulong) k_buf);
04390 return (err);
04391 }
04392 #endif
04393
04394 static int
04395 versions_proc_info(char *buffer, char **start, off_t offset, int length)
04396 {
04397 int len = 0;
04398 off_t pos = 0;
04399 off_t begin = 0;
04400
04401 union rsbac_target_id_t rsbac_target_id;
04402 union rsbac_attribute_value_t rsbac_attribute_value;
04403
04404 if (!rsbac_initialized)
04405 return (-ENOSYS);
04406
04407 rsbac_pr_debug(aef, "calling ADF\n");
04408 rsbac_target_id.scd = ST_rsbac;
04409 rsbac_attribute_value.dummy = 0;
04410 if (!rsbac_adf_request(R_GET_STATUS_DATA,
04411 current->pid,
04412 T_SCD,
04413 rsbac_target_id,
04414 A_none, rsbac_attribute_value)) {
04415 return -EPERM;
04416 }
04417
04418 len = sprintf(buffer,
04419 "RSBAC version settings (%s)\n----------------------\n",
04420 RSBAC_VERSION);
04421 len +=
04422 sprintf(buffer + len,
04423 "Device list head size is %u, hash size is %u\n",
04424 (int) sizeof(struct rsbac_device_list_item_t),
04425 RSBAC_NR_DEVICE_LISTS);
04426 pos = begin + len;
04427 if (pos < offset) {
04428 len = 0;
04429 begin = pos;
04430 }
04431 if (pos > offset + length)
04432 goto out;
04433
04434 len +=
04435 sprintf(buffer + len,
04436 "FD lists:\nGEN aci version is %u, aci entry size is %Zd, %u lists per device\n",
04437 RSBAC_GEN_FD_ACI_VERSION,
04438 sizeof(struct rsbac_gen_fd_aci_t),
04439 gen_nr_fd_hashes);
04440 pos = begin + len;
04441 if (pos < offset) {
04442 len = 0;
04443 begin = pos;
04444 }
04445 if (pos > offset + length)
04446 goto out;
04447 #if defined(CONFIG_RSBAC_MAC)
04448 len +=
04449 sprintf(buffer + len,
04450 "MAC aci version is %u, aci entry size is %Zd, %u lists per device\n",
04451 RSBAC_MAC_FD_ACI_VERSION,
04452 sizeof(struct rsbac_mac_fd_aci_t),
04453 mac_nr_fd_hashes);
04454 pos = begin + len;
04455 if (pos < offset) {
04456 len = 0;
04457 begin = pos;
04458 }
04459 if (pos > offset + length)
04460 goto out;
04461 #endif
04462 #if defined(CONFIG_RSBAC_PM)
04463 len +=
04464 sprintf(buffer + len,
04465 "PM aci version is %u, aci entry size is %Zd, %u lists per device\n",
04466 RSBAC_PM_FD_ACI_VERSION,
04467 sizeof(struct rsbac_pm_fd_aci_t),
04468 pm_nr_fd_hashes);
04469 pos = begin + len;
04470 if (pos < offset) {
04471 len = 0;
04472 begin = pos;
04473 }
04474 if (pos > offset + length)
04475 goto out;
04476 #endif
04477 #if defined(CONFIG_RSBAC_DAZ)
04478 len +=
04479 sprintf(buffer + len,
04480 "DAZ aci version is %u, aci entry size is %Zd, %u lists per device\n",
04481 RSBAC_DAZ_FD_ACI_VERSION,
04482 sizeof(struct rsbac_daz_fd_aci_t),
04483 daz_nr_fd_hashes);
04484 pos = begin + len;
04485 if (pos < offset) {
04486 len = 0;
04487 begin = pos;
04488 }
04489 if (pos > offset + length)
04490 goto out;
04491 #if defined(CONFIG_RSBAC_DAZ_CACHE)
04492 len +=
04493 sprintf(buffer + len,
04494 "DAZS aci version is %u, aci entry size is %Zd, %u lists per device\n",
04495 RSBAC_DAZ_SCANNED_FD_ACI_VERSION,
04496 sizeof(rsbac_daz_scanned_t),
04497 daz_scanned_nr_fd_hashes);
04498 pos = begin + len;
04499 if (pos < offset) {
04500 len = 0;
04501 begin = pos;
04502 }
04503 if (pos > offset + length)
04504 goto out;
04505 #endif
04506 #endif
04507 #if defined(CONFIG_RSBAC_FF)
04508 len +=
04509 sprintf(buffer + len,
04510 "FF aci version is %u, aci entry size is %Zd, %u lists per device\n",
04511 RSBAC_FF_FD_ACI_VERSION, sizeof(rsbac_ff_flags_t),
04512 ff_nr_fd_hashes);
04513 pos = begin + len;
04514 if (pos < offset) {
04515 len = 0;
04516 begin = pos;
04517 }
04518 if (pos > offset + length)
04519 goto out;
04520 #endif
04521 #if defined(CONFIG_RSBAC_RC)
04522 len +=
04523 sprintf(buffer + len,
04524 "RC aci version is %u, aci entry size is %Zd, %u lists per device\n",
04525 RSBAC_RC_FD_ACI_VERSION,
04526 sizeof(struct rsbac_rc_fd_aci_t),
04527 rc_nr_fd_hashes);
04528 pos = begin + len;
04529 if (pos < offset) {
04530 len = 0;
04531 begin = pos;
04532 }
04533 if (pos > offset + length)
04534 goto out;
04535 #endif
04536 #if defined(CONFIG_RSBAC_AUTH)
04537 len +=
04538 sprintf(buffer + len,
04539 "AUTH aci version is %u, aci entry size is %Zd, %u lists per device\n",
04540 RSBAC_AUTH_FD_ACI_VERSION,
04541 sizeof(struct rsbac_auth_fd_aci_t),
04542 auth_nr_fd_hashes);
04543 pos = begin + len;
04544 if (pos < offset) {
04545 len = 0;
04546 begin = pos;
04547 }
04548 if (pos > offset + length)
04549 goto out;
04550 #endif
04551 #if defined(CONFIG_RSBAC_CAP)
04552 len +=
04553 sprintf(buffer + len,
04554 "CAP aci version is %u, aci entry size is %Zd, %u lists per device\n",
04555 RSBAC_CAP_FD_ACI_VERSION,
04556 sizeof(struct rsbac_cap_fd_aci_t),
04557 cap_nr_fd_hashes);
04558 pos = begin + len;
04559 if (pos < offset) {
04560 len = 0;
04561 begin = pos;
04562 }
04563 if (pos > offset + length)
04564 goto out;
04565 #endif
04566 #if defined(CONFIG_RSBAC_PAX)
04567 len +=
04568 sprintf(buffer + len,
04569 "PAX aci version is %u, aci entry size is %Zd, %u lists per device\n",
04570 RSBAC_PAX_FD_ACI_VERSION, sizeof(rsbac_pax_flags_t),
04571 pax_nr_fd_hashes);
04572 pos = begin + len;
04573 if (pos < offset) {
04574 len = 0;
04575 begin = pos;
04576 }
04577 if (pos > offset + length)
04578 goto out;
04579 #endif
04580 #if defined(CONFIG_RSBAC_RES)
04581 len +=
04582 sprintf(buffer + len,
04583 "RES aci version is %u, aci entry size is %Zd, %u lists per device\n",
04584 RSBAC_RES_FD_ACI_VERSION,
04585 sizeof(struct rsbac_res_fd_aci_t),
04586 res_nr_fd_hashes);
04587 pos = begin + len;
04588 if (pos < offset) {
04589 len = 0;
04590 begin = pos;
04591 }
04592 if (pos > offset + length)
04593 goto out;
04594 #endif
04595
04596
04597 len +=
04598 sprintf(buffer + len,
04599 "\nDEV lists:\nGEN aci version is %u, aci entry size is %Zd\n",
04600 RSBAC_GEN_DEV_ACI_VERSION,
04601 sizeof(struct rsbac_gen_dev_aci_t));
04602 pos = begin + len;
04603 if (pos < offset) {
04604 len = 0;
04605 begin = pos;
04606 }
04607 if (pos > offset + length)
04608 goto out;
04609 #if defined(CONFIG_RSBAC_MAC)
04610 len +=
04611 sprintf(buffer + len,
04612 "MAC aci version is %u, aci entry size is %Zd\n",
04613 RSBAC_MAC_DEV_ACI_VERSION,
04614 sizeof(struct rsbac_mac_dev_aci_t));
04615 pos = begin + len;
04616 if (pos < offset) {
04617 len = 0;
04618 begin = pos;
04619 }
04620 if (pos > offset + length)
04621 goto out;
04622 #endif
04623 #if defined(CONFIG_RSBAC_PM)
04624 len +=
04625 sprintf(buffer + len,
04626 "PM aci version is %u, aci entry size is %Zd\n",
04627 RSBAC_PM_DEV_ACI_VERSION,
04628 sizeof(struct rsbac_pm_dev_aci_t));
04629 pos = begin + len;
04630 if (pos < offset) {
04631 len = 0;
04632 begin = pos;
04633 }
04634 if (pos > offset + length)
04635 goto out;
04636 #endif
04637 #if defined(CONFIG_RSBAC_RC)
04638 len +=
04639 sprintf(buffer + len,
04640 "RC aci version is %u, aci entry size is %Zd\n",
04641 RSBAC_RC_DEV_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
04642 pos = begin + len;
04643 if (pos < offset) {
04644 len = 0;
04645 begin = pos;
04646 }
04647 if (pos > offset + length)
04648 goto out;
04649 #endif
04650
04651
04652 len += sprintf(buffer + len, "\nIPC lists:\n");
04653 pos = begin + len;
04654 if (pos < offset) {
04655 len = 0;
04656 begin = pos;
04657 }
04658 if (pos > offset + length)
04659 goto out;
04660 #if defined(CONFIG_RSBAC_MAC)
04661 len +=
04662 sprintf(buffer + len,
04663 "MAC aci version is %u, aci entry size is %Zd\n",
04664 RSBAC_MAC_IPC_ACI_VERSION,
04665 sizeof(struct rsbac_mac_ipc_aci_t));
04666 pos = begin + len;
04667 if (pos < offset) {
04668 len = 0;
04669 begin = pos;
04670 }
04671 if (pos > offset + length)
04672 goto out;
04673 #endif
04674 #if defined(CONFIG_RSBAC_PM)
04675 len +=
04676 sprintf(buffer + len,
04677 "PM aci version is %u, aci entry size is %Zd\n",
04678 RSBAC_PM_IPC_ACI_VERSION,
04679 sizeof(struct rsbac_pm_ipc_aci_t));
04680 pos = begin + len;
04681 if (pos < offset) {
04682 len = 0;
04683 begin = pos;
04684 }
04685 if (pos > offset + length)
04686 goto out;
04687 #endif
04688 #if defined(CONFIG_RSBAC_RC)
04689 len +=
04690 sprintf(buffer + len,
04691 "RC aci version is %u, aci entry size is %Zd\n",
04692 RSBAC_RC_IPC_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
04693 pos = begin + len;
04694 if (pos < offset) {
04695 len = 0;
04696 begin = pos;
04697 }
04698 if (pos > offset + length)
04699 goto out;
04700 #endif
04701 #if defined(CONFIG_RSBAC_JAIL)
04702 len +=
04703 sprintf(buffer + len,
04704 "JAIL aci version is %u, aci entry size is %Zd\n",
04705 RSBAC_JAIL_IPC_ACI_VERSION, sizeof(rsbac_jail_id_t));
04706 pos = begin + len;
04707 if (pos < offset) {
04708 len = 0;
04709 begin = pos;
04710 }
04711 if (pos > offset + length)
04712 goto out;
04713 #endif
04714
04715
04716 len +=
04717 sprintf(buffer + len,
04718 "\nUSER lists:\nGEN aci version is %u, aci entry size is %Zd\n",
04719 RSBAC_GEN_USER_ACI_VERSION,
04720 sizeof(struct rsbac_gen_user_aci_t));
04721 pos = begin + len;
04722 if (pos < offset) {
04723 len = 0;
04724 begin = pos;
04725 }
04726 if (pos > offset + length)
04727 goto out;
04728 #if defined(CONFIG_RSBAC_MAC)
04729 len +=
04730 sprintf(buffer + len,
04731 "MAC aci version is %u, aci entry size is %Zd\n",
04732 RSBAC_MAC_USER_ACI_VERSION,
04733 sizeof(struct rsbac_mac_user_aci_t));
04734 pos = begin + len;
04735 if (pos < offset) {
04736 len = 0;
04737 begin = pos;
04738 }
04739 if (pos > offset + length)
04740 goto out;
04741 #endif
04742 #if defined(CONFIG_RSBAC_PM)
04743 len +=
04744 sprintf(buffer + len,
04745 "PM aci version is %u, aci entry size is %Zd\n",
04746 RSBAC_PM_USER_ACI_VERSION,
04747 sizeof(struct rsbac_pm_user_aci_t));
04748 pos = begin + len;
04749 if (pos < offset) {
04750 len = 0;
04751 begin = pos;
04752 }
04753 if (pos > offset + length)
04754 goto out;
04755 #endif
04756 #if defined(CONFIG_RSBAC_DAZ)
04757 len +=
04758 sprintf(buffer + len,
04759 "DAZ aci version is %u, aci entry size is %Zd\n",
04760 RSBAC_DAZ_USER_ACI_VERSION,
04761 sizeof(rsbac_system_role_int_t));
04762 pos = begin + len;
04763 if (pos < offset) {
04764 len = 0;
04765 begin = pos;
04766 }
04767 if (pos > offset + length)
04768 goto out;
04769 #endif
04770 #if defined(CONFIG_RSBAC_RC)
04771 len +=
04772 sprintf(buffer + len,
04773 "RC aci version is %u, aci entry size is %Zd\n",
04774 RSBAC_RC_USER_ACI_VERSION, sizeof(rsbac_rc_role_id_t));
04775 pos = begin + len;
04776 if (pos < offset) {
04777 len = 0;
04778 begin = pos;
04779 }
04780 if (pos > offset + length)
04781 goto out;
04782 #endif
04783 #if defined(CONFIG_RSBAC_AUTH)
04784 len +=
04785 sprintf(buffer + len,
04786 "AUTH aci version is %u, aci entry size is %Zd\n",
04787 RSBAC_AUTH_USER_ACI_VERSION,
04788 sizeof(rsbac_system_role_int_t));
04789 pos = begin + len;
04790 if (pos < offset) {
04791 len = 0;
04792 begin = pos;
04793 }
04794 if (pos > offset + length)
04795 goto out;
04796 #endif
04797 #if defined(CONFIG_RSBAC_CAP)
04798 len +=
04799 sprintf(buffer + len,
04800 "CAP aci version is %u, aci entry size is %Zd\n",
04801 RSBAC_CAP_USER_ACI_VERSION,
04802 sizeof(struct rsbac_cap_user_aci_t));
04803 pos = begin + len;
04804 if (pos < offset) {
04805 len = 0;
04806 begin = pos;
04807 }
04808 if (pos > offset + length)
04809 goto out;
04810 #endif
04811 #if defined(CONFIG_RSBAC_JAIL)
04812 len +=
04813 sprintf(buffer + len,
04814 "JAIL aci version is %u, aci entry size is %Zd\n",
04815 RSBAC_JAIL_USER_ACI_VERSION,
04816 sizeof(rsbac_system_role_int_t));
04817 pos = begin + len;
04818 if (pos < offset) {
04819 len = 0;
04820 begin = pos;
04821 }
04822 if (pos > offset + length)
04823 goto out;
04824 #endif
04825 #if defined(CONFIG_RSBAC_PAX)
04826 len +=
04827 sprintf(buffer + len,
04828 "PAX aci version is %u, aci entry size is %Zd\n",
04829 RSBAC_PAX_USER_ACI_VERSION,
04830 sizeof(rsbac_system_role_int_t));
04831 pos = begin + len;
04832 if (pos < offset) {
04833 len = 0;
04834 begin = pos;
04835 }
04836 if (pos > offset + length)
04837 goto out;
04838 #endif
04839 #if defined(CONFIG_RSBAC_RES)
04840 len +=
04841 sprintf(buffer + len,
04842 "RES aci version is %u, aci entry size is %Zd\n",
04843 RSBAC_RES_USER_ACI_VERSION,
04844 sizeof(struct rsbac_res_user_aci_t));
04845 pos = begin + len;
04846 if (pos < offset) {
04847 len = 0;
04848 begin = pos;
04849 }
04850 if (pos > offset + length)
04851 goto out;
04852 #endif
04853
04854
04855 len +=
04856 sprintf(buffer + len,
04857 "\nPROCESS lists:\nGEN aci version is %i, aci entry size is %Zd, number of lists is %u\n",
04858 RSBAC_GEN_PROCESS_ACI_VERSION,
04859 sizeof(rsbac_request_vector_t),
04860 CONFIG_RSBAC_GEN_NR_P_LISTS);
04861 pos = begin + len;
04862 if (pos < offset) {
04863 len = 0;
04864 begin = pos;
04865 }
04866 if (pos > offset + length)
04867 goto out;
04868 #if defined(CONFIG_RSBAC_MAC)
04869 len +=
04870 sprintf(buffer + len,
04871 "MAC aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04872 RSBAC_MAC_PROCESS_ACI_VERSION,
04873 sizeof(struct rsbac_mac_process_aci_t),
04874 CONFIG_RSBAC_MAC_NR_P_LISTS);
04875 pos = begin + len;
04876 if (pos < offset) {
04877 len = 0;
04878 begin = pos;
04879 }
04880 if (pos > offset + length)
04881 goto out;
04882 #endif
04883 #if defined(CONFIG_RSBAC_PM)
04884 len +=
04885 sprintf(buffer + len,
04886 "PM aci version is %u, aci entry size is %Zd\n",
04887 RSBAC_PM_PROCESS_ACI_VERSION,
04888 sizeof(struct rsbac_pm_process_aci_t));
04889 pos = begin + len;
04890 if (pos < offset) {
04891 len = 0;
04892 begin = pos;
04893 }
04894 if (pos > offset + length)
04895 goto out;
04896 #endif
04897 #if defined(CONFIG_RSBAC_RC)
04898 len +=
04899 sprintf(buffer + len,
04900 "RC aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04901 RSBAC_RC_PROCESS_ACI_VERSION,
04902 sizeof(struct rsbac_rc_process_aci_t),
04903 CONFIG_RSBAC_RC_NR_P_LISTS);
04904 pos = begin + len;
04905 if (pos < offset) {
04906 len = 0;
04907 begin = pos;
04908 }
04909 if (pos > offset + length)
04910 goto out;
04911 #endif
04912 #if defined(CONFIG_RSBAC_AUTH)
04913 len +=
04914 sprintf(buffer + len,
04915 "AUTH aci version is %u, aci entry size is %Zd\n",
04916 RSBAC_AUTH_PROCESS_ACI_VERSION,
04917 sizeof(struct rsbac_auth_process_aci_t));
04918 pos = begin + len;
04919 if (pos < offset) {
04920 len = 0;
04921 begin = pos;
04922 }
04923 if (pos > offset + length)
04924 goto out;
04925 #endif
04926 #if defined(CONFIG_RSBAC_CAP)
04927 len +=
04928 sprintf(buffer + len,
04929 "CAP aci version is %u, aci entry size is %Zd\n",
04930 RSBAC_CAP_PROCESS_ACI_VERSION,
04931 sizeof(struct rsbac_cap_process_aci_t));
04932 pos = begin + len;
04933 if (pos < offset) {
04934 len = 0;
04935 begin = pos;
04936 }
04937 if (pos > offset + length)
04938 goto out;
04939 #endif
04940 #if defined(CONFIG_RSBAC_JAIL)
04941 len +=
04942 sprintf(buffer + len,
04943 "JAIL aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04944 RSBAC_JAIL_PROCESS_ACI_VERSION,
04945 sizeof(struct rsbac_jail_process_aci_t),
04946 CONFIG_RSBAC_JAIL_NR_P_LISTS);
04947 pos = begin + len;
04948 if (pos < offset) {
04949 len = 0;
04950 begin = pos;
04951 }
04952 if (pos > offset + length)
04953 goto out;
04954 #endif
04955
04956 #if defined(CONFIG_RSBAC_NET_DEV)
04957 len += sprintf(buffer + len, "\nNETDEV lists:\n");
04958 pos = begin + len;
04959 if (pos < offset) {
04960 len = 0;
04961 begin = pos;
04962 }
04963 if (pos > offset + length)
04964 goto out;
04965 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
04966 len +=
04967 sprintf(buffer + len,
04968 "GEN aci version is %u, aci entry size is %Zd\n",
04969 RSBAC_GEN_NETDEV_ACI_VERSION,
04970 sizeof(struct rsbac_gen_netdev_aci_t));
04971 pos = begin + len;
04972 if (pos < offset) {
04973 len = 0;
04974 begin = pos;
04975 }
04976 if (pos > offset + length)
04977 goto out;
04978 #endif
04979 #if defined(CONFIG_RSBAC_RC)
04980 len +=
04981 sprintf(buffer + len,
04982 "RC aci version is %u, aci entry size is %Zd\n",
04983 RSBAC_RC_NETDEV_ACI_VERSION,
04984 sizeof(rsbac_rc_type_id_t));
04985 pos = begin + len;
04986 if (pos < offset) {
04987 len = 0;
04988 begin = pos;
04989 }
04990 if (pos > offset + length)
04991 goto out;
04992 #endif
04993 #endif
04994
04995 #if defined(CONFIG_RSBAC_NET_OBJ)
04996 len +=
04997 sprintf(buffer + len,
04998 "\nNetwork Template list: version is %u, data size is %Zd\n",
04999 RSBAC_NET_TEMP_VERSION,
05000 sizeof(struct rsbac_net_temp_data_t));
05001 pos = begin + len;
05002 if (pos < offset) {
05003 len = 0;
05004 begin = pos;
05005 }
05006 if (pos > offset + length)
05007 goto out;
05008 len +=
05009 sprintf(buffer + len,
05010 "\nNETOBJ lists:\nGEN aci version is %u, aci entry size is %Zd\n",
05011 RSBAC_GEN_NETOBJ_ACI_VERSION,
05012 sizeof(struct rsbac_gen_netobj_aci_t));
05013 pos = begin + len;
05014 if (pos < offset) {
05015 len = 0;
05016 begin = pos;
05017 }
05018 if (pos > offset + length)
05019 goto out;
05020 #if defined(CONFIG_RSBAC_MAC)
05021 len +=
05022 sprintf(buffer + len,
05023 "MAC aci version is %u, aci entry size is %Zd\n",
05024 RSBAC_MAC_NETOBJ_ACI_VERSION,
05025 sizeof(struct rsbac_mac_netobj_aci_t));
05026 pos = begin + len;
05027 if (pos < offset) {
05028 len = 0;
05029 begin = pos;
05030 }
05031 if (pos > offset + length)
05032 goto out;
05033 #endif
05034 #if defined(CONFIG_RSBAC_PM)
05035 len +=
05036 sprintf(buffer + len,
05037 "PM aci version is %u, aci entry size is %Zd\n",
05038 RSBAC_PM_NETOBJ_ACI_VERSION,
05039 sizeof(struct rsbac_pm_netobj_aci_t));
05040 pos = begin + len;
05041 if (pos < offset) {
05042 len = 0;
05043 begin = pos;
05044 }
05045 if (pos > offset + length)
05046 goto out;
05047 #endif
05048 #if defined(CONFIG_RSBAC_RC)
05049 len +=
05050 sprintf(buffer + len,
05051 "RC aci version is %u, aci entry size is %Zd\n",
05052 RSBAC_RC_NETOBJ_ACI_VERSION,
05053 sizeof(rsbac_rc_type_id_t));
05054 pos = begin + len;
05055 if (pos < offset) {
05056 len = 0;
05057 begin = pos;
05058 }
05059 if (pos > offset + length)
05060 goto out;
05061 #endif
05062 #endif
05063
05064 len +=
05065 sprintf(buffer + len,
05066 "\nlog_levels array: version is %u, array size is %Zd\n",
05067 RSBAC_LOG_LEVEL_VERSION,
05068 R_NONE * (T_NONE + 1) * sizeof(rsbac_enum_t));
05069 pos = begin + len;
05070 if (pos < offset) {
05071 len = 0;
05072 begin = pos;
05073 }
05074 if (pos > offset + length)
05075 goto out;
05076 len +=
05077 sprintf(buffer + len,
05078 "\nattribute value union size is %u\n",
05079 (int) sizeof(union rsbac_attribute_value_t));
05080 #ifdef CONFIG_RSBAC_FD_CACHE
05081 len +=
05082 sprintf(buffer + len,
05083 "fd cache attribute value union size is %u\n",
05084 (int) sizeof(union rsbac_attribute_value_cache_t));
05085 #endif
05086 pos = begin + len;
05087 if (pos < offset) {
05088 len = 0;
05089 begin = pos;
05090 }
05091
05092 out:
05093 *start = buffer + (offset - begin);
05094 len -= (offset - begin);
05095
05096 if (len > length)
05097 len = length;
05098 return len;
05099 }
05100
05101 #ifdef CONFIG_RSBAC_NET_OBJ
05102 static int
05103 net_temp_proc_info(char *buffer, char **start, off_t offset, int length)
05104 {
05105 u_int len = 0;
05106 off_t pos = 0;
05107 off_t begin = 0;
05108 rsbac_net_temp_id_t *temp_array;
05109 long count;
05110
05111 union rsbac_target_id_t rsbac_target_id;
05112 union rsbac_attribute_value_t rsbac_attribute_value;
05113
05114 if (!rsbac_initialized)
05115 return (-ENOSYS);
05116
05117 rsbac_pr_debug(aef, "calling ADF\n");
05118 rsbac_target_id.scd = ST_rsbac;
05119 rsbac_attribute_value.dummy = 0;
05120 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05121 current->pid,
05122 T_SCD,
05123 rsbac_target_id,
05124 A_none, rsbac_attribute_value)) {
05125 return -EPERM;
05126 }
05127
05128 len = sprintf(buffer, "Network Templates\n-----------------\n");
05129 pos = begin + len;
05130 if (pos < offset) {
05131 len = 0;
05132 begin = pos;
05133 }
05134 if (pos > offset + length)
05135 goto out;
05136
05137 count =
05138 rsbac_list_get_all_desc(net_temp_handle,
05139 (void **) &temp_array);
05140 if (count > 0) {
05141 __u32 i;
05142 struct rsbac_net_temp_data_t data;
05143
05144 for (i = 0; i < count; i++) {
05145 if (!rsbac_list_get_data
05146 (net_temp_handle, &temp_array[i], &data)) {
05147 len +=
05148 sprintf(buffer + len, "%10u %s\n",
05149 temp_array[i], data.name);
05150 pos = begin + len;
05151 if (pos < offset) {
05152 len = 0;
05153 begin = pos;
05154 }
05155 if (pos > offset + length) {
05156 rsbac_vfree(temp_array);
05157 goto out;
05158 }
05159 }
05160 }
05161 rsbac_vfree(temp_array);
05162 }
05163 len += sprintf(buffer + len, "%lu templates\n", count);
05164 pos = begin + len;
05165 if (pos < offset) {
05166 len = 0;
05167 begin = pos;
05168 }
05169
05170 out:
05171 *start = buffer + (offset - begin);
05172 len -= (offset - begin);
05173
05174 if (len > length)
05175 len = length;
05176 return len;
05177 }
05178 #endif
05179
05180 #ifdef CONFIG_RSBAC_JAIL
05181 static int
05182 jail_proc_info(char *buffer, char **start, off_t offset, int length)
05183 {
05184 u_int len = 0;
05185 off_t pos = 0;
05186 off_t begin = 0;
05187 rsbac_pid_t *pid_array;
05188 struct rsbac_ipc_t *ipc_array;
05189 u_long count = 0;
05190 u_int i;
05191 struct rsbac_jail_process_aci_t data;
05192 union rsbac_target_id_t rsbac_target_id;
05193 union rsbac_attribute_value_t rsbac_attribute_value;
05194
05195 if (!rsbac_initialized)
05196 return (-ENOSYS);
05197
05198 rsbac_pr_debug(aef, "calling ADF\n");
05199 rsbac_target_id.scd = ST_rsbac;
05200 rsbac_attribute_value.dummy = 0;
05201 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05202 current->pid,
05203 T_SCD,
05204 rsbac_target_id,
05205 A_none, rsbac_attribute_value)) {
05206 return -EPERM;
05207 }
05208
05209 len =
05210 sprintf(buffer,
05211 "Syslog-Jail is %u\n\nJAILed Processes\n----------------\nPID Jail-ID Flags Max Caps SCD get SCD modify IP\n",
05212 rsbac_jail_syslog_jail_id);
05213 pos = begin + len;
05214 if (pos < offset) {
05215 len = 0;
05216 begin = pos;
05217 }
05218 if (pos > offset + length)
05219 goto out;
05220
05221 count = rsbac_list_get_all_desc(process_handles.jail,
05222 (void **) &pid_array);
05223 if (count > 0) {
05224 for (i = 0; i < count; i++) {
05225 if (!rsbac_list_get_data
05226 (process_handles.jail,
05227 &pid_array[i], &data)) {
05228 len +=
05229 sprintf(buffer + len,
05230 "%-5u %-10u %-7u %-10i %-10u %-10u %u.%u.%u.%u\n",
05231 pid_array[i], data.id,
05232 data.flags,
05233 data.max_caps,
05234 data.scd_get,
05235 data.scd_modify,
05236 NIPQUAD(data.ip));
05237 pos = begin + len;
05238 if (pos < offset) {
05239 len = 0;
05240 begin = pos;
05241 }
05242 if (pos > offset + length) {
05243 rsbac_vfree(pid_array);
05244 goto out;
05245 }
05246 }
05247 }
05248 rsbac_vfree(pid_array);
05249 }
05250 len += sprintf(buffer + len, "%lu jailed processes\n", count);
05251 pos = begin + len;
05252 if (pos < offset) {
05253 len = 0;
05254 begin = pos;
05255 }
05256 if (pos > offset + length)
05257 goto out;
05258
05259 len +=
05260 sprintf(buffer + len,
05261 "\nJAIL IPCs\n---------\nType IPC-ID Jail-ID\n");
05262 pos = begin + len;
05263 if (pos < offset) {
05264 len = 0;
05265 begin = pos;
05266 }
05267 if (pos > offset + length)
05268 goto out;
05269
05270 count =
05271 rsbac_list_get_all_desc(ipc_handles.jail,
05272 (void **) &ipc_array);
05273 if (count > 0) {
05274 __u32 i;
05275 rsbac_jail_id_t data;
05276 char tmp[RSBAC_MAXNAMELEN];
05277
05278 for (i = 0; i < count; i++) {
05279 if (!rsbac_list_get_data
05280 (ipc_handles.jail, &ipc_array[i], &data)) {
05281 len +=
05282 sprintf(buffer + len,
05283 "%-10s %-10lu %-10u\n",
05284 get_ipc_target_name(tmp,
05285 ipc_array
05286 [i].type),
05287 ipc_array[i].id.id_nr, data);
05288 pos = begin + len;
05289 if (pos < offset) {
05290 len = 0;
05291 begin = pos;
05292 }
05293 if (pos > offset + length) {
05294 rsbac_vfree(ipc_array);
05295 goto out;
05296 }
05297 }
05298 }
05299 rsbac_vfree(ipc_array);
05300 }
05301 len += sprintf(buffer + len, "%lu JAIL IPCs\n", count);
05302 pos = begin + len;
05303 if (pos < offset) {
05304 len = 0;
05305 begin = pos;
05306 }
05307 if (pos > offset + length)
05308 goto out;
05309 out:
05310 *start = buffer + (offset - begin);
05311 len -= (offset - begin);
05312
05313 if (len > length)
05314 len = length;
05315 return len;
05316 }
05317 #endif
05318
05319 #ifdef CONFIG_RSBAC_PAX
05320 static int
05321 pax_proc_info(char *buffer, char **start, off_t offset, int length)
05322 {
05323 int len = 0;
05324 off_t pos = 0;
05325 off_t begin = 0;
05326
05327 union rsbac_target_id_t rsbac_target_id;
05328 union rsbac_attribute_value_t rsbac_attribute_value;
05329
05330 if (!rsbac_initialized)
05331 return (-ENOSYS);
05332
05333 rsbac_target_id.scd = ST_rsbac;
05334 rsbac_attribute_value.dummy = 0;
05335 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05336 current->pid,
05337 T_SCD,
05338 rsbac_target_id,
05339 A_none, rsbac_attribute_value)) {
05340 return -EPERM;
05341 }
05342 len += sprintf(buffer, "RSBAC PaX module\n----------------\n");
05343 pos = begin + len;
05344 if (pos < offset) {
05345 len = 0;
05346 begin = pos;
05347 }
05348 if (pos > offset + length)
05349 goto out;
05350
05351 len += sprintf(buffer + len, "%li user list items.\n",
05352 rsbac_list_count(user_handles.pax));
05353 pos = begin + len;
05354 if (pos < offset) {
05355 len = 0;
05356 begin = pos;
05357 }
05358 if (pos > offset + length)
05359 goto out;
05360
05361 out:
05362 *start = buffer + (offset - begin);
05363 len -= (offset - begin);
05364
05365 if (len > length)
05366 len = length;
05367 return len;
05368 }
05369 #endif
05370
05371 static int register_all_rsbac_proc(void)
05372 {
05373 struct proc_dir_entry *tmp_entry_p;
05374
05375 proc_rsbac_root_p = create_proc_entry("rsbac-info",
05376 S_IFDIR | S_IRUGO | S_IXUGO,
05377 &proc_root);
05378 if (!proc_rsbac_root_p)
05379 return -RSBAC_ECOULDNOTADDITEM;
05380
05381 proc_rsbac_backup_p = create_proc_entry("backup",
05382 S_IFDIR | S_IRUGO |
05383 S_IXUGO,
05384 proc_rsbac_root_p);
05385 if (!proc_rsbac_root_p)
05386 return -RSBAC_ECOULDNOTADDITEM;
05387
05388 tmp_entry_p = create_proc_entry("devices",
05389 S_IFREG | S_IRUGO,
05390 proc_rsbac_root_p);
05391 if (!tmp_entry_p)
05392 return -RSBAC_ECOULDNOTADDITEM;
05393 tmp_entry_p->get_info = devices_proc_info;
05394
05395 tmp_entry_p = create_proc_entry("stats",
05396 S_IFREG | S_IRUGO,
05397 proc_rsbac_root_p);
05398 if (!tmp_entry_p)
05399 return -RSBAC_ECOULDNOTADDITEM;
05400 tmp_entry_p->get_info = stats_proc_info;
05401
05402 tmp_entry_p = create_proc_entry("active",
05403 S_IFREG | S_IRUGO,
05404 proc_rsbac_root_p);
05405 if (!tmp_entry_p)
05406 return -RSBAC_ECOULDNOTADDITEM;
05407 tmp_entry_p->get_info = active_proc_info;
05408
05409 #ifdef CONFIG_RSBAC_XSTATS
05410 tmp_entry_p = create_proc_entry("xstats",
05411 S_IFREG | S_IRUGO,
05412 proc_rsbac_root_p);
05413 if (!tmp_entry_p)
05414 return -RSBAC_ECOULDNOTADDITEM;
05415 tmp_entry_p->get_info = xstats_proc_info;
05416 #endif
05417 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
05418 tmp_entry_p = create_proc_entry("auto_write",
05419 S_IFREG | S_IRUGO | S_IWUGO,
05420 proc_rsbac_root_p);
05421 if (!tmp_entry_p)
05422 return -RSBAC_ECOULDNOTADDITEM;
05423 tmp_entry_p->get_info = auto_write_proc_info;
05424 tmp_entry_p->write_proc = auto_write_proc_write;
05425 #endif
05426 tmp_entry_p = create_proc_entry("versions",
05427 S_IFREG | S_IRUGO,
05428 proc_rsbac_root_p);
05429 if (!tmp_entry_p)
05430 return -RSBAC_ECOULDNOTADDITEM;
05431 tmp_entry_p->get_info = versions_proc_info;
05432
05433 #ifdef CONFIG_RSBAC_NET_OBJ
05434 tmp_entry_p = create_proc_entry("net_temp",
05435 S_IFREG | S_IRUGO,
05436 proc_rsbac_root_p);
05437 if (!tmp_entry_p)
05438 return -RSBAC_ECOULDNOTADDITEM;
05439 tmp_entry_p->get_info = net_temp_proc_info;
05440 #endif
05441 #ifdef CONFIG_RSBAC_JAIL
05442 tmp_entry_p = create_proc_entry("jails",
05443 S_IFREG | S_IRUGO,
05444 proc_rsbac_root_p);
05445 if (!tmp_entry_p)
05446 return -RSBAC_ECOULDNOTADDITEM;
05447 tmp_entry_p->get_info = jail_proc_info;
05448 #endif
05449 #ifdef CONFIG_RSBAC_PAX
05450 tmp_entry_p = create_proc_entry("pax",
05451 S_IFREG | S_IRUGO,
05452 proc_rsbac_root_p);
05453 if (!tmp_entry_p)
05454 return -RSBAC_ECOULDNOTADDITEM;
05455 tmp_entry_p->get_info = pax_proc_info;
05456 #endif
05457
05458 return 0;
05459 }
05460
05461
05462
05463
05464
05465
05466
05467
05468
05469
05470
05471
05472
05473
05474
05475
05476
05477
05478
05479
05480
05481
05482
05483 #endif
05484
05485
05486
05487
05488
05489
05490
05491
05492
05493
05494
05495
05496
05497
05498
05499 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
05500 #ifdef CONFIG_RSBAC_INIT_DELAY
05501 int rsbac_init_daz(void);
05502 #else
05503 int __init rsbac_init_daz(void);
05504 #endif
05505 #endif
05506
05507 #ifdef CONFIG_RSBAC_INIT_DELAY
05508 static void registration_error(int err, char *listname)
05509 #else
05510 static void __init registration_error(int err, char *listname)
05511 #endif
05512 {
05513 if (err < 0) {
05514 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05515
05516 if (tmp) {
05517 rsbac_printk(KERN_WARNING "rsbac_do_init(): Registering %s list failed with error %s\n",
05518 listname, get_error_name(tmp, err));
05519 rsbac_kfree(tmp);
05520 }
05521 }
05522 }
05523
05524 #ifdef CONFIG_RSBAC_FD_CACHE
05525 #ifdef CONFIG_RSBAC_INIT_DELAY
05526 static int register_fd_cache_lists(void)
05527 #else
05528 static int __init register_fd_cache_lists(void)
05529 #endif
05530 {
05531 int err = 0;
05532 struct rsbac_list_lol_info_t *list_info_p;
05533 char * tmp;
05534 u_int i;
05535
05536 for (i = 0; i < SW_NONE; i++) {
05537 fd_cache_handle[i] = NULL;
05538 #ifdef CONFIG_RSBAC_XSTATS
05539 fd_cache_hits[i] = 0;
05540 fd_cache_misses[i] = 0;
05541 #endif
05542 }
05543 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05544 if (!list_info_p) {
05545 return -ENOMEM;
05546 }
05547 tmp = kmalloc(RSBAC_MAXNAMELEN, GFP_KERNEL);
05548 if (!tmp) {
05549 kfree(list_info_p);
05550 return -ENOMEM;
05551 }
05552 rsbac_pr_debug(ds, "registering FD Cache lists\n");
05553 list_info_p->version = RSBAC_FD_CACHE_VERSION;
05554 list_info_p->key = RSBAC_FD_CACHE_KEY;
05555 list_info_p->desc_size = sizeof(struct rsbac_fd_cache_desc_t);
05556 list_info_p->data_size = 0;
05557 list_info_p->subdesc_size = sizeof(rsbac_enum_t);
05558 list_info_p->subdata_size =
05559 sizeof(union rsbac_attribute_value_cache_t);
05560 list_info_p->max_age = 0;
05561 sprintf(tmp, "%sGEN", RSBAC_FD_CACHE_NAME);
05562 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
05563 &fd_cache_handle[SW_GEN], list_info_p,
05564 RSBAC_LIST_DEF_DATA | \
05565 RSBAC_LIST_AUTO_HASH_RESIZE | \
05566 RSBAC_LIST_NO_MAX_WARN,
05567 NULL,
05568 NULL,
05569 NULL, NULL,
05570 NULL, NULL,
05571 tmp,
05572 RSBAC_AUTO_DEV,
05573 RSBAC_LIST_MIN_MAX_HASHES,
05574 hash_fd_cache,
05575 NULL);
05576 if (err)
05577 registration_error(err, "FD Cache GEN");
05578 else
05579 rsbac_list_lol_max_items(fd_cache_handle[SW_GEN],
05580 RSBAC_FD_CACHE_KEY,
05581 CONFIG_RSBAC_FD_CACHE_MAX_ITEMS, A_none);
05582
05583 #if defined(CONFIG_RSBAC_MAC) && defined(CONFIG_RSBAC_MAC_DEF_INHERIT)
05584 sprintf(tmp, "%sMAC", RSBAC_FD_CACHE_NAME);
05585 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
05586 &fd_cache_handle[SW_MAC], list_info_p,
05587 RSBAC_LIST_DEF_DATA | \
05588 RSBAC_LIST_AUTO_HASH_RESIZE | \
05589 RSBAC_LIST_NO_MAX_WARN,
05590 NULL,
05591 NULL,
05592 NULL, NULL,
05593 NULL, NULL,
05594 tmp,
05595 RSBAC_AUTO_DEV,
05596 RSBAC_LIST_MIN_MAX_HASHES,
05597 hash_fd_cache,
05598 NULL);
05599 if (err)
05600 registration_error(err, "FD Cache MAC");
05601 else
05602 rsbac_list_lol_max_items(fd_cache_handle[SW_MAC],
05603 RSBAC_FD_CACHE_KEY,
05604 CONFIG_RSBAC_FD_CACHE_MAX_ITEMS, A_none);
05605 #endif
05606 #if defined(CONFIG_RSBAC_FF)
05607 sprintf(tmp, "%sFF", RSBAC_FD_CACHE_NAME);
05608 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
05609 &fd_cache_handle[SW_FF], list_info_p,
05610 RSBAC_LIST_DEF_DATA | \
05611 RSBAC_LIST_AUTO_HASH_RESIZE | \
05612 RSBAC_LIST_NO_MAX_WARN,
05613 NULL,
05614 NULL,
05615 NULL, NULL,
05616 NULL, NULL,
05617 tmp,
05618 RSBAC_AUTO_DEV,
05619 RSBAC_LIST_MIN_MAX_HASHES,
05620 hash_fd_cache,
05621 NULL);
05622 if (err)
05623 registration_error(err, "FD Cache FF");
05624 else
05625 rsbac_list_lol_max_items(fd_cache_handle[SW_FF],
05626 RSBAC_FD_CACHE_KEY,
05627 CONFIG_RSBAC_FD_CACHE_MAX_ITEMS, A_none);
05628 #endif
05629 #if defined(CONFIG_RSBAC_RC)
05630 sprintf(tmp, "%sRC", RSBAC_FD_CACHE_NAME);
05631 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
05632 &fd_cache_handle[SW_RC], list_info_p,
05633 RSBAC_LIST_DEF_DATA | \
05634 RSBAC_LIST_AUTO_HASH_RESIZE | \
05635 RSBAC_LIST_NO_MAX_WARN,
05636 NULL,
05637 NULL,
05638 NULL, NULL,
05639 NULL, NULL,
05640 tmp,
05641 RSBAC_AUTO_DEV,
05642 RSBAC_LIST_MIN_MAX_HASHES,
05643 hash_fd_cache,
05644 NULL);
05645 if (err)
05646 registration_error(err, "FD Cache RC");
05647 else
05648 rsbac_list_lol_max_items(fd_cache_handle[SW_RC],
05649 RSBAC_FD_CACHE_KEY,
05650 CONFIG_RSBAC_FD_CACHE_MAX_ITEMS, A_none);
05651 #endif
05652 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_DAZ_CACHE)
05653 sprintf(tmp, "%sDAZ", RSBAC_FD_CACHE_NAME);
05654 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
05655 &fd_cache_handle[SW_DAZ], list_info_p,
05656 RSBAC_LIST_DEF_DATA | \
05657 RSBAC_LIST_AUTO_HASH_RESIZE | \
05658 RSBAC_LIST_NO_MAX_WARN,
05659 NULL,
05660 NULL,
05661 NULL, NULL,
05662 NULL, NULL,
05663 tmp,
05664 RSBAC_AUTO_DEV,
05665 RSBAC_LIST_MIN_MAX_HASHES,
05666 hash_fd_cache,
05667 NULL);
05668 if (err)
05669 registration_error(err, "FD Cache DAZ");
05670 else
05671 rsbac_list_lol_max_items(fd_cache_handle[SW_DAZ],
05672 RSBAC_FD_CACHE_KEY,
05673 CONFIG_RSBAC_FD_CACHE_MAX_ITEMS,
05674 A_none);
05675 #endif
05676
05677 rsbac_kfree(list_info_p);
05678 rsbac_kfree(tmp);
05679 return err;
05680 }
05681 #endif
05682
05683 #ifdef CONFIG_RSBAC_INIT_DELAY
05684 static int register_dev_lists(void)
05685 #else
05686 static int __init register_dev_lists(void)
05687 #endif
05688 {
05689 int err = 0;
05690 struct rsbac_list_info_t *list_info_p;
05691
05692 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05693 if (!list_info_p) {
05694 return -ENOMEM;
05695 }
05696 rsbac_pr_debug(ds, "registering DEV lists\n");
05697 {
05698 struct rsbac_gen_dev_aci_t def_aci = DEFAULT_GEN_DEV_ACI;
05699
05700 list_info_p->version = RSBAC_GEN_DEV_ACI_VERSION;
05701 list_info_p->key = RSBAC_GEN_DEV_ACI_KEY;
05702 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05703 list_info_p->data_size =
05704 sizeof(struct rsbac_gen_dev_aci_t);
05705 list_info_p->max_age = 0;
05706 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05707 &dev_handles.gen, list_info_p,
05708 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05709 RSBAC_LIST_BACKUP |
05710 #endif
05711 RSBAC_LIST_PERSIST |
05712 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05713 dev_compare,
05714 gen_dev_get_conv, &def_aci,
05715 RSBAC_GEN_ACI_DEV_NAME,
05716 RSBAC_AUTO_DEV,
05717 1,
05718 rsbac_list_hash_dev,
05719 NULL);
05720 if (err) {
05721 registration_error(err, "DEV General");
05722 }
05723 }
05724 #if defined(CONFIG_RSBAC_MAC)
05725 {
05726 struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI;
05727
05728 list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION;
05729 list_info_p->key = RSBAC_MAC_DEV_ACI_KEY;
05730 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05731 list_info_p->data_size =
05732 sizeof(struct rsbac_mac_dev_aci_t);
05733 list_info_p->max_age = 0;
05734 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05735 &dev_handles.mac, list_info_p,
05736 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05737 RSBAC_LIST_BACKUP |
05738 #endif
05739 RSBAC_LIST_PERSIST |
05740 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05741 dev_compare,
05742 mac_dev_get_conv, &def_aci,
05743 RSBAC_MAC_ACI_DEV_NAME,
05744 RSBAC_AUTO_DEV,
05745 1,
05746 rsbac_list_hash_dev,
05747 NULL);
05748 if (err) {
05749 registration_error(err, "DEV MAC");
05750 }
05751 }
05752 #endif
05753 #if defined(CONFIG_RSBAC_PM)
05754 {
05755 struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI;
05756
05757 list_info_p->version = RSBAC_PM_DEV_ACI_VERSION;
05758 list_info_p->key = RSBAC_PM_DEV_ACI_KEY;
05759 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05760 list_info_p->data_size = sizeof(struct rsbac_pm_dev_aci_t);
05761 list_info_p->max_age = 0;
05762 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05763 &dev_handles.pm, list_info_p,
05764 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05765 RSBAC_LIST_BACKUP |
05766 #endif
05767 RSBAC_LIST_PERSIST |
05768 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05769 dev_compare,
05770 pm_dev_get_conv, &def_aci,
05771 RSBAC_PM_ACI_DEV_NAME,
05772 RSBAC_AUTO_DEV,
05773 1,
05774 rsbac_list_hash_dev,
05775 NULL);
05776 if (err) {
05777 registration_error(err, "DEV PM");
05778 }
05779 }
05780 #endif
05781 #if defined(CONFIG_RSBAC_RC)
05782 {
05783 rsbac_rc_type_id_t def_major_aci = RSBAC_RC_GENERAL_TYPE;
05784 rsbac_rc_type_id_t def_aci = RC_type_inherit_parent;
05785
05786 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05787 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05788 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05789 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05790 list_info_p->max_age = 0;
05791 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05792 &dev_major_handles.rc,
05793 list_info_p,
05794 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05795 RSBAC_LIST_BACKUP |
05796 #endif
05797 RSBAC_LIST_PERSIST |
05798 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05799 dev_major_compare,
05800 rc_dev_get_conv, &def_major_aci,
05801 RSBAC_RC_ACI_DEV_MAJOR_NAME,
05802 RSBAC_AUTO_DEV,
05803 1,
05804 rsbac_list_hash_dev,
05805 NULL);
05806 if (err) {
05807 registration_error(err, "DEV major RC");
05808 }
05809 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05810 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05811 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05812 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05813 list_info_p->max_age = 0;
05814 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05815 &dev_handles.rc, list_info_p,
05816 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05817 RSBAC_LIST_BACKUP |
05818 #endif
05819 RSBAC_LIST_PERSIST |
05820 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05821 dev_compare,
05822 rc_dev_get_conv, &def_aci,
05823 RSBAC_RC_ACI_DEV_NAME,
05824 RSBAC_AUTO_DEV,
05825 1,
05826 rsbac_list_hash_dev,
05827 NULL);
05828 if (err) {
05829 registration_error(err, "DEV RC");
05830 }
05831 }
05832 #endif
05833
05834 rsbac_kfree(list_info_p);
05835 return err;
05836 }
05837
05838 #ifdef CONFIG_RSBAC_INIT_DELAY
05839 static int register_ipc_lists(void)
05840 #else
05841 static int __init register_ipc_lists(void)
05842 #endif
05843 {
05844 int err = 0;
05845 struct rsbac_list_info_t *list_info_p;
05846
05847 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05848 if (!list_info_p) {
05849 return -ENOMEM;
05850 }
05851 rsbac_pr_debug(ds, "registering IPC lists\n");
05852 #if defined(CONFIG_RSBAC_MAC)
05853 {
05854 struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI;
05855
05856 list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION;
05857 list_info_p->key = RSBAC_MAC_IPC_ACI_KEY;
05858 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05859 list_info_p->data_size =
05860 sizeof(struct rsbac_mac_ipc_aci_t);
05861 list_info_p->max_age = 0;
05862 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05863 &ipc_handles.mac,
05864 list_info_p,
05865 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05866 ipc_compare,
05867 NULL,
05868 &def_aci,
05869 RSBAC_MAC_ACI_IPC_NAME,
05870 RSBAC_AUTO_DEV,
05871 1,
05872 rsbac_list_hash_ipc,
05873 NULL);
05874 if (err) {
05875 registration_error(err, "IPC MAC");
05876 }
05877 }
05878 #endif
05879 #if defined(CONFIG_RSBAC_PM)
05880 {
05881 struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI;
05882
05883 list_info_p->version = RSBAC_PM_IPC_ACI_VERSION;
05884 list_info_p->key = RSBAC_PM_IPC_ACI_KEY;
05885 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05886 list_info_p->data_size = sizeof(struct rsbac_pm_ipc_aci_t);
05887 list_info_p->max_age = 0;
05888 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05889 &ipc_handles.pm,
05890 list_info_p,
05891 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05892 ipc_compare,
05893 NULL,
05894 &def_aci,
05895 RSBAC_PM_ACI_IPC_NAME,
05896 RSBAC_AUTO_DEV,
05897 1,
05898 rsbac_list_hash_ipc,
05899 NULL);
05900 if (err) {
05901 registration_error(err, "IPC PM");
05902 }
05903 }
05904 #endif
05905 #if defined(CONFIG_RSBAC_RC)
05906 {
05907 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
05908
05909 list_info_p->version = RSBAC_RC_IPC_ACI_VERSION;
05910 list_info_p->key = RSBAC_RC_IPC_ACI_KEY;
05911 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05912 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05913 list_info_p->max_age = 0;
05914 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05915 &ipc_handles.rc,
05916 list_info_p,
05917 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05918 ipc_compare,
05919 NULL,
05920 &def_aci,
05921 RSBAC_RC_ACI_IPC_NAME,
05922 RSBAC_AUTO_DEV,
05923 1,
05924 rsbac_list_hash_ipc,
05925 NULL);
05926 if (err) {
05927 registration_error(err, "IPC RC");
05928 }
05929 }
05930 #endif
05931 #if defined(CONFIG_RSBAC_JAIL)
05932 {
05933 rsbac_jail_id_t def_aci = RSBAC_JAIL_DEF_ID;
05934
05935 list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION;
05936 list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY;
05937 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05938 list_info_p->data_size = sizeof(rsbac_jail_id_t);
05939 list_info_p->max_age = 0;
05940 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05941 &ipc_handles.jail,
05942 list_info_p,
05943 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05944 ipc_compare,
05945 NULL,
05946 &def_aci,
05947 RSBAC_JAIL_ACI_IPC_NAME,
05948 RSBAC_AUTO_DEV,
05949 1,
05950 rsbac_list_hash_ipc,
05951 NULL);
05952 if (err) {
05953 registration_error(err, "IPC JAIL");
05954 }
05955 }
05956 #endif
05957
05958 rsbac_kfree(list_info_p);
05959 return err;
05960 }
05961
05962 #ifdef CONFIG_RSBAC_INIT_DELAY
05963 static int register_user_lists1(void)
05964 #else
05965 static int __init register_user_lists1(void)
05966 #endif
05967 {
05968 int err = 0;
05969 struct rsbac_list_info_t *list_info_p;
05970
05971 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05972 if (!list_info_p) {
05973 return -ENOMEM;
05974 }
05975 rsbac_pr_debug(ds, "registering USER lists\n");
05976 {
05977 struct rsbac_gen_user_aci_t def_aci = DEFAULT_GEN_U_ACI;
05978
05979 list_info_p->version = RSBAC_GEN_USER_ACI_VERSION;
05980 list_info_p->key = RSBAC_GEN_USER_ACI_KEY;
05981 list_info_p->desc_size = sizeof(rsbac_uid_t);
05982 list_info_p->data_size =
05983 sizeof(struct rsbac_gen_user_aci_t);
05984 list_info_p->max_age = 0;
05985 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05986 &user_handles.gen, list_info_p,
05987 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05988 RSBAC_LIST_BACKUP |
05989 #endif
05990 RSBAC_LIST_PERSIST |
05991 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05992 NULL, NULL,
05993 &def_aci,
05994 RSBAC_GEN_ACI_USER_NAME,
05995 RSBAC_AUTO_DEV,
05996 1,
05997 rsbac_list_hash_uid,
05998 NULL);
05999 if (err) {
06000 registration_error(err, "USER General");
06001 }
06002 }
06003 #if defined(CONFIG_RSBAC_MAC)
06004 {
06005 struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI;
06006
06007 list_info_p->version = RSBAC_MAC_USER_ACI_VERSION;
06008 list_info_p->key = RSBAC_MAC_USER_ACI_KEY;
06009 list_info_p->desc_size = sizeof(rsbac_uid_t);
06010 list_info_p->data_size =
06011 sizeof(struct rsbac_mac_user_aci_t);
06012 list_info_p->max_age = 0;
06013 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06014 &user_handles.mac, list_info_p,
06015 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06016 RSBAC_LIST_BACKUP |
06017 #endif
06018 RSBAC_LIST_PERSIST |
06019 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06020 NULL,
06021 mac_user_get_conv, &def_aci,
06022 RSBAC_MAC_ACI_USER_NAME,
06023 RSBAC_AUTO_DEV,
06024 1,
06025 rsbac_list_hash_uid,
06026 NULL);
06027 if (err) {
06028 registration_error(err, "USER MAC");
06029 } else
06030 if (!rsbac_no_defaults
06031 && !rsbac_list_count(user_handles.mac)) {
06032 struct rsbac_mac_user_aci_t sysadm_aci =
06033 DEFAULT_MAC_U_SYSADM_ACI;
06034 struct rsbac_mac_user_aci_t secoff_aci =
06035 DEFAULT_MAC_U_SECOFF_ACI;
06036 struct rsbac_mac_user_aci_t auditor_aci =
06037 DEFAULT_MAC_U_AUDITOR_ACI;
06038 rsbac_uid_t user;
06039
06040 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n");
06041 user = RSBAC_SYSADM_UID;
06042 if (rsbac_list_add
06043 (user_handles.mac, &user, &sysadm_aci))
06044 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER MAC entry could not be added!\n");
06045 user = RSBAC_SECOFF_UID;
06046 if (rsbac_list_add
06047 (user_handles.mac, &user, &secoff_aci))
06048 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER MAC entry could not be added!\n");
06049 user = RSBAC_AUDITOR_UID;
06050 if (rsbac_list_add
06051 (user_handles.mac, &user, &auditor_aci))
06052 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n");
06053 }
06054 }
06055 #endif
06056 #if defined(CONFIG_RSBAC_PM)
06057 {
06058 struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI;
06059
06060 list_info_p->version = RSBAC_PM_USER_ACI_VERSION;
06061 list_info_p->key = RSBAC_PM_USER_ACI_KEY;
06062 list_info_p->desc_size = sizeof(rsbac_uid_t);
06063 list_info_p->data_size =
06064 sizeof(struct rsbac_pm_user_aci_t);
06065 list_info_p->max_age = 0;
06066 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06067 &user_handles.pm, list_info_p,
06068 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06069 RSBAC_LIST_BACKUP |
06070 #endif
06071 RSBAC_LIST_PERSIST |
06072 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06073 NULL, NULL,
06074 &def_aci, RSBAC_PM_ACI_USER_NAME,
06075 RSBAC_AUTO_DEV,
06076 1,
06077 rsbac_list_hash_uid,
06078 NULL);
06079 if (err) {
06080 registration_error(err, "USER PM");
06081 } else
06082 if (!rsbac_no_defaults
06083 && !rsbac_list_count(user_handles.pm)) {
06084 struct rsbac_pm_user_aci_t sysadm_aci =
06085 DEFAULT_PM_U_SYSADM_ACI;
06086 struct rsbac_pm_user_aci_t secoff_aci =
06087 DEFAULT_PM_U_SECOFF_ACI;
06088 struct rsbac_pm_user_aci_t dataprot_aci =
06089 DEFAULT_PM_U_DATAPROT_ACI;
06090 struct rsbac_pm_user_aci_t tpman_aci =
06091 DEFAULT_PM_U_TPMAN_ACI;
06092 rsbac_uid_t user;
06093
06094 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n");
06095 user = RSBAC_SYSADM_UID;
06096 if (rsbac_list_add
06097 (user_handles.pm, &user, &sysadm_aci))
06098 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER PM entry could not be added!\n");
06099 user = RSBAC_SECOFF_UID;
06100 if (rsbac_list_add
06101 (user_handles.pm, &user, &secoff_aci))
06102 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER PM entry could not be added!\n");
06103 user = RSBAC_DATAPROT_UID;
06104 if (rsbac_list_add
06105 (user_handles.pm, &user, &dataprot_aci))
06106 rsbac_printk(KERN_WARNING "rsbac_do_init(): DATAPROT USER PM entry could not be added!\n");
06107 user = RSBAC_TPMAN_UID;
06108 if (rsbac_list_add
06109 (user_handles.pm, &user, &tpman_aci))
06110 rsbac_printk(KERN_WARNING "rsbac_do_init(): TPMAN USER PM entry could not be added!\n");
06111 }
06112 }
06113 #endif
06114 #if defined(CONFIG_RSBAC_DAZ)
06115 {
06116 rsbac_system_role_int_t def_aci = SR_user;
06117
06118 list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION;
06119 list_info_p->key = RSBAC_DAZ_USER_ACI_KEY;
06120 list_info_p->desc_size = sizeof(rsbac_uid_t);
06121 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06122 list_info_p->max_age = 0;
06123 err = rsbac_list_register(RSBAC_LIST_VERSION,
06124 &user_handles.daz, list_info_p,
06125 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06126 RSBAC_LIST_BACKUP |
06127 #endif
06128 RSBAC_LIST_PERSIST |
06129 RSBAC_LIST_DEF_DATA,
06130 NULL, NULL,
06131 &def_aci,
06132 RSBAC_DAZ_ACI_USER_NAME,
06133 RSBAC_AUTO_DEV);
06134 if (err) {
06135 registration_error(err, "USER DAZ");
06136 } else
06137 if (!rsbac_no_defaults
06138 && !rsbac_list_count(user_handles.daz)) {
06139 rsbac_uid_t user;
06140 rsbac_system_role_int_t role;
06141
06142 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n");
06143 user = RSBAC_SYSADM_UID;
06144 role = SR_administrator;
06145 if (rsbac_list_add(user_handles.daz, &user, &role))
06146 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n");
06147 user = RSBAC_SECOFF_UID;
06148 role = SR_security_officer;
06149 if (rsbac_list_add(user_handles.daz, &user, &role))
06150 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n");
06151 }
06152 }
06153 #endif
06154 #if defined(CONFIG_RSBAC_FF)
06155 {
06156 rsbac_system_role_int_t def_aci = SR_user;
06157
06158 list_info_p->version = RSBAC_FF_USER_ACI_VERSION;
06159 list_info_p->key = RSBAC_FF_USER_ACI_KEY;
06160 list_info_p->desc_size = sizeof(rsbac_uid_t);
06161 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06162 list_info_p->max_age = 0;
06163 err = rsbac_list_register(RSBAC_LIST_VERSION,
06164 &user_handles.ff, list_info_p,
06165 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06166 RSBAC_LIST_BACKUP |
06167 #endif
06168 RSBAC_LIST_PERSIST |
06169 RSBAC_LIST_DEF_DATA,
06170 NULL, NULL,
06171 &def_aci, RSBAC_FF_ACI_USER_NAME,
06172 RSBAC_AUTO_DEV);
06173 if (err) {
06174 registration_error(err, "USER FF");
06175 } else
06176 if (!rsbac_no_defaults
06177 && !rsbac_list_count(user_handles.ff)) {
06178 rsbac_uid_t user;
06179 rsbac_system_role_int_t role;
06180
06181 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n");
06182 user = RSBAC_SYSADM_UID;
06183 role = SR_administrator;
06184 if (rsbac_list_add(user_handles.ff, &user, &role))
06185 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER FF entry could not be added!\n");
06186 user = RSBAC_SECOFF_UID;
06187 role = SR_security_officer;
06188 if (rsbac_list_add(user_handles.ff, &user, &role))
06189 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER FF entry could not be added!\n");
06190 user = RSBAC_AUDITOR_UID;
06191 role = SR_auditor;
06192 if (rsbac_list_add(user_handles.ff, &user, &role))
06193 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER FF entry could not be added!\n");
06194 }
06195 }
06196 #endif
06197 #if defined(CONFIG_RSBAC_CAP)
06198 {
06199 struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI;
06200
06201 list_info_p->version = RSBAC_CAP_USER_ACI_VERSION;
06202 list_info_p->key = RSBAC_CAP_USER_ACI_KEY;
06203 list_info_p->desc_size = sizeof(rsbac_uid_t);
06204 list_info_p->data_size =
06205 sizeof(struct rsbac_cap_user_aci_t);
06206 list_info_p->max_age = 0;
06207 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06208 &user_handles.cap, list_info_p,
06209 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06210 RSBAC_LIST_BACKUP |
06211 #endif
06212 RSBAC_LIST_PERSIST |
06213 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06214 NULL,
06215 cap_user_get_conv,
06216 &def_aci,
06217 RSBAC_CAP_ACI_USER_NAME,
06218 RSBAC_AUTO_DEV,
06219 1,
06220 rsbac_list_hash_uid,
06221 NULL);
06222 if (err) {
06223 registration_error(err, "USER CAP");
06224 } else
06225 if (!rsbac_no_defaults
06226 && !rsbac_list_count(user_handles.cap)) {
06227 struct rsbac_cap_user_aci_t sysadm_aci =
06228 DEFAULT_CAP_U_SYSADM_ACI;
06229 struct rsbac_cap_user_aci_t secoff_aci =
06230 DEFAULT_CAP_U_SECOFF_ACI;
06231 struct rsbac_cap_user_aci_t auditor_aci =
06232 DEFAULT_CAP_U_AUDITOR_ACI;
06233 rsbac_uid_t user;
06234
06235 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06236 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06237 user = RSBAC_SYSADM_UID;
06238 if (rsbac_list_add
06239 (user_handles.cap, &user, &sysadm_aci))
06240 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER CAP entry could not be added!\n");
06241 user = RSBAC_SECOFF_UID;
06242 if (rsbac_list_add
06243 (user_handles.cap, &user, &secoff_aci))
06244 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER CAP entry could not be added!\n");
06245 user = RSBAC_AUDITOR_UID;
06246 if (rsbac_list_add
06247 (user_handles.cap, &user, &auditor_aci))
06248 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n");
06249 }
06250 }
06251 #endif
06252
06253 rsbac_kfree(list_info_p);
06254 return err;
06255 }
06256
06257 #ifdef CONFIG_RSBAC_INIT_DELAY
06258 static int register_user_lists2(void)
06259 #else
06260 static int __init register_user_lists2(void)
06261 #endif
06262 {
06263 int err = 0;
06264 struct rsbac_list_info_t *list_info_p;
06265
06266 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06267 if (!list_info_p) {
06268 return -ENOMEM;
06269 }
06270
06271 #if defined(CONFIG_RSBAC_RC)
06272 {
06273 struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI;
06274
06275 list_info_p->version = RSBAC_RC_USER_ACI_VERSION;
06276 list_info_p->key = RSBAC_RC_USER_ACI_KEY;
06277 list_info_p->desc_size = sizeof(rsbac_uid_t);
06278 list_info_p->data_size =
06279 sizeof(struct rsbac_rc_user_aci_t);
06280 list_info_p->max_age = 0;
06281 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06282 &user_handles.rc, list_info_p,
06283 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06284 RSBAC_LIST_BACKUP |
06285 #endif
06286 RSBAC_LIST_PERSIST |
06287 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06288 NULL,
06289 rc_user_get_conv, &def_aci,
06290 RSBAC_RC_ACI_USER_NAME,
06291 RSBAC_AUTO_DEV,
06292 1,
06293 rsbac_list_hash_uid,
06294 NULL);
06295 if (err) {
06296 registration_error(err, "USER RC");
06297 } else
06298 if (!rsbac_no_defaults
06299 && !rsbac_list_count(user_handles.rc)) {
06300 rsbac_uid_t user;
06301 struct rsbac_rc_user_aci_t sysadm_aci =
06302 DEFAULT_RC_U_SYSADM_ACI;
06303 struct rsbac_rc_user_aci_t secoff_aci =
06304 DEFAULT_RC_U_SECOFF_ACI;
06305 struct rsbac_rc_user_aci_t auditor_aci =
06306 DEFAULT_RC_U_AUDITOR_ACI;
06307
06308 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n");
06309 user = RSBAC_SYSADM_UID;
06310 if (rsbac_list_add
06311 (user_handles.rc, &user, &sysadm_aci))
06312 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER RC entry could not be added!\n");
06313 user = RSBAC_SECOFF_UID;
06314 if (rsbac_list_add
06315 (user_handles.rc, &user, &secoff_aci))
06316 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER RC entry could not be added!\n");
06317 user = RSBAC_AUDITOR_UID;
06318 if (rsbac_list_add
06319 (user_handles.rc, &user, &auditor_aci))
06320 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER RC entry could not be added!\n");
06321 }
06322 }
06323 #endif
06324 #if defined(CONFIG_RSBAC_AUTH)
06325 {
06326 rsbac_system_role_int_t def_aci = SR_user;
06327
06328 list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION;
06329 list_info_p->key = RSBAC_AUTH_USER_ACI_KEY;
06330 list_info_p->desc_size = sizeof(rsbac_uid_t);
06331 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06332 list_info_p->max_age = 0;
06333 err = rsbac_list_register(RSBAC_LIST_VERSION,
06334 &user_handles.auth, list_info_p,
06335 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06336 RSBAC_LIST_BACKUP |
06337 #endif
06338 RSBAC_LIST_PERSIST |
06339 RSBAC_LIST_DEF_DATA,
06340 NULL, NULL,
06341 &def_aci,
06342 RSBAC_AUTH_ACI_USER_NAME,
06343 RSBAC_AUTO_DEV);
06344 if (err) {
06345 registration_error(err, "USER AUTH");
06346 } else
06347 if (!rsbac_no_defaults
06348 && !rsbac_list_count(user_handles.auth)) {
06349 rsbac_uid_t user;
06350 rsbac_system_role_int_t role;
06351
06352 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n");
06353 user = RSBAC_SYSADM_UID;
06354 role = SR_administrator;
06355 if (rsbac_list_add
06356 (user_handles.auth, &user, &role))
06357 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n");
06358 user = RSBAC_SECOFF_UID;
06359 role = SR_security_officer;
06360 if (rsbac_list_add
06361 (user_handles.auth, &user, &role))
06362 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n");
06363 user = RSBAC_AUDITOR_UID;
06364 role = SR_auditor;
06365 if (rsbac_list_add
06366 (user_handles.auth, &user, &role))
06367 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n");
06368 }
06369 }
06370 #endif
06371 #if defined(CONFIG_RSBAC_JAIL)
06372 {
06373 rsbac_system_role_int_t def_aci = SR_user;
06374
06375 list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION;
06376 list_info_p->key = RSBAC_JAIL_USER_ACI_KEY;
06377 list_info_p->desc_size = sizeof(rsbac_uid_t);
06378 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06379 list_info_p->max_age = 0;
06380 err = rsbac_list_register(RSBAC_LIST_VERSION,
06381 &user_handles.jail, list_info_p,
06382 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06383 RSBAC_LIST_BACKUP |
06384 #endif
06385 RSBAC_LIST_PERSIST |
06386 RSBAC_LIST_DEF_DATA,
06387 NULL, NULL,
06388 &def_aci,
06389 RSBAC_JAIL_ACI_USER_NAME,
06390 RSBAC_AUTO_DEV);
06391 if (err) {
06392 registration_error(err, "USER JAIL");
06393 } else
06394 if (!rsbac_no_defaults
06395 && !rsbac_list_count(user_handles.jail)) {
06396 rsbac_uid_t user;
06397 rsbac_system_role_int_t role;
06398
06399 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n");
06400 user = RSBAC_SYSADM_UID;
06401 role = SR_administrator;
06402 if (rsbac_list_add
06403 (user_handles.jail, &user, &role))
06404 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n");
06405 user = RSBAC_SECOFF_UID;
06406 role = SR_security_officer;
06407 if (rsbac_list_add
06408 (user_handles.jail, &user, &role))
06409 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n");
06410 }
06411 }
06412 #endif
06413 #if defined(CONFIG_RSBAC_RES)
06414 {
06415 list_info_p->version = RSBAC_RES_USER_ACI_VERSION;
06416 list_info_p->key = RSBAC_RES_USER_ACI_KEY;
06417 list_info_p->desc_size = sizeof(rsbac_uid_t);
06418 list_info_p->data_size =
06419 sizeof(struct rsbac_res_user_aci_t);
06420 list_info_p->max_age = 0;
06421 err = rsbac_list_register(RSBAC_LIST_VERSION,
06422 &user_handles.res, list_info_p,
06423 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06424 RSBAC_LIST_BACKUP |
06425 #endif
06426 RSBAC_LIST_PERSIST,
06427 NULL,
06428 NULL,
06429 NULL,
06430 RSBAC_RES_ACI_USER_NAME,
06431 RSBAC_AUTO_DEV);
06432 if (err) {
06433 registration_error(err, "USER RES");
06434 } else
06435 if (!rsbac_no_defaults
06436 && !rsbac_list_count(user_handles.res)) {
06437 struct rsbac_res_user_aci_t sysadm_aci =
06438 DEFAULT_RES_U_SYSADM_ACI;
06439 struct rsbac_res_user_aci_t secoff_aci =
06440 DEFAULT_RES_U_SECOFF_ACI;
06441 rsbac_uid_t user;
06442
06443 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06444 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06445 user = RSBAC_SYSADM_UID;
06446 if (rsbac_list_add
06447 (user_handles.res, &user, &sysadm_aci))
06448 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER RES entry could not be added!\n");
06449 user = RSBAC_SECOFF_UID;
06450 if (rsbac_list_add
06451 (user_handles.res, &user, &secoff_aci))
06452 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER RES entry could not be added!\n");
06453 }
06454 }
06455 #endif
06456 #if defined(CONFIG_RSBAC_PAX)
06457 {
06458 rsbac_system_role_int_t def_aci = SR_user;
06459
06460 list_info_p->version = RSBAC_PAX_USER_ACI_VERSION;
06461 list_info_p->key = RSBAC_PAX_USER_ACI_KEY;
06462 list_info_p->desc_size = sizeof(rsbac_uid_t);
06463 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06464 list_info_p->max_age = 0;
06465 err = rsbac_list_register(RSBAC_LIST_VERSION,
06466 &user_handles.pax, list_info_p,
06467 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06468 RSBAC_LIST_BACKUP |
06469 #endif
06470 RSBAC_LIST_PERSIST |
06471 RSBAC_LIST_DEF_DATA,
06472 NULL, NULL,
06473 &def_aci,
06474 RSBAC_PAX_ACI_USER_NAME,
06475 RSBAC_AUTO_DEV);
06476 if (err) {
06477 registration_error(err, "USER PAX");
06478 } else
06479 if (!rsbac_no_defaults
06480 && !rsbac_list_count(user_handles.pax)) {
06481 rsbac_uid_t user;
06482 rsbac_system_role_int_t role;
06483
06484 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n");
06485 user = RSBAC_SYSADM_UID;
06486 role = SR_administrator;
06487 if (rsbac_list_add(user_handles.pax, &user, &role))
06488 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER PAX entry could not be added!\n");
06489 user = RSBAC_SECOFF_UID;
06490 role = SR_security_officer;
06491 if (rsbac_list_add(user_handles.pax, &user, &role))
06492 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER PAX entry could not be added!\n");
06493 }
06494 }
06495 #endif
06496
06497 rsbac_kfree(list_info_p);
06498 return err;
06499 }
06500
06501 #ifdef CONFIG_RSBAC_INIT_DELAY
06502 static int register_process_lists(void)
06503 #else
06504 static int __init register_process_lists(void)
06505 #endif
06506 {
06507 int err = 0;
06508 struct rsbac_list_info_t *list_info_p;
06509
06510 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06511 if (!list_info_p) {
06512 return -ENOMEM;
06513 }
06514 rsbac_pr_debug(ds, "registering PROCESS lists\n");
06515 {
06516 struct rsbac_gen_process_aci_t def_aci = DEFAULT_GEN_P_ACI;
06517
06518 list_info_p->version = RSBAC_GEN_PROCESS_ACI_VERSION;
06519 list_info_p->key = RSBAC_GEN_PROCESS_ACI_KEY;
06520 list_info_p->desc_size = sizeof(rsbac_pid_t);
06521 list_info_p->data_size =
06522 sizeof(struct rsbac_gen_process_aci_t);
06523 list_info_p->max_age = 0;
06524 gen_nr_p_hashes = CONFIG_RSBAC_GEN_NR_P_LISTS;
06525 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06526 &process_handles.gen,
06527 list_info_p,
06528 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06529 NULL,
06530 NULL, &def_aci,
06531 RSBAC_GEN_ACI_PROCESS_NAME,
06532 RSBAC_AUTO_DEV,
06533 gen_nr_p_hashes,
06534 (gen_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06535 NULL);
06536 if (err) {
06537 registration_error(err, "PROCESS GEN");
06538 }
06539 }
06540 #if defined(CONFIG_RSBAC_MAC)
06541 {
06542 struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI;
06543
06544 list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION;
06545 list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY;
06546 list_info_p->desc_size = sizeof(rsbac_pid_t);
06547 list_info_p->data_size =
06548 sizeof(struct rsbac_mac_process_aci_t);
06549 list_info_p->max_age = 0;
06550 mac_nr_p_hashes = CONFIG_RSBAC_MAC_NR_P_LISTS;
06551 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06552 &process_handles.mac,
06553 list_info_p,
06554 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06555 NULL,
06556 NULL, &def_aci,
06557 RSBAC_MAC_ACI_PROCESS_NAME,
06558 RSBAC_AUTO_DEV,
06559 mac_nr_p_hashes,
06560 (mac_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06561 NULL);
06562 if (err) {
06563 registration_error(err, "PROCESS MAC");
06564 }
06565 }
06566 #endif
06567 #if defined(CONFIG_RSBAC_PM)
06568 {
06569 struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI;
06570
06571 list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION;
06572 list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY;
06573 list_info_p->desc_size = sizeof(rsbac_pid_t);
06574 list_info_p->data_size =
06575 sizeof(struct rsbac_pm_process_aci_t);
06576 list_info_p->max_age = 0;
06577 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06578 &process_handles.pm,
06579 list_info_p,
06580 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06581 NULL,
06582 NULL,
06583 &def_aci,
06584 RSBAC_PM_ACI_PROCESS_NAME,
06585 RSBAC_AUTO_DEV,
06586 1,
06587 rsbac_list_hash_pid,
06588 NULL);
06589 if (err) {
06590 registration_error(err, "PROCESS PM");
06591 }
06592 }
06593 #endif
06594 #if defined(CONFIG_RSBAC_DAZ)
06595 {
06596 struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI;
06597
06598 list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION;
06599 list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY;
06600 list_info_p->desc_size = sizeof(rsbac_pid_t);
06601 list_info_p->data_size =
06602 sizeof(struct rsbac_daz_process_aci_t);
06603 list_info_p->max_age = 0;
06604 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06605 &process_handles.daz,
06606 list_info_p,
06607 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06608 NULL,
06609 NULL,
06610 &def_aci,
06611 RSBAC_DAZ_ACI_PROCESS_NAME,
06612 RSBAC_AUTO_DEV,
06613 1,
06614 rsbac_list_hash_pid,
06615 NULL);
06616 if (err) {
06617 registration_error(err, "PROCESS DAZ");
06618 }
06619 }
06620 #endif
06621 #if defined(CONFIG_RSBAC_RC)
06622 {
06623 struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI;
06624
06625 list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION;
06626 list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY;
06627 list_info_p->desc_size = sizeof(rsbac_pid_t);
06628 list_info_p->data_size =
06629 sizeof(struct rsbac_rc_process_aci_t);
06630 list_info_p->max_age = 0;
06631 rc_nr_p_hashes = CONFIG_RSBAC_RC_NR_P_LISTS;
06632 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06633 &process_handles.rc,
06634 list_info_p,
06635 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06636 NULL,
06637 NULL, &def_aci,
06638 RSBAC_RC_ACI_PROCESS_NAME,
06639 RSBAC_AUTO_DEV,
06640 rc_nr_p_hashes,
06641 (rc_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06642 NULL);
06643 if (err) {
06644 registration_error(err, "PROCESS RC");
06645 }
06646 }
06647 #endif
06648 #if defined(CONFIG_RSBAC_AUTH)
06649 {
06650 struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI;
06651
06652 list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION;
06653 list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY;
06654 list_info_p->desc_size = sizeof(rsbac_pid_t);
06655 list_info_p->data_size =
06656 sizeof(struct rsbac_auth_process_aci_t);
06657 list_info_p->max_age = 0;
06658 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06659 &process_handles.auth,
06660 list_info_p,
06661 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06662 NULL,
06663 NULL,
06664 &def_aci,
06665 RSBAC_AUTH_ACI_PROCESS_NAME,
06666 RSBAC_AUTO_DEV,
06667 #if defined(CONFIG_RSBAC_AUTH_LEARN)
06668 RSBAC_LIST_MIN_MAX_HASHES,
06669 rsbac_list_hash_pid,
06670 #else
06671 1,
06672 NULL,
06673 #endif
06674 NULL);
06675 if (err) {
06676 registration_error(err, "PROCESS AUTH");
06677 }
06678 }
06679 #endif
06680 #if defined(CONFIG_RSBAC_CAP)
06681 {
06682 struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI;
06683
06684 #if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
06685 if (rsbac_cap_process_hiding)
06686 def_aci.cap_process_hiding = PH_from_other_users;
06687 #endif
06688 list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION;
06689 list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY;
06690 list_info_p->desc_size = sizeof(rsbac_pid_t);
06691 list_info_p->data_size =
06692 sizeof(struct rsbac_cap_process_aci_t);
06693 list_info_p->max_age = 0;
06694 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06695 &process_handles.cap,
06696 list_info_p,
06697 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06698 NULL,
06699 NULL,
06700 &def_aci,
06701 RSBAC_CAP_ACI_PROCESS_NAME,
06702 RSBAC_AUTO_DEV,
06703 1,
06704 rsbac_list_hash_pid,
06705 NULL);
06706 if (err) {
06707 registration_error(err, "PROCESS CAP");
06708 }
06709 }
06710 #endif
06711 #if defined(CONFIG_RSBAC_JAIL)
06712 {
06713 struct rsbac_jail_process_aci_t def_aci =
06714 DEFAULT_JAIL_P_ACI;
06715
06716 list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION;
06717 list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY;
06718 list_info_p->desc_size = sizeof(rsbac_pid_t);
06719 list_info_p->data_size =
06720 sizeof(struct rsbac_jail_process_aci_t);
06721 list_info_p->max_age = 0;
06722 jail_nr_p_hashes = CONFIG_RSBAC_JAIL_NR_P_LISTS;
06723 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06724 &process_handles.jail,
06725 list_info_p,
06726 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06727 NULL,
06728 NULL, &def_aci,
06729 RSBAC_JAIL_ACI_PROCESS_NAME,
06730 RSBAC_AUTO_DEV,
06731 jail_nr_p_hashes,
06732 (jail_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06733 NULL);
06734 if (err) {
06735 registration_error(err, "PROCESS JAIL");
06736 }
06737 }
06738 #endif
06739
06740 rsbac_kfree(list_info_p);
06741 return err;
06742 }
06743
06744 #ifdef CONFIG_RSBAC_UM
06745 #ifdef CONFIG_RSBAC_INIT_DELAY
06746 static int register_group_lists(void)
06747 #else
06748 static int __init register_group_lists(void)
06749 #endif
06750 {
06751 int err = 0;
06752 struct rsbac_list_info_t *list_info_p;
06753
06754 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06755 if (!list_info_p) {
06756 return -ENOMEM;
06757 }
06758 rsbac_pr_debug(ds, "registering GROUP lists\n");
06759 #if defined(CONFIG_RSBAC_RC_UM_PROT)
06760 {
06761 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06762
06763 list_info_p->version = RSBAC_RC_GROUP_ACI_VERSION;
06764 list_info_p->key = RSBAC_RC_GROUP_ACI_KEY;
06765 list_info_p->desc_size = sizeof(rsbac_gid_t);
06766 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06767 list_info_p->max_age = 0;
06768 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06769 &group_handles.rc, list_info_p,
06770 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06771 RSBAC_LIST_BACKUP |
06772 #endif
06773 RSBAC_LIST_PERSIST |
06774 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06775 NULL, NULL,
06776 &def_aci,
06777 RSBAC_RC_ACI_GROUP_NAME,
06778 RSBAC_AUTO_DEV,
06779 1,
06780 rsbac_list_hash_gid,
06781 NULL);
06782 if (err) {
06783 registration_error(err, "GROUP RC");
06784 }
06785 }
06786 #endif
06787
06788 rsbac_kfree(list_info_p);
06789 return err;
06790 }
06791 #endif
06792
06793 #ifdef CONFIG_RSBAC_NET_DEV
06794 #ifdef CONFIG_RSBAC_INIT_DELAY
06795 static int register_netdev_lists(void)
06796 #else
06797 static int __init register_netdev_lists(void)
06798 #endif
06799 {
06800 int err = 0;
06801 struct rsbac_list_info_t *list_info_p;
06802
06803 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06804 if (!list_info_p) {
06805 return -ENOMEM;
06806 }
06807 rsbac_pr_debug(ds, "registering NETDEV lists\n");
06808 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
06809 {
06810 struct rsbac_gen_netdev_aci_t def_aci =
06811 DEFAULT_GEN_NETDEV_ACI;
06812
06813 list_info_p->version = RSBAC_GEN_NETDEV_ACI_VERSION;
06814 list_info_p->key = RSBAC_GEN_NETDEV_ACI_KEY;
06815 list_info_p->desc_size = sizeof(rsbac_netdev_id_t);
06816 list_info_p->data_size =
06817 sizeof(struct rsbac_gen_netdev_aci_t);
06818 list_info_p->max_age = 0;
06819 err = rsbac_list_register(RSBAC_LIST_VERSION,
06820 &netdev_handles.gen,
06821 list_info_p,
06822 RSBAC_LIST_BACKUP |
06823 RSBAC_LIST_PERSIST |
06824 RSBAC_LIST_DEF_DATA,
06825 netdev_compare, NULL, &def_aci,
06826 RSBAC_GEN_ACI_NETDEV_NAME,
06827 RSBAC_AUTO_DEV);
06828 if (err) {
06829 registration_error(err, "NETDEV General");
06830 }
06831 }
06832 #endif
06833 #if defined(CONFIG_RSBAC_RC)
06834 {
06835 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06836
06837 list_info_p->version = RSBAC_RC_NETDEV_ACI_VERSION;
06838 list_info_p->key = RSBAC_RC_NETDEV_ACI_KEY;
06839 list_info_p->desc_size = sizeof(rsbac_netdev_id_t);
06840 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06841 list_info_p->max_age = 0;
06842 err = rsbac_list_register(RSBAC_LIST_VERSION,
06843 &netdev_handles.rc,
06844 list_info_p,
06845 RSBAC_LIST_BACKUP |
06846 RSBAC_LIST_PERSIST |
06847 RSBAC_LIST_DEF_DATA,
06848 netdev_compare, NULL, &def_aci,
06849 RSBAC_RC_ACI_NETDEV_NAME,
06850 RSBAC_AUTO_DEV);
06851 if (err) {
06852 registration_error(err, "NETDEV RC");
06853 }
06854 }
06855 #endif
06856
06857 rsbac_kfree(list_info_p);
06858 return err;
06859 }
06860 #endif
06861
06862 #ifdef CONFIG_RSBAC_NET_OBJ
06863 #ifdef CONFIG_RSBAC_INIT_DELAY
06864 static void fill_default_nettemp(void)
06865 #else
06866 static void __init fill_default_nettemp(void)
06867 #endif
06868 {
06869 rsbac_net_temp_id_t id;
06870 struct rsbac_net_temp_data_t data;
06871
06872 id = RSBAC_NET_TEMP_LNET_ID;
06873 memset(&data, 0, sizeof(data));
06874 data.address_family = AF_INET;
06875 data.type = RSBAC_NET_ANY;
06876 data.protocol = RSBAC_NET_ANY;
06877 strcpy(data.name, "Localnet");
06878 data.address.inet.nr_addr = 1;
06879 data.address.inet.valid_bits[0] = 8;
06880 rsbac_net_str_to_inet(RSBAC_NET_TEMP_LNET_ADDRESS,
06881 &data.address.inet.addr[0]);
06882 data.ports.nr_ports = 0;
06883 rsbac_list_add(net_temp_handle, &id, &data);
06884
06885 id = RSBAC_NET_TEMP_LAN_ID;
06886 memset(&data, 0, sizeof(data));
06887 data.address_family = AF_INET;
06888 data.type = RSBAC_NET_ANY;
06889 data.protocol = RSBAC_NET_ANY;
06890 strcpy(data.name, "Internal LAN");
06891 data.address.inet.nr_addr = 1;
06892 data.address.inet.valid_bits[0] = 16;
06893 rsbac_net_str_to_inet(RSBAC_NET_TEMP_LAN_ADDRESS,
06894 &data.address.inet.addr[0]);
06895 data.ports.nr_ports = 0;
06896 rsbac_list_add(net_temp_handle, &id, &data);
06897
06898 id = RSBAC_NET_TEMP_AUTO_ID;
06899 memset(&data, 0, sizeof(data));
06900 data.address_family = AF_INET;
06901 data.type = RSBAC_NET_ANY;
06902 data.protocol = RSBAC_NET_ANY;
06903 strcpy(data.name, "Auto-IPv4");
06904 data.address.inet.nr_addr = 1;
06905 data.address.inet.valid_bits[0] = 32;
06906 data.ports.nr_ports = 0;
06907 rsbac_list_add(net_temp_handle, &id, &data);
06908
06909 id = RSBAC_NET_TEMP_INET_ID;
06910 memset(&data, 0, sizeof(data));
06911 data.address_family = AF_INET;
06912 data.type = RSBAC_NET_ANY;
06913 data.protocol = RSBAC_NET_ANY;
06914 strcpy(data.name, "AF_INET");
06915 data.address.inet.nr_addr = 1;
06916 data.address.inet.valid_bits[0] = 0;
06917 data.ports.nr_ports = 0;
06918 rsbac_list_add(net_temp_handle, &id, &data);
06919
06920 id = RSBAC_NET_TEMP_INET_ID;
06921 memset(&data, 0, sizeof(data));
06922 data.address_family = RSBAC_NET_ANY;
06923 data.type = RSBAC_NET_ANY;
06924 data.protocol = RSBAC_NET_ANY;
06925 strcpy(data.name, "ALL");
06926 data.ports.nr_ports = 0;
06927 rsbac_list_add(net_temp_handle, &id, &data);
06928 }
06929
06930 #ifdef CONFIG_RSBAC_INIT_DELAY
06931 static int register_nettemp_list(void)
06932 #else
06933 static int __init register_nettemp_list(void)
06934 #endif
06935 {
06936 int err = 0;
06937 struct rsbac_list_info_t *list_info_p;
06938
06939 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06940 if (!list_info_p) {
06941 return -ENOMEM;
06942 }
06943 rsbac_pr_debug(ds, "registering network template list\n");
06944 list_info_p->version = RSBAC_NET_TEMP_VERSION;
06945 list_info_p->key = RSBAC_NET_TEMP_KEY;
06946 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06947 list_info_p->data_size = sizeof(struct rsbac_net_temp_data_t);
06948 list_info_p->max_age = 0;
06949 err = rsbac_list_register(RSBAC_LIST_VERSION,
06950 &net_temp_handle,
06951 list_info_p,
06952 RSBAC_LIST_BACKUP |
06953 RSBAC_LIST_PERSIST,
06954 rsbac_list_compare_u32,
06955 net_temp_get_conv,
06956 NULL,
06957 RSBAC_NET_TEMP_NAME,
06958 RSBAC_AUTO_DEV);
06959 if (err) {
06960 registration_error(err, "Network Template");
06961 } else
06962 if (!rsbac_no_defaults && !rsbac_list_count(net_temp_handle)) {
06963 rsbac_printk(KERN_WARNING "rsbac_do_init(): Network Templates could not be read - generating standard entries!\n");
06964 fill_default_nettemp();
06965 }
06966 rsbac_kfree(list_info_p);
06967 return err;
06968 }
06969
06970 #ifdef CONFIG_RSBAC_INIT_DELAY
06971 static int register_nettemp_aci_lists(void)
06972 #else
06973 static int __init register_nettemp_aci_lists(void)
06974 #endif
06975 {
06976 int err = 0;
06977 struct rsbac_list_info_t *list_info_p;
06978
06979 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06980 if (!list_info_p) {
06981 return -ENOMEM;
06982 }
06983 rsbac_pr_debug(ds, "registering NETTEMP lists\n");
06984 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
06985 {
06986 list_info_p->version = RSBAC_GEN_NETOBJ_ACI_VERSION;
06987 list_info_p->key = RSBAC_GEN_NETOBJ_ACI_KEY;
06988 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06989 list_info_p->data_size =
06990 sizeof(struct rsbac_gen_netobj_aci_t);
06991 list_info_p->max_age = 0;
06992 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06993 &nettemp_handles.gen,
06994 list_info_p,
06995 RSBAC_LIST_BACKUP |
06996 RSBAC_LIST_PERSIST |
06997 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06998 NULL, NULL,
06999 &def_gen_netobj_aci,
07000 RSBAC_GEN_ACI_NETTEMP_NAME,
07001 RSBAC_AUTO_DEV,
07002 1,
07003 rsbac_list_hash_nettemp,
07004 NULL);
07005 if (err) {
07006 registration_error(err, "NETTEMP GEN");
07007 }
07008 }
07009 #endif
07010 #if defined(CONFIG_RSBAC_MAC)
07011 {
07012 struct rsbac_mac_netobj_aci_t def_aci =
07013 DEFAULT_MAC_NETOBJ_ACI;
07014
07015 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
07016 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
07017 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
07018 list_info_p->data_size =
07019 sizeof(struct rsbac_mac_netobj_aci_t);
07020 list_info_p->max_age = 0;
07021 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07022 &nettemp_handles.mac,
07023 list_info_p,
07024 RSBAC_LIST_BACKUP |
07025 RSBAC_LIST_PERSIST |
07026 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
07027 NULL, NULL,
07028 &def_aci,
07029 RSBAC_MAC_ACI_NETTEMP_NAME,
07030 RSBAC_AUTO_DEV,
07031 1,
07032 rsbac_list_hash_nettemp,
07033 NULL);
07034 if (err) {
07035 registration_error(err, "NETTEMP MAC");
07036 }
07037 }
07038 #endif
07039 #if defined(CONFIG_RSBAC_PM)
07040 {
07041 struct rsbac_pm_netobj_aci_t def_aci =
07042 DEFAULT_PM_NETOBJ_ACI;
07043
07044 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
07045 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
07046 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
07047 list_info_p->data_size =
07048 sizeof(struct rsbac_pm_netobj_aci_t);
07049 list_info_p->max_age = 0;
07050 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07051 &nettemp_handles.pm,
07052 list_info_p,
07053 RSBAC_LIST_BACKUP |
07054 RSBAC_LIST_PERSIST |
07055 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
07056 NULL, NULL,
07057 &def_aci,
07058 RSBAC_PM_ACI_NETTEMP_NAME,
07059 RSBAC_AUTO_DEV,
07060 1,
07061 rsbac_list_hash_nettemp,
07062 NULL);
07063 if (err) {
07064 registration_error(err, "NETTEMP PM");
07065 }
07066 }
07067 #endif
07068 #if defined(CONFIG_RSBAC_RC)
07069 {
07070 struct rsbac_rc_nettemp_aci_t def_aci =
07071 DEFAULT_RC_NETTEMP_ACI;
07072
07073 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
07074 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
07075 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
07076 list_info_p->data_size =
07077 sizeof(struct rsbac_rc_nettemp_aci_t);
07078 list_info_p->max_age = 0;
07079 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07080 &nettemp_handles.rc,
07081 list_info_p,
07082 RSBAC_LIST_BACKUP |
07083 RSBAC_LIST_PERSIST |
07084 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
07085 NULL, NULL,
07086 &def_aci,
07087 RSBAC_RC_ACI_NETTEMP_NAME,
07088 RSBAC_AUTO_DEV,
07089 1,
07090 rsbac_list_hash_nettemp,
07091 NULL);
07092 if (err) {
07093 registration_error(err, "NETTEMP RC");
07094 }
07095 }
07096 #endif
07097
07098 rsbac_kfree(list_info_p);
07099 return err;
07100 }
07101
07102 #ifdef CONFIG_RSBAC_INIT_DELAY
07103 static int register_netobj_lists(void)
07104 #else
07105 static int __init register_netobj_lists(void)
07106 #endif
07107 {
07108 int err = 0;
07109 struct rsbac_list_info_t *list_info_p;
07110
07111 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07112 if (!list_info_p) {
07113 return -ENOMEM;
07114 }
07115 rsbac_pr_debug(ds, "registering local NETOBJ lists\n");
07116 #if defined(CONFIG_RSBAC_MAC)
07117 {
07118 struct rsbac_mac_netobj_aci_t def_aci =
07119 DEFAULT_MAC_NETOBJ_ACI;
07120
07121 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
07122 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
07123 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07124 list_info_p->data_size =
07125 sizeof(struct rsbac_mac_netobj_aci_t);
07126 list_info_p->max_age = 0;
07127 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07128 &lnetobj_handles.mac,
07129 list_info_p,
07130 RSBAC_LIST_AUTO_HASH_RESIZE,
07131 NULL,
07132 NULL,
07133 &def_aci,
07134 RSBAC_MAC_ACI_LNETOBJ_NAME,
07135 RSBAC_AUTO_DEV,
07136 1,
07137 rsbac_list_hash_netobj,
07138 NULL);
07139 if (err) {
07140 registration_error(err, "LNETOBJ MAC");
07141 }
07142 }
07143 #endif
07144 #if defined(CONFIG_RSBAC_PM)
07145 {
07146 struct rsbac_pm_netobj_aci_t def_aci =
07147 DEFAULT_PM_NETOBJ_ACI;
07148
07149 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
07150 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
07151 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07152 list_info_p->data_size =
07153 sizeof(struct rsbac_pm_netobj_aci_t);
07154 list_info_p->max_age = 0;
07155 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07156 &lnetobj_handles.pm,
07157 list_info_p,
07158 RSBAC_LIST_AUTO_HASH_RESIZE,
07159 NULL,
07160 NULL,
07161 &def_aci,
07162 RSBAC_PM_ACI_LNETOBJ_NAME,
07163 RSBAC_AUTO_DEV,
07164 1,
07165 rsbac_list_hash_netobj,
07166 NULL);
07167 if (err) {
07168 registration_error(err, "LNETOBJ PM");
07169 }
07170 }
07171 #endif
07172 #if defined(CONFIG_RSBAC_RC)
07173 {
07174 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
07175
07176 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
07177 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
07178 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07179 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
07180 list_info_p->max_age = 0;
07181 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07182 &lnetobj_handles.rc,
07183 list_info_p,
07184 RSBAC_LIST_AUTO_HASH_RESIZE,
07185 NULL,
07186 NULL,
07187 &def_aci,
07188 RSBAC_RC_ACI_LNETOBJ_NAME,
07189 RSBAC_AUTO_DEV,
07190 1,
07191 rsbac_list_hash_netobj,
07192 NULL);
07193 if (err) {
07194 registration_error(err, "LNETOBJ RC");
07195 }
07196 }
07197 #endif
07198 rsbac_pr_debug(ds, "registering remote NETOBJ lists\n");
07199 #if defined(CONFIG_RSBAC_MAC)
07200 {
07201 struct rsbac_mac_netobj_aci_t def_aci =
07202 DEFAULT_MAC_NETOBJ_ACI;
07203
07204 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
07205 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
07206 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07207 list_info_p->data_size =
07208 sizeof(struct rsbac_mac_netobj_aci_t);
07209 list_info_p->max_age = 0;
07210 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07211 &rnetobj_handles.mac,
07212 list_info_p,
07213 RSBAC_LIST_AUTO_HASH_RESIZE,
07214 NULL,
07215 NULL,
07216 &def_aci,
07217 RSBAC_MAC_ACI_RNETOBJ_NAME,
07218 RSBAC_AUTO_DEV,
07219 1,
07220 rsbac_list_hash_netobj,
07221 NULL);
07222 if (err) {
07223 registration_error(err, "RNETOBJ MAC");
07224 }
07225 }
07226 #endif
07227 #if defined(CONFIG_RSBAC_PM)
07228 {
07229 struct rsbac_pm_netobj_aci_t def_aci =
07230 DEFAULT_PM_NETOBJ_ACI;
07231
07232 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
07233 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
07234 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07235 list_info_p->data_size =
07236 sizeof(struct rsbac_pm_netobj_aci_t);
07237 list_info_p->max_age = 0;
07238 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07239 &rnetobj_handles.pm,
07240 list_info_p,
07241 RSBAC_LIST_AUTO_HASH_RESIZE,
07242 NULL,
07243 NULL,
07244 &def_aci,
07245 RSBAC_PM_ACI_RNETOBJ_NAME,
07246 RSBAC_AUTO_DEV,
07247 1,
07248 rsbac_list_hash_netobj,
07249 NULL);
07250 if (err) {
07251 registration_error(err, "RNETOBJ PM");
07252 }
07253 }
07254 #endif
07255 #if defined(CONFIG_RSBAC_RC)
07256 {
07257 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
07258
07259 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
07260 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
07261 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07262 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
07263 list_info_p->max_age = 0;
07264 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07265 &rnetobj_handles.rc,
07266 list_info_p,
07267 RSBAC_LIST_AUTO_HASH_RESIZE,
07268 NULL,
07269 NULL,
07270 &def_aci,
07271 RSBAC_RC_ACI_RNETOBJ_NAME,
07272 RSBAC_AUTO_DEV,
07273 1,
07274 rsbac_list_hash_netobj,
07275 NULL);
07276 if (err) {
07277 registration_error(err, "RNETOBJ RC");
07278 }
07279 }
07280 #endif
07281
07282 rsbac_kfree(list_info_p);
07283 return err;
07284 }
07285 #endif
07286
07287 #ifdef CONFIG_RSBAC_INIT_DELAY
07288 static int rsbac_do_init(void)
07289 #else
07290 static int __init rsbac_do_init(void)
07291 #endif
07292 {
07293 int err = 0;
07294 struct rsbac_device_list_item_t *device_p;
07295 struct rsbac_device_list_item_t *new_device_p;
07296 struct rsbac_list_info_t *list_info_p;
07297 struct super_block *sb_p;
07298 u_int i;
07299
07300 rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space());
07301 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07302 if (!list_info_p) {
07303 return -ENOMEM;
07304 }
07305 compiled_modules[0] = (char) 0;
07306 #ifdef CONFIG_RSBAC_REG
07307 strcat(compiled_modules, " REG");
07308 #endif
07309 #ifdef CONFIG_RSBAC_MAC
07310 #ifdef CONFIG_RSBAC_MAC_LIGHT
07311 strcat(compiled_modules, " MAC-L");
07312 #else
07313 strcat(compiled_modules, " MAC");
07314 #endif
07315 #endif
07316 #ifdef CONFIG_RSBAC_PM
07317 strcat(compiled_modules, " PM");
07318 #endif
07319 #ifdef CONFIG_RSBAC_DAZ
07320 strcat(compiled_modules, " DAZ");
07321 #endif
07322 #ifdef CONFIG_RSBAC_FF
07323 strcat(compiled_modules, " FF");
07324 #endif
07325 #ifdef CONFIG_RSBAC_RC
07326 strcat(compiled_modules, " RC");
07327 #endif
07328 #ifdef CONFIG_RSBAC_AUTH
07329 strcat(compiled_modules, " AUTH");
07330 #endif
07331 #ifdef CONFIG_RSBAC_ACL
07332 strcat(compiled_modules, " ACL");
07333 #endif
07334 #ifdef CONFIG_RSBAC_CAP
07335 strcat(compiled_modules, " CAP");
07336 #endif
07337 #ifdef CONFIG_RSBAC_JAIL
07338 strcat(compiled_modules, " JAIL");
07339 #endif
07340 #ifdef CONFIG_RSBAC_RES
07341 strcat(compiled_modules, " RES");
07342 #endif
07343 #ifdef CONFIG_RSBAC_PAX
07344 strcat(compiled_modules, " PAX");
07345 #endif
07346 #ifdef CONFIG_RSBAC_MAINT
07347 rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
07348 RSBAC_VERSION);
07349
07350 printk(KERN_INFO
07351 "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
07352 RSBAC_VERSION);
07353
07354 rsbac_printk(KERN_INFO "rsbac_do_init(): Supported module data structures:%s\n",
07355 compiled_modules);
07356 #else
07357 rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s\n",
07358 RSBAC_VERSION);
07359
07360 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07361 if (rsbac_nosyslog)
07362 #endif
07363 printk(KERN_INFO
07364 "rsbac_do_init(): Initializing RSBAC %s\n",
07365 RSBAC_VERSION);
07366
07367 rsbac_printk(KERN_INFO "rsbac_do_init(): compiled modules:%s\n",
07368 compiled_modules);
07369 #endif
07370
07371
07372 rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing memory slabs\n");
07373 rsbac_kmem_cache_sizes_init();
07374
07375 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
07376 device_head_p[i] = kmalloc(sizeof(*device_head_p[i]), GFP_KERNEL);
07377 if (!device_head_p[i]) {
07378 rsbac_printk(KERN_WARNING
07379 "rsbac_do_init(): Failed to allocate device_list_heads[%s]\n", i);
07380 return -ENOMEM;
07381 }
07382 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07383 spin_lock_init(&device_list_locks[i]);
07384 #else
07385 rwlock_init(&device_list_locks[i]);
07386 #endif
07387 device_head_p[i]->head = NULL;
07388 device_head_p[i]->tail = NULL;
07389 device_head_p[i]->curr = NULL;
07390 device_head_p[i]->count = 0;
07391 }
07392
07393 #if defined(CONFIG_RSBAC_PROC)
07394 rsbac_pr_debug(stack, "free stack before registering proc dir: %lu\n",
07395 rsbac_stack_free_space());
07396 rsbac_printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n");
07397 register_all_rsbac_proc();
07398 #endif
07399 rsbac_pr_debug(stack, "free stack before get_super: %lu\n",
07400 rsbac_stack_free_space());
07401 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07402 sb_p = user_get_super(rsbac_root_dev);
07403 #else
07404 sb_p = get_super(rsbac_root_dev);
07405 #endif
07406 if (!sb_p) {
07407 kfree(list_info_p);
07408 return -RSBAC_ENOROOTDEV;
07409 }
07410
07411 rsbac_pr_debug(ds, "reading aci from device "
07412 "number %02u:%02u\n",
07413 RSBAC_MAJOR(rsbac_root_dev),
07414 RSBAC_MINOR(rsbac_root_dev));
07415
07416 new_device_p = create_device_item(sb_p, NULL);
07417 if (!new_device_p) {
07418 rsbac_printk(KERN_CRIT
07419 "rsbac_do_init(): Could not alloc device item!\n");
07420 err = -RSBAC_ECOULDNOTADDDEVICE;
07421 goto out_free;
07422 }
07423
07424
07425 device_p = add_device_item(new_device_p);
07426 if (!device_p) {
07427 rsbac_printk(KERN_CRIT
07428 "rsbac_do_init(): Could not add device!\n");
07429 clear_device_item(new_device_p);
07430 err = -RSBAC_ECOULDNOTADDDEVICE;
07431 goto out_free;
07432 }
07433
07434
07435 rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing generic lists\n");
07436 rsbac_list_init();
07437
07438 rsbac_pr_debug(stack, "free stack before init_debug: %lu\n",
07439 rsbac_stack_free_space());
07440 rsbac_init_debug();
07441
07442 rsbac_printk(KERN_INFO "rsbac_do_init(): reading FD attributes from root dev\n");
07443 rsbac_pr_debug(stack, "free stack before reading FD lists: %lu\n",
07444 rsbac_stack_free_space());
07445
07446 if ((err = register_fd_lists(device_p, rsbac_root_dev))) {
07447 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
07448
07449 if (tmp) {
07450 rsbac_printk(KERN_WARNING "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n",
07451 RSBAC_MAJOR(rsbac_root_dev),
07452 RSBAC_MINOR(rsbac_root_dev),
07453 get_error_name(tmp, err));
07454 rsbac_kfree(tmp);
07455 }
07456 }
07457 rsbac_pr_debug(stack, "free stack before DEV lists registration: %lu\n",
07458 rsbac_stack_free_space());
07459 register_dev_lists();
07460 rsbac_pr_debug(stack, "free stack before registering IPC lists: %lu\n",
07461 rsbac_stack_free_space());
07462 register_ipc_lists();
07463 rsbac_pr_debug(stack, "free stack before registering USER lists 1: %lu\n",
07464 rsbac_stack_free_space());
07465 register_user_lists1();
07466 rsbac_pr_debug(stack, "free stack before registering USER lists 2: %lu\n",
07467 rsbac_stack_free_space());
07468 register_user_lists2();
07469 rsbac_pr_debug(stack, "free stack before registering PROCESS aci: %lu\n",
07470 rsbac_stack_free_space());
07471 register_process_lists();
07472
07473
07474 #ifdef CONFIG_RSBAC_UM
07475 rsbac_pr_debug(stack, "free stack before GROUP lists registration: %lu\n",
07476 rsbac_stack_free_space());
07477 register_group_lists();
07478 #endif
07479
07480 #ifdef CONFIG_RSBAC_NET_DEV
07481 register_netdev_lists();
07482 #endif
07483
07484 #ifdef CONFIG_RSBAC_NET_OBJ
07485 register_nettemp_list();
07486 register_nettemp_aci_lists();
07487 register_netobj_lists();
07488 #endif
07489
07490 #ifdef CONFIG_RSBAC_FD_CACHE
07491 if (!rsbac_fd_cache_disable)
07492 register_fd_cache_lists();
07493 #endif
07494
07495
07496 #if defined(CONFIG_RSBAC_MAC)
07497 rsbac_pr_debug(stack, "free stack before init_mac: %lu\n",
07498 rsbac_stack_free_space());
07499 rsbac_init_mac();
07500 #endif
07501
07502 #ifdef CONFIG_RSBAC_PM
07503 rsbac_pr_debug(stack, "free stack before init_pm: %lu\n",
07504 rsbac_stack_free_space());
07505 rsbac_init_pm();
07506 #endif
07507
07508 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
07509 rsbac_pr_debug(stack, "free stack before init_daz: %lu\n",
07510 rsbac_stack_free_space());
07511 rsbac_init_daz();
07512 #endif
07513
07514 #if defined(CONFIG_RSBAC_RC)
07515 rsbac_pr_debug(stack, "free stack before init_rc: %lu\n",
07516 rsbac_stack_free_space());
07517 rsbac_init_rc();
07518 #endif
07519
07520 #if defined(CONFIG_RSBAC_AUTH)
07521 rsbac_pr_debug(stack, "free stack before init_auth: %lu\n",
07522 rsbac_stack_free_space());
07523 rsbac_init_auth();
07524 if (rsbac_auth_enable_login) {
07525 struct dentry *t_dentry;
07526 struct dentry *dir_dentry = NULL;
07527 struct rsbac_auth_fd_aci_t auth_fd_aci =
07528 DEFAULT_AUTH_FD_ACI;
07529
07530 rsbac_printk(KERN_WARNING "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n",
07531 RSBAC_AUTH_LOGIN_PATH);
07532
07533
07534 if (sb_p) {
07535 dir_dentry =
07536 rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_DIR,
07537 sb_p->s_root,
07538 strlen
07539 (RSBAC_AUTH_LOGIN_PATH_DIR));
07540 }
07541 if (!dir_dentry) {
07542 err = -RSBAC_ENOTFOUND;
07543 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07544 RSBAC_AUTH_LOGIN_PATH_DIR);
07545 goto auth_out;
07546 }
07547 if (IS_ERR(dir_dentry)) {
07548 err = PTR_ERR(dir_dentry);
07549 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n",
07550 RSBAC_AUTH_LOGIN_PATH_DIR, err);
07551 goto auth_out;
07552 }
07553 if (!dir_dentry->d_inode) {
07554 err = -RSBAC_ENOTFOUND;
07555 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07556 RSBAC_AUTH_LOGIN_PATH_DIR);
07557 dput(dir_dentry);
07558 goto auth_out;
07559 }
07560 t_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_FILE,
07561 dir_dentry,
07562 strlen
07563 (RSBAC_AUTH_LOGIN_PATH_FILE));
07564 if (!t_dentry) {
07565 err = -RSBAC_ENOTFOUND;
07566 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07567 RSBAC_AUTH_LOGIN_PATH_DIR,
07568 RSBAC_AUTH_LOGIN_PATH_FILE);
07569 goto auth_out;
07570 }
07571 if (IS_ERR(t_dentry)) {
07572 err = PTR_ERR(t_dentry);
07573 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n",
07574 RSBAC_AUTH_LOGIN_PATH_DIR,
07575 RSBAC_AUTH_LOGIN_PATH_FILE, err);
07576 goto auth_out;
07577 }
07578 if (!t_dentry->d_inode) {
07579 err = -RSBAC_ENOTFOUND;
07580 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07581 RSBAC_AUTH_LOGIN_PATH_DIR,
07582 RSBAC_AUTH_LOGIN_PATH_FILE);
07583 dput(t_dentry);
07584 goto auth_out;
07585 }
07586
07587 if (!t_dentry->d_inode) {
07588 rsbac_printk(KERN_WARNING "rsbac_do_init(): file %s not found\n",
07589 RSBAC_AUTH_LOGIN_PATH);
07590 err = -RSBAC_EINVALIDTARGET;
07591 goto auth_out_dput;
07592 }
07593
07594 if (!S_ISREG(t_dentry->d_inode->i_mode)) {
07595 rsbac_printk(KERN_WARNING "rsbac_do_init(): %s is no file\n",
07596 RSBAC_AUTH_LOGIN_PATH);
07597 err = -RSBAC_EINVALIDTARGET;
07598 goto auth_out_dput;
07599 }
07600 rsbac_list_get_data(device_p->handles.auth,
07601 &t_dentry->d_inode->i_ino,
07602 &auth_fd_aci);
07603 auth_fd_aci.auth_may_setuid = TRUE;
07604 if (rsbac_list_add(device_p->handles.auth, &t_dentry->d_inode->i_ino, &auth_fd_aci)) {
07605 rsbac_printk(KERN_WARNING "rsbac_do_init(): Could not add AUTH file/dir item!\n");
07606 err = -RSBAC_ECOULDNOTADDITEM;
07607 }
07608
07609 auth_out_dput:
07610 auth_out:
07611 {
07612 }
07613 }
07614 #endif
07615
07616 #if defined(CONFIG_RSBAC_ACL)
07617 rsbac_pr_debug(stack, "free stack before init_acl: %lu\n",
07618 rsbac_stack_free_space());
07619 rsbac_init_acl();
07620 #endif
07621
07622 #if defined(CONFIG_RSBAC_UM)
07623 rsbac_pr_debug(stack, "free stack before init_um: %lu\n",
07624 rsbac_stack_free_space());
07625 rsbac_init_um();
07626 #endif
07627 rsbac_pr_debug(stack, "free stack before init_adf: %lu\n",
07628 rsbac_stack_free_space());
07629 rsbac_init_adf();
07630
07631
07632 drop_super(sb_p);
07633
07634 #if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS)
07635 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
07636 pax_set_initial_flags_func = rsbac_pax_set_flags_func;
07637 #else
07638 pax_set_flags_func = rsbac_pax_set_flags_func;
07639 #endif
07640 #endif
07641
07642
07643 rsbac_initialized = TRUE;
07644
07645
07646 #ifdef CONFIG_BLK_DEV_INITRD
07647 if (initrd_start) {
07648 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07649 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR, 0));
07650 #else
07651 sb_p = get_super(MKDEV(RAMDISK_MAJOR, 0));
07652 #endif
07653 if (sb_p) {
07654 rsbac_mount(sb_p, NULL);
07655 drop_super(sb_p);
07656 }
07657 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07658 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR, INITRD_MINOR));
07659 #else
07660 sb_p = get_super(MKDEV(RAMDISK_MAJOR, INITRD_MINOR));
07661 #endif
07662 if (sb_p) {
07663 rsbac_mount(sb_p, NULL);
07664 drop_super(sb_p);
07665 }
07666 }
07667 #endif
07668
07669 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07670
07671 if (sysfs_covered_p && sysfs_sb_p) {
07672 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n",
07673 MAJOR(sysfs_sb_p->s_dev),
07674 MINOR(sysfs_sb_p->s_dev));
07675 rsbac_mount(sysfs_sb_p, sysfs_covered_p);
07676 }
07677 #endif
07678
07679
07680 #ifdef CONFIG_DEVFS_MOUNT
07681 if (devfs_covered_p && devfs_sb_p) {
07682 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n",
07683 MAJOR(devfs_sb_p->s_dev),
07684 MINOR(devfs_sb_p->s_dev));
07685 rsbac_mount(devfs_sb_p, devfs_covered_p);
07686 }
07687 #endif
07688
07689
07690 #ifdef CONFIG_RSBAC_INIT_CHECK
07691 rsbac_pr_debug(stack, "free stack before rsbac_check: %lu\n",
07692 rsbac_stack_free_space());
07693 rsbac_printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n");
07694 rsbac_check_lists(1);
07695 #if defined(CONFIG_RSBAC_ACL)
07696 rsbac_check_acl(1);
07697 #endif
07698 #endif
07699
07700 if (!current->fs) {
07701 rsbac_printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n");
07702 err = -RSBAC_EINVALIDPOINTER;
07703 }
07704 out:
07705
07706 rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n");
07707
07708 kfree(list_info_p);
07709 return err;
07710
07711 out_free:
07712
07713 drop_super(sb_p);
07714 goto out;
07715 }
07716
07717
07718 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07719 || defined(CONFIG_RSBAC_INIT_THREAD)
07720
07721 void wakeup_rsbacd(u_long dummy)
07722 {
07723 wake_up(&rsbacd_wait);
07724 }
07725 #endif
07726
07727 #ifdef CONFIG_RSBAC_INIT_THREAD
07728
07729 static int rsbac_initd(void *dummy)
07730 {
07731 rsbac_printk(KERN_INFO "rsbac_initd(): Initializing.\n");
07732 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07733 daemonize();
07734 strcpy(current->comm, "rsbac_initd");
07735 #endif
07736
07737
07738
07739
07740 rsbac_pr_debug(stack, "free stack before rsbac_do_init(): %lu\n",
07741 rsbac_stack_free_space());
07742
07743 rsbac_do_init();
07744
07745 rsbac_pr_debug(stack, "free stack after rsbac_do_init(): %lu\n",
07746 rsbac_stack_free_space());
07747
07748 wake_up(&rsbacd_wait);
07749
07750 rsbac_printk(KERN_INFO "rsbac_initd(): Exiting.\n");
07751 do_exit(0);
07752 return 0;
07753 }
07754 #endif
07755
07756 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
07757
07758 static int rsbacd(void *dummy)
07759 {
07760 struct task_struct *tsk = current;
07761 char *name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
07762 unsigned long list_check_time = jiffies + HZ * rsbac_list_check_interval;
07763
07764 rsbac_printk(KERN_INFO "rsbacd(): Initializing.\n");
07765 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07766 daemonize();
07767 strcpy(tsk->comm, "rsbacd");
07768 #endif
07769
07770
07771
07772 sys_close(0);
07773 sys_close(1);
07774 sys_close(2);
07775 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07776 reparent_to_init();
07777 #endif
07778
07779 rsbac_pr_debug(auto, "Setting auto timer.\n");
07780
07781 #ifndef CONFIG_RSBAC_INIT_THREAD
07782 init_timer(&rsbac_timer);
07783 rsbac_timer.function = wakeup_rsbacd;
07784 rsbac_timer.data = 0;
07785 rsbac_timer.expires = jiffies + auto_interval;
07786 add_timer(&rsbac_timer);
07787 #endif
07788 rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space());
07789 for (;;) {
07790
07791 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07792
07793 flush_signals(tsk);
07794 spin_lock_irq(&tsk->sighand->siglock);
07795 flush_signal_handlers(tsk, 1);
07796 sigemptyset(&tsk->blocked);
07797 recalc_sigpending();
07798 spin_unlock_irq(&tsk->sighand->siglock);
07799 #else
07800 spin_lock_irq(&tsk->sigmask_lock);
07801 flush_signals(tsk);
07802 sigfillset(&tsk->blocked);
07803 recalc_sigpending(tsk);
07804 spin_unlock_irq(&tsk->sigmask_lock);
07805 #endif
07806
07807 mod_timer(&rsbac_timer, jiffies + auto_interval);
07808 interruptible_sleep_on(&rsbacd_wait);
07809
07810
07811
07812 if (time_after_eq(jiffies, list_check_time)) {
07813 list_check_time =
07814 jiffies +
07815 HZ * rsbac_list_check_interval;
07816 rsbac_pr_debug(auto, "cleaning up lists\n");
07817 rsbac_check_lists(1);
07818 }
07819
07820 if (rsbac_initialized && !rsbac_debug_no_write) {
07821 int err = 0;
07822
07823
07824 down(&rsbac_write_sem);
07825 if (!rsbac_debug_no_write) {
07826 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07827 err = rsbac_write(FALSE);
07828 #else
07829 err = rsbac_write(TRUE);
07830 #endif
07831 }
07832 up(&rsbac_write_sem);
07833 if (err < 0) {
07834 if (name)
07835 rsbac_printk(KERN_WARNING "rsbacd(): rsbac_write returned error %s!\n",
07836 get_error_name(name,
07837 err));
07838 else
07839 rsbac_printk(KERN_WARNING "rsbacd(): rsbac_write returned error %i!\n",
07840 err);
07841 } else if (err > 0)
07842 rsbac_pr_debug(auto, "rsbac_write() wrote %i "
07843 "lists\n", err);
07844 }
07845 try_to_freeze();
07846 }
07847 return 0;
07848 }
07849 #endif
07850
07851
07852
07853
07854
07855
07856
07857
07858 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07859
07860 extern long sys_kill(int pid, int sig);
07861 #endif
07862
07863 struct rsbac_kthread_t {
07864 struct list_head list;
07865 rsbac_pid_t pid;
07866 };
07867 struct rsbac_kthread_t * rsbac_kthread;
07868 int rsbac_kthread_size_t;
07869
07870 int rsbac_kthreads_init(void)
07871 {
07872 rsbac_kthread_size_t = sizeof(struct rsbac_kthread_t);
07873 rsbac_kthread = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07874 INIT_LIST_HEAD(&rsbac_kthread->list);
07875 return 0;
07876 }
07877
07878 int rsbac_mark_kthread(rsbac_pid_t pid)
07879 {
07880 struct rsbac_kthread_t * rsbac_kthread_new;
07881
07882 if (rsbac_initialized)
07883 return 0;
07884 rsbac_kthread_new = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07885 rsbac_kthread_new->pid = pid;
07886 list_add(&rsbac_kthread_new->list, &rsbac_kthread->list);
07887 return 0;
07888 }
07889
07890 #ifdef CONFIG_RSBAC_INIT_DELAY
07891 int rsbac_init(kdev_t root_dev)
07892 #else
07893 int __init rsbac_init(kdev_t root_dev)
07894 #endif
07895 {
07896 struct rsbac_kthread_t * rsbac_kthread_entry;
07897 struct list_head * p;
07898 #ifdef CONFIG_RSBAC_RC
07899 struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
07900 #endif
07901 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07902 #ifdef CONFIG_RSBAC_INIT_THREAD
07903 struct task_struct * rsbac_init_thread;
07904 #endif
07905 struct task_struct * rsbacd_thread;
07906 #endif
07907 rsbac_pid_t init_pid;
07908
07909
07910 int err = 0;
07911 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07912 || defined(CONFIG_RSBAC_INIT_THREAD)
07913 rsbac_pid_t rsbacd_pid;
07914 #endif
07915
07916 if (rsbac_initialized) {
07917 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n");
07918 return (-RSBAC_EREINIT);
07919 }
07920 if (!current->fs) {
07921 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n");
07922 return (-RSBAC_EINVALIDPOINTER);
07923 }
07924
07925 rsbac_root_dev = root_dev;
07926
07927 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07928 || defined(CONFIG_RSBAC_INIT_THREAD)
07929
07930 init_waitqueue_head(&rsbacd_wait);
07931 #endif
07932
07933 #ifdef CONFIG_RSBAC_INIT_THREAD
07934
07935 #ifdef CONFIG_RSBAC_MAX_INIT_TIME
07936 #endif
07937 rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
07938 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
07939 init_timer(&rsbac_timer);
07940 rsbac_timer.function = wakeup_rsbacd;
07941 rsbac_timer.data = 0;
07942 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
07943 add_timer(&rsbac_timer);
07944
07945
07946 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07947 rsbac_init_thread = kthread_create(rsbac_initd, NULL, "rsbac_initd");
07948 if (IS_ERR(rsbac_init_thread))
07949 goto panic;
07950 rsbacd_pid = rsbac_init_thread->pid;
07951 wake_up_process(rsbac_init_thread);
07952 #else
07953 rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0);
07954 if (rsbacd_pid < 0)
07955 goto panic;
07956 #endif
07957 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n",
07958 rsbacd_pid);
07959
07960 if (!rsbac_initialized)
07961 interruptible_sleep_on(&rsbacd_wait);
07962 if (!rsbac_initialized) {
07963 rsbac_printk(KERN_ERR
07964 "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
07965 rsbac_printk(KERN_ERR
07966 "rsbac_init(): *** Killing rsbac_initd! ***\n");
07967 sys_kill(rsbacd_pid, SIGKILL);
07968 rsbac_initialized = FALSE;
07969 }
07970 #else
07971 rsbac_do_init();
07972 #endif
07973
07974 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
07975 if (rsbac_initialized) {
07976
07977 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07978 rsbacd_thread = kthread_create(rsbacd, NULL, "rsbacd");
07979 rsbacd_pid = rsbacd_thread->pid;
07980 wake_up_process(rsbacd_thread);
07981 #else
07982 rsbacd_pid =
07983 kernel_thread(rsbacd, NULL,
07984 CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
07985 #endif
07986 if (rsbacd_pid < 0) {
07987 rsbac_printk(KERN_ERR
07988 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
07989 rsbacd_pid);
07990 } else {
07991 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
07992 rsbacd_pid);
07993 }
07994 }
07995 #endif
07996
07997
07998
07999 #ifdef CONFIG_RSBAC_INIT_THREAD
08000 sys_wait4(-1, NULL, WNOHANG, NULL);
08001 #endif
08002
08003
08004 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08005 {
08006 #ifdef CONFIG_RSBAC_MAC
08007 struct rsbac_mac_user_aci_t * mac_u_aci_p;
08008 #endif
08009 #ifdef CONFIG_RSBAC_RC
08010 struct rsbac_rc_user_aci_t * rc_u_aci_p;
08011 #endif
08012 rsbac_uid_t user = RSBAC_SYSADM_UID;
08013 rsbac_pid_t pid = 1;
08014 struct task_struct *p;
08015
08016 union rsbac_target_id_t k_tid;
08017 union rsbac_attribute_value_t k_attr_val;
08018
08019 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
08020
08021 #ifdef CONFIG_RSBAC_MAC
08022 mac_u_aci_p = rsbac_kmalloc(sizeof(*mac_u_aci_p));
08023 if (mac_u_aci_p) {
08024 if(!rsbac_list_get_data
08025 (user_handles.mac, &user, mac_u_aci_p)) {
08026 mac_init_p_aci.owner_sec_level =
08027 mac_u_aci_p->security_level;
08028 mac_init_p_aci.owner_initial_sec_level =
08029 mac_u_aci_p->initial_security_level;
08030 mac_init_p_aci.current_sec_level =
08031 mac_u_aci_p->initial_security_level;
08032 mac_init_p_aci.owner_min_sec_level =
08033 mac_u_aci_p->min_security_level;
08034 mac_init_p_aci.mac_owner_categories =
08035 mac_u_aci_p->mac_categories;
08036 mac_init_p_aci.mac_owner_initial_categories =
08037 mac_u_aci_p->mac_initial_categories;
08038 mac_init_p_aci.mac_curr_categories =
08039 mac_u_aci_p->mac_initial_categories;
08040 mac_init_p_aci.mac_owner_min_categories =
08041 mac_u_aci_p->mac_min_categories;
08042 mac_init_p_aci.min_write_open =
08043 mac_u_aci_p->security_level;
08044 mac_init_p_aci.max_read_open =
08045 mac_u_aci_p->min_security_level;
08046 mac_init_p_aci.min_write_categories =
08047 mac_u_aci_p->mac_categories;
08048 mac_init_p_aci.max_read_categories =
08049 mac_u_aci_p->mac_min_categories;
08050 mac_init_p_aci.mac_process_flags =
08051 (mac_u_aci_p->
08052 mac_user_flags & RSBAC_MAC_P_FLAGS) |
08053 RSBAC_MAC_DEF_INIT_P_FLAGS;
08054 }
08055 rsbac_kfree(mac_u_aci_p);
08056 }
08057 #endif
08058
08059
08060 #ifdef CONFIG_RSBAC_MAC
08061 if (rsbac_list_add
08062 (process_handles.mac, &pid,
08063 &mac_init_p_aci))
08064 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process 1 could not be added!");
08065 #endif
08066 #ifdef CONFIG_RSBAC_RC
08067
08068 if (rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) {
08069 rc_u_aci_p = rsbac_kmalloc(sizeof(*rc_u_aci_p));
08070 if (rc_u_aci_p) {
08071 if (!rsbac_list_get_data
08072 (user_handles.rc, &user, rc_u_aci_p)) {
08073 rc_init_p_aci.rc_role = rc_u_aci_p->rc_role;
08074 } else {
08075 rsbac_ds_get_error("rsbac_do_init",
08076 A_rc_def_role);
08077 rc_init_p_aci.rc_role =
08078 RSBAC_RC_GENERAL_ROLE;
08079 }
08080 rsbac_kfree(rc_u_aci_p);
08081 }
08082 }
08083 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
08084 if (rsbac_list_add
08085 (process_handles.rc, &pid,
08086 &rc_init_p_aci))
08087 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Init process 1 could not be added!");
08088 #endif
08089 read_lock(&tasklist_lock);
08090 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08091 for_each_task(p)
08092 #else
08093 for_each_process(p)
08094 #endif
08095 {
08096
08097 if (!p->pid || (p->pid == 1))
08098 continue;
08099 pid = p->pid;
08100 rsbac_pr_debug(ds, "setting aci for process %u (%s)\n", pid, p->comm);
08101 #ifdef CONFIG_RSBAC_MAC
08102 if (rsbac_list_add
08103 (process_handles.mac, &pid,
08104 &mac_init_p_aci))
08105 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process %u could not be added!\n",
08106 pid);
08107 #endif
08108 #ifdef CONFIG_RSBAC_RC
08109 k_tid.process = p->pid;
08110 if (rsbac_get_attr(SW_GEN, T_PROCESS,
08111 k_tid,
08112 A_kernel_thread,
08113 &k_attr_val,
08114 FALSE)) {
08115 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", pid);
08116 }
08117 if (k_attr_val.kernel_thread) {
08118 if (rsbac_list_add
08119 (process_handles.rc,
08120 &pid, &rc_kernel_p_aci))
08121 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n",
08122 pid);
08123 }
08124 #endif
08125 }
08126 read_unlock(&tasklist_lock);
08127 }
08128 list_for_each(p, &rsbac_kthread->list) {
08129 rsbac_kthread_entry = list_entry(p,
08130 struct rsbac_kthread_t, list);
08131 if (rsbac_kthread_entry->pid != 1
08132 && rsbac_kthread_entry->pid != rsbacd_pid)
08133 {
08134 read_lock(&tasklist_lock);
08135 if(find_task_by_pid(rsbac_kthread_entry->pid)) {
08136 read_unlock(&tasklist_lock);
08137 rsbac_kthread_notify(rsbac_kthread_entry->pid);
08138 }
08139 else {
08140 read_unlock(&tasklist_lock);
08141 rsbac_pr_debug(ds, "rsbac_do_init(): skipping gone away pid %u\n",
08142 rsbac_kthread_entry->pid);
08143 }
08144
08145
08146
08147
08148
08149
08150
08151
08152 }
08153 }
08154 init_pid = 1;
08155 #ifdef CONFIG_RSBAC_MAC
08156 if (rsbac_list_add(process_handles.mac, &init_pid, &mac_init_p_aci))
08157 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"init\" process could not be added!");
08158 if (rsbac_list_add(process_handles.mac, &rsbacd_pid, &mac_init_p_aci))
08159 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"rsbacd\" process could not be added!");
08160 #endif
08161 #ifdef CONFIG_RSBAC_RC
08162 if (rsbac_list_add(process_handles.rc, &init_pid, &rc_init_p_aci))
08163 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"init\" process could not be added");
08164 if (rsbac_list_add(process_handles.rc, &rsbacd_pid, &rc_kernel_p_aci))
08165 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"rsbacd\" process could not be added");
08166 #endif
08167
08168
08169 #endif
08170
08171 rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n");
08172 return err;
08173
08174 #ifdef CONFIG_RSBAC_INIT_THREAD
08175 panic:
08176 rsbac_printk(KERN_ERR "rsbac_init(): *** RSBAC init failed to start - RSBAC not correctly initialized! ***\n");
08177
08178 #if !defined(CONFIG_RSBAC_MAINT)
08179 #ifdef CONFIG_RSBAC_SOFTMODE
08180 if (!rsbac_softmode)
08181 panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n");
08182 #endif
08183 panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n");
08184 #endif
08185 #endif
08186 }
08187
08188 int rsbac_kthread_notify(rsbac_pid_t pid)
08189 {
08190 if (!rsbac_initialized)
08191 return 0;
08192
08193
08194
08195 #ifdef CONFIG_RSBAC_MAC
08196 if (rsbac_list_add
08197 (process_handles.mac, &pid, &mac_init_p_aci))
08198 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): MAC ACI for kernel process %u could not be added!",
08199 pid);
08200 #endif
08201 #ifdef CONFIG_RSBAC_RC
08202 if (rsbac_list_add
08203 (process_handles.rc, &pid, &rc_kernel_p_aci))
08204 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): RC ACI for kernel process %u could not be added!",
08205 pid);
08206 #endif
08207 return 0;
08208 }
08209
08210
08211
08212 int rsbac_mount(struct super_block *sb_p, struct dentry *d_covers)
08213 {
08214 int err = 0;
08215 struct rsbac_device_list_item_t *device_p;
08216 struct rsbac_device_list_item_t *new_device_p;
08217 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08218 u_long flags;
08219 #endif
08220 rsbac_boolean_t old_no_write;
08221 u_int hash;
08222
08223 if (!sb_p) {
08224 rsbac_printk(KERN_WARNING "rsbac_mount(): called with NULL pointer\n");
08225 return -RSBAC_EINVALIDPOINTER;
08226 }
08227 if (!rsbac_initialized) {
08228 #ifdef CONFIG_RSBAC_INIT_DELAY
08229 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08230 if (!RSBAC_MAJOR(rsbac_delayed_root)
08231 && !RSBAC_MINOR(rsbac_delayed_root)
08232 && rsbac_delayed_root_str[0]
08233 ) {
08234 char *p = rsbac_delayed_root_str;
08235 u_int major = 0;
08236 u_int minor = 0;
08237
08238 major = simple_strtoul(p, NULL, 0);
08239 while ((*p != ':') && (*p != '\0'))
08240 p++;
08241 if (*p) {
08242 p++;
08243 minor = simple_strtoul(p, NULL, 0);
08244 }
08245 rsbac_delayed_root = RSBAC_MKDEV(major, minor);
08246 }
08247 #endif
08248 if (!rsbac_no_delay_init
08249 && ((!RSBAC_MAJOR(rsbac_delayed_root)
08250 && !RSBAC_MINOR(rsbac_delayed_root)
08251 && (MAJOR(sb_p->s_dev) > 1)
08252 )
08253 || ((RSBAC_MAJOR(rsbac_delayed_root)
08254 || RSBAC_MINOR(rsbac_delayed_root)
08255 )
08256 &&
08257 ((MAJOR(sb_p->s_dev) ==
08258 RSBAC_MAJOR(rsbac_delayed_root))
08259 && (!RSBAC_MINOR(rsbac_delayed_root)
08260 || (MINOR(sb_p->s_dev) ==
08261 RSBAC_MINOR(rsbac_delayed_root))
08262 )
08263 )
08264 )
08265 )
08266 ) {
08267 if (RSBAC_MAJOR(rsbac_delayed_root)
08268 || RSBAC_MINOR(rsbac_delayed_root)) {
08269 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
08270 MAJOR(sb_p->s_dev),
08271 MINOR(sb_p->s_dev),
08272 RSBAC_MAJOR
08273 (rsbac_delayed_root),
08274 RSBAC_MINOR
08275 (rsbac_delayed_root));
08276 } else {
08277 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
08278 MAJOR(sb_p->s_dev),
08279 MINOR(sb_p->s_dev));
08280 }
08281 rsbac_init(sb_p->s_dev);
08282 return 0;
08283 }
08284 #endif
08285
08286 rsbac_printk(KERN_WARNING "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
08287 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08288
08289 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08290 if ((sb_p->s_magic == SYSFS_MAGIC)
08291 && !RSBAC_MAJOR(sb_p->s_dev)
08292 ) {
08293 rsbac_printk(KERN_WARNING "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
08294 sysfs_sb_p = sb_p;
08295 sysfs_covered_p = d_covers;
08296 }
08297 #endif
08298 #ifdef CONFIG_DEVFS_MOUNT
08299 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC)
08300 && !RSBAC_MAJOR(sb_p->s_dev)
08301 ) {
08302 rsbac_printk(KERN_WARNING "rsbac_mount(): devfs mount detected, keeping values for later use\n");
08303 devfs_sb_p = sb_p;
08304 devfs_covered_p = d_covers;
08305 }
08306 #endif
08307 return (-RSBAC_ENOTINITIALIZED);
08308 }
08309 rsbac_pr_debug(ds, "mounting device %02u:%02u\n",
08310 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08311 rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space());
08312 down(&rsbac_write_sem);
08313 old_no_write = rsbac_debug_no_write;
08314 rsbac_debug_no_write = TRUE;
08315 up(&rsbac_write_sem);
08316 hash = device_hash(sb_p->s_dev);
08317 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08318 rcu_read_lock();
08319 #else
08320 rsbac_read_lock(&device_list_locks[hash], &flags);
08321 #endif
08322 device_p = lookup_device(sb_p->s_dev, hash);
08323
08324 if (device_p) {
08325 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
08326 device_p->mount_count, MAJOR(sb_p->s_dev),
08327 MINOR(sb_p->s_dev));
08328 device_p->mount_count++;
08329 if (d_covers
08330 && !device_p->d_covers
08331 && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev))
08332 && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev))
08333 ) {
08334 rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
08335 d_covers);
08336 device_p->d_covers = d_covers;
08337 }
08338 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08339 rcu_read_unlock();
08340 #else
08341 rsbac_read_unlock(&device_list_locks[hash], &flags);
08342 #endif
08343 } else {
08344 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08345 rcu_read_unlock();
08346 #else
08347 rsbac_read_unlock(&device_list_locks[hash], &flags);
08348 #endif
08349
08350 new_device_p = create_device_item(sb_p, d_covers);
08351 rsbac_pr_debug(stack, "after creating device item: free stack: %lu\n",
08352 rsbac_stack_free_space());
08353 if (!new_device_p) {
08354 rsbac_debug_no_write = old_no_write;
08355 return -RSBAC_ECOULDNOTADDDEVICE;
08356 }
08357
08358 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08359 rcu_read_lock();
08360 #else
08361 rsbac_read_lock(&device_list_locks[hash], &flags);
08362 #endif
08363
08364 device_p = lookup_device(sb_p->s_dev, hash);
08365 if (device_p) {
08366 rsbac_printk(KERN_WARNING "rsbac_mount(): mount race for device %02u:%02u detected!\n",
08367 MAJOR(sb_p->s_dev),
08368 MINOR(sb_p->s_dev));
08369 device_p->mount_count++;
08370 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08371 rcu_read_unlock();
08372 #else
08373 rsbac_read_unlock(&device_list_locks[hash], &flags);
08374 #endif
08375 clear_device_item(new_device_p);
08376 } else {
08377 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08378 rcu_read_unlock();
08379 #else
08380 rsbac_read_unlock(&device_list_locks[hash], &flags);
08381 #endif
08382 device_p = add_device_item(new_device_p);
08383 if (!device_p) {
08384 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
08385 MAJOR(sb_p->s_dev),
08386 MINOR(sb_p->s_dev));
08387 clear_device_item(new_device_p);
08388 rsbac_debug_no_write = old_no_write;
08389 return -RSBAC_ECOULDNOTADDDEVICE;
08390 }
08391 }
08392
08393
08394 rsbac_list_mount(sb_p->s_dev);
08395
08396
08397 if ((err = register_fd_lists(new_device_p, sb_p->s_dev))) {
08398 char *tmp;
08399
08400 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
08401 if (tmp) {
08402 rsbac_printk(KERN_WARNING "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
08403 MAJOR(sb_p->s_dev),
08404 MINOR(sb_p->s_dev),
08405 get_error_name(tmp, err));
08406 rsbac_kfree(tmp);
08407 }
08408 }
08409 rsbac_pr_debug(stack, "after registering fd lists: free stack: %lu\n",
08410 rsbac_stack_free_space());
08411 }
08412
08413
08414 #if defined(CONFIG_RSBAC_MAC)
08415 rsbac_mount_mac(sb_p->s_dev);
08416 rsbac_pr_debug(stack, "after mount_mac: free stack: %lu\n",
08417 rsbac_stack_free_space());
08418 #endif
08419 #if defined(CONFIG_RSBAC_AUTH)
08420 rsbac_mount_auth(sb_p->s_dev);
08421 rsbac_pr_debug(stack, "after mount_auth: free stack: %lu\n",
08422 rsbac_stack_free_space());
08423 #endif
08424 #if defined(CONFIG_RSBAC_ACL)
08425 rsbac_mount_acl(sb_p->s_dev);
08426 rsbac_pr_debug(stack, "after mount_acl: free stack: %lu\n",
08427 rsbac_stack_free_space());
08428 #endif
08429 #if defined(CONFIG_RSBAC_REG)
08430 rsbac_mount_reg(sb_p->s_dev);
08431 rsbac_pr_debug(stack, "after mount_reg: free stack: %lu\n",
08432 rsbac_stack_free_space());
08433 #endif
08434
08435 rsbac_debug_no_write = old_no_write;
08436 return (err);
08437 }
08438
08439
08440
08441
08442 int rsbac_umount(struct super_block *sb_p, struct dentry *d_covers)
08443 {
08444 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08445 u_long flags;
08446 #endif
08447 struct rsbac_device_list_item_t *device_p;
08448 kdev_t kdev;
08449 u_int hash;
08450
08451 if (!sb_p) {
08452 rsbac_printk(KERN_WARNING "rsbac_umount(): called with NULL pointer\n");
08453 return -RSBAC_EINVALIDPOINTER;
08454 }
08455 if (!rsbac_initialized) {
08456 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
08457
08458 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08459 if ((sb_p->s_magic == SYSFS_MAGIC)
08460 && !RSBAC_MAJOR(sb_p->s_dev)
08461 && sysfs_sb_p && sysfs_covered_p) {
08462 rsbac_printk(KERN_WARNING "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
08463 sysfs_sb_p = NULL;
08464 sysfs_covered_p = NULL;
08465 }
08466 #endif
08467 #ifdef CONFIG_DEVFS_MOUNT
08468 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC)
08469 && !RSBAC_MAJOR(sb_p->s_dev)
08470 && devfs_sb_p && devfs_covered_p) {
08471 rsbac_printk(KERN_WARNING "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
08472 devfs_sb_p = NULL;
08473 devfs_covered_p = NULL;
08474 }
08475 #endif
08476
08477 return (-RSBAC_ENOTINITIALIZED);
08478 }
08479 rsbac_pr_debug(ds, "umounting device %02u:%02u\n",
08480 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08481 kdev = sb_p->s_dev;
08482
08483
08484 #if defined(CONFIG_RSBAC_AUTO_WRITE)
08485 if (!rsbac_debug_no_write) {
08486 down(&rsbac_write_sem);
08487
08488 if (!rsbac_debug_no_write) {
08489 rsbac_write(TRUE);
08490 }
08491 up(&rsbac_write_sem);
08492 }
08493 #endif
08494
08495 #if defined(CONFIG_RSBAC_MAC)
08496 rsbac_umount_mac(kdev);
08497 #endif
08498 #if defined(CONFIG_RSBAC_AUTH)
08499 rsbac_umount_auth(kdev);
08500 #endif
08501 #if defined(CONFIG_RSBAC_ACL)
08502 rsbac_umount_acl(kdev);
08503 #endif
08504 #if defined(CONFIG_RSBAC_REG)
08505 rsbac_umount_reg(kdev);
08506 #endif
08507
08508 hash = device_hash(kdev);
08509
08510 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08511 spin_lock(&device_list_locks[hash]);
08512 #else
08513 rsbac_write_lock(&device_list_locks[hash], &flags);
08514 #endif
08515
08516 device_p = lookup_device(kdev, hash);
08517 if (device_p) {
08518 if (device_p->mount_count == 1) {
08519
08520 rsbac_list_umount(kdev);
08521
08522 remove_device_item(kdev);
08523 } else {
08524 if (device_p->mount_count > 1) {
08525 device_p->mount_count--;
08526 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08527 spin_unlock(&device_list_locks[hash]);
08528 #endif
08529 if (device_p->d_covers == d_covers) {
08530 rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
08531 RSBAC_MAJOR(kdev),
08532 RSBAC_MINOR(kdev));
08533 device_p->d_covers = NULL;
08534 }
08535 } else {
08536 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08537 spin_unlock(&device_list_locks[hash]);
08538 #endif
08539 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
08540 RSBAC_MAJOR(kdev),
08541 RSBAC_MINOR(kdev));
08542 }
08543 }
08544 }
08545 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08546 else
08547 spin_unlock(&device_list_locks[hash]);
08548 #else
08549 rsbac_write_unlock(&device_list_locks[hash], &flags);
08550 #endif
08551 #ifdef CONFIG_RSBAC_FD_CACHE
08552 rsbac_fd_cache_invalidate_all();
08553 #endif
08554
08555 return 0;
08556 }
08557
08558
08559
08560
08561 int rsbac_free_dat_dentries(void)
08562 {
08563 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08564 u_long flags;
08565 #endif
08566 struct rsbac_device_list_item_t *device_p;
08567 u_int i;
08568
08569 if (!rsbac_initialized) {
08570 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
08571 return (-RSBAC_ENOTINITIALIZED);
08572 }
08573
08574 rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
08575
08576 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
08577 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08578 spin_lock(&device_list_locks[i]);
08579 #else
08580 rsbac_write_lock(&device_list_locks[i], &flags);
08581 #endif
08582 device_p = device_head_p[i]->head;
08583 while (device_p) {
08584 if (device_p->rsbac_dir_dentry_p) {
08585 dput(device_p->rsbac_dir_dentry_p);
08586 device_p->rsbac_dir_dentry_p = NULL;
08587 }
08588 device_p = device_p->next;
08589 }
08590 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08591 spin_unlock(&device_list_locks[i]);
08592 #else
08593 rsbac_write_unlock(&device_list_locks[i], &flags);
08594 #endif
08595 }
08596 return 0;
08597 }
08598
08599
08600
08601
08602 int rsbac_stats(void)
08603 {
08604 struct rsbac_device_list_item_t *device_p;
08605 u_long fd_count = 0, fd_sum = 0;
08606 u_long dev_sum = 0;
08607 u_long ipc_sum = 0;
08608 u_long user_sum = 0;
08609 u_long process_sum = 0;
08610 #if defined(CONFIG_RSBAC_UM)
08611 u_long group_sum = 0;
08612 #endif
08613 #if defined(CONFIG_RSBAC_NET_OBJ)
08614 u_long nettemp_sum = 0;
08615 u_long lnetobj_sum = 0;
08616 u_long rnetobj_sum = 0;
08617 #endif
08618 u_long total_sum = 0;
08619 long tmp_count = 0;
08620 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08621 u_long dflags;
08622 #endif
08623 u_int i;
08624
08625 if (!rsbac_initialized) {
08626 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
08627 return (-RSBAC_ENOTINITIALIZED);
08628 }
08629 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
08630 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08631 rcu_read_lock();
08632 #else
08633 rsbac_read_lock(&device_list_locks[i], &dflags);
08634 #endif
08635
08636
08637 device_p = rcu_dereference(device_head_p[i])->head;
08638 while (device_p) {
08639 fd_count = rsbac_list_count(device_p->handles.gen);
08640 if (fd_count > 0) {
08641 rsbac_printk(", %lu GEN", fd_count);
08642 fd_sum += fd_count;
08643 }
08644
08645 #if defined(CONFIG_RSBAC_MAC)
08646 fd_count = rsbac_list_count(device_p->handles.mac);
08647 if (fd_count > 0) {
08648 rsbac_printk(", %lu MAC", fd_count);
08649 fd_sum += fd_count;
08650 }
08651 #endif
08652
08653 #if defined(CONFIG_RSBAC_PM)
08654 fd_count = rsbac_list_count(device_p->handles.pm);
08655 if (fd_count > 0) {
08656 rsbac_printk(", %lu PM", fd_count);
08657 fd_sum += fd_count;
08658 }
08659 #endif
08660
08661 #if defined(CONFIG_RSBAC_DAZ)
08662 fd_count = rsbac_list_count(device_p->handles.daz);
08663 if (fd_count > 0) {
08664 rsbac_printk(", %lu DAZ", fd_count);
08665 fd_sum += fd_count;
08666 }
08667 #if defined(CONFIG_RSBAC_DAZ_CACHE)
08668 fd_count = rsbac_list_count(device_p->handles.dazs);
08669 if (fd_count > 0) {
08670 rsbac_printk(", %lu DAZ SCANNED", fd_count);
08671 fd_sum += fd_count;
08672 }
08673 #endif
08674 #endif
08675
08676 #if defined(CONFIG_RSBAC_FF)
08677 fd_count = rsbac_list_count(device_p->handles.ff);
08678 if (fd_count > 0) {
08679 rsbac_printk(", %lu FF", fd_count);
08680 fd_sum += fd_count;
08681 }
08682 #endif
08683
08684 #if defined(CONFIG_RSBAC_RC)
08685 fd_count = rsbac_list_count(device_p->handles.rc);
08686 if (fd_count > 0) {
08687 rsbac_printk(", %lu RC", fd_count);
08688 fd_sum += fd_count;
08689 }
08690 #endif
08691
08692 #if defined(CONFIG_RSBAC_AUTH)
08693 fd_count = rsbac_list_count(device_p->handles.auth);
08694 if (fd_count > 0) {
08695 rsbac_printk(", %lu AUTH", fd_count);
08696 fd_sum += fd_count;
08697 }
08698 #endif
08699
08700 #if defined(CONFIG_RSBAC_CAP)
08701 fd_count = rsbac_list_count(device_p->handles.cap);
08702 if (fd_count > 0) {
08703 rsbac_printk(", %lu CAP", fd_count);
08704 fd_sum += fd_count;
08705 }
08706 #endif
08707 #if defined(CONFIG_RSBAC_RES)
08708 fd_count = rsbac_list_count(device_p->handles.res);
08709 if (fd_count > 0) {
08710 rsbac_printk(", %lu RES", fd_count);
08711 fd_sum += fd_count;
08712 }
08713 #endif
08714 #if defined(CONFIG_RSBAC_PAX)
08715 fd_count = rsbac_list_count(device_p->handles.pax);
08716 if (fd_count > 0) {
08717 rsbac_printk(", %lu PAX", fd_count);
08718 fd_sum += fd_count;
08719 }
08720 #endif
08721
08722 rsbac_printk("\n");
08723 device_p = device_p->next;
08724 }
08725 tmp_count += rcu_dereference(device_head_p[i])->count;
08726 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08727 rcu_read_unlock();
08728 #else
08729 rsbac_read_unlock(&device_list_locks[i], &dflags);
08730 #endif
08731 }
08732 rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
08733 tmp_count, fd_sum);
08734
08735 total_sum += fd_sum;
08736
08737
08738 tmp_count = rsbac_list_count(dev_handles.gen);
08739 rsbac_printk(KERN_INFO "DEV items: %lu GEN", tmp_count);
08740 dev_sum += tmp_count;
08741 #if defined(CONFIG_RSBAC_MAC)
08742 tmp_count = rsbac_list_count(dev_handles.mac);
08743 rsbac_printk(", %lu MAC", tmp_count);
08744 dev_sum += tmp_count;
08745 #endif
08746 #if defined(CONFIG_RSBAC_PM)
08747 tmp_count = rsbac_list_count(dev_handles.pm);
08748 rsbac_printk(", %lu PM", tmp_count);
08749 dev_sum += tmp_count;
08750 #endif
08751 #if defined(CONFIG_RSBAC_RC)
08752 tmp_count = rsbac_list_count(dev_major_handles.rc);
08753 rsbac_printk(", %lu major RC", tmp_count);
08754 dev_sum += tmp_count;
08755 tmp_count = rsbac_list_count(dev_handles.rc);
08756 rsbac_printk(", %lu RC", tmp_count);
08757 dev_sum += tmp_count;
08758 #endif
08759 rsbac_printk("\n");
08760 rsbac_printk(KERN_INFO "Sum of %lu DEV items\n", dev_sum);
08761 total_sum += dev_sum;
08762
08763
08764 rsbac_printk(KERN_INFO "IPC items: no GEN");
08765 #if defined(CONFIG_RSBAC_MAC)
08766 tmp_count = rsbac_list_count(ipc_handles.mac);
08767 rsbac_printk(", %lu MAC", tmp_count);
08768 ipc_sum += tmp_count;
08769 #endif
08770 #if defined(CONFIG_RSBAC_PM)
08771 tmp_count = rsbac_list_count(ipc_handles.pm);
08772 rsbac_printk(", %lu PM", tmp_count);
08773 ipc_sum += tmp_count;
08774 #endif
08775 #if defined(CONFIG_RSBAC_RC)
08776 tmp_count = rsbac_list_count(ipc_handles.rc);
08777 rsbac_printk(", %lu RC", tmp_count);
08778 ipc_sum += tmp_count;
08779 #endif
08780 #if defined(CONFIG_RSBAC_JAIL)
08781 tmp_count = rsbac_list_count(ipc_handles.jail);
08782 rsbac_printk(", %lu JAIL", tmp_count);
08783 ipc_sum += tmp_count;
08784 #endif
08785 rsbac_printk("\n");
08786 rsbac_printk(KERN_INFO "Sum of %lu IPC items\n", ipc_sum);
08787 total_sum += ipc_sum;
08788
08789
08790 tmp_count = rsbac_list_count(user_handles.gen);
08791 rsbac_printk(KERN_INFO "USER items: %lu GEN", tmp_count);
08792 user_sum += tmp_count;
08793 #if defined(CONFIG_RSBAC_MAC)
08794 tmp_count = rsbac_list_count(user_handles.mac);
08795 rsbac_printk(", %lu MAC", tmp_count);
08796 user_sum += tmp_count;
08797 #endif
08798 #if defined(CONFIG_RSBAC_PM)
08799 tmp_count = rsbac_list_count(user_handles.pm);
08800 rsbac_printk(", %lu PM", tmp_count);
08801 user_sum += tmp_count;
08802 #endif
08803 #if defined(CONFIG_RSBAC_DAZ)
08804 tmp_count = rsbac_list_count(user_handles.daz);
08805 rsbac_printk(", %lu DAZ", tmp_count);
08806 user_sum += tmp_count;
08807 #endif
08808 #if defined(CONFIG_RSBAC_RC)
08809 tmp_count = rsbac_list_count(user_handles.rc);
08810 rsbac_printk(", %lu RC", tmp_count);
08811 user_sum += tmp_count;
08812 #endif
08813 #if defined(CONFIG_RSBAC_AUTH)
08814 tmp_count = rsbac_list_count(user_handles.auth);
08815 rsbac_printk(", %lu AUTH", tmp_count);
08816 user_sum += tmp_count;
08817 #endif
08818 #if defined(CONFIG_RSBAC_CAP)
08819 tmp_count = rsbac_list_count(user_handles.cap);
08820 rsbac_printk(", %lu CAP", tmp_count);
08821 user_sum += tmp_count;
08822 #endif
08823 #if defined(CONFIG_RSBAC_JAIL)
08824 tmp_count = rsbac_list_count(user_handles.jail);
08825 rsbac_printk(", %lu JAIL", tmp_count);
08826 user_sum += tmp_count;
08827 #endif
08828 #if defined(CONFIG_RSBAC_RES)
08829 tmp_count = rsbac_list_count(user_handles.res);
08830 rsbac_printk(", %lu RES", tmp_count);
08831 user_sum += tmp_count;
08832 #endif
08833 #if defined(CONFIG_RSBAC_PAX)
08834 tmp_count = rsbac_list_count(user_handles.pax);
08835 rsbac_printk(", %lu PAX", tmp_count);
08836 user_sum += tmp_count;
08837 #endif
08838 rsbac_printk("\n");
08839 rsbac_printk(KERN_INFO "Sum of %lu USER items\n", user_sum);
08840 total_sum += user_sum;
08841
08842
08843 tmp_count = rsbac_list_count(process_handles.gen);
08844 rsbac_printk(KERN_INFO "PROCESS items: %lu GEN", tmp_count);
08845 process_sum += tmp_count;
08846 #if defined(CONFIG_RSBAC_MAC)
08847 tmp_count = rsbac_list_count(process_handles.mac);
08848 rsbac_printk(", %lu MAC", tmp_count);
08849 process_sum += tmp_count;
08850 #endif
08851 #if defined(CONFIG_RSBAC_PM)
08852 tmp_count = rsbac_list_count(process_handles.pm);
08853 rsbac_printk(", %lu PM", tmp_count);
08854 process_sum += tmp_count;
08855 #endif
08856 #if defined(CONFIG_RSBAC_DAZ)
08857 tmp_count = rsbac_list_count(process_handles.daz);
08858 rsbac_printk(", %lu DAZ", tmp_count);
08859 process_sum += tmp_count;
08860 #endif
08861 #if defined(CONFIG_RSBAC_RC)
08862 tmp_count = rsbac_list_count(process_handles.rc);
08863 rsbac_printk(", %lu RC", tmp_count);
08864 process_sum += tmp_count;
08865 #endif
08866 #if defined(CONFIG_RSBAC_AUTH)
08867 tmp_count = rsbac_list_count(process_handles.auth);
08868 rsbac_printk(", %lu AUTH", tmp_count);
08869 process_sum += tmp_count;
08870 #endif
08871 #if defined(CONFIG_RSBAC_CAP)
08872 tmp_count = rsbac_list_count(process_handles.cap);
08873 rsbac_printk(", %lu CAP", tmp_count);
08874 process_sum += tmp_count;
08875 #endif
08876 #if defined(CONFIG_RSBAC_JAIL)
08877 tmp_count = rsbac_list_count(process_handles.jail);
08878 rsbac_printk(", %lu JAIL", tmp_count);
08879 process_sum += tmp_count;
08880 #endif
08881 rsbac_printk("\n");
08882 rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n", process_sum);
08883 total_sum += process_sum;
08884
08885 #if defined(CONFIG_RSBAC_UM)
08886
08887 rsbac_printk(KERN_INFO "GROUP items: ");
08888 #if defined(CONFIG_RSBAC_RC_UM_PROT)
08889 tmp_count = rsbac_list_count(group_handles.rc);
08890 rsbac_printk("%lu RC", tmp_count);
08891 user_sum += tmp_count;
08892 #endif
08893 rsbac_printk("\n");
08894 rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n", group_sum);
08895 total_sum += group_sum;
08896 #endif
08897
08898 #if defined(CONFIG_RSBAC_NET_OBJ)
08899
08900 rsbac_printk(KERN_INFO "NETTEMP items: ");
08901 #if defined(CONFIG_RSBAC_MAC)
08902 tmp_count = rsbac_list_count(nettemp_handles.mac);
08903 rsbac_printk("%lu MAC, ", tmp_count);
08904 nettemp_sum += tmp_count;
08905 #endif
08906 #if defined(CONFIG_RSBAC_PM)
08907 tmp_count = rsbac_list_count(nettemp_handles.pm);
08908 rsbac_printk("%lu PM, ", tmp_count);
08909 nettemp_sum += tmp_count;
08910 #endif
08911 #if defined(CONFIG_RSBAC_RC)
08912 tmp_count = rsbac_list_count(nettemp_handles.rc);
08913 rsbac_printk("%lu RC, ", tmp_count);
08914 nettemp_sum += tmp_count;
08915 #endif
08916 rsbac_printk("\n");
08917 rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n", nettemp_sum);
08918 total_sum += nettemp_sum;
08919
08920
08921 rsbac_printk(KERN_INFO "Local NETOBJ items:");
08922 #if defined(CONFIG_RSBAC_MAC)
08923 tmp_count = rsbac_list_count(lnetobj_handles.mac);
08924 rsbac_printk(" %lu MAC,", tmp_count);
08925 lnetobj_sum += tmp_count;
08926 #endif
08927 #if defined(CONFIG_RSBAC_PM)
08928 tmp_count = rsbac_list_count(lnetobj_handles.pm);
08929 rsbac_printk(" %lu PM,", tmp_count);
08930 lnetobj_sum += tmp_count;
08931 #endif
08932 #if defined(CONFIG_RSBAC_RC)
08933 tmp_count = rsbac_list_count(lnetobj_handles.rc);
08934 rsbac_printk(" %lu RC", tmp_count);
08935 lnetobj_sum += tmp_count;
08936 #endif
08937 rsbac_printk("\n");
08938 rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
08939 lnetobj_sum);
08940 total_sum += lnetobj_sum;
08941
08942
08943 rsbac_printk(KERN_INFO "Remote NETOBJ items:");
08944 #if defined(CONFIG_RSBAC_MAC)
08945 tmp_count = rsbac_list_count(rnetobj_handles.mac);
08946 rsbac_printk(" %lu MAC,", tmp_count);
08947 rnetobj_sum += tmp_count;
08948 #endif
08949 #if defined(CONFIG_RSBAC_PM)
08950 tmp_count = rsbac_list_count(rnetobj_handles.pm);
08951 rsbac_printk(" %lu PM,", tmp_count);
08952 rnetobj_sum += tmp_count;
08953 #endif
08954 #if defined(CONFIG_RSBAC_RC)
08955 tmp_count = rsbac_list_count(rnetobj_handles.rc);
08956 rsbac_printk(" %lu RC", tmp_count);
08957 rnetobj_sum += tmp_count;
08958 #endif
08959 rsbac_printk("\n");
08960 rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
08961 rnetobj_sum);
08962 total_sum += rnetobj_sum;
08963 #endif
08964
08965 rsbac_printk(KERN_INFO "Total of %lu registered rsbac-items\n", total_sum);
08966
08967 rsbac_printk(KERN_INFO "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n",
08968 rsbac_adf_request_count[T_FILE],
08969 rsbac_adf_request_count[T_DIR],
08970 rsbac_adf_request_count[T_FIFO],
08971 rsbac_adf_request_count[T_SYMLINK],
08972 rsbac_adf_request_count[T_DEV],
08973 rsbac_adf_request_count[T_IPC],
08974 rsbac_adf_request_count[T_SCD],
08975 rsbac_adf_request_count[T_USER],
08976 rsbac_adf_request_count[T_PROCESS],
08977 rsbac_adf_request_count[T_NETDEV],
08978 rsbac_adf_request_count[T_NETTEMP],
08979 rsbac_adf_request_count[T_NETOBJ],
08980 rsbac_adf_request_count[T_UNIXSOCK]);
08981 rsbac_printk(KERN_INFO "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n",
08982 rsbac_adf_set_attr_count[T_FILE],
08983 rsbac_adf_set_attr_count[T_DIR],
08984 rsbac_adf_set_attr_count[T_FIFO],
08985 rsbac_adf_set_attr_count[T_SYMLINK],
08986 rsbac_adf_set_attr_count[T_DEV],
08987 rsbac_adf_set_attr_count[T_IPC],
08988 rsbac_adf_set_attr_count[T_SCD],
08989 rsbac_adf_set_attr_count[T_USER],
08990 rsbac_adf_set_attr_count[T_PROCESS],
08991 rsbac_adf_set_attr_count[T_NETDEV],
08992 rsbac_adf_set_attr_count[T_NETTEMP],
08993 rsbac_adf_set_attr_count[T_NETOBJ],
08994 rsbac_adf_set_attr_count[T_UNIXSOCK]);
08995
08996 #if defined(CONFIG_RSBAC_PM)
08997 rsbac_stats_pm();
08998 #endif
08999 #if defined(CONFIG_RSBAC_RC)
09000 rsbac_stats_rc();
09001 #endif
09002 #if defined(CONFIG_RSBAC_AUTH)
09003 rsbac_stats_auth();
09004 #endif
09005 #if defined(CONFIG_RSBAC_ACL)
09006 rsbac_stats_acl();
09007 #endif
09008 return 0;
09009 }
09010
09011
09012
09013
09014
09015 #if defined(CONFIG_RSBAC_AUTO_WRITE)
09016 int rsbac_write(rsbac_boolean_t need_lock)
09017 {
09018 int err = 0;
09019 u_int count = 0;
09020 int subcount;
09021
09022 if (!rsbac_initialized) {
09023 rsbac_printk(KERN_WARNING "rsbac_write(): RSBAC not initialized\n");
09024 return (-RSBAC_ENOTINITIALIZED);
09025 }
09026 if (rsbac_debug_no_write)
09027 return 0;
09028
09029 subcount = rsbac_write_lists(need_lock);
09030 if (subcount > 0) {
09031 count += subcount;
09032 } else if (subcount < 0) {
09033 err = subcount;
09034 if (err != -RSBAC_ENOTWRITABLE) {
09035 rsbac_printk(KERN_WARNING "rsbac_write(): rsbac_write_lists() returned error %i\n",
09036 err);
09037 }
09038 }
09039
09040 #if defined(CONFIG_RSBAC_REG)
09041 subcount = rsbac_write_reg(need_lock);
09042 if (subcount > 0) {
09043 count += subcount;
09044 } else if (subcount < 0) {
09045 err = subcount;
09046 if (err != -RSBAC_ENOTWRITABLE) {
09047 rsbac_printk(KERN_WARNING "rsbac_write(): rsbac_write_reg() returned error %i\n",
09048 err);
09049 }
09050 }
09051 #endif
09052
09053 if (count > 0)
09054 rsbac_pr_debug(write, "total of %u lists written\n", count);
09055 return (count);
09056 }
09057 #endif
09058
09059
09060
09061
09062
09063
09064
09065
09066
09067
09068
09069
09070
09071
09072
09073
09074
09075
09076
09077
09078
09079
09080 #if defined(CONFIG_RSBAC_REG)
09081 EXPORT_SYMBOL(rsbac_get_parent);
09082 #endif
09083 int rsbac_get_parent(enum rsbac_target_t target,
09084 union rsbac_target_id_t tid,
09085 enum rsbac_target_t *parent_target_p,
09086 union rsbac_target_id_t *parent_tid_p)
09087 {
09088 if (!parent_target_p || !parent_tid_p)
09089 return -RSBAC_EINVALIDPOINTER;
09090
09091
09092
09093
09094
09095
09096
09097 switch (target) {
09098 case T_FILE:
09099 case T_DIR:
09100 case T_FIFO:
09101 case T_SYMLINK:
09102 case T_UNIXSOCK:
09103 break;
09104 default:
09105 return -RSBAC_EINVALIDTARGET;
09106 }
09107
09108 if (!tid.file.dentry_p)
09109 return -RSBAC_ENOTFOUND;
09110
09111 #ifdef CONFIG_RSBAC_XSTATS
09112 get_parent_count++;
09113 #endif
09114 *parent_target_p = T_DIR;
09115
09116 if (tid.file.dentry_p->d_sb
09117 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
09118 ) {
09119 struct rsbac_device_list_item_t *device_p;
09120 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09121 u_long dflags;
09122 #endif
09123 u_int hash;
09124
09125 hash = device_hash(tid.file.device);
09126
09127 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09128 rcu_read_lock();
09129 #else
09130 rsbac_read_lock(&device_list_locks[hash], &dflags);
09131 #endif
09132 device_p = lookup_device(tid.file.device, hash);
09133 if (!device_p
09134 || !device_p->d_covers
09135 || !device_p->d_covers->d_parent
09136 || !device_p->d_covers->d_parent->d_inode) {
09137
09138 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09139 rcu_read_unlock();
09140 #else
09141 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09142 #endif
09143 return -RSBAC_ENOTFOUND;
09144 }
09145 parent_tid_p->dir.device =
09146 device_p->d_covers->d_parent->d_sb->s_dev;
09147 parent_tid_p->dir.inode =
09148 device_p->d_covers->d_parent->d_inode->i_ino;
09149 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
09150
09151 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09152 rcu_read_unlock();
09153 #else
09154 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09155 #endif
09156 } else {
09157 if (!tid.file.dentry_p->d_parent) {
09158 rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent is NULL!\n");
09159 return -RSBAC_ENOTFOUND;
09160 }
09161 if (tid.file.dentry_p == tid.file.dentry_p->d_parent) {
09162 rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
09163 return -RSBAC_ENOTFOUND;
09164 }
09165 if (!tid.file.dentry_p->d_parent->d_inode) {
09166 rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
09167 return -RSBAC_ENOTFOUND;
09168 }
09169 parent_tid_p->dir.device = tid.file.device;
09170 parent_tid_p->dir.inode =
09171 tid.file.dentry_p->d_parent->d_inode->i_ino;
09172 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
09173 }
09174 return 0;
09175 }
09176
09177 static int get_attr_fd(rsbac_list_ta_number_t ta_number,
09178 enum rsbac_switch_target_t module,
09179 enum rsbac_target_t target,
09180 union rsbac_target_id_t *tid_p,
09181 enum rsbac_attribute_t attr,
09182 union rsbac_attribute_value_t *value,
09183 rsbac_boolean_t inherit)
09184 {
09185 int err = 0;
09186 struct rsbac_device_list_item_t *device_p;
09187 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09188 u_long dflags;
09189 #endif
09190 #if defined(CONFIG_RSBAC_FF)
09191 rsbac_ff_flags_t ff_flags = 0;
09192 rsbac_ff_flags_t ff_tmp_flags;
09193 rsbac_ff_flags_t ff_mask = -1;
09194 #endif
09195 u_int hash;
09196
09197 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09198 if (!RSBAC_MAJOR(tid_p->file.device)
09199 && !RSBAC_MINOR(tid_p->file.device)
09200 )
09201 return -RSBAC_EINVALIDDEV;
09202 #endif
09203
09204 for (;;) {
09205
09206
09207
09208
09209
09210
09211
09212 hash = device_hash(tid_p->file.device);
09213
09214 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09215 rcu_read_lock();
09216 #else
09217 rsbac_read_lock(&device_list_locks[hash], &dflags);
09218 #endif
09219
09220
09221
09222 device_p = lookup_device(tid_p->file.device, hash);
09223 if (!device_p) {
09224 struct super_block *sb_p;
09225
09226 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09227 rcu_read_unlock();
09228 #else
09229 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09230 #endif
09231 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09232 sb_p = user_get_super(tid_p->file.device);
09233 #else
09234 sb_p = get_super(tid_p->file.device);
09235 #endif
09236 if (sb_p) {
09237 if(RSBAC_MAJOR(tid_p->file.device) <= 1) {
09238 rsbac_printk(KERN_INFO "rsbac_get_attr(): auto-mounting device %02u:%02u\n",
09239 RSBAC_MAJOR(tid_p->file.
09240 device),
09241 RSBAC_MINOR(tid_p->file.
09242 device));
09243 rsbac_mount(sb_p, NULL);
09244 }
09245
09246 drop_super(sb_p);
09247 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09248 rcu_read_lock();
09249 #else
09250 rsbac_read_lock(&device_list_locks[hash],
09251 &dflags);
09252 #endif
09253 device_p =
09254 lookup_device(tid_p->file.device, hash);
09255 if (!device_p) {
09256 rsbac_printk(KERN_WARNING "rsbac_get_attr(): unknown device %02u:%02u\n",
09257 RSBAC_MAJOR(tid_p->
09258 file.
09259 device),
09260 RSBAC_MINOR(tid_p->
09261 file.
09262 device));
09263 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09264 rcu_read_unlock();
09265 #else
09266 rsbac_read_unlock
09267 (&device_list_locks[hash],
09268 &dflags);
09269 #endif
09270 return -RSBAC_EINVALIDDEV;
09271 }
09272 } else
09273 return -RSBAC_EINVALIDDEV;
09274 }
09275 switch (module) {
09276 case SW_GEN:
09277 {
09278 struct rsbac_gen_fd_aci_t aci =
09279 DEFAULT_GEN_FD_ACI;
09280
09281 if (attr == A_internal) {
09282 if (!device_p->rsbac_dir_inode
09283 || !tid_p->file.inode)
09284 value->internal = FALSE;
09285 else if (device_p->
09286 rsbac_dir_inode ==
09287 tid_p->file.inode)
09288 value->internal = TRUE;
09289 else if (inherit) {
09290 enum rsbac_target_t
09291 parent_target;
09292 union rsbac_target_id_t
09293 parent_tid;
09294
09295
09296 if (!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) {
09297 if (device_p->
09298 rsbac_dir_inode
09299 ==
09300 parent_tid.
09301 file.inode)
09302 value->
09303 internal
09304 = TRUE;
09305 else
09306 value->
09307 internal
09308 =
09309 FALSE;
09310 } else {
09311 value->internal =
09312 FALSE;
09313 }
09314 } else {
09315 value->internal = FALSE;
09316 }
09317
09318
09319 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09320 rcu_read_unlock();
09321 #else
09322 rsbac_read_unlock
09323 (&device_list_locks[hash],
09324 &dflags);
09325 #endif
09326 return 0;
09327 }
09328 rsbac_ta_list_get_data_ttl(ta_number,
09329 device_p->
09330 handles.gen,
09331 NULL,
09332 &tid_p->file.
09333 inode, &aci);
09334 switch (attr) {
09335 case A_log_array_low:
09336 value->log_array_low =
09337 aci.log_array_low;
09338 break;
09339 case A_log_array_high:
09340 value->log_array_high =
09341 aci.log_array_high;
09342 break;
09343 case A_log_program_based:
09344 value->log_program_based =
09345 aci.log_program_based;
09346 break;
09347 case A_symlink_add_remote_ip:
09348 value->symlink_add_remote_ip =
09349 aci.symlink_add_remote_ip;
09350 break;
09351 case A_symlink_add_uid:
09352 value->symlink_add_uid =
09353 aci.symlink_add_uid;
09354 break;
09355 case A_symlink_add_mac_level:
09356 value->symlink_add_mac_level =
09357 aci.symlink_add_mac_level;
09358 break;
09359 case A_symlink_add_rc_role:
09360 value->symlink_add_rc_role =
09361 aci.symlink_add_rc_role;
09362 break;
09363 case A_linux_dac_disable:
09364 value->linux_dac_disable =
09365 aci.linux_dac_disable;
09366 if ((value->linux_dac_disable ==
09367 LDD_inherit) && inherit) {
09368 enum rsbac_target_t
09369 parent_target;
09370 union rsbac_target_id_t
09371 parent_tid;
09372
09373
09374 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09375 rcu_read_unlock();
09376 #else
09377 rsbac_read_unlock
09378 (&device_list_locks[hash],
09379 &dflags);
09380 #endif
09381
09382 if (!rsbac_get_parent
09383 (target, *tid_p,
09384 &parent_target,
09385 &parent_tid)) {
09386 target =
09387 parent_target;
09388 *tid_p =
09389 parent_tid;
09390 continue;
09391 } else {
09392 value->
09393 linux_dac_disable
09394 =
09395 def_gen_root_dir_aci.
09396 linux_dac_disable;
09397 return 0;
09398 }
09399 }
09400 break;
09401 case A_fake_root_uid:
09402 value->fake_root_uid =
09403 aci.fake_root_uid;
09404 break;
09405 case A_auid_exempt:
09406 value->auid_exempt =
09407 aci.auid_exempt;
09408 break;
09409 default:
09410 err = -RSBAC_EINVALIDATTR;
09411 }
09412 }
09413 break;
09414
09415 #if defined(CONFIG_RSBAC_MAC)
09416 case SW_MAC:
09417 {
09418 struct rsbac_mac_fd_aci_t aci =
09419 DEFAULT_MAC_FD_ACI;
09420
09421 rsbac_ta_list_get_data_ttl(ta_number,
09422 device_p->
09423 handles.mac,
09424 NULL,
09425 &tid_p->file.
09426 inode, &aci);
09427 switch (attr) {
09428 case A_security_level:
09429 value->security_level =
09430 aci.sec_level;
09431 if ((value->security_level ==
09432 SL_inherit) && inherit) {
09433 enum rsbac_target_t
09434 parent_target;
09435 union rsbac_target_id_t
09436 parent_tid;
09437
09438
09439 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09440 rcu_read_unlock();
09441 #else
09442 rsbac_read_unlock
09443 (&device_list_locks[hash], &dflags);
09444 #endif
09445
09446 if (!rsbac_get_parent
09447 (target, *tid_p,
09448 &parent_target,
09449 &parent_tid)) {
09450 target =
09451 parent_target;
09452 *tid_p =
09453 parent_tid;
09454 continue;
09455 } else {
09456 value->
09457 security_level
09458 =
09459 def_mac_root_dir_aci.
09460 sec_level;
09461 return 0;
09462 }
09463 }
09464 break;
09465 case A_mac_categories:
09466 value->mac_categories =
09467 aci.mac_categories;
09468 if ((value->mac_categories ==
09469 RSBAC_MAC_INHERIT_CAT_VECTOR)
09470 && inherit) {
09471 enum rsbac_target_t
09472 parent_target;
09473 union rsbac_target_id_t
09474 parent_tid;
09475
09476
09477 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09478 rcu_read_unlock();
09479 #else
09480 rsbac_read_unlock
09481 (&device_list_locks[hash], &dflags);
09482 #endif
09483
09484 if (!rsbac_get_parent
09485 (target, *tid_p,
09486 &parent_target,
09487 &parent_tid)) {
09488 target =
09489 parent_target;
09490 *tid_p =
09491 parent_tid;
09492 continue;
09493 } else {
09494 value->
09495 mac_categories
09496 =
09497 def_mac_root_dir_aci.
09498 mac_categories;
09499 return 0;
09500 }
09501 }
09502 break;
09503 case A_mac_auto:
09504 value->mac_auto = aci.mac_auto;
09505 if ((value->mac_auto == MA_inherit)
09506 && inherit) {
09507 enum rsbac_target_t
09508 parent_target;
09509 union rsbac_target_id_t
09510 parent_tid;
09511
09512
09513 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09514 rcu_read_unlock();
09515 #else
09516 rsbac_read_unlock
09517 (&device_list_locks[hash], &dflags);
09518 #endif
09519
09520 if (!rsbac_get_parent
09521 (target, *tid_p,
09522 &parent_target,
09523 &parent_tid)) {
09524 target =
09525 parent_target;
09526 *tid_p =
09527 parent_tid;
09528 continue;
09529 } else {
09530 value->mac_auto
09531 =
09532 def_mac_root_dir_aci.
09533 mac_auto;
09534 return 0;
09535 }
09536 }
09537 break;
09538 case A_mac_prop_trusted:
09539 value->mac_prop_trusted =
09540 aci.mac_prop_trusted;
09541 break;
09542 case A_mac_file_flags:
09543 value->mac_file_flags =
09544 aci.mac_file_flags;
09545 break;
09546
09547 default:
09548 err = -RSBAC_EINVALIDATTR;
09549 }
09550 }
09551 break;
09552 #endif
09553
09554 #if defined(CONFIG_RSBAC_PM)
09555 case SW_PM:
09556 {
09557 struct rsbac_pm_fd_aci_t aci =
09558 DEFAULT_PM_FD_ACI;
09559
09560 rsbac_ta_list_get_data_ttl(ta_number,
09561 device_p->
09562 handles.pm,
09563 NULL,
09564 &tid_p->file.
09565 inode, &aci);
09566 switch (attr) {
09567 case A_pm_object_class:
09568 value->pm_object_class =
09569 aci.pm_object_class;
09570 break;
09571 case A_pm_tp:
09572 value->pm_tp = aci.pm_tp;
09573 break;
09574 case A_pm_object_type:
09575 value->pm_object_type =
09576 aci.pm_object_type;
09577 break;
09578 default:
09579 err = -RSBAC_EINVALIDATTR;
09580 }
09581 }
09582 break;
09583 #endif
09584
09585 #if defined(CONFIG_RSBAC_DAZ)
09586 case SW_DAZ:
09587 {
09588 #if defined(CONFIG_RSBAC_DAZ_CACHE)
09589 if (attr == A_daz_scanned) {
09590 err = rsbac_ta_list_get_data_ttl
09591 (ta_number,
09592 device_p->handles.dazs,
09593 NULL, &tid_p->file.inode,
09594 &value->daz_scanned);
09595 } else
09596 #endif
09597 {
09598 struct rsbac_daz_fd_aci_t aci =
09599 DEFAULT_DAZ_FD_ACI;
09600
09601 rsbac_ta_list_get_data_ttl
09602 (ta_number,
09603 device_p->handles.daz,
09604 NULL, &tid_p->file.inode,
09605 &aci);
09606 switch (attr) {
09607 case A_daz_scanner:
09608 value->daz_scanner =
09609 aci.daz_scanner;
09610 break;
09611 case A_daz_do_scan:
09612 value->daz_do_scan = aci.daz_do_scan;
09613 if( (value->daz_do_scan == DAZ_inherit)
09614 && inherit) {
09615 enum rsbac_target_t parent_target;
09616 union rsbac_target_id_t parent_tid;
09617
09618 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09619 rcu_read_unlock();
09620 #else
09621 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09622 #endif
09623 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) {
09624 target = parent_target;
09625 *tid_p = parent_tid;
09626 continue;
09627 } else {
09628 value->daz_do_scan
09629 = def_daz_root_dir_aci.daz_do_scan;
09630 return 0;
09631 }
09632 }
09633 break;
09634 default:
09635 err = -RSBAC_EINVALIDATTR;
09636 }
09637 }
09638 }
09639 break;
09640 #endif
09641
09642 #if defined(CONFIG_RSBAC_FF)
09643 case SW_FF:
09644 {
09645 switch (attr) {
09646 case A_ff_flags:
09647 ff_tmp_flags = RSBAC_FF_DEF;
09648 rsbac_ta_list_get_data_ttl
09649 (ta_number,
09650 device_p->handles.ff,
09651 NULL,
09652 &tid_p->file.inode,
09653 &ff_tmp_flags);
09654 ff_flags |= ff_tmp_flags & ff_mask;
09655 value->ff_flags = ff_flags;
09656 if ((ff_tmp_flags &
09657 FF_add_inherited)
09658 && inherit) {
09659
09660 if (!rsbac_get_parent
09661 (target, *tid_p,
09662 &target, tid_p)) {
09663
09664 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09665 rcu_read_unlock();
09666 #else
09667 rsbac_read_unlock
09668 (&device_list_locks[hash],
09669 &dflags);
09670 #endif
09671 ff_mask &=
09672 ~
09673 (FF_no_delete_or_rename
09674 |
09675 FF_add_inherited);
09676 ff_flags &=
09677 ~
09678 (FF_add_inherited);
09679 continue;
09680 } else
09681 value->ff_flags &=
09682 ~
09683 (FF_add_inherited);
09684 }
09685 break;
09686
09687 default:
09688 err = -RSBAC_EINVALIDATTR;
09689 }
09690 }
09691 break;
09692 #endif
09693
09694 #if defined(CONFIG_RSBAC_RC)
09695 case SW_RC:
09696 {
09697 struct rsbac_rc_fd_aci_t aci =
09698 DEFAULT_RC_FD_ACI;
09699
09700 rsbac_ta_list_get_data_ttl(ta_number,
09701 device_p->
09702 handles.rc,
09703 NULL,
09704 &tid_p->file.
09705 inode, &aci);
09706 switch (attr) {
09707 case A_rc_type_fd:
09708 value->rc_type_fd = aci.rc_type_fd;
09709 if (value->rc_type_fd ==
09710 RC_type_inherit_parent
09711 && inherit) {
09712 enum rsbac_target_t
09713 parent_target;
09714 union rsbac_target_id_t
09715 parent_tid;
09716
09717
09718 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09719 rcu_read_unlock();
09720 #else
09721 rsbac_read_unlock
09722 (&device_list_locks[hash], &dflags);
09723 #endif
09724
09725 if (!rsbac_get_parent
09726 (target, *tid_p,
09727 &parent_target,
09728 &parent_tid)) {
09729 target =
09730 parent_target;
09731 *tid_p =
09732 parent_tid;
09733 continue;
09734 } else {
09735 value->rc_type_fd
09736 =
09737 def_rc_root_dir_aci.
09738 rc_type_fd;
09739 return 0;
09740 }
09741 }
09742 break;
09743 case A_rc_force_role:
09744 value->rc_force_role =
09745 aci.rc_force_role;
09746 if (value->rc_force_role ==
09747 RC_role_inherit_parent
09748 && inherit) {
09749 enum rsbac_target_t
09750 parent_target;
09751 union rsbac_target_id_t
09752 parent_tid;
09753
09754
09755 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09756 rcu_read_unlock();
09757 #else
09758 rsbac_read_unlock
09759 (&device_list_locks[hash], &dflags);
09760 #endif
09761
09762 if (!rsbac_get_parent
09763 (target, *tid_p,
09764 &parent_target,
09765 &parent_tid)) {
09766 target =
09767 parent_target;
09768 *tid_p =
09769 parent_tid;
09770 continue;
09771 } else {
09772 value->
09773 rc_force_role =
09774 def_rc_root_dir_aci.
09775 rc_force_role;
09776 return 0;
09777 }
09778 }
09779 break;
09780 case A_rc_initial_role:
09781 value->rc_initial_role =
09782 aci.rc_initial_role;
09783 if (value->rc_initial_role ==
09784 RC_role_inherit_parent
09785 && inherit) {
09786 enum rsbac_target_t
09787 parent_target;
09788 union rsbac_target_id_t
09789 parent_tid;
09790
09791
09792 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09793 rcu_read_unlock();
09794 #else
09795 rsbac_read_unlock
09796 (&device_list_locks[hash], &dflags);
09797 #endif
09798
09799 if (!rsbac_get_parent
09800 (target, *tid_p,
09801 &parent_target,
09802 &parent_tid)) {
09803 target =
09804 parent_target;
09805 *tid_p =
09806 parent_tid;
09807 continue;
09808 } else {
09809 value->
09810 rc_initial_role
09811 =
09812 def_rc_root_dir_aci.
09813 rc_initial_role;
09814 return 0;
09815 }
09816 }
09817 break;
09818
09819 default:
09820 err = -RSBAC_EINVALIDATTR;
09821 }
09822 }
09823 break;
09824 #endif
09825
09826 #if defined(CONFIG_RSBAC_AUTH)
09827 case SW_AUTH:
09828 {
09829 struct rsbac_auth_fd_aci_t aci =
09830 DEFAULT_AUTH_FD_ACI;
09831
09832 rsbac_ta_list_get_data_ttl(ta_number,
09833 device_p->
09834 handles.auth,
09835 NULL,
09836 &tid_p->file.
09837 inode, &aci);
09838 switch (attr) {
09839 case A_auth_may_setuid:
09840 value->auth_may_setuid =
09841 aci.auth_may_setuid;
09842 break;
09843 case A_auth_may_set_cap:
09844 value->auth_may_set_cap =
09845 aci.auth_may_set_cap;
09846 break;
09847 case A_auth_learn:
09848 value->auth_learn = aci.auth_learn;
09849 break;
09850 default:
09851 err = -RSBAC_EINVALIDATTR;
09852 }
09853 }
09854 break;
09855 #endif
09856
09857 #if defined(CONFIG_RSBAC_CAP)
09858 case SW_CAP:
09859 {
09860 struct rsbac_cap_fd_aci_t aci =
09861 DEFAULT_CAP_FD_ACI;
09862
09863 rsbac_ta_list_get_data_ttl(ta_number,
09864 device_p->
09865 handles.cap,
09866 NULL,
09867 &tid_p->file.
09868 inode, &aci);
09869 switch (attr) {
09870 case A_min_caps:
09871 value->min_caps = aci.min_caps;
09872 break;
09873 case A_max_caps:
09874 value->max_caps = aci.max_caps;
09875 break;
09876 case A_cap_ld_env:
09877 value->cap_ld_env = aci.cap_ld_env;
09878 if ((value->cap_ld_env == LD_inherit) && inherit) {
09879 enum rsbac_target_t parent_target;
09880 union rsbac_target_id_t parent_tid;
09881 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09882 rcu_read_unlock();
09883 #else
09884 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09885 #endif
09886 if (!rsbac_get_parent(target,
09887 *tid_p,
09888 &parent_target,
09889 &parent_tid)) {
09890 target = parent_target;
09891 *tid_p = parent_tid;
09892 continue;
09893 } else {
09894 value->cap_ld_env = LD_deny;
09895 return 0;
09896 }
09897 }
09898 break;
09899 default:
09900 err = -RSBAC_EINVALIDATTR;
09901 }
09902 }
09903 break;
09904 #endif
09905
09906 #if defined(CONFIG_RSBAC_RES)
09907 case SW_RES:
09908 {
09909 struct rsbac_res_fd_aci_t aci =
09910 DEFAULT_RES_FD_ACI;
09911
09912 rsbac_ta_list_get_data_ttl(ta_number,
09913 device_p->
09914 handles.res,
09915 NULL,
09916 &tid_p->file.
09917 inode, &aci);
09918 switch (attr) {
09919 case A_res_min:
09920 memcpy(&value->res_array,
09921 &aci.res_min,
09922 sizeof(aci.res_min));
09923 break;
09924 case A_res_max:
09925 memcpy(&value->res_array,
09926 &aci.res_max,
09927 sizeof(aci.res_max));
09928 break;
09929 default:
09930 err = -RSBAC_EINVALIDATTR;
09931 }
09932 }
09933 break;
09934 #endif
09935
09936 #if defined(CONFIG_RSBAC_PAX)
09937 case SW_PAX:
09938 {
09939 switch (attr) {
09940 case A_pax_flags:
09941 value->pax_flags =
09942 RSBAC_PAX_DEF_FLAGS;
09943 rsbac_ta_list_get_data_ttl
09944 (ta_number,
09945 device_p->handles.pax,
09946 NULL, &tid_p->file.inode,
09947 &value->pax_flags);
09948 break;
09949
09950 default:
09951 err = -RSBAC_EINVALIDATTR;
09952 }
09953 }
09954 break;
09955 #endif
09956
09957 default:
09958 err = -RSBAC_EINVALIDMODULE;
09959 }
09960
09961 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09962 rcu_read_unlock();
09963 #else
09964 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09965 #endif
09966
09967 return err;
09968 }
09969 }
09970
09971 static int get_attr_dev(rsbac_list_ta_number_t ta_number,
09972 enum rsbac_switch_target_t module,
09973 enum rsbac_target_t target,
09974 struct rsbac_dev_desc_t dev,
09975 enum rsbac_attribute_t attr,
09976 union rsbac_attribute_value_t *value,
09977 rsbac_boolean_t inherit)
09978 {
09979 int err = 0;
09980
09981 switch (module) {
09982 case SW_GEN:
09983 {
09984 struct rsbac_gen_dev_aci_t aci =
09985 DEFAULT_GEN_DEV_ACI;
09986
09987 rsbac_ta_list_get_data_ttl(ta_number,
09988 dev_handles.gen,
09989 NULL, &dev, &aci);
09990 switch (attr) {
09991 case A_log_array_low:
09992 value->log_array_low = aci.log_array_low;
09993 break;
09994 case A_log_array_high:
09995 value->log_array_high = aci.log_array_high;
09996 break;
09997 default:
09998 err = -RSBAC_EINVALIDATTR;
09999 }
10000 }
10001 break;
10002
10003 #if defined(CONFIG_RSBAC_MAC)
10004 case SW_MAC:
10005 {
10006 struct rsbac_mac_dev_aci_t aci =
10007 DEFAULT_MAC_DEV_ACI;
10008
10009 rsbac_ta_list_get_data_ttl(ta_number,
10010 dev_handles.mac,
10011 NULL, &dev, &aci);
10012 switch (attr) {
10013 case A_security_level:
10014 value->security_level = aci.sec_level;
10015 break;
10016 case A_mac_categories:
10017 value->mac_categories = aci.mac_categories;
10018 break;
10019 case A_mac_check:
10020 value->mac_check = aci.mac_check;
10021 break;
10022
10023 default:
10024 err = -RSBAC_EINVALIDATTR;
10025 }
10026 }
10027 break;
10028 #endif
10029
10030 #if defined(CONFIG_RSBAC_PM)
10031 case SW_PM:
10032 {
10033 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
10034
10035 rsbac_ta_list_get_data_ttl(ta_number,
10036 dev_handles.pm,
10037 NULL, &dev, &aci);
10038 switch (attr) {
10039 case A_pm_object_class:
10040 value->pm_object_class =
10041 aci.pm_object_class;
10042 break;
10043 case A_pm_object_type:
10044 value->pm_object_type = aci.pm_object_type;
10045 break;
10046 default:
10047 err = -RSBAC_EINVALIDATTR;
10048 }
10049 }
10050 break;
10051 #endif
10052
10053 #if defined(CONFIG_RSBAC_RC)
10054 case SW_RC:
10055 {
10056 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10057
10058 switch (dev.type) {
10059 case D_char:
10060 case D_block:
10061 if (rsbac_ta_list_get_data_ttl(ta_number,
10062 dev_handles.
10063 rc, NULL,
10064 &dev, &type)
10065 || ((type == RC_type_inherit_parent)
10066 && inherit)
10067 )
10068 rsbac_ta_list_get_data_ttl
10069 (ta_number,
10070 dev_major_handles.rc, NULL,
10071 &dev, &type);
10072 break;
10073 case D_char_major:
10074 case D_block_major:
10075 dev.type -= (D_block_major - D_block);
10076 rsbac_ta_list_get_data_ttl(ta_number,
10077 dev_major_handles.
10078 rc, NULL, &dev,
10079 &type);
10080 break;
10081 default:
10082 return -RSBAC_EINVALIDTARGET;
10083 }
10084 switch (attr) {
10085 case A_rc_type:
10086 value->rc_type = type;
10087 break;
10088
10089 default:
10090 err = -RSBAC_EINVALIDATTR;
10091 }
10092 }
10093 break;
10094 #endif
10095
10096 default:
10097 err = -RSBAC_EINVALIDMODULE;
10098 }
10099
10100 return err;
10101 }
10102
10103 static int get_attr_ipc(rsbac_list_ta_number_t ta_number,
10104 enum rsbac_switch_target_t module,
10105 enum rsbac_target_t target,
10106 union rsbac_target_id_t *tid_p,
10107 enum rsbac_attribute_t attr,
10108 union rsbac_attribute_value_t *value,
10109 rsbac_boolean_t inherit)
10110 {
10111 int err = 0;
10112
10113
10114 switch (module) {
10115 #if defined(CONFIG_RSBAC_MAC)
10116 case SW_MAC:
10117 {
10118 struct rsbac_mac_ipc_aci_t aci =
10119 DEFAULT_MAC_IPC_ACI;
10120
10121 rsbac_ta_list_get_data_ttl(ta_number,
10122 ipc_handles.mac,
10123 NULL,
10124 &tid_p->ipc, &aci);
10125 switch (attr) {
10126 case A_security_level:
10127 value->security_level = aci.sec_level;
10128 break;
10129 case A_mac_categories:
10130 value->mac_categories = aci.mac_categories;
10131 break;
10132
10133 default:
10134 err = -RSBAC_EINVALIDATTR;
10135 }
10136 }
10137 break;
10138 #endif
10139
10140 #if defined(CONFIG_RSBAC_PM)
10141 case SW_PM:
10142 {
10143 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
10144
10145 rsbac_ta_list_get_data_ttl(ta_number,
10146 ipc_handles.pm,
10147 NULL,
10148 &tid_p->ipc, &aci);
10149 switch (attr) {
10150 case A_pm_object_class:
10151 value->pm_object_class =
10152 aci.pm_object_class;
10153 break;
10154 case A_pm_ipc_purpose:
10155 value->pm_ipc_purpose = aci.pm_ipc_purpose;
10156 break;
10157 case A_pm_object_type:
10158 value->pm_object_type = aci.pm_object_type;
10159 break;
10160 default:
10161 err = -RSBAC_EINVALIDATTR;
10162 }
10163 }
10164 break;
10165 #endif
10166
10167 #if defined(CONFIG_RSBAC_RC)
10168 case SW_RC:
10169 {
10170 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10171
10172 rsbac_ta_list_get_data_ttl(ta_number,
10173 ipc_handles.rc,
10174 NULL,
10175 &tid_p->ipc, &type);
10176 switch (attr) {
10177 case A_rc_type:
10178 value->rc_type = type;
10179 break;
10180
10181 default:
10182 err = -RSBAC_EINVALIDATTR;
10183 }
10184 }
10185 break;
10186 #endif
10187
10188 #if defined(CONFIG_RSBAC_JAIL)
10189 case SW_JAIL:
10190 {
10191 rsbac_jail_id_t id = RSBAC_JAIL_DEF_ID;
10192
10193 rsbac_ta_list_get_data_ttl(ta_number,
10194 ipc_handles.jail,
10195 NULL, &tid_p->ipc, &id);
10196 switch (attr) {
10197 case A_jail_id:
10198 value->jail_id = id;
10199 break;
10200
10201 default:
10202 err = -RSBAC_EINVALIDATTR;
10203 }
10204 }
10205 break;
10206 #endif
10207
10208 default:
10209 err = -RSBAC_EINVALIDMODULE;
10210 }
10211
10212 return err;
10213 }
10214
10215 static int get_attr_user(rsbac_list_ta_number_t ta_number,
10216 enum rsbac_switch_target_t module,
10217 enum rsbac_target_t target,
10218 union rsbac_target_id_t *tid_p,
10219 enum rsbac_attribute_t attr,
10220 union rsbac_attribute_value_t *value,
10221 rsbac_boolean_t inherit)
10222 {
10223 int err = 0;
10224
10225 switch (module) {
10226 case SW_GEN:
10227 {
10228 struct rsbac_gen_user_aci_t aci =
10229 DEFAULT_GEN_U_ACI;
10230
10231 rsbac_ta_list_get_data_ttl(ta_number,
10232 user_handles.gen,
10233 NULL,
10234 &tid_p->user, &aci);
10235 switch (attr) {
10236 case A_pseudo:
10237 value->pseudo = aci.pseudo;
10238 break;
10239 case A_log_user_based:
10240 value->log_user_based = aci.log_user_based;
10241 break;
10242 default:
10243 err = -RSBAC_EINVALIDATTR;
10244 }
10245 }
10246 break;
10247
10248 #if defined(CONFIG_RSBAC_MAC)
10249 case SW_MAC:
10250 {
10251 struct rsbac_mac_user_aci_t aci =
10252 DEFAULT_MAC_U_ACI;
10253
10254 rsbac_ta_list_get_data_ttl(ta_number,
10255 user_handles.mac,
10256 NULL,
10257 &tid_p->user, &aci);
10258 switch (attr) {
10259 case A_security_level:
10260 value->security_level = aci.security_level;
10261 break;
10262 case A_initial_security_level:
10263 value->security_level =
10264 aci.initial_security_level;
10265 break;
10266 case A_min_security_level:
10267 value->security_level =
10268 aci.min_security_level;
10269 break;
10270 case A_mac_categories:
10271 value->mac_categories = aci.mac_categories;
10272 break;
10273 case A_mac_initial_categories:
10274 value->mac_categories =
10275 aci.mac_initial_categories;
10276 break;
10277 case A_mac_min_categories:
10278 value->mac_categories =
10279 aci.mac_min_categories;
10280 break;
10281 case A_system_role:
10282 case A_mac_role:
10283 value->system_role = aci.system_role;
10284 break;
10285 case A_mac_user_flags:
10286 value->mac_user_flags = aci.mac_user_flags;
10287 break;
10288
10289 default:
10290 err = -RSBAC_EINVALIDATTR;
10291 }
10292 }
10293 break;
10294 #endif
10295
10296 #if defined(CONFIG_RSBAC_PM)
10297 case SW_PM:
10298 {
10299 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
10300
10301 rsbac_ta_list_get_data_ttl(ta_number,
10302 user_handles.pm,
10303 NULL,
10304 &tid_p->user, &aci);
10305 switch (attr) {
10306 case A_pm_task_set:
10307 value->pm_task_set = aci.pm_task_set;
10308 break;
10309 case A_pm_role:
10310 value->pm_role = aci.pm_role;
10311 break;
10312 default:
10313 err = -RSBAC_EINVALIDATTR;
10314 }
10315 }
10316 break;
10317 #endif
10318
10319 #if defined(CONFIG_RSBAC_DAZ)
10320 case SW_DAZ:
10321 {
10322 rsbac_system_role_int_t role = SR_user;
10323
10324 rsbac_ta_list_get_data_ttl(ta_number,
10325 user_handles.daz,
10326 NULL,
10327 &tid_p->user, &role);
10328 switch (attr) {
10329 case A_system_role:
10330 case A_daz_role:
10331 value->system_role = role;
10332 break;
10333
10334 default:
10335 err = -RSBAC_EINVALIDATTR;
10336 }
10337 }
10338 break;
10339 #endif
10340
10341 #if defined(CONFIG_RSBAC_FF)
10342 case SW_FF:
10343 {
10344 rsbac_system_role_int_t role = SR_user;
10345
10346 rsbac_ta_list_get_data_ttl(ta_number,
10347 user_handles.ff,
10348 NULL,
10349 &tid_p->user, &role);
10350 switch (attr) {
10351 case A_system_role:
10352 case A_ff_role:
10353 value->system_role = role;
10354 break;
10355
10356 default:
10357 err = -RSBAC_EINVALIDATTR;
10358 }
10359 }
10360 break;
10361 #endif
10362
10363 #if defined(CONFIG_RSBAC_RC)
10364 case SW_RC:
10365 {
10366 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
10367
10368 rsbac_ta_list_get_data_ttl(ta_number,
10369 user_handles.rc,
10370 NULL,
10371 &tid_p->user, &aci);
10372 switch (attr) {
10373 case A_rc_def_role:
10374 value->rc_def_role = aci.rc_role;
10375 break;
10376 case A_rc_type:
10377 value->rc_type = aci.rc_type;
10378 break;
10379 default:
10380 err = -RSBAC_EINVALIDATTR;
10381 }
10382 }
10383 break;
10384 #endif
10385
10386 #if defined(CONFIG_RSBAC_AUTH)
10387 case SW_AUTH:
10388 {
10389 rsbac_system_role_int_t role = SR_user;
10390
10391 rsbac_ta_list_get_data_ttl(ta_number,
10392 user_handles.auth,
10393 NULL,
10394 &tid_p->user, &role);
10395 switch (attr) {
10396 case A_system_role:
10397 case A_auth_role:
10398 value->system_role = role;
10399 break;
10400
10401 default:
10402 err = -RSBAC_EINVALIDATTR;
10403 }
10404 }
10405 break;
10406 #endif
10407
10408 #if defined(CONFIG_RSBAC_CAP)
10409 case SW_CAP:
10410 {
10411 struct rsbac_cap_user_aci_t aci =
10412 DEFAULT_CAP_U_ACI;
10413
10414 rsbac_ta_list_get_data_ttl(ta_number,
10415 user_handles.cap,
10416 NULL,
10417 &tid_p->user, &aci);
10418 switch (attr) {
10419 case A_system_role:
10420 case A_cap_role:
10421 value->system_role = aci.cap_role;
10422 break;
10423 case A_min_caps:
10424 value->min_caps = aci.min_caps;
10425 break;
10426 case A_max_caps:
10427 value->max_caps = aci.max_caps;
10428 break;
10429 case A_cap_ld_env:
10430 value->cap_ld_env = aci.cap_ld_env;
10431 break;
10432 default:
10433 err = -RSBAC_EINVALIDATTR;
10434 }
10435 }
10436 break;
10437 #endif
10438
10439 #if defined(CONFIG_RSBAC_JAIL)
10440 case SW_JAIL:
10441 {
10442 rsbac_system_role_int_t role = SR_user;
10443
10444 rsbac_ta_list_get_data_ttl(ta_number,
10445 user_handles.jail,
10446 NULL,
10447 &tid_p->user, &role);
10448 switch (attr) {
10449 case A_system_role:
10450 case A_jail_role:
10451 value->system_role = role;
10452 break;
10453
10454 default:
10455 err = -RSBAC_EINVALIDATTR;
10456 }
10457 }
10458 break;
10459 #endif
10460
10461 #if defined(CONFIG_RSBAC_RES)
10462 case SW_RES:
10463 {
10464 struct rsbac_res_user_aci_t aci =
10465 DEFAULT_RES_U_ACI;
10466
10467 if (rsbac_ta_list_get_data_ttl(ta_number,
10468 user_handles.res,
10469 NULL,
10470 &tid_p->user, &aci)
10471 && (tid_p->user != RSBAC_ALL_USERS)
10472 ) {
10473 tid_p->user = RSBAC_ALL_USERS;
10474 rsbac_ta_list_get_data_ttl(ta_number,
10475 user_handles.
10476 res, NULL,
10477 &tid_p->user,
10478 &aci);
10479 }
10480 switch (attr) {
10481 case A_system_role:
10482 case A_res_role:
10483 value->system_role = aci.res_role;
10484 break;
10485 case A_res_min:
10486 memcpy(&value->res_array, &aci.res_min,
10487 sizeof(aci.res_min));
10488 break;
10489 case A_res_max:
10490 memcpy(&value->res_array, &aci.res_max,
10491 sizeof(aci.res_max));
10492 break;
10493 default:
10494 err = -RSBAC_EINVALIDATTR;
10495 }
10496 }
10497 break;
10498 #endif
10499
10500 #if defined(CONFIG_RSBAC_PAX)
10501 case SW_PAX:
10502 {
10503 rsbac_system_role_int_t role = SR_user;
10504
10505 rsbac_ta_list_get_data_ttl(ta_number,
10506 user_handles.pax,
10507 NULL,
10508 &tid_p->user, &role);
10509 switch (attr) {
10510 case A_system_role:
10511 case A_pax_role:
10512 value->system_role = role;
10513 break;
10514
10515 default:
10516 err = -RSBAC_EINVALIDATTR;
10517 }
10518 }
10519 break;
10520 #endif
10521
10522 default:
10523 err = -RSBAC_EINVALIDMODULE;
10524 }
10525
10526 return err;
10527 }
10528
10529 static int get_attr_process(rsbac_list_ta_number_t ta_number,
10530 enum rsbac_switch_target_t module,
10531 enum rsbac_target_t target,
10532 union rsbac_target_id_t *tid_p,
10533 enum rsbac_attribute_t attr,
10534 union rsbac_attribute_value_t *value,
10535 rsbac_boolean_t inherit)
10536 {
10537 int err = 0;
10538
10539 switch (module) {
10540 case SW_GEN:
10541 {
10542 struct rsbac_gen_process_aci_t aci =
10543 DEFAULT_GEN_P_ACI;
10544
10545 rsbac_ta_list_get_data_ttl(ta_number,
10546 process_handles.gen,
10547 NULL, &tid_p->process,
10548 &aci);
10549 switch (attr) {
10550 case A_log_program_based:
10551 value->log_program_based =
10552 aci.log_program_based;
10553 break;
10554 case A_fake_root_uid:
10555 value->fake_root_uid = aci.fake_root_uid;
10556 break;
10557 case A_audit_uid:
10558 value->audit_uid = aci.audit_uid;
10559 break;
10560 case A_auid_exempt:
10561 value->auid_exempt = aci.auid_exempt;
10562 break;
10563 case A_remote_ip:
10564 value->remote_ip = aci.remote_ip;
10565 break;
10566 case A_kernel_thread:
10567 value->kernel_thread = aci.kernel_thread;
10568 break;
10569 default:
10570 err = -RSBAC_EINVALIDATTR;
10571 }
10572 }
10573 break;
10574
10575 #if defined(CONFIG_RSBAC_MAC)
10576 case SW_MAC:
10577 {
10578 struct rsbac_mac_process_aci_t aci =
10579 DEFAULT_MAC_P_ACI;
10580
10581 rsbac_ta_list_get_data_ttl(ta_number,
10582 process_handles.mac,
10583 NULL, &tid_p->process,
10584 &aci);
10585 switch (attr) {
10586 case A_security_level:
10587 value->security_level =
10588 aci.owner_sec_level;
10589 break;
10590 case A_initial_security_level:
10591 value->security_level =
10592 aci.owner_initial_sec_level;
10593 break;
10594 case A_min_security_level:
10595 value->security_level =
10596 aci.owner_min_sec_level;
10597 break;
10598 case A_mac_categories:
10599 value->mac_categories =
10600 aci.mac_owner_categories;
10601 break;
10602 case A_mac_initial_categories:
10603 value->mac_categories =
10604 aci.mac_owner_initial_categories;
10605 break;
10606 case A_mac_min_categories:
10607 value->mac_categories =
10608 aci.mac_owner_min_categories;
10609 break;
10610 case A_current_sec_level:
10611 value->current_sec_level =
10612 aci.current_sec_level;
10613 break;
10614 case A_mac_curr_categories:
10615 value->mac_categories =
10616 aci.mac_curr_categories;
10617 break;
10618 case A_min_write_open:
10619 value->min_write_open = aci.min_write_open;
10620 break;
10621 case A_min_write_categories:
10622 value->mac_categories =
10623 aci.min_write_categories;
10624 break;
10625 case A_max_read_open:
10626 value->max_read_open = aci.max_read_open;
10627 break;
10628 case A_max_read_categories:
10629 value->mac_categories =
10630 aci.max_read_categories;
10631 break;
10632 case A_mac_process_flags:
10633 value->mac_process_flags =
10634 aci.mac_process_flags;
10635 break;
10636 case A_mac_auto:
10637 if (aci.mac_process_flags & MAC_auto)
10638 value->mac_auto = TRUE;
10639 else
10640 value->mac_auto = FALSE;
10641 break;
10642
10643 default:
10644 err = -RSBAC_EINVALIDATTR;
10645 }
10646 }
10647 break;
10648 #endif
10649
10650 #if defined(CONFIG_RSBAC_PM)
10651 case SW_PM:
10652 {
10653 struct rsbac_pm_process_aci_t aci =
10654 DEFAULT_PM_P_ACI;
10655
10656 rsbac_ta_list_get_data_ttl(ta_number,
10657 process_handles.pm,
10658 NULL,
10659 &tid_p->process, &aci);
10660 switch (attr) {
10661 case A_pm_tp:
10662 value->pm_tp = aci.pm_tp;
10663 break;
10664 case A_pm_current_task:
10665 value->pm_current_task =
10666 aci.pm_current_task;
10667 break;
10668 case A_pm_process_type:
10669 value->pm_process_type =
10670 aci.pm_process_type;
10671 break;
10672 default:
10673 err = -RSBAC_EINVALIDATTR;
10674 }
10675 }
10676 break;
10677 #endif
10678
10679 #if defined(CONFIG_RSBAC_DAZ)
10680 case SW_DAZ:
10681 {
10682 struct rsbac_daz_process_aci_t aci =
10683 DEFAULT_DAZ_P_ACI;
10684
10685 rsbac_ta_list_get_data_ttl(ta_number,
10686 process_handles.daz,
10687 NULL,
10688 &tid_p->process, &aci);
10689 switch (attr) {
10690 case A_daz_scanner:
10691 value->daz_scanner = aci.daz_scanner;
10692 break;
10693 default:
10694 err = -RSBAC_EINVALIDATTR;
10695 }
10696 }
10697 break;
10698 #endif
10699
10700 #if defined(CONFIG_RSBAC_RC)
10701 case SW_RC:
10702 {
10703 struct rsbac_rc_process_aci_t aci =
10704 DEFAULT_RC_P_ACI;
10705
10706 rsbac_ta_list_get_data_ttl(ta_number,
10707 process_handles.rc,
10708 NULL, &tid_p->process,
10709 &aci);
10710 switch (attr) {
10711 case A_rc_role:
10712 value->rc_role = aci.rc_role;
10713 break;
10714 case A_rc_type:
10715 value->rc_type = aci.rc_type;
10716 break;
10717 case A_rc_select_type:
10718 value->rc_select_type = aci.rc_select_type;
10719 break;
10720 case A_rc_force_role:
10721 value->rc_force_role = aci.rc_force_role;
10722 break;
10723 default:
10724 err = -RSBAC_EINVALIDATTR;
10725 }
10726 }
10727 break;
10728 #endif
10729
10730 #if defined(CONFIG_RSBAC_AUTH)
10731 case SW_AUTH:
10732 {
10733 struct rsbac_auth_process_aci_t aci =
10734 DEFAULT_AUTH_P_ACI;
10735
10736 rsbac_ta_list_get_data_ttl(ta_number,
10737 process_handles.auth,
10738 NULL,
10739 &tid_p->process, &aci);
10740 switch (attr) {
10741 case A_auth_may_setuid:
10742 value->auth_may_setuid =
10743 aci.auth_may_setuid;
10744 break;
10745 case A_auth_may_set_cap:
10746 value->auth_may_set_cap =
10747 aci.auth_may_set_cap;
10748 break;
10749 #if defined(CONFIG_RSBAC_AUTH_LEARN)
10750 case A_auth_program_file:
10751 value->auth_program_file =
10752 aci.auth_program_file;
10753 break;
10754 case A_auth_start_uid:
10755 value->auth_start_uid = aci.auth_start_uid;
10756 break;
10757 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
10758 case A_auth_start_euid:
10759 value->auth_start_euid =
10760 aci.auth_start_euid;
10761 break;
10762 #endif
10763 #ifdef CONFIG_RSBAC_AUTH_GROUP
10764 case A_auth_start_gid:
10765 value->auth_start_gid = aci.auth_start_gid;
10766 break;
10767 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
10768 case A_auth_start_egid:
10769 value->auth_start_egid =
10770 aci.auth_start_egid;
10771 break;
10772 #endif
10773 #endif
10774 case A_auth_learn:
10775 value->auth_learn = aci.auth_learn;
10776 break;
10777 #else
10778 case A_auth_learn:
10779 value->auth_learn = FALSE;
10780 break;
10781 #endif
10782 case A_auth_last_auth:
10783 value->auth_last_auth = aci.auth_last_auth;
10784 break;
10785 default:
10786 err = -RSBAC_EINVALIDATTR;
10787 }
10788 }
10789 break;
10790 #endif
10791
10792 #if defined(CONFIG_RSBAC_CAP)
10793 case SW_CAP:
10794 {
10795 struct rsbac_cap_process_aci_t aci =
10796 DEFAULT_CAP_P_ACI;
10797
10798 rsbac_ta_list_get_data_ttl(ta_number,
10799 process_handles.cap,
10800 NULL,
10801 &tid_p->process, &aci);
10802 switch (attr) {
10803 case A_cap_process_hiding:
10804 value->cap_process_hiding =
10805 aci.cap_process_hiding;
10806 break;
10807 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
10808 case A_max_caps_user:
10809 value->max_caps_user = aci.max_caps_user;
10810 break;
10811 case A_max_caps_program:
10812 value->max_caps_program =
10813 aci.max_caps_program;
10814 break;
10815 #endif
10816 case A_cap_ld_env:
10817 value->cap_ld_env = aci.cap_ld_env;
10818 break;
10819 default:
10820 err = -RSBAC_EINVALIDATTR;
10821 }
10822 }
10823 break;
10824 #endif
10825
10826 #if defined(CONFIG_RSBAC_JAIL)
10827 case SW_JAIL:
10828 {
10829 struct rsbac_jail_process_aci_t aci =
10830 DEFAULT_JAIL_P_ACI;
10831
10832 rsbac_ta_list_get_data_ttl(ta_number,
10833 process_handles.jail,
10834 NULL, &tid_p->process,
10835 &aci);
10836 switch (attr) {
10837 case A_jail_id:
10838 value->jail_id = aci.id;
10839 break;
10840 case A_jail_parent:
10841 value->jail_parent = aci.parent;
10842 break;
10843 case A_jail_ip:
10844 value->jail_ip = aci.ip;
10845 break;
10846 case A_jail_flags:
10847 value->jail_flags = aci.flags;
10848 break;
10849 case A_jail_max_caps:
10850 value->jail_max_caps = aci.max_caps;
10851 break;
10852 case A_jail_scd_get:
10853 value->jail_scd_get = aci.scd_get;
10854 break;
10855 case A_jail_scd_modify:
10856 value->jail_scd_modify = aci.scd_modify;
10857 break;
10858 default:
10859 err = -RSBAC_EINVALIDATTR;
10860 }
10861 }
10862 break;
10863 #endif
10864
10865 #if defined(CONFIG_RSBAC_PAX)
10866 case SW_PAX:
10867 {
10868 struct task_struct *task_p;
10869
10870 switch (attr) {
10871 case A_pax_flags:
10872 read_lock(&tasklist_lock);
10873 task_p = find_task_by_pid(tid_p->process);
10874 if (task_p) {
10875 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
10876 #if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
10877 if (task_p->mm)
10878 value->pax_flags =
10879 task_p->mm->
10880 pax_flags &
10881 RSBAC_PAX_ALL_FLAGS;
10882 else
10883 #endif
10884 value->pax_flags = 0;
10885 #else
10886 value->pax_flags =
10887 task_p->
10888 flags & RSBAC_PAX_ALL_FLAGS;
10889 #endif
10890 } else
10891 err = -RSBAC_EINVALIDTARGET;
10892 read_unlock(&tasklist_lock);
10893 break;
10894 default:
10895 err = -RSBAC_EINVALIDATTR;
10896 }
10897 }
10898 break;
10899 #endif
10900
10901 default:
10902 err = -RSBAC_EINVALIDMODULE;
10903 }
10904 return err;
10905 }
10906
10907 #ifdef CONFIG_RSBAC_UM
10908 static int get_attr_group(rsbac_list_ta_number_t ta_number,
10909 enum rsbac_switch_target_t module,
10910 enum rsbac_target_t target,
10911 union rsbac_target_id_t *tid_p,
10912 enum rsbac_attribute_t attr,
10913 union rsbac_attribute_value_t *value,
10914 rsbac_boolean_t inherit)
10915 {
10916 int err = 0;
10917
10918 switch (module) {
10919 #if defined(CONFIG_RSBAC_RC_UM_PROT)
10920 case SW_RC:
10921 {
10922 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10923 rsbac_gid_t group_desc;
10924
10925 group_desc = tid_p->group;
10926 rsbac_ta_list_get_data_ttl(ta_number,
10927 group_handles.rc,
10928 NULL,
10929 &group_desc, &type);
10930 switch (attr) {
10931 case A_rc_type:
10932 value->rc_type = type;
10933 break;
10934
10935 default:
10936 err = -RSBAC_EINVALIDATTR;
10937 }
10938 }
10939 break;
10940 #endif
10941
10942 default:
10943 err = -RSBAC_EINVALIDMODULE;
10944 }
10945
10946 return err;
10947 }
10948 #endif
10949
10950 #ifdef CONFIG_RSBAC_NET_DEV
10951 static int get_attr_netdev(rsbac_list_ta_number_t ta_number,
10952 enum rsbac_switch_target_t module,
10953 enum rsbac_target_t target,
10954 union rsbac_target_id_t *tid_p,
10955 enum rsbac_attribute_t attr,
10956 union rsbac_attribute_value_t *value,
10957 rsbac_boolean_t inherit)
10958 {
10959 int err = 0;
10960
10961 switch (module) {
10962 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
10963 case SW_GEN:
10964 {
10965 struct rsbac_gen_netdev_aci_t aci =
10966 DEFAULT_GEN_NETDEV_ACI;
10967
10968 rsbac_ta_list_get_data_ttl(ta_number,
10969 netdev_handles.gen,
10970 NULL,
10971 &tid_p->netdev, &aci);
10972 switch (attr) {
10973 case A_log_array_low:
10974 value->log_array_low = aci.log_array_low;
10975 break;
10976 case A_log_array_high:
10977 value->log_array_high = aci.log_array_high;
10978 break;
10979 default:
10980 err = -RSBAC_EINVALIDATTR;
10981 }
10982 }
10983 break;
10984 #endif
10985 #if defined(CONFIG_RSBAC_RC)
10986 case SW_RC:
10987 {
10988 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10989
10990 rsbac_ta_list_get_data_ttl(ta_number,
10991 netdev_handles.rc,
10992 NULL,
10993 &tid_p->netdev, &type);
10994 switch (attr) {
10995 case A_rc_type:
10996 value->rc_type = type;
10997 break;
10998
10999 default:
11000 err = -RSBAC_EINVALIDATTR;
11001 }
11002 }
11003 break;
11004 #endif
11005
11006 default:
11007 err = -RSBAC_EINVALIDMODULE;
11008 }
11009
11010 return err;
11011 }
11012 #endif
11013
11014 #ifdef CONFIG_RSBAC_NET_OBJ
11015 static int get_attr_nettemp(rsbac_list_ta_number_t ta_number,
11016 enum rsbac_switch_target_t module,
11017 enum rsbac_target_t target,
11018 union rsbac_target_id_t *tid_p,
11019 enum rsbac_attribute_t attr,
11020 union rsbac_attribute_value_t *value,
11021 rsbac_boolean_t inherit)
11022 {
11023 int err = 0;
11024
11025 if (tid_p->nettemp
11026 && !rsbac_list_exist(net_temp_handle, &tid_p->nettemp)
11027 )
11028 return -RSBAC_EINVALIDTARGET;
11029 switch (module) {
11030 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
11031 case SW_GEN:
11032 {
11033 struct rsbac_gen_fd_aci_t aci =
11034 DEFAULT_GEN_NETOBJ_ACI;
11035
11036 if (tid_p->nettemp)
11037 rsbac_ta_list_get_data_ttl(ta_number,
11038 nettemp_handles.
11039 gen, NULL,
11040 &tid_p->nettemp,
11041 &aci);
11042 switch (attr) {
11043 case A_log_array_low:
11044 value->log_array_low = aci.log_array_low;
11045 break;
11046 case A_log_array_high:
11047 value->log_array_high = aci.log_array_high;
11048 break;
11049 default:
11050 err = -RSBAC_EINVALIDATTR;
11051 }
11052 }
11053 break;
11054 #endif
11055 #if defined(CONFIG_RSBAC_MAC)
11056 case SW_MAC:
11057 {
11058 struct rsbac_mac_netobj_aci_t aci =
11059 DEFAULT_MAC_NETOBJ_ACI;
11060
11061 rsbac_ta_list_get_data_ttl(ta_number,
11062 nettemp_handles.mac,
11063 NULL,
11064 &tid_p->nettemp, &aci);
11065 switch (attr) {
11066 case A_security_level:
11067 value->security_level = aci.sec_level;
11068 break;
11069 case A_mac_categories:
11070 value->mac_categories = aci.mac_categories;
11071 break;
11072
11073 default:
11074 err = -RSBAC_EINVALIDATTR;
11075 }
11076 }
11077 break;
11078 #endif
11079
11080 #if defined(CONFIG_RSBAC_PM)
11081 case SW_PM:
11082 {
11083 struct rsbac_pm_netobj_aci_t aci =
11084 DEFAULT_PM_NETOBJ_ACI;
11085
11086 rsbac_ta_list_get_data_ttl(ta_number,
11087 nettemp_handles.pm,
11088 NULL,
11089 &tid_p->nettemp, &aci);
11090 switch (attr) {
11091 case A_pm_object_class:
11092 value->pm_object_class =
11093 aci.pm_object_class;
11094 break;
11095 case A_pm_ipc_purpose:
11096 value->pm_ipc_purpose = aci.pm_ipc_purpose;
11097 break;
11098 case A_pm_object_type:
11099 value->pm_object_type = aci.pm_object_type;
11100 break;
11101 default:
11102 err = -RSBAC_EINVALIDATTR;
11103 }
11104 }
11105 break;
11106 #endif
11107
11108 #if defined(CONFIG_RSBAC_RC)
11109 case SW_RC:
11110 {
11111 struct rsbac_rc_nettemp_aci_t aci =
11112 DEFAULT_RC_NETTEMP_ACI;
11113
11114 rsbac_ta_list_get_data_ttl(ta_number,
11115 nettemp_handles.rc,
11116 NULL,
11117 &tid_p->nettemp, &aci);
11118 switch (attr) {
11119 case A_rc_type:
11120 value->rc_type = aci.netobj_type;
11121 break;
11122
11123 case A_rc_type_nt:
11124 value->rc_type = aci.nettemp_type;
11125 break;
11126
11127 default:
11128 err = -RSBAC_EINVALIDATTR;
11129 }
11130 }
11131 break;
11132 #endif
11133
11134 default:
11135 err = -RSBAC_EINVALIDMODULE;
11136 }
11137 return err;
11138 }
11139
11140 static int get_attr_netobj(rsbac_list_ta_number_t ta_number,
11141 enum rsbac_switch_target_t module,
11142 enum rsbac_target_t target,
11143 union rsbac_target_id_t *tid_p,
11144 enum rsbac_attribute_t attr,
11145 union rsbac_attribute_value_t *value,
11146 rsbac_boolean_t inherit)
11147 {
11148 int err = 0;
11149
11150 switch (module) {
11151 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
11152 case SW_GEN:
11153 {
11154 struct rsbac_gen_netobj_aci_t aci =
11155 DEFAULT_GEN_NETOBJ_ACI;
11156 rsbac_net_temp_id_t temp;
11157
11158 switch (attr) {
11159 case A_local_log_array_low:
11160 case A_local_log_array_high:
11161 if(!ta_number && tid_p->netobj.local_temp)
11162 temp = tid_p->netobj.local_temp;
11163 else
11164 rsbac_ta_net_lookup_templates(ta_number,
11165 &tid_p->
11166 netobj,
11167 &temp, NULL);
11168 break;
11169 case A_remote_log_array_low:
11170 case A_remote_log_array_high:
11171 if(!ta_number && tid_p->netobj.remote_temp)
11172 temp = tid_p->netobj.remote_temp;
11173 else
11174 rsbac_ta_net_lookup_templates(ta_number,
11175 &tid_p->
11176 netobj, NULL,
11177 &temp);
11178 break;
11179
11180 default:
11181 err = -RSBAC_EINVALIDATTR;
11182 }
11183 if (temp)
11184 rsbac_ta_list_get_data_ttl(ta_number,
11185 nettemp_handles.
11186 gen, NULL,
11187 &temp, &aci);
11188 switch (attr) {
11189 case A_local_log_array_low:
11190 case A_remote_log_array_low:
11191 value->log_array_low = aci.log_array_low;
11192 break;
11193 case A_local_log_array_high:
11194 case A_remote_log_array_high:
11195 value->log_array_high = aci.log_array_high;
11196 break;
11197
11198 default:
11199 err = -RSBAC_EINVALIDATTR;
11200 }
11201 }
11202 break;
11203 #endif
11204 #if defined(CONFIG_RSBAC_MAC)
11205 case SW_MAC:
11206 {
11207 struct rsbac_mac_netobj_aci_t aci =
11208 DEFAULT_MAC_NETOBJ_ACI;
11209
11210 switch (attr) {
11211 case A_local_sec_level:
11212 case A_local_mac_categories:
11213 if (rsbac_ta_list_get_data_ttl(ta_number, lnetobj_handles.mac, NULL, &tid_p->netobj.sock_p, &aci)) {
11214 rsbac_net_temp_id_t temp = 0;
11215
11216 if(!ta_number && tid_p->netobj.local_temp)
11217 temp = tid_p->netobj.local_temp;
11218 else
11219 rsbac_ta_net_lookup_templates
11220 (ta_number, &tid_p->netobj,
11221 &temp, NULL);
11222 if (temp)
11223 rsbac_ta_list_get_data_ttl
11224 (ta_number,
11225 nettemp_handles.mac,
11226 NULL, &temp, &aci);
11227 }
11228 break;
11229
11230 case A_remote_sec_level:
11231 case A_remote_mac_categories:
11232 if (rsbac_ta_list_get_data_ttl(ta_number, rnetobj_handles.mac, NULL, &tid_p->netobj.sock_p, &aci)) {
11233 rsbac_net_temp_id_t temp = 0;
11234
11235 if(!ta_number && tid_p->netobj.remote_temp)
11236 temp = tid_p->netobj.remote_temp;
11237 else
11238 rsbac_ta_net_lookup_templates
11239 (ta_number, &tid_p->netobj,
11240 NULL, &temp);
11241 if (temp)
11242 rsbac_ta_list_get_data_ttl
11243 (ta_number,
11244 nettemp_handles.mac,
11245 NULL, &temp, &aci);
11246 }
11247 break;
11248
11249 default:
11250 err = -RSBAC_EINVALIDATTR;
11251 }
11252 if (err)
11253 break;
11254 switch (attr) {
11255 case A_local_sec_level:
11256 case A_remote_sec_level:
11257 value->security_level = aci.sec_level;
11258 break;
11259 case A_local_mac_categories:
11260 case A_remote_mac_categories:
11261 value->mac_categories = aci.mac_categories;
11262 break;
11263
11264 default:
11265 err = -RSBAC_EINVALIDATTR;
11266 }
11267 }
11268 break;
11269 #endif
11270
11271 #if defined(CONFIG_RSBAC_PM)
11272 case SW_PM:
11273 {
11274 struct rsbac_pm_netobj_aci_t aci =
11275 DEFAULT_PM_NETOBJ_ACI;
11276
11277 switch (attr) {
11278 case A_local_pm_object_class:
11279 case A_local_pm_ipc_purpose:
11280 case A_local_pm_object_type:
11281 if (rsbac_ta_list_get_data_ttl(ta_number, lnetobj_handles.pm, NULL, &tid_p->netobj.sock_p, &aci)) {
11282 rsbac_net_temp_id_t temp = 0;
11283
11284 if(!ta_number && tid_p->netobj.local_temp)
11285 temp = tid_p->netobj.local_temp;
11286 else
11287 rsbac_ta_net_lookup_templates
11288 (ta_number, &tid_p->netobj,
11289 &temp, NULL);
11290 if (temp)
11291 rsbac_ta_list_get_data_ttl
11292 (ta_number,
11293 nettemp_handles.pm,
11294 NULL, &temp, &aci);
11295 }
11296 break;
11297
11298 case A_remote_pm_object_class:
11299 case A_remote_pm_ipc_purpose:
11300 case A_remote_pm_object_type:
11301 if (rsbac_ta_list_get_data_ttl(ta_number, rnetobj_handles.pm, NULL, &tid_p->netobj.sock_p, &aci)) {
11302 rsbac_net_temp_id_t temp = 0;
11303
11304 if(!ta_number && tid_p->netobj.remote_temp)
11305 temp = tid_p->netobj.remote_temp;
11306 else
11307 rsbac_ta_net_lookup_templates
11308 (ta_number, &tid_p->netobj,
11309 NULL, &temp);
11310 if (temp)
11311 rsbac_ta_list_get_data_ttl
11312 (ta_number,
11313 nettemp_handles.pm,
11314 NULL, &temp, &aci);
11315 }
11316 break;
11317
11318 default:
11319 err = -RSBAC_EINVALIDATTR;
11320 }
11321 if (err)
11322 break;
11323 switch (attr) {
11324 case A_local_pm_object_class:
11325 case A_remote_pm_object_class:
11326 value->pm_object_class =
11327 aci.pm_object_class;
11328 break;
11329 case A_local_pm_ipc_purpose:
11330 case A_remote_pm_ipc_purpose:
11331 value->pm_ipc_purpose = aci.pm_ipc_purpose;
11332 break;
11333 case A_local_pm_object_type:
11334 case A_remote_pm_object_type:
11335 value->pm_object_type = aci.pm_object_type;
11336 break;
11337
11338 default:
11339 err = -RSBAC_EINVALIDATTR;
11340 }
11341 }
11342 break;
11343 #endif
11344
11345 #if defined(CONFIG_RSBAC_RC)
11346 case SW_RC:
11347 {
11348 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
11349
11350 switch (attr) {
11351 case A_local_rc_type:
11352 if (rsbac_ta_list_get_data_ttl(ta_number, lnetobj_handles.rc, NULL, &tid_p->netobj.sock_p, &type)) {
11353 rsbac_net_temp_id_t temp = 0;
11354 struct rsbac_rc_nettemp_aci_t aci;
11355
11356 if(!ta_number && tid_p->netobj.local_temp)
11357 temp = tid_p->netobj.local_temp;
11358 else
11359 rsbac_ta_net_lookup_templates
11360 (ta_number, &tid_p->netobj,
11361 &temp, NULL);
11362 if (temp) {
11363 if (!rsbac_ta_list_get_data_ttl(ta_number, nettemp_handles.rc, NULL, &temp, &aci))
11364 type = aci.netobj_type;
11365 }
11366 }
11367 break;
11368
11369 case A_remote_rc_type:
11370 if (rsbac_ta_list_get_data_ttl(ta_number, rnetobj_handles.rc, NULL, &tid_p->netobj.sock_p, &type)) {
11371 rsbac_net_temp_id_t temp = 0;
11372 struct rsbac_rc_nettemp_aci_t aci;
11373
11374 if(!ta_number && tid_p->netobj.remote_temp)
11375 temp = tid_p->netobj.remote_temp;
11376 else
11377 rsbac_ta_net_lookup_templates
11378 (ta_number, &tid_p->netobj,
11379 NULL, &temp);
11380 if (temp) {
11381 if (!rsbac_ta_list_get_data_ttl(ta_number, nettemp_handles.rc, NULL, &temp, &aci))
11382 type =
11383 aci.
11384 netobj_type;
11385 }
11386 }
11387 break;
11388
11389 default:
11390 err = -RSBAC_EINVALIDATTR;
11391 }
11392 if (!err)
11393 value->rc_type = type;
11394 }
11395 break;
11396 #endif
11397
11398 default:
11399 err = -RSBAC_EINVALIDMODULE;
11400 }
11401 return err;
11402 }
11403 #endif
11404
11405 #ifdef CONFIG_RSBAC_FD_CACHE
11406 int rsbac_fd_cache_invalidate(struct rsbac_fs_file_t * file_p)
11407 {
11408 struct rsbac_fd_cache_desc_t fd_desc;
11409 int i;
11410
11411 fd_desc.device = file_p->device;
11412 fd_desc.inode = file_p->inode;
11413
11414 for (i = 0; i < SW_NONE; i++) {
11415 if (fd_cache_handle[i])
11416 rsbac_list_lol_remove(fd_cache_handle[i], &fd_desc);
11417 }
11418 #ifdef CONFIG_RSBAC_XSTATS
11419 fd_cache_invalidates++;
11420 #endif
11421 return 0;
11422 }
11423
11424 int rsbac_fd_cache_invalidate_all(void)
11425 {
11426 int i;
11427
11428 for (i = 0; i < SW_NONE; i++) {
11429 if (fd_cache_handle[i])
11430 rsbac_list_lol_remove_all(fd_cache_handle[i]);
11431 }
11432 #ifdef CONFIG_RSBAC_XSTATS
11433 fd_cache_invalidate_alls++;
11434 #endif
11435 return 0;
11436 }
11437 #endif
11438
11439
11440
11441
11442 int rsbac_ta_get_attr(rsbac_list_ta_number_t ta_number,
11443 enum rsbac_switch_target_t module,
11444 enum rsbac_target_t target,
11445 union rsbac_target_id_t tid,
11446 enum rsbac_attribute_t attr,
11447 union rsbac_attribute_value_t *value_p,
11448 rsbac_boolean_t inherit)
11449 {
11450 int err = 0;
11451
11452 if (!rsbac_initialized) {
11453 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
11454 return (-RSBAC_ENOTINITIALIZED);
11455 }
11456 if (!value_p)
11457 return (-RSBAC_EINVALIDPOINTER);
11458 if (in_interrupt()) {
11459 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
11460 }
11461 #ifdef CONFIG_RSBAC_XSTATS
11462 get_attr_count[target]++;
11463 #endif
11464 switch (target) {
11465 case T_FILE:
11466 case T_DIR:
11467 case T_FIFO:
11468 case T_SYMLINK:
11469 case T_UNIXSOCK:
11470 #ifdef CONFIG_RSBAC_FD_CACHE
11471 if (inherit && !ta_number && fd_cache_handle[module] && (RSBAC_MAJOR(tid.file.device) > 1)) {
11472 struct rsbac_fd_cache_desc_t fd_desc;
11473 rsbac_enum_t cache_attr = attr;
11474
11475 fd_desc.device = tid.file.device;
11476 fd_desc.inode = tid.file.inode;
11477 if (!rsbac_list_lol_get_subdata(fd_cache_handle[module],
11478 &fd_desc, &cache_attr,
11479 value_p)) {
11480 #ifdef CONFIG_RSBAC_XSTATS
11481 fd_cache_hits[module]++;
11482 #endif
11483 return 0;
11484 }
11485 err = get_attr_fd(0, module, target, &tid,
11486 attr, value_p, TRUE);
11487 if (!err) {
11488 #if 0
11489 rsbac_pr_debug(auto, "Adding fd cache item device %02u:%02u inode %u attr %u\n",
11490 RSBAC_MAJOR(fd_desc.device), RSBAC_MINOR(fd_desc.device),
11491 fd_desc.inode, attr);
11492 #endif
11493 rsbac_list_lol_subadd_ttl(fd_cache_handle[module],
11494 rsbac_fd_cache_ttl,
11495 &fd_desc, &cache_attr,
11496 value_p);
11497 #ifdef CONFIG_RSBAC_XSTATS
11498 fd_cache_misses[module]++;
11499 #endif
11500 }
11501 return err;
11502 }
11503 #endif
11504
11505 return get_attr_fd(ta_number, module, target, &tid,
11506 attr, value_p, inherit);
11507
11508 case T_DEV:
11509 return get_attr_dev(ta_number, module, target, tid.dev,
11510 attr, value_p, inherit);
11511
11512 case T_IPC:
11513 return get_attr_ipc(ta_number, module, target, &tid,
11514 attr, value_p, inherit);
11515
11516 case T_USER:
11517 return get_attr_user(ta_number, module, target, &tid,
11518 attr, value_p, inherit);
11519
11520 case T_PROCESS:
11521 return get_attr_process(ta_number, module, target, &tid,
11522 attr, value_p, inherit);
11523
11524 #ifdef CONFIG_RSBAC_UM
11525 case T_GROUP:
11526 return get_attr_group(ta_number, module, target, &tid,
11527 attr, value_p, inherit);
11528 #endif
11529
11530 #ifdef CONFIG_RSBAC_NET_DEV
11531 case T_NETDEV:
11532 return get_attr_netdev(ta_number, module, target, &tid,
11533 attr, value_p, inherit);
11534 #endif
11535
11536 #ifdef CONFIG_RSBAC_NET_OBJ
11537 case T_NETTEMP:
11538 return get_attr_nettemp(ta_number, module, target, &tid,
11539 attr, value_p, inherit);
11540
11541 case T_NETOBJ:
11542 return get_attr_netobj(ta_number, module, target, &tid,
11543 attr, value_p, inherit);
11544 #endif
11545
11546
11547 default:
11548 return -RSBAC_EINVALIDTARGET;
11549 }
11550
11551 return err;
11552 }
11553
11554
11555
11556 static int set_attr_fd(rsbac_list_ta_number_t ta_number,
11557 enum rsbac_switch_target_t module,
11558 enum rsbac_target_t target,
11559 union rsbac_target_id_t *tid_p,
11560 enum rsbac_attribute_t attr,
11561 union rsbac_attribute_value_t *value_p)
11562 {
11563 int err = 0;
11564 struct rsbac_device_list_item_t *device_p;
11565 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
11566 u_long dflags;
11567 #endif
11568 u_int hash;
11569
11570
11571
11572
11573
11574
11575
11576 hash = device_hash(tid_p->file.device);
11577 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11578 rcu_read_lock();
11579 #else
11580 rsbac_read_lock(&device_list_locks[hash], &dflags);
11581 #endif
11582
11583
11584 device_p = lookup_device(tid_p->file.device, hash);
11585 if (!device_p) {
11586 struct super_block *sb_p;
11587
11588 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11589 rcu_read_unlock();
11590 #else
11591 rsbac_read_unlock(&device_list_locks[hash], &dflags);
11592 #endif
11593 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11594 sb_p = user_get_super(tid_p->file.device);
11595 #else
11596 sb_p = get_super(tid_p->file.device);
11597 #endif
11598 if (sb_p) {
11599 if(RSBAC_MAJOR(tid_p->file.device) <= 1) {
11600 rsbac_printk(KERN_INFO "rsbac_set_attr(): auto-mounting device %02u:%02u\n",
11601 RSBAC_MAJOR(tid_p->file.device),
11602 RSBAC_MINOR(tid_p->file.device));
11603 rsbac_mount(sb_p, NULL);
11604 }
11605
11606 drop_super(sb_p);
11607 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11608 rcu_read_lock();
11609 #else
11610 rsbac_read_lock(&device_list_locks[hash], &dflags);
11611 #endif
11612 device_p = lookup_device(tid_p->file.device, hash);
11613 if (!device_p) {
11614 rsbac_printk(KERN_WARNING "rsbac_set_attr(): unknown device %02u:%02u\n",
11615 RSBAC_MAJOR(tid_p->file.
11616 device),
11617 RSBAC_MINOR(tid_p->file.
11618 device));
11619 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11620 rcu_read_unlock();
11621 #else
11622 rsbac_read_unlock(&device_list_locks[hash],
11623 &dflags);
11624 #endif
11625 return -RSBAC_EINVALIDDEV;
11626 }
11627 } else
11628 return -RSBAC_EINVALIDDEV;
11629 }
11630 switch (module) {
11631 case SW_GEN:
11632 {
11633 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
11634
11635 rsbac_ta_list_get_data_ttl(ta_number,
11636 device_p->handles.gen,
11637 NULL,
11638 &tid_p->file.inode,
11639 &aci);
11640 switch (attr) {
11641 case A_log_array_low:
11642 aci.log_array_low = value_p->log_array_low;
11643 break;
11644 case A_log_array_high:
11645 aci.log_array_high =
11646 value_p->log_array_high;
11647 break;
11648 case A_log_program_based:
11649 aci.log_program_based =
11650 value_p->log_program_based;
11651 break;
11652 case A_symlink_add_remote_ip:
11653 aci.symlink_add_remote_ip =
11654 value_p->symlink_add_remote_ip;
11655 break;
11656 case A_symlink_add_uid:
11657 aci.symlink_add_uid =
11658 value_p->symlink_add_uid;
11659 break;
11660 case A_symlink_add_mac_level:
11661 aci.symlink_add_mac_level =
11662 value_p->symlink_add_mac_level;
11663 break;
11664 case A_symlink_add_rc_role:
11665 aci.symlink_add_rc_role =
11666 value_p->symlink_add_rc_role;
11667 break;
11668 case A_linux_dac_disable:
11669 aci.linux_dac_disable =
11670 value_p->linux_dac_disable;
11671 break;
11672 case A_fake_root_uid:
11673 aci.fake_root_uid = value_p->fake_root_uid;
11674 break;
11675 case A_auid_exempt:
11676 aci.auid_exempt = value_p->auid_exempt;
11677 break;
11678 default:
11679 err = -RSBAC_EINVALIDATTR;
11680 }
11681 if (!err) {
11682 err = rsbac_ta_list_add_ttl(ta_number,
11683 device_p->
11684 handles.gen,
11685 0,
11686 &tid_p->file.
11687 inode, &aci);
11688 }
11689 }
11690 break;
11691
11692 #if defined(CONFIG_RSBAC_MAC)
11693 case SW_MAC:
11694 {
11695 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
11696
11697 rsbac_ta_list_get_data_ttl(ta_number,
11698 device_p->handles.mac,
11699 NULL,
11700 &tid_p->file.inode,
11701 &aci);
11702 switch (attr) {
11703 case A_security_level:
11704 aci.sec_level = value_p->security_level;
11705 break;
11706 case A_mac_categories:
11707 aci.mac_categories =
11708 value_p->mac_categories;
11709 break;
11710 case A_mac_auto:
11711 aci.mac_auto = value_p->mac_auto;
11712 break;
11713 case A_mac_prop_trusted:
11714 aci.mac_prop_trusted =
11715 value_p->mac_prop_trusted;
11716 break;
11717 case A_mac_file_flags:
11718 aci.mac_file_flags =
11719 value_p->
11720 mac_file_flags & RSBAC_MAC_F_FLAGS;
11721 break;
11722
11723 default:
11724 err = -RSBAC_EINVALIDATTR;
11725 }
11726 if (!err) {
11727 err = rsbac_ta_list_add_ttl(ta_number,
11728 device_p->
11729 handles.mac,
11730 0,
11731 &tid_p->file.
11732 inode, &aci);
11733 }
11734 }
11735 break;
11736 #endif
11737
11738 #if defined(CONFIG_RSBAC_PM)
11739 case SW_PM:
11740 {
11741 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
11742
11743 rsbac_ta_list_get_data_ttl(ta_number,
11744 device_p->handles.pm,
11745 NULL,
11746 &tid_p->file.inode,
11747 &aci);
11748 switch (attr) {
11749 case A_pm_object_class:
11750 aci.pm_object_class =
11751 value_p->pm_object_class;
11752 break;
11753 case A_pm_tp:
11754 aci.pm_tp = value_p->pm_tp;
11755 break;
11756 case A_pm_object_type:
11757 aci.pm_object_type =
11758 value_p->pm_object_type;
11759 break;
11760 default:
11761 err = -RSBAC_EINVALIDATTR;
11762 }
11763 if (!err) {
11764 err = rsbac_ta_list_add_ttl(ta_number,
11765 device_p->
11766 handles.pm,
11767 0,
11768 &tid_p->file.
11769 inode, &aci);
11770 }
11771 }
11772 break;
11773 #endif
11774
11775 #if defined(CONFIG_RSBAC_DAZ)
11776 case SW_DAZ:
11777 {
11778 #if defined(CONFIG_RSBAC_DAZ_CACHE)
11779 if (attr == A_daz_scanned) {
11780 err =
11781 rsbac_list_add_ttl(device_p->handles.dazs,
11782 rsbac_daz_ttl,
11783 &tid_p->file.inode,
11784 &value_p->
11785 daz_scanned);
11786 } else
11787 #endif
11788 {
11789 struct rsbac_daz_fd_aci_t aci =
11790 DEFAULT_DAZ_FD_ACI;
11791
11792 rsbac_ta_list_get_data_ttl(ta_number,
11793 device_p->
11794 handles.daz,
11795 NULL,
11796 &tid_p->file.inode,
11797 &aci);
11798 switch (attr) {
11799 case A_daz_scanner:
11800 aci.daz_scanner =
11801 value_p->daz_scanner;
11802 break;
11803 case A_daz_do_scan:
11804 aci.daz_do_scan = value_p->daz_do_scan;
11805 break;
11806 default:
11807 err = -RSBAC_EINVALIDATTR;
11808 }
11809 if (!err) {
11810 err = rsbac_ta_list_add_ttl
11811 (ta_number,
11812 device_p->handles.daz,
11813 0,
11814 &tid_p->file.inode, &aci);
11815 }
11816 }
11817 }
11818 break;
11819 #endif
11820
11821 #if defined(CONFIG_RSBAC_FF)
11822 case SW_FF:
11823 {
11824 switch (attr) {
11825 case A_ff_flags:
11826 err = rsbac_ta_list_add_ttl(ta_number,
11827 device_p->
11828 handles.ff,
11829 0,
11830 &tid_p->file.
11831 inode,
11832 &value_p->ff_flags);
11833 break;
11834
11835 default:
11836 err = -RSBAC_EINVALIDATTR;
11837 }
11838 }
11839 break;
11840 #endif
11841
11842 #if defined(CONFIG_RSBAC_RC)
11843 case SW_RC:
11844 {
11845 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
11846
11847 rsbac_ta_list_get_data_ttl(ta_number,
11848 device_p->handles.rc,
11849 NULL,
11850 &tid_p->file.inode,
11851 &aci);
11852 switch (attr) {
11853 case A_rc_type_fd:
11854 aci.rc_type_fd = value_p->rc_type_fd;
11855 break;
11856 case A_rc_force_role:
11857 aci.rc_force_role = value_p->rc_force_role;
11858 break;
11859 case A_rc_initial_role:
11860 aci.rc_initial_role =
11861 value_p->rc_initial_role;
11862 break;
11863
11864 default:
11865 err = -RSBAC_EINVALIDATTR;
11866 }
11867 if (!err) {
11868 err = rsbac_ta_list_add_ttl(ta_number,
11869 device_p->
11870 handles.rc,
11871 0,
11872 &tid_p->file.
11873 inode, &aci);
11874 }
11875 }
11876 break;
11877 #endif
11878
11879 #if defined(CONFIG_RSBAC_AUTH)
11880 case SW_AUTH:
11881 {
11882 struct rsbac_auth_fd_aci_t aci =
11883 DEFAULT_AUTH_FD_ACI;
11884
11885 rsbac_ta_list_get_data_ttl(ta_number,
11886 device_p->handles.auth,
11887 NULL,
11888 &tid_p->file.inode,
11889 &aci);
11890 switch (attr) {
11891 case A_auth_may_setuid:
11892 aci.auth_may_setuid =
11893 value_p->auth_may_setuid;
11894 break;
11895 case A_auth_may_set_cap:
11896 aci.auth_may_set_cap =
11897 value_p->auth_may_set_cap;
11898 break;
11899 case A_auth_learn:
11900 aci.auth_learn = value_p->auth_learn;
11901 break;
11902 default:
11903 err = -RSBAC_EINVALIDATTR;
11904 }
11905 if (!err) {
11906 err = rsbac_ta_list_add_ttl(ta_number,
11907 device_p->
11908 handles.auth,
11909 0,
11910 &tid_p->file.
11911 inode, &aci);
11912 }
11913 }
11914 break;
11915 #endif
11916
11917 #if defined(CONFIG_RSBAC_CAP)
11918 case SW_CAP:
11919 {
11920 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
11921
11922 rsbac_ta_list_get_data_ttl(ta_number,
11923 device_p->handles.cap,
11924 NULL,
11925 &tid_p->file.inode,
11926 &aci);
11927 switch (attr) {
11928 case A_min_caps:
11929 aci.min_caps = value_p->min_caps;
11930 break;
11931 case A_max_caps:
11932 aci.max_caps = value_p->max_caps;
11933 break;
11934 case A_cap_ld_env:
11935 aci.cap_ld_env = value_p->cap_ld_env;
11936 break;
11937 default:
11938 err = -RSBAC_EINVALIDATTR;
11939 }
11940 if (!err) {
11941 err = rsbac_ta_list_add_ttl(ta_number,
11942 device_p->
11943 handles.cap,
11944 0,
11945 &tid_p->file.
11946 inode, &aci);
11947 }
11948 }
11949 break;
11950 #endif
11951
11952 #if defined(CONFIG_RSBAC_RES)
11953 case SW_RES:
11954 {
11955 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
11956
11957 rsbac_ta_list_get_data_ttl(ta_number,
11958 device_p->handles.res,
11959 NULL,
11960 &tid_p->file.inode,
11961 &aci);
11962 switch (attr) {
11963 case A_res_min:
11964 memcpy(&aci.res_min, &value_p->res_array,
11965 sizeof(aci.res_min));
11966 break;
11967 case A_res_max:
11968 memcpy(&aci.res_max, &value_p->res_array,
11969 sizeof(aci.res_max));
11970 break;
11971 default:
11972 err = -RSBAC_EINVALIDATTR;
11973 }
11974 if (!err) {
11975 struct rsbac_res_fd_aci_t def_aci =
11976 DEFAULT_RES_FD_ACI;
11977
11978 if (memcmp(&aci, &def_aci, sizeof(aci)))
11979 err = rsbac_ta_list_add_ttl
11980 (ta_number,
11981 device_p->handles.res,
11982 0,
11983 &tid_p->file.inode, &aci);
11984 else
11985 err =
11986 rsbac_ta_list_remove(ta_number,
11987 device_p->
11988 handles.res,
11989 &tid_p->file.
11990 inode);
11991 }
11992 }
11993 break;
11994 #endif
11995
11996 #if defined(CONFIG_RSBAC_PAX)
11997 case SW_PAX:
11998 {
11999 switch (attr) {
12000 case A_pax_flags:
12001 value_p->pax_flags &= RSBAC_PAX_ALL_FLAGS;
12002 err = rsbac_ta_list_add_ttl(ta_number,
12003 device_p->
12004 handles.pax,
12005 0,
12006 &tid_p->file.
12007 inode,
12008 &value_p->pax_flags);
12009 break;
12010
12011 default:
12012 err = -RSBAC_EINVALIDATTR;
12013 }
12014 }
12015 break;
12016 #endif
12017
12018 default:
12019 err = -RSBAC_EINVALIDMODULE;
12020 }
12021
12022 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
12023 rcu_read_unlock();
12024 #else
12025 rsbac_read_unlock(&device_list_locks[hash], &dflags);
12026 #endif
12027
12028 #ifdef CONFIG_RSBAC_FD_CACHE
12029 if (fd_cache_handle[module]) {
12030 if (target == T_DIR)
12031 rsbac_list_lol_remove_all(fd_cache_handle[module]);
12032 else {
12033 struct rsbac_fd_cache_desc_t fd_desc;
12034
12035 fd_desc.device = tid_p->file.device;
12036 fd_desc.inode = tid_p->file.inode;
12037 rsbac_list_lol_remove(fd_cache_handle[module], &fd_desc);
12038 }
12039 }
12040 #endif
12041
12042 return err;
12043 }
12044
12045 static int set_attr_dev(rsbac_list_ta_number_t ta_number,
12046 enum rsbac_switch_target_t module,
12047 enum rsbac_target_t target,
12048 struct rsbac_dev_desc_t dev,
12049 enum rsbac_attribute_t attr,
12050 union rsbac_attribute_value_t *value_p)
12051 {
12052 int err = 0;
12053
12054 switch (module) {
12055 case SW_GEN:
12056 {
12057 struct rsbac_gen_dev_aci_t aci =
12058 DEFAULT_GEN_DEV_ACI;
12059
12060 if (dev.type > D_char)
12061 return -RSBAC_EINVALIDTARGET;
12062 rsbac_ta_list_get_data_ttl(ta_number,
12063 dev_handles.gen,
12064 NULL, &dev, &aci);
12065 switch (attr) {
12066 case A_log_array_low:
12067 aci.log_array_low = value_p->log_array_low;
12068 break;
12069 case A_log_array_high:
12070 aci.log_array_high =
12071 value_p->log_array_high;
12072 break;
12073 default:
12074 err = -RSBAC_EINVALIDATTR;
12075 }
12076 if (!err) {
12077 err = rsbac_ta_list_add_ttl(ta_number,
12078 dev_handles.
12079 gen, 0, &dev,
12080 &aci);
12081 }
12082 }
12083 break;
12084
12085 #if defined(CONFIG_RSBAC_MAC)
12086 case SW_MAC:
12087 {
12088 struct rsbac_mac_dev_aci_t aci =
12089 DEFAULT_MAC_DEV_ACI;
12090
12091 if (dev.type > D_char)
12092 return -RSBAC_EINVALIDTARGET;
12093 rsbac_ta_list_get_data_ttl(ta_number,
12094 dev_handles.mac,
12095 NULL, &dev, &aci);
12096 switch (attr) {
12097 case A_security_level:
12098 aci.sec_level = value_p->security_level;
12099 break;
12100 case A_mac_categories:
12101 aci.mac_categories =
12102 value_p->mac_categories;
12103 break;
12104 case A_mac_check:
12105 aci.mac_check = value_p->mac_check;
12106 break;
12107 default:
12108 err = -RSBAC_EINVALIDATTR;
12109 }
12110 if (!err) {
12111 err = rsbac_ta_list_add_ttl(ta_number,
12112 dev_handles.
12113 mac, 0, &dev,
12114 &aci);
12115 }
12116 }
12117 break;
12118 #endif
12119
12120 #if defined(CONFIG_RSBAC_PM)
12121 case SW_PM:
12122 {
12123 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
12124
12125 if (dev.type > D_char)
12126 return -RSBAC_EINVALIDTARGET;
12127 rsbac_ta_list_get_data_ttl(ta_number,
12128 dev_handles.pm,
12129 NULL, &dev, &aci);
12130 switch (attr) {
12131 case A_pm_object_type:
12132 aci.pm_object_type =
12133 value_p->pm_object_type;
12134 break;
12135 case A_pm_object_class:
12136 aci.pm_object_class =
12137 value_p->pm_object_class;
12138 break;
12139 default:
12140 err = -RSBAC_EINVALIDATTR;
12141 }
12142 if (!err) {
12143 err = rsbac_ta_list_add_ttl(ta_number,
12144 dev_handles.pm,
12145 0, &dev, &aci);
12146 }
12147 }
12148 break;
12149 #endif
12150
12151 #if defined(CONFIG_RSBAC_RC)
12152 case SW_RC:
12153 {
12154 rsbac_rc_type_id_t type = value_p->rc_type;
12155 struct rsbac_dev_desc_t dev_desc;
12156 rsbac_list_handle_t handle;
12157
12158 switch (dev.type) {
12159 case D_char:
12160 dev_desc.type = D_char;
12161 handle = dev_handles.rc;
12162 break;
12163 case D_block:
12164 dev_desc.type = D_block;
12165 handle = dev_handles.rc;
12166 break;
12167 case D_char_major:
12168 if (type > RC_type_max_value)
12169 return -RSBAC_EINVALIDVALUE;
12170 dev_desc.type = D_char;
12171 handle = dev_major_handles.rc;
12172 break;
12173 case D_block_major:
12174 if (type > RC_type_max_value)
12175 return -RSBAC_EINVALIDVALUE;
12176 dev_desc.type = D_block;
12177 handle = dev_major_handles.rc;
12178 break;
12179 default:
12180 return -RSBAC_EINVALIDTARGET;
12181 }
12182 dev_desc.major = dev.major;
12183 dev_desc.minor = dev.minor;
12184
12185 switch (attr) {
12186 case A_rc_type:
12187 err = rsbac_ta_list_add_ttl(ta_number,
12188 handle,
12189 0,
12190 &dev_desc,
12191 &type);
12192 break;
12193 default:
12194 err = -RSBAC_EINVALIDATTR;
12195 }
12196 }
12197 break;
12198 #endif
12199
12200 default:
12201 err = -RSBAC_EINVALIDMODULE;
12202 }
12203
12204 return err;
12205 }
12206
12207 static int set_attr_ipc(rsbac_list_ta_number_t ta_number,
12208 enum rsbac_switch_target_t module,
12209 enum rsbac_target_t target,
12210 union rsbac_target_id_t *tid_p,
12211 enum rsbac_attribute_t attr,
12212 union rsbac_attribute_value_t *value_p)
12213 {
12214 int err = 0;
12215
12216 switch (module) {
12217 #if defined(CONFIG_RSBAC_MAC)
12218 case SW_MAC:
12219 {
12220 struct rsbac_mac_ipc_aci_t aci =
12221 DEFAULT_MAC_IPC_ACI;
12222
12223 rsbac_ta_list_get_data_ttl(ta_number,
12224 ipc_handles.mac,
12225 NULL,
12226 &tid_p->ipc, &aci);
12227 switch (attr) {
12228 case A_security_level:
12229 aci.sec_level = value_p->security_level;
12230 break;
12231 case A_mac_categories:
12232 aci.mac_categories =
12233 value_p->mac_categories;
12234 break;
12235 default:
12236 err = -RSBAC_EINVALIDATTR;
12237 }
12238 if (!err) {
12239 err = rsbac_ta_list_add_ttl(ta_number,
12240 ipc_handles.
12241 mac, 0,
12242 &tid_p->ipc,
12243 &aci);
12244 }
12245 }
12246 break;
12247 #endif
12248
12249 #if defined(CONFIG_RSBAC_PM)
12250 case SW_PM:
12251 {
12252 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
12253
12254 rsbac_ta_list_get_data_ttl(ta_number,
12255 ipc_handles.pm,
12256 NULL,
12257 &tid_p->ipc, &aci);
12258 switch (attr) {
12259 case A_pm_object_type:
12260 aci.pm_object_type =
12261 value_p->pm_object_type;
12262 break;
12263 case A_pm_ipc_purpose:
12264 aci.pm_ipc_purpose =
12265 value_p->pm_ipc_purpose;
12266 break;
12267 case A_pm_object_class:
12268 aci.pm_object_class =
12269 value_p->pm_object_class;
12270 break;
12271 default:
12272 err = -RSBAC_EINVALIDATTR;
12273 }
12274 if (!err) {
12275 err = rsbac_ta_list_add_ttl(ta_number,
12276 ipc_handles.pm,
12277 0,
12278 &tid_p->ipc,
12279 &aci);
12280 }
12281 }
12282 break;
12283 #endif
12284
12285 #if defined(CONFIG_RSBAC_RC)
12286 case SW_RC:
12287 {
12288 rsbac_rc_type_id_t type = value_p->rc_type;
12289
12290 switch (attr) {
12291 case A_rc_type:
12292 err = rsbac_ta_list_add_ttl(ta_number,
12293 ipc_handles.rc,
12294 0,
12295 &tid_p->ipc,
12296 &type);
12297 break;
12298 default:
12299 err = -RSBAC_EINVALIDATTR;
12300 }
12301 }
12302 break;
12303 #endif
12304
12305 #if defined(CONFIG_RSBAC_JAIL)
12306 case SW_JAIL:
12307 {
12308 rsbac_jail_id_t id = value_p->jail_id;
12309
12310 switch (attr) {
12311 case A_jail_id:
12312
12313
12314
12315
12316
12317
12318
12319
12320 err = rsbac_ta_list_add_ttl(ta_number,
12321 ipc_handles.
12322 jail, 0,
12323 &tid_p->ipc,
12324 &id);
12325 break;
12326 default:
12327 err = -RSBAC_EINVALIDATTR;
12328 }
12329 }
12330 break;
12331 #endif
12332
12333 default:
12334 err = -RSBAC_EINVALIDMODULE;
12335 }
12336
12337 return err;
12338 }
12339
12340 static int set_attr_user(rsbac_list_ta_number_t ta_number,
12341 enum rsbac_switch_target_t module,
12342 enum rsbac_target_t target,
12343 union rsbac_target_id_t *tid_p,
12344 enum rsbac_attribute_t attr,
12345 union rsbac_attribute_value_t *value_p)
12346 {
12347 int err = 0;
12348
12349
12350
12351
12352 switch (module) {
12353 case SW_GEN:
12354 {
12355 struct rsbac_gen_user_aci_t aci =
12356 DEFAULT_GEN_U_ACI;
12357
12358 rsbac_ta_list_get_data_ttl(ta_number,
12359 user_handles.gen,
12360 NULL,
12361 &tid_p->user, &aci);
12362 switch (attr) {
12363 case A_pseudo:
12364 aci.pseudo = value_p->pseudo;
12365 break;
12366 case A_log_user_based:
12367 aci.log_user_based =
12368 value_p->log_user_based;
12369 break;
12370 default:
12371 err = -RSBAC_EINVALIDATTR;
12372 }
12373 if (!err) {
12374 err = rsbac_ta_list_add_ttl(ta_number,
12375 user_handles.
12376 gen, 0,
12377 &tid_p->user,
12378 &aci);
12379 }
12380 }
12381 break;
12382
12383 #if defined(CONFIG_RSBAC_MAC)
12384 case SW_MAC:
12385 {
12386 struct rsbac_mac_user_aci_t aci =
12387 DEFAULT_MAC_U_ACI;
12388
12389 rsbac_ta_list_get_data_ttl(ta_number,
12390 user_handles.mac,
12391 NULL,
12392 &tid_p->user, &aci);
12393 switch (attr) {
12394 case A_security_level:
12395 if (value_p->security_level <
12396 aci.min_security_level)
12397 err = -RSBAC_EINVALIDVALUE;
12398 else
12399 aci.security_level =
12400 value_p->security_level;
12401 break;
12402 case A_initial_security_level:
12403 if ((value_p->security_level <
12404 aci.min_security_level)
12405 || (value_p->security_level >
12406 aci.security_level)
12407 )
12408 err = -RSBAC_EINVALIDVALUE;
12409 else
12410 aci.initial_security_level =
12411 value_p->security_level;
12412 break;
12413 case A_min_security_level:
12414 if (value_p->security_level >
12415 aci.security_level)
12416 err = -RSBAC_EINVALIDVALUE;
12417 else
12418 aci.min_security_level =
12419 value_p->security_level;
12420 break;
12421 case A_mac_categories:
12422 if ((value_p->mac_categories & aci.
12423 mac_min_categories) !=
12424 aci.mac_min_categories)
12425 err = -RSBAC_EINVALIDVALUE;
12426 else
12427 aci.mac_categories =
12428 value_p->mac_categories;
12429 break;
12430 case A_mac_initial_categories:
12431 if (((value_p->mac_categories & aci.
12432 mac_min_categories) !=
12433 aci.mac_min_categories)
12434 ||
12435 ((value_p->mac_categories & aci.
12436 mac_categories) !=
12437 value_p->mac_categories)
12438 )
12439 err = -RSBAC_EINVALIDVALUE;
12440 else
12441 aci.mac_initial_categories =
12442 value_p->mac_categories;
12443 break;
12444 case A_mac_min_categories:
12445 if ((value_p->mac_categories & aci.
12446 mac_categories) !=
12447 value_p->mac_categories)
12448 err = -RSBAC_EINVALIDVALUE;
12449 else
12450 aci.mac_min_categories =
12451 value_p->mac_categories;
12452 break;
12453 case A_system_role:
12454 case A_mac_role:
12455 aci.system_role = value_p->system_role;
12456 break;
12457 case A_mac_user_flags:
12458 aci.mac_user_flags =
12459 value_p->
12460 mac_user_flags & RSBAC_MAC_U_FLAGS;
12461 break;
12462 default:
12463 err = -RSBAC_EINVALIDATTR;
12464 }
12465 if (!err) {
12466 err = rsbac_ta_list_add_ttl(ta_number,
12467 user_handles.
12468 mac, 0,
12469 &tid_p->user,
12470 &aci);
12471 }
12472 }
12473 break;
12474 #endif
12475
12476 #if defined(CONFIG_RSBAC_PM)
12477 case SW_PM:
12478 {
12479 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
12480
12481 rsbac_ta_list_get_data_ttl(ta_number,
12482 user_handles.pm,
12483 NULL,
12484 &tid_p->user, &aci);
12485 switch (attr) {
12486 case A_pm_task_set:
12487 aci.pm_task_set = value_p->pm_task_set;
12488 break;
12489 case A_pm_role:
12490 aci.pm_role = value_p->pm_role;
12491 break;
12492 default:
12493 err = -RSBAC_EINVALIDATTR;
12494 }
12495 if (!err) {
12496 err = rsbac_ta_list_add_ttl(ta_number,
12497 user_handles.
12498 pm, 0,
12499 &tid_p->user,
12500 &aci);
12501 }
12502 }
12503 break;
12504 #endif
12505
12506 #if defined(CONFIG_RSBAC_DAZ)
12507 case SW_DAZ:
12508 {
12509 rsbac_system_role_int_t role =
12510 value_p->system_role;
12511
12512 switch (attr) {
12513 case A_system_role:
12514 case A_daz_role:
12515 err = rsbac_ta_list_add_ttl(ta_number,
12516 user_handles.
12517 daz, 0,
12518 &tid_p->user,
12519 &role);
12520 break;
12521 default:
12522 err = -RSBAC_EINVALIDATTR;
12523 }
12524 }
12525 break;
12526 #endif
12527
12528 #if defined(CONFIG_RSBAC_FF)
12529 case SW_FF:
12530 {
12531 rsbac_system_role_int_t role =
12532 value_p->system_role;
12533
12534 switch (attr) {
12535 case A_system_role:
12536 case A_ff_role:
12537 err = rsbac_ta_list_add_ttl(ta_number,
12538 user_handles.
12539 ff, 0,
12540 &tid_p->user,
12541 &role);
12542 break;
12543 default:
12544 err = -RSBAC_EINVALIDATTR;
12545 }
12546 }
12547 break;
12548 #endif
12549
12550 #if defined(CONFIG_RSBAC_RC)
12551 case SW_RC:
12552 {
12553 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
12554
12555 rsbac_ta_list_get_data_ttl(ta_number,
12556 user_handles.rc,
12557 NULL,
12558 &tid_p->user, &aci);
12559 switch (attr) {
12560 case A_rc_def_role:
12561 aci.rc_role = value_p->rc_def_role;
12562 break;
12563 case A_rc_type:
12564 aci.rc_type = value_p->rc_type;
12565 break;
12566 default:
12567 err = -RSBAC_EINVALIDATTR;
12568 }
12569 if (!err) {
12570 err = rsbac_ta_list_add_ttl(ta_number,
12571 user_handles.
12572 rc, 0,
12573 &tid_p->user,
12574 &aci);
12575 }
12576 }
12577 break;
12578 #endif
12579
12580 #if defined(CONFIG_RSBAC_AUTH)
12581 case SW_AUTH:
12582 {
12583 rsbac_system_role_int_t role =
12584 value_p->system_role;
12585
12586 switch (attr) {
12587 case A_system_role:
12588 case A_auth_role:
12589 err = rsbac_ta_list_add_ttl(ta_number,
12590 user_handles.
12591 auth, 0,
12592 &tid_p->user,
12593 &role);
12594 break;
12595 default:
12596 err = -RSBAC_EINVALIDATTR;
12597 }
12598 }
12599 break;
12600 #endif
12601
12602 #if defined(CONFIG_RSBAC_CAP)
12603 case SW_CAP:
12604 {
12605 struct rsbac_cap_user_aci_t aci =
12606 DEFAULT_CAP_U_ACI;
12607
12608 rsbac_ta_list_get_data_ttl(ta_number,
12609 user_handles.cap,
12610 NULL,
12611 &tid_p->user, &aci);
12612 switch (attr) {
12613 case A_system_role:
12614 case A_cap_role:
12615 aci.cap_role = value_p->system_role;
12616 break;
12617 case A_min_caps:
12618 aci.min_caps = value_p->min_caps;
12619 break;
12620 case A_max_caps:
12621 aci.max_caps = value_p->max_caps;
12622 break;
12623 case A_cap_ld_env:
12624 aci.cap_ld_env = value_p->cap_ld_env;
12625 break;
12626 default:
12627 err = -RSBAC_EINVALIDATTR;
12628 }
12629 if (!err) {
12630 err = rsbac_ta_list_add_ttl(ta_number,
12631 user_handles.
12632 cap, 0,
12633 &tid_p->user,
12634 &aci);
12635 }
12636 }
12637 break;
12638 #endif
12639
12640 #if defined(CONFIG_RSBAC_JAIL)
12641 case SW_JAIL:
12642 {
12643 rsbac_system_role_int_t role =
12644 value_p->system_role;
12645
12646 switch (attr) {
12647 case A_system_role:
12648 case A_jail_role:
12649 err = rsbac_ta_list_add_ttl(ta_number,
12650 user_handles.
12651 jail, 0,
12652 &tid_p->user,
12653 &role);
12654 break;
12655 default:
12656 err = -RSBAC_EINVALIDATTR;
12657 }
12658 }
12659 break;
12660 #endif
12661
12662 #if defined(CONFIG_RSBAC_RES)
12663 case SW_RES:
12664 {
12665 struct rsbac_res_user_aci_t aci =
12666 DEFAULT_RES_U_ACI;
12667
12668 rsbac_ta_list_get_data_ttl(ta_number,
12669 user_handles.res,
12670 NULL,
12671 &tid_p->user, &aci);
12672 switch (attr) {
12673 case A_system_role:
12674 case A_res_role:
12675 aci.res_role = value_p->system_role;
12676 break;
12677 case A_res_min:
12678 memcpy(&aci.res_min, &value_p->res_array,
12679 sizeof(aci.res_min));
12680 break;
12681 case A_res_max:
12682 memcpy(&aci.res_max, &value_p->res_array,
12683 sizeof(aci.res_max));
12684 break;
12685 default:
12686 err = -RSBAC_EINVALIDATTR;
12687 }
12688 if (!err) {
12689 struct rsbac_res_user_aci_t def_aci =
12690 DEFAULT_RES_U_ACI;
12691
12692 if (tid_p->user != RSBAC_ALL_USERS) {
12693 rsbac_uid_t all_users =
12694 RSBAC_ALL_USERS;
12695
12696 rsbac_ta_list_get_data_ttl
12697 (ta_number, user_handles.res,
12698 NULL, &all_users, &def_aci);
12699 }
12700 if (memcmp(&aci, &def_aci, sizeof(aci)))
12701 err =
12702 rsbac_ta_list_add_ttl
12703 (ta_number, user_handles.res,
12704 0, &tid_p->user, &aci);
12705 else
12706 err =
12707 rsbac_ta_list_remove(ta_number,
12708 user_handles.
12709 res,
12710 &tid_p->
12711 user);
12712 }
12713 }
12714 break;
12715 #endif
12716
12717 #if defined(CONFIG_RSBAC_PAX)
12718 case SW_PAX:
12719 {
12720 rsbac_system_role_int_t role =
12721 value_p->system_role;
12722
12723 switch (attr) {
12724 case A_system_role:
12725 case A_pax_role:
12726 err = rsbac_ta_list_add_ttl(ta_number,
12727 user_handles.
12728 pax, 0,
12729 &tid_p->user,
12730 &role);
12731 break;
12732 default:
12733 err = -RSBAC_EINVALIDATTR;
12734 }
12735 }
12736 break;
12737 #endif
12738
12739 default:
12740 err = -RSBAC_EINVALIDMODULE;
12741 }
12742
12743 return err;
12744 }
12745
12746 static int set_attr_process(rsbac_list_ta_number_t ta_number,
12747 enum rsbac_switch_target_t module,
12748 enum rsbac_target_t target,
12749 union rsbac_target_id_t *tid_p,
12750 enum rsbac_attribute_t attr,
12751 union rsbac_attribute_value_t *value_p)
12752 {
12753 int err = 0;
12754
12755 if (!tid_p->process) {
12756 rsbac_printk(KERN_WARNING "rsbac_set_attr(): Trying to set attribute for process 0!\n");
12757 return -RSBAC_EINVALIDTARGET;
12758 }
12759 switch (module) {
12760 case SW_GEN:
12761 {
12762 struct rsbac_gen_process_aci_t aci =
12763 DEFAULT_GEN_P_ACI;
12764
12765 rsbac_ta_list_get_data_ttl(ta_number,
12766 process_handles.gen,
12767 NULL, &tid_p->process,
12768 &aci);
12769 switch (attr) {
12770 case A_log_program_based:
12771 aci.log_program_based =
12772 value_p->log_program_based;
12773 break;
12774 case A_fake_root_uid:
12775 aci.fake_root_uid = value_p->fake_root_uid;
12776 break;
12777 case A_audit_uid:
12778 aci.audit_uid = value_p->audit_uid;
12779 break;
12780 case A_auid_exempt:
12781 aci.auid_exempt = value_p->auid_exempt;
12782 break;
12783 case A_remote_ip:
12784 aci.remote_ip = value_p->remote_ip;
12785 break;
12786 case A_kernel_thread:
12787 aci.kernel_thread = value_p->kernel_thread;
12788 break;
12789 default:
12790 err = -RSBAC_EINVALIDATTR;
12791 }
12792 if (!err) {
12793 err = rsbac_ta_list_add_ttl(ta_number,
12794 process_handles.gen,
12795 0,
12796 &tid_p->
12797 process, &aci);
12798 }
12799 }
12800 break;
12801
12802 #if defined(CONFIG_RSBAC_MAC)
12803 case SW_MAC:
12804 {
12805 struct rsbac_mac_process_aci_t aci =
12806 DEFAULT_MAC_P_ACI;
12807
12808 rsbac_ta_list_get_data_ttl(ta_number,
12809 process_handles.mac,
12810 NULL, &tid_p->process,
12811 &aci);
12812 switch (attr) {
12813 case A_security_level:
12814 aci.owner_sec_level =
12815 value_p->security_level;
12816 break;
12817 case A_initial_security_level:
12818 aci.owner_initial_sec_level =
12819 value_p->security_level;
12820 break;
12821 case A_min_security_level:
12822 aci.owner_min_sec_level =
12823 value_p->security_level;
12824 break;
12825 case A_mac_categories:
12826 aci.mac_owner_categories =
12827 value_p->mac_categories;
12828 break;
12829 case A_mac_initial_categories:
12830 aci.mac_owner_initial_categories =
12831 value_p->mac_categories;
12832 break;
12833 case A_mac_min_categories:
12834 aci.mac_owner_min_categories =
12835 value_p->mac_categories;
12836 break;
12837 case A_current_sec_level:
12838 aci.current_sec_level =
12839 value_p->current_sec_level;
12840 break;
12841 case A_mac_curr_categories:
12842 aci.mac_curr_categories =
12843 value_p->mac_categories;
12844 break;
12845 case A_min_write_open:
12846 aci.min_write_open =
12847 value_p->min_write_open;
12848 break;
12849 case A_min_write_categories:
12850 aci.min_write_categories =
12851 value_p->mac_categories;
12852 break;
12853 case A_max_read_open:
12854 aci.max_read_open = value_p->max_read_open;
12855 break;
12856 case A_max_read_categories:
12857 aci.max_read_categories =
12858 value_p->mac_categories;
12859 break;
12860 case A_mac_process_flags:
12861 aci.mac_process_flags =
12862 value_p->
12863 mac_process_flags & RSBAC_MAC_P_FLAGS;
12864 break;
12865 case A_mac_auto:
12866 if (value_p->mac_auto)
12867 aci.mac_process_flags |= MAC_auto;
12868 else
12869 aci.mac_process_flags &= ~MAC_auto;
12870 break;
12871 default:
12872 err = -RSBAC_EINVALIDATTR;
12873 }
12874 if (!err) {
12875 err = rsbac_ta_list_add_ttl(ta_number,
12876 process_handles.mac,
12877 0,
12878 &tid_p->
12879 process, &aci);
12880 }
12881 }
12882 break;
12883 #endif
12884
12885 #if defined(CONFIG_RSBAC_PM)
12886 case SW_PM:
12887 {
12888 struct rsbac_pm_process_aci_t aci =
12889 DEFAULT_PM_P_ACI;
12890
12891 rsbac_ta_list_get_data_ttl(ta_number,
12892 process_handles.pm,
12893 NULL,
12894 &tid_p->process, &aci);
12895 switch (attr) {
12896 case A_pm_tp:
12897 aci.pm_tp = value_p->pm_tp;
12898 break;
12899 case A_pm_current_task:
12900 aci.pm_current_task =
12901 value_p->pm_current_task;
12902 break;
12903 case A_pm_process_type:
12904 aci.pm_process_type =
12905 value_p->pm_process_type;
12906 break;
12907 default:
12908 err = -RSBAC_EINVALIDATTR;
12909 }
12910 if (!err) {
12911 err = rsbac_ta_list_add_ttl(ta_number,
12912 process_handles.
12913 pm, 0,
12914 &tid_p->
12915 process, &aci);
12916 }
12917 }
12918 break;
12919 #endif
12920
12921 #if defined(CONFIG_RSBAC_DAZ)
12922 case SW_DAZ:
12923 {
12924 struct rsbac_daz_process_aci_t aci =
12925 DEFAULT_DAZ_P_ACI;
12926
12927 rsbac_ta_list_get_data_ttl(ta_number,
12928 process_handles.daz,
12929 NULL,
12930 &tid_p->process, &aci);
12931 switch (attr) {
12932 case A_daz_scanner:
12933 aci.daz_scanner = value_p->daz_scanner;
12934 break;
12935 default:
12936 err = -RSBAC_EINVALIDATTR;
12937 }
12938 if (!err) {
12939 err = rsbac_ta_list_add_ttl(ta_number,
12940 process_handles.
12941 daz, 0,
12942 &tid_p->
12943 process, &aci);
12944 }
12945 }
12946 break;
12947 #endif
12948
12949 #if defined(CONFIG_RSBAC_RC)
12950 case SW_RC:
12951 {
12952 struct rsbac_rc_process_aci_t aci =
12953 DEFAULT_RC_P_ACI;
12954
12955 rsbac_ta_list_get_data_ttl(ta_number,
12956 process_handles.rc,
12957 NULL, &tid_p->process,
12958 &aci);
12959 switch (attr) {
12960 case A_rc_role:
12961 aci.rc_role = value_p->rc_role;
12962 break;
12963 case A_rc_type:
12964 aci.rc_type = value_p->rc_type;
12965 break;
12966 case A_rc_select_type:
12967 aci.rc_select_type = value_p->rc_select_type;
12968 break;
12969 case A_rc_force_role:
12970 aci.rc_force_role = value_p->rc_force_role;
12971 break;
12972 default:
12973 err = -RSBAC_EINVALIDATTR;
12974 }
12975 if (!err) {
12976 err = rsbac_ta_list_add_ttl(ta_number,
12977 process_handles.rc,
12978 0,
12979 &tid_p->
12980 process, &aci);
12981 }
12982 }
12983 break;
12984 #endif
12985
12986 #if defined(CONFIG_RSBAC_AUTH)
12987 case SW_AUTH:
12988 {
12989 struct rsbac_auth_process_aci_t aci =
12990 DEFAULT_AUTH_P_ACI;
12991
12992 rsbac_ta_list_get_data_ttl(ta_number,
12993 process_handles.auth,
12994 NULL,
12995 &tid_p->process, &aci);
12996 switch (attr) {
12997 case A_auth_may_setuid:
12998 aci.auth_may_setuid =
12999 value_p->auth_may_setuid;
13000 break;
13001 case A_auth_may_set_cap:
13002 aci.auth_may_set_cap =
13003 value_p->auth_may_set_cap;
13004 break;
13005 #if defined(CONFIG_RSBAC_AUTH_LEARN)
13006 case A_auth_program_file:
13007 aci.auth_program_file =
13008 value_p->auth_program_file;
13009 break;
13010 case A_auth_start_uid:
13011 aci.auth_start_uid =
13012 value_p->auth_start_uid;
13013 break;
13014 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
13015 case A_auth_start_euid:
13016 aci.auth_start_euid =
13017 value_p->auth_start_euid;
13018 break;
13019 #endif
13020 #ifdef CONFIG_RSBAC_AUTH_GROUP
13021 case A_auth_start_gid:
13022 aci.auth_start_gid =
13023 value_p->auth_start_gid;
13024 break;
13025 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
13026 case A_auth_start_egid:
13027 aci.auth_start_egid =
13028 value_p->auth_start_egid;
13029 break;
13030 #endif
13031 #endif
13032 case A_auth_learn:
13033 aci.auth_learn = value_p->auth_learn;
13034 break;
13035 #endif
13036 case A_auth_last_auth:
13037 aci.auth_last_auth =
13038 value_p->auth_last_auth;
13039 break;
13040 default:
13041 err = -RSBAC_EINVALIDATTR;
13042 }
13043 if (!err) {
13044 err = rsbac_ta_list_add_ttl(ta_number,
13045 process_handles.auth,
13046 0,
13047 &tid_p->process,
13048 &aci);
13049 }
13050 }
13051 break;
13052 #endif
13053
13054 #if defined(CONFIG_RSBAC_CAP)
13055 case SW_CAP:
13056 {
13057 struct rsbac_cap_process_aci_t aci =
13058 DEFAULT_CAP_P_ACI;
13059
13060 rsbac_ta_list_get_data_ttl(ta_number,
13061 process_handles.cap,
13062 NULL,
13063 &tid_p->process, &aci);
13064 switch (attr) {
13065 case A_cap_process_hiding:
13066 aci.cap_process_hiding =
13067 value_p->cap_process_hiding;
13068 break;
13069 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
13070 case A_max_caps_user:
13071 aci.max_caps_user = value_p->max_caps_user;
13072 break;
13073 case A_max_caps_program:
13074 aci.max_caps_program =
13075 value_p->max_caps_program;
13076 break;
13077 #endif
13078 case A_cap_ld_env:
13079 aci.cap_ld_env = value_p->cap_ld_env;
13080 break;
13081 default:
13082 err = -RSBAC_EINVALIDATTR;
13083 }
13084 if (!err) {
13085 err = rsbac_ta_list_add_ttl(ta_number,
13086 process_handles.
13087 cap, 0,
13088 &tid_p->
13089 process, &aci);
13090 }
13091 }
13092 break;
13093 #endif
13094
13095 #if defined(CONFIG_RSBAC_JAIL)
13096 case SW_JAIL:
13097 {
13098 struct rsbac_jail_process_aci_t aci =
13099 DEFAULT_JAIL_P_ACI;
13100
13101 rsbac_ta_list_get_data_ttl(ta_number,
13102 process_handles.jail,
13103 NULL, &tid_p->process,
13104 &aci);
13105 switch (attr) {
13106 case A_jail_id:
13107 aci.id = value_p->jail_id;
13108 break;
13109 case A_jail_parent:
13110 aci.parent = value_p->jail_parent;
13111 break;
13112 case A_jail_ip:
13113 aci.ip = value_p->jail_ip;
13114 break;
13115 case A_jail_flags:
13116 aci.flags = value_p->jail_flags;
13117 break;
13118 case A_jail_max_caps:
13119 aci.max_caps = value_p->jail_max_caps;
13120 break;
13121 case A_jail_scd_get:
13122 aci.scd_get = value_p->jail_scd_get;
13123 break;
13124 case A_jail_scd_modify:
13125 aci.scd_modify = value_p->jail_scd_modify;
13126 break;
13127 default:
13128 err = -RSBAC_EINVALIDATTR;
13129 }
13130 if (!err) {
13131 err = rsbac_ta_list_add_ttl(ta_number,
13132 process_handles.jail,
13133 0,
13134 &tid_p->
13135 process, &aci);
13136 }
13137 }
13138 break;
13139 #endif
13140
13141 default:
13142 err = -RSBAC_EINVALIDMODULE;
13143 }
13144
13145 return err;
13146 }
13147
13148 #ifdef CONFIG_RSBAC_UM
13149 static int set_attr_group(rsbac_list_ta_number_t ta_number,
13150 enum rsbac_switch_target_t module,
13151 enum rsbac_target_t target,
13152 union rsbac_target_id_t *tid_p,
13153 enum rsbac_attribute_t attr,
13154 union rsbac_attribute_value_t *value_p)
13155 {
13156 int err = 0;
13157
13158 switch (module) {
13159 #if defined(CONFIG_RSBAC_RC_UM_PROT)
13160 case SW_RC:
13161 {
13162 rsbac_rc_type_id_t type = value_p->rc_type;
13163 rsbac_gid_t group_desc;
13164
13165 group_desc = tid_p->group;
13166
13167 switch (attr) {
13168 case A_rc_type:
13169 err = rsbac_ta_list_add_ttl(ta_number,
13170 group_handles.
13171 rc, 0,
13172 &group_desc,
13173 &type);
13174 break;
13175 default:
13176 err = -RSBAC_EINVALIDATTR;
13177 }
13178 }
13179 break;
13180 #endif
13181
13182 default:
13183 err = -RSBAC_EINVALIDMODULE;
13184 }
13185
13186 return err;
13187 }
13188 #endif
13189
13190 #ifdef CONFIG_RSBAC_NET_DEV
13191 static int set_attr_netdev(rsbac_list_ta_number_t ta_number,
13192 enum rsbac_switch_target_t module,
13193 enum rsbac_target_t target,
13194 union rsbac_target_id_t *tid_p,
13195 enum rsbac_attribute_t attr,
13196 union rsbac_attribute_value_t *value_p)
13197 {
13198 int err = 0;
13199
13200 switch (module) {
13201 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
13202 case SW_GEN:
13203 {
13204 struct rsbac_gen_netdev_aci_t aci =
13205 DEFAULT_GEN_NETDEV_ACI;
13206
13207 rsbac_ta_list_get_data_ttl(ta_number,
13208 netdev_handles.gen,
13209 NULL,
13210 &tid_p->netdev, &aci);
13211 switch (attr) {
13212 case A_log_array_low:
13213 aci.log_array_low = value_p->log_array_low;
13214 break;
13215 case A_log_array_high:
13216 aci.log_array_high =
13217 value_p->log_array_high;
13218 break;
13219 default:
13220 err = -RSBAC_EINVALIDATTR;
13221 }
13222 if (!err) {
13223 err = rsbac_ta_list_add_ttl(ta_number,
13224 netdev_handles.
13225 gen, 0,
13226 &tid_p->netdev,
13227 &aci);
13228 }
13229 }
13230 break;
13231 #endif
13232 #if defined(CONFIG_RSBAC_RC)
13233 case SW_RC:
13234 {
13235 rsbac_rc_type_id_t type = value_p->rc_type;
13236
13237 switch (attr) {
13238 case A_rc_type:
13239 err = rsbac_ta_list_add_ttl(ta_number,
13240 netdev_handles.
13241 rc, 0,
13242 &tid_p->netdev,
13243 &type);
13244 break;
13245 default:
13246 err = -RSBAC_EINVALIDATTR;
13247 }
13248 }
13249 break;
13250 #endif
13251
13252 default:
13253 err = -RSBAC_EINVALIDMODULE;
13254 }
13255
13256 return err;
13257 }
13258 #endif
13259
13260 #ifdef CONFIG_RSBAC_NET_OBJ
13261 static int set_attr_nettemp(rsbac_list_ta_number_t ta_number,
13262 enum rsbac_switch_target_t module,
13263 enum rsbac_target_t target,
13264 union rsbac_target_id_t *tid_p,
13265 enum rsbac_attribute_t attr,
13266 union rsbac_attribute_value_t *value_p)
13267 {
13268 int err = 0;
13269
13270 if (!rsbac_list_exist(net_temp_handle, &tid_p->nettemp))
13271 return -RSBAC_EINVALIDTARGET;
13272 switch (module) {
13273 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
13274 case SW_GEN:
13275 {
13276 struct rsbac_gen_netobj_aci_t aci =
13277 DEFAULT_GEN_NETOBJ_ACI;
13278
13279 rsbac_ta_list_get_data_ttl(ta_number,
13280 nettemp_handles.gen,
13281 NULL,
13282 &tid_p->nettemp, &aci);
13283 switch (attr) {
13284 case A_log_array_low:
13285 aci.log_array_low = value_p->log_array_low;
13286 break;
13287 case A_log_array_high:
13288 aci.log_array_high =
13289 value_p->log_array_high;
13290 break;
13291
13292 default:
13293 err = -RSBAC_EINVALIDATTR;
13294 }
13295 if (!err) {
13296 err = rsbac_ta_list_add_ttl(ta_number,
13297 nettemp_handles.
13298 gen, 0,
13299 &tid_p->
13300 nettemp, &aci);
13301 }
13302 }
13303 break;
13304 #endif
13305 #if defined(CONFIG_RSBAC_MAC)
13306 case SW_MAC:
13307 {
13308 struct rsbac_mac_netobj_aci_t aci =
13309 DEFAULT_MAC_NETOBJ_ACI;
13310
13311 rsbac_ta_list_get_data_ttl(ta_number,
13312 nettemp_handles.mac,
13313 NULL,
13314 &tid_p->nettemp, &aci);
13315 switch (attr) {
13316 case A_security_level:
13317 aci.sec_level = value_p->security_level;
13318 break;
13319 case A_mac_categories:
13320 aci.mac_categories =
13321 value_p->mac_categories;
13322 break;
13323
13324 default:
13325 err = -RSBAC_EINVALIDATTR;
13326 }
13327 if (!err) {
13328 err = rsbac_ta_list_add_ttl(ta_number,
13329 nettemp_handles.
13330 mac, 0,
13331 &tid_p->
13332 nettemp, &aci);
13333 }
13334 }
13335 break;
13336 #endif
13337
13338 #if defined(CONFIG_RSBAC_PM)
13339 case SW_PM:
13340 {
13341 struct rsbac_pm_netobj_aci_t aci =
13342 DEFAULT_PM_NETOBJ_ACI;
13343
13344 rsbac_ta_list_get_data_ttl(ta_number,
13345 nettemp_handles.pm,
13346 NULL,
13347 &tid_p->nettemp, &aci);
13348 switch (attr) {
13349 case A_pm_object_class:
13350 aci.pm_object_class =
13351 value_p->pm_object_class;
13352 break;
13353 case A_pm_ipc_purpose:
13354 aci.pm_ipc_purpose =
13355 value_p->pm_ipc_purpose;
13356 break;
13357 case A_pm_object_type:
13358 aci.pm_object_type =
13359 value_p->pm_object_type;
13360 break;
13361 default:
13362 err = -RSBAC_EINVALIDATTR;
13363 }
13364 if (!err) {
13365 err = rsbac_ta_list_add_ttl(ta_number,
13366 nettemp_handles.
13367 pm, 0,
13368 &tid_p->
13369 nettemp, &aci);
13370 }
13371 }
13372 break;
13373 #endif
13374
13375 #if defined(CONFIG_RSBAC_RC)
13376 case SW_RC:
13377 {
13378 struct rsbac_rc_nettemp_aci_t aci =
13379 DEFAULT_RC_NETTEMP_ACI;
13380
13381 rsbac_ta_list_get_data_ttl(ta_number,
13382 nettemp_handles.rc,
13383 NULL,
13384 &tid_p->nettemp, &aci);
13385 switch (attr) {
13386 case A_rc_type:
13387 aci.netobj_type = value_p->rc_type;
13388 break;
13389 case A_rc_type_nt:
13390 aci.nettemp_type = value_p->rc_type;
13391 break;
13392
13393 default:
13394 err = -RSBAC_EINVALIDATTR;
13395 }
13396 if (!err) {
13397 err = rsbac_ta_list_add_ttl(ta_number,
13398 nettemp_handles.
13399 rc, 0,
13400 &tid_p->
13401 nettemp, &aci);
13402 }
13403 }
13404 break;
13405 #endif
13406
13407 default:
13408 err = -RSBAC_EINVALIDMODULE;
13409 }
13410
13411 return err;
13412 }
13413
13414 static int set_attr_netobj(rsbac_list_ta_number_t ta_number,
13415 enum rsbac_switch_target_t module,
13416 enum rsbac_target_t target,
13417 union rsbac_target_id_t *tid_p,
13418 enum rsbac_attribute_t attr,
13419 union rsbac_attribute_value_t *value_p)
13420 {
13421 int err = 0;
13422
13423 switch (module) {
13424 #if defined(CONFIG_RSBAC_MAC)
13425 case SW_MAC:
13426 {
13427 struct rsbac_mac_netobj_aci_t aci =
13428 DEFAULT_MAC_NETOBJ_ACI;
13429
13430 switch (attr) {
13431 case A_local_sec_level:
13432 case A_local_mac_categories:
13433 if (rsbac_ta_list_get_data_ttl(ta_number, lnetobj_handles.mac, NULL, &tid_p->netobj.sock_p, &aci)) {
13434 rsbac_net_temp_id_t temp = 0;
13435
13436 rsbac_ta_net_lookup_templates
13437 (ta_number, &tid_p->netobj,
13438 &temp, NULL);
13439 if (temp)
13440 rsbac_ta_list_get_data_ttl
13441 (ta_number,
13442 nettemp_handles.mac,
13443 NULL, &temp, &aci);
13444 }
13445 break;
13446
13447 case A_remote_sec_level:
13448 case A_remote_mac_categories:
13449 if (rsbac_ta_list_get_data_ttl(ta_number, rnetobj_handles.mac, NULL, &tid_p->netobj.sock_p, &aci)) {
13450 rsbac_net_temp_id_t temp = 0;
13451
13452 rsbac_ta_net_lookup_templates
13453 (ta_number, &tid_p->netobj,
13454 NULL, &temp);
13455 if (temp)
13456 rsbac_ta_list_get_data_ttl
13457 (ta_number,
13458 nettemp_handles.mac,
13459 NULL, &temp, &aci);
13460 }
13461 break;
13462
13463 default:
13464 err = -RSBAC_EINVALIDATTR;
13465 }
13466 if (err)
13467 break;
13468 {
13469 switch (attr) {
13470 case A_local_sec_level:
13471 aci.sec_level =
13472 value_p->security_level;
13473 err =
13474 rsbac_ta_list_add_ttl
13475 (ta_number,
13476 lnetobj_handles.mac, 0,
13477 &tid_p->netobj.sock_p, &aci);
13478 break;
13479 case A_remote_sec_level:
13480 aci.sec_level =
13481 value_p->security_level;
13482 err =
13483 rsbac_ta_list_add_ttl
13484 (ta_number,
13485 rnetobj_handles.mac, 0,
13486 &tid_p->netobj.sock_p, &aci);
13487 break;
13488 case A_local_mac_categories:
13489 aci.mac_categories =
13490 value_p->mac_categories;
13491 err =
13492 rsbac_ta_list_add_ttl
13493 (ta_number,
13494 lnetobj_handles.mac, 0,
13495 &tid_p->netobj.sock_p, &aci);
13496 break;
13497 case A_remote_mac_categories:
13498 aci.mac_categories =
13499 value_p->mac_categories;
13500 err =
13501 rsbac_ta_list_add_ttl
13502 (ta_number,
13503 rnetobj_handles.mac, 0,
13504 &tid_p->netobj.sock_p, &aci);
13505 break;
13506
13507 default:
13508 err = -RSBAC_EINVALIDATTR;
13509 }
13510 }
13511 }
13512 break;
13513 #endif
13514
13515 #if defined(CONFIG_RSBAC_PM)
13516 case SW_PM:
13517 {
13518 struct rsbac_pm_netobj_aci_t aci =
13519 DEFAULT_PM_NETOBJ_ACI;
13520
13521 switch (attr) {
13522 case A_local_pm_object_class:
13523 case A_local_pm_ipc_purpose:
13524 case A_local_pm_object_type:
13525 if (rsbac_ta_list_get_data_ttl(ta_number, lnetobj_handles.pm, NULL, &tid_p->netobj.sock_p, &aci)) {
13526 rsbac_net_temp_id_t temp = 0;
13527
13528 rsbac_ta_net_lookup_templates
13529 (ta_number, &tid_p->netobj,
13530 &temp, NULL);
13531 if (temp)
13532 rsbac_ta_list_get_data_ttl
13533 (ta_number,
13534 nettemp_handles.pm,
13535 NULL, &temp, &aci);
13536 }
13537 break;
13538
13539 case A_remote_pm_object_class:
13540 case A_remote_pm_ipc_purpose:
13541 case A_remote_pm_object_type:
13542 if (rsbac_ta_list_get_data_ttl(ta_number, rnetobj_handles.pm, NULL, &tid_p->netobj.sock_p, &aci)) {
13543 rsbac_net_temp_id_t temp = 0;
13544
13545 rsbac_ta_net_lookup_templates
13546 (ta_number, &tid_p->netobj,
13547 NULL, &temp);
13548 if (temp)
13549 rsbac_ta_list_get_data_ttl
13550 (ta_number,
13551 nettemp_handles.pm,
13552 NULL, &temp, &aci);
13553 }
13554 break;
13555
13556 default:
13557 err = -RSBAC_EINVALIDATTR;
13558 }
13559 if (err)
13560 break;
13561 {
13562 switch (attr) {
13563 case A_local_pm_object_class:
13564 aci.pm_object_class =
13565 value_p->pm_object_class;
13566 err =
13567 rsbac_ta_list_add_ttl
13568 (ta_number, lnetobj_handles.pm,
13569 0, &tid_p->netobj.sock_p,
13570 &aci);
13571 break;
13572 case A_remote_pm_object_class:
13573 aci.pm_object_class =
13574 value_p->pm_object_class;
13575 err =
13576 rsbac_ta_list_add_ttl
13577 (ta_number, rnetobj_handles.pm,
13578 0, &tid_p->netobj.sock_p,
13579 &aci);
13580 break;
13581 case A_local_pm_ipc_purpose:
13582 aci.pm_ipc_purpose =
13583 value_p->pm_ipc_purpose;
13584 err =
13585 rsbac_ta_list_add_ttl
13586 (ta_number, lnetobj_handles.pm,
13587 0, &tid_p->netobj.sock_p,
13588 &aci);
13589 break;
13590 case A_remote_pm_ipc_purpose:
13591 aci.pm_ipc_purpose =
13592 value_p->pm_ipc_purpose;
13593 err =
13594 rsbac_ta_list_add_ttl
13595 (ta_number, rnetobj_handles.pm,
13596 0, &tid_p->netobj.sock_p,
13597 &aci);
13598 break;
13599 case A_local_pm_object_type:
13600 aci.pm_object_type =
13601 value_p->pm_object_type;
13602 err =
13603 rsbac_ta_list_add_ttl
13604 (ta_number, lnetobj_handles.pm,
13605 0, &tid_p->netobj.sock_p,
13606 &aci);
13607 break;
13608 case A_remote_pm_object_type:
13609 aci.pm_object_type =
13610 value_p->pm_object_type;
13611 err =
13612 rsbac_ta_list_add_ttl
13613 (ta_number, rnetobj_handles.pm,
13614 0, &tid_p->netobj.sock_p,
13615 &aci);
13616 break;
13617
13618 default:
13619 err = -RSBAC_EINVALIDATTR;
13620 }
13621 }
13622 }
13623 break;
13624 #endif
13625
13626 #if defined(CONFIG_RSBAC_RC)
13627 case SW_RC:
13628 {
13629 rsbac_rc_type_id_t type = value_p->rc_type;
13630
13631 switch (attr) {
13632 case A_local_rc_type:
13633 err = rsbac_ta_list_add_ttl(ta_number,
13634 lnetobj_handles.
13635 rc, 0,
13636 &tid_p->netobj.
13637 sock_p, &type);
13638 break;
13639
13640 case A_remote_rc_type:
13641 err = rsbac_ta_list_add_ttl(ta_number,
13642 rnetobj_handles.
13643 rc, 0,
13644 &tid_p->netobj.
13645 sock_p, &type);
13646 break;
13647
13648 default:
13649 err = -RSBAC_EINVALIDATTR;
13650 }
13651 }
13652 break;
13653 #endif
13654
13655 default:
13656 err = -RSBAC_EINVALIDMODULE;
13657 }
13658
13659 return err;
13660 }
13661 #endif
13662
13663
13664 int rsbac_ta_set_attr(rsbac_list_ta_number_t ta_number,
13665 enum rsbac_switch_target_t module,
13666 enum rsbac_target_t target,
13667 union rsbac_target_id_t tid,
13668 enum rsbac_attribute_t attr,
13669 union rsbac_attribute_value_t value)
13670 {
13671 int err = 0;
13672
13673
13674
13675
13676
13677 if (!rsbac_initialized) {
13678 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
13679 return (-RSBAC_ENOTINITIALIZED);
13680 }
13681 if (in_interrupt()) {
13682 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n");
13683 }
13684 switch (target) {
13685 case T_FILE:
13686 case T_DIR:
13687 case T_FIFO:
13688 case T_SYMLINK:
13689 case T_UNIXSOCK:
13690 err = set_attr_fd(ta_number, module, target, &tid, attr, &value);
13691 break;
13692
13693 case T_DEV:
13694 err =
13695 set_attr_dev(ta_number, module, target, tid.dev, attr,
13696 &value);
13697 break;
13698
13699 case T_IPC:
13700 err =
13701 set_attr_ipc(ta_number, module, target, &tid, attr,
13702 &value);
13703 break;
13704
13705 case T_USER:
13706 err =
13707 set_attr_user(ta_number, module, target, &tid, attr,
13708 &value);
13709 break;
13710
13711 case T_PROCESS:
13712 err =
13713 set_attr_process(ta_number, module, target, &tid, attr,
13714 &value);
13715 break;
13716
13717 #ifdef CONFIG_RSBAC_UM
13718 case T_GROUP:
13719 err =
13720 set_attr_group(ta_number, module, target, &tid, attr,
13721 &value);
13722 break;
13723 #endif
13724
13725 #ifdef CONFIG_RSBAC_NET_DEV
13726 case T_NETDEV:
13727 err =
13728 set_attr_netdev(ta_number, module, target, &tid, attr,
13729 &value);
13730 break;
13731 #endif
13732
13733 #ifdef CONFIG_RSBAC_NET_OBJ
13734 case T_NETTEMP:
13735 err =
13736 set_attr_nettemp(ta_number, module, target, &tid, attr,
13737 &value);
13738 break;
13739
13740 case T_NETOBJ:
13741 err =
13742 set_attr_netobj(ta_number, module, target, &tid, attr,
13743 &value);
13744 break;
13745 #endif
13746
13747
13748 default:
13749 return (-RSBAC_EINVALIDTARGET);
13750 }
13751 #ifdef CONFIG_RSBAC_XSTATS
13752 if (!err)
13753 set_attr_count[target]++;
13754 #endif
13755 return (err);
13756 }
13757
13758
13759
13760 int rsbac_ta_remove_target(rsbac_list_ta_number_t ta_number,
13761 enum rsbac_target_t target,
13762 union rsbac_target_id_t tid)
13763 {
13764 int error = 0;
13765 struct rsbac_device_list_item_t *device_p;
13766 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
13767 u_long dflags;
13768 #endif
13769 u_int hash;
13770
13771 if (!rsbac_initialized) {
13772 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
13773 return (-RSBAC_ENOTINITIALIZED);
13774 }
13775 if (in_interrupt()) {
13776 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n");
13777 }
13778 switch (target) {
13779 case T_FILE:
13780 case T_DIR:
13781 case T_FIFO:
13782 case T_SYMLINK:
13783 case T_UNIXSOCK:
13784
13785 #if defined(CONFIG_RSBAC_MAC)
13786
13787 if ((target == T_FILE)
13788 || (target == T_DIR)
13789 )
13790 error = rsbac_mac_remove_f_trusets(tid.file);
13791 #endif
13792 #if defined(CONFIG_RSBAC_AUTH)
13793
13794 if ((target == T_FILE)
13795 || (target == T_DIR)
13796 )
13797 error = rsbac_auth_remove_f_capsets(tid.file);
13798 #endif
13799 #if defined(CONFIG_RSBAC_ACL)
13800
13801 error = rsbac_acl_remove_acl(ta_number, target, tid);
13802 #endif
13803 hash = device_hash(tid.file.device);
13804
13805 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13806 rcu_read_lock();
13807 #else
13808 rsbac_read_lock(&device_list_locks[hash], &dflags);
13809 #endif
13810
13811
13812 device_p = lookup_device(tid.file.device, hash);
13813 if (!device_p) {
13814 struct super_block *sb_p;
13815
13816 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13817 rcu_read_unlock();
13818 #else
13819 rsbac_read_unlock(&device_list_locks[hash], &dflags);
13820 #endif
13821 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13822 sb_p = user_get_super(tid.file.device);
13823 #else
13824 sb_p = get_super(tid.file.device);
13825 #endif
13826 if (sb_p) {
13827 if(RSBAC_MAJOR(tid.file.device) <= 1) {
13828 rsbac_printk(KERN_INFO "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
13829 RSBAC_MAJOR(tid.file.device),
13830 RSBAC_MINOR(tid.file.device));
13831 rsbac_mount(sb_p, NULL);
13832 }
13833
13834 drop_super(sb_p);
13835 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13836 rcu_read_lock();
13837 #else
13838 rsbac_read_lock(&device_list_locks[hash],
13839 &dflags);
13840 #endif
13841 device_p = lookup_device(tid.file.device, hash);
13842 if (!device_p) {
13843 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13844 rcu_read_unlock();
13845 #else
13846 rsbac_read_unlock
13847 (&device_list_locks[hash],
13848 &dflags);
13849 #endif
13850 rsbac_printk(KERN_WARNING "rsbac_remove_target(): unknown device %02u:%02u\n",
13851 RSBAC_MAJOR(tid.file.
13852 device),
13853 RSBAC_MINOR(tid.file.
13854 device));
13855 return -RSBAC_EINVALIDDEV;
13856 }
13857 } else
13858 return -RSBAC_EINVALIDDEV;
13859 }
13860 rsbac_ta_list_remove(ta_number,
13861 device_p->handles.gen,
13862 &tid.file.inode);
13863 #if defined(CONFIG_RSBAC_MAC)
13864 rsbac_ta_list_remove(ta_number,
13865 device_p->handles.mac,
13866 &tid.file.inode);
13867 #endif
13868 #if defined(CONFIG_RSBAC_PM)
13869 rsbac_ta_list_remove(ta_number,
13870 device_p->handles.pm,
13871 &tid.file.inode);
13872 #endif
13873 #if defined(CONFIG_RSBAC_DAZ)
13874 rsbac_ta_list_remove(ta_number,
13875 device_p->handles.daz,
13876 &tid.file.inode);
13877 #if defined(CONFIG_RSBAC_DAZ_CACHE)
13878 rsbac_ta_list_remove(ta_number,
13879 device_p->handles.dazs,
13880 &tid.file.inode);
13881 #endif
13882 #endif
13883 #if defined(CONFIG_RSBAC_FF)
13884 rsbac_ta_list_remove(ta_number,
13885 device_p->handles.ff,
13886 &tid.file.inode);
13887 #endif
13888 #if defined(CONFIG_RSBAC_RC)
13889 rsbac_ta_list_remove(ta_number,
13890 device_p->handles.rc,
13891 &tid.file.inode);
13892 #endif
13893 #if defined(CONFIG_RSBAC_AUTH)
13894 rsbac_ta_list_remove(ta_number,
13895 device_p->handles.auth,
13896 &tid.file.inode);
13897 #endif
13898 #if defined(CONFIG_RSBAC_CAP)
13899 rsbac_ta_list_remove(ta_number,
13900 device_p->handles.cap,
13901 &tid.file.inode);
13902 #endif
13903 #if defined(CONFIG_RSBAC_PAX)
13904 rsbac_ta_list_remove(ta_number,
13905 device_p->handles.pax,
13906 &tid.file.inode);
13907 #endif
13908 #if defined(CONFIG_RSBAC_RES)
13909 rsbac_ta_list_remove(ta_number,
13910 device_p->handles.res,
13911 &tid.file.inode);
13912 #endif
13913
13914
13915 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13916 rcu_read_unlock();
13917 #else
13918 rsbac_read_unlock(&device_list_locks[hash], &dflags);
13919 #endif
13920 #ifdef CONFIG_RSBAC_FD_CACHE
13921 rsbac_fd_cache_invalidate(&tid.file);
13922 #endif
13923 break;
13924
13925 case T_DEV:
13926 {
13927 switch (tid.dev.type)
13928 {
13929 case D_block:
13930 case D_char:
13931 rsbac_ta_list_remove(ta_number,
13932 dev_handles.gen,
13933 &tid.dev);
13934 #if defined(CONFIG_RSBAC_MAC)
13935 rsbac_ta_list_remove(ta_number,
13936 dev_handles.mac,
13937 &tid.dev);
13938 #endif
13939 #if defined(CONFIG_RSBAC_PM)
13940 rsbac_ta_list_remove(ta_number,
13941 dev_handles.pm,
13942 &tid.dev);
13943 #endif
13944 #if defined(CONFIG_RSBAC_RC)
13945 rsbac_ta_list_remove(ta_number,
13946 dev_handles.rc,
13947 &tid.dev);
13948 #endif
13949 break;
13950 case D_block_major:
13951 case D_char_major:
13952 {
13953 enum rsbac_dev_type_t orig_devtype=tid.dev.type;
13954
13955 if (tid.dev.type==D_block_major)
13956 tid.dev.type=D_block;
13957 else
13958 tid.dev.type=D_char;
13959 rsbac_ta_list_remove(ta_number,
13960 dev_major_handles.gen,
13961 &tid.dev);
13962 #if defined(CONFIG_RSBAC_MAC)
13963 rsbac_ta_list_remove(ta_number,
13964 dev_major_handles.mac,
13965 &tid.dev);
13966 #endif
13967 #if defined(CONFIG_RSBAC_PM)
13968 rsbac_ta_list_remove(ta_number,
13969 dev_major_handles.pm,
13970 &tid.dev);
13971 #endif
13972 #if defined(CONFIG_RSBAC_RC)
13973 rsbac_ta_list_remove(ta_number,
13974 dev_major_handles.rc,
13975 &tid.dev);
13976 #endif
13977 tid.dev.type=orig_devtype;
13978 break;
13979 }
13980 default:
13981 return -RSBAC_EINVALIDTARGET;
13982 }
13983 }
13984 break;
13985
13986 case T_IPC:
13987
13988 #if defined(CONFIG_RSBAC_MAC)
13989 rsbac_ta_list_remove(ta_number, ipc_handles.mac, &tid.ipc);
13990 #endif
13991 #if defined(CONFIG_RSBAC_PM)
13992 rsbac_ta_list_remove(ta_number, ipc_handles.pm, &tid.ipc);
13993 #endif
13994 #if defined(CONFIG_RSBAC_RC)
13995 rsbac_ta_list_remove(ta_number, ipc_handles.rc, &tid.ipc);
13996 #endif
13997 #if defined(CONFIG_RSBAC_JAIL)
13998 rsbac_ta_list_remove(ta_number,
13999 ipc_handles.jail, &tid.ipc);
14000 #endif
14001 break;
14002
14003 case T_USER:
14004
14005 rsbac_ta_list_remove(ta_number,
14006 user_handles.gen, &tid.user);
14007 #if defined(CONFIG_RSBAC_MAC)
14008 rsbac_ta_list_remove(ta_number,
14009 user_handles.mac, &tid.user);
14010 #endif
14011 #if defined(CONFIG_RSBAC_PM)
14012 rsbac_ta_list_remove(ta_number,
14013 user_handles.pm, &tid.user);
14014 #endif
14015 #if defined(CONFIG_RSBAC_DAZ)
14016 rsbac_ta_list_remove(ta_number,
14017 user_handles.daz, &tid.user);
14018 #endif
14019 #if defined(CONFIG_RSBAC_FF)
14020 rsbac_ta_list_remove(ta_number,
14021 user_handles.ff, &tid.user);
14022 #endif
14023 #if defined(CONFIG_RSBAC_RC)
14024 rsbac_ta_list_remove(ta_number,
14025 user_handles.rc, &tid.user);
14026 #endif
14027 #if defined(CONFIG_RSBAC_AUTH)
14028 rsbac_ta_list_remove(ta_number,
14029 user_handles.auth, &tid.user);
14030 #endif
14031 #if defined(CONFIG_RSBAC_CAP)
14032 rsbac_ta_list_remove(ta_number,
14033 user_handles.cap, &tid.user);
14034 #endif
14035 #if defined(CONFIG_RSBAC_JAIL)
14036 rsbac_ta_list_remove(ta_number,
14037 user_handles.jail, &tid.user);
14038 #endif
14039 #if defined(CONFIG_RSBAC_PAX)
14040 rsbac_ta_list_remove(ta_number,
14041 user_handles.pax, &tid.user);
14042 #endif
14043 #if defined(CONFIG_RSBAC_RES)
14044 rsbac_ta_list_remove(ta_number,
14045 user_handles.res, &tid.user);
14046 #endif
14047 break;
14048
14049 case T_PROCESS:
14050
14051
14052
14053 #if defined(CONFIG_RSBAC_ACL)
14054
14055 error = rsbac_acl_remove_acl(ta_number, target, tid);
14056 #endif
14057 rsbac_ta_list_remove(ta_number,
14058 process_handles.gen,
14059 &tid.process);
14060 #if defined(CONFIG_RSBAC_MAC)
14061
14062 error = rsbac_mac_remove_p_trusets(tid.process);
14063 rsbac_ta_list_remove(ta_number,
14064 process_handles.mac,
14065 &tid.process);
14066 #endif
14067 #if defined(CONFIG_RSBAC_PM)
14068 rsbac_ta_list_remove(ta_number,
14069 process_handles.pm, &tid.process);
14070 #endif
14071 #if defined(CONFIG_RSBAC_DAZ)
14072 rsbac_ta_list_remove(ta_number,
14073 process_handles.daz, &tid.process);
14074 #endif
14075 #if defined(CONFIG_RSBAC_RC)
14076 rsbac_ta_list_remove(ta_number,
14077 process_handles.rc,
14078 &tid.process);
14079 #endif
14080 #if defined(CONFIG_RSBAC_AUTH)
14081
14082 error = rsbac_auth_remove_p_capsets(tid.process);
14083 rsbac_ta_list_remove(ta_number,
14084 process_handles.auth, &tid.process);
14085 #endif
14086 #if defined(CONFIG_RSBAC_CAP)
14087 rsbac_ta_list_remove(ta_number,
14088 process_handles.cap, &tid.process);
14089 #endif
14090 #if defined(CONFIG_RSBAC_JAIL)
14091 rsbac_ta_list_remove(ta_number,
14092 process_handles.jail,
14093 &tid.process);
14094 #endif
14095 break;
14096
14097 #ifdef CONFIG_RSBAC_UM
14098 case T_GROUP:
14099
14100 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14101 rsbac_ta_list_remove(ta_number,
14102 group_handles.rc, &tid.group);
14103 #endif
14104 break;
14105 #endif
14106
14107 #ifdef CONFIG_RSBAC_NET_DEV
14108 case T_NETDEV:
14109 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14110 rsbac_ta_list_remove(ta_number,
14111 netdev_handles.gen, &tid.netdev);
14112 #endif
14113 #if defined(CONFIG_RSBAC_RC)
14114 rsbac_ta_list_remove(ta_number,
14115 netdev_handles.rc, &tid.netdev);
14116 #endif
14117 break;
14118 #endif
14119
14120 #ifdef CONFIG_RSBAC_NET_OBJ
14121 case T_NETTEMP:
14122
14123
14124
14125 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14126 rsbac_ta_list_remove(ta_number,
14127 nettemp_handles.gen, &tid.nettemp);
14128 #endif
14129 #if defined(CONFIG_RSBAC_MAC)
14130 rsbac_ta_list_remove(ta_number,
14131 nettemp_handles.mac, &tid.nettemp);
14132 #endif
14133 #if defined(CONFIG_RSBAC_PM)
14134 rsbac_ta_list_remove(ta_number,
14135 nettemp_handles.pm, &tid.nettemp);
14136 #endif
14137 #if defined(CONFIG_RSBAC_RC)
14138 rsbac_ta_list_remove(ta_number,
14139 nettemp_handles.rc, &tid.nettemp);
14140 #endif
14141 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
14142 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid);
14143 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid);
14144 #endif
14145 break;
14146
14147 case T_NETOBJ:
14148
14149
14150
14151 #if defined(CONFIG_RSBAC_MAC)
14152 rsbac_ta_list_remove(ta_number,
14153 lnetobj_handles.mac,
14154 &tid.netobj.sock_p);
14155 rsbac_ta_list_remove(ta_number,
14156 rnetobj_handles.mac,
14157 &tid.netobj.sock_p);
14158 #endif
14159 #if defined(CONFIG_RSBAC_PM)
14160 rsbac_ta_list_remove(ta_number,
14161 lnetobj_handles.pm,
14162 &tid.netobj.sock_p);
14163 rsbac_ta_list_remove(ta_number,
14164 rnetobj_handles.pm,
14165 &tid.netobj.sock_p);
14166 #endif
14167 #if defined(CONFIG_RSBAC_RC)
14168 rsbac_ta_list_remove(ta_number,
14169 lnetobj_handles.rc,
14170 &tid.netobj.sock_p);
14171 rsbac_ta_list_remove(ta_number,
14172 rnetobj_handles.rc,
14173 &tid.netobj.sock_p);
14174 #endif
14175 break;
14176
14177 #endif
14178
14179 default:
14180 return (-RSBAC_EINVALIDTARGET);
14181 }
14182 #ifdef CONFIG_RSBAC_XSTATS
14183 remove_count[target]++;
14184 #endif
14185 return (error);
14186 }
14187
14188 int rsbac_ta_list_all_dev(rsbac_list_ta_number_t ta_number,
14189 struct rsbac_dev_desc_t **id_pp)
14190 {
14191 int count = 0;
14192 int tmp_count;
14193
14194 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen);
14195 if (tmp_count > 0)
14196 count += tmp_count;
14197 #if defined(CONFIG_RSBAC_MAC)
14198 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac);
14199 if (tmp_count > 0)
14200 count += tmp_count;
14201 #endif
14202 #if defined(CONFIG_RSBAC_PM)
14203 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm);
14204 if (tmp_count > 0)
14205 count += tmp_count;
14206 #endif
14207 #if defined(CONFIG_RSBAC_RC)
14208 tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc);
14209 if (tmp_count > 0)
14210 count += tmp_count;
14211 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc);
14212 if (tmp_count > 0)
14213 count += tmp_count;
14214 #endif
14215 if (id_pp) {
14216 struct rsbac_dev_desc_t *i_id_p = NULL;
14217 char *pos = NULL;
14218 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC)
14219 u_int i;
14220 #endif
14221
14222 if (count > 0) {
14223 int i_count = 0;
14224
14225 i_count = count + 20;
14226 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14227 if (!*id_pp)
14228 return -RSBAC_ENOMEM;
14229 pos = (char *) *id_pp;
14230 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14231 dev_handles.
14232 gen,
14233 (void **)
14234 &i_id_p);
14235 if (tmp_count > 0) {
14236 if (tmp_count > i_count)
14237 tmp_count = i_count;
14238 memcpy(pos, i_id_p,
14239 tmp_count * sizeof(*i_id_p));
14240 rsbac_vfree(i_id_p);
14241 count = tmp_count;
14242 i_count -= tmp_count;
14243 pos += tmp_count * sizeof(*i_id_p);
14244 } else
14245 count = 0;
14246 #if defined(CONFIG_RSBAC_MAC)
14247 if (i_count) {
14248 tmp_count =
14249 rsbac_ta_list_get_all_desc(ta_number,
14250 dev_handles.
14251 mac,
14252 (void **)
14253 &i_id_p);
14254 if (tmp_count > 0) {
14255 if (tmp_count > i_count)
14256 tmp_count = i_count;
14257 for (i = 0; i < tmp_count; i++) {
14258 if (!rsbac_ta_list_exist
14259 (ta_number,
14260 dev_handles.gen,
14261 &i_id_p[i])) {
14262 memcpy(pos,
14263 &i_id_p[i],
14264 sizeof
14265 (*i_id_p));
14266 pos +=
14267 sizeof
14268 (*i_id_p);
14269 count++;
14270 i_count--;
14271 }
14272 }
14273 rsbac_vfree(i_id_p);
14274 }
14275 }
14276 #endif
14277 #if defined(CONFIG_RSBAC_PM)
14278 if (i_count) {
14279 tmp_count =
14280 rsbac_ta_list_get_all_desc(ta_number,
14281 dev_handles.
14282 pm,
14283 (void **)
14284 &i_id_p);
14285 if (tmp_count > 0) {
14286 if (tmp_count > i_count)
14287 tmp_count = i_count;
14288 for (i = 0; i < tmp_count; i++) {
14289 if (!rsbac_ta_list_exist
14290 (ta_number,
14291 dev_handles.gen,
14292 &i_id_p[i]))
14293 #if defined(CONFIG_RSBAC_MAC)
14294 if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14295 #endif
14296 {
14297 memcpy(pos,
14298 &i_id_p
14299 [i],
14300 sizeof
14301 (*i_id_p));
14302 pos +=
14303 sizeof
14304 (*i_id_p);
14305 count++;
14306 i_count--;
14307 }
14308 }
14309 rsbac_vfree(i_id_p);
14310 }
14311 }
14312 #endif
14313 #if defined(CONFIG_RSBAC_RC)
14314 if (i_count) {
14315 tmp_count =
14316 rsbac_ta_list_get_all_desc(ta_number,
14317 dev_major_handles.
14318 rc,
14319 (void **)
14320 &i_id_p);
14321 if (tmp_count > 0) {
14322 if (tmp_count > i_count)
14323 tmp_count = i_count;
14324 for (i = 0; i < tmp_count; i++) {
14325 i_id_p[i].type +=
14326 (D_block_major -
14327 D_block);
14328 memcpy(pos, &i_id_p[i],
14329 sizeof(*i_id_p));
14330 pos += sizeof(*i_id_p);
14331 count++;
14332 i_count--;
14333 }
14334 rsbac_vfree(i_id_p);
14335 }
14336 }
14337 if (i_count) {
14338 tmp_count =
14339 rsbac_ta_list_get_all_desc(ta_number,
14340 dev_handles.
14341 rc,
14342 (void **)
14343 &i_id_p);
14344 if (tmp_count > 0) {
14345 if (tmp_count > i_count)
14346 tmp_count = i_count;
14347 for (i = 0; i < tmp_count; i++) {
14348 if (!rsbac_ta_list_exist
14349 (ta_number,
14350 dev_handles.gen,
14351 &i_id_p[i]))
14352 #if defined(CONFIG_RSBAC_MAC)
14353 if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14354 #endif
14355 #if defined(CONFIG_RSBAC_PM)
14356 if (!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i]))
14357 #endif
14358 {
14359 memcpy
14360 (pos,
14361 &i_id_p
14362 [i],
14363 sizeof
14364 (*i_id_p));
14365 pos += sizeof(*i_id_p);
14366 count++;
14367 i_count--;
14368 }
14369 }
14370 rsbac_vfree(i_id_p);
14371 }
14372 }
14373 #endif
14374 if (!count)
14375 rsbac_vfree(*id_pp);
14376 }
14377 }
14378 return count;
14379 }
14380
14381
14382 static int copy_new_uids(rsbac_list_handle_t list,
14383 rsbac_list_ta_number_t ta_number,
14384 int *count_p,
14385 int *i_count_p, rsbac_uid_t * res_id_p)
14386 {
14387 rsbac_uid_t *i_id_p = NULL;
14388 rsbac_boolean_t found;
14389 int tmp_count;
14390 int i;
14391 int j;
14392
14393 if (!list || !count_p || !i_count_p || !res_id_p)
14394 return -RSBAC_EINVALIDPOINTER;
14395 if (!*i_count_p)
14396 return 0;
14397
14398
14399
14400
14401 tmp_count =
14402 rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p);
14403 if (tmp_count > 0) {
14404 if (tmp_count > *i_count_p)
14405 tmp_count = *i_count_p;
14406 for (i = 0; i < tmp_count; i++) {
14407 found = FALSE;
14408 for (j = 0; j < *count_p; j++) {
14409 if (res_id_p[j] == i_id_p[i]) {
14410 found = TRUE;
14411 break;
14412 }
14413 }
14414 if (found == FALSE) {
14415 res_id_p[*count_p] = i_id_p[i];
14416 (*count_p)++;
14417 (*i_count_p)--;
14418 }
14419 }
14420 rsbac_vfree(i_id_p);
14421 }
14422 return 0;
14423 }
14424
14425 int rsbac_ta_list_all_user(rsbac_list_ta_number_t ta_number,
14426 rsbac_uid_t ** id_pp)
14427 {
14428 int count = 0;
14429 int tmp_count;
14430
14431 tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen);
14432 if (tmp_count > 0)
14433 count += tmp_count;
14434 #if defined(CONFIG_RSBAC_MAC)
14435 tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac);
14436 if (tmp_count > 0)
14437 count += tmp_count;
14438 #endif
14439 #if defined(CONFIG_RSBAC_PM)
14440 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm);
14441 if (tmp_count > 0)
14442 count += tmp_count;
14443 #endif
14444 #if defined(CONFIG_RSBAC_DAZ)
14445 tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz);
14446 if (tmp_count > 0)
14447 count += tmp_count;
14448 #endif
14449 #if defined(CONFIG_RSBAC_FF)
14450 tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff);
14451 if (tmp_count > 0)
14452 count += tmp_count;
14453 #endif
14454 #if defined(CONFIG_RSBAC_RC)
14455 tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc);
14456 if (tmp_count > 0)
14457 count += tmp_count;
14458 #endif
14459 #if defined(CONFIG_RSBAC_AUTH)
14460 tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth);
14461 if (tmp_count > 0)
14462 count += tmp_count;
14463 #endif
14464 #if defined(CONFIG_RSBAC_CAP)
14465 tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap);
14466 if (tmp_count > 0)
14467 count += tmp_count;
14468 #endif
14469 #if defined(CONFIG_RSBAC_JAIL)
14470 tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail);
14471 if (tmp_count > 0)
14472 count += tmp_count;
14473 #endif
14474 #if defined(CONFIG_RSBAC_PAX)
14475 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax);
14476 if (tmp_count > 0)
14477 count += tmp_count;
14478 #endif
14479 #if defined(CONFIG_RSBAC_RES)
14480 tmp_count = rsbac_ta_list_count(ta_number, user_handles.res);
14481 if (tmp_count > 0)
14482 count += tmp_count;
14483 #endif
14484 if (id_pp) {
14485 if (count > 0) {
14486 int i_count;
14487 rsbac_uid_t *i_id_p = NULL;
14488
14489 i_count = count + 20;
14490 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14491 if (!*id_pp)
14492 return -RSBAC_ENOMEM;
14493 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14494 user_handles.
14495 gen,
14496 (void **)
14497 &i_id_p);
14498 if (tmp_count > 0) {
14499 if (tmp_count > i_count)
14500 tmp_count = i_count;
14501 memcpy(*id_pp, i_id_p,
14502 tmp_count * sizeof(*i_id_p));
14503 rsbac_vfree(i_id_p);
14504 count = tmp_count;
14505 i_count -= tmp_count;
14506 } else
14507 count = 0;
14508 #if defined(CONFIG_RSBAC_MAC)
14509 copy_new_uids(user_handles.mac, ta_number, &count,
14510 &i_count, *id_pp);
14511 #endif
14512 #if defined(CONFIG_RSBAC_PM)
14513 copy_new_uids(user_handles.pm, ta_number, &count,
14514 &i_count, *id_pp);
14515 #endif
14516 #if defined(CONFIG_RSBAC_DAZ)
14517 copy_new_uids(user_handles.daz, ta_number, &count,
14518 &i_count, *id_pp);
14519 #endif
14520 #if defined(CONFIG_RSBAC_FF)
14521 copy_new_uids(user_handles.ff, ta_number, &count,
14522 &i_count, *id_pp);
14523 #endif
14524 #if defined(CONFIG_RSBAC_RC)
14525 copy_new_uids(user_handles.rc, ta_number, &count,
14526 &i_count, *id_pp);
14527 #endif
14528 #if defined(CONFIG_RSBAC_AUTH)
14529 copy_new_uids(user_handles.auth, ta_number, &count,
14530 &i_count, *id_pp);
14531 #endif
14532 #if defined(CONFIG_RSBAC_CAP)
14533 copy_new_uids(user_handles.cap, ta_number, &count,
14534 &i_count, *id_pp);
14535 #endif
14536 #if defined(CONFIG_RSBAC_JAIL)
14537 copy_new_uids(user_handles.jail, ta_number, &count,
14538 &i_count, *id_pp);
14539 #endif
14540 #if defined(CONFIG_RSBAC_PAX)
14541 copy_new_uids(user_handles.pax, ta_number, &count,
14542 &i_count, *id_pp);
14543 #endif
14544 #if defined(CONFIG_RSBAC_RES)
14545 copy_new_uids(user_handles.res, ta_number, &count,
14546 &i_count, *id_pp);
14547 #endif
14548 if (!count)
14549 rsbac_vfree(*id_pp);
14550 }
14551 }
14552 return count;
14553 }
14554
14555
14556 static int copy_new_ipcs(rsbac_list_handle_t list,
14557 rsbac_list_ta_number_t ta_number,
14558 int *count_p,
14559 int *i_count_p, struct rsbac_ipc_t * res_id_p)
14560 {
14561 struct rsbac_ipc_t *i_id_p = NULL;
14562 rsbac_boolean_t found;
14563 int tmp_count;
14564 int i;
14565 int j;
14566
14567 if (!list || !count_p || !i_count_p || !res_id_p)
14568 return -RSBAC_EINVALIDPOINTER;
14569 if (!*i_count_p)
14570 return 0;
14571
14572
14573
14574
14575 tmp_count =
14576 rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p);
14577 if (tmp_count > 0) {
14578 if (tmp_count > *i_count_p)
14579 tmp_count = *i_count_p;
14580 for (i = 0; i < tmp_count; i++) {
14581 found = FALSE;
14582 for (j = 0; j < *count_p; j++) {
14583 if (!ipc_compare(&res_id_p[j], &i_id_p[i])) {
14584 found = TRUE;
14585 break;
14586 }
14587 }
14588 if (found == FALSE) {
14589 res_id_p[*count_p] = i_id_p[i];
14590 (*count_p)++;
14591 (*i_count_p)--;
14592 }
14593 }
14594 rsbac_vfree(i_id_p);
14595 }
14596 return 0;
14597 }
14598
14599 int rsbac_ta_list_all_ipc(rsbac_list_ta_number_t ta_number,
14600 struct rsbac_ipc_t ** id_pp)
14601 {
14602 int count = 0;
14603 int tmp_count;
14604
14605 #if defined(CONFIG_RSBAC_MAC)
14606 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.mac);
14607 if (tmp_count > 0)
14608 count += tmp_count;
14609 #endif
14610 #if defined(CONFIG_RSBAC_PM)
14611 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.pm);
14612 if (tmp_count > 0)
14613 count += tmp_count;
14614 #endif
14615 #if defined(CONFIG_RSBAC_RC)
14616 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.rc);
14617 if (tmp_count > 0)
14618 count += tmp_count;
14619 #endif
14620 #if defined(CONFIG_RSBAC_JAIL)
14621 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.jail);
14622 if (tmp_count > 0)
14623 count += tmp_count;
14624 #endif
14625 if (id_pp) {
14626 if (count > 0) {
14627 int i_count;
14628
14629 i_count = count + 20;
14630 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14631 if (!*id_pp)
14632 return -RSBAC_ENOMEM;
14633 count = 0;
14634 #if defined(CONFIG_RSBAC_MAC)
14635 copy_new_ipcs(ipc_handles.mac, ta_number, &count,
14636 &i_count, *id_pp);
14637 #endif
14638 #if defined(CONFIG_RSBAC_PM)
14639 copy_new_ipcs(ipc_handles.pm, ta_number, &count,
14640 &i_count, *id_pp);
14641 #endif
14642 #if defined(CONFIG_RSBAC_RC)
14643 copy_new_ipcs(ipc_handles.rc, ta_number, &count,
14644 &i_count, *id_pp);
14645 #endif
14646 #if defined(CONFIG_RSBAC_JAIL)
14647 copy_new_ipcs(ipc_handles.jail, ta_number, &count,
14648 &i_count, *id_pp);
14649 #endif
14650 if (!count)
14651 rsbac_vfree(*id_pp);
14652 }
14653 }
14654 return count;
14655 }
14656
14657 int rsbac_ta_list_all_group(rsbac_list_ta_number_t ta_number,
14658 rsbac_gid_t ** id_pp)
14659 {
14660 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14661 int count = 0;
14662 int tmp_count;
14663
14664 tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc);
14665 if (tmp_count > 0)
14666 count += tmp_count;
14667 if (id_pp) {
14668 if (count > 0) {
14669 int i_count;
14670 rsbac_gid_t *i_id_p = NULL;
14671
14672 i_count = count + 20;
14673 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14674 if (!*id_pp)
14675 return -RSBAC_ENOMEM;
14676 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14677 group_handles.
14678 rc,
14679 (void **)
14680 &i_id_p);
14681 if (tmp_count > 0) {
14682 if (tmp_count > i_count)
14683 tmp_count = i_count;
14684 memcpy(*id_pp, i_id_p,
14685 tmp_count * sizeof(*i_id_p));
14686 rsbac_vfree(i_id_p);
14687 count = tmp_count;
14688 i_count -= tmp_count;
14689 } else
14690 count = 0;
14691 if (!count)
14692 rsbac_vfree(*id_pp);
14693 }
14694 }
14695 return count;
14696 #else
14697 return 0;
14698 #endif
14699 }
14700
14701
14702 #ifdef CONFIG_RSBAC_NET_DEV
14703 int rsbac_ta_net_list_all_netdev(rsbac_list_ta_number_t ta_number,
14704 rsbac_netdev_id_t ** id_pp)
14705 {
14706 int count = 0;
14707 int tmp_count;
14708
14709 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14710 tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.gen);
14711 if (tmp_count > 0)
14712 count += tmp_count;
14713 #endif
14714 #if defined(CONFIG_RSBAC_RC)
14715 tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.rc);
14716 if (tmp_count > 0)
14717 count += tmp_count;
14718 #endif
14719 if (id_pp) {
14720 rsbac_netdev_id_t *i_id_p = NULL;
14721 char *pos = NULL;
14722 #if defined(CONFIG_RSBAC_RC)
14723 u_int i;
14724 #endif
14725
14726 if (count > 0) {
14727 int i_count = 0;
14728
14729 i_count = count + 20;
14730 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14731 if (!*id_pp)
14732 return -RSBAC_ENOMEM;
14733 pos = (char *) *id_pp;
14734 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14735 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14736 netdev_handles.
14737 gen,
14738 (void **)
14739 &i_id_p);
14740 if (tmp_count > 0) {
14741 if (tmp_count > i_count)
14742 tmp_count = i_count;
14743 memcpy(pos, i_id_p,
14744 tmp_count * sizeof(*i_id_p));
14745 rsbac_vfree(i_id_p);
14746 count = tmp_count;
14747 i_count -= tmp_count;
14748 pos += tmp_count * sizeof(*i_id_p);
14749 } else
14750 count = 0;
14751 #endif
14752 #if defined(CONFIG_RSBAC_RC)
14753 if (i_count) {
14754 tmp_count =
14755 rsbac_ta_list_get_all_desc(ta_number,
14756 netdev_handles.
14757 rc,
14758 (void **)
14759 &i_id_p);
14760 if (tmp_count > 0) {
14761 if (tmp_count > i_count)
14762 tmp_count = i_count;
14763 for (i = 0; i < tmp_count; i++) {
14764 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14765 if (!rsbac_ta_list_exist
14766 (ta_number,
14767 netdev_handles.gen,
14768 &i_id_p[i]))
14769 #endif
14770 {
14771 memcpy(pos,
14772 &i_id_p[i],
14773 sizeof
14774 (*i_id_p));
14775 pos +=
14776 sizeof
14777 (*i_id_p);
14778 count++;
14779 i_count--;
14780 }
14781 }
14782 rsbac_vfree(i_id_p);
14783 }
14784 }
14785 #endif
14786 if (!count)
14787 rsbac_vfree(*id_pp);
14788 }
14789 }
14790 return count;
14791 }
14792 #endif
14793
14794 #ifdef CONFIG_RSBAC_NET_OBJ
14795
14796 int rsbac_net_get_id(rsbac_list_ta_number_t ta_number,
14797 struct rsbac_net_description_t *desc_p,
14798 rsbac_net_temp_id_t * id_p)
14799 {
14800 if (!rsbac_initialized)
14801 return -RSBAC_ENOTINITIALIZED;
14802 if (!id_p || !desc_p)
14803 return -RSBAC_EINVALIDPOINTER;
14804 if (rsbac_ta_list_get_desc(ta_number,
14805 net_temp_handle,
14806 id_p, desc_p, rsbac_net_compare_data)
14807 )
14808 *id_p = RSBAC_NET_UNKNOWN;
14809 return 0;
14810 }
14811
14812
14813
14814 int rsbac_ta_net_lookup_templates(rsbac_list_ta_number_t ta_number,
14815 struct rsbac_net_obj_desc_t *netobj_p,
14816 rsbac_net_temp_id_t * local_temp_p,
14817 rsbac_net_temp_id_t * remote_temp_p)
14818 {
14819 struct rsbac_net_description_t *rsbac_net_desc_p;
14820 int err = 0;
14821 struct net_device *dev;
14822
14823 if (!netobj_p || !netobj_p->sock_p || !netobj_p->sock_p->sk
14824 || !netobj_p->sock_p->ops)
14825 return -RSBAC_EINVALIDPOINTER;
14826 if (!local_temp_p && !remote_temp_p)
14827 return -RSBAC_EINVALIDVALUE;
14828
14829 rsbac_net_desc_p = rsbac_kmalloc(sizeof(*rsbac_net_desc_p));
14830 if (!rsbac_net_desc_p)
14831 return -RSBAC_ENOMEM;
14832
14833 rsbac_net_desc_p->address_family = netobj_p->sock_p->ops->family;
14834 rsbac_net_desc_p->type = netobj_p->sock_p->type;
14835 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14836 rsbac_net_desc_p->protocol = netobj_p->sock_p->sk->sk_protocol;
14837 if (netobj_p->sock_p->sk->sk_bound_dev_if) {
14838 dev =
14839 dev_get_by_index(netobj_p->sock_p->sk->
14840 sk_bound_dev_if);
14841 #else
14842 rsbac_net_desc_p->protocol = netobj_p->sock_p->sk->protocol;
14843 if (netobj_p->sock_p->sk->bound_dev_if) {
14844 dev = dev_get_by_index(netobj_p->sock_p->sk->bound_dev_if);
14845 #endif
14846 if (dev) {
14847 strcpy(rsbac_net_desc_p->netdev, dev->name);
14848 dev_put(dev);
14849 } else
14850 rsbac_net_desc_p->netdev[0] = RSBAC_NET_UNKNOWN;
14851 } else
14852 rsbac_net_desc_p->netdev[0] = RSBAC_NET_UNKNOWN;
14853 if (local_temp_p) {
14854 switch (rsbac_net_desc_p->address_family) {
14855 case AF_INET:
14856 if (netobj_p->local_addr) {
14857 struct sockaddr_in *addr =
14858 netobj_p->local_addr;
14859
14860 rsbac_net_desc_p->address =
14861 &addr->sin_addr.s_addr;
14862 rsbac_net_desc_p->address_len =
14863 sizeof(__u32);
14864 rsbac_net_desc_p->port =
14865 ntohs(addr->sin_port);
14866 } else {
14867 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14868 rsbac_net_desc_p->address =
14869 &inet_sk(netobj_p->sock_p->sk)->
14870 rcv_saddr;
14871 rsbac_net_desc_p->address_len =
14872 sizeof(__u32);
14873 rsbac_net_desc_p->port =
14874 inet_sk(netobj_p->sock_p->sk)->num;
14875 #else
14876 rsbac_net_desc_p->address =
14877 &netobj_p->sock_p->sk->rcv_saddr;
14878 rsbac_net_desc_p->address_len =
14879 sizeof(__u32);
14880 rsbac_net_desc_p->port =
14881 netobj_p->sock_p->sk->num;
14882 #endif
14883 }
14884 dev = ip_dev_find(*(__u32 *) rsbac_net_desc_p->address);
14885 if (dev) {
14886 strcpy(rsbac_net_desc_p->netdev,
14887 dev->name);
14888 dev_put(dev);
14889 }
14890 break;
14891 case AF_UNIX:
14892 rsbac_printk(KERN_WARNING "rsbac_ta_net_lookup_templates(): unsupported family AF_UNIX, should be target UNIXSOCK or IPC-anonunix\n");
14893 return (-RSBAC_EINVALIDTARGET);
14894
14895 default:
14896 rsbac_net_desc_p->address = NULL;
14897 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
14898 }
14899 if ((err = rsbac_net_get_id(ta_number, rsbac_net_desc_p,
14900 local_temp_p))) {
14901 *local_temp_p = 0;
14902 rsbac_printk(KERN_WARNING "rsbac_net_lookup_templates(): rsbac_net_get_id for local returned error %u\n",
14903 err);
14904 }
14905 if (rsbac_net_desc_p->address_family == AF_INET)
14906 rsbac_pr_debug(ds_net,
14907 "user %u temp id for local is %u\n",
14908 current->uid, *local_temp_p);
14909 }
14910 if (remote_temp_p) {
14911 switch (rsbac_net_desc_p->address_family) {
14912 case AF_INET:
14913 if (netobj_p->remote_addr) {
14914 struct sockaddr_in *addr =
14915 netobj_p->remote_addr;
14916
14917 rsbac_net_desc_p->address =
14918 &addr->sin_addr.s_addr;
14919 rsbac_net_desc_p->address_len =
14920 sizeof(__u32);
14921 rsbac_net_desc_p->port =
14922 ntohs(addr->sin_port);
14923 } else {
14924 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14925 rsbac_net_desc_p->address =
14926 &inet_sk(netobj_p->sock_p->sk)->daddr;
14927 rsbac_net_desc_p->address_len =
14928 sizeof(__u32);
14929 rsbac_net_desc_p->port =
14930 ntohs(inet_sk(netobj_p->sock_p->sk)->
14931 dport);
14932 #else
14933 rsbac_net_desc_p->address =
14934 &netobj_p->sock_p->sk->daddr;
14935 rsbac_net_desc_p->address_len =
14936 sizeof(__u32);
14937 rsbac_net_desc_p->port =
14938 ntohs(netobj_p->sock_p->sk->dport);
14939 #endif
14940 }
14941 dev = ip_dev_find(*(__u32 *) rsbac_net_desc_p->address);
14942 if (dev) {
14943 strcpy(rsbac_net_desc_p->netdev,
14944 dev->name);
14945 dev_put(dev);
14946 }
14947 break;
14948 case AF_UNIX:
14949 rsbac_printk(KERN_WARNING "rsbac_ta_net_lookup_templates(): unsupported family AF_UNIX, should be target UNIXSOCK or IPC-anonunix\n");
14950 return (-RSBAC_EINVALIDTARGET);
14951
14952 default:
14953 rsbac_net_desc_p->address = NULL;
14954 rsbac_net_desc_p->address_len = 0;
14955 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
14956 }
14957 if ((err =
14958 rsbac_net_get_id(ta_number, rsbac_net_desc_p,
14959 remote_temp_p))) {
14960 *remote_temp_p = 0;
14961 rsbac_printk(KERN_WARNING "rsbac_net_lookup_templates(): rsbac_net_get_id for remote returned error %u\n",
14962 err);
14963 }
14964 if (rsbac_net_desc_p->address_family == AF_INET)
14965 rsbac_pr_debug(ds_net,
14966 "user %u temp id for remote is %u\n",
14967 current->uid, *remote_temp_p);
14968 }
14969 rsbac_kfree(rsbac_net_desc_p);
14970 return 0;
14971 }
14972
14973 void rsbac_net_obj_cleanup(rsbac_net_obj_id_t netobj)
14974 {
14975 union rsbac_target_id_t tid;
14976
14977 tid.netobj.sock_p = netobj;
14978 rsbac_remove_target(T_NETOBJ, tid);
14979 }
14980
14981 int rsbac_ta_net_template(rsbac_list_ta_number_t ta_number,
14982 enum rsbac_net_temp_syscall_t call,
14983 rsbac_net_temp_id_t id,
14984 union rsbac_net_temp_syscall_data_t *data_p)
14985 {
14986 struct rsbac_net_temp_data_t int_data;
14987 int err;
14988
14989 memset(&int_data, 0, sizeof(int_data));
14990 int_data.address_family = AF_MAX;
14991 int_data.type = RSBAC_NET_ANY;
14992 int_data.protocol = RSBAC_NET_ANY;
14993 strcpy(int_data.name, "DEFAULT");
14994
14995 switch (call) {
14996 case NTS_new_template:
14997 case NTS_check_id:
14998 break;
14999 case NTS_copy_template:
15000 err = rsbac_ta_list_get_data_ttl(ta_number,
15001 net_temp_handle,
15002 NULL,
15003 &data_p->id, &int_data);
15004 if (err)
15005 return err;
15006 break;
15007 default:
15008 err = rsbac_ta_list_get_data_ttl(ta_number,
15009 net_temp_handle,
15010 NULL, &id, &int_data);
15011 if (err)
15012 return err;
15013 }
15014
15015 switch (call) {
15016 case NTS_set_address:
15017 if(int_data.address_family == AF_INET) {
15018 int i;
15019
15020 memcpy(&int_data.address.inet, &data_p->address.inet,
15021 sizeof(int_data.address.inet));
15022 if(int_data.address.inet.nr_addr > RSBAC_NET_NR_INET_ADDR)
15023 return -RSBAC_EINVALIDVALUE;
15024 for(i=0; i<int_data.address.inet.nr_addr; i++)
15025 if(int_data.address.inet.valid_bits[i] > 32)
15026 return -RSBAC_EINVALIDVALUE;
15027 } else {
15028 memcpy(&int_data.address.other, &data_p->address.other,
15029 sizeof(int_data.address.other));
15030 }
15031 return rsbac_ta_list_add_ttl(ta_number, net_temp_handle, 0,
15032 &id, &int_data);
15033 case NTS_set_address_family:
15034 if(int_data.address_family != data_p->address_family) {
15035 int_data.address_family = data_p->address_family;
15036 memset(&int_data.address, 0, sizeof(int_data.address));
15037 }
15038 return rsbac_ta_list_add_ttl(ta_number,
15039 net_temp_handle,
15040 0, &id, &int_data);
15041 case NTS_set_type:
15042 int_data.type = data_p->type;
15043 return rsbac_ta_list_add_ttl(ta_number,
15044 net_temp_handle,
15045 0, &id, &int_data);
15046 case NTS_set_protocol:
15047 int_data.protocol = data_p->protocol;
15048 return rsbac_ta_list_add_ttl(ta_number,
15049 net_temp_handle,
15050 0, &id, &int_data);
15051 case NTS_set_netdev:
15052 strncpy(int_data.netdev, data_p->netdev, RSBAC_IFNAMSIZ);
15053 int_data.netdev[RSBAC_IFNAMSIZ] = 0;
15054 return rsbac_ta_list_add_ttl(ta_number,
15055 net_temp_handle,
15056 0, &id, &int_data);
15057 case NTS_set_ports:
15058 memcpy(&int_data.ports, &data_p->ports,
15059 sizeof(int_data.ports));
15060 if(int_data.ports.nr_ports > RSBAC_NET_NR_PORTS)
15061 return -RSBAC_EINVALIDVALUE;
15062 return rsbac_ta_list_add_ttl(ta_number,
15063 net_temp_handle,
15064 0, &id, &int_data);
15065 case NTS_set_name:
15066 strncpy(int_data.name, data_p->name,
15067 RSBAC_NET_TEMP_NAMELEN - 1);
15068 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0;
15069 return rsbac_ta_list_add_ttl(ta_number,
15070 net_temp_handle,
15071 0, &id, &int_data);
15072 case NTS_new_template:
15073 if (rsbac_list_exist(net_temp_handle, &id))
15074 return -RSBAC_EEXISTS;
15075 strncpy(int_data.name, data_p->name,
15076 RSBAC_NET_TEMP_NAMELEN - 1);
15077 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0;
15078 return rsbac_ta_list_add_ttl(ta_number,
15079 net_temp_handle,
15080 0, &id, &int_data);
15081 case NTS_copy_template:
15082 if (rsbac_list_exist(net_temp_handle, &id))
15083 return -RSBAC_EEXISTS;
15084 return rsbac_ta_list_add_ttl(ta_number,
15085 net_temp_handle,
15086 0, &id, &int_data);
15087 case NTS_delete_template:
15088 return rsbac_ta_list_remove(ta_number, net_temp_handle,
15089 &id);
15090 case NTS_check_id:
15091 if (rsbac_ta_list_exist(ta_number, net_temp_handle, &id)) {
15092 data_p->id = id;
15093 return 0;
15094 } else
15095 return -RSBAC_ENOTFOUND;
15096 case NTS_get_address:
15097 memcpy(&data_p->address, &int_data.address,
15098 sizeof(int_data.address));
15099 return 0;
15100 case NTS_get_address_family:
15101 data_p->address_family = int_data.address_family;
15102 return 0;
15103 case NTS_get_type:
15104 data_p->type = int_data.type;
15105 return 0;
15106 case NTS_get_protocol:
15107 data_p->protocol = int_data.protocol;
15108 return 0;
15109 case NTS_get_netdev:
15110 strncpy(data_p->netdev, int_data.netdev, RSBAC_IFNAMSIZ);
15111 return 0;
15112 case NTS_get_ports:
15113 memcpy(&data_p->ports, &int_data.ports,
15114 sizeof(int_data.ports));
15115 return 0;
15116 case NTS_get_name:
15117 strcpy(data_p->name, int_data.name);
15118 return 0;
15119
15120 default:
15121 return -RSBAC_EINVALIDREQUEST;
15122 }
15123 }
15124
15125 int rsbac_ta_net_list_all_template(rsbac_list_ta_number_t ta_number,
15126 rsbac_net_temp_id_t ** id_pp)
15127 {
15128 if (id_pp)
15129 return rsbac_ta_list_get_all_desc(ta_number,
15130 net_temp_handle,
15131 (void **) id_pp);
15132 else
15133 return rsbac_ta_list_count(ta_number, net_temp_handle);
15134 }
15135
15136 int rsbac_ta_net_template_exist(rsbac_list_ta_number_t ta_number,
15137 rsbac_net_temp_id_t temp)
15138 {
15139 return rsbac_ta_list_exist(ta_number, net_temp_handle, &temp);
15140 }
15141
15142 int rsbac_net_remote_request(enum rsbac_adf_request_t request)
15143 {
15144 switch (request) {
15145 case R_ACCEPT:
15146 case R_CONNECT:
15147 case R_SEND:
15148 case R_RECEIVE:
15149 case R_READ:
15150 case R_WRITE:
15151 return TRUE;
15152
15153 default:
15154 return FALSE;
15155 }
15156 }
15157
15158 #endif
15159
15160 #if defined(CONFIG_RSBAC_DAZ)
15161 EXPORT_SYMBOL(rsbac_daz_get_ttl);
15162
15163 rsbac_time_t rsbac_daz_get_ttl(void)
15164 {
15165 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15166 return rsbac_daz_ttl;
15167 #else
15168 return 0;
15169 #endif
15170 }
15171
15172 EXPORT_SYMBOL(rsbac_daz_set_ttl);
15173 void rsbac_daz_set_ttl(rsbac_time_t ttl)
15174 {
15175 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15176 if (ttl) {
15177 if (ttl > RSBAC_LIST_MAX_AGE_LIMIT)
15178 ttl = RSBAC_LIST_MAX_AGE_LIMIT;
15179 rsbac_daz_ttl = ttl;
15180 }
15181 #endif
15182 }
15183
15184 EXPORT_SYMBOL(rsbac_daz_flush_cache);
15185 int rsbac_daz_flush_cache(void)
15186 {
15187 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15188 struct rsbac_device_list_item_t *device_p;
15189 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
15190 long dflags;
15191 #endif
15192 u_int i;
15193
15194 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
15195 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15196 rcu_read_lock();
15197 #else
15198 rsbac_read_lock(&device_list_locks[i], &dflags);
15199 #endif
15200 device_p = rcu_dereference(device_head_p[i])->head;
15201 while (device_p) {
15202 rsbac_list_remove_all(device_p->handles.dazs);
15203 device_p = device_p->next;
15204 }
15205 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15206 rcu_read_unlock();
15207 #else
15208 rsbac_read_unlock(&device_list_locks[i], &dflags);
15209 #endif
15210 }
15211 #endif
15212 return 0;
15213 }
15214 #endif
15215
15216 #if defined(CONFIG_RSBAC_JAIL)
15217 static int rsbac_jail_exists_compare(void * data1, void * data2)
15218 {
15219 struct rsbac_jail_process_aci_t * aci_p = data1;
15220
15221 return memcmp(&aci_p->id, data2, sizeof(rsbac_jail_id_t));
15222 }
15223
15224 rsbac_boolean_t rsbac_jail_exists(rsbac_jail_id_t jail_id)
15225 {
15226 rsbac_pid_t pid;
15227
15228 if(!rsbac_ta_list_get_desc(0,
15229 process_handles.jail,
15230 &pid,
15231 &jail_id,
15232 rsbac_jail_exists_compare))
15233 return TRUE;
15234 else
15235 return FALSE;
15236 }
15237 #endif
15238
15239 void rsbac_flags_set(unsigned long int rsbac_flags)
15240 {
15241 #if 0
15242 printk("rsbac_flags set to: %lu\n", rsbac_flags);
15243
15244 if (rsbac_flags & set_rsbac_softmode)
15245 rsbac_softmode = 1;
15246 if (rsbac_flags & set_rsbac_softmode_once) {
15247 rsbac_softmode = 1;
15248 rsbac_softmode_prohibit = 1;
15249 }
15250 if (rsbac_flags & set_rsbac_softmode_never)
15251 rsbac_softmode_prohibit = 1;
15252 if (rsbac_flags & set_rsbac_freeze)
15253 rsbac_freeze = 1;
15254 #if defined(CONFIG_RSBAC_UM_EXCL)
15255 if (rsbac_flags & set_rsbac_um_no_excl)
15256 rsbac_um_no_excl = 1;
15257 #endif
15258 if (rsbac_flags & set_rsbac_auth_learn)
15259 rsbac_auth_learn = 1;
15260 if (rsbac_flags & set_rsbac_acl_learn_fd)
15261 rsbac_acl_learn_fd = 1;
15262 if (rsbac_flags & set_rsbac_cap_log_missing)
15263 rsbac_cap_log_missing = 1;
15264 if (rsbac_flags & set_rsbac_jail_log_missing)
15265 rsbac_jail_log_missing = 1;
15266 if (rsbac_flags & set_rsbac_dac_disable)
15267 rsbac_dac_disable = 1;
15268 if (rsbac_flags & set_rsbac_no_delay_init)
15269 rsbac_no_delay_init = 1;
15270 if (rsbac_flags & set_rsbac_no_defaults)
15271 rsbac_no_defaults = 1;
15272 if (rsbac_flags & set_rsbac_nosyslog)
15273 rsbac_nosyslog = 1;
15274 if (rsbac_flags & set_rsbac_cap_process_hiding)
15275 rsbac_cap_process_hiding = 1;
15276 #endif
15277 }