#include <linux/types.h>
#include <linux/sched.h>
#include <linux/mm.h>
#include <linux/init.h>
#include <linux/ext2_fs.h>
#include <asm/uaccess.h>
#include <rsbac/types.h>
#include <rsbac/aci_data_structures.h>
#include <rsbac/auth_data_structures.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/adf.h>
#include <rsbac/aci.h>
#include <rsbac/auth.h>
#include <rsbac/lists.h>
#include <rsbac/proc_fs.h>
#include <rsbac/rkmem.h>
#include <rsbac/getname.h>
#include <linux/string.h>
#include <linux/smp_lock.h>
#include <linux/rcupdate.h>
Go to the source code of this file.
static struct rsbac_auth_device_list_item_t* add_device_item | ( | struct rsbac_auth_device_list_item_t * | device_p | ) | [static] |
Definition at line 543 of file auth_data_structures.c.
References device_list_head_p, device_list_lock, rsbac_acl_device_list_head_t::head, rsbac_auth_device_list_item_t::next, NULL, rsbac_auth_device_list_item_t::prev, rsbac_kfree(), and rsbac_kmalloc().
00544 { 00545 struct rsbac_auth_device_list_head_t * new_p; 00546 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00547 struct rsbac_auth_device_list_head_t * old_p; 00548 #else 00549 u_long flags; 00550 #endif 00551 00552 if (!device_p) 00553 return (NULL); 00554 00555 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00556 spin_lock(&device_list_lock); 00557 old_p = device_list_head_p; 00558 new_p = rsbac_kmalloc(sizeof(*new_p)); 00559 *new_p = *old_p; 00560 #else 00561 rsbac_write_lock(&device_list_lock, &flags); 00562 new_p = device_list_head_p; 00563 #endif 00564 /* add new device to device list */ 00565 if (!new_p->head) { /* first device */ 00566 new_p->head = device_p; 00567 new_p->tail = device_p; 00568 new_p->curr = device_p; 00569 new_p->count = 1; 00570 device_p->prev = NULL; 00571 device_p->next = NULL; 00572 } else { /* there is another device -> hang to tail */ 00573 device_p->prev = new_p->tail; 00574 device_p->next = NULL; 00575 new_p->tail->next = device_p; 00576 new_p->tail = device_p; 00577 new_p->curr = device_p; 00578 new_p->count++; 00579 } 00580 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00581 rcu_assign_pointer(device_list_head_p, new_p); 00582 spin_unlock(&device_list_lock); 00583 synchronize_rcu(); 00584 rsbac_kfree(old_p); 00585 #else 00586 rsbac_write_unlock(&device_list_lock, &flags); 00587 #endif 00588 return (device_p); 00589 }
static int auth_detach_fd_lists | ( | struct rsbac_auth_device_list_item_t * | device_p | ) | [static] |
Definition at line 357 of file auth_data_structures.c.
References get_error_name(), rsbac_auth_device_list_item_t::handle, rsbac_auth_device_list_item_t::id, RSBAC_AUTH_FD_EFF_FILENAME, RSBAC_AUTH_FD_FILENAME, RSBAC_AUTH_FD_FS_FILENAME, RSBAC_AUTH_FD_GROUP_EFF_FILENAME, RSBAC_AUTH_FD_GROUP_FILENAME, RSBAC_AUTH_FD_GROUP_FS_FILENAME, RSBAC_AUTH_LIST_KEY, RSBAC_EINVALIDPOINTER, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_lol_detach(), RSBAC_MAXNAMELEN, and rsbac_printk().
Referenced by clear_device_item().
00359 { 00360 int err = 0; 00361 int tmperr; 00362 00363 if (!device_p) 00364 return (-RSBAC_EINVALIDPOINTER); 00365 00366 /* detach all the AUTH lists of lists */ 00367 tmperr = rsbac_list_lol_detach(&device_p->handle, 00368 RSBAC_AUTH_LIST_KEY); 00369 if (tmperr) { 00370 char *tmp; 00371 00372 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00373 if (tmp) { 00374 rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", 00375 RSBAC_AUTH_FD_FILENAME, 00376 RSBAC_MAJOR(device_p->id), 00377 RSBAC_MINOR(device_p->id), 00378 get_error_name(tmp, tmperr)); 00379 rsbac_kfree(tmp); 00380 } 00381 err = tmperr; 00382 } 00383 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 00384 tmperr = rsbac_list_lol_detach(&device_p->eff_handle, 00385 RSBAC_AUTH_LIST_KEY); 00386 if (tmperr) { 00387 char *tmp; 00388 00389 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00390 if (tmp) { 00391 rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", 00392 RSBAC_AUTH_FD_EFF_FILENAME, 00393 RSBAC_MAJOR(device_p->id), 00394 RSBAC_MINOR(device_p->id), 00395 get_error_name(tmp, tmperr)); 00396 rsbac_kfree(tmp); 00397 } 00398 err = tmperr; 00399 } 00400 tmperr = rsbac_list_lol_detach(&device_p->fs_handle, 00401 RSBAC_AUTH_LIST_KEY); 00402 if (tmperr) { 00403 char *tmp; 00404 00405 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00406 if (tmp) { 00407 rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", 00408 RSBAC_AUTH_FD_FS_FILENAME, 00409 RSBAC_MAJOR(device_p->id), 00410 RSBAC_MINOR(device_p->id), 00411 get_error_name(tmp, tmperr)); 00412 rsbac_kfree(tmp); 00413 } 00414 err = tmperr; 00415 } 00416 #endif 00417 00418 #ifdef CONFIG_RSBAC_AUTH_GROUP 00419 tmperr = rsbac_list_lol_detach(&device_p->group_handle, 00420 RSBAC_AUTH_LIST_KEY); 00421 if (tmperr) { 00422 char *tmp; 00423 00424 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00425 if (tmp) { 00426 rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", 00427 RSBAC_AUTH_FD_GROUP_FILENAME, 00428 RSBAC_MAJOR(device_p->id), 00429 RSBAC_MINOR(device_p->id), 00430 get_error_name(tmp, tmperr)); 00431 rsbac_kfree(tmp); 00432 } 00433 err = tmperr; 00434 } 00435 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 00436 tmperr = rsbac_list_lol_detach(&device_p->group_eff_handle, 00437 RSBAC_AUTH_LIST_KEY); 00438 if (tmperr) { 00439 char *tmp; 00440 00441 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00442 if (tmp) { 00443 rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", 00444 RSBAC_AUTH_FD_GROUP_EFF_FILENAME, 00445 RSBAC_MAJOR(device_p->id), 00446 RSBAC_MINOR(device_p->id), 00447 get_error_name(tmp, tmperr)); 00448 rsbac_kfree(tmp); 00449 } 00450 err = tmperr; 00451 } 00452 tmperr = rsbac_list_lol_detach(&device_p->group_fs_handle, 00453 RSBAC_AUTH_LIST_KEY); 00454 if (tmperr) { 00455 char *tmp; 00456 00457 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00458 if (tmp) { 00459 rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", 00460 RSBAC_AUTH_FD_GROUP_FS_FILENAME, 00461 RSBAC_MAJOR(device_p->id), 00462 RSBAC_MINOR(device_p->id), 00463 get_error_name(tmp, tmperr)); 00464 rsbac_kfree(tmp); 00465 } 00466 err = tmperr; 00467 } 00468 #endif 00469 #endif /* AUTH_GROUP */ 00470 00471 return err; 00472 }
static int auth_register_fd_lists | ( | struct rsbac_auth_device_list_item_t * | device_p, | |
kdev_t | kdev | |||
) | [static] |
Definition at line 128 of file auth_data_structures.c.
References cap_compare(), rsbac_list_lol_info_t::data_size, rsbac_list_lol_info_t::desc_size, get_error_name(), rsbac_auth_device_list_item_t::handle, rsbac_list_lol_info_t::key, rsbac_list_lol_info_t::max_age, nr_fd_hashes, NULL, RSBAC_AUTH_FD_EFF_FILENAME, RSBAC_AUTH_FD_EFF_LIST_VERSION, RSBAC_AUTH_FD_FILENAME, RSBAC_AUTH_FD_FS_FILENAME, RSBAC_AUTH_FD_FS_LIST_VERSION, RSBAC_AUTH_FD_GROUP_EFF_FILENAME, RSBAC_AUTH_FD_GROUP_EFF_LIST_VERSION, RSBAC_AUTH_FD_GROUP_FILENAME, RSBAC_AUTH_FD_GROUP_FS_FILENAME, RSBAC_AUTH_FD_GROUP_FS_LIST_VERSION, RSBAC_AUTH_FD_GROUP_LIST_VERSION, RSBAC_AUTH_FD_LIST_VERSION, RSBAC_AUTH_FD_OLD_EFF_FILENAME, RSBAC_AUTH_FD_OLD_FILENAME, RSBAC_AUTH_FD_OLD_FS_FILENAME, RSBAC_AUTH_FD_OLD_GROUP_EFF_FILENAME, RSBAC_AUTH_FD_OLD_GROUP_FILENAME, RSBAC_AUTH_FD_OLD_GROUP_FS_FILENAME, RSBAC_AUTH_LIST_KEY, RSBAC_EINVALIDPOINTER, rsbac_kfree(), rsbac_kmalloc(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_DEF_DATA, rsbac_list_hash_fd(), rsbac_list_lol_register_hashed(), RSBAC_LIST_PERSIST, RSBAC_LIST_VERSION, RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_list_lol_info_t::subdata_size, rsbac_list_lol_info_t::subdesc_size, and rsbac_list_lol_info_t::version.
Referenced by rsbac_init_auth(), and rsbac_mount_auth().
00130 { 00131 int err = 0; 00132 int tmperr; 00133 struct rsbac_list_lol_info_t lol_info; 00134 00135 if (!device_p) 00136 return (-RSBAC_EINVALIDPOINTER); 00137 00138 lol_info.version = RSBAC_AUTH_FD_LIST_VERSION; 00139 lol_info.key = RSBAC_AUTH_LIST_KEY; 00140 lol_info.desc_size = sizeof(rsbac_inode_nr_t); 00141 lol_info.data_size = 0; 00142 lol_info.subdesc_size = 00143 sizeof(struct rsbac_auth_cap_range_t); 00144 lol_info.subdata_size = 0; /* rights */ 00145 lol_info.max_age = 0; 00146 tmperr = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 00147 &device_p->handle, 00148 &lol_info, 00149 RSBAC_LIST_PERSIST | 00150 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 00151 NULL, 00152 cap_compare, NULL, NULL, 00153 NULL, NULL, 00154 RSBAC_AUTH_FD_FILENAME, kdev, 00155 nr_fd_hashes, 00156 rsbac_list_hash_fd, 00157 RSBAC_AUTH_FD_OLD_FILENAME); 00158 if (tmperr) { 00159 char *tmp; 00160 00161 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00162 if (tmp) { 00163 rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", 00164 RSBAC_AUTH_FD_FILENAME, 00165 RSBAC_MAJOR(kdev), 00166 RSBAC_MINOR(kdev), 00167 get_error_name(tmp, tmperr)); 00168 rsbac_kfree(tmp); 00169 } 00170 err = tmperr; 00171 } 00172 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 00173 /* register all the AUTH DAC lists of lists */ 00174 lol_info.version = RSBAC_AUTH_FD_EFF_LIST_VERSION; 00175 lol_info.key = RSBAC_AUTH_LIST_KEY; 00176 lol_info.desc_size = sizeof(rsbac_inode_nr_t); 00177 lol_info.data_size = 0; 00178 lol_info.subdesc_size = 00179 sizeof(struct rsbac_auth_cap_range_t); 00180 lol_info.subdata_size = 0; /* rights */ 00181 lol_info.max_age = 0; 00182 tmperr = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 00183 &device_p->eff_handle, 00184 &lol_info, 00185 RSBAC_LIST_PERSIST | 00186 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 00187 NULL, 00188 cap_compare, NULL, NULL, 00189 NULL, NULL, 00190 RSBAC_AUTH_FD_EFF_FILENAME, kdev, 00191 nr_eff_fd_hashes, 00192 rsbac_list_hash_fd, 00193 RSBAC_AUTH_FD_OLD_EFF_FILENAME); 00194 if (tmperr) { 00195 char *tmp; 00196 00197 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00198 if (tmp) { 00199 rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", 00200 RSBAC_AUTH_FD_EFF_FILENAME, 00201 RSBAC_MAJOR(kdev), 00202 RSBAC_MINOR(kdev), 00203 get_error_name(tmp, tmperr)); 00204 rsbac_kfree(tmp); 00205 } 00206 err = tmperr; 00207 } 00208 lol_info.version = RSBAC_AUTH_FD_FS_LIST_VERSION; 00209 lol_info.key = RSBAC_AUTH_LIST_KEY; 00210 lol_info.desc_size = sizeof(rsbac_inode_nr_t); 00211 lol_info.data_size = 0; 00212 lol_info.subdesc_size = 00213 sizeof(struct rsbac_auth_cap_range_t); 00214 lol_info.subdata_size = 0; /* rights */ 00215 lol_info.max_age = 0; 00216 tmperr = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 00217 &device_p->fs_handle, 00218 &lol_info, 00219 RSBAC_LIST_PERSIST | 00220 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 00221 NULL, 00222 cap_compare, NULL, NULL, 00223 NULL, NULL, 00224 RSBAC_AUTH_FD_FS_FILENAME, kdev, 00225 nr_fs_fd_hashes, 00226 rsbac_list_hash_fd, 00227 RSBAC_AUTH_FD_OLD_FS_FILENAME); 00228 if (tmperr) { 00229 char *tmp; 00230 00231 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00232 if (tmp) { 00233 rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", 00234 RSBAC_AUTH_FD_FS_FILENAME, 00235 RSBAC_MAJOR(kdev), 00236 RSBAC_MINOR(kdev), 00237 get_error_name(tmp, tmperr)); 00238 rsbac_kfree(tmp); 00239 } 00240 err = tmperr; 00241 } 00242 #endif 00243 00244 #ifdef CONFIG_RSBAC_AUTH_GROUP 00245 lol_info.version = RSBAC_AUTH_FD_GROUP_LIST_VERSION; 00246 lol_info.key = RSBAC_AUTH_LIST_KEY; 00247 lol_info.desc_size = sizeof(rsbac_inode_nr_t); 00248 lol_info.data_size = 0; 00249 lol_info.subdesc_size = 00250 sizeof(struct rsbac_auth_cap_range_t); 00251 lol_info.subdata_size = 0; /* rights */ 00252 lol_info.max_age = 0; 00253 tmperr = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 00254 &device_p->group_handle, 00255 &lol_info, 00256 RSBAC_LIST_PERSIST | 00257 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 00258 NULL, 00259 cap_compare, NULL, NULL, 00260 NULL, NULL, 00261 RSBAC_AUTH_FD_GROUP_FILENAME, kdev, 00262 nr_group_fd_hashes, 00263 rsbac_list_hash_fd, 00264 RSBAC_AUTH_FD_OLD_GROUP_FILENAME); 00265 if (tmperr) { 00266 char *tmp; 00267 00268 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00269 if (tmp) { 00270 rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", 00271 RSBAC_AUTH_FD_GROUP_FILENAME, 00272 RSBAC_MAJOR(kdev), 00273 RSBAC_MINOR(kdev), 00274 get_error_name(tmp, tmperr)); 00275 rsbac_kfree(tmp); 00276 } 00277 err = tmperr; 00278 } 00279 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 00280 lol_info.version = RSBAC_AUTH_FD_GROUP_EFF_LIST_VERSION; 00281 lol_info.key = RSBAC_AUTH_LIST_KEY; 00282 lol_info.desc_size = sizeof(rsbac_inode_nr_t); 00283 lol_info.data_size = 0; 00284 lol_info.subdesc_size = 00285 sizeof(struct rsbac_auth_cap_range_t); 00286 lol_info.subdata_size = 0; /* rights */ 00287 lol_info.max_age = 0; 00288 tmperr = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 00289 &device_p->group_eff_handle, 00290 &lol_info, 00291 RSBAC_LIST_PERSIST | 00292 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 00293 NULL, 00294 cap_compare, NULL, NULL, 00295 NULL, NULL, 00296 RSBAC_AUTH_FD_GROUP_EFF_FILENAME, kdev, 00297 nr_group_eff_fd_hashes, 00298 rsbac_list_hash_fd, 00299 RSBAC_AUTH_FD_OLD_GROUP_EFF_FILENAME); 00300 if (tmperr) { 00301 char *tmp; 00302 00303 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00304 if (tmp) { 00305 rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", 00306 RSBAC_AUTH_FD_GROUP_EFF_FILENAME, 00307 RSBAC_MAJOR(kdev), 00308 RSBAC_MINOR(kdev), 00309 get_error_name(tmp, tmperr)); 00310 rsbac_kfree(tmp); 00311 } 00312 err = tmperr; 00313 } 00314 lol_info.version = RSBAC_AUTH_FD_GROUP_FS_LIST_VERSION; 00315 lol_info.key = RSBAC_AUTH_LIST_KEY; 00316 lol_info.desc_size = sizeof(rsbac_inode_nr_t); 00317 lol_info.data_size = 0; 00318 lol_info.subdesc_size = 00319 sizeof(struct rsbac_auth_cap_range_t); 00320 lol_info.subdata_size = 0; /* rights */ 00321 lol_info.max_age = 0; 00322 tmperr = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 00323 &device_p->group_fs_handle, 00324 &lol_info, 00325 RSBAC_LIST_PERSIST | 00326 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 00327 NULL, 00328 cap_compare, NULL, NULL, 00329 NULL, NULL, 00330 RSBAC_AUTH_FD_GROUP_FS_FILENAME, kdev, 00331 nr_group_fs_fd_hashes, 00332 rsbac_list_hash_fd, 00333 RSBAC_AUTH_FD_OLD_GROUP_FS_FILENAME); 00334 if (tmperr) { 00335 char *tmp; 00336 00337 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00338 if (tmp) { 00339 rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", 00340 RSBAC_AUTH_FD_GROUP_FS_FILENAME, 00341 RSBAC_MAJOR(kdev), 00342 RSBAC_MINOR(kdev), 00343 get_error_name(tmp, tmperr)); 00344 rsbac_kfree(tmp); 00345 } 00346 err = tmperr; 00347 } 00348 #endif 00349 #endif /* AUTH_GROUP */ 00350 00351 return err; 00352 }
static int cap_compare | ( | void * | desc1, | |
void * | desc2 | |||
) | [static] |
Definition at line 92 of file auth_data_structures.c.
References rsbac_auth_cap_range_t::first, and rsbac_auth_cap_range_t::last.
Referenced by auth_register_fd_lists(), and rsbac_init_auth().
00093 { 00094 struct rsbac_auth_cap_range_t *range1 = desc1; 00095 struct rsbac_auth_cap_range_t *range2 = desc2; 00096 00097 if (!desc1 || !desc2) 00098 return 0; 00099 if (range1->first < range2->first) 00100 return -1; 00101 if (range1->first > range2->first) 00102 return 1; 00103 if (range1->last < range2->last) 00104 return -1; 00105 if (range1->last > range2->last) 00106 return 1; 00107 return 0; 00108 }
static void clear_device_item | ( | struct rsbac_auth_device_list_item_t * | item_p | ) | [static] |
Definition at line 598 of file auth_data_structures.c.
References auth_detach_fd_lists(), and rsbac_kfree().
00599 { 00600 if (!item_p) 00601 return; 00602 00603 /* First deregister lists... */ 00604 auth_detach_fd_lists(item_p); 00605 /* OK, lets remove the device item itself */ 00606 rsbac_kfree(item_p); 00607 } /* end of clear_device_item() */
static int copy_fp_cap_set_item | ( | struct rsbac_auth_device_list_item_t * | device_p, | |
rsbac_auth_file_t | file, | |||
rsbac_pid_t | pid | |||
) | [static] |
Definition at line 669 of file auth_data_structures.c.
References group_handle, rsbac_auth_device_list_item_t::handle, NULL, process_handle, RSBAC_ENOTFOUND, rsbac_get_parent(), rsbac_list_lol_get_all_subdesc_ttl(), rsbac_list_lol_remove(), rsbac_list_lol_subadd_ttl(), rsbac_vfree, and T_FILE.
Referenced by rsbac_auth_copy_fp_capset().
00672 { 00673 struct rsbac_auth_cap_range_t *cap_item_p; 00674 rsbac_time_t *ttl_p; 00675 int i; 00676 long count; 00677 enum rsbac_target_t target = T_FILE; 00678 union rsbac_target_id_t tid; 00679 00680 rsbac_list_lol_remove(process_handle, &pid); 00681 count = 00682 rsbac_list_lol_get_all_subdesc_ttl(device_p->handle, 00683 &file.inode, 00684 (void **) &cap_item_p, 00685 &ttl_p); 00686 if (!count || (count == -RSBAC_ENOTFOUND) 00687 ) { 00688 tid.file = file; 00689 if (!rsbac_get_parent(target, tid, &target, &tid)) 00690 count = 00691 rsbac_list_lol_get_all_subdesc_ttl(device_p->handle, 00692 &tid.file. 00693 inode, 00694 (void **) 00695 &cap_item_p, 00696 &ttl_p); 00697 } 00698 if (count > 0) { 00699 for (i = 0; i < count; i++) { 00700 rsbac_list_lol_subadd_ttl(process_handle, 00701 ttl_p[i], 00702 &pid, 00703 &cap_item_p[i], NULL); 00704 } 00705 rsbac_vfree(cap_item_p); 00706 rsbac_vfree(ttl_p); 00707 } else { 00708 if ((count < 0) 00709 && (count != -RSBAC_ENOTFOUND) 00710 ) 00711 return count; 00712 } 00713 00714 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 00715 rsbac_list_lol_remove(process_eff_handle, &pid); 00716 count = 00717 rsbac_list_lol_get_all_subdesc_ttl(device_p->eff_handle, 00718 &file.inode, 00719 (void **) &cap_item_p, 00720 &ttl_p); 00721 if (!count || (count == -RSBAC_ENOTFOUND) 00722 ) { 00723 tid.file = file; 00724 if (!rsbac_get_parent(target, tid, &target, &tid)) 00725 count = 00726 rsbac_list_lol_get_all_subdesc_ttl(device_p->eff_handle, 00727 &tid.file. 00728 inode, 00729 (void **) 00730 &cap_item_p, 00731 &ttl_p); 00732 } 00733 if (count > 0) { 00734 for (i = 0; i < count; i++) { 00735 rsbac_list_lol_subadd_ttl(process_eff_handle, 00736 ttl_p[i], 00737 &pid, 00738 &cap_item_p[i], NULL); 00739 } 00740 rsbac_vfree(cap_item_p); 00741 rsbac_vfree(ttl_p); 00742 } else { 00743 if ((count < 0) 00744 && (count != -RSBAC_ENOTFOUND) 00745 ) 00746 return count; 00747 } 00748 rsbac_list_lol_remove(process_fs_handle, &pid); 00749 count = 00750 rsbac_list_lol_get_all_subdesc_ttl(device_p->fs_handle, 00751 &file.inode, 00752 (void **) &cap_item_p, 00753 &ttl_p); 00754 if (!count || (count == -RSBAC_ENOTFOUND) 00755 ) { 00756 tid.file = file; 00757 if (!rsbac_get_parent(target, tid, &target, &tid)) 00758 count = 00759 rsbac_list_lol_get_all_subdesc_ttl(device_p->fs_handle, 00760 &tid.file. 00761 inode, 00762 (void **) 00763 &cap_item_p, 00764 &ttl_p); 00765 } 00766 if (count > 0) { 00767 for (i = 0; i < count; i++) { 00768 rsbac_list_lol_subadd_ttl(process_fs_handle, 00769 ttl_p[i], 00770 &pid, 00771 &cap_item_p[i], NULL); 00772 } 00773 rsbac_vfree(cap_item_p); 00774 rsbac_vfree(ttl_p); 00775 } else { 00776 if ((count < 0) 00777 && (count != -RSBAC_ENOTFOUND) 00778 ) 00779 return count; 00780 } 00781 #endif 00782 00783 #ifdef CONFIG_RSBAC_AUTH_GROUP 00784 rsbac_list_lol_remove(process_group_handle, &pid); 00785 count = 00786 rsbac_list_lol_get_all_subdesc_ttl(device_p-> 00787 group_handle, 00788 &file.inode, 00789 (void **) &cap_item_p, 00790 &ttl_p); 00791 if (!count || (count == -RSBAC_ENOTFOUND) 00792 ) { 00793 tid.file = file; 00794 if (!rsbac_get_parent(target, tid, &target, &tid)) 00795 count = 00796 rsbac_list_lol_get_all_subdesc_ttl(device_p->group_handle, 00797 &tid.file. 00798 inode, 00799 (void **) 00800 &cap_item_p, 00801 &ttl_p); 00802 } 00803 if (count > 0) { 00804 for (i = 0; i < count; i++) { 00805 rsbac_list_lol_subadd_ttl(process_group_handle, 00806 ttl_p[i], 00807 &pid, 00808 &cap_item_p[i], NULL); 00809 } 00810 rsbac_vfree(cap_item_p); 00811 rsbac_vfree(ttl_p); 00812 } else { 00813 if ((count < 0) 00814 && (count != -RSBAC_ENOTFOUND) 00815 ) 00816 return count; 00817 } 00818 00819 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 00820 rsbac_list_lol_remove(process_group_eff_handle, &pid); 00821 count = 00822 rsbac_list_lol_get_all_subdesc_ttl(device_p->group_eff_handle, 00823 &file.inode, 00824 (void **) &cap_item_p, 00825 &ttl_p); 00826 if (!count || (count == -RSBAC_ENOTFOUND) 00827 ) { 00828 tid.file = file; 00829 if (!rsbac_get_parent(target, tid, &target, &tid)) 00830 count = 00831 rsbac_list_lol_get_all_subdesc_ttl(device_p->group_eff_handle, 00832 &tid.file. 00833 inode, 00834 (void **) 00835 &cap_item_p, 00836 &ttl_p); 00837 } 00838 if (count > 0) { 00839 for (i = 0; i < count; i++) { 00840 rsbac_list_lol_subadd_ttl(process_group_eff_handle, 00841 ttl_p[i], 00842 &pid, 00843 &cap_item_p[i], NULL); 00844 } 00845 rsbac_vfree(cap_item_p); 00846 rsbac_vfree(ttl_p); 00847 } else { 00848 if ((count < 0) 00849 && (count != -RSBAC_ENOTFOUND) 00850 ) 00851 return count; 00852 } 00853 rsbac_list_lol_remove(process_group_fs_handle, &pid); 00854 count = 00855 rsbac_list_lol_get_all_subdesc_ttl(device_p->group_fs_handle, 00856 &file.inode, 00857 (void **) &cap_item_p, 00858 &ttl_p); 00859 if (!count || (count == -RSBAC_ENOTFOUND) 00860 ) { 00861 tid.file = file; 00862 if (!rsbac_get_parent(target, tid, &target, &tid)) 00863 count = 00864 rsbac_list_lol_get_all_subdesc_ttl(device_p->group_fs_handle, 00865 &tid.file. 00866 inode, 00867 (void **) 00868 &cap_item_p, 00869 &ttl_p); 00870 } 00871 if (count > 0) { 00872 for (i = 0; i < count; i++) { 00873 rsbac_list_lol_subadd_ttl(process_group_fs_handle, 00874 ttl_p[i], 00875 &pid, 00876 &cap_item_p[i], NULL); 00877 } 00878 rsbac_vfree(cap_item_p); 00879 rsbac_vfree(ttl_p); 00880 } else { 00881 if ((count < 0) 00882 && (count != -RSBAC_ENOTFOUND) 00883 ) 00884 return count; 00885 } 00886 #endif 00887 #endif /* AUTH_GROUP */ 00888 00889 return 0; 00890 } /* end of copy_fp_cap_set_item() */
static int copy_pp_cap_set_item | ( | rsbac_pid_t | old_pid, | |
rsbac_pid_t | new_pid | |||
) | [static] |
Definition at line 925 of file auth_data_structures.c.
References copy_pp_cap_set_item_handle(), and process_handle.
Referenced by rsbac_auth_copy_pp_capset().
00926 { 00927 int res; 00928 00929 res = 00930 copy_pp_cap_set_item_handle(process_handle, old_pid, new_pid); 00931 00932 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 00933 if (res) 00934 return res; 00935 res = 00936 copy_pp_cap_set_item_handle(process_eff_handle, old_pid, 00937 new_pid); 00938 if (res) 00939 return res; 00940 res = 00941 copy_pp_cap_set_item_handle(process_fs_handle, old_pid, 00942 new_pid); 00943 #endif 00944 00945 #ifdef CONFIG_RSBAC_AUTH_GROUP 00946 res = 00947 copy_pp_cap_set_item_handle(process_group_handle, old_pid, 00948 new_pid); 00949 00950 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 00951 if (res) 00952 return res; 00953 res = 00954 copy_pp_cap_set_item_handle(process_group_eff_handle, old_pid, 00955 new_pid); 00956 if (res) 00957 return res; 00958 res = 00959 copy_pp_cap_set_item_handle(process_group_fs_handle, old_pid, 00960 new_pid); 00961 #endif 00962 #endif 00963 00964 return (res); 00965 } /* end of copy_pp_cap_set_item() */
static int copy_pp_cap_set_item_handle | ( | rsbac_list_handle_t | handle, | |
rsbac_pid_t | old_pid, | |||
rsbac_pid_t | new_pid | |||
) | [static] |
Definition at line 895 of file auth_data_structures.c.
References NULL, rsbac_list_lol_get_all_subdesc_ttl(), rsbac_list_lol_remove(), rsbac_list_lol_subadd_ttl(), and rsbac_vfree.
Referenced by copy_pp_cap_set_item().
00898 { 00899 struct rsbac_auth_cap_range_t *cap_item_p; 00900 rsbac_time_t *ttl_p; 00901 int i; 00902 long count; 00903 00904 rsbac_list_lol_remove(handle, &new_pid); 00905 count = rsbac_list_lol_get_all_subdesc_ttl(handle, 00906 &old_pid, 00907 (void **) &cap_item_p, 00908 &ttl_p); 00909 if (count > 0) { 00910 for (i = 0; i < count; i++) { 00911 rsbac_list_lol_subadd_ttl(handle, 00912 ttl_p[i], 00913 &new_pid, 00914 &cap_item_p[i], NULL); 00915 } 00916 rsbac_vfree(cap_item_p); 00917 rsbac_vfree(ttl_p); 00918 } else { 00919 if (count < 0) 00920 return count; 00921 } 00922 return 0; 00923 }
static struct rsbac_auth_device_list_item_t* create_device_item | ( | kdev_t | kdev | ) | [static] |
Definition at line 513 of file auth_data_structures.c.
References NULL, and rsbac_kmalloc().
00514 { 00515 struct rsbac_auth_device_list_item_t *new_item_p; 00516 00517 /* allocate memory for new device, return NULL, if failed */ 00518 if (!(new_item_p = (struct rsbac_auth_device_list_item_t *) 00519 rsbac_kmalloc(sizeof(*new_item_p)))) 00520 return (NULL); 00521 00522 new_item_p->id = kdev; 00523 new_item_p->mount_count = 1; 00524 00525 /* init file/dir sublists */ 00526 new_item_p->handle = NULL; 00527 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 00528 new_item_p->eff_handle = NULL; 00529 new_item_p->fs_handle = NULL; 00530 #endif 00531 #ifdef CONFIG_RSBAC_AUTH_GROUP 00532 new_item_p->group_handle = NULL; 00533 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 00534 new_item_p->group_eff_handle = NULL; 00535 new_item_p->group_fs_handle = NULL; 00536 #endif 00537 #endif 00538 return (new_item_p); 00539 }
static struct rsbac_auth_device_list_item_t* lookup_device | ( | kdev_t | kdev | ) | [static] |
Definition at line 479 of file auth_data_structures.c.
References device_list_head_p, rsbac_auth_device_list_item_t::id, and rsbac_auth_device_list_item_t::next.
00480 { 00481 struct rsbac_auth_device_list_item_t *curr = rcu_dereference(device_list_head_p)->curr; 00482 00483 /* if there is no current item or it is not the right one, search... */ 00484 if (!(curr && (RSBAC_MAJOR(curr->id) == RSBAC_MAJOR(kdev)) 00485 && (RSBAC_MINOR(curr->id) == RSBAC_MINOR(kdev)) 00486 ) 00487 ) { 00488 curr = rcu_dereference(device_list_head_p)->head; 00489 while (curr 00490 && ((RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev)) 00491 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev)) 00492 ) 00493 ) { 00494 curr = curr->next; 00495 } 00496 if (curr) 00497 rcu_dereference(device_list_head_p)->curr = curr; 00498 } 00499 /* it is the current item -> return it */ 00500 return (curr); 00501 }
static void remove_device_item | ( | kdev_t | kdev | ) | [static] |
Definition at line 609 of file auth_data_structures.c.
References clear_device_item(), device_list_head_p, device_list_lock, rsbac_acl_device_list_head_t::head, lookup_device(), rsbac_auth_device_list_item_t::next, NULL, rsbac_auth_device_list_item_t::prev, rsbac_kfree(), and rsbac_kmalloc().
00610 { 00611 struct rsbac_auth_device_list_item_t *item_p; 00612 struct rsbac_auth_device_list_head_t * new_p; 00613 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00614 struct rsbac_auth_device_list_head_t * old_p; 00615 #endif 00616 00617 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00618 old_p = device_list_head_p; 00619 new_p = rsbac_kmalloc(sizeof(*new_p)); 00620 *new_p = *old_p; 00621 #else 00622 new_p = device_list_head_p; 00623 #endif 00624 /* first we must locate the item. */ 00625 if ((item_p = lookup_device(kdev))) { /* ok, item was found */ 00626 if (new_p->head == item_p) { /* item is head */ 00627 if (new_p->tail == item_p) { /* item is head and tail = only item -> list will be empty */ 00628 new_p->head = NULL; 00629 new_p->tail = NULL; 00630 } else { /* item is head, but not tail -> next item becomes head */ 00631 item_p->next->prev = NULL; 00632 new_p->head = item_p->next; 00633 } 00634 } else { /* item is not head */ 00635 if (new_p->tail == item_p) { /*item is not head, but tail -> previous item becomes tail */ 00636 item_p->prev->next = NULL; 00637 new_p->tail = item_p->prev; 00638 } else { /* item is neither head nor tail -> item is cut out */ 00639 item_p->prev->next = item_p->next; 00640 item_p->next->prev = item_p->prev; 00641 } 00642 } 00643 00644 /* curr is no longer valid -> reset. */ 00645 new_p->curr = NULL; 00646 /* adjust counter */ 00647 new_p->count--; 00648 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00649 rcu_assign_pointer(device_list_head_p, new_p); 00650 spin_unlock(&device_list_lock); 00651 synchronize_rcu(); 00652 rsbac_kfree(old_p); 00653 #endif 00654 00655 /* now we can remove the item from memory. This means cleaning up */ 00656 /* everything below. */ 00657 clear_device_item(item_p); 00658 } /* end of if: item was found */ 00659 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00660 else 00661 spin_unlock(&device_list_lock); 00662 #endif 00663 } /* end of remove_device_item() */
int rsbac_auth_add_to_f_capset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_auth_file_t | file, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 2934 of file auth_data_structures.c.
References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, device_list_lock, rsbac_auth_cap_range_t::first, rsbac_auth_device_list_item_t::handle, rsbac_auth_cap_range_t::last, lookup_device(), NULL, RSBAC_EINVALIDATTR, RSBAC_EINVALIDDEV, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl().
Referenced by rsbac_auth_add_f_cap().
02939 { 02940 int err = 0; 02941 struct rsbac_auth_device_list_item_t *device_p; 02942 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 02943 u_long dflags; 02944 #endif 02945 02946 if (!rsbac_is_initialized()) { 02947 rsbac_printk(KERN_WARNING "rsbac_auth_add_to_f_capset(): RSBAC not initialized\n"); 02948 return (-RSBAC_ENOTINITIALIZED); 02949 } 02950 if (in_interrupt()) { 02951 rsbac_printk(KERN_WARNING "rsbac_auth_add_to_f_capset(): called from interrupt!\n"); 02952 } 02953 if (cap_range.first > cap_range.last) 02954 return (-RSBAC_EINVALIDVALUE); 02955 02956 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02957 rcu_read_lock(); 02958 #else 02959 rsbac_read_lock(&device_list_lock, &dflags); 02960 #endif 02961 device_p = lookup_device(file.device); 02962 if (!device_p) { 02963 /* trigger rsbac_mount() */ 02964 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02965 rcu_read_unlock(); 02966 #else 02967 rsbac_read_unlock(&device_list_lock, &dflags); 02968 #endif 02969 rsbac_get_super_block(file.device); 02970 /* retry */ 02971 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02972 rcu_read_lock(); 02973 #else 02974 rsbac_read_lock(&device_list_lock, &dflags); 02975 #endif 02976 device_p = lookup_device(file.device); 02977 if (!device_p) { 02978 rsbac_printk(KERN_WARNING "rsbac_auth_add_to_f_capset(): invalid device %02u:%02u!\n", 02979 RSBAC_MAJOR(file.device), 02980 RSBAC_MINOR(file.device)); 02981 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02982 rcu_read_unlock(); 02983 #else 02984 rsbac_read_unlock(&device_list_lock, &dflags); 02985 #endif 02986 return (-RSBAC_EINVALIDDEV); 02987 } 02988 } 02989 02990 switch (cap_type) { 02991 case ACT_real: 02992 err = rsbac_ta_list_lol_subadd_ttl(ta_number, 02993 device_p->handle, 02994 ttl, &file.inode, 02995 &cap_range, NULL); 02996 break; 02997 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 02998 case ACT_eff: 02999 err = rsbac_ta_list_lol_subadd_ttl(ta_number, 03000 device_p->eff_handle, 03001 ttl, &file.inode, 03002 &cap_range, NULL); 03003 break; 03004 case ACT_fs: 03005 err = rsbac_ta_list_lol_subadd_ttl(ta_number, 03006 device_p->fs_handle, 03007 ttl, &file.inode, 03008 &cap_range, NULL); 03009 break; 03010 #endif 03011 #ifdef CONFIG_RSBAC_AUTH_GROUP 03012 case ACT_group_real: 03013 err = rsbac_ta_list_lol_subadd_ttl(ta_number, 03014 device_p->group_handle, 03015 ttl, 03016 &file.inode, &cap_range, 03017 NULL); 03018 break; 03019 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 03020 case ACT_group_eff: 03021 err = rsbac_ta_list_lol_subadd_ttl(ta_number, 03022 device_p->group_eff_handle, 03023 ttl, 03024 &file.inode, &cap_range, 03025 NULL); 03026 break; 03027 case ACT_group_fs: 03028 err = rsbac_ta_list_lol_subadd_ttl(ta_number, 03029 device_p->group_fs_handle, 03030 ttl, 03031 &file.inode, &cap_range, 03032 NULL); 03033 break; 03034 #endif 03035 #endif /* AUTH_GROUP */ 03036 03037 default: 03038 err = -RSBAC_EINVALIDATTR; 03039 } 03040 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03041 rcu_read_unlock(); 03042 #else 03043 rsbac_read_unlock(&device_list_lock, &dflags); 03044 #endif 03045 return (err); 03046 }
int rsbac_auth_add_to_p_capset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 2876 of file auth_data_structures.c.
References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, NULL, process_handle, RSBAC_EINVALIDATTR, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl().
Referenced by rsbac_auth_add_p_cap(), and rsbac_replace_auth_cap().
02881 { 02882 if (!rsbac_is_initialized()) { 02883 rsbac_printk(KERN_WARNING "rsbac_auth_add_to_p_capset(): RSBAC not initialized\n"); 02884 return (-RSBAC_ENOTINITIALIZED); 02885 } 02886 if (in_interrupt()) { 02887 rsbac_printk(KERN_WARNING "rsbac_auth_add_to_p_capset(): called from interrupt!\n"); 02888 } 02889 if (cap_range.first > cap_range.last) 02890 return (-RSBAC_EINVALIDVALUE); 02891 switch (cap_type) { 02892 case ACT_real: 02893 return rsbac_ta_list_lol_subadd_ttl(ta_number, 02894 process_handle, ttl, 02895 &pid, &cap_range, 02896 NULL); 02897 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 02898 case ACT_eff: 02899 return rsbac_ta_list_lol_subadd_ttl(ta_number, 02900 process_eff_handle, 02901 ttl, &pid, &cap_range, 02902 NULL); 02903 case ACT_fs: 02904 return rsbac_ta_list_lol_subadd_ttl(ta_number, 02905 process_fs_handle, ttl, 02906 &pid, &cap_range, 02907 NULL); 02908 #endif 02909 #ifdef CONFIG_RSBAC_AUTH_GROUP 02910 case ACT_group_real: 02911 return rsbac_ta_list_lol_subadd_ttl(ta_number, 02912 process_group_handle, 02913 ttl, &pid, &cap_range, 02914 NULL); 02915 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 02916 case ACT_group_eff: 02917 return rsbac_ta_list_lol_subadd_ttl(ta_number, 02918 process_group_eff_handle, 02919 ttl, &pid, &cap_range, 02920 NULL); 02921 case ACT_group_fs: 02922 return rsbac_ta_list_lol_subadd_ttl(ta_number, 02923 process_group_fs_handle, 02924 ttl, &pid, &cap_range, 02925 NULL); 02926 #endif 02927 #endif /* AUTH_GROUP */ 02928 02929 default: 02930 return -RSBAC_EINVALIDATTR; 02931 } 02932 }
int rsbac_auth_clear_f_capset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_auth_file_t | file, | |||
enum rsbac_auth_cap_type_t | cap_type | |||
) |
Definition at line 3257 of file auth_data_structures.c.
References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, device_list_lock, rsbac_auth_device_list_item_t::handle, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove().
Referenced by rsbac_auth_remove_f_capsets().
03260 { 03261 int err = 0; 03262 struct rsbac_auth_device_list_item_t *device_p; 03263 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03264 u_long dflags; 03265 #endif 03266 03267 if (!rsbac_is_initialized()) { 03268 rsbac_printk(KERN_WARNING "rsbac_auth_clear_f_capset(): RSBAC not initialized\n"); 03269 return (-RSBAC_ENOTINITIALIZED); 03270 } 03271 if (in_interrupt()) { 03272 rsbac_printk(KERN_WARNING "rsbac_auth_clear_f_capset(): called from interrupt!\n"); 03273 } 03274 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03275 rcu_read_lock(); 03276 #else 03277 rsbac_read_lock(&device_list_lock, &dflags); 03278 #endif 03279 device_p = lookup_device(file.device); 03280 if (!device_p) { 03281 /* trigger rsbac_mount() */ 03282 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03283 rcu_read_unlock(); 03284 #else 03285 rsbac_read_unlock(&device_list_lock, &dflags); 03286 #endif 03287 rsbac_get_super_block(file.device); 03288 /* retry */ 03289 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03290 rcu_read_lock(); 03291 #else 03292 rsbac_read_lock(&device_list_lock, &dflags); 03293 #endif 03294 device_p = lookup_device(file.device); 03295 if (!device_p) { 03296 rsbac_printk(KERN_WARNING "rsbac_auth_clear_f_capset(): invalid device %02u:%02u!\n", 03297 RSBAC_MAJOR(file.device), 03298 RSBAC_MINOR(file.device)); 03299 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03300 rcu_read_unlock(); 03301 #else 03302 rsbac_read_unlock(&device_list_lock, &dflags); 03303 #endif 03304 return (-RSBAC_EINVALIDDEV); 03305 } 03306 } 03307 switch (cap_type) { 03308 case ACT_real: 03309 err = rsbac_ta_list_lol_remove(ta_number, 03310 device_p->handle, 03311 &file.inode); 03312 break; 03313 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 03314 case ACT_eff: 03315 err = rsbac_ta_list_lol_remove(ta_number, 03316 device_p->eff_handle, 03317 &file.inode); 03318 break; 03319 case ACT_fs: 03320 err = rsbac_ta_list_lol_remove(ta_number, 03321 device_p->fs_handle, 03322 &file.inode); 03323 break; 03324 #endif 03325 #ifdef CONFIG_RSBAC_AUTH_GROUP 03326 case ACT_group_real: 03327 err = rsbac_ta_list_lol_remove(ta_number, 03328 device_p->group_handle, 03329 &file.inode); 03330 break; 03331 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 03332 case ACT_group_eff: 03333 err = rsbac_ta_list_lol_remove(ta_number, 03334 device_p->group_eff_handle, 03335 &file.inode); 03336 break; 03337 case ACT_group_fs: 03338 err = rsbac_ta_list_lol_remove(ta_number, 03339 device_p-> group_fs_handle, 03340 &file.inode); 03341 break; 03342 #endif 03343 #endif /* AUTH_GROUP */ 03344 03345 default: 03346 err = -RSBAC_EINVALIDTARGET; 03347 } 03348 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03349 rcu_read_unlock(); 03350 #else 03351 rsbac_read_unlock(&device_list_lock, &dflags); 03352 #endif 03353 return (err); 03354 }
int rsbac_auth_clear_p_capset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type | |||
) |
Definition at line 3212 of file auth_data_structures.c.
References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, process_handle, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove().
Referenced by rsbac_auth_remove_p_capsets().
03215 { 03216 if (!rsbac_is_initialized()) { 03217 rsbac_printk(KERN_WARNING "rsbac_auth_clear_p_capset(): RSBAC not initialized\n"); 03218 return (-RSBAC_ENOTINITIALIZED); 03219 } 03220 if (in_interrupt()) { 03221 rsbac_printk(KERN_WARNING "rsbac_auth_clear_p_capset(): called from interrupt!\n"); 03222 } 03223 switch (cap_type) { 03224 case ACT_real: 03225 return rsbac_ta_list_lol_remove(ta_number, process_handle, 03226 &pid); 03227 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 03228 case ACT_eff: 03229 return rsbac_ta_list_lol_remove(ta_number, 03230 process_eff_handle, &pid); 03231 case ACT_fs: 03232 return rsbac_ta_list_lol_remove(ta_number, 03233 process_fs_handle, &pid); 03234 #endif 03235 #ifdef CONFIG_RSBAC_AUTH_GROUP 03236 case ACT_group_real: 03237 return rsbac_ta_list_lol_remove(ta_number, 03238 process_group_handle, 03239 &pid); 03240 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 03241 case ACT_group_eff: 03242 return rsbac_ta_list_lol_remove(ta_number, 03243 process_group_eff_handle, 03244 &pid); 03245 case ACT_group_fs: 03246 return rsbac_ta_list_lol_remove(ta_number, 03247 process_group_fs_handle, 03248 &pid); 03249 #endif 03250 #endif /* AUTH_GROUP */ 03251 03252 default: 03253 return -RSBAC_EINVALIDTARGET; 03254 } 03255 }
int rsbac_auth_copy_fp_capset | ( | rsbac_auth_file_t | file, | |
rsbac_pid_t | p_cap_set_id | |||
) |
Definition at line 4119 of file auth_data_structures.c.
References copy_fp_cap_set_item(), device_list_lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), and rsbac_printk().
Referenced by rsbac_adf_set_attr_auth().
04121 { 04122 struct rsbac_auth_device_list_item_t *device_p; 04123 int err = 0; 04124 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 04125 u_long dflags; 04126 #endif 04127 04128 if (!rsbac_is_initialized()) { 04129 rsbac_printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): RSBAC not initialized\n"); 04130 return (-RSBAC_ENOTINITIALIZED); 04131 } 04132 if (in_interrupt()) { 04133 rsbac_printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): called from interrupt!\n"); 04134 } 04135 /* 04136 rsbac_pr_debug(ds_auth, "Copying file cap set data to process cap set\n"); 04137 */ 04138 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04139 rcu_read_lock(); 04140 #else 04141 rsbac_read_lock(&device_list_lock, &dflags); 04142 #endif 04143 device_p = lookup_device(file.device); 04144 if (!device_p) { 04145 /* trigger rsbac_mount() */ 04146 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04147 rcu_read_unlock(); 04148 #else 04149 rsbac_read_unlock(&device_list_lock, &dflags); 04150 #endif 04151 rsbac_get_super_block(file.device); 04152 /* retry */ 04153 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04154 rcu_read_lock(); 04155 #else 04156 rsbac_read_lock(&device_list_lock, &dflags); 04157 #endif 04158 device_p = lookup_device(file.device); 04159 if (!device_p) { 04160 rsbac_printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): invalid device %02u:%02u!\n", 04161 RSBAC_MAJOR(file.device), 04162 RSBAC_MINOR(file.device)); 04163 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04164 rcu_read_unlock(); 04165 #else 04166 rsbac_read_unlock(&device_list_lock, &dflags); 04167 #endif 04168 return (-RSBAC_EINVALIDDEV); 04169 } 04170 } 04171 /* call the copy function */ 04172 err = copy_fp_cap_set_item(device_p, file, p_cap_set_id); 04173 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04174 rcu_read_unlock(); 04175 #else 04176 rsbac_read_unlock(&device_list_lock, &dflags); 04177 #endif 04178 return (err); 04179 }
int rsbac_auth_copy_pp_capset | ( | rsbac_pid_t | old_p_set_id, | |
rsbac_pid_t | new_p_set_id | |||
) |
Definition at line 4181 of file auth_data_structures.c.
References copy_pp_cap_set_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), and rsbac_printk().
Referenced by rsbac_adf_set_attr_auth().
04183 { 04184 if (!rsbac_is_initialized()) { 04185 rsbac_printk(KERN_WARNING "rsbac_auth_copy_pp_capset(): RSBAC not initialized\n"); 04186 return (-RSBAC_ENOTINITIALIZED); 04187 } 04188 if (in_interrupt()) { 04189 rsbac_printk(KERN_WARNING "rsbac_auth_copy_pp_capset(): called from interrupt!\n"); 04190 } 04191 /* 04192 rsbac_pr_debug(ds_auth, "Copying process cap set data to process cap set\n"); 04193 */ 04194 /* call the copy function */ 04195 return copy_pp_cap_set_item(old_p_set_id, new_p_set_id); 04196 }
int rsbac_auth_get_f_caplist | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_auth_file_t | file, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t ** | caplist_p, | |||
rsbac_time_t ** | ttllist_p | |||
) |
Definition at line 4198 of file auth_data_structures.c.
Referenced by sys_rsbac_auth_get_f_caplist().
04203 { 04204 struct rsbac_auth_device_list_item_t *device_p; 04205 long count; 04206 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 04207 u_long dflags; 04208 #endif 04209 04210 if (!rsbac_is_initialized()) { 04211 rsbac_printk(KERN_WARNING "rsbac_auth_get_f_caplist(): RSBAC not initialized\n"); 04212 return (-RSBAC_ENOTINITIALIZED); 04213 } 04214 if (in_interrupt()) { 04215 rsbac_printk(KERN_WARNING "rsbac_auth_get_f_caplist(): called from interrupt!\n"); 04216 } 04217 /* 04218 rsbac_pr_debug(ds_auth, "Getting file/dir cap set list\n"); 04219 */ 04220 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04221 rcu_read_lock(); 04222 #else 04223 rsbac_read_lock(&device_list_lock, &dflags); 04224 #endif 04225 device_p = lookup_device(file.device); 04226 if (!device_p) { 04227 /* trigger rsbac_mount() */ 04228 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04229 rcu_read_unlock(); 04230 #else 04231 rsbac_read_unlock(&device_list_lock, &dflags); 04232 #endif 04233 rsbac_get_super_block(file.device); 04234 /* retry */ 04235 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04236 rcu_read_lock(); 04237 #else 04238 rsbac_read_lock(&device_list_lock, &dflags); 04239 #endif 04240 device_p = lookup_device(file.device); 04241 if (!device_p) { 04242 rsbac_printk(KERN_WARNING "rsbac_auth_get_f_caplist(): invalid device %02u:%02u!\n", 04243 RSBAC_MAJOR(file.device), 04244 RSBAC_MINOR(file.device)); 04245 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04246 rcu_read_unlock(); 04247 #else 04248 rsbac_read_unlock(&device_list_lock, &dflags); 04249 #endif 04250 return (-RSBAC_EINVALIDDEV); 04251 } 04252 } 04253 switch (cap_type) { 04254 case ACT_real: 04255 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04256 device_p->handle, 04257 &file.inode, 04258 (void **) 04259 caplist_p, 04260 ttllist_p); 04261 break; 04262 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 04263 case ACT_eff: 04264 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04265 device_p->eff_handle, 04266 &file.inode, 04267 (void **) 04268 caplist_p, 04269 ttllist_p); 04270 break; 04271 case ACT_fs: 04272 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04273 device_p->fs_handle, 04274 &file.inode, 04275 (void **) 04276 caplist_p, 04277 ttllist_p); 04278 break; 04279 #endif 04280 #ifdef CONFIG_RSBAC_AUTH_GROUP 04281 case ACT_group_real: 04282 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04283 device_p->group_handle, 04284 &file.inode, 04285 (void **) 04286 caplist_p, 04287 ttllist_p); 04288 break; 04289 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 04290 case ACT_group_eff: 04291 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04292 device_p->group_eff_handle, 04293 &file.inode, 04294 (void **) 04295 caplist_p, 04296 ttllist_p); 04297 break; 04298 case ACT_group_fs: 04299 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04300 device_p->group_fs_handle, 04301 &file.inode, 04302 (void **) 04303 caplist_p, 04304 ttllist_p); 04305 break; 04306 #endif 04307 #endif /* AUTH_GROUP */ 04308 04309 default: 04310 count = -RSBAC_EINVALIDTARGET; 04311 } 04312 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04313 rcu_read_unlock(); 04314 #else 04315 rsbac_read_unlock(&device_list_lock, &dflags); 04316 #endif 04317 return (count); 04318 }
int rsbac_auth_get_p_caplist | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t ** | caplist_p, | |||
rsbac_time_t ** | ttllist_p | |||
) |
Definition at line 4320 of file auth_data_structures.c.
Referenced by sys_rsbac_auth_get_p_caplist().
04325 { 04326 long count; 04327 04328 if (!rsbac_is_initialized()) { 04329 rsbac_printk(KERN_WARNING "rsbac_auth_get_p_caplist(): RSBAC not initialized\n"); 04330 return (-RSBAC_ENOTINITIALIZED); 04331 } 04332 if (in_interrupt()) { 04333 rsbac_printk(KERN_WARNING "rsbac_auth_get_p_caplist(): called from interrupt!\n"); 04334 } 04335 /* 04336 rsbac_pr_debug(ds_auth, "Getting process cap set list\n"); 04337 */ 04338 switch (cap_type) { 04339 case ACT_real: 04340 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04341 process_handle, 04342 &pid, 04343 (void **) 04344 caplist_p, 04345 ttllist_p); 04346 break; 04347 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 04348 case ACT_eff: 04349 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04350 process_eff_handle, 04351 &pid, 04352 (void **) 04353 caplist_p, 04354 ttllist_p); 04355 break; 04356 case ACT_fs: 04357 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04358 process_fs_handle, 04359 &pid, 04360 (void **) 04361 caplist_p, 04362 ttllist_p); 04363 break; 04364 #endif 04365 #ifdef CONFIG_RSBAC_AUTH_GROUP 04366 case ACT_group_real: 04367 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04368 process_group_handle, 04369 &pid, 04370 (void **) 04371 caplist_p, 04372 ttllist_p); 04373 break; 04374 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 04375 case ACT_group_eff: 04376 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04377 process_group_eff_handle, 04378 &pid, 04379 (void **) 04380 caplist_p, 04381 ttllist_p); 04382 break; 04383 case ACT_group_fs: 04384 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 04385 process_group_fs_handle, 04386 &pid, 04387 (void **) 04388 caplist_p, 04389 ttllist_p); 04390 break; 04391 #endif 04392 #endif /* AUTH_GROUP */ 04393 04394 default: 04395 count = -RSBAC_EINVALIDTARGET; 04396 } 04397 return (count); 04398 }
rsbac_boolean_t rsbac_auth_p_capset_member | ( | rsbac_pid_t | pid, | |
enum rsbac_auth_cap_type_t | cap_type, | |||
rsbac_uid_t | member | |||
) |
Definition at line 3359 of file auth_data_structures.c.
References A_auth_learn, ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, rsbac_attribute_value_t::auth_learn, device_list_lock, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_device_list_item_t::handle, rsbac_auth_cap_range_t::last, lookup_device(), NULL, rsbac_target_id_t::process, process_handle, RSBAC_AUTH_DAC_GROUP_F_CAP, RSBAC_AUTH_DAC_OWNER_F_CAP, RSBAC_AUTH_GROUP_F_CAP, RSBAC_AUTH_MAX_RANGE_UID, RSBAC_AUTH_OWNER_F_CAP, rsbac_get_attr, rsbac_is_initialized(), rsbac_list_lol_subadd(), rsbac_list_lol_subexist_compare(), rsbac_printk(), single_cap_compare(), SW_AUTH, T_PROCESS, and TRUE.
Referenced by rsbac_adf_request_auth(), and rsbac_replace_auth_cap().
03362 { 03363 rsbac_boolean_t result; 03364 03365 if (!rsbac_is_initialized()) { 03366 rsbac_printk(KERN_WARNING "rsbac_auth_p_capset_member(): RSBAC not initialized\n"); 03367 return FALSE; 03368 } 03369 if (in_interrupt()) { 03370 rsbac_printk(KERN_WARNING "rsbac_auth_p_capset_member(): called from interrupt!\n"); 03371 } 03372 switch (cap_type) { 03373 case ACT_real: 03374 result = 03375 rsbac_list_lol_subexist_compare(process_handle, &pid, 03376 &member, 03377 single_cap_compare); 03378 03379 #if defined(CONFIG_RSBAC_AUTH_LEARN) 03380 if (!result && (member <= RSBAC_AUTH_MAX_RANGE_UID) 03381 ) { 03382 union rsbac_target_id_t tid; 03383 union rsbac_attribute_value_t attr_val; 03384 rsbac_boolean_t learn; 03385 03386 learn = rsbac_auth_learn; 03387 if (!learn) { 03388 tid.process = pid; 03389 /* check learn on process */ 03390 if (!rsbac_get_attr 03391 (SW_AUTH, T_PROCESS, tid, A_auth_learn, 03392 &attr_val, FALSE)) 03393 learn = attr_val.auth_learn; 03394 } 03395 if (learn) { 03396 struct rsbac_auth_cap_range_t range; 03397 03398 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH capability for uid %u to process %u (%.15s)!\n", 03399 member, pid, current->comm); 03400 range.first = member; 03401 range.last = member; 03402 rsbac_list_lol_subadd(process_handle, &pid, 03403 &range, NULL); 03404 03405 tid.process = pid; 03406 if (!rsbac_get_attr 03407 (SW_AUTH, T_PROCESS, tid, 03408 A_auth_program_file, &attr_val, 03409 FALSE)) { 03410 struct 03411 rsbac_auth_device_list_item_t 03412 *device_p; 03413 union rsbac_attribute_value_t 03414 attr_val2; 03415 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03416 u_long dflags; 03417 #endif 03418 03419 if (!rsbac_get_attr 03420 (SW_AUTH, T_PROCESS, tid, 03421 A_auth_start_uid, &attr_val2, 03422 FALSE) 03423 && (range.first == 03424 attr_val2.auth_start_uid) 03425 ) { 03426 range.first = 03427 RSBAC_AUTH_OWNER_F_CAP; 03428 range.last = range.first; 03429 } 03430 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH capability for uid %u to file %u on device %02u:%02u!\n", 03431 range.first, 03432 attr_val. 03433 auth_program_file. 03434 inode, 03435 MAJOR(attr_val. 03436 auth_program_file. 03437 device), 03438 MINOR(attr_val. 03439 auth_program_file. 03440 device)); 03441 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03442 rcu_read_lock(); 03443 #else 03444 rsbac_read_lock(&device_list_lock, &dflags); 03445 #endif 03446 device_p = 03447 lookup_device(attr_val. 03448 auth_program_file. 03449 device); 03450 if (device_p) { 03451 rsbac_list_lol_subadd 03452 (device_p->handle, 03453 &attr_val. 03454 auth_program_file. 03455 inode, &range, NULL); 03456 } else { 03457 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", 03458 MAJOR 03459 (attr_val. 03460 auth_program_file. 03461 device), 03462 MINOR 03463 (attr_val. 03464 auth_program_file. 03465 device)); 03466 } 03467 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03468 rcu_read_unlock(); 03469 #else 03470 rsbac_read_unlock(&device_list_lock, &dflags); 03471 #endif 03472 } 03473 result = TRUE; 03474 } 03475 } 03476 #endif 03477 break; 03478 03479 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 03480 case ACT_eff: 03481 result = 03482 rsbac_list_lol_subexist_compare(process_eff_handle, 03483 &pid, &member, 03484 single_cap_compare); 03485 03486 #if defined(CONFIG_RSBAC_AUTH_LEARN) 03487 if (!result && (member <= RSBAC_AUTH_MAX_RANGE_UID) 03488 ) { 03489 union rsbac_target_id_t tid; 03490 union rsbac_attribute_value_t attr_val; 03491 rsbac_boolean_t learn; 03492 03493 learn = rsbac_auth_learn; 03494 if (!learn) { 03495 tid.process = pid; 03496 /* check learn on process */ 03497 if (!rsbac_get_attr 03498 (SW_AUTH, T_PROCESS, tid, A_auth_learn, 03499 &attr_val, FALSE)) 03500 learn = attr_val.auth_learn; 03501 } 03502 if (learn) { 03503 struct rsbac_auth_cap_range_t range; 03504 03505 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH eff capability for uid %u to process %u (%.15s)!\n", 03506 member, pid, current->comm); 03507 range.first = member; 03508 range.last = member; 03509 rsbac_list_lol_subadd(process_eff_handle, 03510 &pid, &range, NULL); 03511 03512 tid.process = pid; 03513 if (!rsbac_get_attr 03514 (SW_AUTH, T_PROCESS, tid, 03515 A_auth_program_file, &attr_val, 03516 FALSE)) { 03517 struct 03518 rsbac_auth_device_list_item_t 03519 *device_p; 03520 union rsbac_attribute_value_t 03521 attr_val2; 03522 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03523 u_long dflags; 03524 #endif 03525 03526 if (!rsbac_get_attr 03527 (SW_AUTH, T_PROCESS, tid, 03528 A_auth_start_uid, &attr_val2, 03529 FALSE) 03530 && (range.first == 03531 attr_val2.auth_start_uid) 03532 ) { 03533 range.first = 03534 RSBAC_AUTH_OWNER_F_CAP; 03535 range.last = range.first; 03536 } else 03537 if (!rsbac_get_attr 03538 (SW_AUTH, T_PROCESS, tid, 03539 A_auth_start_euid, 03540 &attr_val2, FALSE) 03541 && (range.first == 03542 attr_val2. 03543 auth_start_euid) 03544 ) { 03545 range.first = 03546 RSBAC_AUTH_DAC_OWNER_F_CAP; 03547 range.last = range.first; 03548 } 03549 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH eff capability for uid %u to file %u on device %02u:%02u!\n", 03550 range.first, 03551 attr_val. 03552 auth_program_file. 03553 inode, 03554 MAJOR(attr_val. 03555 auth_program_file. 03556 device), 03557 MINOR(attr_val. 03558 auth_program_file. 03559 device)); 03560 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03561 rcu_read_lock(); 03562 #else 03563 rsbac_read_lock(&device_list_lock, &dflags); 03564 #endif 03565 device_p = 03566 lookup_device(attr_val. 03567 auth_program_file. 03568 device); 03569 if (device_p) { 03570 rsbac_list_lol_subadd 03571 (device_p->eff_handle, 03572 &attr_val. 03573 auth_program_file. 03574 inode, &range, NULL); 03575 } else { 03576 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", 03577 MAJOR 03578 (attr_val. 03579 auth_program_file. 03580 device), 03581 MINOR 03582 (attr_val. 03583 auth_program_file. 03584 device)); 03585 } 03586 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03587 rcu_read_unlock(); 03588 #else 03589 rsbac_read_unlock(&device_list_lock, &dflags); 03590 #endif 03591 } 03592 result = TRUE; 03593 } 03594 } 03595 #endif 03596 break; 03597 03598 case ACT_fs: 03599 result = 03600 rsbac_list_lol_subexist_compare(process_fs_handle, 03601 &pid, &member, 03602 single_cap_compare); 03603 03604 #if defined(CONFIG_RSBAC_AUTH_LEARN) 03605 if (!result && (member <= RSBAC_AUTH_MAX_RANGE_UID) 03606 ) { 03607 union rsbac_target_id_t tid; 03608 union rsbac_attribute_value_t attr_val; 03609 rsbac_boolean_t learn; 03610 03611 learn = rsbac_auth_learn; 03612 if (!learn) { 03613 tid.process = pid; 03614 /* check learn on process */ 03615 if (!rsbac_get_attr 03616 (SW_AUTH, T_PROCESS, tid, A_auth_learn, 03617 &attr_val, FALSE)) 03618 learn = attr_val.auth_learn; 03619 } 03620 if (learn) { 03621 struct rsbac_auth_cap_range_t range; 03622 03623 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH fs capability for uid %u to process %u (%.15s)!\n", 03624 member, pid, current->comm); 03625 range.first = member; 03626 range.last = member; 03627 rsbac_list_lol_subadd(process_fs_handle, 03628 &pid, &range, NULL); 03629 03630 tid.process = pid; 03631 if (!rsbac_get_attr 03632 (SW_AUTH, T_PROCESS, tid, 03633 A_auth_program_file, &attr_val, 03634 FALSE)) { 03635 struct 03636 rsbac_auth_device_list_item_t 03637 *device_p; 03638 union rsbac_attribute_value_t 03639 attr_val2; 03640 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03641 u_long dflags; 03642 #endif 03643 03644 if (!rsbac_get_attr 03645 (SW_AUTH, T_PROCESS, tid, 03646 A_auth_start_uid, &attr_val2, 03647 FALSE) 03648 && (range.first == 03649 attr_val2.auth_start_uid) 03650 ) { 03651 range.first = 03652 RSBAC_AUTH_OWNER_F_CAP; 03653 range.last = range.first; 03654 } else 03655 if (!rsbac_get_attr 03656 (SW_AUTH, T_PROCESS, tid, 03657 A_auth_start_euid, 03658 &attr_val2, FALSE) 03659 && (range.first == 03660 attr_val2. 03661 auth_start_euid) 03662 ) { 03663 range.first = 03664 RSBAC_AUTH_DAC_OWNER_F_CAP; 03665 range.last = range.first; 03666 } 03667 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH fs capability for uid %u to file %u on device %02u:%02u!\n", 03668 range.first, 03669 attr_val. 03670 auth_program_file. 03671 inode, 03672 MAJOR(attr_val. 03673 auth_program_file. 03674 device), 03675 MINOR(attr_val. 03676 auth_program_file. 03677 device)); 03678 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03679 rcu_read_lock(); 03680 #else 03681 rsbac_read_lock(&device_list_lock, &dflags); 03682 #endif 03683 device_p = 03684 lookup_device(attr_val. 03685 auth_program_file. 03686 device); 03687 if (device_p) { 03688 rsbac_list_lol_subadd 03689 (device_p->fs_handle, 03690 &attr_val. 03691 auth_program_file. 03692 inode, &range, NULL); 03693 } else { 03694 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", 03695 MAJOR 03696 (attr_val. 03697 auth_program_file. 03698 device), 03699 MINOR 03700 (attr_val. 03701 auth_program_file. 03702 device)); 03703 } 03704 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03705 rcu_read_unlock(); 03706 #else 03707 rsbac_read_unlock(&device_list_lock, &dflags); 03708 #endif 03709 } 03710 result = TRUE; 03711 } 03712 } 03713 #endif 03714 break; 03715 #endif /* AUTH_DAC_OWNER */ 03716 03717 #ifdef CONFIG_RSBAC_AUTH_GROUP 03718 case ACT_group_real: 03719 result = 03720 rsbac_list_lol_subexist_compare(process_group_handle, 03721 &pid, &member, 03722 single_cap_compare); 03723 03724 #if defined(CONFIG_RSBAC_AUTH_LEARN) 03725 if (!result && (member <= RSBAC_AUTH_MAX_RANGE_UID) 03726 ) { 03727 union rsbac_target_id_t tid; 03728 union rsbac_attribute_value_t attr_val; 03729 rsbac_boolean_t learn; 03730 03731 learn = rsbac_auth_learn; 03732 if (!learn) { 03733 tid.process = pid; 03734 /* check learn on process */ 03735 if (!rsbac_get_attr 03736 (SW_AUTH, T_PROCESS, tid, A_auth_learn, 03737 &attr_val, FALSE)) 03738 learn = attr_val.auth_learn; 03739 } 03740 if (learn) { 03741 struct rsbac_auth_cap_range_t range; 03742 03743 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group capability for gid %u to process %u (%.15s)!\n", 03744 member, pid, current->comm); 03745 range.first = member; 03746 range.last = member; 03747 rsbac_list_lol_subadd(process_group_handle, 03748 &pid, &range, NULL); 03749 03750 tid.process = pid; 03751 if (!rsbac_get_attr 03752 (SW_AUTH, T_PROCESS, tid, 03753 A_auth_program_file, &attr_val, 03754 FALSE)) { 03755 struct 03756 rsbac_auth_device_list_item_t 03757 *device_p; 03758 union rsbac_attribute_value_t 03759 attr_val2; 03760 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03761 u_long dflags; 03762 #endif 03763 03764 if (!rsbac_get_attr 03765 (SW_AUTH, T_PROCESS, tid, 03766 A_auth_start_gid, &attr_val2, 03767 FALSE) 03768 && (range.first == 03769 attr_val2.auth_start_gid) 03770 ) { 03771 range.first = 03772 RSBAC_AUTH_GROUP_F_CAP; 03773 range.last = range.first; 03774 } 03775 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group capability for gid %u to file %u on device %02u:%02u!\n", 03776 range.first, 03777 attr_val. 03778 auth_program_file. 03779 inode, 03780 MAJOR(attr_val. 03781 auth_program_file. 03782 device), 03783 MINOR(attr_val. 03784 auth_program_file. 03785 device)); 03786 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03787 rcu_read_lock(); 03788 #else 03789 rsbac_read_lock(&device_list_lock, &dflags); 03790 #endif 03791 device_p = 03792 lookup_device(attr_val. 03793 auth_program_file. 03794 device); 03795 if (device_p) { 03796 rsbac_list_lol_subadd 03797 (device_p->group_handle, 03798 &attr_val. 03799 auth_program_file. 03800 inode, &range, NULL); 03801 } else { 03802 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", 03803 MAJOR 03804 (attr_val. 03805 auth_program_file. 03806 device), 03807 MINOR 03808 (attr_val. 03809 auth_program_file. 03810 device)); 03811 } 03812 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03813 rcu_read_unlock(); 03814 #else 03815 rsbac_read_unlock(&device_list_lock, &dflags); 03816 #endif 03817 } 03818 result = TRUE; 03819 } 03820 } 03821 #endif 03822 break; 03823 03824 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 03825 case ACT_group_eff: 03826 result = 03827 rsbac_list_lol_subexist_compare 03828 (process_group_eff_handle, &pid, &member, 03829 single_cap_compare); 03830 03831 #if defined(CONFIG_RSBAC_AUTH_LEARN) 03832 if (!result && (member <= RSBAC_AUTH_MAX_RANGE_UID) 03833 ) { 03834 union rsbac_target_id_t tid; 03835 union rsbac_attribute_value_t attr_val; 03836 rsbac_boolean_t learn; 03837 03838 learn = rsbac_auth_learn; 03839 if (!learn) { 03840 tid.process = pid; 03841 /* check learn on process */ 03842 if (!rsbac_get_attr 03843 (SW_AUTH, T_PROCESS, tid, A_auth_learn, 03844 &attr_val, FALSE)) 03845 learn = attr_val.auth_learn; 03846 } 03847 if (learn) { 03848 struct rsbac_auth_cap_range_t range; 03849 03850 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group eff capability for gid %u to process %u (%.15s)!\n", 03851 member, pid, current->comm); 03852 range.first = member; 03853 range.last = member; 03854 rsbac_list_lol_subadd 03855 (process_group_eff_handle, &pid, 03856 &range, NULL); 03857 03858 tid.process = pid; 03859 if (!rsbac_get_attr 03860 (SW_AUTH, T_PROCESS, tid, 03861 A_auth_program_file, &attr_val, 03862 FALSE)) { 03863 struct 03864 rsbac_auth_device_list_item_t 03865 *device_p; 03866 union rsbac_attribute_value_t 03867 attr_val2; 03868 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03869 u_long dflags; 03870 #endif 03871 03872 if (!rsbac_get_attr 03873 (SW_AUTH, T_PROCESS, tid, 03874 A_auth_start_gid, &attr_val2, 03875 FALSE) 03876 && (range.first == 03877 attr_val2.auth_start_gid) 03878 ) { 03879 range.first = 03880 RSBAC_AUTH_GROUP_F_CAP; 03881 range.last = range.first; 03882 } else 03883 if (!rsbac_get_attr 03884 (SW_AUTH, T_PROCESS, tid, 03885 A_auth_start_egid, 03886 &attr_val2, FALSE) 03887 && (range.first == 03888 attr_val2. 03889 auth_start_egid) 03890 ) { 03891 range.first = 03892 RSBAC_AUTH_DAC_GROUP_F_CAP; 03893 range.last = range.first; 03894 } 03895 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group eff capability for gid %u to file %u on device %02u:%02u!\n", 03896 range.first, 03897 attr_val. 03898 auth_program_file. 03899 inode, 03900 MAJOR(attr_val. 03901 auth_program_file. 03902 device), 03903 MINOR(attr_val. 03904 auth_program_file. 03905 device)); 03906 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03907 rcu_read_lock(); 03908 #else 03909 rsbac_read_lock(&device_list_lock, &dflags); 03910 #endif 03911 device_p = 03912 lookup_device(attr_val. 03913 auth_program_file. 03914 device); 03915 if (device_p) { 03916 rsbac_list_lol_subadd 03917 (device_p->group_eff_handle, 03918 &attr_val. 03919 auth_program_file. 03920 inode, &range, NULL); 03921 } else { 03922 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", 03923 MAJOR 03924 (attr_val. 03925 auth_program_file. 03926 device), 03927 MINOR 03928 (attr_val. 03929 auth_program_file. 03930 device)); 03931 } 03932 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03933 rcu_read_unlock(); 03934 #else 03935 rsbac_read_unlock(&device_list_lock, &dflags); 03936 #endif 03937 } 03938 result = TRUE; 03939 } 03940 } 03941 #endif 03942 break; 03943 03944 case ACT_group_fs: 03945 result = 03946 rsbac_list_lol_subexist_compare 03947 (process_group_fs_handle, &pid, &member, 03948 single_cap_compare); 03949 03950 #if defined(CONFIG_RSBAC_AUTH_LEARN) 03951 if (!result && (member <= RSBAC_AUTH_MAX_RANGE_UID) 03952 ) { 03953 union rsbac_target_id_t tid; 03954 union rsbac_attribute_value_t attr_val; 03955 rsbac_boolean_t learn; 03956 03957 learn = rsbac_auth_learn; 03958 if (!learn) { 03959 tid.process = pid; 03960 /* check learn on process */ 03961 if (!rsbac_get_attr 03962 (SW_AUTH, T_PROCESS, tid, A_auth_learn, 03963 &attr_val, FALSE)) 03964 learn = attr_val.auth_learn; 03965 } 03966 if (learn) { 03967 struct rsbac_auth_cap_range_t range; 03968 03969 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group fs capability for gid %u to process %u (%.15s)!\n", 03970 member, pid, current->comm); 03971 range.first = member; 03972 range.last = member; 03973 rsbac_list_lol_subadd 03974 (process_group_fs_handle, &pid, &range, 03975 NULL); 03976 03977 tid.process = pid; 03978 if (!rsbac_get_attr 03979 (SW_AUTH, T_PROCESS, tid, 03980 A_auth_program_file, &attr_val, 03981 FALSE)) { 03982 struct 03983 rsbac_auth_device_list_item_t 03984 *device_p; 03985 union rsbac_attribute_value_t 03986 attr_val2; 03987 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03988 u_long dflags; 03989 #endif 03990 03991 if (!rsbac_get_attr 03992 (SW_AUTH, T_PROCESS, tid, 03993 A_auth_start_gid, &attr_val2, 03994 FALSE) 03995 && (range.first == 03996 attr_val2.auth_start_gid) 03997 ) { 03998 range.first = 03999 RSBAC_AUTH_GROUP_F_CAP; 04000 range.last = range.first; 04001 } else 04002 if (!rsbac_get_attr 04003 (SW_AUTH, T_PROCESS, tid, 04004 A_auth_start_egid, 04005 &attr_val2, FALSE) 04006 && (range.first == 04007 attr_val2. 04008 auth_start_egid) 04009 ) { 04010 range.first = 04011 RSBAC_AUTH_DAC_GROUP_F_CAP; 04012 range.last = range.first; 04013 } 04014 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group fs capability for gid %u to file %u on device %02u:%02u!\n", 04015 range.first, 04016 attr_val. 04017 auth_program_file. 04018 inode, 04019 MAJOR(attr_val. 04020 auth_program_file. 04021 device), 04022 MINOR(attr_val. 04023 auth_program_file. 04024 device)); 04025 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04026 rcu_read_lock(); 04027 #else 04028 rsbac_read_lock(&device_list_lock, &dflags); 04029 #endif 04030 device_p = 04031 lookup_device(attr_val. 04032 auth_program_file. 04033 device); 04034 if (device_p) { 04035 rsbac_list_lol_subadd 04036 (device_p->group_fs_handle, 04037 &attr_val. 04038 auth_program_file. 04039 inode, &range, NULL); 04040 } else { 04041 rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", 04042 MAJOR 04043 (attr_val. 04044 auth_program_file. 04045 device), 04046 MINOR 04047 (attr_val. 04048 auth_program_file. 04049 device)); 04050 } 04051 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 04052 rcu_read_unlock(); 04053 #else 04054 rsbac_read_unlock(&device_list_lock, &dflags); 04055 #endif 04056 } 04057 result = TRUE; 04058 } 04059 } 04060 #endif 04061 break; 04062 #endif /* AUTH_DAC_GROUP */ 04063 #endif /* AUTH_GROUP */ 04064 04065 default: 04066 return FALSE; 04067 } 04068 return result; 04069 }
int rsbac_auth_remove_f_capsets | ( | rsbac_auth_file_t | file | ) |
Definition at line 4095 of file auth_data_structures.c.
References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, and rsbac_auth_clear_f_capset().
Referenced by rsbac_adf_set_attr_auth(), and rsbac_ta_remove_target().
04096 { 04097 int err; 04098 04099 err = rsbac_auth_clear_f_capset(0, file, ACT_real); 04100 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 04101 if (!err) 04102 err = rsbac_auth_clear_f_capset(0, file, ACT_eff); 04103 if (!err) 04104 err = rsbac_auth_clear_f_capset(0, file, ACT_fs); 04105 #endif 04106 #ifdef CONFIG_RSBAC_AUTH_GROUP 04107 err = rsbac_auth_clear_f_capset(0, file, ACT_group_real); 04108 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 04109 if (!err) 04110 err = rsbac_auth_clear_f_capset(0, file, ACT_group_eff); 04111 if (!err) 04112 err = rsbac_auth_clear_f_capset(0, file, ACT_group_fs); 04113 #endif 04114 #endif /* AUTH_GROUP */ 04115 04116 return err; 04117 }
int rsbac_auth_remove_from_f_capset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_auth_file_t | file, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range | |||
) |
Definition at line 3104 of file auth_data_structures.c.
References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, device_list_lock, rsbac_auth_cap_range_t::first, rsbac_auth_device_list_item_t::handle, rsbac_auth_cap_range_t::last, lookup_device(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDDEV, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove().
Referenced by rsbac_auth_remove_f_cap().
03109 { 03110 int err = 0; 03111 struct rsbac_auth_device_list_item_t *device_p; 03112 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03113 u_long dflags; 03114 #endif 03115 03116 if (!rsbac_is_initialized()) { 03117 rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_f_capset(): RSBAC not initialized\n"); 03118 return (-RSBAC_ENOTINITIALIZED); 03119 } 03120 if (in_interrupt()) { 03121 rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_f_capset(): called from interrupt!\n"); 03122 } 03123 if (cap_range.first > cap_range.last) 03124 return (-RSBAC_EINVALIDVALUE); 03125 03126 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03127 rcu_read_lock(); 03128 #else 03129 rsbac_read_lock(&device_list_lock, &dflags); 03130 #endif 03131 device_p = lookup_device(file.device); 03132 if (!device_p) { 03133 /* trigger rsbac_mount() */ 03134 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03135 rcu_read_unlock(); 03136 #else 03137 rsbac_read_unlock(&device_list_lock, &dflags); 03138 #endif 03139 rsbac_get_super_block(file.device); 03140 /* retry */ 03141 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03142 rcu_read_lock(); 03143 #else 03144 rsbac_read_lock(&device_list_lock, &dflags); 03145 #endif 03146 device_p = lookup_device(file.device); 03147 if (!device_p) { 03148 rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_f_capset(): invalid device %02u:%02u!\n", 03149 RSBAC_MAJOR(file.device), 03150 RSBAC_MINOR(file.device)); 03151 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03152 rcu_read_unlock(); 03153 #else 03154 rsbac_read_unlock(&device_list_lock, &dflags); 03155 #endif 03156 return (-RSBAC_EINVALIDDEV); 03157 } 03158 } 03159 switch (cap_type) { 03160 case ACT_real: 03161 err = rsbac_ta_list_lol_subremove(ta_number, 03162 device_p->handle, 03163 &file.inode, &cap_range); 03164 break; 03165 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 03166 case ACT_eff: 03167 err = rsbac_ta_list_lol_subremove(ta_number, 03168 device_p->eff_handle, 03169 &file.inode, &cap_range); 03170 break; 03171 case ACT_fs: 03172 err = rsbac_ta_list_lol_subremove(ta_number, 03173 device_p->fs_handle, 03174 &file.inode, &cap_range); 03175 break; 03176 #endif 03177 #ifdef CONFIG_RSBAC_AUTH_GROUP 03178 case ACT_group_real: 03179 err = rsbac_ta_list_lol_subremove(ta_number, 03180 device_p->group_handle, 03181 &file.inode, &cap_range); 03182 break; 03183 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 03184 case ACT_group_eff: 03185 err = rsbac_ta_list_lol_subremove(ta_number, 03186 device_p->group_eff_handle, 03187 &file.inode, &cap_range); 03188 break; 03189 case ACT_group_fs: 03190 err = rsbac_ta_list_lol_subremove(ta_number, 03191 device_p->group_fs_handle, 03192 &file.inode, &cap_range); 03193 break; 03194 #endif 03195 #endif /* AUTH_GROUP */ 03196 03197 default: 03198 err = -RSBAC_EINVALIDATTR; 03199 } 03200 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03201 rcu_read_unlock(); 03202 #else 03203 rsbac_read_unlock(&device_list_lock, &dflags); 03204 #endif 03205 return (err); 03206 }
int rsbac_auth_remove_from_p_capset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range | |||
) |
Definition at line 3052 of file auth_data_structures.c.
References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, process_handle, RSBAC_EINVALIDATTR, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove().
Referenced by rsbac_auth_remove_p_cap(), and rsbac_replace_auth_cap().
03057 { 03058 if (!rsbac_is_initialized()) { 03059 rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_p_capset(): RSBAC not initialized\n"); 03060 return (-RSBAC_ENOTINITIALIZED); 03061 } 03062 if (in_interrupt()) { 03063 rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_p_capset(): called from interrupt!\n"); 03064 } 03065 if (cap_range.first > cap_range.last) 03066 return (-RSBAC_EINVALIDVALUE); 03067 switch (cap_type) { 03068 case ACT_real: 03069 return rsbac_ta_list_lol_subremove(ta_number, 03070 process_handle, &pid, 03071 &cap_range); 03072 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 03073 case ACT_eff: 03074 return rsbac_ta_list_lol_subremove(ta_number, 03075 process_eff_handle, 03076 &pid, &cap_range); 03077 case ACT_fs: 03078 return rsbac_ta_list_lol_subremove(ta_number, 03079 process_fs_handle, &pid, 03080 &cap_range); 03081 #endif 03082 #ifdef CONFIG_RSBAC_AUTH_GROUP 03083 case ACT_group_real: 03084 return rsbac_ta_list_lol_subremove(ta_number, 03085 process_group_handle, 03086 &pid, &cap_range); 03087 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 03088 case ACT_group_eff: 03089 return rsbac_ta_list_lol_subremove(ta_number, 03090 process_group_eff_handle, 03091 &pid, &cap_range); 03092 case ACT_group_fs: 03093 return rsbac_ta_list_lol_subremove(ta_number, 03094 process_group_fs_handle, 03095 &pid, &cap_range); 03096 #endif 03097 #endif /* AUTH_GROUP */ 03098 03099 default: 03100 return -RSBAC_EINVALIDATTR; 03101 } 03102 }
int rsbac_auth_remove_p_capsets | ( | rsbac_pid_t | pid | ) |
Definition at line 4075 of file auth_data_structures.c.
References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, and rsbac_auth_clear_p_capset().
Referenced by rsbac_ta_remove_target().
04076 { 04077 int err; 04078 04079 err = rsbac_auth_clear_p_capset(0, pid, ACT_real); 04080 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 04081 err = rsbac_auth_clear_p_capset(0, pid, ACT_eff); 04082 err = rsbac_auth_clear_p_capset(0, pid, ACT_fs); 04083 #endif 04084 #ifdef CONFIG_RSBAC_AUTH_GROUP 04085 err = rsbac_auth_clear_p_capset(0, pid, ACT_group_real); 04086 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 04087 err = rsbac_auth_clear_p_capset(0, pid, ACT_group_eff); 04088 err = rsbac_auth_clear_p_capset(0, pid, ACT_group_fs); 04089 #endif 04090 #endif /* AUTH_GROUP */ 04091 04092 return err; 04093 }
int __init rsbac_init_auth | ( | void | ) |
Definition at line 2395 of file auth_data_structures.c.
References add_device_item(), auth_register_fd_lists(), cap_compare(), create_device_item(), rsbac_list_lol_info_t::data_size, rsbac_list_lol_info_t::desc_size, device_list_head_p, device_list_lock, get_error_name(), rsbac_list_lol_info_t::key, rsbac_list_lol_info_t::max_age, NULL, proc_rsbac_root_p, process_handle, RSBAC_AUTH_LIST_KEY, RSBAC_AUTH_P_EFF_LIST_NAME, RSBAC_AUTH_P_FS_LIST_NAME, RSBAC_AUTH_P_GROUP_EFF_LIST_NAME, RSBAC_AUTH_P_GROUP_FS_LIST_NAME, RSBAC_AUTH_P_GROUP_LIST_NAME, RSBAC_AUTH_P_LIST_NAME, RSBAC_AUTH_P_LIST_VERSION, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EREINIT, rsbac_is_initialized(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_DEF_DATA, rsbac_list_hash_pid(), rsbac_list_lol_register_hashed(), RSBAC_LIST_MIN_MAX_HASHES, RSBAC_LIST_VERSION, RSBAC_MAXNAMELEN, rsbac_pr_debug, rsbac_printk(), rsbac_root_dev, rsbac_list_lol_info_t::subdata_size, rsbac_list_lol_info_t::subdesc_size, and rsbac_list_lol_info_t::version.
Referenced by rsbac_do_init().
02397 { 02398 int err = 0; 02399 struct rsbac_auth_device_list_item_t *device_p = NULL; 02400 struct proc_dir_entry *tmp_entry_p; 02401 struct rsbac_list_lol_info_t lol_info; 02402 02403 if (rsbac_is_initialized()) { 02404 rsbac_printk(KERN_WARNING "rsbac_init_auth(): RSBAC already initialized\n"); 02405 return (-RSBAC_EREINIT); 02406 } 02407 02408 rsbac_printk(KERN_INFO "rsbac_init_auth(): Initializing RSBAC: AUTH subsystem\n"); 02409 02410 lol_info.version = RSBAC_AUTH_P_LIST_VERSION; 02411 lol_info.key = RSBAC_AUTH_LIST_KEY; 02412 lol_info.desc_size = sizeof(rsbac_pid_t); 02413 lol_info.data_size = 0; 02414 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); 02415 lol_info.subdata_size = 0; 02416 lol_info.max_age = 0; 02417 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 02418 &process_handle, 02419 &lol_info, 02420 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 02421 NULL, 02422 cap_compare, 02423 NULL, 02424 NULL, 02425 NULL, 02426 NULL, 02427 RSBAC_AUTH_P_LIST_NAME, 02428 RSBAC_AUTO_DEV, 02429 RSBAC_LIST_MIN_MAX_HASHES, 02430 rsbac_list_hash_pid, 02431 NULL); 02432 if (err) { 02433 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02434 02435 if (tmp) { 02436 rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process cap list failed with error %s\n", 02437 get_error_name(tmp, err)); 02438 rsbac_kfree(tmp); 02439 } 02440 } 02441 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 02442 lol_info.version = RSBAC_AUTH_P_LIST_VERSION; 02443 lol_info.key = RSBAC_AUTH_LIST_KEY; 02444 lol_info.desc_size = sizeof(rsbac_pid_t); 02445 lol_info.data_size = 0; 02446 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); 02447 lol_info.subdata_size = 0; 02448 lol_info.max_age = 0; 02449 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 02450 &process_eff_handle, 02451 &lol_info, 02452 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 02453 NULL, 02454 cap_compare, 02455 NULL, 02456 NULL, 02457 NULL, 02458 NULL, 02459 RSBAC_AUTH_P_EFF_LIST_NAME, 02460 RSBAC_AUTO_DEV, 02461 RSBAC_LIST_MIN_MAX_HASHES, 02462 rsbac_list_hash_pid, 02463 NULL); 02464 if (err) { 02465 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02466 02467 if (tmp) { 02468 rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process eff cap list failed with error %s\n", 02469 get_error_name(tmp, err)); 02470 rsbac_kfree(tmp); 02471 } 02472 } 02473 lol_info.version = RSBAC_AUTH_P_LIST_VERSION; 02474 lol_info.key = RSBAC_AUTH_LIST_KEY; 02475 lol_info.desc_size = sizeof(rsbac_pid_t); 02476 lol_info.data_size = 0; 02477 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); 02478 lol_info.subdata_size = 0; 02479 lol_info.max_age = 0; 02480 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 02481 &process_fs_handle, 02482 &lol_info, 02483 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 02484 NULL, 02485 cap_compare, 02486 NULL, 02487 NULL, 02488 NULL, 02489 NULL, 02490 RSBAC_AUTH_P_FS_LIST_NAME, 02491 RSBAC_AUTO_DEV, 02492 RSBAC_LIST_MIN_MAX_HASHES, 02493 rsbac_list_hash_pid, 02494 NULL); 02495 if (err) { 02496 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02497 02498 if (tmp) { 02499 rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process fs cap list failed with error %s\n", 02500 get_error_name(tmp, err)); 02501 rsbac_kfree(tmp); 02502 } 02503 } 02504 #endif 02505 02506 #ifdef CONFIG_RSBAC_AUTH_GROUP 02507 lol_info.version = RSBAC_AUTH_P_LIST_VERSION; 02508 lol_info.key = RSBAC_AUTH_LIST_KEY; 02509 lol_info.desc_size = sizeof(rsbac_pid_t); 02510 lol_info.data_size = 0; 02511 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); 02512 lol_info.subdata_size = 0; 02513 lol_info.max_age = 0; 02514 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 02515 &process_group_handle, 02516 &lol_info, 02517 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 02518 NULL, 02519 cap_compare, 02520 NULL, 02521 NULL, 02522 NULL, 02523 NULL, 02524 RSBAC_AUTH_P_GROUP_LIST_NAME, 02525 RSBAC_AUTO_DEV, 02526 RSBAC_LIST_MIN_MAX_HASHES, 02527 rsbac_list_hash_pid, 02528 NULL); 02529 if (err) { 02530 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02531 02532 if (tmp) { 02533 rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process group cap list failed with error %s\n", 02534 get_error_name(tmp, err)); 02535 rsbac_kfree(tmp); 02536 } 02537 } 02538 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 02539 lol_info.version = RSBAC_AUTH_P_LIST_VERSION; 02540 lol_info.key = RSBAC_AUTH_LIST_KEY; 02541 lol_info.desc_size = sizeof(rsbac_pid_t); 02542 lol_info.data_size = 0; 02543 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); 02544 lol_info.subdata_size = 0; 02545 lol_info.max_age = 0; 02546 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 02547 &process_group_eff_handle, 02548 &lol_info, 02549 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 02550 NULL, 02551 cap_compare, 02552 NULL, 02553 NULL, 02554 NULL, 02555 NULL, 02556 RSBAC_AUTH_P_GROUP_EFF_LIST_NAME, 02557 RSBAC_AUTO_DEV, 02558 RSBAC_LIST_MIN_MAX_HASHES, 02559 rsbac_list_hash_pid, 02560 NULL); 02561 if (err) { 02562 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02563 02564 if (tmp) { 02565 rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process group eff cap list failed with error %s\n", 02566 get_error_name(tmp, err)); 02567 rsbac_kfree(tmp); 02568 } 02569 } 02570 lol_info.version = RSBAC_AUTH_P_LIST_VERSION; 02571 lol_info.key = RSBAC_AUTH_LIST_KEY; 02572 lol_info.desc_size = sizeof(rsbac_pid_t); 02573 lol_info.data_size = 0; 02574 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); 02575 lol_info.subdata_size = 0; 02576 lol_info.max_age = 0; 02577 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 02578 &process_group_fs_handle, 02579 &lol_info, 02580 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 02581 NULL, 02582 cap_compare, 02583 NULL, 02584 NULL, 02585 NULL, 02586 NULL, 02587 RSBAC_AUTH_P_GROUP_FS_LIST_NAME, 02588 RSBAC_AUTO_DEV, 02589 RSBAC_LIST_MIN_MAX_HASHES, 02590 rsbac_list_hash_pid, 02591 NULL); 02592 if (err) { 02593 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02594 02595 if (tmp) { 02596 rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process group fs cap list failed with error %s\n", 02597 get_error_name(tmp, err)); 02598 rsbac_kfree(tmp); 02599 } 02600 } 02601 #endif 02602 #endif /* AUTH_GROUP */ 02603 02604 /* Init FD lists */ 02605 device_list_head_p = kmalloc(sizeof(*device_list_head_p), GFP_KERNEL); 02606 if (!device_list_head_p) { 02607 rsbac_printk(KERN_WARNING 02608 "rsbac_init_auth(): Failed to allocate device_list_head\n"); 02609 return -ENOMEM; 02610 } 02611 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02612 spin_lock_init(&device_list_lock); 02613 #else 02614 rwlock_init(&device_list_lock); 02615 #endif 02616 device_list_head_p->head = NULL; 02617 device_list_head_p->tail = NULL; 02618 device_list_head_p->curr = NULL; 02619 device_list_head_p->count = 0; 02620 02621 /* read all data */ 02622 rsbac_pr_debug(ds_auth, "rsbac_init_auth(): Registering FD lists\n"); 02623 device_p = create_device_item(rsbac_root_dev); 02624 if (!device_p) { 02625 rsbac_printk(KERN_CRIT 02626 "rsbac_init_auth(): Could not add device!\n"); 02627 return (-RSBAC_ECOULDNOTADDDEVICE); 02628 } 02629 if ((err = auth_register_fd_lists(device_p, rsbac_root_dev))) { 02630 char tmp[RSBAC_MAXNAMELEN]; 02631 02632 rsbac_printk(KERN_WARNING "rsbac_init_auth(): File/Dir cap set registration failed for dev %02u:%02u, err %s!\n", 02633 RSBAC_MAJOR(rsbac_root_dev), 02634 RSBAC_MINOR(rsbac_root_dev), 02635 get_error_name(tmp, err)); 02636 } 02637 device_p = add_device_item(device_p); 02638 if (!device_p) { 02639 rsbac_printk(KERN_CRIT 02640 "rsbac_init_auth(): Could not add device!\n"); 02641 return (-RSBAC_ECOULDNOTADDDEVICE); 02642 } 02643 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS) 02644 tmp_entry_p = create_proc_entry("auth_devices", 02645 S_IFREG | S_IRUGO, 02646 proc_rsbac_root_p); 02647 if (tmp_entry_p) { 02648 tmp_entry_p->get_info = auth_devices_proc_info; 02649 } 02650 tmp_entry_p = create_proc_entry("stats_auth", 02651 S_IFREG | S_IRUGO, 02652 proc_rsbac_root_p); 02653 if (tmp_entry_p) { 02654 tmp_entry_p->get_info = stats_auth_proc_info; 02655 } 02656 tmp_entry_p = create_proc_entry("auth_caplist", 02657 S_IFREG | S_IRUGO, 02658 proc_rsbac_root_p); 02659 if (tmp_entry_p) { 02660 tmp_entry_p->get_info = auth_caplist_proc_info; 02661 } 02662 #endif 02663 02664 rsbac_pr_debug(ds_auth, "Ready.\n"); 02665 return (err); 02666 }
int rsbac_mount_auth | ( | kdev_t | kdev | ) |
Definition at line 2668 of file auth_data_structures.c.
References add_device_item(), auth_register_fd_lists(), clear_device_item(), create_device_item(), device_list_lock, get_error_name(), lookup_device(), rsbac_auth_device_list_item_t::mount_count, RSBAC_ECOULDNOTADDDEVICE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), RSBAC_MAXNAMELEN, rsbac_pr_debug, and rsbac_printk().
Referenced by rsbac_mount().
02669 { 02670 int err = 0; 02671 struct rsbac_auth_device_list_item_t *device_p; 02672 struct rsbac_auth_device_list_item_t *new_device_p; 02673 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 02674 u_long dflags; 02675 #endif 02676 02677 if (!rsbac_is_initialized()) { 02678 rsbac_printk(KERN_WARNING "rsbac_mount_auth(): RSBAC not initialized\n"); 02679 return (-RSBAC_ENOTINITIALIZED); 02680 } 02681 rsbac_pr_debug(ds_auth, "mounting device %02u:%02u\n", 02682 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02683 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02684 rcu_read_lock(); 02685 #else 02686 rsbac_read_lock(&device_list_lock, &dflags); 02687 #endif 02688 device_p = lookup_device(kdev); 02689 /* repeated mount? */ 02690 if (device_p) { 02691 rsbac_printk(KERN_WARNING "rsbac_mount_auth: repeated mount %u of device %02u:%02u\n", 02692 device_p->mount_count, RSBAC_MAJOR(kdev), 02693 RSBAC_MINOR(kdev)); 02694 device_p->mount_count++; 02695 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02696 rcu_read_unlock(); 02697 #else 02698 rsbac_read_unlock(&device_list_lock, &dflags); 02699 #endif 02700 return 0; 02701 } 02702 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02703 rcu_read_unlock(); 02704 #else 02705 rsbac_read_unlock(&device_list_lock, &dflags); 02706 #endif 02707 02708 new_device_p = create_device_item(kdev); 02709 if (!new_device_p) 02710 return -RSBAC_ECOULDNOTADDDEVICE; 02711 02712 /* register lists */ 02713 if ((err = auth_register_fd_lists(new_device_p, kdev))) { 02714 char tmp[RSBAC_MAXNAMELEN]; 02715 02716 rsbac_printk(KERN_WARNING "rsbac_mount_auth(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n", 02717 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), 02718 get_error_name(tmp, err)); 02719 } 02720 02721 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02722 rcu_read_lock(); 02723 #else 02724 rsbac_read_lock(&device_list_lock, &dflags); 02725 #endif 02726 /* make sure to only add, if this device item has not been added in the meantime */ 02727 device_p = lookup_device(kdev); 02728 if (device_p) { 02729 rsbac_printk(KERN_WARNING "rsbac_mount_auth(): mount race for device %02u:%02u detected!\n", 02730 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02731 device_p->mount_count++; 02732 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02733 rcu_read_unlock(); 02734 #else 02735 rsbac_read_unlock(&device_list_lock, &dflags); 02736 #endif 02737 clear_device_item(new_device_p); 02738 } else { 02739 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02740 rcu_read_unlock(); 02741 #else 02742 rsbac_read_unlock(&device_list_lock, &dflags); 02743 #endif 02744 device_p = add_device_item(new_device_p); 02745 if (!device_p) { 02746 rsbac_printk(KERN_WARNING "rsbac_mount_auth: adding device %02u:%02u failed!\n", 02747 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02748 clear_device_item(new_device_p); 02749 err = -RSBAC_ECOULDNOTADDDEVICE; 02750 } 02751 } 02752 return err; 02753 }
int rsbac_stats_auth | ( | void | ) |
Definition at line 2808 of file auth_data_structures.c.
References A_none, device_list_head_p, device_list_lock, rsbac_attribute_value_t::dummy, rsbac_auth_device_list_item_t::handle, rsbac_auth_device_list_item_t::id, rsbac_auth_device_list_item_t::next, process_handle, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_lol_all_subcount(), rsbac_list_lol_count(), rsbac_pr_debug, rsbac_printk(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD.
Referenced by rsbac_stats().
02809 { 02810 u_int cap_set_count = 0; 02811 u_int member_count = 0; 02812 struct rsbac_auth_device_list_item_t *device_p; 02813 union rsbac_target_id_t rsbac_target_id; 02814 union rsbac_attribute_value_t rsbac_attribute_value; 02815 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 02816 u_long dflags; 02817 #endif 02818 02819 if (!rsbac_is_initialized()) { 02820 rsbac_printk(KERN_WARNING "rsbac_stats_auth(): RSBAC not initialized\n"); 02821 return (-RSBAC_ENOTINITIALIZED); 02822 } 02823 rsbac_pr_debug(aef_auth, "calling ADF\n"); 02824 rsbac_target_id.scd = ST_rsbac; 02825 rsbac_attribute_value.dummy = 0; 02826 if (!rsbac_adf_request(R_GET_STATUS_DATA, 02827 current->pid, 02828 T_SCD, 02829 rsbac_target_id, 02830 A_none, rsbac_attribute_value)) { 02831 return -EPERM; 02832 } 02833 02834 rsbac_printk(KERN_INFO "AUTH Status\n-----------\n"); 02835 02836 rsbac_printk(KERN_INFO "%lu process cap set items, sum of %lu members\n", 02837 rsbac_list_lol_count(process_handle), 02838 rsbac_list_lol_all_subcount(process_handle)); 02839 02840 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02841 rcu_read_lock(); 02842 #else 02843 rsbac_read_lock(&device_list_lock, &dflags); 02844 #endif 02845 device_p = rcu_dereference(device_list_head_p)->head; 02846 while (device_p) { 02847 /* reset counters */ 02848 cap_set_count = rsbac_list_lol_count(device_p->handle); 02849 member_count = rsbac_list_lol_all_subcount(device_p->handle); 02850 rsbac_printk(KERN_INFO "device %02u:%02u has %u file cap set items, sum of %u members\n", 02851 RSBAC_MAJOR(device_p->id), 02852 RSBAC_MINOR(device_p->id), cap_set_count, 02853 member_count); 02854 device_p = device_p->next; 02855 } 02856 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02857 rcu_read_unlock(); 02858 #else 02859 rsbac_read_unlock(&device_list_lock, &dflags); 02860 #endif 02861 return 0; 02862 }
int rsbac_umount_auth | ( | kdev_t | kdev | ) |
Definition at line 2757 of file auth_data_structures.c.
References device_list_lock, lookup_device(), rsbac_auth_device_list_item_t::mount_count, remove_device_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_pr_debug, and rsbac_printk().
Referenced by rsbac_umount().
02758 { 02759 struct rsbac_auth_device_list_item_t *device_p; 02760 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 02761 u_long flags; 02762 #endif 02763 02764 if (!rsbac_is_initialized()) { 02765 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n"); 02766 return (-RSBAC_ENOTINITIALIZED); 02767 } 02768 rsbac_pr_debug(ds_auth, "umounting device %02u:%02u\n", 02769 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02770 /* sync of attribute lists was done in rsbac_umount */ 02771 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02772 spin_lock(&device_list_lock); 02773 #else 02774 rsbac_write_lock(&device_list_lock, &flags); 02775 #endif 02776 device_p = lookup_device(kdev); 02777 if (device_p) { 02778 if (device_p->mount_count == 1) 02779 remove_device_item(kdev); 02780 else { 02781 if (device_p->mount_count > 1) { 02782 device_p->mount_count--; 02783 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02784 spin_unlock(&device_list_lock); 02785 #endif 02786 } else { 02787 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02788 spin_unlock(&device_list_lock); 02789 #endif 02790 rsbac_printk(KERN_WARNING "rsbac_mount_auth: device %02u:%02u has mount_count < 1!\n", 02791 RSBAC_MAJOR(kdev), 02792 RSBAC_MINOR(kdev)); 02793 } 02794 } 02795 } 02796 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02797 else 02798 spin_unlock(&device_list_lock); 02799 #else 02800 rsbac_write_unlock(&device_list_lock, &flags); 02801 #endif 02802 return 0; 02803 }
static int single_cap_compare | ( | void * | desc1, | |
void * | desc2 | |||
) | [static] |
Definition at line 110 of file auth_data_structures.c.
References rsbac_auth_cap_range_t::first, and rsbac_auth_cap_range_t::last.
Referenced by rsbac_auth_p_capset_member().
00111 { 00112 struct rsbac_auth_cap_range_t *range = desc1; 00113 rsbac_uid_t *uid = desc2; 00114 00115 if (!desc1 || !desc2) 00116 return 0; 00117 if ((*uid < range->first) 00118 || (*uid > range->last) 00119 ) 00120 return 1; 00121 else 00122 return 0; 00123 }
rsbac_boolean_t writable | ( | struct super_block * | sb_p | ) |
Definition at line 323 of file aci_data_structures.c.
00324 { 00325 #ifdef CONFIG_RSBAC_NO_WRITE 00326 return (FALSE); 00327 #else 00328 if (!sb_p || !sb_p->s_dev) 00329 return (FALSE); 00330 if (rsbac_debug_no_write || (sb_p->s_flags & MS_RDONLY) 00331 || in_interrupt()) 00332 return (FALSE); 00333 if (!MAJOR(sb_p->s_dev) 00334 #ifndef CONFIG_RSBAC_MSDOS_WRITE 00335 || (sb_p->s_magic == MSDOS_SUPER_MAGIC) 00336 #endif 00337 || (sb_p->s_magic == SOCKFS_MAGIC) 00338 || (sb_p->s_magic == PIPEFS_MAGIC) 00339 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00340 || (sb_p->s_magic == SYSFS_MAGIC) 00341 #endif 00342 || (sb_p->s_magic == NFS_SUPER_MAGIC) 00343 || (sb_p->s_magic == CODA_SUPER_MAGIC) 00344 || (sb_p->s_magic == NCP_SUPER_MAGIC) 00345 || (sb_p->s_magic == SMB_SUPER_MAGIC) 00346 || (sb_p->s_magic == ISOFS_SUPER_MAGIC)) 00347 return (FALSE); 00348 else 00349 return (TRUE); 00350 #endif 00351 }
struct rsbac_auth_device_list_head_t* device_list_head_p [static] |
Definition at line 41 of file auth_data_structures.c.
spinlock_t device_list_lock [static] |
Definition at line 43 of file auth_data_structures.c.
u_int nr_fd_hashes = RSBAC_AUTH_NR_CAP_FD_LISTS [static] |
Definition at line 76 of file auth_data_structures.c.
rsbac_list_handle_t process_handle = NULL [static] |
Definition at line 48 of file auth_data_structures.c.
Referenced by copy_fp_cap_set_item(), copy_fp_tru_set_item(), copy_pp_cap_set_item(), copy_pp_tru_set_item(), rsbac_auth_add_to_p_capset(), rsbac_auth_clear_p_capset(), rsbac_auth_get_p_caplist(), rsbac_auth_p_capset_member(), rsbac_auth_remove_from_p_capset(), rsbac_init_auth(), rsbac_init_mac(), rsbac_mac_add_to_p_truset(), rsbac_mac_clear_p_truset(), rsbac_mac_get_p_trulist(), rsbac_mac_p_truset_member(), rsbac_mac_remove_from_p_truset(), rsbac_stats_auth(), and rsbac_stats_mac().