/linux-2.6.21.1-rsbac-1.3.4/include/rsbac/aci.h File Reference

#include <rsbac/types.h>
#include <linux/init.h>

Go to the source code of this file.

Defines

#define rsbac_get_attr(module, target, tid, attr, value, inherit)   rsbac_ta_get_attr(0, module, target, tid, attr, value, inherit)
#define rsbac_set_attr(module, target, tid, attr, value)   rsbac_ta_set_attr(0, module, target, tid, attr, value)
#define rsbac_remove_target(target, tid)   rsbac_ta_remove_target(0, target, tid)

Functions

int rsbac_init (kdev_t root_dev) __init
int rsbac_kthread_notify (rsbac_pid_t pid)
void rsbac_off (void)
static rsbac_boolean_t rsbac_is_initialized (void)
int rsbac_mount (struct super_block *sb_p, struct dentry *d_covers)
int rsbac_umount (struct super_block *sb_p, struct dentry *d_covers)
int rsbac_free_dat_dentries (void)
int rsbac_stats (void)
int rsbac_check (int correct, int check_inode)
int rsbac_get_parent (enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t *parent_target_p, union rsbac_target_id_t *parent_tid_p)
int rsbac_ta_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
int rsbac_ta_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value)
int rsbac_ta_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t tid)
int rsbac_ta_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t **id_pp)
int rsbac_ta_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t **id_pp)
int rsbac_ta_list_all_ipc (rsbac_list_ta_number_t ta_number, struct rsbac_ipc_t **id_pp)
int rsbac_ta_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t **id_pp)
int rsbac_mark_kthread (rsbac_pid_t pid)
int rsbac_kthreads_init (void)

Variables

rsbac_boolean_t rsbac_initialized


Define Documentation

#define rsbac_get_attr ( module,
target,
tid,
attr,
value,
inherit   )     rsbac_ta_get_attr(0, module, target, tid, attr, value, inherit)

Definition at line 103 of file aci.h.

Referenced by adjust_in_out_pp(), auto_read_attr(), auto_read_write_attr(), auto_write_attr(), check_comp_rc(), check_comp_rc_scd(), check_flags_ff(), daz_check_secoff(), daz_ignored(), get_ipc_purpose(), jail_check_sysrole(), jail_get_flags_process(), jail_get_id(), jail_get_id_process(), jail_get_parent_process(), jail_get_scd_get_process(), jail_get_scd_modify_process(), mac_check_role(), mac_sys_check_role(), na_and_pp_ipc(), na_and_pp_or_cs(), na_dev(), na_ipc(), rsbac_acl_check_right(), rsbac_acl_check_super(), rsbac_acl_sys_get_rights(), rsbac_adf_request_auth(), rsbac_adf_request_cap(), rsbac_adf_request_daz(), rsbac_adf_request_ff(), rsbac_adf_request_int(), rsbac_adf_request_mac(), rsbac_adf_request_pax(), rsbac_adf_request_pm(), rsbac_adf_request_rc(), rsbac_adf_request_res(), rsbac_adf_set_attr(), rsbac_adf_set_attr_auth(), rsbac_adf_set_attr_cap(), rsbac_adf_set_attr_daz(), rsbac_adf_set_attr_jail(), rsbac_adf_set_attr_mac(), rsbac_adf_set_attr_pm(), rsbac_adf_set_attr_rc(), rsbac_adf_set_attr_res(), rsbac_auth_add_p_cap(), rsbac_auth_p_capset_member(), rsbac_auth_remove_p_cap(), rsbac_get_full_path(), rsbac_init(), rsbac_jail_sys_jail(), rsbac_mac_get_curr_level(), rsbac_mac_get_max_level(), rsbac_mac_get_min_level(), rsbac_mac_set_curr_level(), rsbac_pm_change_current_task(), rsbac_pm_create_file(), rsbac_rc_check_type_comp(), rsbac_rc_sys_change_role(), rsbac_rc_sys_get_current_role(), rsbac_rc_sys_get_eff_rights(), rsbac_rc_sys_set_item(), rsbac_rc_test_admin_roles(), rsbac_rc_test_assign_roles(), rsbac_rc_test_role_admin(), rsbac_set_audit_uid(), sys_rsbac_daz_flush_cache(), and tp_check().

#define rsbac_remove_target ( target,
tid   )     rsbac_ta_remove_target(0, target, tid)

Definition at line 125 of file aci.h.

Referenced by rsbac_adf_request_int(), and rsbac_adf_set_attr().

#define rsbac_set_attr ( module,
target,
tid,
attr,
value   )     rsbac_ta_set_attr(0, module, target, tid, attr, value)

Definition at line 114 of file aci.h.

Referenced by auto_read_attr(), auto_read_write_attr(), auto_write_attr(), rsbac_adf_request_daz(), rsbac_adf_request_mac(), rsbac_adf_set_attr(), rsbac_adf_set_attr_auth(), rsbac_adf_set_attr_cap(), rsbac_adf_set_attr_daz(), rsbac_adf_set_attr_jail(), rsbac_adf_set_attr_mac(), rsbac_adf_set_attr_pm(), rsbac_adf_set_attr_rc(), rsbac_jail_sys_jail(), rsbac_mac_set_curr_level(), rsbac_pm_change_current_task(), rsbac_pm_create_file(), rsbac_rc_select_fd_create_type(), rsbac_rc_sys_change_role(), rsbac_set_audit_uid(), sys_rsbac_um_auth_name(), and sys_rsbac_um_auth_uid().


Function Documentation

int rsbac_check ( int  correct,
int  check_inode 
)

int rsbac_free_dat_dentries ( void   ) 

Definition at line 8561 of file aci_data_structures.c.

References device_head_p, device_list_locks, KERNEL_VERSION, NULL, RSBAC_ENOTINITIALIZED, rsbac_initialized, and rsbac_printk().

08562 {
08563 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08564         u_long flags;
08565 #endif
08566         struct rsbac_device_list_item_t *device_p;
08567         u_int i;
08568 
08569         if (!rsbac_initialized) {
08570                 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
08571                 return (-RSBAC_ENOTINITIALIZED);
08572         }
08573 
08574         rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
08575 
08576         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
08577 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08578                 spin_lock(&device_list_locks[i]);
08579 #else
08580                 rsbac_write_lock(&device_list_locks[i], &flags);
08581 #endif
08582                 device_p = device_head_p[i]->head;
08583                 while (device_p) {
08584                         if (device_p->rsbac_dir_dentry_p) {
08585                                 dput(device_p->rsbac_dir_dentry_p);
08586                                 device_p->rsbac_dir_dentry_p = NULL;
08587                         }
08588                         device_p = device_p->next;
08589                 }
08590 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08591                 spin_unlock(&device_list_locks[i]);
08592 #else
08593                 rsbac_write_unlock(&device_list_locks[i], &flags);
08594 #endif
08595         }
08596         return 0;
08597 }

int rsbac_get_parent ( enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
enum rsbac_target_t parent_target_p,
union rsbac_target_id_t parent_tid_p 
)

Definition at line 9083 of file aci_data_structures.c.

References device_hash(), device_list_locks, lookup_device(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTFOUND, rsbac_printk(), T_DIR, T_FIFO, T_FILE, T_SYMLINK, and T_UNIXSOCK.

Referenced by copy_fp_cap_set_item(), copy_fp_tru_set_item(), get_attr_fd(), rsbac_acl_get_rights(), and rsbac_acl_get_single_right().

09087 {
09088         if (!parent_target_p || !parent_tid_p)
09089                 return -RSBAC_EINVALIDPOINTER;
09090 /*
09091         rsbac_pr_debug(ds, "Getting file/dir/fifo/symlink "
09092                        "parent for device %02u:%02u, inode %lu, dentry_p %p\n",
09093                        RSBAC_MAJOR(tid.file.device),
09094                        RSBAC_MINOR(tid.file.device),
09095                        (u_long)tid.file.inode, tid.file.dentry_p);
09096 */
09097         switch (target) {
09098         case T_FILE:
09099         case T_DIR:
09100         case T_FIFO:
09101         case T_SYMLINK:
09102         case T_UNIXSOCK:
09103                 break;
09104         default:
09105                 return -RSBAC_EINVALIDTARGET;
09106         }
09107 
09108         if (!tid.file.dentry_p)
09109                 return -RSBAC_ENOTFOUND;
09110 
09111 #ifdef CONFIG_RSBAC_XSTATS
09112         get_parent_count++;
09113 #endif
09114         *parent_target_p = T_DIR;
09115         /* Is this dentry root of a mounted device? */
09116         if (tid.file.dentry_p->d_sb
09117             && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
09118             ) {
09119                 struct rsbac_device_list_item_t *device_p;
09120 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09121                 u_long dflags;
09122 #endif
09123                 u_int hash;
09124 
09125                 hash = device_hash(tid.file.device);
09126                 /* wait for read access to device_list_head */
09127 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09128                 rcu_read_lock();
09129 #else
09130                 rsbac_read_lock(&device_list_locks[hash], &dflags);
09131 #endif
09132                 device_p = lookup_device(tid.file.device, hash);
09133                 if (!device_p
09134                     || !device_p->d_covers
09135                     || !device_p->d_covers->d_parent
09136                     || !device_p->d_covers->d_parent->d_inode) {
09137                         /* free access to device_list_head */
09138 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09139                         rcu_read_unlock();
09140 #else
09141                         rsbac_read_unlock(&device_list_locks[hash], &dflags);
09142 #endif
09143                         return -RSBAC_ENOTFOUND;
09144                 }
09145                 parent_tid_p->dir.device =
09146                     device_p->d_covers->d_parent->d_sb->s_dev;
09147                 parent_tid_p->dir.inode =
09148                     device_p->d_covers->d_parent->d_inode->i_ino;
09149                 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
09150                 /* free access to device_list_head */
09151 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09152                 rcu_read_unlock();
09153 #else
09154                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09155 #endif
09156         } else {                /* no root of filesystem -> use d_parent, dev keeps unchanged */
09157                 if (!tid.file.dentry_p->d_parent) {
09158                         rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent is NULL!\n");
09159                         return -RSBAC_ENOTFOUND;
09160                 }
09161                 if (tid.file.dentry_p == tid.file.dentry_p->d_parent) {
09162                         rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
09163                         return -RSBAC_ENOTFOUND;
09164                 }
09165                 if (!tid.file.dentry_p->d_parent->d_inode) {
09166                         rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
09167                         return -RSBAC_ENOTFOUND;
09168                 }
09169                 parent_tid_p->dir.device = tid.file.device;
09170                 parent_tid_p->dir.inode =
09171                     tid.file.dentry_p->d_parent->d_inode->i_ino;
09172                 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
09173         }
09174         return 0;
09175 }

int rsbac_init ( kdev_t  root_dev  ) 

Definition at line 7893 of file aci_data_structures.c.

References A_rc_def_role, FALSE, rsbac_kthread_t::list, list_head, rsbac_attribute_value_t::mac_user_flags, NULL, rsbac_kthread_t::pid, rsbac_target_id_t::process, process_handles, rsbac_do_init(), RSBAC_EINVALIDPOINTER, RSBAC_EREINIT, rsbac_get_attr, rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_kthread, rsbac_kthread_notify(), rsbac_list_add(), rsbac_list_get_data(), RSBAC_MAC_DEF_INIT_P_FLAGS, RSBAC_MAC_P_FLAGS, rsbac_pr_debug, rsbac_printk(), RSBAC_RC_GENERAL_ROLE, rsbac_rc_get_boot_role(), rsbac_root_dev, RSBAC_SYSADM_UID, SW_GEN, T_PROCESS, user_handles, and wakeup_rsbacd().

07895 {
07896         struct rsbac_kthread_t * rsbac_kthread_entry;
07897         struct list_head * p;
07898 #ifdef CONFIG_RSBAC_RC
07899         struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
07900 #endif
07901 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07902 #ifdef CONFIG_RSBAC_INIT_THREAD
07903         struct task_struct * rsbac_init_thread;
07904 #endif
07905         struct task_struct * rsbacd_thread;
07906 #endif
07907         rsbac_pid_t init_pid;
07908                         
07909         
07910         int err = 0;
07911 #if  (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07912    || defined(CONFIG_RSBAC_INIT_THREAD)
07913         rsbac_pid_t rsbacd_pid;
07914 #endif
07915 
07916         if (rsbac_initialized) {
07917                 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n");
07918                 return (-RSBAC_EREINIT);
07919         }
07920         if (!current->fs) {
07921                 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n");
07922                 return (-RSBAC_EINVALIDPOINTER);
07923         }
07924 
07925         rsbac_root_dev = root_dev;
07926 
07927 #if  (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07928    || defined(CONFIG_RSBAC_INIT_THREAD)
07929         /* init the rsbacd wait queue head */
07930         init_waitqueue_head(&rsbacd_wait);
07931 #endif
07932 
07933 #ifdef CONFIG_RSBAC_INIT_THREAD
07934 /* trigger dependency */
07935 #ifdef CONFIG_RSBAC_MAX_INIT_TIME
07936 #endif
07937         rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
07938                      RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
07939         init_timer(&rsbac_timer);
07940         rsbac_timer.function = wakeup_rsbacd;
07941         rsbac_timer.data = 0;
07942         rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
07943         add_timer(&rsbac_timer);
07944 
07945 /* Start rsbac thread for init */
07946 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07947         rsbac_init_thread = kthread_create(rsbac_initd, NULL, "rsbac_initd");
07948         if (IS_ERR(rsbac_init_thread))
07949                 goto panic;
07950         rsbacd_pid = rsbac_init_thread->pid;
07951         wake_up_process(rsbac_init_thread);
07952 #else
07953         rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0);
07954         if (rsbacd_pid < 0)
07955                 goto panic;
07956 #endif
07957         rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n",
07958                      rsbacd_pid);
07959 
07960         if (!rsbac_initialized)
07961                 interruptible_sleep_on(&rsbacd_wait);
07962         if (!rsbac_initialized) {
07963                 rsbac_printk(KERN_ERR
07964                              "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
07965                 rsbac_printk(KERN_ERR
07966                              "rsbac_init(): *** Killing rsbac_initd! ***\n");
07967                 sys_kill(rsbacd_pid, SIGKILL);
07968                 rsbac_initialized = FALSE;
07969         }
07970 #else
07971         rsbac_do_init();
07972 #endif
07973 
07974 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
07975         if (rsbac_initialized) {
07976                 /* Start rsbacd thread for auto write */
07977 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07978                 rsbacd_thread = kthread_create(rsbacd, NULL, "rsbacd");
07979                 rsbacd_pid = rsbacd_thread->pid;
07980                 wake_up_process(rsbacd_thread);
07981 #else
07982                 rsbacd_pid =
07983                     kernel_thread(rsbacd, NULL,
07984                                   CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
07985 #endif
07986                 if (rsbacd_pid < 0) {
07987                         rsbac_printk(KERN_ERR
07988                                      "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
07989                                      rsbacd_pid);
07990                 } else {
07991                         rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
07992                                      rsbacd_pid);
07993                 }
07994         }
07995 #endif
07996 
07997 /* Ready. */
07998 /*    schedule(); */
07999 #ifdef CONFIG_RSBAC_INIT_THREAD
08000         sys_wait4(-1, NULL, WNOHANG, NULL);
08001 #endif
08002 
08003 /* Add all processes to list of processes as init processes */
08004 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08005         {
08006 #ifdef CONFIG_RSBAC_MAC
08007                 struct rsbac_mac_user_aci_t * mac_u_aci_p;
08008 #endif
08009 #ifdef CONFIG_RSBAC_RC
08010                 struct rsbac_rc_user_aci_t * rc_u_aci_p;
08011 #endif
08012                 rsbac_uid_t user = RSBAC_SYSADM_UID;
08013                 rsbac_pid_t pid = 1;
08014                 struct task_struct *p;
08015 
08016                 union rsbac_target_id_t k_tid;
08017                 union rsbac_attribute_value_t k_attr_val;
08018 
08019                 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
08020 /* Prepare entries: change standard values to root's values */
08021 #ifdef CONFIG_RSBAC_MAC
08022                 mac_u_aci_p = rsbac_kmalloc(sizeof(*mac_u_aci_p));
08023                 if (mac_u_aci_p) {
08024                         if(!rsbac_list_get_data
08025                                 (user_handles.mac, &user, mac_u_aci_p)) {
08026                                 mac_init_p_aci.owner_sec_level =
08027                                     mac_u_aci_p->security_level;
08028                                 mac_init_p_aci.owner_initial_sec_level =
08029                                     mac_u_aci_p->initial_security_level;
08030                                 mac_init_p_aci.current_sec_level =
08031                                     mac_u_aci_p->initial_security_level;
08032                                 mac_init_p_aci.owner_min_sec_level =
08033                                     mac_u_aci_p->min_security_level;
08034                                 mac_init_p_aci.mac_owner_categories =
08035                                     mac_u_aci_p->mac_categories;
08036                                 mac_init_p_aci.mac_owner_initial_categories =
08037                                     mac_u_aci_p->mac_initial_categories;
08038                                 mac_init_p_aci.mac_curr_categories =
08039                                     mac_u_aci_p->mac_initial_categories;
08040                                 mac_init_p_aci.mac_owner_min_categories =
08041                                     mac_u_aci_p->mac_min_categories;
08042                                 mac_init_p_aci.min_write_open =
08043                                     mac_u_aci_p->security_level;
08044                                 mac_init_p_aci.max_read_open =
08045                                     mac_u_aci_p->min_security_level;
08046                                 mac_init_p_aci.min_write_categories =
08047                                     mac_u_aci_p->mac_categories;
08048                                 mac_init_p_aci.max_read_categories =
08049                                     mac_u_aci_p->mac_min_categories;
08050                                 mac_init_p_aci.mac_process_flags =
08051                                     (mac_u_aci_p->
08052                                      mac_user_flags & RSBAC_MAC_P_FLAGS) |
08053                                     RSBAC_MAC_DEF_INIT_P_FLAGS;
08054                         }
08055                         rsbac_kfree(mac_u_aci_p);
08056                 }
08057 #endif
08058 
08059 /* Set process aci - first init */
08060 #ifdef CONFIG_RSBAC_MAC
08061                 if (rsbac_list_add
08062                     (process_handles.mac, &pid,
08063                      &mac_init_p_aci))
08064                         rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process 1 could not be added!");
08065 #endif
08066 #ifdef CONFIG_RSBAC_RC
08067                 /* Get boot role */
08068                 if (rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) {   /* none: use root's role */
08069                         rc_u_aci_p = rsbac_kmalloc(sizeof(*rc_u_aci_p));
08070                         if (rc_u_aci_p) {
08071                                 if (!rsbac_list_get_data
08072                                     (user_handles.rc, &user, rc_u_aci_p)) {
08073                                         rc_init_p_aci.rc_role = rc_u_aci_p->rc_role;
08074                                 } else {        /* last resort: general role */
08075                                         rsbac_ds_get_error("rsbac_do_init",
08076                                                            A_rc_def_role);
08077                                         rc_init_p_aci.rc_role =
08078                                             RSBAC_RC_GENERAL_ROLE;
08079                                 }
08080                                 rsbac_kfree(rc_u_aci_p);
08081                         }
08082                 }
08083                 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
08084                 if (rsbac_list_add
08085                     (process_handles.rc, &pid,
08086                      &rc_init_p_aci))
08087                         rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Init process 1 could not be added!");
08088 #endif
08089                 read_lock(&tasklist_lock);
08090 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08091                 for_each_task(p)
08092 #else
08093                 for_each_process(p)
08094 #endif
08095                 {
08096                         /* not for kernel and init though... */
08097                         if (!p->pid || (p->pid == 1))
08098                                 continue;
08099                         pid = p->pid;
08100                         rsbac_pr_debug(ds, "setting aci for process %u (%s)\n", pid, p->comm);
08101 #ifdef CONFIG_RSBAC_MAC
08102                         if (rsbac_list_add
08103                             (process_handles.mac, &pid,
08104                              &mac_init_p_aci))
08105                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process %u could not be added!\n",
08106                                              pid);
08107 #endif
08108 #ifdef CONFIG_RSBAC_RC
08109                         k_tid.process = p->pid;
08110                         if (rsbac_get_attr(SW_GEN, T_PROCESS,
08111                                         k_tid,
08112                                         A_kernel_thread,
08113                                         &k_attr_val,
08114                                         FALSE)) {
08115                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", pid);
08116                         }
08117                         if (k_attr_val.kernel_thread) {
08118                                 if (rsbac_list_add
08119                                     (process_handles.rc,
08120                                      &pid, &rc_kernel_p_aci))
08121                                         rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n",
08122                                              pid);
08123                 }
08124 #endif
08125                 }
08126                 read_unlock(&tasklist_lock);
08127         }
08128         list_for_each(p, &rsbac_kthread->list) {
08129                 rsbac_kthread_entry = list_entry(p, 
08130                                 struct rsbac_kthread_t, list);
08131                 if (rsbac_kthread_entry->pid != 1 
08132                                 && rsbac_kthread_entry->pid != rsbacd_pid)
08133                 {
08134                         read_lock(&tasklist_lock);
08135                         if(find_task_by_pid(rsbac_kthread_entry->pid)) {
08136                                 read_unlock(&tasklist_lock);
08137                                 rsbac_kthread_notify(rsbac_kthread_entry->pid);
08138                         }
08139                         else {
08140                                 read_unlock(&tasklist_lock);
08141                                 rsbac_pr_debug(ds, "rsbac_do_init(): skipping gone away pid %u\n",
08142                                         rsbac_kthread_entry->pid);
08143                         }
08144                         /* kernel list implementation is for exclusive 
08145                          * wizards use, let's not free it now till 
08146                          * i know why it oops. consume about no 
08147                          * memory anyway. michal.
08148                          */
08149                         
08150                         /* list_del(&rsbac_kthread_entry->list);
08151                          * kfree(rsbac_kthread_entry);*/
08152                 }
08153         } /* explicitly mark init and rsbacd */
08154         init_pid = 1;
08155 #ifdef CONFIG_RSBAC_MAC
08156         if (rsbac_list_add(process_handles.mac, &init_pid, &mac_init_p_aci))
08157                 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"init\" process could not be added!");
08158         if (rsbac_list_add(process_handles.mac, &rsbacd_pid, &mac_init_p_aci))
08159                 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"rsbacd\" process could not be added!");
08160 #endif
08161 #ifdef CONFIG_RSBAC_RC
08162         if (rsbac_list_add(process_handles.rc, &init_pid, &rc_init_p_aci))
08163                 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"init\" process could not be added");
08164         if (rsbac_list_add(process_handles.rc, &rsbacd_pid, &rc_kernel_p_aci))
08165                 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"rsbacd\" process could not be added");
08166 #endif
08167         
08168         /*kfree(rsbac_kthread);*/
08169 #endif                          /* MAC or RC */
08170 
08171         rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n");
08172         return err;
08173 
08174 #ifdef CONFIG_RSBAC_INIT_THREAD
08175 panic:
08176         rsbac_printk(KERN_ERR "rsbac_init(): *** RSBAC init failed to start - RSBAC not correctly initialized! ***\n");
08177         /* let's panic - but only when in secure mode, warn otherwise */
08178 #if !defined(CONFIG_RSBAC_MAINT)
08179 #ifdef CONFIG_RSBAC_SOFTMODE
08180         if (!rsbac_softmode)
08181                 panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n");
08182 #endif
08183         panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n");
08184 #endif
08185 #endif
08186 }

static rsbac_boolean_t rsbac_is_initialized ( void   )  [inline, static]

Definition at line 44 of file aci.h.

References rsbac_initialized.

Referenced by rsbac_acl_add_to_acl_entry(), rsbac_acl_get_mask(), rsbac_acl_get_rights(), rsbac_acl_get_single_right(), rsbac_acl_get_tlist(), rsbac_acl_remove_acl(), rsbac_acl_remove_acl_entry(), rsbac_acl_remove_from_acl_entry(), rsbac_acl_set_acl_entry(), rsbac_acl_set_mask(), rsbac_adf_request_int(), rsbac_adf_set_attr(), rsbac_auth_add_to_f_capset(), rsbac_auth_add_to_p_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_clear_p_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_copy_pp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_get_p_caplist(), rsbac_auth_p_capset_member(), rsbac_auth_remove_from_f_capset(), rsbac_auth_remove_from_p_capset(), rsbac_check_acl(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_daz(), rsbac_init_mac(), rsbac_init_pm(), rsbac_init_rc(), rsbac_init_um(), rsbac_mac_add_to_f_truset(), rsbac_mac_add_to_p_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_clear_p_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_copy_pp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_get_p_trulist(), rsbac_mac_p_truset_member(), rsbac_mac_remove_from_f_truset(), rsbac_mac_remove_from_p_truset(), rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_pm(), rsbac_pm_change_current_task(), rsbac_printk(), rsbac_rc_check_comp(), rsbac_rc_copy_role(), rsbac_rc_copy_type(), rsbac_rc_get_item(), rsbac_rc_get_list(), rsbac_rc_set_item(), rsbac_reg_init(), rsbac_stats_acl(), rsbac_stats_auth(), rsbac_stats_mac(), rsbac_stats_pm(), rsbac_stats_rc(), rsbac_stats_um(), rsbac_um_add_gm(), rsbac_um_add_group(), rsbac_um_add_user(), rsbac_um_get_group_item(), rsbac_um_get_user_item(), rsbac_um_mod_group(), rsbac_um_mod_user(), rsbac_um_remove_gm(), rsbac_umount_acl(), rsbac_umount_auth(), and rsbac_umount_mac().

00045 {
00046   return rsbac_initialized;
00047 }

int rsbac_kthread_notify ( rsbac_pid_t  pid  ) 

Definition at line 8188 of file aci_data_structures.c.

References process_handles, rsbac_initialized, rsbac_list_add(), and rsbac_printk().

Referenced by rsbac_init().

08189 {
08190         if (!rsbac_initialized)
08191                 return 0;
08192 //      rsbac_printk(KERN_DEBUG "rsbac_kthread_notify: marking pid %u!\n",
08193 //                   pid);
08194 /* Set process aci */
08195 #ifdef CONFIG_RSBAC_MAC
08196         if (rsbac_list_add
08197             (process_handles.mac, &pid, &mac_init_p_aci))
08198                 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): MAC ACI for kernel process %u could not be added!",
08199                              pid);
08200 #endif
08201 #ifdef CONFIG_RSBAC_RC
08202         if (rsbac_list_add
08203             (process_handles.rc, &pid, &rc_kernel_p_aci))
08204                 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): RC ACI for kernel process %u could not be added!",
08205                              pid);
08206 #endif
08207         return 0;
08208 }

int rsbac_kthreads_init ( void   ) 

Definition at line 7870 of file aci_data_structures.c.

References rsbac_kthread_t::list, and rsbac_kthread.

07871 {
07872         rsbac_kthread_size_t = sizeof(struct rsbac_kthread_t);
07873         rsbac_kthread = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07874         INIT_LIST_HEAD(&rsbac_kthread->list);
07875         return 0;
07876 }

int rsbac_mark_kthread ( rsbac_pid_t  pid  ) 

Definition at line 7878 of file aci_data_structures.c.

References rsbac_kthread_t::list, rsbac_kthread_t::pid, rsbac_initialized, and rsbac_kthread.

07879 {
07880         struct rsbac_kthread_t * rsbac_kthread_new;
07881 
07882         if (rsbac_initialized)
07883                 return 0;
07884         rsbac_kthread_new = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07885         rsbac_kthread_new->pid = pid;
07886         list_add(&rsbac_kthread_new->list, &rsbac_kthread->list);
07887         return 0;
07888 }

int rsbac_mount ( struct super_block *  sb_p,
struct dentry *  d_covers 
)

Definition at line 8212 of file aci_data_structures.c.

References add_device_item(), clear_device_item(), create_device_item(), device_hash(), device_list_locks, get_error_name(), lookup_device(), NULL, register_fd_lists(), rsbac_debug_no_write, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_init(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_mount(), RSBAC_MAXNAMELEN, rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_mount_reg(), rsbac_pr_debug, rsbac_printk(), rsbac_root_dev, rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE.

Referenced by get_attr_fd(), rsbac_do_init(), rsbac_get_super_block(), rsbac_ta_remove_target(), and set_attr_fd().

08213 {
08214         int err = 0;
08215         struct rsbac_device_list_item_t *device_p;
08216         struct rsbac_device_list_item_t *new_device_p;
08217 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08218         u_long flags;
08219 #endif
08220         rsbac_boolean_t old_no_write;
08221         u_int hash;
08222 
08223         if (!sb_p) {
08224                 rsbac_printk(KERN_WARNING "rsbac_mount(): called with NULL pointer\n");
08225                 return -RSBAC_EINVALIDPOINTER;
08226         }
08227         if (!rsbac_initialized) {
08228 #ifdef CONFIG_RSBAC_INIT_DELAY
08229 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08230                 if (!RSBAC_MAJOR(rsbac_delayed_root)
08231                     && !RSBAC_MINOR(rsbac_delayed_root)
08232                     && rsbac_delayed_root_str[0]
08233                     ) {         /* translate string to kdev_t */
08234                         char *p = rsbac_delayed_root_str;
08235                         u_int major = 0;
08236                         u_int minor = 0;
08237 
08238                         major = simple_strtoul(p, NULL, 0);
08239                         while ((*p != ':') && (*p != '\0'))
08240                                 p++;
08241                         if (*p) {
08242                                 p++;
08243                                 minor = simple_strtoul(p, NULL, 0);
08244                         }
08245                         rsbac_delayed_root = RSBAC_MKDEV(major, minor);
08246                 }
08247 #endif
08248                 if (!rsbac_no_delay_init
08249                     && ((!RSBAC_MAJOR(rsbac_delayed_root)
08250                          && !RSBAC_MINOR(rsbac_delayed_root)
08251                          && (MAJOR(sb_p->s_dev) > 1)
08252                         )
08253                         || ((RSBAC_MAJOR(rsbac_delayed_root)
08254                              || RSBAC_MINOR(rsbac_delayed_root)
08255                             )
08256                             &&
08257                             ((MAJOR(sb_p->s_dev) ==
08258                               RSBAC_MAJOR(rsbac_delayed_root))
08259                              && (!RSBAC_MINOR(rsbac_delayed_root)
08260                                  || (MINOR(sb_p->s_dev) ==
08261                                      RSBAC_MINOR(rsbac_delayed_root))
08262                              )
08263                             )
08264                         )
08265                     )
08266                     ) {
08267                         if (RSBAC_MAJOR(rsbac_delayed_root)
08268                             || RSBAC_MINOR(rsbac_delayed_root)) {
08269                                 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
08270                                              MAJOR(sb_p->s_dev),
08271                                              MINOR(sb_p->s_dev),
08272                                              RSBAC_MAJOR
08273                                              (rsbac_delayed_root),
08274                                              RSBAC_MINOR
08275                                              (rsbac_delayed_root));
08276                         } else {
08277                                 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
08278                                              MAJOR(sb_p->s_dev),
08279                                              MINOR(sb_p->s_dev));
08280                         }
08281                         rsbac_init(sb_p->s_dev);
08282                         return 0;
08283                 }
08284 #endif
08285 
08286                 rsbac_printk(KERN_WARNING "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
08287                              MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08288 
08289 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08290                 if ((sb_p->s_magic == SYSFS_MAGIC)
08291                     && !RSBAC_MAJOR(sb_p->s_dev)
08292                     ) {
08293                         rsbac_printk(KERN_WARNING "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
08294                         sysfs_sb_p = sb_p;
08295                         sysfs_covered_p = d_covers;
08296                 }
08297 #endif
08298 #ifdef CONFIG_DEVFS_MOUNT
08299                 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC)
08300                     && !RSBAC_MAJOR(sb_p->s_dev)
08301                     ) {
08302                         rsbac_printk(KERN_WARNING "rsbac_mount(): devfs mount detected, keeping values for later use\n");
08303                         devfs_sb_p = sb_p;
08304                         devfs_covered_p = d_covers;
08305                 }
08306 #endif
08307                 return (-RSBAC_ENOTINITIALIZED);
08308         }
08309         rsbac_pr_debug(ds, "mounting device %02u:%02u\n",
08310                        MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08311         rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space());
08312         down(&rsbac_write_sem);
08313         old_no_write = rsbac_debug_no_write;
08314         rsbac_debug_no_write = TRUE;
08315         up(&rsbac_write_sem);
08316         hash = device_hash(sb_p->s_dev);
08317 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08318         rcu_read_lock();
08319 #else
08320         rsbac_read_lock(&device_list_locks[hash], &flags);
08321 #endif
08322         device_p = lookup_device(sb_p->s_dev, hash);
08323         /* repeated mount? */
08324         if (device_p) {
08325                 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
08326                              device_p->mount_count, MAJOR(sb_p->s_dev),
08327                              MINOR(sb_p->s_dev));
08328                 device_p->mount_count++;
08329                 if (d_covers
08330                     && !device_p->d_covers
08331                     && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev))
08332                     && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev))
08333                     ) {
08334                         rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
08335                                      d_covers);
08336                         device_p->d_covers = d_covers;
08337                 }
08338 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08339                 rcu_read_unlock();
08340 #else
08341                 rsbac_read_unlock(&device_list_locks[hash], &flags);
08342 #endif
08343         } else {
08344 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08345                 rcu_read_unlock();
08346 #else
08347                 rsbac_read_unlock(&device_list_locks[hash], &flags);
08348 #endif
08349                 /* OK, go on */
08350                 new_device_p = create_device_item(sb_p, d_covers);
08351                 rsbac_pr_debug(stack, "after creating device item: free stack: %lu\n",
08352                                rsbac_stack_free_space());
08353                 if (!new_device_p) {
08354                         rsbac_debug_no_write = old_no_write;
08355                         return -RSBAC_ECOULDNOTADDDEVICE;
08356                 }
08357 
08358 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08359                 rcu_read_lock();
08360 #else
08361                 rsbac_read_lock(&device_list_locks[hash], &flags);
08362 #endif
08363                 /* make sure to only add, if this device item has not been added in the meantime */
08364                 device_p = lookup_device(sb_p->s_dev, hash);
08365                 if (device_p) {
08366                         rsbac_printk(KERN_WARNING "rsbac_mount(): mount race for device %02u:%02u detected!\n",
08367                                      MAJOR(sb_p->s_dev),
08368                                      MINOR(sb_p->s_dev));
08369                         device_p->mount_count++;
08370 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08371                         rcu_read_unlock();
08372 #else
08373                         rsbac_read_unlock(&device_list_locks[hash], &flags);
08374 #endif
08375                         clear_device_item(new_device_p);
08376                 } else {
08377 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08378                         rcu_read_unlock();
08379 #else
08380                         rsbac_read_unlock(&device_list_locks[hash], &flags);
08381 #endif
08382                         device_p = add_device_item(new_device_p);
08383                         if (!device_p) {
08384                                 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
08385                                              MAJOR(sb_p->s_dev),
08386                                              MINOR(sb_p->s_dev));
08387                                 clear_device_item(new_device_p);
08388                                 rsbac_debug_no_write = old_no_write;
08389                                 return -RSBAC_ECOULDNOTADDDEVICE;
08390                         }
08391                 }
08392 
08393                 /* Generic lists */
08394                 rsbac_list_mount(sb_p->s_dev);
08395                 /* we do not lock device head - we know the device_p and hope for the best... */
08396                 /* also, we are within kernel mount sem */
08397                 if ((err = register_fd_lists(new_device_p, sb_p->s_dev))) {
08398                         char *tmp;
08399 
08400                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
08401                         if (tmp) {
08402                                 rsbac_printk(KERN_WARNING "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
08403                                              MAJOR(sb_p->s_dev),
08404                                              MINOR(sb_p->s_dev),
08405                                              get_error_name(tmp, err));
08406                                 rsbac_kfree(tmp);
08407                         }
08408                 }
08409                 rsbac_pr_debug(stack, "after registering fd lists: free stack: %lu\n",
08410                                rsbac_stack_free_space());
08411         }
08412 
08413 /* call other mount functions */
08414 #if defined(CONFIG_RSBAC_MAC)
08415         rsbac_mount_mac(sb_p->s_dev);
08416         rsbac_pr_debug(stack, "after mount_mac: free stack: %lu\n",
08417                        rsbac_stack_free_space());
08418 #endif
08419 #if defined(CONFIG_RSBAC_AUTH)
08420         rsbac_mount_auth(sb_p->s_dev);
08421         rsbac_pr_debug(stack, "after mount_auth: free stack: %lu\n",
08422                        rsbac_stack_free_space());
08423 #endif
08424 #if defined(CONFIG_RSBAC_ACL)
08425         rsbac_mount_acl(sb_p->s_dev);
08426         rsbac_pr_debug(stack, "after mount_acl: free stack: %lu\n",
08427                        rsbac_stack_free_space());
08428 #endif
08429 #if defined(CONFIG_RSBAC_REG)
08430         rsbac_mount_reg(sb_p->s_dev);
08431         rsbac_pr_debug(stack, "after mount_reg: free stack: %lu\n",
08432                        rsbac_stack_free_space());
08433 #endif                          /* REG */
08434 
08435         rsbac_debug_no_write = old_no_write;
08436         return (err);
08437 }

void rsbac_off ( void   ) 

int rsbac_stats ( void   ) 

Definition at line 8602 of file aci_data_structures.c.

08603 {
08604         struct rsbac_device_list_item_t *device_p;
08605         u_long fd_count = 0, fd_sum = 0;
08606         u_long dev_sum = 0;
08607         u_long ipc_sum = 0;
08608         u_long user_sum = 0;
08609         u_long process_sum = 0;
08610 #if defined(CONFIG_RSBAC_UM)
08611         u_long group_sum = 0;
08612 #endif
08613 #if defined(CONFIG_RSBAC_NET_OBJ)
08614         u_long nettemp_sum = 0;
08615         u_long lnetobj_sum = 0;
08616         u_long rnetobj_sum = 0;
08617 #endif
08618         u_long total_sum = 0;
08619         long tmp_count = 0;
08620 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08621         u_long dflags;
08622 #endif
08623         u_int i;
08624 
08625         if (!rsbac_initialized) {
08626                 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
08627                 return (-RSBAC_ENOTINITIALIZED);
08628         }
08629         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
08630 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08631                 rcu_read_lock();
08632 #else
08633                 rsbac_read_lock(&device_list_locks[i], &dflags);
08634 #endif
08635 /*    rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n",
08636                      device_list_lock.lock); */
08637                 device_p = rcu_dereference(device_head_p[i])->head;
08638                 while (device_p) {      /* for all sublists */
08639                         fd_count = rsbac_list_count(device_p->handles.gen);
08640                         if (fd_count > 0) {
08641                                 rsbac_printk(", %lu GEN", fd_count);
08642                                 fd_sum += fd_count;
08643                         }
08644 
08645 #if defined(CONFIG_RSBAC_MAC)
08646                         fd_count = rsbac_list_count(device_p->handles.mac);
08647                         if (fd_count > 0) {
08648                                 rsbac_printk(", %lu MAC", fd_count);
08649                                 fd_sum += fd_count;
08650                         }
08651 #endif
08652 
08653 #if defined(CONFIG_RSBAC_PM)
08654                         fd_count = rsbac_list_count(device_p->handles.pm);
08655                         if (fd_count > 0) {
08656                                 rsbac_printk(", %lu PM", fd_count);
08657                                 fd_sum += fd_count;
08658                         }
08659 #endif
08660 
08661 #if defined(CONFIG_RSBAC_DAZ)
08662                         fd_count = rsbac_list_count(device_p->handles.daz);
08663                         if (fd_count > 0) {
08664                                 rsbac_printk(", %lu DAZ", fd_count);
08665                                 fd_sum += fd_count;
08666                         }
08667 #if defined(CONFIG_RSBAC_DAZ_CACHE)
08668                         fd_count = rsbac_list_count(device_p->handles.dazs);
08669                         if (fd_count > 0) {
08670                                 rsbac_printk(", %lu DAZ SCANNED", fd_count);
08671                                 fd_sum += fd_count;
08672                         }
08673 #endif
08674 #endif
08675 
08676 #if defined(CONFIG_RSBAC_FF)
08677                         fd_count = rsbac_list_count(device_p->handles.ff);
08678                         if (fd_count > 0) {
08679                                 rsbac_printk(", %lu FF", fd_count);
08680                                 fd_sum += fd_count;
08681                         }
08682 #endif
08683 
08684 #if defined(CONFIG_RSBAC_RC)
08685                         fd_count = rsbac_list_count(device_p->handles.rc);
08686                         if (fd_count > 0) {
08687                                 rsbac_printk(", %lu RC", fd_count);
08688                                 fd_sum += fd_count;
08689                         }
08690 #endif
08691 
08692 #if defined(CONFIG_RSBAC_AUTH)
08693                         fd_count = rsbac_list_count(device_p->handles.auth);
08694                         if (fd_count > 0) {
08695                                 rsbac_printk(", %lu AUTH", fd_count);
08696                                 fd_sum += fd_count;
08697                         }
08698 #endif
08699 
08700 #if defined(CONFIG_RSBAC_CAP)
08701                         fd_count = rsbac_list_count(device_p->handles.cap);
08702                         if (fd_count > 0) {
08703                                 rsbac_printk(", %lu CAP", fd_count);
08704                                 fd_sum += fd_count;
08705                         }
08706 #endif
08707 #if defined(CONFIG_RSBAC_RES)
08708                         fd_count = rsbac_list_count(device_p->handles.res);
08709                         if (fd_count > 0) {
08710                                 rsbac_printk(", %lu RES", fd_count);
08711                                 fd_sum += fd_count;
08712                         }
08713 #endif
08714 #if defined(CONFIG_RSBAC_PAX)
08715                         fd_count = rsbac_list_count(device_p->handles.pax);
08716                         if (fd_count > 0) {
08717                                 rsbac_printk(", %lu PAX", fd_count);
08718                                 fd_sum += fd_count;
08719                         }
08720 #endif
08721 
08722                         rsbac_printk("\n");
08723                         device_p = device_p->next;
08724                 }
08725                 tmp_count += rcu_dereference(device_head_p[i])->count;
08726 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08727                 rcu_read_unlock();
08728 #else
08729                 rsbac_read_unlock(&device_list_locks[i], &dflags);
08730 #endif
08731         }
08732         rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
08733                      tmp_count, fd_sum);
08734         /* free access to device_list_head */
08735         total_sum += fd_sum;
08736 
08737         /* dev lists */
08738         tmp_count = rsbac_list_count(dev_handles.gen);
08739         rsbac_printk(KERN_INFO "DEV items: %lu GEN", tmp_count);
08740         dev_sum += tmp_count;
08741 #if defined(CONFIG_RSBAC_MAC)
08742         tmp_count = rsbac_list_count(dev_handles.mac);
08743         rsbac_printk(", %lu MAC", tmp_count);
08744         dev_sum += tmp_count;
08745 #endif
08746 #if defined(CONFIG_RSBAC_PM)
08747         tmp_count = rsbac_list_count(dev_handles.pm);
08748         rsbac_printk(", %lu PM", tmp_count);
08749         dev_sum += tmp_count;
08750 #endif
08751 #if defined(CONFIG_RSBAC_RC)
08752         tmp_count = rsbac_list_count(dev_major_handles.rc);
08753         rsbac_printk(", %lu major RC", tmp_count);
08754         dev_sum += tmp_count;
08755         tmp_count = rsbac_list_count(dev_handles.rc);
08756         rsbac_printk(", %lu RC", tmp_count);
08757         dev_sum += tmp_count;
08758 #endif
08759         rsbac_printk("\n");
08760         rsbac_printk(KERN_INFO "Sum of %lu DEV items\n", dev_sum);
08761         total_sum += dev_sum;
08762 
08763         /* ipc lists */
08764         rsbac_printk(KERN_INFO "IPC items: no GEN");
08765 #if defined(CONFIG_RSBAC_MAC)
08766         tmp_count = rsbac_list_count(ipc_handles.mac);
08767         rsbac_printk(", %lu MAC", tmp_count);
08768         ipc_sum += tmp_count;
08769 #endif
08770 #if defined(CONFIG_RSBAC_PM)
08771         tmp_count = rsbac_list_count(ipc_handles.pm);
08772         rsbac_printk(", %lu PM", tmp_count);
08773         ipc_sum += tmp_count;
08774 #endif
08775 #if defined(CONFIG_RSBAC_RC)
08776         tmp_count = rsbac_list_count(ipc_handles.rc);
08777         rsbac_printk(", %lu RC", tmp_count);
08778         ipc_sum += tmp_count;
08779 #endif
08780 #if defined(CONFIG_RSBAC_JAIL)
08781         tmp_count = rsbac_list_count(ipc_handles.jail);
08782         rsbac_printk(", %lu JAIL", tmp_count);
08783         ipc_sum += tmp_count;
08784 #endif
08785         rsbac_printk("\n");
08786         rsbac_printk(KERN_INFO "Sum of %lu IPC items\n", ipc_sum);
08787         total_sum += ipc_sum;
08788 
08789         /* user lists */
08790         tmp_count = rsbac_list_count(user_handles.gen);
08791         rsbac_printk(KERN_INFO "USER items: %lu GEN", tmp_count);
08792         user_sum += tmp_count;
08793 #if defined(CONFIG_RSBAC_MAC)
08794         tmp_count = rsbac_list_count(user_handles.mac);
08795         rsbac_printk(", %lu MAC", tmp_count);
08796         user_sum += tmp_count;
08797 #endif
08798 #if defined(CONFIG_RSBAC_PM)
08799         tmp_count = rsbac_list_count(user_handles.pm);
08800         rsbac_printk(", %lu PM", tmp_count);
08801         user_sum += tmp_count;
08802 #endif
08803 #if defined(CONFIG_RSBAC_DAZ)
08804         tmp_count = rsbac_list_count(user_handles.daz);
08805         rsbac_printk(", %lu DAZ", tmp_count);
08806         user_sum += tmp_count;
08807 #endif
08808 #if defined(CONFIG_RSBAC_RC)
08809         tmp_count = rsbac_list_count(user_handles.rc);
08810         rsbac_printk(", %lu RC", tmp_count);
08811         user_sum += tmp_count;
08812 #endif
08813 #if defined(CONFIG_RSBAC_AUTH)
08814         tmp_count = rsbac_list_count(user_handles.auth);
08815         rsbac_printk(", %lu AUTH", tmp_count);
08816         user_sum += tmp_count;
08817 #endif
08818 #if defined(CONFIG_RSBAC_CAP)
08819         tmp_count = rsbac_list_count(user_handles.cap);
08820         rsbac_printk(", %lu CAP", tmp_count);
08821         user_sum += tmp_count;
08822 #endif
08823 #if defined(CONFIG_RSBAC_JAIL)
08824         tmp_count = rsbac_list_count(user_handles.jail);
08825         rsbac_printk(", %lu JAIL", tmp_count);
08826         user_sum += tmp_count;
08827 #endif
08828 #if defined(CONFIG_RSBAC_RES)
08829         tmp_count = rsbac_list_count(user_handles.res);
08830         rsbac_printk(", %lu RES", tmp_count);
08831         user_sum += tmp_count;
08832 #endif
08833 #if defined(CONFIG_RSBAC_PAX)
08834         tmp_count = rsbac_list_count(user_handles.pax);
08835         rsbac_printk(", %lu PAX", tmp_count);
08836         user_sum += tmp_count;
08837 #endif
08838         rsbac_printk("\n");
08839         rsbac_printk(KERN_INFO "Sum of %lu USER items\n", user_sum);
08840         total_sum += user_sum;
08841 
08842         /* process lists */
08843         tmp_count = rsbac_list_count(process_handles.gen);
08844         rsbac_printk(KERN_INFO "PROCESS items: %lu GEN", tmp_count);
08845         process_sum += tmp_count;
08846 #if defined(CONFIG_RSBAC_MAC)
08847         tmp_count = rsbac_list_count(process_handles.mac);
08848         rsbac_printk(", %lu MAC", tmp_count);
08849         process_sum += tmp_count;
08850 #endif
08851 #if defined(CONFIG_RSBAC_PM)
08852         tmp_count = rsbac_list_count(process_handles.pm);
08853         rsbac_printk(", %lu PM", tmp_count);
08854         process_sum += tmp_count;
08855 #endif
08856 #if defined(CONFIG_RSBAC_DAZ)
08857         tmp_count = rsbac_list_count(process_handles.daz);
08858         rsbac_printk(", %lu DAZ", tmp_count);
08859         process_sum += tmp_count;
08860 #endif
08861 #if defined(CONFIG_RSBAC_RC)
08862         tmp_count = rsbac_list_count(process_handles.rc);
08863         rsbac_printk(", %lu RC", tmp_count);
08864         process_sum += tmp_count;
08865 #endif
08866 #if defined(CONFIG_RSBAC_AUTH)
08867         tmp_count = rsbac_list_count(process_handles.auth);
08868         rsbac_printk(", %lu AUTH", tmp_count);
08869         process_sum += tmp_count;
08870 #endif
08871 #if defined(CONFIG_RSBAC_CAP)
08872         tmp_count = rsbac_list_count(process_handles.cap);
08873         rsbac_printk(", %lu CAP", tmp_count);
08874         process_sum += tmp_count;
08875 #endif
08876 #if defined(CONFIG_RSBAC_JAIL)
08877         tmp_count = rsbac_list_count(process_handles.jail);
08878         rsbac_printk(", %lu JAIL", tmp_count);
08879         process_sum += tmp_count;
08880 #endif
08881         rsbac_printk("\n");
08882         rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n", process_sum);
08883         total_sum += process_sum;
08884 
08885 #if defined(CONFIG_RSBAC_UM)
08886         /* group lists */
08887         rsbac_printk(KERN_INFO "GROUP items: ");
08888 #if defined(CONFIG_RSBAC_RC_UM_PROT)
08889         tmp_count = rsbac_list_count(group_handles.rc);
08890         rsbac_printk("%lu RC", tmp_count);
08891         user_sum += tmp_count;
08892 #endif
08893         rsbac_printk("\n");
08894         rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n", group_sum);
08895         total_sum += group_sum;
08896 #endif
08897 
08898 #if defined(CONFIG_RSBAC_NET_OBJ)
08899         /* nettemp lists */
08900         rsbac_printk(KERN_INFO "NETTEMP items: ");
08901 #if defined(CONFIG_RSBAC_MAC)
08902         tmp_count = rsbac_list_count(nettemp_handles.mac);
08903         rsbac_printk("%lu MAC, ", tmp_count);
08904         nettemp_sum += tmp_count;
08905 #endif
08906 #if defined(CONFIG_RSBAC_PM)
08907         tmp_count = rsbac_list_count(nettemp_handles.pm);
08908         rsbac_printk("%lu PM, ", tmp_count);
08909         nettemp_sum += tmp_count;
08910 #endif
08911 #if defined(CONFIG_RSBAC_RC)
08912         tmp_count = rsbac_list_count(nettemp_handles.rc);
08913         rsbac_printk("%lu RC, ", tmp_count);
08914         nettemp_sum += tmp_count;
08915 #endif
08916         rsbac_printk("\n");
08917         rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n", nettemp_sum);
08918         total_sum += nettemp_sum;
08919 
08920         /* local netobj lists */
08921         rsbac_printk(KERN_INFO "Local NETOBJ items:");
08922 #if defined(CONFIG_RSBAC_MAC)
08923         tmp_count = rsbac_list_count(lnetobj_handles.mac);
08924         rsbac_printk(" %lu MAC,", tmp_count);
08925         lnetobj_sum += tmp_count;
08926 #endif
08927 #if defined(CONFIG_RSBAC_PM)
08928         tmp_count = rsbac_list_count(lnetobj_handles.pm);
08929         rsbac_printk(" %lu PM,", tmp_count);
08930         lnetobj_sum += tmp_count;
08931 #endif
08932 #if defined(CONFIG_RSBAC_RC)
08933         tmp_count = rsbac_list_count(lnetobj_handles.rc);
08934         rsbac_printk(" %lu RC", tmp_count);
08935         lnetobj_sum += tmp_count;
08936 #endif
08937         rsbac_printk("\n");
08938         rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
08939                      lnetobj_sum);
08940         total_sum += lnetobj_sum;
08941 
08942         /* remote netobj lists */
08943         rsbac_printk(KERN_INFO "Remote NETOBJ items:");
08944 #if defined(CONFIG_RSBAC_MAC)
08945         tmp_count = rsbac_list_count(rnetobj_handles.mac);
08946         rsbac_printk(" %lu MAC,", tmp_count);
08947         rnetobj_sum += tmp_count;
08948 #endif
08949 #if defined(CONFIG_RSBAC_PM)
08950         tmp_count = rsbac_list_count(rnetobj_handles.pm);
08951         rsbac_printk(" %lu PM,", tmp_count);
08952         rnetobj_sum += tmp_count;
08953 #endif
08954 #if defined(CONFIG_RSBAC_RC)
08955         tmp_count = rsbac_list_count(rnetobj_handles.rc);
08956         rsbac_printk(" %lu RC", tmp_count);
08957         rnetobj_sum += tmp_count;
08958 #endif
08959         rsbac_printk("\n");
08960         rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
08961                      rnetobj_sum);
08962         total_sum += rnetobj_sum;
08963 #endif                          /* NET_OBJ */
08964 
08965         rsbac_printk(KERN_INFO "Total of %lu registered rsbac-items\n", total_sum);
08966 
08967         rsbac_printk(KERN_INFO "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n",
08968                      rsbac_adf_request_count[T_FILE],
08969                      rsbac_adf_request_count[T_DIR],
08970                      rsbac_adf_request_count[T_FIFO],
08971                      rsbac_adf_request_count[T_SYMLINK],
08972                      rsbac_adf_request_count[T_DEV],
08973                      rsbac_adf_request_count[T_IPC],
08974                      rsbac_adf_request_count[T_SCD],
08975                      rsbac_adf_request_count[T_USER],
08976                      rsbac_adf_request_count[T_PROCESS],
08977                      rsbac_adf_request_count[T_NETDEV],
08978                      rsbac_adf_request_count[T_NETTEMP],
08979                      rsbac_adf_request_count[T_NETOBJ],
08980                      rsbac_adf_request_count[T_UNIXSOCK]);
08981         rsbac_printk(KERN_INFO "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n",
08982                      rsbac_adf_set_attr_count[T_FILE],
08983                      rsbac_adf_set_attr_count[T_DIR],
08984                      rsbac_adf_set_attr_count[T_FIFO],
08985                      rsbac_adf_set_attr_count[T_SYMLINK],
08986                      rsbac_adf_set_attr_count[T_DEV],
08987                      rsbac_adf_set_attr_count[T_IPC],
08988                      rsbac_adf_set_attr_count[T_SCD],
08989                      rsbac_adf_set_attr_count[T_USER],
08990                      rsbac_adf_set_attr_count[T_PROCESS],
08991                      rsbac_adf_set_attr_count[T_NETDEV],
08992                      rsbac_adf_set_attr_count[T_NETTEMP],
08993                      rsbac_adf_set_attr_count[T_NETOBJ],
08994                      rsbac_adf_set_attr_count[T_UNIXSOCK]);
08995 
08996 #if defined(CONFIG_RSBAC_PM)
08997         rsbac_stats_pm();
08998 #endif
08999 #if defined(CONFIG_RSBAC_RC)
09000         rsbac_stats_rc();
09001 #endif
09002 #if defined(CONFIG_RSBAC_AUTH)
09003         rsbac_stats_auth();
09004 #endif
09005 #if defined(CONFIG_RSBAC_ACL)
09006         rsbac_stats_acl();
09007 #endif
09008         return 0;
09009 }

int rsbac_ta_get_attr ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value,
rsbac_boolean_t  inherit 
)

Definition at line 11442 of file aci_data_structures.c.

References rsbac_target_id_t::dev, get_attr_dev(), get_attr_fd(), get_attr_ipc(), get_attr_process(), get_attr_user(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_lol_get_subdata(), rsbac_list_lol_subadd_ttl(), rsbac_pr_debug, rsbac_printk(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, T_UNIXSOCK, T_USER, and TRUE.

Referenced by rsbac_pm(), sys_rsbac_get_attr(), and sys_rsbac_get_attr_n().

11449 {
11450         int err = 0;
11451 
11452         if (!rsbac_initialized) {
11453                 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
11454                 return (-RSBAC_ENOTINITIALIZED);
11455         }
11456         if (!value_p)
11457                 return (-RSBAC_EINVALIDPOINTER);
11458         if (in_interrupt()) {
11459                 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
11460         }
11461 #ifdef CONFIG_RSBAC_XSTATS
11462         get_attr_count[target]++;
11463 #endif
11464         switch (target) {
11465         case T_FILE:
11466         case T_DIR:
11467         case T_FIFO:
11468         case T_SYMLINK:
11469         case T_UNIXSOCK:
11470 #ifdef CONFIG_RSBAC_FD_CACHE
11471                 if (inherit && !ta_number && fd_cache_handle[module] && (RSBAC_MAJOR(tid.file.device) > 1)) {
11472                         struct rsbac_fd_cache_desc_t fd_desc;
11473                         rsbac_enum_t cache_attr = attr;
11474 
11475                         fd_desc.device = tid.file.device;
11476                         fd_desc.inode = tid.file.inode;
11477                         if (!rsbac_list_lol_get_subdata(fd_cache_handle[module],
11478                                                 &fd_desc, &cache_attr,
11479                                                 value_p)) {
11480 #ifdef CONFIG_RSBAC_XSTATS
11481                                 fd_cache_hits[module]++;
11482 #endif
11483                                 return 0;
11484                         }
11485                         err = get_attr_fd(0, module, target, &tid,
11486                                    attr, value_p, TRUE);
11487                         if (!err) {
11488 #if 0
11489                                 rsbac_pr_debug(auto, "Adding fd cache item device %02u:%02u inode %u attr %u\n",
11490                                         RSBAC_MAJOR(fd_desc.device), RSBAC_MINOR(fd_desc.device),
11491                                         fd_desc.inode, attr);
11492 #endif
11493                                 rsbac_list_lol_subadd_ttl(fd_cache_handle[module],
11494                                                 rsbac_fd_cache_ttl,
11495                                                 &fd_desc, &cache_attr,
11496                                                 value_p);
11497 #ifdef CONFIG_RSBAC_XSTATS
11498                                 fd_cache_misses[module]++;
11499 #endif
11500                         }
11501                         return err;
11502                 }
11503 #endif
11504 
11505                 return get_attr_fd(ta_number, module, target, &tid,
11506                                    attr, value_p, inherit);
11507 
11508         case T_DEV:
11509                 return get_attr_dev(ta_number, module, target, tid.dev,
11510                                     attr, value_p, inherit);
11511 
11512         case T_IPC:
11513                 return get_attr_ipc(ta_number, module, target, &tid,
11514                                     attr, value_p, inherit);
11515 
11516         case T_USER:
11517                 return get_attr_user(ta_number, module, target, &tid,
11518                                      attr, value_p, inherit);
11519 
11520         case T_PROCESS:
11521                 return get_attr_process(ta_number, module, target, &tid,
11522                                         attr, value_p, inherit);
11523 
11524 #ifdef CONFIG_RSBAC_UM
11525         case T_GROUP:
11526                 return get_attr_group(ta_number, module, target, &tid,
11527                                       attr, value_p, inherit);
11528 #endif                          /* CONFIG_RSBAC_UM */
11529 
11530 #ifdef CONFIG_RSBAC_NET_DEV
11531         case T_NETDEV:
11532                 return get_attr_netdev(ta_number, module, target, &tid,
11533                                        attr, value_p, inherit);
11534 #endif
11535 
11536 #ifdef CONFIG_RSBAC_NET_OBJ
11537         case T_NETTEMP:
11538                 return get_attr_nettemp(ta_number, module, target, &tid,
11539                                         attr, value_p, inherit);
11540 
11541         case T_NETOBJ:
11542                 return get_attr_netobj(ta_number, module, target, &tid,
11543                                        attr, value_p, inherit);
11544 #endif
11545 
11546                 /* switch target: no valid target */
11547         default:
11548                 return -RSBAC_EINVALIDTARGET;
11549         }
11550 
11551         return err;
11552 }

int rsbac_ta_list_all_dev ( rsbac_list_ta_number_t  ta_number,
struct rsbac_dev_desc_t **  id_pp 
)

Definition at line 14188 of file aci_data_structures.c.

References D_block, D_block_major, dev_handles, dev_major_handles, NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_exist(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc.

Referenced by sys_rsbac_list_all_dev().

14190 {
14191         int count = 0;
14192         int tmp_count;
14193 
14194         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen);
14195         if (tmp_count > 0)
14196                 count += tmp_count;
14197 #if defined(CONFIG_RSBAC_MAC)
14198         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac);
14199         if (tmp_count > 0)
14200                 count += tmp_count;
14201 #endif
14202 #if defined(CONFIG_RSBAC_PM)
14203         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm);
14204         if (tmp_count > 0)
14205                 count += tmp_count;
14206 #endif
14207 #if defined(CONFIG_RSBAC_RC)
14208         tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc);
14209         if (tmp_count > 0)
14210                 count += tmp_count;
14211         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc);
14212         if (tmp_count > 0)
14213                 count += tmp_count;
14214 #endif
14215         if (id_pp) {
14216                 struct rsbac_dev_desc_t *i_id_p = NULL;
14217                 char *pos = NULL;
14218 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC)
14219                 u_int i;
14220 #endif
14221 
14222                 if (count > 0) {
14223                         int i_count = 0;
14224 
14225                         i_count = count + 20;   /* max value to expect */
14226                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14227                         if (!*id_pp)
14228                                 return -RSBAC_ENOMEM;
14229                         pos = (char *) *id_pp;
14230                         tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14231                                                                dev_handles.
14232                                                                gen,
14233                                                                (void **)
14234                                                                &i_id_p);
14235                         if (tmp_count > 0) {
14236                                 if (tmp_count > i_count)
14237                                         tmp_count = i_count;
14238                                 memcpy(pos, i_id_p,
14239                                        tmp_count * sizeof(*i_id_p));
14240                                 rsbac_vfree(i_id_p);
14241                                 count = tmp_count;
14242                                 i_count -= tmp_count;
14243                                 pos += tmp_count * sizeof(*i_id_p);
14244                         } else
14245                                 count = 0;
14246 #if defined(CONFIG_RSBAC_MAC)
14247                         if (i_count) {
14248                                 tmp_count =
14249                                     rsbac_ta_list_get_all_desc(ta_number,
14250                                                                dev_handles.
14251                                                                mac,
14252                                                                (void **)
14253                                                                &i_id_p);
14254                                 if (tmp_count > 0) {
14255                                         if (tmp_count > i_count)
14256                                                 tmp_count = i_count;
14257                                         for (i = 0; i < tmp_count; i++) {
14258                                                 if (!rsbac_ta_list_exist
14259                                                     (ta_number,
14260                                                      dev_handles.gen,
14261                                                      &i_id_p[i])) {
14262                                                         memcpy(pos,
14263                                                                &i_id_p[i],
14264                                                                sizeof
14265                                                                (*i_id_p));
14266                                                         pos +=
14267                                                             sizeof
14268                                                             (*i_id_p);
14269                                                         count++;
14270                                                         i_count--;
14271                                                 }
14272                                         }
14273                                         rsbac_vfree(i_id_p);
14274                                 }
14275                         }
14276 #endif
14277 #if defined(CONFIG_RSBAC_PM)
14278                         if (i_count) {
14279                                 tmp_count =
14280                                     rsbac_ta_list_get_all_desc(ta_number,
14281                                                                dev_handles.
14282                                                                pm,
14283                                                                (void **)
14284                                                                &i_id_p);
14285                                 if (tmp_count > 0) {
14286                                         if (tmp_count > i_count)
14287                                                 tmp_count = i_count;
14288                                         for (i = 0; i < tmp_count; i++) {
14289                                                 if (!rsbac_ta_list_exist
14290                                                     (ta_number,
14291                                                      dev_handles.gen,
14292                                                      &i_id_p[i]))
14293 #if defined(CONFIG_RSBAC_MAC)
14294                                                         if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14295 #endif
14296                                                         {
14297                                                                 memcpy(pos,
14298                                                                        &i_id_p
14299                                                                        [i],
14300                                                                        sizeof
14301                                                                        (*i_id_p));
14302                                                                 pos +=
14303                                                                     sizeof
14304                                                                     (*i_id_p);
14305                                                                 count++;
14306                                                                 i_count--;
14307                                                         }
14308                                         }
14309                                         rsbac_vfree(i_id_p);
14310                                 }
14311                         }
14312 #endif
14313 #if defined(CONFIG_RSBAC_RC)
14314                         if (i_count) {
14315                                 tmp_count =
14316                                     rsbac_ta_list_get_all_desc(ta_number,
14317                                                                dev_major_handles.
14318                                                                rc,
14319                                                                (void **)
14320                                                                &i_id_p);
14321                                 if (tmp_count > 0) {
14322                                         if (tmp_count > i_count)
14323                                                 tmp_count = i_count;
14324                                         for (i = 0; i < tmp_count; i++) {
14325                                                 i_id_p[i].type +=
14326                                                     (D_block_major -
14327                                                      D_block);
14328                                                 memcpy(pos, &i_id_p[i],
14329                                                        sizeof(*i_id_p));
14330                                                 pos += sizeof(*i_id_p);
14331                                                 count++;
14332                                                 i_count--;
14333                                         }
14334                                         rsbac_vfree(i_id_p);
14335                                 }
14336                         }
14337                         if (i_count) {
14338                                 tmp_count =
14339                                     rsbac_ta_list_get_all_desc(ta_number,
14340                                                                dev_handles.
14341                                                                rc,
14342                                                                (void **)
14343                                                                &i_id_p);
14344                                 if (tmp_count > 0) {
14345                                         if (tmp_count > i_count)
14346                                                 tmp_count = i_count;
14347                                         for (i = 0; i < tmp_count; i++) {
14348                                                 if (!rsbac_ta_list_exist
14349                                                     (ta_number,
14350                                                      dev_handles.gen,
14351                                                      &i_id_p[i]))
14352 #if defined(CONFIG_RSBAC_MAC)
14353                                                         if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14354 #endif
14355 #if defined(CONFIG_RSBAC_PM)
14356                                                                 if (!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i]))
14357 #endif
14358                                                                 {
14359                                                                         memcpy
14360                                                                             (pos,
14361                                                                              &i_id_p
14362                                                                              [i],
14363                                                                              sizeof
14364                                                                              (*i_id_p));
14365                                                                         pos += sizeof(*i_id_p);
14366                                                                         count++;
14367                                                                         i_count--;
14368                                                                 }
14369                                         }
14370                                         rsbac_vfree(i_id_p);
14371                                 }
14372                         }
14373 #endif
14374                         if (!count)
14375                                 rsbac_vfree(*id_pp);
14376                 }
14377         }
14378         return count;
14379 }

int rsbac_ta_list_all_group ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t **  id_pp 
)

Definition at line 14657 of file aci_data_structures.c.

References NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc.

Referenced by sys_rsbac_list_all_group().

14659 {
14660 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14661         int count = 0;
14662         int tmp_count;
14663 
14664         tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc);
14665         if (tmp_count > 0)
14666                 count += tmp_count;
14667         if (id_pp) {
14668                 if (count > 0) {
14669                         int i_count;
14670                         rsbac_gid_t *i_id_p = NULL;
14671 
14672                         i_count = count + 20;   /* max value to expect */
14673                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14674                         if (!*id_pp)
14675                                 return -RSBAC_ENOMEM;
14676                         tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14677                                                                group_handles.
14678                                                                rc,
14679                                                                (void **)
14680                                                                &i_id_p);
14681                         if (tmp_count > 0) {
14682                                 if (tmp_count > i_count)
14683                                         tmp_count = i_count;
14684                                 memcpy(*id_pp, i_id_p,
14685                                        tmp_count * sizeof(*i_id_p));
14686                                 rsbac_vfree(i_id_p);
14687                                 count = tmp_count;
14688                                 i_count -= tmp_count;
14689                         } else
14690                                 count = 0;
14691                         if (!count)
14692                                 rsbac_vfree(*id_pp);
14693                 }
14694         }
14695         return count;
14696 #else
14697         return 0;
14698 #endif
14699 }

int rsbac_ta_list_all_ipc ( rsbac_list_ta_number_t  ta_number,
struct rsbac_ipc_t **  id_pp 
)

Definition at line 14599 of file aci_data_structures.c.

References copy_new_ipcs(), ipc_handles, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_vfree, and rsbac_vmalloc.

Referenced by sys_rsbac_list_all_ipc().

14601 {
14602         int count = 0;
14603         int tmp_count;
14604 
14605 #if defined(CONFIG_RSBAC_MAC)
14606         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.mac);
14607         if (tmp_count > 0)
14608                 count += tmp_count;
14609 #endif
14610 #if defined(CONFIG_RSBAC_PM)
14611         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.pm);
14612         if (tmp_count > 0)
14613                 count += tmp_count;
14614 #endif
14615 #if defined(CONFIG_RSBAC_RC)
14616         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.rc);
14617         if (tmp_count > 0)
14618                 count += tmp_count;
14619 #endif
14620 #if defined(CONFIG_RSBAC_JAIL)
14621         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.jail);
14622         if (tmp_count > 0)
14623                 count += tmp_count;
14624 #endif
14625         if (id_pp) {
14626                 if (count > 0) {
14627                         int i_count;
14628 
14629                         i_count = count + 20;   /* max value to expect */
14630                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14631                         if (!*id_pp)
14632                                 return -RSBAC_ENOMEM;
14633                         count = 0;
14634 #if defined(CONFIG_RSBAC_MAC)
14635                         copy_new_ipcs(ipc_handles.mac, ta_number, &count,
14636                                       &i_count, *id_pp);
14637 #endif
14638 #if defined(CONFIG_RSBAC_PM)
14639                         copy_new_ipcs(ipc_handles.pm, ta_number, &count,
14640                                       &i_count, *id_pp);
14641 #endif
14642 #if defined(CONFIG_RSBAC_RC)
14643                         copy_new_ipcs(ipc_handles.rc, ta_number, &count,
14644                                       &i_count, *id_pp);
14645 #endif
14646 #if defined(CONFIG_RSBAC_JAIL)
14647                         copy_new_ipcs(ipc_handles.jail, ta_number, &count,
14648                                       &i_count, *id_pp);
14649 #endif
14650                         if (!count)
14651                                 rsbac_vfree(*id_pp);
14652                 }
14653         }
14654         return count;
14655 }

int rsbac_ta_list_all_user ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t **  id_pp 
)

Definition at line 14425 of file aci_data_structures.c.

References copy_new_uids(), NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, rsbac_vmalloc, and user_handles.

Referenced by sys_rsbac_list_all_user().

14427 {
14428         int count = 0;
14429         int tmp_count;
14430 
14431         tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen);
14432         if (tmp_count > 0)
14433                 count += tmp_count;
14434 #if defined(CONFIG_RSBAC_MAC)
14435         tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac);
14436         if (tmp_count > 0)
14437                 count += tmp_count;
14438 #endif
14439 #if defined(CONFIG_RSBAC_PM)
14440         tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm);
14441         if (tmp_count > 0)
14442                 count += tmp_count;
14443 #endif
14444 #if defined(CONFIG_RSBAC_DAZ)
14445         tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz);
14446         if (tmp_count > 0)
14447                 count += tmp_count;
14448 #endif
14449 #if defined(CONFIG_RSBAC_FF)
14450         tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff);
14451         if (tmp_count > 0)
14452                 count += tmp_count;
14453 #endif
14454 #if defined(CONFIG_RSBAC_RC)
14455         tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc);
14456         if (tmp_count > 0)
14457                 count += tmp_count;
14458 #endif
14459 #if defined(CONFIG_RSBAC_AUTH)
14460         tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth);
14461         if (tmp_count > 0)
14462                 count += tmp_count;
14463 #endif
14464 #if defined(CONFIG_RSBAC_CAP)
14465         tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap);
14466         if (tmp_count > 0)
14467                 count += tmp_count;
14468 #endif
14469 #if defined(CONFIG_RSBAC_JAIL)
14470         tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail);
14471         if (tmp_count > 0)
14472                 count += tmp_count;
14473 #endif
14474 #if defined(CONFIG_RSBAC_PAX)
14475         tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax);
14476         if (tmp_count > 0)
14477                 count += tmp_count;
14478 #endif
14479 #if defined(CONFIG_RSBAC_RES)
14480         tmp_count = rsbac_ta_list_count(ta_number, user_handles.res);
14481         if (tmp_count > 0)
14482                 count += tmp_count;
14483 #endif
14484         if (id_pp) {
14485                 if (count > 0) {
14486                         int i_count;
14487                         rsbac_uid_t *i_id_p = NULL;
14488 
14489                         i_count = count + 20;   /* max value to expect */
14490                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14491                         if (!*id_pp)
14492                                 return -RSBAC_ENOMEM;
14493                         tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14494                                                                user_handles.
14495                                                                gen,
14496                                                                (void **)
14497                                                                &i_id_p);
14498                         if (tmp_count > 0) {
14499                                 if (tmp_count > i_count)
14500                                         tmp_count = i_count;
14501                                 memcpy(*id_pp, i_id_p,
14502                                        tmp_count * sizeof(*i_id_p));
14503                                 rsbac_vfree(i_id_p);
14504                                 count = tmp_count;
14505                                 i_count -= tmp_count;
14506                         } else
14507                                 count = 0;
14508 #if defined(CONFIG_RSBAC_MAC)
14509                         copy_new_uids(user_handles.mac, ta_number, &count,
14510                                       &i_count, *id_pp);
14511 #endif
14512 #if defined(CONFIG_RSBAC_PM)
14513                         copy_new_uids(user_handles.pm, ta_number, &count,
14514                                       &i_count, *id_pp);
14515 #endif
14516 #if defined(CONFIG_RSBAC_DAZ)
14517                         copy_new_uids(user_handles.daz, ta_number, &count,
14518                                       &i_count, *id_pp);
14519 #endif
14520 #if defined(CONFIG_RSBAC_FF)
14521                         copy_new_uids(user_handles.ff, ta_number, &count,
14522                                       &i_count, *id_pp);
14523 #endif
14524 #if defined(CONFIG_RSBAC_RC)
14525                         copy_new_uids(user_handles.rc, ta_number, &count,
14526                                       &i_count, *id_pp);
14527 #endif
14528 #if defined(CONFIG_RSBAC_AUTH)
14529                         copy_new_uids(user_handles.auth, ta_number, &count,
14530                                       &i_count, *id_pp);
14531 #endif
14532 #if defined(CONFIG_RSBAC_CAP)
14533                         copy_new_uids(user_handles.cap, ta_number, &count,
14534                                       &i_count, *id_pp);
14535 #endif
14536 #if defined(CONFIG_RSBAC_JAIL)
14537                         copy_new_uids(user_handles.jail, ta_number, &count,
14538                                       &i_count, *id_pp);
14539 #endif
14540 #if defined(CONFIG_RSBAC_PAX)
14541                         copy_new_uids(user_handles.pax, ta_number, &count,
14542                                       &i_count, *id_pp);
14543 #endif
14544 #if defined(CONFIG_RSBAC_RES)
14545                         copy_new_uids(user_handles.res, ta_number, &count,
14546                                       &i_count, *id_pp);
14547 #endif
14548                         if (!count)
14549                                 rsbac_vfree(*id_pp);
14550                 }
14551         }
14552         return count;
14553 }

int rsbac_ta_remove_target ( rsbac_list_ta_number_t  ta_number,
enum rsbac_target_t  target,
union rsbac_target_id_t  tid 
)

Definition at line 13760 of file aci_data_structures.c.

References D_block, D_block_major, D_char, D_char_major, rsbac_target_id_t::dev, dev_handles, dev_major_handles, device_hash(), device_list_locks, rsbac_target_id_t::group, rsbac_target_id_t::ipc, ipc_handles, lookup_device(), rsbac_target_id_t::netdev, rsbac_target_id_t::netobj, rsbac_target_id_t::nettemp, NULL, rsbac_target_id_t::process, process_handles, rsbac_acl_remove_acl(), rsbac_auth_remove_f_capsets(), rsbac_auth_remove_p_capsets(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_mac_remove_f_trusets(), rsbac_mac_remove_p_trusets(), rsbac_mount(), rsbac_printk(), rsbac_ta_list_remove(), rsbac_net_obj_desc_t::sock_p, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SYMLINK, T_UNIXSOCK, T_USER, rsbac_dev_desc_t::type, rsbac_target_id_t::user, and user_handles.

Referenced by rsbac_pm(), sys_rsbac_remove_target(), and sys_rsbac_remove_target_n().

13763 {
13764         int error = 0;
13765         struct rsbac_device_list_item_t *device_p;
13766 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
13767         u_long dflags;
13768 #endif
13769         u_int hash;
13770 
13771         if (!rsbac_initialized) {
13772                 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
13773                 return (-RSBAC_ENOTINITIALIZED);
13774         }
13775         if (in_interrupt()) {
13776                 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n");
13777         }
13778         switch (target) {
13779         case T_FILE:
13780         case T_DIR:
13781         case T_FIFO:
13782         case T_SYMLINK:
13783         case T_UNIXSOCK:
13784                 /* rsbac_pr_debug(ds, "Removing file/dir/fifo/symlink ACI\n"); */
13785 #if defined(CONFIG_RSBAC_MAC)
13786                 /* file and dir items can also have mac_f_trusets -> remove first */
13787                 if ((target == T_FILE)
13788                     || (target == T_DIR)
13789                     )
13790                         error = rsbac_mac_remove_f_trusets(tid.file);
13791 #endif
13792 #if defined(CONFIG_RSBAC_AUTH)
13793                 /* file and dir items can also have auth_f_capsets -> remove first */
13794                 if ((target == T_FILE)
13795                     || (target == T_DIR)
13796                     )
13797                         error = rsbac_auth_remove_f_capsets(tid.file);
13798 #endif
13799 #if defined(CONFIG_RSBAC_ACL)
13800                 /* items can also have an acl_fd_item -> remove first */
13801                 error = rsbac_acl_remove_acl(ta_number, target, tid);
13802 #endif
13803                 hash = device_hash(tid.file.device);
13804                 /* wait for read access to device_list_head */
13805 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13806                 rcu_read_lock();
13807 #else
13808                 rsbac_read_lock(&device_list_locks[hash], &dflags);
13809 #endif
13810 
13811                 /* lookup device */
13812                 device_p = lookup_device(tid.file.device, hash);
13813                 if (!device_p) {
13814                         struct super_block *sb_p;
13815 
13816 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13817                         rcu_read_unlock();
13818 #else
13819                         rsbac_read_unlock(&device_list_locks[hash], &dflags);
13820 #endif
13821 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13822                         sb_p = user_get_super(tid.file.device);
13823 #else
13824                         sb_p = get_super(tid.file.device);
13825 #endif
13826                         if (sb_p) {
13827                                 if(RSBAC_MAJOR(tid.file.device) <= 1) {
13828                                         rsbac_printk(KERN_INFO "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
13829                                              RSBAC_MAJOR(tid.file.device),
13830                                              RSBAC_MINOR(tid.file.device));
13831                                         rsbac_mount(sb_p, NULL);
13832                                 }
13833                                 /* free super_block pointer */
13834                                 drop_super(sb_p);
13835 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13836                                 rcu_read_lock();
13837 #else
13838                                 rsbac_read_lock(&device_list_locks[hash],
13839                                                 &dflags);
13840 #endif
13841                                 device_p = lookup_device(tid.file.device, hash);
13842                                 if (!device_p) {
13843 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13844                                         rcu_read_unlock();
13845 #else
13846                                         rsbac_read_unlock
13847                                             (&device_list_locks[hash],
13848                                              &dflags);
13849 #endif
13850                                         rsbac_printk(KERN_WARNING "rsbac_remove_target(): unknown device %02u:%02u\n",
13851                                                      RSBAC_MAJOR(tid.file.
13852                                                                  device),
13853                                                      RSBAC_MINOR(tid.file.
13854                                                                  device));
13855                                         return -RSBAC_EINVALIDDEV;
13856                                 }
13857                         } else
13858                                 return -RSBAC_EINVALIDDEV;
13859                 }
13860                 rsbac_ta_list_remove(ta_number,
13861                                      device_p->handles.gen,
13862                                      &tid.file.inode);
13863 #if defined(CONFIG_RSBAC_MAC)
13864                 rsbac_ta_list_remove(ta_number,
13865                                      device_p->handles.mac,
13866                                      &tid.file.inode);
13867 #endif
13868 #if defined(CONFIG_RSBAC_PM)
13869                 rsbac_ta_list_remove(ta_number,
13870                                      device_p->handles.pm,
13871                                      &tid.file.inode);
13872 #endif
13873 #if defined(CONFIG_RSBAC_DAZ)
13874                 rsbac_ta_list_remove(ta_number,
13875                                      device_p->handles.daz,
13876                                      &tid.file.inode);
13877 #if defined(CONFIG_RSBAC_DAZ_CACHE)
13878                 rsbac_ta_list_remove(ta_number,
13879                                      device_p->handles.dazs,
13880                                      &tid.file.inode);
13881 #endif
13882 #endif
13883 #if defined(CONFIG_RSBAC_FF)
13884                 rsbac_ta_list_remove(ta_number,
13885                                      device_p->handles.ff,
13886                                      &tid.file.inode);
13887 #endif
13888 #if defined(CONFIG_RSBAC_RC)
13889                 rsbac_ta_list_remove(ta_number,
13890                                      device_p->handles.rc,
13891                                      &tid.file.inode);
13892 #endif
13893 #if defined(CONFIG_RSBAC_AUTH)
13894                 rsbac_ta_list_remove(ta_number,
13895                                      device_p->handles.auth,
13896                                      &tid.file.inode);
13897 #endif
13898 #if defined(CONFIG_RSBAC_CAP)
13899                 rsbac_ta_list_remove(ta_number,
13900                                      device_p->handles.cap,
13901                                      &tid.file.inode);
13902 #endif
13903 #if defined(CONFIG_RSBAC_PAX)
13904                 rsbac_ta_list_remove(ta_number,
13905                                      device_p->handles.pax,
13906                                      &tid.file.inode);
13907 #endif
13908 #if defined(CONFIG_RSBAC_RES)
13909                 rsbac_ta_list_remove(ta_number,
13910                                      device_p->handles.res,
13911                                      &tid.file.inode);
13912 #endif
13913 
13914                 /* free access to device_list_head */
13915 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13916                 rcu_read_unlock();
13917 #else
13918                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
13919 #endif
13920 #ifdef CONFIG_RSBAC_FD_CACHE
13921                 rsbac_fd_cache_invalidate(&tid.file);
13922 #endif
13923                 break;
13924 
13925         case T_DEV:
13926                 {
13927                   switch (tid.dev.type)
13928                     {
13929                       case D_block:
13930                       case D_char:
13931                         rsbac_ta_list_remove(ta_number,
13932                                          dev_handles.gen,
13933                                          &tid.dev);
13934 #if defined(CONFIG_RSBAC_MAC)
13935                         rsbac_ta_list_remove(ta_number,
13936                                          dev_handles.mac,
13937                                          &tid.dev);
13938 #endif
13939 #if defined(CONFIG_RSBAC_PM)
13940                         rsbac_ta_list_remove(ta_number,
13941                                          dev_handles.pm,
13942                                          &tid.dev);
13943 #endif
13944 #if defined(CONFIG_RSBAC_RC)
13945                         rsbac_ta_list_remove(ta_number,
13946                                          dev_handles.rc,
13947                                          &tid.dev);
13948 #endif
13949                         break;
13950                       case D_block_major:
13951                       case D_char_major:
13952                         {
13953                           enum rsbac_dev_type_t orig_devtype=tid.dev.type;
13954 
13955                           if (tid.dev.type==D_block_major)    
13956                             tid.dev.type=D_block;
13957                           else
13958                             tid.dev.type=D_char;
13959                           rsbac_ta_list_remove(ta_number,
13960                                            dev_major_handles.gen,
13961                                            &tid.dev);
13962 #if defined(CONFIG_RSBAC_MAC)
13963                           rsbac_ta_list_remove(ta_number,
13964                                            dev_major_handles.mac,
13965                                            &tid.dev);
13966 #endif
13967 #if defined(CONFIG_RSBAC_PM)
13968                           rsbac_ta_list_remove(ta_number,
13969                                            dev_major_handles.pm,
13970                                            &tid.dev);
13971 #endif
13972 #if defined(CONFIG_RSBAC_RC)
13973                           rsbac_ta_list_remove(ta_number,
13974                                            dev_major_handles.rc,
13975                                            &tid.dev);
13976 #endif
13977                           tid.dev.type=orig_devtype;
13978                           break;
13979                         }
13980                       default:
13981                         return -RSBAC_EINVALIDTARGET;
13982                     }
13983                 }
13984                 break;
13985 
13986         case T_IPC:
13987                 /* rsbac_pr_debug(ds, "Removing ipc ACI\n"); */
13988 #if defined(CONFIG_RSBAC_MAC)
13989                 rsbac_ta_list_remove(ta_number, ipc_handles.mac, &tid.ipc);
13990 #endif
13991 #if defined(CONFIG_RSBAC_PM)
13992                 rsbac_ta_list_remove(ta_number, ipc_handles.pm, &tid.ipc);
13993 #endif
13994 #if defined(CONFIG_RSBAC_RC)
13995                 rsbac_ta_list_remove(ta_number, ipc_handles.rc, &tid.ipc);
13996 #endif
13997 #if defined(CONFIG_RSBAC_JAIL)
13998                 rsbac_ta_list_remove(ta_number,
13999                                      ipc_handles.jail, &tid.ipc);
14000 #endif
14001                 break;
14002 
14003         case T_USER:
14004                 /* rsbac_pr_debug(ds, "Removing user ACI"); */
14005                 rsbac_ta_list_remove(ta_number,
14006                                      user_handles.gen, &tid.user);
14007 #if defined(CONFIG_RSBAC_MAC)
14008                 rsbac_ta_list_remove(ta_number,
14009                                      user_handles.mac, &tid.user);
14010 #endif
14011 #if defined(CONFIG_RSBAC_PM)
14012                 rsbac_ta_list_remove(ta_number,
14013                                      user_handles.pm, &tid.user);
14014 #endif
14015 #if defined(CONFIG_RSBAC_DAZ)
14016                 rsbac_ta_list_remove(ta_number,
14017                                      user_handles.daz, &tid.user);
14018 #endif
14019 #if defined(CONFIG_RSBAC_FF)
14020                 rsbac_ta_list_remove(ta_number,
14021                                      user_handles.ff, &tid.user);
14022 #endif
14023 #if defined(CONFIG_RSBAC_RC)
14024                 rsbac_ta_list_remove(ta_number,
14025                                      user_handles.rc, &tid.user);
14026 #endif
14027 #if defined(CONFIG_RSBAC_AUTH)
14028                 rsbac_ta_list_remove(ta_number,
14029                                      user_handles.auth, &tid.user);
14030 #endif
14031 #if defined(CONFIG_RSBAC_CAP)
14032                 rsbac_ta_list_remove(ta_number,
14033                                      user_handles.cap, &tid.user);
14034 #endif
14035 #if defined(CONFIG_RSBAC_JAIL)
14036                 rsbac_ta_list_remove(ta_number,
14037                                      user_handles.jail, &tid.user);
14038 #endif
14039 #if defined(CONFIG_RSBAC_PAX)
14040                 rsbac_ta_list_remove(ta_number,
14041                                      user_handles.pax, &tid.user);
14042 #endif
14043 #if defined(CONFIG_RSBAC_RES)
14044                 rsbac_ta_list_remove(ta_number,
14045                                      user_handles.res, &tid.user);
14046 #endif
14047                 break;
14048 
14049         case T_PROCESS:
14050 /* too noisy... kicked out.
14051                 rsbac_pr_debug(ds, "Removing process ACI\n");
14052 */
14053 #if defined(CONFIG_RSBAC_ACL)
14054                 /* process items can also have an acl_p_item -> remove first */
14055                 error = rsbac_acl_remove_acl(ta_number, target, tid);
14056 #endif
14057                 rsbac_ta_list_remove(ta_number,
14058                                      process_handles.gen,
14059                                      &tid.process);
14060 #if defined(CONFIG_RSBAC_MAC)
14061                 /* process items can also have mac_p_trusets -> remove first */
14062                 error = rsbac_mac_remove_p_trusets(tid.process);
14063                 rsbac_ta_list_remove(ta_number,
14064                                      process_handles.mac,
14065                                      &tid.process);
14066 #endif
14067 #if defined(CONFIG_RSBAC_PM)
14068                 rsbac_ta_list_remove(ta_number,
14069                                      process_handles.pm, &tid.process);
14070 #endif
14071 #if defined(CONFIG_RSBAC_DAZ)
14072                 rsbac_ta_list_remove(ta_number,
14073                                      process_handles.daz, &tid.process);
14074 #endif
14075 #if defined(CONFIG_RSBAC_RC)
14076                 rsbac_ta_list_remove(ta_number,
14077                                      process_handles.rc,
14078                                      &tid.process);
14079 #endif
14080 #if defined(CONFIG_RSBAC_AUTH)
14081                 /* process items can also have auth_p_capsets -> remove first */
14082                 error = rsbac_auth_remove_p_capsets(tid.process);
14083                 rsbac_ta_list_remove(ta_number,
14084                                      process_handles.auth, &tid.process);
14085 #endif
14086 #if defined(CONFIG_RSBAC_CAP)
14087                 rsbac_ta_list_remove(ta_number,
14088                                      process_handles.cap, &tid.process);
14089 #endif
14090 #if defined(CONFIG_RSBAC_JAIL)
14091                 rsbac_ta_list_remove(ta_number,
14092                                      process_handles.jail,
14093                                      &tid.process);
14094 #endif
14095                 break;
14096 
14097 #ifdef CONFIG_RSBAC_UM
14098         case T_GROUP:
14099                 /* rsbac_pr_debug(ds, "Removing group ACI\n"); */
14100 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14101                 rsbac_ta_list_remove(ta_number,
14102                                      group_handles.rc, &tid.group);
14103 #endif
14104                 break;
14105 #endif                          /* CONFIG_RSBAC_UM */
14106 
14107 #ifdef CONFIG_RSBAC_NET_DEV
14108         case T_NETDEV:
14109 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14110                 rsbac_ta_list_remove(ta_number,
14111                                      netdev_handles.gen, &tid.netdev);
14112 #endif
14113 #if defined(CONFIG_RSBAC_RC)
14114                 rsbac_ta_list_remove(ta_number,
14115                                      netdev_handles.rc, &tid.netdev);
14116 #endif
14117                 break;
14118 #endif
14119 
14120 #ifdef CONFIG_RSBAC_NET_OBJ
14121         case T_NETTEMP:
14122 /* too noisy... kicked out.
14123                 rsbac_pr_debug(ds, "Removing nettemp ACI\n");
14124 */
14125 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14126                 rsbac_ta_list_remove(ta_number,
14127                                      nettemp_handles.gen, &tid.nettemp);
14128 #endif
14129 #if defined(CONFIG_RSBAC_MAC)
14130                 rsbac_ta_list_remove(ta_number,
14131                                      nettemp_handles.mac, &tid.nettemp);
14132 #endif
14133 #if defined(CONFIG_RSBAC_PM)
14134                 rsbac_ta_list_remove(ta_number,
14135                                      nettemp_handles.pm, &tid.nettemp);
14136 #endif
14137 #if defined(CONFIG_RSBAC_RC)
14138                 rsbac_ta_list_remove(ta_number,
14139                                      nettemp_handles.rc, &tid.nettemp);
14140 #endif
14141 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
14142                 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid);
14143                 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid);
14144 #endif
14145                 break;
14146 
14147         case T_NETOBJ:
14148 /* too noisy... kicked out.
14149                 rsbac_pr_debug(ds, "Removing netobj ACI\n");
14150 */
14151 #if defined(CONFIG_RSBAC_MAC)
14152                 rsbac_ta_list_remove(ta_number,
14153                                      lnetobj_handles.mac,
14154                                      &tid.netobj.sock_p);
14155                 rsbac_ta_list_remove(ta_number,
14156                                      rnetobj_handles.mac,
14157                                      &tid.netobj.sock_p);
14158 #endif
14159 #if defined(CONFIG_RSBAC_PM)
14160                 rsbac_ta_list_remove(ta_number,
14161                                      lnetobj_handles.pm,
14162                                      &tid.netobj.sock_p);
14163                 rsbac_ta_list_remove(ta_number,
14164                                      rnetobj_handles.pm,
14165                                      &tid.netobj.sock_p);
14166 #endif
14167 #if defined(CONFIG_RSBAC_RC)
14168                 rsbac_ta_list_remove(ta_number,
14169                                      lnetobj_handles.rc,
14170                                      &tid.netobj.sock_p);
14171                 rsbac_ta_list_remove(ta_number,
14172                                      rnetobj_handles.rc,
14173                                      &tid.netobj.sock_p);
14174 #endif
14175                 break;
14176 
14177 #endif
14178 
14179         default:
14180                 return (-RSBAC_EINVALIDTARGET);
14181         }
14182 #ifdef CONFIG_RSBAC_XSTATS
14183         remove_count[target]++;
14184 #endif
14185         return (error);
14186 }

int rsbac_ta_set_attr ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t  value 
)

Definition at line 13664 of file aci_data_structures.c.

References rsbac_target_id_t::dev, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), set_attr_dev(), set_attr_fd(), set_attr_ipc(), set_attr_process(), set_attr_user(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, T_UNIXSOCK, and T_USER.

Referenced by rsbac_pm(), sys_rsbac_set_attr(), and sys_rsbac_set_attr_n().

13670 {
13671         int err = 0;
13672 /*
13673 #ifdef CONFIG_RSBAC_DEBUG
13674       char tmp[RSBAC_MAXNAMELEN];
13675 #endif
13676 */
13677         if (!rsbac_initialized) {
13678                 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
13679                 return (-RSBAC_ENOTINITIALIZED);
13680         }
13681         if (in_interrupt()) {
13682                 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n");
13683         }
13684         switch (target) {
13685         case T_FILE:
13686         case T_DIR:
13687         case T_FIFO:
13688         case T_SYMLINK:
13689         case T_UNIXSOCK:
13690                 err = set_attr_fd(ta_number, module, target, &tid, attr, &value);
13691                 break;
13692 
13693         case T_DEV:
13694                 err =
13695                     set_attr_dev(ta_number, module, target, tid.dev, attr,
13696                                  &value);
13697                 break;
13698 
13699         case T_IPC:
13700                 err =
13701                     set_attr_ipc(ta_number, module, target, &tid, attr,
13702                                  &value);
13703                 break;
13704 
13705         case T_USER:
13706                 err =
13707                     set_attr_user(ta_number, module, target, &tid, attr,
13708                                   &value);
13709                 break;
13710 
13711         case T_PROCESS:
13712                 err =
13713                     set_attr_process(ta_number, module, target, &tid, attr,
13714                                      &value);
13715                 break;
13716 
13717 #ifdef CONFIG_RSBAC_UM
13718         case T_GROUP:
13719                 err =
13720                     set_attr_group(ta_number, module, target, &tid, attr,
13721                                    &value);
13722                 break;
13723 #endif                          /* CONFIG_RSBAC_UM */
13724 
13725 #ifdef CONFIG_RSBAC_NET_DEV
13726         case T_NETDEV:
13727                 err =
13728                     set_attr_netdev(ta_number, module, target, &tid, attr,
13729                                     &value);
13730                 break;
13731 #endif
13732 
13733 #ifdef CONFIG_RSBAC_NET_OBJ
13734         case T_NETTEMP:
13735                 err =
13736                     set_attr_nettemp(ta_number, module, target, &tid, attr,
13737                                      &value);
13738                 break;
13739 
13740         case T_NETOBJ:
13741                 err =
13742                     set_attr_netobj(ta_number, module, target, &tid, attr,
13743                                     &value);
13744                 break;
13745 #endif                          /* NET_OBJ */
13746 
13747                 /* switch(target): no valid target */
13748         default:
13749                 return (-RSBAC_EINVALIDTARGET);
13750         }
13751 #ifdef CONFIG_RSBAC_XSTATS
13752         if (!err)
13753                 set_attr_count[target]++;
13754 #endif
13755         return (err);
13756 }

int rsbac_umount ( struct super_block *  sb_p,
struct dentry *  d_covers 
)

Definition at line 8442 of file aci_data_structures.c.

References device_hash(), device_list_locks, lookup_device(), NULL, remove_device_item(), rsbac_debug_no_write, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_umount(), rsbac_pr_debug, rsbac_printk(), rsbac_umount_acl(), rsbac_umount_auth(), rsbac_umount_mac(), rsbac_umount_reg(), rsbac_write(), rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE.

08443 {
08444 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08445         u_long flags;
08446 #endif
08447         struct rsbac_device_list_item_t *device_p;
08448         kdev_t kdev;
08449         u_int hash;
08450 
08451         if (!sb_p) {
08452                 rsbac_printk(KERN_WARNING "rsbac_umount(): called with NULL pointer\n");
08453                 return -RSBAC_EINVALIDPOINTER;
08454         }
08455         if (!rsbac_initialized) {
08456                 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
08457 
08458 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08459                 if ((sb_p->s_magic == SYSFS_MAGIC)
08460                     && !RSBAC_MAJOR(sb_p->s_dev)
08461                     && sysfs_sb_p && sysfs_covered_p) {
08462                         rsbac_printk(KERN_WARNING "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
08463                         sysfs_sb_p = NULL;
08464                         sysfs_covered_p = NULL;
08465                 }
08466 #endif
08467 #ifdef CONFIG_DEVFS_MOUNT
08468                 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC)
08469                     && !RSBAC_MAJOR(sb_p->s_dev)
08470                     && devfs_sb_p && devfs_covered_p) {
08471                         rsbac_printk(KERN_WARNING "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
08472                         devfs_sb_p = NULL;
08473                         devfs_covered_p = NULL;
08474                 }
08475 #endif
08476 
08477                 return (-RSBAC_ENOTINITIALIZED);
08478         }
08479         rsbac_pr_debug(ds, "umounting device %02u:%02u\n",
08480                        MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08481         kdev = sb_p->s_dev;
08482 
08483         /* sync attribute lists */
08484 #if defined(CONFIG_RSBAC_AUTO_WRITE)
08485         if (!rsbac_debug_no_write) {
08486                 down(&rsbac_write_sem);
08487                 /* recheck no_write with lock - might have been set in between */
08488                 if (!rsbac_debug_no_write) {
08489                         rsbac_write(TRUE);
08490                 }
08491                 up(&rsbac_write_sem);
08492         }
08493 #endif
08494 /* call other umount functions */
08495 #if defined(CONFIG_RSBAC_MAC)
08496         rsbac_umount_mac(kdev);
08497 #endif
08498 #if defined(CONFIG_RSBAC_AUTH)
08499         rsbac_umount_auth(kdev);
08500 #endif
08501 #if defined(CONFIG_RSBAC_ACL)
08502         rsbac_umount_acl(kdev);
08503 #endif
08504 #if defined(CONFIG_RSBAC_REG)
08505         rsbac_umount_reg(kdev);
08506 #endif
08507 
08508         hash = device_hash(kdev);
08509         /* wait for write access to device_list_head */
08510 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08511         spin_lock(&device_list_locks[hash]);
08512 #else
08513         rsbac_write_lock(&device_list_locks[hash], &flags);
08514 #endif
08515         /* OK, nobody else is working on it... */
08516         device_p = lookup_device(kdev, hash);
08517         if (device_p) {
08518                 if (device_p->mount_count == 1) {
08519                         /* Generic lists */
08520                         rsbac_list_umount(kdev);
08521                         /* 2.6: remove_device_item unlocks! */
08522                         remove_device_item(kdev);
08523                 } else {
08524                         if (device_p->mount_count > 1) {
08525                                 device_p->mount_count--;
08526 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08527                                 spin_unlock(&device_list_locks[hash]);
08528 #endif
08529                                 if (device_p->d_covers == d_covers) {
08530                                         rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
08531                                                      RSBAC_MAJOR(kdev),
08532                                                      RSBAC_MINOR(kdev));
08533                                         device_p->d_covers = NULL;
08534                                 }
08535                         } else {
08536 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08537                                 spin_unlock(&device_list_locks[hash]);
08538 #endif
08539                                 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
08540                                              RSBAC_MAJOR(kdev),
08541                                              RSBAC_MINOR(kdev));
08542                         }
08543                 }
08544         }
08545 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08546         else
08547                 spin_unlock(&device_list_locks[hash]);
08548 #else
08549         rsbac_write_unlock(&device_list_locks[hash], &flags);
08550 #endif
08551 #ifdef CONFIG_RSBAC_FD_CACHE
08552         rsbac_fd_cache_invalidate_all();
08553 #endif
08554 
08555         return 0;
08556 }


Variable Documentation

rsbac_boolean_t rsbac_initialized

Definition at line 136 of file aci_data_structures.c.

Referenced by rsbac_do_init(), rsbac_free_dat_dentries(), rsbac_init(), rsbac_is_initialized(), rsbac_kthread_notify(), rsbac_mark_kthread(), rsbac_mount(), rsbac_stats(), rsbac_ta_get_attr(), rsbac_ta_remove_target(), rsbac_ta_set_attr(), and rsbac_umount().


Generated on Wed May 16 11:53:51 2007 for RSBAC by  doxygen 1.5.1