00001
00002
00003
00004
00005
00006
00007
00008
00009 #include <linux/string.h>
00010 #include <linux/types.h>
00011 #include <linux/fs.h>
00012 #include <linux/sched.h>
00013 #include <linux/file.h>
00014 #include <linux/mm.h>
00015 #include <linux/init.h>
00016 #include <asm/uaccess.h>
00017 #include <rsbac/aci_data_structures.h>
00018 #include <rsbac/rc_types.h>
00019 #include <rsbac/rc_data_structures.h>
00020 #include <rsbac/error.h>
00021 #include <rsbac/helpers.h>
00022 #include <rsbac/fs.h>
00023 #include <rsbac/adf.h>
00024 #include <rsbac/acl.h>
00025 #include <rsbac/getname.h>
00026 #include <rsbac/rc_getname.h>
00027 #include <rsbac/proc_fs.h>
00028 #include <rsbac/rkmem.h>
00029 #include <rsbac/request_groups.h>
00030 #include <linux/smp_lock.h>
00031
00032
00033
00034
00035
00036
00037
00038 static rsbac_list_handle_t role_handle = NULL;
00039 static rsbac_list_handle_t role_rc_handle = NULL;
00040 static rsbac_list_handle_t role_adr_handle = NULL;
00041 static rsbac_list_handle_t role_asr_handle = NULL;
00042 static rsbac_list_handle_t role_dfdc_handle = NULL;
00043 static rsbac_list_handle_t role_tcfd_handle = NULL;
00044 static rsbac_list_handle_t role_tcdv_handle = NULL;
00045 static rsbac_list_handle_t role_tcus_handle = NULL;
00046 static rsbac_list_handle_t role_tcpr_handle = NULL;
00047 static rsbac_list_handle_t role_tcip_handle = NULL;
00048 static rsbac_list_handle_t role_tcsc_handle = NULL;
00049 static rsbac_list_handle_t role_tcgr_handle = NULL;
00050 static rsbac_list_handle_t role_tcnd_handle = NULL;
00051 static rsbac_list_handle_t role_tcnt_handle = NULL;
00052 static rsbac_list_handle_t role_tcno_handle = NULL;
00053
00054 static rsbac_list_handle_t type_fd_handle = NULL;
00055 static rsbac_list_handle_t type_dev_handle = NULL;
00056 static rsbac_list_handle_t type_ipc_handle = NULL;
00057 static rsbac_list_handle_t type_user_handle = NULL;
00058 static rsbac_list_handle_t type_process_handle = NULL;
00059 static rsbac_list_handle_t type_group_handle = NULL;
00060 static rsbac_list_handle_t type_netdev_handle = NULL;
00061 static rsbac_list_handle_t type_nettemp_handle = NULL;
00062 static rsbac_list_handle_t type_netobj_handle = NULL;
00063
00064
00065
00066
00067
00068
00069
00070
00071
00072
00073
00074
00075
00076
00077
00078
00079 static u_int nr_role_hashes = RSBAC_RC_NR_ROLE_LISTS;
00080 static u_int role_hash(void * desc, __u32 nr_hashes)
00081 {
00082 return (*((rsbac_rc_role_id_t *) desc) & (nr_hashes - 1));
00083 }
00084
00085 static u_int nr_type_hashes = RSBAC_RC_NR_TYPE_LISTS;
00086 static u_int type_hash(void * desc, __u32 nr_hashes)
00087 {
00088 return (*((rsbac_rc_type_id_t *) desc) & (nr_hashes - 1));
00089 }
00090
00091 #ifdef CONFIG_RSBAC_INIT_DELAY
00092 static int role_conv(
00093 #else
00094 static int __init role_conv(
00095 #endif
00096 void *old_desc,
00097 void *old_data,
00098 void *new_desc, void *new_data)
00099 {
00100 struct rsbac_rc_role_entry_t *new = new_data;
00101 struct rsbac_rc_old_role_entry_t *old = old_data;
00102
00103 memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00104 new->admin_type = old->admin_type;
00105 memcpy(new->name, old->name, RSBAC_RC_NAME_LEN);
00106 new->def_fd_create_type = old->def_fd_create_type;
00107 new->def_user_create_type = old->def_user_create_type;
00108 new->def_process_create_type = old->def_process_create_type;
00109 new->def_process_chown_type = old->def_process_chown_type;
00110 new->def_process_execute_type = old->def_process_execute_type;
00111 new->def_ipc_create_type = old->def_ipc_create_type;
00112 new->def_group_create_type = RSBAC_RC_GENERAL_TYPE;
00113 new->def_unixsock_create_type = RC_type_use_fd;
00114 new->boot_role = old->boot_role;
00115 new->req_reauth = old->req_reauth;
00116 return 0;
00117 }
00118
00119 #ifdef CONFIG_RSBAC_INIT_DELAY
00120 static int old_role_conv(
00121 #else
00122 static int __init old_role_conv(
00123 #endif
00124 void *old_desc,
00125 void *old_data,
00126 void *new_desc, void *new_data)
00127 {
00128 struct rsbac_rc_role_entry_t *new = new_data;
00129 struct rsbac_rc_old_role_entry_t *old = old_data;
00130
00131 memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00132 new->admin_type = old->admin_type;
00133 memcpy(new->name, old->name, RSBAC_RC_NAME_LEN);
00134 new->def_fd_create_type = old->def_fd_create_type;
00135 new->def_user_create_type = old->def_user_create_type;
00136 new->def_process_create_type = old->def_process_create_type;
00137 new->def_process_chown_type = old->def_process_chown_type;
00138 new->def_process_execute_type = old->def_process_execute_type;
00139 new->def_ipc_create_type = old->def_ipc_create_type;
00140 new->def_group_create_type = RSBAC_RC_GENERAL_TYPE;
00141 new->def_unixsock_create_type = RC_type_use_fd;
00142 new->boot_role = old->boot_role;
00143 new->req_reauth = FALSE;
00144 return 0;
00145 }
00146
00147 #ifdef CONFIG_RSBAC_INIT_DELAY
00148 static int old_old_role_conv(
00149 #else
00150 static int __init old_old_role_conv(
00151 #endif
00152 void *old_desc,
00153 void *old_data,
00154 void *new_desc, void *new_data)
00155 {
00156 struct rsbac_rc_role_entry_t *new = new_data;
00157 struct rsbac_rc_old_role_entry_t *old = old_data;
00158
00159 memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00160 new->admin_type = old->admin_type;
00161 memcpy(new->name, old->name, RSBAC_RC_NAME_LEN);
00162 new->def_fd_create_type = old->def_fd_create_type;
00163 new->def_user_create_type = old->def_user_create_type;
00164 new->def_process_create_type = old->def_process_create_type;
00165 new->def_process_chown_type = old->def_process_chown_type;
00166 new->def_process_execute_type = old->def_process_execute_type;
00167 new->def_ipc_create_type = old->def_ipc_create_type;
00168 new->def_group_create_type = RSBAC_RC_GENERAL_TYPE;
00169 new->def_unixsock_create_type = RC_type_use_fd;
00170 new->boot_role = old->boot_role;
00171 new->req_reauth = FALSE;
00172 return 0;
00173 }
00174
00175 #ifdef CONFIG_RSBAC_INIT_DELAY
00176 static int old_old_old_role_conv(
00177 #else
00178 static int __init old_old_old_role_conv(
00179 #endif
00180 void *old_desc,
00181 void *old_data,
00182 void *new_desc, void *new_data)
00183 {
00184 struct rsbac_rc_role_entry_t *new = new_data;
00185 struct rsbac_rc_old_role_entry_t *old = old_data;
00186
00187 memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00188 new->admin_type = old->admin_type;
00189 memcpy(new->name, old->name, RSBAC_RC_NAME_LEN);
00190 new->def_fd_create_type = old->def_fd_create_type;
00191 new->def_user_create_type = RSBAC_RC_GENERAL_TYPE;
00192 new->def_process_create_type = old->def_process_create_type;
00193 new->def_process_chown_type = old->def_process_chown_type;
00194 new->def_process_execute_type = old->def_process_execute_type;
00195 new->def_ipc_create_type = old->def_ipc_create_type;
00196 new->def_group_create_type = RSBAC_RC_GENERAL_TYPE;
00197 new->def_unixsock_create_type = RC_type_use_fd;
00198 new->boot_role = FALSE;
00199 new->req_reauth = FALSE;
00200 return 0;
00201 }
00202
00203 #ifdef CONFIG_RSBAC_INIT_DELAY
00204 static rsbac_list_conv_function_t *role_get_conv(rsbac_version_t
00205 old_version)
00206 #else
00207 static rsbac_list_conv_function_t *__init role_get_conv(rsbac_version_t
00208 old_version)
00209 #endif
00210 {
00211 switch (old_version) {
00212 case RSBAC_RC_ROLE_OLD_LIST_VERSION:
00213 return role_conv;
00214 case RSBAC_RC_ROLE_OLD_OLD_LIST_VERSION:
00215 return old_role_conv;
00216 case RSBAC_RC_ROLE_OLD_OLD_OLD_LIST_VERSION:
00217 return old_old_role_conv;
00218 case RSBAC_RC_ROLE_OLD_OLD_OLD_OLD_LIST_VERSION:
00219 return old_old_old_role_conv;
00220 default:
00221 return NULL;
00222 }
00223 }
00224
00225 #ifdef CONFIG_RSBAC_INIT_DELAY
00226 static int tc_subconv(
00227 #else
00228 static int __init tc_subconv(
00229 #endif
00230 void *old_desc,
00231 void *old_data,
00232 void *new_desc, void *new_data)
00233 {
00234 rsbac_rc_rights_vector_t *new = new_data;
00235 rsbac_rc_rights_vector_t *old = old_data;
00236
00237 memcpy(new_desc, old_desc, sizeof(rsbac_rc_type_id_t));
00238 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00239 | ((*old & ~(RSBAC_ALL_REQUEST_VECTOR)) <<
00240 (RSBAC_RC_SPECIAL_RIGHT_BASE -
00241 RSBAC_RC_OLD_SPECIAL_RIGHT_BASE));
00242 return 0;
00243 }
00244
00245 #ifdef CONFIG_RSBAC_INIT_DELAY
00246 static rsbac_list_conv_function_t *tcfd_get_subconv(rsbac_version_t
00247 old_version)
00248 #else
00249 static rsbac_list_conv_function_t *__init tcfd_get_subconv(rsbac_version_t
00250 old_version)
00251 #endif
00252 {
00253 switch (old_version) {
00254 case RSBAC_RC_ROLE_TCFD_OLD_LIST_VERSION:
00255 return tc_subconv;
00256 default:
00257 return NULL;
00258 }
00259 }
00260
00261 #ifdef CONFIG_RSBAC_INIT_DELAY
00262 static int tc_conv(
00263 #else
00264 static int __init tc_conv(
00265 #endif
00266 void *old_desc,
00267 void *old_data,
00268 void *new_desc, void *new_data)
00269 {
00270 memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00271 return 0;
00272 }
00273
00274 #ifdef CONFIG_RSBAC_INIT_DELAY
00275 static rsbac_list_conv_function_t *tcfd_get_conv(rsbac_version_t
00276 old_version)
00277 #else
00278 static rsbac_list_conv_function_t *__init tcfd_get_conv(rsbac_version_t
00279 old_version)
00280 #endif
00281 {
00282 switch (old_version) {
00283 case RSBAC_RC_ROLE_TCFD_OLD_LIST_VERSION:
00284 return tc_conv;
00285 default:
00286 return NULL;
00287 }
00288 }
00289
00290 #ifdef CONFIG_RSBAC_INIT_DELAY
00291 static int rsbac_rc_role_compare_data(void *data1, void *data2)
00292 #else
00293 static int __init rsbac_rc_role_compare_data(void *data1, void *data2)
00294 #endif
00295 {
00296 struct rsbac_rc_role_entry_t *role = data1;
00297
00298 if (!data1)
00299 return 1;
00300 if (role->boot_role)
00301 return 0;
00302 else
00303 return 1;
00304 }
00305
00306
00307
00308
00309
00310 #if defined(CONFIG_RSBAC_PROC)
00311 static int
00312 stats_rc_proc_info(char *buffer, char **start, off_t offset, int length)
00313 {
00314 union rsbac_target_id_t rsbac_target_id;
00315 union rsbac_attribute_value_t rsbac_attribute_value;
00316
00317 u_int len = 0;
00318 off_t pos = 0;
00319 off_t begin = 0;
00320
00321 if (!rsbac_is_initialized()) {
00322 rsbac_printk(KERN_WARNING "stats_rc_proc_info(): RSBAC not initialized\n");
00323 return (-RSBAC_ENOTINITIALIZED);
00324 }
00325 rsbac_pr_debug(aef_rc, "calling ADF\n");
00326 rsbac_target_id.scd = ST_rsbac;
00327 rsbac_attribute_value.dummy = 0;
00328 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00329 current->pid,
00330 T_SCD,
00331 rsbac_target_id,
00332 A_none, rsbac_attribute_value)) {
00333 return -EPERM;
00334 }
00335
00336 len += sprintf(buffer, "RC Status\n---------\n");
00337 pos = begin + len;
00338 if (pos < offset) {
00339 len = 0;
00340 begin = pos;
00341 }
00342 if (pos > offset + length)
00343 goto out;
00344
00345 len +=
00346 sprintf(buffer + len,
00347 "Role entry size is %Zd, %lu entries used\n",
00348 sizeof(struct rsbac_rc_role_entry_t),
00349 rsbac_list_count(role_handle));
00350 pos = begin + len;
00351 if (pos < offset) {
00352 len = 0;
00353 begin = pos;
00354 }
00355 if (pos > offset + length)
00356 goto out;
00357
00358 len +=
00359 sprintf(buffer + len,
00360 "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, group: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
00361 rsbac_list_count(type_fd_handle),
00362 rsbac_list_count(type_dev_handle),
00363 rsbac_list_count(type_ipc_handle),
00364 rsbac_list_count(type_user_handle),
00365 rsbac_list_count(type_process_handle),
00366 rsbac_list_count(type_group_handle),
00367 rsbac_list_count(type_netdev_handle),
00368 rsbac_list_count(type_nettemp_handle),
00369 rsbac_list_count(type_netobj_handle));
00370 pos = begin + len;
00371 if (pos < offset) {
00372 len = 0;
00373 begin = pos;
00374 }
00375
00376 out:
00377 *start = buffer + (offset - begin);
00378 len -= (offset - begin);
00379
00380 if (len > length)
00381 len = length;
00382 return len;
00383 }
00384
00385 #endif
00386
00387
00388
00389
00390
00391
00392
00393
00394
00395
00396
00397
00398
00399
00400
00401 #ifdef CONFIG_RSBAC_INIT_DELAY
00402 static void registration_error(int err, char *listname)
00403 #else
00404 static void __init registration_error(int err, char *listname)
00405 #endif
00406 {
00407 if (err) {
00408 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00409
00410 if (tmp) {
00411 rsbac_printk(KERN_WARNING "rsbac_init_rc(): Registering RC %s list failed with error %s\n",
00412 listname, get_error_name(tmp, err));
00413 rsbac_kfree(tmp);
00414 }
00415 }
00416 }
00417
00418 #ifdef CONFIG_RSBAC_INIT_DELAY
00419 static void create_def_roles(void)
00420 #else
00421 static void __init create_def_roles(void)
00422 #endif
00423 {
00424 rsbac_rc_role_id_t role;
00425 rsbac_rc_type_id_t type;
00426 rsbac_rc_rights_vector_t rights;
00427 struct rsbac_rc_role_entry_t gen_entry =
00428 RSBAC_RC_GENERAL_ROLE_ENTRY;
00429 struct rsbac_rc_role_entry_t ra_entry =
00430 RSBAC_RC_ROLE_ADMIN_ROLE_ENTRY;
00431 struct rsbac_rc_role_entry_t sa_entry =
00432 RSBAC_RC_SYSTEM_ADMIN_ROLE_ENTRY;
00433
00434 rsbac_printk(KERN_WARNING "rsbac_init_rc(): no RC roles read, generating default role entries!\n");
00435
00436 role = RSBAC_RC_GENERAL_ROLE;
00437 if (!rsbac_list_add(role_handle, &role, &gen_entry)) {
00438 if (!rsbac_list_lol_add
00439 (role_tcfd_handle, &role, NULL)) {
00440 type = RSBAC_RC_GENERAL_TYPE;
00441 rights =
00442 (RSBAC_READ_WRITE_REQUEST_VECTOR |
00443 RSBAC_EXECUTE_REQUEST_VECTOR)
00444 & RSBAC_FD_REQUEST_VECTOR;
00445 rsbac_list_lol_subadd(role_tcfd_handle,
00446 &role, &type,
00447 &rights);
00448 }
00449 if (!rsbac_list_lol_add
00450 (role_tcdv_handle, &role, NULL)) {
00451 type = RSBAC_RC_GENERAL_TYPE;
00452 rights =
00453 RSBAC_READ_WRITE_REQUEST_VECTOR &
00454 RSBAC_DEV_REQUEST_VECTOR;
00455 rsbac_list_lol_subadd(role_tcdv_handle,
00456 &role, &type,
00457 &rights);
00458 }
00459 if (!rsbac_list_lol_add
00460 (role_tcus_handle, &role, NULL)) {
00461 type = RSBAC_RC_GENERAL_TYPE;
00462 rights =
00463 RSBAC_REQUEST_VECTOR(R_SEARCH) |
00464 RSBAC_REQUEST_VECTOR(R_CHANGE_OWNER) |
00465 RSBAC_REQUEST_VECTOR
00466 (R_GET_STATUS_DATA);
00467 rsbac_list_lol_subadd(role_tcus_handle,
00468 &role, &type,
00469 &rights);
00470 }
00471 if (!rsbac_list_lol_add
00472 (role_tcpr_handle, &role, NULL)) {
00473 type = RSBAC_RC_GENERAL_TYPE;
00474 rights =
00475 RSBAC_READ_WRITE_REQUEST_VECTOR &
00476 RSBAC_PROCESS_REQUEST_VECTOR;
00477 rsbac_list_lol_subadd(role_tcpr_handle,
00478 &role, &type,
00479 &rights);
00480 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
00481 rights =
00482 RSBAC_READ_REQUEST_VECTOR &
00483 RSBAC_PROCESS_REQUEST_VECTOR;
00484 rsbac_list_lol_subadd(role_tcpr_handle,
00485 &role, &type,
00486 &rights);
00487 }
00488 if (!rsbac_list_lol_add
00489 (role_tcip_handle, &role, NULL)) {
00490 type = RSBAC_RC_GENERAL_TYPE;
00491 rights =
00492 RSBAC_READ_WRITE_REQUEST_VECTOR &
00493 RSBAC_IPC_REQUEST_VECTOR;
00494 rsbac_list_lol_subadd(role_tcip_handle,
00495 &role, &type,
00496 &rights);
00497 }
00498 if (!rsbac_list_lol_add
00499 (role_tcgr_handle, &role, NULL)) {
00500 type = RSBAC_RC_GENERAL_TYPE;
00501 rights =
00502 RSBAC_REQUEST_VECTOR(R_SEARCH) |
00503 RSBAC_REQUEST_VECTOR
00504 (R_GET_STATUS_DATA);
00505 rsbac_list_lol_subadd(role_tcgr_handle,
00506 &role, &type,
00507 &rights);
00508 }
00509 if (!rsbac_list_lol_add
00510 (role_tcnd_handle, &role, NULL)) {
00511 type = RSBAC_RC_GENERAL_TYPE;
00512 rights =
00513 RSBAC_READ_WRITE_REQUEST_VECTOR &
00514 RSBAC_NETDEV_REQUEST_VECTOR;
00515 rsbac_list_lol_subadd(role_tcnd_handle,
00516 &role, &type,
00517 &rights);
00518 }
00519 if (!rsbac_list_lol_add
00520 (role_tcno_handle, &role, NULL)) {
00521 type = RSBAC_RC_GENERAL_TYPE;
00522 rights =
00523 RSBAC_READ_WRITE_REQUEST_VECTOR &
00524 RSBAC_NETOBJ_REQUEST_VECTOR;
00525 rsbac_list_lol_subadd(role_tcno_handle,
00526 &role, &type,
00527 &rights);
00528 }
00529 if (!rsbac_list_lol_add
00530 (role_tcsc_handle, &role, NULL)) {
00531 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00532 type = ST_ioports;
00533 rights =
00534 RSBAC_RC_RIGHTS_VECTOR
00535 (R_MODIFY_PERMISSIONS_DATA);
00536 rsbac_list_lol_subadd(role_tcsc_handle,
00537 &role, &type,
00538 &rights);
00539 #endif
00540 type = ST_rlimit;
00541 rights =
00542 RSBAC_RC_RIGHTS_VECTOR
00543 (R_GET_STATUS_DATA)
00544 |
00545 RSBAC_RC_RIGHTS_VECTOR
00546 (R_MODIFY_SYSTEM_DATA);
00547 rsbac_list_lol_subadd(role_tcsc_handle,
00548 &role, &type,
00549 &rights);
00550 type = ST_other;
00551 rights =
00552 RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC);
00553 rsbac_list_lol_subadd(role_tcsc_handle,
00554 &role, &type,
00555 &rights);
00556 type = ST_network;
00557 rights =
00558 RSBAC_RC_RIGHTS_VECTOR
00559 (R_GET_STATUS_DATA);
00560 rsbac_list_lol_subadd(role_tcsc_handle,
00561 &role, &type,
00562 &rights);
00563 }
00564 }
00565 role = RSBAC_RC_ROLE_ADMIN_ROLE;
00566 if (!rsbac_list_add(role_handle, &role, &ra_entry)) {
00567 if (!rsbac_list_lol_add
00568 (role_tcfd_handle, &role, NULL)) {
00569 type = RSBAC_RC_GENERAL_TYPE;
00570 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR
00571 | RSBAC_EXECUTE_REQUEST_VECTOR
00572 | RSBAC_SECURITY_REQUEST_VECTOR)
00573 & RSBAC_FD_REQUEST_VECTOR) |
00574 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00575 rsbac_list_lol_subadd(role_tcfd_handle,
00576 &role, &type,
00577 &rights);
00578 type = RSBAC_RC_SEC_TYPE;
00579 rsbac_list_lol_subadd(role_tcfd_handle,
00580 &role, &type,
00581 &rights);
00582 type = RSBAC_RC_SYS_TYPE;
00583 rights =
00584 (RSBAC_READ_REQUEST_VECTOR &
00585 RSBAC_FD_REQUEST_VECTOR)
00586 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00587 rsbac_list_lol_subadd(role_tcfd_handle,
00588 &role, &type,
00589 &rights);
00590 }
00591 if (!rsbac_list_lol_add
00592 (role_tcdv_handle, &role, NULL)) {
00593 type = RSBAC_RC_GENERAL_TYPE;
00594 rights =
00595 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00596 RSBAC_SECURITY_REQUEST_VECTOR)
00597 & RSBAC_DEV_REQUEST_VECTOR) |
00598 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00599 rsbac_list_lol_subadd(role_tcdv_handle,
00600 &role, &type,
00601 &rights);
00602 type = RSBAC_RC_SEC_TYPE;
00603 rights =
00604 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00605 RSBAC_SECURITY_REQUEST_VECTOR)
00606 & RSBAC_DEV_REQUEST_VECTOR) |
00607 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00608 rsbac_list_lol_subadd(role_tcdv_handle,
00609 &role, &type,
00610 &rights);
00611 }
00612 if (!rsbac_list_lol_add
00613 (role_tcus_handle, &role, NULL)) {
00614 type = RSBAC_RC_GENERAL_TYPE;
00615 rights =
00616 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00617 RSBAC_SECURITY_REQUEST_VECTOR |
00618 RSBAC_REQUEST_VECTOR(R_AUTHENTICATE))
00619 & RSBAC_USER_REQUEST_VECTOR) |
00620 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00621 rsbac_list_lol_subadd(role_tcus_handle,
00622 &role, &type,
00623 &rights);
00624 type = RSBAC_RC_SYS_TYPE;
00625 rights =
00626 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00627 RSBAC_SECURITY_REQUEST_VECTOR |
00628 RSBAC_REQUEST_VECTOR(R_AUTHENTICATE))
00629 & RSBAC_USER_REQUEST_VECTOR) |
00630 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00631 rsbac_list_lol_subadd(role_tcus_handle,
00632 &role, &type,
00633 &rights);
00634 type = RSBAC_RC_SEC_TYPE;
00635 rights =
00636 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00637 RSBAC_SECURITY_REQUEST_VECTOR |
00638 RSBAC_REQUEST_VECTOR(R_AUTHENTICATE))
00639 & RSBAC_USER_REQUEST_VECTOR) |
00640 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00641 rsbac_list_lol_subadd(role_tcus_handle,
00642 &role, &type,
00643 &rights);
00644 }
00645 if (!rsbac_list_lol_add
00646 (role_tcpr_handle, &role, NULL)) {
00647 type = RSBAC_RC_GENERAL_TYPE;
00648 rights =
00649 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00650 RSBAC_SECURITY_REQUEST_VECTOR)
00651 & RSBAC_PROCESS_REQUEST_VECTOR) |
00652 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00653 rsbac_list_lol_subadd(role_tcpr_handle,
00654 &role, &type,
00655 &rights);
00656 type = RSBAC_RC_SEC_TYPE;
00657 rights =
00658 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00659 RSBAC_SECURITY_REQUEST_VECTOR)
00660 & RSBAC_PROCESS_REQUEST_VECTOR) |
00661 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00662 rsbac_list_lol_subadd(role_tcpr_handle,
00663 &role, &type,
00664 &rights);
00665 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
00666 rights =
00667 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00668 RSBAC_SECURITY_REQUEST_VECTOR)
00669 & RSBAC_PROCESS_REQUEST_VECTOR) |
00670 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00671 rsbac_list_lol_subadd(role_tcpr_handle,
00672 &role, &type,
00673 &rights);
00674 }
00675 if (!rsbac_list_lol_add
00676 (role_tcip_handle, &role, NULL)) {
00677 type = RSBAC_RC_GENERAL_TYPE;
00678 rights =
00679 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00680 RSBAC_SECURITY_REQUEST_VECTOR)
00681 & RSBAC_IPC_REQUEST_VECTOR) |
00682 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00683 rsbac_list_lol_subadd(role_tcip_handle,
00684 &role, &type,
00685 &rights);
00686 type = RSBAC_RC_SEC_TYPE;
00687 rights =
00688 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00689 RSBAC_SECURITY_REQUEST_VECTOR)
00690 & RSBAC_IPC_REQUEST_VECTOR) |
00691 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00692 rsbac_list_lol_subadd(role_tcip_handle,
00693 &role, &type,
00694 &rights);
00695 }
00696 if (!rsbac_list_lol_add
00697 (role_tcgr_handle, &role, NULL)) {
00698 type = RSBAC_RC_GENERAL_TYPE;
00699 rights =
00700 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00701 RSBAC_SECURITY_REQUEST_VECTOR)
00702 & RSBAC_GROUP_REQUEST_VECTOR) |
00703 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00704 rsbac_list_lol_subadd(role_tcgr_handle,
00705 &role, &type,
00706 &rights);
00707 }
00708 if (!rsbac_list_lol_add
00709 (role_tcnd_handle, &role, NULL)) {
00710 type = RSBAC_RC_GENERAL_TYPE;
00711 rights =
00712 ((RSBAC_REQUEST_VECTOR
00713 (R_GET_STATUS_DATA) |
00714 RSBAC_SECURITY_REQUEST_VECTOR)
00715 & RSBAC_NETDEV_REQUEST_VECTOR) |
00716 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00717 rsbac_list_lol_subadd(role_tcnd_handle,
00718 &role, &type,
00719 &rights);
00720 type = RSBAC_RC_SEC_TYPE;
00721 rsbac_list_lol_subadd(role_tcnd_handle,
00722 &role, &type,
00723 &rights);
00724 type = RSBAC_RC_SYS_TYPE;
00725 rsbac_list_lol_subadd(role_tcnd_handle,
00726 &role, &type,
00727 &rights);
00728 }
00729 if (!rsbac_list_lol_add
00730 (role_tcnt_handle, &role, NULL)) {
00731 type = RSBAC_RC_GENERAL_TYPE;
00732 rights =
00733 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00734 RSBAC_SECURITY_REQUEST_VECTOR)
00735 & RSBAC_NETTEMP_REQUEST_VECTOR) |
00736 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00737 rsbac_list_lol_subadd(role_tcnt_handle,
00738 &role, &type,
00739 &rights);
00740 type = RSBAC_RC_SEC_TYPE;
00741 rights =
00742 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00743 RSBAC_SECURITY_REQUEST_VECTOR)
00744 & RSBAC_NETTEMP_REQUEST_VECTOR) |
00745 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00746 rsbac_list_lol_subadd(role_tcnt_handle,
00747 &role, &type,
00748 &rights);
00749 }
00750 if (!rsbac_list_lol_add
00751 (role_tcno_handle, &role, NULL)) {
00752 type = RSBAC_RC_GENERAL_TYPE;
00753 rights =
00754 ((RSBAC_READ_WRITE_REQUEST_VECTOR |
00755 RSBAC_SECURITY_REQUEST_VECTOR)
00756 & RSBAC_NETOBJ_REQUEST_VECTOR) |
00757 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00758 rsbac_list_lol_subadd(role_tcno_handle,
00759 &role, &type,
00760 &rights);
00761 }
00762 if (!rsbac_list_lol_add
00763 (role_tcsc_handle, &role, NULL)) {
00764 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00765 type = ST_ioports;
00766 rights =
00767 RSBAC_RC_RIGHTS_VECTOR
00768 (R_MODIFY_PERMISSIONS_DATA)
00769 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00770 rsbac_list_lol_subadd(role_tcsc_handle,
00771 &role, &type,
00772 &rights);
00773 #endif
00774 type = ST_rlimit;
00775 rights =
00776 RSBAC_SCD_REQUEST_VECTOR |
00777 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00778 rsbac_list_lol_subadd(role_tcsc_handle,
00779 &role, &type,
00780 &rights);
00781 type = ST_rsbac;
00782 rights =
00783 RSBAC_SCD_REQUEST_VECTOR |
00784 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00785 rsbac_list_lol_subadd(role_tcsc_handle,
00786 &role, &type,
00787 &rights);
00788 type = ST_rsbac_log;
00789 rights =
00790 RSBAC_SCD_REQUEST_VECTOR |
00791 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00792 rsbac_list_lol_subadd(role_tcsc_handle,
00793 &role, &type,
00794 &rights);
00795 type = ST_other;
00796 rights = RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC)
00797 |
00798 RSBAC_RC_RIGHTS_VECTOR
00799 (R_MODIFY_PERMISSIONS_DATA)
00800 | RSBAC_RC_RIGHTS_VECTOR(R_SWITCH_LOG)
00801 |
00802 RSBAC_RC_RIGHTS_VECTOR(R_SWITCH_MODULE)
00803 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00804 rsbac_list_lol_subadd(role_tcsc_handle,
00805 &role, &type,
00806 &rights);
00807 type = ST_network;
00808 rights =
00809 RSBAC_RC_RIGHTS_VECTOR
00810 (R_GET_STATUS_DATA)
00811 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00812 rsbac_list_lol_subadd(role_tcsc_handle,
00813 &role, &type,
00814 &rights);
00815 type = ST_firewall;
00816 rights =
00817 RSBAC_RC_RIGHTS_VECTOR
00818 (R_GET_STATUS_DATA)
00819 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00820 rsbac_list_lol_subadd(role_tcsc_handle,
00821 &role, &type,
00822 &rights);
00823 type = RST_auth_administration;
00824 rights =
00825 RSBAC_SCD_REQUEST_VECTOR |
00826 RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00827 rsbac_list_lol_subadd(role_tcsc_handle,
00828 &role, &type,
00829 &rights);
00830 type = ST_sysfs;
00831 rights =
00832 RSBAC_RC_RIGHTS_VECTOR
00833 (R_GET_STATUS_DATA)
00834 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00835 rsbac_list_lol_subadd(role_tcsc_handle,
00836 &role, &type,
00837 &rights);
00838 }
00839 }
00840 role = RSBAC_RC_SYSTEM_ADMIN_ROLE;
00841 if (!rsbac_list_add(role_handle, &role, &sa_entry)) {
00842 if (!rsbac_list_lol_add
00843 (role_tcfd_handle, &role, NULL)) {
00844 type = RSBAC_RC_GENERAL_TYPE;
00845 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR
00846 | RSBAC_EXECUTE_REQUEST_VECTOR
00847 | RSBAC_SYSTEM_REQUEST_VECTOR)
00848 & RSBAC_FD_REQUEST_VECTOR;
00849 rsbac_list_lol_subadd(role_tcfd_handle,
00850 &role, &type,
00851 &rights);
00852 type = RSBAC_RC_SYS_TYPE;
00853 rsbac_list_lol_subadd(role_tcfd_handle,
00854 &role, &type,
00855 &rights);
00856 }
00857 if (!rsbac_list_lol_add
00858 (role_tcdv_handle, &role, NULL)) {
00859 type = RSBAC_RC_GENERAL_TYPE;
00860 rights =
00861 (RSBAC_READ_WRITE_REQUEST_VECTOR |
00862 RSBAC_SYSTEM_REQUEST_VECTOR) &
00863 RSBAC_DEV_REQUEST_VECTOR;
00864 rsbac_list_lol_subadd(role_tcdv_handle,
00865 &role, &type,
00866 &rights);
00867 type = RSBAC_RC_SYS_TYPE;
00868 rights =
00869 (RSBAC_READ_WRITE_REQUEST_VECTOR |
00870 RSBAC_SYSTEM_REQUEST_VECTOR) &
00871 RSBAC_DEV_REQUEST_VECTOR;
00872 rsbac_list_lol_subadd(role_tcdv_handle,
00873 &role, &type,
00874 &rights);
00875 }
00876 if (!rsbac_list_lol_add
00877 (role_tcus_handle, &role, NULL)) {
00878 type = RSBAC_RC_GENERAL_TYPE;
00879 rights =
00880 RSBAC_REQUEST_VECTOR(R_CHANGE_OWNER) |
00881 RSBAC_REQUEST_VECTOR(R_SEARCH) |
00882 RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA) |
00883 RSBAC_REQUEST_VECTOR(R_AUTHENTICATE);
00884 rsbac_list_lol_subadd(role_tcus_handle,
00885 &role, &type,
00886 &rights);
00887 type = RSBAC_RC_SYS_TYPE;
00888 rights =
00889 RSBAC_REQUEST_VECTOR(R_SEARCH) |
00890 RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA) |
00891 RSBAC_REQUEST_VECTOR(R_AUTHENTICATE);
00892 rsbac_list_lol_subadd(role_tcus_handle,
00893 &role, &type,
00894 &rights);
00895 type = RSBAC_RC_SEC_TYPE;
00896 rights =
00897 RSBAC_REQUEST_VECTOR(R_SEARCH) |
00898 RSBAC_REQUEST_VECTOR(R_AUTHENTICATE);
00899 rsbac_list_lol_subadd(role_tcus_handle,
00900 &role, &type,
00901 &rights);
00902 }
00903 if (!rsbac_list_lol_add
00904 (role_tcpr_handle, &role, NULL)) {
00905 type = RSBAC_RC_GENERAL_TYPE;
00906 rights =
00907 (RSBAC_READ_WRITE_REQUEST_VECTOR |
00908 RSBAC_SYSTEM_REQUEST_VECTOR) &
00909 RSBAC_PROCESS_REQUEST_VECTOR;
00910 rsbac_list_lol_subadd(role_tcpr_handle,
00911 &role, &type,
00912 &rights);
00913 type = RSBAC_RC_SYS_TYPE;
00914 rights =
00915 (RSBAC_READ_WRITE_REQUEST_VECTOR |
00916 RSBAC_SYSTEM_REQUEST_VECTOR) &
00917 RSBAC_PROCESS_REQUEST_VECTOR;
00918 rsbac_list_lol_subadd(role_tcpr_handle,
00919 &role, &type,
00920 &rights);
00921 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
00922 rights =
00923 (RSBAC_READ_WRITE_REQUEST_VECTOR |
00924 RSBAC_SYSTEM_REQUEST_VECTOR) &
00925 RSBAC_PROCESS_REQUEST_VECTOR;
00926 rsbac_list_lol_subadd(role_tcpr_handle,
00927 &role, &type,
00928 &rights);
00929 }
00930 if (!rsbac_list_lol_add
00931 (role_tcip_handle, &role, NULL)) {
00932 type = RSBAC_RC_GENERAL_TYPE;
00933 rights =
00934 (RSBAC_READ_WRITE_REQUEST_VECTOR |
00935 RSBAC_SYSTEM_REQUEST_VECTOR) &
00936 RSBAC_IPC_REQUEST_VECTOR;
00937 rsbac_list_lol_subadd(role_tcip_handle,
00938 &role, &type,
00939 &rights);
00940 type = RSBAC_RC_SYS_TYPE;
00941 rights =
00942 (RSBAC_READ_WRITE_REQUEST_VECTOR |
00943 RSBAC_SYSTEM_REQUEST_VECTOR) &
00944 RSBAC_IPC_REQUEST_VECTOR;
00945 rsbac_list_lol_subadd(role_tcip_handle,
00946 &role, &type,
00947 &rights);
00948 }
00949 if (!rsbac_list_lol_add
00950 (role_tcgr_handle, &role, NULL)) {
00951 type = RSBAC_RC_GENERAL_TYPE;
00952 rights =
00953 RSBAC_REQUEST_VECTOR(R_SEARCH) |
00954 RSBAC_REQUEST_VECTOR
00955 (R_GET_STATUS_DATA);
00956 rsbac_list_lol_subadd(role_tcgr_handle,
00957 &role, &type,
00958 &rights);
00959 }
00960 if (!rsbac_list_lol_add
00961 (role_tcnd_handle, &role, NULL)) {
00962 type = RSBAC_RC_GENERAL_TYPE;
00963 rights =
00964 (RSBAC_READ_WRITE_REQUEST_VECTOR |
00965 RSBAC_SYSTEM_REQUEST_VECTOR) &
00966 RSBAC_NETDEV_REQUEST_VECTOR;
00967 rsbac_list_lol_subadd(role_tcnd_handle,
00968 &role, &type,
00969 &rights);
00970 }
00971 if (!rsbac_list_lol_add
00972 (role_tcnt_handle, &role, NULL)) {
00973 type = RSBAC_RC_GENERAL_TYPE;
00974 rights =
00975 (RSBAC_READ_REQUEST_VECTOR) &
00976 RSBAC_NETTEMP_REQUEST_VECTOR;
00977 rsbac_list_lol_subadd(role_tcnt_handle,
00978 &role, &type,
00979 &rights);
00980 }
00981 if (!rsbac_list_lol_add
00982 (role_tcno_handle, &role, NULL)) {
00983 type = RSBAC_RC_GENERAL_TYPE;
00984 rights =
00985 (RSBAC_READ_WRITE_REQUEST_VECTOR |
00986 RSBAC_SYSTEM_REQUEST_VECTOR) &
00987 RSBAC_NETOBJ_REQUEST_VECTOR;
00988 rsbac_list_lol_subadd(role_tcno_handle,
00989 &role, &type,
00990 &rights);
00991 }
00992 if (!rsbac_list_lol_add
00993 (role_tcsc_handle, &role, NULL)) {
00994 rights =
00995 RSBAC_SCD_REQUEST_VECTOR &
00996 (RSBAC_SYSTEM_REQUEST_VECTOR |
00997 RSBAC_READ_WRITE_REQUEST_VECTOR);
00998 for (type = ST_time_strucs;
00999 type <= ST_rsbac; type++) {
01000 rsbac_list_lol_subadd
01001 (role_tcsc_handle, &role,
01002 &type, &rights);
01003 }
01004 for (type = ST_network; type < ST_none;
01005 type++) {
01006 rsbac_list_lol_subadd
01007 (role_tcsc_handle, &role,
01008 &type, &rights);
01009 }
01010 type = ST_other;
01011 rights =
01012 RSBAC_RC_RIGHTS_VECTOR(R_ADD_TO_KERNEL)
01013 | RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC)
01014 |
01015 RSBAC_RC_RIGHTS_VECTOR
01016 (R_MODIFY_SYSTEM_DATA)
01017 | RSBAC_RC_RIGHTS_VECTOR(R_MOUNT)
01018 |
01019 RSBAC_RC_RIGHTS_VECTOR
01020 (R_REMOVE_FROM_KERNEL)
01021 | RSBAC_RC_RIGHTS_VECTOR(R_UMOUNT)
01022 | RSBAC_RC_RIGHTS_VECTOR(R_SHUTDOWN);
01023 rsbac_list_lol_subadd(role_tcsc_handle,
01024 &role, &type,
01025 &rights);
01026 }
01027 }
01028 }
01029
01030 #ifdef CONFIG_RSBAC_INIT_DELAY
01031 static void create_def_roles2(void)
01032 #else
01033 static void __init create_def_roles2(void)
01034 #endif
01035 {
01036 rsbac_rc_role_id_t role;
01037 rsbac_rc_type_id_t type;
01038 rsbac_rc_rights_vector_t rights;
01039 struct rsbac_rc_role_entry_t au_entry =
01040 RSBAC_RC_AUDITOR_ROLE_ENTRY;
01041 struct rsbac_rc_role_entry_t bo_entry =
01042 RSBAC_RC_BOOT_ROLE_ENTRY;
01043
01044 rsbac_printk(KERN_WARNING "rsbac_init_rc(): no RC roles read, generating default role entries!\n");
01045
01046 role = RSBAC_RC_AUDITOR_ROLE;
01047 if (!rsbac_list_add(role_handle, &role, &au_entry)) {
01048 if (!rsbac_list_lol_add
01049 (role_tcfd_handle, &role, NULL)) {
01050 type = RSBAC_RC_GENERAL_TYPE;
01051 rights =
01052 (RSBAC_READ_WRITE_REQUEST_VECTOR |
01053 RSBAC_EXECUTE_REQUEST_VECTOR)
01054 & RSBAC_FD_REQUEST_VECTOR;
01055 rsbac_list_lol_subadd(role_tcfd_handle,
01056 &role, &type,
01057 &rights);
01058 }
01059 if (!rsbac_list_lol_add
01060 (role_tcdv_handle, &role, NULL)) {
01061 type = RSBAC_RC_GENERAL_TYPE;
01062 rights =
01063 RSBAC_READ_WRITE_REQUEST_VECTOR &
01064 RSBAC_DEV_REQUEST_VECTOR;
01065 rsbac_list_lol_subadd(role_tcdv_handle,
01066 &role, &type,
01067 &rights);
01068 }
01069 if (!rsbac_list_lol_add
01070 (role_tcus_handle, &role, NULL)) {
01071 type = RSBAC_RC_GENERAL_TYPE;
01072 rights =
01073 RSBAC_REQUEST_VECTOR(R_CHANGE_OWNER) |
01074 RSBAC_REQUEST_VECTOR(R_SEARCH) |
01075 RSBAC_REQUEST_VECTOR
01076 (R_GET_STATUS_DATA);
01077 rsbac_list_lol_subadd(role_tcus_handle,
01078 &role, &type,
01079 &rights);
01080 }
01081 if (!rsbac_list_lol_add
01082 (role_tcgr_handle, &role, NULL)) {
01083 type = RSBAC_RC_GENERAL_TYPE;
01084 rights =
01085 RSBAC_REQUEST_VECTOR(R_SEARCH) |
01086 RSBAC_REQUEST_VECTOR
01087 (R_GET_STATUS_DATA);
01088 rsbac_list_lol_subadd(role_tcgr_handle,
01089 &role, &type,
01090 &rights);
01091 }
01092 if (!rsbac_list_lol_add
01093 (role_tcpr_handle, &role, NULL)) {
01094 type = RSBAC_RC_GENERAL_TYPE;
01095 rights =
01096 RSBAC_READ_WRITE_REQUEST_VECTOR &
01097 RSBAC_PROCESS_REQUEST_VECTOR;
01098 rsbac_list_lol_subadd(role_tcpr_handle,
01099 &role, &type,
01100 &rights);
01101 }
01102 if (!rsbac_list_lol_add
01103 (role_tcip_handle, &role, NULL)) {
01104 type = RSBAC_RC_GENERAL_TYPE;
01105 rights =
01106 RSBAC_READ_WRITE_REQUEST_VECTOR &
01107 RSBAC_IPC_REQUEST_VECTOR;
01108 rsbac_list_lol_subadd(role_tcip_handle,
01109 &role, &type,
01110 &rights);
01111 }
01112 if (!rsbac_list_lol_add
01113 (role_tcnd_handle, &role, NULL)) {
01114 type = RSBAC_RC_GENERAL_TYPE;
01115 rights =
01116 RSBAC_READ_WRITE_REQUEST_VECTOR &
01117 RSBAC_NETDEV_REQUEST_VECTOR;
01118 rsbac_list_lol_subadd(role_tcnd_handle,
01119 &role, &type,
01120 &rights);
01121 }
01122 if (!rsbac_list_lol_add
01123 (role_tcno_handle, &role, NULL)) {
01124 type = RSBAC_RC_GENERAL_TYPE;
01125 rights =
01126 RSBAC_READ_WRITE_REQUEST_VECTOR &
01127 RSBAC_NETOBJ_REQUEST_VECTOR;
01128 rsbac_list_lol_subadd(role_tcno_handle,
01129 &role, &type,
01130 &rights);
01131 }
01132 if (!rsbac_list_lol_add
01133 (role_tcsc_handle, &role, NULL)) {
01134 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
01135 type = ST_ioports;
01136 rights =
01137 RSBAC_RC_RIGHTS_VECTOR
01138 (R_MODIFY_PERMISSIONS_DATA);
01139 rsbac_list_lol_subadd(role_tcsc_handle,
01140 &role, &type,
01141 &rights);
01142 #endif
01143 type = ST_rlimit;
01144 rights =
01145 RSBAC_RC_RIGHTS_VECTOR
01146 (R_GET_STATUS_DATA)
01147 |
01148 RSBAC_RC_RIGHTS_VECTOR
01149 (R_MODIFY_SYSTEM_DATA);
01150 rsbac_list_lol_subadd(role_tcsc_handle,
01151 &role, &type,
01152 &rights);
01153 type = ST_rsbac_log;
01154 rights =
01155 RSBAC_RC_RIGHTS_VECTOR
01156 (R_GET_STATUS_DATA)
01157 |
01158 RSBAC_RC_RIGHTS_VECTOR
01159 (R_MODIFY_SYSTEM_DATA);
01160 rsbac_list_lol_subadd(role_tcsc_handle,
01161 &role, &type,
01162 &rights);
01163 type = ST_other;
01164 rights =
01165 RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC);
01166 rsbac_list_lol_subadd(role_tcsc_handle,
01167 &role, &type,
01168 &rights);
01169 type = ST_network;
01170 rights =
01171 RSBAC_RC_RIGHTS_VECTOR
01172 (R_GET_STATUS_DATA);
01173 rsbac_list_lol_subadd(role_tcsc_handle,
01174 &role, &type,
01175 &rights);
01176 }
01177 }
01178 role = RSBAC_RC_BOOT_ROLE;
01179 if (!rsbac_list_add(role_handle, &role, &bo_entry)) {
01180 if (!rsbac_list_lol_add
01181 (role_tcfd_handle, &role, NULL)) {
01182 type = RSBAC_RC_GENERAL_TYPE;
01183 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR
01184 | RSBAC_EXECUTE_REQUEST_VECTOR
01185 | RSBAC_SYSTEM_REQUEST_VECTOR)
01186 & RSBAC_FD_REQUEST_VECTOR;
01187 rsbac_list_lol_subadd(role_tcfd_handle,
01188 &role, &type,
01189 &rights);
01190 type = RSBAC_RC_SYS_TYPE;
01191 rsbac_list_lol_subadd(role_tcfd_handle,
01192 &role, &type,
01193 &rights);
01194 }
01195 if (!rsbac_list_lol_add
01196 (role_tcdv_handle, &role, NULL)) {
01197 type = RSBAC_RC_GENERAL_TYPE;
01198 rights =
01199 (RSBAC_READ_WRITE_REQUEST_VECTOR |
01200 RSBAC_SYSTEM_REQUEST_VECTOR) &
01201 RSBAC_DEV_REQUEST_VECTOR;
01202 rsbac_list_lol_subadd(role_tcdv_handle,
01203 &role, &type,
01204 &rights);
01205 type = RSBAC_RC_SYS_TYPE;
01206 rights =
01207 (RSBAC_READ_WRITE_REQUEST_VECTOR |
01208 RSBAC_SYSTEM_REQUEST_VECTOR) &
01209 RSBAC_DEV_REQUEST_VECTOR;
01210 rsbac_list_lol_subadd(role_tcdv_handle,
01211 &role, &type,
01212 &rights);
01213 }
01214 if (!rsbac_list_lol_add
01215 (role_tcus_handle, &role, NULL)) {
01216 type = RSBAC_RC_GENERAL_TYPE;
01217 rights =
01218 (RSBAC_READ_REQUEST_VECTOR |
01219 RSBAC_REQUEST_VECTOR(R_CHANGE_OWNER) |
01220 RSBAC_SYSTEM_REQUEST_VECTOR |
01221 RSBAC_REQUEST_VECTOR(R_AUTHENTICATE)) &
01222 RSBAC_USER_REQUEST_VECTOR;
01223 rsbac_list_lol_subadd(role_tcus_handle,
01224 &role, &type,
01225 &rights);
01226 type = RSBAC_RC_SEC_TYPE;
01227 rights =
01228 RSBAC_REQUEST_VECTOR(R_SEARCH) |
01229 RSBAC_REQUEST_VECTOR(R_CHANGE_OWNER) |
01230 RSBAC_REQUEST_VECTOR(R_AUTHENTICATE);
01231 rsbac_list_lol_subadd(role_tcus_handle,
01232 &role, &type,
01233 &rights);
01234 type = RSBAC_RC_SYS_TYPE;
01235 rights =
01236 (RSBAC_READ_REQUEST_VECTOR |
01237 RSBAC_SYSTEM_REQUEST_VECTOR) &
01238 RSBAC_USER_REQUEST_VECTOR;
01239 rsbac_list_lol_subadd(role_tcus_handle,
01240 &role, &type,
01241 &rights);
01242 }
01243 if (!rsbac_list_lol_add
01244 (role_tcpr_handle, &role, NULL)) {
01245 type = RSBAC_RC_GENERAL_TYPE;
01246 rights =
01247 (RSBAC_READ_WRITE_REQUEST_VECTOR |
01248 RSBAC_SYSTEM_REQUEST_VECTOR) &
01249 RSBAC_PROCESS_REQUEST_VECTOR;
01250 rsbac_list_lol_subadd(role_tcpr_handle,
01251 &role, &type,
01252 &rights);
01253 type = RSBAC_RC_SYS_TYPE;
01254 rights =
01255 (RSBAC_READ_WRITE_REQUEST_VECTOR |
01256 RSBAC_SYSTEM_REQUEST_VECTOR) &
01257 RSBAC_PROCESS_REQUEST_VECTOR;
01258 rsbac_list_lol_subadd(role_tcpr_handle,
01259 &role, &type,
01260 &rights);
01261 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
01262 rights =
01263 (RSBAC_READ_WRITE_REQUEST_VECTOR |
01264 RSBAC_SYSTEM_REQUEST_VECTOR) &
01265 RSBAC_PROCESS_REQUEST_VECTOR;
01266 rsbac_list_lol_subadd(role_tcpr_handle,
01267 &role, &type,
01268 &rights);
01269 }
01270 if (!rsbac_list_lol_add
01271 (role_tcip_handle, &role, NULL)) {
01272 type = RSBAC_RC_GENERAL_TYPE;
01273 rights =
01274 (RSBAC_READ_WRITE_REQUEST_VECTOR |
01275 RSBAC_SYSTEM_REQUEST_VECTOR) &
01276 RSBAC_IPC_REQUEST_VECTOR;
01277 rsbac_list_lol_subadd(role_tcip_handle,
01278 &role, &type,
01279 &rights);
01280 type = RSBAC_RC_SYS_TYPE;
01281 rights =
01282 (RSBAC_READ_WRITE_REQUEST_VECTOR |
01283 RSBAC_SYSTEM_REQUEST_VECTOR) &
01284 RSBAC_IPC_REQUEST_VECTOR;
01285 rsbac_list_lol_subadd(role_tcip_handle,
01286 &role, &type,
01287 &rights);
01288 }
01289 if (!rsbac_list_lol_add
01290 (role_tcnd_handle, &role, NULL)) {
01291 type = RSBAC_RC_GENERAL_TYPE;
01292 rights =
01293 (RSBAC_READ_WRITE_REQUEST_VECTOR |
01294 RSBAC_SYSTEM_REQUEST_VECTOR) &
01295 RSBAC_NETDEV_REQUEST_VECTOR;
01296 rsbac_list_lol_subadd(role_tcnd_handle,
01297 &role, &type,
01298 &rights);
01299 }
01300 if (!rsbac_list_lol_add
01301 (role_tcnt_handle, &role, NULL)) {
01302 type = RSBAC_RC_GENERAL_TYPE;
01303 rights =
01304 (RSBAC_READ_REQUEST_VECTOR) &
01305 RSBAC_NETTEMP_REQUEST_VECTOR;
01306 rsbac_list_lol_subadd(role_tcnt_handle,
01307 &role, &type,
01308 &rights);
01309 }
01310 if (!rsbac_list_lol_add
01311 (role_tcno_handle, &role, NULL)) {
01312 type = RSBAC_RC_GENERAL_TYPE;
01313 rights =
01314 (RSBAC_READ_WRITE_REQUEST_VECTOR |
01315 RSBAC_SYSTEM_REQUEST_VECTOR) &
01316 RSBAC_NETOBJ_REQUEST_VECTOR;
01317 rsbac_list_lol_subadd(role_tcno_handle,
01318 &role, &type,
01319 &rights);
01320 }
01321 if (!rsbac_list_lol_add
01322 (role_tcsc_handle, &role, NULL)) {
01323 rights =
01324 RSBAC_SCD_REQUEST_VECTOR &
01325 (RSBAC_SYSTEM_REQUEST_VECTOR |
01326 RSBAC_READ_WRITE_REQUEST_VECTOR);
01327 for (type = ST_time_strucs;
01328 type <= ST_rsbac; type++) {
01329 rsbac_list_lol_subadd
01330 (role_tcsc_handle, &role,
01331 &type, &rights);
01332 }
01333 for (type = ST_network; type < ST_none;
01334 type++) {
01335 rsbac_list_lol_subadd
01336 (role_tcsc_handle, &role,
01337 &type, &rights);
01338 }
01339 type = ST_other;
01340 rights =
01341 RSBAC_RC_RIGHTS_VECTOR(R_ADD_TO_KERNEL)
01342 | RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC)
01343 |
01344 RSBAC_RC_RIGHTS_VECTOR
01345 (R_MODIFY_SYSTEM_DATA)
01346 | RSBAC_RC_RIGHTS_VECTOR(R_MOUNT)
01347 |
01348 RSBAC_RC_RIGHTS_VECTOR
01349 (R_REMOVE_FROM_KERNEL)
01350 | RSBAC_RC_RIGHTS_VECTOR(R_UMOUNT)
01351 | RSBAC_RC_RIGHTS_VECTOR(R_SHUTDOWN);
01352 rsbac_list_lol_subadd(role_tcsc_handle,
01353 &role, &type,
01354 &rights);
01355 }
01356 }
01357 }
01358
01359 #ifdef CONFIG_RSBAC_INIT_DELAY
01360 int rsbac_init_rc(void)
01361 #else
01362 int __init rsbac_init_rc(void)
01363 #endif
01364 {
01365 int err = 0;
01366 struct proc_dir_entry *tmp_entry_p;
01367 struct rsbac_list_lol_info_t lol_info;
01368 struct rsbac_list_info_t list_info;
01369 rsbac_rc_rights_vector_t def_tc = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
01370
01371 if (rsbac_is_initialized()) {
01372 rsbac_printk(KERN_WARNING "rsbac_init_rc(): RSBAC already initialized\n");
01373 return (-RSBAC_EREINIT);
01374 }
01375
01376
01377 rsbac_printk(KERN_INFO "rsbac_init_rc(): Initializing RSBAC: RC subsystem\n");
01378 rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space());
01379
01380 list_info.version = RSBAC_RC_ROLE_LIST_VERSION;
01381 list_info.key = RSBAC_RC_LIST_KEY;
01382 list_info.desc_size = sizeof(rsbac_rc_role_id_t);
01383 list_info.data_size = sizeof(struct rsbac_rc_role_entry_t);
01384 list_info.max_age = 0;
01385 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01386 &role_handle, &list_info,
01387 #if defined(CONFIG_RSBAC_RC_BACKUP)
01388 RSBAC_LIST_BACKUP |
01389 #endif
01390 RSBAC_LIST_PERSIST |
01391 RSBAC_LIST_REPLICATE | RSBAC_LIST_AUTO_HASH_RESIZE,
01392 NULL, role_get_conv,
01393 NULL, RSBAC_RC_ROLE_FILENAME,
01394 RSBAC_AUTO_DEV,
01395 nr_role_hashes,
01396 (nr_role_hashes > 1) ? role_hash : NULL,
01397 NULL);
01398 if (err) {
01399 registration_error(err, "role");
01400 }
01401
01402 lol_info.version = RSBAC_RC_ROLE_RC_LIST_VERSION;
01403 lol_info.key = RSBAC_RC_LIST_KEY;
01404 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01405 lol_info.data_size = 0;
01406 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t);
01407 lol_info.subdata_size = 0;
01408 lol_info.max_age = 0;
01409 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01410 &role_rc_handle, &lol_info,
01411 #if defined(CONFIG_RSBAC_RC_BACKUP)
01412 RSBAC_LIST_BACKUP |
01413 #endif
01414 RSBAC_LIST_PERSIST |
01415 RSBAC_LIST_REPLICATE |
01416 RSBAC_LIST_DEF_DATA |
01417 RSBAC_LIST_AUTO_HASH_RESIZE,
01418 NULL,
01419 NULL, NULL, NULL,
01420 NULL, NULL,
01421 RSBAC_RC_ROLE_RC_FILENAME,
01422 RSBAC_AUTO_DEV,
01423 nr_role_hashes,
01424 (nr_role_hashes > 1) ? role_hash : NULL,
01425 NULL);
01426 if (err) {
01427 registration_error(err, "role compatibilities");
01428 }
01429 lol_info.version = RSBAC_RC_ROLE_ADR_LIST_VERSION;
01430 lol_info.key = RSBAC_RC_LIST_KEY;
01431 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01432 lol_info.data_size = 0;
01433 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t);
01434 lol_info.subdata_size = 0;
01435 lol_info.max_age = 0;
01436 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01437 &role_adr_handle, &lol_info,
01438 #if defined(CONFIG_RSBAC_RC_BACKUP)
01439 RSBAC_LIST_BACKUP |
01440 #endif
01441 RSBAC_LIST_PERSIST |
01442 RSBAC_LIST_REPLICATE |
01443 RSBAC_LIST_DEF_DATA |
01444 RSBAC_LIST_AUTO_HASH_RESIZE,
01445 NULL,
01446 NULL, NULL, NULL,
01447 NULL, NULL,
01448 RSBAC_RC_ROLE_ADR_FILENAME,
01449 RSBAC_AUTO_DEV,
01450 nr_role_hashes,
01451 (nr_role_hashes > 1) ? role_hash : NULL,
01452 NULL);
01453 if (err) {
01454 registration_error(err, "admin roles");
01455 }
01456 lol_info.version = RSBAC_RC_ROLE_ASR_LIST_VERSION;
01457 lol_info.key = RSBAC_RC_LIST_KEY;
01458 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01459 lol_info.data_size = 0;
01460 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t);
01461 lol_info.subdata_size = 0;
01462 lol_info.max_age = 0;
01463 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01464 &role_asr_handle, &lol_info,
01465 #if defined(CONFIG_RSBAC_RC_BACKUP)
01466 RSBAC_LIST_BACKUP |
01467 #endif
01468 RSBAC_LIST_PERSIST |
01469 RSBAC_LIST_REPLICATE |
01470 RSBAC_LIST_DEF_DATA |
01471 RSBAC_LIST_AUTO_HASH_RESIZE,
01472 NULL,
01473 NULL, NULL, NULL,
01474 NULL, NULL,
01475 RSBAC_RC_ROLE_ASR_FILENAME,
01476 RSBAC_AUTO_DEV,
01477 nr_role_hashes,
01478 (nr_role_hashes > 1) ? role_hash : NULL,
01479 NULL);
01480 if (err) {
01481 registration_error(err, "assign roles");
01482 }
01483 lol_info.version = RSBAC_RC_ROLE_DFDC_LIST_VERSION;
01484 lol_info.key = RSBAC_RC_LIST_KEY;
01485 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01486 lol_info.data_size = 0;
01487 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01488 lol_info.subdata_size = sizeof(rsbac_rc_type_id_t);
01489 lol_info.max_age = 0;
01490 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01491 &role_dfdc_handle, &lol_info,
01492 #if defined(CONFIG_RSBAC_RC_BACKUP)
01493 RSBAC_LIST_BACKUP |
01494 #endif
01495 RSBAC_LIST_PERSIST |
01496 RSBAC_LIST_REPLICATE |
01497 RSBAC_LIST_DEF_DATA |
01498 RSBAC_LIST_AUTO_HASH_RESIZE,
01499 NULL,
01500 NULL, NULL, NULL,
01501 NULL, NULL,
01502 RSBAC_RC_ROLE_DFDC_FILENAME,
01503 RSBAC_AUTO_DEV,
01504 nr_role_hashes,
01505 (nr_role_hashes > 1) ? role_hash : NULL,
01506 NULL);
01507 if (err) {
01508 registration_error(err, "Role default FD create types");
01509 }
01510 lol_info.version = RSBAC_RC_ROLE_TCFD_LIST_VERSION;
01511 lol_info.key = RSBAC_RC_LIST_KEY;
01512 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01513 lol_info.data_size = 0;
01514 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01515 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
01516 lol_info.max_age = 0;
01517 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01518 &role_tcfd_handle, &lol_info,
01519 #if defined(CONFIG_RSBAC_RC_BACKUP)
01520 RSBAC_LIST_BACKUP |
01521 #endif
01522 RSBAC_LIST_PERSIST |
01523 RSBAC_LIST_REPLICATE |
01524 RSBAC_LIST_DEF_DATA |
01525 RSBAC_LIST_DEF_SUBDATA |
01526 RSBAC_LIST_AUTO_HASH_RESIZE,
01527 NULL,
01528 NULL,
01529 tcfd_get_conv, tcfd_get_subconv,
01530 NULL, &def_tc,
01531 RSBAC_RC_ROLE_TCFD_FILENAME,
01532 RSBAC_AUTO_DEV,
01533 nr_role_hashes,
01534 (nr_role_hashes > 1) ? role_hash : NULL,
01535 NULL);
01536 if (err) {
01537 registration_error(err, "Role FD type compatibilities");
01538 }
01539 lol_info.version = RSBAC_RC_ROLE_TCDV_LIST_VERSION;
01540 lol_info.key = RSBAC_RC_LIST_KEY;
01541 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01542 lol_info.data_size = 0;
01543 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01544 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
01545 lol_info.max_age = 0;
01546 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01547 &role_tcdv_handle, &lol_info,
01548 #if defined(CONFIG_RSBAC_RC_BACKUP)
01549 RSBAC_LIST_BACKUP |
01550 #endif
01551 RSBAC_LIST_PERSIST |
01552 RSBAC_LIST_REPLICATE |
01553 RSBAC_LIST_DEF_DATA |
01554 RSBAC_LIST_DEF_SUBDATA |
01555 RSBAC_LIST_AUTO_HASH_RESIZE,
01556 NULL,
01557 NULL,
01558 tcfd_get_conv, tcfd_get_subconv,
01559 NULL, &def_tc,
01560 RSBAC_RC_ROLE_TCDV_FILENAME,
01561 RSBAC_AUTO_DEV,
01562 nr_role_hashes,
01563 (nr_role_hashes > 1) ? role_hash : NULL,
01564 NULL);
01565 if (err) {
01566 registration_error(err, "Role DEV type compatibilities");
01567 }
01568 lol_info.version = RSBAC_RC_ROLE_TCUS_LIST_VERSION;
01569 lol_info.key = RSBAC_RC_LIST_KEY;
01570 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01571 lol_info.data_size = 0;
01572 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01573 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
01574 lol_info.max_age = 0;
01575 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01576 &role_tcus_handle, &lol_info,
01577 #if defined(CONFIG_RSBAC_RC_BACKUP)
01578 RSBAC_LIST_BACKUP |
01579 #endif
01580 RSBAC_LIST_PERSIST |
01581 RSBAC_LIST_REPLICATE |
01582 RSBAC_LIST_DEF_DATA |
01583 RSBAC_LIST_DEF_SUBDATA |
01584 RSBAC_LIST_AUTO_HASH_RESIZE,
01585 NULL,
01586 NULL,
01587 tcfd_get_conv, tcfd_get_subconv,
01588 NULL, &def_tc,
01589 RSBAC_RC_ROLE_TCUS_FILENAME,
01590 RSBAC_AUTO_DEV,
01591 nr_role_hashes,
01592 (nr_role_hashes > 1) ? role_hash : NULL,
01593 NULL);
01594 if (err) {
01595 registration_error(err, "Role User type compatibilities");
01596 }
01597 lol_info.version = RSBAC_RC_ROLE_TCPR_LIST_VERSION;
01598 lol_info.key = RSBAC_RC_LIST_KEY;
01599 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01600 lol_info.data_size = 0;
01601 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01602 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
01603 lol_info.max_age = 0;
01604 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01605 &role_tcpr_handle, &lol_info,
01606 #if defined(CONFIG_RSBAC_RC_BACKUP)
01607 RSBAC_LIST_BACKUP |
01608 #endif
01609 RSBAC_LIST_PERSIST |
01610 RSBAC_LIST_REPLICATE |
01611 RSBAC_LIST_DEF_DATA |
01612 RSBAC_LIST_DEF_SUBDATA |
01613 RSBAC_LIST_AUTO_HASH_RESIZE,
01614 NULL,
01615 NULL,
01616 tcfd_get_conv, tcfd_get_subconv,
01617 NULL, &def_tc,
01618 RSBAC_RC_ROLE_TCPR_FILENAME,
01619 RSBAC_AUTO_DEV,
01620 nr_role_hashes,
01621 (nr_role_hashes > 1) ? role_hash : NULL,
01622 NULL);
01623 if (err) {
01624 registration_error(err,
01625 "Role Process type compatibilities");
01626 }
01627 lol_info.version = RSBAC_RC_ROLE_TCIP_LIST_VERSION;
01628 lol_info.key = RSBAC_RC_LIST_KEY;
01629 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01630 lol_info.data_size = 0;
01631 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01632 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
01633 lol_info.max_age = 0;
01634 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01635 &role_tcip_handle, &lol_info,
01636 #if defined(CONFIG_RSBAC_RC_BACKUP)
01637 RSBAC_LIST_BACKUP |
01638 #endif
01639 RSBAC_LIST_PERSIST |
01640 RSBAC_LIST_REPLICATE |
01641 RSBAC_LIST_DEF_DATA |
01642 RSBAC_LIST_DEF_SUBDATA |
01643 RSBAC_LIST_AUTO_HASH_RESIZE,
01644 NULL,
01645 NULL,
01646 tcfd_get_conv, tcfd_get_subconv,
01647 NULL, &def_tc,
01648 RSBAC_RC_ROLE_TCIP_FILENAME,
01649 RSBAC_AUTO_DEV,
01650 nr_role_hashes,
01651 (nr_role_hashes > 1) ? role_hash : NULL,
01652 NULL);
01653 if (err) {
01654 registration_error(err, "Role IPC type compatibilities");
01655 }
01656 lol_info.version = RSBAC_RC_ROLE_TCSC_LIST_VERSION;
01657 lol_info.key = RSBAC_RC_LIST_KEY;
01658 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01659 lol_info.data_size = 0;
01660 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01661 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
01662 lol_info.max_age = 0;
01663 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01664 &role_tcsc_handle, &lol_info,
01665 #if defined(CONFIG_RSBAC_RC_BACKUP)
01666 RSBAC_LIST_BACKUP |
01667 #endif
01668 RSBAC_LIST_PERSIST |
01669 RSBAC_LIST_REPLICATE |
01670 RSBAC_LIST_DEF_DATA |
01671 RSBAC_LIST_DEF_SUBDATA |
01672 RSBAC_LIST_AUTO_HASH_RESIZE,
01673 NULL,
01674 NULL,
01675 tcfd_get_conv, tcfd_get_subconv,
01676 NULL, &def_tc,
01677 RSBAC_RC_ROLE_TCSC_FILENAME,
01678 RSBAC_AUTO_DEV,
01679 nr_role_hashes,
01680 (nr_role_hashes > 1) ? role_hash : NULL,
01681 NULL);
01682 if (err) {
01683 registration_error(err, "Role SCD type compatibilities");
01684 }
01685 lol_info.version = RSBAC_RC_ROLE_TCGR_LIST_VERSION;
01686 lol_info.key = RSBAC_RC_LIST_KEY;
01687 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01688 lol_info.data_size = 0;
01689 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01690 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
01691 lol_info.max_age = 0;
01692 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01693 &role_tcgr_handle, &lol_info,
01694 #if defined(CONFIG_RSBAC_RC_BACKUP)
01695 RSBAC_LIST_BACKUP |
01696 #endif
01697 RSBAC_LIST_PERSIST |
01698 RSBAC_LIST_REPLICATE |
01699 RSBAC_LIST_DEF_DATA |
01700 RSBAC_LIST_DEF_SUBDATA |
01701 RSBAC_LIST_AUTO_HASH_RESIZE,
01702 NULL,
01703 NULL,
01704 tcfd_get_conv, tcfd_get_subconv,
01705 NULL, &def_tc,
01706 RSBAC_RC_ROLE_TCGR_FILENAME,
01707 RSBAC_AUTO_DEV,
01708 nr_role_hashes,
01709 (nr_role_hashes > 1) ? role_hash : NULL,
01710 NULL);
01711 if (err) {
01712 registration_error(err, "Role Group type compatibilities");
01713 }
01714 lol_info.version = RSBAC_RC_ROLE_TCND_LIST_VERSION;
01715 lol_info.key = RSBAC_RC_LIST_KEY;
01716 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01717 lol_info.data_size = 0;
01718 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01719 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
01720 lol_info.max_age = 0;
01721 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01722 &role_tcnd_handle, &lol_info,
01723 #if defined(CONFIG_RSBAC_RC_BACKUP)
01724 RSBAC_LIST_BACKUP |
01725 #endif
01726 RSBAC_LIST_PERSIST |
01727 RSBAC_LIST_REPLICATE |
01728 RSBAC_LIST_DEF_DATA |
01729 RSBAC_LIST_DEF_SUBDATA |
01730 RSBAC_LIST_AUTO_HASH_RESIZE,
01731 NULL,
01732 NULL,
01733 tcfd_get_conv, tcfd_get_subconv,
01734 NULL, &def_tc,
01735 RSBAC_RC_ROLE_TCND_FILENAME,
01736 RSBAC_AUTO_DEV,
01737 nr_role_hashes,
01738 (nr_role_hashes > 1) ? role_hash : NULL,
01739 NULL);
01740 if (err) {
01741 registration_error(err,
01742 "Role NETDEV type compatibilities");
01743 }
01744 lol_info.version = RSBAC_RC_ROLE_TCNT_LIST_VERSION;
01745 lol_info.key = RSBAC_RC_LIST_KEY;
01746 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01747 lol_info.data_size = 0;
01748 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01749 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
01750 lol_info.max_age = 0;
01751 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01752 &role_tcnt_handle, &lol_info,
01753 #if defined(CONFIG_RSBAC_RC_BACKUP)
01754 RSBAC_LIST_BACKUP |
01755 #endif
01756 RSBAC_LIST_PERSIST |
01757 RSBAC_LIST_REPLICATE |
01758 RSBAC_LIST_DEF_DATA |
01759 RSBAC_LIST_DEF_SUBDATA |
01760 RSBAC_LIST_AUTO_HASH_RESIZE,
01761 NULL,
01762 NULL,
01763 tcfd_get_conv, tcfd_get_subconv,
01764 NULL, &def_tc,
01765 RSBAC_RC_ROLE_TCNT_FILENAME,
01766 RSBAC_AUTO_DEV,
01767 nr_role_hashes,
01768 (nr_role_hashes > 1) ? role_hash : NULL,
01769 NULL);
01770 if (err) {
01771 registration_error(err,
01772 "Role NETTEMP type compatibilities");
01773 }
01774 lol_info.version = RSBAC_RC_ROLE_TCNO_LIST_VERSION;
01775 lol_info.key = RSBAC_RC_LIST_KEY;
01776 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
01777 lol_info.data_size = 0;
01778 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
01779 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
01780 lol_info.max_age = 0;
01781 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
01782 &role_tcno_handle, &lol_info,
01783 #if defined(CONFIG_RSBAC_RC_BACKUP)
01784 RSBAC_LIST_BACKUP |
01785 #endif
01786 RSBAC_LIST_PERSIST |
01787 RSBAC_LIST_REPLICATE |
01788 RSBAC_LIST_DEF_DATA |
01789 RSBAC_LIST_DEF_SUBDATA |
01790 RSBAC_LIST_AUTO_HASH_RESIZE,
01791 NULL,
01792 NULL,
01793 tcfd_get_conv, tcfd_get_subconv,
01794 NULL, &def_tc,
01795 RSBAC_RC_ROLE_TCNO_FILENAME,
01796 RSBAC_AUTO_DEV,
01797 nr_role_hashes,
01798 (nr_role_hashes > 1) ? role_hash : NULL,
01799 NULL);
01800 if (err) {
01801 registration_error(err,
01802 "Role NETOBJ type compatibilities");
01803 }
01804
01805
01806 if (!rsbac_no_defaults && !rsbac_list_count(role_handle)) {
01807 create_def_roles();
01808 create_def_roles2();
01809 }
01810
01811 list_info.version = RSBAC_RC_TYPE_FD_LIST_VERSION;
01812 list_info.key = RSBAC_RC_LIST_KEY;
01813 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01814 list_info.data_size = sizeof(struct rsbac_rc_type_fd_entry_t);
01815 list_info.max_age = 0;
01816 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01817 &type_fd_handle, &list_info,
01818 #if defined(CONFIG_RSBAC_RC_BACKUP)
01819 RSBAC_LIST_BACKUP |
01820 #endif
01821 RSBAC_LIST_PERSIST |
01822 RSBAC_LIST_REPLICATE |
01823 RSBAC_LIST_AUTO_HASH_RESIZE,
01824 NULL, NULL, NULL,
01825 RSBAC_RC_TYPE_FD_FILENAME,
01826 RSBAC_AUTO_DEV,
01827 nr_type_hashes,
01828 (nr_type_hashes > 1) ? type_hash : NULL,
01829 NULL);
01830 if (err) {
01831 registration_error(err, "type FD");
01832 }
01833 if (!rsbac_no_defaults && !rsbac_list_count(type_fd_handle)) {
01834 rsbac_rc_type_id_t type;
01835 struct rsbac_rc_type_fd_entry_t entry;
01836
01837 type = RSBAC_RC_GENERAL_TYPE;
01838 strcpy(entry.name, "General FD");
01839 entry.need_secdel = 0;
01840 rsbac_list_add(type_fd_handle, &type, &entry);
01841 type = RSBAC_RC_SEC_TYPE;
01842 strcpy(entry.name, "Security FD");
01843 entry.need_secdel = 0;
01844 rsbac_list_add(type_fd_handle, &type, &entry);
01845 type = RSBAC_RC_SYS_TYPE;
01846 strcpy(entry.name, "System FD");
01847 entry.need_secdel = 0;
01848 rsbac_list_add(type_fd_handle, &type, &entry);
01849 }
01850 list_info.version = RSBAC_RC_TYPE_DEV_LIST_VERSION;
01851 list_info.key = RSBAC_RC_LIST_KEY;
01852 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01853 list_info.data_size = RSBAC_RC_NAME_LEN;
01854 list_info.max_age = 0;
01855 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01856 &type_dev_handle, &list_info,
01857 #if defined(CONFIG_RSBAC_RC_BACKUP)
01858 RSBAC_LIST_BACKUP |
01859 #endif
01860 RSBAC_LIST_PERSIST |
01861 RSBAC_LIST_REPLICATE |
01862 RSBAC_LIST_AUTO_HASH_RESIZE,
01863 NULL, NULL, NULL,
01864 RSBAC_RC_TYPE_DEV_FILENAME,
01865 RSBAC_AUTO_DEV,
01866 nr_type_hashes,
01867 (nr_type_hashes > 1) ? type_hash : NULL,
01868 NULL);
01869 if (err) {
01870 registration_error(err, "type DEV");
01871 }
01872 if (!rsbac_no_defaults && !rsbac_list_count(type_dev_handle)) {
01873 rsbac_rc_type_id_t type;
01874 char name[RSBAC_RC_NAME_LEN];
01875
01876 type = RSBAC_RC_GENERAL_TYPE;
01877 strcpy(name, "General Device");
01878 rsbac_list_add(type_dev_handle, &type, name);
01879 type = RSBAC_RC_SEC_TYPE;
01880 strcpy(name, "Security Device");
01881 rsbac_list_add(type_dev_handle, &type, name);
01882 type = RSBAC_RC_SYS_TYPE;
01883 strcpy(name, "System Device");
01884 rsbac_list_add(type_dev_handle, &type, &name);
01885 }
01886 list_info.version = RSBAC_RC_TYPE_IPC_LIST_VERSION;
01887 list_info.key = RSBAC_RC_LIST_KEY;
01888 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01889 list_info.data_size = RSBAC_RC_NAME_LEN;
01890 list_info.max_age = 0;
01891 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01892 &type_ipc_handle, &list_info,
01893 #if defined(CONFIG_RSBAC_RC_BACKUP)
01894 RSBAC_LIST_BACKUP |
01895 #endif
01896 RSBAC_LIST_PERSIST |
01897 RSBAC_LIST_REPLICATE |
01898 RSBAC_LIST_AUTO_HASH_RESIZE,
01899 NULL, NULL, NULL,
01900 RSBAC_RC_TYPE_IPC_FILENAME,
01901 RSBAC_AUTO_DEV,
01902 nr_type_hashes,
01903 (nr_type_hashes > 1) ? type_hash : NULL,
01904 NULL);
01905 if (err) {
01906 registration_error(err, "type IPC");
01907 }
01908 if (!rsbac_no_defaults && !rsbac_list_count(type_ipc_handle)) {
01909 rsbac_rc_type_id_t type;
01910 char name[RSBAC_RC_NAME_LEN];
01911
01912 type = RSBAC_RC_GENERAL_TYPE;
01913 strcpy(name, "General IPC");
01914 rsbac_list_add(type_ipc_handle, &type, name);
01915 type = RSBAC_RC_SEC_TYPE;
01916 strcpy(name, "Security IPC");
01917 rsbac_list_add(type_ipc_handle, &type, name);
01918 type = RSBAC_RC_SYS_TYPE;
01919 strcpy(name, "System IPC");
01920 rsbac_list_add(type_ipc_handle, &type, &name);
01921 }
01922 list_info.version = RSBAC_RC_TYPE_USER_LIST_VERSION;
01923 list_info.key = RSBAC_RC_LIST_KEY;
01924 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01925 list_info.data_size = RSBAC_RC_NAME_LEN;
01926 list_info.max_age = 0;
01927 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01928 &type_user_handle, &list_info,
01929 #if defined(CONFIG_RSBAC_RC_BACKUP)
01930 RSBAC_LIST_BACKUP |
01931 #endif
01932 RSBAC_LIST_PERSIST |
01933 RSBAC_LIST_REPLICATE |
01934 RSBAC_LIST_AUTO_HASH_RESIZE,
01935 NULL, NULL, NULL,
01936 RSBAC_RC_TYPE_USER_FILENAME,
01937 RSBAC_AUTO_DEV,
01938 nr_type_hashes,
01939 (nr_type_hashes > 1) ? type_hash : NULL,
01940 NULL);
01941 if (err) {
01942 registration_error(err, "type USER");
01943 }
01944 if (!rsbac_no_defaults && !rsbac_list_count(type_user_handle)) {
01945 rsbac_rc_type_id_t type;
01946 char name[RSBAC_RC_NAME_LEN];
01947
01948 type = RSBAC_RC_GENERAL_TYPE;
01949 strcpy(name, "General User");
01950 rsbac_list_add(type_user_handle, &type, name);
01951 type = RSBAC_RC_SEC_TYPE;
01952 strcpy(name, "Security User");
01953 rsbac_list_add(type_user_handle, &type, name);
01954 type = RSBAC_RC_SYS_TYPE;
01955 strcpy(name, "System User");
01956 rsbac_list_add(type_user_handle, &type, &name);
01957 }
01958 list_info.version = RSBAC_RC_TYPE_PROCESS_LIST_VERSION;
01959 list_info.key = RSBAC_RC_LIST_KEY;
01960 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01961 list_info.data_size = RSBAC_RC_NAME_LEN;
01962 list_info.max_age = 0;
01963 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01964 &type_process_handle, &list_info,
01965 #if defined(CONFIG_RSBAC_RC_BACKUP)
01966 RSBAC_LIST_BACKUP |
01967 #endif
01968 RSBAC_LIST_PERSIST |
01969 RSBAC_LIST_REPLICATE |
01970 RSBAC_LIST_AUTO_HASH_RESIZE,
01971 NULL, NULL, NULL,
01972 RSBAC_RC_TYPE_PROCESS_FILENAME,
01973 RSBAC_AUTO_DEV,
01974 nr_type_hashes,
01975 (nr_type_hashes > 1) ? type_hash : NULL,
01976 NULL);
01977 if (err) {
01978 registration_error(err, "type PROCESS");
01979 }
01980 if (!rsbac_no_defaults && !rsbac_list_count(type_process_handle)) {
01981 rsbac_rc_type_id_t type;
01982 char name[RSBAC_RC_NAME_LEN];
01983
01984 type = RSBAC_RC_GENERAL_TYPE;
01985 strcpy(name, "General Process");
01986 rsbac_list_add(type_process_handle, &type, name);
01987 type = RSBAC_RC_SEC_TYPE;
01988 strcpy(name, "Security Proc");
01989 rsbac_list_add(type_process_handle, &type, name);
01990 type = RSBAC_RC_SYS_TYPE;
01991 strcpy(name, "System Process");
01992 rsbac_list_add(type_process_handle, &type, &name);
01993 }
01994 if (!rsbac_no_defaults) {
01995 rsbac_rc_type_id_t type =
01996 CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
01997
01998 if (!rsbac_list_exist(type_process_handle, &type)) {
01999 char name[RSBAC_RC_NAME_LEN];
02000 rsbac_rc_role_id_t *role_array;
02001 u_long count;
02002 rsbac_rc_rights_vector_t rights;
02003
02004 strcpy(name, "Kernel Process");
02005 rsbac_list_add(type_process_handle, &type, &name);
02006
02007
02008 rights = RSBAC_READ_WRITE_REQUEST_VECTOR
02009 & RSBAC_PROCESS_REQUEST_VECTOR;
02010
02011 count =
02012 rsbac_list_lol_get_all_desc(role_tcpr_handle,
02013 (void **)
02014 &role_array);
02015 if (count > 0) {
02016 u_int i;
02017
02018 for (i = 0; i < count; i++) {
02019 if (!rsbac_list_lol_subexist
02020 (role_tcpr_handle,
02021 &role_array[i], &type))
02022 rsbac_list_lol_subadd
02023 (role_tcpr_handle,
02024 &role_array[i], &type,
02025 &rights);
02026 }
02027 rsbac_vfree(role_array);
02028 }
02029 }
02030 }
02031 list_info.version = RSBAC_RC_TYPE_GROUP_LIST_VERSION;
02032 list_info.key = RSBAC_RC_LIST_KEY;
02033 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
02034 list_info.data_size = RSBAC_RC_NAME_LEN;
02035 list_info.max_age = 0;
02036 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
02037 &type_group_handle, &list_info,
02038 #if defined(CONFIG_RSBAC_RC_BACKUP)
02039 RSBAC_LIST_BACKUP |
02040 #endif
02041 RSBAC_LIST_PERSIST |
02042 RSBAC_LIST_REPLICATE |
02043 RSBAC_LIST_AUTO_HASH_RESIZE,
02044 NULL, NULL, NULL,
02045 RSBAC_RC_TYPE_GROUP_FILENAME,
02046 RSBAC_AUTO_DEV,
02047 nr_type_hashes,
02048 (nr_type_hashes > 1) ? type_hash : NULL,
02049 NULL);
02050 if (err) {
02051 registration_error(err, "type GROUP");
02052 }
02053 if (!rsbac_no_defaults && !rsbac_list_count(type_group_handle)) {
02054 rsbac_rc_type_id_t type;
02055 char name[RSBAC_RC_NAME_LEN];
02056
02057 type = RSBAC_RC_GENERAL_TYPE;
02058 strcpy(name, "General Group");
02059 rsbac_list_add(type_group_handle, &type, name);
02060 }
02061 list_info.version = RSBAC_RC_TYPE_NETDEV_LIST_VERSION;
02062 list_info.key = RSBAC_RC_LIST_KEY;
02063 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
02064 list_info.data_size = RSBAC_RC_NAME_LEN;
02065 list_info.max_age = 0;
02066 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
02067 &type_netdev_handle, &list_info,
02068 #if defined(CONFIG_RSBAC_RC_BACKUP)
02069 RSBAC_LIST_BACKUP |
02070 #endif
02071 RSBAC_LIST_PERSIST |
02072 RSBAC_LIST_REPLICATE |
02073 RSBAC_LIST_AUTO_HASH_RESIZE,
02074 NULL, NULL, NULL,
02075 RSBAC_RC_TYPE_NETDEV_FILENAME,
02076 RSBAC_AUTO_DEV,
02077 nr_type_hashes,
02078 (nr_type_hashes > 1) ? type_hash : NULL,
02079 NULL);
02080 if (err) {
02081 registration_error(err, "type NETDEV");
02082 }
02083 if (!rsbac_no_defaults && !rsbac_list_count(type_netdev_handle)) {
02084 rsbac_rc_type_id_t type;
02085 char name[RSBAC_RC_NAME_LEN];
02086
02087 type = RSBAC_RC_GENERAL_TYPE;
02088 strcpy(name, "General NETDEV");
02089 rsbac_list_add(type_netdev_handle, &type, name);
02090 type = RSBAC_RC_SEC_TYPE;
02091 strcpy(name, "Security NETDEV");
02092 rsbac_list_add(type_netdev_handle, &type, name);
02093 type = RSBAC_RC_SYS_TYPE;
02094 strcpy(name, "System NETDEV");
02095 rsbac_list_add(type_netdev_handle, &type, &name);
02096 }
02097 list_info.version = RSBAC_RC_TYPE_NETTEMP_LIST_VERSION;
02098 list_info.key = RSBAC_RC_LIST_KEY;
02099 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
02100 list_info.data_size = RSBAC_RC_NAME_LEN;
02101 list_info.max_age = 0;
02102 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
02103 &type_nettemp_handle, &list_info,
02104 #if defined(CONFIG_RSBAC_RC_BACKUP)
02105 RSBAC_LIST_BACKUP |
02106 #endif
02107 RSBAC_LIST_PERSIST |
02108 RSBAC_LIST_REPLICATE |
02109 RSBAC_LIST_AUTO_HASH_RESIZE,
02110 NULL, NULL, NULL,
02111 RSBAC_RC_TYPE_NETTEMP_FILENAME,
02112 RSBAC_AUTO_DEV,
02113 nr_type_hashes,
02114 (nr_type_hashes > 1) ? type_hash : NULL,
02115 NULL);
02116 if (err) {
02117 registration_error(err, "type NETTEMP");
02118 }
02119 if (!rsbac_no_defaults && !rsbac_list_count(type_nettemp_handle)) {
02120 rsbac_rc_type_id_t type;
02121 char name[RSBAC_RC_NAME_LEN];
02122
02123 type = RSBAC_RC_GENERAL_TYPE;
02124 strcpy(name, "General NETTEMP");
02125 rsbac_list_add(type_nettemp_handle, &type, name);
02126 type = RSBAC_RC_SEC_TYPE;
02127 strcpy(name, "Securit NETTEMP");
02128 rsbac_list_add(type_nettemp_handle, &type, name);
02129 type = RSBAC_RC_SYS_TYPE;
02130 strcpy(name, "System NETTEMP");
02131 rsbac_list_add(type_nettemp_handle, &type, &name);
02132 }
02133 list_info.version = RSBAC_RC_TYPE_NETOBJ_LIST_VERSION;
02134 list_info.key = RSBAC_RC_LIST_KEY;
02135 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
02136 list_info.data_size = RSBAC_RC_NAME_LEN;
02137 list_info.max_age = 0;
02138 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
02139 &type_netobj_handle, &list_info,
02140 #if defined(CONFIG_RSBAC_RC_BACKUP)
02141 RSBAC_LIST_BACKUP |
02142 #endif
02143 RSBAC_LIST_PERSIST |
02144 RSBAC_LIST_REPLICATE |
02145 RSBAC_LIST_AUTO_HASH_RESIZE,
02146 NULL, NULL, NULL,
02147 RSBAC_RC_TYPE_NETOBJ_FILENAME,
02148 RSBAC_AUTO_DEV,
02149 nr_type_hashes,
02150 (nr_type_hashes > 1) ? type_hash : NULL,
02151 NULL);
02152 if (err) {
02153 registration_error(err, "type NETOBJ");
02154 }
02155 if (!rsbac_no_defaults && !rsbac_list_count(type_netobj_handle)) {
02156 rsbac_rc_type_id_t type;
02157 char name[RSBAC_RC_NAME_LEN];
02158
02159 type = RSBAC_RC_GENERAL_TYPE;
02160 strcpy(name, "General NETOBJ");
02161 rsbac_list_add(type_netobj_handle, &type, name);
02162 type = RSBAC_RC_SEC_TYPE;
02163 strcpy(name, "Security NETOBJ");
02164 rsbac_list_add(type_netobj_handle, &type, name);
02165 type = RSBAC_RC_SYS_TYPE;
02166 strcpy(name, "System NETOBJ");
02167 rsbac_list_add(type_netobj_handle, &type, &name);
02168 }
02169 rsbac_pr_debug(stack, "free stack before adding proc entry: %lu\n",
02170 rsbac_stack_free_space());
02171 #if defined(CONFIG_RSBAC_PROC)
02172 tmp_entry_p = create_proc_entry("stats_rc",
02173 S_IFREG | S_IRUGO,
02174 proc_rsbac_root_p);
02175 if (tmp_entry_p) {
02176 tmp_entry_p->get_info = stats_rc_proc_info;
02177 }
02178 #endif
02179 rsbac_pr_debug(stack, "final free stack: %lu\n",
02180 rsbac_stack_free_space());
02181 rsbac_pr_debug(ds_rc, "Ready.\n");
02182 return (err);
02183 }
02184
02185
02186
02187
02188 int rsbac_stats_rc(void)
02189 {
02190 if (!rsbac_is_initialized()) {
02191 rsbac_printk(KERN_WARNING "rsbac_stats_rc(): RSBAC not initialized\n");
02192 return (-RSBAC_ENOTINITIALIZED);
02193 }
02194
02195 rsbac_printk(KERN_INFO "Role entry size is %u, %lu entries used\n",
02196 sizeof(struct rsbac_rc_role_entry_t),
02197 rsbac_list_count(role_handle));
02198
02199 rsbac_printk(KERN_INFO "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, group: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
02200 rsbac_list_count(type_fd_handle),
02201 rsbac_list_count(type_dev_handle),
02202 rsbac_list_count(type_ipc_handle),
02203 rsbac_list_count(type_user_handle),
02204 rsbac_list_count(type_process_handle),
02205 rsbac_list_count(type_group_handle),
02206 rsbac_list_count(type_netdev_handle),
02207 rsbac_list_count(type_nettemp_handle),
02208 rsbac_list_count(type_netobj_handle));
02209 return 0;
02210 }
02211
02212
02213
02214
02215
02216
02217 #ifdef CONFIG_RSBAC_INIT_DELAY
02218 int rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p)
02219 #else
02220 int __init rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p)
02221 #endif
02222 {
02223
02224 if (rsbac_list_get_desc(role_handle,
02225 role_p, role_p, rsbac_rc_role_compare_data)
02226 ) {
02227 return -RSBAC_ENOTFOUND;
02228 }
02229 return 0;
02230 }
02231
02232
02233 rsbac_boolean_t rsbac_rc_role_exists(rsbac_list_ta_number_t ta_number,
02234 rsbac_rc_role_id_t role)
02235 {
02236 return rsbac_ta_list_exist(ta_number, role_handle, &role);
02237 }
02238
02239 rsbac_boolean_t rsbac_rc_type_exists(rsbac_list_ta_number_t ta_number,
02240 enum rsbac_target_t target,
02241 rsbac_rc_type_id_t type)
02242 {
02243 switch (target) {
02244 case T_FILE:
02245 case T_DIR:
02246 case T_FIFO:
02247 case T_SYMLINK:
02248 case T_FD:
02249 return rsbac_ta_list_exist(ta_number, type_fd_handle,
02250 &type);
02251 case T_DEV:
02252 return rsbac_ta_list_exist(ta_number, type_dev_handle,
02253 &type);
02254 case T_IPC:
02255 return rsbac_ta_list_exist(ta_number, type_ipc_handle,
02256 &type);
02257 case T_USER:
02258 return rsbac_ta_list_exist(ta_number, type_user_handle,
02259 &type);
02260 case T_PROCESS:
02261 return rsbac_ta_list_exist(ta_number, type_process_handle,
02262 &type);
02263 case T_NETDEV:
02264 return rsbac_ta_list_exist(ta_number, type_netdev_handle,
02265 &type);
02266 case T_NETTEMP:
02267 return rsbac_ta_list_exist(ta_number, type_nettemp_handle,
02268 &type);
02269 case T_NETOBJ:
02270 return rsbac_ta_list_exist(ta_number, type_netobj_handle,
02271 &type);
02272 case T_SCD:
02273 if (type < ST_none)
02274 return TRUE;
02275 else
02276 return FALSE;
02277 default:
02278 return FALSE;
02279 }
02280 }
02281
02282
02283
02284 int rsbac_rc_copy_role(rsbac_list_ta_number_t ta_number,
02285 rsbac_rc_role_id_t from_role,
02286 rsbac_rc_role_id_t to_role)
02287 {
02288 struct rsbac_rc_role_entry_t entry;
02289 rsbac_rc_role_id_t *role_array;
02290 char *item_array;
02291 long count;
02292 u_long i;
02293 int err;
02294
02295 if (!rsbac_is_initialized()) {
02296 rsbac_printk(KERN_WARNING "rsbac_rc_copy_role(): RSBAC not initialized\n");
02297 return (-RSBAC_ENOTINITIALIZED);
02298 }
02299 if ((from_role > RC_role_max_value)
02300 || (to_role > RC_role_max_value)
02301 || (to_role == from_role)
02302 )
02303 return (-RSBAC_EINVALIDTARGET);
02304
02305
02306 err =
02307 rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL,
02308 &from_role, &entry);
02309 if (err)
02310 return err;
02311 err =
02312 rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &to_role,
02313 &entry);
02314 if (err)
02315 return err;
02316
02317 rsbac_ta_list_lol_remove(ta_number, role_rc_handle, &to_role);
02318 count =
02319 rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02320 role_rc_handle,
02321 &from_role,
02322 (void **) &role_array,
02323 NULL);
02324 if (count > 0) {
02325 for (i = 0; i < count; i++)
02326 rsbac_ta_list_lol_subadd_ttl(ta_number,
02327 role_rc_handle, 0,
02328 &to_role,
02329 &role_array[i], 0);
02330 rsbac_vfree(role_array);
02331 }
02332 rsbac_ta_list_lol_remove(ta_number, role_adr_handle, &to_role);
02333 count =
02334 rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02335 role_adr_handle,
02336 &from_role,
02337 (void **) &role_array,
02338 NULL);
02339 if (count > 0) {
02340 for (i = 0; i < count; i++)
02341 rsbac_ta_list_lol_subadd_ttl(ta_number,
02342 role_adr_handle, 0,
02343 &to_role,
02344 &role_array[i], 0);
02345 rsbac_vfree(role_array);
02346 }
02347 rsbac_ta_list_lol_remove(ta_number, role_asr_handle, &to_role);
02348 count =
02349 rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02350 role_asr_handle,
02351 &from_role,
02352 (void **) &role_array,
02353 NULL);
02354 if (count > 0) {
02355 for (i = 0; i < count; i++)
02356 rsbac_ta_list_lol_subadd_ttl(ta_number,
02357 role_asr_handle, 0,
02358 &to_role,
02359 &role_array[i], 0);
02360 rsbac_vfree(role_array);
02361 }
02362 rsbac_ta_list_lol_remove(ta_number, role_dfdc_handle, &to_role);
02363 count =
02364 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02365 role_dfdc_handle,
02366 &from_role,
02367 (void **) &item_array,
02368 NULL);
02369 if (count > 0) {
02370 char *tmp = item_array;
02371 int size =
02372 rsbac_list_lol_get_subitem_size(role_dfdc_handle);
02373
02374 for (i = 0; i < count; i++) {
02375 rsbac_ta_list_lol_subadd_ttl(ta_number,
02376 role_dfdc_handle, 0,
02377 &to_role, tmp,
02378 tmp +
02379 sizeof
02380 (rsbac_rc_role_id_t));
02381 tmp += size;
02382 }
02383 rsbac_vfree(item_array);
02384 }
02385 rsbac_ta_list_lol_remove(ta_number, role_tcfd_handle, &to_role);
02386 count =
02387 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02388 role_tcfd_handle,
02389 &from_role,
02390 (void **) &item_array,
02391 NULL);
02392 if (count > 0) {
02393 char *tmp = item_array;
02394 int size =
02395 rsbac_list_lol_get_subitem_size(role_tcfd_handle);
02396
02397 for (i = 0; i < count; i++) {
02398 rsbac_ta_list_lol_subadd_ttl(ta_number,
02399 role_tcfd_handle, 0,
02400 &to_role, tmp,
02401 tmp +
02402 sizeof
02403 (rsbac_rc_role_id_t));
02404 tmp += size;
02405 }
02406 rsbac_vfree(item_array);
02407 }
02408 rsbac_ta_list_lol_remove(ta_number, role_tcdv_handle, &to_role);
02409 count =
02410 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02411 role_tcdv_handle,
02412 &from_role,
02413 (void **) &item_array,
02414 NULL);
02415 if (count > 0) {
02416 char *tmp = item_array;
02417 int size =
02418 rsbac_list_lol_get_subitem_size(role_tcdv_handle);
02419
02420 for (i = 0; i < count; i++) {
02421 rsbac_ta_list_lol_subadd_ttl(ta_number,
02422 role_tcdv_handle, 0,
02423 &to_role, tmp,
02424 tmp +
02425 sizeof
02426 (rsbac_rc_role_id_t));
02427 tmp += size;
02428 }
02429 rsbac_vfree(item_array);
02430 }
02431 rsbac_ta_list_lol_remove(ta_number, role_tcus_handle, &to_role);
02432 count =
02433 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02434 role_tcus_handle,
02435 &from_role,
02436 (void **) &item_array,
02437 NULL);
02438 if (count > 0) {
02439 char *tmp = item_array;
02440 int size =
02441 rsbac_list_lol_get_subitem_size(role_tcus_handle);
02442
02443 for (i = 0; i < count; i++) {
02444 rsbac_ta_list_lol_subadd_ttl(ta_number,
02445 role_tcus_handle, 0,
02446 &to_role, tmp,
02447 tmp +
02448 sizeof
02449 (rsbac_rc_role_id_t));
02450 tmp += size;
02451 }
02452 rsbac_vfree(item_array);
02453 }
02454 rsbac_ta_list_lol_remove(ta_number, role_tcpr_handle, &to_role);
02455 count =
02456 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02457 role_tcpr_handle,
02458 &from_role,
02459 (void **) &item_array,
02460 NULL);
02461 if (count > 0) {
02462 char *tmp = item_array;
02463 int size =
02464 rsbac_list_lol_get_subitem_size(role_tcpr_handle);
02465
02466 for (i = 0; i < count; i++) {
02467 rsbac_ta_list_lol_subadd_ttl(ta_number,
02468 role_tcpr_handle, 0,
02469 &to_role, tmp,
02470 tmp +
02471 sizeof
02472 (rsbac_rc_role_id_t));
02473 tmp += size;
02474 }
02475 rsbac_vfree(item_array);
02476 }
02477 rsbac_ta_list_lol_remove(ta_number, role_tcip_handle, &to_role);
02478 count =
02479 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02480 role_tcip_handle,
02481 &from_role,
02482 (void **) &item_array,
02483 NULL);
02484 if (count > 0) {
02485 char *tmp = item_array;
02486 int size =
02487 rsbac_list_lol_get_subitem_size(role_tcip_handle);
02488
02489 for (i = 0; i < count; i++) {
02490 rsbac_ta_list_lol_subadd_ttl(ta_number,
02491 role_tcip_handle, 0,
02492 &to_role, tmp,
02493 tmp +
02494 sizeof
02495 (rsbac_rc_role_id_t));
02496 tmp += size;
02497 }
02498 rsbac_vfree(item_array);
02499 }
02500 rsbac_ta_list_lol_remove(ta_number, role_tcsc_handle, &to_role);
02501 count =
02502 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02503 role_tcsc_handle,
02504 &from_role,
02505 (void **) &item_array,
02506 NULL);
02507 if (count > 0) {
02508 char *tmp = item_array;
02509 int size =
02510 rsbac_list_lol_get_subitem_size(role_tcsc_handle);
02511
02512 for (i = 0; i < count; i++) {
02513 rsbac_ta_list_lol_subadd_ttl(ta_number,
02514 role_tcsc_handle, 0,
02515 &to_role, tmp,
02516 tmp +
02517 sizeof
02518 (rsbac_rc_role_id_t));
02519 tmp += size;
02520 }
02521 rsbac_vfree(item_array);
02522 }
02523 rsbac_ta_list_lol_remove(ta_number, role_tcgr_handle, &to_role);
02524 count =
02525 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02526 role_tcgr_handle,
02527 &from_role,
02528 (void **) &item_array,
02529 NULL);
02530 if (count > 0) {
02531 char *tmp = item_array;
02532 int size =
02533 rsbac_list_lol_get_subitem_size(role_tcgr_handle);
02534
02535 for (i = 0; i < count; i++) {
02536 rsbac_ta_list_lol_subadd_ttl(ta_number,
02537 role_tcgr_handle, 0,
02538 &to_role, tmp,
02539 tmp +
02540 sizeof
02541 (rsbac_rc_role_id_t));
02542 tmp += size;
02543 }
02544 rsbac_vfree(item_array);
02545 }
02546 rsbac_ta_list_lol_remove(ta_number, role_tcnd_handle, &to_role);
02547 count =
02548 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02549 role_tcnd_handle,
02550 &from_role,
02551 (void **) &item_array,
02552 NULL);
02553 if (count > 0) {
02554 char *tmp = item_array;
02555 int size =
02556 rsbac_list_lol_get_subitem_size(role_tcnd_handle);
02557
02558 for (i = 0; i < count; i++) {
02559 rsbac_ta_list_lol_subadd_ttl(ta_number,
02560 role_tcnd_handle, 0,
02561 &to_role, tmp,
02562 tmp +
02563 sizeof
02564 (rsbac_rc_role_id_t));
02565 tmp += size;
02566 }
02567 rsbac_vfree(item_array);
02568 }
02569 rsbac_ta_list_lol_remove(ta_number, role_tcnt_handle, &to_role);
02570 count =
02571 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02572 role_tcnt_handle,
02573 &from_role,
02574 (void **) &item_array,
02575 NULL);
02576 if (count > 0) {
02577 char *tmp = item_array;
02578 int size =
02579 rsbac_list_lol_get_subitem_size(role_tcnt_handle);
02580
02581 for (i = 0; i < count; i++) {
02582 rsbac_ta_list_lol_subadd_ttl(ta_number,
02583 role_tcnt_handle, 0,
02584 &to_role, tmp,
02585 tmp +
02586 sizeof
02587 (rsbac_rc_role_id_t));
02588 tmp += size;
02589 }
02590 rsbac_vfree(item_array);
02591 }
02592 rsbac_ta_list_lol_remove(ta_number, role_tcno_handle, &to_role);
02593 count =
02594 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02595 role_tcno_handle,
02596 &from_role,
02597 (void **) &item_array,
02598 NULL);
02599 if (count > 0) {
02600 char *tmp = item_array;
02601 int size =
02602 rsbac_list_lol_get_subitem_size(role_tcno_handle);
02603
02604 for (i = 0; i < count; i++) {
02605 rsbac_ta_list_lol_subadd_ttl(ta_number,
02606 role_tcno_handle, 0,
02607 &to_role, tmp,
02608 tmp +
02609 sizeof
02610 (rsbac_rc_role_id_t));
02611 tmp += size;
02612 }
02613 rsbac_vfree(item_array);
02614 }
02615 return 0;
02616 }
02617
02618 int rsbac_rc_copy_type(rsbac_list_ta_number_t ta_number,
02619 enum rsbac_rc_target_t target,
02620 rsbac_rc_type_id_t from_type,
02621 rsbac_rc_type_id_t to_type)
02622 {
02623 rsbac_rc_role_id_t *role_array;
02624 rsbac_list_handle_t i_type_handle = NULL;
02625 rsbac_list_handle_t i_comp_handle = NULL;
02626 struct rsbac_rc_type_fd_entry_t type_fd_entry;
02627 char type_name[RSBAC_RC_NAME_LEN];
02628 long count;
02629 rsbac_time_t ttl;
02630 u_long i;
02631 int err;
02632
02633 if (!rsbac_is_initialized()) {
02634 rsbac_printk(KERN_WARNING "rsbac_rc_copy_type(): RSBAC not initialized\n");
02635 return (-RSBAC_ENOTINITIALIZED);
02636 }
02637 if ((from_type > RC_type_max_value)
02638 || (to_type > RC_type_max_value)
02639 || (to_type == from_type)
02640 )
02641 return (-RSBAC_EINVALIDTARGET);
02642
02643 switch (target) {
02644 case T_FILE:
02645 case T_DIR:
02646 case T_FIFO:
02647 case T_SYMLINK:
02648 case T_FD:
02649 i_type_handle = type_fd_handle;
02650 i_comp_handle = role_tcfd_handle;
02651 break;
02652 case T_DEV:
02653 i_type_handle = type_dev_handle;
02654 i_comp_handle = role_tcdv_handle;
02655 break;
02656 case T_USER:
02657 i_type_handle = type_user_handle;
02658 i_comp_handle = role_tcus_handle;
02659 break;
02660 case T_PROCESS:
02661 i_type_handle = type_process_handle;
02662 i_comp_handle = role_tcpr_handle;
02663 break;
02664 case T_IPC:
02665 i_type_handle = type_ipc_handle;
02666 i_comp_handle = role_tcip_handle;
02667 break;
02668 case T_GROUP:
02669 i_type_handle = type_group_handle;
02670 i_comp_handle = role_tcgr_handle;
02671 break;
02672 case T_NETDEV:
02673 i_type_handle = type_netdev_handle;
02674 i_comp_handle = role_tcnd_handle;
02675 break;
02676 case T_NETTEMP:
02677 i_type_handle = type_nettemp_handle;
02678 i_comp_handle = role_tcnt_handle;
02679 break;
02680 case T_NETOBJ:
02681 i_type_handle = type_netobj_handle;
02682 i_comp_handle = role_tcno_handle;
02683 break;
02684
02685 default:
02686 return -RSBAC_EINVALIDTARGET;
02687 }
02688
02689
02690 if (i_type_handle == type_fd_handle) {
02691 err =
02692 rsbac_ta_list_get_data_ttl(ta_number, i_type_handle,
02693 &ttl, &from_type,
02694 &type_fd_entry);
02695 if (err)
02696 return err;
02697 err =
02698 rsbac_ta_list_add_ttl(ta_number, i_type_handle, ttl,
02699 &to_type, &type_fd_entry);
02700 if (err)
02701 return err;
02702 } else {
02703 err =
02704 rsbac_ta_list_get_data_ttl(ta_number, i_type_handle,
02705 NULL, &from_type,
02706 &type_name);
02707 if (err)
02708 return err;
02709 err =
02710 rsbac_ta_list_add_ttl(ta_number, i_type_handle, 0,
02711 &to_type, &type_name);
02712 if (err)
02713 return err;
02714 }
02715
02716 err =
02717 rsbac_ta_list_lol_subremove_from_all(ta_number, i_comp_handle,
02718 &to_type);
02719 if (err)
02720 return err;
02721
02722 count = rsbac_ta_list_get_all_desc(ta_number, role_handle,
02723 (void **) &role_array);
02724 if (count > 0) {
02725 rsbac_rc_rights_vector_t rights;
02726
02727 for (i = 0; i < count; i++) {
02728 err = rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02729 i_comp_handle,
02730 &ttl,
02731 &role_array
02732 [i],
02733 &from_type,
02734 &rights);
02735 if (!err)
02736 err =
02737 rsbac_ta_list_lol_subadd_ttl(ta_number,
02738 i_comp_handle,
02739 ttl,
02740 &role_array
02741 [i],
02742 &to_type,
02743 &rights);
02744 }
02745 rsbac_vfree(role_array);
02746 }
02747 return 0;
02748 }
02749
02750
02751
02752 int rsbac_rc_get_item(rsbac_list_ta_number_t ta_number,
02753 enum rsbac_rc_target_t target,
02754 union rsbac_rc_target_id_t tid,
02755 union rsbac_rc_target_id_t subtid,
02756 enum rsbac_rc_item_t item,
02757 union rsbac_rc_item_value_t *value_p,
02758 rsbac_time_t * ttl_p)
02759 {
02760 int err = 0;
02761 struct rsbac_rc_role_entry_t role_entry;
02762 struct rsbac_rc_type_fd_entry_t type_fd_entry;
02763
02764 if (!rsbac_is_initialized()) {
02765 rsbac_printk(KERN_WARNING "rsbac_rc_get_item(): RSBAC not initialized\n");
02766 return (-RSBAC_ENOTINITIALIZED);
02767 }
02768 if (in_interrupt()) {
02769 rsbac_printk(KERN_WARNING "rsbac_rc_get_item(): called from interrupt!\n");
02770 }
02771 if (ttl_p)
02772 *ttl_p = 0;
02773 switch (target) {
02774 case RT_ROLE:
02775 if (tid.role > RC_role_max_value)
02776 return (-RSBAC_EINVALIDTARGET);
02777
02778
02779
02780 switch (item) {
02781 case RI_role_comp:
02782 if (!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02783 role_rc_handle,
02784 ttl_p,
02785 &tid.role,
02786 &subtid.
02787 role, NULL))
02788 value_p->comp = TRUE;
02789 else
02790 value_p->comp = FALSE;
02791 return 0;
02792 case RI_admin_roles:
02793 if (!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02794 role_adr_handle,
02795 ttl_p,
02796 &tid.role,
02797 &subtid.
02798 role, NULL))
02799 value_p->comp = TRUE;
02800 else
02801 value_p->comp = FALSE;
02802 return 0;
02803 case RI_assign_roles:
02804 if (!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02805 role_asr_handle,
02806 ttl_p,
02807 &tid.role,
02808 &subtid.
02809 role, NULL))
02810 value_p->comp = TRUE;
02811 else
02812 value_p->comp = FALSE;
02813 return 0;
02814 case RI_type_comp_fd:
02815 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02816 role_tcfd_handle,
02817 ttl_p,
02818 &tid.role,
02819 &subtid.type,
02820 &value_p->
02821 rights)) {
02822 value_p->rights =
02823 RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02824 if (ttl_p)
02825 *ttl_p = 0;
02826 }
02827 return 0;
02828 case RI_type_comp_dev:
02829 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02830 role_tcdv_handle,
02831 ttl_p,
02832 &tid.role,
02833 &subtid.type,
02834 &value_p->
02835 rights)) {
02836 value_p->rights =
02837 RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02838 if (ttl_p)
02839 *ttl_p = 0;
02840 }
02841 return 0;
02842 case RI_type_comp_user:
02843 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02844 role_tcus_handle,
02845 ttl_p,
02846 &tid.role,
02847 &subtid.type,
02848 &value_p->
02849 rights)) {
02850 value_p->rights =
02851 RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02852 if (ttl_p)
02853 *ttl_p = 0;
02854 }
02855 return 0;
02856 case RI_type_comp_process:
02857 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02858 role_tcpr_handle,
02859 ttl_p,
02860 &tid.role,
02861 &subtid.type,
02862 &value_p->
02863 rights)) {
02864 value_p->rights =
02865 RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02866 if (ttl_p)
02867 *ttl_p = 0;
02868 }
02869 return 0;
02870 case RI_type_comp_ipc:
02871 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02872 role_tcip_handle,
02873 ttl_p,
02874 &tid.role,
02875 &subtid.type,
02876 &value_p->
02877 rights)) {
02878 value_p->rights =
02879 RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02880 if (ttl_p)
02881 *ttl_p = 0;
02882 }
02883 return 0;
02884 case RI_type_comp_scd:
02885 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02886 role_tcsc_handle,
02887 ttl_p,
02888 &tid.role,
02889 &subtid.type,
02890 &value_p->
02891 rights)) {
02892 value_p->rights =
02893 RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02894 if (ttl_p)
02895 *ttl_p = 0;
02896 }
02897 return 0;
02898 case RI_type_comp_group:
02899 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02900 role_tcgr_handle,
02901 ttl_p,
02902 &tid.role,
02903 &subtid.type,
02904 &value_p->
02905 rights)) {
02906 value_p->rights =
02907 RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02908 if (ttl_p)
02909 *ttl_p = 0;
02910 }
02911 return 0;
02912 case RI_type_comp_netdev:
02913 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02914 role_tcnd_handle,
02915 ttl_p,
02916 &tid.role,
02917 &subtid.type,
02918 &value_p->
02919 rights)) {
02920 value_p->rights =
02921 RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02922 if (ttl_p)
02923 *ttl_p = 0;
02924 }
02925 return 0;
02926 case RI_type_comp_nettemp:
02927 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02928 role_tcnt_handle,
02929 ttl_p,
02930 &tid.role,
02931 &subtid.type,
02932 &value_p->
02933 rights)) {
02934 value_p->rights =
02935 RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02936 if (ttl_p)
02937 *ttl_p = 0;
02938 }
02939 return 0;
02940 case RI_type_comp_netobj:
02941 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02942 role_tcno_handle,
02943 ttl_p,
02944 &tid.role,
02945 &subtid.type,
02946 &value_p->
02947 rights)) {
02948 value_p->rights =
02949 RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02950 if (ttl_p)
02951 *ttl_p = 0;
02952 }
02953 return 0;
02954 case RI_admin_type:
02955 if (!
02956 (err =
02957 rsbac_ta_list_get_data_ttl(ta_number,
02958 role_handle, NULL,
02959 &tid.role,
02960 &role_entry)))
02961 value_p->admin_type =
02962 role_entry.admin_type;
02963 return err;
02964 case RI_name:
02965 if (!
02966 (err =
02967 rsbac_ta_list_get_data_ttl(ta_number,
02968 role_handle, NULL,
02969 &tid.role,
02970 &role_entry))) {
02971 strncpy(value_p->name, role_entry.name,
02972 RSBAC_RC_NAME_LEN - 1);
02973 value_p->name[RSBAC_RC_NAME_LEN - 1] =
02974 (char) 0;
02975 }
02976 return err;
02977 case RI_def_fd_create_type:
02978 if (!
02979 (err =
02980 rsbac_ta_list_get_data_ttl(ta_number,
02981 role_handle, NULL,
02982 &tid.role,
02983 &role_entry)))
02984 value_p->type_id =
02985 role_entry.def_fd_create_type;
02986 return err;
02987 case RI_def_fd_ind_create_type:
02988 return rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02989 role_dfdc_handle,
02990 ttl_p,
02991 &tid.role,
02992 &subtid.
02993 type,
02994 &value_p->
02995 type_id);
02996 case RI_def_user_create_type:
02997 if (!
02998 (err =
02999 rsbac_ta_list_get_data_ttl(ta_number,
03000 role_handle, NULL,
03001 &tid.role,
03002 &role_entry)))
03003 value_p->type_id =
03004 role_entry.def_user_create_type;
03005 return err;
03006 case RI_def_process_create_type:
03007 if (!
03008 (err =
03009 rsbac_ta_list_get_data_ttl(ta_number,
03010 role_handle, NULL,
03011 &tid.role,
03012 &role_entry)))
03013 value_p->type_id =
03014 role_entry.def_process_create_type;
03015 return err;
03016 case RI_def_process_chown_type:
03017 if (!
03018 (err =
03019 rsbac_ta_list_get_data_ttl(ta_number,
03020 role_handle, NULL,
03021 &tid.role,
03022 &role_entry)))
03023 value_p->type_id =
03024 role_entry.def_process_chown_type;
03025 return err;
03026 case RI_def_process_execute_type:
03027 if (!
03028 (err =
03029 rsbac_ta_list_get_data_ttl(ta_number,
03030 role_handle, NULL,
03031 &tid.role,
03032 &role_entry)))
03033 value_p->type_id =
03034 role_entry.def_process_execute_type;
03035 return err;
03036 case RI_def_ipc_create_type:
03037 if (!
03038 (err =
03039 rsbac_ta_list_get_data_ttl(ta_number,
03040 role_handle, NULL,
03041 &tid.role,
03042 &role_entry)))
03043 value_p->type_id =
03044 role_entry.def_ipc_create_type;
03045 return err;
03046 case RI_def_group_create_type:
03047 if (!
03048 (err =
03049 rsbac_ta_list_get_data_ttl(ta_number,
03050 role_handle, NULL,
03051 &tid.role,
03052 &role_entry)))
03053 value_p->type_id =
03054 role_entry.def_group_create_type;
03055 return err;
03056 case RI_def_unixsock_create_type:
03057 if (!
03058 (err =
03059 rsbac_ta_list_get_data_ttl(ta_number,
03060 role_handle, NULL,
03061 &tid.role,
03062 &role_entry)))
03063 value_p->type_id =
03064 role_entry.def_unixsock_create_type;
03065 return err;
03066 case RI_boot_role:
03067 if (!
03068 (err =
03069 rsbac_ta_list_get_data_ttl(ta_number,
03070 role_handle, NULL,
03071 &tid.role,
03072 &role_entry)))
03073 value_p->boot_role = role_entry.boot_role;
03074 return err;
03075 case RI_req_reauth:
03076 if (!
03077 (err =
03078 rsbac_ta_list_get_data_ttl(ta_number,
03079 role_handle, NULL,
03080 &tid.role,
03081 &role_entry)))
03082 value_p->req_reauth =
03083 role_entry.req_reauth;
03084 return err;
03085 default:
03086 return -RSBAC_EINVALIDATTR;
03087 }
03088
03089 return (err);
03090 break;
03091
03092 case RT_TYPE:
03093 if (tid.type > RC_type_max_value)
03094 return (-RSBAC_EINVALIDTARGET);
03095
03096
03097
03098 switch (item) {
03099 case RI_type_fd_name:
03100 if (!
03101 (err =
03102 rsbac_ta_list_get_data_ttl(ta_number,
03103 type_fd_handle,
03104 NULL, &tid.type,
03105 &type_fd_entry))) {
03106 strncpy(value_p->name, type_fd_entry.name,
03107 RSBAC_RC_NAME_LEN - 1);
03108 value_p->name[RSBAC_RC_NAME_LEN - 1] =
03109 (char) 0;
03110 }
03111 return err;
03112 case RI_type_fd_need_secdel:
03113 if (!
03114 (err =
03115 rsbac_ta_list_get_data_ttl(ta_number,
03116 type_fd_handle,
03117 NULL, &tid.type,
03118 &type_fd_entry))) {
03119 value_p->need_secdel =
03120 type_fd_entry.need_secdel;
03121 }
03122 return err;
03123 case RI_type_dev_name:
03124 return rsbac_ta_list_get_data_ttl(ta_number,
03125 type_dev_handle,
03126 NULL, &tid.type,
03127 value_p->name);
03128 case RI_type_ipc_name:
03129 return rsbac_ta_list_get_data_ttl(ta_number,
03130 type_ipc_handle,
03131 NULL, &tid.type,
03132 value_p->name);
03133 case RI_type_user_name:
03134 return rsbac_ta_list_get_data_ttl(ta_number,
03135 type_user_handle,
03136 NULL, &tid.type,
03137 value_p->name);
03138 case RI_type_process_name:
03139 return rsbac_ta_list_get_data_ttl(ta_number,
03140 type_process_handle,
03141 NULL, &tid.type,
03142 value_p->name);
03143 case RI_type_group_name:
03144 return rsbac_ta_list_get_data_ttl(ta_number,
03145 type_group_handle,
03146 NULL, &tid.type,
03147 value_p->name);
03148 case RI_type_netdev_name:
03149 return rsbac_ta_list_get_data_ttl(ta_number,
03150 type_netdev_handle,
03151 NULL, &tid.type,
03152 value_p->name);
03153 case RI_type_nettemp_name:
03154 return rsbac_ta_list_get_data_ttl(ta_number,
03155 type_nettemp_handle,
03156 NULL, &tid.type,
03157 value_p->name);
03158 case RI_type_netobj_name:
03159 return rsbac_ta_list_get_data_ttl(ta_number,
03160 type_netobj_handle,
03161 NULL, &tid.type,
03162 value_p->name);
03163 case RI_type_scd_name:
03164 {
03165 char *tmp;
03166
03167 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03168 if (!tmp)
03169 err = -RSBAC_ENOMEM;
03170 else {
03171 get_rc_scd_type_name(tmp,
03172 tid.type);
03173 strncpy(value_p->name, tmp,
03174 RSBAC_RC_NAME_LEN - 1);
03175 value_p->name[RSBAC_RC_NAME_LEN -
03176 1] = (char) 0;
03177 rsbac_kfree(tmp);
03178 }
03179 break;
03180 }
03181 default:
03182 err = -RSBAC_EINVALIDATTR;
03183 }
03184
03185 return (err);
03186 break;
03187
03188
03189 default:
03190 err = -RSBAC_EINVALIDTARGET;
03191 }
03192 return err;
03193 }
03194
03195
03196 rsbac_boolean_t rsbac_rc_check_comp(rsbac_rc_role_id_t role,
03197 union rsbac_rc_target_id_t subtid,
03198 enum rsbac_rc_item_t item,
03199 enum rsbac_rc_special_rights_t right)
03200 {
03201 rsbac_rc_rights_vector_t rights_vector;
03202
03203 if (!rsbac_is_initialized()) {
03204 rsbac_printk(KERN_WARNING "rsbac_rc_check_comp(): RSBAC not initialized\n");
03205 return (-RSBAC_ENOTINITIALIZED);
03206 }
03207 if (in_interrupt()) {
03208 rsbac_printk(KERN_WARNING "rsbac_rc_check_comp(): called from interrupt!\n");
03209 }
03210 if (role > RC_role_max_value)
03211 return FALSE;
03212
03213
03214
03215 switch (item) {
03216 case RI_role_comp:
03217 return rsbac_list_lol_subexist(role_rc_handle, &role,
03218 &subtid.role);
03219 case RI_admin_roles:
03220 return rsbac_list_lol_subexist(role_adr_handle, &role,
03221 &subtid.role);
03222 case RI_assign_roles:
03223 return rsbac_list_lol_subexist(role_asr_handle, &role,
03224 &subtid.role);
03225 case RI_type_comp_fd:
03226 if (!rsbac_list_lol_get_subdata
03227 (role_tcfd_handle, &role, &subtid.type, &rights_vector)
03228 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
03229 )
03230 return TRUE;
03231 else
03232 return FALSE;
03233 case RI_type_comp_dev:
03234 if (!rsbac_list_lol_get_subdata
03235 (role_tcdv_handle, &role, &subtid.type, &rights_vector)
03236 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
03237 )
03238 return TRUE;
03239 else
03240 return FALSE;
03241 case RI_type_comp_user:
03242 if (!rsbac_list_lol_get_subdata
03243 (role_tcus_handle, &role, &subtid.type, &rights_vector)
03244 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
03245 )
03246 return TRUE;
03247 else
03248 return FALSE;
03249 case RI_type_comp_process:
03250 if (!rsbac_list_lol_get_subdata
03251 (role_tcpr_handle, &role, &subtid.type, &rights_vector)
03252 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
03253 )
03254 return TRUE;
03255 else
03256 return FALSE;
03257 case RI_type_comp_ipc:
03258 if (!rsbac_list_lol_get_subdata
03259 (role_tcip_handle, &role, &subtid.type, &rights_vector)
03260 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
03261 )
03262 return TRUE;
03263 else
03264 return FALSE;
03265 case RI_type_comp_scd:
03266 if (!rsbac_list_lol_get_subdata
03267 (role_tcsc_handle, &role, &subtid.type, &rights_vector)
03268 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
03269 )
03270 return TRUE;
03271 else
03272 return FALSE;
03273 case RI_type_comp_group:
03274 if (!rsbac_list_lol_get_subdata
03275 (role_tcgr_handle, &role, &subtid.type, &rights_vector)
03276 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
03277 )
03278 return TRUE;
03279 else
03280 return FALSE;
03281 case RI_type_comp_netdev:
03282 if (!rsbac_list_lol_get_subdata
03283 (role_tcnd_handle, &role, &subtid.type, &rights_vector)
03284 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
03285 )
03286 return TRUE;
03287 else
03288 return FALSE;
03289 case RI_type_comp_nettemp:
03290 if (!rsbac_list_lol_get_subdata
03291 (role_tcnt_handle, &role, &subtid.type, &rights_vector)
03292 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
03293 )
03294 return TRUE;
03295 else
03296 return FALSE;
03297 case RI_type_comp_netobj:
03298 if (!rsbac_list_lol_get_subdata
03299 (role_tcno_handle, &role, &subtid.type, &rights_vector)
03300 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
03301 )
03302 return TRUE;
03303 else
03304 return FALSE;
03305
03306 default:
03307 rsbac_printk(KERN_WARNING "rsbac_rc_check_comp(): called for invalid item %u\n",
03308 item);
03309 return FALSE;
03310 }
03311 }
03312
03313
03314
03315 int rsbac_rc_get_list(rsbac_list_ta_number_t ta_number,
03316 enum rsbac_rc_target_t target,
03317 union rsbac_rc_target_id_t tid,
03318 enum rsbac_rc_item_t item,
03319 __u32 ** array_pp, rsbac_time_t ** ttl_array_pp)
03320 {
03321 int res;
03322
03323 if (!rsbac_is_initialized()) {
03324 rsbac_printk(KERN_WARNING "rsbac_rc_get_list(): RSBAC not initialized\n");
03325 return (-RSBAC_ENOTINITIALIZED);
03326 }
03327 if (in_interrupt()) {
03328 rsbac_printk(KERN_WARNING "rsbac_rc_get_list(): called from interrupt!\n");
03329 }
03330 if (ttl_array_pp)
03331 *ttl_array_pp = NULL;
03332 switch (target) {
03333 case RT_ROLE:
03334
03335
03336
03337 switch (item) {
03338 case RI_name:
03339 if (array_pp)
03340 return
03341 rsbac_ta_list_get_all_desc(ta_number,
03342 role_handle,
03343 (void **)
03344 array_pp);
03345 else
03346 return rsbac_ta_list_count(ta_number,
03347 role_handle);
03348 case RI_role_comp:
03349 if (array_pp)
03350 res =
03351 rsbac_ta_list_lol_get_all_subdesc_ttl
03352 (ta_number, role_rc_handle, &tid.role,
03353 (void **) array_pp, ttl_array_pp);
03354 else
03355 res =
03356 rsbac_ta_list_lol_subcount(ta_number,
03357 role_rc_handle,
03358 &tid.role);
03359 if (res == -RSBAC_ENOTFOUND)
03360 return 0;
03361 else
03362 return res;
03363 case RI_admin_roles:
03364 if (array_pp)
03365 res =
03366 rsbac_ta_list_lol_get_all_subdesc_ttl
03367 (ta_number, role_adr_handle, &tid.role,
03368 (void **) array_pp, ttl_array_pp);
03369 else
03370 res =
03371 rsbac_ta_list_lol_subcount(ta_number,
03372 role_adr_handle,
03373 &tid.role);
03374 if (res == -RSBAC_ENOTFOUND)
03375 return 0;
03376 else
03377 return res;
03378 case RI_assign_roles:
03379 if (array_pp)
03380 res =
03381 rsbac_ta_list_lol_get_all_subdesc_ttl
03382 (ta_number, role_asr_handle, &tid.role,
03383 (void **) array_pp, ttl_array_pp);
03384 else
03385 res =
03386 rsbac_ta_list_lol_subcount(ta_number,
03387 role_asr_handle,
03388 &tid.role);
03389 if (res == -RSBAC_ENOTFOUND)
03390 return 0;
03391 else
03392 return res;
03393 case RI_def_fd_ind_create_type:
03394 if (array_pp)
03395 return
03396 rsbac_ta_list_lol_get_all_subdesc_ttl
03397 (ta_number, role_dfdc_handle,
03398 &tid.role, (void **) array_pp,
03399 ttl_array_pp);
03400 else
03401 return
03402 rsbac_ta_list_lol_subcount(ta_number,
03403 role_dfdc_handle,
03404 &tid.role);
03405 case RI_type_comp_fd:
03406 if (array_pp)
03407 return
03408 rsbac_ta_list_lol_get_all_subdesc_ttl
03409 (ta_number, role_tcfd_handle,
03410 &tid.role, (void **) array_pp,
03411 ttl_array_pp);
03412 else
03413 return
03414 rsbac_ta_list_lol_subcount(ta_number,
03415 role_tcfd_handle,
03416 &tid.role);
03417 case RI_type_comp_dev:
03418 if (array_pp)
03419 return
03420 rsbac_ta_list_lol_get_all_subdesc_ttl
03421 (ta_number, role_tcdv_handle,
03422 &tid.role, (void **) array_pp,
03423 ttl_array_pp);
03424 else
03425 return
03426 rsbac_ta_list_lol_subcount(ta_number,
03427 role_tcdv_handle,
03428 &tid.role);
03429 case RI_type_comp_user:
03430 if (array_pp)
03431 return
03432 rsbac_ta_list_lol_get_all_subdesc_ttl
03433 (ta_number, role_tcus_handle,
03434 &tid.role, (void **) array_pp,
03435 ttl_array_pp);
03436 else
03437 return
03438 rsbac_ta_list_lol_subcount(ta_number,
03439 role_tcus_handle,
03440 &tid.role);
03441 case RI_type_comp_process:
03442 if (array_pp)
03443 return
03444 rsbac_ta_list_lol_get_all_subdesc_ttl
03445 (ta_number, role_tcpr_handle,
03446 &tid.role, (void **) array_pp,
03447 ttl_array_pp);
03448 else
03449 return
03450 rsbac_ta_list_lol_subcount(ta_number,
03451 role_tcpr_handle,
03452 &tid.role);
03453 case RI_type_comp_ipc:
03454 if (array_pp)
03455 return
03456 rsbac_ta_list_lol_get_all_subdesc_ttl
03457 (ta_number, role_tcip_handle,
03458 &tid.role, (void **) array_pp,
03459 ttl_array_pp);
03460 else
03461 return
03462 rsbac_ta_list_lol_subcount(ta_number,
03463 role_tcip_handle,
03464 &tid.role);
03465 case RI_type_comp_scd:
03466 if (array_pp)
03467 return
03468 rsbac_ta_list_lol_get_all_subdesc_ttl
03469 (ta_number, role_tcsc_handle,
03470 &tid.role, (void **) array_pp,
03471 ttl_array_pp);
03472 else
03473 return
03474 rsbac_ta_list_lol_subcount(ta_number,
03475 role_tcsc_handle,
03476 &tid.role);
03477 case RI_type_comp_group:
03478 if (array_pp)
03479 return
03480 rsbac_ta_list_lol_get_all_subdesc_ttl
03481 (ta_number, role_tcgr_handle,
03482 &tid.role, (void **) array_pp,
03483 ttl_array_pp);
03484 else
03485 return
03486 rsbac_ta_list_lol_subcount(ta_number,
03487 role_tcgr_handle,
03488 &tid.role);
03489 case RI_type_comp_netdev:
03490 if (array_pp)
03491 return
03492 rsbac_ta_list_lol_get_all_subdesc_ttl
03493 (ta_number, role_tcnd_handle,
03494 &tid.role, (void **) array_pp,
03495 ttl_array_pp);
03496 else
03497 return
03498 rsbac_ta_list_lol_subcount(ta_number,
03499 role_tcnd_handle,
03500 &tid.role);
03501 case RI_type_comp_nettemp:
03502 if (array_pp)
03503 return
03504 rsbac_ta_list_lol_get_all_subdesc_ttl
03505 (ta_number, role_tcnt_handle,
03506 &tid.role, (void **) array_pp,
03507 ttl_array_pp);
03508 else
03509 return
03510 rsbac_ta_list_lol_subcount(ta_number,
03511 role_tcnt_handle,
03512 &tid.role);
03513 case RI_type_comp_netobj:
03514 if (array_pp)
03515 return
03516 rsbac_ta_list_lol_get_all_subdesc_ttl
03517 (ta_number, role_tcno_handle,
03518 &tid.role, (void **) array_pp,
03519 ttl_array_pp);
03520 else
03521 return
03522 rsbac_ta_list_lol_subcount(ta_number,
03523 role_tcno_handle,
03524 &tid.role);
03525
03526 default:
03527 return -RSBAC_EINVALIDATTR;
03528 }
03529
03530 case RT_TYPE:
03531
03532
03533
03534 switch (item) {
03535 case RI_type_fd_name:
03536 case RI_type_fd_need_secdel:
03537 if (array_pp)
03538 return
03539 rsbac_ta_list_get_all_desc(ta_number,
03540 type_fd_handle,
03541 (void **)
03542 array_pp);
03543 else
03544 return rsbac_ta_list_count(ta_number,
03545 type_fd_handle);
03546 case RI_type_dev_name:
03547 if (array_pp)
03548 return
03549 rsbac_ta_list_get_all_desc(ta_number,
03550 type_dev_handle,
03551 (void **)
03552 array_pp);
03553 else
03554 return rsbac_ta_list_count(ta_number,
03555 type_dev_handle);
03556 case RI_type_ipc_name:
03557 if (array_pp)
03558 return
03559 rsbac_ta_list_get_all_desc(ta_number,
03560 type_ipc_handle,
03561 (void **)
03562 array_pp);
03563 else
03564 return rsbac_ta_list_count(ta_number,
03565 type_ipc_handle);
03566 case RI_type_user_name:
03567 if (array_pp)
03568 return
03569 rsbac_ta_list_get_all_desc(ta_number,
03570 type_user_handle,
03571 (void **)
03572 array_pp);
03573 else
03574 return rsbac_ta_list_count(ta_number,
03575 type_user_handle);
03576 case RI_type_process_name:
03577 if (array_pp)
03578 return
03579 rsbac_ta_list_get_all_desc(ta_number,
03580 type_process_handle,
03581 (void **)
03582 array_pp);
03583 else
03584 return rsbac_ta_list_count(ta_number,
03585 type_process_handle);
03586 case RI_type_group_name:
03587 if (array_pp)
03588 return
03589 rsbac_ta_list_get_all_desc(ta_number,
03590 type_group_handle,
03591 (void **)
03592 array_pp);
03593 else
03594 return rsbac_ta_list_count(ta_number,
03595 type_group_handle);
03596 case RI_type_netdev_name:
03597 if (array_pp)
03598 return
03599 rsbac_ta_list_get_all_desc(ta_number,
03600 type_netdev_handle,
03601 (void **)
03602 array_pp);
03603 else
03604 return rsbac_ta_list_count(ta_number,
03605 type_netdev_handle);
03606 case RI_type_nettemp_name:
03607 if (array_pp)
03608 return
03609 rsbac_ta_list_get_all_desc(ta_number,
03610 type_nettemp_handle,
03611 (void **)
03612 array_pp);
03613 else
03614 return rsbac_ta_list_count(ta_number,
03615 type_nettemp_handle);
03616 case RI_type_netobj_name:
03617 if (array_pp)
03618 return
03619 rsbac_ta_list_get_all_desc(ta_number,
03620 type_netobj_handle,
03621 (void **)
03622 array_pp);
03623 else
03624 return rsbac_ta_list_count(ta_number,
03625 type_netobj_handle);
03626
03627 default:
03628 return -RSBAC_EINVALIDATTR;
03629 }
03630
03631 default:
03632 return -RSBAC_EINVALIDTARGET;
03633 }
03634 }
03635
03636
03637
03638 int rsbac_rc_set_item(rsbac_list_ta_number_t ta_number,
03639 enum rsbac_rc_target_t target,
03640 union rsbac_rc_target_id_t tid,
03641 union rsbac_rc_target_id_t subtid,
03642 enum rsbac_rc_item_t item,
03643 union rsbac_rc_item_value_t value, rsbac_time_t ttl)
03644 {
03645 int err = 0;
03646
03647 if (!rsbac_is_initialized()) {
03648 rsbac_printk(KERN_WARNING "rsbac_rc_set_item(): RSBAC not initialized\n");
03649 return (-RSBAC_ENOTINITIALIZED);
03650 }
03651 if (in_interrupt()) {
03652 rsbac_printk(KERN_WARNING "rsbac_rc_set_item(): called from interrupt!\n");
03653 }
03654 switch (target) {
03655 case RT_ROLE:
03656 if (tid.role > RC_role_max_value)
03657 return (-RSBAC_EINVALIDTARGET);
03658 if ((item != RI_name)
03659 && !rsbac_ta_list_exist(ta_number, role_handle,
03660 &tid.role)
03661 )
03662 return (-RSBAC_EINVALIDTARGET);
03663 rsbac_pr_debug(ds_rc, "Setting role item value\n");
03664 switch (item) {
03665 case RI_role_comp:
03666 if (value.comp) {
03667 return
03668 rsbac_ta_list_lol_subadd_ttl(ta_number,
03669 role_rc_handle,
03670 ttl,
03671 &tid.role,
03672 &subtid.
03673 role,
03674 NULL);
03675 } else {
03676 rsbac_ta_list_lol_subremove(ta_number,
03677 role_rc_handle,
03678 &tid.role,
03679 &subtid.role);
03680 return 0;
03681 }
03682 case RI_admin_roles:
03683 if (value.comp) {
03684 return
03685 rsbac_ta_list_lol_subadd_ttl(ta_number,
03686 role_adr_handle,
03687 ttl,
03688 &tid.role,
03689 &subtid.
03690 role,
03691 NULL);
03692 } else {
03693 rsbac_ta_list_lol_subremove(ta_number,
03694 role_adr_handle,
03695 &tid.role,
03696 &subtid.role);
03697 return 0;
03698 }
03699 case RI_assign_roles:
03700 if (value.comp) {
03701 return
03702 rsbac_ta_list_lol_subadd_ttl(ta_number,
03703 role_asr_handle,
03704 ttl,
03705 &tid.role,
03706 &subtid.
03707 role,
03708 NULL);
03709 } else {
03710 rsbac_ta_list_lol_subremove(ta_number,
03711 role_asr_handle,
03712 &tid.role,
03713 &subtid.role);
03714 return 0;
03715 }
03716 case RI_type_comp_fd:
03717 if (!rsbac_ta_list_exist
03718 (ta_number, type_fd_handle, &subtid.type))
03719 return -RSBAC_EINVALIDVALUE;
03720 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03721 role_tcfd_handle,
03722 ttl,
03723 &tid.role,
03724 &subtid.type,
03725 &value.rights);
03726 case RI_type_comp_dev:
03727 if (!rsbac_ta_list_exist
03728 (ta_number, type_dev_handle, &subtid.type))
03729 return -RSBAC_EINVALIDVALUE;
03730 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03731 role_tcdv_handle,
03732 ttl,
03733 &tid.role,
03734 &subtid.type,
03735 &value.rights);
03736 case RI_type_comp_user:
03737 if (!rsbac_ta_list_exist
03738 (ta_number, type_user_handle, &subtid.type))
03739 return -RSBAC_EINVALIDVALUE;
03740 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03741 role_tcus_handle,
03742 ttl,
03743 &tid.role,
03744 &subtid.type,
03745 &value.rights);
03746 case RI_type_comp_process:
03747 if (!rsbac_ta_list_exist
03748 (ta_number, type_process_handle, &subtid.type))
03749 return -RSBAC_EINVALIDVALUE;
03750 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03751 role_tcpr_handle,
03752 ttl,
03753 &tid.role,
03754 &subtid.type,
03755 &value.rights);
03756 case RI_type_comp_ipc:
03757 if (!rsbac_ta_list_exist
03758 (ta_number, type_ipc_handle, &subtid.type))
03759 return -RSBAC_EINVALIDVALUE;
03760 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03761 role_tcip_handle,
03762 ttl,
03763 &tid.role,
03764 &subtid.type,
03765 &value.rights);
03766 case RI_type_comp_scd:
03767 if ((subtid.type >= ST_none)
03768 && (subtid.type < RST_min)
03769 )
03770 return -RSBAC_EINVALIDVALUE;
03771 if (subtid.type >= RST_none)
03772 return -RSBAC_EINVALIDVALUE;
03773 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03774 role_tcsc_handle,
03775 ttl,
03776 &tid.role,
03777 &subtid.type,
03778 &value.rights);
03779 case RI_type_comp_group:
03780 if (!rsbac_ta_list_exist
03781 (ta_number, type_group_handle, &subtid.type))
03782 return -RSBAC_EINVALIDVALUE;
03783 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03784 role_tcgr_handle,
03785 ttl,
03786 &tid.role,
03787 &subtid.type,
03788 &value.rights);
03789 case RI_type_comp_netdev:
03790 if (!rsbac_ta_list_exist
03791 (ta_number, type_netdev_handle, &subtid.type))
03792 return -RSBAC_EINVALIDVALUE;
03793 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03794 role_tcnd_handle,
03795 ttl,
03796 &tid.role,
03797 &subtid.type,
03798 &value.rights);
03799 case RI_type_comp_nettemp:
03800 if (!rsbac_ta_list_exist
03801 (ta_number, type_nettemp_handle, &subtid.type))
03802 return -RSBAC_EINVALIDVALUE;
03803 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03804 role_tcnt_handle,
03805 ttl,
03806 &tid.role,
03807 &subtid.type,
03808 &value.rights);
03809 case RI_type_comp_netobj:
03810 if (!rsbac_ta_list_exist
03811 (ta_number, type_netobj_handle, &subtid.type))
03812 return -RSBAC_EINVALIDVALUE;
03813 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03814 role_tcno_handle,
03815 ttl,
03816 &tid.role,
03817 &subtid.type,
03818 &value.rights);
03819 case RI_admin_type:
03820 {
03821 struct rsbac_rc_role_entry_t entry;
03822
03823 err =
03824 rsbac_ta_list_get_data_ttl(ta_number,
03825 role_handle,
03826 NULL,
03827 &tid.role,
03828 &entry);
03829 if (err)
03830 return err;
03831 entry.admin_type = value.admin_type;
03832 return rsbac_ta_list_add_ttl(ta_number,
03833 role_handle,
03834 0, &tid.role,
03835 &entry);
03836 }
03837 case RI_name:
03838 {
03839 struct rsbac_rc_role_entry_t entry;
03840
03841
03842 if (!value.name[0])
03843 return -RSBAC_EINVALIDVALUE;
03844
03845 memset(&entry, 0,
03846 sizeof(struct
03847 rsbac_rc_role_entry_t));
03848 rsbac_ta_list_get_data_ttl(ta_number,
03849 role_handle,
03850 NULL, &tid.role,
03851 &entry);
03852 strncpy(entry.name, value.name,
03853 RSBAC_RC_NAME_LEN - 1);
03854 entry.name[RSBAC_RC_NAME_LEN - 1] = 0;
03855 return rsbac_ta_list_add_ttl(ta_number,
03856 role_handle,
03857 0, &tid.role,
03858 &entry);
03859 }
03860 case RI_remove_role:
03861 if (!tid.role)
03862 return -RSBAC_EINVALIDVALUE;
03863
03864 rsbac_ta_list_lol_remove(ta_number, role_rc_handle,
03865 &tid.role);
03866
03867 rsbac_ta_list_lol_subremove_from_all(ta_number,
03868 role_rc_handle,
03869 &tid.role);
03870
03871
03872 rsbac_ta_list_lol_remove(ta_number,
03873 role_adr_handle,
03874 &tid.role);
03875
03876 rsbac_ta_list_lol_subremove_from_all(ta_number,
03877 role_adr_handle,
03878 &tid.role);
03879
03880
03881 rsbac_ta_list_lol_remove(ta_number,
03882 role_asr_handle,
03883 &tid.role);
03884
03885 rsbac_ta_list_lol_subremove_from_all(ta_number,
03886 role_asr_handle,
03887 &tid.role);
03888
03889
03890 rsbac_ta_list_lol_remove(ta_number,
03891 role_dfdc_handle,
03892 &tid.role);
03893
03894
03895 rsbac_ta_list_lol_remove(ta_number,
03896 role_tcfd_handle,
03897 &tid.role);
03898 rsbac_ta_list_lol_remove(ta_number,
03899 role_tcdv_handle,
03900 &tid.role);
03901 rsbac_ta_list_lol_remove(ta_number,
03902 role_tcus_handle,
03903 &tid.role);
03904 rsbac_ta_list_lol_remove(ta_number,
03905 role_tcpr_handle,
03906 &tid.role);
03907 rsbac_ta_list_lol_remove(ta_number,
03908 role_tcip_handle,
03909 &tid.role);
03910 rsbac_ta_list_lol_remove(ta_number,
03911 role_tcsc_handle,
03912 &tid.role);
03913 rsbac_ta_list_lol_remove(ta_number,
03914 role_tcgr_handle,
03915 &tid.role);
03916 rsbac_ta_list_lol_remove(ta_number,
03917 role_tcnd_handle,
03918 &tid.role);
03919 rsbac_ta_list_lol_remove(ta_number,
03920 role_tcnt_handle,
03921 &tid.role);
03922 rsbac_ta_list_lol_remove(ta_number,
03923 role_tcno_handle,
03924 &tid.role);
03925
03926 #ifdef CONFIG_RSBAC_ACL
03927
03928 {
03929 struct rsbac_acl_entry_desc_t desc;
03930
03931 desc.subj_type = ACLS_ROLE;
03932 desc.subj_id = tid.role;
03933 rsbac_acl_remove_subject(ta_number, desc);
03934 }
03935 #endif
03936
03937 return rsbac_ta_list_remove(ta_number, role_handle,
03938 &tid.role);
03939
03940 case RI_def_fd_create_type:
03941 {
03942 struct rsbac_rc_role_entry_t entry;
03943
03944 if ((value.type_id <= RC_type_max_value)
03945 && !rsbac_ta_list_exist(ta_number,
03946 type_fd_handle,
03947 &value.type_id)
03948 )
03949 return -RSBAC_EINVALIDVALUE;
03950 if ((value.type_id > RC_type_max_value)
03951 && (value.type_id <
03952 RC_type_min_special)
03953 )
03954 return -RSBAC_EINVALIDVALUE;
03955 err =
03956 rsbac_ta_list_get_data_ttl(ta_number,
03957 role_handle,
03958 NULL,
03959 &tid.role,
03960 &entry);
03961 if (err)
03962 return err;
03963 entry.def_fd_create_type = value.type_id;
03964 return rsbac_ta_list_add_ttl(ta_number,
03965 role_handle,
03966 0, &tid.role,
03967 &entry);
03968 }
03969 case RI_def_fd_ind_create_type:
03970 if ((value.type_id <= RC_type_max_value)
03971 && !rsbac_ta_list_exist(ta_number,
03972 type_fd_handle,
03973 &value.type_id)
03974 )
03975 return -RSBAC_EINVALIDVALUE;
03976 if ((value.type_id > RC_type_max_value)
03977 && (value.type_id < RC_type_min_special)
03978 )
03979 return -RSBAC_EINVALIDVALUE;
03980 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03981 role_dfdc_handle,
03982 ttl,
03983 &tid.role,
03984 &subtid.type,
03985 &value.
03986 type_id);
03987 case RI_def_fd_ind_create_type_remove:
03988 return rsbac_ta_list_lol_subremove(ta_number,
03989 role_dfdc_handle,
03990 &tid.role,
03991 &subtid.type);
03992
03993 case RI_def_user_create_type:
03994 {
03995 struct rsbac_rc_role_entry_t entry;
03996
03997 if ((value.type_id <= RC_type_max_value)
03998 && !rsbac_ta_list_exist(ta_number,
03999 type_user_handle,
04000 &value.type_id)
04001 )
04002 return -RSBAC_EINVALIDVALUE;
04003 if ((value.type_id > RC_type_max_value)
04004 && (value.type_id <
04005 RC_type_min_special)
04006 )
04007 return -RSBAC_EINVALIDVALUE;
04008 err =
04009 rsbac_ta_list_get_data_ttl(ta_number,
04010 role_handle,
04011 NULL,
04012 &tid.role,
04013 &entry);
04014 if (err)
04015 return err;
04016 entry.def_user_create_type = value.type_id;
04017 return rsbac_ta_list_add_ttl(ta_number,
04018 role_handle,
04019 0, &tid.role,
04020 &entry);
04021 }
04022 case RI_def_process_create_type:
04023 {
04024 struct rsbac_rc_role_entry_t entry;
04025
04026 if ((value.type_id <= RC_type_max_value)
04027 && !rsbac_ta_list_exist(ta_number,
04028 type_process_handle,
04029 &value.type_id)
04030 )
04031 return -RSBAC_EINVALIDVALUE;
04032 if ((value.type_id > RC_type_max_value)
04033 && (value.type_id <
04034 RC_type_min_special)
04035 )
04036 return -RSBAC_EINVALIDVALUE;
04037 err =
04038 rsbac_ta_list_get_data_ttl(ta_number,
04039 role_handle,
04040 NULL,
04041 &tid.role,
04042 &entry);
04043 if (err)
04044 return err;
04045 entry.def_process_create_type =
04046 value.type_id;
04047 return rsbac_ta_list_add_ttl(ta_number,
04048 role_handle,
04049 0, &tid.role,
04050 &entry);
04051 }
04052 case RI_def_process_chown_type:
04053 {
04054 struct rsbac_rc_role_entry_t entry;
04055
04056 if ((value.type_id <= RC_type_max_value)
04057 && !rsbac_ta_list_exist(ta_number,
04058 type_process_handle,
04059 &value.type_id)
04060 )
04061 return -RSBAC_EINVALIDVALUE;
04062 if ((value.type_id > RC_type_max_value)
04063 && (value.type_id <
04064 RC_type_min_special)
04065 )
04066 return -RSBAC_EINVALIDVALUE;
04067 err =
04068 rsbac_ta_list_get_data_ttl(ta_number,
04069 role_handle,
04070 NULL,
04071 &tid.role,
04072 &entry);
04073 if (err)
04074 return err;
04075 entry.def_process_chown_type =
04076 value.type_id;
04077 return rsbac_ta_list_add_ttl(ta_number,
04078 role_handle,
04079 0, &tid.role,
04080 &entry);
04081 }
04082 case RI_def_process_execute_type:
04083 {
04084 struct rsbac_rc_role_entry_t entry;
04085
04086 if ((value.type_id <= RC_type_max_value)
04087 && !rsbac_ta_list_exist(ta_number,
04088 type_process_handle,
04089 &value.type_id)
04090 )
04091 return -RSBAC_EINVALIDVALUE;
04092 if ((value.type_id > RC_type_max_value)
04093 && (value.type_id <
04094 RC_type_min_special)
04095 )
04096 return -RSBAC_EINVALIDVALUE;
04097 err =
04098 rsbac_ta_list_get_data_ttl(ta_number,
04099 role_handle,
04100 NULL,
04101 &tid.role,
04102 &entry);
04103 if (err)
04104 return err;
04105 entry.def_process_execute_type =
04106 value.type_id;
04107 return rsbac_ta_list_add_ttl(ta_number,
04108 role_handle,
04109 0, &tid.role,
04110 &entry);
04111 }
04112 case RI_def_ipc_create_type:
04113 {
04114 struct rsbac_rc_role_entry_t entry;
04115
04116 if ((value.type_id <= RC_type_max_value)
04117 && !rsbac_ta_list_exist(ta_number,
04118 type_ipc_handle,
04119 &value.type_id)
04120 )
04121 return -RSBAC_EINVALIDVALUE;
04122 if ((value.type_id > RC_type_max_value)
04123 && (value.type_id <
04124 RC_type_min_special)
04125 )
04126 return -RSBAC_EINVALIDVALUE;
04127 err =
04128 rsbac_ta_list_get_data_ttl(ta_number,
04129 role_handle,
04130 NULL,
04131 &tid.role,
04132 &entry);
04133 if (err)
04134 return err;
04135 entry.def_ipc_create_type = value.type_id;
04136 return rsbac_ta_list_add_ttl(ta_number,
04137 role_handle,
04138 0, &tid.role,
04139 &entry);
04140 }
04141 case RI_def_group_create_type:
04142 {
04143 struct rsbac_rc_role_entry_t entry;
04144
04145 if ((value.type_id <= RC_type_max_value)
04146 && !rsbac_ta_list_exist(ta_number,
04147 type_group_handle,
04148 &value.type_id)
04149 )
04150 return -RSBAC_EINVALIDVALUE;
04151 if ((value.type_id > RC_type_max_value)
04152 && (value.type_id <
04153 RC_type_min_special)
04154 )
04155 return -RSBAC_EINVALIDVALUE;
04156 err =
04157 rsbac_ta_list_get_data_ttl(ta_number,
04158 role_handle,
04159 NULL,
04160 &tid.role,
04161 &entry);
04162 if (err)
04163 return err;
04164 entry.def_group_create_type =
04165 value.type_id;
04166 return rsbac_ta_list_add_ttl(ta_number,
04167 role_handle,
04168 0, &tid.role,
04169 &entry);
04170 }
04171 case RI_def_unixsock_create_type:
04172 {
04173 struct rsbac_rc_role_entry_t entry;
04174
04175 if ((value.type_id <= RC_type_max_value)
04176 && !rsbac_ta_list_exist(ta_number,
04177 type_fd_handle,
04178 &value.type_id)
04179 )
04180 return -RSBAC_EINVALIDVALUE;
04181 if ((value.type_id > RC_type_max_value)
04182 && (value.type_id <
04183 RC_type_min_special)
04184 )
04185 return -RSBAC_EINVALIDVALUE;
04186 err =
04187 rsbac_ta_list_get_data_ttl(ta_number,
04188 role_handle,
04189 NULL,
04190 &tid.role,
04191 &entry);
04192 if (err)
04193 return err;
04194 entry.def_unixsock_create_type =
04195 value.type_id;
04196 return rsbac_ta_list_add_ttl(ta_number,
04197 role_handle,
04198 0, &tid.role,
04199 &entry);
04200 }
04201 case RI_boot_role:
04202 {
04203 struct rsbac_rc_role_entry_t entry;
04204
04205 err =
04206 rsbac_ta_list_get_data_ttl(ta_number,
04207 role_handle,
04208 NULL,
04209 &tid.role,
04210 &entry);
04211 if (err)
04212 return err;
04213 entry.boot_role = value.boot_role;
04214 return rsbac_ta_list_add_ttl(ta_number,
04215 role_handle,
04216 0, &tid.role,
04217 &entry);
04218 }
04219 case RI_req_reauth:
04220 {
04221 struct rsbac_rc_role_entry_t entry;
04222
04223 err =
04224 rsbac_ta_list_get_data_ttl(ta_number,
04225 role_handle,
04226 NULL,
04227 &tid.role,
04228 &entry);
04229 if (err)
04230 return err;
04231 entry.req_reauth = value.req_reauth;
04232
04233
04234 return rsbac_ta_list_add_ttl(ta_number,
04235 role_handle,
04236 0, &tid.role,
04237 &entry);
04238 }
04239
04240 default:
04241 return -RSBAC_EINVALIDATTR;
04242 }
04243
04244 case RT_TYPE:
04245 if (tid.type > RC_type_max_value)
04246 return (-RSBAC_EINVALIDTARGET);
04247 rsbac_pr_debug(ds_rc, "Setting type item value\n");
04248 switch (item) {
04249 case RI_type_fd_name:
04250 {
04251 struct rsbac_rc_type_fd_entry_t entry;
04252
04253
04254 if (!value.name[0])
04255 return -RSBAC_EINVALIDVALUE;
04256
04257 memset(&entry, 0,
04258 sizeof(struct
04259 rsbac_rc_type_fd_entry_t));
04260 rsbac_ta_list_get_data_ttl(ta_number,
04261 type_fd_handle,
04262 NULL, &tid.type,
04263 &entry);
04264 strncpy(entry.name, value.name,
04265 RSBAC_RC_NAME_LEN - 1);
04266 entry.name[RSBAC_RC_NAME_LEN - 1] = 0;
04267 return rsbac_ta_list_add_ttl(ta_number,
04268 type_fd_handle,
04269 0, &tid.type,
04270 &entry);
04271 }
04272 case RI_type_fd_need_secdel:
04273 {
04274 struct rsbac_rc_type_fd_entry_t entry;
04275
04276 err =
04277 rsbac_ta_list_get_data_ttl(ta_number,
04278 type_fd_handle,
04279 NULL,
04280 &tid.type,
04281 &entry);
04282 if (err)
04283 return err;
04284 entry.need_secdel = value.need_secdel;
04285 return rsbac_ta_list_add_ttl(ta_number,
04286 type_fd_handle,
04287 0, &tid.type,
04288 &entry);
04289 }
04290 case RI_type_dev_name:
04291
04292 if (!value.name[0])
04293 return -RSBAC_EINVALIDVALUE;
04294
04295 value.name[RSBAC_RC_NAME_LEN - 1] = 0;
04296 return rsbac_ta_list_add_ttl(ta_number,
04297 type_dev_handle, 0,
04298 &tid.type,
04299 &value.name);
04300 case RI_type_ipc_name:
04301
04302 if (!value.name[0])
04303 return -RSBAC_EINVALIDVALUE;
04304
04305 value.name[RSBAC_RC_NAME_LEN - 1] = 0;
04306 return rsbac_ta_list_add_ttl(ta_number,
04307 type_ipc_handle, 0,
04308 &tid.type,
04309 &value.name);
04310 case RI_type_user_name:
04311
04312 if (!value.name[0])
04313 return -RSBAC_EINVALIDVALUE;
04314
04315 value.name[RSBAC_RC_NAME_LEN - 1] = 0;
04316 return rsbac_ta_list_add_ttl(ta_number,
04317 type_user_handle, 0,
04318 &tid.type,
04319 &value.name);
04320 case RI_type_process_name:
04321
04322 if (!value.name[0])
04323 return -RSBAC_EINVALIDVALUE;
04324
04325 value.name[RSBAC_RC_NAME_LEN - 1] = 0;
04326 return rsbac_ta_list_add_ttl(ta_number,
04327 type_process_handle,
04328 0, &tid.type,
04329 &value.name);
04330 case RI_type_group_name:
04331
04332 if (!value.name[0])
04333 return -RSBAC_EINVALIDVALUE;
04334
04335 value.name[RSBAC_RC_NAME_LEN - 1] = 0;
04336 return rsbac_ta_list_add_ttl(ta_number,
04337 type_group_handle, 0,
04338 &tid.type,
04339 &value.name);
04340 case RI_type_netdev_name:
04341
04342 if (!value.name[0])
04343 return -RSBAC_EINVALIDVALUE;
04344
04345 value.name[RSBAC_RC_NAME_LEN - 1] = 0;
04346 return rsbac_ta_list_add_ttl(ta_number,
04347 type_netdev_handle, 0,
04348 &tid.type,
04349 &value.name);
04350 case RI_type_nettemp_name:
04351
04352 if (!value.name[0])
04353 return -RSBAC_EINVALIDVALUE;
04354
04355 value.name[RSBAC_RC_NAME_LEN - 1] = 0;
04356 return rsbac_ta_list_add_ttl(ta_number,
04357 type_nettemp_handle,
04358 0, &tid.type,
04359 &value.name);
04360 case RI_type_netobj_name:
04361
04362 if (!value.name[0])
04363 return -RSBAC_EINVALIDVALUE;
04364
04365 value.name[RSBAC_RC_NAME_LEN - 1] = 0;
04366 return rsbac_ta_list_add_ttl(ta_number,
04367 type_netobj_handle, 0,
04368 &tid.type,
04369 &value.name);
04370
04371 case RI_type_fd_remove:
04372 if (!tid.type)
04373 return -RSBAC_EINVALIDVALUE;
04374 rsbac_ta_list_lol_subremove_from_all(ta_number,
04375 role_tcfd_handle,
04376 &tid.type);
04377 rsbac_ta_list_lol_subremove_from_all(ta_number,
04378 role_dfdc_handle,
04379 &tid.type);
04380 return rsbac_ta_list_remove(ta_number,
04381 type_fd_handle,
04382 &tid.type);
04383 case RI_type_dev_remove:
04384 if (!tid.type)
04385 return -RSBAC_EINVALIDVALUE;
04386 rsbac_ta_list_lol_subremove_from_all(ta_number,
04387 role_tcdv_handle,
04388 &tid.type);
04389 return rsbac_ta_list_remove(ta_number,
04390 type_dev_handle,
04391 &tid.type);
04392 case RI_type_user_remove:
04393 if (!tid.type)
04394 return -RSBAC_EINVALIDVALUE;
04395 rsbac_ta_list_lol_subremove_from_all(ta_number,
04396 role_tcus_handle,
04397 &tid.type);
04398 return rsbac_ta_list_remove(ta_number,
04399 type_user_handle,
04400 &tid.type);
04401 case RI_type_process_remove:
04402 if (!tid.type)
04403 return -RSBAC_EINVALIDVALUE;
04404 rsbac_ta_list_lol_subremove_from_all(ta_number,
04405 role_tcpr_handle,
04406 &tid.type);
04407 return rsbac_ta_list_remove(ta_number,
04408 type_process_handle,
04409 &tid.type);
04410 case RI_type_ipc_remove:
04411 if (!tid.type)
04412 return -RSBAC_EINVALIDVALUE;
04413 rsbac_ta_list_lol_subremove_from_all(ta_number,
04414 role_tcip_handle,
04415 &tid.type);
04416 return rsbac_ta_list_remove(ta_number,
04417 type_ipc_handle,
04418 &tid.type);
04419 case RI_type_group_remove:
04420 if (!tid.type)
04421 return -RSBAC_EINVALIDVALUE;
04422 rsbac_ta_list_lol_subremove_from_all(ta_number,
04423 role_tcgr_handle,
04424 &tid.type);
04425 return rsbac_ta_list_remove(ta_number,
04426 type_group_handle,
04427 &tid.type);
04428 case RI_type_netdev_remove:
04429 if (!tid.type)
04430 return -RSBAC_EINVALIDVALUE;
04431 rsbac_ta_list_lol_subremove_from_all(ta_number,
04432 role_tcnd_handle,
04433 &tid.type);
04434 return rsbac_ta_list_remove(ta_number,
04435 type_netdev_handle,
04436 &tid.type);
04437 case RI_type_nettemp_remove:
04438 if (!tid.type)
04439 return -RSBAC_EINVALIDVALUE;
04440 rsbac_ta_list_lol_subremove_from_all(ta_number,
04441 role_tcnt_handle,
04442 &tid.type);
04443 return rsbac_ta_list_remove(ta_number,
04444 type_nettemp_handle,
04445 &tid.type);
04446 case RI_type_netobj_remove:
04447 if (!tid.type)
04448 return -RSBAC_EINVALIDVALUE;
04449 rsbac_ta_list_lol_subremove_from_all(ta_number,
04450 role_tcno_handle,
04451 &tid.type);
04452 return rsbac_ta_list_remove(ta_number,
04453 type_netobj_handle,
04454 &tid.type);
04455
04456 default:
04457 return -RSBAC_EINVALIDATTR;
04458 }
04459
04460
04461 default:
04462 return -RSBAC_EINVALIDTARGET;
04463 }
04464 }