00001
00002
00003
00004
00005
00006
00007
00008
00009 #include <rsbac/types.h>
00010 #include <rsbac/getname.h>
00011 #include <rsbac/helpers.h>
00012 #include <rsbac/error.h>
00013 #include <rsbac/pax_getname.h>
00014
00015 #ifdef __KERNEL__
00016 #include <linux/string.h>
00017 #include <linux/module.h>
00018 #include <linux/fs.h>
00019 #include <linux/kernel.h>
00020 #include <linux/netdevice.h>
00021 #include <linux/inetdevice.h>
00022 #include <rsbac/rkmem.h>
00023 #include <rsbac/network.h>
00024 #include <rsbac/net_getname.h>
00025 #else
00026 #include <string.h>
00027 #include <stdio.h>
00028 #include <errno.h>
00029 #endif
00030
00031 static char request_list[R_NONE + 1][24] = {
00032 "ADD_TO_KERNEL",
00033 "ALTER",
00034 "APPEND_OPEN",
00035 "CHANGE_GROUP",
00036 "CHANGE_OWNER",
00037 "CHDIR",
00038 "CLONE",
00039 "CLOSE",
00040 "CREATE",
00041 "DELETE",
00042 "EXECUTE",
00043 "GET_PERMISSIONS_DATA",
00044 "GET_STATUS_DATA",
00045 "LINK_HARD",
00046 "MODIFY_ACCESS_DATA",
00047 "MODIFY_ATTRIBUTE",
00048 "MODIFY_PERMISSIONS_DATA",
00049 "MODIFY_SYSTEM_DATA",
00050 "MOUNT",
00051 "READ",
00052 "READ_ATTRIBUTE",
00053 "READ_WRITE_OPEN",
00054 "READ_OPEN",
00055 "REMOVE_FROM_KERNEL",
00056 "RENAME",
00057 "SEARCH",
00058 "SEND_SIGNAL",
00059 "SHUTDOWN",
00060 "SWITCH_LOG",
00061 "SWITCH_MODULE",
00062 "TERMINATE",
00063 "TRACE",
00064 "TRUNCATE",
00065 "UMOUNT",
00066 "WRITE",
00067 "WRITE_OPEN",
00068 "MAP_EXEC",
00069 "BIND",
00070 "LISTEN",
00071 "ACCEPT",
00072 "CONNECT",
00073 "SEND",
00074 "RECEIVE",
00075 "NET_SHUTDOWN",
00076 "CHANGE_DAC_EFF_OWNER",
00077 "CHANGE_DAC_FS_OWNER",
00078 "CHANGE_DAC_EFF_GROUP",
00079 "CHANGE_DAC_FS_GROUP",
00080 "IOCTL",
00081 "LOCK",
00082 "AUTHENTICATE",
00083 "NONE"
00084 };
00085
00086 static char result_list[UNDEFINED + 1][12] = {
00087 "NOT_GRANTED",
00088 "GRANTED",
00089 "DO_NOT_CARE",
00090 "UNDEFINED"
00091 };
00092
00093 static rsbac_switch_target_int_t attr_mod_list[A_none + 1] = {
00094 SW_GEN,
00095 SW_MAC,
00096 SW_MAC,
00097 SW_MAC,
00098 SW_MAC,
00099 SW_MAC,
00100 SW_MAC,
00101 SW_MAC,
00102 SW_MAC,
00103 SW_MAC,
00104 SW_MAC,
00105 SW_MAC,
00106 SW_MAC,
00107 SW_MAC,
00108 SW_NONE,
00109 SW_MAC,
00110 SW_DAZ,
00111 SW_FF,
00112 SW_AUTH,
00113 SW_CAP,
00114 SW_JAIL,
00115 SW_PAX,
00116 SW_MAC,
00117 SW_MAC,
00118 SW_MAC,
00119 SW_MAC,
00120 SW_MAC,
00121 SW_MAC,
00122 SW_MAC,
00123 SW_MAC,
00124 SW_MAC,
00125 SW_PM,
00126 SW_PM,
00127 SW_PM,
00128 SW_PM,
00129 SW_PM,
00130 SW_PM,
00131 SW_PM,
00132 SW_PM,
00133 SW_PM,
00134 SW_PM,
00135 SW_PM,
00136 SW_PM,
00137 SW_PM,
00138 SW_PM,
00139 SW_PM,
00140 SW_DAZ,
00141 SW_DAZ,
00142 SW_FF,
00143 SW_RC,
00144 SW_RC,
00145 SW_RC,
00146 SW_RC,
00147 SW_RC,
00148 SW_RC,
00149 SW_RC,
00150 SW_RC,
00151 SW_RC,
00152 SW_RC,
00153 SW_AUTH,
00154 SW_AUTH,
00155 SW_AUTH,
00156 SW_CAP,
00157 SW_CAP,
00158 SW_CAP,
00159 SW_CAP,
00160 SW_JAIL,
00161 SW_JAIL,
00162 SW_JAIL,
00163 SW_JAIL,
00164 SW_JAIL,
00165 SW_JAIL,
00166 SW_JAIL,
00167 SW_PAX,
00168 SW_RES,
00169 SW_RES,
00170 SW_RES,
00171 SW_GEN,
00172 SW_GEN,
00173 SW_GEN,
00174 SW_GEN,
00175 SW_GEN,
00176 SW_GEN,
00177 SW_GEN,
00178 SW_GEN,
00179 SW_GEN,
00180 SW_GEN,
00181 SW_GEN,
00182 SW_GEN,
00183 SW_GEN,
00184 SW_CAP,
00185 SW_GEN,
00186 SW_GEN,
00187 SW_GEN,
00188 SW_AUTH,
00189 SW_GEN,
00190 SW_CAP,
00191 SW_DAZ,
00192 #ifdef __KERNEL__
00193
00194 SW_NONE,
00195 SW_NONE,
00196 SW_NONE,
00197 SW_NONE,
00198 SW_NONE,
00199 SW_NONE,
00200 SW_NONE,
00201 SW_NONE,
00202 SW_NONE,
00203 SW_NONE,
00204 SW_NONE,
00205 SW_NONE,
00206 SW_NONE,
00207 SW_NONE,
00208 SW_NONE,
00209 SW_NONE,
00210 SW_NONE,
00211 SW_NONE,
00212 SW_NONE,
00213 SW_NONE,
00214 SW_NONE,
00215 SW_NONE,
00216 SW_NONE,
00217 SW_NONE,
00218 SW_NONE,
00219 SW_NONE,
00220 SW_NONE,
00221 SW_NONE,
00222 SW_NONE,
00223 SW_NONE,
00224 SW_NONE,
00225 SW_NONE,
00226 SW_NONE,
00227 #endif
00228 SW_NONE
00229 };
00230
00231 static char attribute_list[A_none + 1][23] = {
00232 "pseudo",
00233 "security_level",
00234 "initial_security_level",
00235 "local_sec_level",
00236 "remote_sec_level",
00237 "min_security_level",
00238 "mac_categories",
00239 "mac_initial_categories",
00240 "local_mac_categories",
00241 "remote_mac_categories",
00242 "mac_min_categories",
00243 "mac_user_flags",
00244 "mac_process_flags",
00245 "mac_file_flags",
00246 "system_role",
00247 "mac_role",
00248 "daz_role",
00249 "ff_role",
00250 "auth_role",
00251 "cap_role",
00252 "jail_role",
00253 "pax_role",
00254 "current_sec_level",
00255 "mac_curr_categories",
00256 "min_write_open",
00257 "min_write_categories",
00258 "max_read_open",
00259 "max_read_categories",
00260 "mac_auto",
00261 "mac_check",
00262 "mac_prop_trusted",
00263 "pm_role",
00264 "pm_process_type",
00265 "pm_current_task",
00266 "pm_object_class",
00267 "local_pm_object_class",
00268 "remote_pm_object_class",
00269 "pm_ipc_purpose",
00270 "local_pm_ipc_purpose",
00271 "remote_pm_ipc_purpose",
00272 "pm_object_type",
00273 "local_pm_object_type",
00274 "remote_pm_object_type",
00275 "pm_program_type",
00276 "pm_tp",
00277 "pm_task_set",
00278 "daz_scanned",
00279 "daz_scanner",
00280 "ff_flags",
00281 "rc_type",
00282 "rc_select_type",
00283 "local_rc_type",
00284 "remote_rc_type",
00285 "rc_type_fd",
00286 "rc_type_nt",
00287 "rc_force_role",
00288 "rc_initial_role",
00289 "rc_role",
00290 "rc_def_role",
00291 "auth_may_setuid",
00292 "auth_may_set_cap",
00293 "auth_learn",
00294 "min_caps",
00295 "max_caps",
00296 "max_caps_user",
00297 "max_caps_program",
00298 "jail_id",
00299 "jail_parent",
00300 "jail_ip",
00301 "jail_flags",
00302 "jail_max_caps",
00303 "jail_scd_get",
00304 "jail_scd_modify",
00305 "pax_flags",
00306 "res_role",
00307 "res_min",
00308 "res_max",
00309 "log_array_low",
00310 "local_log_array_low",
00311 "remote_log_array_low",
00312 "log_array_high",
00313 "local_log_array_high",
00314 "remote_log_array_high",
00315 "log_program_based",
00316 "log_user_based",
00317 "symlink_add_remote_ip",
00318 "symlink_add_uid",
00319 "symlink_add_mac_level",
00320 "symlink_add_rc_role",
00321 "linux_dac_disable",
00322 "cap_process_hiding",
00323 "fake_root_uid",
00324 "audit_uid",
00325 "auid_exempt",
00326 "auth_last_auth",
00327 "remote_ip",
00328 "cap_ld_env",
00329 "daz_do_scan",
00330 #ifdef __KERNEL__
00331
00332 "owner",
00333 "group",
00334 "signal",
00335 "mode",
00336 "nlink",
00337 "switch_target",
00338 "mod_name",
00339 "request",
00340 "trace_request",
00341 "auth_add_f_cap",
00342 "auth_remove_f_cap",
00343 "auth_get_caplist",
00344 "prot_bits",
00345 "internal",
00346 "create_data",
00347 "new_object",
00348 "rlimit",
00349 "new_dir_dentry_p",
00350 "auth_program_file",
00351 "auth_start_uid",
00352 "auth_start_euid",
00353 "auth_start_gid",
00354 "auth_start_egid",
00355 "acl_learn",
00356 "priority",
00357 "pgid",
00358 "kernel_thread",
00359 "open_flag",
00360 "reboot_cmd",
00361 "setsockopt_level",
00362 "ioctl_cmd",
00363 "f_mode",
00364 "process",
00365 "sock_type",
00366 #endif
00367 "none"
00368 };
00369
00370 static char target_list[T_NONE + 1][11] = {
00371 "FILE",
00372 "DIR",
00373 "FIFO",
00374 "SYMLINK",
00375 "DEV",
00376 "IPC",
00377 "SCD",
00378 "USER",
00379 "PROCESS",
00380 "NETDEV",
00381 "NETTEMP",
00382 "NETOBJ",
00383 "NETTEMP_NT",
00384 "GROUP",
00385 "FD",
00386 "UNIXSOCK",
00387 "NONE"
00388 };
00389
00390 static char ipc_target_list[I_none + 1][9] = {
00391 "sem",
00392 "msg",
00393 "shm",
00394 "anonpipe",
00395 "mqueue",
00396 "anonunix",
00397 "none"
00398 };
00399
00400 static char switch_target_list[SW_NONE + 1][12] = {
00401 "GEN",
00402 "MAC",
00403 "PM",
00404 "DAZ",
00405 "FF",
00406 "RC",
00407 "AUTH",
00408 "REG",
00409 "ACL",
00410 "CAP",
00411 "JAIL",
00412 "RES",
00413 "PAX",
00414 "SOFTMODE",
00415 "DAC_DISABLE",
00416 "UM",
00417 "FREEZE",
00418 "NONE"
00419 };
00420
00421 static char error_list[RSBAC_EMAX][26] = {
00422 "RSBAC_EPERM",
00423 "RSBAC_EACCESS",
00424 "RSBAC_EREADFAILED",
00425 "RSBAC_EWRITEFAILED",
00426 "RSBAC_EINVALIDPOINTER",
00427 "RSBAC_ENOROOTDIR",
00428 "RSBAC_EPATHTOOLONG",
00429 "RSBAC_ENOROOTDEV",
00430 "RSBAC_ENOTFOUND",
00431 "RSBAC_ENOTINITIALIZED",
00432 "RSBAC_EREINIT",
00433 "RSBAC_ECOULDNOTADDDEVICE",
00434 "RSBAC_ECOULDNOTADDITEM",
00435 "RSBAC_ECOULDNOTCREATEPATH",
00436 "RSBAC_EINVALIDATTR",
00437 "RSBAC_EINVALIDDEV",
00438 "RSBAC_EINVALIDTARGET",
00439 "RSBAC_EINVALIDVALUE",
00440 "RSBAC_EEXISTS",
00441 "RSBAC_EINTERNONLY",
00442 "RSBAC_EINVALIDREQUEST",
00443 "RSBAC_ENOTWRITABLE",
00444 "RSBAC_EMALWAREDETECTED",
00445 "RSBAC_ENOMEM",
00446 "RSBAC_EDECISIONMISMATCH",
00447 "RSBAC_EINVALIDVERSION",
00448 "RSBAC_EINVALIDMODULE",
00449 "RSBAC_EEXPIRED",
00450 "RSBAC_EMUSTCHANGE",
00451 "RSBAC_EBUSY",
00452 "RSBAC_EINVALIDTRANSACTION",
00453 "RSBAC_EWEAKPASSWORD",
00454 "RSBAC_EINVALIDLIST"
00455 };
00456
00457 static char scd_type_list[ST_none + 1][17] = {
00458 "time_strucs",
00459 "clock",
00460 "host_id",
00461 "net_id",
00462 "ioports",
00463 "rlimit",
00464 "swap",
00465 "syslog",
00466 "rsbac",
00467 "rsbac_log",
00468 "other",
00469 "kmem",
00470 "network",
00471 "firewall",
00472 "priority",
00473 "sysfs",
00474 "rsbac_remote_log",
00475 "quota",
00476 "sysctl",
00477 "nfsd",
00478 "ksyms",
00479 "mlock",
00480 "capability",
00481 "kexec",
00482 "none"
00483 };
00484
00485
00486
00487 #ifndef __KERNEL__
00488 static char attribute_param_list[A_none + 1][194] = {
00489 "user-pseudo (positive long integer)",
00490 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00491 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00492 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00493 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00494 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00495 "Bit Set String of length 64 for all categories",
00496 "Bit Set String of length 64 for all categories",
00497 "Bit Set String of length 64 for all categories",
00498 "Bit Set String of length 64 for all categories",
00499 "Bit Set String of length 64 for all categories",
00500 "1 = override, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down, 64 = allow_mac_auto",
00501 "1 = override, 2 = auto, 4 = trusted, 8 = write_up,\n\t16 = read_up, 32 = write_down, 128 = prop_trusted",
00502 "2 = auto, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down",
00503 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00504 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00505 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00506 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00507 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00508 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00509 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00510 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00511 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00512 "Bit Set String of length 64 for all categories",
00513 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00514 "Bit Set String of length 64 for all categories",
00515 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00516 "Bit Set String of length 64 for all categories",
00517 "0 = no, 1 = yes, 2 = inherit (default value)",
00518 "0 = false, 1 = true",
00519 "0 = false, 1 = true",
00520 "0 = user, 1 = security officer, 2 = data protection officer,\n\t3 = TP-manager, 4 = system-admin",
00521 "0 = none, 1 = TP",
00522 "Task-ID (positive integer)",
00523 "Class-ID (positive integer)",
00524 "Class-ID (positive integer)",
00525 "Class-ID (positive integer)",
00526 "Purpose-ID (positive integer)",
00527 "Purpose-ID (positive integer)",
00528 "Purpose-ID (positive integer)",
00529 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00530 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00531 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00532 "0 = none, 1 = TP",
00533 "TP-ID (positive integer)",
00534 "pm-task-list-ID (positive integer)",
00535 "0 = unscanned, 1 = infected, 2 = clean",
00536 "0 = FALSE, 1 = TRUE",
00537 "1 = read_only, 2 = execute_only, 4 = search_only, 8 = write_only,\n\t16 = secure_delete, 32 = no_execute, 64 = no_delete_or_rename,\n\t128 = add_inherited (or'd), 256 = append_only, 512 = no_mount",
00538 "RC-type-id",
00539 "RC-type-id (-7 = use fd)",
00540 "RC-type-id",
00541 "RC-type-id",
00542 "RC-type-id (-2 = inherit from parent)",
00543 "RC-type-id",
00544 "RC-role-id (-1 = inherit_user, -2 = inherit_process (keep),\n\t-3 = inherit_parent (def.),\n\t-4 = inherit_user_on_chown_only (root default)",
00545 "RC-role-id (-3 = inherit_parent (default),\n\t-5 = use_force_role (root default)",
00546 "RC-role-id",
00547 "RC-role-id",
00548 "0 = off, 1 = full, 2 = last_auth_only, 3 = last_auth_and_gid",
00549 "0 = false, 1 = true",
00550 "0 = false, 1 = true",
00551 "Bit-Vector value or name list of desired caps",
00552 "Bit-Vector value or name list of desired caps",
00553 "Bit-Vector value or name list of desired caps",
00554 "Bit-Vector value or name list of desired caps",
00555 "JAIL ID (0 = off)",
00556 "JAIL ID (0 = no parent jail)",
00557 "JAIL IP address a.b.c.d",
00558 "JAIL flags (or'd, 1 = allow external IPC, 2 = allow all net families,\n\t4 = allow_rlimit, 8 = allow raw IP, 16 = auto adjust IP,\n\t32 = allow localhost, 64 = allow scd clock)",
00559 "Bit-Vector value or name list of desired caps",
00560 "List of SCD targets",
00561 "List of SCD targets",
00562 "PAX flags with capital=on, non-capital=off, e.g. PeMRxS",
00563 "0 = user, 1 = security officer, 2 = administrator",
00564 "array of non-negative integer values, all 0 for unset",
00565 "array of non-negative integer values, all 0 for unset",
00566 "Bit-String for all Requests, low bit",
00567 "Bit-String for all Requests, low bit",
00568 "Bit-String for all Requests, low bit",
00569 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00570 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00571 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00572 "Bit-String for all Requests",
00573 "Bit-String for all Requests",
00574 "Number of bytes to add, 0 to turn off",
00575 "0 = false, 1 = true",
00576 "0 = false, 1 = true",
00577 "0 = false, 1 = true",
00578 "0 = false, 1 = true, 2 = inherit (default)",
00579 "0 = off (default), 1 = from other users, 2 = full",
00580 "0 = off (default), 1 = uid_only, 2 = euid_only, 3 = both",
00581 "-3 = unset, uid otherwise",
00582 "-3 = unset, uid otherwise",
00583 "-3 = unset, uid otherwise",
00584 "32 Bit value in network byte order",
00585 "0 = disallow executing of program file with LD_ variables set,\n\t1 = do not care (default)",
00586 "0 = never, 1 = registered, 2 = always, 3 = inherit",
00587 "INVALID!"
00588 };
00589 #endif
00590
00591 static char log_level_list[LL_invalid + 1][9] = {
00592 "none",
00593 "denied",
00594 "full",
00595 "request",
00596 "invalid!"
00597 };
00598
00599 static char cap_list[RSBAC_CAP_MAX + 1][17] = {
00600 "CHOWN",
00601 "DAC_OVERRIDE",
00602 "DAC_READ_SEARCH",
00603 "FOWNER",
00604 "FSETID",
00605 "KILL",
00606 "SETGID",
00607 "SETUID",
00608 "SETPCAP",
00609 "LINUX_IMMUTABLE",
00610 "NET_BIND_SERVICE",
00611 "NET_BROADCAST",
00612 "NET_ADMIN",
00613 "NET_RAW",
00614 "IPC_LOCK",
00615 "IPC_OWNER",
00616 "SYS_MODULE",
00617 "SYS_RAWIO",
00618 "SYS_CHROOT",
00619 "SYS_PTRACE",
00620 "SYS_PACCT",
00621 "SYS_ADMIN",
00622 "SYS_BOOT",
00623 "SYS_NICE",
00624 "SYS_RESOURCE",
00625 "SYS_TIME",
00626 "SYS_TTY_CONFIG",
00627 "MKNOD",
00628 "LEASE",
00629 "NONE"
00630 };
00631
00632
00633
00634 #ifdef __KERNEL__
00635 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00636 EXPORT_SYMBOL(get_request_name);
00637 #endif
00638 #endif
00639
00640 char *get_request_name(char *request_name,
00641 enum rsbac_adf_request_t request)
00642 {
00643 if (!request_name)
00644 return (NULL);
00645 if (request >= R_NONE)
00646 strcpy(request_name, "ERROR!");
00647 else
00648 strcpy(request_name, request_list[request]);
00649 return (request_name);
00650 }
00651
00652 enum rsbac_adf_request_t get_request_nr(const char *request_name)
00653 {
00654 enum rsbac_adf_request_t i;
00655
00656 if (!request_name)
00657 return (R_NONE);
00658 for (i = 0; i < R_NONE; i++) {
00659 if (!strcmp(request_name, request_list[i])) {
00660 return (i);
00661 }
00662 }
00663 return (R_NONE);
00664 }
00665
00666
00667 char *get_result_name(char *res_name, enum rsbac_adf_req_ret_t res)
00668 {
00669 if (!res_name)
00670 return (NULL);
00671 if (res > UNDEFINED)
00672 strcpy(res_name, "ERROR!");
00673 else
00674 strcpy(res_name, result_list[res]);
00675 return (res_name);
00676 }
00677
00678 enum rsbac_adf_req_ret_t get_result_nr(const char *res_name)
00679 {
00680 enum rsbac_adf_req_ret_t i;
00681
00682 if (!res_name)
00683 return (UNDEFINED);
00684 for (i = 0; i < UNDEFINED; i++) {
00685 if (!strcmp(res_name, result_list[i])) {
00686 return (i);
00687 }
00688 }
00689 return (UNDEFINED);
00690 }
00691
00692
00693 enum rsbac_switch_target_t get_attr_module(enum rsbac_attribute_t attr)
00694 {
00695 if (attr > A_none)
00696 return SW_NONE;
00697 else
00698 return attr_mod_list[attr];
00699 }
00700
00701 #ifdef __KERNEL__
00702 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00703 EXPORT_SYMBOL(get_attribute_name);
00704 #endif
00705 #endif
00706
00707 char *get_attribute_name(char *attr_name, enum rsbac_attribute_t attr)
00708 {
00709 if (!attr_name)
00710 return (NULL);
00711 if (attr > A_none)
00712 strcpy(attr_name, "ERROR!");
00713 else
00714 strcpy(attr_name, attribute_list[attr]);
00715 return (attr_name);
00716 }
00717
00718 enum rsbac_attribute_t get_attribute_nr(const char *attr_name)
00719 {
00720 enum rsbac_attribute_t i;
00721
00722 if (!attr_name)
00723 return (A_none);
00724 for (i = 0; i < A_none; i++) {
00725 if (!strcmp(attr_name, attribute_list[i])) {
00726 return (i);
00727 }
00728 }
00729 return (A_none);
00730 }
00731
00732 #ifdef __KERNEL__
00733 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00734 EXPORT_SYMBOL(get_attribute_value_name);
00735 #endif
00736 #endif
00737
00738 char *get_attribute_value_name(char *attr_val_name,
00739 enum rsbac_attribute_t attr,
00740 union rsbac_attribute_value_t *attr_val_p)
00741 {
00742 if (!attr_val_name)
00743 return (NULL);
00744 if (attr > A_none)
00745 strcpy(attr_val_name, "ERROR!");
00746 else
00747 switch (attr) {
00748 case A_none:
00749 strcpy(attr_val_name, "none");
00750 break;
00751 #ifdef __KERNEL__
00752 case A_create_data:
00753 {
00754 char *tmp =
00755 rsbac_kmalloc(RSBAC_MAXNAMELEN);
00756
00757 if (tmp) {
00758 if (attr_val_p->create_data.
00759 dentry_p)
00760 snprintf(attr_val_name,
00761 RSBAC_MAXNAMELEN -
00762 1,
00763 "%s %s, mode %o",
00764 get_target_name_only
00765 (tmp,
00766 attr_val_p->
00767 create_data.
00768 target),
00769 attr_val_p->
00770 create_data.
00771 dentry_p->d_name.
00772 name,
00773 attr_val_p->
00774 create_data.
00775 mode & S_IALLUGO);
00776 else
00777 snprintf(attr_val_name,
00778 RSBAC_MAXNAMELEN -
00779 1, "%s, mode %o",
00780 get_target_name_only
00781 (tmp,
00782 attr_val_p->
00783 create_data.
00784 target),
00785 attr_val_p->
00786 create_data.
00787 mode & S_IALLUGO);
00788 rsbac_kfree(tmp);
00789 }
00790 }
00791 break;
00792 case A_mode:
00793 sprintf(attr_val_name, "%o", attr_val_p->mode);
00794 break;
00795 case A_priority:
00796 sprintf(attr_val_name, "%i", attr_val_p->priority);
00797 break;
00798 case A_mod_name:
00799 if (attr_val_p->mod_name)
00800 strncpy(attr_val_name,
00801 attr_val_p->mod_name,
00802 RSBAC_MAXNAMELEN - 1);
00803 else
00804 strcpy(attr_val_name, "unknown");
00805 attr_val_name[RSBAC_MAXNAMELEN - 1] = 0;
00806 break;
00807 case A_auth_add_f_cap:
00808 case A_auth_remove_f_cap:
00809 sprintf(attr_val_name, "%u:%u",
00810 attr_val_p->auth_cap_range.first,
00811 attr_val_p->auth_cap_range.last);
00812 break;
00813 case A_switch_target:
00814 get_switch_target_name(attr_val_name,
00815 attr_val_p->switch_target);
00816 break;
00817 case A_request:
00818 get_request_name(attr_val_name,
00819 attr_val_p->request);
00820 break;
00821 case A_sock_type:
00822 rsbac_get_net_type_name(attr_val_name,
00823 attr_val_p->sock_type);
00824 break;
00825 #endif
00826 #if defined(CONFIG_RSBAC_PAX) || !defined(__KERNEL__)
00827 case A_pax_flags:
00828 pax_print_flags(attr_val_name,
00829 attr_val_p->pax_flags);
00830 break;
00831 #endif
00832 #if defined(CONFIG_RSBAC_AUTH) || !defined(__KERNEL__)
00833 case A_auth_last_auth:
00834 #if defined(CONFIG_RSBAC_AUTH_LEARN) && defined(__KERNEL__)
00835 case A_auth_start_uid:
00836 case A_auth_start_euid:
00837 #endif
00838 sprintf(attr_val_name, "%u",
00839 attr_val_p->auth_last_auth);
00840 break;
00841 #endif
00842 #ifdef CONFIG_RSBAC_AUTH_GROUP
00843 case A_auth_start_gid:
00844 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
00845 case A_auth_start_egid:
00846 #endif
00847 sprintf(attr_val_name, "%u",
00848 attr_val_p->auth_start_gid);
00849 break;
00850 #endif
00851 default:
00852 snprintf(attr_val_name, RSBAC_MAXNAMELEN - 1, "%u",
00853 attr_val_p->u_dummy);
00854 }
00855 return (attr_val_name);
00856 }
00857
00858
00859 #ifdef __KERNEL__
00860 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00861 EXPORT_SYMBOL(get_scd_type_name);
00862 #endif
00863 #endif
00864
00865 char *get_scd_type_name(char *res_name, enum rsbac_scd_type_t res)
00866 {
00867 if (!res_name)
00868 return (NULL);
00869 if (res > ST_none)
00870 strcpy(res_name, "ERROR!");
00871 else
00872 strcpy(res_name, scd_type_list[res]);
00873 return (res_name);
00874 }
00875
00876 enum rsbac_scd_type_t get_scd_type_nr(const char *res_name)
00877 {
00878 enum rsbac_scd_type_t i;
00879
00880 if (!res_name)
00881 return (ST_none);
00882 for (i = 0; i < ST_none; i++) {
00883 if (!strcmp(res_name, scd_type_list[i])) {
00884 return (i);
00885 }
00886 }
00887 return (ST_none);
00888 }
00889
00890
00891 #ifdef __KERNEL__
00892 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00893 EXPORT_SYMBOL(get_target_name);
00894 #endif
00895 #endif
00896
00897 char *get_target_name(char *target_type_name,
00898 enum rsbac_target_t target,
00899 char *target_id_name, union rsbac_target_id_t tid)
00900 {
00901 #ifdef __KERNEL__
00902 char *help_name;
00903 #else
00904 char help_name[RSBAC_MAXNAMELEN + 4];
00905 #endif
00906
00907 if (!target_type_name)
00908 return (NULL);
00909
00910 #ifdef __KERNEL__
00911 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00912 help_name = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + 4);
00913 #else
00914 help_name = rsbac_kmalloc(RSBAC_MAXNAMELEN + 4);
00915 #endif
00916 if (!help_name)
00917 return NULL;
00918 #endif
00919
00920 switch (target) {
00921 #ifdef __KERNEL__
00922 case T_FD:
00923 strcpy(target_type_name, "FD");
00924 if (!target_id_name)
00925 break;
00926 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00927 RSBAC_MAJOR(tid.file.device),
00928 RSBAC_MINOR(tid.file.device), tid.file.inode);
00929 if (tid.file.dentry_p && tid.file.dentry_p->d_name.name
00930 && tid.file.dentry_p->d_name.len) {
00931 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00932 if (rsbac_get_full_path
00933 (tid.file.dentry_p, help_name,
00934 CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
00935 strcat(target_id_name, " Path ");
00936 strcat(target_id_name, help_name);
00937 }
00938 #else
00939 int namelen =
00940 rsbac_min(tid.file.dentry_p->d_name.len,
00941 RSBAC_MAXNAMELEN);
00942
00943 strcat(target_id_name, " Name ");
00944 strncpy(help_name, tid.file.dentry_p->d_name.name,
00945 namelen);
00946 help_name[namelen] = 0;
00947 strcat(target_id_name, help_name);
00948 #endif
00949 }
00950 break;
00951 case T_FILE:
00952 strcpy(target_type_name, "FILE");
00953 if (!target_id_name)
00954 break;
00955 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00956 RSBAC_MAJOR(tid.file.device),
00957 RSBAC_MINOR(tid.file.device), tid.file.inode);
00958 if (tid.file.dentry_p && tid.file.dentry_p->d_name.name
00959 && tid.file.dentry_p->d_name.len) {
00960 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00961 if (rsbac_get_full_path
00962 (tid.file.dentry_p, help_name,
00963 CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
00964 strcat(target_id_name, " Path ");
00965 strcat(target_id_name, help_name);
00966 }
00967 #else
00968 int namelen =
00969 rsbac_min(tid.file.dentry_p->d_name.len,
00970 RSBAC_MAXNAMELEN);
00971
00972 strcat(target_id_name, " Name ");
00973 strncpy(help_name, tid.file.dentry_p->d_name.name,
00974 namelen);
00975 help_name[namelen] = 0;
00976 strcat(target_id_name, help_name);
00977 #endif
00978 }
00979 break;
00980 case T_DIR:
00981 strcpy(target_type_name, "DIR");
00982 if (!target_id_name)
00983 break;
00984 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00985 RSBAC_MAJOR(tid.file.device),
00986 RSBAC_MINOR(tid.file.device), tid.dir.inode);
00987 if (tid.dir.dentry_p && tid.dir.dentry_p->d_name.name
00988 && tid.dir.dentry_p->d_name.len) {
00989 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00990 if (rsbac_get_full_path
00991 (tid.dir.dentry_p, help_name,
00992 CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
00993 strcat(target_id_name, " Path ");
00994 strcat(target_id_name, help_name);
00995 }
00996 #else
00997 int namelen =
00998 rsbac_min(tid.dir.dentry_p->d_name.len,
00999 RSBAC_MAXNAMELEN);
01000
01001 strcat(target_id_name, " Name ");
01002 strncpy(help_name, tid.dir.dentry_p->d_name.name,
01003 namelen);
01004 help_name[namelen] = 0;
01005 strcat(target_id_name, help_name);
01006 #endif
01007 }
01008 break;
01009 case T_FIFO:
01010 strcpy(target_type_name, "FIFO");
01011 if (!target_id_name)
01012 break;
01013 sprintf(target_id_name, "Device %02u:%02u Inode %u",
01014 RSBAC_MAJOR(tid.file.device),
01015 RSBAC_MINOR(tid.file.device), tid.fifo.inode);
01016 if (tid.fifo.dentry_p && tid.fifo.dentry_p->d_name.name
01017 && tid.fifo.dentry_p->d_name.len) {
01018 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
01019 if (rsbac_get_full_path
01020 (tid.fifo.dentry_p, help_name,
01021 CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
01022 strcat(target_id_name, " Path ");
01023 strcat(target_id_name, help_name);
01024 }
01025 #else
01026 int namelen =
01027 rsbac_min(tid.fifo.dentry_p->d_name.len,
01028 RSBAC_MAXNAMELEN);
01029
01030 strcat(target_id_name, " Name ");
01031 strncpy(help_name, tid.fifo.dentry_p->d_name.name,
01032 namelen);
01033 help_name[namelen] = 0;
01034 strcat(target_id_name, help_name);
01035 #endif
01036 }
01037 break;
01038 case T_SYMLINK:
01039 strcpy(target_type_name, "SYMLINK");
01040 if (!target_id_name)
01041 break;
01042 sprintf(target_id_name, "Device %02u:%02u Inode %u",
01043 RSBAC_MAJOR(tid.symlink.device),
01044 RSBAC_MINOR(tid.symlink.device), tid.symlink.inode);
01045 if (tid.symlink.dentry_p
01046 && tid.symlink.dentry_p->d_name.name
01047 && tid.symlink.dentry_p->d_name.len) {
01048 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
01049 if (rsbac_get_full_path
01050 (tid.symlink.dentry_p, help_name,
01051 CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
01052 strcat(target_id_name, " Path ");
01053 strcat(target_id_name, help_name);
01054 }
01055 #else
01056 int namelen =
01057 rsbac_min(tid.symlink.dentry_p->d_name.len,
01058 RSBAC_MAXNAMELEN);
01059
01060 strcat(target_id_name, " Name ");
01061 strncpy(help_name,
01062 tid.symlink.dentry_p->d_name.name,
01063 namelen);
01064 help_name[namelen] = 0;
01065 strcat(target_id_name, help_name);
01066 #endif
01067 }
01068 break;
01069 case T_UNIXSOCK:
01070 strcpy(target_type_name, "UNIXSOCK");
01071 if (!target_id_name)
01072 break;
01073 sprintf(target_id_name, "Device %02u:%02u Inode %u",
01074 RSBAC_MAJOR(tid.unixsock.device),
01075 RSBAC_MINOR(tid.unixsock.device), tid.unixsock.inode);
01076 if (tid.symlink.dentry_p
01077 && tid.unixsock.dentry_p->d_name.name
01078 && tid.unixsock.dentry_p->d_name.len) {
01079 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
01080 if (rsbac_get_full_path
01081 (tid.unixsock.dentry_p, help_name,
01082 CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
01083 strcat(target_id_name, " Path ");
01084 strcat(target_id_name, help_name);
01085 }
01086 #else
01087 int namelen =
01088 rsbac_min(tid.unixsock.dentry_p->d_name.len,
01089 RSBAC_MAXNAMELEN);
01090
01091 strcat(target_id_name, " Name ");
01092 strncpy(help_name,
01093 tid.unixsock.dentry_p->d_name.name,
01094 namelen);
01095 help_name[namelen] = 0;
01096 strcat(target_id_name, help_name);
01097 #endif
01098 }
01099 break;
01100 case T_DEV:
01101 strcpy(target_type_name, "DEV");
01102 if (!target_id_name)
01103 break;
01104 switch (tid.dev.type) {
01105 case D_block:
01106 sprintf(target_id_name, "block %02u:%02u",
01107 tid.dev.major, tid.dev.minor);
01108 break;
01109 case D_char:
01110 sprintf(target_id_name, "char %02u:%02u",
01111 tid.dev.major, tid.dev.minor);
01112 break;
01113 case D_block_major:
01114 sprintf(target_id_name, "block major %02u",
01115 tid.dev.major);
01116 break;
01117 case D_char_major:
01118 sprintf(target_id_name, "char major %02u",
01119 tid.dev.major);
01120 break;
01121 default:
01122 sprintf(target_id_name, "*unknown* %02u:%02u",
01123 tid.dev.major, tid.dev.minor);
01124 }
01125 break;
01126 case T_NETOBJ:
01127 strcpy(target_type_name, "NETOBJ");
01128 if (!target_id_name)
01129 break;
01130 #ifdef CONFIG_NET
01131 if (tid.netobj.sock_p
01132 && tid.netobj.sock_p->ops && tid.netobj.sock_p->sk) {
01133 char type_name[RSBAC_MAXNAMELEN];
01134
01135 switch (tid.netobj.sock_p->ops->family) {
01136 case AF_INET:
01137 {
01138 __u32 saddr;
01139 __u16 sport;
01140 __u32 daddr;
01141 __u16 dport;
01142 struct net_device *dev;
01143 char ldevname[RSBAC_IFNAMSIZ + 10];
01144 char rdevname[RSBAC_IFNAMSIZ + 10];
01145
01146 if (tid.netobj.local_addr) {
01147 struct sockaddr_in *addr =
01148 tid.netobj.local_addr;
01149
01150 saddr =
01151 addr->sin_addr.s_addr;
01152 sport =
01153 ntohs(addr->sin_port);
01154 } else {
01155 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01156 saddr =
01157 inet_sk(tid.netobj.
01158 sock_p->sk)->
01159 saddr;
01160 sport =
01161 inet_sk(tid.netobj.
01162 sock_p->sk)->
01163 num;
01164 #else
01165 saddr =
01166 tid.netobj.sock_p->sk->
01167 saddr;
01168 sport =
01169 tid.netobj.sock_p->sk->
01170 num;
01171 #endif
01172 }
01173 if (tid.netobj.remote_addr) {
01174 struct sockaddr_in *addr =
01175 tid.netobj.remote_addr;
01176
01177 daddr =
01178 addr->sin_addr.s_addr;
01179 dport =
01180 ntohs(addr->sin_port);
01181 } else {
01182 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01183 daddr =
01184 inet_sk(tid.netobj.
01185 sock_p->sk)->
01186 daddr;
01187 dport =
01188 ntohs(inet_sk
01189 (tid.netobj.
01190 sock_p->sk)->
01191 dport);
01192 #else
01193 daddr =
01194 tid.netobj.sock_p->sk->
01195 daddr;
01196 dport =
01197 ntohs(tid.netobj.
01198 sock_p->sk->
01199 dport);
01200 #endif
01201 }
01202 dev = ip_dev_find(saddr);
01203 if (dev) {
01204 sprintf(ldevname, "%s:",
01205 dev->name);
01206 dev_put(dev);
01207 } else
01208 ldevname[0] = 0;
01209 dev = ip_dev_find(daddr);
01210 if (dev) {
01211 sprintf(rdevname, "%s:",
01212 dev->name);
01213 dev_put(dev);
01214 } else
01215 rdevname[0] = 0;
01216 sprintf(target_id_name,
01217 "%p INET %s proto %s local %s%u.%u.%u.%u:%u remote %s%u.%u.%u.%u:%u",
01218 tid.netobj.sock_p,
01219 rsbac_get_net_type_name
01220 (type_name,
01221 tid.netobj.sock_p->type),
01222 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01223 rsbac_get_net_protocol_name
01224 (help_name,
01225 tid.netobj.sock_p->sk->
01226 sk_protocol),
01227 #else
01228 rsbac_get_net_protocol_name
01229 (help_name,
01230 tid.netobj.sock_p->sk->
01231 protocol),
01232 #endif
01233 ldevname,
01234 NIPQUAD(saddr),
01235 sport,
01236 rdevname,
01237 NIPQUAD(daddr), dport);
01238 }
01239 break;
01240 case AF_UNIX:
01241 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01242 if (unix_sk(tid.netobj.sock_p->sk)->addr)
01243 sprintf(target_id_name,
01244 "%p UNIX %s %s",
01245 tid.netobj.sock_p,
01246 rsbac_get_net_type_name
01247 (type_name,
01248 tid.netobj.sock_p->type),
01249 unix_sk(tid.netobj.sock_p->
01250 sk)->addr->name[0].
01251 sun_path);
01252 #else
01253 if (tid.netobj.sock_p->sk->protinfo.
01254 af_unix.addr)
01255 sprintf(target_id_name,
01256 "%p UNIX %s %s",
01257 tid.netobj.sock_p,
01258 rsbac_get_net_type_name
01259 (type_name,
01260 tid.netobj.sock_p->type),
01261 tid.netobj.sock_p->sk->
01262 protinfo.af_unix.addr->
01263 name[0].sun_path);
01264 #endif
01265 else if (tid.netobj.local_addr) {
01266 struct sockaddr_un *addr =
01267 tid.netobj.local_addr;
01268
01269 sprintf(target_id_name,
01270 "%p UNIX %s %s",
01271 tid.netobj.sock_p,
01272 rsbac_get_net_type_name
01273 (type_name,
01274 tid.netobj.sock_p->type),
01275 addr->sun_path);
01276 } else
01277 sprintf(target_id_name,
01278 "%p UNIX %s",
01279 tid.netobj.sock_p,
01280 rsbac_get_net_type_name
01281 (type_name,
01282 tid.netobj.sock_p->type));
01283 break;
01284 default:
01285 sprintf(target_id_name, "%p %s %s",
01286 tid.netobj.sock_p,
01287 rsbac_get_net_family_name
01288 (help_name,
01289 tid.netobj.sock_p->ops->family),
01290 rsbac_get_net_type_name(type_name,
01291 tid.netobj.
01292 sock_p->
01293 type));
01294 }
01295 } else
01296 #endif
01297 {
01298 sprintf(target_id_name, "%p", tid.netobj.sock_p);
01299 }
01300 break;
01301 #endif
01302 case T_IPC:
01303 strcpy(target_type_name, "IPC");
01304 if (!target_id_name)
01305 break;
01306 switch (tid.ipc.type) {
01307 case I_sem:
01308 strcpy(target_id_name, "Sem-ID ");
01309 break;
01310 case I_msg:
01311 strcpy(target_id_name, "Msg-ID ");
01312 break;
01313 case I_shm:
01314 strcpy(target_id_name, "Shm-ID ");
01315 break;
01316 case I_anonpipe:
01317 strcpy(target_id_name, "AnonPipe-ID ");
01318 break;
01319 case I_mqueue:
01320 strcpy(target_id_name, "Mqueue-ID ");
01321 break;
01322 case I_anonunix:
01323 strcpy(target_id_name, "AnonUnix-ID ");
01324 break;
01325 default:
01326 strcpy(target_id_name, "ID ");
01327 break;
01328 };
01329 sprintf(help_name, "%lu", tid.ipc.id.id_nr);
01330 strcat(target_id_name, help_name);
01331 break;
01332 case T_SCD:
01333 strcpy(target_type_name, "SCD");
01334 if (target_id_name)
01335 get_scd_type_name(target_id_name, tid.scd);
01336 break;
01337 case T_USER:
01338 strcpy(target_type_name, "USER");
01339 if (target_id_name)
01340 sprintf(target_id_name, "%u", tid.user);
01341 break;
01342 case T_PROCESS:
01343 strcpy(target_type_name, "PROCESS");
01344 if (target_id_name)
01345 sprintf(target_id_name, "%u", tid.process);
01346 break;
01347 case T_GROUP:
01348 strcpy(target_type_name, "GROUP");
01349 if (target_id_name)
01350 sprintf(target_id_name, "%u", tid.group);
01351 break;
01352 case T_NETDEV:
01353 strcpy(target_type_name, "NETDEV");
01354 if (!target_id_name)
01355 break;
01356 strncpy(target_id_name, tid.netdev, RSBAC_IFNAMSIZ);
01357 target_id_name[RSBAC_IFNAMSIZ] = 0;
01358 break;
01359 case T_NETTEMP:
01360 strcpy(target_type_name, "NETTEMP");
01361 if (target_id_name)
01362 sprintf(target_id_name, "%u", tid.nettemp);
01363 break;
01364 case T_NETTEMP_NT:
01365 strcpy(target_type_name, "NETTEMP_NT");
01366 if (target_id_name)
01367 sprintf(target_id_name, "%u", tid.nettemp);
01368 break;
01369 case T_NONE:
01370 strcpy(target_type_name, "NONE");
01371 if (target_id_name)
01372 strcpy(target_id_name, "NONE");
01373 break;
01374 default:
01375 strcpy(target_type_name, "ERROR!!!");
01376 if (target_id_name)
01377 sprintf(target_id_name, "%u", target);
01378 }
01379 #ifdef __KERNEL__
01380 rsbac_kfree(help_name);
01381 #endif
01382 return (target_type_name);
01383 }
01384
01385 char *get_target_name_only(char *target_type_name,
01386 enum rsbac_target_t target)
01387 {
01388 if (!target_type_name)
01389 return (NULL);
01390
01391 switch (target) {
01392 case T_FILE:
01393 strcpy(target_type_name, "FILE");
01394 break;
01395 case T_DIR:
01396 strcpy(target_type_name, "DIR");
01397 break;
01398 case T_FIFO:
01399 strcpy(target_type_name, "FIFO");
01400 break;
01401 case T_SYMLINK:
01402 strcpy(target_type_name, "SYMLINK");
01403 break;
01404 case T_UNIXSOCK:
01405 strcpy(target_type_name, "UNIXSOCK");
01406 break;
01407 case T_FD:
01408 strcpy(target_type_name, "FD");
01409 break;
01410 case T_DEV:
01411 strcpy(target_type_name, "DEV");
01412 break;
01413 case T_NETOBJ:
01414 strcpy(target_type_name, "NETOBJ");
01415 break;
01416 case T_IPC:
01417 strcpy(target_type_name, "IPC");
01418 break;
01419 case T_SCD:
01420 strcpy(target_type_name, "SCD");
01421 break;
01422 case T_USER:
01423 strcpy(target_type_name, "USER");
01424 break;
01425 case T_PROCESS:
01426 strcpy(target_type_name, "PROCESS");
01427 break;
01428 case T_GROUP:
01429 strcpy(target_type_name, "GROUP");
01430 break;
01431 case T_NETDEV:
01432 strcpy(target_type_name, "NETDEV");
01433 break;
01434 case T_NETTEMP:
01435 strcpy(target_type_name, "NETTEMP");
01436 break;
01437 case T_NETTEMP_NT:
01438 strcpy(target_type_name, "NETTEMP_NT");
01439 break;
01440 case T_NONE:
01441 strcpy(target_type_name, "NONE");
01442 break;
01443 default:
01444 strcpy(target_type_name, "ERROR!!!");
01445 };
01446 return (target_type_name);
01447 }
01448
01449 enum rsbac_target_t get_target_nr(const char *target_name)
01450 {
01451 enum rsbac_target_t i;
01452
01453 if (!target_name)
01454 return (T_NONE);
01455 for (i = 0; i < T_NONE; i++) {
01456 if (!strcmp(target_name, target_list[i])) {
01457 return (i);
01458 }
01459 }
01460 return (T_NONE);
01461 }
01462
01463 char *get_ipc_target_name(char *ipc_name, enum rsbac_ipc_type_t target)
01464 {
01465 if (!ipc_name)
01466 return (NULL);
01467 if (target > I_none)
01468 strcpy(ipc_name, "ERROR!");
01469 else
01470 strcpy(ipc_name, ipc_target_list[target]);
01471 return (ipc_name);
01472 }
01473
01474 enum rsbac_ipc_type_t get_ipc_target_nr(const char *ipc_name)
01475 {
01476 enum rsbac_ipc_type_t i;
01477
01478 if (!ipc_name)
01479 return (I_none);
01480 for (i = 0; i < I_none; i++) {
01481 if (!strcmp(ipc_name, ipc_target_list[i])) {
01482 return (i);
01483 }
01484 }
01485 return (I_none);
01486 }
01487
01488
01489 #ifdef __KERNEL__
01490 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01491 EXPORT_SYMBOL(get_switch_target_name);
01492 #endif
01493 #endif
01494
01495 char *get_switch_target_name(char *switch_name,
01496 enum rsbac_switch_target_t target)
01497 {
01498 if (!switch_name)
01499 return (NULL);
01500 if (target > SW_NONE)
01501 strcpy(switch_name, "ERROR!");
01502 else
01503 strcpy(switch_name, switch_target_list[target]);
01504 return (switch_name);
01505 }
01506
01507 enum rsbac_switch_target_t get_switch_target_nr(const char *switch_name)
01508 {
01509 enum rsbac_switch_target_t i;
01510
01511 if (!switch_name)
01512 return (SW_NONE);
01513 for (i = 0; i < SW_NONE; i++) {
01514 #ifdef __KERNEL__
01515 if (!strncmp
01516 (switch_name, switch_target_list[i],
01517 strlen(switch_target_list[i])))
01518 #else
01519 if (!strcmp(switch_name, switch_target_list[i]))
01520 #endif
01521 {
01522 return (i);
01523 }
01524 }
01525 return (SW_NONE);
01526 }
01527
01528
01529 #ifdef __KERNEL__
01530 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01531 EXPORT_SYMBOL(get_error_name);
01532 #endif
01533 #endif
01534
01535 char *get_error_name(char *error_name, int error)
01536 {
01537 if (!error_name)
01538 return (NULL);
01539 #ifndef __KERNEL__
01540 if((error == -1) && RSBAC_ERROR(-errno))
01541 error = -errno;
01542 #endif
01543 if (RSBAC_ERROR(error))
01544 strcpy(error_name, error_list[(-error) - RSBAC_EPERM]);
01545 else
01546 #ifdef __KERNEL__
01547 inttostr(error_name, error);
01548 #else
01549 strcpy(error_name, strerror(errno));
01550 #endif
01551 return (error_name);
01552 }
01553
01554 #ifndef __KERNEL__
01555 char *get_attribute_param(char *attr_name, enum rsbac_attribute_t attr)
01556 {
01557 if (!attr_name)
01558 return (NULL);
01559 if (attr > A_none)
01560 strcpy(attr_name, "ERROR!");
01561 else
01562 strcpy(attr_name, attribute_param_list[attr]);
01563 return (attr_name);
01564 }
01565 #endif
01566
01567 char *get_log_level_name(char *ll_name, enum rsbac_log_level_t target)
01568 {
01569 if (!ll_name)
01570 return (NULL);
01571 if (target > LL_invalid)
01572 strcpy(ll_name, "ERROR!");
01573 else
01574 strcpy(ll_name, log_level_list[target]);
01575 return (ll_name);
01576 }
01577
01578 enum rsbac_log_level_t get_log_level_nr(const char *ll_name)
01579 {
01580 enum rsbac_log_level_t i;
01581
01582 if (!ll_name)
01583 return (LL_invalid);
01584 for (i = 0; i < LL_invalid; i++) {
01585 if (!strcmp(ll_name, log_level_list[i])) {
01586 return (i);
01587 }
01588 }
01589 return (LL_invalid);
01590 }
01591
01592 char *get_cap_name(char *name, u_int value)
01593 {
01594 if (!name)
01595 return (NULL);
01596 if (value > CAP_NONE)
01597 strcpy(name, "ERROR!");
01598 else
01599 strcpy(name, cap_list[value]);
01600 return (name);
01601 }
01602
01603 int get_cap_nr(const char *name)
01604 {
01605 int i;
01606
01607 if (!name)
01608 return (RT_NONE);
01609 for (i = 0; i < CAP_NONE; i++) {
01610 if (!strcmp(name, cap_list[i])) {
01611 return (i);
01612 }
01613 }
01614 return (CAP_NONE);
01615 }