00001
00002
00003
00004
00005
00006
00007 #include <linux/module.h>
00008 #include <linux/types.h>
00009 #include <linux/kernel.h>
00010 #include <linux/string.h>
00011 #include <linux/fs.h>
00012 #include <rsbac/types.h>
00013 #include <rsbac/reg.h>
00014 #include <rsbac/adf.h>
00015 #include <rsbac/aci.h>
00016 #include <rsbac/getname.h>
00017 #include <rsbac/error.h>
00018 #include <rsbac/proc_fs.h>
00019 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00020 #include <linux/namei.h>
00021 #endif
00022
00023 MODULE_AUTHOR("Michal Purzynski");
00024 MODULE_DESCRIPTION("RSBAC REG modules_off decision module");
00025 MODULE_LICENSE("GPL");
00026
00027 static long handle = 9999991;
00028
00029 static rsbac_inode_nr_t inode_nr = 0;
00030 static kdev_t device_nr = 0;
00031
00032
00033
00034 static int request_func (enum rsbac_adf_request_t request,
00035 rsbac_pid_t owner_pid,
00036 enum rsbac_target_t target,
00037 union rsbac_target_id_t tid,
00038 enum rsbac_attribute_t attr,
00039 union rsbac_attribute_value_t attr_val,
00040 rsbac_uid_t owner)
00041 {
00042 switch (request) {
00043 case R_ADD_TO_KERNEL:
00044 case R_REMOVE_FROM_KERNEL:
00045 return NOT_GRANTED;
00046 case R_GET_STATUS_DATA:
00047 switch (target) {
00048 case T_FILE:
00049 if (tid.file.device == device_nr && tid.file.inode == inode_nr)
00050 return NOT_GRANTED;
00051 default:
00052 return DO_NOT_CARE;
00053 }
00054 default:
00055 return DO_NOT_CARE;
00056 }
00057 }
00058
00059
00060
00061 int init_module(void)
00062 {
00063
00064 struct rsbac_reg_entry_t entry;
00065 struct nameidata nd;
00066
00067 path_lookup("/proc/modules", 0, &nd);
00068 device_nr = nd.dentry->d_sb->s_dev;
00069 inode_nr = nd.dentry->d_inode->i_ino;
00070 path_release(&nd);
00071
00072 rsbac_printk(KERN_INFO "RSBAC REG decision module modules_off: Initializing.\n");
00073
00074
00075 memset(&entry, 0, sizeof(entry));
00076
00077 strcpy(entry.name, "RSBAC REG modules_off ADF module");
00078 rsbac_printk(KERN_INFO "RSBAC REG decision module modules_off: REG Version: %u, Name: %s, Handle: %li\n",RSBAC_REG_VERSION, entry.name, handle);
00079
00080 entry.handle = handle;
00081 entry.request_func = request_func;
00082 entry.switch_on = TRUE;
00083
00084 rsbac_printk(KERN_INFO "RSBAC REG decision module modules_off: Registering to ADF.\n");
00085
00086 if(rsbac_reg_register(RSBAC_REG_VERSION, entry) < 0)
00087 {
00088 rsbac_printk(KERN_WARNING "RSBAC REG decision module sample 1: Registering failed. Unloading.\n");
00089 return -ENOEXEC;
00090 }
00091
00092 rsbac_printk(KERN_INFO "RSBAC REG decision module modules_off: Loaded.\n");
00093
00094 return 0;
00095 }
00096
00097 void cleanup_module(void)
00098 {
00099 rsbac_printk(KERN_INFO "RSBAC REG decision module modules_off: Unregistering.\n");
00100
00101 if(rsbac_reg_unregister(handle))
00102 {
00103 rsbac_printk(KERN_ERR "RSBAC REG decision module modules_off: Unregistering failed - beware of possible system failure!\n");
00104 }
00105
00106 rsbac_printk(KERN_INFO "RSBAC REG decision module modules_off: Unloaded.\n");
00107 }
00108