#include <linux/init.h>
#include <rsbac/rc_types.h>
Go to the source code of this file.
int rsbac_init_rc | ( | void | ) |
Definition at line 1362 of file rc_data_structures.c.
References create_def_roles(), create_def_roles2(), rsbac_list_lol_info_t::data_size, rsbac_list_info_t::data_size, rsbac_list_lol_info_t::desc_size, rsbac_list_info_t::desc_size, rsbac_list_lol_info_t::key, rsbac_list_info_t::key, rsbac_list_lol_info_t::max_age, rsbac_list_info_t::max_age, name, rsbac_rc_type_fd_entry_t::name, rsbac_rc_type_fd_entry_t::need_secdel, nr_role_hashes, nr_type_hashes, NULL, proc_rsbac_root_p, registration_error(), role_adr_handle, role_asr_handle, role_dfdc_handle, role_get_conv(), role_handle, role_hash(), role_rc_handle, role_tcdv_handle, role_tcfd_handle, role_tcgr_handle, role_tcip_handle, role_tcnd_handle, role_tcno_handle, role_tcnt_handle, role_tcpr_handle, role_tcsc_handle, role_tcus_handle, RSBAC_EREINIT, rsbac_is_initialized(), rsbac_list_add(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_BACKUP, rsbac_list_count(), RSBAC_LIST_DEF_DATA, RSBAC_LIST_DEF_SUBDATA, rsbac_list_exist(), rsbac_list_lol_get_all_desc(), rsbac_list_lol_register_hashed(), rsbac_list_lol_subadd(), rsbac_list_lol_subexist(), RSBAC_LIST_PERSIST, rsbac_list_register_hashed(), RSBAC_LIST_REPLICATE, RSBAC_LIST_VERSION, rsbac_no_defaults, rsbac_pr_debug, rsbac_printk(), RSBAC_PROCESS_REQUEST_VECTOR, RSBAC_RC_DEFAULT_RIGHTS_VECTOR, RSBAC_RC_GENERAL_TYPE, RSBAC_RC_NAME_LEN, RSBAC_RC_SEC_TYPE, RSBAC_RC_SYS_TYPE, RSBAC_READ_WRITE_REQUEST_VECTOR, rsbac_vfree, rsbac_list_lol_info_t::subdata_size, rsbac_list_lol_info_t::subdesc_size, tcfd_get_conv(), tcfd_get_subconv(), type_dev_handle, type_fd_handle, type_group_handle, type_hash(), type_ipc_handle, type_netdev_handle, type_netobj_handle, type_nettemp_handle, type_process_handle, type_user_handle, rsbac_list_lol_info_t::version, and rsbac_list_info_t::version.
Referenced by rsbac_do_init().
01364 { 01365 int err = 0; 01366 struct proc_dir_entry *tmp_entry_p; 01367 struct rsbac_list_lol_info_t lol_info; 01368 struct rsbac_list_info_t list_info; 01369 rsbac_rc_rights_vector_t def_tc = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 01370 01371 if (rsbac_is_initialized()) { 01372 rsbac_printk(KERN_WARNING "rsbac_init_rc(): RSBAC already initialized\n"); 01373 return (-RSBAC_EREINIT); 01374 } 01375 01376 /* init data structures */ 01377 rsbac_printk(KERN_INFO "rsbac_init_rc(): Initializing RSBAC: RC subsystem\n"); 01378 rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space()); 01379 01380 list_info.version = RSBAC_RC_ROLE_LIST_VERSION; 01381 list_info.key = RSBAC_RC_LIST_KEY; 01382 list_info.desc_size = sizeof(rsbac_rc_role_id_t); 01383 list_info.data_size = sizeof(struct rsbac_rc_role_entry_t); 01384 list_info.max_age = 0; 01385 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01386 &role_handle, &list_info, 01387 #if defined(CONFIG_RSBAC_RC_BACKUP) 01388 RSBAC_LIST_BACKUP | 01389 #endif 01390 RSBAC_LIST_PERSIST | 01391 RSBAC_LIST_REPLICATE | RSBAC_LIST_AUTO_HASH_RESIZE, 01392 NULL, role_get_conv, 01393 NULL, RSBAC_RC_ROLE_FILENAME, 01394 RSBAC_AUTO_DEV, 01395 nr_role_hashes, 01396 (nr_role_hashes > 1) ? role_hash : NULL, 01397 NULL); 01398 if (err) { 01399 registration_error(err, "role"); 01400 } 01401 01402 lol_info.version = RSBAC_RC_ROLE_RC_LIST_VERSION; 01403 lol_info.key = RSBAC_RC_LIST_KEY; 01404 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01405 lol_info.data_size = 0; 01406 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t); 01407 lol_info.subdata_size = 0; 01408 lol_info.max_age = 0; 01409 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01410 &role_rc_handle, &lol_info, 01411 #if defined(CONFIG_RSBAC_RC_BACKUP) 01412 RSBAC_LIST_BACKUP | 01413 #endif 01414 RSBAC_LIST_PERSIST | 01415 RSBAC_LIST_REPLICATE | 01416 RSBAC_LIST_DEF_DATA | 01417 RSBAC_LIST_AUTO_HASH_RESIZE, 01418 NULL, 01419 NULL, NULL, NULL, 01420 NULL, NULL, 01421 RSBAC_RC_ROLE_RC_FILENAME, 01422 RSBAC_AUTO_DEV, 01423 nr_role_hashes, 01424 (nr_role_hashes > 1) ? role_hash : NULL, 01425 NULL); 01426 if (err) { 01427 registration_error(err, "role compatibilities"); 01428 } 01429 lol_info.version = RSBAC_RC_ROLE_ADR_LIST_VERSION; 01430 lol_info.key = RSBAC_RC_LIST_KEY; 01431 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01432 lol_info.data_size = 0; 01433 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t); 01434 lol_info.subdata_size = 0; 01435 lol_info.max_age = 0; 01436 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01437 &role_adr_handle, &lol_info, 01438 #if defined(CONFIG_RSBAC_RC_BACKUP) 01439 RSBAC_LIST_BACKUP | 01440 #endif 01441 RSBAC_LIST_PERSIST | 01442 RSBAC_LIST_REPLICATE | 01443 RSBAC_LIST_DEF_DATA | 01444 RSBAC_LIST_AUTO_HASH_RESIZE, 01445 NULL, 01446 NULL, NULL, NULL, 01447 NULL, NULL, 01448 RSBAC_RC_ROLE_ADR_FILENAME, 01449 RSBAC_AUTO_DEV, 01450 nr_role_hashes, 01451 (nr_role_hashes > 1) ? role_hash : NULL, 01452 NULL); 01453 if (err) { 01454 registration_error(err, "admin roles"); 01455 } 01456 lol_info.version = RSBAC_RC_ROLE_ASR_LIST_VERSION; 01457 lol_info.key = RSBAC_RC_LIST_KEY; 01458 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01459 lol_info.data_size = 0; 01460 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t); 01461 lol_info.subdata_size = 0; 01462 lol_info.max_age = 0; 01463 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01464 &role_asr_handle, &lol_info, 01465 #if defined(CONFIG_RSBAC_RC_BACKUP) 01466 RSBAC_LIST_BACKUP | 01467 #endif 01468 RSBAC_LIST_PERSIST | 01469 RSBAC_LIST_REPLICATE | 01470 RSBAC_LIST_DEF_DATA | 01471 RSBAC_LIST_AUTO_HASH_RESIZE, 01472 NULL, 01473 NULL, NULL, NULL, 01474 NULL, NULL, 01475 RSBAC_RC_ROLE_ASR_FILENAME, 01476 RSBAC_AUTO_DEV, 01477 nr_role_hashes, 01478 (nr_role_hashes > 1) ? role_hash : NULL, 01479 NULL); 01480 if (err) { 01481 registration_error(err, "assign roles"); 01482 } 01483 lol_info.version = RSBAC_RC_ROLE_DFDC_LIST_VERSION; 01484 lol_info.key = RSBAC_RC_LIST_KEY; 01485 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01486 lol_info.data_size = 0; 01487 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01488 lol_info.subdata_size = sizeof(rsbac_rc_type_id_t); 01489 lol_info.max_age = 0; 01490 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01491 &role_dfdc_handle, &lol_info, 01492 #if defined(CONFIG_RSBAC_RC_BACKUP) 01493 RSBAC_LIST_BACKUP | 01494 #endif 01495 RSBAC_LIST_PERSIST | 01496 RSBAC_LIST_REPLICATE | 01497 RSBAC_LIST_DEF_DATA | 01498 RSBAC_LIST_AUTO_HASH_RESIZE, 01499 NULL, 01500 NULL, NULL, NULL, 01501 NULL, NULL, 01502 RSBAC_RC_ROLE_DFDC_FILENAME, 01503 RSBAC_AUTO_DEV, 01504 nr_role_hashes, 01505 (nr_role_hashes > 1) ? role_hash : NULL, 01506 NULL); 01507 if (err) { 01508 registration_error(err, "Role default FD create types"); 01509 } 01510 lol_info.version = RSBAC_RC_ROLE_TCFD_LIST_VERSION; 01511 lol_info.key = RSBAC_RC_LIST_KEY; 01512 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01513 lol_info.data_size = 0; 01514 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01515 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 01516 lol_info.max_age = 0; 01517 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01518 &role_tcfd_handle, &lol_info, 01519 #if defined(CONFIG_RSBAC_RC_BACKUP) 01520 RSBAC_LIST_BACKUP | 01521 #endif 01522 RSBAC_LIST_PERSIST | 01523 RSBAC_LIST_REPLICATE | 01524 RSBAC_LIST_DEF_DATA | 01525 RSBAC_LIST_DEF_SUBDATA | 01526 RSBAC_LIST_AUTO_HASH_RESIZE, 01527 NULL, 01528 NULL, 01529 tcfd_get_conv, tcfd_get_subconv, 01530 NULL, &def_tc, 01531 RSBAC_RC_ROLE_TCFD_FILENAME, 01532 RSBAC_AUTO_DEV, 01533 nr_role_hashes, 01534 (nr_role_hashes > 1) ? role_hash : NULL, 01535 NULL); 01536 if (err) { 01537 registration_error(err, "Role FD type compatibilities"); 01538 } 01539 lol_info.version = RSBAC_RC_ROLE_TCDV_LIST_VERSION; 01540 lol_info.key = RSBAC_RC_LIST_KEY; 01541 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01542 lol_info.data_size = 0; 01543 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01544 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 01545 lol_info.max_age = 0; 01546 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01547 &role_tcdv_handle, &lol_info, 01548 #if defined(CONFIG_RSBAC_RC_BACKUP) 01549 RSBAC_LIST_BACKUP | 01550 #endif 01551 RSBAC_LIST_PERSIST | 01552 RSBAC_LIST_REPLICATE | 01553 RSBAC_LIST_DEF_DATA | 01554 RSBAC_LIST_DEF_SUBDATA | 01555 RSBAC_LIST_AUTO_HASH_RESIZE, 01556 NULL, 01557 NULL, 01558 tcfd_get_conv, tcfd_get_subconv, 01559 NULL, &def_tc, 01560 RSBAC_RC_ROLE_TCDV_FILENAME, 01561 RSBAC_AUTO_DEV, 01562 nr_role_hashes, 01563 (nr_role_hashes > 1) ? role_hash : NULL, 01564 NULL); 01565 if (err) { 01566 registration_error(err, "Role DEV type compatibilities"); 01567 } 01568 lol_info.version = RSBAC_RC_ROLE_TCUS_LIST_VERSION; 01569 lol_info.key = RSBAC_RC_LIST_KEY; 01570 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01571 lol_info.data_size = 0; 01572 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01573 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 01574 lol_info.max_age = 0; 01575 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01576 &role_tcus_handle, &lol_info, 01577 #if defined(CONFIG_RSBAC_RC_BACKUP) 01578 RSBAC_LIST_BACKUP | 01579 #endif 01580 RSBAC_LIST_PERSIST | 01581 RSBAC_LIST_REPLICATE | 01582 RSBAC_LIST_DEF_DATA | 01583 RSBAC_LIST_DEF_SUBDATA | 01584 RSBAC_LIST_AUTO_HASH_RESIZE, 01585 NULL, 01586 NULL, 01587 tcfd_get_conv, tcfd_get_subconv, 01588 NULL, &def_tc, 01589 RSBAC_RC_ROLE_TCUS_FILENAME, 01590 RSBAC_AUTO_DEV, 01591 nr_role_hashes, 01592 (nr_role_hashes > 1) ? role_hash : NULL, 01593 NULL); 01594 if (err) { 01595 registration_error(err, "Role User type compatibilities"); 01596 } 01597 lol_info.version = RSBAC_RC_ROLE_TCPR_LIST_VERSION; 01598 lol_info.key = RSBAC_RC_LIST_KEY; 01599 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01600 lol_info.data_size = 0; 01601 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01602 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 01603 lol_info.max_age = 0; 01604 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01605 &role_tcpr_handle, &lol_info, 01606 #if defined(CONFIG_RSBAC_RC_BACKUP) 01607 RSBAC_LIST_BACKUP | 01608 #endif 01609 RSBAC_LIST_PERSIST | 01610 RSBAC_LIST_REPLICATE | 01611 RSBAC_LIST_DEF_DATA | 01612 RSBAC_LIST_DEF_SUBDATA | 01613 RSBAC_LIST_AUTO_HASH_RESIZE, 01614 NULL, 01615 NULL, 01616 tcfd_get_conv, tcfd_get_subconv, 01617 NULL, &def_tc, 01618 RSBAC_RC_ROLE_TCPR_FILENAME, 01619 RSBAC_AUTO_DEV, 01620 nr_role_hashes, 01621 (nr_role_hashes > 1) ? role_hash : NULL, 01622 NULL); 01623 if (err) { 01624 registration_error(err, 01625 "Role Process type compatibilities"); 01626 } 01627 lol_info.version = RSBAC_RC_ROLE_TCIP_LIST_VERSION; 01628 lol_info.key = RSBAC_RC_LIST_KEY; 01629 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01630 lol_info.data_size = 0; 01631 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01632 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 01633 lol_info.max_age = 0; 01634 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01635 &role_tcip_handle, &lol_info, 01636 #if defined(CONFIG_RSBAC_RC_BACKUP) 01637 RSBAC_LIST_BACKUP | 01638 #endif 01639 RSBAC_LIST_PERSIST | 01640 RSBAC_LIST_REPLICATE | 01641 RSBAC_LIST_DEF_DATA | 01642 RSBAC_LIST_DEF_SUBDATA | 01643 RSBAC_LIST_AUTO_HASH_RESIZE, 01644 NULL, 01645 NULL, 01646 tcfd_get_conv, tcfd_get_subconv, 01647 NULL, &def_tc, 01648 RSBAC_RC_ROLE_TCIP_FILENAME, 01649 RSBAC_AUTO_DEV, 01650 nr_role_hashes, 01651 (nr_role_hashes > 1) ? role_hash : NULL, 01652 NULL); 01653 if (err) { 01654 registration_error(err, "Role IPC type compatibilities"); 01655 } 01656 lol_info.version = RSBAC_RC_ROLE_TCSC_LIST_VERSION; 01657 lol_info.key = RSBAC_RC_LIST_KEY; 01658 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01659 lol_info.data_size = 0; 01660 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01661 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 01662 lol_info.max_age = 0; 01663 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01664 &role_tcsc_handle, &lol_info, 01665 #if defined(CONFIG_RSBAC_RC_BACKUP) 01666 RSBAC_LIST_BACKUP | 01667 #endif 01668 RSBAC_LIST_PERSIST | 01669 RSBAC_LIST_REPLICATE | 01670 RSBAC_LIST_DEF_DATA | 01671 RSBAC_LIST_DEF_SUBDATA | 01672 RSBAC_LIST_AUTO_HASH_RESIZE, 01673 NULL, 01674 NULL, 01675 tcfd_get_conv, tcfd_get_subconv, 01676 NULL, &def_tc, 01677 RSBAC_RC_ROLE_TCSC_FILENAME, 01678 RSBAC_AUTO_DEV, 01679 nr_role_hashes, 01680 (nr_role_hashes > 1) ? role_hash : NULL, 01681 NULL); 01682 if (err) { 01683 registration_error(err, "Role SCD type compatibilities"); 01684 } 01685 lol_info.version = RSBAC_RC_ROLE_TCGR_LIST_VERSION; 01686 lol_info.key = RSBAC_RC_LIST_KEY; 01687 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01688 lol_info.data_size = 0; 01689 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01690 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 01691 lol_info.max_age = 0; 01692 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01693 &role_tcgr_handle, &lol_info, 01694 #if defined(CONFIG_RSBAC_RC_BACKUP) 01695 RSBAC_LIST_BACKUP | 01696 #endif 01697 RSBAC_LIST_PERSIST | 01698 RSBAC_LIST_REPLICATE | 01699 RSBAC_LIST_DEF_DATA | 01700 RSBAC_LIST_DEF_SUBDATA | 01701 RSBAC_LIST_AUTO_HASH_RESIZE, 01702 NULL, 01703 NULL, 01704 tcfd_get_conv, tcfd_get_subconv, 01705 NULL, &def_tc, 01706 RSBAC_RC_ROLE_TCGR_FILENAME, 01707 RSBAC_AUTO_DEV, 01708 nr_role_hashes, 01709 (nr_role_hashes > 1) ? role_hash : NULL, 01710 NULL); 01711 if (err) { 01712 registration_error(err, "Role Group type compatibilities"); 01713 } 01714 lol_info.version = RSBAC_RC_ROLE_TCND_LIST_VERSION; 01715 lol_info.key = RSBAC_RC_LIST_KEY; 01716 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01717 lol_info.data_size = 0; 01718 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01719 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 01720 lol_info.max_age = 0; 01721 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01722 &role_tcnd_handle, &lol_info, 01723 #if defined(CONFIG_RSBAC_RC_BACKUP) 01724 RSBAC_LIST_BACKUP | 01725 #endif 01726 RSBAC_LIST_PERSIST | 01727 RSBAC_LIST_REPLICATE | 01728 RSBAC_LIST_DEF_DATA | 01729 RSBAC_LIST_DEF_SUBDATA | 01730 RSBAC_LIST_AUTO_HASH_RESIZE, 01731 NULL, 01732 NULL, 01733 tcfd_get_conv, tcfd_get_subconv, 01734 NULL, &def_tc, 01735 RSBAC_RC_ROLE_TCND_FILENAME, 01736 RSBAC_AUTO_DEV, 01737 nr_role_hashes, 01738 (nr_role_hashes > 1) ? role_hash : NULL, 01739 NULL); 01740 if (err) { 01741 registration_error(err, 01742 "Role NETDEV type compatibilities"); 01743 } 01744 lol_info.version = RSBAC_RC_ROLE_TCNT_LIST_VERSION; 01745 lol_info.key = RSBAC_RC_LIST_KEY; 01746 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01747 lol_info.data_size = 0; 01748 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01749 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 01750 lol_info.max_age = 0; 01751 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01752 &role_tcnt_handle, &lol_info, 01753 #if defined(CONFIG_RSBAC_RC_BACKUP) 01754 RSBAC_LIST_BACKUP | 01755 #endif 01756 RSBAC_LIST_PERSIST | 01757 RSBAC_LIST_REPLICATE | 01758 RSBAC_LIST_DEF_DATA | 01759 RSBAC_LIST_DEF_SUBDATA | 01760 RSBAC_LIST_AUTO_HASH_RESIZE, 01761 NULL, 01762 NULL, 01763 tcfd_get_conv, tcfd_get_subconv, 01764 NULL, &def_tc, 01765 RSBAC_RC_ROLE_TCNT_FILENAME, 01766 RSBAC_AUTO_DEV, 01767 nr_role_hashes, 01768 (nr_role_hashes > 1) ? role_hash : NULL, 01769 NULL); 01770 if (err) { 01771 registration_error(err, 01772 "Role NETTEMP type compatibilities"); 01773 } 01774 lol_info.version = RSBAC_RC_ROLE_TCNO_LIST_VERSION; 01775 lol_info.key = RSBAC_RC_LIST_KEY; 01776 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 01777 lol_info.data_size = 0; 01778 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 01779 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 01780 lol_info.max_age = 0; 01781 err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION, 01782 &role_tcno_handle, &lol_info, 01783 #if defined(CONFIG_RSBAC_RC_BACKUP) 01784 RSBAC_LIST_BACKUP | 01785 #endif 01786 RSBAC_LIST_PERSIST | 01787 RSBAC_LIST_REPLICATE | 01788 RSBAC_LIST_DEF_DATA | 01789 RSBAC_LIST_DEF_SUBDATA | 01790 RSBAC_LIST_AUTO_HASH_RESIZE, 01791 NULL, 01792 NULL, 01793 tcfd_get_conv, tcfd_get_subconv, 01794 NULL, &def_tc, 01795 RSBAC_RC_ROLE_TCNO_FILENAME, 01796 RSBAC_AUTO_DEV, 01797 nr_role_hashes, 01798 (nr_role_hashes > 1) ? role_hash : NULL, 01799 NULL); 01800 if (err) { 01801 registration_error(err, 01802 "Role NETOBJ type compatibilities"); 01803 } 01804 01805 /* Create default role settings, if none there */ 01806 if (!rsbac_no_defaults && !rsbac_list_count(role_handle)) { 01807 create_def_roles(); 01808 create_def_roles2(); 01809 } 01810 01811 list_info.version = RSBAC_RC_TYPE_FD_LIST_VERSION; 01812 list_info.key = RSBAC_RC_LIST_KEY; 01813 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01814 list_info.data_size = sizeof(struct rsbac_rc_type_fd_entry_t); 01815 list_info.max_age = 0; 01816 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01817 &type_fd_handle, &list_info, 01818 #if defined(CONFIG_RSBAC_RC_BACKUP) 01819 RSBAC_LIST_BACKUP | 01820 #endif 01821 RSBAC_LIST_PERSIST | 01822 RSBAC_LIST_REPLICATE | 01823 RSBAC_LIST_AUTO_HASH_RESIZE, 01824 NULL, NULL, NULL, 01825 RSBAC_RC_TYPE_FD_FILENAME, 01826 RSBAC_AUTO_DEV, 01827 nr_type_hashes, 01828 (nr_type_hashes > 1) ? type_hash : NULL, 01829 NULL); 01830 if (err) { 01831 registration_error(err, "type FD"); 01832 } 01833 if (!rsbac_no_defaults && !rsbac_list_count(type_fd_handle)) { 01834 rsbac_rc_type_id_t type; 01835 struct rsbac_rc_type_fd_entry_t entry; 01836 01837 type = RSBAC_RC_GENERAL_TYPE; 01838 strcpy(entry.name, "General FD"); 01839 entry.need_secdel = 0; 01840 rsbac_list_add(type_fd_handle, &type, &entry); 01841 type = RSBAC_RC_SEC_TYPE; 01842 strcpy(entry.name, "Security FD"); 01843 entry.need_secdel = 0; 01844 rsbac_list_add(type_fd_handle, &type, &entry); 01845 type = RSBAC_RC_SYS_TYPE; 01846 strcpy(entry.name, "System FD"); 01847 entry.need_secdel = 0; 01848 rsbac_list_add(type_fd_handle, &type, &entry); 01849 } 01850 list_info.version = RSBAC_RC_TYPE_DEV_LIST_VERSION; 01851 list_info.key = RSBAC_RC_LIST_KEY; 01852 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01853 list_info.data_size = RSBAC_RC_NAME_LEN; 01854 list_info.max_age = 0; 01855 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01856 &type_dev_handle, &list_info, 01857 #if defined(CONFIG_RSBAC_RC_BACKUP) 01858 RSBAC_LIST_BACKUP | 01859 #endif 01860 RSBAC_LIST_PERSIST | 01861 RSBAC_LIST_REPLICATE | 01862 RSBAC_LIST_AUTO_HASH_RESIZE, 01863 NULL, NULL, NULL, 01864 RSBAC_RC_TYPE_DEV_FILENAME, 01865 RSBAC_AUTO_DEV, 01866 nr_type_hashes, 01867 (nr_type_hashes > 1) ? type_hash : NULL, 01868 NULL); 01869 if (err) { 01870 registration_error(err, "type DEV"); 01871 } 01872 if (!rsbac_no_defaults && !rsbac_list_count(type_dev_handle)) { 01873 rsbac_rc_type_id_t type; 01874 char name[RSBAC_RC_NAME_LEN]; 01875 01876 type = RSBAC_RC_GENERAL_TYPE; 01877 strcpy(name, "General Device"); 01878 rsbac_list_add(type_dev_handle, &type, name); 01879 type = RSBAC_RC_SEC_TYPE; 01880 strcpy(name, "Security Device"); 01881 rsbac_list_add(type_dev_handle, &type, name); 01882 type = RSBAC_RC_SYS_TYPE; 01883 strcpy(name, "System Device"); 01884 rsbac_list_add(type_dev_handle, &type, &name); 01885 } 01886 list_info.version = RSBAC_RC_TYPE_IPC_LIST_VERSION; 01887 list_info.key = RSBAC_RC_LIST_KEY; 01888 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01889 list_info.data_size = RSBAC_RC_NAME_LEN; 01890 list_info.max_age = 0; 01891 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01892 &type_ipc_handle, &list_info, 01893 #if defined(CONFIG_RSBAC_RC_BACKUP) 01894 RSBAC_LIST_BACKUP | 01895 #endif 01896 RSBAC_LIST_PERSIST | 01897 RSBAC_LIST_REPLICATE | 01898 RSBAC_LIST_AUTO_HASH_RESIZE, 01899 NULL, NULL, NULL, 01900 RSBAC_RC_TYPE_IPC_FILENAME, 01901 RSBAC_AUTO_DEV, 01902 nr_type_hashes, 01903 (nr_type_hashes > 1) ? type_hash : NULL, 01904 NULL); 01905 if (err) { 01906 registration_error(err, "type IPC"); 01907 } 01908 if (!rsbac_no_defaults && !rsbac_list_count(type_ipc_handle)) { 01909 rsbac_rc_type_id_t type; 01910 char name[RSBAC_RC_NAME_LEN]; 01911 01912 type = RSBAC_RC_GENERAL_TYPE; 01913 strcpy(name, "General IPC"); 01914 rsbac_list_add(type_ipc_handle, &type, name); 01915 type = RSBAC_RC_SEC_TYPE; 01916 strcpy(name, "Security IPC"); 01917 rsbac_list_add(type_ipc_handle, &type, name); 01918 type = RSBAC_RC_SYS_TYPE; 01919 strcpy(name, "System IPC"); 01920 rsbac_list_add(type_ipc_handle, &type, &name); 01921 } 01922 list_info.version = RSBAC_RC_TYPE_USER_LIST_VERSION; 01923 list_info.key = RSBAC_RC_LIST_KEY; 01924 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01925 list_info.data_size = RSBAC_RC_NAME_LEN; 01926 list_info.max_age = 0; 01927 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01928 &type_user_handle, &list_info, 01929 #if defined(CONFIG_RSBAC_RC_BACKUP) 01930 RSBAC_LIST_BACKUP | 01931 #endif 01932 RSBAC_LIST_PERSIST | 01933 RSBAC_LIST_REPLICATE | 01934 RSBAC_LIST_AUTO_HASH_RESIZE, 01935 NULL, NULL, NULL, 01936 RSBAC_RC_TYPE_USER_FILENAME, 01937 RSBAC_AUTO_DEV, 01938 nr_type_hashes, 01939 (nr_type_hashes > 1) ? type_hash : NULL, 01940 NULL); 01941 if (err) { 01942 registration_error(err, "type USER"); 01943 } 01944 if (!rsbac_no_defaults && !rsbac_list_count(type_user_handle)) { 01945 rsbac_rc_type_id_t type; 01946 char name[RSBAC_RC_NAME_LEN]; 01947 01948 type = RSBAC_RC_GENERAL_TYPE; 01949 strcpy(name, "General User"); 01950 rsbac_list_add(type_user_handle, &type, name); 01951 type = RSBAC_RC_SEC_TYPE; 01952 strcpy(name, "Security User"); 01953 rsbac_list_add(type_user_handle, &type, name); 01954 type = RSBAC_RC_SYS_TYPE; 01955 strcpy(name, "System User"); 01956 rsbac_list_add(type_user_handle, &type, &name); 01957 } 01958 list_info.version = RSBAC_RC_TYPE_PROCESS_LIST_VERSION; 01959 list_info.key = RSBAC_RC_LIST_KEY; 01960 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01961 list_info.data_size = RSBAC_RC_NAME_LEN; 01962 list_info.max_age = 0; 01963 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01964 &type_process_handle, &list_info, 01965 #if defined(CONFIG_RSBAC_RC_BACKUP) 01966 RSBAC_LIST_BACKUP | 01967 #endif 01968 RSBAC_LIST_PERSIST | 01969 RSBAC_LIST_REPLICATE | 01970 RSBAC_LIST_AUTO_HASH_RESIZE, 01971 NULL, NULL, NULL, 01972 RSBAC_RC_TYPE_PROCESS_FILENAME, 01973 RSBAC_AUTO_DEV, 01974 nr_type_hashes, 01975 (nr_type_hashes > 1) ? type_hash : NULL, 01976 NULL); 01977 if (err) { 01978 registration_error(err, "type PROCESS"); 01979 } 01980 if (!rsbac_no_defaults && !rsbac_list_count(type_process_handle)) { 01981 rsbac_rc_type_id_t type; 01982 char name[RSBAC_RC_NAME_LEN]; 01983 01984 type = RSBAC_RC_GENERAL_TYPE; 01985 strcpy(name, "General Process"); 01986 rsbac_list_add(type_process_handle, &type, name); 01987 type = RSBAC_RC_SEC_TYPE; 01988 strcpy(name, "Security Proc"); 01989 rsbac_list_add(type_process_handle, &type, name); 01990 type = RSBAC_RC_SYS_TYPE; 01991 strcpy(name, "System Process"); 01992 rsbac_list_add(type_process_handle, &type, &name); 01993 } 01994 if (!rsbac_no_defaults) { 01995 rsbac_rc_type_id_t type = 01996 CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE; 01997 01998 if (!rsbac_list_exist(type_process_handle, &type)) { 01999 char name[RSBAC_RC_NAME_LEN]; 02000 rsbac_rc_role_id_t *role_array; 02001 u_long count; 02002 rsbac_rc_rights_vector_t rights; 02003 02004 strcpy(name, "Kernel Process"); 02005 rsbac_list_add(type_process_handle, &type, &name); 02006 02007 /* Set type compatibilities for the new type for all roles */ 02008 rights = RSBAC_READ_WRITE_REQUEST_VECTOR 02009 & RSBAC_PROCESS_REQUEST_VECTOR; 02010 02011 count = 02012 rsbac_list_lol_get_all_desc(role_tcpr_handle, 02013 (void **) 02014 &role_array); 02015 if (count > 0) { 02016 u_int i; 02017 02018 for (i = 0; i < count; i++) { 02019 if (!rsbac_list_lol_subexist 02020 (role_tcpr_handle, 02021 &role_array[i], &type)) 02022 rsbac_list_lol_subadd 02023 (role_tcpr_handle, 02024 &role_array[i], &type, 02025 &rights); 02026 } 02027 rsbac_vfree(role_array); 02028 } 02029 } 02030 } 02031 list_info.version = RSBAC_RC_TYPE_GROUP_LIST_VERSION; 02032 list_info.key = RSBAC_RC_LIST_KEY; 02033 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 02034 list_info.data_size = RSBAC_RC_NAME_LEN; 02035 list_info.max_age = 0; 02036 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 02037 &type_group_handle, &list_info, 02038 #if defined(CONFIG_RSBAC_RC_BACKUP) 02039 RSBAC_LIST_BACKUP | 02040 #endif 02041 RSBAC_LIST_PERSIST | 02042 RSBAC_LIST_REPLICATE | 02043 RSBAC_LIST_AUTO_HASH_RESIZE, 02044 NULL, NULL, NULL, 02045 RSBAC_RC_TYPE_GROUP_FILENAME, 02046 RSBAC_AUTO_DEV, 02047 nr_type_hashes, 02048 (nr_type_hashes > 1) ? type_hash : NULL, 02049 NULL); 02050 if (err) { 02051 registration_error(err, "type GROUP"); 02052 } 02053 if (!rsbac_no_defaults && !rsbac_list_count(type_group_handle)) { 02054 rsbac_rc_type_id_t type; 02055 char name[RSBAC_RC_NAME_LEN]; 02056 02057 type = RSBAC_RC_GENERAL_TYPE; 02058 strcpy(name, "General Group"); 02059 rsbac_list_add(type_group_handle, &type, name); 02060 } 02061 list_info.version = RSBAC_RC_TYPE_NETDEV_LIST_VERSION; 02062 list_info.key = RSBAC_RC_LIST_KEY; 02063 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 02064 list_info.data_size = RSBAC_RC_NAME_LEN; 02065 list_info.max_age = 0; 02066 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 02067 &type_netdev_handle, &list_info, 02068 #if defined(CONFIG_RSBAC_RC_BACKUP) 02069 RSBAC_LIST_BACKUP | 02070 #endif 02071 RSBAC_LIST_PERSIST | 02072 RSBAC_LIST_REPLICATE | 02073 RSBAC_LIST_AUTO_HASH_RESIZE, 02074 NULL, NULL, NULL, 02075 RSBAC_RC_TYPE_NETDEV_FILENAME, 02076 RSBAC_AUTO_DEV, 02077 nr_type_hashes, 02078 (nr_type_hashes > 1) ? type_hash : NULL, 02079 NULL); 02080 if (err) { 02081 registration_error(err, "type NETDEV"); 02082 } 02083 if (!rsbac_no_defaults && !rsbac_list_count(type_netdev_handle)) { 02084 rsbac_rc_type_id_t type; 02085 char name[RSBAC_RC_NAME_LEN]; 02086 02087 type = RSBAC_RC_GENERAL_TYPE; 02088 strcpy(name, "General NETDEV"); 02089 rsbac_list_add(type_netdev_handle, &type, name); 02090 type = RSBAC_RC_SEC_TYPE; 02091 strcpy(name, "Security NETDEV"); 02092 rsbac_list_add(type_netdev_handle, &type, name); 02093 type = RSBAC_RC_SYS_TYPE; 02094 strcpy(name, "System NETDEV"); 02095 rsbac_list_add(type_netdev_handle, &type, &name); 02096 } 02097 list_info.version = RSBAC_RC_TYPE_NETTEMP_LIST_VERSION; 02098 list_info.key = RSBAC_RC_LIST_KEY; 02099 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 02100 list_info.data_size = RSBAC_RC_NAME_LEN; 02101 list_info.max_age = 0; 02102 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 02103 &type_nettemp_handle, &list_info, 02104 #if defined(CONFIG_RSBAC_RC_BACKUP) 02105 RSBAC_LIST_BACKUP | 02106 #endif 02107 RSBAC_LIST_PERSIST | 02108 RSBAC_LIST_REPLICATE | 02109 RSBAC_LIST_AUTO_HASH_RESIZE, 02110 NULL, NULL, NULL, 02111 RSBAC_RC_TYPE_NETTEMP_FILENAME, 02112 RSBAC_AUTO_DEV, 02113 nr_type_hashes, 02114 (nr_type_hashes > 1) ? type_hash : NULL, 02115 NULL); 02116 if (err) { 02117 registration_error(err, "type NETTEMP"); 02118 } 02119 if (!rsbac_no_defaults && !rsbac_list_count(type_nettemp_handle)) { 02120 rsbac_rc_type_id_t type; 02121 char name[RSBAC_RC_NAME_LEN]; 02122 02123 type = RSBAC_RC_GENERAL_TYPE; 02124 strcpy(name, "General NETTEMP"); 02125 rsbac_list_add(type_nettemp_handle, &type, name); 02126 type = RSBAC_RC_SEC_TYPE; 02127 strcpy(name, "Securit NETTEMP"); 02128 rsbac_list_add(type_nettemp_handle, &type, name); 02129 type = RSBAC_RC_SYS_TYPE; 02130 strcpy(name, "System NETTEMP"); 02131 rsbac_list_add(type_nettemp_handle, &type, &name); 02132 } 02133 list_info.version = RSBAC_RC_TYPE_NETOBJ_LIST_VERSION; 02134 list_info.key = RSBAC_RC_LIST_KEY; 02135 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 02136 list_info.data_size = RSBAC_RC_NAME_LEN; 02137 list_info.max_age = 0; 02138 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 02139 &type_netobj_handle, &list_info, 02140 #if defined(CONFIG_RSBAC_RC_BACKUP) 02141 RSBAC_LIST_BACKUP | 02142 #endif 02143 RSBAC_LIST_PERSIST | 02144 RSBAC_LIST_REPLICATE | 02145 RSBAC_LIST_AUTO_HASH_RESIZE, 02146 NULL, NULL, NULL, 02147 RSBAC_RC_TYPE_NETOBJ_FILENAME, 02148 RSBAC_AUTO_DEV, 02149 nr_type_hashes, 02150 (nr_type_hashes > 1) ? type_hash : NULL, 02151 NULL); 02152 if (err) { 02153 registration_error(err, "type NETOBJ"); 02154 } 02155 if (!rsbac_no_defaults && !rsbac_list_count(type_netobj_handle)) { 02156 rsbac_rc_type_id_t type; 02157 char name[RSBAC_RC_NAME_LEN]; 02158 02159 type = RSBAC_RC_GENERAL_TYPE; 02160 strcpy(name, "General NETOBJ"); 02161 rsbac_list_add(type_netobj_handle, &type, name); 02162 type = RSBAC_RC_SEC_TYPE; 02163 strcpy(name, "Security NETOBJ"); 02164 rsbac_list_add(type_netobj_handle, &type, name); 02165 type = RSBAC_RC_SYS_TYPE; 02166 strcpy(name, "System NETOBJ"); 02167 rsbac_list_add(type_netobj_handle, &type, &name); 02168 } 02169 rsbac_pr_debug(stack, "free stack before adding proc entry: %lu\n", 02170 rsbac_stack_free_space()); 02171 #if defined(CONFIG_RSBAC_PROC) 02172 tmp_entry_p = create_proc_entry("stats_rc", 02173 S_IFREG | S_IRUGO, 02174 proc_rsbac_root_p); 02175 if (tmp_entry_p) { 02176 tmp_entry_p->get_info = stats_rc_proc_info; 02177 } 02178 #endif 02179 rsbac_pr_debug(stack, "final free stack: %lu\n", 02180 rsbac_stack_free_space()); 02181 rsbac_pr_debug(ds_rc, "Ready.\n"); 02182 return (err); 02183 }
rsbac_boolean_t rsbac_rc_check_comp | ( | rsbac_rc_role_id_t | role, | |
union rsbac_rc_target_id_t | subtid, | |||
enum rsbac_rc_item_t | item, | |||
enum rsbac_rc_special_rights_t | right | |||
) |
Definition at line 3196 of file rc_data_structures.c.
References FALSE, RC_role_max_value, RI_admin_roles, RI_assign_roles, RI_role_comp, RI_type_comp_dev, RI_type_comp_fd, RI_type_comp_group, RI_type_comp_ipc, RI_type_comp_netdev, RI_type_comp_netobj, RI_type_comp_nettemp, RI_type_comp_process, RI_type_comp_scd, RI_type_comp_user, rsbac_rc_target_id_t::role, role_adr_handle, role_asr_handle, role_rc_handle, role_tcdv_handle, role_tcfd_handle, role_tcgr_handle, role_tcip_handle, role_tcnd_handle, role_tcno_handle, role_tcnt_handle, role_tcpr_handle, role_tcsc_handle, role_tcus_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_lol_get_subdata(), rsbac_list_lol_subexist(), rsbac_printk(), RSBAC_RC_RIGHTS_VECTOR, TRUE, and rsbac_rc_target_id_t::type.
Referenced by check_comp_rc(), check_comp_rc_scd(), rsbac_adf_request_rc(), rsbac_rc_check_type_comp(), rsbac_rc_sys_change_role(), rsbac_rc_sys_set_item(), rsbac_rc_test_admin_roles(), and rsbac_rc_test_assign_roles().
03200 { 03201 rsbac_rc_rights_vector_t rights_vector; 03202 03203 if (!rsbac_is_initialized()) { 03204 rsbac_printk(KERN_WARNING "rsbac_rc_check_comp(): RSBAC not initialized\n"); 03205 return (-RSBAC_ENOTINITIALIZED); 03206 } 03207 if (in_interrupt()) { 03208 rsbac_printk(KERN_WARNING "rsbac_rc_check_comp(): called from interrupt!\n"); 03209 } 03210 if (role > RC_role_max_value) 03211 return FALSE; 03212 /* 03213 rsbac_pr_debug(ds_rc, "checking role compatibility\n"); 03214 */ 03215 switch (item) { 03216 case RI_role_comp: 03217 return rsbac_list_lol_subexist(role_rc_handle, &role, 03218 &subtid.role); 03219 case RI_admin_roles: 03220 return rsbac_list_lol_subexist(role_adr_handle, &role, 03221 &subtid.role); 03222 case RI_assign_roles: 03223 return rsbac_list_lol_subexist(role_asr_handle, &role, 03224 &subtid.role); 03225 case RI_type_comp_fd: 03226 if (!rsbac_list_lol_get_subdata 03227 (role_tcfd_handle, &role, &subtid.type, &rights_vector) 03228 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 03229 ) 03230 return TRUE; 03231 else 03232 return FALSE; 03233 case RI_type_comp_dev: 03234 if (!rsbac_list_lol_get_subdata 03235 (role_tcdv_handle, &role, &subtid.type, &rights_vector) 03236 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 03237 ) 03238 return TRUE; 03239 else 03240 return FALSE; 03241 case RI_type_comp_user: 03242 if (!rsbac_list_lol_get_subdata 03243 (role_tcus_handle, &role, &subtid.type, &rights_vector) 03244 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 03245 ) 03246 return TRUE; 03247 else 03248 return FALSE; 03249 case RI_type_comp_process: 03250 if (!rsbac_list_lol_get_subdata 03251 (role_tcpr_handle, &role, &subtid.type, &rights_vector) 03252 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 03253 ) 03254 return TRUE; 03255 else 03256 return FALSE; 03257 case RI_type_comp_ipc: 03258 if (!rsbac_list_lol_get_subdata 03259 (role_tcip_handle, &role, &subtid.type, &rights_vector) 03260 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 03261 ) 03262 return TRUE; 03263 else 03264 return FALSE; 03265 case RI_type_comp_scd: 03266 if (!rsbac_list_lol_get_subdata 03267 (role_tcsc_handle, &role, &subtid.type, &rights_vector) 03268 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 03269 ) 03270 return TRUE; 03271 else 03272 return FALSE; 03273 case RI_type_comp_group: 03274 if (!rsbac_list_lol_get_subdata 03275 (role_tcgr_handle, &role, &subtid.type, &rights_vector) 03276 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 03277 ) 03278 return TRUE; 03279 else 03280 return FALSE; 03281 case RI_type_comp_netdev: 03282 if (!rsbac_list_lol_get_subdata 03283 (role_tcnd_handle, &role, &subtid.type, &rights_vector) 03284 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 03285 ) 03286 return TRUE; 03287 else 03288 return FALSE; 03289 case RI_type_comp_nettemp: 03290 if (!rsbac_list_lol_get_subdata 03291 (role_tcnt_handle, &role, &subtid.type, &rights_vector) 03292 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 03293 ) 03294 return TRUE; 03295 else 03296 return FALSE; 03297 case RI_type_comp_netobj: 03298 if (!rsbac_list_lol_get_subdata 03299 (role_tcno_handle, &role, &subtid.type, &rights_vector) 03300 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 03301 ) 03302 return TRUE; 03303 else 03304 return FALSE; 03305 03306 default: 03307 rsbac_printk(KERN_WARNING "rsbac_rc_check_comp(): called for invalid item %u\n", 03308 item); 03309 return FALSE; 03310 } 03311 } /* end of rsbac_rc_check_comp() */
int rsbac_rc_copy_role | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_rc_role_id_t | from_role, | |||
rsbac_rc_role_id_t | to_role | |||
) |
Definition at line 2284 of file rc_data_structures.c.
02287 { 02288 struct rsbac_rc_role_entry_t entry; 02289 rsbac_rc_role_id_t *role_array; 02290 char *item_array; 02291 long count; 02292 u_long i; 02293 int err; 02294 02295 if (!rsbac_is_initialized()) { 02296 rsbac_printk(KERN_WARNING "rsbac_rc_copy_role(): RSBAC not initialized\n"); 02297 return (-RSBAC_ENOTINITIALIZED); 02298 } 02299 if ((from_role > RC_role_max_value) 02300 || (to_role > RC_role_max_value) 02301 || (to_role == from_role) 02302 ) 02303 return (-RSBAC_EINVALIDTARGET); 02304 02305 /* copy */ 02306 err = 02307 rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, 02308 &from_role, &entry); 02309 if (err) 02310 return err; 02311 err = 02312 rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &to_role, 02313 &entry); 02314 if (err) 02315 return err; 02316 02317 rsbac_ta_list_lol_remove(ta_number, role_rc_handle, &to_role); 02318 count = 02319 rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 02320 role_rc_handle, 02321 &from_role, 02322 (void **) &role_array, 02323 NULL); 02324 if (count > 0) { 02325 for (i = 0; i < count; i++) 02326 rsbac_ta_list_lol_subadd_ttl(ta_number, 02327 role_rc_handle, 0, 02328 &to_role, 02329 &role_array[i], 0); 02330 rsbac_vfree(role_array); 02331 } 02332 rsbac_ta_list_lol_remove(ta_number, role_adr_handle, &to_role); 02333 count = 02334 rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 02335 role_adr_handle, 02336 &from_role, 02337 (void **) &role_array, 02338 NULL); 02339 if (count > 0) { 02340 for (i = 0; i < count; i++) 02341 rsbac_ta_list_lol_subadd_ttl(ta_number, 02342 role_adr_handle, 0, 02343 &to_role, 02344 &role_array[i], 0); 02345 rsbac_vfree(role_array); 02346 } 02347 rsbac_ta_list_lol_remove(ta_number, role_asr_handle, &to_role); 02348 count = 02349 rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 02350 role_asr_handle, 02351 &from_role, 02352 (void **) &role_array, 02353 NULL); 02354 if (count > 0) { 02355 for (i = 0; i < count; i++) 02356 rsbac_ta_list_lol_subadd_ttl(ta_number, 02357 role_asr_handle, 0, 02358 &to_role, 02359 &role_array[i], 0); 02360 rsbac_vfree(role_array); 02361 } 02362 rsbac_ta_list_lol_remove(ta_number, role_dfdc_handle, &to_role); 02363 count = 02364 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02365 role_dfdc_handle, 02366 &from_role, 02367 (void **) &item_array, 02368 NULL); 02369 if (count > 0) { 02370 char *tmp = item_array; 02371 int size = 02372 rsbac_list_lol_get_subitem_size(role_dfdc_handle); 02373 02374 for (i = 0; i < count; i++) { 02375 rsbac_ta_list_lol_subadd_ttl(ta_number, 02376 role_dfdc_handle, 0, 02377 &to_role, tmp, 02378 tmp + 02379 sizeof 02380 (rsbac_rc_role_id_t)); 02381 tmp += size; 02382 } 02383 rsbac_vfree(item_array); 02384 } 02385 rsbac_ta_list_lol_remove(ta_number, role_tcfd_handle, &to_role); 02386 count = 02387 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02388 role_tcfd_handle, 02389 &from_role, 02390 (void **) &item_array, 02391 NULL); 02392 if (count > 0) { 02393 char *tmp = item_array; 02394 int size = 02395 rsbac_list_lol_get_subitem_size(role_tcfd_handle); 02396 02397 for (i = 0; i < count; i++) { 02398 rsbac_ta_list_lol_subadd_ttl(ta_number, 02399 role_tcfd_handle, 0, 02400 &to_role, tmp, 02401 tmp + 02402 sizeof 02403 (rsbac_rc_role_id_t)); 02404 tmp += size; 02405 } 02406 rsbac_vfree(item_array); 02407 } 02408 rsbac_ta_list_lol_remove(ta_number, role_tcdv_handle, &to_role); 02409 count = 02410 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02411 role_tcdv_handle, 02412 &from_role, 02413 (void **) &item_array, 02414 NULL); 02415 if (count > 0) { 02416 char *tmp = item_array; 02417 int size = 02418 rsbac_list_lol_get_subitem_size(role_tcdv_handle); 02419 02420 for (i = 0; i < count; i++) { 02421 rsbac_ta_list_lol_subadd_ttl(ta_number, 02422 role_tcdv_handle, 0, 02423 &to_role, tmp, 02424 tmp + 02425 sizeof 02426 (rsbac_rc_role_id_t)); 02427 tmp += size; 02428 } 02429 rsbac_vfree(item_array); 02430 } 02431 rsbac_ta_list_lol_remove(ta_number, role_tcus_handle, &to_role); 02432 count = 02433 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02434 role_tcus_handle, 02435 &from_role, 02436 (void **) &item_array, 02437 NULL); 02438 if (count > 0) { 02439 char *tmp = item_array; 02440 int size = 02441 rsbac_list_lol_get_subitem_size(role_tcus_handle); 02442 02443 for (i = 0; i < count; i++) { 02444 rsbac_ta_list_lol_subadd_ttl(ta_number, 02445 role_tcus_handle, 0, 02446 &to_role, tmp, 02447 tmp + 02448 sizeof 02449 (rsbac_rc_role_id_t)); 02450 tmp += size; 02451 } 02452 rsbac_vfree(item_array); 02453 } 02454 rsbac_ta_list_lol_remove(ta_number, role_tcpr_handle, &to_role); 02455 count = 02456 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02457 role_tcpr_handle, 02458 &from_role, 02459 (void **) &item_array, 02460 NULL); 02461 if (count > 0) { 02462 char *tmp = item_array; 02463 int size = 02464 rsbac_list_lol_get_subitem_size(role_tcpr_handle); 02465 02466 for (i = 0; i < count; i++) { 02467 rsbac_ta_list_lol_subadd_ttl(ta_number, 02468 role_tcpr_handle, 0, 02469 &to_role, tmp, 02470 tmp + 02471 sizeof 02472 (rsbac_rc_role_id_t)); 02473 tmp += size; 02474 } 02475 rsbac_vfree(item_array); 02476 } 02477 rsbac_ta_list_lol_remove(ta_number, role_tcip_handle, &to_role); 02478 count = 02479 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02480 role_tcip_handle, 02481 &from_role, 02482 (void **) &item_array, 02483 NULL); 02484 if (count > 0) { 02485 char *tmp = item_array; 02486 int size = 02487 rsbac_list_lol_get_subitem_size(role_tcip_handle); 02488 02489 for (i = 0; i < count; i++) { 02490 rsbac_ta_list_lol_subadd_ttl(ta_number, 02491 role_tcip_handle, 0, 02492 &to_role, tmp, 02493 tmp + 02494 sizeof 02495 (rsbac_rc_role_id_t)); 02496 tmp += size; 02497 } 02498 rsbac_vfree(item_array); 02499 } 02500 rsbac_ta_list_lol_remove(ta_number, role_tcsc_handle, &to_role); 02501 count = 02502 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02503 role_tcsc_handle, 02504 &from_role, 02505 (void **) &item_array, 02506 NULL); 02507 if (count > 0) { 02508 char *tmp = item_array; 02509 int size = 02510 rsbac_list_lol_get_subitem_size(role_tcsc_handle); 02511 02512 for (i = 0; i < count; i++) { 02513 rsbac_ta_list_lol_subadd_ttl(ta_number, 02514 role_tcsc_handle, 0, 02515 &to_role, tmp, 02516 tmp + 02517 sizeof 02518 (rsbac_rc_role_id_t)); 02519 tmp += size; 02520 } 02521 rsbac_vfree(item_array); 02522 } 02523 rsbac_ta_list_lol_remove(ta_number, role_tcgr_handle, &to_role); 02524 count = 02525 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02526 role_tcgr_handle, 02527 &from_role, 02528 (void **) &item_array, 02529 NULL); 02530 if (count > 0) { 02531 char *tmp = item_array; 02532 int size = 02533 rsbac_list_lol_get_subitem_size(role_tcgr_handle); 02534 02535 for (i = 0; i < count; i++) { 02536 rsbac_ta_list_lol_subadd_ttl(ta_number, 02537 role_tcgr_handle, 0, 02538 &to_role, tmp, 02539 tmp + 02540 sizeof 02541 (rsbac_rc_role_id_t)); 02542 tmp += size; 02543 } 02544 rsbac_vfree(item_array); 02545 } 02546 rsbac_ta_list_lol_remove(ta_number, role_tcnd_handle, &to_role); 02547 count = 02548 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02549 role_tcnd_handle, 02550 &from_role, 02551 (void **) &item_array, 02552 NULL); 02553 if (count > 0) { 02554 char *tmp = item_array; 02555 int size = 02556 rsbac_list_lol_get_subitem_size(role_tcnd_handle); 02557 02558 for (i = 0; i < count; i++) { 02559 rsbac_ta_list_lol_subadd_ttl(ta_number, 02560 role_tcnd_handle, 0, 02561 &to_role, tmp, 02562 tmp + 02563 sizeof 02564 (rsbac_rc_role_id_t)); 02565 tmp += size; 02566 } 02567 rsbac_vfree(item_array); 02568 } 02569 rsbac_ta_list_lol_remove(ta_number, role_tcnt_handle, &to_role); 02570 count = 02571 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02572 role_tcnt_handle, 02573 &from_role, 02574 (void **) &item_array, 02575 NULL); 02576 if (count > 0) { 02577 char *tmp = item_array; 02578 int size = 02579 rsbac_list_lol_get_subitem_size(role_tcnt_handle); 02580 02581 for (i = 0; i < count; i++) { 02582 rsbac_ta_list_lol_subadd_ttl(ta_number, 02583 role_tcnt_handle, 0, 02584 &to_role, tmp, 02585 tmp + 02586 sizeof 02587 (rsbac_rc_role_id_t)); 02588 tmp += size; 02589 } 02590 rsbac_vfree(item_array); 02591 } 02592 rsbac_ta_list_lol_remove(ta_number, role_tcno_handle, &to_role); 02593 count = 02594 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02595 role_tcno_handle, 02596 &from_role, 02597 (void **) &item_array, 02598 NULL); 02599 if (count > 0) { 02600 char *tmp = item_array; 02601 int size = 02602 rsbac_list_lol_get_subitem_size(role_tcno_handle); 02603 02604 for (i = 0; i < count; i++) { 02605 rsbac_ta_list_lol_subadd_ttl(ta_number, 02606 role_tcno_handle, 0, 02607 &to_role, tmp, 02608 tmp + 02609 sizeof 02610 (rsbac_rc_role_id_t)); 02611 tmp += size; 02612 } 02613 rsbac_vfree(item_array); 02614 } 02615 return 0; 02616 }
int rsbac_rc_copy_type | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
rsbac_rc_type_id_t | from_type, | |||
rsbac_rc_type_id_t | to_type | |||
) |
Definition at line 2618 of file rc_data_structures.c.
References NULL, RC_type_max_value, role_handle, role_tcdv_handle, role_tcfd_handle, role_tcgr_handle, role_tcip_handle, role_tcnd_handle, role_tcno_handle, role_tcnt_handle, role_tcpr_handle, role_tcus_handle, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), RSBAC_RC_NAME_LEN, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_all_desc(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_lol_get_subdata_ttl(), rsbac_ta_list_lol_subadd_ttl(), rsbac_ta_list_lol_subremove_from_all(), rsbac_vfree, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, T_USER, type_dev_handle, type_fd_handle, type_group_handle, type_ipc_handle, type_netdev_handle, type_netobj_handle, type_nettemp_handle, type_process_handle, and type_user_handle.
02622 { 02623 rsbac_rc_role_id_t *role_array; 02624 rsbac_list_handle_t i_type_handle = NULL; 02625 rsbac_list_handle_t i_comp_handle = NULL; 02626 struct rsbac_rc_type_fd_entry_t type_fd_entry; 02627 char type_name[RSBAC_RC_NAME_LEN]; 02628 long count; 02629 rsbac_time_t ttl; 02630 u_long i; 02631 int err; 02632 02633 if (!rsbac_is_initialized()) { 02634 rsbac_printk(KERN_WARNING "rsbac_rc_copy_type(): RSBAC not initialized\n"); 02635 return (-RSBAC_ENOTINITIALIZED); 02636 } 02637 if ((from_type > RC_type_max_value) 02638 || (to_type > RC_type_max_value) 02639 || (to_type == from_type) 02640 ) 02641 return (-RSBAC_EINVALIDTARGET); 02642 02643 switch (target) { 02644 case T_FILE: 02645 case T_DIR: 02646 case T_FIFO: 02647 case T_SYMLINK: 02648 case T_FD: 02649 i_type_handle = type_fd_handle; 02650 i_comp_handle = role_tcfd_handle; 02651 break; 02652 case T_DEV: 02653 i_type_handle = type_dev_handle; 02654 i_comp_handle = role_tcdv_handle; 02655 break; 02656 case T_USER: 02657 i_type_handle = type_user_handle; 02658 i_comp_handle = role_tcus_handle; 02659 break; 02660 case T_PROCESS: 02661 i_type_handle = type_process_handle; 02662 i_comp_handle = role_tcpr_handle; 02663 break; 02664 case T_IPC: 02665 i_type_handle = type_ipc_handle; 02666 i_comp_handle = role_tcip_handle; 02667 break; 02668 case T_GROUP: 02669 i_type_handle = type_group_handle; 02670 i_comp_handle = role_tcgr_handle; 02671 break; 02672 case T_NETDEV: 02673 i_type_handle = type_netdev_handle; 02674 i_comp_handle = role_tcnd_handle; 02675 break; 02676 case T_NETTEMP: 02677 i_type_handle = type_nettemp_handle; 02678 i_comp_handle = role_tcnt_handle; 02679 break; 02680 case T_NETOBJ: 02681 i_type_handle = type_netobj_handle; 02682 i_comp_handle = role_tcno_handle; 02683 break; 02684 02685 default: 02686 return -RSBAC_EINVALIDTARGET; 02687 } 02688 02689 /* copy */ 02690 if (i_type_handle == type_fd_handle) { 02691 err = 02692 rsbac_ta_list_get_data_ttl(ta_number, i_type_handle, 02693 &ttl, &from_type, 02694 &type_fd_entry); 02695 if (err) 02696 return err; 02697 err = 02698 rsbac_ta_list_add_ttl(ta_number, i_type_handle, ttl, 02699 &to_type, &type_fd_entry); 02700 if (err) 02701 return err; 02702 } else { 02703 err = 02704 rsbac_ta_list_get_data_ttl(ta_number, i_type_handle, 02705 NULL, &from_type, 02706 &type_name); 02707 if (err) 02708 return err; 02709 err = 02710 rsbac_ta_list_add_ttl(ta_number, i_type_handle, 0, 02711 &to_type, &type_name); 02712 if (err) 02713 return err; 02714 } 02715 02716 err = 02717 rsbac_ta_list_lol_subremove_from_all(ta_number, i_comp_handle, 02718 &to_type); 02719 if (err) 02720 return err; 02721 02722 count = rsbac_ta_list_get_all_desc(ta_number, role_handle, 02723 (void **) &role_array); 02724 if (count > 0) { 02725 rsbac_rc_rights_vector_t rights; 02726 02727 for (i = 0; i < count; i++) { 02728 err = rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02729 i_comp_handle, 02730 &ttl, 02731 &role_array 02732 [i], 02733 &from_type, 02734 &rights); 02735 if (!err) 02736 err = 02737 rsbac_ta_list_lol_subadd_ttl(ta_number, 02738 i_comp_handle, 02739 ttl, 02740 &role_array 02741 [i], 02742 &to_type, 02743 &rights); 02744 } 02745 rsbac_vfree(role_array); 02746 } 02747 return 0; 02748 }
int rsbac_rc_get_boot_role | ( | rsbac_rc_role_id_t * | role_p | ) |
Definition at line 2220 of file rc_data_structures.c.
References role_handle, RSBAC_ENOTFOUND, rsbac_list_get_desc(), and rsbac_rc_role_compare_data().
Referenced by rsbac_init().
02222 { 02223 /* Try to find role marked as boot role */ 02224 if (rsbac_list_get_desc(role_handle, 02225 role_p, role_p, rsbac_rc_role_compare_data) 02226 ) { /* none found */ 02227 return -RSBAC_ENOTFOUND; 02228 } 02229 return 0; 02230 }
int rsbac_rc_get_item | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
union rsbac_rc_target_id_t | tid, | |||
union rsbac_rc_target_id_t | subtid, | |||
enum rsbac_rc_item_t | item, | |||
union rsbac_rc_item_value_t * | value_p, | |||
rsbac_time_t * | ttl_p | |||
) |
Definition at line 2752 of file rc_data_structures.c.
References rsbac_rc_role_entry_t::admin_type, rsbac_rc_item_value_t::admin_type, rsbac_rc_role_entry_t::boot_role, rsbac_rc_item_value_t::boot_role, rsbac_rc_item_value_t::comp, rsbac_rc_role_entry_t::def_fd_create_type, rsbac_rc_role_entry_t::def_group_create_type, rsbac_rc_role_entry_t::def_ipc_create_type, rsbac_rc_role_entry_t::def_process_chown_type, rsbac_rc_role_entry_t::def_process_create_type, rsbac_rc_role_entry_t::def_process_execute_type, rsbac_rc_role_entry_t::def_unixsock_create_type, rsbac_rc_role_entry_t::def_user_create_type, FALSE, get_rc_scd_type_name(), rsbac_rc_type_fd_entry_t::name, rsbac_rc_role_entry_t::name, rsbac_rc_item_value_t::name, rsbac_rc_type_fd_entry_t::need_secdel, rsbac_rc_item_value_t::need_secdel, NULL, RC_role_max_value, RC_type_max_value, rsbac_rc_role_entry_t::req_reauth, rsbac_rc_item_value_t::req_reauth, RI_admin_roles, RI_admin_type, RI_assign_roles, RI_boot_role, RI_def_fd_create_type, RI_def_fd_ind_create_type, RI_def_group_create_type, RI_def_ipc_create_type, RI_def_process_chown_type, RI_def_process_create_type, RI_def_process_execute_type, RI_def_unixsock_create_type, RI_def_user_create_type, RI_name, RI_req_reauth, RI_role_comp, RI_type_comp_dev, RI_type_comp_fd, RI_type_comp_group, RI_type_comp_ipc, RI_type_comp_netdev, RI_type_comp_netobj, RI_type_comp_nettemp, RI_type_comp_process, RI_type_comp_scd, RI_type_comp_user, RI_type_dev_name, RI_type_fd_name, RI_type_fd_need_secdel, RI_type_group_name, RI_type_ipc_name, RI_type_netdev_name, RI_type_netobj_name, RI_type_nettemp_name, RI_type_process_name, RI_type_scd_name, RI_type_user_name, rsbac_rc_item_value_t::rights, rsbac_rc_target_id_t::role, role_adr_handle, role_asr_handle, role_dfdc_handle, role_handle, role_rc_handle, role_tcdv_handle, role_tcfd_handle, role_tcgr_handle, role_tcip_handle, role_tcnd_handle, role_tcno_handle, role_tcnt_handle, role_tcpr_handle, role_tcsc_handle, role_tcus_handle, RSBAC_EINVALIDATTR, RSBAC_EINVALIDTARGET, RSBAC_ENOMEM, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), RSBAC_RC_DEFAULT_RIGHTS_VECTOR, RSBAC_RC_NAME_LEN, rsbac_ta_list_get_data_ttl(), rsbac_ta_list_lol_get_subdata_ttl(), RT_ROLE, RT_TYPE, TRUE, rsbac_rc_target_id_t::type, type_dev_handle, type_fd_handle, type_group_handle, rsbac_rc_item_value_t::type_id, type_ipc_handle, type_netdev_handle, type_netobj_handle, type_nettemp_handle, type_process_handle, and type_user_handle.
02759 { 02760 int err = 0; 02761 struct rsbac_rc_role_entry_t role_entry; 02762 struct rsbac_rc_type_fd_entry_t type_fd_entry; 02763 02764 if (!rsbac_is_initialized()) { 02765 rsbac_printk(KERN_WARNING "rsbac_rc_get_item(): RSBAC not initialized\n"); 02766 return (-RSBAC_ENOTINITIALIZED); 02767 } 02768 if (in_interrupt()) { 02769 rsbac_printk(KERN_WARNING "rsbac_rc_get_item(): called from interrupt!\n"); 02770 } 02771 if (ttl_p) 02772 *ttl_p = 0; 02773 switch (target) { 02774 case RT_ROLE: 02775 if (tid.role > RC_role_max_value) 02776 return (-RSBAC_EINVALIDTARGET); 02777 /* 02778 rsbac_pr_debug(ds_rc, "getting role item value\n"); 02779 */ 02780 switch (item) { 02781 case RI_role_comp: 02782 if (!rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02783 role_rc_handle, 02784 ttl_p, 02785 &tid.role, 02786 &subtid. 02787 role, NULL)) 02788 value_p->comp = TRUE; 02789 else 02790 value_p->comp = FALSE; 02791 return 0; 02792 case RI_admin_roles: 02793 if (!rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02794 role_adr_handle, 02795 ttl_p, 02796 &tid.role, 02797 &subtid. 02798 role, NULL)) 02799 value_p->comp = TRUE; 02800 else 02801 value_p->comp = FALSE; 02802 return 0; 02803 case RI_assign_roles: 02804 if (!rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02805 role_asr_handle, 02806 ttl_p, 02807 &tid.role, 02808 &subtid. 02809 role, NULL)) 02810 value_p->comp = TRUE; 02811 else 02812 value_p->comp = FALSE; 02813 return 0; 02814 case RI_type_comp_fd: 02815 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02816 role_tcfd_handle, 02817 ttl_p, 02818 &tid.role, 02819 &subtid.type, 02820 &value_p-> 02821 rights)) { 02822 value_p->rights = 02823 RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 02824 if (ttl_p) 02825 *ttl_p = 0; 02826 } 02827 return 0; 02828 case RI_type_comp_dev: 02829 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02830 role_tcdv_handle, 02831 ttl_p, 02832 &tid.role, 02833 &subtid.type, 02834 &value_p-> 02835 rights)) { 02836 value_p->rights = 02837 RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 02838 if (ttl_p) 02839 *ttl_p = 0; 02840 } 02841 return 0; 02842 case RI_type_comp_user: 02843 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02844 role_tcus_handle, 02845 ttl_p, 02846 &tid.role, 02847 &subtid.type, 02848 &value_p-> 02849 rights)) { 02850 value_p->rights = 02851 RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 02852 if (ttl_p) 02853 *ttl_p = 0; 02854 } 02855 return 0; 02856 case RI_type_comp_process: 02857 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02858 role_tcpr_handle, 02859 ttl_p, 02860 &tid.role, 02861 &subtid.type, 02862 &value_p-> 02863 rights)) { 02864 value_p->rights = 02865 RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 02866 if (ttl_p) 02867 *ttl_p = 0; 02868 } 02869 return 0; 02870 case RI_type_comp_ipc: 02871 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02872 role_tcip_handle, 02873 ttl_p, 02874 &tid.role, 02875 &subtid.type, 02876 &value_p-> 02877 rights)) { 02878 value_p->rights = 02879 RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 02880 if (ttl_p) 02881 *ttl_p = 0; 02882 } 02883 return 0; 02884 case RI_type_comp_scd: 02885 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02886 role_tcsc_handle, 02887 ttl_p, 02888 &tid.role, 02889 &subtid.type, 02890 &value_p-> 02891 rights)) { 02892 value_p->rights = 02893 RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 02894 if (ttl_p) 02895 *ttl_p = 0; 02896 } 02897 return 0; 02898 case RI_type_comp_group: 02899 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02900 role_tcgr_handle, 02901 ttl_p, 02902 &tid.role, 02903 &subtid.type, 02904 &value_p-> 02905 rights)) { 02906 value_p->rights = 02907 RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 02908 if (ttl_p) 02909 *ttl_p = 0; 02910 } 02911 return 0; 02912 case RI_type_comp_netdev: 02913 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02914 role_tcnd_handle, 02915 ttl_p, 02916 &tid.role, 02917 &subtid.type, 02918 &value_p-> 02919 rights)) { 02920 value_p->rights = 02921 RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 02922 if (ttl_p) 02923 *ttl_p = 0; 02924 } 02925 return 0; 02926 case RI_type_comp_nettemp: 02927 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02928 role_tcnt_handle, 02929 ttl_p, 02930 &tid.role, 02931 &subtid.type, 02932 &value_p-> 02933 rights)) { 02934 value_p->rights = 02935 RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 02936 if (ttl_p) 02937 *ttl_p = 0; 02938 } 02939 return 0; 02940 case RI_type_comp_netobj: 02941 if (rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02942 role_tcno_handle, 02943 ttl_p, 02944 &tid.role, 02945 &subtid.type, 02946 &value_p-> 02947 rights)) { 02948 value_p->rights = 02949 RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 02950 if (ttl_p) 02951 *ttl_p = 0; 02952 } 02953 return 0; 02954 case RI_admin_type: 02955 if (! 02956 (err = 02957 rsbac_ta_list_get_data_ttl(ta_number, 02958 role_handle, NULL, 02959 &tid.role, 02960 &role_entry))) 02961 value_p->admin_type = 02962 role_entry.admin_type; 02963 return err; 02964 case RI_name: 02965 if (! 02966 (err = 02967 rsbac_ta_list_get_data_ttl(ta_number, 02968 role_handle, NULL, 02969 &tid.role, 02970 &role_entry))) { 02971 strncpy(value_p->name, role_entry.name, 02972 RSBAC_RC_NAME_LEN - 1); 02973 value_p->name[RSBAC_RC_NAME_LEN - 1] = 02974 (char) 0; 02975 } 02976 return err; 02977 case RI_def_fd_create_type: 02978 if (! 02979 (err = 02980 rsbac_ta_list_get_data_ttl(ta_number, 02981 role_handle, NULL, 02982 &tid.role, 02983 &role_entry))) 02984 value_p->type_id = 02985 role_entry.def_fd_create_type; 02986 return err; 02987 case RI_def_fd_ind_create_type: 02988 return rsbac_ta_list_lol_get_subdata_ttl(ta_number, 02989 role_dfdc_handle, 02990 ttl_p, 02991 &tid.role, 02992 &subtid. 02993 type, 02994 &value_p-> 02995 type_id); 02996 case RI_def_user_create_type: 02997 if (! 02998 (err = 02999 rsbac_ta_list_get_data_ttl(ta_number, 03000 role_handle, NULL, 03001 &tid.role, 03002 &role_entry))) 03003 value_p->type_id = 03004 role_entry.def_user_create_type; 03005 return err; 03006 case RI_def_process_create_type: 03007 if (! 03008 (err = 03009 rsbac_ta_list_get_data_ttl(ta_number, 03010 role_handle, NULL, 03011 &tid.role, 03012 &role_entry))) 03013 value_p->type_id = 03014 role_entry.def_process_create_type; 03015 return err; 03016 case RI_def_process_chown_type: 03017 if (! 03018 (err = 03019 rsbac_ta_list_get_data_ttl(ta_number, 03020 role_handle, NULL, 03021 &tid.role, 03022 &role_entry))) 03023 value_p->type_id = 03024 role_entry.def_process_chown_type; 03025 return err; 03026 case RI_def_process_execute_type: 03027 if (! 03028 (err = 03029 rsbac_ta_list_get_data_ttl(ta_number, 03030 role_handle, NULL, 03031 &tid.role, 03032 &role_entry))) 03033 value_p->type_id = 03034 role_entry.def_process_execute_type; 03035 return err; 03036 case RI_def_ipc_create_type: 03037 if (! 03038 (err = 03039 rsbac_ta_list_get_data_ttl(ta_number, 03040 role_handle, NULL, 03041 &tid.role, 03042 &role_entry))) 03043 value_p->type_id = 03044 role_entry.def_ipc_create_type; 03045 return err; 03046 case RI_def_group_create_type: 03047 if (! 03048 (err = 03049 rsbac_ta_list_get_data_ttl(ta_number, 03050 role_handle, NULL, 03051 &tid.role, 03052 &role_entry))) 03053 value_p->type_id = 03054 role_entry.def_group_create_type; 03055 return err; 03056 case RI_def_unixsock_create_type: 03057 if (! 03058 (err = 03059 rsbac_ta_list_get_data_ttl(ta_number, 03060 role_handle, NULL, 03061 &tid.role, 03062 &role_entry))) 03063 value_p->type_id = 03064 role_entry.def_unixsock_create_type; 03065 return err; 03066 case RI_boot_role: 03067 if (! 03068 (err = 03069 rsbac_ta_list_get_data_ttl(ta_number, 03070 role_handle, NULL, 03071 &tid.role, 03072 &role_entry))) 03073 value_p->boot_role = role_entry.boot_role; 03074 return err; 03075 case RI_req_reauth: 03076 if (! 03077 (err = 03078 rsbac_ta_list_get_data_ttl(ta_number, 03079 role_handle, NULL, 03080 &tid.role, 03081 &role_entry))) 03082 value_p->req_reauth = 03083 role_entry.req_reauth; 03084 return err; 03085 default: 03086 return -RSBAC_EINVALIDATTR; 03087 } 03088 /* return */ 03089 return (err); 03090 break; 03091 03092 case RT_TYPE: 03093 if (tid.type > RC_type_max_value) 03094 return (-RSBAC_EINVALIDTARGET); 03095 /* 03096 rsbac_pr_debug(ds_rc, "getting type item value\n"); 03097 */ 03098 switch (item) { 03099 case RI_type_fd_name: 03100 if (! 03101 (err = 03102 rsbac_ta_list_get_data_ttl(ta_number, 03103 type_fd_handle, 03104 NULL, &tid.type, 03105 &type_fd_entry))) { 03106 strncpy(value_p->name, type_fd_entry.name, 03107 RSBAC_RC_NAME_LEN - 1); 03108 value_p->name[RSBAC_RC_NAME_LEN - 1] = 03109 (char) 0; 03110 } 03111 return err; 03112 case RI_type_fd_need_secdel: 03113 if (! 03114 (err = 03115 rsbac_ta_list_get_data_ttl(ta_number, 03116 type_fd_handle, 03117 NULL, &tid.type, 03118 &type_fd_entry))) { 03119 value_p->need_secdel = 03120 type_fd_entry.need_secdel; 03121 } 03122 return err; 03123 case RI_type_dev_name: 03124 return rsbac_ta_list_get_data_ttl(ta_number, 03125 type_dev_handle, 03126 NULL, &tid.type, 03127 value_p->name); 03128 case RI_type_ipc_name: 03129 return rsbac_ta_list_get_data_ttl(ta_number, 03130 type_ipc_handle, 03131 NULL, &tid.type, 03132 value_p->name); 03133 case RI_type_user_name: 03134 return rsbac_ta_list_get_data_ttl(ta_number, 03135 type_user_handle, 03136 NULL, &tid.type, 03137 value_p->name); 03138 case RI_type_process_name: 03139 return rsbac_ta_list_get_data_ttl(ta_number, 03140 type_process_handle, 03141 NULL, &tid.type, 03142 value_p->name); 03143 case RI_type_group_name: 03144 return rsbac_ta_list_get_data_ttl(ta_number, 03145 type_group_handle, 03146 NULL, &tid.type, 03147 value_p->name); 03148 case RI_type_netdev_name: 03149 return rsbac_ta_list_get_data_ttl(ta_number, 03150 type_netdev_handle, 03151 NULL, &tid.type, 03152 value_p->name); 03153 case RI_type_nettemp_name: 03154 return rsbac_ta_list_get_data_ttl(ta_number, 03155 type_nettemp_handle, 03156 NULL, &tid.type, 03157 value_p->name); 03158 case RI_type_netobj_name: 03159 return rsbac_ta_list_get_data_ttl(ta_number, 03160 type_netobj_handle, 03161 NULL, &tid.type, 03162 value_p->name); 03163 case RI_type_scd_name: 03164 { 03165 char *tmp; 03166 03167 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 03168 if (!tmp) 03169 err = -RSBAC_ENOMEM; 03170 else { 03171 get_rc_scd_type_name(tmp, 03172 tid.type); 03173 strncpy(value_p->name, tmp, 03174 RSBAC_RC_NAME_LEN - 1); 03175 value_p->name[RSBAC_RC_NAME_LEN - 03176 1] = (char) 0; 03177 rsbac_kfree(tmp); 03178 } 03179 break; 03180 } 03181 default: 03182 err = -RSBAC_EINVALIDATTR; 03183 } 03184 /* and return */ 03185 return (err); 03186 break; 03187 03188 /* switch target: no valid target */ 03189 default: 03190 err = -RSBAC_EINVALIDTARGET; 03191 } 03192 return err; 03193 } /* end of rsbac_rc_get_item() */
int rsbac_rc_get_list | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
union rsbac_rc_target_id_t | tid, | |||
enum rsbac_rc_item_t | item, | |||
__u32 ** | array_pp, | |||
rsbac_time_t ** | ttl_array_pp | |||
) |
Definition at line 3315 of file rc_data_structures.c.
References NULL, RI_admin_roles, RI_assign_roles, RI_def_fd_ind_create_type, RI_name, RI_role_comp, RI_type_comp_dev, RI_type_comp_fd, RI_type_comp_group, RI_type_comp_ipc, RI_type_comp_netdev, RI_type_comp_netobj, RI_type_comp_nettemp, RI_type_comp_process, RI_type_comp_scd, RI_type_comp_user, RI_type_dev_name, RI_type_fd_name, RI_type_fd_need_secdel, RI_type_group_name, RI_type_ipc_name, RI_type_netdev_name, RI_type_netobj_name, RI_type_nettemp_name, RI_type_process_name, RI_type_user_name, rsbac_rc_target_id_t::role, role_adr_handle, role_asr_handle, role_dfdc_handle, role_handle, role_rc_handle, role_tcdv_handle, role_tcfd_handle, role_tcgr_handle, role_tcip_handle, role_tcnd_handle, role_tcno_handle, role_tcnt_handle, role_tcpr_handle, role_tcsc_handle, role_tcus_handle, RSBAC_EINVALIDATTR, RSBAC_EINVALIDTARGET, RSBAC_ENOTFOUND, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_ta_list_lol_get_all_subdesc_ttl(), rsbac_ta_list_lol_subcount(), RT_ROLE, RT_TYPE, type_dev_handle, type_fd_handle, type_group_handle, type_ipc_handle, type_netdev_handle, type_netobj_handle, type_nettemp_handle, type_process_handle, and type_user_handle.
03320 { 03321 int res; 03322 03323 if (!rsbac_is_initialized()) { 03324 rsbac_printk(KERN_WARNING "rsbac_rc_get_list(): RSBAC not initialized\n"); 03325 return (-RSBAC_ENOTINITIALIZED); 03326 } 03327 if (in_interrupt()) { 03328 rsbac_printk(KERN_WARNING "rsbac_rc_get_list(): called from interrupt!\n"); 03329 } 03330 if (ttl_array_pp) 03331 *ttl_array_pp = NULL; 03332 switch (target) { 03333 case RT_ROLE: 03334 /* 03335 rsbac_pr_debug(ds_rc, "getting role list\n"); 03336 */ 03337 switch (item) { 03338 case RI_name: 03339 if (array_pp) 03340 return 03341 rsbac_ta_list_get_all_desc(ta_number, 03342 role_handle, 03343 (void **) 03344 array_pp); 03345 else 03346 return rsbac_ta_list_count(ta_number, 03347 role_handle); 03348 case RI_role_comp: 03349 if (array_pp) 03350 res = 03351 rsbac_ta_list_lol_get_all_subdesc_ttl 03352 (ta_number, role_rc_handle, &tid.role, 03353 (void **) array_pp, ttl_array_pp); 03354 else 03355 res = 03356 rsbac_ta_list_lol_subcount(ta_number, 03357 role_rc_handle, 03358 &tid.role); 03359 if (res == -RSBAC_ENOTFOUND) 03360 return 0; 03361 else 03362 return res; 03363 case RI_admin_roles: 03364 if (array_pp) 03365 res = 03366 rsbac_ta_list_lol_get_all_subdesc_ttl 03367 (ta_number, role_adr_handle, &tid.role, 03368 (void **) array_pp, ttl_array_pp); 03369 else 03370 res = 03371 rsbac_ta_list_lol_subcount(ta_number, 03372 role_adr_handle, 03373 &tid.role); 03374 if (res == -RSBAC_ENOTFOUND) 03375 return 0; 03376 else 03377 return res; 03378 case RI_assign_roles: 03379 if (array_pp) 03380 res = 03381 rsbac_ta_list_lol_get_all_subdesc_ttl 03382 (ta_number, role_asr_handle, &tid.role, 03383 (void **) array_pp, ttl_array_pp); 03384 else 03385 res = 03386 rsbac_ta_list_lol_subcount(ta_number, 03387 role_asr_handle, 03388 &tid.role); 03389 if (res == -RSBAC_ENOTFOUND) 03390 return 0; 03391 else 03392 return res; 03393 case RI_def_fd_ind_create_type: 03394 if (array_pp) 03395 return 03396 rsbac_ta_list_lol_get_all_subdesc_ttl 03397 (ta_number, role_dfdc_handle, 03398 &tid.role, (void **) array_pp, 03399 ttl_array_pp); 03400 else 03401 return 03402 rsbac_ta_list_lol_subcount(ta_number, 03403 role_dfdc_handle, 03404 &tid.role); 03405 case RI_type_comp_fd: 03406 if (array_pp) 03407 return 03408 rsbac_ta_list_lol_get_all_subdesc_ttl 03409 (ta_number, role_tcfd_handle, 03410 &tid.role, (void **) array_pp, 03411 ttl_array_pp); 03412 else 03413 return 03414 rsbac_ta_list_lol_subcount(ta_number, 03415 role_tcfd_handle, 03416 &tid.role); 03417 case RI_type_comp_dev: 03418 if (array_pp) 03419 return 03420 rsbac_ta_list_lol_get_all_subdesc_ttl 03421 (ta_number, role_tcdv_handle, 03422 &tid.role, (void **) array_pp, 03423 ttl_array_pp); 03424 else 03425 return 03426 rsbac_ta_list_lol_subcount(ta_number, 03427 role_tcdv_handle, 03428 &tid.role); 03429 case RI_type_comp_user: 03430 if (array_pp) 03431 return 03432 rsbac_ta_list_lol_get_all_subdesc_ttl 03433 (ta_number, role_tcus_handle, 03434 &tid.role, (void **) array_pp, 03435 ttl_array_pp); 03436 else 03437 return 03438 rsbac_ta_list_lol_subcount(ta_number, 03439 role_tcus_handle, 03440 &tid.role); 03441 case RI_type_comp_process: 03442 if (array_pp) 03443 return 03444 rsbac_ta_list_lol_get_all_subdesc_ttl 03445 (ta_number, role_tcpr_handle, 03446 &tid.role, (void **) array_pp, 03447 ttl_array_pp); 03448 else 03449 return 03450 rsbac_ta_list_lol_subcount(ta_number, 03451 role_tcpr_handle, 03452 &tid.role); 03453 case RI_type_comp_ipc: 03454 if (array_pp) 03455 return 03456 rsbac_ta_list_lol_get_all_subdesc_ttl 03457 (ta_number, role_tcip_handle, 03458 &tid.role, (void **) array_pp, 03459 ttl_array_pp); 03460 else 03461 return 03462 rsbac_ta_list_lol_subcount(ta_number, 03463 role_tcip_handle, 03464 &tid.role); 03465 case RI_type_comp_scd: 03466 if (array_pp) 03467 return 03468 rsbac_ta_list_lol_get_all_subdesc_ttl 03469 (ta_number, role_tcsc_handle, 03470 &tid.role, (void **) array_pp, 03471 ttl_array_pp); 03472 else 03473 return 03474 rsbac_ta_list_lol_subcount(ta_number, 03475 role_tcsc_handle, 03476 &tid.role); 03477 case RI_type_comp_group: 03478 if (array_pp) 03479 return 03480 rsbac_ta_list_lol_get_all_subdesc_ttl 03481 (ta_number, role_tcgr_handle, 03482 &tid.role, (void **) array_pp, 03483 ttl_array_pp); 03484 else 03485 return 03486 rsbac_ta_list_lol_subcount(ta_number, 03487 role_tcgr_handle, 03488 &tid.role); 03489 case RI_type_comp_netdev: 03490 if (array_pp) 03491 return 03492 rsbac_ta_list_lol_get_all_subdesc_ttl 03493 (ta_number, role_tcnd_handle, 03494 &tid.role, (void **) array_pp, 03495 ttl_array_pp); 03496 else 03497 return 03498 rsbac_ta_list_lol_subcount(ta_number, 03499 role_tcnd_handle, 03500 &tid.role); 03501 case RI_type_comp_nettemp: 03502 if (array_pp) 03503 return 03504 rsbac_ta_list_lol_get_all_subdesc_ttl 03505 (ta_number, role_tcnt_handle, 03506 &tid.role, (void **) array_pp, 03507 ttl_array_pp); 03508 else 03509 return 03510 rsbac_ta_list_lol_subcount(ta_number, 03511 role_tcnt_handle, 03512 &tid.role); 03513 case RI_type_comp_netobj: 03514 if (array_pp) 03515 return 03516 rsbac_ta_list_lol_get_all_subdesc_ttl 03517 (ta_number, role_tcno_handle, 03518 &tid.role, (void **) array_pp, 03519 ttl_array_pp); 03520 else 03521 return 03522 rsbac_ta_list_lol_subcount(ta_number, 03523 role_tcno_handle, 03524 &tid.role); 03525 03526 default: 03527 return -RSBAC_EINVALIDATTR; 03528 } 03529 03530 case RT_TYPE: 03531 /* 03532 rsbac_pr_debug(ds_rc, "getting type item value\n"); 03533 */ 03534 switch (item) { 03535 case RI_type_fd_name: 03536 case RI_type_fd_need_secdel: 03537 if (array_pp) 03538 return 03539 rsbac_ta_list_get_all_desc(ta_number, 03540 type_fd_handle, 03541 (void **) 03542 array_pp); 03543 else 03544 return rsbac_ta_list_count(ta_number, 03545 type_fd_handle); 03546 case RI_type_dev_name: 03547 if (array_pp) 03548 return 03549 rsbac_ta_list_get_all_desc(ta_number, 03550 type_dev_handle, 03551 (void **) 03552 array_pp); 03553 else 03554 return rsbac_ta_list_count(ta_number, 03555 type_dev_handle); 03556 case RI_type_ipc_name: 03557 if (array_pp) 03558 return 03559 rsbac_ta_list_get_all_desc(ta_number, 03560 type_ipc_handle, 03561 (void **) 03562 array_pp); 03563 else 03564 return rsbac_ta_list_count(ta_number, 03565 type_ipc_handle); 03566 case RI_type_user_name: 03567 if (array_pp) 03568 return 03569 rsbac_ta_list_get_all_desc(ta_number, 03570 type_user_handle, 03571 (void **) 03572 array_pp); 03573 else 03574 return rsbac_ta_list_count(ta_number, 03575 type_user_handle); 03576 case RI_type_process_name: 03577 if (array_pp) 03578 return 03579 rsbac_ta_list_get_all_desc(ta_number, 03580 type_process_handle, 03581 (void **) 03582 array_pp); 03583 else 03584 return rsbac_ta_list_count(ta_number, 03585 type_process_handle); 03586 case RI_type_group_name: 03587 if (array_pp) 03588 return 03589 rsbac_ta_list_get_all_desc(ta_number, 03590 type_group_handle, 03591 (void **) 03592 array_pp); 03593 else 03594 return rsbac_ta_list_count(ta_number, 03595 type_group_handle); 03596 case RI_type_netdev_name: 03597 if (array_pp) 03598 return 03599 rsbac_ta_list_get_all_desc(ta_number, 03600 type_netdev_handle, 03601 (void **) 03602 array_pp); 03603 else 03604 return rsbac_ta_list_count(ta_number, 03605 type_netdev_handle); 03606 case RI_type_nettemp_name: 03607 if (array_pp) 03608 return 03609 rsbac_ta_list_get_all_desc(ta_number, 03610 type_nettemp_handle, 03611 (void **) 03612 array_pp); 03613 else 03614 return rsbac_ta_list_count(ta_number, 03615 type_nettemp_handle); 03616 case RI_type_netobj_name: 03617 if (array_pp) 03618 return 03619 rsbac_ta_list_get_all_desc(ta_number, 03620 type_netobj_handle, 03621 (void **) 03622 array_pp); 03623 else 03624 return rsbac_ta_list_count(ta_number, 03625 type_netobj_handle); 03626 03627 default: 03628 return -RSBAC_EINVALIDATTR; 03629 } 03630 03631 default: 03632 return -RSBAC_EINVALIDTARGET; 03633 } 03634 } /* end of rsbac_rc_get_list() */
rsbac_boolean_t rsbac_rc_role_exists | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_rc_role_id_t | role | |||
) |
Definition at line 2233 of file rc_data_structures.c.
References role_handle, and rsbac_ta_list_exist().
Referenced by rsbac_rc_sys_copy_role().
02235 { 02236 return rsbac_ta_list_exist(ta_number, role_handle, &role); 02237 }
int rsbac_rc_select_fd_create_type | ( | rsbac_rc_type_id_t | type | ) |
Definition at line 1694 of file rc_syscalls.c.
References A_rc_select_type, rsbac_target_id_t::process, rsbac_attribute_value_t::rc_select_type, RC_type_use_fd, RCR_SELECT, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_rc_check_type_comp(), rsbac_rc_type_exists(), rsbac_set_attr, SW_RC, T_FILE, and T_PROCESS.
Referenced by sys_rsbac_rc_select_fd_create_type().
01695 { 01696 01697 int res; 01698 01699 union rsbac_target_id_t tid; 01700 union rsbac_attribute_value_t attr_val; 01701 01702 /* sanity checks */ 01703 if (type != RC_type_use_fd) { 01704 if (!rsbac_rc_type_exists(0, T_FILE, type)) 01705 return -RSBAC_EINVALIDVALUE; 01706 #ifndef CONFIG_RSBAC_MAINT 01707 if (!rsbac_rc_check_type_comp(T_FILE, type, RCR_SELECT, current->pid)) { 01708 #ifdef CONFIG_RSBAC_SOFTMODE 01709 if( !rsbac_softmode 01710 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01711 && !rsbac_ind_softmode[SW_RC] 01712 #endif 01713 ) 01714 #endif 01715 return -EPERM; 01716 } 01717 #endif 01718 } 01719 01720 tid.process = current->pid; 01721 attr_val.rc_select_type = type; 01722 if ((res = rsbac_set_attr(SW_RC, 01723 T_PROCESS, 01724 tid, 01725 A_rc_select_type, 01726 attr_val))) { 01727 rsbac_printk(KERN_WARNING "rsbac_rc_select_fd_create_type(): rsbac_set_attr() returned error %i\n", res); 01728 return -EPERM; 01729 } 01730 01731 return 0; 01732 }
int rsbac_rc_set_item | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
union rsbac_rc_target_id_t | tid, | |||
union rsbac_rc_target_id_t | subtid, | |||
enum rsbac_rc_item_t | item, | |||
union rsbac_rc_item_value_t | value, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 3638 of file rc_data_structures.c.
References ACLS_ROLE, rsbac_rc_item_value_t::admin_type, rsbac_rc_role_entry_t::admin_type, rsbac_rc_item_value_t::boot_role, rsbac_rc_role_entry_t::boot_role, rsbac_rc_item_value_t::comp, rsbac_rc_role_entry_t::def_fd_create_type, rsbac_rc_role_entry_t::def_group_create_type, rsbac_rc_role_entry_t::def_ipc_create_type, rsbac_rc_role_entry_t::def_process_chown_type, rsbac_rc_role_entry_t::def_process_create_type, rsbac_rc_role_entry_t::def_process_execute_type, rsbac_rc_role_entry_t::def_unixsock_create_type, rsbac_rc_role_entry_t::def_user_create_type, rsbac_rc_type_fd_entry_t::name, rsbac_rc_role_entry_t::name, rsbac_rc_item_value_t::name, rsbac_rc_item_value_t::need_secdel, rsbac_rc_type_fd_entry_t::need_secdel, NULL, RC_role_max_value, RC_type_max_value, RC_type_min_special, rsbac_rc_item_value_t::req_reauth, rsbac_rc_role_entry_t::req_reauth, RI_admin_roles, RI_admin_type, RI_assign_roles, RI_boot_role, RI_def_fd_create_type, RI_def_fd_ind_create_type, RI_def_fd_ind_create_type_remove, RI_def_group_create_type, RI_def_ipc_create_type, RI_def_process_chown_type, RI_def_process_create_type, RI_def_process_execute_type, RI_def_unixsock_create_type, RI_def_user_create_type, RI_name, RI_remove_role, RI_req_reauth, RI_role_comp, RI_type_comp_dev, RI_type_comp_fd, RI_type_comp_group, RI_type_comp_ipc, RI_type_comp_netdev, RI_type_comp_netobj, RI_type_comp_nettemp, RI_type_comp_process, RI_type_comp_scd, RI_type_comp_user, RI_type_dev_name, RI_type_dev_remove, RI_type_fd_name, RI_type_fd_need_secdel, RI_type_fd_remove, RI_type_group_name, RI_type_group_remove, RI_type_ipc_name, RI_type_ipc_remove, RI_type_netdev_name, RI_type_netdev_remove, RI_type_netobj_name, RI_type_netobj_remove, RI_type_nettemp_name, RI_type_nettemp_remove, RI_type_process_name, RI_type_process_remove, RI_type_user_name, RI_type_user_remove, rsbac_rc_item_value_t::rights, rsbac_rc_target_id_t::role, role_adr_handle, role_asr_handle, role_dfdc_handle, role_handle, role_rc_handle, role_tcdv_handle, role_tcfd_handle, role_tcgr_handle, role_tcip_handle, role_tcnd_handle, role_tcno_handle, role_tcnt_handle, role_tcpr_handle, role_tcsc_handle, role_tcus_handle, rsbac_acl_remove_subject(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_pr_debug, rsbac_printk(), RSBAC_RC_NAME_LEN, rsbac_ta_list_add_ttl(), rsbac_ta_list_exist(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_lol_remove(), rsbac_ta_list_lol_subadd_ttl(), rsbac_ta_list_lol_subremove(), rsbac_ta_list_lol_subremove_from_all(), rsbac_ta_list_remove(), RST_min, RST_none, RT_ROLE, RT_TYPE, ST_none, rsbac_acl_entry_desc_t::subj_id, rsbac_acl_entry_desc_t::subj_type, rsbac_rc_target_id_t::type, type_dev_handle, type_fd_handle, type_group_handle, rsbac_rc_item_value_t::type_id, type_ipc_handle, type_netdev_handle, type_netobj_handle, type_nettemp_handle, type_process_handle, and type_user_handle.
03644 { 03645 int err = 0; 03646 03647 if (!rsbac_is_initialized()) { 03648 rsbac_printk(KERN_WARNING "rsbac_rc_set_item(): RSBAC not initialized\n"); 03649 return (-RSBAC_ENOTINITIALIZED); 03650 } 03651 if (in_interrupt()) { 03652 rsbac_printk(KERN_WARNING "rsbac_rc_set_item(): called from interrupt!\n"); 03653 } 03654 switch (target) { 03655 case RT_ROLE: 03656 if (tid.role > RC_role_max_value) 03657 return (-RSBAC_EINVALIDTARGET); 03658 if ((item != RI_name) 03659 && !rsbac_ta_list_exist(ta_number, role_handle, 03660 &tid.role) 03661 ) 03662 return (-RSBAC_EINVALIDTARGET); 03663 rsbac_pr_debug(ds_rc, "Setting role item value\n"); 03664 switch (item) { 03665 case RI_role_comp: 03666 if (value.comp) { 03667 return 03668 rsbac_ta_list_lol_subadd_ttl(ta_number, 03669 role_rc_handle, 03670 ttl, 03671 &tid.role, 03672 &subtid. 03673 role, 03674 NULL); 03675 } else { 03676 rsbac_ta_list_lol_subremove(ta_number, 03677 role_rc_handle, 03678 &tid.role, 03679 &subtid.role); 03680 return 0; 03681 } 03682 case RI_admin_roles: 03683 if (value.comp) { 03684 return 03685 rsbac_ta_list_lol_subadd_ttl(ta_number, 03686 role_adr_handle, 03687 ttl, 03688 &tid.role, 03689 &subtid. 03690 role, 03691 NULL); 03692 } else { 03693 rsbac_ta_list_lol_subremove(ta_number, 03694 role_adr_handle, 03695 &tid.role, 03696 &subtid.role); 03697 return 0; 03698 } 03699 case RI_assign_roles: 03700 if (value.comp) { 03701 return 03702 rsbac_ta_list_lol_subadd_ttl(ta_number, 03703 role_asr_handle, 03704 ttl, 03705 &tid.role, 03706 &subtid. 03707 role, 03708 NULL); 03709 } else { 03710 rsbac_ta_list_lol_subremove(ta_number, 03711 role_asr_handle, 03712 &tid.role, 03713 &subtid.role); 03714 return 0; 03715 } 03716 case RI_type_comp_fd: 03717 if (!rsbac_ta_list_exist 03718 (ta_number, type_fd_handle, &subtid.type)) 03719 return -RSBAC_EINVALIDVALUE; 03720 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03721 role_tcfd_handle, 03722 ttl, 03723 &tid.role, 03724 &subtid.type, 03725 &value.rights); 03726 case RI_type_comp_dev: 03727 if (!rsbac_ta_list_exist 03728 (ta_number, type_dev_handle, &subtid.type)) 03729 return -RSBAC_EINVALIDVALUE; 03730 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03731 role_tcdv_handle, 03732 ttl, 03733 &tid.role, 03734 &subtid.type, 03735 &value.rights); 03736 case RI_type_comp_user: 03737 if (!rsbac_ta_list_exist 03738 (ta_number, type_user_handle, &subtid.type)) 03739 return -RSBAC_EINVALIDVALUE; 03740 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03741 role_tcus_handle, 03742 ttl, 03743 &tid.role, 03744 &subtid.type, 03745 &value.rights); 03746 case RI_type_comp_process: 03747 if (!rsbac_ta_list_exist 03748 (ta_number, type_process_handle, &subtid.type)) 03749 return -RSBAC_EINVALIDVALUE; 03750 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03751 role_tcpr_handle, 03752 ttl, 03753 &tid.role, 03754 &subtid.type, 03755 &value.rights); 03756 case RI_type_comp_ipc: 03757 if (!rsbac_ta_list_exist 03758 (ta_number, type_ipc_handle, &subtid.type)) 03759 return -RSBAC_EINVALIDVALUE; 03760 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03761 role_tcip_handle, 03762 ttl, 03763 &tid.role, 03764 &subtid.type, 03765 &value.rights); 03766 case RI_type_comp_scd: 03767 if ((subtid.type >= ST_none) 03768 && (subtid.type < RST_min) 03769 ) 03770 return -RSBAC_EINVALIDVALUE; 03771 if (subtid.type >= RST_none) 03772 return -RSBAC_EINVALIDVALUE; 03773 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03774 role_tcsc_handle, 03775 ttl, 03776 &tid.role, 03777 &subtid.type, 03778 &value.rights); 03779 case RI_type_comp_group: 03780 if (!rsbac_ta_list_exist 03781 (ta_number, type_group_handle, &subtid.type)) 03782 return -RSBAC_EINVALIDVALUE; 03783 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03784 role_tcgr_handle, 03785 ttl, 03786 &tid.role, 03787 &subtid.type, 03788 &value.rights); 03789 case RI_type_comp_netdev: 03790 if (!rsbac_ta_list_exist 03791 (ta_number, type_netdev_handle, &subtid.type)) 03792 return -RSBAC_EINVALIDVALUE; 03793 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03794 role_tcnd_handle, 03795 ttl, 03796 &tid.role, 03797 &subtid.type, 03798 &value.rights); 03799 case RI_type_comp_nettemp: 03800 if (!rsbac_ta_list_exist 03801 (ta_number, type_nettemp_handle, &subtid.type)) 03802 return -RSBAC_EINVALIDVALUE; 03803 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03804 role_tcnt_handle, 03805 ttl, 03806 &tid.role, 03807 &subtid.type, 03808 &value.rights); 03809 case RI_type_comp_netobj: 03810 if (!rsbac_ta_list_exist 03811 (ta_number, type_netobj_handle, &subtid.type)) 03812 return -RSBAC_EINVALIDVALUE; 03813 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03814 role_tcno_handle, 03815 ttl, 03816 &tid.role, 03817 &subtid.type, 03818 &value.rights); 03819 case RI_admin_type: 03820 { 03821 struct rsbac_rc_role_entry_t entry; 03822 03823 err = 03824 rsbac_ta_list_get_data_ttl(ta_number, 03825 role_handle, 03826 NULL, 03827 &tid.role, 03828 &entry); 03829 if (err) 03830 return err; 03831 entry.admin_type = value.admin_type; 03832 return rsbac_ta_list_add_ttl(ta_number, 03833 role_handle, 03834 0, &tid.role, 03835 &entry); 03836 } 03837 case RI_name: 03838 { 03839 struct rsbac_rc_role_entry_t entry; 03840 03841 /* no empty names */ 03842 if (!value.name[0]) 03843 return -RSBAC_EINVALIDVALUE; 03844 /* create, if necessary, and set name */ 03845 memset(&entry, 0, 03846 sizeof(struct 03847 rsbac_rc_role_entry_t)); 03848 rsbac_ta_list_get_data_ttl(ta_number, 03849 role_handle, 03850 NULL, &tid.role, 03851 &entry); 03852 strncpy(entry.name, value.name, 03853 RSBAC_RC_NAME_LEN - 1); 03854 entry.name[RSBAC_RC_NAME_LEN - 1] = 0; 03855 return rsbac_ta_list_add_ttl(ta_number, 03856 role_handle, 03857 0, &tid.role, 03858 &entry); 03859 } 03860 case RI_remove_role: 03861 if (!tid.role) 03862 return -RSBAC_EINVALIDVALUE; 03863 /* remove role compat. */ 03864 rsbac_ta_list_lol_remove(ta_number, role_rc_handle, 03865 &tid.role); 03866 /* remove from other roles' role compat */ 03867 rsbac_ta_list_lol_subremove_from_all(ta_number, 03868 role_rc_handle, 03869 &tid.role); 03870 03871 /* remove admin roles */ 03872 rsbac_ta_list_lol_remove(ta_number, 03873 role_adr_handle, 03874 &tid.role); 03875 /* remove from other roles' admin roles */ 03876 rsbac_ta_list_lol_subremove_from_all(ta_number, 03877 role_adr_handle, 03878 &tid.role); 03879 03880 /* remove assign roles */ 03881 rsbac_ta_list_lol_remove(ta_number, 03882 role_asr_handle, 03883 &tid.role); 03884 /* remove from other roles' assign roles */ 03885 rsbac_ta_list_lol_subremove_from_all(ta_number, 03886 role_asr_handle, 03887 &tid.role); 03888 03889 /* remove def_fd_ind_create_type */ 03890 rsbac_ta_list_lol_remove(ta_number, 03891 role_dfdc_handle, 03892 &tid.role); 03893 03894 /* remove type compatibilities */ 03895 rsbac_ta_list_lol_remove(ta_number, 03896 role_tcfd_handle, 03897 &tid.role); 03898 rsbac_ta_list_lol_remove(ta_number, 03899 role_tcdv_handle, 03900 &tid.role); 03901 rsbac_ta_list_lol_remove(ta_number, 03902 role_tcus_handle, 03903 &tid.role); 03904 rsbac_ta_list_lol_remove(ta_number, 03905 role_tcpr_handle, 03906 &tid.role); 03907 rsbac_ta_list_lol_remove(ta_number, 03908 role_tcip_handle, 03909 &tid.role); 03910 rsbac_ta_list_lol_remove(ta_number, 03911 role_tcsc_handle, 03912 &tid.role); 03913 rsbac_ta_list_lol_remove(ta_number, 03914 role_tcgr_handle, 03915 &tid.role); 03916 rsbac_ta_list_lol_remove(ta_number, 03917 role_tcnd_handle, 03918 &tid.role); 03919 rsbac_ta_list_lol_remove(ta_number, 03920 role_tcnt_handle, 03921 &tid.role); 03922 rsbac_ta_list_lol_remove(ta_number, 03923 role_tcno_handle, 03924 &tid.role); 03925 03926 #ifdef CONFIG_RSBAC_ACL 03927 /* remove ACL entries */ 03928 { 03929 struct rsbac_acl_entry_desc_t desc; 03930 03931 desc.subj_type = ACLS_ROLE; 03932 desc.subj_id = tid.role; 03933 rsbac_acl_remove_subject(ta_number, desc); 03934 } 03935 #endif 03936 03937 return rsbac_ta_list_remove(ta_number, role_handle, 03938 &tid.role); 03939 03940 case RI_def_fd_create_type: 03941 { 03942 struct rsbac_rc_role_entry_t entry; 03943 03944 if ((value.type_id <= RC_type_max_value) 03945 && !rsbac_ta_list_exist(ta_number, 03946 type_fd_handle, 03947 &value.type_id) 03948 ) 03949 return -RSBAC_EINVALIDVALUE; 03950 if ((value.type_id > RC_type_max_value) 03951 && (value.type_id < 03952 RC_type_min_special) 03953 ) 03954 return -RSBAC_EINVALIDVALUE; 03955 err = 03956 rsbac_ta_list_get_data_ttl(ta_number, 03957 role_handle, 03958 NULL, 03959 &tid.role, 03960 &entry); 03961 if (err) 03962 return err; 03963 entry.def_fd_create_type = value.type_id; 03964 return rsbac_ta_list_add_ttl(ta_number, 03965 role_handle, 03966 0, &tid.role, 03967 &entry); 03968 } 03969 case RI_def_fd_ind_create_type: 03970 if ((value.type_id <= RC_type_max_value) 03971 && !rsbac_ta_list_exist(ta_number, 03972 type_fd_handle, 03973 &value.type_id) 03974 ) 03975 return -RSBAC_EINVALIDVALUE; 03976 if ((value.type_id > RC_type_max_value) 03977 && (value.type_id < RC_type_min_special) 03978 ) 03979 return -RSBAC_EINVALIDVALUE; 03980 return rsbac_ta_list_lol_subadd_ttl(ta_number, 03981 role_dfdc_handle, 03982 ttl, 03983 &tid.role, 03984 &subtid.type, 03985 &value. 03986 type_id); 03987 case RI_def_fd_ind_create_type_remove: 03988 return rsbac_ta_list_lol_subremove(ta_number, 03989 role_dfdc_handle, 03990 &tid.role, 03991 &subtid.type); 03992 03993 case RI_def_user_create_type: 03994 { 03995 struct rsbac_rc_role_entry_t entry; 03996 03997 if ((value.type_id <= RC_type_max_value) 03998 && !rsbac_ta_list_exist(ta_number, 03999 type_user_handle, 04000 &value.type_id) 04001 ) 04002 return -RSBAC_EINVALIDVALUE; 04003 if ((value.type_id > RC_type_max_value) 04004 && (value.type_id < 04005 RC_type_min_special) 04006 ) 04007 return -RSBAC_EINVALIDVALUE; 04008 err = 04009 rsbac_ta_list_get_data_ttl(ta_number, 04010 role_handle, 04011 NULL, 04012 &tid.role, 04013 &entry); 04014 if (err) 04015 return err; 04016 entry.def_user_create_type = value.type_id; 04017 return rsbac_ta_list_add_ttl(ta_number, 04018 role_handle, 04019 0, &tid.role, 04020 &entry); 04021 } 04022 case RI_def_process_create_type: 04023 { 04024 struct rsbac_rc_role_entry_t entry; 04025 04026 if ((value.type_id <= RC_type_max_value) 04027 && !rsbac_ta_list_exist(ta_number, 04028 type_process_handle, 04029 &value.type_id) 04030 ) 04031 return -RSBAC_EINVALIDVALUE; 04032 if ((value.type_id > RC_type_max_value) 04033 && (value.type_id < 04034 RC_type_min_special) 04035 ) 04036 return -RSBAC_EINVALIDVALUE; 04037 err = 04038 rsbac_ta_list_get_data_ttl(ta_number, 04039 role_handle, 04040 NULL, 04041 &tid.role, 04042 &entry); 04043 if (err) 04044 return err; 04045 entry.def_process_create_type = 04046 value.type_id; 04047 return rsbac_ta_list_add_ttl(ta_number, 04048 role_handle, 04049 0, &tid.role, 04050 &entry); 04051 } 04052 case RI_def_process_chown_type: 04053 { 04054 struct rsbac_rc_role_entry_t entry; 04055 04056 if ((value.type_id <= RC_type_max_value) 04057 && !rsbac_ta_list_exist(ta_number, 04058 type_process_handle, 04059 &value.type_id) 04060 ) 04061 return -RSBAC_EINVALIDVALUE; 04062 if ((value.type_id > RC_type_max_value) 04063 && (value.type_id < 04064 RC_type_min_special) 04065 ) 04066 return -RSBAC_EINVALIDVALUE; 04067 err = 04068 rsbac_ta_list_get_data_ttl(ta_number, 04069 role_handle, 04070 NULL, 04071 &tid.role, 04072 &entry); 04073 if (err) 04074 return err; 04075 entry.def_process_chown_type = 04076 value.type_id; 04077 return rsbac_ta_list_add_ttl(ta_number, 04078 role_handle, 04079 0, &tid.role, 04080 &entry); 04081 } 04082 case RI_def_process_execute_type: 04083 { 04084 struct rsbac_rc_role_entry_t entry; 04085 04086 if ((value.type_id <= RC_type_max_value) 04087 && !rsbac_ta_list_exist(ta_number, 04088 type_process_handle, 04089 &value.type_id) 04090 ) 04091 return -RSBAC_EINVALIDVALUE; 04092 if ((value.type_id > RC_type_max_value) 04093 && (value.type_id < 04094 RC_type_min_special) 04095 ) 04096 return -RSBAC_EINVALIDVALUE; 04097 err = 04098 rsbac_ta_list_get_data_ttl(ta_number, 04099 role_handle, 04100 NULL, 04101 &tid.role, 04102 &entry); 04103 if (err) 04104 return err; 04105 entry.def_process_execute_type = 04106 value.type_id; 04107 return rsbac_ta_list_add_ttl(ta_number, 04108 role_handle, 04109 0, &tid.role, 04110 &entry); 04111 } 04112 case RI_def_ipc_create_type: 04113 { 04114 struct rsbac_rc_role_entry_t entry; 04115 04116 if ((value.type_id <= RC_type_max_value) 04117 && !rsbac_ta_list_exist(ta_number, 04118 type_ipc_handle, 04119 &value.type_id) 04120 ) 04121 return -RSBAC_EINVALIDVALUE; 04122 if ((value.type_id > RC_type_max_value) 04123 && (value.type_id < 04124 RC_type_min_special) 04125 ) 04126 return -RSBAC_EINVALIDVALUE; 04127 err = 04128 rsbac_ta_list_get_data_ttl(ta_number, 04129 role_handle, 04130 NULL, 04131 &tid.role, 04132 &entry); 04133 if (err) 04134 return err; 04135 entry.def_ipc_create_type = value.type_id; 04136 return rsbac_ta_list_add_ttl(ta_number, 04137 role_handle, 04138 0, &tid.role, 04139 &entry); 04140 } 04141 case RI_def_group_create_type: 04142 { 04143 struct rsbac_rc_role_entry_t entry; 04144 04145 if ((value.type_id <= RC_type_max_value) 04146 && !rsbac_ta_list_exist(ta_number, 04147 type_group_handle, 04148 &value.type_id) 04149 ) 04150 return -RSBAC_EINVALIDVALUE; 04151 if ((value.type_id > RC_type_max_value) 04152 && (value.type_id < 04153 RC_type_min_special) 04154 ) 04155 return -RSBAC_EINVALIDVALUE; 04156 err = 04157 rsbac_ta_list_get_data_ttl(ta_number, 04158 role_handle, 04159 NULL, 04160 &tid.role, 04161 &entry); 04162 if (err) 04163 return err; 04164 entry.def_group_create_type = 04165 value.type_id; 04166 return rsbac_ta_list_add_ttl(ta_number, 04167 role_handle, 04168 0, &tid.role, 04169 &entry); 04170 } 04171 case RI_def_unixsock_create_type: 04172 { 04173 struct rsbac_rc_role_entry_t entry; 04174 04175 if ((value.type_id <= RC_type_max_value) 04176 && !rsbac_ta_list_exist(ta_number, 04177 type_fd_handle, 04178 &value.type_id) 04179 ) 04180 return -RSBAC_EINVALIDVALUE; 04181 if ((value.type_id > RC_type_max_value) 04182 && (value.type_id < 04183 RC_type_min_special) 04184 ) 04185 return -RSBAC_EINVALIDVALUE; 04186 err = 04187 rsbac_ta_list_get_data_ttl(ta_number, 04188 role_handle, 04189 NULL, 04190 &tid.role, 04191 &entry); 04192 if (err) 04193 return err; 04194 entry.def_unixsock_create_type = 04195 value.type_id; 04196 return rsbac_ta_list_add_ttl(ta_number, 04197 role_handle, 04198 0, &tid.role, 04199 &entry); 04200 } 04201 case RI_boot_role: 04202 { 04203 struct rsbac_rc_role_entry_t entry; 04204 04205 err = 04206 rsbac_ta_list_get_data_ttl(ta_number, 04207 role_handle, 04208 NULL, 04209 &tid.role, 04210 &entry); 04211 if (err) 04212 return err; 04213 entry.boot_role = value.boot_role; 04214 return rsbac_ta_list_add_ttl(ta_number, 04215 role_handle, 04216 0, &tid.role, 04217 &entry); 04218 } 04219 case RI_req_reauth: 04220 { 04221 struct rsbac_rc_role_entry_t entry; 04222 04223 err = 04224 rsbac_ta_list_get_data_ttl(ta_number, 04225 role_handle, 04226 NULL, 04227 &tid.role, 04228 &entry); 04229 if (err) 04230 return err; 04231 entry.req_reauth = value.req_reauth; 04232 // printk(KERN_WARNING "entry %u value %u\n", 04233 // entry.req_reauth, value.req_reauth); 04234 return rsbac_ta_list_add_ttl(ta_number, 04235 role_handle, 04236 0, &tid.role, 04237 &entry); 04238 } 04239 04240 default: 04241 return -RSBAC_EINVALIDATTR; 04242 } 04243 04244 case RT_TYPE: 04245 if (tid.type > RC_type_max_value) 04246 return (-RSBAC_EINVALIDTARGET); 04247 rsbac_pr_debug(ds_rc, "Setting type item value\n"); 04248 switch (item) { 04249 case RI_type_fd_name: 04250 { 04251 struct rsbac_rc_type_fd_entry_t entry; 04252 04253 /* no empty names */ 04254 if (!value.name[0]) 04255 return -RSBAC_EINVALIDVALUE; 04256 /* create, if necessary, and set name */ 04257 memset(&entry, 0, 04258 sizeof(struct 04259 rsbac_rc_type_fd_entry_t)); 04260 rsbac_ta_list_get_data_ttl(ta_number, 04261 type_fd_handle, 04262 NULL, &tid.type, 04263 &entry); 04264 strncpy(entry.name, value.name, 04265 RSBAC_RC_NAME_LEN - 1); 04266 entry.name[RSBAC_RC_NAME_LEN - 1] = 0; 04267 return rsbac_ta_list_add_ttl(ta_number, 04268 type_fd_handle, 04269 0, &tid.type, 04270 &entry); 04271 } 04272 case RI_type_fd_need_secdel: 04273 { 04274 struct rsbac_rc_type_fd_entry_t entry; 04275 04276 err = 04277 rsbac_ta_list_get_data_ttl(ta_number, 04278 type_fd_handle, 04279 NULL, 04280 &tid.type, 04281 &entry); 04282 if (err) 04283 return err; 04284 entry.need_secdel = value.need_secdel; 04285 return rsbac_ta_list_add_ttl(ta_number, 04286 type_fd_handle, 04287 0, &tid.type, 04288 &entry); 04289 } 04290 case RI_type_dev_name: 04291 /* no empty names */ 04292 if (!value.name[0]) 04293 return -RSBAC_EINVALIDVALUE; 04294 /* create, if necessary, and set name */ 04295 value.name[RSBAC_RC_NAME_LEN - 1] = 0; 04296 return rsbac_ta_list_add_ttl(ta_number, 04297 type_dev_handle, 0, 04298 &tid.type, 04299 &value.name); 04300 case RI_type_ipc_name: 04301 /* no empty names */ 04302 if (!value.name[0]) 04303 return -RSBAC_EINVALIDVALUE; 04304 /* create, if necessary, and set name */ 04305 value.name[RSBAC_RC_NAME_LEN - 1] = 0; 04306 return rsbac_ta_list_add_ttl(ta_number, 04307 type_ipc_handle, 0, 04308 &tid.type, 04309 &value.name); 04310 case RI_type_user_name: 04311 /* no empty names */ 04312 if (!value.name[0]) 04313 return -RSBAC_EINVALIDVALUE; 04314 /* create, if necessary, and set name */ 04315 value.name[RSBAC_RC_NAME_LEN - 1] = 0; 04316 return rsbac_ta_list_add_ttl(ta_number, 04317 type_user_handle, 0, 04318 &tid.type, 04319 &value.name); 04320 case RI_type_process_name: 04321 /* no empty names */ 04322 if (!value.name[0]) 04323 return -RSBAC_EINVALIDVALUE; 04324 /* create, if necessary, and set name */ 04325 value.name[RSBAC_RC_NAME_LEN - 1] = 0; 04326 return rsbac_ta_list_add_ttl(ta_number, 04327 type_process_handle, 04328 0, &tid.type, 04329 &value.name); 04330 case RI_type_group_name: 04331 /* no empty names */ 04332 if (!value.name[0]) 04333 return -RSBAC_EINVALIDVALUE; 04334 /* create, if necessary, and set name */ 04335 value.name[RSBAC_RC_NAME_LEN - 1] = 0; 04336 return rsbac_ta_list_add_ttl(ta_number, 04337 type_group_handle, 0, 04338 &tid.type, 04339 &value.name); 04340 case RI_type_netdev_name: 04341 /* no empty names */ 04342 if (!value.name[0]) 04343 return -RSBAC_EINVALIDVALUE; 04344 /* create, if necessary, and set name */ 04345 value.name[RSBAC_RC_NAME_LEN - 1] = 0; 04346 return rsbac_ta_list_add_ttl(ta_number, 04347 type_netdev_handle, 0, 04348 &tid.type, 04349 &value.name); 04350 case RI_type_nettemp_name: 04351 /* no empty names */ 04352 if (!value.name[0]) 04353 return -RSBAC_EINVALIDVALUE; 04354 /* create, if necessary, and set name */ 04355 value.name[RSBAC_RC_NAME_LEN - 1] = 0; 04356 return rsbac_ta_list_add_ttl(ta_number, 04357 type_nettemp_handle, 04358 0, &tid.type, 04359 &value.name); 04360 case RI_type_netobj_name: 04361 /* no empty names */ 04362 if (!value.name[0]) 04363 return -RSBAC_EINVALIDVALUE; 04364 /* create, if necessary, and set name */ 04365 value.name[RSBAC_RC_NAME_LEN - 1] = 0; 04366 return rsbac_ta_list_add_ttl(ta_number, 04367 type_netobj_handle, 0, 04368 &tid.type, 04369 &value.name); 04370 04371 case RI_type_fd_remove: 04372 if (!tid.type) 04373 return -RSBAC_EINVALIDVALUE; 04374 rsbac_ta_list_lol_subremove_from_all(ta_number, 04375 role_tcfd_handle, 04376 &tid.type); 04377 rsbac_ta_list_lol_subremove_from_all(ta_number, 04378 role_dfdc_handle, 04379 &tid.type); 04380 return rsbac_ta_list_remove(ta_number, 04381 type_fd_handle, 04382 &tid.type); 04383 case RI_type_dev_remove: 04384 if (!tid.type) 04385 return -RSBAC_EINVALIDVALUE; 04386 rsbac_ta_list_lol_subremove_from_all(ta_number, 04387 role_tcdv_handle, 04388 &tid.type); 04389 return rsbac_ta_list_remove(ta_number, 04390 type_dev_handle, 04391 &tid.type); 04392 case RI_type_user_remove: 04393 if (!tid.type) 04394 return -RSBAC_EINVALIDVALUE; 04395 rsbac_ta_list_lol_subremove_from_all(ta_number, 04396 role_tcus_handle, 04397 &tid.type); 04398 return rsbac_ta_list_remove(ta_number, 04399 type_user_handle, 04400 &tid.type); 04401 case RI_type_process_remove: 04402 if (!tid.type) 04403 return -RSBAC_EINVALIDVALUE; 04404 rsbac_ta_list_lol_subremove_from_all(ta_number, 04405 role_tcpr_handle, 04406 &tid.type); 04407 return rsbac_ta_list_remove(ta_number, 04408 type_process_handle, 04409 &tid.type); 04410 case RI_type_ipc_remove: 04411 if (!tid.type) 04412 return -RSBAC_EINVALIDVALUE; 04413 rsbac_ta_list_lol_subremove_from_all(ta_number, 04414 role_tcip_handle, 04415 &tid.type); 04416 return rsbac_ta_list_remove(ta_number, 04417 type_ipc_handle, 04418 &tid.type); 04419 case RI_type_group_remove: 04420 if (!tid.type) 04421 return -RSBAC_EINVALIDVALUE; 04422 rsbac_ta_list_lol_subremove_from_all(ta_number, 04423 role_tcgr_handle, 04424 &tid.type); 04425 return rsbac_ta_list_remove(ta_number, 04426 type_group_handle, 04427 &tid.type); 04428 case RI_type_netdev_remove: 04429 if (!tid.type) 04430 return -RSBAC_EINVALIDVALUE; 04431 rsbac_ta_list_lol_subremove_from_all(ta_number, 04432 role_tcnd_handle, 04433 &tid.type); 04434 return rsbac_ta_list_remove(ta_number, 04435 type_netdev_handle, 04436 &tid.type); 04437 case RI_type_nettemp_remove: 04438 if (!tid.type) 04439 return -RSBAC_EINVALIDVALUE; 04440 rsbac_ta_list_lol_subremove_from_all(ta_number, 04441 role_tcnt_handle, 04442 &tid.type); 04443 return rsbac_ta_list_remove(ta_number, 04444 type_nettemp_handle, 04445 &tid.type); 04446 case RI_type_netobj_remove: 04447 if (!tid.type) 04448 return -RSBAC_EINVALIDVALUE; 04449 rsbac_ta_list_lol_subremove_from_all(ta_number, 04450 role_tcno_handle, 04451 &tid.type); 04452 return rsbac_ta_list_remove(ta_number, 04453 type_netobj_handle, 04454 &tid.type); 04455 04456 default: 04457 return -RSBAC_EINVALIDATTR; 04458 } 04459 04460 /* switch target: no valid target */ 04461 default: 04462 return -RSBAC_EINVALIDTARGET; 04463 } 04464 }
rsbac_boolean_t rsbac_rc_type_exists | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
rsbac_rc_type_id_t | type | |||
) |
Definition at line 2239 of file rc_data_structures.c.
References FALSE, rsbac_ta_list_exist(), ST_none, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SCD, T_SYMLINK, T_USER, TRUE, type_dev_handle, type_fd_handle, type_ipc_handle, type_netdev_handle, type_netobj_handle, type_nettemp_handle, type_process_handle, and type_user_handle.
Referenced by rsbac_rc_select_fd_create_type(), and rsbac_rc_sys_copy_type().
02242 { 02243 switch (target) { 02244 case T_FILE: 02245 case T_DIR: 02246 case T_FIFO: 02247 case T_SYMLINK: 02248 case T_FD: 02249 return rsbac_ta_list_exist(ta_number, type_fd_handle, 02250 &type); 02251 case T_DEV: 02252 return rsbac_ta_list_exist(ta_number, type_dev_handle, 02253 &type); 02254 case T_IPC: 02255 return rsbac_ta_list_exist(ta_number, type_ipc_handle, 02256 &type); 02257 case T_USER: 02258 return rsbac_ta_list_exist(ta_number, type_user_handle, 02259 &type); 02260 case T_PROCESS: 02261 return rsbac_ta_list_exist(ta_number, type_process_handle, 02262 &type); 02263 case T_NETDEV: 02264 return rsbac_ta_list_exist(ta_number, type_netdev_handle, 02265 &type); 02266 case T_NETTEMP: 02267 return rsbac_ta_list_exist(ta_number, type_nettemp_handle, 02268 &type); 02269 case T_NETOBJ: 02270 return rsbac_ta_list_exist(ta_number, type_netobj_handle, 02271 &type); 02272 case T_SCD: 02273 if (type < ST_none) 02274 return TRUE; 02275 else 02276 return FALSE; 02277 default: 02278 return FALSE; 02279 } 02280 }
int rsbac_stats_rc | ( | void | ) |
Definition at line 2188 of file rc_data_structures.c.
References role_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_count(), rsbac_printk(), type_dev_handle, type_fd_handle, type_group_handle, type_ipc_handle, type_netdev_handle, type_netobj_handle, type_nettemp_handle, type_process_handle, and type_user_handle.
Referenced by rsbac_stats().
02189 { 02190 if (!rsbac_is_initialized()) { 02191 rsbac_printk(KERN_WARNING "rsbac_stats_rc(): RSBAC not initialized\n"); 02192 return (-RSBAC_ENOTINITIALIZED); 02193 } 02194 02195 rsbac_printk(KERN_INFO "Role entry size is %u, %lu entries used\n", 02196 sizeof(struct rsbac_rc_role_entry_t), 02197 rsbac_list_count(role_handle)); 02198 02199 rsbac_printk(KERN_INFO "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, group: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 02200 rsbac_list_count(type_fd_handle), 02201 rsbac_list_count(type_dev_handle), 02202 rsbac_list_count(type_ipc_handle), 02203 rsbac_list_count(type_user_handle), 02204 rsbac_list_count(type_process_handle), 02205 rsbac_list_count(type_group_handle), 02206 rsbac_list_count(type_netdev_handle), 02207 rsbac_list_count(type_nettemp_handle), 02208 rsbac_list_count(type_netobj_handle)); 02209 return 0; 02210 }