/linux-2.6.21.1-rsbac-1.3.4/include/rsbac/mac.h File Reference

#include <linux/init.h>
#include <rsbac/types.h>

Go to the source code of this file.

Functions

int rsbac_init_mac (void) __init
int rsbac_mount_mac (kdev_t kdev)
int rsbac_umount_mac (kdev_t kdev)
int rsbac_stats_mac (void)
int rsbac_check_mac (int correct, int check_inode)
int rsbac_mac_add_to_p_truset (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t member, rsbac_time_t ttl)
int rsbac_mac_add_to_f_truset (rsbac_list_ta_number_t ta_number, rsbac_mac_file_t file, rsbac_uid_t member, rsbac_time_t ttl)
int rsbac_mac_remove_from_p_truset (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t member)
int rsbac_mac_remove_from_f_truset (rsbac_list_ta_number_t ta_number, rsbac_mac_file_t file, rsbac_uid_t member)
int rsbac_mac_clear_p_truset (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid)
int rsbac_mac_clear_f_truset (rsbac_list_ta_number_t ta_number, rsbac_mac_file_t file)
rsbac_boolean_t rsbac_mac_p_truset_member (rsbac_pid_t pid, rsbac_uid_t member)
int rsbac_mac_remove_p_trusets (rsbac_pid_t pid)
int rsbac_mac_remove_f_trusets (rsbac_mac_file_t file)
int rsbac_mac_copy_fp_truset (rsbac_mac_file_t file, rsbac_pid_t p_tru_set_id)
int rsbac_mac_copy_pp_truset (rsbac_pid_t old_p_set_id, rsbac_pid_t new_p_set_id)
int rsbac_mac_get_f_trulist (rsbac_list_ta_number_t ta_number, rsbac_mac_file_t file, rsbac_uid_t **trulist_p, rsbac_time_t **ttllist_p)
int rsbac_mac_get_p_trulist (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t **trulist_p, rsbac_time_t **ttllist_p)


Function Documentation

int rsbac_check_mac ( int  correct,
int  check_inode 
)

int rsbac_init_mac ( void   ) 

Definition at line 712 of file mac_data_structures.c.

References add_device_item(), rsbac_mac_device_list_head_t::count, create_device_item(), rsbac_mac_device_list_head_t::curr, rsbac_list_lol_info_t::data_size, rsbac_list_lol_info_t::desc_size, device_list_head, get_error_name(), rsbac_mac_device_list_head_t::head, rsbac_list_lol_info_t::key, rsbac_mac_device_list_head_t::lock, mac_register_fd_lists(), rsbac_list_lol_info_t::max_age, NULL, proc_rsbac_root_p, process_handle, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EREINIT, rsbac_is_initialized(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_LIST_DEF_DATA, rsbac_list_lol_register(), RSBAC_LIST_VERSION, RSBAC_MAC_LIST_KEY, RSBAC_MAC_P_LIST_NAME, RSBAC_MAC_P_LIST_VERSION, RSBAC_MAXNAMELEN, rsbac_pr_debug, rsbac_printk(), rsbac_root_dev, rsbac_list_lol_info_t::subdata_size, rsbac_list_lol_info_t::subdesc_size, rsbac_mac_device_list_head_t::tail, and rsbac_list_lol_info_t::version.

Referenced by rsbac_do_init().

00714 {
00715         int err = 0;
00716         struct rsbac_mac_device_list_item_t *device_p = NULL;
00717         u_long dflags;
00718         struct proc_dir_entry *tmp_entry_p;
00719         struct rsbac_list_lol_info_t lol_info;
00720 
00721         if (rsbac_is_initialized()) {
00722                 rsbac_printk(KERN_WARNING "rsbac_init_mac(): RSBAC already initialized\n");
00723                 return (-RSBAC_EREINIT);
00724         }
00725 
00726         /* set rw-spinlocks to unlocked status and init data structures */
00727         rsbac_printk(KERN_INFO "rsbac_init_mac(): Initializing RSBAC: MAC subsystem\n");
00728 
00729         lol_info.version = RSBAC_MAC_P_LIST_VERSION;
00730         lol_info.key = RSBAC_MAC_LIST_KEY;
00731         lol_info.desc_size = sizeof(rsbac_pid_t);
00732         lol_info.data_size = 0;
00733         lol_info.subdesc_size = sizeof(rsbac_uid_t);
00734         lol_info.subdata_size = 0;
00735         lol_info.max_age = 0;
00736         err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00737                                       &process_handle,
00738                                       &lol_info,
00739                                       RSBAC_LIST_DEF_DATA,
00740                                       NULL,
00741                                       NULL,
00742                                       NULL,
00743                                       NULL,
00744                                       NULL,
00745                                       NULL,
00746                                       RSBAC_MAC_P_LIST_NAME,
00747                                       RSBAC_AUTO_DEV);
00748         if (err) {
00749                 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00750 
00751                 if (tmp) {
00752                         rsbac_printk(KERN_WARNING "rsbac_init_mac(): Registering MAC process trusted user list failed with error %s\n",
00753                                      get_error_name(tmp, err));
00754                         rsbac_kfree(tmp);
00755                 }
00756         }
00757 
00758         /* Init FD lists */
00759         device_list_head.lock = RW_LOCK_UNLOCKED;
00760         device_list_head.head = NULL;
00761         device_list_head.tail = NULL;
00762         device_list_head.curr = NULL;
00763         device_list_head.count = 0;
00764 
00765         /* read all data */
00766         rsbac_pr_debug(ds_mac, "rsbac_init_mac(): Registering FD lists\n");
00767         device_p = create_device_item(rsbac_root_dev);
00768         if (!device_p) {
00769                 rsbac_printk(KERN_CRIT
00770                              "rsbac_init_mac(): Could not add device!\n");
00771                 return (-RSBAC_ECOULDNOTADDDEVICE);
00772         }
00773         if ((err = mac_register_fd_lists(device_p, rsbac_root_dev))) {
00774                 char tmp[RSBAC_MAXNAMELEN];
00775 
00776                 rsbac_printk(KERN_WARNING "rsbac_init_mac(): File/Dir trusted user set registration failed for dev %02u:%02u, err %s!\n",
00777                              RSBAC_MAJOR(rsbac_root_dev),
00778                              RSBAC_MINOR(rsbac_root_dev),
00779                              get_error_name(tmp, err));
00780         }
00781         /* wait for write access to device_list_head */
00782         rsbac_write_lock_irq(&device_list_head.lock, &dflags);
00783         device_p = add_device_item(device_p);
00784         /* device was added, allow access */
00785         rsbac_write_unlock_irq(&device_list_head.lock, &dflags);
00786         if (!device_p) {
00787                 rsbac_printk(KERN_CRIT
00788                              "rsbac_init_mac(): Could not add device!\n");
00789                 return (-RSBAC_ECOULDNOTADDDEVICE);
00790         }
00791 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00792         tmp_entry_p = create_proc_entry("mac_devices",
00793                                         S_IFREG | S_IRUGO | S_IWUGO,
00794                                         proc_rsbac_root_p);
00795         if (tmp_entry_p) {
00796                 tmp_entry_p->get_info = mac_devices_proc_info;
00797         }
00798         tmp_entry_p = create_proc_entry("stats_mac",
00799                                         S_IFREG | S_IRUGO,
00800                                         proc_rsbac_root_p);
00801         if (tmp_entry_p) {
00802                 tmp_entry_p->get_info = stats_mac_proc_info;
00803         }
00804         tmp_entry_p = create_proc_entry("mac_trusted",
00805                                         S_IFREG | S_IRUGO,
00806                                         proc_rsbac_root_p);
00807         if (tmp_entry_p) {
00808                 tmp_entry_p->get_info = mac_trulist_proc_info;
00809         }
00810 #endif
00811 
00812         rsbac_pr_debug(aef_mac, "Ready.\n");
00813         return (err);
00814 }

int rsbac_mac_add_to_f_truset ( rsbac_list_ta_number_t  ta_number,
rsbac_mac_file_t  file,
rsbac_uid_t  member,
rsbac_time_t  ttl 
)

Definition at line 993 of file mac_data_structures.c.

References device_list_head, rsbac_mac_device_list_item_t::handle, rsbac_mac_device_list_head_t::lock, lookup_device(), NULL, RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl().

Referenced by rsbac_mac_add_f_tru().

00996 {
00997         int err = 0;
00998         u_long dflags;
00999         struct rsbac_mac_device_list_item_t *device_p;
01000 
01001         if (!rsbac_is_initialized()) {
01002                 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_f_truset(): RSBAC not initialized\n");
01003                 return (-RSBAC_ENOTINITIALIZED);
01004         }
01005         if (in_interrupt()) {
01006                 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_f_truset(): called from interrupt!\n");
01007         }
01008 
01009         /* protect device list */
01010         rsbac_read_lock(&device_list_head.lock, &dflags);
01011         device_p = lookup_device(file.device);
01012         if (!device_p) {
01013                 /* trigger rsbac_mount() */
01014                 rsbac_read_unlock(&device_list_head.lock, &dflags);
01015                 rsbac_get_super_block(file.device);
01016                 /* retry */
01017                 rsbac_read_lock(&device_list_head.lock, &dflags);
01018                 device_p = lookup_device(file.device);
01019                 if (!device_p) {
01020                         rsbac_printk(KERN_WARNING "rsbac_mac_add_to_f_truset(): invalid device %02u:%02u!\n",
01021                                      RSBAC_MAJOR(file.device),
01022                                      RSBAC_MINOR(file.device));
01023                         rsbac_read_unlock(&device_list_head.lock, &dflags);
01024                         return (-RSBAC_EINVALIDDEV);
01025                 }
01026         }
01027 
01028         err = rsbac_ta_list_lol_subadd_ttl(ta_number,
01029                                            device_p->handle,
01030                                            ttl, &file.inode, &member,
01031                                            NULL);
01032         rsbac_read_unlock(&device_list_head.lock, &dflags);
01033         return (err);
01034 }

int rsbac_mac_add_to_p_truset ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
rsbac_uid_t  member,
rsbac_time_t  ttl 
)

Definition at line 978 of file mac_data_structures.c.

References NULL, process_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl().

Referenced by rsbac_mac_add_p_tru().

00981 {
00982         if (!rsbac_is_initialized()) {
00983                 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_p_truset(): RSBAC not initialized\n");
00984                 return (-RSBAC_ENOTINITIALIZED);
00985         }
00986         if (in_interrupt()) {
00987                 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_p_truset(): called from interrupt!\n");
00988         }
00989         return rsbac_ta_list_lol_subadd_ttl(ta_number, process_handle, ttl,
00990                                             &pid, &member, NULL);
00991 }

int rsbac_mac_clear_f_truset ( rsbac_list_ta_number_t  ta_number,
rsbac_mac_file_t  file 
)

Definition at line 1112 of file mac_data_structures.c.

References device_list_head, rsbac_mac_device_list_item_t::handle, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove().

Referenced by rsbac_mac_remove_f_trusets().

01114 {
01115         int err = 0;
01116         u_long dflags;
01117         struct rsbac_mac_device_list_item_t *device_p;
01118 
01119         if (!rsbac_is_initialized()) {
01120                 rsbac_printk(KERN_WARNING "rsbac_mac_clear_f_truset(): RSBAC not initialized\n");
01121                 return (-RSBAC_ENOTINITIALIZED);
01122         }
01123         if (in_interrupt()) {
01124                 rsbac_printk(KERN_WARNING "rsbac_mac_clear_f_truset(): called from interrupt!\n");
01125         }
01126         /* protect device list */
01127         rsbac_read_lock(&device_list_head.lock, &dflags);
01128         device_p = lookup_device(file.device);
01129         if (!device_p) {
01130                 /* trigger rsbac_mount() */
01131                 rsbac_read_unlock(&device_list_head.lock, &dflags);
01132                 rsbac_get_super_block(file.device);
01133                 /* retry */
01134                 rsbac_read_lock(&device_list_head.lock, &dflags);
01135                 device_p = lookup_device(file.device);
01136                 if (!device_p) {
01137                         rsbac_printk(KERN_WARNING "rsbac_mac_clear_f_truset(): invalid device %02u:%02u!\n",
01138                                      RSBAC_MAJOR(file.device),
01139                                      RSBAC_MINOR(file.device));
01140                         rsbac_read_unlock(&device_list_head.lock, &dflags);
01141                         return (-RSBAC_EINVALIDDEV);
01142                 }
01143         }
01144         err = rsbac_ta_list_lol_remove(ta_number,
01145                                      device_p->handle,
01146                                      &file.inode);
01147         rsbac_read_unlock(&device_list_head.lock, &dflags);
01148         return (err);
01149 }

int rsbac_mac_clear_p_truset ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid 
)

Definition at line 1099 of file mac_data_structures.c.

References process_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove().

Referenced by rsbac_mac_remove_p_trusets().

01101 {
01102         if (!rsbac_is_initialized()) {
01103                 rsbac_printk(KERN_WARNING "rsbac_mac_clear_p_truset(): RSBAC not initialized\n");
01104                 return (-RSBAC_ENOTINITIALIZED);
01105         }
01106         if (in_interrupt()) {
01107                 rsbac_printk(KERN_WARNING "rsbac_mac_clear_p_truset(): called from interrupt!\n");
01108         }
01109         return rsbac_ta_list_lol_remove(ta_number, process_handle, &pid);
01110 }

int rsbac_mac_copy_fp_truset ( rsbac_mac_file_t  file,
rsbac_pid_t  p_tru_set_id 
)

Definition at line 1184 of file mac_data_structures.c.

References copy_fp_tru_set_item(), device_list_head, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), and rsbac_printk().

Referenced by rsbac_adf_set_attr_mac().

01186 {
01187         u_long dflags;
01188         struct rsbac_mac_device_list_item_t *device_p;
01189         int err = 0;
01190 
01191         if (!rsbac_is_initialized()) {
01192                 rsbac_printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): RSBAC not initialized\n");
01193                 return (-RSBAC_ENOTINITIALIZED);
01194         }
01195         if (in_interrupt()) {
01196                 rsbac_printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): called from interrupt!\n");
01197         }
01198 /*
01199         rsbac_pr_debug(ds_mac, "Copying file cap set data to process cap set\n");
01200 */
01201         /* protect device list */
01202         rsbac_read_lock(&device_list_head.lock, &dflags);
01203         device_p = lookup_device(file.device);
01204         if (!device_p) {
01205                 /* trigger rsbac_mount() */
01206                 rsbac_read_unlock(&device_list_head.lock, &dflags);
01207                 rsbac_get_super_block(file.device);
01208                 /* retry */
01209                 rsbac_read_lock(&device_list_head.lock, &dflags);
01210                 device_p = lookup_device(file.device);
01211                 if (!device_p) {
01212                         rsbac_printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): invalid device %02u:%02u!\n",
01213                                      RSBAC_MAJOR(file.device),
01214                                      RSBAC_MINOR(file.device));
01215                         rsbac_read_unlock(&device_list_head.lock, &dflags);
01216                         return (-RSBAC_EINVALIDDEV);
01217                 }
01218         }
01219         /* call the copy function */
01220         err = copy_fp_tru_set_item(device_p, file, p_tru_set_id);
01221         rsbac_read_unlock(&device_list_head.lock, &dflags);
01222         return (err);
01223 }

int rsbac_mac_copy_pp_truset ( rsbac_pid_t  old_p_set_id,
rsbac_pid_t  new_p_set_id 
)

Definition at line 1225 of file mac_data_structures.c.

References copy_pp_tru_set_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), and rsbac_printk().

Referenced by rsbac_adf_set_attr_mac().

01227 {
01228         if (!rsbac_is_initialized()) {
01229                 rsbac_printk(KERN_WARNING "rsbac_mac_copy_pp_truset(): RSBAC not initialized\n");
01230                 return (-RSBAC_ENOTINITIALIZED);
01231         }
01232         if (in_interrupt()) {
01233                 rsbac_printk(KERN_WARNING "rsbac_mac_copy_pp_truset(): called from interrupt!\n");
01234         }
01235 /*
01236         rsbac_pr_debug(ds_mac, "Copying process cap set data to process cap set\n");
01237 */
01238         /* call the copy function */
01239         return copy_pp_tru_set_item(old_p_set_id, new_p_set_id);
01240 }

int rsbac_mac_get_f_trulist ( rsbac_list_ta_number_t  ta_number,
rsbac_mac_file_t  file,
rsbac_uid_t **  trulist_p,
rsbac_time_t **  ttllist_p 
)

Definition at line 1242 of file mac_data_structures.c.

References device_list_head, rsbac_mac_device_list_item_t::handle, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_get_all_subdesc_ttl().

01246 {
01247         u_long dflags;
01248         struct rsbac_mac_device_list_item_t *device_p;
01249         long count;
01250 
01251         if (!rsbac_is_initialized()) {
01252                 rsbac_printk(KERN_WARNING "rsbac_mac_get_f_trulist(): RSBAC not initialized\n");
01253                 return (-RSBAC_ENOTINITIALIZED);
01254         }
01255         if (in_interrupt()) {
01256                 rsbac_printk(KERN_WARNING "rsbac_mac_get_f_trulist(): called from interrupt!\n");
01257         }
01258 /*
01259         rsbac_pr_debug(ds_mac, "Getting file/dir trusted user set list\n");
01260 */
01261         /* protect device list */
01262         rsbac_read_lock(&device_list_head.lock, &dflags);
01263         device_p = lookup_device(file.device);
01264         if (!device_p) {
01265                 /* trigger rsbac_mount() */
01266                 rsbac_read_unlock(&device_list_head.lock, &dflags);
01267                 rsbac_get_super_block(file.device);
01268                 /* retry */
01269                 rsbac_read_lock(&device_list_head.lock, &dflags);
01270                 device_p = lookup_device(file.device);
01271                 if (!device_p) {
01272                         rsbac_printk(KERN_WARNING "rsbac_mac_get_f_trulist(): invalid device %02u:%02u!\n",
01273                                      RSBAC_MAJOR(file.device),
01274                                      RSBAC_MINOR(file.device));
01275                         rsbac_read_unlock(&device_list_head.lock, &dflags);
01276                         return (-RSBAC_EINVALIDDEV);
01277                 }
01278         }
01279         count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
01280                                                       device_p->handle,
01281                                                       &file.inode,
01282                                                       (void **) trulist_p,
01283                                                       ttllist_p);
01284         rsbac_read_unlock(&device_list_head.lock, &dflags);
01285         return (count);
01286 }

int rsbac_mac_get_p_trulist ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
rsbac_uid_t **  trulist_p,
rsbac_time_t **  ttllist_p 
)

Definition at line 1288 of file mac_data_structures.c.

References process_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_get_all_subdesc_ttl().

01292 {
01293         if (!rsbac_is_initialized()) {
01294                 rsbac_printk(KERN_WARNING "rsbac_mac_get_p_trulist(): RSBAC not initialized\n");
01295                 return (-RSBAC_ENOTINITIALIZED);
01296         }
01297         if (in_interrupt()) {
01298                 rsbac_printk(KERN_WARNING "rsbac_mac_get_p_trulist(): called from interrupt!\n");
01299         }
01300 /*
01301         rsbac_pr_debug(ds_mac, "Getting process trusted user set list\n");
01302 */
01303         return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
01304                                                      process_handle,
01305                                                      &pid,
01306                                                      (void **) trulist_p,
01307                                                      ttllist_p);
01308 }

rsbac_boolean_t rsbac_mac_p_truset_member ( rsbac_pid_t  pid,
rsbac_uid_t  member 
)

Definition at line 1154 of file mac_data_structures.c.

References FALSE, process_handle, RSBAC_ALL_USERS, rsbac_is_initialized(), rsbac_list_lol_subexist(), rsbac_printk(), and TRUE.

Referenced by rsbac_adf_set_attr_mac().

01156 {
01157         if (!rsbac_is_initialized()) {
01158                 rsbac_printk(KERN_WARNING "rsbac_mac_p_truset_member(): RSBAC not initialized\n");
01159                 return FALSE;
01160         }
01161         if (in_interrupt()) {
01162                 rsbac_printk(KERN_WARNING "rsbac_mac_p_truset_member(): called from interrupt!\n");
01163         }
01164         if (rsbac_list_lol_subexist(process_handle, &pid, &member))
01165                 return TRUE;
01166         member = RSBAC_ALL_USERS;
01167         return rsbac_list_lol_subexist(process_handle, &pid, &member);
01168 }

int rsbac_mac_remove_f_trusets ( rsbac_mac_file_t  file  ) 

Definition at line 1179 of file mac_data_structures.c.

References FALSE, and rsbac_mac_clear_f_truset().

Referenced by rsbac_ta_remove_target().

01180 {
01181         return rsbac_mac_clear_f_truset(FALSE, file);
01182 }

int rsbac_mac_remove_from_f_truset ( rsbac_list_ta_number_t  ta_number,
rsbac_mac_file_t  file,
rsbac_uid_t  member 
)

Definition at line 1054 of file mac_data_structures.c.

References device_list_head, rsbac_mac_device_list_item_t::handle, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove().

Referenced by rsbac_mac_remove_f_tru().

01057 {
01058         int err = 0;
01059         u_long dflags;
01060         struct rsbac_mac_device_list_item_t *device_p;
01061 
01062         if (!rsbac_is_initialized()) {
01063                 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_f_truset(): RSBAC not initialized\n");
01064                 return (-RSBAC_ENOTINITIALIZED);
01065         }
01066         if (in_interrupt()) {
01067                 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_f_truset(): called from interrupt!\n");
01068         }
01069 
01070         /* protect device list */
01071         rsbac_read_lock(&device_list_head.lock, &dflags);
01072         device_p = lookup_device(file.device);
01073         if (!device_p) {
01074                 /* trigger rsbac_mount() */
01075                 rsbac_read_unlock(&device_list_head.lock, &dflags);
01076                 rsbac_get_super_block(file.device);
01077                 /* retry */
01078                 rsbac_read_lock(&device_list_head.lock, &dflags);
01079                 device_p = lookup_device(file.device);
01080                 if (!device_p) {
01081                         rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_f_truset(): invalid device %02u:%02u!\n",
01082                                      RSBAC_MAJOR(file.device),
01083                                      RSBAC_MINOR(file.device));
01084                         rsbac_read_unlock(&device_list_head.lock, &dflags);
01085                         return (-RSBAC_EINVALIDDEV);
01086                 }
01087         }
01088         err = rsbac_ta_list_lol_subremove(ta_number,
01089                                           device_p->handle,
01090                                           &file.inode, &member);
01091         rsbac_read_unlock(&device_list_head.lock, &dflags);
01092         return (err);
01093 }

int rsbac_mac_remove_from_p_truset ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
rsbac_uid_t  member 
)

Definition at line 1040 of file mac_data_structures.c.

References process_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove().

Referenced by rsbac_mac_remove_p_tru().

01042 {
01043         if (!rsbac_is_initialized()) {
01044                 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_p_truset(): RSBAC not initialized\n");
01045                 return (-RSBAC_ENOTINITIALIZED);
01046         }
01047         if (in_interrupt()) {
01048                 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_p_truset(): called from interrupt!\n");
01049         }
01050         return rsbac_ta_list_lol_subremove(ta_number, process_handle, &pid,
01051                                            &member);
01052 }

int rsbac_mac_remove_p_trusets ( rsbac_pid_t  pid  ) 

Definition at line 1174 of file mac_data_structures.c.

References FALSE, and rsbac_mac_clear_p_truset().

Referenced by rsbac_ta_remove_target().

01175 {
01176         return rsbac_mac_clear_p_truset(FALSE, pid);
01177 }

int rsbac_mount_mac ( kdev_t  kdev  ) 

Definition at line 816 of file mac_data_structures.c.

References add_device_item(), clear_device_item(), create_device_item(), device_list_head, get_error_name(), rsbac_mac_device_list_head_t::lock, lookup_device(), mac_register_fd_lists(), rsbac_mac_device_list_item_t::mount_count, RSBAC_ECOULDNOTADDDEVICE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), RSBAC_MAXNAMELEN, rsbac_pr_debug, and rsbac_printk().

Referenced by rsbac_mount().

00817 {
00818         int err = 0;
00819         struct rsbac_mac_device_list_item_t *device_p;
00820         struct rsbac_mac_device_list_item_t *new_device_p;
00821         u_long dflags;
00822 
00823         if (!rsbac_is_initialized()) {
00824                 rsbac_printk(KERN_WARNING "rsbac_mount_mac(): RSBAC not initialized\n");
00825                 return (-RSBAC_ENOTINITIALIZED);
00826         }
00827         rsbac_pr_debug(aef_mac, "mounting device %02u:%02u\n",
00828                        RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00829         /* wait for write access to device_list_head */
00830         rsbac_read_lock(&device_list_head.lock, &dflags);
00831         device_p = lookup_device(kdev);
00832         /* repeated mount? */
00833         if (device_p) {
00834                 rsbac_printk(KERN_WARNING "rsbac_mount_mac: repeated mount %u of device %02u:%02u\n",
00835                              device_p->mount_count, RSBAC_MAJOR(kdev),
00836                              RSBAC_MINOR(kdev));
00837                 device_p->mount_count++;
00838                 rsbac_read_unlock(&device_list_head.lock, &dflags);
00839                 return 0;
00840         }
00841         rsbac_read_unlock(&device_list_head.lock, &dflags);
00842 
00843         new_device_p = create_device_item(kdev);
00844         if (!new_device_p)
00845                 return -RSBAC_ECOULDNOTADDDEVICE;
00846 
00847         /* register lists */
00848         if ((err = mac_register_fd_lists(new_device_p, kdev))) {
00849                 char tmp[RSBAC_MAXNAMELEN];
00850 
00851                 rsbac_printk(KERN_WARNING "rsbac_mount_mac(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
00852                              RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev),
00853                              get_error_name(tmp, err));
00854         }
00855 
00856         /* wait for read access to device_list_head */
00857         rsbac_read_lock(&device_list_head.lock, &dflags);
00858         /* make sure to only add, if this device item has not been added in the meantime */
00859         device_p = lookup_device(kdev);
00860         if (device_p) {
00861                 rsbac_printk(KERN_WARNING "rsbac_mount_mac(): mount race for device %02u:%02u detected!\n",
00862                              RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00863                 device_p->mount_count++;
00864                 rsbac_read_unlock(&device_list_head.lock, &dflags);
00865                 clear_device_item(new_device_p);
00866         } else {
00867                 rsbac_read_unlock(&device_list_head.lock, &dflags);
00868                 rsbac_write_lock_irq(&device_list_head.lock, &dflags);
00869                 device_p = add_device_item(new_device_p);
00870                 rsbac_write_unlock_irq(&device_list_head.lock, &dflags);
00871                 if (!device_p) {
00872                         rsbac_printk(KERN_WARNING "rsbac_mount_mac: adding device %02u:%02u failed!\n",
00873                                      RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00874                         clear_device_item(new_device_p);
00875                         err = -RSBAC_ECOULDNOTADDDEVICE;
00876                 }
00877         }
00878         return (err);
00879 }

int rsbac_stats_mac ( void   ) 

Definition at line 921 of file mac_data_structures.c.

References A_none, device_list_head, rsbac_attribute_value_t::dummy, rsbac_mac_device_list_item_t::handle, rsbac_mac_device_list_head_t::head, rsbac_mac_device_list_item_t::id, rsbac_mac_device_list_head_t::lock, rsbac_mac_device_list_item_t::next, process_handle, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_lol_all_subcount(), rsbac_list_lol_count(), rsbac_pr_debug, rsbac_printk(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD.

00922 {
00923         u_long dflags;
00924         struct rsbac_mac_device_list_item_t *device_p;
00925 
00926         union rsbac_target_id_t rsbac_target_id;
00927         union rsbac_attribute_value_t rsbac_attribute_value;
00928 
00929         if (!rsbac_is_initialized()) {
00930                 rsbac_printk(KERN_WARNING "rsbac_stats_mac(): RSBAC not initialized\n");
00931                 return (-RSBAC_ENOTINITIALIZED);
00932         }
00933         rsbac_pr_debug(aef_mac, "calling ADF\n");
00934         rsbac_target_id.scd = ST_rsbac;
00935         rsbac_attribute_value.dummy = 0;
00936         if (!rsbac_adf_request(R_GET_STATUS_DATA,
00937                                current->pid,
00938                                T_SCD,
00939                                rsbac_target_id,
00940                                A_none, rsbac_attribute_value)) {
00941                 return -EPERM;
00942         }
00943 
00944         rsbac_printk(KERN_INFO "MAC Status\n----------\n");
00945 
00946         rsbac_printk(KERN_INFO "%lu process trusted user set items, sum of %lu members\n",
00947                      rsbac_list_lol_count(process_handle),
00948                      rsbac_list_lol_all_subcount(process_handle));
00949 
00950         /* protect device list */
00951         rsbac_read_lock(&device_list_head.lock, &dflags);
00952         device_p = device_list_head.head;
00953         while (device_p) {
00954                 rsbac_printk(KERN_INFO "device %02u:%02u has %u file trusted user set items, sum of %u members\n",
00955                              RSBAC_MAJOR(device_p->id),
00956                              RSBAC_MINOR(device_p->id),
00957                              rsbac_list_lol_count(device_p->handle),
00958                              rsbac_list_lol_all_subcount(device_p->handle));
00959                 device_p = device_p->next;
00960         }
00961         /* unprotect device list */
00962         rsbac_read_unlock(&device_list_head.lock, &dflags);
00963         return 0;
00964 }

int rsbac_umount_mac ( kdev_t  kdev  ) 

Definition at line 883 of file mac_data_structures.c.

References device_list_head, rsbac_mac_device_list_head_t::lock, lookup_device(), rsbac_mac_device_list_item_t::mount_count, remove_device_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_pr_debug, and rsbac_printk().

Referenced by rsbac_umount().

00884 {
00885         u_long flags;
00886         struct rsbac_mac_device_list_item_t *device_p;
00887 
00888         if (!rsbac_is_initialized()) {
00889                 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
00890                 return (-RSBAC_ENOTINITIALIZED);
00891         }
00892         rsbac_pr_debug(aef_mac, "umounting device %02u:%02u\n",
00893                        RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00894         /* sync of attribute lists was done in rsbac_umount */
00895         /* wait for write access to device_list_head */
00896         rsbac_write_lock(&device_list_head.lock, &flags);
00897         /* OK, nobody else is working on it... */
00898         device_p = lookup_device(kdev);
00899         if (device_p) {
00900                 if (device_p->mount_count == 1)
00901                         remove_device_item(kdev);
00902                 else {
00903                         if (device_p->mount_count > 1) {
00904                                 device_p->mount_count--;
00905                         } else {
00906                                 rsbac_printk(KERN_WARNING "rsbac_mount_mac: device %02u:%02u has mount_count < 1!\n",
00907                                              RSBAC_MAJOR(kdev),
00908                                              RSBAC_MINOR(kdev));
00909                         }
00910                 }
00911         }
00912 
00913         /* allow access */
00914         rsbac_write_unlock(&device_list_head.lock, &flags);
00915         return 0;
00916 }


Generated on Wed May 16 11:53:59 2007 for RSBAC by  doxygen 1.5.1