/linux-2.6.21.1-rsbac-1.3.4/rsbac/data_structures/aci_data_structures.c File Reference

#include <linux/types.h>
#include <linux/version.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include <linux/quotaops.h>
#include <linux/proc_fs.h>
#include <linux/msdos_fs.h>
#include <linux/iso_fs.h>
#include <linux/nfs_fs.h>
#include <linux/ext2_fs.h>
#include <linux/kthread.h>
#include <linux/coda.h>
#include <linux/initrd.h>
#include <linux/security.h>
#include <linux/syscalls.h>
#include <linux/rcupdate.h>
#include <linux/coda_psdev.h>
#include <linux/ncp_fs.h>
#include <linux/smb.h>
#include <linux/dnotify.h>
#include <linux/mm.h>
#include <linux/blkdev.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/inetdevice.h>
#include <asm/uaccess.h>
#include <asm/atomic.h>
#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/aci_data_structures.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/fs.h>
#include <rsbac/getname.h>
#include <rsbac/net_getname.h>
#include <rsbac/adf.h>
#include <rsbac/adf_main.h>
#include <rsbac/reg.h>
#include <rsbac/rkmem.h>
#include <rsbac/gen_lists.h>
#include <rsbac/jail.h>
#include <linux/string.h>
#include <linux/kdev_t.h>
#include <linux/smp_lock.h>
#include <linux/freezer.h>

Go to the source code of this file.

Data Structures

struct  rsbac_kthread_t

Defines

#define check_parent(dir, dentry)   ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket))

Functions

 DECLARE_MUTEX (rsbac_write_sem)
static struct rsbac_device_list_item_t * lookup_device (kdev_t kdev, u_int hash)
static u_int device_hash (kdev_t id)
rsbac_boolean_t writable (struct super_block *sb_p)
static int lookup_aci_path_dentry (struct super_block *sb_p, struct dentry **dir_dentry_pp, rsbac_boolean_t create_dir, kdev_t kdev)
static int dev_compare (void *desc1, void *desc2)
static int dev_major_compare (void *desc1, void *desc2)
static int ipc_compare (void *desc1, void *desc2)
static int gen_fd_conv (void *old_desc, void *old_data, void *new_desc, void *new_data)
static int gen_fd_old_conv (void *old_desc, void *old_data, void *new_desc, void *new_data)
static int gen_fd_old_old_conv (void *old_desc, void *old_data, void *new_desc, void *new_data)
rsbac_list_conv_function_tgen_fd_get_conv (rsbac_version_t old_version)
static int gen_dev_conv (void *old_desc, void *old_data, void *new_desc, void *new_data)
rsbac_list_conv_function_tgen_dev_get_conv (rsbac_version_t old_version)
static int register_fd_lists (struct rsbac_device_list_item_t *device_p, kdev_t kdev)
static int aci_detach_fd_lists (struct rsbac_device_list_item_t *device_p)
static struct rsbac_device_list_item_t * create_device_item (struct super_block *sb_p, struct dentry *d_covers)
static struct rsbac_device_list_item_t * add_device_item (struct rsbac_device_list_item_t *device_p)
static void clear_device_item (struct rsbac_device_list_item_t *item_p)
static void remove_device_item (kdev_t kdev)
static int rsbac_clear_file (struct dentry *dentry)
static void wakeup_auto (u_long dummy)
super_block * rsbac_get_super_block (kdev_t kdev)
int rsbac_read_open (char *name, struct file *file_p, kdev_t kdev)
int rsbac_write_open (char *name, struct file *file_p, kdev_t kdev)
void rsbac_read_close (struct file *file_p)
void rsbac_write_close (struct file *file_p)
int rsbac_get_full_path (struct dentry *dentry_p, char path[], int maxlen)
int rsbac_get_full_path_length (struct dentry *dentry_p)
static void __init registration_error (int err, char *listname)
static int __init register_dev_lists (void)
static int __init register_ipc_lists (void)
static int __init register_user_lists1 (void)
static int __init register_user_lists2 (void)
static int __init register_process_lists (void)
static int __init rsbac_do_init (void)
int rsbac_kthreads_init (void)
int rsbac_mark_kthread (rsbac_pid_t pid)
int __init rsbac_init (kdev_t root_dev)
int rsbac_kthread_notify (rsbac_pid_t pid)
int rsbac_mount (struct super_block *sb_p, struct dentry *d_covers)
int rsbac_umount (struct super_block *sb_p, struct dentry *d_covers)
int rsbac_free_dat_dentries (void)
int rsbac_stats (void)
int rsbac_get_parent (enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t *parent_target_p, union rsbac_target_id_t *parent_tid_p)
static int get_attr_fd (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
static int get_attr_dev (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, struct rsbac_dev_desc_t dev, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
static int get_attr_ipc (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
static int get_attr_user (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
static int get_attr_process (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
int rsbac_ta_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p, rsbac_boolean_t inherit)
static int set_attr_fd (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p)
static int set_attr_dev (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, struct rsbac_dev_desc_t dev, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p)
static int set_attr_ipc (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p)
static int set_attr_user (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p)
static int set_attr_process (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p)
int rsbac_ta_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value)
int rsbac_ta_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t tid)
int rsbac_ta_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t **id_pp)
static int copy_new_uids (rsbac_list_handle_t list, rsbac_list_ta_number_t ta_number, int *count_p, int *i_count_p, rsbac_uid_t *res_id_p)
int rsbac_ta_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t **id_pp)
static int copy_new_ipcs (rsbac_list_handle_t list, rsbac_list_ta_number_t ta_number, int *count_p, int *i_count_p, struct rsbac_ipc_t *res_id_p)
int rsbac_ta_list_all_ipc (rsbac_list_ta_number_t ta_number, struct rsbac_ipc_t **id_pp)
int rsbac_ta_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t **id_pp)
void rsbac_flags_set (unsigned long int rsbac_flags)

Variables

rsbac_boolean_t rsbac_initialized = FALSE
static char compiled_modules [80]
kdev_t rsbac_root_dev
static struct rsbac_device_list_head_t * device_head_p [RSBAC_NR_DEVICE_LISTS]
static spinlock_t device_list_locks [RSBAC_NR_DEVICE_LISTS]
static struct rsbac_dev_handles_t dev_handles
static struct rsbac_dev_handles_t dev_major_handles
static struct rsbac_ipc_handles_t ipc_handles
static struct rsbac_user_handles_t user_handles
static struct rsbac_process_handles_t process_handles
static struct rsbac_gen_fd_aci_t def_gen_root_dir_aci
static struct rsbac_gen_fd_aci_t def_gen_fd_aci = DEFAULT_GEN_FD_ACI
static struct dentry * sysfs_covered_p = NULL
static struct super_block * sysfs_sb_p = NULL
static u_int gen_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES
static u_int gen_nr_p_hashes = 1
rsbac_kthread_trsbac_kthread
int rsbac_kthread_size_t


Define Documentation

#define check_parent ( dir,
dentry   )     ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket))

Definition at line 2249 of file aci_data_structures.c.

Referenced by rsbac_write_open(), and xp_id_compare().


Function Documentation

static int aci_detach_fd_lists ( struct rsbac_device_list_item_t *  device_p  )  [static]

Definition at line 1647 of file aci_data_structures.c.

References get_error_name(), RSBAC_EINVALIDPOINTER, RSBAC_GEN_FD_ACI_KEY, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_detach(), RSBAC_MAXNAMELEN, and rsbac_printk().

Referenced by remove_device_item().

01648 {
01649         int err = 0;
01650         int tmperr;
01651 
01652         if (!device_p)
01653                 return (-RSBAC_EINVALIDPOINTER);
01654 
01655         /* detach all general lists */
01656         tmperr = rsbac_list_detach(&device_p->handles.gen,
01657                                            RSBAC_GEN_FD_ACI_KEY);
01658         if (tmperr) {
01659                 char *tmp;
01660 
01661                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01662                 if (tmp) {
01663                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from general list %s for device %02u:%02u failed with error %s!\n",
01664                                      RSBAC_GEN_FD_NAME,
01665                                      RSBAC_MAJOR(device_p->id),
01666                                      RSBAC_MINOR(device_p->id),
01667                                      get_error_name(tmp, tmperr));
01668                         rsbac_kfree(tmp);
01669                 }
01670                 err = tmperr;
01671         }
01672 
01673 #if defined(CONFIG_RSBAC_MAC)
01674         /* detach all MAC lists */
01675         tmperr = rsbac_list_detach(&device_p->handles.mac,
01676                                    RSBAC_MAC_FD_ACI_KEY);
01677         if (tmperr) {
01678                 char *tmp;
01679 
01680                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01681                 if (tmp) {
01682                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from MAC list %s for device %02u:%02u failed with error %s!\n",
01683                                      RSBAC_MAC_FD_NAME,
01684                                      RSBAC_MAJOR(device_p->id),
01685                                      RSBAC_MINOR(device_p->id),
01686                                      get_error_name(tmp, tmperr));
01687                         rsbac_kfree(tmp);
01688                 }
01689                 err = tmperr;
01690         }
01691 #endif
01692 
01693 #if defined(CONFIG_RSBAC_PM)
01694         /* detach all PM lists */
01695         tmperr = rsbac_list_detach(&device_p->handles.pm,
01696                                    RSBAC_PM_FD_ACI_KEY);
01697         if (tmperr) {
01698                 char *tmp;
01699 
01700                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01701                 if (tmp) {
01702                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from PM list %s for device %02u:%02u failed with error %s!\n",
01703                                      RSBAC_PM_FD_NAME,
01704                                      RSBAC_MAJOR(device_p->id),
01705                                      RSBAC_MINOR(device_p->id),
01706                                      get_error_name(tmp, tmperr));
01707                         rsbac_kfree(tmp);
01708                 }
01709                 err = tmperr;
01710         }
01711 #endif
01712 
01713 #if defined(CONFIG_RSBAC_DAZ)
01714         /* detach all DAZ lists */
01715         tmperr = rsbac_list_detach(&device_p->handles.daz,
01716                                    RSBAC_DAZ_FD_ACI_KEY);
01717         if (tmperr) {
01718                 char *tmp;
01719 
01720                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01721                 if (tmp) {
01722                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from DAZ list %s for device %02u:%02u failed with error %s!\n",
01723                                      RSBAC_DAZ_FD_NAME,
01724                                      RSBAC_MAJOR(device_p->id),
01725                                      RSBAC_MINOR(device_p->id),
01726                                      get_error_name(tmp, tmperr));
01727                         rsbac_kfree(tmp);
01728                 }
01729                 err = tmperr;
01730         }
01731 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01732         /* detach all DAZ scanned lists */
01733         tmperr = rsbac_list_detach(&device_p->handles.dazs,
01734                                       RSBAC_DAZ_FD_ACI_KEY);
01735         if (tmperr) {
01736                 char *tmp;
01737 
01738                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01739                 if (tmp) {
01740                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from DAZ scanned list %s for device %02u:%02u failed with error %s!\n",
01741                                      RSBAC_DAZ_SCANNED_FD_NAME,
01742                                      RSBAC_MAJOR(device_p->id),
01743                                      RSBAC_MINOR(device_p->id),
01744                                      get_error_name(tmp, tmperr));
01745                         rsbac_kfree(tmp);
01746                 }
01747                 err = tmperr;
01748         }
01749 #endif
01750 #endif
01751 
01752 #if defined(CONFIG_RSBAC_FF)
01753         /* detach all FF lists */
01754         tmperr = rsbac_list_detach(&device_p->handles.ff,
01755                                    RSBAC_FF_FD_ACI_KEY);
01756         if (tmperr) {
01757                 char *tmp;
01758 
01759                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01760                 if (tmp) {
01761                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from FF list %s for device %02u:%02u failed with error %s!\n",
01762                                      RSBAC_FF_FD_NAME,
01763                                      RSBAC_MAJOR(device_p->id),
01764                                      RSBAC_MINOR(device_p->id),
01765                                      get_error_name(tmp, tmperr));
01766                         rsbac_kfree(tmp);
01767                 }
01768                 err = tmperr;
01769         }
01770 #endif
01771 
01772 #if defined(CONFIG_RSBAC_RC)
01773         /* detach all RC lists */
01774         tmperr = rsbac_list_detach(&device_p->handles.rc,
01775                                    RSBAC_RC_FD_ACI_KEY);
01776         if (tmperr) {
01777                 char *tmp;
01778 
01779                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01780                 if (tmp) {
01781                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from RC list %s for device %02u:%02u failed with error %s!\n",
01782                                      RSBAC_RC_FD_NAME,
01783                                      RSBAC_MAJOR(device_p->id),
01784                                      RSBAC_MINOR(device_p->id),
01785                                      get_error_name(tmp, tmperr));
01786                         rsbac_kfree(tmp);
01787                 }
01788                 err = tmperr;
01789         }
01790 #endif
01791 
01792 #if defined(CONFIG_RSBAC_AUTH)
01793         /* detach all AUTH lists */
01794         tmperr = rsbac_list_detach(&device_p->handles.auth,
01795                               RSBAC_AUTH_FD_ACI_KEY);
01796         if (tmperr) {
01797                 char *tmp;
01798 
01799                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01800                 if (tmp) {
01801                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from AUTH list %s for device %02u:%02u failed with error %s!\n",
01802                                      RSBAC_AUTH_FD_NAME,
01803                                      RSBAC_MAJOR(device_p->id),
01804                                      RSBAC_MINOR(device_p->id),
01805                                      get_error_name(tmp, tmperr));
01806                         rsbac_kfree(tmp);
01807                 }
01808                 err = tmperr;
01809         }
01810 #endif
01811 
01812 #if defined(CONFIG_RSBAC_CAP)
01813         /* detach all CAP lists */
01814         tmperr = rsbac_list_detach(&device_p->handles.cap,
01815                                    RSBAC_CAP_FD_ACI_KEY);
01816         if (tmperr) {
01817                 char *tmp;
01818 
01819                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01820                 if (tmp) {
01821                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from CAP list %s for device %02u:%02u failed with error %s!\n",
01822                                      RSBAC_CAP_FD_NAME,
01823                                      RSBAC_MAJOR(device_p->id),
01824                                      RSBAC_MINOR(device_p->id),
01825                                      get_error_name(tmp, tmperr));
01826                         rsbac_kfree(tmp);
01827                 }
01828                 err = tmperr;
01829         }
01830 #endif
01831 
01832 #if defined(CONFIG_RSBAC_PAX)
01833         /* detach all PAX lists */
01834         tmperr = rsbac_list_detach(&device_p->handles.pax,
01835                                    RSBAC_PAX_FD_ACI_KEY);
01836         if (tmperr) {
01837                 char *tmp;
01838 
01839                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01840                 if (tmp) {
01841                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from PAX list %s for device %02u:%02u failed with error %s!\n",
01842                                      RSBAC_PAX_FD_NAME,
01843                                      RSBAC_MAJOR(device_p->id),
01844                                      RSBAC_MINOR(device_p->id),
01845                                      get_error_name(tmp, tmperr));
01846                         rsbac_kfree(tmp);
01847                 }
01848                 err = tmperr;
01849         }
01850 #endif
01851 
01852 #if defined(CONFIG_RSBAC_RES)
01853         /* detach all RES lists */
01854         tmperr = rsbac_list_detach(&device_p->handles.res,
01855                                    RSBAC_RES_FD_ACI_KEY);
01856         if (tmperr) {
01857                 char *tmp;
01858 
01859                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01860                 if (tmp) {
01861                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from RES list %s for device %02u:%02u failed with error %s!\n",
01862                                      RSBAC_RES_FD_NAME,
01863                                      RSBAC_MAJOR(device_p->id),
01864                                      RSBAC_MINOR(device_p->id),
01865                                      get_error_name(tmp, tmperr));
01866                         rsbac_kfree(tmp);
01867                 }
01868                 err = tmperr;
01869         }
01870 #endif
01871 
01872         return err;
01873 }

static struct rsbac_device_list_item_t* add_device_item ( struct rsbac_device_list_item_t *  device_p  )  [static]

Definition at line 1900 of file aci_data_structures.c.

References device_hash(), device_head_p, device_list_locks, NULL, rsbac_kfree(), and rsbac_kmalloc().

Referenced by rsbac_do_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac().

01901 {
01902         struct rsbac_device_list_head_t * new_p;
01903 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01904         struct rsbac_device_list_head_t * old_p;
01905 #else
01906         u_long flags;
01907 #endif
01908         u_int hash;
01909 
01910         if (!device_p)
01911                 return (NULL);
01912 
01913         hash = device_hash(device_p->id);
01914 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01915         spin_lock(&device_list_locks[hash]);
01916         old_p = device_head_p[hash];
01917         new_p = rsbac_kmalloc(sizeof(*new_p));
01918         *new_p = *old_p;
01919 #else
01920         rsbac_write_lock(&device_list_locks[hash], &flags);
01921         new_p = device_head_p[hash];
01922 #endif
01923         /* add new device to device list */
01924         if (!new_p->head) {     /* first device */
01925                 new_p->head = device_p;
01926                 new_p->tail = device_p;
01927                 new_p->curr = device_p;
01928                 new_p->count = 1;
01929                 device_p->prev = NULL;
01930                 device_p->next = NULL;
01931         } else {                /* there is another device -> hang to tail */
01932                 device_p->prev = new_p->tail;
01933                 device_p->next = NULL;
01934                 new_p->tail->next = device_p;
01935                 new_p->tail = device_p;
01936                 new_p->curr = device_p;
01937                 new_p->count++;
01938         }
01939 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01940         rcu_assign_pointer(device_head_p[hash], new_p);
01941         spin_unlock(&device_list_locks[hash]);
01942         synchronize_rcu();
01943         rsbac_kfree(old_p);
01944 #else
01945         rsbac_write_unlock(&device_list_locks[hash], &flags);
01946 #endif
01947         return (device_p);
01948 }

static void clear_device_item ( struct rsbac_device_list_item_t *  item_p  )  [static]

Definition at line 1957 of file aci_data_structures.c.

References rsbac_kfree().

Referenced by remove_device_item(), rsbac_do_init(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac().

01958 {
01959         if (!item_p)
01960                 return;
01961 
01962         /* dput() rsbac_dir_dentry_p, if set */
01963         if (item_p->rsbac_dir_dentry_p)
01964                 dput(item_p->rsbac_dir_dentry_p);
01965         /* OK, lets remove the device item itself */
01966         rsbac_kfree(item_p);
01967 }

static int copy_new_ipcs ( rsbac_list_handle_t  list,
rsbac_list_ta_number_t  ta_number,
int *  count_p,
int *  i_count_p,
struct rsbac_ipc_t res_id_p 
) [static]

Definition at line 14556 of file aci_data_structures.c.

References FALSE, ipc_compare(), NULL, RSBAC_EINVALIDPOINTER, rsbac_ta_list_get_all_desc(), rsbac_vfree, and TRUE.

Referenced by rsbac_ta_list_all_ipc().

14560 {
14561         struct rsbac_ipc_t *i_id_p = NULL;
14562         rsbac_boolean_t found;
14563         int tmp_count;
14564         int i;
14565         int j;
14566 
14567         if (!list || !count_p || !i_count_p || !res_id_p)
14568                 return -RSBAC_EINVALIDPOINTER;
14569         if (!*i_count_p)
14570                 return 0;
14571 /*      rsbac_pr_debug(ds, "list %p, ta_number %u, count %u, "
14572                       "i_count %u, res_id_p %p, res_id_p[0] %u\n",
14573                        list, ta_number, *count_p, *i_count_p, res_id_p,
14574                        res_id_p[0]); */
14575         tmp_count =
14576             rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p);
14577         if (tmp_count > 0) {
14578                 if (tmp_count > *i_count_p)
14579                         tmp_count = *i_count_p;
14580                 for (i = 0; i < tmp_count; i++) {
14581                         found = FALSE;
14582                         for (j = 0; j < *count_p; j++) {
14583                                 if (!ipc_compare(&res_id_p[j], &i_id_p[i])) {
14584                                         found = TRUE;
14585                                         break;
14586                                 }
14587                         }
14588                         if (found == FALSE) {
14589                                 res_id_p[*count_p] = i_id_p[i];
14590                                 (*count_p)++;
14591                                 (*i_count_p)--;
14592                         }
14593                 }
14594                 rsbac_vfree(i_id_p);
14595         }
14596         return 0;
14597 }

static int copy_new_uids ( rsbac_list_handle_t  list,
rsbac_list_ta_number_t  ta_number,
int *  count_p,
int *  i_count_p,
rsbac_uid_t res_id_p 
) [static]

Definition at line 14382 of file aci_data_structures.c.

References FALSE, NULL, RSBAC_EINVALIDPOINTER, rsbac_ta_list_get_all_desc(), rsbac_vfree, and TRUE.

Referenced by rsbac_ta_list_all_user().

14386 {
14387         rsbac_uid_t *i_id_p = NULL;
14388         rsbac_boolean_t found;
14389         int tmp_count;
14390         int i;
14391         int j;
14392 
14393         if (!list || !count_p || !i_count_p || !res_id_p)
14394                 return -RSBAC_EINVALIDPOINTER;
14395         if (!*i_count_p)
14396                 return 0;
14397 /*      rsbac_pr_debug(ds, "list %p, ta_number %u, count %u, "
14398                        "i_count %u, res_id_p %p, res_id_p[0] %u\n",
14399                        list, ta_number, *count_p, *i_count_p, res_id_p,
14400                        res_id_p[0]); */
14401         tmp_count =
14402             rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p);
14403         if (tmp_count > 0) {
14404                 if (tmp_count > *i_count_p)
14405                         tmp_count = *i_count_p;
14406                 for (i = 0; i < tmp_count; i++) {
14407                         found = FALSE;
14408                         for (j = 0; j < *count_p; j++) {
14409                                 if (res_id_p[j] == i_id_p[i]) {
14410                                         found = TRUE;
14411                                         break;
14412                                 }
14413                         }
14414                         if (found == FALSE) {
14415                                 res_id_p[*count_p] = i_id_p[i];
14416                                 (*count_p)++;
14417                                 (*i_count_p)--;
14418                         }
14419                 }
14420                 rsbac_vfree(i_id_p);
14421         }
14422         return 0;
14423 }

static struct rsbac_device_list_item_t* create_device_item ( struct super_block *  sb_p,
struct dentry *  d_covers 
) [static]

Definition at line 1878 of file aci_data_structures.c.

References NULL, and rsbac_kmalloc().

Referenced by rsbac_do_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac().

01879 {
01880         struct rsbac_device_list_item_t *new_item_p;
01881 
01882         if (!sb_p)
01883                 return NULL;
01884         /* allocate memory for new device, return NULL, if failed */
01885         if (!(new_item_p = (struct rsbac_device_list_item_t *)
01886               rsbac_kmalloc(sizeof(*new_item_p))))
01887                 return (NULL);
01888 
01889         memset(new_item_p, 0, sizeof(*new_item_p));
01890         new_item_p->id = sb_p->s_dev;
01891         new_item_p->sb_p = sb_p;
01892         new_item_p->d_covers = d_covers;
01893         new_item_p->mount_count = 1;
01894         /* everything else is 0 by memset -> return */
01895         return (new_item_p);
01896 }

DECLARE_MUTEX ( rsbac_write_sem   ) 

static int dev_compare ( void *  desc1,
void *  desc2 
) [static]

Definition at line 603 of file aci_data_structures.c.

References rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, and rsbac_dev_desc_t::type.

Referenced by register_dev_lists(), and rsbac_init_acl().

00604 {
00605         int result;
00606         struct rsbac_dev_desc_t *i_desc1 = desc1;
00607         struct rsbac_dev_desc_t *i_desc2 = desc2;
00608 
00609         result = memcmp(&i_desc1->type,
00610                         &i_desc2->type, sizeof(i_desc1->type));
00611         if (result)
00612                 return result;
00613         result = memcmp(&i_desc1->major,
00614                         &i_desc2->major, sizeof(i_desc1->major));
00615         if (result)
00616                 return result;
00617         return memcmp(&i_desc1->minor,
00618                       &i_desc2->minor, sizeof(i_desc1->minor));
00619 }

static int dev_major_compare ( void *  desc1,
void *  desc2 
) [static]

Definition at line 621 of file aci_data_structures.c.

References rsbac_dev_desc_t::major, and rsbac_dev_desc_t::type.

Referenced by register_dev_lists(), and rsbac_init_acl().

00622 {
00623         int result;
00624         struct rsbac_dev_desc_t *i_desc1 = desc1;
00625         struct rsbac_dev_desc_t *i_desc2 = desc2;
00626 
00627         result = memcmp(&i_desc1->type,
00628                         &i_desc2->type, sizeof(i_desc1->type));
00629         if (result)
00630                 return result;
00631         return memcmp(&i_desc1->major,
00632                       &i_desc2->major, sizeof(i_desc1->major));
00633 }

static u_int device_hash ( kdev_t  id  )  [inline, static]

Definition at line 309 of file aci_data_structures.c.

Referenced by add_device_item(), get_attr_fd(), lookup_aci_path_dentry(), remove_device_item(), rsbac_get_full_path(), rsbac_get_full_path_length(), rsbac_get_parent(), rsbac_get_super_block(), rsbac_mount(), rsbac_ta_remove_target(), rsbac_umount(), and set_attr_fd().

00310 {
00311   return id & (RSBAC_NR_DEVICE_LISTS - 1);
00312 }

static int gen_dev_conv ( void *  old_desc,
void *  old_data,
void *  new_desc,
void *  new_data 
) [static]

Definition at line 738 of file aci_data_structures.c.

Referenced by gen_dev_get_conv().

00740 {
00741         struct rsbac_dev_desc_t *new = new_desc;
00742         struct rsbac_dev_t *old = old_desc;
00743 
00744         memcpy(new_data, old_data, sizeof(struct rsbac_gen_dev_aci_t));
00745         new->type = old->type;
00746         new->major = RSBAC_MAJOR(old->id);
00747         new->minor = RSBAC_MINOR(old->id);
00748         return 0;
00749 }

rsbac_list_conv_function_t* gen_dev_get_conv ( rsbac_version_t  old_version  ) 

Definition at line 751 of file aci_data_structures.c.

References gen_dev_conv(), NULL, and RSBAC_GEN_DEV_OLD_ACI_VERSION.

Referenced by register_dev_lists().

00752 {
00753         switch (old_version) {
00754         case RSBAC_GEN_DEV_OLD_ACI_VERSION:
00755                 return gen_dev_conv;
00756         default:
00757                 return NULL;
00758         }
00759 }

static int gen_fd_conv ( void *  old_desc,
void *  old_data,
void *  new_desc,
void *  new_data 
) [static]

Definition at line 663 of file aci_data_structures.c.

References rsbac_gen_fd_old_aci_t::auid_exempt, rsbac_gen_fd_aci_t::auid_exempt, rsbac_gen_fd_old_aci_t::fake_root_uid, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_gen_fd_old_aci_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_gen_fd_old_aci_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_gen_fd_old_aci_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_gen_fd_old_aci_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, rsbac_gen_fd_old_aci_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_gen_fd_old_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_gen_fd_old_aci_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid.

Referenced by gen_fd_get_conv().

00665 {
00666         struct rsbac_gen_fd_aci_t *new_aci = new_data;
00667         struct rsbac_gen_fd_old_aci_t *old_aci = old_data;
00668 
00669         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00670         new_aci->log_array_low = old_aci->log_array_low;
00671         new_aci->log_array_high = old_aci->log_array_high;
00672         new_aci->log_program_based = old_aci->log_program_based;
00673         new_aci->symlink_add_remote_ip = 0;
00674         new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00675         new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00676         new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00677         new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00678         new_aci->fake_root_uid = old_aci->fake_root_uid;
00679         new_aci->auid_exempt = old_aci->auid_exempt;
00680         return 0;
00681 }

rsbac_list_conv_function_t* gen_fd_get_conv ( rsbac_version_t  old_version  ) 

Definition at line 724 of file aci_data_structures.c.

References gen_fd_conv(), gen_fd_old_conv(), gen_fd_old_old_conv(), NULL, RSBAC_GEN_FD_OLD_ACI_VERSION, RSBAC_GEN_FD_OLD_OLD_ACI_VERSION, and RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION.

Referenced by register_fd_lists().

00725 {
00726         switch (old_version) {
00727         case RSBAC_GEN_FD_OLD_ACI_VERSION:
00728                 return gen_fd_conv;
00729         case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION:
00730                 return gen_fd_old_conv;
00731         case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION:
00732                 return gen_fd_old_old_conv;
00733         default:
00734                 return NULL;
00735         }
00736 }

static int gen_fd_old_conv ( void *  old_desc,
void *  old_data,
void *  new_desc,
void *  new_data 
) [static]

Definition at line 683 of file aci_data_structures.c.

References rsbac_gen_fd_aci_t::auid_exempt, rsbac_gen_fd_old_aci_t::fake_root_uid, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_gen_fd_old_aci_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_gen_fd_old_aci_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_gen_fd_old_aci_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_gen_fd_old_aci_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, RSBAC_NO_USER, rsbac_gen_fd_old_aci_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_gen_fd_old_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_gen_fd_old_aci_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid.

Referenced by gen_fd_get_conv().

00685 {
00686         struct rsbac_gen_fd_aci_t *new_aci = new_data;
00687         struct rsbac_gen_fd_old_aci_t *old_aci = old_data;
00688 
00689         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00690         new_aci->log_array_low = old_aci->log_array_low;
00691         new_aci->log_array_high = old_aci->log_array_high;
00692         new_aci->log_program_based = old_aci->log_program_based;
00693         new_aci->symlink_add_remote_ip = 0;
00694         new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00695         new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00696         new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00697         new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00698         new_aci->fake_root_uid = old_aci->fake_root_uid;
00699         new_aci->auid_exempt = RSBAC_NO_USER;
00700         return 0;
00701 }

static int gen_fd_old_old_conv ( void *  old_desc,
void *  old_data,
void *  new_desc,
void *  new_data 
) [static]

Definition at line 703 of file aci_data_structures.c.

References rsbac_gen_fd_aci_t::auid_exempt, rsbac_gen_fd_aci_t::fake_root_uid, FR_off, rsbac_gen_fd_old_old_aci_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_gen_fd_old_old_aci_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_gen_fd_old_old_aci_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_gen_fd_old_old_aci_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, RSBAC_NO_USER, rsbac_gen_fd_old_old_aci_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_gen_fd_old_old_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_gen_fd_old_old_aci_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid.

Referenced by gen_fd_get_conv().

00706 {
00707         struct rsbac_gen_fd_aci_t *new_aci = new_data;
00708         struct rsbac_gen_fd_old_old_aci_t *old_aci = old_data;
00709 
00710         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00711         new_aci->log_array_low = old_aci->log_array_low;
00712         new_aci->log_array_high = old_aci->log_array_high;
00713         new_aci->log_program_based = old_aci->log_program_based;
00714         new_aci->symlink_add_remote_ip = 0;
00715         new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00716         new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00717         new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00718         new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00719         new_aci->fake_root_uid = FR_off;
00720         new_aci->auid_exempt = RSBAC_NO_USER;
00721         return 0;
00722 }

static int get_attr_dev ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
struct rsbac_dev_desc_t  dev,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value,
rsbac_boolean_t  inherit 
) [static]

Definition at line 9971 of file aci_data_structures.c.

References A_log_array_high, A_log_array_low, A_mac_categories, A_mac_check, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, D_block, D_block_major, D_char, D_char_major, DEFAULT_GEN_DEV_ACI, dev_handles, dev_major_handles, rsbac_gen_dev_aci_t::log_array_high, rsbac_attribute_value_t::log_array_high, rsbac_gen_dev_aci_t::log_array_low, rsbac_attribute_value_t::log_array_low, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_check, NULL, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::rc_type, RC_type_inherit_parent, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_RC_GENERAL_TYPE, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SW_GEN, and rsbac_dev_desc_t::type.

Referenced by rsbac_ta_get_attr().

09978 {
09979         int err = 0;
09980 /*      rsbac_pr_debug(ds, "Getting dev attribute\n"); */
09981         switch (module) {
09982         case SW_GEN:
09983                 {
09984                         struct rsbac_gen_dev_aci_t aci =
09985                             DEFAULT_GEN_DEV_ACI;
09986 
09987                         rsbac_ta_list_get_data_ttl(ta_number,
09988                                                    dev_handles.gen,
09989                                                    NULL, &dev, &aci);
09990                         switch (attr) {
09991                         case A_log_array_low:
09992                                 value->log_array_low = aci.log_array_low;
09993                                 break;
09994                         case A_log_array_high:
09995                                 value->log_array_high = aci.log_array_high;
09996                                 break;
09997                         default:
09998                                 err = -RSBAC_EINVALIDATTR;
09999                         }
10000                 }
10001                 break;
10002 
10003 #if defined(CONFIG_RSBAC_MAC)
10004         case SW_MAC:
10005                 {
10006                         struct rsbac_mac_dev_aci_t aci =
10007                             DEFAULT_MAC_DEV_ACI;
10008 
10009                         rsbac_ta_list_get_data_ttl(ta_number,
10010                                                    dev_handles.mac,
10011                                                    NULL, &dev, &aci);
10012                         switch (attr) {
10013                         case A_security_level:
10014                                 value->security_level = aci.sec_level;
10015                                 break;
10016                         case A_mac_categories:
10017                                 value->mac_categories = aci.mac_categories;
10018                                 break;
10019                         case A_mac_check:
10020                                 value->mac_check = aci.mac_check;
10021                                 break;
10022 
10023                         default:
10024                                 err = -RSBAC_EINVALIDATTR;
10025                         }
10026                 }
10027                 break;
10028 #endif                          /* MAC */
10029 
10030 #if defined(CONFIG_RSBAC_PM)
10031         case SW_PM:
10032                 {
10033                         struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
10034 
10035                         rsbac_ta_list_get_data_ttl(ta_number,
10036                                                    dev_handles.pm,
10037                                                    NULL, &dev, &aci);
10038                         switch (attr) {
10039                         case A_pm_object_class:
10040                                 value->pm_object_class =
10041                                     aci.pm_object_class;
10042                                 break;
10043                         case A_pm_object_type:
10044                                 value->pm_object_type = aci.pm_object_type;
10045                                 break;
10046                         default:
10047                                 err = -RSBAC_EINVALIDATTR;
10048                         }
10049                 }
10050                 break;
10051 #endif                          /* PM */
10052 
10053 #if defined(CONFIG_RSBAC_RC)
10054         case SW_RC:
10055                 {
10056                         rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10057 
10058                         switch (dev.type) {
10059                         case D_char:
10060                         case D_block:
10061                                 if (rsbac_ta_list_get_data_ttl(ta_number,
10062                                                                dev_handles.
10063                                                                rc, NULL,
10064                                                                &dev, &type)
10065                                     || ((type == RC_type_inherit_parent)
10066                                         && inherit)
10067                                     )
10068                                         rsbac_ta_list_get_data_ttl
10069                                             (ta_number,
10070                                              dev_major_handles.rc, NULL,
10071                                              &dev, &type);
10072                                 break;
10073                         case D_char_major:
10074                         case D_block_major:
10075                                 dev.type -= (D_block_major - D_block);
10076                                 rsbac_ta_list_get_data_ttl(ta_number,
10077                                                            dev_major_handles.
10078                                                            rc, NULL, &dev,
10079                                                            &type);
10080                                 break;
10081                         default:
10082                                 return -RSBAC_EINVALIDTARGET;
10083                         }
10084                         switch (attr) {
10085                         case A_rc_type:
10086                                 value->rc_type = type;
10087                                 break;
10088 
10089                         default:
10090                                 err = -RSBAC_EINVALIDATTR;
10091                         }
10092                 }
10093                 break;
10094 #endif                          /* RC */
10095 
10096         default:
10097                 err = -RSBAC_EINVALIDMODULE;
10098         }
10099         /* and return */
10100         return err;
10101 }

static int get_attr_fd ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t tid_p,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value,
rsbac_boolean_t  inherit 
) [static]

Definition at line 9177 of file aci_data_structures.c.

References A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_ld_env, A_daz_do_scan, A_daz_scanned, A_daz_scanner, A_fake_root_uid, A_ff_flags, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_file_flags, A_mac_prop_trusted, A_max_caps, A_min_caps, A_pax_flags, A_pm_object_class, A_pm_object_type, A_pm_tp, A_rc_force_role, A_rc_initial_role, A_rc_type_fd, A_res_max, A_res_min, A_security_level, A_symlink_add_mac_level, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, rsbac_gen_fd_aci_t::auid_exempt, rsbac_attribute_value_t::auid_exempt, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, rsbac_attribute_value_t::cap_ld_env, rsbac_attribute_value_t::daz_do_scan, DAZ_inherit, rsbac_attribute_value_t::daz_scanned, rsbac_attribute_value_t::daz_scanner, def_gen_root_dir_aci, DEFAULT_GEN_FD_ACI, device_hash(), device_list_locks, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_attribute_value_t::fake_root_uid, FALSE, FF_add_inherited, rsbac_attribute_value_t::ff_flags, FF_no_delete_or_rename, KERNEL_VERSION, LD_deny, LD_inherit, LDD_inherit, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_attribute_value_t::linux_dac_disable, rsbac_gen_fd_aci_t::log_array_high, rsbac_attribute_value_t::log_array_high, rsbac_gen_fd_aci_t::log_array_low, rsbac_attribute_value_t::log_array_low, rsbac_gen_fd_aci_t::log_program_based, rsbac_attribute_value_t::log_program_based, lookup_device(), MA_inherit, rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_file_flags, rsbac_attribute_value_t::mac_prop_trusted, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, rsbac_attribute_value_t::pax_flags, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::pm_tp, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_initial_role, RC_role_inherit_parent, rsbac_attribute_value_t::rc_type_fd, RC_type_inherit_parent, rsbac_attribute_value_t::res_array, RSBAC_EINVALIDATTR, RSBAC_EINVALIDDEV, RSBAC_EINVALIDMODULE, RSBAC_FF_DEF, rsbac_get_parent(), RSBAC_MAC_INHERIT_CAT_VECTOR, rsbac_mount(), RSBAC_PAX_DEF_FLAGS, rsbac_printk(), rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SL_inherit, SW_GEN, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_attribute_value_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_attribute_value_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_attribute_value_t::symlink_add_remote_ip, rsbac_gen_fd_aci_t::symlink_add_uid, rsbac_attribute_value_t::symlink_add_uid, and TRUE.

Referenced by rsbac_ta_get_attr().

09184 {
09185         int err = 0;
09186         struct rsbac_device_list_item_t *device_p;
09187 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09188         u_long dflags;
09189 #endif
09190 #if defined(CONFIG_RSBAC_FF)
09191         rsbac_ff_flags_t ff_flags = 0;
09192         rsbac_ff_flags_t ff_tmp_flags;
09193         rsbac_ff_flags_t ff_mask = -1;
09194 #endif
09195         u_int hash;
09196 
09197 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09198         if (!RSBAC_MAJOR(tid_p->file.device)
09199             && !RSBAC_MINOR(tid_p->file.device)
09200             )
09201                 return -RSBAC_EINVALIDDEV;
09202 #endif
09203         /* use loop for inheritance - used to be recursive calls */
09204         for (;;) {
09205 /*              rsbac_pr_debug(ds, "Getting file/dir/fifo/"
09206                                "symlink attribute %u for device %02u:%02u, "
09207                                "inode %lu, dentry_p %p\n", attr,
09208                                RSBAC_MAJOR(tid_p->file.device),
09209                                RSBAC_MINOR(tid_p->file.device),
09210                                (u_long)tid_p->file.inode,
09211                                tid_p->file.dentry_p); */
09212                 hash = device_hash(tid_p->file.device);
09213                 /* wait for read access to device_list_head */
09214 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09215                 rcu_read_lock();
09216 #else
09217                 rsbac_read_lock(&device_list_locks[hash], &dflags);
09218 #endif
09219                 /* OK, go on */
09220                 /* rsbac_pr_debug(ds, "passed device read lock\n"); */
09221                 /* lookup device */
09222                 device_p = lookup_device(tid_p->file.device, hash);
09223                 if (!device_p) {
09224                         struct super_block *sb_p;
09225 
09226 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09227                         rcu_read_unlock();
09228 #else
09229                         rsbac_read_unlock(&device_list_locks[hash], &dflags);
09230 #endif
09231 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09232                         sb_p = user_get_super(tid_p->file.device);
09233 #else
09234                         sb_p = get_super(tid_p->file.device);
09235 #endif
09236                         if (sb_p) {
09237                                 if(RSBAC_MAJOR(tid_p->file.device) <= 1) {
09238                                         rsbac_printk(KERN_INFO "rsbac_get_attr(): auto-mounting device %02u:%02u\n",
09239                                              RSBAC_MAJOR(tid_p->file.
09240                                                          device),
09241                                              RSBAC_MINOR(tid_p->file.
09242                                                          device));
09243                                         rsbac_mount(sb_p, NULL);
09244                                 }
09245                                 /* free super_block pointer */
09246                                 drop_super(sb_p);
09247 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09248                                 rcu_read_lock();
09249 #else
09250                                 rsbac_read_lock(&device_list_locks[hash],
09251                                                 &dflags);
09252 #endif
09253                                 device_p =
09254                                     lookup_device(tid_p->file.device, hash);
09255                                 if (!device_p) {
09256                                         rsbac_printk(KERN_WARNING "rsbac_get_attr(): unknown device %02u:%02u\n",
09257                                                      RSBAC_MAJOR(tid_p->
09258                                                                  file.
09259                                                                  device),
09260                                                      RSBAC_MINOR(tid_p->
09261                                                                  file.
09262                                                                  device));
09263 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09264                                         rcu_read_unlock();
09265 #else
09266                                         rsbac_read_unlock
09267                                             (&device_list_locks[hash],
09268                                              &dflags);
09269 #endif
09270                                         return -RSBAC_EINVALIDDEV;
09271                                 }
09272                         } else
09273                                 return -RSBAC_EINVALIDDEV;
09274                 }
09275                 switch (module) {
09276                 case SW_GEN:
09277                         {
09278                                 struct rsbac_gen_fd_aci_t aci =
09279                                     DEFAULT_GEN_FD_ACI;
09280 
09281                                 if (attr == A_internal) {
09282                                         if (!device_p->rsbac_dir_inode
09283                                             || !tid_p->file.inode)
09284                                                 value->internal = FALSE;
09285                                         else if (device_p->
09286                                                  rsbac_dir_inode ==
09287                                                  tid_p->file.inode)
09288                                                 value->internal = TRUE;
09289                                         else if (inherit) {
09290                                                 enum rsbac_target_t
09291                                                     parent_target;
09292                                                 union rsbac_target_id_t
09293                                                     parent_tid;
09294 
09295                                                 /* inheritance possible? */
09296                                                 if (!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) {   /* yes: inherit this single level */
09297                                                         if (device_p->
09298                                                             rsbac_dir_inode
09299                                                             ==
09300                                                             parent_tid.
09301                                                             file.inode)
09302                                                                 value->
09303                                                                     internal
09304                                                                     = TRUE;
09305                                                         else
09306                                                                 value->
09307                                                                     internal
09308                                                                     =
09309                                                                     FALSE;
09310                                                 } else {
09311                                                         value->internal =
09312                                                             FALSE;
09313                                                 }
09314                                         } else {
09315                                                 value->internal = FALSE;
09316                                         }
09317 
09318                                         /* free access to device_list_head */
09319 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09320                                         rcu_read_unlock();
09321 #else
09322                                         rsbac_read_unlock
09323                                             (&device_list_locks[hash],
09324                                              &dflags);
09325 #endif
09326                                         return 0;
09327                                 }
09328                                 rsbac_ta_list_get_data_ttl(ta_number,
09329                                                            device_p->
09330                                                            handles.gen,
09331                                                            NULL,
09332                                                            &tid_p->file.
09333                                                            inode, &aci);
09334                                 switch (attr) {
09335                                 case A_log_array_low:
09336                                         value->log_array_low =
09337                                             aci.log_array_low;
09338                                         break;
09339                                 case A_log_array_high:
09340                                         value->log_array_high =
09341                                             aci.log_array_high;
09342                                         break;
09343                                 case A_log_program_based:
09344                                         value->log_program_based =
09345                                             aci.log_program_based;
09346                                         break;
09347                                 case A_symlink_add_remote_ip:
09348                                         value->symlink_add_remote_ip =
09349                                             aci.symlink_add_remote_ip;
09350                                         break;
09351                                 case A_symlink_add_uid:
09352                                         value->symlink_add_uid =
09353                                             aci.symlink_add_uid;
09354                                         break;
09355                                 case A_symlink_add_mac_level:
09356                                         value->symlink_add_mac_level =
09357                                             aci.symlink_add_mac_level;
09358                                         break;
09359                                 case A_symlink_add_rc_role:
09360                                         value->symlink_add_rc_role =
09361                                             aci.symlink_add_rc_role;
09362                                         break;
09363                                 case A_linux_dac_disable:
09364                                         value->linux_dac_disable =
09365                                             aci.linux_dac_disable;
09366                                         if ((value->linux_dac_disable ==
09367                                              LDD_inherit) && inherit) {
09368                                                 enum rsbac_target_t
09369                                                     parent_target;
09370                                                 union rsbac_target_id_t
09371                                                     parent_tid;
09372 
09373                                                 /* free access to device_list_head - see above */
09374 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09375                                                 rcu_read_unlock();
09376 #else
09377                                                 rsbac_read_unlock
09378                                                     (&device_list_locks[hash],
09379                                                      &dflags);
09380 #endif
09381                                                 /* inheritance possible? */
09382                                                 if (!rsbac_get_parent
09383                                                     (target, *tid_p,
09384                                                      &parent_target,
09385                                                      &parent_tid)) {
09386                                                         target =
09387                                                             parent_target;
09388                                                         *tid_p =
09389                                                             parent_tid;
09390                                                         continue;
09391                                                 } else {
09392                                                         value->
09393                                                             linux_dac_disable
09394                                                             =
09395                                                             def_gen_root_dir_aci.
09396                                                             linux_dac_disable;
09397                                                         return 0;
09398                                                 }
09399                                         }
09400                                         break;
09401                                 case A_fake_root_uid:
09402                                         value->fake_root_uid =
09403                                             aci.fake_root_uid;
09404                                         break;
09405                                 case A_auid_exempt:
09406                                         value->auid_exempt =
09407                                             aci.auid_exempt;
09408                                         break;
09409                                 default:
09410                                         err = -RSBAC_EINVALIDATTR;
09411                                 }
09412                         }
09413                         break;
09414 
09415 #if defined(CONFIG_RSBAC_MAC)
09416                 case SW_MAC:
09417                         {
09418                                 struct rsbac_mac_fd_aci_t aci =
09419                                     DEFAULT_MAC_FD_ACI;
09420 
09421                                 rsbac_ta_list_get_data_ttl(ta_number,
09422                                                            device_p->
09423                                                            handles.mac,
09424                                                            NULL,
09425                                                            &tid_p->file.
09426                                                            inode, &aci);
09427                                 switch (attr) {
09428                                 case A_security_level:
09429                                         value->security_level =
09430                                             aci.sec_level;
09431                                         if ((value->security_level ==
09432                                              SL_inherit) && inherit) {
09433                                                 enum rsbac_target_t
09434                                                     parent_target;
09435                                                 union rsbac_target_id_t
09436                                                     parent_tid;
09437 
09438                                                 /* free access to device_list_head - see above */
09439 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09440                                                 rcu_read_unlock();
09441 #else
09442                                                 rsbac_read_unlock
09443                                                     (&device_list_locks[hash], &dflags);
09444 #endif
09445                                                 /* inheritance possible? */
09446                                                 if (!rsbac_get_parent
09447                                                     (target, *tid_p,
09448                                                      &parent_target,
09449                                                      &parent_tid)) {
09450                                                         target =
09451                                                             parent_target;
09452                                                         *tid_p =
09453                                                             parent_tid;
09454                                                         continue;
09455                                                 } else {
09456                                                         value->
09457                                                             security_level
09458                                                             =
09459                                                             def_mac_root_dir_aci.
09460                                                             sec_level;
09461                                                         return 0;
09462                                                 }
09463                                         }
09464                                         break;
09465                                 case A_mac_categories:
09466                                         value->mac_categories =
09467                                             aci.mac_categories;
09468                                         if ((value->mac_categories ==
09469                                              RSBAC_MAC_INHERIT_CAT_VECTOR)
09470                                             && inherit) {
09471                                                 enum rsbac_target_t
09472                                                     parent_target;
09473                                                 union rsbac_target_id_t
09474                                                     parent_tid;
09475 
09476                                                 /* free access to device_list_head - see above */
09477 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09478                                                 rcu_read_unlock();
09479 #else
09480                                                 rsbac_read_unlock
09481                                                     (&device_list_locks[hash], &dflags);
09482 #endif
09483                                                 /* inheritance possible? */
09484                                                 if (!rsbac_get_parent
09485                                                     (target, *tid_p,
09486                                                      &parent_target,
09487                                                      &parent_tid)) {
09488                                                         target =
09489                                                             parent_target;
09490                                                         *tid_p =
09491                                                             parent_tid;
09492                                                         continue;
09493                                                 } else {
09494                                                         value->
09495                                                             mac_categories
09496                                                             =
09497                                                             def_mac_root_dir_aci.
09498                                                             mac_categories;
09499                                                         return 0;
09500                                                 }
09501                                         }
09502                                         break;
09503                                 case A_mac_auto:
09504                                         value->mac_auto = aci.mac_auto;
09505                                         if ((value->mac_auto == MA_inherit)
09506                                             && inherit) {
09507                                                 enum rsbac_target_t
09508                                                     parent_target;
09509                                                 union rsbac_target_id_t
09510                                                     parent_tid;
09511 
09512                                                 /* free access to device_list_head - see above */
09513 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09514                                                 rcu_read_unlock();
09515 #else
09516                                                 rsbac_read_unlock
09517                                                     (&device_list_locks[hash], &dflags);
09518 #endif
09519                                                 /* inheritance possible? */
09520                                                 if (!rsbac_get_parent
09521                                                     (target, *tid_p,
09522                                                      &parent_target,
09523                                                      &parent_tid)) {
09524                                                         target =
09525                                                             parent_target;
09526                                                         *tid_p =
09527                                                             parent_tid;
09528                                                         continue;
09529                                                 } else {
09530                                                         value->mac_auto
09531                                                             =
09532                                                             def_mac_root_dir_aci.
09533                                                             mac_auto;
09534                                                         return 0;
09535                                                 }
09536                                         }
09537                                         break;
09538                                 case A_mac_prop_trusted:
09539                                         value->mac_prop_trusted =
09540                                             aci.mac_prop_trusted;
09541                                         break;
09542                                 case A_mac_file_flags:
09543                                         value->mac_file_flags =
09544                                             aci.mac_file_flags;
09545                                         break;
09546 
09547                                 default:
09548                                         err = -RSBAC_EINVALIDATTR;
09549                                 }
09550                         }
09551                         break;
09552 #endif                          /* MAC */
09553 
09554 #if defined(CONFIG_RSBAC_PM)
09555                 case SW_PM:
09556                         {
09557                                 struct rsbac_pm_fd_aci_t aci =
09558                                     DEFAULT_PM_FD_ACI;
09559 
09560                                 rsbac_ta_list_get_data_ttl(ta_number,
09561                                                            device_p->
09562                                                            handles.pm,
09563                                                            NULL,
09564                                                            &tid_p->file.
09565                                                            inode, &aci);
09566                                 switch (attr) {
09567                                 case A_pm_object_class:
09568                                         value->pm_object_class =
09569                                             aci.pm_object_class;
09570                                         break;
09571                                 case A_pm_tp:
09572                                         value->pm_tp = aci.pm_tp;
09573                                         break;
09574                                 case A_pm_object_type:
09575                                         value->pm_object_type =
09576                                             aci.pm_object_type;
09577                                         break;
09578                                 default:
09579                                         err = -RSBAC_EINVALIDATTR;
09580                                 }
09581                         }
09582                         break;
09583 #endif                          /* PM */
09584 
09585 #if defined(CONFIG_RSBAC_DAZ)
09586                 case SW_DAZ:
09587                         {
09588 #if defined(CONFIG_RSBAC_DAZ_CACHE)
09589                                 if (attr == A_daz_scanned) {
09590                                         err = rsbac_ta_list_get_data_ttl
09591                                             (ta_number,
09592                                              device_p->handles.dazs,
09593                                              NULL, &tid_p->file.inode,
09594                                              &value->daz_scanned);
09595                                 } else
09596 #endif
09597                                 {
09598                                         struct rsbac_daz_fd_aci_t aci =
09599                                             DEFAULT_DAZ_FD_ACI;
09600 
09601                                         rsbac_ta_list_get_data_ttl
09602                                             (ta_number,
09603                                              device_p->handles.daz,
09604                                              NULL, &tid_p->file.inode,
09605                                              &aci);
09606                                         switch (attr) {
09607                                         case A_daz_scanner:
09608                                                 value->daz_scanner =
09609                                                     aci.daz_scanner;
09610                                                 break;
09611                                         case A_daz_do_scan:
09612                                                 value->daz_do_scan = aci.daz_do_scan;
09613                                                 if(   (value->daz_do_scan == DAZ_inherit)
09614                                                         && inherit) {
09615                                                         enum rsbac_target_t       parent_target;
09616                                                         union rsbac_target_id_t   parent_tid;
09617 
09618 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09619                                                         rcu_read_unlock();
09620 #else
09621                                                         rsbac_read_unlock(&device_list_locks[hash], &dflags);
09622 #endif
09623                                                         if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) {
09624                                                                 target = parent_target;
09625                                                                 *tid_p = parent_tid;
09626                                                                 continue;
09627                                                         } else {
09628                                                                 value->daz_do_scan
09629                                                                         = def_daz_root_dir_aci.daz_do_scan;
09630                                                                 return 0;
09631                                                         }
09632                                                 }
09633                                                 break;
09634                                         default:
09635                                                 err = -RSBAC_EINVALIDATTR;
09636                                         }
09637                                 }
09638                         }
09639                         break;
09640 #endif                          /* DAZ */
09641 
09642 #if defined(CONFIG_RSBAC_FF)
09643                 case SW_FF:
09644                         {
09645                                 switch (attr) {
09646                                 case A_ff_flags:
09647                                         ff_tmp_flags = RSBAC_FF_DEF;
09648                                         rsbac_ta_list_get_data_ttl
09649                                             (ta_number,
09650                                              device_p->handles.ff,
09651                                              NULL,
09652                                              &tid_p->file.inode,
09653                                              &ff_tmp_flags);
09654                                         ff_flags |= ff_tmp_flags & ff_mask;
09655                                         value->ff_flags = ff_flags;
09656                                         if ((ff_tmp_flags &
09657                                              FF_add_inherited)
09658                                             && inherit) {
09659                                                 /* inheritance possible? */
09660                                                 if (!rsbac_get_parent
09661                                                     (target, *tid_p,
09662                                                      &target, tid_p)) {
09663                                                         /* free access to device_list_head - see above */
09664 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09665                                                         rcu_read_unlock();
09666 #else
09667                                                         rsbac_read_unlock
09668                                                             (&device_list_locks[hash],
09669                                                              &dflags);
09670 #endif
09671                                                         ff_mask &=
09672                                                             ~
09673                                                             (FF_no_delete_or_rename
09674                                                              |
09675                                                              FF_add_inherited);
09676                                                         ff_flags &=
09677                                                             ~
09678                                                             (FF_add_inherited);
09679                                                         continue;
09680                                                 } else
09681                                                         value->ff_flags &=
09682                                                             ~
09683                                                             (FF_add_inherited);
09684                                         }
09685                                         break;
09686 
09687                                 default:
09688                                         err = -RSBAC_EINVALIDATTR;
09689                                 }
09690                         }
09691                         break;
09692 #endif                          /* FF */
09693 
09694 #if defined(CONFIG_RSBAC_RC)
09695                 case SW_RC:
09696                         {
09697                                 struct rsbac_rc_fd_aci_t aci =
09698                                     DEFAULT_RC_FD_ACI;
09699 
09700                                 rsbac_ta_list_get_data_ttl(ta_number,
09701                                                            device_p->
09702                                                            handles.rc,
09703                                                            NULL,
09704                                                            &tid_p->file.
09705                                                            inode, &aci);
09706                                 switch (attr) {
09707                                 case A_rc_type_fd:
09708                                         value->rc_type_fd = aci.rc_type_fd;
09709                                         if (value->rc_type_fd ==
09710                                             RC_type_inherit_parent
09711                                             && inherit) {
09712                                                 enum rsbac_target_t
09713                                                     parent_target;
09714                                                 union rsbac_target_id_t
09715                                                     parent_tid;
09716 
09717                                                 /* free access to device_list_head - see above */
09718 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09719                                                 rcu_read_unlock();
09720 #else
09721                                                 rsbac_read_unlock
09722                                                     (&device_list_locks[hash], &dflags);
09723 #endif
09724                                                 /* inheritance possible? */
09725                                                 if (!rsbac_get_parent
09726                                                     (target, *tid_p,
09727                                                      &parent_target,
09728                                                      &parent_tid)) {
09729                                                         target =
09730                                                             parent_target;
09731                                                         *tid_p =
09732                                                             parent_tid;
09733                                                         continue;
09734                                                 } else {
09735                                                         value->rc_type_fd
09736                                                             =
09737                                                             def_rc_root_dir_aci.
09738                                                             rc_type_fd;
09739                                                         return 0;
09740                                                 }
09741                                         }
09742                                         break;
09743                                 case A_rc_force_role:
09744                                         value->rc_force_role =
09745                                             aci.rc_force_role;
09746                                         if (value->rc_force_role ==
09747                                             RC_role_inherit_parent
09748                                             && inherit) {
09749                                                 enum rsbac_target_t
09750                                                     parent_target;
09751                                                 union rsbac_target_id_t
09752                                                     parent_tid;
09753 
09754                                                 /* free access to device_list_head - see above */
09755 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09756                                                 rcu_read_unlock();
09757 #else
09758                                                 rsbac_read_unlock
09759                                                     (&device_list_locks[hash], &dflags);
09760 #endif
09761                                                 /* inheritance possible? */
09762                                                 if (!rsbac_get_parent
09763                                                     (target, *tid_p,
09764                                                      &parent_target,
09765                                                      &parent_tid)) {
09766                                                         target =
09767                                                             parent_target;
09768                                                         *tid_p =
09769                                                             parent_tid;
09770                                                         continue;
09771                                                 } else {
09772                                                         value->
09773                                                             rc_force_role =
09774                                                             def_rc_root_dir_aci.
09775                                                             rc_force_role;
09776                                                         return 0;
09777                                                 }
09778                                         }
09779                                         break;
09780                                 case A_rc_initial_role:
09781                                         value->rc_initial_role =
09782                                             aci.rc_initial_role;
09783                                         if (value->rc_initial_role ==
09784                                             RC_role_inherit_parent
09785                                             && inherit) {
09786                                                 enum rsbac_target_t
09787                                                     parent_target;
09788                                                 union rsbac_target_id_t
09789                                                     parent_tid;
09790 
09791                                                 /* free access to device_list_head - see above */
09792 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09793                                                 rcu_read_unlock();
09794 #else
09795                                                 rsbac_read_unlock
09796                                                     (&device_list_locks[hash], &dflags);
09797 #endif
09798                                                 /* inheritance possible? */
09799                                                 if (!rsbac_get_parent
09800                                                     (target, *tid_p,
09801                                                      &parent_target,
09802                                                      &parent_tid)) {
09803                                                         target =
09804                                                             parent_target;
09805                                                         *tid_p =
09806                                                             parent_tid;
09807                                                         continue;
09808                                                 } else {
09809                                                         value->
09810                                                             rc_initial_role
09811                                                             =
09812                                                             def_rc_root_dir_aci.
09813                                                             rc_initial_role;
09814                                                         return 0;
09815                                                 }
09816                                         }
09817                                         break;
09818 
09819                                 default:
09820                                         err = -RSBAC_EINVALIDATTR;
09821                                 }
09822                         }
09823                         break;
09824 #endif                          /* RC */
09825 
09826 #if defined(CONFIG_RSBAC_AUTH)
09827                 case SW_AUTH:
09828                         {
09829                                 struct rsbac_auth_fd_aci_t aci =
09830                                     DEFAULT_AUTH_FD_ACI;
09831 
09832                                 rsbac_ta_list_get_data_ttl(ta_number,
09833                                                            device_p->
09834                                                            handles.auth,
09835                                                            NULL,
09836                                                            &tid_p->file.
09837                                                            inode, &aci);
09838                                 switch (attr) {
09839                                 case A_auth_may_setuid:
09840                                         value->auth_may_setuid =
09841                                             aci.auth_may_setuid;
09842                                         break;
09843                                 case A_auth_may_set_cap:
09844                                         value->auth_may_set_cap =
09845                                             aci.auth_may_set_cap;
09846                                         break;
09847                                 case A_auth_learn:
09848                                         value->auth_learn = aci.auth_learn;
09849                                         break;
09850                                 default:
09851                                         err = -RSBAC_EINVALIDATTR;
09852                                 }
09853                         }
09854                         break;
09855 #endif                          /* AUTH */
09856 
09857 #if defined(CONFIG_RSBAC_CAP)
09858                 case SW_CAP:
09859                         {
09860                                 struct rsbac_cap_fd_aci_t aci =
09861                                     DEFAULT_CAP_FD_ACI;
09862 
09863                                 rsbac_ta_list_get_data_ttl(ta_number,
09864                                                            device_p->
09865                                                            handles.cap,
09866                                                            NULL,
09867                                                            &tid_p->file.
09868                                                            inode, &aci);
09869                                 switch (attr) {
09870                                 case A_min_caps:
09871                                         value->min_caps = aci.min_caps;
09872                                         break;
09873                                 case A_max_caps:
09874                                         value->max_caps = aci.max_caps;
09875                                         break;
09876                                 case A_cap_ld_env:
09877                                         value->cap_ld_env = aci.cap_ld_env;
09878                                         if ((value->cap_ld_env == LD_inherit) && inherit) {
09879                                                 enum rsbac_target_t parent_target;
09880                                                 union rsbac_target_id_t parent_tid;
09881 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09882                                                 rcu_read_unlock();
09883 #else
09884                                                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09885 #endif
09886                                                 if (!rsbac_get_parent(target,
09887                                                                         *tid_p,
09888                                                                         &parent_target,
09889                                                                         &parent_tid)) {
09890                                                         target = parent_target;
09891                                                         *tid_p = parent_tid;
09892                                                         continue;
09893                                                 } else {
09894                                                         value->cap_ld_env = LD_deny;
09895                                                         return 0;
09896                                                 }
09897                                         }
09898                                         break;
09899                                 default:
09900                                         err = -RSBAC_EINVALIDATTR;
09901                                 }
09902                         }
09903                         break;
09904 #endif                          /* CAP */
09905 
09906 #if defined(CONFIG_RSBAC_RES)
09907                 case SW_RES:
09908                         {
09909                                 struct rsbac_res_fd_aci_t aci =
09910                                     DEFAULT_RES_FD_ACI;
09911 
09912                                 rsbac_ta_list_get_data_ttl(ta_number,
09913                                                            device_p->
09914                                                            handles.res,
09915                                                            NULL,
09916                                                            &tid_p->file.
09917                                                            inode, &aci);
09918                                 switch (attr) {
09919                                 case A_res_min:
09920                                         memcpy(&value->res_array,
09921                                                &aci.res_min,
09922                                                sizeof(aci.res_min));
09923                                         break;
09924                                 case A_res_max:
09925                                         memcpy(&value->res_array,
09926                                                &aci.res_max,
09927                                                sizeof(aci.res_max));
09928                                         break;
09929                                 default:
09930                                         err = -RSBAC_EINVALIDATTR;
09931                                 }
09932                         }
09933                         break;
09934 #endif                          /* RES */
09935 
09936 #if defined(CONFIG_RSBAC_PAX)
09937                 case SW_PAX:
09938                         {
09939                                 switch (attr) {
09940                                 case A_pax_flags:
09941                                         value->pax_flags =
09942                                             RSBAC_PAX_DEF_FLAGS;
09943                                         rsbac_ta_list_get_data_ttl
09944                                             (ta_number,
09945                                              device_p->handles.pax,
09946                                              NULL, &tid_p->file.inode,
09947                                              &value->pax_flags);
09948                                         break;
09949 
09950                                 default:
09951                                         err = -RSBAC_EINVALIDATTR;
09952                                 }
09953                         }
09954                         break;
09955 #endif                          /* PAX */
09956 
09957                 default:
09958                         err = -RSBAC_EINVALIDMODULE;
09959                 }
09960                 /* free access to device_list_head */
09961 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09962                 rcu_read_unlock();
09963 #else
09964                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09965 #endif
09966                 /* and return */
09967                 return err;
09968         }                       /* end of for(;;) loop for inheritance */
09969 }

static int get_attr_ipc ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t tid_p,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value,
rsbac_boolean_t  inherit 
) [static]

Definition at line 10103 of file aci_data_structures.c.

References A_jail_id, A_mac_categories, A_pm_ipc_purpose, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, rsbac_target_id_t::ipc, ipc_handles, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::mac_categories, NULL, rsbac_attribute_value_t::pm_ipc_purpose, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::rc_type, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_JAIL_DEF_ID, RSBAC_RC_GENERAL_TYPE, rsbac_ta_list_get_data_ttl(), and rsbac_attribute_value_t::security_level.

Referenced by rsbac_ta_get_attr().

10110 {
10111         int err = 0;
10112         /* rsbac_pr_debug(ds, "Getting ipc attribute\n"); */
10113         /* lookup only, if not sock or (sock-id != NULL), OK with NULL fifo */
10114         switch (module) {
10115 #if defined(CONFIG_RSBAC_MAC)
10116         case SW_MAC:
10117                 {
10118                         struct rsbac_mac_ipc_aci_t aci =
10119                             DEFAULT_MAC_IPC_ACI;
10120 
10121                         rsbac_ta_list_get_data_ttl(ta_number,
10122                                                    ipc_handles.mac,
10123                                                    NULL,
10124                                                    &tid_p->ipc, &aci);
10125                         switch (attr) {
10126                         case A_security_level:
10127                                 value->security_level = aci.sec_level;
10128                                 break;
10129                         case A_mac_categories:
10130                                 value->mac_categories = aci.mac_categories;
10131                                 break;
10132 
10133                         default:
10134                                 err = -RSBAC_EINVALIDATTR;
10135                         }
10136                 }
10137                 break;
10138 #endif                          /* MAC */
10139 
10140 #if defined(CONFIG_RSBAC_PM)
10141         case SW_PM:
10142                 {
10143                         struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
10144 
10145                         rsbac_ta_list_get_data_ttl(ta_number,
10146                                                    ipc_handles.pm,
10147                                                    NULL,
10148                                                    &tid_p->ipc, &aci);
10149                         switch (attr) {
10150                         case A_pm_object_class:
10151                                 value->pm_object_class =
10152                                     aci.pm_object_class;
10153                                 break;
10154                         case A_pm_ipc_purpose:
10155                                 value->pm_ipc_purpose = aci.pm_ipc_purpose;
10156                                 break;
10157                         case A_pm_object_type:
10158                                 value->pm_object_type = aci.pm_object_type;
10159                                 break;
10160                         default:
10161                                 err = -RSBAC_EINVALIDATTR;
10162                         }
10163                 }
10164                 break;
10165 #endif                          /* PM */
10166 
10167 #if defined(CONFIG_RSBAC_RC)
10168         case SW_RC:
10169                 {
10170                         rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10171 
10172                         rsbac_ta_list_get_data_ttl(ta_number,
10173                                                    ipc_handles.rc,
10174                                                    NULL,
10175                                                    &tid_p->ipc, &type);
10176                         switch (attr) {
10177                         case A_rc_type:
10178                                 value->rc_type = type;
10179                                 break;
10180 
10181                         default:
10182                                 err = -RSBAC_EINVALIDATTR;
10183                         }
10184                 }
10185                 break;
10186 #endif                          /* RC */
10187 
10188 #if defined(CONFIG_RSBAC_JAIL)
10189         case SW_JAIL:
10190                 {
10191                         rsbac_jail_id_t id = RSBAC_JAIL_DEF_ID;
10192 
10193                         rsbac_ta_list_get_data_ttl(ta_number,
10194                                                    ipc_handles.jail,
10195                                                    NULL, &tid_p->ipc, &id);
10196                         switch (attr) {
10197                         case A_jail_id:
10198                                 value->jail_id = id;
10199                                 break;
10200 
10201                         default:
10202                                 err = -RSBAC_EINVALIDATTR;
10203                         }
10204                 }
10205                 break;
10206 #endif                          /* JAIL */
10207 
10208         default:
10209                 err = -RSBAC_EINVALIDMODULE;
10210         }
10211         /* and return */
10212         return err;
10213 }

static int get_attr_process ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t tid_p,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value,
rsbac_boolean_t  inherit 
) [static]

Definition at line 10529 of file aci_data_structures.c.

References A_audit_uid, A_auid_exempt, A_auth_last_auth, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_ld_env, A_cap_process_hiding, A_current_sec_level, A_daz_scanner, A_fake_root_uid, A_initial_security_level, A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_parent, A_jail_scd_get, A_jail_scd_modify, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_curr_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_process_flags, A_max_caps_program, A_max_caps_user, A_max_read_categories, A_max_read_open, A_min_security_level, A_min_write_categories, A_min_write_open, A_pax_flags, A_pm_current_task, A_pm_process_type, A_pm_tp, A_rc_force_role, A_rc_role, A_rc_select_type, A_rc_type, A_remote_ip, A_security_level, rsbac_gen_process_aci_t::audit_uid, rsbac_attribute_value_t::audit_uid, rsbac_gen_process_aci_t::auid_exempt, rsbac_attribute_value_t::auid_exempt, rsbac_attribute_value_t::auth_last_auth, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, rsbac_attribute_value_t::cap_ld_env, rsbac_attribute_value_t::cap_process_hiding, rsbac_attribute_value_t::current_sec_level, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_P_ACI, rsbac_gen_process_aci_t::fake_root_uid, rsbac_attribute_value_t::fake_root_uid, FALSE, rsbac_attribute_value_t::jail_flags, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::jail_ip, rsbac_attribute_value_t::jail_max_caps, rsbac_attribute_value_t::jail_parent, rsbac_attribute_value_t::jail_scd_get, rsbac_attribute_value_t::jail_scd_modify, rsbac_gen_process_aci_t::kernel_thread, rsbac_gen_process_aci_t::log_program_based, rsbac_attribute_value_t::log_program_based, rsbac_attribute_value_t::mac_auto, MAC_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_process_flags, rsbac_attribute_value_t::max_caps_program, rsbac_attribute_value_t::max_caps_user, rsbac_attribute_value_t::max_read_open, rsbac_attribute_value_t::min_write_open, NULL, rsbac_attribute_value_t::pax_flags, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_process_type, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, process_handles, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_role, rsbac_attribute_value_t::rc_select_type, rsbac_attribute_value_t::rc_type, rsbac_gen_process_aci_t::remote_ip, rsbac_attribute_value_t::remote_ip, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_PAX_ALL_FLAGS, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SW_GEN, and TRUE.

Referenced by rsbac_ta_get_attr().

10536 {
10537         int err = 0;
10538 /*      rsbac_pr_debug(ds, "Getting process attribute"); */
10539         switch (module) {
10540         case SW_GEN:
10541                 {
10542                         struct rsbac_gen_process_aci_t aci =
10543                             DEFAULT_GEN_P_ACI;
10544 
10545                         rsbac_ta_list_get_data_ttl(ta_number,
10546                                                    process_handles.gen,
10547                                                    NULL, &tid_p->process,
10548                                                    &aci);
10549                         switch (attr) {
10550                         case A_log_program_based:
10551                                 value->log_program_based =
10552                                     aci.log_program_based;
10553                                 break;
10554                         case A_fake_root_uid:
10555                                 value->fake_root_uid = aci.fake_root_uid;
10556                                 break;
10557                         case A_audit_uid:
10558                                 value->audit_uid = aci.audit_uid;
10559                                 break;
10560                         case A_auid_exempt:
10561                                 value->auid_exempt = aci.auid_exempt;
10562                                 break;
10563                         case A_remote_ip:
10564                                 value->remote_ip = aci.remote_ip;
10565                                 break;
10566                         case A_kernel_thread:
10567                                 value->kernel_thread = aci.kernel_thread;
10568                                 break;
10569                         default:
10570                                 err = -RSBAC_EINVALIDATTR;
10571                         }
10572                 }
10573                 break;
10574 
10575 #if defined(CONFIG_RSBAC_MAC)
10576         case SW_MAC:
10577                 {
10578                         struct rsbac_mac_process_aci_t aci =
10579                             DEFAULT_MAC_P_ACI;
10580 
10581                         rsbac_ta_list_get_data_ttl(ta_number,
10582                                                    process_handles.mac,
10583                                                    NULL, &tid_p->process,
10584                                                    &aci);
10585                         switch (attr) {
10586                         case A_security_level:
10587                                 value->security_level =
10588                                     aci.owner_sec_level;
10589                                 break;
10590                         case A_initial_security_level:
10591                                 value->security_level =
10592                                     aci.owner_initial_sec_level;
10593                                 break;
10594                         case A_min_security_level:
10595                                 value->security_level =
10596                                     aci.owner_min_sec_level;
10597                                 break;
10598                         case A_mac_categories:
10599                                 value->mac_categories =
10600                                     aci.mac_owner_categories;
10601                                 break;
10602                         case A_mac_initial_categories:
10603                                 value->mac_categories =
10604                                     aci.mac_owner_initial_categories;
10605                                 break;
10606                         case A_mac_min_categories:
10607                                 value->mac_categories =
10608                                     aci.mac_owner_min_categories;
10609                                 break;
10610                         case A_current_sec_level:
10611                                 value->current_sec_level =
10612                                     aci.current_sec_level;
10613                                 break;
10614                         case A_mac_curr_categories:
10615                                 value->mac_categories =
10616                                     aci.mac_curr_categories;
10617                                 break;
10618                         case A_min_write_open:
10619                                 value->min_write_open = aci.min_write_open;
10620                                 break;
10621                         case A_min_write_categories:
10622                                 value->mac_categories =
10623                                     aci.min_write_categories;
10624                                 break;
10625                         case A_max_read_open:
10626                                 value->max_read_open = aci.max_read_open;
10627                                 break;
10628                         case A_max_read_categories:
10629                                 value->mac_categories =
10630                                     aci.max_read_categories;
10631                                 break;
10632                         case A_mac_process_flags:
10633                                 value->mac_process_flags =
10634                                     aci.mac_process_flags;
10635                                 break;
10636                         case A_mac_auto:
10637                                 if (aci.mac_process_flags & MAC_auto)
10638                                         value->mac_auto = TRUE;
10639                                 else
10640                                         value->mac_auto = FALSE;
10641                                 break;
10642 
10643                         default:
10644                                 err = -RSBAC_EINVALIDATTR;
10645                         }
10646                 }
10647                 break;
10648 #endif                          /* MAC */
10649 
10650 #if defined(CONFIG_RSBAC_PM)
10651         case SW_PM:
10652                 {
10653                         struct rsbac_pm_process_aci_t aci =
10654                             DEFAULT_PM_P_ACI;
10655 
10656                         rsbac_ta_list_get_data_ttl(ta_number,
10657                                                    process_handles.pm,
10658                                                    NULL,
10659                                                    &tid_p->process, &aci);
10660                         switch (attr) {
10661                         case A_pm_tp:
10662                                 value->pm_tp = aci.pm_tp;
10663                                 break;
10664                         case A_pm_current_task:
10665                                 value->pm_current_task =
10666                                     aci.pm_current_task;
10667                                 break;
10668                         case A_pm_process_type:
10669                                 value->pm_process_type =
10670                                     aci.pm_process_type;
10671                                 break;
10672                         default:
10673                                 err = -RSBAC_EINVALIDATTR;
10674                         }
10675                 }
10676                 break;
10677 #endif                          /* PM */
10678 
10679 #if defined(CONFIG_RSBAC_DAZ)
10680         case SW_DAZ:
10681                 {
10682                         struct rsbac_daz_process_aci_t aci =
10683                             DEFAULT_DAZ_P_ACI;
10684 
10685                         rsbac_ta_list_get_data_ttl(ta_number,
10686                                                    process_handles.daz,
10687                                                    NULL,
10688                                                    &tid_p->process, &aci);
10689                         switch (attr) {
10690                         case A_daz_scanner:
10691                                 value->daz_scanner = aci.daz_scanner;
10692                                 break;
10693                         default:
10694                                 err = -RSBAC_EINVALIDATTR;
10695                         }
10696                 }
10697                 break;
10698 #endif                          /* DAZ */
10699 
10700 #if defined(CONFIG_RSBAC_RC)
10701         case SW_RC:
10702                 {
10703                         struct rsbac_rc_process_aci_t aci =
10704                             DEFAULT_RC_P_ACI;
10705 
10706                         rsbac_ta_list_get_data_ttl(ta_number,
10707                                                    process_handles.rc,
10708                                                    NULL, &tid_p->process,
10709                                                    &aci);
10710                         switch (attr) {
10711                         case A_rc_role:
10712                                 value->rc_role = aci.rc_role;
10713                                 break;
10714                         case A_rc_type:
10715                                 value->rc_type = aci.rc_type;
10716                                 break;
10717                         case A_rc_select_type:
10718                                 value->rc_select_type = aci.rc_select_type;
10719                                 break;
10720                         case A_rc_force_role:
10721                                 value->rc_force_role = aci.rc_force_role;
10722                                 break;
10723                         default:
10724                                 err = -RSBAC_EINVALIDATTR;
10725                         }
10726                 }
10727                 break;
10728 #endif                          /* RC */
10729 
10730 #if defined(CONFIG_RSBAC_AUTH)
10731         case SW_AUTH:
10732                 {
10733                         struct rsbac_auth_process_aci_t aci =
10734                             DEFAULT_AUTH_P_ACI;
10735 
10736                         rsbac_ta_list_get_data_ttl(ta_number,
10737                                                    process_handles.auth,
10738                                                    NULL,
10739                                                    &tid_p->process, &aci);
10740                         switch (attr) {
10741                         case A_auth_may_setuid:
10742                                 value->auth_may_setuid =
10743                                     aci.auth_may_setuid;
10744                                 break;
10745                         case A_auth_may_set_cap:
10746                                 value->auth_may_set_cap =
10747                                     aci.auth_may_set_cap;
10748                                 break;
10749 #if defined(CONFIG_RSBAC_AUTH_LEARN)
10750                         case A_auth_program_file:
10751                                 value->auth_program_file =
10752                                     aci.auth_program_file;
10753                                 break;
10754                         case A_auth_start_uid:
10755                                 value->auth_start_uid = aci.auth_start_uid;
10756                                 break;
10757 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
10758                         case A_auth_start_euid:
10759                                 value->auth_start_euid =
10760                                     aci.auth_start_euid;
10761                                 break;
10762 #endif
10763 #ifdef CONFIG_RSBAC_AUTH_GROUP
10764                         case A_auth_start_gid:
10765                                 value->auth_start_gid = aci.auth_start_gid;
10766                                 break;
10767 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
10768                         case A_auth_start_egid:
10769                                 value->auth_start_egid =
10770                                     aci.auth_start_egid;
10771                                 break;
10772 #endif
10773 #endif
10774                         case A_auth_learn:
10775                                 value->auth_learn = aci.auth_learn;
10776                                 break;
10777 #else
10778                         case A_auth_learn:
10779                                 value->auth_learn = FALSE;
10780                                 break;
10781 #endif
10782                         case A_auth_last_auth:
10783                                 value->auth_last_auth = aci.auth_last_auth;
10784                                 break;
10785                         default:
10786                                 err = -RSBAC_EINVALIDATTR;
10787                         }
10788                 }
10789                 break;
10790 #endif                          /* AUTH */
10791 
10792 #if defined(CONFIG_RSBAC_CAP)
10793         case SW_CAP:
10794                 {
10795                         struct rsbac_cap_process_aci_t aci =
10796                             DEFAULT_CAP_P_ACI;
10797 
10798                         rsbac_ta_list_get_data_ttl(ta_number,
10799                                                    process_handles.cap,
10800                                                    NULL,
10801                                                    &tid_p->process, &aci);
10802                         switch (attr) {
10803                         case A_cap_process_hiding:
10804                                 value->cap_process_hiding =
10805                                     aci.cap_process_hiding;
10806                                 break;
10807 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
10808                         case A_max_caps_user:
10809                                 value->max_caps_user = aci.max_caps_user;
10810                                 break;
10811                         case A_max_caps_program:
10812                                 value->max_caps_program =
10813                                     aci.max_caps_program;
10814                                 break;
10815 #endif
10816                         case A_cap_ld_env:
10817                                 value->cap_ld_env = aci.cap_ld_env;
10818                                 break;
10819                         default:
10820                                 err = -RSBAC_EINVALIDATTR;
10821                         }
10822                 }
10823                 break;
10824 #endif                          /* CAP */
10825 
10826 #if defined(CONFIG_RSBAC_JAIL)
10827         case SW_JAIL:
10828                 {
10829                         struct rsbac_jail_process_aci_t aci =
10830                             DEFAULT_JAIL_P_ACI;
10831 
10832                         rsbac_ta_list_get_data_ttl(ta_number,
10833                                                    process_handles.jail,
10834                                                    NULL, &tid_p->process,
10835                                                    &aci);
10836                         switch (attr) {
10837                         case A_jail_id:
10838                                 value->jail_id = aci.id;
10839                                 break;
10840                         case A_jail_parent:
10841                                 value->jail_parent = aci.parent;
10842                                 break;
10843                         case A_jail_ip:
10844                                 value->jail_ip = aci.ip;
10845                                 break;
10846                         case A_jail_flags:
10847                                 value->jail_flags = aci.flags;
10848                                 break;
10849                         case A_jail_max_caps:
10850                                 value->jail_max_caps = aci.max_caps;
10851                                 break;
10852                         case A_jail_scd_get:
10853                                 value->jail_scd_get = aci.scd_get;
10854                                 break;
10855                         case A_jail_scd_modify:
10856                                 value->jail_scd_modify = aci.scd_modify;
10857                                 break;
10858                         default:
10859                                 err = -RSBAC_EINVALIDATTR;
10860                         }
10861                 }
10862                 break;
10863 #endif                          /* JAIL */
10864 
10865 #if defined(CONFIG_RSBAC_PAX)
10866         case SW_PAX:
10867                 {
10868                         struct task_struct *task_p;
10869 
10870                         switch (attr) {
10871                         case A_pax_flags:
10872                                 read_lock(&tasklist_lock);
10873                                 task_p = find_task_by_pid(tid_p->process);
10874                                 if (task_p) {
10875 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
10876 #if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
10877                                         if (task_p->mm)
10878                                                 value->pax_flags =
10879                                                     task_p->mm->
10880                                                     pax_flags &
10881                                                     RSBAC_PAX_ALL_FLAGS;
10882                                         else
10883 #endif
10884                                                 value->pax_flags = 0;
10885 #else
10886                                         value->pax_flags =
10887                                             task_p->
10888                                             flags & RSBAC_PAX_ALL_FLAGS;
10889 #endif
10890                                 } else
10891                                         err = -RSBAC_EINVALIDTARGET;
10892                                 read_unlock(&tasklist_lock);
10893                                 break;
10894                         default:
10895                                 err = -RSBAC_EINVALIDATTR;
10896                         }
10897                 }
10898                 break;
10899 #endif                          /* PAX */
10900 
10901         default:
10902                 err = -RSBAC_EINVALIDMODULE;
10903         }
10904         return err;
10905 }

static int get_attr_user ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t tid_p,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value,
rsbac_boolean_t  inherit 
) [static]

Definition at line 10215 of file aci_data_structures.c.

References A_auth_role, A_cap_ld_env, A_cap_role, A_daz_role, A_ff_role, A_initial_security_level, A_jail_role, A_log_user_based, A_mac_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_role, A_mac_user_flags, A_max_caps, A_min_caps, A_min_security_level, A_pax_role, A_pm_role, A_pm_task_set, A_pseudo, A_rc_def_role, A_rc_type, A_res_max, A_res_min, A_res_role, A_security_level, A_system_role, rsbac_attribute_value_t::cap_ld_env, DEFAULT_GEN_U_ACI, rsbac_gen_user_aci_t::log_user_based, rsbac_attribute_value_t::log_user_based, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_user_flags, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, rsbac_attribute_value_t::pm_role, rsbac_attribute_value_t::pm_task_set, rsbac_gen_user_aci_t::pseudo, rsbac_attribute_value_t::pseudo, rsbac_attribute_value_t::rc_def_role, rsbac_attribute_value_t::rc_type, rsbac_attribute_value_t::res_array, RSBAC_ALL_USERS, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SR_user, SW_GEN, rsbac_attribute_value_t::system_role, rsbac_target_id_t::user, and user_handles.

Referenced by rsbac_ta_get_attr().

10222 {
10223         int err = 0;
10224         /* rsbac_pr_debug(ds, "Getting user attribute\n"); */
10225         switch (module) {
10226         case SW_GEN:
10227                 {
10228                         struct rsbac_gen_user_aci_t aci =
10229                             DEFAULT_GEN_U_ACI;
10230 
10231                         rsbac_ta_list_get_data_ttl(ta_number,
10232                                                    user_handles.gen,
10233                                                    NULL,
10234                                                    &tid_p->user, &aci);
10235                         switch (attr) {
10236                         case A_pseudo:
10237                                 value->pseudo = aci.pseudo;
10238                                 break;
10239                         case A_log_user_based:
10240                                 value->log_user_based = aci.log_user_based;
10241                                 break;
10242                         default:
10243                                 err = -RSBAC_EINVALIDATTR;
10244                         }
10245                 }
10246                 break;
10247 
10248 #if defined(CONFIG_RSBAC_MAC)
10249         case SW_MAC:
10250                 {
10251                         struct rsbac_mac_user_aci_t aci =
10252                             DEFAULT_MAC_U_ACI;
10253 
10254                         rsbac_ta_list_get_data_ttl(ta_number,
10255                                                    user_handles.mac,
10256                                                    NULL,
10257                                                    &tid_p->user, &aci);
10258                         switch (attr) {
10259                         case A_security_level:
10260                                 value->security_level = aci.security_level;
10261                                 break;
10262                         case A_initial_security_level:
10263                                 value->security_level =
10264                                     aci.initial_security_level;
10265                                 break;
10266                         case A_min_security_level:
10267                                 value->security_level =
10268                                     aci.min_security_level;
10269                                 break;
10270                         case A_mac_categories:
10271                                 value->mac_categories = aci.mac_categories;
10272                                 break;
10273                         case A_mac_initial_categories:
10274                                 value->mac_categories =
10275                                     aci.mac_initial_categories;
10276                                 break;
10277                         case A_mac_min_categories:
10278                                 value->mac_categories =
10279                                     aci.mac_min_categories;
10280                                 break;
10281                         case A_system_role:
10282                         case A_mac_role:
10283                                 value->system_role = aci.system_role;
10284                                 break;
10285                         case A_mac_user_flags:
10286                                 value->mac_user_flags = aci.mac_user_flags;
10287                                 break;
10288 
10289                         default:
10290                                 err = -RSBAC_EINVALIDATTR;
10291                         }
10292                 }
10293                 break;
10294 #endif                          /* MAC */
10295 
10296 #if defined(CONFIG_RSBAC_PM)
10297         case SW_PM:
10298                 {
10299                         struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
10300 
10301                         rsbac_ta_list_get_data_ttl(ta_number,
10302                                                    user_handles.pm,
10303                                                    NULL,
10304                                                    &tid_p->user, &aci);
10305                         switch (attr) {
10306                         case A_pm_task_set:
10307                                 value->pm_task_set = aci.pm_task_set;
10308                                 break;
10309                         case A_pm_role:
10310                                 value->pm_role = aci.pm_role;
10311                                 break;
10312                         default:
10313                                 err = -RSBAC_EINVALIDATTR;
10314                         }
10315                 }
10316                 break;
10317 #endif                          /* PM */
10318 
10319 #if defined(CONFIG_RSBAC_DAZ)
10320         case SW_DAZ:
10321                 {
10322                         rsbac_system_role_int_t role = SR_user;
10323 
10324                         rsbac_ta_list_get_data_ttl(ta_number,
10325                                                    user_handles.daz,
10326                                                    NULL,
10327                                                    &tid_p->user, &role);
10328                         switch (attr) {
10329                         case A_system_role:
10330                         case A_daz_role:
10331                                 value->system_role = role;
10332                                 break;
10333 
10334                         default:
10335                                 err = -RSBAC_EINVALIDATTR;
10336                         }
10337                 }
10338                 break;
10339 #endif                          /* DAZ */
10340 
10341 #if defined(CONFIG_RSBAC_FF)
10342         case SW_FF:
10343                 {
10344                         rsbac_system_role_int_t role = SR_user;
10345 
10346                         rsbac_ta_list_get_data_ttl(ta_number,
10347                                                    user_handles.ff,
10348                                                    NULL,
10349                                                    &tid_p->user, &role);
10350                         switch (attr) {
10351                         case A_system_role:
10352                         case A_ff_role:
10353                                 value->system_role = role;
10354                                 break;
10355 
10356                         default:
10357                                 err = -RSBAC_EINVALIDATTR;
10358                         }
10359                 }
10360                 break;
10361 #endif                          /* FF */
10362 
10363 #if defined(CONFIG_RSBAC_RC)
10364         case SW_RC:
10365                 {
10366                         struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
10367 
10368                         rsbac_ta_list_get_data_ttl(ta_number,
10369                                                    user_handles.rc,
10370                                                    NULL,
10371                                                    &tid_p->user, &aci);
10372                         switch (attr) {
10373                         case A_rc_def_role:
10374                                 value->rc_def_role = aci.rc_role;
10375                                 break;
10376                         case A_rc_type:
10377                                 value->rc_type = aci.rc_type;
10378                                 break;
10379                         default:
10380                                 err = -RSBAC_EINVALIDATTR;
10381                         }
10382                 }
10383                 break;
10384 #endif                          /* RC */
10385 
10386 #if defined(CONFIG_RSBAC_AUTH)
10387         case SW_AUTH:
10388                 {
10389                         rsbac_system_role_int_t role = SR_user;
10390 
10391                         rsbac_ta_list_get_data_ttl(ta_number,
10392                                                    user_handles.auth,
10393                                                    NULL,
10394                                                    &tid_p->user, &role);
10395                         switch (attr) {
10396                         case A_system_role:
10397                         case A_auth_role:
10398                                 value->system_role = role;
10399                                 break;
10400 
10401                         default:
10402                                 err = -RSBAC_EINVALIDATTR;
10403                         }
10404                 }
10405                 break;
10406 #endif                          /* AUTH */
10407 
10408 #if defined(CONFIG_RSBAC_CAP)
10409         case SW_CAP:
10410                 {
10411                         struct rsbac_cap_user_aci_t aci =
10412                             DEFAULT_CAP_U_ACI;
10413 
10414                         rsbac_ta_list_get_data_ttl(ta_number,
10415                                                    user_handles.cap,
10416                                                    NULL,
10417                                                    &tid_p->user, &aci);
10418                         switch (attr) {
10419                         case A_system_role:
10420                         case A_cap_role:
10421                                 value->system_role = aci.cap_role;
10422                                 break;
10423                         case A_min_caps:
10424                                 value->min_caps = aci.min_caps;
10425                                 break;
10426                         case A_max_caps:
10427                                 value->max_caps = aci.max_caps;
10428                                 break;
10429                         case A_cap_ld_env:
10430                                 value->cap_ld_env = aci.cap_ld_env;
10431                                 break;
10432                         default:
10433                                 err = -RSBAC_EINVALIDATTR;
10434                         }
10435                 }
10436                 break;
10437 #endif                          /* CAP */
10438 
10439 #if defined(CONFIG_RSBAC_JAIL)
10440         case SW_JAIL:
10441                 {
10442                         rsbac_system_role_int_t role = SR_user;
10443 
10444                         rsbac_ta_list_get_data_ttl(ta_number,
10445                                                    user_handles.jail,
10446                                                    NULL,
10447                                                    &tid_p->user, &role);
10448                         switch (attr) {
10449                         case A_system_role:
10450                         case A_jail_role:
10451                                 value->system_role = role;
10452                                 break;
10453 
10454                         default:
10455                                 err = -RSBAC_EINVALIDATTR;
10456                         }
10457                 }
10458                 break;
10459 #endif                          /* JAIL */
10460 
10461 #if defined(CONFIG_RSBAC_RES)
10462         case SW_RES:
10463                 {
10464                         struct rsbac_res_user_aci_t aci =
10465                             DEFAULT_RES_U_ACI;
10466 
10467                         if (rsbac_ta_list_get_data_ttl(ta_number,
10468                                                        user_handles.res,
10469                                                        NULL,
10470                                                        &tid_p->user, &aci)
10471                             && (tid_p->user != RSBAC_ALL_USERS)
10472                             ) {
10473                                 tid_p->user = RSBAC_ALL_USERS;
10474                                 rsbac_ta_list_get_data_ttl(ta_number,
10475                                                            user_handles.
10476                                                            res, NULL,
10477                                                            &tid_p->user,
10478                                                            &aci);
10479                         }
10480                         switch (attr) {
10481                         case A_system_role:
10482                         case A_res_role:
10483                                 value->system_role = aci.res_role;
10484                                 break;
10485                         case A_res_min:
10486                                 memcpy(&value->res_array, &aci.res_min,
10487                                        sizeof(aci.res_min));
10488                                 break;
10489                         case A_res_max:
10490                                 memcpy(&value->res_array, &aci.res_max,
10491                                        sizeof(aci.res_max));
10492                                 break;
10493                         default:
10494                                 err = -RSBAC_EINVALIDATTR;
10495                         }
10496                 }
10497                 break;
10498 #endif                          /* RES */
10499 
10500 #if defined(CONFIG_RSBAC_PAX)
10501         case SW_PAX:
10502                 {
10503                         rsbac_system_role_int_t role = SR_user;
10504 
10505                         rsbac_ta_list_get_data_ttl(ta_number,
10506                                                    user_handles.pax,
10507                                                    NULL,
10508                                                    &tid_p->user, &role);
10509                         switch (attr) {
10510                         case A_system_role:
10511                         case A_pax_role:
10512                                 value->system_role = role;
10513                                 break;
10514 
10515                         default:
10516                                 err = -RSBAC_EINVALIDATTR;
10517                         }
10518                 }
10519                 break;
10520 #endif                          /* PAX */
10521 
10522         default:
10523                 err = -RSBAC_EINVALIDMODULE;
10524         }
10525         /* and return */
10526         return err;
10527 }

static int ipc_compare ( void *  desc1,
void *  desc2 
) [static]

Definition at line 635 of file aci_data_structures.c.

References rsbac_ipc_t::id, rsbac_ipc_id_t::id_nr, and rsbac_ipc_t::type.

Referenced by copy_new_ipcs(), and register_ipc_lists().

00636 {
00637         int result;
00638         struct rsbac_ipc_t *i_desc1 = desc1;
00639         struct rsbac_ipc_t *i_desc2 = desc2;
00640 
00641         result = memcmp(&i_desc1->type,
00642                         &i_desc2->type, sizeof(i_desc1->type));
00643         if (result)
00644                 return result;
00645         else
00646                 return memcmp(&i_desc1->id.id_nr,
00647                               &i_desc2->id.id_nr,
00648                               sizeof(i_desc1->id.id_nr));
00649 }

static int lookup_aci_path_dentry ( struct super_block *  sb_p,
struct dentry **  dir_dentry_pp,
rsbac_boolean_t  create_dir,
kdev_t  kdev 
) [static]

Definition at line 358 of file aci_data_structures.c.

References device_hash(), device_list_locks, lookup_device(), NULL, RSBAC_EACCESS, RSBAC_ECOULDNOTCREATEPATH, RSBAC_EINVALIDDEV, RSBAC_EINVALIDPOINTER, RSBAC_ENOROOTDIR, RSBAC_ENOTFOUND, RSBAC_ENOTWRITABLE, RSBAC_EPATHTOOLONG, rsbac_get_super_block(), rsbac_lookup_one_len(), rsbac_pr_debug, rsbac_printk(), SOCKFS_MAGIC, and writable().

Referenced by rsbac_read_open(), and rsbac_write_open().

00361 {
00362         struct dentry *dir_dentry_p = NULL;
00363         struct dentry *root_dentry_p = NULL;
00364         int err = 0;
00365         struct rsbac_device_list_item_t *device_p;
00366 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00367         u_long dflags;
00368 #endif
00369         u_int hash;
00370 
00371         if (!dir_dentry_pp)
00372                 return (-RSBAC_EINVALIDPOINTER);
00373 
00374         if (!sb_p) {
00375                 sb_p = rsbac_get_super_block(kdev);
00376                 if (!sb_p) {
00377                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): invalid device %02u:%02u\n",
00378                                      RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00379                         return (-RSBAC_EINVALIDDEV);
00380                 }
00381         }
00382 
00383         /* pipefs must not be read from */
00384         if ((sb_p->s_magic == PIPEFS_MAGIC)
00385             || (sb_p->s_magic == SOCKFS_MAGIC)
00386             ) {
00387                 return -RSBAC_ENOTFOUND;
00388         }
00389         hash = device_hash(kdev);
00390 
00391 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00392         rcu_read_lock();
00393 #else
00394         rsbac_read_lock(&device_list_locks[hash], &dflags);
00395 #endif
00396         device_p = lookup_device(kdev, hash);
00397         if (!device_p) {
00398                 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): No entry for device %02u:%02u\n",
00399                              MAJOR(kdev), MINOR(kdev));
00400 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00401                 rcu_read_unlock();
00402 #else
00403                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
00404 #endif
00405                 return (-RSBAC_EINVALIDDEV);
00406         }
00407         /* already looked up earlier? */
00408         if (device_p->rsbac_dir_dentry_p) {
00409                 *dir_dentry_pp = device_p->rsbac_dir_dentry_p;
00410                 rsbac_pr_debug(ds, "device_p->rsbac_dir_dentry_p->d_count "
00411                                "for device %02u:%02u is %i!\n",
00412                                MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00413                                atomic_read(&device_p->rsbac_dir_dentry_p->d_count));
00414 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00415                 rcu_read_unlock();
00416 #else
00417                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
00418 #endif
00419                 return 0;
00420         }
00421         /* Must unlock here for the lookup */
00422 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00423         rcu_read_unlock();
00424 #else
00425         rsbac_read_unlock(&device_list_locks[hash], &dflags);
00426 #endif
00427         rsbac_pr_debug(ds, "first time lookup for or non-existing %s on device "
00428                        "%02u:%02u!\n", RSBAC_ACI_PATH,
00429                        MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00430         if (!sb_p->s_root) {
00431                 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n",
00432                              MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00433                 err = -RSBAC_EINVALIDDEV;
00434                 goto out;
00435         }
00436 
00437         if (!sb_p->s_root->d_inode) {
00438                 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n",
00439                              MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00440                 err = -RSBAC_EINVALIDDEV;
00441                 goto out;
00442         }
00443 
00444         /* lookup dentry of ACI_PATH on this device */
00445         rsbac_pr_debug(ds, "lookup rsbac path %s for device %02u:%02u, "
00446                        "sb_p->s_root->d_count is %i!\n",
00447                        RSBAC_ACI_PATH, MAJOR(sb_p->s_dev),
00448                        MINOR(sb_p->s_dev),
00449                        atomic_read(&sb_p->s_root->d_count));
00450         dir_dentry_p =
00451             rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root,
00452                                  strlen(RSBAC_ACI_PATH));
00453         if (IS_ERR(dir_dentry_p))
00454                 switch (PTR_ERR(dir_dentry_p)) {
00455                 case -ENOENT:
00456                 case -ENOTDIR:
00457                         err = -RSBAC_ENOTFOUND;
00458                         goto out;
00459                 case -ENOMEM:
00460                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): memory allocation error!\n");
00461                         err = -RSBAC_ENOROOTDIR;
00462                         goto out;
00463                 case -ENAMETOOLONG:
00464                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n");
00465                         err = -RSBAC_EPATHTOOLONG;
00466                         goto out;
00467                 case -EACCES:
00468                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): No access to ACI_PATH!\n");
00469                         err = -RSBAC_EACCESS;
00470                         goto out;
00471                 default:
00472                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Error on root dir: %li!\n",
00473                                      PTR_ERR(dir_dentry_p));
00474                         err = -RSBAC_ENOROOTDIR;
00475                         goto out;
00476                 }
00477 
00478         if (!dir_dentry_p) {
00479                 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n");
00480                 err = -RSBAC_EINVALIDPOINTER;
00481                 goto out;
00482         }
00483         if (!dir_dentry_p->d_inode) {   /* dir could not be found -> try to create it */
00484                 /* but only, if allowed... */
00485                 if (!create_dir) {
00486                         err = -RSBAC_ENOTFOUND;
00487                         goto out_dir_dput;
00488                 }
00489                 rsbac_pr_debug(ds, "try to create dir, first test writable!\n");
00490                 /* ... and writable. */
00491                 if (!writable(sb_p)) {  /* mounted read only or special case */
00492                         err = -RSBAC_ENOTWRITABLE;
00493                         goto out_dir_dput;
00494                 }
00495                 root_dentry_p = lock_parent(dir_dentry_p);
00496                 err = PTR_ERR(root_dentry_p);
00497                 if (IS_ERR(root_dentry_p)) {
00498                         err = -RSBAC_ECOULDNOTCREATEPATH;
00499                         goto out_dir_dput;
00500                 }
00501                 if (!root_dentry_p->d_inode
00502                     || !root_dentry_p->d_inode->i_op
00503                     || !root_dentry_p->d_inode->i_op->mkdir) {
00504                         unlock_dir(root_dentry_p);
00505                         err = -RSBAC_ECOULDNOTCREATEPATH;
00506                         goto out_dir_dput;
00507                 }
00508                 DQUOT_INIT(root_dentry_p->d_inode);
00509                 err =
00510                     root_dentry_p->d_inode->i_op->mkdir(root_dentry_p->
00511                                                         d_inode,
00512                                                         dir_dentry_p,
00513                                                         RSBAC_ACI_DIR_MODE);
00514                 unlock_dir(root_dentry_p);
00515                 if (err) {
00516                         err = -RSBAC_ECOULDNOTCREATEPATH;
00517                         goto out_dir_dput;
00518                 }
00519         } else {                /* was found */
00520                 /* check, whether this is a dir */
00521                 if (!S_ISDIR(dir_dentry_p->d_inode->i_mode)) {  /* no dir! We have a real prob here! */
00522                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n",
00523                                      RSBAC_ACI_PATH,
00524                                      MAJOR(sb_p->s_dev),
00525                                      MINOR(sb_p->s_dev));
00526                         err = -RSBAC_EACCESS;
00527                         goto out_dir_dput;
00528                 }
00529         }
00530         rsbac_pr_debug(ds, "dir_dentry_p->d_count is %i!\n",
00531                        atomic_read(&dir_dentry_p->d_count));
00532         rsbac_pr_debug(ds, "sb_p->s_root->d_count is now %i!\n",
00533                        atomic_read(&sb_p->s_root->d_count));
00534         /* we want to keep dir_dentry_p in device_item */
00535         /* dput must be done in remove_device_item! */
00536         *dir_dentry_pp = dir_dentry_p;
00537 
00538         /* Must lock and relookup device_p to cache result */
00539 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00540         rcu_read_lock();
00541 #else
00542         rsbac_read_lock(&device_list_locks[hash], &dflags);
00543 #endif
00544         device_p = lookup_device(kdev, hash);
00545         if (device_p && !device_p->rsbac_dir_dentry_p) {
00546                 device_p->rsbac_dir_dentry_p = dir_dentry_p;
00547                 device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino;
00548         }
00549 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00550         rcu_read_unlock();
00551 #else
00552         rsbac_read_unlock(&device_list_locks[hash], &dflags);
00553 #endif
00554 
00555       out:
00556         return (err);
00557 
00558       out_dir_dput:
00559         dput(dir_dentry_p);
00560         goto out;
00561 }

static struct rsbac_device_list_item_t * lookup_device ( kdev_t  kdev,
u_int  hash 
) [static]

Definition at line 569 of file aci_data_structures.c.

References device_head_p.

Referenced by get_attr_fd(), lookup_aci_path_dentry(), remove_device_item(), rsbac_auth_add_to_f_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_p_capset_member(), rsbac_auth_remove_from_f_capset(), rsbac_get_full_path(), rsbac_get_full_path_length(), rsbac_get_parent(), rsbac_get_super_block(), rsbac_mac_add_to_f_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_remove_from_f_truset(), rsbac_mount(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_ta_remove_target(), rsbac_umount(), rsbac_umount_auth(), rsbac_umount_mac(), and set_attr_fd().

00570 {
00571         struct rsbac_device_list_item_t *curr = rcu_dereference(device_head_p[hash])->curr;
00572 
00573         /* if there is no current item or it is not the right one, search... */
00574 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00575         if (!(curr && (MAJOR(curr->id) == MAJOR(kdev))
00576              && (MINOR(curr->id) == MINOR(kdev))))
00577 #else
00578         if (!(curr && (curr->id == kdev)))
00579 #endif
00580         {
00581                 curr = rcu_dereference(device_head_p[hash])->head;
00582                 while (curr
00583                        && ((RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00584                            || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00585                        )
00586                     ) {
00587                         curr = curr->next;
00588                 }
00589                 if (curr)
00590                         rcu_dereference(device_head_p[hash])->curr = curr;
00591         }
00592         /* it is the current item -> return it */
00593         return curr;
00594 }

static int __init register_dev_lists ( void   )  [static]

Definition at line 5686 of file aci_data_structures.c.

References DEFAULT_GEN_DEV_ACI, dev_compare(), dev_handles, dev_major_compare(), dev_major_handles, gen_dev_get_conv(), NULL, RC_type_inherit_parent, registration_error(), RSBAC_GEN_ACI_DEV_NAME, RSBAC_GEN_DEV_ACI_KEY, RSBAC_GEN_DEV_ACI_VERSION, rsbac_kfree(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_BACKUP, RSBAC_LIST_DEF_DATA, rsbac_list_hash_dev(), RSBAC_LIST_PERSIST, rsbac_list_register_hashed(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_DEV_NAME, RSBAC_PM_ACI_DEV_NAME, rsbac_pr_debug, RSBAC_RC_ACI_DEV_MAJOR_NAME, RSBAC_RC_ACI_DEV_NAME, and RSBAC_RC_GENERAL_TYPE.

Referenced by rsbac_do_init().

05688 {
05689         int err = 0;
05690         struct rsbac_list_info_t *list_info_p;
05691 
05692         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05693         if (!list_info_p) {
05694                 return -ENOMEM;
05695         }
05696         rsbac_pr_debug(ds, "registering DEV lists\n");
05697         {
05698                 struct rsbac_gen_dev_aci_t def_aci = DEFAULT_GEN_DEV_ACI;
05699 
05700                 list_info_p->version = RSBAC_GEN_DEV_ACI_VERSION;
05701                 list_info_p->key = RSBAC_GEN_DEV_ACI_KEY;
05702                 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05703                 list_info_p->data_size =
05704                     sizeof(struct rsbac_gen_dev_aci_t);
05705                 list_info_p->max_age = 0;
05706                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05707                                           &dev_handles.gen, list_info_p,
05708 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05709                                           RSBAC_LIST_BACKUP |
05710 #endif
05711                                           RSBAC_LIST_PERSIST |
05712                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05713                                           dev_compare,
05714                                           gen_dev_get_conv, &def_aci,
05715                                           RSBAC_GEN_ACI_DEV_NAME,
05716                                           RSBAC_AUTO_DEV,
05717                                           1,
05718                                           rsbac_list_hash_dev,
05719                                           NULL);
05720                 if (err) {
05721                         registration_error(err, "DEV General");
05722                 }
05723         }
05724 #if defined(CONFIG_RSBAC_MAC)
05725         {
05726                 struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI;
05727 
05728                 list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION;
05729                 list_info_p->key = RSBAC_MAC_DEV_ACI_KEY;
05730                 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05731                 list_info_p->data_size =
05732                     sizeof(struct rsbac_mac_dev_aci_t);
05733                 list_info_p->max_age = 0;
05734                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05735                                           &dev_handles.mac, list_info_p,
05736 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05737                                           RSBAC_LIST_BACKUP |
05738 #endif
05739                                           RSBAC_LIST_PERSIST |
05740                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05741                                           dev_compare,
05742                                           mac_dev_get_conv, &def_aci,
05743                                           RSBAC_MAC_ACI_DEV_NAME,
05744                                           RSBAC_AUTO_DEV,
05745                                           1,
05746                                           rsbac_list_hash_dev,
05747                                           NULL);
05748                 if (err) {
05749                         registration_error(err, "DEV MAC");
05750                 }
05751         }
05752 #endif
05753 #if defined(CONFIG_RSBAC_PM)
05754         {
05755                 struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI;
05756 
05757                 list_info_p->version = RSBAC_PM_DEV_ACI_VERSION;
05758                 list_info_p->key = RSBAC_PM_DEV_ACI_KEY;
05759                 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05760                 list_info_p->data_size = sizeof(struct rsbac_pm_dev_aci_t);
05761                 list_info_p->max_age = 0;
05762                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05763                                           &dev_handles.pm, list_info_p,
05764 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05765                                           RSBAC_LIST_BACKUP |
05766 #endif
05767                                           RSBAC_LIST_PERSIST |
05768                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05769                                           dev_compare,
05770                                           pm_dev_get_conv, &def_aci,
05771                                           RSBAC_PM_ACI_DEV_NAME,
05772                                           RSBAC_AUTO_DEV,
05773                                           1,
05774                                           rsbac_list_hash_dev,
05775                                           NULL);
05776                 if (err) {
05777                         registration_error(err, "DEV PM");
05778                 }
05779         }
05780 #endif
05781 #if defined(CONFIG_RSBAC_RC)
05782         {
05783                 rsbac_rc_type_id_t def_major_aci = RSBAC_RC_GENERAL_TYPE;
05784                 rsbac_rc_type_id_t def_aci = RC_type_inherit_parent;
05785 
05786                 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05787                 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05788                 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05789                 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05790                 list_info_p->max_age = 0;
05791                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05792                                           &dev_major_handles.rc,
05793                                           list_info_p,
05794 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05795                                           RSBAC_LIST_BACKUP |
05796 #endif
05797                                           RSBAC_LIST_PERSIST |
05798                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05799                                           dev_major_compare,
05800                                           rc_dev_get_conv, &def_major_aci,
05801                                           RSBAC_RC_ACI_DEV_MAJOR_NAME,
05802                                           RSBAC_AUTO_DEV,
05803                                           1,
05804                                           rsbac_list_hash_dev,
05805                                           NULL);
05806                 if (err) {
05807                         registration_error(err, "DEV major RC");
05808                 }
05809                 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05810                 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05811                 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05812                 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05813                 list_info_p->max_age = 0;
05814                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05815                                           &dev_handles.rc, list_info_p,
05816 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05817                                           RSBAC_LIST_BACKUP |
05818 #endif
05819                                           RSBAC_LIST_PERSIST |
05820                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05821                                           dev_compare,
05822                                           rc_dev_get_conv, &def_aci,
05823                                           RSBAC_RC_ACI_DEV_NAME,
05824                                           RSBAC_AUTO_DEV,
05825                                           1,
05826                                           rsbac_list_hash_dev,
05827                                           NULL);
05828                 if (err) {
05829                         registration_error(err, "DEV RC");
05830                 }
05831         }
05832 #endif
05833 
05834         rsbac_kfree(list_info_p);
05835         return err;
05836 }

static int register_fd_lists ( struct rsbac_device_list_item_t *  device_p,
kdev_t  kdev 
) [static]

Definition at line 1153 of file aci_data_structures.c.

References def_gen_fd_aci, DEFAULT_DAZ_FD_SCANNED, gen_fd_get_conv(), gen_nr_fd_hashes, get_error_name(), name, NULL, PF_PAX_EMUTRAMP, PF_PAX_MPROTECT, PF_PAX_PAGEEXEC, PF_PAX_RANDEXEC, PF_PAX_RANDMMAP, PF_PAX_SEGMEXEC, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_FF_DEF, RSBAC_GEN_FD_ACI_KEY, RSBAC_GEN_FD_ACI_VERSION, rsbac_kfree(), rsbac_kmalloc(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_DEF_DATA, rsbac_list_hash_fd(), RSBAC_LIST_NO_MAX, RSBAC_LIST_PERSIST, rsbac_list_register_hashed(), RSBAC_LIST_VERSION, RSBAC_MAXNAMELEN, RSBAC_PAX_DEF_FLAGS, and rsbac_printk().

Referenced by rsbac_do_init(), and rsbac_mount().

01155 {
01156         char *name;
01157         int err = 0;
01158         int tmperr;
01159         struct rsbac_list_info_t *info_p;
01160         if (!device_p)
01161                 return (-RSBAC_EINVALIDPOINTER);
01162         name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01163         if (!name)
01164                 return -RSBAC_ENOMEM;
01165         info_p = rsbac_kmalloc(sizeof(*info_p));
01166         if (!info_p) {
01167                 rsbac_kfree(name);
01168                 return -RSBAC_ENOMEM;
01169         }
01170 
01171         /* register general lists */
01172         {
01173                 info_p->version = RSBAC_GEN_FD_ACI_VERSION;
01174                 info_p->key = RSBAC_GEN_FD_ACI_KEY;
01175                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01176                 info_p->data_size =
01177                     sizeof(struct rsbac_gen_fd_aci_t);
01178                 info_p->max_age = 0;
01179                 gen_nr_fd_hashes = RSBAC_GEN_NR_FD_LISTS;
01180                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01181                                              &device_p->handles.gen,
01182                                              info_p,
01183                                              RSBAC_LIST_PERSIST |
01184                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01185                                              NULL,
01186                                              gen_fd_get_conv,
01187                                              &def_gen_fd_aci,
01188                                              RSBAC_GEN_FD_NAME,
01189                                              kdev,
01190                                              gen_nr_fd_hashes,
01191                                              rsbac_list_hash_fd,
01192                                              RSBAC_GEN_OLD_FD_NAME);
01193                 if (tmperr) {
01194                         char *tmp;
01195 
01196                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01197                         if (tmp) {
01198                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering general list %s for device %02u:%02u failed with error %s!\n",
01199                                              RSBAC_GEN_FD_NAME,
01200                                              RSBAC_MAJOR(kdev),
01201                                              RSBAC_MINOR(kdev),
01202                                              get_error_name(tmp,
01203                                                             tmperr));
01204                                 rsbac_kfree(tmp);
01205                         }
01206                         err = tmperr;
01207                 }
01208         }
01209 
01210 #if defined(CONFIG_RSBAC_MAC)
01211         {
01212                 /* register MAC lists */
01213                 info_p->version = RSBAC_MAC_FD_ACI_VERSION;
01214                 info_p->key = RSBAC_MAC_FD_ACI_KEY;
01215                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01216                 info_p->data_size =
01217                     sizeof(struct rsbac_mac_fd_aci_t);
01218                 info_p->max_age = 0;
01219                 mac_nr_fd_hashes = RSBAC_MAC_NR_FD_LISTS;
01220                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01221                                              &device_p->handles.mac,
01222                                              info_p,
01223                                              RSBAC_LIST_PERSIST |
01224                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01225                                              NULL,
01226                                              mac_fd_get_conv,
01227                                              &def_mac_fd_aci,
01228                                              RSBAC_MAC_FD_NAME,
01229                                              kdev,
01230                                              mac_nr_fd_hashes,
01231                                              rsbac_list_hash_fd,
01232                                              RSBAC_MAC_OLD_FD_NAME);
01233                 if (tmperr) {
01234                         char *tmp;
01235                                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01236                         if (tmp) {
01237                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering MAC list %s for device %02u:%02u failed with error %s!\n",
01238                                              RSBAC_MAC_FD_NAME,
01239                                              RSBAC_MAJOR(kdev),
01240                                              RSBAC_MINOR(kdev),
01241                                              get_error_name(tmp,
01242                                                             tmperr));
01243                                 rsbac_kfree(tmp);
01244                         }
01245                         err = tmperr;
01246                 }
01247         }
01248 #endif
01249 
01250 #if defined(CONFIG_RSBAC_PM)
01251         {
01252                 /* register PM lists */
01253                 info_p->version = RSBAC_PM_FD_ACI_VERSION;
01254                 info_p->key = RSBAC_PM_FD_ACI_KEY;
01255                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01256                 info_p->data_size =
01257                     sizeof(struct rsbac_pm_fd_aci_t);
01258                 info_p->max_age = 0;
01259                 pm_nr_fd_hashes = RSBAC_PM_NR_FD_LISTS;
01260                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01261                                              &device_p->handles.pm,
01262                                              info_p,
01263                                              RSBAC_LIST_PERSIST |
01264                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01265                                              NULL,
01266                                              NULL, &def_pm_fd_aci,
01267                                              RSBAC_PM_FD_NAME, kdev,
01268                                              pm_nr_fd_hashes,
01269                                              rsbac_list_hash_fd,
01270                                              RSBAC_PM_OLD_FD_NAME);
01271                 if (tmperr) {
01272                         char *tmp;
01273 
01274                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01275                         if (tmp) {
01276                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering PM list %s for device %02u:%02u failed with error %s!\n",
01277                                              RSBAC_PM_FD_NAME,
01278                                              RSBAC_MAJOR(kdev),
01279                                              RSBAC_MINOR(kdev),
01280                                              get_error_name(tmp,
01281                                                             tmperr));
01282                                 rsbac_kfree(tmp);
01283                         }
01284                         err = tmperr;
01285                 }
01286         }
01287 #endif
01288 
01289 #if defined(CONFIG_RSBAC_DAZ)
01290         {
01291                 struct rsbac_daz_fd_aci_t def_daz_fd_aci =
01292                     DEFAULT_DAZ_FD_ACI;
01293                 /* register DAZ lists */
01294                 info_p->version = RSBAC_DAZ_FD_ACI_VERSION;
01295                 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01296                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01297                 info_p->data_size =
01298                     sizeof(struct rsbac_daz_fd_aci_t);
01299                 info_p->max_age = 0;
01300                 daz_nr_fd_hashes = RSBAC_DAZ_NR_FD_LISTS;
01301                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01302                                              &device_p->handles.daz,
01303                                              info_p,
01304                                              RSBAC_LIST_PERSIST |
01305                                              RSBAC_LIST_DEF_DATA |
01306                                              RSBAC_LIST_AUTO_HASH_RESIZE,
01307                                              NULL,
01308                                              daz_fd_get_conv,
01309                                              &def_daz_fd_aci,
01310                                              RSBAC_DAZ_FD_NAME, kdev,
01311                                              daz_nr_fd_hashes,
01312                                              rsbac_list_hash_fd,
01313                                              RSBAC_DAZ_OLD_FD_NAME);
01314                 if (tmperr) {
01315                         char *tmp;
01316 
01317                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01318                         if (tmp) {
01319                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering DAZ list %s for device %02u:%02u failed with error %s!\n",
01320                                              RSBAC_DAZ_FD_NAME,
01321                                              RSBAC_MAJOR(kdev),
01322                                              RSBAC_MINOR(kdev),
01323                                              get_error_name(tmp,
01324                                                             tmperr));
01325                                 rsbac_kfree(tmp);
01326                         }
01327                         err = tmperr;
01328                 }
01329         }
01330 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01331         {
01332                 rsbac_daz_scanned_t def_daz_scanned_fd_aci =
01333                     DEFAULT_DAZ_FD_SCANNED;
01334 
01335                 info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION;
01336                 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01337                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01338                 info_p->data_size = sizeof(rsbac_daz_scanned_t);
01339                 info_p->max_age = 0;
01340                 daz_scanned_nr_fd_hashes = RSBAC_DAZ_SCANNED_NR_FD_LISTS;
01341                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01342                                              &device_p->handles.dazs,
01343                                              info_p,
01344 #ifdef CONFIG_RSBAC_DAZ_PERSIST
01345                                              RSBAC_LIST_PERSIST |
01346 #endif
01347                                              RSBAC_LIST_DEF_DATA |
01348                                              RSBAC_LIST_AUTO_HASH_RESIZE |
01349                                              RSBAC_LIST_NO_MAX,
01350                                              NULL,
01351                                              NULL,
01352                                              &def_daz_scanned_fd_aci,
01353                                              RSBAC_DAZ_SCANNED_FD_NAME, kdev,
01354                                              daz_scanned_nr_fd_hashes,
01355                                              rsbac_list_hash_fd,
01356                                              RSBAC_DAZ_SCANNED_OLD_FD_NAME);
01357                 if (tmperr) {
01358                         char *tmp;
01359 
01360                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01361                         if (tmp) {
01362                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering DAZ scanned list %s for device %02u:%02u failed with error %s!\n",
01363                                              RSBAC_DAZ_SCANNED_FD_NAME,
01364                                              RSBAC_MAJOR(kdev),
01365                                              RSBAC_MINOR(kdev),
01366                                              get_error_name(tmp,
01367                                                             tmperr));
01368                                 rsbac_kfree(tmp);
01369                         }
01370                         err = tmperr;
01371                 }
01372         }
01373 #endif
01374 #endif
01375 
01376 #if defined(CONFIG_RSBAC_FF)
01377         {
01378                 rsbac_ff_flags_t def_ff_fd_aci = RSBAC_FF_DEF;
01379 
01380                 info_p->version = RSBAC_FF_FD_ACI_VERSION;
01381                 info_p->key = RSBAC_FF_FD_ACI_KEY;
01382                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01383                 info_p->data_size = sizeof(rsbac_ff_flags_t);
01384                 info_p->max_age = 0;
01385                 ff_nr_fd_hashes = RSBAC_FF_NR_FD_LISTS;
01386                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01387                                              &device_p->handles.ff,
01388                                              info_p,
01389                                              RSBAC_LIST_PERSIST |
01390                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01391                                              NULL,
01392                                              NULL, &def_ff_fd_aci,
01393                                              RSBAC_FF_FD_NAME, kdev,
01394                                              ff_nr_fd_hashes,
01395                                              rsbac_list_hash_fd,
01396                                              RSBAC_FF_OLD_FD_NAME);
01397                 if (tmperr) {
01398                         char *tmp;
01399 
01400                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01401                         if (tmp) {
01402                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering FF list %s for device %02u:%02u failed with error %s!\n",
01403                                              RSBAC_FF_FD_NAME,
01404                                              RSBAC_MAJOR(kdev),
01405                                              RSBAC_MINOR(kdev),
01406                                              get_error_name(tmp,
01407                                                             tmperr));
01408                                 rsbac_kfree(tmp);
01409                         }
01410                         err = tmperr;
01411                 }
01412         }
01413 #endif
01414 
01415 #if defined(CONFIG_RSBAC_RC)
01416         {
01417                 info_p->version = RSBAC_RC_FD_ACI_VERSION;
01418                 info_p->key = RSBAC_RC_FD_ACI_KEY;
01419                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01420                 info_p->data_size =
01421                     sizeof(struct rsbac_rc_fd_aci_t);
01422                 info_p->max_age = 0;
01423                 rc_nr_fd_hashes = RSBAC_RC_NR_FD_LISTS;
01424                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01425                                              &device_p->handles.rc,
01426                                              info_p,
01427                                              RSBAC_LIST_PERSIST |
01428                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01429                                              NULL,
01430                                              NULL, &def_rc_fd_aci,
01431                                              RSBAC_RC_FD_NAME, kdev,
01432                                              rc_nr_fd_hashes,
01433                                              rsbac_list_hash_fd,
01434                                              RSBAC_RC_OLD_FD_NAME);
01435                 if (tmperr) {
01436                         char *tmp;
01437 
01438                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01439                         if (tmp) {
01440                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering RC list %s for device %02u:%02u failed with error %s!\n",
01441                                              RSBAC_RC_FD_NAME,
01442                                              RSBAC_MAJOR(kdev),
01443                                              RSBAC_MINOR(kdev),
01444                                              get_error_name(tmp,
01445                                                             tmperr));
01446                                 rsbac_kfree(tmp);
01447                         }
01448                         err = tmperr;
01449                 }
01450         }
01451 #endif
01452 
01453 #if defined(CONFIG_RSBAC_AUTH)
01454         {
01455                 struct rsbac_auth_fd_aci_t def_auth_fd_aci =
01456                     DEFAULT_AUTH_FD_ACI;
01457 
01458                 info_p->version = RSBAC_AUTH_FD_ACI_VERSION;
01459                 info_p->key = RSBAC_AUTH_FD_ACI_KEY;
01460                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01461                 info_p->data_size =
01462                     sizeof(struct rsbac_auth_fd_aci_t);
01463                 info_p->max_age = 0;
01464                 auth_nr_fd_hashes = RSBAC_AUTH_NR_FD_LISTS;
01465                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01466                                              &device_p->handles.auth,
01467                                              info_p,
01468                                              RSBAC_LIST_PERSIST |
01469                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01470                                              NULL,
01471                                              auth_fd_get_conv,
01472                                              &def_auth_fd_aci,
01473                                              RSBAC_AUTH_FD_NAME, kdev,
01474                                              auth_nr_fd_hashes,
01475                                              rsbac_list_hash_fd,
01476                                              RSBAC_AUTH_OLD_FD_NAME);
01477                 if (tmperr) {
01478                         char *tmp;
01479 
01480                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01481                         if (tmp) {
01482                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering AUTH list %s for device %02u:%02u failed with error %s!\n",
01483                                              RSBAC_AUTH_FD_NAME,
01484                                              RSBAC_MAJOR(kdev),
01485                                              RSBAC_MINOR(kdev),
01486                                              get_error_name(tmp,
01487                                                             tmperr));
01488                                 rsbac_kfree(tmp);
01489                         }
01490                         err = tmperr;
01491                 }
01492         }
01493 #endif
01494 
01495 #if defined(CONFIG_RSBAC_CAP)
01496         {
01497                 struct rsbac_cap_fd_aci_t def_cap_fd_aci =
01498                     DEFAULT_CAP_FD_ACI;
01499 
01500                 info_p->version = RSBAC_CAP_FD_ACI_VERSION;
01501                 info_p->key = RSBAC_CAP_FD_ACI_KEY;
01502                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01503                 info_p->data_size =
01504                     sizeof(struct rsbac_cap_fd_aci_t);
01505                 info_p->max_age = 0;
01506                 cap_nr_fd_hashes = RSBAC_CAP_NR_FD_LISTS;
01507                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01508                                              &device_p->handles.cap,
01509                                              info_p,
01510                                              RSBAC_LIST_PERSIST |
01511                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01512                                              NULL,
01513                                              cap_fd_get_conv, 
01514                                              &def_cap_fd_aci,
01515                                              RSBAC_CAP_FD_NAME, kdev,
01516                                              cap_nr_fd_hashes,
01517                                              rsbac_list_hash_fd,
01518                                              RSBAC_CAP_OLD_FD_NAME);
01519                 if (tmperr) {
01520                         char *tmp;
01521 
01522                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01523                         if (tmp) {
01524                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering CAP list %s for device %02u:%02u failed with error %s!\n",
01525                                              RSBAC_CAP_FD_NAME,
01526                                              RSBAC_MAJOR(kdev),
01527                                              RSBAC_MINOR(kdev),
01528                                              get_error_name(tmp,
01529                                                             tmperr));
01530                                 rsbac_kfree(tmp);
01531                         }
01532                         err = tmperr;
01533                 }
01534         }
01535 #endif
01536 
01537 #if defined(CONFIG_RSBAC_PAX)
01538         {
01539                 rsbac_pax_flags_t def_pax_fd_aci;
01540 
01541 #ifdef CONFIG_RSBAC_PAX_DEFAULT
01542                 def_pax_fd_aci = 0;
01543 #ifdef CONFIG_RSBAC_PAX_PAGEEXEC
01544                 def_pax_fd_aci |= PF_PAX_PAGEEXEC;
01545 #endif
01546 #ifdef CONFIG_RSBAC_PAX_EMUTRAMP
01547                 def_pax_fd_aci |= PF_PAX_EMUTRAMP;
01548 #endif
01549 #ifdef CONFIG_RSBAC_PAX_MPROTECT
01550                 def_pax_fd_aci |= PF_PAX_MPROTECT;
01551 #endif
01552 #ifdef CONFIG_RSBAC_PAX_RANDMMAP
01553                 def_pax_fd_aci |= PF_PAX_RANDMMAP;
01554 #endif
01555 #ifdef CONFIG_RSBAC_PAX_RANDEXEC
01556                 def_pax_fd_aci |= PF_PAX_RANDEXEC;
01557 #endif
01558 #ifdef CONFIG_RSBAC_PAX_SEGMEXEC
01559                 def_pax_fd_aci |= PF_PAX_SEGMEXEC;
01560 #endif
01561 
01562 #else
01563                 def_pax_fd_aci = RSBAC_PAX_DEF_FLAGS;
01564 #endif
01565 
01566                 info_p->version = RSBAC_PAX_FD_ACI_VERSION;
01567                 info_p->key = RSBAC_PAX_FD_ACI_KEY;
01568                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01569                 info_p->data_size = sizeof(rsbac_pax_flags_t);
01570                 info_p->max_age = 0;
01571                 pax_nr_fd_hashes = RSBAC_PAX_NR_FD_LISTS;
01572                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01573                                              &device_p->handles.pax,
01574                                              info_p,
01575                                              RSBAC_LIST_PERSIST |
01576                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01577                                              NULL,
01578                                              NULL, &def_pax_fd_aci,
01579                                              RSBAC_PAX_FD_NAME, kdev,
01580                                              pax_nr_fd_hashes,
01581                                              rsbac_list_hash_fd,
01582                                              RSBAC_PAX_OLD_FD_NAME);
01583                 if (tmperr) {
01584                         char *tmp;
01585 
01586                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01587                         if (tmp) {
01588                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering PAX list %s for device %02u:%02u failed with error %s!\n",
01589                                              RSBAC_PAX_FD_NAME,
01590                                              RSBAC_MAJOR(kdev),
01591                                              RSBAC_MINOR(kdev),
01592                                              get_error_name(tmp,
01593                                                             tmperr));
01594                                 rsbac_kfree(tmp);
01595                         }
01596                         err = tmperr;
01597                 }
01598         }
01599 #endif
01600 
01601 #if defined(CONFIG_RSBAC_RES)
01602         {
01603                 info_p->version = RSBAC_RES_FD_ACI_VERSION;
01604                 info_p->key = RSBAC_RES_FD_ACI_KEY;
01605                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01606                 info_p->data_size =
01607                     sizeof(struct rsbac_res_fd_aci_t);
01608                 info_p->max_age = 0;
01609                 res_nr_fd_hashes = RSBAC_RES_NR_FD_LISTS;
01610                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01611                                              &device_p->handles.res,
01612                                              info_p,
01613                                              RSBAC_LIST_PERSIST |
01614                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01615                                              NULL,
01616                                              NULL, &def_res_fd_aci,
01617                                              RSBAC_RES_FD_NAME, kdev,
01618                                              res_nr_fd_hashes,
01619                                              rsbac_list_hash_fd,
01620                                              RSBAC_RES_OLD_FD_NAME);
01621                 if (tmperr) {
01622                         char *tmp;
01623 
01624                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01625                         if (tmp) {
01626                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering RES list %s for device %02u:%02u failed with error %s!\n",
01627                                              RSBAC_RES_FD_NAME,
01628                                              RSBAC_MAJOR(kdev),
01629                                              RSBAC_MINOR(kdev),
01630                                              get_error_name(tmp,
01631                                                             tmperr));
01632                                 rsbac_kfree(tmp);
01633                         }
01634                         err = tmperr;
01635                 }
01636         }
01637 #endif
01638 
01639         rsbac_kfree(name);
01640         rsbac_kfree(info_p);
01641         return err;
01642 }

static int __init register_ipc_lists ( void   )  [static]

Definition at line 5841 of file aci_data_structures.c.

References ipc_compare(), ipc_handles, NULL, registration_error(), RSBAC_JAIL_ACI_IPC_NAME, RSBAC_JAIL_DEF_ID, rsbac_kfree(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_DEF_DATA, rsbac_list_hash_ipc(), rsbac_list_register_hashed(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_IPC_NAME, RSBAC_PM_ACI_IPC_NAME, rsbac_pr_debug, RSBAC_RC_ACI_IPC_NAME, and RSBAC_RC_GENERAL_TYPE.

Referenced by rsbac_do_init().

05843 {
05844         int err = 0;
05845         struct rsbac_list_info_t *list_info_p;
05846 
05847         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05848         if (!list_info_p) {
05849                 return -ENOMEM;
05850         }
05851         rsbac_pr_debug(ds, "registering IPC lists\n");
05852 #if defined(CONFIG_RSBAC_MAC)
05853         {
05854                 struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI;
05855 
05856                 list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION;
05857                 list_info_p->key = RSBAC_MAC_IPC_ACI_KEY;
05858                 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05859                 list_info_p->data_size =
05860                     sizeof(struct rsbac_mac_ipc_aci_t);
05861                 list_info_p->max_age = 0;
05862                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05863                                           &ipc_handles.mac,
05864                                           list_info_p,
05865                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05866                                           ipc_compare,
05867                                           NULL,
05868                                           &def_aci,
05869                                           RSBAC_MAC_ACI_IPC_NAME,
05870                                           RSBAC_AUTO_DEV,
05871                                           1,
05872                                           rsbac_list_hash_ipc,
05873                                           NULL);
05874                 if (err) {
05875                         registration_error(err, "IPC MAC");
05876                 }
05877         }
05878 #endif
05879 #if defined(CONFIG_RSBAC_PM)
05880         {
05881                 struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI;
05882 
05883                 list_info_p->version = RSBAC_PM_IPC_ACI_VERSION;
05884                 list_info_p->key = RSBAC_PM_IPC_ACI_KEY;
05885                 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05886                 list_info_p->data_size = sizeof(struct rsbac_pm_ipc_aci_t);
05887                 list_info_p->max_age = 0;
05888                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05889                                           &ipc_handles.pm,
05890                                           list_info_p,
05891                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05892                                           ipc_compare,
05893                                           NULL,
05894                                           &def_aci,
05895                                           RSBAC_PM_ACI_IPC_NAME,
05896                                           RSBAC_AUTO_DEV,
05897                                           1,
05898                                           rsbac_list_hash_ipc,
05899                                           NULL);
05900                 if (err) {
05901                         registration_error(err, "IPC PM");
05902                 }
05903         }
05904 #endif
05905 #if defined(CONFIG_RSBAC_RC)
05906         {
05907                 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
05908 
05909                 list_info_p->version = RSBAC_RC_IPC_ACI_VERSION;
05910                 list_info_p->key = RSBAC_RC_IPC_ACI_KEY;
05911                 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05912                 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05913                 list_info_p->max_age = 0;
05914                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05915                                           &ipc_handles.rc,
05916                                           list_info_p,
05917                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05918                                           ipc_compare,
05919                                           NULL,
05920                                           &def_aci,
05921                                           RSBAC_RC_ACI_IPC_NAME,
05922                                           RSBAC_AUTO_DEV,
05923                                           1,
05924                                           rsbac_list_hash_ipc,
05925                                           NULL);
05926                 if (err) {
05927                         registration_error(err, "IPC RC");
05928                 }
05929         }
05930 #endif
05931 #if defined(CONFIG_RSBAC_JAIL)
05932         {
05933                 rsbac_jail_id_t def_aci = RSBAC_JAIL_DEF_ID;
05934 
05935                 list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION;
05936                 list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY;
05937                 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05938                 list_info_p->data_size = sizeof(rsbac_jail_id_t);
05939                 list_info_p->max_age = 0;
05940                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05941                                           &ipc_handles.jail,
05942                                           list_info_p,
05943                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05944                                           ipc_compare,
05945                                           NULL,
05946                                           &def_aci,
05947                                           RSBAC_JAIL_ACI_IPC_NAME,
05948                                           RSBAC_AUTO_DEV,
05949                                           1,
05950                                           rsbac_list_hash_ipc,
05951                                           NULL);
05952                 if (err) {
05953                         registration_error(err, "IPC JAIL");
05954                 }
05955         }
05956 #endif
05957 
05958         rsbac_kfree(list_info_p);
05959         return err;
05960 }

static int __init register_process_lists ( void   )  [static]

Definition at line 6504 of file aci_data_structures.c.

References DEFAULT_GEN_P_ACI, gen_nr_p_hashes, NULL, PH_from_other_users, process_handles, registration_error(), RSBAC_AUTH_ACI_PROCESS_NAME, RSBAC_CAP_ACI_PROCESS_NAME, RSBAC_DAZ_ACI_PROCESS_NAME, RSBAC_GEN_ACI_PROCESS_NAME, RSBAC_GEN_PROCESS_ACI_KEY, RSBAC_GEN_PROCESS_ACI_VERSION, RSBAC_JAIL_ACI_PROCESS_NAME, rsbac_kfree(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_DEF_DATA, rsbac_list_hash_pid(), RSBAC_LIST_MIN_MAX_HASHES, rsbac_list_register_hashed(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_PROCESS_NAME, RSBAC_PM_ACI_PROCESS_NAME, rsbac_pr_debug, and RSBAC_RC_ACI_PROCESS_NAME.

Referenced by rsbac_do_init().

06506 {
06507         int err = 0;
06508         struct rsbac_list_info_t *list_info_p;
06509 
06510         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06511         if (!list_info_p) {
06512                 return -ENOMEM;
06513         }
06514         rsbac_pr_debug(ds, "registering PROCESS lists\n");
06515         {
06516                 struct rsbac_gen_process_aci_t def_aci = DEFAULT_GEN_P_ACI;
06517 
06518                 list_info_p->version = RSBAC_GEN_PROCESS_ACI_VERSION;
06519                 list_info_p->key = RSBAC_GEN_PROCESS_ACI_KEY;
06520                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06521                 list_info_p->data_size =
06522                     sizeof(struct rsbac_gen_process_aci_t);
06523                 list_info_p->max_age = 0;
06524                 gen_nr_p_hashes = CONFIG_RSBAC_GEN_NR_P_LISTS;
06525                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06526                                                 &process_handles.gen,
06527                                                 list_info_p,
06528                                                 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06529                                                 NULL,
06530                                                 NULL, &def_aci,
06531                                                 RSBAC_GEN_ACI_PROCESS_NAME,
06532                                                 RSBAC_AUTO_DEV,
06533                                                 gen_nr_p_hashes,
06534                                                 (gen_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06535                                                 NULL);
06536                 if (err) {
06537                         registration_error(err, "PROCESS GEN");
06538                 }
06539         }
06540 #if defined(CONFIG_RSBAC_MAC)
06541         {
06542                 struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI;
06543 
06544                 list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION;
06545                 list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY;
06546                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06547                 list_info_p->data_size =
06548                     sizeof(struct rsbac_mac_process_aci_t);
06549                 list_info_p->max_age = 0;
06550                 mac_nr_p_hashes = CONFIG_RSBAC_MAC_NR_P_LISTS;
06551                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06552                                                 &process_handles.mac,
06553                                                 list_info_p,
06554                                                 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06555                                                 NULL,
06556                                                 NULL, &def_aci,
06557                                                 RSBAC_MAC_ACI_PROCESS_NAME,
06558                                                 RSBAC_AUTO_DEV,
06559                                                 mac_nr_p_hashes,
06560                                                 (mac_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06561                                                 NULL);
06562                 if (err) {
06563                         registration_error(err, "PROCESS MAC");
06564                 }
06565         }
06566 #endif
06567 #if defined(CONFIG_RSBAC_PM)
06568         {
06569                 struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI;
06570 
06571                 list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION;
06572                 list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY;
06573                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06574                 list_info_p->data_size =
06575                     sizeof(struct rsbac_pm_process_aci_t);
06576                 list_info_p->max_age = 0;
06577                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06578                                           &process_handles.pm,
06579                                           list_info_p,
06580                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06581                                           NULL,
06582                                           NULL,
06583                                           &def_aci,
06584                                           RSBAC_PM_ACI_PROCESS_NAME,
06585                                           RSBAC_AUTO_DEV,
06586                                           1,
06587                                           rsbac_list_hash_pid,
06588                                           NULL);
06589                 if (err) {
06590                         registration_error(err, "PROCESS PM");
06591                 }
06592         }
06593 #endif
06594 #if defined(CONFIG_RSBAC_DAZ)
06595         {
06596                 struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI;
06597 
06598                 list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION;
06599                 list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY;
06600                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06601                 list_info_p->data_size =
06602                     sizeof(struct rsbac_daz_process_aci_t);
06603                 list_info_p->max_age = 0;
06604                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06605                                           &process_handles.daz,
06606                                           list_info_p,
06607                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06608                                           NULL,
06609                                           NULL,
06610                                           &def_aci,
06611                                           RSBAC_DAZ_ACI_PROCESS_NAME,
06612                                           RSBAC_AUTO_DEV,
06613                                           1,
06614                                           rsbac_list_hash_pid,
06615                                           NULL);
06616                 if (err) {
06617                         registration_error(err, "PROCESS DAZ");
06618                 }
06619         }
06620 #endif
06621 #if defined(CONFIG_RSBAC_RC)
06622         {
06623                 struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI;
06624 
06625                 list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION;
06626                 list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY;
06627                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06628                 list_info_p->data_size =
06629                     sizeof(struct rsbac_rc_process_aci_t);
06630                 list_info_p->max_age = 0;
06631                 rc_nr_p_hashes = CONFIG_RSBAC_RC_NR_P_LISTS;
06632                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06633                                                 &process_handles.rc,
06634                                                 list_info_p,
06635                                                 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06636                                                 NULL,
06637                                                 NULL, &def_aci,
06638                                                 RSBAC_RC_ACI_PROCESS_NAME,
06639                                                 RSBAC_AUTO_DEV,
06640                                                 rc_nr_p_hashes,
06641                                                 (rc_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06642                                                 NULL);
06643                 if (err) {
06644                         registration_error(err, "PROCESS RC");
06645                 }
06646         }
06647 #endif
06648 #if defined(CONFIG_RSBAC_AUTH)
06649         {
06650                 struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI;
06651 
06652                 list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION;
06653                 list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY;
06654                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06655                 list_info_p->data_size =
06656                     sizeof(struct rsbac_auth_process_aci_t);
06657                 list_info_p->max_age = 0;
06658                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06659                                           &process_handles.auth,
06660                                           list_info_p,
06661                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06662                                           NULL,
06663                                           NULL,
06664                                           &def_aci,
06665                                           RSBAC_AUTH_ACI_PROCESS_NAME,
06666                                           RSBAC_AUTO_DEV,
06667 #if defined(CONFIG_RSBAC_AUTH_LEARN)
06668                                           RSBAC_LIST_MIN_MAX_HASHES,
06669                                           rsbac_list_hash_pid,
06670 #else
06671                                           1,
06672                                           NULL,
06673 #endif
06674                                           NULL);
06675                 if (err) {
06676                         registration_error(err, "PROCESS AUTH");
06677                 }
06678         }
06679 #endif
06680 #if defined(CONFIG_RSBAC_CAP)
06681         {
06682                 struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI;
06683 
06684 #if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
06685                 if (rsbac_cap_process_hiding)
06686                         def_aci.cap_process_hiding = PH_from_other_users;
06687 #endif
06688                 list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION;
06689                 list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY;
06690                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06691                 list_info_p->data_size =
06692                     sizeof(struct rsbac_cap_process_aci_t);
06693                 list_info_p->max_age = 0;
06694                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06695                                           &process_handles.cap,
06696                                           list_info_p,
06697                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06698                                           NULL,
06699                                           NULL,
06700                                           &def_aci,
06701                                           RSBAC_CAP_ACI_PROCESS_NAME,
06702                                           RSBAC_AUTO_DEV,
06703                                           1,
06704                                           rsbac_list_hash_pid,
06705                                           NULL);
06706                 if (err) {
06707                         registration_error(err, "PROCESS CAP");
06708                 }
06709         }
06710 #endif
06711 #if defined(CONFIG_RSBAC_JAIL)
06712         {
06713                 struct rsbac_jail_process_aci_t def_aci =
06714                     DEFAULT_JAIL_P_ACI;
06715 
06716                 list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION;
06717                 list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY;
06718                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06719                 list_info_p->data_size =
06720                     sizeof(struct rsbac_jail_process_aci_t);
06721                 list_info_p->max_age = 0;
06722                 jail_nr_p_hashes = CONFIG_RSBAC_JAIL_NR_P_LISTS;
06723                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06724                                                 &process_handles.jail,
06725                                                 list_info_p,
06726                                                 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06727                                                 NULL,
06728                                                 NULL, &def_aci,
06729                                                 RSBAC_JAIL_ACI_PROCESS_NAME,
06730                                                 RSBAC_AUTO_DEV,
06731                                                 jail_nr_p_hashes,
06732                                                 (jail_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06733                                                 NULL);
06734                 if (err) {
06735                         registration_error(err, "PROCESS JAIL");
06736                 }
06737         }
06738 #endif
06739 
06740         rsbac_kfree(list_info_p);
06741         return err;
06742 }

static int __init register_user_lists1 ( void   )  [static]

Definition at line 5965 of file aci_data_structures.c.

References DEFAULT_GEN_U_ACI, NULL, registration_error(), RSBAC_AUDITOR_UID, RSBAC_CAP_ACI_USER_NAME, RSBAC_DATAPROT_UID, RSBAC_DAZ_ACI_USER_NAME, RSBAC_FF_ACI_USER_NAME, RSBAC_GEN_ACI_USER_NAME, RSBAC_GEN_USER_ACI_KEY, RSBAC_GEN_USER_ACI_VERSION, rsbac_kfree(), rsbac_list_add(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_BACKUP, rsbac_list_count(), RSBAC_LIST_DEF_DATA, rsbac_list_hash_uid(), RSBAC_LIST_PERSIST, rsbac_list_register(), rsbac_list_register_hashed(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_USER_NAME, rsbac_no_defaults, RSBAC_PM_ACI_USER_NAME, rsbac_pr_debug, rsbac_printk(), RSBAC_SECOFF_UID, RSBAC_SYSADM_UID, RSBAC_TPMAN_UID, SR_administrator, SR_auditor, SR_security_officer, SR_user, and user_handles.

Referenced by rsbac_do_init().

05967 {
05968         int err = 0;
05969         struct rsbac_list_info_t *list_info_p;
05970 
05971         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05972         if (!list_info_p) {
05973                 return -ENOMEM;
05974         }
05975         rsbac_pr_debug(ds, "registering USER lists\n");
05976         {
05977                 struct rsbac_gen_user_aci_t def_aci = DEFAULT_GEN_U_ACI;
05978 
05979                 list_info_p->version = RSBAC_GEN_USER_ACI_VERSION;
05980                 list_info_p->key = RSBAC_GEN_USER_ACI_KEY;
05981                 list_info_p->desc_size = sizeof(rsbac_uid_t);
05982                 list_info_p->data_size =
05983                     sizeof(struct rsbac_gen_user_aci_t);
05984                 list_info_p->max_age = 0;
05985                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05986                                           &user_handles.gen, list_info_p,
05987 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05988                                           RSBAC_LIST_BACKUP |
05989 #endif
05990                                           RSBAC_LIST_PERSIST |
05991                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05992                                           NULL, NULL,
05993                                           &def_aci,
05994                                           RSBAC_GEN_ACI_USER_NAME,
05995                                           RSBAC_AUTO_DEV,
05996                                           1,
05997                                           rsbac_list_hash_uid,
05998                                           NULL);
05999                 if (err) {
06000                         registration_error(err, "USER General");
06001                 }
06002         }
06003 #if defined(CONFIG_RSBAC_MAC)
06004         {
06005                 struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI;
06006 
06007                 list_info_p->version = RSBAC_MAC_USER_ACI_VERSION;
06008                 list_info_p->key = RSBAC_MAC_USER_ACI_KEY;
06009                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06010                 list_info_p->data_size =
06011                     sizeof(struct rsbac_mac_user_aci_t);
06012                 list_info_p->max_age = 0;
06013                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06014                                           &user_handles.mac, list_info_p,
06015 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06016                                           RSBAC_LIST_BACKUP |
06017 #endif
06018                                           RSBAC_LIST_PERSIST |
06019                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06020                                           NULL,
06021                                           mac_user_get_conv, &def_aci,
06022                                           RSBAC_MAC_ACI_USER_NAME,
06023                                           RSBAC_AUTO_DEV,
06024                                           1,
06025                                           rsbac_list_hash_uid,
06026                                           NULL);
06027                 if (err) {
06028                         registration_error(err, "USER MAC");
06029                 } else
06030                     if (!rsbac_no_defaults
06031                         && !rsbac_list_count(user_handles.mac)) {
06032                         struct rsbac_mac_user_aci_t sysadm_aci =
06033                             DEFAULT_MAC_U_SYSADM_ACI;
06034                         struct rsbac_mac_user_aci_t secoff_aci =
06035                             DEFAULT_MAC_U_SECOFF_ACI;
06036                         struct rsbac_mac_user_aci_t auditor_aci =
06037                             DEFAULT_MAC_U_AUDITOR_ACI;
06038                         rsbac_uid_t user;
06039 
06040                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n");
06041                         user = RSBAC_SYSADM_UID;
06042                         if (rsbac_list_add
06043                             (user_handles.mac, &user, &sysadm_aci))
06044                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER MAC entry could not be added!\n");
06045                         user = RSBAC_SECOFF_UID;
06046                         if (rsbac_list_add
06047                             (user_handles.mac, &user, &secoff_aci))
06048                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER MAC entry could not be added!\n");
06049                         user = RSBAC_AUDITOR_UID;
06050                         if (rsbac_list_add
06051                             (user_handles.mac, &user, &auditor_aci))
06052                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n");
06053                 }
06054         }
06055 #endif
06056 #if defined(CONFIG_RSBAC_PM)
06057         {
06058                 struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI;
06059 
06060                 list_info_p->version = RSBAC_PM_USER_ACI_VERSION;
06061                 list_info_p->key = RSBAC_PM_USER_ACI_KEY;
06062                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06063                 list_info_p->data_size =
06064                     sizeof(struct rsbac_pm_user_aci_t);
06065                 list_info_p->max_age = 0;
06066                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06067                                           &user_handles.pm, list_info_p,
06068 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06069                                           RSBAC_LIST_BACKUP |
06070 #endif
06071                                           RSBAC_LIST_PERSIST |
06072                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06073                                           NULL, NULL,
06074                                           &def_aci, RSBAC_PM_ACI_USER_NAME,
06075                                           RSBAC_AUTO_DEV,
06076                                           1,
06077                                           rsbac_list_hash_uid,
06078                                           NULL);
06079                 if (err) {
06080                         registration_error(err, "USER PM");
06081                 } else
06082                     if (!rsbac_no_defaults
06083                         && !rsbac_list_count(user_handles.pm)) {
06084                         struct rsbac_pm_user_aci_t sysadm_aci =
06085                             DEFAULT_PM_U_SYSADM_ACI;
06086                         struct rsbac_pm_user_aci_t secoff_aci =
06087                             DEFAULT_PM_U_SECOFF_ACI;
06088                         struct rsbac_pm_user_aci_t dataprot_aci =
06089                             DEFAULT_PM_U_DATAPROT_ACI;
06090                         struct rsbac_pm_user_aci_t tpman_aci =
06091                             DEFAULT_PM_U_TPMAN_ACI;
06092                         rsbac_uid_t user;
06093 
06094                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n");
06095                         user = RSBAC_SYSADM_UID;
06096                         if (rsbac_list_add
06097                             (user_handles.pm, &user, &sysadm_aci))
06098                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER PM entry could not be added!\n");
06099                         user = RSBAC_SECOFF_UID;
06100                         if (rsbac_list_add
06101                             (user_handles.pm, &user, &secoff_aci))
06102                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER PM entry could not be added!\n");
06103                         user = RSBAC_DATAPROT_UID;
06104                         if (rsbac_list_add
06105                             (user_handles.pm, &user, &dataprot_aci))
06106                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): DATAPROT USER PM entry could not be added!\n");
06107                         user = RSBAC_TPMAN_UID;
06108                         if (rsbac_list_add
06109                             (user_handles.pm, &user, &tpman_aci))
06110                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): TPMAN USER PM entry could not be added!\n");
06111                 }
06112         }
06113 #endif
06114 #if defined(CONFIG_RSBAC_DAZ)
06115         {
06116                 rsbac_system_role_int_t def_aci = SR_user;
06117 
06118                 list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION;
06119                 list_info_p->key = RSBAC_DAZ_USER_ACI_KEY;
06120                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06121                 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06122                 list_info_p->max_age = 0;
06123                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06124                                           &user_handles.daz, list_info_p,
06125 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06126                                           RSBAC_LIST_BACKUP |
06127 #endif
06128                                           RSBAC_LIST_PERSIST |
06129                                           RSBAC_LIST_DEF_DATA,
06130                                           NULL, NULL,
06131                                           &def_aci,
06132                                           RSBAC_DAZ_ACI_USER_NAME,
06133                                           RSBAC_AUTO_DEV);
06134                 if (err) {
06135                         registration_error(err, "USER DAZ");
06136                 } else
06137                     if (!rsbac_no_defaults
06138                         && !rsbac_list_count(user_handles.daz)) {
06139                         rsbac_uid_t user;
06140                         rsbac_system_role_int_t role;
06141 
06142                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n");
06143                         user = RSBAC_SYSADM_UID;
06144                         role = SR_administrator;
06145                         if (rsbac_list_add(user_handles.daz, &user, &role))
06146                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n");
06147                         user = RSBAC_SECOFF_UID;
06148                         role = SR_security_officer;
06149                         if (rsbac_list_add(user_handles.daz, &user, &role))
06150                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n");
06151                 }
06152         }
06153 #endif
06154 #if defined(CONFIG_RSBAC_FF)
06155         {
06156                 rsbac_system_role_int_t def_aci = SR_user;
06157 
06158                 list_info_p->version = RSBAC_FF_USER_ACI_VERSION;
06159                 list_info_p->key = RSBAC_FF_USER_ACI_KEY;
06160                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06161                 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06162                 list_info_p->max_age = 0;
06163                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06164                                           &user_handles.ff, list_info_p,
06165 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06166                                           RSBAC_LIST_BACKUP |
06167 #endif
06168                                           RSBAC_LIST_PERSIST |
06169                                           RSBAC_LIST_DEF_DATA,
06170                                           NULL, NULL,
06171                                           &def_aci, RSBAC_FF_ACI_USER_NAME,
06172                                           RSBAC_AUTO_DEV);
06173                 if (err) {
06174                         registration_error(err, "USER FF");
06175                 } else
06176                     if (!rsbac_no_defaults
06177                         && !rsbac_list_count(user_handles.ff)) {
06178                         rsbac_uid_t user;
06179                         rsbac_system_role_int_t role;
06180 
06181                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n");
06182                         user = RSBAC_SYSADM_UID;
06183                         role = SR_administrator;
06184                         if (rsbac_list_add(user_handles.ff, &user, &role))
06185                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER FF entry could not be added!\n");
06186                         user = RSBAC_SECOFF_UID;
06187                         role = SR_security_officer;
06188                         if (rsbac_list_add(user_handles.ff, &user, &role))
06189                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER FF entry could not be added!\n");
06190                         user = RSBAC_AUDITOR_UID;
06191                         role = SR_auditor;
06192                         if (rsbac_list_add(user_handles.ff, &user, &role))
06193                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER FF entry could not be added!\n");
06194                 }
06195         }
06196 #endif
06197 #if defined(CONFIG_RSBAC_CAP)
06198         {
06199                 struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI;
06200 
06201                 list_info_p->version = RSBAC_CAP_USER_ACI_VERSION;
06202                 list_info_p->key = RSBAC_CAP_USER_ACI_KEY;
06203                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06204                 list_info_p->data_size =
06205                     sizeof(struct rsbac_cap_user_aci_t);
06206                 list_info_p->max_age = 0;
06207                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06208                                           &user_handles.cap, list_info_p,
06209 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06210                                           RSBAC_LIST_BACKUP |
06211 #endif
06212                                           RSBAC_LIST_PERSIST |
06213                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06214                                           NULL, 
06215                                           cap_user_get_conv,
06216                                           &def_aci,
06217                                           RSBAC_CAP_ACI_USER_NAME,
06218                                           RSBAC_AUTO_DEV,
06219                                           1,
06220                                           rsbac_list_hash_uid,
06221                                           NULL);
06222                 if (err) {
06223                         registration_error(err, "USER CAP");
06224                 } else
06225                     if (!rsbac_no_defaults
06226                         && !rsbac_list_count(user_handles.cap)) {
06227                         struct rsbac_cap_user_aci_t sysadm_aci =
06228                             DEFAULT_CAP_U_SYSADM_ACI;
06229                         struct rsbac_cap_user_aci_t secoff_aci =
06230                             DEFAULT_CAP_U_SECOFF_ACI;
06231                         struct rsbac_cap_user_aci_t auditor_aci =
06232                             DEFAULT_CAP_U_AUDITOR_ACI;
06233                         rsbac_uid_t user;
06234 
06235                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06236                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06237                         user = RSBAC_SYSADM_UID;
06238                         if (rsbac_list_add
06239                             (user_handles.cap, &user, &sysadm_aci))
06240                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER CAP entry could not be added!\n");
06241                         user = RSBAC_SECOFF_UID;
06242                         if (rsbac_list_add
06243                             (user_handles.cap, &user, &secoff_aci))
06244                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER CAP entry could not be added!\n");
06245                         user = RSBAC_AUDITOR_UID;
06246                         if (rsbac_list_add
06247                             (user_handles.cap, &user, &auditor_aci))
06248                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n");
06249                 }
06250         }
06251 #endif
06252 
06253         rsbac_kfree(list_info_p);
06254         return err;
06255 }

static int __init register_user_lists2 ( void   )  [static]

Definition at line 6260 of file aci_data_structures.c.

References NULL, registration_error(), RSBAC_AUDITOR_UID, RSBAC_AUTH_ACI_USER_NAME, RSBAC_JAIL_ACI_USER_NAME, rsbac_kfree(), rsbac_list_add(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_BACKUP, rsbac_list_count(), RSBAC_LIST_DEF_DATA, rsbac_list_hash_uid(), RSBAC_LIST_PERSIST, rsbac_list_register(), rsbac_list_register_hashed(), RSBAC_LIST_VERSION, rsbac_no_defaults, RSBAC_PAX_ACI_USER_NAME, rsbac_printk(), RSBAC_RC_ACI_USER_NAME, RSBAC_RES_ACI_USER_NAME, RSBAC_SECOFF_UID, RSBAC_SYSADM_UID, SR_administrator, SR_auditor, SR_security_officer, SR_user, and user_handles.

Referenced by rsbac_do_init().

06262 {
06263         int err = 0;
06264         struct rsbac_list_info_t *list_info_p;
06265 
06266         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06267         if (!list_info_p) {
06268                 return -ENOMEM;
06269         }
06270 
06271 #if defined(CONFIG_RSBAC_RC)
06272         {
06273                 struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI;
06274 
06275                 list_info_p->version = RSBAC_RC_USER_ACI_VERSION;
06276                 list_info_p->key = RSBAC_RC_USER_ACI_KEY;
06277                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06278                 list_info_p->data_size =
06279                     sizeof(struct rsbac_rc_user_aci_t);
06280                 list_info_p->max_age = 0;
06281                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06282                                           &user_handles.rc, list_info_p,
06283 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06284                                           RSBAC_LIST_BACKUP |
06285 #endif
06286                                           RSBAC_LIST_PERSIST |
06287                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06288                                           NULL,
06289                                           rc_user_get_conv, &def_aci,
06290                                           RSBAC_RC_ACI_USER_NAME,
06291                                           RSBAC_AUTO_DEV,
06292                                           1,
06293                                           rsbac_list_hash_uid,
06294                                           NULL);
06295                 if (err) {
06296                         registration_error(err, "USER RC");
06297                 } else
06298                     if (!rsbac_no_defaults
06299                         && !rsbac_list_count(user_handles.rc)) {
06300                         rsbac_uid_t user;
06301                         struct rsbac_rc_user_aci_t sysadm_aci =
06302                             DEFAULT_RC_U_SYSADM_ACI;
06303                         struct rsbac_rc_user_aci_t secoff_aci =
06304                             DEFAULT_RC_U_SECOFF_ACI;
06305                         struct rsbac_rc_user_aci_t auditor_aci =
06306                             DEFAULT_RC_U_AUDITOR_ACI;
06307 
06308                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n");
06309                         user = RSBAC_SYSADM_UID;
06310                         if (rsbac_list_add
06311                             (user_handles.rc, &user, &sysadm_aci))
06312                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER RC entry could not be added!\n");
06313                         user = RSBAC_SECOFF_UID;
06314                         if (rsbac_list_add
06315                             (user_handles.rc, &user, &secoff_aci))
06316                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER RC entry could not be added!\n");
06317                         user = RSBAC_AUDITOR_UID;
06318                         if (rsbac_list_add
06319                             (user_handles.rc, &user, &auditor_aci))
06320                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER RC entry could not be added!\n");
06321                 }
06322         }
06323 #endif
06324 #if defined(CONFIG_RSBAC_AUTH)
06325         {
06326                 rsbac_system_role_int_t def_aci = SR_user;
06327 
06328                 list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION;
06329                 list_info_p->key = RSBAC_AUTH_USER_ACI_KEY;
06330                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06331                 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06332                 list_info_p->max_age = 0;
06333                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06334                                           &user_handles.auth, list_info_p,
06335 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06336                                           RSBAC_LIST_BACKUP |
06337 #endif
06338                                           RSBAC_LIST_PERSIST |
06339                                           RSBAC_LIST_DEF_DATA,
06340                                           NULL, NULL,
06341                                           &def_aci,
06342                                           RSBAC_AUTH_ACI_USER_NAME,
06343                                           RSBAC_AUTO_DEV);
06344                 if (err) {
06345                         registration_error(err, "USER AUTH");
06346                 } else
06347                     if (!rsbac_no_defaults
06348                         && !rsbac_list_count(user_handles.auth)) {
06349                         rsbac_uid_t user;
06350                         rsbac_system_role_int_t role;
06351 
06352                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n");
06353                         user = RSBAC_SYSADM_UID;
06354                         role = SR_administrator;
06355                         if (rsbac_list_add
06356                             (user_handles.auth, &user, &role))
06357                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n");
06358                         user = RSBAC_SECOFF_UID;
06359                         role = SR_security_officer;
06360                         if (rsbac_list_add
06361                             (user_handles.auth, &user, &role))
06362                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n");
06363                         user = RSBAC_AUDITOR_UID;
06364                         role = SR_auditor;
06365                         if (rsbac_list_add
06366                             (user_handles.auth, &user, &role))
06367                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n");
06368                 }
06369         }
06370 #endif                          /* AUTH */
06371 #if defined(CONFIG_RSBAC_JAIL)
06372         {
06373                 rsbac_system_role_int_t def_aci = SR_user;
06374 
06375                 list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION;
06376                 list_info_p->key = RSBAC_JAIL_USER_ACI_KEY;
06377                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06378                 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06379                 list_info_p->max_age = 0;
06380                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06381                                           &user_handles.jail, list_info_p,
06382 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06383                                           RSBAC_LIST_BACKUP |
06384 #endif
06385                                           RSBAC_LIST_PERSIST |
06386                                           RSBAC_LIST_DEF_DATA,
06387                                           NULL, NULL,
06388                                           &def_aci,
06389                                           RSBAC_JAIL_ACI_USER_NAME,
06390                                           RSBAC_AUTO_DEV);
06391                 if (err) {
06392                         registration_error(err, "USER JAIL");
06393                 } else
06394                     if (!rsbac_no_defaults
06395                         && !rsbac_list_count(user_handles.jail)) {
06396                         rsbac_uid_t user;
06397                         rsbac_system_role_int_t role;
06398 
06399                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n");
06400                         user = RSBAC_SYSADM_UID;
06401                         role = SR_administrator;
06402                         if (rsbac_list_add
06403                             (user_handles.jail, &user, &role))
06404                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n");
06405                         user = RSBAC_SECOFF_UID;
06406                         role = SR_security_officer;
06407                         if (rsbac_list_add
06408                             (user_handles.jail, &user, &role))
06409                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n");
06410                 }
06411         }
06412 #endif
06413 #if defined(CONFIG_RSBAC_RES)
06414         {
06415                 list_info_p->version = RSBAC_RES_USER_ACI_VERSION;
06416                 list_info_p->key = RSBAC_RES_USER_ACI_KEY;
06417                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06418                 list_info_p->data_size =
06419                     sizeof(struct rsbac_res_user_aci_t);
06420                 list_info_p->max_age = 0;
06421                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06422                                           &user_handles.res, list_info_p,
06423 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06424                                           RSBAC_LIST_BACKUP |
06425 #endif
06426                                           RSBAC_LIST_PERSIST,
06427                                           NULL,
06428                                           NULL,
06429                                           NULL,
06430                                           RSBAC_RES_ACI_USER_NAME,
06431                                           RSBAC_AUTO_DEV);
06432                 if (err) {
06433                         registration_error(err, "USER RES");
06434                 } else
06435                     if (!rsbac_no_defaults
06436                         && !rsbac_list_count(user_handles.res)) {
06437                         struct rsbac_res_user_aci_t sysadm_aci =
06438                             DEFAULT_RES_U_SYSADM_ACI;
06439                         struct rsbac_res_user_aci_t secoff_aci =
06440                             DEFAULT_RES_U_SECOFF_ACI;
06441                         rsbac_uid_t user;
06442 
06443                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06444                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06445                         user = RSBAC_SYSADM_UID;
06446                         if (rsbac_list_add
06447                             (user_handles.res, &user, &sysadm_aci))
06448                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER RES entry could not be added!\n");
06449                         user = RSBAC_SECOFF_UID;
06450                         if (rsbac_list_add
06451                             (user_handles.res, &user, &secoff_aci))
06452                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER RES entry could not be added!\n");
06453                 }
06454         }
06455 #endif
06456 #if defined(CONFIG_RSBAC_PAX)
06457         {
06458                 rsbac_system_role_int_t def_aci = SR_user;
06459 
06460                 list_info_p->version = RSBAC_PAX_USER_ACI_VERSION;
06461                 list_info_p->key = RSBAC_PAX_USER_ACI_KEY;
06462                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06463                 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06464                 list_info_p->max_age = 0;
06465                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06466                                           &user_handles.pax, list_info_p,
06467 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06468                                           RSBAC_LIST_BACKUP |
06469 #endif
06470                                           RSBAC_LIST_PERSIST |
06471                                           RSBAC_LIST_DEF_DATA,
06472                                           NULL, NULL,
06473                                           &def_aci,
06474                                           RSBAC_PAX_ACI_USER_NAME,
06475                                           RSBAC_AUTO_DEV);
06476                 if (err) {
06477                         registration_error(err, "USER PAX");
06478                 } else
06479                     if (!rsbac_no_defaults
06480                         && !rsbac_list_count(user_handles.pax)) {
06481                         rsbac_uid_t user;
06482                         rsbac_system_role_int_t role;
06483 
06484                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n");
06485                         user = RSBAC_SYSADM_UID;
06486                         role = SR_administrator;
06487                         if (rsbac_list_add(user_handles.pax, &user, &role))
06488                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER PAX entry could not be added!\n");
06489                         user = RSBAC_SECOFF_UID;
06490                         role = SR_security_officer;
06491                         if (rsbac_list_add(user_handles.pax, &user, &role))
06492                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER PAX entry could not be added!\n");
06493                 }
06494         }
06495 #endif
06496 
06497         rsbac_kfree(list_info_p);
06498         return err;
06499 }

static void __init registration_error ( int  err,
char *  listname 
) [static]

Definition at line 5510 of file aci_data_structures.c.

References get_error_name(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, and rsbac_printk().

Referenced by register_dev_lists(), register_ipc_lists(), register_process_lists(), register_user_lists1(), register_user_lists2(), rsbac_init_acl(), rsbac_init_pm(), and rsbac_init_rc().

05512 {
05513         if (err < 0) {
05514                 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05515 
05516                 if (tmp) {
05517                         rsbac_printk(KERN_WARNING "rsbac_do_init(): Registering %s list failed with error %s\n",
05518                                      listname, get_error_name(tmp, err));
05519                         rsbac_kfree(tmp);
05520                 }
05521         }
05522 }

static void remove_device_item ( kdev_t  kdev  )  [static]

Definition at line 1969 of file aci_data_structures.c.

References aci_detach_fd_lists(), clear_device_item(), device_hash(), device_head_p, device_list_locks, lookup_device(), NULL, rsbac_kfree(), and rsbac_kmalloc().

Referenced by rsbac_umount(), rsbac_umount_acl(), rsbac_umount_auth(), and rsbac_umount_mac().

01970 {
01971         struct rsbac_device_list_item_t *item_p;
01972         struct rsbac_device_list_head_t * new_p;
01973         #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01974         struct rsbac_device_list_head_t * old_p;
01975         #endif
01976         u_int hash;
01977                
01978         hash = device_hash(kdev);
01979 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01980         old_p = device_head_p[hash];
01981         new_p = rsbac_kmalloc(sizeof(*new_p));
01982         *new_p = *old_p;
01983 #else
01984         new_p = device_head_p[hash];
01985 #endif
01986         /* first we must locate the item. */
01987         if ((item_p = lookup_device(kdev, hash))) {     /* ok, item was found */
01988                 if (new_p->head == item_p) {    /* item is head */
01989                         if (new_p->tail == item_p) {    /* item is head and tail = only item -> list will be empty */
01990                                 new_p->head = NULL;
01991                                 new_p->tail = NULL;
01992                         } else {        /* item is head, but not tail -> next item becomes head */
01993                                 item_p->next->prev = NULL;
01994                                 new_p->head = item_p->next;
01995                         }
01996                 } else {        /* item is not head */
01997                         if (new_p->tail == item_p) {    /*item is not head, but tail -> previous item becomes tail */
01998                                 item_p->prev->next = NULL;
01999                                 new_p->tail = item_p->prev;
02000                         } else {        /* item is neither head nor tail -> item is cut out */
02001                                 item_p->prev->next = item_p->next;
02002                                 item_p->next->prev = item_p->prev;
02003                         }
02004                 }
02005 
02006                 /* curr is no longer valid -> reset.                              */
02007                 new_p->curr = NULL;
02008                 /* adjust counter */
02009                 new_p->count--;
02010 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02011                 rcu_assign_pointer(device_head_p[hash], new_p);
02012                 spin_unlock(&device_list_locks[hash]);
02013                 synchronize_rcu();
02014                 rsbac_kfree(old_p);
02015 #endif
02016                 /* clean up */
02017                 aci_detach_fd_lists(item_p);
02018 
02019                 /* clear item */
02020                 clear_device_item(item_p);
02021         }
02022 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02023         else
02024                 spin_unlock(&device_list_locks[hash]);
02025 #endif
02026 }

static int rsbac_clear_file ( struct dentry *  dentry  )  [static]

Definition at line 2033 of file aci_data_structures.c.

Referenced by rsbac_write_open().

02034 {
02035         struct inode *inode = dentry->d_inode;
02036         int error;
02037         struct iattr newattrs;
02038 
02039 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02040         mutex_lock(&inode->i_mutex);
02041 #else
02042         down(&inode->i_sem);
02043 #endif
02044         newattrs.ia_size = 0;
02045         newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
02046         error = notify_change(dentry, &newattrs);
02047 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02048         mutex_unlock(&inode->i_mutex);
02049 #else
02050         up(&inode->i_sem);
02051 #endif
02052         return error;
02053 }

static int __init rsbac_do_init ( void   )  [static]

Definition at line 7290 of file aci_data_structures.c.

References add_device_item(), clear_device_item(), compiled_modules, create_device_item(), device_head_p, device_list_locks, get_error_name(), NULL, register_dev_lists(), register_fd_lists(), register_ipc_lists(), register_process_lists(), register_user_lists1(), register_user_lists2(), RSBAC_AUTH_LOGIN_PATH, RSBAC_AUTH_LOGIN_PATH_DIR, RSBAC_AUTH_LOGIN_PATH_FILE, rsbac_check_acl(), rsbac_check_lists(), RSBAC_ECOULDNOTADDDEVICE, RSBAC_ECOULDNOTADDITEM, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOROOTDEV, RSBAC_ENOTFOUND, rsbac_init_acl(), rsbac_init_adf(), rsbac_init_auth(), rsbac_init_daz(), rsbac_init_debug(), rsbac_init_mac(), rsbac_init_pm(), rsbac_init_rc(), rsbac_init_um(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_kmem_cache_sizes_init(), rsbac_list_add(), rsbac_list_get_data(), rsbac_list_init(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, rsbac_mount(), rsbac_pax_set_flags_func(), rsbac_pr_debug, rsbac_printk(), rsbac_root_dev, RSBAC_VERSION, sysfs_covered_p, sysfs_sb_p, and TRUE.

Referenced by rsbac_init().

07292 {
07293         int err = 0;
07294         struct rsbac_device_list_item_t *device_p;
07295         struct rsbac_device_list_item_t *new_device_p;
07296         struct rsbac_list_info_t *list_info_p;
07297         struct super_block *sb_p;
07298         u_int i;
07299 
07300         rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space());
07301         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07302         if (!list_info_p) {
07303                 return -ENOMEM;
07304         }
07305         compiled_modules[0] = (char) 0;
07306 #ifdef CONFIG_RSBAC_REG
07307         strcat(compiled_modules, " REG");
07308 #endif
07309 #ifdef CONFIG_RSBAC_MAC
07310 #ifdef CONFIG_RSBAC_MAC_LIGHT
07311         strcat(compiled_modules, " MAC-L");
07312 #else
07313         strcat(compiled_modules, " MAC");
07314 #endif
07315 #endif
07316 #ifdef CONFIG_RSBAC_PM
07317         strcat(compiled_modules, " PM");
07318 #endif
07319 #ifdef CONFIG_RSBAC_DAZ
07320         strcat(compiled_modules, " DAZ");
07321 #endif
07322 #ifdef CONFIG_RSBAC_FF
07323         strcat(compiled_modules, " FF");
07324 #endif
07325 #ifdef CONFIG_RSBAC_RC
07326         strcat(compiled_modules, " RC");
07327 #endif
07328 #ifdef CONFIG_RSBAC_AUTH
07329         strcat(compiled_modules, " AUTH");
07330 #endif
07331 #ifdef CONFIG_RSBAC_ACL
07332         strcat(compiled_modules, " ACL");
07333 #endif
07334 #ifdef CONFIG_RSBAC_CAP
07335         strcat(compiled_modules, " CAP");
07336 #endif
07337 #ifdef CONFIG_RSBAC_JAIL
07338         strcat(compiled_modules, " JAIL");
07339 #endif
07340 #ifdef CONFIG_RSBAC_RES
07341         strcat(compiled_modules, " RES");
07342 #endif
07343 #ifdef CONFIG_RSBAC_PAX
07344         strcat(compiled_modules, " PAX");
07345 #endif
07346 #ifdef CONFIG_RSBAC_MAINT
07347         rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
07348                      RSBAC_VERSION);
07349         /* Print banner we are initializing */
07350         printk(KERN_INFO
07351                "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
07352                RSBAC_VERSION);
07353 
07354         rsbac_printk(KERN_INFO "rsbac_do_init(): Supported module data structures:%s\n",
07355                      compiled_modules);
07356 #else
07357         rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s\n",
07358                      RSBAC_VERSION);
07359         /* Print banner we are initializing */
07360 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07361         if (rsbac_nosyslog)
07362 #endif
07363                 printk(KERN_INFO
07364                        "rsbac_do_init(): Initializing RSBAC %s\n",
07365                        RSBAC_VERSION);
07366 
07367         rsbac_printk(KERN_INFO "rsbac_do_init(): compiled modules:%s\n",
07368                      compiled_modules);
07369 #endif
07370 
07371         /* init memory */
07372         rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing memory slabs\n");
07373         rsbac_kmem_cache_sizes_init();
07374 
07375         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
07376                 device_head_p[i] = kmalloc(sizeof(*device_head_p[i]), GFP_KERNEL);
07377                 if (!device_head_p[i]) {
07378                         rsbac_printk(KERN_WARNING
07379                                 "rsbac_do_init(): Failed to allocate device_list_heads[%s]\n", i);
07380                         return -ENOMEM;
07381                 }
07382 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07383                 spin_lock_init(&device_list_locks[i]);
07384 #else
07385                 rwlock_init(&device_list_locks[i]);
07386 #endif
07387                 device_head_p[i]->head = NULL;
07388                 device_head_p[i]->tail = NULL;
07389                 device_head_p[i]->curr = NULL;
07390                 device_head_p[i]->count = 0;
07391         }
07392 
07393 #if defined(CONFIG_RSBAC_PROC)
07394         rsbac_pr_debug(stack, "free stack before registering proc dir: %lu\n",
07395                        rsbac_stack_free_space());
07396         rsbac_printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n");
07397         register_all_rsbac_proc();
07398 #endif
07399         rsbac_pr_debug(stack, "free stack before get_super: %lu\n",
07400                        rsbac_stack_free_space());
07401 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07402         sb_p = user_get_super(rsbac_root_dev);
07403 #else
07404         sb_p = get_super(rsbac_root_dev);
07405 #endif
07406         if (!sb_p) {
07407                 kfree(list_info_p);
07408                 return -RSBAC_ENOROOTDEV;
07409         }
07410         /* read fd aci from root device */
07411         rsbac_pr_debug(ds, "reading aci from device "
07412                        "number %02u:%02u\n",
07413                        RSBAC_MAJOR(rsbac_root_dev),
07414                        RSBAC_MINOR(rsbac_root_dev));
07415         /* create a private device item */
07416         new_device_p = create_device_item(sb_p, NULL);
07417         if (!new_device_p) {
07418                 rsbac_printk(KERN_CRIT
07419                              "rsbac_do_init(): Could not alloc device item!\n");
07420                 err = -RSBAC_ECOULDNOTADDDEVICE;
07421                 goto out_free;
07422         }
07423         /* Add new_device_p to device list */
07424         /* OK, go on */
07425         device_p = add_device_item(new_device_p);
07426         if (!device_p) {
07427                 rsbac_printk(KERN_CRIT
07428                              "rsbac_do_init(): Could not add device!\n");
07429                 clear_device_item(new_device_p);
07430                 err = -RSBAC_ECOULDNOTADDDEVICE;
07431                 goto out_free;
07432         }
07433 
07434         /* init lists - we need the root device_p to be initialized, but no generic list registered */
07435         rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing generic lists\n");
07436         rsbac_list_init();
07437 
07438         rsbac_pr_debug(stack, "free stack before init_debug: %lu\n",
07439                        rsbac_stack_free_space());
07440         rsbac_init_debug();
07441 
07442         rsbac_printk(KERN_INFO "rsbac_do_init(): reading FD attributes from root dev\n");
07443         rsbac_pr_debug(stack, "free stack before reading FD lists: %lu\n",
07444                        rsbac_stack_free_space());
07445         /* no locking needed, device_p is known and there can be no parallel init! */
07446         if ((err = register_fd_lists(device_p, rsbac_root_dev))) {
07447                 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
07448 
07449                 if (tmp) {
07450                         rsbac_printk(KERN_WARNING "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n",
07451                                      RSBAC_MAJOR(rsbac_root_dev),
07452                                      RSBAC_MINOR(rsbac_root_dev),
07453                                      get_error_name(tmp, err));
07454                         rsbac_kfree(tmp);
07455                 }
07456         }
07457         rsbac_pr_debug(stack, "free stack before DEV lists registration: %lu\n",
07458                        rsbac_stack_free_space());
07459         register_dev_lists();
07460         rsbac_pr_debug(stack, "free stack before registering IPC lists: %lu\n",
07461                        rsbac_stack_free_space());
07462         register_ipc_lists();
07463         rsbac_pr_debug(stack, "free stack before registering USER lists 1: %lu\n",
07464                        rsbac_stack_free_space());
07465         register_user_lists1();
07466         rsbac_pr_debug(stack, "free stack before registering USER lists 2: %lu\n",
07467                        rsbac_stack_free_space());
07468         register_user_lists2();
07469         rsbac_pr_debug(stack, "free stack before registering PROCESS aci: %lu\n",
07470                        rsbac_stack_free_space());
07471         register_process_lists();
07472 
07473 
07474 #ifdef CONFIG_RSBAC_UM
07475         rsbac_pr_debug(stack, "free stack before GROUP lists registration: %lu\n",
07476                        rsbac_stack_free_space());
07477         register_group_lists();
07478 #endif                          /* CONFIG_RSBAC_UM */
07479 
07480 #ifdef CONFIG_RSBAC_NET_DEV
07481         register_netdev_lists();
07482 #endif
07483 
07484 #ifdef CONFIG_RSBAC_NET_OBJ
07485         register_nettemp_list();
07486         register_nettemp_aci_lists();
07487         register_netobj_lists();
07488 #endif                          /* NET_OBJ */
07489 
07490 #ifdef CONFIG_RSBAC_FD_CACHE
07491         if (!rsbac_fd_cache_disable)
07492                 register_fd_cache_lists();
07493 #endif
07494 
07495 /* Call other init functions */
07496 #if defined(CONFIG_RSBAC_MAC)
07497         rsbac_pr_debug(stack, "free stack before init_mac: %lu\n",
07498                        rsbac_stack_free_space());
07499         rsbac_init_mac();
07500 #endif
07501 
07502 #ifdef CONFIG_RSBAC_PM
07503         rsbac_pr_debug(stack, "free stack before init_pm: %lu\n",
07504                        rsbac_stack_free_space());
07505         rsbac_init_pm();
07506 #endif
07507 
07508 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
07509         rsbac_pr_debug(stack, "free stack before init_daz: %lu\n",
07510                        rsbac_stack_free_space());
07511         rsbac_init_daz();
07512 #endif
07513 
07514 #if defined(CONFIG_RSBAC_RC)
07515         rsbac_pr_debug(stack, "free stack before init_rc: %lu\n",
07516                        rsbac_stack_free_space());
07517         rsbac_init_rc();
07518 #endif
07519 
07520 #if defined(CONFIG_RSBAC_AUTH)
07521         rsbac_pr_debug(stack, "free stack before init_auth: %lu\n",
07522                        rsbac_stack_free_space());
07523         rsbac_init_auth();
07524         if (rsbac_auth_enable_login) {
07525                 struct dentry *t_dentry;
07526                 struct dentry *dir_dentry = NULL;
07527                 struct rsbac_auth_fd_aci_t auth_fd_aci =
07528                     DEFAULT_AUTH_FD_ACI;
07529 
07530                 rsbac_printk(KERN_WARNING "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n",
07531                              RSBAC_AUTH_LOGIN_PATH);
07532 
07533                 /* lookup filename */
07534                 if (sb_p) {
07535                         dir_dentry =
07536                             rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_DIR,
07537                                                  sb_p->s_root,
07538                                                  strlen
07539                                                  (RSBAC_AUTH_LOGIN_PATH_DIR));
07540                 }
07541                 if (!dir_dentry) {
07542                         err = -RSBAC_ENOTFOUND;
07543                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07544                                      RSBAC_AUTH_LOGIN_PATH_DIR);
07545                         goto auth_out;
07546                 }
07547                 if (IS_ERR(dir_dentry)) {
07548                         err = PTR_ERR(dir_dentry);
07549                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n",
07550                                      RSBAC_AUTH_LOGIN_PATH_DIR, err);
07551                         goto auth_out;
07552                 }
07553                 if (!dir_dentry->d_inode) {
07554                         err = -RSBAC_ENOTFOUND;
07555                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07556                                      RSBAC_AUTH_LOGIN_PATH_DIR);
07557                         dput(dir_dentry);
07558                         goto auth_out;
07559                 }
07560                 t_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_FILE,
07561                                                 dir_dentry,
07562                                                 strlen
07563                                                 (RSBAC_AUTH_LOGIN_PATH_FILE));
07564                 if (!t_dentry) {
07565                         err = -RSBAC_ENOTFOUND;
07566                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07567                                      RSBAC_AUTH_LOGIN_PATH_DIR,
07568                                      RSBAC_AUTH_LOGIN_PATH_FILE);
07569                         goto auth_out;
07570                 }
07571                 if (IS_ERR(t_dentry)) {
07572                         err = PTR_ERR(t_dentry);
07573                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n",
07574                                      RSBAC_AUTH_LOGIN_PATH_DIR,
07575                                      RSBAC_AUTH_LOGIN_PATH_FILE, err);
07576                         goto auth_out;
07577                 }
07578                 if (!t_dentry->d_inode) {
07579                         err = -RSBAC_ENOTFOUND;
07580                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07581                                      RSBAC_AUTH_LOGIN_PATH_DIR,
07582                                      RSBAC_AUTH_LOGIN_PATH_FILE);
07583                         dput(t_dentry);
07584                         goto auth_out;
07585                 }
07586 
07587                 if (!t_dentry->d_inode) {
07588                         rsbac_printk(KERN_WARNING "rsbac_do_init(): file %s not found\n",
07589                                      RSBAC_AUTH_LOGIN_PATH);
07590                         err = -RSBAC_EINVALIDTARGET;
07591                         goto auth_out_dput;
07592                 }
07593                 /* is inode of type file? */
07594                 if (!S_ISREG(t_dentry->d_inode->i_mode)) {
07595                         rsbac_printk(KERN_WARNING "rsbac_do_init(): %s is no file\n",
07596                                      RSBAC_AUTH_LOGIN_PATH);
07597                         err = -RSBAC_EINVALIDTARGET;
07598                         goto auth_out_dput;
07599                 }
07600                 rsbac_list_get_data(device_p->handles.auth,
07601                                     &t_dentry->d_inode->i_ino,
07602                                     &auth_fd_aci);
07603                 auth_fd_aci.auth_may_setuid = TRUE;
07604                 if (rsbac_list_add(device_p->handles.auth, &t_dentry->d_inode->i_ino, &auth_fd_aci)) {  /* Adding failed! */
07605                         rsbac_printk(KERN_WARNING "rsbac_do_init(): Could not add AUTH file/dir item!\n");
07606                         err = -RSBAC_ECOULDNOTADDITEM;
07607                 }
07608 
07609               auth_out_dput:
07610               auth_out:
07611                 {
07612                 }
07613         }
07614 #endif
07615 
07616 #if defined(CONFIG_RSBAC_ACL)
07617         rsbac_pr_debug(stack, "free stack before init_acl: %lu\n",
07618                        rsbac_stack_free_space());
07619         rsbac_init_acl();
07620 #endif
07621 
07622 #if defined(CONFIG_RSBAC_UM)
07623         rsbac_pr_debug(stack, "free stack before init_um: %lu\n",
07624                        rsbac_stack_free_space());
07625         rsbac_init_um();
07626 #endif
07627         rsbac_pr_debug(stack, "free stack before init_adf: %lu\n",
07628                        rsbac_stack_free_space());
07629         rsbac_init_adf();
07630 
07631         /* free super_block pointer */
07632         drop_super(sb_p);
07633 
07634 #if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS)
07635 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
07636         pax_set_initial_flags_func = rsbac_pax_set_flags_func;
07637 #else
07638         pax_set_flags_func = rsbac_pax_set_flags_func;
07639 #endif
07640 #endif
07641 
07642 /* Tell that rsbac is initialized                                       */
07643         rsbac_initialized = TRUE;
07644 
07645 /* Add initrd mount */
07646 #ifdef CONFIG_BLK_DEV_INITRD
07647         if (initrd_start) {
07648 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07649                 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR, 0));
07650 #else
07651                 sb_p = get_super(MKDEV(RAMDISK_MAJOR, 0));
07652 #endif
07653                 if (sb_p) {
07654                         rsbac_mount(sb_p, NULL);
07655                         drop_super(sb_p);
07656                 }
07657 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07658                 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR, INITRD_MINOR));
07659 #else
07660                 sb_p = get_super(MKDEV(RAMDISK_MAJOR, INITRD_MINOR));
07661 #endif
07662                 if (sb_p) {
07663                         rsbac_mount(sb_p, NULL);
07664                         drop_super(sb_p);
07665                 }
07666         }
07667 #endif
07668 
07669 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07670 /* Add sysfs mount */
07671         if (sysfs_covered_p && sysfs_sb_p) {
07672                 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n",
07673                              MAJOR(sysfs_sb_p->s_dev),
07674                              MINOR(sysfs_sb_p->s_dev));
07675                 rsbac_mount(sysfs_sb_p, sysfs_covered_p);
07676         }
07677 #endif
07678 
07679 /* Add devfs mount */
07680 #ifdef CONFIG_DEVFS_MOUNT
07681         if (devfs_covered_p && devfs_sb_p) {
07682                 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n",
07683                              MAJOR(devfs_sb_p->s_dev),
07684                              MINOR(devfs_sb_p->s_dev));
07685                 rsbac_mount(devfs_sb_p, devfs_covered_p);
07686         }
07687 #endif
07688 
07689 /* Force a check, if configured */
07690 #ifdef CONFIG_RSBAC_INIT_CHECK
07691         rsbac_pr_debug(stack, "free stack before rsbac_check: %lu\n",
07692                        rsbac_stack_free_space());
07693         rsbac_printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n");
07694         rsbac_check_lists(1);
07695 #if defined(CONFIG_RSBAC_ACL)
07696         rsbac_check_acl(1);
07697 #endif
07698 #endif
07699 
07700         if (!current->fs) {
07701                 rsbac_printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n");
07702                 err = -RSBAC_EINVALIDPOINTER;
07703         }
07704       out:
07705         /* We are up and running */
07706         rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n");
07707 
07708         kfree(list_info_p);
07709         return err;
07710 
07711       out_free:
07712         /* free super_block pointer */
07713         drop_super(sb_p);
07714         goto out;
07715 }

void rsbac_flags_set ( unsigned long int  rsbac_flags  ) 

Definition at line 15239 of file aci_data_structures.c.

References rsbac_no_defaults, set_rsbac_acl_learn_fd, set_rsbac_auth_learn, set_rsbac_cap_log_missing, set_rsbac_cap_process_hiding, set_rsbac_dac_disable, set_rsbac_freeze, set_rsbac_jail_log_missing, set_rsbac_no_defaults, set_rsbac_no_delay_init, set_rsbac_nosyslog, set_rsbac_softmode, set_rsbac_softmode_never, set_rsbac_softmode_once, and set_rsbac_um_no_excl.

Referenced by rsbac_flags_setup().

15240 {
15241 #if 0
15242         printk("rsbac_flags set to: %lu\n", rsbac_flags);
15243 
15244         if (rsbac_flags & set_rsbac_softmode)
15245                 rsbac_softmode = 1;
15246         if (rsbac_flags & set_rsbac_softmode_once) {
15247                 rsbac_softmode = 1;
15248                 rsbac_softmode_prohibit = 1;
15249         }
15250         if (rsbac_flags & set_rsbac_softmode_never)
15251                 rsbac_softmode_prohibit = 1;
15252         if (rsbac_flags & set_rsbac_freeze)
15253                 rsbac_freeze = 1;
15254 #if defined(CONFIG_RSBAC_UM_EXCL)
15255         if (rsbac_flags & set_rsbac_um_no_excl)
15256                 rsbac_um_no_excl = 1;
15257 #endif
15258         if (rsbac_flags & set_rsbac_auth_learn)
15259                 rsbac_auth_learn = 1;
15260         if (rsbac_flags & set_rsbac_acl_learn_fd)
15261                 rsbac_acl_learn_fd = 1;
15262         if (rsbac_flags & set_rsbac_cap_log_missing)
15263                 rsbac_cap_log_missing = 1;
15264         if (rsbac_flags & set_rsbac_jail_log_missing)
15265                 rsbac_jail_log_missing = 1;
15266         if (rsbac_flags & set_rsbac_dac_disable)
15267                 rsbac_dac_disable = 1;
15268         if (rsbac_flags & set_rsbac_no_delay_init)
15269                 rsbac_no_delay_init = 1;
15270         if (rsbac_flags & set_rsbac_no_defaults)
15271                 rsbac_no_defaults = 1;
15272         if (rsbac_flags & set_rsbac_nosyslog)
15273                 rsbac_nosyslog = 1;
15274         if (rsbac_flags & set_rsbac_cap_process_hiding)
15275                 rsbac_cap_process_hiding = 1;
15276 #endif
15277 }

int rsbac_free_dat_dentries ( void   ) 

Definition at line 8561 of file aci_data_structures.c.

References device_head_p, device_list_locks, KERNEL_VERSION, NULL, RSBAC_ENOTINITIALIZED, rsbac_initialized, and rsbac_printk().

08562 {
08563 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08564         u_long flags;
08565 #endif
08566         struct rsbac_device_list_item_t *device_p;
08567         u_int i;
08568 
08569         if (!rsbac_initialized) {
08570                 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
08571                 return (-RSBAC_ENOTINITIALIZED);
08572         }
08573 
08574         rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
08575 
08576         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
08577 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08578                 spin_lock(&device_list_locks[i]);
08579 #else
08580                 rsbac_write_lock(&device_list_locks[i], &flags);
08581 #endif
08582                 device_p = device_head_p[i]->head;
08583                 while (device_p) {
08584                         if (device_p->rsbac_dir_dentry_p) {
08585                                 dput(device_p->rsbac_dir_dentry_p);
08586                                 device_p->rsbac_dir_dentry_p = NULL;
08587                         }
08588                         device_p = device_p->next;
08589                 }
08590 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08591                 spin_unlock(&device_list_locks[i]);
08592 #else
08593                 rsbac_write_unlock(&device_list_locks[i], &flags);
08594 #endif
08595         }
08596         return 0;
08597 }

int rsbac_get_full_path ( struct dentry *  dentry_p,
char  path[],
int  maxlen 
)

Definition at line 2627 of file aci_data_structures.c.

References A_pseudo, device_hash(), device_list_locks, FALSE, lookup_device(), rsbac_attribute_value_t::pseudo, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOMEM, rsbac_get_attr, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, SW_GEN, T_USER, and rsbac_target_id_t::user.

Referenced by get_target_name(), rsbac_adf_request_int(), rsbac_jail_sys_jail(), and xp_fill_file_struct().

02628 {
02629         int len = 0;
02630         char *i_path;
02631         int tmplen = 0;
02632 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02633         union rsbac_target_id_t i_tid;
02634         union rsbac_attribute_value_t i_attr_val;
02635 #endif
02636 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02637         u_long dflags;
02638 #endif
02639 
02640         if (!dentry_p || !path)
02641                 return -RSBAC_EINVALIDPOINTER;
02642         if (maxlen <= 0)
02643                 return -RSBAC_EINVALIDVALUE;
02644         i_path = rsbac_kmalloc(maxlen + RSBAC_MAXNAMELEN);
02645         if (!i_path)
02646                 return -RSBAC_ENOMEM;
02647 
02648         path[0] = 0;
02649 
02650         while (dentry_p && (len < maxlen) && dentry_p->d_name.len
02651                && dentry_p->d_name.name) {
02652 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02653                 if (dentry_p->d_inode
02654                     && dentry_p->d_parent
02655                     && dentry_p->d_parent->d_inode
02656                     && (i_tid.user = dentry_p->d_inode->i_uid)
02657                     && (dentry_p->d_inode->i_uid !=
02658                         dentry_p->d_parent->d_inode->i_uid)
02659                     && !rsbac_get_attr(SW_GEN, T_USER, i_tid, A_pseudo,
02660                                        &i_attr_val, FALSE)
02661                     && i_attr_val.pseudo) {     /* Max len of 32 Bit value in decimal print is 11 */
02662                         if ((maxlen - len) < 12) {
02663                                 rsbac_kfree(i_path);
02664                                 return (len);
02665                         }
02666                         tmplen =
02667                             snprintf(i_path, 11, "%u", i_attr_val.pseudo);
02668                 } else
02669 #endif
02670                 {
02671                         tmplen = dentry_p->d_name.len;
02672                         if ((tmplen + 1) > (maxlen - len)) {
02673                                 rsbac_kfree(i_path);
02674                                 return (len);
02675                         }
02676                         strncpy(i_path, dentry_p->d_name.name, tmplen);
02677                 }
02678                 /* Skip double / on multi mounts.
02679                  * Last / is appended at the end of the function */
02680                 if((i_path[tmplen-1] != '/') && (tmplen != 1)) {
02681                         if(len && (i_path[tmplen-1] != '/')) {
02682                                 i_path[tmplen] = '/';
02683                                 tmplen++;
02684                         }
02685                         i_path[tmplen]=0;
02686                         strcat(i_path, path);
02687                         strcpy(path, i_path);
02688                         len += tmplen;
02689                 }
02690                 if (dentry_p->d_parent && (dentry_p->d_parent != dentry_p)
02691                     && (dentry_p->d_sb->s_root != dentry_p)
02692                     )
02693                         dentry_p = dentry_p->d_parent;
02694                 else {
02695                         struct rsbac_device_list_item_t *device_p;
02696                         u_int hash;
02697 
02698                         hash = device_hash(dentry_p->d_sb->s_dev);
02699 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02700                         rcu_read_lock();
02701 #else
02702                         rsbac_read_lock(&device_list_locks[hash], &dflags);
02703 #endif
02704                         device_p = lookup_device(dentry_p->d_sb->s_dev, hash);
02705                         if (device_p && device_p->d_covers) {
02706                                 dentry_p = device_p->d_covers;
02707 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02708                                 rcu_read_unlock();
02709 #else
02710                                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02711 #endif
02712                         } else {
02713 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02714                                 rcu_read_unlock();
02715 #else
02716                                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02717 #endif
02718                                 break;
02719                         }
02720                 }
02721         }
02722         
02723         i_path[tmplen]=0;
02724         strcat(i_path, path);
02725         strcpy(path, i_path);
02726         
02727         rsbac_kfree(i_path);
02728         return (len);
02729 }

int rsbac_get_full_path_length ( struct dentry *  dentry_p  ) 

Definition at line 2734 of file aci_data_structures.c.

References device_hash(), device_list_locks, lookup_device(), and RSBAC_EINVALIDPOINTER.

Referenced by xp_fill_file_struct().

02735 {
02736         int len = 0;
02737         int tmplen = 0;
02738 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02739         u_long dflags;
02740 #endif
02741 
02742         if (!dentry_p)
02743                 return -RSBAC_EINVALIDPOINTER;
02744 
02745         while (dentry_p && dentry_p->d_name.len && dentry_p->d_name.name) {
02746                 tmplen = dentry_p->d_name.len;
02747                 if (len && (dentry_p->d_name.name[tmplen - 1] != '/')) {
02748                         tmplen++;
02749                 }
02750                 len += tmplen;
02751                 if (dentry_p->d_parent && (dentry_p->d_parent != dentry_p)
02752                     && (dentry_p->d_sb->s_root != dentry_p)
02753                     )
02754                         dentry_p = dentry_p->d_parent;
02755                 else {
02756                         struct rsbac_device_list_item_t *device_p;
02757                         u_int hash;
02758 
02759                         hash = device_hash(dentry_p->d_sb->s_dev);
02760 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02761                         rcu_read_lock();
02762 #else
02763                         rsbac_read_lock(&device_list_locks[hash], &dflags);
02764 #endif
02765                         device_p = lookup_device(dentry_p->d_sb->s_dev, hash);
02766                         if (device_p && device_p->d_covers) {
02767                                 dentry_p = device_p->d_covers;
02768 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02769                                 rcu_read_unlock();
02770 #else
02771                                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02772 #endif
02773                         } else {
02774 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02775                                 rcu_read_unlock();
02776 #else
02777                                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02778 #endif
02779                                 break;
02780                         }
02781                 }
02782         }
02783         return (len);
02784 }

int rsbac_get_parent ( enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
enum rsbac_target_t parent_target_p,
union rsbac_target_id_t parent_tid_p 
)

Definition at line 9083 of file aci_data_structures.c.

References device_hash(), device_list_locks, lookup_device(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTFOUND, rsbac_printk(), T_DIR, T_FIFO, T_FILE, T_SYMLINK, and T_UNIXSOCK.

Referenced by copy_fp_cap_set_item(), copy_fp_tru_set_item(), get_attr_fd(), rsbac_acl_get_rights(), and rsbac_acl_get_single_right().

09087 {
09088         if (!parent_target_p || !parent_tid_p)
09089                 return -RSBAC_EINVALIDPOINTER;
09090 /*
09091         rsbac_pr_debug(ds, "Getting file/dir/fifo/symlink "
09092                        "parent for device %02u:%02u, inode %lu, dentry_p %p\n",
09093                        RSBAC_MAJOR(tid.file.device),
09094                        RSBAC_MINOR(tid.file.device),
09095                        (u_long)tid.file.inode, tid.file.dentry_p);
09096 */
09097         switch (target) {
09098         case T_FILE:
09099         case T_DIR:
09100         case T_FIFO:
09101         case T_SYMLINK:
09102         case T_UNIXSOCK:
09103                 break;
09104         default:
09105                 return -RSBAC_EINVALIDTARGET;
09106         }
09107 
09108         if (!tid.file.dentry_p)
09109                 return -RSBAC_ENOTFOUND;
09110 
09111 #ifdef CONFIG_RSBAC_XSTATS
09112         get_parent_count++;
09113 #endif
09114         *parent_target_p = T_DIR;
09115         /* Is this dentry root of a mounted device? */
09116         if (tid.file.dentry_p->d_sb
09117             && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
09118             ) {
09119                 struct rsbac_device_list_item_t *device_p;
09120 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09121                 u_long dflags;
09122 #endif
09123                 u_int hash;
09124 
09125                 hash = device_hash(tid.file.device);
09126                 /* wait for read access to device_list_head */
09127 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09128                 rcu_read_lock();
09129 #else
09130                 rsbac_read_lock(&device_list_locks[hash], &dflags);
09131 #endif
09132                 device_p = lookup_device(tid.file.device, hash);
09133                 if (!device_p
09134                     || !device_p->d_covers
09135                     || !device_p->d_covers->d_parent
09136                     || !device_p->d_covers->d_parent->d_inode) {
09137                         /* free access to device_list_head */
09138 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09139                         rcu_read_unlock();
09140 #else
09141                         rsbac_read_unlock(&device_list_locks[hash], &dflags);
09142 #endif
09143                         return -RSBAC_ENOTFOUND;
09144                 }
09145                 parent_tid_p->dir.device =
09146                     device_p->d_covers->d_parent->d_sb->s_dev;
09147                 parent_tid_p->dir.inode =
09148                     device_p->d_covers->d_parent->d_inode->i_ino;
09149                 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
09150                 /* free access to device_list_head */
09151 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09152                 rcu_read_unlock();
09153 #else
09154                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09155 #endif
09156         } else {                /* no root of filesystem -> use d_parent, dev keeps unchanged */
09157                 if (!tid.file.dentry_p->d_parent) {
09158                         rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent is NULL!\n");
09159                         return -RSBAC_ENOTFOUND;
09160                 }
09161                 if (tid.file.dentry_p == tid.file.dentry_p->d_parent) {
09162                         rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
09163                         return -RSBAC_ENOTFOUND;
09164                 }
09165                 if (!tid.file.dentry_p->d_parent->d_inode) {
09166                         rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
09167                         return -RSBAC_ENOTFOUND;
09168                 }
09169                 parent_tid_p->dir.device = tid.file.device;
09170                 parent_tid_p->dir.inode =
09171                     tid.file.dentry_p->d_parent->d_inode->i_ino;
09172                 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
09173         }
09174         return 0;
09175 }

struct super_block* rsbac_get_super_block ( kdev_t  kdev  ) 

Definition at line 2063 of file aci_data_structures.c.

References device_hash(), device_list_locks, lookup_device(), NULL, rsbac_mount(), rsbac_printk(), rsbac_write_sem, and wakeup_auto().

Referenced by lookup_aci_path_dentry(), rsbac_acl_add_to_acl_entry(), rsbac_acl_get_mask(), rsbac_acl_get_rights(), rsbac_acl_get_single_right(), rsbac_acl_get_tlist(), rsbac_acl_remove_acl(), rsbac_acl_remove_acl_entry(), rsbac_acl_remove_from_acl_entry(), rsbac_acl_set_acl_entry(), rsbac_acl_set_mask(), rsbac_adf_request_int(), rsbac_adf_set_attr(), rsbac_auth_add_to_f_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_remove_from_f_capset(), rsbac_mac_add_to_f_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_remove_from_f_truset(), and rsbac_write_open().

02064 {
02065         struct rsbac_device_list_item_t *device_p;
02066 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02067         u_long dflags;
02068 #endif
02069         struct super_block *sb_p;
02070         u_int hash;
02071 
02072         if (RSBAC_IS_AUTO_DEV(kdev))
02073                 return NULL;
02074 
02075         hash = device_hash(kdev);
02076         /* get super_block-pointer */
02077 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02078         rcu_read_lock();
02079 #else
02080         rsbac_read_lock(&device_list_locks[hash], &dflags);
02081 #endif
02082         device_p = lookup_device(kdev, hash);
02083         if (!device_p) {
02084 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02085                 rcu_read_unlock();
02086 #else
02087                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02088 #endif
02089                 down(&rsbac_write_sem);
02090                 up(&rsbac_write_sem);
02091 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02092                 sb_p = user_get_super(kdev);
02093 #else
02094                 sb_p = get_super(kdev);
02095 #endif
02096                 if (!sb_p) {    /* Wait a second and retry */
02097                         DECLARE_WAIT_QUEUE_HEAD(auto_wait);
02098                         struct timer_list auto_timer;
02099 
02100                         rsbac_printk(KERN_INFO "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n",
02101                                      RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02102                         init_timer(&auto_timer);
02103                         auto_timer.function = wakeup_auto;
02104                         auto_timer.data = (u_long) & auto_wait;
02105                         auto_timer.expires = jiffies + HZ;
02106                         add_timer(&auto_timer);
02107                         interruptible_sleep_on(&auto_wait);
02108 
02109 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02110                         sb_p = user_get_super(kdev);
02111 #else
02112                         sb_p = get_super(kdev);
02113 #endif
02114                 }
02115                 if (sb_p) {
02116                         device_p = lookup_device(kdev, hash);
02117                         /* Never auto-mount <= 01:xx devices */
02118                         if (!device_p && (RSBAC_MAJOR(kdev) <= 1)) {
02119                                 rsbac_printk(KERN_INFO "rsbac_get_super_block(): auto-mounting device %02u:%02u\n",
02120                                              RSBAC_MAJOR(kdev),
02121                                              RSBAC_MINOR(kdev));
02122                                 rsbac_mount(sb_p, NULL);
02123                         }
02124                         /* free super_block pointer */
02125                         drop_super(sb_p);
02126 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02127                         rcu_read_lock();
02128 #else
02129                         rsbac_read_lock(&device_list_locks[hash], &dflags);
02130 #endif
02131                         device_p = lookup_device(kdev, hash);
02132                         if (!device_p) {
02133                                 rsbac_printk(KERN_WARNING "rsbac_get_super_block(): unknown device %02u:%02u\n",
02134                                              RSBAC_MAJOR(kdev),
02135                                              RSBAC_MINOR(kdev));
02136 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02137                                 rcu_read_unlock();
02138 #else
02139                                 rsbac_read_unlock(&device_list_locks[hash],
02140                                                   &dflags);
02141 #endif
02142                                 return NULL;
02143                         }
02144                 } else {
02145                         return NULL;
02146                 }
02147         }
02148         sb_p = device_p->sb_p;
02149 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02150         rcu_read_unlock();
02151 #else
02152         rsbac_read_unlock(&device_list_locks[hash], &dflags);
02153 #endif
02154         return sb_p;
02155 }

int __init rsbac_init ( kdev_t  root_dev  ) 

Definition at line 7893 of file aci_data_structures.c.

Referenced by rsbac_mount().

07895 {
07896         struct rsbac_kthread_t * rsbac_kthread_entry;
07897         struct list_head * p;
07898 #ifdef CONFIG_RSBAC_RC
07899         struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
07900 #endif
07901 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07902 #ifdef CONFIG_RSBAC_INIT_THREAD
07903         struct task_struct * rsbac_init_thread;
07904 #endif
07905         struct task_struct * rsbacd_thread;
07906 #endif
07907         rsbac_pid_t init_pid;
07908                         
07909         
07910         int err = 0;
07911 #if  (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07912    || defined(CONFIG_RSBAC_INIT_THREAD)
07913         rsbac_pid_t rsbacd_pid;
07914 #endif
07915 
07916         if (rsbac_initialized) {
07917                 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n");
07918                 return (-RSBAC_EREINIT);
07919         }
07920         if (!current->fs) {
07921                 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n");
07922                 return (-RSBAC_EINVALIDPOINTER);
07923         }
07924 
07925         rsbac_root_dev = root_dev;
07926 
07927 #if  (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07928    || defined(CONFIG_RSBAC_INIT_THREAD)
07929         /* init the rsbacd wait queue head */
07930         init_waitqueue_head(&rsbacd_wait);
07931 #endif
07932 
07933 #ifdef CONFIG_RSBAC_INIT_THREAD
07934 /* trigger dependency */
07935 #ifdef CONFIG_RSBAC_MAX_INIT_TIME
07936 #endif
07937         rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
07938                      RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
07939         init_timer(&rsbac_timer);
07940         rsbac_timer.function = wakeup_rsbacd;
07941         rsbac_timer.data = 0;
07942         rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
07943         add_timer(&rsbac_timer);
07944 
07945 /* Start rsbac thread for init */
07946 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07947         rsbac_init_thread = kthread_create(rsbac_initd, NULL, "rsbac_initd");
07948         if (IS_ERR(rsbac_init_thread))
07949                 goto panic;
07950         rsbacd_pid = rsbac_init_thread->pid;
07951         wake_up_process(rsbac_init_thread);
07952 #else
07953         rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0);
07954         if (rsbacd_pid < 0)
07955                 goto panic;
07956 #endif
07957         rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n",
07958                      rsbacd_pid);
07959 
07960         if (!rsbac_initialized)
07961                 interruptible_sleep_on(&rsbacd_wait);
07962         if (!rsbac_initialized) {
07963                 rsbac_printk(KERN_ERR
07964                              "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
07965                 rsbac_printk(KERN_ERR
07966                              "rsbac_init(): *** Killing rsbac_initd! ***\n");
07967                 sys_kill(rsbacd_pid, SIGKILL);
07968                 rsbac_initialized = FALSE;
07969         }
07970 #else
07971         rsbac_do_init();
07972 #endif
07973 
07974 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
07975         if (rsbac_initialized) {
07976                 /* Start rsbacd thread for auto write */
07977 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07978                 rsbacd_thread = kthread_create(rsbacd, NULL, "rsbacd");
07979                 rsbacd_pid = rsbacd_thread->pid;
07980                 wake_up_process(rsbacd_thread);
07981 #else
07982                 rsbacd_pid =
07983                     kernel_thread(rsbacd, NULL,
07984                                   CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
07985 #endif
07986                 if (rsbacd_pid < 0) {
07987                         rsbac_printk(KERN_ERR
07988                                      "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
07989                                      rsbacd_pid);
07990                 } else {
07991                         rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
07992                                      rsbacd_pid);
07993                 }
07994         }
07995 #endif
07996 
07997 /* Ready. */
07998 /*    schedule(); */
07999 #ifdef CONFIG_RSBAC_INIT_THREAD
08000         sys_wait4(-1, NULL, WNOHANG, NULL);
08001 #endif
08002 
08003 /* Add all processes to list of processes as init processes */
08004 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08005         {
08006 #ifdef CONFIG_RSBAC_MAC
08007                 struct rsbac_mac_user_aci_t * mac_u_aci_p;
08008 #endif
08009 #ifdef CONFIG_RSBAC_RC
08010                 struct rsbac_rc_user_aci_t * rc_u_aci_p;
08011 #endif
08012                 rsbac_uid_t user = RSBAC_SYSADM_UID;
08013                 rsbac_pid_t pid = 1;
08014                 struct task_struct *p;
08015 
08016                 union rsbac_target_id_t k_tid;
08017                 union rsbac_attribute_value_t k_attr_val;
08018 
08019                 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
08020 /* Prepare entries: change standard values to root's values */
08021 #ifdef CONFIG_RSBAC_MAC
08022                 mac_u_aci_p = rsbac_kmalloc(sizeof(*mac_u_aci_p));
08023                 if (mac_u_aci_p) {
08024                         if(!rsbac_list_get_data
08025                                 (user_handles.mac, &user, mac_u_aci_p)) {
08026                                 mac_init_p_aci.owner_sec_level =
08027                                     mac_u_aci_p->security_level;
08028                                 mac_init_p_aci.owner_initial_sec_level =
08029                                     mac_u_aci_p->initial_security_level;
08030                                 mac_init_p_aci.current_sec_level =
08031                                     mac_u_aci_p->initial_security_level;
08032                                 mac_init_p_aci.owner_min_sec_level =
08033                                     mac_u_aci_p->min_security_level;
08034                                 mac_init_p_aci.mac_owner_categories =
08035                                     mac_u_aci_p->mac_categories;
08036                                 mac_init_p_aci.mac_owner_initial_categories =
08037                                     mac_u_aci_p->mac_initial_categories;
08038                                 mac_init_p_aci.mac_curr_categories =
08039                                     mac_u_aci_p->mac_initial_categories;
08040                                 mac_init_p_aci.mac_owner_min_categories =
08041                                     mac_u_aci_p->mac_min_categories;
08042                                 mac_init_p_aci.min_write_open =
08043                                     mac_u_aci_p->security_level;
08044                                 mac_init_p_aci.max_read_open =
08045                                     mac_u_aci_p->min_security_level;
08046                                 mac_init_p_aci.min_write_categories =
08047                                     mac_u_aci_p->mac_categories;
08048                                 mac_init_p_aci.max_read_categories =
08049                                     mac_u_aci_p->mac_min_categories;
08050                                 mac_init_p_aci.mac_process_flags =
08051                                     (mac_u_aci_p->
08052                                      mac_user_flags & RSBAC_MAC_P_FLAGS) |
08053                                     RSBAC_MAC_DEF_INIT_P_FLAGS;
08054                         }
08055                         rsbac_kfree(mac_u_aci_p);
08056                 }
08057 #endif
08058 
08059 /* Set process aci - first init */
08060 #ifdef CONFIG_RSBAC_MAC
08061                 if (rsbac_list_add
08062                     (process_handles.mac, &pid,
08063                      &mac_init_p_aci))
08064                         rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process 1 could not be added!");
08065 #endif
08066 #ifdef CONFIG_RSBAC_RC
08067                 /* Get boot role */
08068                 if (rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) {   /* none: use root's role */
08069                         rc_u_aci_p = rsbac_kmalloc(sizeof(*rc_u_aci_p));
08070                         if (rc_u_aci_p) {
08071                                 if (!rsbac_list_get_data
08072                                     (user_handles.rc, &user, rc_u_aci_p)) {
08073                                         rc_init_p_aci.rc_role = rc_u_aci_p->rc_role;
08074                                 } else {        /* last resort: general role */
08075                                         rsbac_ds_get_error("rsbac_do_init",
08076                                                            A_rc_def_role);
08077                                         rc_init_p_aci.rc_role =
08078                                             RSBAC_RC_GENERAL_ROLE;
08079                                 }
08080                                 rsbac_kfree(rc_u_aci_p);
08081                         }
08082                 }
08083                 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
08084                 if (rsbac_list_add
08085                     (process_handles.rc, &pid,
08086                      &rc_init_p_aci))
08087                         rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Init process 1 could not be added!");
08088 #endif
08089                 read_lock(&tasklist_lock);
08090 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08091                 for_each_task(p)
08092 #else
08093                 for_each_process(p)
08094 #endif
08095                 {
08096                         /* not for kernel and init though... */
08097                         if (!p->pid || (p->pid == 1))
08098                                 continue;
08099                         pid = p->pid;
08100                         rsbac_pr_debug(ds, "setting aci for process %u (%s)\n", pid, p->comm);
08101 #ifdef CONFIG_RSBAC_MAC
08102                         if (rsbac_list_add
08103                             (process_handles.mac, &pid,
08104                              &mac_init_p_aci))
08105                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process %u could not be added!\n",
08106                                              pid);
08107 #endif
08108 #ifdef CONFIG_RSBAC_RC
08109                         k_tid.process = p->pid;
08110                         if (rsbac_get_attr(SW_GEN, T_PROCESS,
08111                                         k_tid,
08112                                         A_kernel_thread,
08113                                         &k_attr_val,
08114                                         FALSE)) {
08115                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", pid);
08116                         }
08117                         if (k_attr_val.kernel_thread) {
08118                                 if (rsbac_list_add
08119                                     (process_handles.rc,
08120                                      &pid, &rc_kernel_p_aci))
08121                                         rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n",
08122                                              pid);
08123                 }
08124 #endif
08125                 }
08126                 read_unlock(&tasklist_lock);
08127         }
08128         list_for_each(p, &rsbac_kthread->list) {
08129                 rsbac_kthread_entry = list_entry(p, 
08130                                 struct rsbac_kthread_t, list);
08131                 if (rsbac_kthread_entry->pid != 1 
08132                                 && rsbac_kthread_entry->pid != rsbacd_pid)
08133                 {
08134                         read_lock(&tasklist_lock);
08135                         if(find_task_by_pid(rsbac_kthread_entry->pid)) {
08136                                 read_unlock(&tasklist_lock);
08137                                 rsbac_kthread_notify(rsbac_kthread_entry->pid);
08138                         }
08139                         else {
08140                                 read_unlock(&tasklist_lock);
08141                                 rsbac_pr_debug(ds, "rsbac_do_init(): skipping gone away pid %u\n",
08142                                         rsbac_kthread_entry->pid);
08143                         }
08144                         /* kernel list implementation is for exclusive 
08145                          * wizards use, let's not free it now till 
08146                          * i know why it oops. consume about no 
08147                          * memory anyway. michal.
08148                          */
08149                         
08150                         /* list_del(&rsbac_kthread_entry->list);
08151                          * kfree(rsbac_kthread_entry);*/
08152                 }
08153         } /* explicitly mark init and rsbacd */
08154         init_pid = 1;
08155 #ifdef CONFIG_RSBAC_MAC
08156         if (rsbac_list_add(process_handles.mac, &init_pid, &mac_init_p_aci))
08157                 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"init\" process could not be added!");
08158         if (rsbac_list_add(process_handles.mac, &rsbacd_pid, &mac_init_p_aci))
08159                 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"rsbacd\" process could not be added!");
08160 #endif
08161 #ifdef CONFIG_RSBAC_RC
08162         if (rsbac_list_add(process_handles.rc, &init_pid, &rc_init_p_aci))
08163                 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"init\" process could not be added");
08164         if (rsbac_list_add(process_handles.rc, &rsbacd_pid, &rc_kernel_p_aci))
08165                 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"rsbacd\" process could not be added");
08166 #endif
08167         
08168         /*kfree(rsbac_kthread);*/
08169 #endif                          /* MAC or RC */
08170 
08171         rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n");
08172         return err;
08173 
08174 #ifdef CONFIG_RSBAC_INIT_THREAD
08175 panic:
08176         rsbac_printk(KERN_ERR "rsbac_init(): *** RSBAC init failed to start - RSBAC not correctly initialized! ***\n");
08177         /* let's panic - but only when in secure mode, warn otherwise */
08178 #if !defined(CONFIG_RSBAC_MAINT)
08179 #ifdef CONFIG_RSBAC_SOFTMODE
08180         if (!rsbac_softmode)
08181                 panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n");
08182 #endif
08183         panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n");
08184 #endif
08185 #endif
08186 }

int rsbac_kthread_notify ( rsbac_pid_t  pid  ) 

Definition at line 8188 of file aci_data_structures.c.

References process_handles, rsbac_initialized, rsbac_list_add(), and rsbac_printk().

Referenced by rsbac_init().

08189 {
08190         if (!rsbac_initialized)
08191                 return 0;
08192 //      rsbac_printk(KERN_DEBUG "rsbac_kthread_notify: marking pid %u!\n",
08193 //                   pid);
08194 /* Set process aci */
08195 #ifdef CONFIG_RSBAC_MAC
08196         if (rsbac_list_add
08197             (process_handles.mac, &pid, &mac_init_p_aci))
08198                 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): MAC ACI for kernel process %u could not be added!",
08199                              pid);
08200 #endif
08201 #ifdef CONFIG_RSBAC_RC
08202         if (rsbac_list_add
08203             (process_handles.rc, &pid, &rc_kernel_p_aci))
08204                 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): RC ACI for kernel process %u could not be added!",
08205                              pid);
08206 #endif
08207         return 0;
08208 }

int rsbac_kthreads_init ( void   ) 

Definition at line 7870 of file aci_data_structures.c.

References rsbac_kthread_t::list, and rsbac_kthread.

07871 {
07872         rsbac_kthread_size_t = sizeof(struct rsbac_kthread_t);
07873         rsbac_kthread = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07874         INIT_LIST_HEAD(&rsbac_kthread->list);
07875         return 0;
07876 }

int rsbac_mark_kthread ( rsbac_pid_t  pid  ) 

Definition at line 7878 of file aci_data_structures.c.

References rsbac_kthread_t::list, rsbac_kthread_t::pid, rsbac_initialized, and rsbac_kthread.

07879 {
07880         struct rsbac_kthread_t * rsbac_kthread_new;
07881 
07882         if (rsbac_initialized)
07883                 return 0;
07884         rsbac_kthread_new = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07885         rsbac_kthread_new->pid = pid;
07886         list_add(&rsbac_kthread_new->list, &rsbac_kthread->list);
07887         return 0;
07888 }

int rsbac_mount ( struct super_block *  sb_p,
struct dentry *  d_covers 
)

Definition at line 8212 of file aci_data_structures.c.

References add_device_item(), clear_device_item(), create_device_item(), device_hash(), device_list_locks, get_error_name(), lookup_device(), NULL, register_fd_lists(), rsbac_debug_no_write, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_init(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_mount(), RSBAC_MAXNAMELEN, rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_mount_reg(), rsbac_pr_debug, rsbac_printk(), rsbac_root_dev, rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE.

Referenced by get_attr_fd(), rsbac_do_init(), rsbac_get_super_block(), rsbac_ta_remove_target(), and set_attr_fd().

08213 {
08214         int err = 0;
08215         struct rsbac_device_list_item_t *device_p;
08216         struct rsbac_device_list_item_t *new_device_p;
08217 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08218         u_long flags;
08219 #endif
08220         rsbac_boolean_t old_no_write;
08221         u_int hash;
08222 
08223         if (!sb_p) {
08224                 rsbac_printk(KERN_WARNING "rsbac_mount(): called with NULL pointer\n");
08225                 return -RSBAC_EINVALIDPOINTER;
08226         }
08227         if (!rsbac_initialized) {
08228 #ifdef CONFIG_RSBAC_INIT_DELAY
08229 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08230                 if (!RSBAC_MAJOR(rsbac_delayed_root)
08231                     && !RSBAC_MINOR(rsbac_delayed_root)
08232                     && rsbac_delayed_root_str[0]
08233                     ) {         /* translate string to kdev_t */
08234                         char *p = rsbac_delayed_root_str;
08235                         u_int major = 0;
08236                         u_int minor = 0;
08237 
08238                         major = simple_strtoul(p, NULL, 0);
08239                         while ((*p != ':') && (*p != '\0'))
08240                                 p++;
08241                         if (*p) {
08242                                 p++;
08243                                 minor = simple_strtoul(p, NULL, 0);
08244                         }
08245                         rsbac_delayed_root = RSBAC_MKDEV(major, minor);
08246                 }
08247 #endif
08248                 if (!rsbac_no_delay_init
08249                     && ((!RSBAC_MAJOR(rsbac_delayed_root)
08250                          && !RSBAC_MINOR(rsbac_delayed_root)
08251                          && (MAJOR(sb_p->s_dev) > 1)
08252                         )
08253                         || ((RSBAC_MAJOR(rsbac_delayed_root)
08254                              || RSBAC_MINOR(rsbac_delayed_root)
08255                             )
08256                             &&
08257                             ((MAJOR(sb_p->s_dev) ==
08258                               RSBAC_MAJOR(rsbac_delayed_root))
08259                              && (!RSBAC_MINOR(rsbac_delayed_root)
08260                                  || (MINOR(sb_p->s_dev) ==
08261                                      RSBAC_MINOR(rsbac_delayed_root))
08262                              )
08263                             )
08264                         )
08265                     )
08266                     ) {
08267                         if (RSBAC_MAJOR(rsbac_delayed_root)
08268                             || RSBAC_MINOR(rsbac_delayed_root)) {
08269                                 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
08270                                              MAJOR(sb_p->s_dev),
08271                                              MINOR(sb_p->s_dev),
08272                                              RSBAC_MAJOR
08273                                              (rsbac_delayed_root),
08274                                              RSBAC_MINOR
08275                                              (rsbac_delayed_root));
08276                         } else {
08277                                 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
08278                                              MAJOR(sb_p->s_dev),
08279                                              MINOR(sb_p->s_dev));
08280                         }
08281                         rsbac_init(sb_p->s_dev);
08282                         return 0;
08283                 }
08284 #endif
08285 
08286                 rsbac_printk(KERN_WARNING "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
08287                              MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08288 
08289 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08290                 if ((sb_p->s_magic == SYSFS_MAGIC)
08291                     && !RSBAC_MAJOR(sb_p->s_dev)
08292                     ) {
08293                         rsbac_printk(KERN_WARNING "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
08294                         sysfs_sb_p = sb_p;
08295                         sysfs_covered_p = d_covers;
08296                 }
08297 #endif
08298 #ifdef CONFIG_DEVFS_MOUNT
08299                 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC)
08300                     && !RSBAC_MAJOR(sb_p->s_dev)
08301                     ) {
08302                         rsbac_printk(KERN_WARNING "rsbac_mount(): devfs mount detected, keeping values for later use\n");
08303                         devfs_sb_p = sb_p;
08304                         devfs_covered_p = d_covers;
08305                 }
08306 #endif
08307                 return (-RSBAC_ENOTINITIALIZED);
08308         }
08309         rsbac_pr_debug(ds, "mounting device %02u:%02u\n",
08310                        MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08311         rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space());
08312         down(&rsbac_write_sem);
08313         old_no_write = rsbac_debug_no_write;
08314         rsbac_debug_no_write = TRUE;
08315         up(&rsbac_write_sem);
08316         hash = device_hash(sb_p->s_dev);
08317 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08318         rcu_read_lock();
08319 #else
08320         rsbac_read_lock(&device_list_locks[hash], &flags);
08321 #endif
08322         device_p = lookup_device(sb_p->s_dev, hash);
08323         /* repeated mount? */
08324         if (device_p) {
08325                 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
08326                              device_p->mount_count, MAJOR(sb_p->s_dev),
08327                              MINOR(sb_p->s_dev));
08328                 device_p->mount_count++;
08329                 if (d_covers
08330                     && !device_p->d_covers
08331                     && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev))
08332                     && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev))
08333                     ) {
08334                         rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
08335                                      d_covers);
08336                         device_p->d_covers = d_covers;
08337                 }
08338 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08339                 rcu_read_unlock();
08340 #else
08341                 rsbac_read_unlock(&device_list_locks[hash], &flags);
08342 #endif
08343         } else {
08344 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08345                 rcu_read_unlock();
08346 #else
08347                 rsbac_read_unlock(&device_list_locks[hash], &flags);
08348 #endif
08349                 /* OK, go on */
08350                 new_device_p = create_device_item(sb_p, d_covers);
08351                 rsbac_pr_debug(stack, "after creating device item: free stack: %lu\n",
08352                                rsbac_stack_free_space());
08353                 if (!new_device_p) {
08354                         rsbac_debug_no_write = old_no_write;
08355                         return -RSBAC_ECOULDNOTADDDEVICE;
08356                 }
08357 
08358 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08359                 rcu_read_lock();
08360 #else
08361                 rsbac_read_lock(&device_list_locks[hash], &flags);
08362 #endif
08363                 /* make sure to only add, if this device item has not been added in the meantime */
08364                 device_p = lookup_device(sb_p->s_dev, hash);
08365                 if (device_p) {
08366                         rsbac_printk(KERN_WARNING "rsbac_mount(): mount race for device %02u:%02u detected!\n",
08367                                      MAJOR(sb_p->s_dev),
08368                                      MINOR(sb_p->s_dev));
08369                         device_p->mount_count++;
08370 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08371                         rcu_read_unlock();
08372 #else
08373                         rsbac_read_unlock(&device_list_locks[hash], &flags);
08374 #endif
08375                         clear_device_item(new_device_p);
08376                 } else {
08377 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08378                         rcu_read_unlock();
08379 #else
08380                         rsbac_read_unlock(&device_list_locks[hash], &flags);
08381 #endif
08382                         device_p = add_device_item(new_device_p);
08383                         if (!device_p) {
08384                                 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
08385                                              MAJOR(sb_p->s_dev),
08386                                              MINOR(sb_p->s_dev));
08387                                 clear_device_item(new_device_p);
08388                                 rsbac_debug_no_write = old_no_write;
08389                                 return -RSBAC_ECOULDNOTADDDEVICE;
08390                         }
08391                 }
08392 
08393                 /* Generic lists */
08394                 rsbac_list_mount(sb_p->s_dev);
08395                 /* we do not lock device head - we know the device_p and hope for the best... */
08396                 /* also, we are within kernel mount sem */
08397                 if ((err = register_fd_lists(new_device_p, sb_p->s_dev))) {
08398                         char *tmp;
08399 
08400                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
08401                         if (tmp) {
08402                                 rsbac_printk(KERN_WARNING "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
08403                                              MAJOR(sb_p->s_dev),
08404                                              MINOR(sb_p->s_dev),
08405                                              get_error_name(tmp, err));
08406                                 rsbac_kfree(tmp);
08407                         }
08408                 }
08409                 rsbac_pr_debug(stack, "after registering fd lists: free stack: %lu\n",
08410                                rsbac_stack_free_space());
08411         }
08412 
08413 /* call other mount functions */
08414 #if defined(CONFIG_RSBAC_MAC)
08415         rsbac_mount_mac(sb_p->s_dev);
08416         rsbac_pr_debug(stack, "after mount_mac: free stack: %lu\n",
08417                        rsbac_stack_free_space());
08418 #endif
08419 #if defined(CONFIG_RSBAC_AUTH)
08420         rsbac_mount_auth(sb_p->s_dev);
08421         rsbac_pr_debug(stack, "after mount_auth: free stack: %lu\n",
08422                        rsbac_stack_free_space());
08423 #endif
08424 #if defined(CONFIG_RSBAC_ACL)
08425         rsbac_mount_acl(sb_p->s_dev);
08426         rsbac_pr_debug(stack, "after mount_acl: free stack: %lu\n",
08427                        rsbac_stack_free_space());
08428 #endif
08429 #if defined(CONFIG_RSBAC_REG)
08430         rsbac_mount_reg(sb_p->s_dev);
08431         rsbac_pr_debug(stack, "after mount_reg: free stack: %lu\n",
08432                        rsbac_stack_free_space());
08433 #endif                          /* REG */
08434 
08435         rsbac_debug_no_write = old_no_write;
08436         return (err);
08437 }

void rsbac_read_close ( struct file *  file_p  ) 

Definition at line 2602 of file aci_data_structures.c.

References NULL.

Referenced by do_read_list(), do_read_lol_list(), read_info(), and rsbac_write_close().

02603 {
02604         /* cleanup copied from __fput */
02605         struct dentry *dentry = file_p->f_dentry;
02606         struct inode *inode = dentry->d_inode;
02607 
02608         if (file_p->f_op && file_p->f_op->release)
02609                 file_p->f_op->release(inode, file_p);
02610         file_p->f_dentry = NULL;
02611         if (file_p->f_mode & FMODE_WRITE)
02612                 put_write_access(inode);
02613         dput(dentry);
02614 }

int rsbac_read_open ( char *  name,
struct file *  file_p,
kdev_t  kdev 
)

Definition at line 2160 of file aci_data_structures.c.

References FALSE, init_private_file(), lookup_aci_path_dentry(), NULL, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_ENOTFOUND, RSBAC_EREADFAILED, rsbac_kfree(), rsbac_kmalloc(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, rsbac_pr_debug, and rsbac_printk().

Referenced by do_read_list(), do_read_lol_list(), and read_info().

02161 {
02162         struct dentry *dir_dentry_p;
02163         struct dentry *file_dentry_p;
02164         int tmperr, err;
02165 
02166         if (!name || !file_p) {
02167                 rsbac_pr_debug(ds, "called with NULL pointer!");
02168                 return (-RSBAC_EINVALIDPOINTER);
02169         }
02170 
02171         /* lookup dentry of ACI_PATH on root device, lock is released there */
02172         if ((err =
02173              lookup_aci_path_dentry(NULL, &dir_dentry_p, FALSE, kdev))) {
02174                 return (err);
02175         }
02176 
02177         /* open file for reading - this must be done 'by hand', because     */
02178         /* standard system calls are now extended by rsbac decision calls.  */
02179         file_dentry_p =
02180             rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02181         if (!file_dentry_p || IS_ERR(file_dentry_p)) {  /* error in lookup */
02182                 return (-RSBAC_EREADFAILED);
02183         }
02184         if (!file_dentry_p->d_inode) {  /* file not found: trying backup */
02185                 char *bname;
02186                 int name_len = strlen(name);
02187 
02188                 dput(file_dentry_p);
02189                 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02190                 if (!bname) {
02191                         return -RSBAC_ENOMEM;
02192                 }
02193 
02194                 strcpy(bname, name);
02195                 bname[name_len] = 'b';
02196                 name_len++;
02197                 bname[name_len] = (char) 0;
02198                 rsbac_pr_debug(ds, "could not lookup file %s, trying backup %s\n",
02199                              name, bname);
02200                 file_dentry_p =
02201                     rsbac_lookup_one_len(bname, dir_dentry_p,
02202                                          strlen(bname));
02203                 rsbac_kfree(bname);
02204                 if (!file_dentry_p || IS_ERR(file_dentry_p)) {  /* error in lookup */
02205                         return (-RSBAC_EREADFAILED);
02206                 }
02207                 if (!file_dentry_p->d_inode) {  /* backup file also not found: return error */
02208                         rsbac_pr_debug(ds, "could not lookup backup file %sb\n",
02209                                        name);
02210                         dput(file_dentry_p);
02211                         return (-RSBAC_ENOTFOUND);
02212                 }
02213         }
02214         if (!(S_ISREG(file_dentry_p->d_inode->i_mode))) {       /* this is not a file! -> error! */
02215                 rsbac_printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n");
02216                 dput(file_dentry_p);
02217                 return (-RSBAC_EREADFAILED);
02218         }
02219 
02220         /* Now we fill the file structure and */
02221         /* if there is an open func for this file, use it, otherwise ignore */
02222         if ((tmperr = init_private_file(file_p, file_dentry_p, O_RDONLY))) {
02223                 dput(file_dentry_p);
02224                 rsbac_printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n",
02225                              name);
02226                 return -RSBAC_EREADFAILED;
02227         }
02228 
02229         /* if there is no read func, we get a problem -> error */
02230         if ((!file_p->f_op) || (!file_p->f_op->read)) {
02231                 if (!file_p->f_op) {
02232                         rsbac_printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n",
02233                                      name);
02234                 } else {
02235                         rsbac_printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n",
02236                                      name);
02237                         if (file_p->f_op->release)
02238                                 file_p->f_op->release(file_dentry_p->
02239                                                       d_inode, file_p);
02240                 }
02241                 dput(file_dentry_p);
02242                 return -RSBAC_EREADFAILED;
02243         }
02244         return 0;
02245 }

int rsbac_stats ( void   ) 

Definition at line 8602 of file aci_data_structures.c.

References dev_handles, dev_major_handles, device_head_p, device_list_locks, ipc_handles, KERNEL_VERSION, process_handles, rsbac_adf_request_count, rsbac_adf_set_attr_count, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_count(), rsbac_printk(), rsbac_stats_acl(), rsbac_stats_auth(), rsbac_stats_pm(), rsbac_stats_rc(), T_DEV, T_DIR, T_FIFO, T_FILE, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SCD, T_SYMLINK, T_UNIXSOCK, T_USER, and user_handles.

Referenced by sys_rsbac_stats().

08603 {
08604         struct rsbac_device_list_item_t *device_p;
08605         u_long fd_count = 0, fd_sum = 0;
08606         u_long dev_sum = 0;
08607         u_long ipc_sum = 0;
08608         u_long user_sum = 0;
08609         u_long process_sum = 0;
08610 #if defined(CONFIG_RSBAC_UM)
08611         u_long group_sum = 0;
08612 #endif
08613 #if defined(CONFIG_RSBAC_NET_OBJ)
08614         u_long nettemp_sum = 0;
08615         u_long lnetobj_sum = 0;
08616         u_long rnetobj_sum = 0;
08617 #endif
08618         u_long total_sum = 0;
08619         long tmp_count = 0;
08620 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08621         u_long dflags;
08622 #endif
08623         u_int i;
08624 
08625         if (!rsbac_initialized) {
08626                 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
08627                 return (-RSBAC_ENOTINITIALIZED);
08628         }
08629         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
08630 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08631                 rcu_read_lock();
08632 #else
08633                 rsbac_read_lock(&device_list_locks[i], &dflags);
08634 #endif
08635 /*    rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n",
08636                      device_list_lock.lock); */
08637                 device_p = rcu_dereference(device_head_p[i])->head;
08638                 while (device_p) {      /* for all sublists */
08639                         fd_count = rsbac_list_count(device_p->handles.gen);
08640                         if (fd_count > 0) {
08641                                 rsbac_printk(", %lu GEN", fd_count);
08642                                 fd_sum += fd_count;
08643                         }
08644 
08645 #if defined(CONFIG_RSBAC_MAC)
08646                         fd_count = rsbac_list_count(device_p->handles.mac);
08647                         if (fd_count > 0) {
08648                                 rsbac_printk(", %lu MAC", fd_count);
08649                                 fd_sum += fd_count;
08650                         }
08651 #endif
08652 
08653 #if defined(CONFIG_RSBAC_PM)
08654                         fd_count = rsbac_list_count(device_p->handles.pm);
08655                         if (fd_count > 0) {
08656                                 rsbac_printk(", %lu PM", fd_count);
08657                                 fd_sum += fd_count;
08658                         }
08659 #endif
08660 
08661 #if defined(CONFIG_RSBAC_DAZ)
08662                         fd_count = rsbac_list_count(device_p->handles.daz);
08663                         if (fd_count > 0) {
08664                                 rsbac_printk(", %lu DAZ", fd_count);
08665                                 fd_sum += fd_count;
08666                         }
08667 #if defined(CONFIG_RSBAC_DAZ_CACHE)
08668                         fd_count = rsbac_list_count(device_p->handles.dazs);
08669                         if (fd_count > 0) {
08670                                 rsbac_printk(", %lu DAZ SCANNED", fd_count);
08671                                 fd_sum += fd_count;
08672                         }
08673 #endif
08674 #endif
08675 
08676 #if defined(CONFIG_RSBAC_FF)
08677                         fd_count = rsbac_list_count(device_p->handles.ff);
08678                         if (fd_count > 0) {
08679                                 rsbac_printk(", %lu FF", fd_count);
08680                                 fd_sum += fd_count;
08681                         }
08682 #endif
08683 
08684 #if defined(CONFIG_RSBAC_RC)
08685                         fd_count = rsbac_list_count(device_p->handles.rc);
08686                         if (fd_count > 0) {
08687                                 rsbac_printk(", %lu RC", fd_count);
08688                                 fd_sum += fd_count;
08689                         }
08690 #endif
08691 
08692 #if defined(CONFIG_RSBAC_AUTH)
08693                         fd_count = rsbac_list_count(device_p->handles.auth);
08694                         if (fd_count > 0) {
08695                                 rsbac_printk(", %lu AUTH", fd_count);
08696                                 fd_sum += fd_count;
08697                         }
08698 #endif
08699 
08700 #if defined(CONFIG_RSBAC_CAP)
08701                         fd_count = rsbac_list_count(device_p->handles.cap);
08702                         if (fd_count > 0) {
08703                                 rsbac_printk(", %lu CAP", fd_count);
08704                                 fd_sum += fd_count;
08705                         }
08706 #endif
08707 #if defined(CONFIG_RSBAC_RES)
08708                         fd_count = rsbac_list_count(device_p->handles.res);
08709                         if (fd_count > 0) {
08710                                 rsbac_printk(", %lu RES", fd_count);
08711                                 fd_sum += fd_count;
08712                         }
08713 #endif
08714 #if defined(CONFIG_RSBAC_PAX)
08715                         fd_count = rsbac_list_count(device_p->handles.pax);
08716                         if (fd_count > 0) {
08717                                 rsbac_printk(", %lu PAX", fd_count);
08718                                 fd_sum += fd_count;
08719                         }
08720 #endif
08721 
08722                         rsbac_printk("\n");
08723                         device_p = device_p->next;
08724                 }
08725                 tmp_count += rcu_dereference(device_head_p[i])->count;
08726 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08727                 rcu_read_unlock();
08728 #else
08729                 rsbac_read_unlock(&device_list_locks[i], &dflags);
08730 #endif
08731         }
08732         rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
08733                      tmp_count, fd_sum);
08734         /* free access to device_list_head */
08735         total_sum += fd_sum;
08736 
08737         /* dev lists */
08738         tmp_count = rsbac_list_count(dev_handles.gen);
08739         rsbac_printk(KERN_INFO "DEV items: %lu GEN", tmp_count);
08740         dev_sum += tmp_count;
08741 #if defined(CONFIG_RSBAC_MAC)
08742         tmp_count = rsbac_list_count(dev_handles.mac);
08743         rsbac_printk(", %lu MAC", tmp_count);
08744         dev_sum += tmp_count;
08745 #endif
08746 #if defined(CONFIG_RSBAC_PM)
08747         tmp_count = rsbac_list_count(dev_handles.pm);
08748         rsbac_printk(", %lu PM", tmp_count);
08749         dev_sum += tmp_count;
08750 #endif
08751 #if defined(CONFIG_RSBAC_RC)
08752         tmp_count = rsbac_list_count(dev_major_handles.rc);
08753         rsbac_printk(", %lu major RC", tmp_count);
08754         dev_sum += tmp_count;
08755         tmp_count = rsbac_list_count(dev_handles.rc);
08756         rsbac_printk(", %lu RC", tmp_count);
08757         dev_sum += tmp_count;
08758 #endif
08759         rsbac_printk("\n");
08760         rsbac_printk(KERN_INFO "Sum of %lu DEV items\n", dev_sum);
08761         total_sum += dev_sum;
08762 
08763         /* ipc lists */
08764         rsbac_printk(KERN_INFO "IPC items: no GEN");
08765 #if defined(CONFIG_RSBAC_MAC)
08766         tmp_count = rsbac_list_count(ipc_handles.mac);
08767         rsbac_printk(", %lu MAC", tmp_count);
08768         ipc_sum += tmp_count;
08769 #endif
08770 #if defined(CONFIG_RSBAC_PM)
08771         tmp_count = rsbac_list_count(ipc_handles.pm);
08772         rsbac_printk(", %lu PM", tmp_count);
08773         ipc_sum += tmp_count;
08774 #endif
08775 #if defined(CONFIG_RSBAC_RC)
08776         tmp_count = rsbac_list_count(ipc_handles.rc);
08777         rsbac_printk(", %lu RC", tmp_count);
08778         ipc_sum += tmp_count;
08779 #endif
08780 #if defined(CONFIG_RSBAC_JAIL)
08781         tmp_count = rsbac_list_count(ipc_handles.jail);
08782         rsbac_printk(", %lu JAIL", tmp_count);
08783         ipc_sum += tmp_count;
08784 #endif
08785         rsbac_printk("\n");
08786         rsbac_printk(KERN_INFO "Sum of %lu IPC items\n", ipc_sum);
08787         total_sum += ipc_sum;
08788 
08789         /* user lists */
08790         tmp_count = rsbac_list_count(user_handles.gen);
08791         rsbac_printk(KERN_INFO "USER items: %lu GEN", tmp_count);
08792         user_sum += tmp_count;
08793 #if defined(CONFIG_RSBAC_MAC)
08794         tmp_count = rsbac_list_count(user_handles.mac);
08795         rsbac_printk(", %lu MAC", tmp_count);
08796         user_sum += tmp_count;
08797 #endif
08798 #if defined(CONFIG_RSBAC_PM)
08799         tmp_count = rsbac_list_count(user_handles.pm);
08800         rsbac_printk(", %lu PM", tmp_count);
08801         user_sum += tmp_count;
08802 #endif
08803 #if defined(CONFIG_RSBAC_DAZ)
08804         tmp_count = rsbac_list_count(user_handles.daz);
08805         rsbac_printk(", %lu DAZ", tmp_count);
08806         user_sum += tmp_count;
08807 #endif
08808 #if defined(CONFIG_RSBAC_RC)
08809         tmp_count = rsbac_list_count(user_handles.rc);
08810         rsbac_printk(", %lu RC", tmp_count);
08811         user_sum += tmp_count;
08812 #endif
08813 #if defined(CONFIG_RSBAC_AUTH)
08814         tmp_count = rsbac_list_count(user_handles.auth);
08815         rsbac_printk(", %lu AUTH", tmp_count);
08816         user_sum += tmp_count;
08817 #endif
08818 #if defined(CONFIG_RSBAC_CAP)
08819         tmp_count = rsbac_list_count(user_handles.cap);
08820         rsbac_printk(", %lu CAP", tmp_count);
08821         user_sum += tmp_count;
08822 #endif
08823 #if defined(CONFIG_RSBAC_JAIL)
08824         tmp_count = rsbac_list_count(user_handles.jail);
08825         rsbac_printk(", %lu JAIL", tmp_count);
08826         user_sum += tmp_count;
08827 #endif
08828 #if defined(CONFIG_RSBAC_RES)
08829         tmp_count = rsbac_list_count(user_handles.res);
08830         rsbac_printk(", %lu RES", tmp_count);
08831         user_sum += tmp_count;
08832 #endif
08833 #if defined(CONFIG_RSBAC_PAX)
08834         tmp_count = rsbac_list_count(user_handles.pax);
08835         rsbac_printk(", %lu PAX", tmp_count);
08836         user_sum += tmp_count;
08837 #endif
08838         rsbac_printk("\n");
08839         rsbac_printk(KERN_INFO "Sum of %lu USER items\n", user_sum);
08840         total_sum += user_sum;
08841 
08842         /* process lists */
08843         tmp_count = rsbac_list_count(process_handles.gen);
08844         rsbac_printk(KERN_INFO "PROCESS items: %lu GEN", tmp_count);
08845         process_sum += tmp_count;
08846 #if defined(CONFIG_RSBAC_MAC)
08847         tmp_count = rsbac_list_count(process_handles.mac);
08848         rsbac_printk(", %lu MAC", tmp_count);
08849         process_sum += tmp_count;
08850 #endif
08851 #if defined(CONFIG_RSBAC_PM)
08852         tmp_count = rsbac_list_count(process_handles.pm);
08853         rsbac_printk(", %lu PM", tmp_count);
08854         process_sum += tmp_count;
08855 #endif
08856 #if defined(CONFIG_RSBAC_DAZ)
08857         tmp_count = rsbac_list_count(process_handles.daz);
08858         rsbac_printk(", %lu DAZ", tmp_count);
08859         process_sum += tmp_count;
08860 #endif
08861 #if defined(CONFIG_RSBAC_RC)
08862         tmp_count = rsbac_list_count(process_handles.rc);
08863         rsbac_printk(", %lu RC", tmp_count);
08864         process_sum += tmp_count;
08865 #endif
08866 #if defined(CONFIG_RSBAC_AUTH)
08867         tmp_count = rsbac_list_count(process_handles.auth);
08868         rsbac_printk(", %lu AUTH", tmp_count);
08869         process_sum += tmp_count;
08870 #endif
08871 #if defined(CONFIG_RSBAC_CAP)
08872         tmp_count = rsbac_list_count(process_handles.cap);
08873         rsbac_printk(", %lu CAP", tmp_count);
08874         process_sum += tmp_count;
08875 #endif
08876 #if defined(CONFIG_RSBAC_JAIL)
08877         tmp_count = rsbac_list_count(process_handles.jail);
08878         rsbac_printk(", %lu JAIL", tmp_count);
08879         process_sum += tmp_count;
08880 #endif
08881         rsbac_printk("\n");
08882         rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n", process_sum);
08883         total_sum += process_sum;
08884 
08885 #if defined(CONFIG_RSBAC_UM)
08886         /* group lists */
08887         rsbac_printk(KERN_INFO "GROUP items: ");
08888 #if defined(CONFIG_RSBAC_RC_UM_PROT)
08889         tmp_count = rsbac_list_count(group_handles.rc);
08890         rsbac_printk("%lu RC", tmp_count);
08891         user_sum += tmp_count;
08892 #endif
08893         rsbac_printk("\n");
08894         rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n", group_sum);
08895         total_sum += group_sum;
08896 #endif
08897 
08898 #if defined(CONFIG_RSBAC_NET_OBJ)
08899         /* nettemp lists */
08900         rsbac_printk(KERN_INFO "NETTEMP items: ");
08901 #if defined(CONFIG_RSBAC_MAC)
08902         tmp_count = rsbac_list_count(nettemp_handles.mac);
08903         rsbac_printk("%lu MAC, ", tmp_count);
08904         nettemp_sum += tmp_count;
08905 #endif
08906 #if defined(CONFIG_RSBAC_PM)
08907         tmp_count = rsbac_list_count(nettemp_handles.pm);
08908         rsbac_printk("%lu PM, ", tmp_count);
08909         nettemp_sum += tmp_count;
08910 #endif
08911 #if defined(CONFIG_RSBAC_RC)
08912         tmp_count = rsbac_list_count(nettemp_handles.rc);
08913         rsbac_printk("%lu RC, ", tmp_count);
08914         nettemp_sum += tmp_count;
08915 #endif
08916         rsbac_printk("\n");
08917         rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n", nettemp_sum);
08918         total_sum += nettemp_sum;
08919 
08920         /* local netobj lists */
08921         rsbac_printk(KERN_INFO "Local NETOBJ items:");
08922 #if defined(CONFIG_RSBAC_MAC)
08923         tmp_count = rsbac_list_count(lnetobj_handles.mac);
08924         rsbac_printk(" %lu MAC,", tmp_count);
08925         lnetobj_sum += tmp_count;
08926 #endif
08927 #if defined(CONFIG_RSBAC_PM)
08928         tmp_count = rsbac_list_count(lnetobj_handles.pm);
08929         rsbac_printk(" %lu PM,", tmp_count);
08930         lnetobj_sum += tmp_count;
08931 #endif
08932 #if defined(CONFIG_RSBAC_RC)
08933         tmp_count = rsbac_list_count(lnetobj_handles.rc);
08934         rsbac_printk(" %lu RC", tmp_count);
08935         lnetobj_sum += tmp_count;
08936 #endif
08937         rsbac_printk("\n");
08938         rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
08939                      lnetobj_sum);
08940         total_sum += lnetobj_sum;
08941 
08942         /* remote netobj lists */
08943         rsbac_printk(KERN_INFO "Remote NETOBJ items:");
08944 #if defined(CONFIG_RSBAC_MAC)
08945         tmp_count = rsbac_list_count(rnetobj_handles.mac);
08946         rsbac_printk(" %lu MAC,", tmp_count);
08947         rnetobj_sum += tmp_count;
08948 #endif
08949 #if defined(CONFIG_RSBAC_PM)
08950         tmp_count = rsbac_list_count(rnetobj_handles.pm);
08951         rsbac_printk(" %lu PM,", tmp_count);
08952         rnetobj_sum += tmp_count;
08953 #endif
08954 #if defined(CONFIG_RSBAC_RC)
08955         tmp_count = rsbac_list_count(rnetobj_handles.rc);
08956         rsbac_printk(" %lu RC", tmp_count);
08957         rnetobj_sum += tmp_count;
08958 #endif
08959         rsbac_printk("\n");
08960         rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
08961                      rnetobj_sum);
08962         total_sum += rnetobj_sum;
08963 #endif                          /* NET_OBJ */
08964 
08965         rsbac_printk(KERN_INFO "Total of %lu registered rsbac-items\n", total_sum);
08966 
08967         rsbac_printk(KERN_INFO "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n",
08968                      rsbac_adf_request_count[T_FILE],
08969                      rsbac_adf_request_count[T_DIR],
08970                      rsbac_adf_request_count[T_FIFO],
08971                      rsbac_adf_request_count[T_SYMLINK],
08972                      rsbac_adf_request_count[T_DEV],
08973                      rsbac_adf_request_count[T_IPC],
08974                      rsbac_adf_request_count[T_SCD],
08975                      rsbac_adf_request_count[T_USER],
08976                      rsbac_adf_request_count[T_PROCESS],
08977                      rsbac_adf_request_count[T_NETDEV],
08978                      rsbac_adf_request_count[T_NETTEMP],
08979                      rsbac_adf_request_count[T_NETOBJ],
08980                      rsbac_adf_request_count[T_UNIXSOCK]);
08981         rsbac_printk(KERN_INFO "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n",
08982                      rsbac_adf_set_attr_count[T_FILE],
08983                      rsbac_adf_set_attr_count[T_DIR],
08984                      rsbac_adf_set_attr_count[T_FIFO],
08985                      rsbac_adf_set_attr_count[T_SYMLINK],
08986                      rsbac_adf_set_attr_count[T_DEV],
08987                      rsbac_adf_set_attr_count[T_IPC],
08988                      rsbac_adf_set_attr_count[T_SCD],
08989                      rsbac_adf_set_attr_count[T_USER],
08990                      rsbac_adf_set_attr_count[T_PROCESS],
08991                      rsbac_adf_set_attr_count[T_NETDEV],
08992                      rsbac_adf_set_attr_count[T_NETTEMP],
08993                      rsbac_adf_set_attr_count[T_NETOBJ],
08994                      rsbac_adf_set_attr_count[T_UNIXSOCK]);
08995 
08996 #if defined(CONFIG_RSBAC_PM)
08997         rsbac_stats_pm();
08998 #endif
08999 #if defined(CONFIG_RSBAC_RC)
09000         rsbac_stats_rc();
09001 #endif
09002 #if defined(CONFIG_RSBAC_AUTH)
09003         rsbac_stats_auth();
09004 #endif
09005 #if defined(CONFIG_RSBAC_ACL)
09006         rsbac_stats_acl();
09007 #endif
09008         return 0;
09009 }

int rsbac_ta_get_attr ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value_p,
rsbac_boolean_t  inherit 
)

Definition at line 11442 of file aci_data_structures.c.

References rsbac_target_id_t::dev, get_attr_dev(), get_attr_fd(), get_attr_ipc(), get_attr_process(), get_attr_user(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_lol_get_subdata(), rsbac_list_lol_subadd_ttl(), rsbac_pr_debug, rsbac_printk(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, T_UNIXSOCK, T_USER, and TRUE.

Referenced by rsbac_pm(), sys_rsbac_get_attr(), and sys_rsbac_get_attr_n().

11449 {
11450         int err = 0;
11451 
11452         if (!rsbac_initialized) {
11453                 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
11454                 return (-RSBAC_ENOTINITIALIZED);
11455         }
11456         if (!value_p)
11457                 return (-RSBAC_EINVALIDPOINTER);
11458         if (in_interrupt()) {
11459                 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
11460         }
11461 #ifdef CONFIG_RSBAC_XSTATS
11462         get_attr_count[target]++;
11463 #endif
11464         switch (target) {
11465         case T_FILE:
11466         case T_DIR:
11467         case T_FIFO:
11468         case T_SYMLINK:
11469         case T_UNIXSOCK:
11470 #ifdef CONFIG_RSBAC_FD_CACHE
11471                 if (inherit && !ta_number && fd_cache_handle[module] && (RSBAC_MAJOR(tid.file.device) > 1)) {
11472                         struct rsbac_fd_cache_desc_t fd_desc;
11473                         rsbac_enum_t cache_attr = attr;
11474 
11475                         fd_desc.device = tid.file.device;
11476                         fd_desc.inode = tid.file.inode;
11477                         if (!rsbac_list_lol_get_subdata(fd_cache_handle[module],
11478                                                 &fd_desc, &cache_attr,
11479                                                 value_p)) {
11480 #ifdef CONFIG_RSBAC_XSTATS
11481                                 fd_cache_hits[module]++;
11482 #endif
11483                                 return 0;
11484                         }
11485                         err = get_attr_fd(0, module, target, &tid,
11486                                    attr, value_p, TRUE);
11487                         if (!err) {
11488 #if 0
11489                                 rsbac_pr_debug(auto, "Adding fd cache item device %02u:%02u inode %u attr %u\n",
11490                                         RSBAC_MAJOR(fd_desc.device), RSBAC_MINOR(fd_desc.device),
11491                                         fd_desc.inode, attr);
11492 #endif
11493                                 rsbac_list_lol_subadd_ttl(fd_cache_handle[module],
11494                                                 rsbac_fd_cache_ttl,
11495                                                 &fd_desc, &cache_attr,
11496                                                 value_p);
11497 #ifdef CONFIG_RSBAC_XSTATS
11498                                 fd_cache_misses[module]++;
11499 #endif
11500                         }
11501                         return err;
11502                 }
11503 #endif
11504 
11505                 return get_attr_fd(ta_number, module, target, &tid,
11506                                    attr, value_p, inherit);
11507 
11508         case T_DEV:
11509                 return get_attr_dev(ta_number, module, target, tid.dev,
11510                                     attr, value_p, inherit);
11511 
11512         case T_IPC:
11513                 return get_attr_ipc(ta_number, module, target, &tid,
11514                                     attr, value_p, inherit);
11515 
11516         case T_USER:
11517                 return get_attr_user(ta_number, module, target, &tid,
11518                                      attr, value_p, inherit);
11519 
11520         case T_PROCESS:
11521                 return get_attr_process(ta_number, module, target, &tid,
11522                                         attr, value_p, inherit);
11523 
11524 #ifdef CONFIG_RSBAC_UM
11525         case T_GROUP:
11526                 return get_attr_group(ta_number, module, target, &tid,
11527                                       attr, value_p, inherit);
11528 #endif                          /* CONFIG_RSBAC_UM */
11529 
11530 #ifdef CONFIG_RSBAC_NET_DEV
11531         case T_NETDEV:
11532                 return get_attr_netdev(ta_number, module, target, &tid,
11533                                        attr, value_p, inherit);
11534 #endif
11535 
11536 #ifdef CONFIG_RSBAC_NET_OBJ
11537         case T_NETTEMP:
11538                 return get_attr_nettemp(ta_number, module, target, &tid,
11539                                         attr, value_p, inherit);
11540 
11541         case T_NETOBJ:
11542                 return get_attr_netobj(ta_number, module, target, &tid,
11543                                        attr, value_p, inherit);
11544 #endif
11545 
11546                 /* switch target: no valid target */
11547         default:
11548                 return -RSBAC_EINVALIDTARGET;
11549         }
11550 
11551         return err;
11552 }

int rsbac_ta_list_all_dev ( rsbac_list_ta_number_t  ta_number,
struct rsbac_dev_desc_t **  id_pp 
)

Definition at line 14188 of file aci_data_structures.c.

References D_block, D_block_major, dev_handles, dev_major_handles, NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_exist(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc.

Referenced by sys_rsbac_list_all_dev().

14190 {
14191         int count = 0;
14192         int tmp_count;
14193 
14194         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen);
14195         if (tmp_count > 0)
14196                 count += tmp_count;
14197 #if defined(CONFIG_RSBAC_MAC)
14198         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac);
14199         if (tmp_count > 0)
14200                 count += tmp_count;
14201 #endif
14202 #if defined(CONFIG_RSBAC_PM)
14203         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm);
14204         if (tmp_count > 0)
14205                 count += tmp_count;
14206 #endif
14207 #if defined(CONFIG_RSBAC_RC)
14208         tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc);
14209         if (tmp_count > 0)
14210                 count += tmp_count;
14211         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc);
14212         if (tmp_count > 0)
14213                 count += tmp_count;
14214 #endif
14215         if (id_pp) {
14216                 struct rsbac_dev_desc_t *i_id_p = NULL;
14217                 char *pos = NULL;
14218 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC)
14219                 u_int i;
14220 #endif
14221 
14222                 if (count > 0) {
14223                         int i_count = 0;
14224 
14225                         i_count = count + 20;   /* max value to expect */
14226                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14227                         if (!*id_pp)
14228                                 return -RSBAC_ENOMEM;
14229                         pos = (char *) *id_pp;
14230                         tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14231                                                                dev_handles.
14232                                                                gen,
14233                                                                (void **)
14234                                                                &i_id_p);
14235                         if (tmp_count > 0) {
14236                                 if (tmp_count > i_count)
14237                                         tmp_count = i_count;
14238                                 memcpy(pos, i_id_p,
14239                                        tmp_count * sizeof(*i_id_p));
14240                                 rsbac_vfree(i_id_p);
14241                                 count = tmp_count;
14242                                 i_count -= tmp_count;
14243                                 pos += tmp_count * sizeof(*i_id_p);
14244                         } else
14245                                 count = 0;
14246 #if defined(CONFIG_RSBAC_MAC)
14247                         if (i_count) {
14248                                 tmp_count =
14249                                     rsbac_ta_list_get_all_desc(ta_number,
14250                                                                dev_handles.
14251                                                                mac,
14252                                                                (void **)
14253                                                                &i_id_p);
14254                                 if (tmp_count > 0) {
14255                                         if (tmp_count > i_count)
14256                                                 tmp_count = i_count;
14257                                         for (i = 0; i < tmp_count; i++) {
14258                                                 if (!rsbac_ta_list_exist
14259                                                     (ta_number,
14260                                                      dev_handles.gen,
14261                                                      &i_id_p[i])) {
14262                                                         memcpy(pos,
14263                                                                &i_id_p[i],
14264                                                                sizeof
14265                                                                (*i_id_p));
14266                                                         pos +=
14267                                                             sizeof
14268                                                             (*i_id_p);
14269                                                         count++;
14270                                                         i_count--;
14271                                                 }
14272                                         }
14273                                         rsbac_vfree(i_id_p);
14274                                 }
14275                         }
14276 #endif
14277 #if defined(CONFIG_RSBAC_PM)
14278                         if (i_count) {
14279                                 tmp_count =
14280                                     rsbac_ta_list_get_all_desc(ta_number,
14281                                                                dev_handles.
14282                                                                pm,
14283                                                                (void **)
14284                                                                &i_id_p);
14285                                 if (tmp_count > 0) {
14286                                         if (tmp_count > i_count)
14287                                                 tmp_count = i_count;
14288                                         for (i = 0; i < tmp_count; i++) {
14289                                                 if (!rsbac_ta_list_exist
14290                                                     (ta_number,
14291                                                      dev_handles.gen,
14292                                                      &i_id_p[i]))
14293 #if defined(CONFIG_RSBAC_MAC)
14294                                                         if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14295 #endif
14296                                                         {
14297                                                                 memcpy(pos,
14298                                                                        &i_id_p
14299                                                                        [i],
14300                                                                        sizeof
14301                                                                        (*i_id_p));
14302                                                                 pos +=
14303                                                                     sizeof
14304                                                                     (*i_id_p);
14305                                                                 count++;
14306                                                                 i_count--;
14307                                                         }
14308                                         }
14309                                         rsbac_vfree(i_id_p);
14310                                 }
14311                         }
14312 #endif
14313 #if defined(CONFIG_RSBAC_RC)
14314                         if (i_count) {
14315                                 tmp_count =
14316                                     rsbac_ta_list_get_all_desc(ta_number,
14317                                                                dev_major_handles.
14318                                                                rc,
14319                                                                (void **)
14320                                                                &i_id_p);
14321                                 if (tmp_count > 0) {
14322                                         if (tmp_count > i_count)
14323                                                 tmp_count = i_count;
14324                                         for (i = 0; i < tmp_count; i++) {
14325                                                 i_id_p[i].type +=
14326                                                     (D_block_major -
14327                                                      D_block);
14328                                                 memcpy(pos, &i_id_p[i],
14329                                                        sizeof(*i_id_p));
14330                                                 pos += sizeof(*i_id_p);
14331                                                 count++;
14332                                                 i_count--;
14333                                         }
14334                                         rsbac_vfree(i_id_p);
14335                                 }
14336                         }
14337                         if (i_count) {
14338                                 tmp_count =
14339                                     rsbac_ta_list_get_all_desc(ta_number,
14340                                                                dev_handles.
14341                                                                rc,
14342                                                                (void **)
14343                                                                &i_id_p);
14344                                 if (tmp_count > 0) {
14345                                         if (tmp_count > i_count)
14346                                                 tmp_count = i_count;
14347                                         for (i = 0; i < tmp_count; i++) {
14348                                                 if (!rsbac_ta_list_exist
14349                                                     (ta_number,
14350                                                      dev_handles.gen,
14351                                                      &i_id_p[i]))
14352 #if defined(CONFIG_RSBAC_MAC)
14353                                                         if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14354 #endif
14355 #if defined(CONFIG_RSBAC_PM)
14356                                                                 if (!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i]))
14357 #endif
14358                                                                 {
14359                                                                         memcpy
14360                                                                             (pos,
14361                                                                              &i_id_p
14362                                                                              [i],
14363                                                                              sizeof
14364                                                                              (*i_id_p));
14365                                                                         pos += sizeof(*i_id_p);
14366                                                                         count++;
14367                                                                         i_count--;
14368                                                                 }
14369                                         }
14370                                         rsbac_vfree(i_id_p);
14371                                 }
14372                         }
14373 #endif
14374                         if (!count)
14375                                 rsbac_vfree(*id_pp);
14376                 }
14377         }
14378         return count;
14379 }

int rsbac_ta_list_all_group ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t **  id_pp 
)

Definition at line 14657 of file aci_data_structures.c.

References NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc.

Referenced by sys_rsbac_list_all_group().

14659 {
14660 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14661         int count = 0;
14662         int tmp_count;
14663 
14664         tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc);
14665         if (tmp_count > 0)
14666                 count += tmp_count;
14667         if (id_pp) {
14668                 if (count > 0) {
14669                         int i_count;
14670                         rsbac_gid_t *i_id_p = NULL;
14671 
14672                         i_count = count + 20;   /* max value to expect */
14673                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14674                         if (!*id_pp)
14675                                 return -RSBAC_ENOMEM;
14676                         tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14677                                                                group_handles.
14678                                                                rc,
14679                                                                (void **)
14680                                                                &i_id_p);
14681                         if (tmp_count > 0) {
14682                                 if (tmp_count > i_count)
14683                                         tmp_count = i_count;
14684                                 memcpy(*id_pp, i_id_p,
14685                                        tmp_count * sizeof(*i_id_p));
14686                                 rsbac_vfree(i_id_p);
14687                                 count = tmp_count;
14688                                 i_count -= tmp_count;
14689                         } else
14690                                 count = 0;
14691                         if (!count)
14692                                 rsbac_vfree(*id_pp);
14693                 }
14694         }
14695         return count;
14696 #else
14697         return 0;
14698 #endif
14699 }

int rsbac_ta_list_all_ipc ( rsbac_list_ta_number_t  ta_number,
struct rsbac_ipc_t **  id_pp 
)

Definition at line 14599 of file aci_data_structures.c.

References copy_new_ipcs(), ipc_handles, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_vfree, and rsbac_vmalloc.

Referenced by sys_rsbac_list_all_ipc().

14601 {
14602         int count = 0;
14603         int tmp_count;
14604 
14605 #if defined(CONFIG_RSBAC_MAC)
14606         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.mac);
14607         if (tmp_count > 0)
14608                 count += tmp_count;
14609 #endif
14610 #if defined(CONFIG_RSBAC_PM)
14611         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.pm);
14612         if (tmp_count > 0)
14613                 count += tmp_count;
14614 #endif
14615 #if defined(CONFIG_RSBAC_RC)
14616         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.rc);
14617         if (tmp_count > 0)
14618                 count += tmp_count;
14619 #endif
14620 #if defined(CONFIG_RSBAC_JAIL)
14621         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.jail);
14622         if (tmp_count > 0)
14623                 count += tmp_count;
14624 #endif
14625         if (id_pp) {
14626                 if (count > 0) {
14627                         int i_count;
14628 
14629                         i_count = count + 20;   /* max value to expect */
14630                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14631                         if (!*id_pp)
14632                                 return -RSBAC_ENOMEM;
14633                         count = 0;
14634 #if defined(CONFIG_RSBAC_MAC)
14635                         copy_new_ipcs(ipc_handles.mac, ta_number, &count,
14636                                       &i_count, *id_pp);
14637 #endif
14638 #if defined(CONFIG_RSBAC_PM)
14639                         copy_new_ipcs(ipc_handles.pm, ta_number, &count,
14640                                       &i_count, *id_pp);
14641 #endif
14642 #if defined(CONFIG_RSBAC_RC)
14643                         copy_new_ipcs(ipc_handles.rc, ta_number, &count,
14644                                       &i_count, *id_pp);
14645 #endif
14646 #if defined(CONFIG_RSBAC_JAIL)
14647                         copy_new_ipcs(ipc_handles.jail, ta_number, &count,
14648                                       &i_count, *id_pp);
14649 #endif
14650                         if (!count)
14651                                 rsbac_vfree(*id_pp);
14652                 }
14653         }
14654         return count;
14655 }

int rsbac_ta_list_all_user ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t **  id_pp 
)

Definition at line 14425 of file aci_data_structures.c.

References copy_new_uids(), NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, rsbac_vmalloc, and user_handles.

Referenced by sys_rsbac_list_all_user().

14427 {
14428         int count = 0;
14429         int tmp_count;
14430 
14431         tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen);
14432         if (tmp_count > 0)
14433                 count += tmp_count;
14434 #if defined(CONFIG_RSBAC_MAC)
14435         tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac);
14436         if (tmp_count > 0)
14437                 count += tmp_count;
14438 #endif
14439 #if defined(CONFIG_RSBAC_PM)
14440         tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm);
14441         if (tmp_count > 0)
14442                 count += tmp_count;
14443 #endif
14444 #if defined(CONFIG_RSBAC_DAZ)
14445         tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz);
14446         if (tmp_count > 0)
14447                 count += tmp_count;
14448 #endif
14449 #if defined(CONFIG_RSBAC_FF)
14450         tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff);
14451         if (tmp_count > 0)
14452                 count += tmp_count;
14453 #endif
14454 #if defined(CONFIG_RSBAC_RC)
14455         tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc);
14456         if (tmp_count > 0)
14457                 count += tmp_count;
14458 #endif
14459 #if defined(CONFIG_RSBAC_AUTH)
14460         tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth);
14461         if (tmp_count > 0)
14462                 count += tmp_count;
14463 #endif
14464 #if defined(CONFIG_RSBAC_CAP)
14465         tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap);
14466         if (tmp_count > 0)
14467                 count += tmp_count;
14468 #endif
14469 #if defined(CONFIG_RSBAC_JAIL)
14470         tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail);
14471         if (tmp_count > 0)
14472                 count += tmp_count;
14473 #endif
14474 #if defined(CONFIG_RSBAC_PAX)
14475         tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax);
14476         if (tmp_count > 0)
14477                 count += tmp_count;
14478 #endif
14479 #if defined(CONFIG_RSBAC_RES)
14480         tmp_count = rsbac_ta_list_count(ta_number, user_handles.res);
14481         if (tmp_count > 0)
14482                 count += tmp_count;
14483 #endif
14484         if (id_pp) {
14485                 if (count > 0) {
14486                         int i_count;
14487                         rsbac_uid_t *i_id_p = NULL;
14488 
14489                         i_count = count + 20;   /* max value to expect */
14490                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14491                         if (!*id_pp)
14492                                 return -RSBAC_ENOMEM;
14493                         tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14494                                                                user_handles.
14495                                                                gen,
14496                                                                (void **)
14497                                                                &i_id_p);
14498                         if (tmp_count > 0) {
14499                                 if (tmp_count > i_count)
14500                                         tmp_count = i_count;
14501                                 memcpy(*id_pp, i_id_p,
14502                                        tmp_count * sizeof(*i_id_p));
14503                                 rsbac_vfree(i_id_p);
14504                                 count = tmp_count;
14505                                 i_count -= tmp_count;
14506                         } else
14507                                 count = 0;
14508 #if defined(CONFIG_RSBAC_MAC)
14509                         copy_new_uids(user_handles.mac, ta_number, &count,
14510                                       &i_count, *id_pp);
14511 #endif
14512 #if defined(CONFIG_RSBAC_PM)
14513                         copy_new_uids(user_handles.pm, ta_number, &count,
14514                                       &i_count, *id_pp);
14515 #endif
14516 #if defined(CONFIG_RSBAC_DAZ)
14517                         copy_new_uids(user_handles.daz, ta_number, &count,
14518                                       &i_count, *id_pp);
14519 #endif
14520 #if defined(CONFIG_RSBAC_FF)
14521                         copy_new_uids(user_handles.ff, ta_number, &count,
14522                                       &i_count, *id_pp);
14523 #endif
14524 #if defined(CONFIG_RSBAC_RC)
14525                         copy_new_uids(user_handles.rc, ta_number, &count,
14526                                       &i_count, *id_pp);
14527 #endif
14528 #if defined(CONFIG_RSBAC_AUTH)
14529                         copy_new_uids(user_handles.auth, ta_number, &count,
14530                                       &i_count, *id_pp);
14531 #endif
14532 #if defined(CONFIG_RSBAC_CAP)
14533                         copy_new_uids(user_handles.cap, ta_number, &count,
14534                                       &i_count, *id_pp);
14535 #endif
14536 #if defined(CONFIG_RSBAC_JAIL)
14537                         copy_new_uids(user_handles.jail, ta_number, &count,
14538                                       &i_count, *id_pp);
14539 #endif
14540 #if defined(CONFIG_RSBAC_PAX)
14541                         copy_new_uids(user_handles.pax, ta_number, &count,
14542                                       &i_count, *id_pp);
14543 #endif
14544 #if defined(CONFIG_RSBAC_RES)
14545                         copy_new_uids(user_handles.res, ta_number, &count,
14546                                       &i_count, *id_pp);
14547 #endif
14548                         if (!count)
14549                                 rsbac_vfree(*id_pp);
14550                 }
14551         }
14552         return count;
14553 }

int rsbac_ta_remove_target ( rsbac_list_ta_number_t  ta_number,
enum rsbac_target_t  target,
union rsbac_target_id_t  tid 
)

Definition at line 13760 of file aci_data_structures.c.

References D_block, D_block_major, D_char, D_char_major, rsbac_target_id_t::dev, dev_handles, dev_major_handles, device_hash(), device_list_locks, rsbac_target_id_t::group, rsbac_target_id_t::ipc, ipc_handles, lookup_device(), rsbac_target_id_t::netdev, rsbac_target_id_t::netobj, rsbac_target_id_t::nettemp, NULL, rsbac_target_id_t::process, process_handles, rsbac_acl_remove_acl(), rsbac_auth_remove_f_capsets(), rsbac_auth_remove_p_capsets(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_mac_remove_f_trusets(), rsbac_mac_remove_p_trusets(), rsbac_mount(), rsbac_printk(), rsbac_ta_list_remove(), rsbac_net_obj_desc_t::sock_p, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SYMLINK, T_UNIXSOCK, T_USER, rsbac_dev_desc_t::type, rsbac_target_id_t::user, and user_handles.

Referenced by rsbac_pm(), sys_rsbac_remove_target(), and sys_rsbac_remove_target_n().

13763 {
13764         int error = 0;
13765         struct rsbac_device_list_item_t *device_p;
13766 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
13767         u_long dflags;
13768 #endif
13769         u_int hash;
13770 
13771         if (!rsbac_initialized) {
13772                 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
13773                 return (-RSBAC_ENOTINITIALIZED);
13774         }
13775         if (in_interrupt()) {
13776                 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n");
13777         }
13778         switch (target) {
13779         case T_FILE:
13780         case T_DIR:
13781         case T_FIFO:
13782         case T_SYMLINK:
13783         case T_UNIXSOCK:
13784                 /* rsbac_pr_debug(ds, "Removing file/dir/fifo/symlink ACI\n"); */
13785 #if defined(CONFIG_RSBAC_MAC)
13786                 /* file and dir items can also have mac_f_trusets -> remove first */
13787                 if ((target == T_FILE)
13788                     || (target == T_DIR)
13789                     )
13790                         error = rsbac_mac_remove_f_trusets(tid.file);
13791 #endif
13792 #if defined(CONFIG_RSBAC_AUTH)
13793                 /* file and dir items can also have auth_f_capsets -> remove first */
13794                 if ((target == T_FILE)
13795                     || (target == T_DIR)
13796                     )
13797                         error = rsbac_auth_remove_f_capsets(tid.file);
13798 #endif
13799 #if defined(CONFIG_RSBAC_ACL)
13800                 /* items can also have an acl_fd_item -> remove first */
13801                 error = rsbac_acl_remove_acl(ta_number, target, tid);
13802 #endif
13803                 hash = device_hash(tid.file.device);
13804                 /* wait for read access to device_list_head */
13805 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13806                 rcu_read_lock();
13807 #else
13808                 rsbac_read_lock(&device_list_locks[hash], &dflags);
13809 #endif
13810 
13811                 /* lookup device */
13812                 device_p = lookup_device(tid.file.device, hash);
13813                 if (!device_p) {
13814                         struct super_block *sb_p;
13815 
13816 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13817                         rcu_read_unlock();
13818 #else
13819                         rsbac_read_unlock(&device_list_locks[hash], &dflags);
13820 #endif
13821 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13822                         sb_p = user_get_super(tid.file.device);
13823 #else
13824                         sb_p = get_super(tid.file.device);
13825 #endif
13826                         if (sb_p) {
13827                                 if(RSBAC_MAJOR(tid.file.device) <= 1) {
13828                                         rsbac_printk(KERN_INFO "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
13829                                              RSBAC_MAJOR(tid.file.device),
13830                                              RSBAC_MINOR(tid.file.device));
13831                                         rsbac_mount(sb_p, NULL);
13832                                 }
13833                                 /* free super_block pointer */
13834                                 drop_super(sb_p);
13835 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13836                                 rcu_read_lock();
13837 #else
13838                                 rsbac_read_lock(&device_list_locks[hash],
13839                                                 &dflags);
13840 #endif
13841                                 device_p = lookup_device(tid.file.device, hash);
13842                                 if (!device_p) {
13843 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13844                                         rcu_read_unlock();
13845 #else
13846                                         rsbac_read_unlock
13847                                             (&device_list_locks[hash],
13848                                              &dflags);
13849 #endif
13850                                         rsbac_printk(KERN_WARNING "rsbac_remove_target(): unknown device %02u:%02u\n",
13851                                                      RSBAC_MAJOR(tid.file.
13852                                                                  device),
13853                                                      RSBAC_MINOR(tid.file.
13854                                                                  device));
13855                                         return -RSBAC_EINVALIDDEV;
13856                                 }
13857                         } else
13858                                 return -RSBAC_EINVALIDDEV;
13859                 }
13860                 rsbac_ta_list_remove(ta_number,
13861                                      device_p->handles.gen,
13862                                      &tid.file.inode);
13863 #if defined(CONFIG_RSBAC_MAC)
13864                 rsbac_ta_list_remove(ta_number,
13865                                      device_p->handles.mac,
13866                                      &tid.file.inode);
13867 #endif
13868 #if defined(CONFIG_RSBAC_PM)
13869                 rsbac_ta_list_remove(ta_number,
13870                                      device_p->handles.pm,
13871                                      &tid.file.inode);
13872 #endif
13873 #if defined(CONFIG_RSBAC_DAZ)
13874                 rsbac_ta_list_remove(ta_number,
13875                                      device_p->handles.daz,
13876                                      &tid.file.inode);
13877 #if defined(CONFIG_RSBAC_DAZ_CACHE)
13878                 rsbac_ta_list_remove(ta_number,
13879                                      device_p->handles.dazs,
13880                                      &tid.file.inode);
13881 #endif
13882 #endif
13883 #if defined(CONFIG_RSBAC_FF)
13884                 rsbac_ta_list_remove(ta_number,
13885                                      device_p->handles.ff,
13886                                      &tid.file.inode);
13887 #endif
13888 #if defined(CONFIG_RSBAC_RC)
13889                 rsbac_ta_list_remove(ta_number,
13890                                      device_p->handles.rc,
13891                                      &tid.file.inode);
13892 #endif
13893 #if defined(CONFIG_RSBAC_AUTH)
13894                 rsbac_ta_list_remove(ta_number,
13895                                      device_p->handles.auth,
13896                                      &tid.file.inode);
13897 #endif
13898 #if defined(CONFIG_RSBAC_CAP)
13899                 rsbac_ta_list_remove(ta_number,
13900                                      device_p->handles.cap,
13901                                      &tid.file.inode);
13902 #endif
13903 #if defined(CONFIG_RSBAC_PAX)
13904                 rsbac_ta_list_remove(ta_number,
13905                                      device_p->handles.pax,
13906                                      &tid.file.inode);
13907 #endif
13908 #if defined(CONFIG_RSBAC_RES)
13909                 rsbac_ta_list_remove(ta_number,
13910                                      device_p->handles.res,
13911                                      &tid.file.inode);
13912 #endif
13913 
13914                 /* free access to device_list_head */
13915 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13916                 rcu_read_unlock();
13917 #else
13918                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
13919 #endif
13920 #ifdef CONFIG_RSBAC_FD_CACHE
13921                 rsbac_fd_cache_invalidate(&tid.file);
13922 #endif
13923                 break;
13924 
13925         case T_DEV:
13926                 {
13927                   switch (tid.dev.type)
13928                     {
13929                       case D_block:
13930                       case D_char:
13931                         rsbac_ta_list_remove(ta_number,
13932                                          dev_handles.gen,
13933                                          &tid.dev);
13934 #if defined(CONFIG_RSBAC_MAC)
13935                         rsbac_ta_list_remove(ta_number,
13936                                          dev_handles.mac,
13937                                          &tid.dev);
13938 #endif
13939 #if defined(CONFIG_RSBAC_PM)
13940                         rsbac_ta_list_remove(ta_number,
13941                                          dev_handles.pm,
13942                                          &tid.dev);
13943 #endif
13944 #if defined(CONFIG_RSBAC_RC)
13945                         rsbac_ta_list_remove(ta_number,
13946                                          dev_handles.rc,
13947                                          &tid.dev);
13948 #endif
13949                         break;
13950                       case D_block_major:
13951                       case D_char_major:
13952                         {
13953                           enum rsbac_dev_type_t orig_devtype=tid.dev.type;
13954 
13955                           if (tid.dev.type==D_block_major)    
13956                             tid.dev.type=D_block;
13957                           else
13958                             tid.dev.type=D_char;
13959                           rsbac_ta_list_remove(ta_number,
13960                                            dev_major_handles.gen,
13961                                            &tid.dev);
13962 #if defined(CONFIG_RSBAC_MAC)
13963                           rsbac_ta_list_remove(ta_number,
13964                                            dev_major_handles.mac,
13965                                            &tid.dev);
13966 #endif
13967 #if defined(CONFIG_RSBAC_PM)
13968                           rsbac_ta_list_remove(ta_number,
13969                                            dev_major_handles.pm,
13970                                            &tid.dev);
13971 #endif
13972 #if defined(CONFIG_RSBAC_RC)
13973                           rsbac_ta_list_remove(ta_number,
13974                                            dev_major_handles.rc,
13975                                            &tid.dev);
13976 #endif
13977                           tid.dev.type=orig_devtype;
13978                           break;
13979                         }
13980                       default:
13981                         return -RSBAC_EINVALIDTARGET;
13982                     }
13983                 }
13984                 break;
13985 
13986         case T_IPC:
13987                 /* rsbac_pr_debug(ds, "Removing ipc ACI\n"); */
13988 #if defined(CONFIG_RSBAC_MAC)
13989                 rsbac_ta_list_remove(ta_number, ipc_handles.mac, &tid.ipc);
13990 #endif
13991 #if defined(CONFIG_RSBAC_PM)
13992                 rsbac_ta_list_remove(ta_number, ipc_handles.pm, &tid.ipc);
13993 #endif
13994 #if defined(CONFIG_RSBAC_RC)
13995                 rsbac_ta_list_remove(ta_number, ipc_handles.rc, &tid.ipc);
13996 #endif
13997 #if defined(CONFIG_RSBAC_JAIL)
13998                 rsbac_ta_list_remove(ta_number,
13999                                      ipc_handles.jail, &tid.ipc);
14000 #endif
14001                 break;
14002 
14003         case T_USER:
14004                 /* rsbac_pr_debug(ds, "Removing user ACI"); */
14005                 rsbac_ta_list_remove(ta_number,
14006                                      user_handles.gen, &tid.user);
14007 #if defined(CONFIG_RSBAC_MAC)
14008                 rsbac_ta_list_remove(ta_number,
14009                                      user_handles.mac, &tid.user);
14010 #endif
14011 #if defined(CONFIG_RSBAC_PM)
14012                 rsbac_ta_list_remove(ta_number,
14013                                      user_handles.pm, &tid.user);
14014 #endif
14015 #if defined(CONFIG_RSBAC_DAZ)
14016                 rsbac_ta_list_remove(ta_number,
14017                                      user_handles.daz, &tid.user);
14018 #endif
14019 #if defined(CONFIG_RSBAC_FF)
14020                 rsbac_ta_list_remove(ta_number,
14021                                      user_handles.ff, &tid.user);
14022 #endif
14023 #if defined(CONFIG_RSBAC_RC)
14024                 rsbac_ta_list_remove(ta_number,
14025                                      user_handles.rc, &tid.user);
14026 #endif
14027 #if defined(CONFIG_RSBAC_AUTH)
14028                 rsbac_ta_list_remove(ta_number,
14029                                      user_handles.auth, &tid.user);
14030 #endif
14031 #if defined(CONFIG_RSBAC_CAP)
14032                 rsbac_ta_list_remove(ta_number,
14033                                      user_handles.cap, &tid.user);
14034 #endif
14035 #if defined(CONFIG_RSBAC_JAIL)
14036                 rsbac_ta_list_remove(ta_number,
14037                                      user_handles.jail, &tid.user);
14038 #endif
14039 #if defined(CONFIG_RSBAC_PAX)
14040                 rsbac_ta_list_remove(ta_number,
14041                                      user_handles.pax, &tid.user);
14042 #endif
14043 #if defined(CONFIG_RSBAC_RES)
14044                 rsbac_ta_list_remove(ta_number,
14045                                      user_handles.res, &tid.user);
14046 #endif
14047                 break;
14048 
14049         case T_PROCESS:
14050 /* too noisy... kicked out.
14051                 rsbac_pr_debug(ds, "Removing process ACI\n");
14052 */
14053 #if defined(CONFIG_RSBAC_ACL)
14054                 /* process items can also have an acl_p_item -> remove first */
14055                 error = rsbac_acl_remove_acl(ta_number, target, tid);
14056 #endif
14057                 rsbac_ta_list_remove(ta_number,
14058                                      process_handles.gen,
14059                                      &tid.process);
14060 #if defined(CONFIG_RSBAC_MAC)
14061                 /* process items can also have mac_p_trusets -> remove first */
14062                 error = rsbac_mac_remove_p_trusets(tid.process);
14063                 rsbac_ta_list_remove(ta_number,
14064                                      process_handles.mac,
14065                                      &tid.process);
14066 #endif
14067 #if defined(CONFIG_RSBAC_PM)
14068                 rsbac_ta_list_remove(ta_number,
14069                                      process_handles.pm, &tid.process);
14070 #endif
14071 #if defined(CONFIG_RSBAC_DAZ)
14072                 rsbac_ta_list_remove(ta_number,
14073                                      process_handles.daz, &tid.process);
14074 #endif
14075 #if defined(CONFIG_RSBAC_RC)
14076                 rsbac_ta_list_remove(ta_number,
14077                                      process_handles.rc,
14078                                      &tid.process);
14079 #endif
14080 #if defined(CONFIG_RSBAC_AUTH)
14081                 /* process items can also have auth_p_capsets -> remove first */
14082                 error = rsbac_auth_remove_p_capsets(tid.process);
14083                 rsbac_ta_list_remove(ta_number,
14084                                      process_handles.auth, &tid.process);
14085 #endif
14086 #if defined(CONFIG_RSBAC_CAP)
14087                 rsbac_ta_list_remove(ta_number,
14088                                      process_handles.cap, &tid.process);
14089 #endif
14090 #if defined(CONFIG_RSBAC_JAIL)
14091                 rsbac_ta_list_remove(ta_number,
14092                                      process_handles.jail,
14093                                      &tid.process);
14094 #endif
14095                 break;
14096 
14097 #ifdef CONFIG_RSBAC_UM
14098         case T_GROUP:
14099                 /* rsbac_pr_debug(ds, "Removing group ACI\n"); */
14100 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14101                 rsbac_ta_list_remove(ta_number,
14102                                      group_handles.rc, &tid.group);
14103 #endif
14104                 break;
14105 #endif                          /* CONFIG_RSBAC_UM */
14106 
14107 #ifdef CONFIG_RSBAC_NET_DEV
14108         case T_NETDEV:
14109 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14110                 rsbac_ta_list_remove(ta_number,
14111                                      netdev_handles.gen, &tid.netdev);
14112 #endif
14113 #if defined(CONFIG_RSBAC_RC)
14114                 rsbac_ta_list_remove(ta_number,
14115                                      netdev_handles.rc, &tid.netdev);
14116 #endif
14117                 break;
14118 #endif
14119 
14120 #ifdef CONFIG_RSBAC_NET_OBJ
14121         case T_NETTEMP:
14122 /* too noisy... kicked out.
14123                 rsbac_pr_debug(ds, "Removing nettemp ACI\n");
14124 */
14125 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14126                 rsbac_ta_list_remove(ta_number,
14127                                      nettemp_handles.gen, &tid.nettemp);
14128 #endif
14129 #if defined(CONFIG_RSBAC_MAC)
14130                 rsbac_ta_list_remove(ta_number,
14131                                      nettemp_handles.mac, &tid.nettemp);
14132 #endif
14133 #if defined(CONFIG_RSBAC_PM)
14134                 rsbac_ta_list_remove(ta_number,
14135                                      nettemp_handles.pm, &tid.nettemp);
14136 #endif
14137 #if defined(CONFIG_RSBAC_RC)
14138                 rsbac_ta_list_remove(ta_number,
14139                                      nettemp_handles.rc, &tid.nettemp);
14140 #endif
14141 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
14142                 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid);
14143                 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid);
14144 #endif
14145                 break;
14146 
14147         case T_NETOBJ:
14148 /* too noisy... kicked out.
14149                 rsbac_pr_debug(ds, "Removing netobj ACI\n");
14150 */
14151 #if defined(CONFIG_RSBAC_MAC)
14152                 rsbac_ta_list_remove(ta_number,
14153                                      lnetobj_handles.mac,
14154                                      &tid.netobj.sock_p);
14155                 rsbac_ta_list_remove(ta_number,
14156                                      rnetobj_handles.mac,
14157                                      &tid.netobj.sock_p);
14158 #endif
14159 #if defined(CONFIG_RSBAC_PM)
14160                 rsbac_ta_list_remove(ta_number,
14161                                      lnetobj_handles.pm,
14162                                      &tid.netobj.sock_p);
14163                 rsbac_ta_list_remove(ta_number,
14164                                      rnetobj_handles.pm,
14165                                      &tid.netobj.sock_p);
14166 #endif
14167 #if defined(CONFIG_RSBAC_RC)
14168                 rsbac_ta_list_remove(ta_number,
14169                                      lnetobj_handles.rc,
14170                                      &tid.netobj.sock_p);
14171                 rsbac_ta_list_remove(ta_number,
14172                                      rnetobj_handles.rc,
14173                                      &tid.netobj.sock_p);
14174 #endif
14175                 break;
14176 
14177 #endif
14178 
14179         default:
14180                 return (-RSBAC_EINVALIDTARGET);
14181         }
14182 #ifdef CONFIG_RSBAC_XSTATS
14183         remove_count[target]++;
14184 #endif
14185         return (error);
14186 }

int rsbac_ta_set_attr ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t  value 
)

Definition at line 13664 of file aci_data_structures.c.

References rsbac_target_id_t::dev, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), set_attr_dev(), set_attr_fd(), set_attr_ipc(), set_attr_process(), set_attr_user(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, T_UNIXSOCK, and T_USER.

Referenced by rsbac_pm(), sys_rsbac_set_attr(), and sys_rsbac_set_attr_n().

13670 {
13671         int err = 0;
13672 /*
13673 #ifdef CONFIG_RSBAC_DEBUG
13674       char tmp[RSBAC_MAXNAMELEN];
13675 #endif
13676 */
13677         if (!rsbac_initialized) {
13678                 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
13679                 return (-RSBAC_ENOTINITIALIZED);
13680         }
13681         if (in_interrupt()) {
13682                 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n");
13683         }
13684         switch (target) {
13685         case T_FILE:
13686         case T_DIR:
13687         case T_FIFO:
13688         case T_SYMLINK:
13689         case T_UNIXSOCK:
13690                 err = set_attr_fd(ta_number, module, target, &tid, attr, &value);
13691                 break;
13692 
13693         case T_DEV:
13694                 err =
13695                     set_attr_dev(ta_number, module, target, tid.dev, attr,
13696                                  &value);
13697                 break;
13698 
13699         case T_IPC:
13700                 err =
13701                     set_attr_ipc(ta_number, module, target, &tid, attr,
13702                                  &value);
13703                 break;
13704 
13705         case T_USER:
13706                 err =
13707                     set_attr_user(ta_number, module, target, &tid, attr,
13708                                   &value);
13709                 break;
13710 
13711         case T_PROCESS:
13712                 err =
13713                     set_attr_process(ta_number, module, target, &tid, attr,
13714                                      &value);
13715                 break;
13716 
13717 #ifdef CONFIG_RSBAC_UM
13718         case T_GROUP:
13719                 err =
13720                     set_attr_group(ta_number, module, target, &tid, attr,
13721                                    &value);
13722                 break;
13723 #endif                          /* CONFIG_RSBAC_UM */
13724 
13725 #ifdef CONFIG_RSBAC_NET_DEV
13726         case T_NETDEV:
13727                 err =
13728                     set_attr_netdev(ta_number, module, target, &tid, attr,
13729                                     &value);
13730                 break;
13731 #endif
13732 
13733 #ifdef CONFIG_RSBAC_NET_OBJ
13734         case T_NETTEMP:
13735                 err =
13736                     set_attr_nettemp(ta_number, module, target, &tid, attr,
13737                                      &value);
13738                 break;
13739 
13740         case T_NETOBJ:
13741                 err =
13742                     set_attr_netobj(ta_number, module, target, &tid, attr,
13743                                     &value);
13744                 break;
13745 #endif                          /* NET_OBJ */
13746 
13747                 /* switch(target): no valid target */
13748         default:
13749                 return (-RSBAC_EINVALIDTARGET);
13750         }
13751 #ifdef CONFIG_RSBAC_XSTATS
13752         if (!err)
13753                 set_attr_count[target]++;
13754 #endif
13755         return (err);
13756 }

int rsbac_umount ( struct super_block *  sb_p,
struct dentry *  d_covers 
)

Definition at line 8442 of file aci_data_structures.c.

References device_hash(), device_list_locks, lookup_device(), NULL, remove_device_item(), rsbac_debug_no_write, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_umount(), rsbac_pr_debug, rsbac_printk(), rsbac_umount_acl(), rsbac_umount_auth(), rsbac_umount_mac(), rsbac_umount_reg(), rsbac_write(), rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE.

08443 {
08444 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08445         u_long flags;
08446 #endif
08447         struct rsbac_device_list_item_t *device_p;
08448         kdev_t kdev;
08449         u_int hash;
08450 
08451         if (!sb_p) {
08452                 rsbac_printk(KERN_WARNING "rsbac_umount(): called with NULL pointer\n");
08453                 return -RSBAC_EINVALIDPOINTER;
08454         }
08455         if (!rsbac_initialized) {
08456                 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
08457 
08458 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08459                 if ((sb_p->s_magic == SYSFS_MAGIC)
08460                     && !RSBAC_MAJOR(sb_p->s_dev)
08461                     && sysfs_sb_p && sysfs_covered_p) {
08462                         rsbac_printk(KERN_WARNING "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
08463                         sysfs_sb_p = NULL;
08464                         sysfs_covered_p = NULL;
08465                 }
08466 #endif
08467 #ifdef CONFIG_DEVFS_MOUNT
08468                 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC)
08469                     && !RSBAC_MAJOR(sb_p->s_dev)
08470                     && devfs_sb_p && devfs_covered_p) {
08471                         rsbac_printk(KERN_WARNING "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
08472                         devfs_sb_p = NULL;
08473                         devfs_covered_p = NULL;
08474                 }
08475 #endif
08476 
08477                 return (-RSBAC_ENOTINITIALIZED);
08478         }
08479         rsbac_pr_debug(ds, "umounting device %02u:%02u\n",
08480                        MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08481         kdev = sb_p->s_dev;
08482 
08483         /* sync attribute lists */
08484 #if defined(CONFIG_RSBAC_AUTO_WRITE)
08485         if (!rsbac_debug_no_write) {
08486                 down(&rsbac_write_sem);
08487                 /* recheck no_write with lock - might have been set in between */
08488                 if (!rsbac_debug_no_write) {
08489                         rsbac_write(TRUE);
08490                 }
08491                 up(&rsbac_write_sem);
08492         }
08493 #endif
08494 /* call other umount functions */
08495 #if defined(CONFIG_RSBAC_MAC)
08496         rsbac_umount_mac(kdev);
08497 #endif
08498 #if defined(CONFIG_RSBAC_AUTH)
08499         rsbac_umount_auth(kdev);
08500 #endif
08501 #if defined(CONFIG_RSBAC_ACL)
08502         rsbac_umount_acl(kdev);
08503 #endif
08504 #if defined(CONFIG_RSBAC_REG)
08505         rsbac_umount_reg(kdev);
08506 #endif
08507 
08508         hash = device_hash(kdev);
08509         /* wait for write access to device_list_head */
08510 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08511         spin_lock(&device_list_locks[hash]);
08512 #else
08513         rsbac_write_lock(&device_list_locks[hash], &flags);
08514 #endif
08515         /* OK, nobody else is working on it... */
08516         device_p = lookup_device(kdev, hash);
08517         if (device_p) {
08518                 if (device_p->mount_count == 1) {
08519                         /* Generic lists */
08520                         rsbac_list_umount(kdev);
08521                         /* 2.6: remove_device_item unlocks! */
08522                         remove_device_item(kdev);
08523                 } else {
08524                         if (device_p->mount_count > 1) {
08525                                 device_p->mount_count--;
08526 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08527                                 spin_unlock(&device_list_locks[hash]);
08528 #endif
08529                                 if (device_p->d_covers == d_covers) {
08530                                         rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
08531                                                      RSBAC_MAJOR(kdev),
08532                                                      RSBAC_MINOR(kdev));
08533                                         device_p->d_covers = NULL;
08534                                 }
08535                         } else {
08536 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08537                                 spin_unlock(&device_list_locks[hash]);
08538 #endif
08539                                 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
08540                                              RSBAC_MAJOR(kdev),
08541                                              RSBAC_MINOR(kdev));
08542                         }
08543                 }
08544         }
08545 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08546         else
08547                 spin_unlock(&device_list_locks[hash]);
08548 #else
08549         rsbac_write_unlock(&device_list_locks[hash], &flags);
08550 #endif
08551 #ifdef CONFIG_RSBAC_FD_CACHE
08552         rsbac_fd_cache_invalidate_all();
08553 #endif
08554 
08555         return 0;
08556 }

void rsbac_write_close ( struct file *  file_p  ) 

Definition at line 2619 of file aci_data_structures.c.

References rsbac_read_close().

Referenced by rsbac_list_write_buffers(), rsbac_list_write_lol_buffers(), and write_info().

02620 {
02621         rsbac_read_close(file_p);
02622 }

int rsbac_write_open ( char *  name,
struct file *  file_p,
kdev_t  kdev 
)

Definition at line 2260 of file aci_data_structures.c.

References check_parent, init_private_file(), KERNEL_VERSION, lookup_aci_path_dentry(), NULL, rsbac_clear_file(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_ENOTWRITABLE, RSBAC_EWRITEFAILED, rsbac_get_super_block(), rsbac_kfree(), rsbac_kmalloc(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, rsbac_pr_debug, rsbac_printk(), TRUE, and writable().

Referenced by rsbac_list_write_buffers(), rsbac_list_write_lol_buffers(), and write_info().

02261 {
02262         struct dentry *dir_dentry_p = NULL;
02263         struct dentry *ldir_dentry_p = NULL;
02264         struct dentry *file_dentry_p = NULL;
02265         int err = 0;
02266         int tmperr = 0;
02267         struct super_block *sb_p;
02268 
02269         if (!file_p || !name) {
02270                 rsbac_pr_debug(write, "called with NULL pointer!\n");
02271                 return (-RSBAC_EINVALIDPOINTER);
02272         }
02273 
02274         /* get super_block-pointer */
02275         sb_p = rsbac_get_super_block(kdev);
02276         if (!sb_p) {
02277                 rsbac_printk(KERN_WARNING "rsbac_write_open(): invalid device %02u:%02u\n",
02278                              RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02279                 return (-RSBAC_EINVALIDDEV);
02280         }
02281         if (!writable(sb_p)) {
02282                 rsbac_pr_debug(write, "called for non-writable device\n");
02283                 err = -RSBAC_ENOTWRITABLE;
02284                 goto out;
02285         }
02286 
02287         /* lookup dentry of ACI_PATH on this device (create, if needed and possible),
02288          * returns errorcode, if failed */
02289         if ((tmperr = lookup_aci_path_dentry(sb_p, &dir_dentry_p, TRUE,
02290                                              kdev))) {
02291                 err = tmperr;
02292                 goto out;
02293         }
02294 
02295         /* open file for reading - this must be done 'by hand', because     */
02296         /* standard system calls are now extended by rsbac decision calls.  */
02297         file_dentry_p =
02298             rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02299         if (!file_dentry_p || IS_ERR(file_dentry_p)) {
02300                 rsbac_pr_debug(write, "lookup of %s returned error %li\n",
02301                              name, PTR_ERR(file_dentry_p));
02302                 err = -RSBAC_EWRITEFAILED;
02303                 goto out;
02304         }
02305 #if 1
02306         if (file_dentry_p->d_inode) {   /* file was found: try to rename it as backup file */
02307                 if (!dir_dentry_p->d_inode->i_op
02308                     || !dir_dentry_p->d_inode->i_op->rename) {
02309                         rsbac_printk(KERN_WARNING "rsbac_write_open(): File system supports no rename - no backup of %s made!",
02310                                      name);
02311                 } else {
02312                         char *bname;
02313                         int name_len = strlen(name);
02314                         struct dentry *new_file_dentry_p = NULL;
02315                         struct dentry *old_dir_p, *new_dir_p;
02316 
02317                         bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02318                         if (!bname) {
02319                                 err = -RSBAC_ENOMEM;
02320                                 goto out_dput;
02321                         }
02322                         strcpy(bname, name);
02323                         bname[name_len] = 'b';
02324                         bname[name_len + 1] = (char) 0;
02325                         new_file_dentry_p =
02326                             rsbac_lookup_one_len(bname, dir_dentry_p,
02327                                                  strlen(bname));
02328                         if (new_file_dentry_p
02329                             && !IS_ERR(new_file_dentry_p)) {
02330                                 /* lock parent == rsbac-dir for rest of rename */
02331                                 old_dir_p = dget(file_dentry_p->d_parent);
02332                                 new_dir_p =
02333                                     dget(new_file_dentry_p->d_parent);
02334                                 double_lock(new_dir_p, old_dir_p);
02335 
02336                                 DQUOT_INIT(old_dir_p->d_inode);
02337                                 DQUOT_INIT(new_dir_p->d_inode);
02338                                 /* try to rename file in rsbac dir */
02339                                 /* rsbac_pr_debug(write, "calling rename function\n"); */
02340                                 err =
02341                                     dir_dentry_p->d_inode->i_op->
02342                                     rename(old_dir_p->d_inode,
02343                                            file_dentry_p,
02344                                            new_dir_p->d_inode,
02345                                            new_file_dentry_p);
02346                                 /* unlock dir (dputs both dentries) */
02347                                 double_unlock(new_dir_p, old_dir_p);
02348                                 if (err) {
02349                                         rsbac_printk(KERN_WARNING "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n",
02350                                                      name, bname,
02351                                                      RSBAC_MAJOR(kdev),
02352                                                      RSBAC_MINOR(kdev),
02353                                                      err);
02354                                 } else {
02355                                         /* The following d_move() should become unconditional */
02356                                         if (!
02357                                             (sb_p->s_type->
02358                                              fs_flags
02359 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02360                                               & FS_RENAME_DOES_D_MOVE
02361 #else
02362                                               & FS_ODD_RENAME
02363 #endif
02364                                             ))
02365                                                 d_move(file_dentry_p,
02366                                                        new_file_dentry_p);
02367                                         inode_dir_notify(old_dir_p->
02368                                                          d_inode,
02369                                                          DN_RENAME);
02370                                 }
02371                                 dput(new_file_dentry_p);
02372                                 dput(file_dentry_p);
02373                                 /* re-init dentry structure */
02374                                 file_dentry_p =
02375                                     rsbac_lookup_one_len(name,
02376                                                          dir_dentry_p,
02377                                                          strlen(name));
02378                                 if (!file_dentry_p
02379                                     || IS_ERR(file_dentry_p)) {
02380                                         rsbac_pr_debug(write, "relookup of %s "
02381                                                        "returned error %li\n",
02382                                                        name,
02383                                                        PTR_ERR(file_dentry_p));
02384                                         err = -RSBAC_EWRITEFAILED;
02385                                         goto out;
02386                                 }
02387                                 if (file_dentry_p->d_inode) {
02388                                         rsbac_printk(KERN_WARNING "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n",
02389                                                      name,
02390                                                      file_dentry_p->
02391                                                      d_inode->i_ino);
02392                                         /* file was found: try to delete it */
02393                                         if (!dir_dentry_p->d_inode->i_op
02394                                             || !dir_dentry_p->d_inode->
02395                                             i_op->unlink) {
02396                                                 rsbac_printk(KERN_WARNING "rsbac_write_open(): File system supports no unlink - %s not deleted!",
02397                                                              name);
02398                                                 rsbac_kfree(bname);
02399                                                 err = -RSBAC_EWRITEFAILED;
02400                                                 goto out_dput;
02401                                         } else {
02402                                                 old_dir_p =
02403                                                     lock_parent
02404                                                     (file_dentry_p);
02405 
02406                                                 DQUOT_INIT(old_dir_p->
02407                                                            d_inode);
02408                                                 err = -ENOENT;
02409 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02410                                                 if (check_parent
02411                                                     (old_dir_p,
02412                                                      file_dentry_p)) {
02413 #endif
02414                                                         err =
02415                                                             dir_dentry_p->
02416                                                             d_inode->i_op->
02417                                                             unlink
02418                                                             (old_dir_p->
02419                                                              d_inode,
02420                                                              file_dentry_p);
02421 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02422                                                 } else {
02423                                                         rsbac_printk
02424                                                             (KERN_WARNING
02425                                                              "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n",
02426                                                              name,
02427                                                              RSBAC_MAJOR
02428                                                              (kdev),
02429                                                              RSBAC_MINOR
02430                                                              (kdev));
02431                                                 }
02432 #endif
02433                                                 /* unlock parent dir */
02434                                                 unlock_dir(old_dir_p);
02435                                                 /* free file dentry */
02436                                                 dput(file_dentry_p);
02437                                                 if (err) {
02438                                                         rsbac_printk
02439                                                             (KERN_WARNING
02440                                                              "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n",
02441                                                              name,
02442                                                              RSBAC_MAJOR
02443                                                              (kdev),
02444                                                              RSBAC_MINOR
02445                                                              (kdev), err);
02446                                                 }
02447                                                 /* re-init dentry structure */
02448                                                 file_dentry_p =
02449                                                     rsbac_lookup_one_len
02450                                                     (name, dir_dentry_p,
02451                                                      strlen(name));
02452                                                 if (!file_dentry_p
02453                                                     ||
02454                                                     IS_ERR(file_dentry_p)) {
02455                                                         rsbac_pr_debug(write, "relookup of %s returned error %li\n",
02456                                                                        name,
02457                                                                        PTR_ERR(file_dentry_p));
02458                                                         rsbac_kfree(bname);
02459                                                         err =
02460                                                             -RSBAC_EWRITEFAILED;
02461                                                         goto out;
02462                                                 }
02463                                                 if (file_dentry_p->d_inode) {
02464                                                         rsbac_printk
02465                                                             (KERN_WARNING
02466                                                              "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n",
02467                                                              name,
02468                                                              file_dentry_p->
02469                                                              d_inode->
02470                                                              i_ino);
02471                                                         rsbac_kfree(bname);
02472                                                         err =
02473                                                             -RSBAC_EWRITEFAILED;
02474                                                         goto out_dput;
02475                                                 }
02476                                         }
02477                                 }
02478                         } else {
02479                                 rsbac_printk(KERN_WARNING "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n",
02480                                              bname, RSBAC_MAJOR(kdev),
02481                                              RSBAC_MINOR(kdev),
02482                                              PTR_ERR(new_file_dentry_p));
02483                         }
02484                         rsbac_kfree(bname);
02485                 }
02486         }
02487 #endif                          /* backup part */
02488 
02489         if (!file_dentry_p->d_inode) {
02490                 /* file not found or renamed away: try to create a new one */
02491                 if (!dir_dentry_p->d_inode->i_op
02492                     || !dir_dentry_p->d_inode->i_op->create) {
02493                         rsbac_printk(KERN_WARNING "%s\n",
02494                                      "rsbac_write_open(): File system supports no create!");
02495                         err = -RSBAC_EWRITEFAILED;
02496                         goto out_dput;
02497                 }
02498 
02499                 /* lock parent == rsbac-dir for create */
02500                 ldir_dentry_p = lock_parent(file_dentry_p);
02501                 if (IS_ERR(ldir_dentry_p)) {
02502                         rsbac_pr_debug(write, "lock_parent of %s returned "
02503                                        "error %li\n", name,
02504                                        PTR_ERR(ldir_dentry_p));
02505                         err = -RSBAC_EWRITEFAILED;
02506                         goto out_dput;
02507                 }
02508 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02509                 if (!check_parent(ldir_dentry_p, file_dentry_p)) {
02510                         rsbac_pr_debug(write, "check_parent of %s returned "
02511                                        "error\n", name);
02512                         unlock_dir(ldir_dentry_p);
02513                         err = -RSBAC_EWRITEFAILED;
02514                         goto out_dput;
02515                 }
02516 #endif
02517                 /* try to create file in rsbac dir */
02518                 /* rsbac_pr_debug(write, "calling create function\n"); */
02519                 DQUOT_INIT(ldir_dentry_p->d_inode);
02520 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02521                 err =
02522                     dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->
02523                                                         d_inode,
02524                                                         file_dentry_p,
02525                                                         RSBAC_ACI_FILE_MODE,
02526                                                         NULL);
02527 #else
02528                 err =
02529                     dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->
02530                                                         d_inode,
02531                                                         file_dentry_p,
02532                                                         RSBAC_ACI_FILE_MODE);
02533 #endif
02534                 unlock_dir(ldir_dentry_p);
02535 
02536                 if (err) {
02537                         goto out_dput;
02538                 }
02539                 /* create was successful */
02540         }
02541 
02542         if (!(S_ISREG(file_dentry_p->d_inode->i_mode))) {       /* this is not a file! -> error! */
02543                 rsbac_printk(KERN_WARNING "rsbac_write_open(): expected file is not a file, mode is %o!\n",
02544                              file_dentry_p->d_inode->i_mode);
02545                 err = -RSBAC_EWRITEFAILED;
02546                 goto out_dput;
02547         }
02548         /* Now we fill the file structure and */
02549         /* if there is an open func for this file, use it, otherwise ignore */
02550         if ((tmperr = init_private_file(file_p, file_dentry_p, O_RDONLY))) {
02551                 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not init file!\n");
02552                 err = -RSBAC_EWRITEFAILED;
02553                 goto out_dput;
02554         }
02555 
02556         /* Without a write function we get into troubles -> error */
02557         if ((!file_p->f_op) || (!file_p->f_op->write)) {
02558                 rsbac_printk(KERN_WARNING "rsbac_write_open(): file write function missing!\n");
02559                 if (file_p->f_op && file_p->f_op->release) {
02560                         file_p->f_op->release(file_dentry_p->d_inode,
02561                                               file_p);
02562                 }
02563                 err = -RSBAC_EWRITEFAILED;
02564                 goto out_dput;
02565         }
02566 
02567         /* trying to get write access                                   */
02568         /* rsbac_pr_debug(write, "trying to get write access!\n"); */
02569         if (get_write_access(file_dentry_p->d_inode)) {
02570                 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not get write access!\n");
02571                 if (file_p->f_op->release)
02572                         file_p->f_op->release(file_dentry_p->d_inode,
02573                                               file_p);
02574                 err = -RSBAC_EWRITEFAILED;
02575                 goto out_dput;
02576         }
02577         /* truncating */
02578         if (rsbac_clear_file(file_dentry_p)) {
02579                 if (file_p->f_op->release)
02580                         file_p->f_op->release(file_dentry_p->d_inode,
02581                                               file_p);
02582                 put_write_access(file_dentry_p->d_inode);
02583                 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not truncate!\n");
02584                 err = -RSBAC_EWRITEFAILED;
02585                 goto out_dput;
02586         }
02587         /* set synchronous mode for this file */
02588         file_p->f_flags |= O_SYNC;
02589 
02590       out:
02591         return err;
02592 
02593       out_dput:
02594         dput(file_dentry_p);
02595         goto out;
02596 }

static int set_attr_dev ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
struct rsbac_dev_desc_t  dev,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value_p 
) [static]

Definition at line 12045 of file aci_data_structures.c.

References A_log_array_high, A_log_array_low, A_mac_categories, A_mac_check, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, D_block, D_block_major, D_char, D_char_major, DEFAULT_GEN_DEV_ACI, dev_handles, dev_major_handles, handle, rsbac_attribute_value_t::log_array_high, rsbac_gen_dev_aci_t::log_array_high, rsbac_attribute_value_t::log_array_low, rsbac_gen_dev_aci_t::log_array_low, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_check, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::rc_type, RC_type_max_value, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SW_GEN, and rsbac_dev_desc_t::type.

Referenced by rsbac_ta_set_attr().

12051 {
12052         int err = 0;
12053         /* rsbac_pr_debug(ds, "Setting dev attribute\n"); */
12054         switch (module) {
12055         case SW_GEN:
12056                 {
12057                         struct rsbac_gen_dev_aci_t aci =
12058                             DEFAULT_GEN_DEV_ACI;
12059 
12060                         if (dev.type > D_char)
12061                                 return -RSBAC_EINVALIDTARGET;
12062                         rsbac_ta_list_get_data_ttl(ta_number,
12063                                                    dev_handles.gen,
12064                                                    NULL, &dev, &aci);
12065                         switch (attr) {
12066                         case A_log_array_low:
12067                                 aci.log_array_low = value_p->log_array_low;
12068                                 break;
12069                         case A_log_array_high:
12070                                 aci.log_array_high =
12071                                     value_p->log_array_high;
12072                                 break;
12073                         default:
12074                                 err = -RSBAC_EINVALIDATTR;
12075                         }
12076                         if (!err) {
12077                                 err = rsbac_ta_list_add_ttl(ta_number,
12078                                                             dev_handles.
12079                                                             gen, 0, &dev,
12080                                                             &aci);
12081                         }
12082                 }
12083                 break;
12084 
12085 #if defined(CONFIG_RSBAC_MAC)
12086         case SW_MAC:
12087                 {
12088                         struct rsbac_mac_dev_aci_t aci =
12089                             DEFAULT_MAC_DEV_ACI;
12090 
12091                         if (dev.type > D_char)
12092                                 return -RSBAC_EINVALIDTARGET;
12093                         rsbac_ta_list_get_data_ttl(ta_number,
12094                                                    dev_handles.mac,
12095                                                    NULL, &dev, &aci);
12096                         switch (attr) {
12097                         case A_security_level:
12098                                 aci.sec_level = value_p->security_level;
12099                                 break;
12100                         case A_mac_categories:
12101                                 aci.mac_categories =
12102                                     value_p->mac_categories;
12103                                 break;
12104                         case A_mac_check:
12105                                 aci.mac_check = value_p->mac_check;
12106                                 break;
12107                         default:
12108                                 err = -RSBAC_EINVALIDATTR;
12109                         }
12110                         if (!err) {
12111                                 err = rsbac_ta_list_add_ttl(ta_number,
12112                                                             dev_handles.
12113                                                             mac, 0, &dev,
12114                                                             &aci);
12115                         }
12116                 }
12117                 break;
12118 #endif
12119 
12120 #if defined(CONFIG_RSBAC_PM)
12121         case SW_PM:
12122                 {
12123                         struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
12124 
12125                         if (dev.type > D_char)
12126                                 return -RSBAC_EINVALIDTARGET;
12127                         rsbac_ta_list_get_data_ttl(ta_number,
12128                                                    dev_handles.pm,
12129                                                    NULL, &dev, &aci);
12130                         switch (attr) {
12131                         case A_pm_object_type:
12132                                 aci.pm_object_type =
12133                                     value_p->pm_object_type;
12134                                 break;
12135                         case A_pm_object_class:
12136                                 aci.pm_object_class =
12137                                     value_p->pm_object_class;
12138                                 break;
12139                         default:
12140                                 err = -RSBAC_EINVALIDATTR;
12141                         }
12142                         if (!err) {
12143                                 err = rsbac_ta_list_add_ttl(ta_number,
12144                                                             dev_handles.pm,
12145                                                             0, &dev, &aci);
12146                         }
12147                 }
12148                 break;
12149 #endif
12150 
12151 #if defined(CONFIG_RSBAC_RC)
12152         case SW_RC:
12153                 {
12154                         rsbac_rc_type_id_t type = value_p->rc_type;
12155                         struct rsbac_dev_desc_t dev_desc;
12156                         rsbac_list_handle_t handle;
12157 
12158                         switch (dev.type) {
12159                         case D_char:
12160                                 dev_desc.type = D_char;
12161                                 handle = dev_handles.rc;
12162                                 break;
12163                         case D_block:
12164                                 dev_desc.type = D_block;
12165                                 handle = dev_handles.rc;
12166                                 break;
12167                         case D_char_major:
12168                                 if (type > RC_type_max_value)
12169                                         return -RSBAC_EINVALIDVALUE;
12170                                 dev_desc.type = D_char;
12171                                 handle = dev_major_handles.rc;
12172                                 break;
12173                         case D_block_major:
12174                                 if (type > RC_type_max_value)
12175                                         return -RSBAC_EINVALIDVALUE;
12176                                 dev_desc.type = D_block;
12177                                 handle = dev_major_handles.rc;
12178                                 break;
12179                         default:
12180                                 return -RSBAC_EINVALIDTARGET;
12181                         }
12182                         dev_desc.major = dev.major;
12183                         dev_desc.minor = dev.minor;
12184 
12185                         switch (attr) {
12186                         case A_rc_type:
12187                                 err = rsbac_ta_list_add_ttl(ta_number,
12188                                                             handle,
12189                                                             0,
12190                                                             &dev_desc,
12191                                                             &type);
12192                                 break;
12193                         default:
12194                                 err = -RSBAC_EINVALIDATTR;
12195                         }
12196                 }
12197                 break;
12198 #endif
12199 
12200         default:
12201                 err = -RSBAC_EINVALIDMODULE;
12202         }
12203 
12204         return err;
12205 }

static int set_attr_fd ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t tid_p,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value_p 
) [static]

Definition at line 11556 of file aci_data_structures.c.

References A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_ld_env, A_daz_do_scan, A_daz_scanned, A_daz_scanner, A_fake_root_uid, A_ff_flags, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_file_flags, A_mac_prop_trusted, A_max_caps, A_min_caps, A_pax_flags, A_pm_object_class, A_pm_object_type, A_pm_tp, A_rc_force_role, A_rc_initial_role, A_rc_type_fd, A_res_max, A_res_min, A_security_level, A_symlink_add_mac_level, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, rsbac_attribute_value_t::auid_exempt, rsbac_gen_fd_aci_t::auid_exempt, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, rsbac_attribute_value_t::cap_ld_env, rsbac_attribute_value_t::daz_do_scan, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_FD_ACI, device_hash(), device_list_locks, rsbac_attribute_value_t::fake_root_uid, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_attribute_value_t::ff_flags, rsbac_attribute_value_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_attribute_value_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_attribute_value_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_attribute_value_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, lookup_device(), rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_prop_trusted, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, rsbac_attribute_value_t::pax_flags, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::pm_tp, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_initial_role, rsbac_attribute_value_t::rc_type_fd, rsbac_attribute_value_t::res_array, RSBAC_EINVALIDATTR, RSBAC_EINVALIDDEV, RSBAC_EINVALIDMODULE, rsbac_list_add_ttl(), rsbac_list_lol_remove(), rsbac_list_lol_remove_all(), RSBAC_MAC_F_FLAGS, rsbac_mount(), RSBAC_PAX_ALL_FLAGS, rsbac_printk(), rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_remove(), rsbac_attribute_value_t::security_level, SW_GEN, rsbac_attribute_value_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_attribute_value_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_attribute_value_t::symlink_add_remote_ip, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_attribute_value_t::symlink_add_uid, rsbac_gen_fd_aci_t::symlink_add_uid, and T_DIR.

Referenced by rsbac_ta_set_attr().

11562 {
11563         int err = 0;
11564         struct rsbac_device_list_item_t *device_p;
11565 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
11566         u_long dflags;
11567 #endif
11568         u_int hash;
11569 
11570         /* rsbac_pr_debug(ds, "Setting file/dir/fifo/symlink "
11571                        "attribute %u for device %02u:%02u, inode %lu, "
11572                        "dentry_p %p\n", attr,
11573                        RSBAC_MAJOR(tid_p->file.device),
11574                        RSBAC_MINOR(tid_p->file.device),
11575                        (u_long)tid_p->file.inode, tid_p->file.dentry_p); */
11576         hash = device_hash(tid_p->file.device);
11577 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11578         rcu_read_lock();
11579 #else
11580         rsbac_read_lock(&device_list_locks[hash], &dflags);
11581 #endif
11582         /* rsbac_pr_debug(ds, "passed device read lock\n"); */
11583         /* lookup device */
11584         device_p = lookup_device(tid_p->file.device, hash);
11585         if (!device_p) {
11586                 struct super_block *sb_p;
11587 
11588 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11589                 rcu_read_unlock();
11590 #else
11591                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
11592 #endif
11593 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11594                 sb_p = user_get_super(tid_p->file.device);
11595 #else
11596                 sb_p = get_super(tid_p->file.device);
11597 #endif
11598                 if (sb_p) {
11599                         if(RSBAC_MAJOR(tid_p->file.device) <= 1) {
11600                                 rsbac_printk(KERN_INFO "rsbac_set_attr(): auto-mounting device %02u:%02u\n",
11601                                      RSBAC_MAJOR(tid_p->file.device),
11602                                      RSBAC_MINOR(tid_p->file.device));
11603                                 rsbac_mount(sb_p, NULL);
11604                         }
11605                         /* free super_block pointer */
11606                         drop_super(sb_p);
11607 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11608                         rcu_read_lock();
11609 #else
11610                         rsbac_read_lock(&device_list_locks[hash], &dflags);
11611 #endif
11612                         device_p = lookup_device(tid_p->file.device, hash);
11613                         if (!device_p) {
11614                                 rsbac_printk(KERN_WARNING "rsbac_set_attr(): unknown device %02u:%02u\n",
11615                                              RSBAC_MAJOR(tid_p->file.
11616                                                          device),
11617                                              RSBAC_MINOR(tid_p->file.
11618                                                          device));
11619 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11620                                 rcu_read_unlock();
11621 #else
11622                                 rsbac_read_unlock(&device_list_locks[hash],
11623                                                   &dflags);
11624 #endif
11625                                 return -RSBAC_EINVALIDDEV;
11626                         }
11627                 } else
11628                         return -RSBAC_EINVALIDDEV;
11629         }
11630         switch (module) {
11631         case SW_GEN:
11632                 {
11633                         struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
11634 
11635                         rsbac_ta_list_get_data_ttl(ta_number,
11636                                                    device_p->handles.gen,
11637                                                    NULL,
11638                                                    &tid_p->file.inode,
11639                                                    &aci);
11640                         switch (attr) {
11641                         case A_log_array_low:
11642                                 aci.log_array_low = value_p->log_array_low;
11643                                 break;
11644                         case A_log_array_high:
11645                                 aci.log_array_high =
11646                                     value_p->log_array_high;
11647                                 break;
11648                         case A_log_program_based:
11649                                 aci.log_program_based =
11650                                     value_p->log_program_based;
11651                                 break;
11652                         case A_symlink_add_remote_ip:
11653                                 aci.symlink_add_remote_ip =
11654                                     value_p->symlink_add_remote_ip;
11655                                 break;
11656                         case A_symlink_add_uid:
11657                                 aci.symlink_add_uid =
11658                                     value_p->symlink_add_uid;
11659                                 break;
11660                         case A_symlink_add_mac_level:
11661                                 aci.symlink_add_mac_level =
11662                                     value_p->symlink_add_mac_level;
11663                                 break;
11664                         case A_symlink_add_rc_role:
11665                                 aci.symlink_add_rc_role =
11666                                     value_p->symlink_add_rc_role;
11667                                 break;
11668                         case A_linux_dac_disable:
11669                                 aci.linux_dac_disable =
11670                                     value_p->linux_dac_disable;
11671                                 break;
11672                         case A_fake_root_uid:
11673                                 aci.fake_root_uid = value_p->fake_root_uid;
11674                                 break;
11675                         case A_auid_exempt:
11676                                 aci.auid_exempt = value_p->auid_exempt;
11677                                 break;
11678                         default:
11679                                 err = -RSBAC_EINVALIDATTR;
11680                         }
11681                         if (!err) {
11682                                 err = rsbac_ta_list_add_ttl(ta_number,
11683                                                             device_p->
11684                                                             handles.gen,
11685                                                             0,
11686                                                             &tid_p->file.
11687                                                             inode, &aci);
11688                         }
11689                 }
11690                 break;
11691 
11692 #if defined(CONFIG_RSBAC_MAC)
11693         case SW_MAC:
11694                 {
11695                         struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
11696 
11697                         rsbac_ta_list_get_data_ttl(ta_number,
11698                                                 device_p->handles.mac,
11699                                                 NULL,
11700                                                 &tid_p->file.inode,
11701                                                 &aci);
11702                         switch (attr) {
11703                         case A_security_level:
11704                                 aci.sec_level = value_p->security_level;
11705                                 break;
11706                         case A_mac_categories:
11707                                 aci.mac_categories =
11708                                     value_p->mac_categories;
11709                                 break;
11710                         case A_mac_auto:
11711                                 aci.mac_auto = value_p->mac_auto;
11712                                 break;
11713                         case A_mac_prop_trusted:
11714                                 aci.mac_prop_trusted =
11715                                     value_p->mac_prop_trusted;
11716                                 break;
11717                         case A_mac_file_flags:
11718                                 aci.mac_file_flags =
11719                                     value_p->
11720                                     mac_file_flags & RSBAC_MAC_F_FLAGS;
11721                                 break;
11722 
11723                         default:
11724                                 err = -RSBAC_EINVALIDATTR;
11725                         }
11726                         if (!err) {
11727                                 err = rsbac_ta_list_add_ttl(ta_number,
11728                                                         device_p->
11729                                                         handles.mac,
11730                                                         0,
11731                                                         &tid_p->file.
11732                                                         inode, &aci);
11733                         }
11734                 }
11735                 break;
11736 #endif                          /* MAC */
11737 
11738 #if defined(CONFIG_RSBAC_PM)
11739         case SW_PM:
11740                 {
11741                         struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
11742 
11743                         rsbac_ta_list_get_data_ttl(ta_number,
11744                                                    device_p->handles.pm,
11745                                                    NULL,
11746                                                    &tid_p->file.inode,
11747                                                    &aci);
11748                         switch (attr) {
11749                         case A_pm_object_class:
11750                                 aci.pm_object_class =
11751                                     value_p->pm_object_class;
11752                                 break;
11753                         case A_pm_tp:
11754                                 aci.pm_tp = value_p->pm_tp;
11755                                 break;
11756                         case A_pm_object_type:
11757                                 aci.pm_object_type =
11758                                     value_p->pm_object_type;
11759                                 break;
11760                         default:
11761                                 err = -RSBAC_EINVALIDATTR;
11762                         }
11763                         if (!err) {
11764                                 err = rsbac_ta_list_add_ttl(ta_number,
11765                                                         device_p->
11766                                                         handles.pm,
11767                                                         0,
11768                                                         &tid_p->file.
11769                                                         inode, &aci);
11770                         }
11771                 }
11772                 break;
11773 #endif                          /* PM */
11774 
11775 #if defined(CONFIG_RSBAC_DAZ)
11776         case SW_DAZ:
11777                 {
11778 #if defined(CONFIG_RSBAC_DAZ_CACHE)
11779                         if (attr == A_daz_scanned) {
11780                                 err =
11781                                     rsbac_list_add_ttl(device_p->handles.dazs,
11782                                                        rsbac_daz_ttl,
11783                                                        &tid_p->file.inode,
11784                                                        &value_p->
11785                                                        daz_scanned);
11786                         } else
11787 #endif
11788                         {
11789                                 struct rsbac_daz_fd_aci_t aci =
11790                                     DEFAULT_DAZ_FD_ACI;
11791 
11792                                 rsbac_ta_list_get_data_ttl(ta_number,
11793                                                            device_p->
11794                                                            handles.daz,
11795                                                            NULL,
11796                                                            &tid_p->file.inode,
11797                                                            &aci);
11798                                 switch (attr) {
11799                                 case A_daz_scanner:
11800                                         aci.daz_scanner =
11801                                             value_p->daz_scanner;
11802                                         break;
11803                                 case A_daz_do_scan:
11804                                         aci.daz_do_scan = value_p->daz_do_scan;
11805                                         break;
11806                                 default:
11807                                         err = -RSBAC_EINVALIDATTR;
11808                                 }
11809                                 if (!err) {
11810                                         err = rsbac_ta_list_add_ttl
11811                                                 (ta_number,
11812                                                 device_p->handles.daz,
11813                                                 0,
11814                                                 &tid_p->file.inode, &aci);
11815                                 }
11816                         }
11817                 }
11818                 break;
11819 #endif                          /* DAZ */
11820 
11821 #if defined(CONFIG_RSBAC_FF)
11822         case SW_FF:
11823                 {
11824                         switch (attr) {
11825                         case A_ff_flags:
11826                                 err = rsbac_ta_list_add_ttl(ta_number,
11827                                                         device_p->
11828                                                         handles.ff,
11829                                                         0,
11830                                                         &tid_p->file.
11831                                                         inode,
11832                                                         &value_p->ff_flags);
11833                                 break;
11834 
11835                         default:
11836                                 err = -RSBAC_EINVALIDATTR;
11837                         }
11838                 }
11839                 break;
11840 #endif                          /* FF */
11841 
11842 #if defined(CONFIG_RSBAC_RC)
11843         case SW_RC:
11844                 {
11845                         struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
11846 
11847                         rsbac_ta_list_get_data_ttl(ta_number,
11848                                                    device_p->handles.rc,
11849                                                    NULL,
11850                                                    &tid_p->file.inode,
11851                                                    &aci);
11852                         switch (attr) {
11853                         case A_rc_type_fd:
11854                                 aci.rc_type_fd = value_p->rc_type_fd;
11855                                 break;
11856                         case A_rc_force_role:
11857                                 aci.rc_force_role = value_p->rc_force_role;
11858                                 break;
11859                         case A_rc_initial_role:
11860                                 aci.rc_initial_role =
11861                                     value_p->rc_initial_role;
11862                                 break;
11863 
11864                         default:
11865                                 err = -RSBAC_EINVALIDATTR;
11866                         }
11867                         if (!err) {
11868                                 err = rsbac_ta_list_add_ttl(ta_number,
11869                                                         device_p->
11870                                                         handles.rc,
11871                                                         0,
11872                                                         &tid_p->file.
11873                                                         inode, &aci);
11874                         }
11875                 }
11876                 break;
11877 #endif                          /* RC */
11878 
11879 #if defined(CONFIG_RSBAC_AUTH)
11880         case SW_AUTH:
11881                 {
11882                         struct rsbac_auth_fd_aci_t aci =
11883                             DEFAULT_AUTH_FD_ACI;
11884 
11885                         rsbac_ta_list_get_data_ttl(ta_number,
11886                                                 device_p->handles.auth,
11887                                                 NULL,
11888                                                 &tid_p->file.inode,
11889                                                 &aci);
11890                         switch (attr) {
11891                         case A_auth_may_setuid:
11892                                 aci.auth_may_setuid =
11893                                     value_p->auth_may_setuid;
11894                                 break;
11895                         case A_auth_may_set_cap:
11896                                 aci.auth_may_set_cap =
11897                                     value_p->auth_may_set_cap;
11898                                 break;
11899                         case A_auth_learn:
11900                                 aci.auth_learn = value_p->auth_learn;
11901                                 break;
11902                         default:
11903                                 err = -RSBAC_EINVALIDATTR;
11904                         }
11905                         if (!err) {
11906                                 err = rsbac_ta_list_add_ttl(ta_number,
11907                                                         device_p->
11908                                                         handles.auth,
11909                                                         0,
11910                                                         &tid_p->file.
11911                                                         inode, &aci);
11912                         }
11913                 }
11914                 break;
11915 #endif                          /* AUTH */
11916 
11917 #if defined(CONFIG_RSBAC_CAP)
11918         case SW_CAP:
11919                 {
11920                         struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
11921 
11922                         rsbac_ta_list_get_data_ttl(ta_number,
11923                                                 device_p->handles.cap,
11924                                                 NULL,
11925                                                 &tid_p->file.inode,
11926                                                 &aci);
11927                         switch (attr) {
11928                         case A_min_caps:
11929                                 aci.min_caps = value_p->min_caps;
11930                                 break;
11931                         case A_max_caps:
11932                                 aci.max_caps = value_p->max_caps;
11933                                 break;
11934                         case A_cap_ld_env:
11935                                 aci.cap_ld_env = value_p->cap_ld_env;
11936                                 break;
11937                         default:
11938                                 err = -RSBAC_EINVALIDATTR;
11939                         }
11940                         if (!err) {
11941                                 err = rsbac_ta_list_add_ttl(ta_number,
11942                                                             device_p->
11943                                                             handles.cap,
11944                                                             0,
11945                                                             &tid_p->file.
11946                                                             inode, &aci);
11947                         }
11948                 }
11949                 break;
11950 #endif
11951 
11952 #if defined(CONFIG_RSBAC_RES)
11953         case SW_RES:
11954                 {
11955                         struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
11956 
11957                         rsbac_ta_list_get_data_ttl(ta_number,
11958                                                 device_p->handles.res,
11959                                                 NULL,
11960                                                 &tid_p->file.inode,
11961                                                 &aci);
11962                         switch (attr) {
11963                         case A_res_min:
11964                                 memcpy(&aci.res_min, &value_p->res_array,
11965                                        sizeof(aci.res_min));
11966                                 break;
11967                         case A_res_max:
11968                                 memcpy(&aci.res_max, &value_p->res_array,
11969                                        sizeof(aci.res_max));
11970                                 break;
11971                         default:
11972                                 err = -RSBAC_EINVALIDATTR;
11973                         }
11974                         if (!err) {
11975                                 struct rsbac_res_fd_aci_t def_aci =
11976                                     DEFAULT_RES_FD_ACI;
11977 
11978                                 if (memcmp(&aci, &def_aci, sizeof(aci)))
11979                                         err = rsbac_ta_list_add_ttl
11980                                                 (ta_number,
11981                                                 device_p->handles.res,
11982                                                 0,
11983                                                 &tid_p->file.inode, &aci);
11984                                 else
11985                                         err =
11986                                             rsbac_ta_list_remove(ta_number,
11987                                                                  device_p->
11988                                                                  handles.res,
11989                                                                  &tid_p->file.
11990                                                                  inode);
11991                         }
11992                 }
11993                 break;
11994 #endif
11995 
11996 #if defined(CONFIG_RSBAC_PAX)
11997         case SW_PAX:
11998                 {
11999                         switch (attr) {
12000                         case A_pax_flags:
12001                                 value_p->pax_flags &= RSBAC_PAX_ALL_FLAGS;
12002                                 err = rsbac_ta_list_add_ttl(ta_number,
12003                                                             device_p->
12004                                                             handles.pax,
12005                                                             0,
12006                                                             &tid_p->file.
12007                                                             inode,
12008                                                             &value_p->pax_flags);
12009                                 break;
12010 
12011                         default:
12012                                 err = -RSBAC_EINVALIDATTR;
12013                         }
12014                 }
12015                 break;
12016 #endif                          /* PAX */
12017 
12018         default:
12019                 err = -RSBAC_EINVALIDMODULE;
12020         }
12021         /* free access to device_list_head */
12022 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
12023         rcu_read_unlock();
12024 #else
12025         rsbac_read_unlock(&device_list_locks[hash], &dflags);
12026 #endif
12027 
12028 #ifdef CONFIG_RSBAC_FD_CACHE
12029         if (fd_cache_handle[module]) {
12030                 if (target == T_DIR)
12031                         rsbac_list_lol_remove_all(fd_cache_handle[module]);
12032                 else {
12033                         struct rsbac_fd_cache_desc_t fd_desc;
12034 
12035                         fd_desc.device = tid_p->file.device;
12036                         fd_desc.inode = tid_p->file.inode;
12037                         rsbac_list_lol_remove(fd_cache_handle[module], &fd_desc);
12038                 }
12039         }
12040 #endif
12041 
12042         return err;
12043 }

static int set_attr_ipc ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t tid_p,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value_p 
) [static]

Definition at line 12207 of file aci_data_structures.c.

References A_jail_id, A_mac_categories, A_pm_ipc_purpose, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, rsbac_target_id_t::ipc, ipc_handles, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::mac_categories, NULL, rsbac_attribute_value_t::pm_ipc_purpose, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::rc_type, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), and rsbac_attribute_value_t::security_level.

Referenced by rsbac_ta_set_attr().

12213 {
12214         int err = 0;
12215         /* rsbac_pr_debug(ds, "Setting ipc attribute"); */
12216         switch (module) {
12217 #if defined(CONFIG_RSBAC_MAC)
12218         case SW_MAC:
12219                 {
12220                         struct rsbac_mac_ipc_aci_t aci =
12221                             DEFAULT_MAC_IPC_ACI;
12222 
12223                         rsbac_ta_list_get_data_ttl(ta_number,
12224                                                    ipc_handles.mac,
12225                                                    NULL,
12226                                                    &tid_p->ipc, &aci);
12227                         switch (attr) {
12228                         case A_security_level:
12229                                 aci.sec_level = value_p->security_level;
12230                                 break;
12231                         case A_mac_categories:
12232                                 aci.mac_categories =
12233                                     value_p->mac_categories;
12234                                 break;
12235                         default:
12236                                 err = -RSBAC_EINVALIDATTR;
12237                         }
12238                         if (!err) {
12239                                 err = rsbac_ta_list_add_ttl(ta_number,
12240                                                             ipc_handles.
12241                                                             mac, 0,
12242                                                             &tid_p->ipc,
12243                                                             &aci);
12244                         }
12245                 }
12246                 break;
12247 #endif
12248 
12249 #if defined(CONFIG_RSBAC_PM)
12250         case SW_PM:
12251                 {
12252                         struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
12253 
12254                         rsbac_ta_list_get_data_ttl(ta_number,
12255                                                    ipc_handles.pm,
12256                                                    NULL,
12257                                                    &tid_p->ipc, &aci);
12258                         switch (attr) {
12259                         case A_pm_object_type:
12260                                 aci.pm_object_type =
12261                                     value_p->pm_object_type;
12262                                 break;
12263                         case A_pm_ipc_purpose:
12264                                 aci.pm_ipc_purpose =
12265                                     value_p->pm_ipc_purpose;
12266                                 break;
12267                         case A_pm_object_class:
12268                                 aci.pm_object_class =
12269                                     value_p->pm_object_class;
12270                                 break;
12271                         default:
12272                                 err = -RSBAC_EINVALIDATTR;
12273                         }
12274                         if (!err) {
12275                                 err = rsbac_ta_list_add_ttl(ta_number,
12276                                                             ipc_handles.pm,
12277                                                             0,
12278                                                             &tid_p->ipc,
12279                                                             &aci);
12280                         }
12281                 }
12282                 break;
12283 #endif
12284 
12285 #if defined(CONFIG_RSBAC_RC)
12286         case SW_RC:
12287                 {
12288                         rsbac_rc_type_id_t type = value_p->rc_type;
12289 
12290                         switch (attr) {
12291                         case A_rc_type:
12292                                 err = rsbac_ta_list_add_ttl(ta_number,
12293                                                             ipc_handles.rc,
12294                                                             0,
12295                                                             &tid_p->ipc,
12296                                                             &type);
12297                                 break;
12298                         default:
12299                                 err = -RSBAC_EINVALIDATTR;
12300                         }
12301                 }
12302                 break;
12303 #endif
12304 
12305 #if defined(CONFIG_RSBAC_JAIL)
12306         case SW_JAIL:
12307                 {
12308                         rsbac_jail_id_t id = value_p->jail_id;
12309 
12310                         switch (attr) {
12311                         case A_jail_id:
12312 /*                              if (id)
12313                                         rsbac_pr_debug(aef,
12314                                                        "Setting jail_id for IPC "
12315                                                        "%s %lu to %u\n",
12316                                                        get_ipc_target_name(tmp,
12317                                                                            tid_p->ipc.type),
12318                                                        tid_p->ipc.id.id_nr,
12319                                                        id); */
12320                                 err = rsbac_ta_list_add_ttl(ta_number,
12321                                                             ipc_handles.
12322                                                             jail, 0,
12323                                                             &tid_p->ipc,
12324                                                             &id);
12325                                 break;
12326                         default:
12327                                 err = -RSBAC_EINVALIDATTR;
12328                         }
12329                 }
12330                 break;
12331 #endif
12332 
12333         default:
12334                 err = -RSBAC_EINVALIDMODULE;
12335         }
12336 
12337         return err;
12338 }

static int set_attr_process ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t tid_p,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value_p 
) [static]

Definition at line 12746 of file aci_data_structures.c.

References A_audit_uid, A_auid_exempt, A_auth_last_auth, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_ld_env, A_cap_process_hiding, A_current_sec_level, A_daz_scanner, A_fake_root_uid, A_initial_security_level, A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_parent, A_jail_scd_get, A_jail_scd_modify, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_curr_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_process_flags, A_max_caps_program, A_max_caps_user, A_max_read_categories, A_max_read_open, A_min_security_level, A_min_write_categories, A_min_write_open, A_pm_current_task, A_pm_process_type, A_pm_tp, A_rc_force_role, A_rc_role, A_rc_select_type, A_rc_type, A_remote_ip, A_security_level, rsbac_attribute_value_t::audit_uid, rsbac_gen_process_aci_t::audit_uid, rsbac_attribute_value_t::auid_exempt, rsbac_gen_process_aci_t::auid_exempt, rsbac_attribute_value_t::auth_last_auth, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, rsbac_attribute_value_t::cap_ld_env, rsbac_attribute_value_t::cap_process_hiding, rsbac_attribute_value_t::current_sec_level, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_P_ACI, rsbac_attribute_value_t::fake_root_uid, rsbac_gen_process_aci_t::fake_root_uid, rsbac_attribute_value_t::jail_flags, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::jail_ip, rsbac_attribute_value_t::jail_max_caps, rsbac_attribute_value_t::jail_parent, rsbac_attribute_value_t::jail_scd_get, rsbac_attribute_value_t::jail_scd_modify, rsbac_gen_process_aci_t::kernel_thread, rsbac_attribute_value_t::log_program_based, rsbac_gen_process_aci_t::log_program_based, MAC_auto, rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::max_caps_program, rsbac_attribute_value_t::max_caps_user, rsbac_attribute_value_t::max_read_open, rsbac_attribute_value_t::min_write_open, NULL, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_process_type, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, process_handles, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_role, rsbac_attribute_value_t::rc_select_type, rsbac_attribute_value_t::rc_type, rsbac_attribute_value_t::remote_ip, rsbac_gen_process_aci_t::remote_ip, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_MAC_P_FLAGS, rsbac_printk(), rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, and SW_GEN.

Referenced by rsbac_ta_set_attr().

12752 {
12753         int err = 0;
12754         /* rsbac_pr_debug(ds, "Setting process attribute\n"); */
12755         if (!tid_p->process) {
12756                 rsbac_printk(KERN_WARNING "rsbac_set_attr(): Trying to set attribute for process 0!\n");
12757                 return -RSBAC_EINVALIDTARGET;
12758         }
12759         switch (module) {
12760         case SW_GEN:
12761                 {
12762                         struct rsbac_gen_process_aci_t aci =
12763                             DEFAULT_GEN_P_ACI;
12764 
12765                         rsbac_ta_list_get_data_ttl(ta_number,
12766                                                    process_handles.gen,
12767                                                    NULL, &tid_p->process,
12768                                                    &aci);
12769                         switch (attr) {
12770                         case A_log_program_based:
12771                                 aci.log_program_based =
12772                                     value_p->log_program_based;
12773                                 break;
12774                         case A_fake_root_uid:
12775                                 aci.fake_root_uid = value_p->fake_root_uid;
12776                                 break;
12777                         case A_audit_uid:
12778                                 aci.audit_uid = value_p->audit_uid;
12779                                 break;
12780                         case A_auid_exempt:
12781                                 aci.auid_exempt = value_p->auid_exempt;
12782                                 break;
12783                         case A_remote_ip:
12784                                 aci.remote_ip = value_p->remote_ip;
12785                                 break;
12786                         case A_kernel_thread:
12787                                 aci.kernel_thread = value_p->kernel_thread;
12788                                 break;
12789                         default:
12790                                 err = -RSBAC_EINVALIDATTR;
12791                         }
12792                         if (!err) {
12793                                 err = rsbac_ta_list_add_ttl(ta_number,
12794                                                             process_handles.gen,
12795                                                             0,
12796                                                             &tid_p->
12797                                                             process, &aci);
12798                         }
12799                 }
12800                 break;
12801 
12802 #if defined(CONFIG_RSBAC_MAC)
12803         case SW_MAC:
12804                 {
12805                         struct rsbac_mac_process_aci_t aci =
12806                             DEFAULT_MAC_P_ACI;
12807 
12808                         rsbac_ta_list_get_data_ttl(ta_number,
12809                                                    process_handles.mac,
12810                                                    NULL, &tid_p->process,
12811                                                    &aci);
12812                         switch (attr) {
12813                         case A_security_level:
12814                                 aci.owner_sec_level =
12815                                     value_p->security_level;
12816                                 break;
12817                         case A_initial_security_level:
12818                                 aci.owner_initial_sec_level =
12819                                     value_p->security_level;
12820                                 break;
12821                         case A_min_security_level:
12822                                 aci.owner_min_sec_level =
12823                                     value_p->security_level;
12824                                 break;
12825                         case A_mac_categories:
12826                                 aci.mac_owner_categories =
12827                                     value_p->mac_categories;
12828                                 break;
12829                         case A_mac_initial_categories:
12830                                 aci.mac_owner_initial_categories =
12831                                     value_p->mac_categories;
12832                                 break;
12833                         case A_mac_min_categories:
12834                                 aci.mac_owner_min_categories =
12835                                     value_p->mac_categories;
12836                                 break;
12837                         case A_current_sec_level:
12838                                 aci.current_sec_level =
12839                                     value_p->current_sec_level;
12840                                 break;
12841                         case A_mac_curr_categories:
12842                                 aci.mac_curr_categories =
12843                                     value_p->mac_categories;
12844                                 break;
12845                         case A_min_write_open:
12846                                 aci.min_write_open =
12847                                     value_p->min_write_open;
12848                                 break;
12849                         case A_min_write_categories:
12850                                 aci.min_write_categories =
12851                                     value_p->mac_categories;
12852                                 break;
12853                         case A_max_read_open:
12854                                 aci.max_read_open = value_p->max_read_open;
12855                                 break;
12856                         case A_max_read_categories:
12857                                 aci.max_read_categories =
12858                                     value_p->mac_categories;
12859                                 break;
12860                         case A_mac_process_flags:
12861                                 aci.mac_process_flags =
12862                                     value_p->
12863                                     mac_process_flags & RSBAC_MAC_P_FLAGS;
12864                                 break;
12865                         case A_mac_auto:
12866                                 if (value_p->mac_auto)
12867                                         aci.mac_process_flags |= MAC_auto;
12868                                 else
12869                                         aci.mac_process_flags &= ~MAC_auto;
12870                                 break;
12871                         default:
12872                                 err = -RSBAC_EINVALIDATTR;
12873                         }
12874                         if (!err) {
12875                                 err = rsbac_ta_list_add_ttl(ta_number,
12876                                                             process_handles.mac,
12877                                                             0,
12878                                                             &tid_p->
12879                                                             process, &aci);
12880                         }
12881                 }
12882                 break;
12883 #endif
12884 
12885 #if defined(CONFIG_RSBAC_PM)
12886         case SW_PM:
12887                 {
12888                         struct rsbac_pm_process_aci_t aci =
12889                             DEFAULT_PM_P_ACI;
12890 
12891                         rsbac_ta_list_get_data_ttl(ta_number,
12892                                                    process_handles.pm,
12893                                                    NULL,
12894                                                    &tid_p->process, &aci);
12895                         switch (attr) {
12896                         case A_pm_tp:
12897                                 aci.pm_tp = value_p->pm_tp;
12898                                 break;
12899                         case A_pm_current_task:
12900                                 aci.pm_current_task =
12901                                     value_p->pm_current_task;
12902                                 break;
12903                         case A_pm_process_type:
12904                                 aci.pm_process_type =
12905                                     value_p->pm_process_type;
12906                                 break;
12907                         default:
12908                                 err = -RSBAC_EINVALIDATTR;
12909                         }
12910                         if (!err) {
12911                                 err = rsbac_ta_list_add_ttl(ta_number,
12912                                                             process_handles.
12913                                                             pm, 0,
12914                                                             &tid_p->
12915                                                             process, &aci);
12916                         }
12917                 }
12918                 break;
12919 #endif
12920 
12921 #if defined(CONFIG_RSBAC_DAZ)
12922         case SW_DAZ:
12923                 {
12924                         struct rsbac_daz_process_aci_t aci =
12925                             DEFAULT_DAZ_P_ACI;
12926 
12927                         rsbac_ta_list_get_data_ttl(ta_number,
12928                                                    process_handles.daz,
12929                                                    NULL,
12930                                                    &tid_p->process, &aci);
12931                         switch (attr) {
12932                         case A_daz_scanner:
12933                                 aci.daz_scanner = value_p->daz_scanner;
12934                                 break;
12935                         default:
12936                                 err = -RSBAC_EINVALIDATTR;
12937                         }
12938                         if (!err) {
12939                                 err = rsbac_ta_list_add_ttl(ta_number,
12940                                                             process_handles.
12941                                                             daz, 0,
12942                                                             &tid_p->
12943                                                             process, &aci);
12944                         }
12945                 }
12946                 break;
12947 #endif
12948 
12949 #if defined(CONFIG_RSBAC_RC)
12950         case SW_RC:
12951                 {
12952                         struct rsbac_rc_process_aci_t aci =
12953                             DEFAULT_RC_P_ACI;
12954 
12955                         rsbac_ta_list_get_data_ttl(ta_number,
12956                                                    process_handles.rc,
12957                                                    NULL, &tid_p->process,
12958                                                    &aci);
12959                         switch (attr) {
12960                         case A_rc_role:
12961                                 aci.rc_role = value_p->rc_role;
12962                                 break;
12963                         case A_rc_type:
12964                                 aci.rc_type = value_p->rc_type;
12965                                 break;
12966                         case A_rc_select_type:
12967                                 aci.rc_select_type = value_p->rc_select_type;
12968                                 break;
12969                         case A_rc_force_role:
12970                                 aci.rc_force_role = value_p->rc_force_role;
12971                                 break;
12972                         default:
12973                                 err = -RSBAC_EINVALIDATTR;
12974                         }
12975                         if (!err) {
12976                                 err = rsbac_ta_list_add_ttl(ta_number,
12977                                                             process_handles.rc,
12978                                                             0,
12979                                                             &tid_p->
12980                                                             process, &aci);
12981                         }
12982                 }
12983                 break;
12984 #endif
12985 
12986 #if defined(CONFIG_RSBAC_AUTH)
12987         case SW_AUTH:
12988                 {
12989                         struct rsbac_auth_process_aci_t aci =
12990                             DEFAULT_AUTH_P_ACI;
12991 
12992                         rsbac_ta_list_get_data_ttl(ta_number,
12993                                                    process_handles.auth,
12994                                                    NULL,
12995                                                    &tid_p->process, &aci);
12996                         switch (attr) {
12997                         case A_auth_may_setuid:
12998                                 aci.auth_may_setuid =
12999                                     value_p->auth_may_setuid;
13000                                 break;
13001                         case A_auth_may_set_cap:
13002                                 aci.auth_may_set_cap =
13003                                     value_p->auth_may_set_cap;
13004                                 break;
13005 #if defined(CONFIG_RSBAC_AUTH_LEARN)
13006                         case A_auth_program_file:
13007                                 aci.auth_program_file =
13008                                     value_p->auth_program_file;
13009                                 break;
13010                         case A_auth_start_uid:
13011                                 aci.auth_start_uid =
13012                                     value_p->auth_start_uid;
13013                                 break;
13014 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
13015                         case A_auth_start_euid:
13016                                 aci.auth_start_euid =
13017                                     value_p->auth_start_euid;
13018                                 break;
13019 #endif
13020 #ifdef CONFIG_RSBAC_AUTH_GROUP
13021                         case A_auth_start_gid:
13022                                 aci.auth_start_gid =
13023                                     value_p->auth_start_gid;
13024                                 break;
13025 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
13026                         case A_auth_start_egid:
13027                                 aci.auth_start_egid =
13028                                     value_p->auth_start_egid;
13029                                 break;
13030 #endif
13031 #endif
13032                         case A_auth_learn:
13033                                 aci.auth_learn = value_p->auth_learn;
13034                                 break;
13035 #endif
13036                         case A_auth_last_auth:
13037                                 aci.auth_last_auth =
13038                                     value_p->auth_last_auth;
13039                                 break;
13040                         default:
13041                                 err = -RSBAC_EINVALIDATTR;
13042                         }
13043                         if (!err) {
13044                                 err = rsbac_ta_list_add_ttl(ta_number,
13045                                                             process_handles.auth,
13046                                                             0,
13047                                                             &tid_p->process,
13048                                                             &aci);
13049                         }
13050                 }
13051                 break;
13052 #endif
13053 
13054 #if defined(CONFIG_RSBAC_CAP)
13055         case SW_CAP:
13056                 {
13057                         struct rsbac_cap_process_aci_t aci =
13058                             DEFAULT_CAP_P_ACI;
13059 
13060                         rsbac_ta_list_get_data_ttl(ta_number,
13061                                                    process_handles.cap,
13062                                                    NULL,
13063                                                    &tid_p->process, &aci);
13064                         switch (attr) {
13065                         case A_cap_process_hiding:
13066                                 aci.cap_process_hiding =
13067                                     value_p->cap_process_hiding;
13068                                 break;
13069 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
13070                         case A_max_caps_user:
13071                                 aci.max_caps_user = value_p->max_caps_user;
13072                                 break;
13073                         case A_max_caps_program:
13074                                 aci.max_caps_program =
13075                                     value_p->max_caps_program;
13076                                 break;
13077 #endif
13078                         case A_cap_ld_env:
13079                                 aci.cap_ld_env = value_p->cap_ld_env;
13080                                 break;
13081                         default:
13082                                 err = -RSBAC_EINVALIDATTR;
13083                         }
13084                         if (!err) {
13085                                 err = rsbac_ta_list_add_ttl(ta_number,
13086                                                             process_handles.
13087                                                             cap, 0,
13088                                                             &tid_p->
13089                                                             process, &aci);
13090                         }
13091                 }
13092                 break;
13093 #endif
13094 
13095 #if defined(CONFIG_RSBAC_JAIL)
13096         case SW_JAIL:
13097                 {
13098                         struct rsbac_jail_process_aci_t aci =
13099                             DEFAULT_JAIL_P_ACI;
13100 
13101                         rsbac_ta_list_get_data_ttl(ta_number,
13102                                                    process_handles.jail,
13103                                                    NULL, &tid_p->process,
13104                                                    &aci);
13105                         switch (attr) {
13106                         case A_jail_id:
13107                                 aci.id = value_p->jail_id;
13108                                 break;
13109                         case A_jail_parent:
13110                                 aci.parent = value_p->jail_parent;
13111                                 break;
13112                         case A_jail_ip:
13113                                 aci.ip = value_p->jail_ip;
13114                                 break;
13115                         case A_jail_flags:
13116                                 aci.flags = value_p->jail_flags;
13117                                 break;
13118                         case A_jail_max_caps:
13119                                 aci.max_caps = value_p->jail_max_caps;
13120                                 break;
13121                         case A_jail_scd_get:
13122                                 aci.scd_get = value_p->jail_scd_get;
13123                                 break;
13124                         case A_jail_scd_modify:
13125                                 aci.scd_modify = value_p->jail_scd_modify;
13126                                 break;
13127                         default:
13128                                 err = -RSBAC_EINVALIDATTR;
13129                         }
13130                         if (!err) {
13131                                 err = rsbac_ta_list_add_ttl(ta_number,
13132                                                             process_handles.jail,
13133                                                             0,
13134                                                             &tid_p->
13135                                                             process, &aci);
13136                         }
13137                 }
13138                 break;
13139 #endif
13140 
13141         default:
13142                 err = -RSBAC_EINVALIDMODULE;
13143         }
13144 
13145         return err;
13146 }

static int set_attr_user ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t tid_p,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value_p 
) [static]

Definition at line 12340 of file aci_data_structures.c.

References A_auth_role, A_cap_ld_env, A_cap_role, A_daz_role, A_ff_role, A_initial_security_level, A_jail_role, A_log_user_based, A_mac_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_role, A_mac_user_flags, A_max_caps, A_min_caps, A_min_security_level, A_pax_role, A_pm_role, A_pm_task_set, A_pseudo, A_rc_def_role, A_rc_type, A_res_max, A_res_min, A_res_role, A_security_level, A_system_role, rsbac_attribute_value_t::cap_ld_env, DEFAULT_GEN_U_ACI, rsbac_attribute_value_t::log_user_based, rsbac_gen_user_aci_t::log_user_based, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, rsbac_attribute_value_t::pm_role, rsbac_attribute_value_t::pm_task_set, rsbac_attribute_value_t::pseudo, rsbac_gen_user_aci_t::pseudo, rsbac_attribute_value_t::rc_def_role, rsbac_attribute_value_t::rc_type, rsbac_attribute_value_t::res_array, RSBAC_ALL_USERS, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, RSBAC_MAC_U_FLAGS, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_remove(), rsbac_attribute_value_t::security_level, SW_GEN, rsbac_attribute_value_t::system_role, rsbac_target_id_t::user, and user_handles.

Referenced by rsbac_ta_set_attr().

12346 {
12347         int err = 0;
12348         /* rsbac_pr_debug(ds, "Setting %s user attribute %i "
12349                        "for %u to %i\n",
12350                        get_switch_target_name(tmp, module), attr,
12351                        tid_p->user, value_p->dummy); */
12352         switch (module) {
12353         case SW_GEN:
12354                 {
12355                         struct rsbac_gen_user_aci_t aci =
12356                             DEFAULT_GEN_U_ACI;
12357 
12358                         rsbac_ta_list_get_data_ttl(ta_number,
12359                                                    user_handles.gen,
12360                                                    NULL,
12361                                                    &tid_p->user, &aci);
12362                         switch (attr) {
12363                         case A_pseudo:
12364                                 aci.pseudo = value_p->pseudo;
12365                                 break;
12366                         case A_log_user_based:
12367                                 aci.log_user_based =
12368                                     value_p->log_user_based;
12369                                 break;
12370                         default:
12371                                 err = -RSBAC_EINVALIDATTR;
12372                         }
12373                         if (!err) {
12374                                 err = rsbac_ta_list_add_ttl(ta_number,
12375                                                             user_handles.
12376                                                             gen, 0,
12377                                                             &tid_p->user,
12378                                                             &aci);
12379                         }
12380                 }
12381                 break;
12382 
12383 #if defined(CONFIG_RSBAC_MAC)
12384         case SW_MAC:
12385                 {
12386                         struct rsbac_mac_user_aci_t aci =
12387                             DEFAULT_MAC_U_ACI;
12388 
12389                         rsbac_ta_list_get_data_ttl(ta_number,
12390                                                    user_handles.mac,
12391                                                    NULL,
12392                                                    &tid_p->user, &aci);
12393                         switch (attr) {
12394                         case A_security_level:
12395                                 if (value_p->security_level <
12396                                     aci.min_security_level)
12397                                         err = -RSBAC_EINVALIDVALUE;
12398                                 else
12399                                         aci.security_level =
12400                                             value_p->security_level;
12401                                 break;
12402                         case A_initial_security_level:
12403                                 if ((value_p->security_level <
12404                                      aci.min_security_level)
12405                                     || (value_p->security_level >
12406                                         aci.security_level)
12407                                     )
12408                                         err = -RSBAC_EINVALIDVALUE;
12409                                 else
12410                                         aci.initial_security_level =
12411                                             value_p->security_level;
12412                                 break;
12413                         case A_min_security_level:
12414                                 if (value_p->security_level >
12415                                     aci.security_level)
12416                                         err = -RSBAC_EINVALIDVALUE;
12417                                 else
12418                                         aci.min_security_level =
12419                                             value_p->security_level;
12420                                 break;
12421                         case A_mac_categories:
12422                                 if ((value_p->mac_categories & aci.
12423                                      mac_min_categories) !=
12424                                     aci.mac_min_categories)
12425                                         err = -RSBAC_EINVALIDVALUE;
12426                                 else
12427                                         aci.mac_categories =
12428                                             value_p->mac_categories;
12429                                 break;
12430                         case A_mac_initial_categories:
12431                                 if (((value_p->mac_categories & aci.
12432                                       mac_min_categories) !=
12433                                      aci.mac_min_categories)
12434                                     ||
12435                                     ((value_p->mac_categories & aci.
12436                                       mac_categories) !=
12437                                      value_p->mac_categories)
12438                                     )
12439                                         err = -RSBAC_EINVALIDVALUE;
12440                                 else
12441                                         aci.mac_initial_categories =
12442                                             value_p->mac_categories;
12443                                 break;
12444                         case A_mac_min_categories:
12445                                 if ((value_p->mac_categories & aci.
12446                                      mac_categories) !=
12447                                     value_p->mac_categories)
12448                                         err = -RSBAC_EINVALIDVALUE;
12449                                 else
12450                                         aci.mac_min_categories =
12451                                             value_p->mac_categories;
12452                                 break;
12453                         case A_system_role:
12454                         case A_mac_role:
12455                                 aci.system_role = value_p->system_role;
12456                                 break;
12457                         case A_mac_user_flags:
12458                                 aci.mac_user_flags =
12459                                     value_p->
12460                                     mac_user_flags & RSBAC_MAC_U_FLAGS;
12461                                 break;
12462                         default:
12463                                 err = -RSBAC_EINVALIDATTR;
12464                         }
12465                         if (!err) {
12466                                 err = rsbac_ta_list_add_ttl(ta_number,
12467                                                             user_handles.
12468                                                             mac, 0,
12469                                                             &tid_p->user,
12470                                                             &aci);
12471                         }
12472                 }
12473                 break;
12474 #endif
12475 
12476 #if defined(CONFIG_RSBAC_PM)
12477         case SW_PM:
12478                 {
12479                         struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
12480 
12481                         rsbac_ta_list_get_data_ttl(ta_number,
12482                                                    user_handles.pm,
12483                                                    NULL,
12484                                                    &tid_p->user, &aci);
12485                         switch (attr) {
12486                         case A_pm_task_set:
12487                                 aci.pm_task_set = value_p->pm_task_set;
12488                                 break;
12489                         case A_pm_role:
12490                                 aci.pm_role = value_p->pm_role;
12491                                 break;
12492                         default:
12493                                 err = -RSBAC_EINVALIDATTR;
12494                         }
12495                         if (!err) {
12496                                 err = rsbac_ta_list_add_ttl(ta_number,
12497                                                             user_handles.
12498                                                             pm, 0,
12499                                                             &tid_p->user,
12500                                                             &aci);
12501                         }
12502                 }
12503                 break;
12504 #endif
12505 
12506 #if defined(CONFIG_RSBAC_DAZ)
12507         case SW_DAZ:
12508                 {
12509                         rsbac_system_role_int_t role =
12510                             value_p->system_role;
12511 
12512                         switch (attr) {
12513                         case A_system_role:
12514                         case A_daz_role:
12515                                 err = rsbac_ta_list_add_ttl(ta_number,
12516                                                             user_handles.
12517                                                             daz, 0,
12518                                                             &tid_p->user,
12519                                                             &role);
12520                                 break;
12521                         default:
12522                                 err = -RSBAC_EINVALIDATTR;
12523                         }
12524                 }
12525                 break;
12526 #endif
12527 
12528 #if defined(CONFIG_RSBAC_FF)
12529         case SW_FF:
12530                 {
12531                         rsbac_system_role_int_t role =
12532                             value_p->system_role;
12533 
12534                         switch (attr) {
12535                         case A_system_role:
12536                         case A_ff_role:
12537                                 err = rsbac_ta_list_add_ttl(ta_number,
12538                                                             user_handles.
12539                                                             ff, 0,
12540                                                             &tid_p->user,
12541                                                             &role);
12542                                 break;
12543                         default:
12544                                 err = -RSBAC_EINVALIDATTR;
12545                         }
12546                 }
12547                 break;
12548 #endif
12549 
12550 #if defined(CONFIG_RSBAC_RC)
12551         case SW_RC:
12552                 {
12553                         struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
12554 
12555                         rsbac_ta_list_get_data_ttl(ta_number,
12556                                                    user_handles.rc,
12557                                                    NULL,
12558                                                    &tid_p->user, &aci);
12559                         switch (attr) {
12560                         case A_rc_def_role:
12561                                 aci.rc_role = value_p->rc_def_role;
12562                                 break;
12563                         case A_rc_type:
12564                                 aci.rc_type = value_p->rc_type;
12565                                 break;
12566                         default:
12567                                 err = -RSBAC_EINVALIDATTR;
12568                         }
12569                         if (!err) {
12570                                 err = rsbac_ta_list_add_ttl(ta_number,
12571                                                             user_handles.
12572                                                             rc, 0,
12573                                                             &tid_p->user,
12574                                                             &aci);
12575                         }
12576                 }
12577                 break;
12578 #endif
12579 
12580 #if defined(CONFIG_RSBAC_AUTH)
12581         case SW_AUTH:
12582                 {
12583                         rsbac_system_role_int_t role =
12584                             value_p->system_role;
12585 
12586                         switch (attr) {
12587                         case A_system_role:
12588                         case A_auth_role:
12589                                 err = rsbac_ta_list_add_ttl(ta_number,
12590                                                             user_handles.
12591                                                             auth, 0,
12592                                                             &tid_p->user,
12593                                                             &role);
12594                                 break;
12595                         default:
12596                                 err = -RSBAC_EINVALIDATTR;
12597                         }
12598                 }
12599                 break;
12600 #endif
12601 
12602 #if defined(CONFIG_RSBAC_CAP)
12603         case SW_CAP:
12604                 {
12605                         struct rsbac_cap_user_aci_t aci =
12606                             DEFAULT_CAP_U_ACI;
12607 
12608                         rsbac_ta_list_get_data_ttl(ta_number,
12609                                                    user_handles.cap,
12610                                                    NULL,
12611                                                    &tid_p->user, &aci);
12612                         switch (attr) {
12613                         case A_system_role:
12614                         case A_cap_role:
12615                                 aci.cap_role = value_p->system_role;
12616                                 break;
12617                         case A_min_caps:
12618                                 aci.min_caps = value_p->min_caps;
12619                                 break;
12620                         case A_max_caps:
12621                                 aci.max_caps = value_p->max_caps;
12622                                 break;
12623                         case A_cap_ld_env:
12624                                 aci.cap_ld_env = value_p->cap_ld_env;
12625                                 break;
12626                         default:
12627                                 err = -RSBAC_EINVALIDATTR;
12628                         }
12629                         if (!err) {
12630                                 err = rsbac_ta_list_add_ttl(ta_number,
12631                                                             user_handles.
12632                                                             cap, 0,
12633                                                             &tid_p->user,
12634                                                             &aci);
12635                         }
12636                 }
12637                 break;
12638 #endif
12639 
12640 #if defined(CONFIG_RSBAC_JAIL)
12641         case SW_JAIL:
12642                 {
12643                         rsbac_system_role_int_t role =
12644                             value_p->system_role;
12645 
12646                         switch (attr) {
12647                         case A_system_role:
12648                         case A_jail_role:
12649                                 err = rsbac_ta_list_add_ttl(ta_number,
12650                                                             user_handles.
12651                                                             jail, 0,
12652                                                             &tid_p->user,
12653                                                             &role);
12654                                 break;
12655                         default:
12656                                 err = -RSBAC_EINVALIDATTR;
12657                         }
12658                 }
12659                 break;
12660 #endif
12661 
12662 #if defined(CONFIG_RSBAC_RES)
12663         case SW_RES:
12664                 {
12665                         struct rsbac_res_user_aci_t aci =
12666                             DEFAULT_RES_U_ACI;
12667 
12668                         rsbac_ta_list_get_data_ttl(ta_number,
12669                                                    user_handles.res,
12670                                                    NULL,
12671                                                    &tid_p->user, &aci);
12672                         switch (attr) {
12673                         case A_system_role:
12674                         case A_res_role:
12675                                 aci.res_role = value_p->system_role;
12676                                 break;
12677                         case A_res_min:
12678                                 memcpy(&aci.res_min, &value_p->res_array,
12679                                        sizeof(aci.res_min));
12680                                 break;
12681                         case A_res_max:
12682                                 memcpy(&aci.res_max, &value_p->res_array,
12683                                        sizeof(aci.res_max));
12684                                 break;
12685                         default:
12686                                 err = -RSBAC_EINVALIDATTR;
12687                         }
12688                         if (!err) {
12689                                 struct rsbac_res_user_aci_t def_aci =
12690                                     DEFAULT_RES_U_ACI;
12691 
12692                                 if (tid_p->user != RSBAC_ALL_USERS) {
12693                                         rsbac_uid_t all_users =
12694                                             RSBAC_ALL_USERS;
12695 
12696                                         rsbac_ta_list_get_data_ttl
12697                                             (ta_number, user_handles.res,
12698                                              NULL, &all_users, &def_aci);
12699                                 }
12700                                 if (memcmp(&aci, &def_aci, sizeof(aci)))
12701                                         err =
12702                                             rsbac_ta_list_add_ttl
12703                                             (ta_number, user_handles.res,
12704                                              0, &tid_p->user, &aci);
12705                                 else
12706                                         err =
12707                                             rsbac_ta_list_remove(ta_number,
12708                                                                  user_handles.
12709                                                                  res,
12710                                                                  &tid_p->
12711                                                                  user);
12712                         }
12713                 }
12714                 break;
12715 #endif
12716 
12717 #if defined(CONFIG_RSBAC_PAX)
12718         case SW_PAX:
12719                 {
12720                         rsbac_system_role_int_t role =
12721                             value_p->system_role;
12722 
12723                         switch (attr) {
12724                         case A_system_role:
12725                         case A_pax_role:
12726                                 err = rsbac_ta_list_add_ttl(ta_number,
12727                                                             user_handles.
12728                                                             pax, 0,
12729                                                             &tid_p->user,
12730                                                             &role);
12731                                 break;
12732                         default:
12733                                 err = -RSBAC_EINVALIDATTR;
12734                         }
12735                 }
12736                 break;
12737 #endif
12738 
12739         default:
12740                 err = -RSBAC_EINVALIDMODULE;
12741         }
12742 
12743         return err;
12744 }

static void wakeup_auto ( u_long  dummy  )  [static]

Definition at line 2055 of file aci_data_structures.c.

Referenced by rsbac_get_super_block().

02056 {
02057         wake_up((void *) dummy);
02058 }

rsbac_boolean_t writable ( struct super_block *  sb_p  ) 

Definition at line 323 of file aci_data_structures.c.

References FALSE, KERNEL_VERSION, rsbac_debug_no_write, SOCKFS_MAGIC, SYSFS_MAGIC, and TRUE.

Referenced by lookup_aci_path_dentry(), and rsbac_write_open().

00324 {
00325 #ifdef CONFIG_RSBAC_NO_WRITE
00326         return (FALSE);
00327 #else
00328         if (!sb_p || !sb_p->s_dev)
00329                 return (FALSE);
00330         if (rsbac_debug_no_write || (sb_p->s_flags & MS_RDONLY)
00331             || in_interrupt())
00332                 return (FALSE);
00333         if (!MAJOR(sb_p->s_dev)
00334 #ifndef CONFIG_RSBAC_MSDOS_WRITE
00335             || (sb_p->s_magic == MSDOS_SUPER_MAGIC)
00336 #endif
00337             || (sb_p->s_magic == SOCKFS_MAGIC)
00338             || (sb_p->s_magic == PIPEFS_MAGIC)
00339 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00340             || (sb_p->s_magic == SYSFS_MAGIC)
00341 #endif
00342             || (sb_p->s_magic == NFS_SUPER_MAGIC)
00343             || (sb_p->s_magic == CODA_SUPER_MAGIC)
00344             || (sb_p->s_magic == NCP_SUPER_MAGIC)
00345             || (sb_p->s_magic == SMB_SUPER_MAGIC)
00346             || (sb_p->s_magic == ISOFS_SUPER_MAGIC))
00347                 return (FALSE);
00348         else
00349                 return (TRUE);
00350 #endif
00351 }


Variable Documentation

char compiled_modules[80] [static]

Definition at line 138 of file aci_data_structures.c.

Referenced by rsbac_do_init().

struct rsbac_gen_fd_aci_t def_gen_fd_aci = DEFAULT_GEN_FD_ACI [static]

Definition at line 191 of file aci_data_structures.c.

Referenced by register_fd_lists().

struct rsbac_gen_fd_aci_t def_gen_root_dir_aci [static]

Initial value:

Definition at line 189 of file aci_data_structures.c.

Referenced by get_attr_fd().

struct rsbac_dev_handles_t dev_handles [static]

Definition at line 163 of file aci_data_structures.c.

Referenced by get_attr_dev(), register_dev_lists(), rsbac_stats(), rsbac_ta_list_all_dev(), rsbac_ta_remove_target(), and set_attr_dev().

struct rsbac_dev_handles_t dev_major_handles [static]

Definition at line 164 of file aci_data_structures.c.

Referenced by get_attr_dev(), register_dev_lists(), rsbac_stats(), rsbac_ta_list_all_dev(), rsbac_ta_remove_target(), and set_attr_dev().

struct rsbac_device_list_head_t* device_head_p[RSBAC_NR_DEVICE_LISTS] [static]

Definition at line 146 of file aci_data_structures.c.

Referenced by add_device_item(), lookup_device(), remove_device_item(), rsbac_do_init(), rsbac_free_dat_dentries(), and rsbac_stats().

spinlock_t device_list_locks[RSBAC_NR_DEVICE_LISTS] [static]

Definition at line 148 of file aci_data_structures.c.

Referenced by add_device_item(), get_attr_fd(), lookup_aci_path_dentry(), remove_device_item(), rsbac_do_init(), rsbac_free_dat_dentries(), rsbac_get_full_path(), rsbac_get_full_path_length(), rsbac_get_parent(), rsbac_get_super_block(), rsbac_mount(), rsbac_stats(), rsbac_ta_remove_target(), rsbac_umount(), and set_attr_fd().

u_int gen_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES [static]

Definition at line 269 of file aci_data_structures.c.

Referenced by register_fd_lists().

u_int gen_nr_p_hashes = 1 [static]

Definition at line 270 of file aci_data_structures.c.

Referenced by register_process_lists().

struct rsbac_ipc_handles_t ipc_handles [static]

Definition at line 165 of file aci_data_structures.c.

Referenced by get_attr_ipc(), register_ipc_lists(), rsbac_stats(), rsbac_ta_list_all_ipc(), rsbac_ta_remove_target(), and set_attr_ipc().

struct rsbac_process_handles_t process_handles [static]

Definition at line 170 of file aci_data_structures.c.

Referenced by get_attr_process(), register_process_lists(), rsbac_init(), rsbac_kthread_notify(), rsbac_stats(), rsbac_ta_remove_target(), and set_attr_process().

rsbac_boolean_t rsbac_initialized = FALSE

Definition at line 136 of file aci_data_structures.c.

Referenced by rsbac_do_init(), rsbac_free_dat_dentries(), rsbac_init(), rsbac_is_initialized(), rsbac_kthread_notify(), rsbac_mark_kthread(), rsbac_mount(), rsbac_stats(), rsbac_ta_get_attr(), rsbac_ta_remove_target(), rsbac_ta_set_attr(), and rsbac_umount().

struct rsbac_kthread_t* rsbac_kthread

Definition at line 7867 of file aci_data_structures.c.

Referenced by rsbac_init(), rsbac_kthreads_init(), and rsbac_mark_kthread().

int rsbac_kthread_size_t

Definition at line 7868 of file aci_data_structures.c.

kdev_t rsbac_root_dev

Definition at line 140 of file aci_data_structures.c.

Referenced by acl_create_def(), acl_create_def2(), read_info(), rsbac_do_init(), rsbac_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_list_lol_register_hashed(), rsbac_list_register_hashed(), rsbac_mount(), and write_info().

struct dentry* sysfs_covered_p = NULL [static]

Definition at line 245 of file aci_data_structures.c.

Referenced by rsbac_do_init(), rsbac_mount(), and rsbac_umount().

struct super_block* sysfs_sb_p = NULL [static]

Definition at line 246 of file aci_data_structures.c.

Referenced by rsbac_do_init(), rsbac_mount(), and rsbac_umount().

struct rsbac_user_handles_t user_handles [static]

Definition at line 166 of file aci_data_structures.c.

Referenced by get_attr_user(), register_user_lists1(), register_user_lists2(), rsbac_init(), rsbac_stats(), rsbac_ta_list_all_user(), rsbac_ta_remove_target(), and set_attr_user().


Generated on Wed May 16 11:54:21 2007 for RSBAC by  doxygen 1.5.1