/linux-2.6.21.1-rsbac-1.3.4/rsbac/help/helpers.c

Go to the documentation of this file.
00001 /************************************* */
00002 /* Rule Set Based Access Control       */
00003 /* Author and (c) 1999-2006:           */
00004 /*   Amon Ott <ao@rsbac.org>           */
00005 /* Helper functions for all parts      */
00006 /* Last modified: 15/Jun/2006          */
00007 /************************************* */
00008 
00009 #ifndef __KERNEL__
00010 #include <stdlib.h>
00011 #endif
00012 #include <rsbac/types.h>
00013 #include <rsbac/error.h>
00014 #include <rsbac/helpers.h>
00015 #include <rsbac/rc_types.h>
00016 #include <rsbac/getname.h>
00017 #include <rsbac/cap_getname.h>
00018 #include <rsbac/adf.h>
00019 
00020 #ifdef __KERNEL__
00021 #include <linux/kernel.h>
00022 #include <linux/module.h>
00023 #include <linux/fs.h>
00024 #include <linux/mm.h>
00025 #include <linux/highmem.h>
00026 #include <linux/binfmts.h>
00027 #include <net/sock.h>
00028 #include <rsbac/aci.h>
00029 #include <rsbac/rkmem.h>
00030 #include <rsbac/debug.h>
00031 #ifdef CONFIG_RSBAC_RC
00032 #include <rsbac/rc_getname.h>
00033 #endif
00034 #endif
00035 #ifndef __KERNEL__
00036 #include <stdio.h>
00037 #include <string.h>
00038 #include <errno.h>
00039 #include <pwd.h>
00040 #include <grp.h>
00041 #endif
00042 
00043 #ifndef __KERNEL__
00044 int rsbac_u32_compare(__u32 * a, __u32 * b)
00045   {
00046     if(*a < *b)
00047      return -1;
00048     if(*a > *b)
00049       return 1;
00050     return 0;
00051   }
00052 
00053 int rsbac_user_compare(const void * a, const void * b)
00054   {
00055     return rsbac_u32_compare((__u32 *) a, (__u32 *) b);
00056   }
00057 
00058 int rsbac_group_compare(const void * a, const void * b)
00059   {
00060     return rsbac_u32_compare((__u32 *) a, (__u32 *) b);
00061   }
00062 
00063 int rsbac_nettemp_id_compare(const void * a, const void * b)
00064   {
00065     return rsbac_u32_compare((__u32 *) a, (__u32 *) b);
00066   }
00067 
00068 int rsbac_dev_compare(const void *desc1, const void *desc2)
00069 {
00070         int result;
00071 
00072         result = memcmp(&((struct rsbac_dev_desc_t *)desc1)->type,
00073                         &((struct rsbac_dev_desc_t *)desc2)->type,
00074                         sizeof(((struct rsbac_dev_desc_t *)desc1)->type));
00075         if (result)
00076                 return result;
00077         result = memcmp(&((struct rsbac_dev_desc_t *)desc1)->major,
00078                         &((struct rsbac_dev_desc_t *)desc2)->major,
00079                         sizeof(((struct rsbac_dev_desc_t *)desc1)->major));
00080         if (result)
00081                 return result;
00082         return memcmp(&((struct rsbac_dev_desc_t *)desc1)->minor,
00083                 &((struct rsbac_dev_desc_t *)desc2)->minor,
00084                 sizeof(((struct rsbac_dev_desc_t *)desc1)->minor));
00085 }
00086 #endif
00087 
00088 char * inttostr(char * str, int i)
00089   {
00090     int j = 0;
00091     
00092     if(!str)
00093       return(NULL);
00094       
00095     if (i<0)
00096       {
00097         str[j] = '-';
00098         j++;
00099         i = -i;
00100       }
00101     if (i>=10000)
00102       {
00103         str[j] = '0' + (i / 10000);
00104         j++;
00105       }
00106     if (i>=1000)
00107       {
00108         str[j] = '0' + ((i % 10000) / 1000);
00109         j++;
00110       }
00111     if (i>=100)
00112       {
00113         str[j] = '0' + ((i % 1000) / 100);
00114         j++;
00115       }
00116     if (i>=10)
00117       {
00118         str[j] = '0' + ((i % 100) / 10);
00119         j++;
00120       }
00121     str[j] = '0' + (i % 10);
00122     j++;
00123     str[j] = 0;
00124     return (str);
00125   };
00126 
00127 char * ulongtostr(char * str, u_long i)
00128   {
00129     int    j = 0;
00130     u_long k = 1000000000;
00131     
00132     if(!str)
00133       return(NULL);
00134 
00135     if (i>=k)
00136       {
00137         str[j] = '0' + ((i / k) % 100);
00138         j++;
00139       }
00140     k /= 10;
00141 
00142     while (k>1)
00143       {
00144         if (i>=k)
00145           {
00146             str[j] = '0' + ((i % (k*10)) / k);
00147             j++;
00148           }
00149         k /= 10;
00150       };
00151 
00152     str[j] = '0' + (i % 10);
00153     j++;
00154     str[j] = 0;
00155     return (str);
00156   };
00157 
00158 char * longtostr(char * str, long i)
00159   {
00160     int    j = 0;
00161     u_long k = 1000000000;
00162     
00163     if(!str)
00164       return(NULL);
00165 
00166     if (i<0)
00167       {
00168         str[0] = '-';
00169         j = 1;
00170         i = -i;
00171       }
00172     if (i>=k)
00173       {
00174         str[j] = '0' + ((i / k) % 100);
00175         j++;
00176       }
00177     k /= 10;
00178 
00179     while (k>1)
00180       {
00181         if (i>=k)
00182           {
00183             str[j] = '0' + ((i % (k*10)) / k);
00184             j++;
00185           }
00186         k /= 10;
00187       };
00188 
00189     str[j] = '0' + (i % 10);
00190     j++;
00191     str[j] = 0;
00192     return (str);
00193   };
00194 
00195 char * u64tostrmac(char * str, __u64 i)
00196   {
00197     int    j = 0;
00198     __u64  k;
00199 
00200     if(!str)
00201       return(NULL);
00202 
00203     k = 1;
00204     for(j = RSBAC_MAC_MAX_CAT;j >= 0;j--)
00205       {
00206         if (i & k)
00207           str[j] = '1';
00208         else
00209           str[j] = '0';
00210         k<<=1;
00211       };
00212 
00213     str[RSBAC_MAC_NR_CATS] = 0;
00214     return (str);
00215   };
00216 
00217 #ifndef __KERNEL__
00218 
00219 void error_exit(int error)
00220   {
00221     char tmp1[80];
00222 
00223     if(error<0)
00224       {
00225         get_error_name(tmp1,error);
00226         fprintf(stderr, "Error: %s\n", tmp1);
00227         exit(1);
00228       }
00229   }
00230 
00231 void show_error(int error)
00232   {
00233     char tmp1[80];
00234 
00235     if(error<0)
00236       {
00237         get_error_name(tmp1,error);
00238         fprintf(stderr, "Error: %s\n", tmp1);
00239       }
00240   }
00241 
00242 int rsbac_get_uid_name(rsbac_uid_t * uid, char * name, char * sourcename)
00243   {
00244     struct passwd * user_info_p;
00245     rsbac_uid_t uid_i;
00246 
00247     if(!(user_info_p = getpwnam(sourcename)))
00248       {
00249         uid_i = strtoul(sourcename,0,10);
00250         if(   !uid_i
00251            && strcmp("0", sourcename)
00252           )
00253           {
00254             return -RSBAC_EINVALIDVALUE;
00255           }
00256         if(name)
00257           {
00258             if((user_info_p = getpwuid(uid_i)))
00259               strcpy(name, user_info_p->pw_name);
00260             else
00261               sprintf(name, "%u", uid_i);
00262           }
00263       }
00264     else
00265       {
00266         uid_i = user_info_p->pw_uid;
00267         if(name)
00268           strcpy(name, user_info_p->pw_name);
00269       }
00270     if(uid)
00271       *uid = uid_i;
00272     return 0;
00273   }
00274 
00275 int rsbac_get_fullname(char * fullname, rsbac_uid_t uid)
00276   {
00277     struct passwd * user_info_p;
00278     rsbac_uid_t uid_i;
00279 
00280     if(!fullname)
00281       return -RSBAC_EINVALIDPOINTER;
00282     if(!(user_info_p = getpwuid(uid)))
00283       {
00284         sprintf(fullname, "%u", uid);
00285       }
00286     else
00287       {
00288         strcpy(fullname, user_info_p->pw_gecos);
00289       }
00290     return 0;
00291   }
00292 
00293 char * get_user_name(rsbac_uid_t user, char * name)
00294   {
00295     struct passwd * user_info_p;
00296 
00297     if((user_info_p = getpwuid(user)))
00298       {
00299         strcpy(name, user_info_p->pw_name);
00300       }
00301     else
00302       {
00303         sprintf(name, "%u", user);
00304       }
00305     return name;
00306   }
00307 
00308 char * get_group_name(rsbac_gid_t group, char * name)
00309   {
00310     struct group * group_info_p;
00311 
00312     if((group_info_p = getgrgid(group)))
00313       {
00314         strcpy(name, group_info_p->gr_name);
00315       }
00316     else
00317       {
00318         sprintf(name, "%u", group);
00319       }
00320     return name;
00321   }
00322 
00323 int rsbac_get_gid_name(rsbac_gid_t * gid, char * name, char * sourcename)
00324   {
00325     struct group * group_info_p;
00326     rsbac_gid_t gid_i;
00327 
00328     if(!(group_info_p = getgrnam(sourcename)))
00329       {
00330         gid_i = strtoul(sourcename,0,10);
00331         if(   !gid_i
00332            && strcmp("0", sourcename)
00333           )
00334           {
00335             return -RSBAC_EINVALIDVALUE;
00336           }
00337         if(name)
00338           {
00339             if((group_info_p = getgrgid(gid_i)))
00340               strcpy(name, group_info_p->gr_name);
00341             else
00342               sprintf(name, "%u", gid_i);
00343           }
00344       }
00345     else
00346       {
00347         gid_i = group_info_p->gr_gid;
00348         if(name)
00349           strcpy(name, group_info_p->gr_name);
00350       }
00351     if(gid)
00352       *gid = gid_i;
00353     return 0;
00354   }
00355 
00356 
00357 char * u64tostrlog(char * str, __u64 i)
00358   {
00359     int    j = 0;
00360     __u64  k;
00361 
00362     if(!str)
00363       return(NULL);
00364 
00365     k = 1;
00366     for(j = R_NONE - 1;j >= 0;j--)
00367       {
00368         if (i & k)
00369           str[j] = '1';
00370         else
00371           str[j] = '0';
00372         k<<=1;
00373       };
00374 
00375     str[R_NONE] = 0;
00376     return (str);
00377   };
00378 
00379 __u64 strtou64log(char * str, __u64 * i_p)
00380   {
00381     int    j;
00382     __u64  k = 1, res=0;
00383     
00384     if(!str)
00385       return(0);
00386 
00387     if (strlen(str) < R_NONE)
00388       return(-1);
00389     for(j=R_NONE-1;j>=0;j--)
00390       {
00391         if(str[j] != '0')
00392           {
00393             res |= k;
00394           }
00395         k <<= 1;
00396       }
00397     for(j=R_NONE;j<64;j++)
00398       {
00399         res |= k;
00400         k <<= 1;
00401       }
00402     *i_p = res;
00403     return(res);
00404   };
00405 
00406 char * u64tostrrc(char * str, __u64 i)
00407   {
00408     int    j = 0;
00409     __u64  k;
00410 
00411     if(!str)
00412       return(NULL);
00413 
00414     k = 1;
00415     for(j = 63;j >= 0;j--)
00416       {
00417         if (i & k)
00418           str[j] = '1';
00419         else
00420           str[j] = '0';
00421         k<<=1;
00422       };
00423 
00424     str[64] = 0;
00425     return (str);
00426   };
00427 
00428 __u64 strtou64rc(char * str, __u64 * i_p)
00429   {
00430     int    j;
00431     __u64  k = 1, res=0;
00432     
00433     if(!str)
00434       return(0);
00435 
00436     if (strlen(str) < 64)
00437       return(-1);
00438     for(j=63;j>=0;j--)
00439       {
00440         if(str[j] != '0')
00441           {
00442             res |= k;
00443           }
00444         k <<= 1;
00445       }
00446     *i_p = res;
00447     return(res);
00448   };
00449 
00450 char * u64tostrrcr(char * str, __u64 i)
00451   {
00452     int    j = 0;
00453     __u64  k;
00454 
00455     if(!str)
00456       return(NULL);
00457 
00458     k = 1;
00459     for(j = RCR_NONE - 1;j >= 0;j--)
00460       {
00461         if (i & k)
00462           str[j] = '1';
00463         else
00464           str[j] = '0';
00465         k<<=1;
00466       };
00467 
00468     str[RCR_NONE] = 0;
00469     return (str);
00470   };
00471 
00472 __u64 strtou64rcr(char * str, __u64 * i_p)
00473   {
00474     int    j;
00475     __u64  k = 1, res=0;
00476     
00477     if(!str)
00478       return(0);
00479 
00480     if (strlen(str) < RCR_NONE)
00481       return(-1);
00482     for(j=RCR_NONE-1;j>=0;j--)
00483       {
00484         if(str[j] != '0')
00485           {
00486             res |= k;
00487           }
00488         k <<= 1;
00489       }
00490     for(j=RCR_NONE;j<64;j++)
00491       {
00492         res |= k;
00493         k <<= 1;
00494       }
00495     *i_p = res;
00496     return(res);
00497   };
00498 
00499 __u64 strtou64mac(char * str, __u64 * i_p)
00500   {
00501     int    j;
00502     __u64  k = 1, res=0;
00503     
00504     if(!str)
00505       return(0);
00506 
00507     if (strlen(str) < RSBAC_MAC_NR_CATS)
00508       return(-1);
00509     for(j=RSBAC_MAC_MAX_CAT;j>=0;j--)
00510       {
00511         if(str[j] != '0')
00512           {
00513             res |= k;
00514           }
00515         k <<= 1;
00516       }
00517     for(j=RSBAC_MAC_NR_CATS;j<64;j++)
00518       {
00519         res |= k;
00520         k <<= 1;
00521       }
00522     *i_p = res;
00523     return(res);
00524   };
00525 
00526 __u64 strtou64acl(char * str, __u64 * i_p)
00527   {
00528     int    j;
00529     __u64  k = 1, res=0;
00530     
00531     if(!str)
00532       return(0);
00533 
00534     if (strlen(str) < (ACLR_NONE - 1))
00535       return(-1);
00536     for(j=ACLR_NONE-1;j>=0;j--)
00537       {
00538         if(str[j] != '0')
00539           {
00540             res |= k;
00541           }
00542         k <<= 1;
00543       }
00544     for(j=ACLR_NONE-1;j<64;j++)
00545       {
00546         res |= k;
00547         k <<= 1;
00548       }
00549     *i_p = res;
00550     return(res);
00551   }
00552 
00553 int strtodevdesc(char * str, struct rsbac_dev_desc_t * dev_p)
00554   {
00555     char * p;
00556     char * c;
00557 
00558     if(!str)
00559       return -RSBAC_EINVALIDVALUE;
00560     if(!strcmp(str, ":DEFAULT:"))
00561       {
00562         *dev_p = RSBAC_ZERO_DEV_DESC;
00563         return 0;
00564       }
00565     p = str;
00566     c = strchr(p,':');
00567     switch(*p)
00568       {
00569         case 'b':
00570         case 'B':
00571           if(c)
00572             dev_p->type = D_block;
00573           else
00574             dev_p->type = D_block_major;
00575           break;
00576         case 'c':
00577         case 'C':
00578           if(c)
00579             dev_p->type = D_char;
00580           else
00581             dev_p->type = D_char_major;
00582           break;
00583         default:
00584           return -RSBAC_EINVALIDTARGET;
00585       }
00586     p++;
00587     dev_p->major = strtoul(p,0,0);
00588     if(c)
00589       {
00590         c++;
00591         dev_p->minor = strtoul(c,0,0);
00592       }
00593     else
00594       dev_p->minor = 0;
00595     return 0;
00596   }
00597 
00598 char * devdesctostr(char * str, struct rsbac_dev_desc_t dev)
00599   {
00600     if(RSBAC_IS_ZERO_DEV_DESC(dev))
00601       {
00602         sprintf(str, ":DEFAULT:");
00603         return str;
00604       }
00605     switch(dev.type)
00606       {
00607         case D_block:
00608         case D_char:
00609           sprintf(str, "%c%u:%u", 'b' + dev.type, dev.major, dev.minor);
00610           break;
00611         case D_block_major:
00612         case D_char_major:
00613           sprintf(str, "%c%u",
00614                   'b' + dev.type - (D_block_major - D_block),
00615                   dev.major);
00616           break;
00617         default:
00618           sprintf(str, "invalid!");
00619       }
00620     return str;
00621   }
00622 #endif /* ifndef __KERNEL__ */
00623 
00624 char * u64tostracl(char * str, __u64 i)
00625   {
00626     int    j = 0;
00627     __u64  k;
00628 
00629     if(!str)
00630       return(NULL);
00631 
00632     k = 1;
00633     for(j = ACLR_NONE - 1;j >= 0;j--)
00634       {
00635         if (i & k)
00636           str[j] = '1';
00637         else
00638           str[j] = '0';
00639         k<<=1;
00640       };
00641 
00642     str[ACLR_NONE] = 0;
00643     return (str);
00644   };
00645 
00646 char * u32tostrcap(char * str, __u32 i)
00647   {
00648     int    j = 0;
00649     __u32  k;
00650 
00651     if(!str)
00652       return(NULL);
00653 
00654     k = 1;
00655     for(j = CAP_NONE - 1;j >= 0;j--)
00656       {
00657         if (i & k)
00658           str[j] = '1';
00659         else
00660           str[j] = '0';
00661         k<<=1;
00662       };
00663 
00664     str[CAP_NONE] = 0;
00665     return (str);
00666   };
00667 
00668 __u32 strtou32cap(char * str, __u32 * i_p)
00669   {
00670     int    j;
00671     __u32  k = 1, res=0;
00672     
00673     if(!str)
00674       return(0);
00675 
00676     if (strlen(str) < CAP_NONE)
00677       return(-1);
00678     for(j=CAP_NONE-1;j>=0;j--)
00679       {
00680         if(str[j] != '0')
00681           {
00682             res |= k;
00683           }
00684         k <<= 1;
00685       }
00686     for(j=CAP_NONE;j<32;j++)
00687       {
00688         res |= k;
00689         k <<= 1;
00690       }
00691     *i_p = res;
00692     return(res);
00693   };
00694 
00695 
00696 #ifdef __KERNEL__
00697 
00698 /* find the current owner of this process */
00699 int rsbac_get_owner(rsbac_uid_t * user_p)
00700   {
00701     *user_p = current->uid;
00702     return(0);
00703   }
00704 
00705 void rsbac_ds_get_error(const char * function, enum rsbac_attribute_t attr)
00706   {
00707     if(!function)
00708       return;
00709     if(attr != A_none)
00710       {
00711         char tmp[80];
00712 
00713         get_attribute_name(tmp, attr);
00714         rsbac_printk(KERN_WARNING
00715                      "%s: rsbac_get_attr() for %s returned error!\n",
00716                      function, tmp);
00717       }
00718     else
00719       {
00720         rsbac_printk(KERN_WARNING
00721                      "%s: rsbac_get_attr() returned error!\n",
00722                      function);
00723       }
00724   }
00725 
00726 void rsbac_ds_get_error_num(const char * function, enum rsbac_attribute_t attr, int err)
00727   {
00728     if(!function)
00729       return;
00730     if(attr != A_none)
00731       {
00732         char tmp[80];
00733         char tmp2[80];
00734 
00735         get_attribute_name(tmp, attr);
00736         get_error_name(tmp2, err);
00737         rsbac_printk(KERN_WARNING
00738                      "%s: rsbac_get_attr() for %s returned error %s!\n",
00739                      function, tmp, tmp2);
00740       }
00741     else
00742       {
00743         rsbac_printk(KERN_WARNING
00744                      "%s: rsbac_get_attr() returned error!\n",
00745                      function);
00746       }
00747   }
00748 
00749 void rsbac_ds_set_error(const char * function, enum rsbac_attribute_t attr)
00750   {
00751     if(!function)
00752       return;
00753     if(attr != A_none)
00754       {
00755         char tmp[80];
00756 
00757         get_attribute_name(tmp, attr);
00758         rsbac_printk(KERN_WARNING
00759                      "%s: rsbac_set_attr() for %s returned error!\n",
00760                      function, tmp);
00761       }
00762     else
00763       {
00764         rsbac_printk(KERN_WARNING
00765                      "%s: rsbac_set_attr() returned error!\n",
00766                      function);
00767       }
00768   }
00769 
00770 void rsbac_ds_set_error_num(const char * function, enum rsbac_attribute_t attr, int err)
00771   {
00772     if(!function)
00773       return;
00774     if(attr != A_none)
00775       {
00776         char tmp[80];
00777         char tmp2[80];
00778 
00779         get_attribute_name(tmp, attr);
00780         get_error_name(tmp2, err);
00781         rsbac_printk(KERN_WARNING
00782                      "%s: rsbac_set_attr() for %s returned error %s!\n",
00783                      function, tmp, tmp2);
00784       }
00785     else
00786       {
00787         rsbac_printk(KERN_WARNING
00788                      "%s: rsbac_set_attr() returned error!\n",
00789                      function);
00790       }
00791   }
00792 
00793 #ifdef CONFIG_RSBAC_RC
00794 void rsbac_rc_ds_get_error(const char * function, enum rsbac_rc_item_t item)
00795   {
00796     if(!function)
00797       return;
00798     if(item != RI_none)
00799       {
00800         char tmp[80];
00801 
00802         get_rc_item_name(tmp, item);
00803         rsbac_printk(KERN_WARNING
00804                      "%s: rsbac_rc_get_item() for %s returned error!\n",
00805                      function, tmp);
00806       }
00807     else
00808       {
00809         rsbac_printk(KERN_WARNING
00810                      "%s: rsbac_rc_get_item() returned error!\n",
00811                      function);
00812       }
00813   }
00814 
00815 void rsbac_rc_ds_set_error(const char * function, enum rsbac_rc_item_t item)
00816   {
00817     if(!function)
00818       return;
00819     if(item != RI_none)
00820       {
00821         char tmp[80];
00822 
00823         get_rc_item_name(tmp, item);
00824         rsbac_printk(KERN_WARNING
00825                      "%s: rsbac_rc_set_item() for %s returned error!\n",
00826                      function, tmp);
00827       }
00828     else
00829       {
00830         rsbac_printk(KERN_WARNING
00831                      "%s: rsbac_rc_set_item() returned error!\n",
00832                      function);
00833       }
00834   }
00835 #endif
00836 
00837 #ifdef CONFIG_RSBAC_CAP
00838 
00839 /* The following code was taken from the LIDS project (www.lids.org) */
00840 /* and modified to our needs. Thanks for your help. :) */
00841 
00842 /*static int do_check_envp(struct linux_binprm *bprm)
00843 {
00844         struct page *page;
00845         int err = 0;
00846         char *kaddr, *paddr, *p, *end_p;
00847         unsigned long offset;
00848         unsigned long i;
00849 
00850         offset = (bprm->p) % PAGE_SIZE;
00851         i = (bprm->p) / PAGE_SIZE;
00852         kaddr = p = kmalloc(MAX_ARG_PAGES * PAGE_SIZE - bprm->p, GFP_KERNEL);
00853 
00854         if (!p)
00855                 return -1;
00856 
00857         end_p = p + MAX_ARG_PAGES * PAGE_SIZE - bprm->p; 
00858         while (i < MAX_ARG_PAGES) {
00859                 page = bprm->page[i];
00860                 paddr = kmap(page);
00861                 if( kaddr + PAGE_SIZE - offset > end_p ) {
00862                         kfree(p);
00863                         return -1;
00864                 } 
00865                 memcpy(kaddr, paddr + offset, PAGE_SIZE - offset);
00866                 kaddr += PAGE_SIZE - offset;
00867                 kunmap(page);
00868                 offset = 0;
00869                 i++;
00870         }
00871         kaddr = p;
00872         i = 0;
00873         while (i < bprm->envc + bprm->argc) {
00874                 if (i >= bprm->argc) {
00875                         if ((kaddr[0] == 'L' || kaddr[0] == 'l') &&
00876                             (kaddr[1] == 'D' || kaddr[1] == 'd') &&
00877                             (kaddr[2] == '_')) {
00878                                 err = -1;
00879                                 break;
00880                         }
00881                 }
00882                 kaddr = strchr(kaddr, '\0');
00883                 kaddr = kaddr + 1;
00884                 if(kaddr > end_p) {
00885                         kfree(p);
00886                         return -1;
00887                 } 
00888                 i++;
00889         }
00890 
00891         kfree(p);
00892         return err;
00893 }*/
00894 #endif
00895 
00896 /*int rsbac_cap_check_envp(struct linux_binprm *bprm)
00897 {
00898         union rsbac_target_id_t       rsbac_target_id_file;
00899         union rsbac_target_id_t       rsbac_target_id_user;
00900         union rsbac_target_id_t       rsbac_target_id_proc;
00901         union rsbac_attribute_value_t rsbac_attribute_value_file;
00902         union rsbac_attribute_value_t rsbac_attribute_value_proc;
00903                 
00904         int ret = -EFAULT;
00905                                 
00906         rsbac_pr_debug(aef, "do_execve() [sys_execve()]: calling ADF\n");
00907         rsbac_target_id_file.file.device = bprm->file->f_dentry->d_sb->s_dev;
00908         rsbac_target_id_file.file.inode  = bprm->file->f_dentry->d_inode->i_ino;
00909         rsbac_target_id_file.file.dentry_p = bprm->file->f_dentry;
00910         rsbac_target_id_user.user = current->uid;
00911         rsbac_target_id_proc.process = current->pid;
00912         
00913         ret = rsbac_ta_get_attr(0,
00914                                 SW_CAP,
00915                                 T_FILE,
00916                                 rsbac_target_id_file,
00917                                 A_cap_ld_env,
00918                                 &rsbac_attribute_value_file,
00919                                 1);
00920         if (ret != 0) {
00921                 if (ret == -1010) {
00922                         ret = 0;
00923                         goto out;
00924                 } else {
00925                         goto out;
00926                 }
00927         }
00928 
00929         switch (rsbac_attribute_value_file.u_char_dummy) {
00930                 case LD_keep:
00931                         goto chk_proc;
00932                 case LD_deny:
00933                         goto chk_envp;
00934                 case LD_allow:
00935                         ret = 0;
00936                         goto out;
00937                 default:
00938                         ret = -EINVAL;
00939                         goto out;
00940         }
00941 chk_proc:
00942         ret = rsbac_ta_get_attr(0,
00943                                 SW_CAP,
00944                                 T_PROCESS,
00945                                 rsbac_target_id_proc,
00946                                 A_cap_ld_env,
00947                                 &rsbac_attribute_value_proc,
00948                                 0);
00949         if (ret)
00950                 goto out;
00951         switch(rsbac_attribute_value_proc.u_char_dummy) {
00952                 case LD_allow:
00953                         ret = 0;
00954                         goto out;
00955                 case LD_deny:
00956                         goto chk_envp;
00957                 case LD_keep:
00958                 default:
00959                         return -EINVAL;
00960                         goto out;
00961         }
00962 
00963 chk_envp:
00964         if (do_check_envp(bprm))
00965 #ifdef CONFIG_RSBAC_SOFTMODE
00966                 if (!rsbac_softmode)
00967 #endif
00968                 {
00969                         rsbac_pr_debug(aef, "do_execve() [sys_execve()]: "
00970                                        "request not granted, my PID: %i\n",
00971                                        current->pid);
00972                         ret = -EPERM;
00973                         goto out;
00974                 }
00975 
00976 out:
00977         return ret;
00978 }*/
00979 #endif
00980 /* __KERNEL__ */
00981 
00982 int rsbac_handle_filldir(const struct file *file, const char *name, const unsigned int namlen, const ino_t ino)
00983 {
00984         enum   rsbac_target_t          rsbac_target = T_NONE;
00985         union  rsbac_target_id_t       rsbac_target_id;
00986         union  rsbac_attribute_value_t rsbac_attribute_value;
00987         struct dentry *obj_dentry = NULL;
00988         int err = 1;
00989 
00990         if(!file || !file->f_dentry || !file->f_dentry->d_sb
00991                  || !MAJOR(file->f_dentry->d_sb->s_dev))
00992                 goto old_func;
00993         obj_dentry = rsbac_lookup_one_len(name, file->f_dentry, namlen);
00994         if (!obj_dentry || IS_ERR(obj_dentry)) {
00995                 goto old_func;
00996         }
00997         if (!obj_dentry->d_inode || IS_ERR(obj_dentry->d_inode)) {
00998                 goto out_dput;
00999         }
01000         if (!obj_dentry->d_inode->i_mode || !obj_dentry->d_inode->i_sb || !obj_dentry->d_inode->i_sb->s_dev || !ino) {
01001                 goto out_dput;
01002         }
01003         if (!obj_dentry->d_sb || !obj_dentry->d_sb->s_magic) {
01004                 goto out_dput;
01005         }
01006         rsbac_pr_debug(aef, "[readdir(), sys_getdents()]: calling ADF\n");
01007 
01008         if (S_ISFIFO(obj_dentry->d_inode->i_mode)) {
01009                 if(obj_dentry->d_sb->s_magic != PIPEFS_MAGIC) {
01010                         rsbac_target = T_FIFO;
01011                         rsbac_target_id.fifo.device = obj_dentry->d_inode->i_sb->s_dev;
01012                         rsbac_target_id.fifo.inode  = ino;
01013                         rsbac_target_id.fifo.dentry_p = obj_dentry;
01014                 }
01015         } else
01016         if (S_ISDIR(obj_dentry->d_inode->i_mode)) {
01017                 rsbac_target = T_DIR;
01018                 rsbac_target_id.dir.device = obj_dentry->d_inode->i_sb->s_dev;
01019                 rsbac_target_id.dir.inode = ino;
01020                 rsbac_target_id.dir.dentry_p = obj_dentry;
01021         } else
01022         if (S_ISREG(obj_dentry->d_inode->i_mode)) {
01023                 rsbac_target = T_FILE;
01024                 rsbac_target_id.file.device = obj_dentry->d_inode->i_sb->s_dev;
01025                 rsbac_target_id.file.inode  = ino;
01026                 rsbac_target_id.file.dentry_p = obj_dentry;
01027         } else
01028         if (S_ISLNK(obj_dentry->d_inode->i_mode)) {
01029                 rsbac_target = T_SYMLINK;
01030                 rsbac_target_id.file.device = obj_dentry->d_inode->i_sb->s_dev;
01031                 rsbac_target_id.file.inode = ino;
01032                 rsbac_target_id.file.dentry_p = obj_dentry;
01033         } else
01034         if (S_ISSOCK(obj_dentry->d_inode->i_mode)) {
01035 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01036                 struct socket * sock = SOCKET_I(obj_dentry->d_inode);
01037 #else
01038                 struct socket * sock = &(obj_dentry->d_inode->u.socket_i);
01039 #endif
01040                 if (sock->ops && sock->ops->family == AF_UNIX) {
01041                         if (obj_dentry->d_inode->i_sb->s_magic != SOCKFS_MAGIC) {
01042                                 rsbac_target = T_UNIXSOCK;
01043                                 rsbac_target_id.unixsock.device = obj_dentry->d_inode->i_sb->s_dev;
01044                                 rsbac_target_id.unixsock.inode = ino;
01045                                 rsbac_target_id.unixsock.dentry_p = obj_dentry;
01046                         }
01047                 }
01048                 rsbac_target = T_UNIXSOCK;
01049                 rsbac_target_id.file.device = obj_dentry->d_inode->i_sb->s_dev;
01050                 rsbac_target_id.file.inode = ino;
01051                 rsbac_target_id.file.dentry_p = obj_dentry;
01052         } else
01053         if (S_ISBLK(obj_dentry->d_inode->i_mode)) {
01054                 rsbac_target = T_DEV;
01055                 rsbac_target_id.dev.type = D_block;
01056                 rsbac_target_id.dev.major = RSBAC_MAJOR(obj_dentry->d_inode->i_rdev);
01057                 rsbac_target_id.dev.minor = RSBAC_MINOR(obj_dentry->d_inode->i_rdev);
01058         } else
01059         if (S_ISCHR(obj_dentry->d_inode->i_mode)) {
01060                 rsbac_target = T_DEV;
01061                 rsbac_target_id.dev.type = D_char;
01062                 rsbac_target_id.dev.major = RSBAC_MAJOR(obj_dentry->d_inode->i_rdev);
01063                 rsbac_target_id.dev.minor = RSBAC_MINOR(obj_dentry->d_inode->i_rdev);
01064         }
01065         rsbac_attribute_value.dummy = 0;
01066         if (rsbac_target != T_NONE)
01067                 if (!rsbac_adf_request(R_SEARCH,
01068                                         current->pid,
01069                                         rsbac_target,
01070                                         rsbac_target_id,
01071                                         A_none,
01072                                         rsbac_attribute_value))
01073                 {
01074                         err = 0;
01075                         goto out_dput;
01076                 }
01077 
01078 out_dput:
01079         if (obj_dentry)
01080                 dput(obj_dentry);
01081 old_func:
01082         return err;
01083 }

Generated on Wed May 16 11:53:48 2007 for RSBAC by  doxygen 1.5.1