#include <linux/module.h>
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/string.h>
#include <linux/sched.h>
#include <linux/smp.h>
#include <linux/smp_lock.h>
#include <linux/fs.h>
#include <asm/uaccess.h>
#include <rsbac/types.h>
#include <rsbac/reg.h>
#include <rsbac/adf.h>
#include <rsbac/aci.h>
#include <rsbac/aci_data_structures.h>
#include <rsbac/getname.h>
#include <rsbac/error.h>
#include <rsbac/proc_fs.h>
Go to the source code of this file.
Defines | |
#define | FILENAME "regsmp2" |
#define | FILE_VERSION 1 |
Functions | |
MODULE_AUTHOR ("Amon Ott") | |
MODULE_DESCRIPTION ("RSBAC REG sample decision module 2") | |
MODULE_PARM (name,"s") | |
MODULE_PARM (syscall_name,"s") | |
MODULE_PARM (handle,"l") | |
MODULE_PARM (syscall_registration_handle,"l") | |
MODULE_PARM (syscall_dispatcher_handle,"l") | |
static int | read_info (void) |
static int | write_info (void) |
static int | request_func (enum rsbac_adf_request_t request, rsbac_pid_t owner_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
static int | set_attr_func (enum rsbac_adf_request_t request, rsbac_pid_t owner_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t new_target, union rsbac_target_id_t new_tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
static rsbac_boolean_t | need_overwrite_func (struct dentry *dentry_p) |
static int | write_func (rsbac_boolean_t need_lock) |
static int | syscall_func (void *arg) |
int | init_module (void) |
void | cleanup_module (void) |
Variables | |
static u_long | nr_request_calls = 0 |
static u_long | nr_set_attr_calls = 0 |
static u_long | nr_need_overwrite_calls = 0 |
static rsbac_boolean_t | no_write = FALSE |
static u_long | nr_system_calls = 0 |
static void * | system_call_arg = 0 |
static char * | name = NULL |
static char | dummy_buf [70] = "To protect against wrong insmod params" |
static char * | syscall_name = NULL |
static char | dummy_buf2 [70] = "To protect against wrong insmod params" |
static long | handle = 123457 |
static long | syscall_registration_handle = 754321 |
static long | syscall_dispatcher_handle = 2 |
#define FILE_VERSION 1 |
#define FILENAME "regsmp2" |
Definition at line 57 of file reg_sample2.c.
Referenced by init_module(), read_info(), and write_info().
void cleanup_module | ( | void | ) |
Definition at line 543 of file reg_sample2.c.
References handle, proc_rsbac_root_p, rsbac_printk(), rsbac_reg_unregister(), rsbac_reg_unregister_syscall(), syscall_registration_handle, and write_info().
00544 { 00545 rsbac_printk(KERN_INFO "RSBAC REG decision module sample 2: Unregistering.\n"); 00546 #if defined(CONFIG_RSBAC_PROC) 00547 remove_proc_entry(PROC_NAME, proc_rsbac_root_p); 00548 #endif 00549 if(write_info()) 00550 { 00551 rsbac_printk(KERN_WARNING 00552 "RSBAC REG decision module sample 2: Could not save info for next session.\n"); 00553 } 00554 if(rsbac_reg_unregister_syscall(syscall_registration_handle)) 00555 { 00556 rsbac_printk(KERN_ERR "RSBAC REG decision module sample 2: Unregistering syscall failed - beware of possible system failure!\n"); 00557 } 00558 if(rsbac_reg_unregister(handle)) 00559 { 00560 rsbac_printk(KERN_ERR "RSBAC REG decision module sample 2: Unregistering module failed - beware of possible system failure!\n"); 00561 } 00562 rsbac_printk(KERN_INFO "RSBAC REG decision module sample 2: Unloaded.\n"); 00563 }
int init_module | ( | void | ) |
Definition at line 439 of file reg_sample2.c.
References dummy_buf, dummy_buf2, handle, name, need_overwrite_func(), proc_rsbac_root_p, read_info(), request_func(), rsbac_printk(), RSBAC_REG_NAME_LEN, rsbac_reg_register(), rsbac_reg_register_syscall(), rsbac_reg_unregister(), rsbac_reg_unregister_syscall(), RSBAC_REG_VERSION, set_attr_func(), syscall_dispatcher_handle, syscall_func(), syscall_name, syscall_registration_handle, TRUE, and write_func().
00440 { 00441 struct rsbac_reg_entry_t entry; 00442 struct rsbac_reg_syscall_entry_t syscall_entry; 00443 00444 if(!handle) 00445 handle = 123457; 00446 if(!syscall_registration_handle) 00447 syscall_registration_handle = 754321; 00448 if(!syscall_dispatcher_handle) 00449 syscall_dispatcher_handle = 2; 00450 00451 rsbac_printk(KERN_INFO "RSBAC REG decision module sample 2: Initializing.\n"); 00452 00453 /* clearing registration entries */ 00454 memset(&entry, 0, sizeof(entry)); 00455 memset(&syscall_entry, 0, sizeof(syscall_entry)); 00456 00457 if((dummy_buf[0] != 'T') || (dummy_buf2[0] != 'T')) 00458 { 00459 rsbac_printk(KERN_WARNING "RSBAC REG decision module sample 2: Not loaded due to invalid param string.\n"); 00460 return -ENOEXEC; 00461 } 00462 if(name) 00463 { 00464 strncpy(entry.name, name, RSBAC_REG_NAME_LEN); 00465 entry.name[RSBAC_REG_NAME_LEN] = 0; 00466 } 00467 else 00468 strcpy(entry.name, "RSBAC REG sample 2 ADF module"); 00469 rsbac_printk(KERN_INFO "RSBAC REG decision module sample 2: REG Version: %u, Name: %s, Handle: %li\n", 00470 RSBAC_REG_VERSION, entry.name, handle); 00471 00472 entry.handle = handle; 00473 entry.request_func = request_func; 00474 entry.set_attr_func = set_attr_func; 00475 entry.need_overwrite_func = need_overwrite_func; 00476 entry.write_func = write_func; 00477 entry.switch_on = TRUE; 00478 00479 rsbac_printk(KERN_INFO "RSBAC REG decision module sample 2: Registering to ADF.\n"); 00480 if(rsbac_reg_register(RSBAC_REG_VERSION, entry) < 0) 00481 { 00482 rsbac_printk(KERN_WARNING "RSBAC REG decision module sample 2: Registering failed. Unloading.\n"); 00483 return -ENOEXEC; 00484 } 00485 00486 if(syscall_name) 00487 { 00488 strncpy(syscall_entry.name, syscall_name, RSBAC_REG_NAME_LEN); 00489 syscall_entry.name[RSBAC_REG_NAME_LEN] = 0; 00490 } 00491 else 00492 strcpy(syscall_entry.name, "RSBAC REG sample 2 syscall"); 00493 rsbac_printk(KERN_INFO "RSBAC REG decision module sample 2: REG Version: %u, Name: %s, Dispatcher Handle: %li\n", 00494 RSBAC_REG_VERSION, syscall_entry.name, syscall_dispatcher_handle); 00495 00496 syscall_entry.registration_handle = syscall_registration_handle; 00497 syscall_entry.dispatcher_handle = syscall_dispatcher_handle; 00498 syscall_entry.syscall_func = syscall_func; 00499 00500 rsbac_printk(KERN_INFO "RSBAC REG decision module sample 2: Registering syscall.\n"); 00501 syscall_registration_handle = rsbac_reg_register_syscall(RSBAC_REG_VERSION, syscall_entry); 00502 if(syscall_registration_handle < 0) 00503 { 00504 rsbac_printk(KERN_WARNING "RSBAC REG decision module sample 2: Registering syscall failed. Unloading.\n"); 00505 if(rsbac_reg_unregister(handle)) 00506 { 00507 rsbac_printk(KERN_ERR "RSBAC REG decision module sample 2: Unregistering failed - beware of possible system failure!\n"); 00508 } 00509 return -ENOEXEC; 00510 } 00511 00512 if(read_info()) 00513 { 00514 rsbac_printk(KERN_WARNING 00515 "RSBAC REG decision module sample 2: Could not read info from previous session.\n"); 00516 } 00517 00518 #if defined(CONFIG_RSBAC_PROC) 00519 proc_reg_sample_p = create_proc_entry(PROC_NAME, 00520 S_IFREG | S_IRUGO, 00521 proc_rsbac_root_p); 00522 if(!proc_reg_sample_p) 00523 { 00524 rsbac_printk(KERN_WARNING "%s: Not loaded due to failed proc entry registering.\n", name); 00525 if(rsbac_reg_unregister_syscall(syscall_registration_handle)) 00526 { 00527 rsbac_printk(KERN_ERR "RSBAC REG decision module sample 2: Unregistering syscall failed - beware of possible system failure!\n"); 00528 } 00529 if(rsbac_reg_unregister(handle)) 00530 { 00531 rsbac_printk(KERN_ERR "RSBAC REG decision module sample 2: Unregistering from ADF failed - beware of possible system failure!\n"); 00532 } 00533 return -ENOEXEC; 00534 } 00535 proc_reg_sample_p->get_info = adf_sample_proc_info; 00536 #endif 00537 00538 rsbac_printk(KERN_INFO "RSBAC REG decision module sample 2: Loaded.\n"); 00539 00540 return 0; 00541 }
MODULE_AUTHOR | ( | "Amon Ott" | ) |
MODULE_DESCRIPTION | ( | "RSBAC REG sample decision module 2" | ) |
MODULE_PARM | ( | syscall_dispatcher_handle | , | |
"l" | ||||
) |
MODULE_PARM | ( | syscall_registration_handle | , | |
"l" | ||||
) |
MODULE_PARM | ( | handle | , | |
"l" | ||||
) |
MODULE_PARM | ( | syscall_name | , | |
"s" | ||||
) |
MODULE_PARM | ( | name | , | |
"s" | ||||
) |
static rsbac_boolean_t need_overwrite_func | ( | struct dentry * | dentry_p | ) | [static] |
Definition at line 408 of file reg_sample2.c.
References FALSE, and nr_need_overwrite_calls.
00409 { 00410 nr_need_overwrite_calls++; 00411 return FALSE; 00412 }
static int read_info | ( | void | ) | [static] |
Definition at line 169 of file reg_sample2.c.
References FILE_VERSION, FILENAME, name, no_write, nr_need_overwrite_calls, nr_request_calls, nr_set_attr_calls, RSBAC_EREADFAILED, RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_read_close(), rsbac_read_open(), rsbac_root_dev, and TRUE.
Referenced by init_module().
00170 { 00171 struct file file; 00172 char name[RSBAC_MAXNAMELEN]; 00173 int err = 0; 00174 int tmperr; 00175 mm_segment_t oldfs; 00176 u_int version; 00177 u_long tmpval; 00178 00179 /* copy name from base name */ 00180 strcpy(name, FILENAME); 00181 00182 /* open file */ 00183 if ((err = rsbac_read_open(name, 00184 &file, 00185 rsbac_root_dev) )) 00186 return(err); 00187 00188 /* OK, now we can start reading */ 00189 00190 /* There is a read function for this file, so read data from 00191 * previous module load. 00192 * A positive read return value means a read success, 00193 * 0 end of file and a negative value an error. 00194 */ 00195 00196 /* Set current user space to kernel space, because read() writes */ 00197 /* to user space */ 00198 oldfs = get_fs(); 00199 set_fs(KERNEL_DS); 00200 00201 tmperr = file.f_op->read(&file, 00202 (char *) &version, 00203 sizeof(version), 00204 &file.f_pos); 00205 /* error? */ 00206 if (tmperr < sizeof(version)) 00207 { 00208 rsbac_printk(KERN_WARNING 00209 "read_info(): read error from file!\n"); 00210 err = -RSBAC_EREADFAILED; 00211 goto end_read; 00212 } 00213 /* if wrong version, warn and skip */ 00214 if (version != FILE_VERSION) 00215 { 00216 rsbac_printk(KERN_WARNING 00217 "read_info(): wrong version %u, expected %u - skipping file and setting no_write!\n", 00218 version, FILE_VERSION); 00219 no_write = TRUE; 00220 err = -RSBAC_EREADFAILED; 00221 goto end_read; 00222 } 00223 00224 /* read nr_request_calls */ 00225 tmperr = file.f_op->read(&file, 00226 (char *) &tmpval, 00227 sizeof(tmpval), 00228 &file.f_pos); 00229 if (tmperr < sizeof(tmpval)) 00230 { 00231 rsbac_printk(KERN_WARNING "%s\n", 00232 "read_info(): read error from file!"); 00233 err = -RSBAC_EREADFAILED; 00234 goto end_read; 00235 } 00236 nr_request_calls = tmpval; 00237 00238 /* read nr_set_attr_calls */ 00239 tmperr = file.f_op->read(&file, 00240 (char *) &tmpval, 00241 sizeof(tmpval), 00242 &file.f_pos); 00243 if (tmperr < sizeof(tmpval)) 00244 { 00245 rsbac_printk(KERN_WARNING "%s\n", 00246 "read_info(): read error from file!"); 00247 err = -RSBAC_EREADFAILED; 00248 goto end_read; 00249 } 00250 nr_set_attr_calls = tmpval; 00251 00252 /* read nr_need_overwrite_calls */ 00253 tmperr = file.f_op->read(&file, 00254 (char *) &tmpval, 00255 sizeof(tmpval), 00256 &file.f_pos); 00257 if (tmperr < sizeof(tmpval)) 00258 { 00259 rsbac_printk(KERN_WARNING "%s\n", 00260 "read_info(): read error from file!"); 00261 err = -RSBAC_EREADFAILED; 00262 goto end_read; 00263 } 00264 nr_need_overwrite_calls = tmpval; 00265 00266 end_read: 00267 /* Set current user space back to user space, because read() writes */ 00268 /* to user space */ 00269 set_fs(oldfs); 00270 00271 /* We do not need this file dentry any more */ 00272 rsbac_read_close(&file); 00273 00274 /* ready */ 00275 return(err); 00276 }; /* end of read_info() */
static int request_func | ( | enum rsbac_adf_request_t | request, | |
rsbac_pid_t | owner_pid, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t | attr_val, | |||
rsbac_uid_t | owner | |||
) | [static] |
Definition at line 378 of file reg_sample2.c.
References GRANTED, nr_request_calls, and R_SEARCH.
00385 { 00386 /* count call, but not for SEARCH request */ 00387 if(request != R_SEARCH) 00388 nr_request_calls++; 00389 return GRANTED; 00390 }
static int set_attr_func | ( | enum rsbac_adf_request_t | request, | |
rsbac_pid_t | owner_pid, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid, | |||
enum rsbac_target_t | new_target, | |||
union rsbac_target_id_t | new_tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t | attr_val, | |||
rsbac_uid_t | owner | |||
) | [static] |
Definition at line 392 of file reg_sample2.c.
References nr_set_attr_calls, and R_SEARCH.
00401 { 00402 /* count call, but not for SEARCH request */ 00403 if(request != R_SEARCH) 00404 nr_set_attr_calls++; 00405 return 0; 00406 }
static int syscall_func | ( | void * | arg | ) | [static] |
Definition at line 430 of file reg_sample2.c.
References nr_system_calls, and system_call_arg.
00431 { 00432 nr_system_calls++; 00433 system_call_arg = arg; 00434 return nr_system_calls; 00435 }
static int write_func | ( | rsbac_boolean_t | need_lock | ) | [static] |
Definition at line 414 of file reg_sample2.c.
References write_info().
Referenced by init_module().
00415 { 00416 int res=0; 00417 00418 if(need_lock) 00419 lock_kernel(); 00420 00421 if(!write_info()) 00422 res = 1; 00423 00424 if(need_lock) 00425 unlock_kernel(); 00426 00427 return(res); 00428 }
static int write_info | ( | void | ) | [static] |
Definition at line 278 of file reg_sample2.c.
References FILE_VERSION, FILENAME, name, nr_need_overwrite_calls, nr_request_calls, nr_set_attr_calls, RSBAC_EWRITEFAILED, RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_root_dev, rsbac_write_close(), rsbac_write_open(), and rsbac_write_sem.
Referenced by cleanup_module(), and write_func().
00279 { 00280 struct file file; 00281 char name[RSBAC_MAXNAMELEN]; 00282 int err = 0; 00283 int tmperr; 00284 mm_segment_t oldfs; 00285 u_int version = FILE_VERSION; 00286 00287 /* copy name from base name */ 00288 strcpy(name, FILENAME); 00289 00290 /* get rsbac write-to-disk semaphore */ 00291 down(&rsbac_write_sem); 00292 00293 /* open file */ 00294 if ((err = rsbac_write_open(name, 00295 &file, 00296 rsbac_root_dev) )) 00297 { 00298 up(&rsbac_write_sem); 00299 return(err); 00300 } 00301 00302 /* OK, now we can start writing all sample items. 00303 * A positive return value means a write success, 00304 * 0 end of file and a negative value an error. 00305 */ 00306 00307 /* Set current user space to kernel space, because write() reads 00308 * from user space */ 00309 oldfs = get_fs(); 00310 set_fs(KERNEL_DS); 00311 00312 tmperr = file.f_op->write(&file, 00313 (char *) &version, 00314 sizeof(version), 00315 &file.f_pos); 00316 if (tmperr < sizeof(version)) 00317 { 00318 rsbac_printk(KERN_WARNING 00319 "write_info(): write error %i on file!\n", 00320 tmperr); 00321 err = -RSBAC_EWRITEFAILED; 00322 goto end_write; 00323 } 00324 00325 tmperr = file.f_op->write(&file, 00326 (char *) &nr_request_calls, 00327 sizeof(nr_request_calls), 00328 &file.f_pos); 00329 if (tmperr < sizeof(nr_request_calls)) 00330 { 00331 rsbac_printk(KERN_WARNING 00332 "write_info(): write error %i on file!\n", 00333 tmperr); 00334 err = -RSBAC_EWRITEFAILED; 00335 goto end_write; 00336 } 00337 00338 tmperr = file.f_op->write(&file, 00339 (char *) &nr_set_attr_calls, 00340 sizeof(nr_set_attr_calls), 00341 &file.f_pos); 00342 if (tmperr < sizeof(nr_set_attr_calls)) 00343 { 00344 rsbac_printk(KERN_WARNING 00345 "write_info(): write error %i on file!\n", 00346 tmperr); 00347 err = -RSBAC_EWRITEFAILED; 00348 goto end_write; 00349 } 00350 00351 tmperr = file.f_op->write(&file, 00352 (char *) &nr_need_overwrite_calls, 00353 sizeof(nr_need_overwrite_calls), 00354 &file.f_pos); 00355 if (tmperr < sizeof(nr_need_overwrite_calls)) 00356 { 00357 rsbac_printk(KERN_WARNING 00358 "write_info(): write error %i on file!\n", 00359 tmperr); 00360 err = -RSBAC_EWRITEFAILED; 00361 goto end_write; 00362 } 00363 00364 end_write: 00365 /* Set current user space back to user space, because write() reads */ 00366 /* from user space */ 00367 set_fs(oldfs); 00368 00369 /* End of write access */ 00370 rsbac_write_close(&file); 00371 up(&rsbac_write_sem); 00372 return(err); 00373 }; /* end of write_info() */
char dummy_buf[70] = "To protect against wrong insmod params" [static] |
char dummy_buf2[70] = "To protect against wrong insmod params" [static] |
long handle = 123457 [static] |
Definition at line 49 of file reg_sample2.c.
char* name = NULL [static] |
Definition at line 41 of file reg_sample2.c.
rsbac_boolean_t no_write = FALSE [static] |
u_long nr_need_overwrite_calls = 0 [static] |
Definition at line 32 of file reg_sample2.c.
u_long nr_request_calls = 0 [static] |
Definition at line 30 of file reg_sample2.c.
u_long nr_set_attr_calls = 0 [static] |
Definition at line 31 of file reg_sample2.c.
u_long nr_system_calls = 0 [static] |
Definition at line 34 of file reg_sample2.c.
long syscall_dispatcher_handle = 2 [static] |
Definition at line 54 of file reg_sample2.c.
char* syscall_name = NULL [static] |
Definition at line 45 of file reg_sample2.c.
long syscall_registration_handle = 754321 [static] |
Definition at line 52 of file reg_sample2.c.
void* system_call_arg = 0 [static] |
Definition at line 35 of file reg_sample2.c.