/linux-2.6.21.1-rsbac-1.3.4/rsbac/data_structures/aci_data_structures.c

Go to the documentation of this file.
00001 /*************************************************** */
00002 /* Rule Set Based Access Control                     */
00003 /* Implementation of ACI data structures             */
00004 /* Author and (c) 1999-2007: Amon Ott <ao@rsbac.org> */
00005 /* (some smaller parts copied from fs/namei.c        */
00006 /*  and others)                                      */
00007 /*                                                   */
00008 /* Last modified: 12/Mar/2007                        */
00009 /*************************************************** */
00010 
00011 #include <linux/types.h>
00012 #include <linux/version.h>
00013 #include <linux/fs.h>
00014 #include <linux/sched.h>
00015 #include <linux/quotaops.h>
00016 #include <linux/proc_fs.h>
00017 #include <linux/msdos_fs.h>
00018 #include <linux/iso_fs.h>
00019 #include <linux/nfs_fs.h>
00020 #include <linux/ext2_fs.h>
00021 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00022 #include <linux/kthread.h>
00023 #include <linux/coda.h>
00024 #include <linux/initrd.h>
00025 #include <linux/security.h>
00026 // #include <rsbac/lsm.h>
00027 #include <linux/syscalls.h>
00028 #include <linux/rcupdate.h>
00029 #else
00030 #define rcu_dereference(x) x
00031 #endif
00032 #include <linux/coda_psdev.h>
00033 #include <linux/ncp_fs.h>
00034 #include <linux/smb.h>
00035 #include <linux/dnotify.h>
00036 #include <linux/mm.h>
00037 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00038 #include <linux/blkdev.h>
00039 #else
00040 #include <linux/blk.h>
00041 #endif
00042 #include <linux/init.h>
00043 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00044 #include <linux/config.h>
00045 #endif
00046 #include <linux/module.h>
00047 #include <linux/netdevice.h>
00048 #include <linux/inetdevice.h>
00049 #include <asm/uaccess.h>
00050 #include <asm/atomic.h>
00051 #include <rsbac/types.h>
00052 #include <rsbac/aci.h>
00053 #include <rsbac/aci_data_structures.h>
00054 #include <rsbac/error.h>
00055 #include <rsbac/helpers.h>
00056 #include <rsbac/fs.h>
00057 #include <rsbac/getname.h>
00058 #include <rsbac/net_getname.h>
00059 #include <rsbac/adf.h>
00060 #include <rsbac/adf_main.h>
00061 #include <rsbac/reg.h>
00062 #include <rsbac/rkmem.h>
00063 #include <rsbac/gen_lists.h>
00064 #include <rsbac/jail.h>
00065 #include <linux/string.h>
00066 #include <linux/kdev_t.h>
00067 #include <linux/smp_lock.h>
00068 
00069 #ifdef CONFIG_RSBAC_MAC
00070 #include <rsbac/mac.h>
00071 #endif
00072 
00073 #ifdef CONFIG_RSBAC_PM
00074 #include <rsbac/pm.h>
00075 #endif
00076 
00077 #ifdef CONFIG_RSBAC_DAZ
00078 #include <rsbac/daz.h>
00079 #endif
00080 
00081 #if defined(CONFIG_RSBAC_RC)
00082 #include <rsbac/rc.h>
00083 #endif
00084 
00085 #if defined(CONFIG_RSBAC_AUTH)
00086 #include <rsbac/auth.h>
00087 #endif
00088 
00089 #if defined(CONFIG_RSBAC_ACL)
00090 #include <rsbac/acl.h>
00091 #endif
00092 
00093 #if defined(CONFIG_RSBAC_JAIL)
00094 rsbac_jail_id_t rsbac_jail_syslog_jail_id = 0;
00095 #endif
00096 
00097 #if defined(CONFIG_RSBAC_PAX) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
00098 #include <rsbac/pax.h>
00099 #endif
00100 
00101 #ifdef CONFIG_RSBAC_UM
00102 #include <rsbac/um.h>
00103 #endif
00104 
00105 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
00106 #include <linux/unistd.h>
00107 #include <linux/timer.h>
00108 static u_int auto_interval = CONFIG_RSBAC_AUTO_WRITE * HZ;
00109 #endif                          /* CONFIG_RSBAC_AUTO_WRITE */
00110 
00111 #if  (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
00112    || defined(CONFIG_RSBAC_INIT_THREAD)
00113 static DECLARE_WAIT_QUEUE_HEAD(rsbacd_wait);
00114 static struct timer_list rsbac_timer;
00115 #endif
00116 
00117 #if defined(CONFIG_RSBAC_NET_OBJ)
00118 #include <rsbac/network.h>
00119 #endif
00120 
00121 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
00122 #include <linux/freezer.h>
00123 #else
00124 static inline int try_to_freeze(void) { return 0; }
00125 #endif
00126 
00127 /************************************************************************** */
00128 /*                          Global Variables                                */
00129 /************************************************************************** */
00130 
00131 /* The following global variables are needed for access to ACI data.        */
00132 
00133 #if defined(CONFIG_RSBAC_REG)
00134 EXPORT_SYMBOL(rsbac_initialized);
00135 #endif
00136 rsbac_boolean_t rsbac_initialized = FALSE;
00137 
00138 static char compiled_modules[80];
00139 
00140 kdev_t rsbac_root_dev;
00141 #if defined(CONFIG_RSBAC_REG)
00142 EXPORT_SYMBOL(rsbac_root_dev);
00143 #endif
00144 DECLARE_MUTEX(rsbac_write_sem);
00145 
00146 static struct rsbac_device_list_head_t * device_head_p[RSBAC_NR_DEVICE_LISTS];
00147 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00148 static spinlock_t device_list_locks[RSBAC_NR_DEVICE_LISTS];
00149 #else
00150 static rwlock_t device_list_locks[RSBAC_NR_DEVICE_LISTS];
00151 #endif
00152 
00153 #ifdef CONFIG_RSBAC_FD_CACHE
00154 static rsbac_list_handle_t fd_cache_handle[SW_NONE];
00155 #ifdef CONFIG_RSBAC_XSTATS
00156 static __u64 fd_cache_hits[SW_NONE];
00157 static __u64 fd_cache_misses[SW_NONE];
00158 static u_int fd_cache_invalidates;
00159 static u_int fd_cache_invalidate_alls;
00160 #endif
00161 #endif
00162 
00163 static struct rsbac_dev_handles_t dev_handles;
00164 static struct rsbac_dev_handles_t dev_major_handles;
00165 static struct rsbac_ipc_handles_t ipc_handles;
00166 static struct rsbac_user_handles_t user_handles;
00167 #ifdef CONFIG_RSBAC_RC_UM_PROT
00168 static struct rsbac_group_handles_t group_handles;
00169 #endif
00170 static struct rsbac_process_handles_t process_handles;
00171 
00172 #ifdef CONFIG_RSBAC_NET_DEV
00173 static struct rsbac_netdev_handles_t netdev_handles;
00174 #endif
00175 #ifdef CONFIG_RSBAC_NET_OBJ
00176 static rsbac_list_handle_t net_temp_handle;
00177 static struct rsbac_nettemp_handles_t nettemp_handles;
00178 static struct rsbac_lnetobj_handles_t lnetobj_handles;
00179 static struct rsbac_rnetobj_handles_t rnetobj_handles;
00180 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
00181 static struct rsbac_gen_netobj_aci_t def_gen_netobj_aci =
00182     DEFAULT_GEN_NETOBJ_ACI;
00183 #endif
00184 #endif
00185 
00186 /* Default ACIs: implemented as variables, might be changeable some time */
00187 
00188 /* rsbac root dir items, end of recursive inherit */
00189 static struct rsbac_gen_fd_aci_t def_gen_root_dir_aci =
00190     DEFAULT_GEN_ROOT_DIR_ACI;
00191 static struct rsbac_gen_fd_aci_t def_gen_fd_aci = DEFAULT_GEN_FD_ACI;
00192 
00193 #if defined(CONFIG_RSBAC_MAC)
00194 static struct rsbac_mac_fd_aci_t def_mac_root_dir_aci =
00195     DEFAULT_MAC_ROOT_DIR_ACI;
00196 static struct rsbac_mac_fd_aci_t def_mac_fd_aci = DEFAULT_MAC_FD_ACI;
00197 #endif
00198 #if defined(CONFIG_RSBAC_DAZ)
00199 static struct rsbac_daz_fd_aci_t  def_daz_root_dir_aci  = DEFAULT_DAZ_ROOT_DIR_ACI;
00200 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00201 static rsbac_time_t rsbac_daz_ttl = CONFIG_RSBAC_DAZ_TTL;
00202 #endif
00203 #endif
00204 #if defined(CONFIG_RSBAC_PM)
00205 static struct rsbac_pm_fd_aci_t def_pm_fd_aci = DEFAULT_PM_FD_ACI;
00206 #endif
00207 #if defined(CONFIG_RSBAC_RC)
00208 static struct rsbac_rc_fd_aci_t def_rc_root_dir_aci =
00209     DEFAULT_RC_ROOT_DIR_ACI;
00210 static struct rsbac_rc_fd_aci_t def_rc_fd_aci = DEFAULT_RC_FD_ACI;
00211 #endif
00212 #if defined(CONFIG_RSBAC_RES)
00213 static struct rsbac_res_fd_aci_t def_res_fd_aci = DEFAULT_RES_FD_ACI;
00214 #endif
00215 
00216 #if defined(CONFIG_RSBAC_PROC)
00217 #include <rsbac/proc_fs.h>
00218 
00219 #ifdef CONFIG_RSBAC_XSTATS
00220 static u_long get_attr_count[T_NONE] = { 0, 0, 0, 0, 0, 0, 0 };
00221 static u_long set_attr_count[T_NONE] = { 0, 0, 0, 0, 0, 0, 0 };
00222 static u_long remove_count[T_NONE] = { 0, 0, 0, 0, 0, 0, 0 };
00223 static u_long get_parent_count = 0;
00224 #endif
00225 
00226 #if defined(CONFIG_RSBAC_REG)
00227 EXPORT_SYMBOL(proc_rsbac_root_p);
00228 #endif
00229 struct proc_dir_entry *proc_rsbac_root_p = NULL;
00230 
00231 #if defined(CONFIG_RSBAC_REG)
00232 EXPORT_SYMBOL(proc_rsbac_backup_p);
00233 #endif
00234 struct proc_dir_entry *proc_rsbac_backup_p = NULL;
00235 
00236 #endif                          /* PROC */
00237 
00238 #ifdef CONFIG_DEVFS_MOUNT
00239 #include <linux/devfs_fs_kernel.h>
00240 static struct dentry *devfs_covered_p = NULL;
00241 static struct super_block *devfs_sb_p = NULL;
00242 #endif
00243 
00244 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00245 static struct dentry *sysfs_covered_p = NULL;
00246 static struct super_block *sysfs_sb_p = NULL;
00247 #endif
00248 
00249 #ifdef CONFIG_RSBAC_MAC
00250 static struct rsbac_mac_process_aci_t mac_init_p_aci =
00251     DEFAULT_MAC_P_INIT_ACI;
00252 #endif
00253 #ifdef CONFIG_RSBAC_RC
00254 static struct rsbac_rc_process_aci_t rc_kernel_p_aci =
00255     DEFAULT_RC_P_KERNEL_ACI;
00256 #endif
00257 
00258 
00259 /**************************************************/
00260 /*       Declarations of internal functions       */
00261 /**************************************************/
00262 
00263 static struct rsbac_device_list_item_t *lookup_device(kdev_t kdev, u_int hash);
00264 
00265 /************************************************* */
00266 /*               Internal Help functions           */
00267 /************************************************* */
00268 
00269 static u_int gen_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00270 static u_int gen_nr_p_hashes = 1;
00271 
00272 #if defined(CONFIG_RSBAC_MAC)
00273 static u_int mac_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00274 static u_int mac_nr_p_hashes = 1;
00275 #endif
00276 #if defined(CONFIG_RSBAC_PM)
00277 static u_int pm_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00278 #endif
00279 #if defined(CONFIG_RSBAC_DAZ)
00280 static u_int daz_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00281 
00282 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00283 static u_int daz_scanned_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00284 #endif
00285 #endif
00286 #if defined(CONFIG_RSBAC_FF)
00287 static u_int ff_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00288 #endif
00289 #if defined(CONFIG_RSBAC_RC)
00290 static u_int rc_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00291 static u_int rc_nr_p_hashes = 1;
00292 #endif
00293 #if defined(CONFIG_RSBAC_AUTH)
00294 static u_int auth_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00295 #endif
00296 #if defined(CONFIG_RSBAC_CAP)
00297 static u_int cap_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00298 #endif
00299 #if defined(CONFIG_RSBAC_JAIL)
00300 static u_int jail_nr_p_hashes = 1;
00301 #endif
00302 #if defined(CONFIG_RSBAC_PAX)
00303 static u_int pax_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00304 #endif
00305 #if defined(CONFIG_RSBAC_RES)
00306 static u_int res_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES;
00307 #endif
00308 
00309 static inline u_int device_hash(kdev_t id)
00310 {
00311   return id & (RSBAC_NR_DEVICE_LISTS - 1);
00312 }
00313 
00314 /* These help functions do NOT handle data consistency protection by */
00315 /* rw-spinlocks! This is done exclusively by non-internal functions! */
00316 
00317 /************************************************************************** */
00318 /* Read/Write functions                                                     */
00319 
00320 /* This help function protects some filesystems from being written to */
00321 /* and disables writing under some conditions, e.g. in an interrupt */
00322 
00323 rsbac_boolean_t writable(struct super_block * sb_p)
00324 {
00325 #ifdef CONFIG_RSBAC_NO_WRITE
00326         return (FALSE);
00327 #else
00328         if (!sb_p || !sb_p->s_dev)
00329                 return (FALSE);
00330         if (rsbac_debug_no_write || (sb_p->s_flags & MS_RDONLY)
00331             || in_interrupt())
00332                 return (FALSE);
00333         if (!MAJOR(sb_p->s_dev)
00334 #ifndef CONFIG_RSBAC_MSDOS_WRITE
00335             || (sb_p->s_magic == MSDOS_SUPER_MAGIC)
00336 #endif
00337             || (sb_p->s_magic == SOCKFS_MAGIC)
00338             || (sb_p->s_magic == PIPEFS_MAGIC)
00339 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00340             || (sb_p->s_magic == SYSFS_MAGIC)
00341 #endif
00342             || (sb_p->s_magic == NFS_SUPER_MAGIC)
00343             || (sb_p->s_magic == CODA_SUPER_MAGIC)
00344             || (sb_p->s_magic == NCP_SUPER_MAGIC)
00345             || (sb_p->s_magic == SMB_SUPER_MAGIC)
00346             || (sb_p->s_magic == ISOFS_SUPER_MAGIC))
00347                 return (FALSE);
00348         else
00349                 return (TRUE);
00350 #endif
00351 }
00352 
00353 /* This lookup function ensures correct access to the file system.          */
00354 /* It returns a pointer to the dentry of the rsbac directory on the mounted */
00355 /* device specified by kdev. If the directory    */
00356 /* does not exist, it is created, if create_dir == TRUE and writable. */
00357 
00358 static int lookup_aci_path_dentry(struct super_block *sb_p,
00359                                   struct dentry **dir_dentry_pp,
00360                                   rsbac_boolean_t create_dir, kdev_t kdev)
00361 {
00362         struct dentry *dir_dentry_p = NULL;
00363         struct dentry *root_dentry_p = NULL;
00364         int err = 0;
00365         struct rsbac_device_list_item_t *device_p;
00366 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00367         u_long dflags;
00368 #endif
00369         u_int hash;
00370 
00371         if (!dir_dentry_pp)
00372                 return (-RSBAC_EINVALIDPOINTER);
00373 
00374         if (!sb_p) {
00375                 sb_p = rsbac_get_super_block(kdev);
00376                 if (!sb_p) {
00377                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): invalid device %02u:%02u\n",
00378                                      RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00379                         return (-RSBAC_EINVALIDDEV);
00380                 }
00381         }
00382 
00383         /* pipefs must not be read from */
00384         if ((sb_p->s_magic == PIPEFS_MAGIC)
00385             || (sb_p->s_magic == SOCKFS_MAGIC)
00386             ) {
00387                 return -RSBAC_ENOTFOUND;
00388         }
00389         hash = device_hash(kdev);
00390 
00391 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00392         rcu_read_lock();
00393 #else
00394         rsbac_read_lock(&device_list_locks[hash], &dflags);
00395 #endif
00396         device_p = lookup_device(kdev, hash);
00397         if (!device_p) {
00398                 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): No entry for device %02u:%02u\n",
00399                              MAJOR(kdev), MINOR(kdev));
00400 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00401                 rcu_read_unlock();
00402 #else
00403                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
00404 #endif
00405                 return (-RSBAC_EINVALIDDEV);
00406         }
00407         /* already looked up earlier? */
00408         if (device_p->rsbac_dir_dentry_p) {
00409                 *dir_dentry_pp = device_p->rsbac_dir_dentry_p;
00410                 rsbac_pr_debug(ds, "device_p->rsbac_dir_dentry_p->d_count "
00411                                "for device %02u:%02u is %i!\n",
00412                                MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00413                                atomic_read(&device_p->rsbac_dir_dentry_p->d_count));
00414 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00415                 rcu_read_unlock();
00416 #else
00417                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
00418 #endif
00419                 return 0;
00420         }
00421         /* Must unlock here for the lookup */
00422 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00423         rcu_read_unlock();
00424 #else
00425         rsbac_read_unlock(&device_list_locks[hash], &dflags);
00426 #endif
00427         rsbac_pr_debug(ds, "first time lookup for or non-existing %s on device "
00428                        "%02u:%02u!\n", RSBAC_ACI_PATH,
00429                        MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00430         if (!sb_p->s_root) {
00431                 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n",
00432                              MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00433                 err = -RSBAC_EINVALIDDEV;
00434                 goto out;
00435         }
00436 
00437         if (!sb_p->s_root->d_inode) {
00438                 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n",
00439                              MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00440                 err = -RSBAC_EINVALIDDEV;
00441                 goto out;
00442         }
00443 
00444         /* lookup dentry of ACI_PATH on this device */
00445         rsbac_pr_debug(ds, "lookup rsbac path %s for device %02u:%02u, "
00446                        "sb_p->s_root->d_count is %i!\n",
00447                        RSBAC_ACI_PATH, MAJOR(sb_p->s_dev),
00448                        MINOR(sb_p->s_dev),
00449                        atomic_read(&sb_p->s_root->d_count));
00450         dir_dentry_p =
00451             rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root,
00452                                  strlen(RSBAC_ACI_PATH));
00453         if (IS_ERR(dir_dentry_p))
00454                 switch (PTR_ERR(dir_dentry_p)) {
00455                 case -ENOENT:
00456                 case -ENOTDIR:
00457                         err = -RSBAC_ENOTFOUND;
00458                         goto out;
00459                 case -ENOMEM:
00460                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): memory allocation error!\n");
00461                         err = -RSBAC_ENOROOTDIR;
00462                         goto out;
00463                 case -ENAMETOOLONG:
00464                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n");
00465                         err = -RSBAC_EPATHTOOLONG;
00466                         goto out;
00467                 case -EACCES:
00468                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): No access to ACI_PATH!\n");
00469                         err = -RSBAC_EACCESS;
00470                         goto out;
00471                 default:
00472                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Error on root dir: %li!\n",
00473                                      PTR_ERR(dir_dentry_p));
00474                         err = -RSBAC_ENOROOTDIR;
00475                         goto out;
00476                 }
00477 
00478         if (!dir_dentry_p) {
00479                 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n");
00480                 err = -RSBAC_EINVALIDPOINTER;
00481                 goto out;
00482         }
00483         if (!dir_dentry_p->d_inode) {   /* dir could not be found -> try to create it */
00484                 /* but only, if allowed... */
00485                 if (!create_dir) {
00486                         err = -RSBAC_ENOTFOUND;
00487                         goto out_dir_dput;
00488                 }
00489                 rsbac_pr_debug(ds, "try to create dir, first test writable!\n");
00490                 /* ... and writable. */
00491                 if (!writable(sb_p)) {  /* mounted read only or special case */
00492                         err = -RSBAC_ENOTWRITABLE;
00493                         goto out_dir_dput;
00494                 }
00495                 root_dentry_p = lock_parent(dir_dentry_p);
00496                 err = PTR_ERR(root_dentry_p);
00497                 if (IS_ERR(root_dentry_p)) {
00498                         err = -RSBAC_ECOULDNOTCREATEPATH;
00499                         goto out_dir_dput;
00500                 }
00501                 if (!root_dentry_p->d_inode
00502                     || !root_dentry_p->d_inode->i_op
00503                     || !root_dentry_p->d_inode->i_op->mkdir) {
00504                         unlock_dir(root_dentry_p);
00505                         err = -RSBAC_ECOULDNOTCREATEPATH;
00506                         goto out_dir_dput;
00507                 }
00508                 DQUOT_INIT(root_dentry_p->d_inode);
00509                 err =
00510                     root_dentry_p->d_inode->i_op->mkdir(root_dentry_p->
00511                                                         d_inode,
00512                                                         dir_dentry_p,
00513                                                         RSBAC_ACI_DIR_MODE);
00514                 unlock_dir(root_dentry_p);
00515                 if (err) {
00516                         err = -RSBAC_ECOULDNOTCREATEPATH;
00517                         goto out_dir_dput;
00518                 }
00519         } else {                /* was found */
00520                 /* check, whether this is a dir */
00521                 if (!S_ISDIR(dir_dentry_p->d_inode->i_mode)) {  /* no dir! We have a real prob here! */
00522                         rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n",
00523                                      RSBAC_ACI_PATH,
00524                                      MAJOR(sb_p->s_dev),
00525                                      MINOR(sb_p->s_dev));
00526                         err = -RSBAC_EACCESS;
00527                         goto out_dir_dput;
00528                 }
00529         }
00530         rsbac_pr_debug(ds, "dir_dentry_p->d_count is %i!\n",
00531                        atomic_read(&dir_dentry_p->d_count));
00532         rsbac_pr_debug(ds, "sb_p->s_root->d_count is now %i!\n",
00533                        atomic_read(&sb_p->s_root->d_count));
00534         /* we want to keep dir_dentry_p in device_item */
00535         /* dput must be done in remove_device_item! */
00536         *dir_dentry_pp = dir_dentry_p;
00537 
00538         /* Must lock and relookup device_p to cache result */
00539 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00540         rcu_read_lock();
00541 #else
00542         rsbac_read_lock(&device_list_locks[hash], &dflags);
00543 #endif
00544         device_p = lookup_device(kdev, hash);
00545         if (device_p && !device_p->rsbac_dir_dentry_p) {
00546                 device_p->rsbac_dir_dentry_p = dir_dentry_p;
00547                 device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino;
00548         }
00549 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00550         rcu_read_unlock();
00551 #else
00552         rsbac_read_unlock(&device_list_locks[hash], &dflags);
00553 #endif
00554 
00555       out:
00556         return (err);
00557 
00558       out_dir_dput:
00559         dput(dir_dentry_p);
00560         goto out;
00561 }
00562 
00563 /************************************************************************** */
00564 /* The lookup functions return NULL, if the item is not found, and a        */
00565 /* pointer to the item otherwise.                                           */
00566 
00567 /* First, a lookup for the device list item                                 */
00568 
00569 static struct rsbac_device_list_item_t *lookup_device(kdev_t kdev, u_int hash)
00570 {
00571         struct rsbac_device_list_item_t *curr = rcu_dereference(device_head_p[hash])->curr;
00572 
00573         /* if there is no current item or it is not the right one, search... */
00574 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00575         if (!(curr && (MAJOR(curr->id) == MAJOR(kdev))
00576              && (MINOR(curr->id) == MINOR(kdev))))
00577 #else
00578         if (!(curr && (curr->id == kdev)))
00579 #endif
00580         {
00581                 curr = rcu_dereference(device_head_p[hash])->head;
00582                 while (curr
00583                        && ((RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00584                            || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00585                        )
00586                     ) {
00587                         curr = curr->next;
00588                 }
00589                 if (curr)
00590                         rcu_dereference(device_head_p[hash])->curr = curr;
00591         }
00592         /* it is the current item -> return it */
00593         return curr;
00594 }
00595 
00596 #ifdef CONFIG_RSBAC_FD_CACHE
00597 u_int hash_fd_cache(void * desc, __u32 nr_hashes)
00598 {
00599         return ( ((struct rsbac_fd_cache_desc_t *) desc)->inode & (nr_hashes - 1) );
00600 }
00601 #endif
00602 
00603 static int dev_compare(void *desc1, void *desc2)
00604 {
00605         int result;
00606         struct rsbac_dev_desc_t *i_desc1 = desc1;
00607         struct rsbac_dev_desc_t *i_desc2 = desc2;
00608 
00609         result = memcmp(&i_desc1->type,
00610                         &i_desc2->type, sizeof(i_desc1->type));
00611         if (result)
00612                 return result;
00613         result = memcmp(&i_desc1->major,
00614                         &i_desc2->major, sizeof(i_desc1->major));
00615         if (result)
00616                 return result;
00617         return memcmp(&i_desc1->minor,
00618                       &i_desc2->minor, sizeof(i_desc1->minor));
00619 }
00620 
00621 static int dev_major_compare(void *desc1, void *desc2)
00622 {
00623         int result;
00624         struct rsbac_dev_desc_t *i_desc1 = desc1;
00625         struct rsbac_dev_desc_t *i_desc2 = desc2;
00626 
00627         result = memcmp(&i_desc1->type,
00628                         &i_desc2->type, sizeof(i_desc1->type));
00629         if (result)
00630                 return result;
00631         return memcmp(&i_desc1->major,
00632                       &i_desc2->major, sizeof(i_desc1->major));
00633 }
00634 
00635 static int ipc_compare(void *desc1, void *desc2)
00636 {
00637         int result;
00638         struct rsbac_ipc_t *i_desc1 = desc1;
00639         struct rsbac_ipc_t *i_desc2 = desc2;
00640 
00641         result = memcmp(&i_desc1->type,
00642                         &i_desc2->type, sizeof(i_desc1->type));
00643         if (result)
00644                 return result;
00645         else
00646                 return memcmp(&i_desc1->id.id_nr,
00647                               &i_desc2->id.id_nr,
00648                               sizeof(i_desc1->id.id_nr));
00649 }
00650 
00651 #ifdef CONFIG_RSBAC_NET_DEV
00652 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) || defined(CONFIG_RSBAC_RC)
00653 static int netdev_compare(void *desc1, void *desc2)
00654 {
00655         return strncmp(desc1, desc2, RSBAC_IFNAMSIZ);
00656 }
00657 #endif
00658 #endif
00659 
00660 /************************************************************************** */
00661 /* Convert functions                                                        */
00662 
00663 static int gen_fd_conv(void *old_desc,
00664                        void *old_data, void *new_desc, void *new_data)
00665 {
00666         struct rsbac_gen_fd_aci_t *new_aci = new_data;
00667         struct rsbac_gen_fd_old_aci_t *old_aci = old_data;
00668 
00669         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00670         new_aci->log_array_low = old_aci->log_array_low;
00671         new_aci->log_array_high = old_aci->log_array_high;
00672         new_aci->log_program_based = old_aci->log_program_based;
00673         new_aci->symlink_add_remote_ip = 0;
00674         new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00675         new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00676         new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00677         new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00678         new_aci->fake_root_uid = old_aci->fake_root_uid;
00679         new_aci->auid_exempt = old_aci->auid_exempt;
00680         return 0;
00681 }
00682 
00683 static int gen_fd_old_conv(void *old_desc,
00684                            void *old_data, void *new_desc, void *new_data)
00685 {
00686         struct rsbac_gen_fd_aci_t *new_aci = new_data;
00687         struct rsbac_gen_fd_old_aci_t *old_aci = old_data;
00688 
00689         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00690         new_aci->log_array_low = old_aci->log_array_low;
00691         new_aci->log_array_high = old_aci->log_array_high;
00692         new_aci->log_program_based = old_aci->log_program_based;
00693         new_aci->symlink_add_remote_ip = 0;
00694         new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00695         new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00696         new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00697         new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00698         new_aci->fake_root_uid = old_aci->fake_root_uid;
00699         new_aci->auid_exempt = RSBAC_NO_USER;
00700         return 0;
00701 }
00702 
00703 static int gen_fd_old_old_conv(void *old_desc,
00704                                void *old_data,
00705                                void *new_desc, void *new_data)
00706 {
00707         struct rsbac_gen_fd_aci_t *new_aci = new_data;
00708         struct rsbac_gen_fd_old_old_aci_t *old_aci = old_data;
00709 
00710         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00711         new_aci->log_array_low = old_aci->log_array_low;
00712         new_aci->log_array_high = old_aci->log_array_high;
00713         new_aci->log_program_based = old_aci->log_program_based;
00714         new_aci->symlink_add_remote_ip = 0;
00715         new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00716         new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00717         new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00718         new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00719         new_aci->fake_root_uid = FR_off;
00720         new_aci->auid_exempt = RSBAC_NO_USER;
00721         return 0;
00722 }
00723 
00724 rsbac_list_conv_function_t *gen_fd_get_conv(rsbac_version_t old_version)
00725 {
00726         switch (old_version) {
00727         case RSBAC_GEN_FD_OLD_ACI_VERSION:
00728                 return gen_fd_conv;
00729         case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION:
00730                 return gen_fd_old_conv;
00731         case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION:
00732                 return gen_fd_old_old_conv;
00733         default:
00734                 return NULL;
00735         }
00736 }
00737 
00738 static int gen_dev_conv(void *old_desc,
00739                         void *old_data, void *new_desc, void *new_data)
00740 {
00741         struct rsbac_dev_desc_t *new = new_desc;
00742         struct rsbac_dev_t *old = old_desc;
00743 
00744         memcpy(new_data, old_data, sizeof(struct rsbac_gen_dev_aci_t));
00745         new->type = old->type;
00746         new->major = RSBAC_MAJOR(old->id);
00747         new->minor = RSBAC_MINOR(old->id);
00748         return 0;
00749 }
00750 
00751 rsbac_list_conv_function_t *gen_dev_get_conv(rsbac_version_t old_version)
00752 {
00753         switch (old_version) {
00754         case RSBAC_GEN_DEV_OLD_ACI_VERSION:
00755                 return gen_dev_conv;
00756         default:
00757                 return NULL;
00758         }
00759 }
00760 
00761 #ifdef CONFIG_RSBAC_MAC
00762 static int mac_old_fd_conv(void *old_desc,
00763                            void *old_data, void *new_desc, void *new_data)
00764 {
00765         struct rsbac_mac_fd_aci_t *new_aci = new_data;
00766         struct rsbac_mac_fd_old_aci_t *old_aci = old_data;
00767 
00768         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00769         new_aci->sec_level = old_aci->sec_level;
00770         new_aci->mac_categories = old_aci->mac_categories;
00771         new_aci->mac_auto = old_aci->mac_auto;
00772         new_aci->mac_prop_trusted = old_aci->mac_prop_trusted;
00773         new_aci->mac_file_flags = old_aci->mac_file_flags;
00774         return 0;
00775 }
00776 
00777 static int mac_old_old_fd_conv(void *old_desc,
00778                                void *old_data,
00779                                void *new_desc, void *new_data)
00780 {
00781         struct rsbac_mac_fd_aci_t *new_aci = new_data;
00782         struct rsbac_mac_fd_old_old_aci_t *old_aci = old_data;
00783 
00784         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00785         new_aci->sec_level = old_aci->sec_level;
00786         new_aci->mac_categories = old_aci->mac_categories;
00787         new_aci->mac_auto = old_aci->mac_auto;
00788         new_aci->mac_prop_trusted = FALSE;
00789         if (old_aci->mac_shared)
00790                 new_aci->mac_file_flags = MAC_write_up;
00791         else
00792                 new_aci->mac_file_flags = 0;
00793         return 0;
00794 }
00795 
00796 static int mac_old_old_old_fd_conv(void *old_desc,
00797                                    void *old_data,
00798                                    void *new_desc, void *new_data)
00799 {
00800         struct rsbac_mac_fd_aci_t *new_aci = new_data;
00801         struct rsbac_mac_fd_old_old_old_aci_t *old_aci = old_data;
00802 
00803         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00804         new_aci->sec_level = old_aci->sec_level;
00805         new_aci->mac_categories = old_aci->mac_categories;
00806         new_aci->mac_auto = old_aci->mac_auto;
00807         new_aci->mac_prop_trusted = FALSE;
00808         new_aci->mac_file_flags = 0;
00809         return 0;
00810 }
00811 
00812 rsbac_list_conv_function_t *mac_fd_get_conv(rsbac_version_t old_version)
00813 {
00814         switch (old_version) {
00815         case RSBAC_MAC_FD_OLD_ACI_VERSION:
00816                 return mac_old_fd_conv;
00817         case RSBAC_MAC_FD_OLD_OLD_ACI_VERSION:
00818                 return mac_old_old_fd_conv;
00819         case RSBAC_MAC_FD_OLD_OLD_OLD_ACI_VERSION:
00820                 return mac_old_old_old_fd_conv;
00821         default:
00822                 return NULL;
00823         }
00824 }
00825 
00826 static int mac_dev_conv(void *old_desc,
00827                         void *old_data, void *new_desc, void *new_data)
00828 {
00829         struct rsbac_dev_desc_t *new = new_desc;
00830         struct rsbac_dev_t *old = old_desc;
00831 
00832         memcpy(new_data, old_data, sizeof(struct rsbac_mac_dev_aci_t));
00833         new->type = old->type;
00834         new->major = RSBAC_MAJOR(old->id);
00835         new->minor = RSBAC_MINOR(old->id);
00836         return 0;
00837 }
00838 
00839 rsbac_list_conv_function_t *mac_dev_get_conv(rsbac_version_t old_version)
00840 {
00841         switch (old_version) {
00842         case RSBAC_MAC_DEV_OLD_ACI_VERSION:
00843                 return mac_dev_conv;
00844         default:
00845                 return NULL;
00846         }
00847 }
00848 
00849 static int mac_old_user_conv(void *old_desc,
00850                              void *old_data,
00851                              void *new_desc, void *new_data)
00852 {
00853         struct rsbac_mac_user_aci_t *new_aci = new_data;
00854         struct rsbac_mac_user_old_aci_t *old_aci = old_data;
00855 
00856         memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00857         new_aci->security_level = old_aci->access_appr;
00858         new_aci->initial_security_level = old_aci->access_appr;
00859         new_aci->min_security_level = old_aci->min_access_appr;
00860         new_aci->mac_categories = old_aci->mac_categories;
00861         new_aci->mac_initial_categories = old_aci->mac_categories;
00862         new_aci->mac_min_categories = old_aci->mac_min_categories;
00863         new_aci->system_role = old_aci->system_role;
00864         new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00865         if (old_aci->mac_allow_auto)
00866                 new_aci->mac_user_flags |= MAC_allow_auto;
00867         return 0;
00868 }
00869 
00870 static int mac_old_old_user_conv(void *old_desc,
00871                                  void *old_data,
00872                                  void *new_desc, void *new_data)
00873 {
00874         struct rsbac_mac_user_aci_t *new_aci = new_data;
00875         struct rsbac_mac_user_old_old_aci_t *old_aci = old_data;
00876 
00877         memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00878         new_aci->security_level = old_aci->access_appr;
00879         new_aci->initial_security_level = old_aci->access_appr;
00880         new_aci->min_security_level = old_aci->min_access_appr;
00881         new_aci->mac_categories = old_aci->mac_categories;
00882         new_aci->mac_initial_categories = old_aci->mac_categories;
00883         new_aci->mac_min_categories = old_aci->mac_min_categories;
00884         new_aci->system_role = old_aci->system_role;
00885         new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00886         return 0;
00887 }
00888 
00889 static int mac_old_old_old_user_conv(void *old_desc,
00890                                      void *old_data,
00891                                      void *new_desc, void *new_data)
00892 {
00893         struct rsbac_mac_user_aci_t *new_aci = new_data;
00894         struct rsbac_mac_user_old_old_old_aci_t *old_aci = old_data;
00895 
00896         memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00897         new_aci->security_level = old_aci->access_appr;
00898         new_aci->initial_security_level = old_aci->access_appr;
00899         new_aci->min_security_level = SL_unclassified;
00900         new_aci->mac_categories = old_aci->mac_categories;
00901         new_aci->mac_initial_categories = old_aci->mac_categories;
00902         new_aci->mac_min_categories = RSBAC_MAC_MIN_CAT_VECTOR;
00903         new_aci->system_role = old_aci->system_role;
00904         new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00905         return 0;
00906 }
00907 
00908 rsbac_list_conv_function_t *mac_user_get_conv(rsbac_version_t old_version)
00909 {
00910         switch (old_version) {
00911         case RSBAC_MAC_USER_OLD_ACI_VERSION:
00912                 return mac_old_user_conv;
00913         case RSBAC_MAC_USER_OLD_OLD_ACI_VERSION:
00914                 return mac_old_old_user_conv;
00915         case RSBAC_MAC_USER_OLD_OLD_OLD_ACI_VERSION:
00916                 return mac_old_old_old_user_conv;
00917         default:
00918                 return NULL;
00919         }
00920 }
00921 #endif
00922 
00923 #ifdef CONFIG_RSBAC_PM
00924 static int pm_dev_conv(void *old_desc,
00925                        void *old_data, void *new_desc, void *new_data)
00926 {
00927         struct rsbac_dev_desc_t *new = new_desc;
00928         struct rsbac_dev_t *old = old_desc;
00929 
00930         memcpy(new_data, old_data, sizeof(struct rsbac_pm_dev_aci_t));
00931         new->type = old->type;
00932         new->major = RSBAC_MAJOR(old->id);
00933         new->minor = RSBAC_MINOR(old->id);
00934         return 0;
00935 }
00936 
00937 rsbac_list_conv_function_t *pm_dev_get_conv(rsbac_version_t old_version)
00938 {
00939         switch (old_version) {
00940         case RSBAC_PM_DEV_OLD_ACI_VERSION:
00941                 return pm_dev_conv;
00942         default:
00943                 return NULL;
00944         }
00945 }
00946 #endif
00947 
00948 #ifdef CONFIG_RSBAC_RC
00949 static int rc_dev_conv(void *old_desc,
00950                        void *old_data, void *new_desc, void *new_data)
00951 {
00952         struct rsbac_dev_desc_t *new = new_desc;
00953         struct rsbac_dev_t *old = old_desc;
00954 
00955         memcpy(new_data, old_data, sizeof(rsbac_rc_type_id_t));
00956         new->type = old->type;
00957         new->major = RSBAC_MAJOR(old->id);
00958         new->minor = RSBAC_MINOR(old->id);
00959         return 0;
00960 }
00961 
00962 rsbac_list_conv_function_t *rc_dev_get_conv(rsbac_version_t old_version)
00963 {
00964         switch (old_version) {
00965         case RSBAC_RC_DEV_OLD_ACI_VERSION:
00966                 return rc_dev_conv;
00967         default:
00968                 return NULL;
00969         }
00970 }
00971 
00972 static int rc_user_conv(void *old_desc,
00973                         void *old_data, void *new_desc, void *new_data)
00974 {
00975         struct rsbac_rc_user_aci_t *new_aci = new_data;
00976         rsbac_rc_role_id_t *old_aci = old_data;
00977 
00978         memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00979         new_aci->rc_role = *old_aci;
00980         new_aci->rc_type = RSBAC_RC_GENERAL_TYPE;
00981         return 0;
00982 }
00983 
00984 rsbac_list_conv_function_t *rc_user_get_conv(rsbac_version_t old_version)
00985 {
00986         switch (old_version) {
00987         case RSBAC_RC_USER_OLD_ACI_VERSION:
00988                 return rc_user_conv;
00989         default:
00990                 return NULL;
00991         }
00992 }
00993 #endif
00994 
00995 #ifdef CONFIG_RSBAC_AUTH
00996 static int auth_old_fd_conv(void *old_desc,
00997                             void *old_data, void *new_desc, void *new_data)
00998 {
00999         struct rsbac_auth_fd_aci_t *new_aci = new_data;
01000         struct rsbac_auth_fd_old_aci_t *old_aci = old_data;
01001 
01002         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01003         new_aci->auth_may_setuid = old_aci->auth_may_setuid;
01004         new_aci->auth_may_set_cap = old_aci->auth_may_set_cap;
01005         new_aci->auth_learn = FALSE;
01006         return 0;
01007 }
01008 
01009 rsbac_list_conv_function_t *auth_fd_get_conv(rsbac_version_t old_version)
01010 {
01011         switch (old_version) {
01012         case RSBAC_AUTH_FD_OLD_ACI_VERSION:
01013                 return auth_old_fd_conv;
01014         default:
01015                 return NULL;
01016         }
01017 }
01018 
01019 #endif
01020 
01021 #ifdef CONFIG_RSBAC_DAZ
01022 static int daz_old_fd_conv(
01023         void * old_desc,
01024         void * old_data,
01025         void * new_desc,
01026         void * new_data)
01027   {
01028     struct rsbac_daz_fd_aci_t     * new_aci = new_data;
01029     struct rsbac_daz_fd_old_aci_t * old_aci = old_data;
01030 
01031     memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01032     new_aci->daz_scanner = old_aci->daz_scanner;
01033     new_aci->daz_do_scan = DEFAULT_DAZ_FD_DO_SCAN;
01034     return 0;
01035   }
01036 
01037 rsbac_list_conv_function_t * daz_fd_get_conv(rsbac_version_t old_version)
01038   {
01039     switch(old_version)
01040       {
01041         case RSBAC_DAZ_FD_OLD_ACI_VERSION:
01042           return daz_old_fd_conv;
01043         default:
01044           return NULL;
01045       }
01046   }
01047 #endif
01048 
01049 #ifdef CONFIG_RSBAC_CAP
01050 static int cap_old_fd_conv(void *old_desc, void *old_data, void *new_desc, void *new_data)
01051 {
01052         struct rsbac_cap_fd_aci_t *new_aci = new_data;
01053         struct rsbac_cap_fd_old_aci_t *old_aci = old_data;
01054 
01055         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01056         new_aci->min_caps = old_aci->min_caps;
01057         new_aci->max_caps = old_aci->max_caps;
01058         new_aci->cap_ld_env = LD_inherit;
01059         return 0;
01060 }
01061 
01062 rsbac_list_conv_function_t *cap_fd_get_conv(rsbac_version_t old_version)
01063 {
01064         switch (old_version) {
01065         case RSBAC_CAP_FD_OLD_ACI_VERSION:
01066                 return cap_old_fd_conv;
01067         default:
01068                 return NULL;
01069         }
01070 }
01071 
01072 static int cap_old_user_conv(void *old_desc, void *old_data, void *new_desc, void *new_data)
01073 {
01074         struct rsbac_cap_user_aci_t *new_aci = new_data;
01075         struct rsbac_cap_user_old_aci_t *old_aci = old_data;
01076 
01077         memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01078         new_aci->cap_role = old_aci->cap_role;
01079         new_aci->min_caps = old_aci->min_caps;
01080         new_aci->max_caps = old_aci->max_caps;
01081         new_aci->cap_ld_env = LD_allow;
01082         return 0;
01083 }
01084 
01085 rsbac_list_conv_function_t *cap_user_get_conv(rsbac_version_t old_version)
01086 {
01087         switch (old_version) {
01088                 case RSBAC_CAP_USER_OLD_ACI_VERSION:
01089                         return cap_old_user_conv;
01090                 default:
01091                         return NULL;
01092         }
01093 }
01094 #endif
01095 
01096 #ifdef CONFIG_RSBAC_NET_OBJ
01097 static int net_temp_old_conv(void *old_desc, void *old_data, void *new_desc, void *new_data)
01098 {
01099         struct rsbac_net_temp_data_t *new_aci = new_data;
01100         struct rsbac_net_temp_old_data_t *old_aci = old_data;
01101 
01102         memcpy(new_desc, old_desc, sizeof(rsbac_net_temp_id_t));
01103         new_aci->address_family = old_aci->address_family;
01104         new_aci->type = old_aci->type;
01105         new_aci->protocol = old_aci->protocol;
01106         memcpy(new_aci->netdev, old_aci->netdev, sizeof(rsbac_netdev_id_t));
01107         memcpy(new_aci->name, old_aci->name, sizeof(new_aci->name));
01108         switch(new_aci->address_family) {
01109                 case AF_INET:
01110                         new_aci->address.inet.nr_addr = 1;
01111                         new_aci->address.inet.addr[0] = *((__u32 *) old_aci->address);
01112                         new_aci->address.inet.valid_bits[0] = old_aci->valid_len;
01113                         if((old_aci->min_port == 0) && (old_aci->max_port == RSBAC_NET_MAX_PORT))
01114                                 new_aci->ports.nr_ports = 0;
01115                         else {
01116                                 new_aci->ports.nr_ports = 1;
01117                                 new_aci->ports.ports[0].min = old_aci->min_port;
01118                                 new_aci->ports.ports[0].max = old_aci->max_port;
01119                         }
01120                         break;
01121                 default:
01122                         memcpy(new_aci->address.other.addr, old_aci->address, sizeof(old_aci->address));
01123                         new_aci->address.other.valid_len = old_aci->valid_len;
01124                         new_aci->ports.nr_ports = 0;
01125                         break;
01126         }
01127         return 0;
01128 }
01129 
01130 
01131 rsbac_list_conv_function_t *net_temp_get_conv(rsbac_version_t old_version)
01132 {
01133         switch (old_version) {
01134                 case RSBAC_NET_TEMP_OLD_VERSION:
01135                         return net_temp_old_conv;
01136                 default:
01137                         return NULL;
01138         }
01139 }
01140 #endif
01141 
01142 /************************************************************************** */
01143 /* The add_item() functions add an item to the list, set head.curr to it,   */
01144 /* and return a pointer to the item.                                        */
01145 /* These functions will NOT check, if there is already an item under the    */
01146 /* same ID! If this happens, the lookup functions will return the old item! */
01147 /* All list manipulation must be protected by rw-spinlocks to prevent       */
01148 /* inconsistency and undefined behaviour in other concurrent functions.     */
01149 
01150 /* register_fd_lists() */
01151 /* register fd lists for device */
01152 
01153 static int register_fd_lists(struct rsbac_device_list_item_t *device_p,
01154                              kdev_t kdev)
01155 {
01156         char *name;
01157         int err = 0;
01158         int tmperr;
01159         struct rsbac_list_info_t *info_p;
01160         if (!device_p)
01161                 return (-RSBAC_EINVALIDPOINTER);
01162         name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01163         if (!name)
01164                 return -RSBAC_ENOMEM;
01165         info_p = rsbac_kmalloc(sizeof(*info_p));
01166         if (!info_p) {
01167                 rsbac_kfree(name);
01168                 return -RSBAC_ENOMEM;
01169         }
01170 
01171         /* register general lists */
01172         {
01173                 info_p->version = RSBAC_GEN_FD_ACI_VERSION;
01174                 info_p->key = RSBAC_GEN_FD_ACI_KEY;
01175                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01176                 info_p->data_size =
01177                     sizeof(struct rsbac_gen_fd_aci_t);
01178                 info_p->max_age = 0;
01179                 gen_nr_fd_hashes = RSBAC_GEN_NR_FD_LISTS;
01180                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01181                                              &device_p->handles.gen,
01182                                              info_p,
01183                                              RSBAC_LIST_PERSIST |
01184                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01185                                              NULL,
01186                                              gen_fd_get_conv,
01187                                              &def_gen_fd_aci,
01188                                              RSBAC_GEN_FD_NAME,
01189                                              kdev,
01190                                              gen_nr_fd_hashes,
01191                                              rsbac_list_hash_fd,
01192                                              RSBAC_GEN_OLD_FD_NAME);
01193                 if (tmperr) {
01194                         char *tmp;
01195 
01196                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01197                         if (tmp) {
01198                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering general list %s for device %02u:%02u failed with error %s!\n",
01199                                              RSBAC_GEN_FD_NAME,
01200                                              RSBAC_MAJOR(kdev),
01201                                              RSBAC_MINOR(kdev),
01202                                              get_error_name(tmp,
01203                                                             tmperr));
01204                                 rsbac_kfree(tmp);
01205                         }
01206                         err = tmperr;
01207                 }
01208         }
01209 
01210 #if defined(CONFIG_RSBAC_MAC)
01211         {
01212                 /* register MAC lists */
01213                 info_p->version = RSBAC_MAC_FD_ACI_VERSION;
01214                 info_p->key = RSBAC_MAC_FD_ACI_KEY;
01215                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01216                 info_p->data_size =
01217                     sizeof(struct rsbac_mac_fd_aci_t);
01218                 info_p->max_age = 0;
01219                 mac_nr_fd_hashes = RSBAC_MAC_NR_FD_LISTS;
01220                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01221                                              &device_p->handles.mac,
01222                                              info_p,
01223                                              RSBAC_LIST_PERSIST |
01224                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01225                                              NULL,
01226                                              mac_fd_get_conv,
01227                                              &def_mac_fd_aci,
01228                                              RSBAC_MAC_FD_NAME,
01229                                              kdev,
01230                                              mac_nr_fd_hashes,
01231                                              rsbac_list_hash_fd,
01232                                              RSBAC_MAC_OLD_FD_NAME);
01233                 if (tmperr) {
01234                         char *tmp;
01235                                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01236                         if (tmp) {
01237                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering MAC list %s for device %02u:%02u failed with error %s!\n",
01238                                              RSBAC_MAC_FD_NAME,
01239                                              RSBAC_MAJOR(kdev),
01240                                              RSBAC_MINOR(kdev),
01241                                              get_error_name(tmp,
01242                                                             tmperr));
01243                                 rsbac_kfree(tmp);
01244                         }
01245                         err = tmperr;
01246                 }
01247         }
01248 #endif
01249 
01250 #if defined(CONFIG_RSBAC_PM)
01251         {
01252                 /* register PM lists */
01253                 info_p->version = RSBAC_PM_FD_ACI_VERSION;
01254                 info_p->key = RSBAC_PM_FD_ACI_KEY;
01255                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01256                 info_p->data_size =
01257                     sizeof(struct rsbac_pm_fd_aci_t);
01258                 info_p->max_age = 0;
01259                 pm_nr_fd_hashes = RSBAC_PM_NR_FD_LISTS;
01260                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01261                                              &device_p->handles.pm,
01262                                              info_p,
01263                                              RSBAC_LIST_PERSIST |
01264                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01265                                              NULL,
01266                                              NULL, &def_pm_fd_aci,
01267                                              RSBAC_PM_FD_NAME, kdev,
01268                                              pm_nr_fd_hashes,
01269                                              rsbac_list_hash_fd,
01270                                              RSBAC_PM_OLD_FD_NAME);
01271                 if (tmperr) {
01272                         char *tmp;
01273 
01274                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01275                         if (tmp) {
01276                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering PM list %s for device %02u:%02u failed with error %s!\n",
01277                                              RSBAC_PM_FD_NAME,
01278                                              RSBAC_MAJOR(kdev),
01279                                              RSBAC_MINOR(kdev),
01280                                              get_error_name(tmp,
01281                                                             tmperr));
01282                                 rsbac_kfree(tmp);
01283                         }
01284                         err = tmperr;
01285                 }
01286         }
01287 #endif
01288 
01289 #if defined(CONFIG_RSBAC_DAZ)
01290         {
01291                 struct rsbac_daz_fd_aci_t def_daz_fd_aci =
01292                     DEFAULT_DAZ_FD_ACI;
01293                 /* register DAZ lists */
01294                 info_p->version = RSBAC_DAZ_FD_ACI_VERSION;
01295                 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01296                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01297                 info_p->data_size =
01298                     sizeof(struct rsbac_daz_fd_aci_t);
01299                 info_p->max_age = 0;
01300                 daz_nr_fd_hashes = RSBAC_DAZ_NR_FD_LISTS;
01301                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01302                                              &device_p->handles.daz,
01303                                              info_p,
01304                                              RSBAC_LIST_PERSIST |
01305                                              RSBAC_LIST_DEF_DATA |
01306                                              RSBAC_LIST_AUTO_HASH_RESIZE,
01307                                              NULL,
01308                                              daz_fd_get_conv,
01309                                              &def_daz_fd_aci,
01310                                              RSBAC_DAZ_FD_NAME, kdev,
01311                                              daz_nr_fd_hashes,
01312                                              rsbac_list_hash_fd,
01313                                              RSBAC_DAZ_OLD_FD_NAME);
01314                 if (tmperr) {
01315                         char *tmp;
01316 
01317                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01318                         if (tmp) {
01319                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering DAZ list %s for device %02u:%02u failed with error %s!\n",
01320                                              RSBAC_DAZ_FD_NAME,
01321                                              RSBAC_MAJOR(kdev),
01322                                              RSBAC_MINOR(kdev),
01323                                              get_error_name(tmp,
01324                                                             tmperr));
01325                                 rsbac_kfree(tmp);
01326                         }
01327                         err = tmperr;
01328                 }
01329         }
01330 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01331         {
01332                 rsbac_daz_scanned_t def_daz_scanned_fd_aci =
01333                     DEFAULT_DAZ_FD_SCANNED;
01334 
01335                 info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION;
01336                 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01337                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01338                 info_p->data_size = sizeof(rsbac_daz_scanned_t);
01339                 info_p->max_age = 0;
01340                 daz_scanned_nr_fd_hashes = RSBAC_DAZ_SCANNED_NR_FD_LISTS;
01341                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01342                                              &device_p->handles.dazs,
01343                                              info_p,
01344 #ifdef CONFIG_RSBAC_DAZ_PERSIST
01345                                              RSBAC_LIST_PERSIST |
01346 #endif
01347                                              RSBAC_LIST_DEF_DATA |
01348                                              RSBAC_LIST_AUTO_HASH_RESIZE |
01349                                              RSBAC_LIST_NO_MAX,
01350                                              NULL,
01351                                              NULL,
01352                                              &def_daz_scanned_fd_aci,
01353                                              RSBAC_DAZ_SCANNED_FD_NAME, kdev,
01354                                              daz_scanned_nr_fd_hashes,
01355                                              rsbac_list_hash_fd,
01356                                              RSBAC_DAZ_SCANNED_OLD_FD_NAME);
01357                 if (tmperr) {
01358                         char *tmp;
01359 
01360                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01361                         if (tmp) {
01362                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering DAZ scanned list %s for device %02u:%02u failed with error %s!\n",
01363                                              RSBAC_DAZ_SCANNED_FD_NAME,
01364                                              RSBAC_MAJOR(kdev),
01365                                              RSBAC_MINOR(kdev),
01366                                              get_error_name(tmp,
01367                                                             tmperr));
01368                                 rsbac_kfree(tmp);
01369                         }
01370                         err = tmperr;
01371                 }
01372         }
01373 #endif
01374 #endif
01375 
01376 #if defined(CONFIG_RSBAC_FF)
01377         {
01378                 rsbac_ff_flags_t def_ff_fd_aci = RSBAC_FF_DEF;
01379 
01380                 info_p->version = RSBAC_FF_FD_ACI_VERSION;
01381                 info_p->key = RSBAC_FF_FD_ACI_KEY;
01382                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01383                 info_p->data_size = sizeof(rsbac_ff_flags_t);
01384                 info_p->max_age = 0;
01385                 ff_nr_fd_hashes = RSBAC_FF_NR_FD_LISTS;
01386                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01387                                              &device_p->handles.ff,
01388                                              info_p,
01389                                              RSBAC_LIST_PERSIST |
01390                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01391                                              NULL,
01392                                              NULL, &def_ff_fd_aci,
01393                                              RSBAC_FF_FD_NAME, kdev,
01394                                              ff_nr_fd_hashes,
01395                                              rsbac_list_hash_fd,
01396                                              RSBAC_FF_OLD_FD_NAME);
01397                 if (tmperr) {
01398                         char *tmp;
01399 
01400                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01401                         if (tmp) {
01402                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering FF list %s for device %02u:%02u failed with error %s!\n",
01403                                              RSBAC_FF_FD_NAME,
01404                                              RSBAC_MAJOR(kdev),
01405                                              RSBAC_MINOR(kdev),
01406                                              get_error_name(tmp,
01407                                                             tmperr));
01408                                 rsbac_kfree(tmp);
01409                         }
01410                         err = tmperr;
01411                 }
01412         }
01413 #endif
01414 
01415 #if defined(CONFIG_RSBAC_RC)
01416         {
01417                 info_p->version = RSBAC_RC_FD_ACI_VERSION;
01418                 info_p->key = RSBAC_RC_FD_ACI_KEY;
01419                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01420                 info_p->data_size =
01421                     sizeof(struct rsbac_rc_fd_aci_t);
01422                 info_p->max_age = 0;
01423                 rc_nr_fd_hashes = RSBAC_RC_NR_FD_LISTS;
01424                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01425                                              &device_p->handles.rc,
01426                                              info_p,
01427                                              RSBAC_LIST_PERSIST |
01428                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01429                                              NULL,
01430                                              NULL, &def_rc_fd_aci,
01431                                              RSBAC_RC_FD_NAME, kdev,
01432                                              rc_nr_fd_hashes,
01433                                              rsbac_list_hash_fd,
01434                                              RSBAC_RC_OLD_FD_NAME);
01435                 if (tmperr) {
01436                         char *tmp;
01437 
01438                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01439                         if (tmp) {
01440                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering RC list %s for device %02u:%02u failed with error %s!\n",
01441                                              RSBAC_RC_FD_NAME,
01442                                              RSBAC_MAJOR(kdev),
01443                                              RSBAC_MINOR(kdev),
01444                                              get_error_name(tmp,
01445                                                             tmperr));
01446                                 rsbac_kfree(tmp);
01447                         }
01448                         err = tmperr;
01449                 }
01450         }
01451 #endif
01452 
01453 #if defined(CONFIG_RSBAC_AUTH)
01454         {
01455                 struct rsbac_auth_fd_aci_t def_auth_fd_aci =
01456                     DEFAULT_AUTH_FD_ACI;
01457 
01458                 info_p->version = RSBAC_AUTH_FD_ACI_VERSION;
01459                 info_p->key = RSBAC_AUTH_FD_ACI_KEY;
01460                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01461                 info_p->data_size =
01462                     sizeof(struct rsbac_auth_fd_aci_t);
01463                 info_p->max_age = 0;
01464                 auth_nr_fd_hashes = RSBAC_AUTH_NR_FD_LISTS;
01465                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01466                                              &device_p->handles.auth,
01467                                              info_p,
01468                                              RSBAC_LIST_PERSIST |
01469                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01470                                              NULL,
01471                                              auth_fd_get_conv,
01472                                              &def_auth_fd_aci,
01473                                              RSBAC_AUTH_FD_NAME, kdev,
01474                                              auth_nr_fd_hashes,
01475                                              rsbac_list_hash_fd,
01476                                              RSBAC_AUTH_OLD_FD_NAME);
01477                 if (tmperr) {
01478                         char *tmp;
01479 
01480                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01481                         if (tmp) {
01482                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering AUTH list %s for device %02u:%02u failed with error %s!\n",
01483                                              RSBAC_AUTH_FD_NAME,
01484                                              RSBAC_MAJOR(kdev),
01485                                              RSBAC_MINOR(kdev),
01486                                              get_error_name(tmp,
01487                                                             tmperr));
01488                                 rsbac_kfree(tmp);
01489                         }
01490                         err = tmperr;
01491                 }
01492         }
01493 #endif
01494 
01495 #if defined(CONFIG_RSBAC_CAP)
01496         {
01497                 struct rsbac_cap_fd_aci_t def_cap_fd_aci =
01498                     DEFAULT_CAP_FD_ACI;
01499 
01500                 info_p->version = RSBAC_CAP_FD_ACI_VERSION;
01501                 info_p->key = RSBAC_CAP_FD_ACI_KEY;
01502                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01503                 info_p->data_size =
01504                     sizeof(struct rsbac_cap_fd_aci_t);
01505                 info_p->max_age = 0;
01506                 cap_nr_fd_hashes = RSBAC_CAP_NR_FD_LISTS;
01507                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01508                                              &device_p->handles.cap,
01509                                              info_p,
01510                                              RSBAC_LIST_PERSIST |
01511                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01512                                              NULL,
01513                                              cap_fd_get_conv, 
01514                                              &def_cap_fd_aci,
01515                                              RSBAC_CAP_FD_NAME, kdev,
01516                                              cap_nr_fd_hashes,
01517                                              rsbac_list_hash_fd,
01518                                              RSBAC_CAP_OLD_FD_NAME);
01519                 if (tmperr) {
01520                         char *tmp;
01521 
01522                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01523                         if (tmp) {
01524                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering CAP list %s for device %02u:%02u failed with error %s!\n",
01525                                              RSBAC_CAP_FD_NAME,
01526                                              RSBAC_MAJOR(kdev),
01527                                              RSBAC_MINOR(kdev),
01528                                              get_error_name(tmp,
01529                                                             tmperr));
01530                                 rsbac_kfree(tmp);
01531                         }
01532                         err = tmperr;
01533                 }
01534         }
01535 #endif
01536 
01537 #if defined(CONFIG_RSBAC_PAX)
01538         {
01539                 rsbac_pax_flags_t def_pax_fd_aci;
01540 
01541 #ifdef CONFIG_RSBAC_PAX_DEFAULT
01542                 def_pax_fd_aci = 0;
01543 #ifdef CONFIG_RSBAC_PAX_PAGEEXEC
01544                 def_pax_fd_aci |= PF_PAX_PAGEEXEC;
01545 #endif
01546 #ifdef CONFIG_RSBAC_PAX_EMUTRAMP
01547                 def_pax_fd_aci |= PF_PAX_EMUTRAMP;
01548 #endif
01549 #ifdef CONFIG_RSBAC_PAX_MPROTECT
01550                 def_pax_fd_aci |= PF_PAX_MPROTECT;
01551 #endif
01552 #ifdef CONFIG_RSBAC_PAX_RANDMMAP
01553                 def_pax_fd_aci |= PF_PAX_RANDMMAP;
01554 #endif
01555 #ifdef CONFIG_RSBAC_PAX_RANDEXEC
01556                 def_pax_fd_aci |= PF_PAX_RANDEXEC;
01557 #endif
01558 #ifdef CONFIG_RSBAC_PAX_SEGMEXEC
01559                 def_pax_fd_aci |= PF_PAX_SEGMEXEC;
01560 #endif
01561 
01562 #else
01563                 def_pax_fd_aci = RSBAC_PAX_DEF_FLAGS;
01564 #endif
01565 
01566                 info_p->version = RSBAC_PAX_FD_ACI_VERSION;
01567                 info_p->key = RSBAC_PAX_FD_ACI_KEY;
01568                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01569                 info_p->data_size = sizeof(rsbac_pax_flags_t);
01570                 info_p->max_age = 0;
01571                 pax_nr_fd_hashes = RSBAC_PAX_NR_FD_LISTS;
01572                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01573                                              &device_p->handles.pax,
01574                                              info_p,
01575                                              RSBAC_LIST_PERSIST |
01576                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01577                                              NULL,
01578                                              NULL, &def_pax_fd_aci,
01579                                              RSBAC_PAX_FD_NAME, kdev,
01580                                              pax_nr_fd_hashes,
01581                                              rsbac_list_hash_fd,
01582                                              RSBAC_PAX_OLD_FD_NAME);
01583                 if (tmperr) {
01584                         char *tmp;
01585 
01586                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01587                         if (tmp) {
01588                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering PAX list %s for device %02u:%02u failed with error %s!\n",
01589                                              RSBAC_PAX_FD_NAME,
01590                                              RSBAC_MAJOR(kdev),
01591                                              RSBAC_MINOR(kdev),
01592                                              get_error_name(tmp,
01593                                                             tmperr));
01594                                 rsbac_kfree(tmp);
01595                         }
01596                         err = tmperr;
01597                 }
01598         }
01599 #endif
01600 
01601 #if defined(CONFIG_RSBAC_RES)
01602         {
01603                 info_p->version = RSBAC_RES_FD_ACI_VERSION;
01604                 info_p->key = RSBAC_RES_FD_ACI_KEY;
01605                 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01606                 info_p->data_size =
01607                     sizeof(struct rsbac_res_fd_aci_t);
01608                 info_p->max_age = 0;
01609                 res_nr_fd_hashes = RSBAC_RES_NR_FD_LISTS;
01610                 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
01611                                              &device_p->handles.res,
01612                                              info_p,
01613                                              RSBAC_LIST_PERSIST |
01614                                              RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
01615                                              NULL,
01616                                              NULL, &def_res_fd_aci,
01617                                              RSBAC_RES_FD_NAME, kdev,
01618                                              res_nr_fd_hashes,
01619                                              rsbac_list_hash_fd,
01620                                              RSBAC_RES_OLD_FD_NAME);
01621                 if (tmperr) {
01622                         char *tmp;
01623 
01624                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01625                         if (tmp) {
01626                                 rsbac_printk(KERN_WARNING "register_fd_lists(): registering RES list %s for device %02u:%02u failed with error %s!\n",
01627                                              RSBAC_RES_FD_NAME,
01628                                              RSBAC_MAJOR(kdev),
01629                                              RSBAC_MINOR(kdev),
01630                                              get_error_name(tmp,
01631                                                             tmperr));
01632                                 rsbac_kfree(tmp);
01633                         }
01634                         err = tmperr;
01635                 }
01636         }
01637 #endif
01638 
01639         rsbac_kfree(name);
01640         rsbac_kfree(info_p);
01641         return err;
01642 }
01643 
01644 /* aci_detach_fd_lists() */
01645 /* detach from fd lists for device */
01646 
01647 static int aci_detach_fd_lists(struct rsbac_device_list_item_t *device_p)
01648 {
01649         int err = 0;
01650         int tmperr;
01651 
01652         if (!device_p)
01653                 return (-RSBAC_EINVALIDPOINTER);
01654 
01655         /* detach all general lists */
01656         tmperr = rsbac_list_detach(&device_p->handles.gen,
01657                                            RSBAC_GEN_FD_ACI_KEY);
01658         if (tmperr) {
01659                 char *tmp;
01660 
01661                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01662                 if (tmp) {
01663                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from general list %s for device %02u:%02u failed with error %s!\n",
01664                                      RSBAC_GEN_FD_NAME,
01665                                      RSBAC_MAJOR(device_p->id),
01666                                      RSBAC_MINOR(device_p->id),
01667                                      get_error_name(tmp, tmperr));
01668                         rsbac_kfree(tmp);
01669                 }
01670                 err = tmperr;
01671         }
01672 
01673 #if defined(CONFIG_RSBAC_MAC)
01674         /* detach all MAC lists */
01675         tmperr = rsbac_list_detach(&device_p->handles.mac,
01676                                    RSBAC_MAC_FD_ACI_KEY);
01677         if (tmperr) {
01678                 char *tmp;
01679 
01680                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01681                 if (tmp) {
01682                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from MAC list %s for device %02u:%02u failed with error %s!\n",
01683                                      RSBAC_MAC_FD_NAME,
01684                                      RSBAC_MAJOR(device_p->id),
01685                                      RSBAC_MINOR(device_p->id),
01686                                      get_error_name(tmp, tmperr));
01687                         rsbac_kfree(tmp);
01688                 }
01689                 err = tmperr;
01690         }
01691 #endif
01692 
01693 #if defined(CONFIG_RSBAC_PM)
01694         /* detach all PM lists */
01695         tmperr = rsbac_list_detach(&device_p->handles.pm,
01696                                    RSBAC_PM_FD_ACI_KEY);
01697         if (tmperr) {
01698                 char *tmp;
01699 
01700                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01701                 if (tmp) {
01702                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from PM list %s for device %02u:%02u failed with error %s!\n",
01703                                      RSBAC_PM_FD_NAME,
01704                                      RSBAC_MAJOR(device_p->id),
01705                                      RSBAC_MINOR(device_p->id),
01706                                      get_error_name(tmp, tmperr));
01707                         rsbac_kfree(tmp);
01708                 }
01709                 err = tmperr;
01710         }
01711 #endif
01712 
01713 #if defined(CONFIG_RSBAC_DAZ)
01714         /* detach all DAZ lists */
01715         tmperr = rsbac_list_detach(&device_p->handles.daz,
01716                                    RSBAC_DAZ_FD_ACI_KEY);
01717         if (tmperr) {
01718                 char *tmp;
01719 
01720                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01721                 if (tmp) {
01722                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from DAZ list %s for device %02u:%02u failed with error %s!\n",
01723                                      RSBAC_DAZ_FD_NAME,
01724                                      RSBAC_MAJOR(device_p->id),
01725                                      RSBAC_MINOR(device_p->id),
01726                                      get_error_name(tmp, tmperr));
01727                         rsbac_kfree(tmp);
01728                 }
01729                 err = tmperr;
01730         }
01731 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01732         /* detach all DAZ scanned lists */
01733         tmperr = rsbac_list_detach(&device_p->handles.dazs,
01734                                       RSBAC_DAZ_FD_ACI_KEY);
01735         if (tmperr) {
01736                 char *tmp;
01737 
01738                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01739                 if (tmp) {
01740                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from DAZ scanned list %s for device %02u:%02u failed with error %s!\n",
01741                                      RSBAC_DAZ_SCANNED_FD_NAME,
01742                                      RSBAC_MAJOR(device_p->id),
01743                                      RSBAC_MINOR(device_p->id),
01744                                      get_error_name(tmp, tmperr));
01745                         rsbac_kfree(tmp);
01746                 }
01747                 err = tmperr;
01748         }
01749 #endif
01750 #endif
01751 
01752 #if defined(CONFIG_RSBAC_FF)
01753         /* detach all FF lists */
01754         tmperr = rsbac_list_detach(&device_p->handles.ff,
01755                                    RSBAC_FF_FD_ACI_KEY);
01756         if (tmperr) {
01757                 char *tmp;
01758 
01759                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01760                 if (tmp) {
01761                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from FF list %s for device %02u:%02u failed with error %s!\n",
01762                                      RSBAC_FF_FD_NAME,
01763                                      RSBAC_MAJOR(device_p->id),
01764                                      RSBAC_MINOR(device_p->id),
01765                                      get_error_name(tmp, tmperr));
01766                         rsbac_kfree(tmp);
01767                 }
01768                 err = tmperr;
01769         }
01770 #endif
01771 
01772 #if defined(CONFIG_RSBAC_RC)
01773         /* detach all RC lists */
01774         tmperr = rsbac_list_detach(&device_p->handles.rc,
01775                                    RSBAC_RC_FD_ACI_KEY);
01776         if (tmperr) {
01777                 char *tmp;
01778 
01779                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01780                 if (tmp) {
01781                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from RC list %s for device %02u:%02u failed with error %s!\n",
01782                                      RSBAC_RC_FD_NAME,
01783                                      RSBAC_MAJOR(device_p->id),
01784                                      RSBAC_MINOR(device_p->id),
01785                                      get_error_name(tmp, tmperr));
01786                         rsbac_kfree(tmp);
01787                 }
01788                 err = tmperr;
01789         }
01790 #endif
01791 
01792 #if defined(CONFIG_RSBAC_AUTH)
01793         /* detach all AUTH lists */
01794         tmperr = rsbac_list_detach(&device_p->handles.auth,
01795                               RSBAC_AUTH_FD_ACI_KEY);
01796         if (tmperr) {
01797                 char *tmp;
01798 
01799                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01800                 if (tmp) {
01801                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from AUTH list %s for device %02u:%02u failed with error %s!\n",
01802                                      RSBAC_AUTH_FD_NAME,
01803                                      RSBAC_MAJOR(device_p->id),
01804                                      RSBAC_MINOR(device_p->id),
01805                                      get_error_name(tmp, tmperr));
01806                         rsbac_kfree(tmp);
01807                 }
01808                 err = tmperr;
01809         }
01810 #endif
01811 
01812 #if defined(CONFIG_RSBAC_CAP)
01813         /* detach all CAP lists */
01814         tmperr = rsbac_list_detach(&device_p->handles.cap,
01815                                    RSBAC_CAP_FD_ACI_KEY);
01816         if (tmperr) {
01817                 char *tmp;
01818 
01819                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01820                 if (tmp) {
01821                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from CAP list %s for device %02u:%02u failed with error %s!\n",
01822                                      RSBAC_CAP_FD_NAME,
01823                                      RSBAC_MAJOR(device_p->id),
01824                                      RSBAC_MINOR(device_p->id),
01825                                      get_error_name(tmp, tmperr));
01826                         rsbac_kfree(tmp);
01827                 }
01828                 err = tmperr;
01829         }
01830 #endif
01831 
01832 #if defined(CONFIG_RSBAC_PAX)
01833         /* detach all PAX lists */
01834         tmperr = rsbac_list_detach(&device_p->handles.pax,
01835                                    RSBAC_PAX_FD_ACI_KEY);
01836         if (tmperr) {
01837                 char *tmp;
01838 
01839                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01840                 if (tmp) {
01841                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from PAX list %s for device %02u:%02u failed with error %s!\n",
01842                                      RSBAC_PAX_FD_NAME,
01843                                      RSBAC_MAJOR(device_p->id),
01844                                      RSBAC_MINOR(device_p->id),
01845                                      get_error_name(tmp, tmperr));
01846                         rsbac_kfree(tmp);
01847                 }
01848                 err = tmperr;
01849         }
01850 #endif
01851 
01852 #if defined(CONFIG_RSBAC_RES)
01853         /* detach all RES lists */
01854         tmperr = rsbac_list_detach(&device_p->handles.res,
01855                                    RSBAC_RES_FD_ACI_KEY);
01856         if (tmperr) {
01857                 char *tmp;
01858 
01859                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01860                 if (tmp) {
01861                         rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from RES list %s for device %02u:%02u failed with error %s!\n",
01862                                      RSBAC_RES_FD_NAME,
01863                                      RSBAC_MAJOR(device_p->id),
01864                                      RSBAC_MINOR(device_p->id),
01865                                      get_error_name(tmp, tmperr));
01866                         rsbac_kfree(tmp);
01867                 }
01868                 err = tmperr;
01869         }
01870 #endif
01871 
01872         return err;
01873 }
01874 
01875 
01876 /* Create a device item without adding to list. No locking needed. */
01877 static struct rsbac_device_list_item_t
01878 *create_device_item(struct super_block *sb_p, struct dentry *d_covers)
01879 {
01880         struct rsbac_device_list_item_t *new_item_p;
01881 
01882         if (!sb_p)
01883                 return NULL;
01884         /* allocate memory for new device, return NULL, if failed */
01885         if (!(new_item_p = (struct rsbac_device_list_item_t *)
01886               rsbac_kmalloc(sizeof(*new_item_p))))
01887                 return (NULL);
01888 
01889         memset(new_item_p, 0, sizeof(*new_item_p));
01890         new_item_p->id = sb_p->s_dev;
01891         new_item_p->sb_p = sb_p;
01892         new_item_p->d_covers = d_covers;
01893         new_item_p->mount_count = 1;
01894         /* everything else is 0 by memset -> return */
01895         return (new_item_p);
01896 }
01897 
01898 /* Add an existing device item to list. Locking needed. */
01899 static struct rsbac_device_list_item_t
01900 *add_device_item(struct rsbac_device_list_item_t *device_p)
01901 {
01902         struct rsbac_device_list_head_t * new_p;
01903 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01904         struct rsbac_device_list_head_t * old_p;
01905 #else
01906         u_long flags;
01907 #endif
01908         u_int hash;
01909 
01910         if (!device_p)
01911                 return (NULL);
01912 
01913         hash = device_hash(device_p->id);
01914 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01915         spin_lock(&device_list_locks[hash]);
01916         old_p = device_head_p[hash];
01917         new_p = rsbac_kmalloc(sizeof(*new_p));
01918         *new_p = *old_p;
01919 #else
01920         rsbac_write_lock(&device_list_locks[hash], &flags);
01921         new_p = device_head_p[hash];
01922 #endif
01923         /* add new device to device list */
01924         if (!new_p->head) {     /* first device */
01925                 new_p->head = device_p;
01926                 new_p->tail = device_p;
01927                 new_p->curr = device_p;
01928                 new_p->count = 1;
01929                 device_p->prev = NULL;
01930                 device_p->next = NULL;
01931         } else {                /* there is another device -> hang to tail */
01932                 device_p->prev = new_p->tail;
01933                 device_p->next = NULL;
01934                 new_p->tail->next = device_p;
01935                 new_p->tail = device_p;
01936                 new_p->curr = device_p;
01937                 new_p->count++;
01938         }
01939 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01940         rcu_assign_pointer(device_head_p[hash], new_p);
01941         spin_unlock(&device_list_locks[hash]);
01942         synchronize_rcu();
01943         rsbac_kfree(old_p);
01944 #else
01945         rsbac_write_unlock(&device_list_locks[hash], &flags);
01946 #endif
01947         return (device_p);
01948 }
01949 
01950 /************************************************************************** */
01951 /* The remove_item() functions remove an item from the list. If this item   */
01952 /* is head, tail or curr, these pointers are set accordingly.               */
01953 /* To speed up removing several subsequent items, curr is set to the next   */
01954 /* item, if possible.                                                       */
01955 /* If the item is not found, nothing is done.                               */
01956 
01957 static void clear_device_item(struct rsbac_device_list_item_t *item_p)
01958 {
01959         if (!item_p)
01960                 return;
01961 
01962         /* dput() rsbac_dir_dentry_p, if set */
01963         if (item_p->rsbac_dir_dentry_p)
01964                 dput(item_p->rsbac_dir_dentry_p);
01965         /* OK, lets remove the device item itself */
01966         rsbac_kfree(item_p);
01967 }
01968 
01969 static void remove_device_item(kdev_t kdev)
01970 {
01971         struct rsbac_device_list_item_t *item_p;
01972         struct rsbac_device_list_head_t * new_p;
01973         #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01974         struct rsbac_device_list_head_t * old_p;
01975         #endif
01976         u_int hash;
01977                
01978         hash = device_hash(kdev);
01979 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01980         old_p = device_head_p[hash];
01981         new_p = rsbac_kmalloc(sizeof(*new_p));
01982         *new_p = *old_p;
01983 #else
01984         new_p = device_head_p[hash];
01985 #endif
01986         /* first we must locate the item. */
01987         if ((item_p = lookup_device(kdev, hash))) {     /* ok, item was found */
01988                 if (new_p->head == item_p) {    /* item is head */
01989                         if (new_p->tail == item_p) {    /* item is head and tail = only item -> list will be empty */
01990                                 new_p->head = NULL;
01991                                 new_p->tail = NULL;
01992                         } else {        /* item is head, but not tail -> next item becomes head */
01993                                 item_p->next->prev = NULL;
01994                                 new_p->head = item_p->next;
01995                         }
01996                 } else {        /* item is not head */
01997                         if (new_p->tail == item_p) {    /*item is not head, but tail -> previous item becomes tail */
01998                                 item_p->prev->next = NULL;
01999                                 new_p->tail = item_p->prev;
02000                         } else {        /* item is neither head nor tail -> item is cut out */
02001                                 item_p->prev->next = item_p->next;
02002                                 item_p->next->prev = item_p->prev;
02003                         }
02004                 }
02005 
02006                 /* curr is no longer valid -> reset.                              */
02007                 new_p->curr = NULL;
02008                 /* adjust counter */
02009                 new_p->count--;
02010 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02011                 rcu_assign_pointer(device_head_p[hash], new_p);
02012                 spin_unlock(&device_list_locks[hash]);
02013                 synchronize_rcu();
02014                 rsbac_kfree(old_p);
02015 #endif
02016                 /* clean up */
02017                 aci_detach_fd_lists(item_p);
02018 
02019                 /* clear item */
02020                 clear_device_item(item_p);
02021         }
02022 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02023         else
02024                 spin_unlock(&device_list_locks[hash]);
02025 #endif
02026 }
02027 
02028 /**************************************************/
02029 /*       Externally visible help functions        */
02030 /**************************************************/
02031 
02032 /* helper, copied from open.d/do_truncate() */
02033 static int rsbac_clear_file(struct dentry *dentry)
02034 {
02035         struct inode *inode = dentry->d_inode;
02036         int error;
02037         struct iattr newattrs;
02038 
02039 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02040         mutex_lock(&inode->i_mutex);
02041 #else
02042         down(&inode->i_sem);
02043 #endif
02044         newattrs.ia_size = 0;
02045         newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
02046         error = notify_change(dentry, &newattrs);
02047 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02048         mutex_unlock(&inode->i_mutex);
02049 #else
02050         up(&inode->i_sem);
02051 #endif
02052         return error;
02053 }
02054 
02055 static void wakeup_auto(u_long dummy)
02056 {
02057         wake_up((void *) dummy);
02058 }
02059 
02060 #if defined(CONFIG_RSBAC_REG)
02061 EXPORT_SYMBOL(rsbac_get_super_block);
02062 #endif
02063 struct super_block *rsbac_get_super_block(kdev_t kdev)
02064 {
02065         struct rsbac_device_list_item_t *device_p;
02066 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02067         u_long dflags;
02068 #endif
02069         struct super_block *sb_p;
02070         u_int hash;
02071 
02072         if (RSBAC_IS_AUTO_DEV(kdev))
02073                 return NULL;
02074 
02075         hash = device_hash(kdev);
02076         /* get super_block-pointer */
02077 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02078         rcu_read_lock();
02079 #else
02080         rsbac_read_lock(&device_list_locks[hash], &dflags);
02081 #endif
02082         device_p = lookup_device(kdev, hash);
02083         if (!device_p) {
02084 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02085                 rcu_read_unlock();
02086 #else
02087                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02088 #endif
02089                 down(&rsbac_write_sem);
02090                 up(&rsbac_write_sem);
02091 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02092                 sb_p = user_get_super(kdev);
02093 #else
02094                 sb_p = get_super(kdev);
02095 #endif
02096                 if (!sb_p) {    /* Wait a second and retry */
02097                         DECLARE_WAIT_QUEUE_HEAD(auto_wait);
02098                         struct timer_list auto_timer;
02099 
02100                         rsbac_printk(KERN_INFO "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n",
02101                                      RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02102                         init_timer(&auto_timer);
02103                         auto_timer.function = wakeup_auto;
02104                         auto_timer.data = (u_long) & auto_wait;
02105                         auto_timer.expires = jiffies + HZ;
02106                         add_timer(&auto_timer);
02107                         interruptible_sleep_on(&auto_wait);
02108 
02109 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02110                         sb_p = user_get_super(kdev);
02111 #else
02112                         sb_p = get_super(kdev);
02113 #endif
02114                 }
02115                 if (sb_p) {
02116                         device_p = lookup_device(kdev, hash);
02117                         /* Never auto-mount <= 01:xx devices */
02118                         if (!device_p && (RSBAC_MAJOR(kdev) <= 1)) {
02119                                 rsbac_printk(KERN_INFO "rsbac_get_super_block(): auto-mounting device %02u:%02u\n",
02120                                              RSBAC_MAJOR(kdev),
02121                                              RSBAC_MINOR(kdev));
02122                                 rsbac_mount(sb_p, NULL);
02123                         }
02124                         /* free super_block pointer */
02125                         drop_super(sb_p);
02126 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02127                         rcu_read_lock();
02128 #else
02129                         rsbac_read_lock(&device_list_locks[hash], &dflags);
02130 #endif
02131                         device_p = lookup_device(kdev, hash);
02132                         if (!device_p) {
02133                                 rsbac_printk(KERN_WARNING "rsbac_get_super_block(): unknown device %02u:%02u\n",
02134                                              RSBAC_MAJOR(kdev),
02135                                              RSBAC_MINOR(kdev));
02136 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02137                                 rcu_read_unlock();
02138 #else
02139                                 rsbac_read_unlock(&device_list_locks[hash],
02140                                                   &dflags);
02141 #endif
02142                                 return NULL;
02143                         }
02144                 } else {
02145                         return NULL;
02146                 }
02147         }
02148         sb_p = device_p->sb_p;
02149 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02150         rcu_read_unlock();
02151 #else
02152         rsbac_read_unlock(&device_list_locks[hash], &dflags);
02153 #endif
02154         return sb_p;
02155 }
02156 
02157 #if defined(CONFIG_RSBAC_REG)
02158 EXPORT_SYMBOL(rsbac_read_open);
02159 #endif
02160 int rsbac_read_open(char *name, struct file *file_p, kdev_t kdev)
02161 {
02162         struct dentry *dir_dentry_p;
02163         struct dentry *file_dentry_p;
02164         int tmperr, err;
02165 
02166         if (!name || !file_p) {
02167                 rsbac_pr_debug(ds, "called with NULL pointer!");
02168                 return (-RSBAC_EINVALIDPOINTER);
02169         }
02170 
02171         /* lookup dentry of ACI_PATH on root device, lock is released there */
02172         if ((err =
02173              lookup_aci_path_dentry(NULL, &dir_dentry_p, FALSE, kdev))) {
02174                 return (err);
02175         }
02176 
02177         /* open file for reading - this must be done 'by hand', because     */
02178         /* standard system calls are now extended by rsbac decision calls.  */
02179         file_dentry_p =
02180             rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02181         if (!file_dentry_p || IS_ERR(file_dentry_p)) {  /* error in lookup */
02182                 return (-RSBAC_EREADFAILED);
02183         }
02184         if (!file_dentry_p->d_inode) {  /* file not found: trying backup */
02185                 char *bname;
02186                 int name_len = strlen(name);
02187 
02188                 dput(file_dentry_p);
02189                 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02190                 if (!bname) {
02191                         return -RSBAC_ENOMEM;
02192                 }
02193 
02194                 strcpy(bname, name);
02195                 bname[name_len] = 'b';
02196                 name_len++;
02197                 bname[name_len] = (char) 0;
02198                 rsbac_pr_debug(ds, "could not lookup file %s, trying backup %s\n",
02199                              name, bname);
02200                 file_dentry_p =
02201                     rsbac_lookup_one_len(bname, dir_dentry_p,
02202                                          strlen(bname));
02203                 rsbac_kfree(bname);
02204                 if (!file_dentry_p || IS_ERR(file_dentry_p)) {  /* error in lookup */
02205                         return (-RSBAC_EREADFAILED);
02206                 }
02207                 if (!file_dentry_p->d_inode) {  /* backup file also not found: return error */
02208                         rsbac_pr_debug(ds, "could not lookup backup file %sb\n",
02209                                        name);
02210                         dput(file_dentry_p);
02211                         return (-RSBAC_ENOTFOUND);
02212                 }
02213         }
02214         if (!(S_ISREG(file_dentry_p->d_inode->i_mode))) {       /* this is not a file! -> error! */
02215                 rsbac_printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n");
02216                 dput(file_dentry_p);
02217                 return (-RSBAC_EREADFAILED);
02218         }
02219 
02220         /* Now we fill the file structure and */
02221         /* if there is an open func for this file, use it, otherwise ignore */
02222         if ((tmperr = init_private_file(file_p, file_dentry_p, O_RDONLY))) {
02223                 dput(file_dentry_p);
02224                 rsbac_printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n",
02225                              name);
02226                 return -RSBAC_EREADFAILED;
02227         }
02228 
02229         /* if there is no read func, we get a problem -> error */
02230         if ((!file_p->f_op) || (!file_p->f_op->read)) {
02231                 if (!file_p->f_op) {
02232                         rsbac_printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n",
02233                                      name);
02234                 } else {
02235                         rsbac_printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n",
02236                                      name);
02237                         if (file_p->f_op->release)
02238                                 file_p->f_op->release(file_dentry_p->
02239                                                       d_inode, file_p);
02240                 }
02241                 dput(file_dentry_p);
02242                 return -RSBAC_EREADFAILED;
02243         }
02244         return 0;
02245 }
02246 
02247 #ifndef check_parent
02248 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02249 #define check_parent(dir, dentry) \
02250         ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket))
02251 #else
02252 #define check_parent(dir, dentry) \
02253         ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_hash))
02254 #endif
02255 #endif
02256 
02257 #if defined(CONFIG_RSBAC_REG)
02258 EXPORT_SYMBOL(rsbac_write_open);
02259 #endif
02260 int rsbac_write_open(char *name, struct file *file_p, kdev_t kdev)
02261 {
02262         struct dentry *dir_dentry_p = NULL;
02263         struct dentry *ldir_dentry_p = NULL;
02264         struct dentry *file_dentry_p = NULL;
02265         int err = 0;
02266         int tmperr = 0;
02267         struct super_block *sb_p;
02268 
02269         if (!file_p || !name) {
02270                 rsbac_pr_debug(write, "called with NULL pointer!\n");
02271                 return (-RSBAC_EINVALIDPOINTER);
02272         }
02273 
02274         /* get super_block-pointer */
02275         sb_p = rsbac_get_super_block(kdev);
02276         if (!sb_p) {
02277                 rsbac_printk(KERN_WARNING "rsbac_write_open(): invalid device %02u:%02u\n",
02278                              RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02279                 return (-RSBAC_EINVALIDDEV);
02280         }
02281         if (!writable(sb_p)) {
02282                 rsbac_pr_debug(write, "called for non-writable device\n");
02283                 err = -RSBAC_ENOTWRITABLE;
02284                 goto out;
02285         }
02286 
02287         /* lookup dentry of ACI_PATH on this device (create, if needed and possible),
02288          * returns errorcode, if failed */
02289         if ((tmperr = lookup_aci_path_dentry(sb_p, &dir_dentry_p, TRUE,
02290                                              kdev))) {
02291                 err = tmperr;
02292                 goto out;
02293         }
02294 
02295         /* open file for reading - this must be done 'by hand', because     */
02296         /* standard system calls are now extended by rsbac decision calls.  */
02297         file_dentry_p =
02298             rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02299         if (!file_dentry_p || IS_ERR(file_dentry_p)) {
02300                 rsbac_pr_debug(write, "lookup of %s returned error %li\n",
02301                              name, PTR_ERR(file_dentry_p));
02302                 err = -RSBAC_EWRITEFAILED;
02303                 goto out;
02304         }
02305 #if 1
02306         if (file_dentry_p->d_inode) {   /* file was found: try to rename it as backup file */
02307                 if (!dir_dentry_p->d_inode->i_op
02308                     || !dir_dentry_p->d_inode->i_op->rename) {
02309                         rsbac_printk(KERN_WARNING "rsbac_write_open(): File system supports no rename - no backup of %s made!",
02310                                      name);
02311                 } else {
02312                         char *bname;
02313                         int name_len = strlen(name);
02314                         struct dentry *new_file_dentry_p = NULL;
02315                         struct dentry *old_dir_p, *new_dir_p;
02316 
02317                         bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02318                         if (!bname) {
02319                                 err = -RSBAC_ENOMEM;
02320                                 goto out_dput;
02321                         }
02322                         strcpy(bname, name);
02323                         bname[name_len] = 'b';
02324                         bname[name_len + 1] = (char) 0;
02325                         new_file_dentry_p =
02326                             rsbac_lookup_one_len(bname, dir_dentry_p,
02327                                                  strlen(bname));
02328                         if (new_file_dentry_p
02329                             && !IS_ERR(new_file_dentry_p)) {
02330                                 /* lock parent == rsbac-dir for rest of rename */
02331                                 old_dir_p = dget(file_dentry_p->d_parent);
02332                                 new_dir_p =
02333                                     dget(new_file_dentry_p->d_parent);
02334                                 double_lock(new_dir_p, old_dir_p);
02335 
02336                                 DQUOT_INIT(old_dir_p->d_inode);
02337                                 DQUOT_INIT(new_dir_p->d_inode);
02338                                 /* try to rename file in rsbac dir */
02339                                 /* rsbac_pr_debug(write, "calling rename function\n"); */
02340                                 err =
02341                                     dir_dentry_p->d_inode->i_op->
02342                                     rename(old_dir_p->d_inode,
02343                                            file_dentry_p,
02344                                            new_dir_p->d_inode,
02345                                            new_file_dentry_p);
02346                                 /* unlock dir (dputs both dentries) */
02347                                 double_unlock(new_dir_p, old_dir_p);
02348                                 if (err) {
02349                                         rsbac_printk(KERN_WARNING "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n",
02350                                                      name, bname,
02351                                                      RSBAC_MAJOR(kdev),
02352                                                      RSBAC_MINOR(kdev),
02353                                                      err);
02354                                 } else {
02355                                         /* The following d_move() should become unconditional */
02356                                         if (!
02357                                             (sb_p->s_type->
02358                                              fs_flags
02359 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02360                                               & FS_RENAME_DOES_D_MOVE
02361 #else
02362                                               & FS_ODD_RENAME
02363 #endif
02364                                             ))
02365                                                 d_move(file_dentry_p,
02366                                                        new_file_dentry_p);
02367                                         inode_dir_notify(old_dir_p->
02368                                                          d_inode,
02369                                                          DN_RENAME);
02370                                 }
02371                                 dput(new_file_dentry_p);
02372                                 dput(file_dentry_p);
02373                                 /* re-init dentry structure */
02374                                 file_dentry_p =
02375                                     rsbac_lookup_one_len(name,
02376                                                          dir_dentry_p,
02377                                                          strlen(name));
02378                                 if (!file_dentry_p
02379                                     || IS_ERR(file_dentry_p)) {
02380                                         rsbac_pr_debug(write, "relookup of %s "
02381                                                        "returned error %li\n",
02382                                                        name,
02383                                                        PTR_ERR(file_dentry_p));
02384                                         err = -RSBAC_EWRITEFAILED;
02385                                         goto out;
02386                                 }
02387                                 if (file_dentry_p->d_inode) {
02388                                         rsbac_printk(KERN_WARNING "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n",
02389                                                      name,
02390                                                      file_dentry_p->
02391                                                      d_inode->i_ino);
02392                                         /* file was found: try to delete it */
02393                                         if (!dir_dentry_p->d_inode->i_op
02394                                             || !dir_dentry_p->d_inode->
02395                                             i_op->unlink) {
02396                                                 rsbac_printk(KERN_WARNING "rsbac_write_open(): File system supports no unlink - %s not deleted!",
02397                                                              name);
02398                                                 rsbac_kfree(bname);
02399                                                 err = -RSBAC_EWRITEFAILED;
02400                                                 goto out_dput;
02401                                         } else {
02402                                                 old_dir_p =
02403                                                     lock_parent
02404                                                     (file_dentry_p);
02405 
02406                                                 DQUOT_INIT(old_dir_p->
02407                                                            d_inode);
02408                                                 err = -ENOENT;
02409 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02410                                                 if (check_parent
02411                                                     (old_dir_p,
02412                                                      file_dentry_p)) {
02413 #endif
02414                                                         err =
02415                                                             dir_dentry_p->
02416                                                             d_inode->i_op->
02417                                                             unlink
02418                                                             (old_dir_p->
02419                                                              d_inode,
02420                                                              file_dentry_p);
02421 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02422                                                 } else {
02423                                                         rsbac_printk
02424                                                             (KERN_WARNING
02425                                                              "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n",
02426                                                              name,
02427                                                              RSBAC_MAJOR
02428                                                              (kdev),
02429                                                              RSBAC_MINOR
02430                                                              (kdev));
02431                                                 }
02432 #endif
02433                                                 /* unlock parent dir */
02434                                                 unlock_dir(old_dir_p);
02435                                                 /* free file dentry */
02436                                                 dput(file_dentry_p);
02437                                                 if (err) {
02438                                                         rsbac_printk
02439                                                             (KERN_WARNING
02440                                                              "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n",
02441                                                              name,
02442                                                              RSBAC_MAJOR
02443                                                              (kdev),
02444                                                              RSBAC_MINOR
02445                                                              (kdev), err);
02446                                                 }
02447                                                 /* re-init dentry structure */
02448                                                 file_dentry_p =
02449                                                     rsbac_lookup_one_len
02450                                                     (name, dir_dentry_p,
02451                                                      strlen(name));
02452                                                 if (!file_dentry_p
02453                                                     ||
02454                                                     IS_ERR(file_dentry_p)) {
02455                                                         rsbac_pr_debug(write, "relookup of %s returned error %li\n",
02456                                                                        name,
02457                                                                        PTR_ERR(file_dentry_p));
02458                                                         rsbac_kfree(bname);
02459                                                         err =
02460                                                             -RSBAC_EWRITEFAILED;
02461                                                         goto out;
02462                                                 }
02463                                                 if (file_dentry_p->d_inode) {
02464                                                         rsbac_printk
02465                                                             (KERN_WARNING
02466                                                              "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n",
02467                                                              name,
02468                                                              file_dentry_p->
02469                                                              d_inode->
02470                                                              i_ino);
02471                                                         rsbac_kfree(bname);
02472                                                         err =
02473                                                             -RSBAC_EWRITEFAILED;
02474                                                         goto out_dput;
02475                                                 }
02476                                         }
02477                                 }
02478                         } else {
02479                                 rsbac_printk(KERN_WARNING "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n",
02480                                              bname, RSBAC_MAJOR(kdev),
02481                                              RSBAC_MINOR(kdev),
02482                                              PTR_ERR(new_file_dentry_p));
02483                         }
02484                         rsbac_kfree(bname);
02485                 }
02486         }
02487 #endif                          /* backup part */
02488 
02489         if (!file_dentry_p->d_inode) {
02490                 /* file not found or renamed away: try to create a new one */
02491                 if (!dir_dentry_p->d_inode->i_op
02492                     || !dir_dentry_p->d_inode->i_op->create) {
02493                         rsbac_printk(KERN_WARNING "%s\n",
02494                                      "rsbac_write_open(): File system supports no create!");
02495                         err = -RSBAC_EWRITEFAILED;
02496                         goto out_dput;
02497                 }
02498 
02499                 /* lock parent == rsbac-dir for create */
02500                 ldir_dentry_p = lock_parent(file_dentry_p);
02501                 if (IS_ERR(ldir_dentry_p)) {
02502                         rsbac_pr_debug(write, "lock_parent of %s returned "
02503                                        "error %li\n", name,
02504                                        PTR_ERR(ldir_dentry_p));
02505                         err = -RSBAC_EWRITEFAILED;
02506                         goto out_dput;
02507                 }
02508 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02509                 if (!check_parent(ldir_dentry_p, file_dentry_p)) {
02510                         rsbac_pr_debug(write, "check_parent of %s returned "
02511                                        "error\n", name);
02512                         unlock_dir(ldir_dentry_p);
02513                         err = -RSBAC_EWRITEFAILED;
02514                         goto out_dput;
02515                 }
02516 #endif
02517                 /* try to create file in rsbac dir */
02518                 /* rsbac_pr_debug(write, "calling create function\n"); */
02519                 DQUOT_INIT(ldir_dentry_p->d_inode);
02520 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02521                 err =
02522                     dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->
02523                                                         d_inode,
02524                                                         file_dentry_p,
02525                                                         RSBAC_ACI_FILE_MODE,
02526                                                         NULL);
02527 #else
02528                 err =
02529                     dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->
02530                                                         d_inode,
02531                                                         file_dentry_p,
02532                                                         RSBAC_ACI_FILE_MODE);
02533 #endif
02534                 unlock_dir(ldir_dentry_p);
02535 
02536                 if (err) {
02537                         goto out_dput;
02538                 }
02539                 /* create was successful */
02540         }
02541 
02542         if (!(S_ISREG(file_dentry_p->d_inode->i_mode))) {       /* this is not a file! -> error! */
02543                 rsbac_printk(KERN_WARNING "rsbac_write_open(): expected file is not a file, mode is %o!\n",
02544                              file_dentry_p->d_inode->i_mode);
02545                 err = -RSBAC_EWRITEFAILED;
02546                 goto out_dput;
02547         }
02548         /* Now we fill the file structure and */
02549         /* if there is an open func for this file, use it, otherwise ignore */
02550         if ((tmperr = init_private_file(file_p, file_dentry_p, O_RDONLY))) {
02551                 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not init file!\n");
02552                 err = -RSBAC_EWRITEFAILED;
02553                 goto out_dput;
02554         }
02555 
02556         /* Without a write function we get into troubles -> error */
02557         if ((!file_p->f_op) || (!file_p->f_op->write)) {
02558                 rsbac_printk(KERN_WARNING "rsbac_write_open(): file write function missing!\n");
02559                 if (file_p->f_op && file_p->f_op->release) {
02560                         file_p->f_op->release(file_dentry_p->d_inode,
02561                                               file_p);
02562                 }
02563                 err = -RSBAC_EWRITEFAILED;
02564                 goto out_dput;
02565         }
02566 
02567         /* trying to get write access                                   */
02568         /* rsbac_pr_debug(write, "trying to get write access!\n"); */
02569         if (get_write_access(file_dentry_p->d_inode)) {
02570                 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not get write access!\n");
02571                 if (file_p->f_op->release)
02572                         file_p->f_op->release(file_dentry_p->d_inode,
02573                                               file_p);
02574                 err = -RSBAC_EWRITEFAILED;
02575                 goto out_dput;
02576         }
02577         /* truncating */
02578         if (rsbac_clear_file(file_dentry_p)) {
02579                 if (file_p->f_op->release)
02580                         file_p->f_op->release(file_dentry_p->d_inode,
02581                                               file_p);
02582                 put_write_access(file_dentry_p->d_inode);
02583                 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not truncate!\n");
02584                 err = -RSBAC_EWRITEFAILED;
02585                 goto out_dput;
02586         }
02587         /* set synchronous mode for this file */
02588         file_p->f_flags |= O_SYNC;
02589 
02590       out:
02591         return err;
02592 
02593       out_dput:
02594         dput(file_dentry_p);
02595         goto out;
02596 }
02597 
02598 
02599 #if defined(CONFIG_RSBAC_REG)
02600 EXPORT_SYMBOL(rsbac_read_close);
02601 #endif
02602 void rsbac_read_close(struct file *file_p)
02603 {
02604         /* cleanup copied from __fput */
02605         struct dentry *dentry = file_p->f_dentry;
02606         struct inode *inode = dentry->d_inode;
02607 
02608         if (file_p->f_op && file_p->f_op->release)
02609                 file_p->f_op->release(inode, file_p);
02610         file_p->f_dentry = NULL;
02611         if (file_p->f_mode & FMODE_WRITE)
02612                 put_write_access(inode);
02613         dput(dentry);
02614 }
02615 
02616 #if defined(CONFIG_RSBAC_REG)
02617 EXPORT_SYMBOL(rsbac_write_close);
02618 #endif
02619 void rsbac_write_close(struct file *file_p)
02620 {
02621         rsbac_read_close(file_p);
02622 }
02623 
02624 #if defined(CONFIG_RSBAC_REG)
02625 EXPORT_SYMBOL(rsbac_get_full_path);
02626 #endif
02627 int rsbac_get_full_path(struct dentry *dentry_p, char path[], int maxlen)
02628 {
02629         int len = 0;
02630         char *i_path;
02631         int tmplen = 0;
02632 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02633         union rsbac_target_id_t i_tid;
02634         union rsbac_attribute_value_t i_attr_val;
02635 #endif
02636 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02637         u_long dflags;
02638 #endif
02639 
02640         if (!dentry_p || !path)
02641                 return -RSBAC_EINVALIDPOINTER;
02642         if (maxlen <= 0)
02643                 return -RSBAC_EINVALIDVALUE;
02644         i_path = rsbac_kmalloc(maxlen + RSBAC_MAXNAMELEN);
02645         if (!i_path)
02646                 return -RSBAC_ENOMEM;
02647 
02648         path[0] = 0;
02649 
02650         while (dentry_p && (len < maxlen) && dentry_p->d_name.len
02651                && dentry_p->d_name.name) {
02652 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02653                 if (dentry_p->d_inode
02654                     && dentry_p->d_parent
02655                     && dentry_p->d_parent->d_inode
02656                     && (i_tid.user = dentry_p->d_inode->i_uid)
02657                     && (dentry_p->d_inode->i_uid !=
02658                         dentry_p->d_parent->d_inode->i_uid)
02659                     && !rsbac_get_attr(SW_GEN, T_USER, i_tid, A_pseudo,
02660                                        &i_attr_val, FALSE)
02661                     && i_attr_val.pseudo) {     /* Max len of 32 Bit value in decimal print is 11 */
02662                         if ((maxlen - len) < 12) {
02663                                 rsbac_kfree(i_path);
02664                                 return (len);
02665                         }
02666                         tmplen =
02667                             snprintf(i_path, 11, "%u", i_attr_val.pseudo);
02668                 } else
02669 #endif
02670                 {
02671                         tmplen = dentry_p->d_name.len;
02672                         if ((tmplen + 1) > (maxlen - len)) {
02673                                 rsbac_kfree(i_path);
02674                                 return (len);
02675                         }
02676                         strncpy(i_path, dentry_p->d_name.name, tmplen);
02677                 }
02678                 /* Skip double / on multi mounts.
02679                  * Last / is appended at the end of the function */
02680                 if((i_path[tmplen-1] != '/') && (tmplen != 1)) {
02681                         if(len && (i_path[tmplen-1] != '/')) {
02682                                 i_path[tmplen] = '/';
02683                                 tmplen++;
02684                         }
02685                         i_path[tmplen]=0;
02686                         strcat(i_path, path);
02687                         strcpy(path, i_path);
02688                         len += tmplen;
02689                 }
02690                 if (dentry_p->d_parent && (dentry_p->d_parent != dentry_p)
02691                     && (dentry_p->d_sb->s_root != dentry_p)
02692                     )
02693                         dentry_p = dentry_p->d_parent;
02694                 else {
02695                         struct rsbac_device_list_item_t *device_p;
02696                         u_int hash;
02697 
02698                         hash = device_hash(dentry_p->d_sb->s_dev);
02699 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02700                         rcu_read_lock();
02701 #else
02702                         rsbac_read_lock(&device_list_locks[hash], &dflags);
02703 #endif
02704                         device_p = lookup_device(dentry_p->d_sb->s_dev, hash);
02705                         if (device_p && device_p->d_covers) {
02706                                 dentry_p = device_p->d_covers;
02707 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02708                                 rcu_read_unlock();
02709 #else
02710                                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02711 #endif
02712                         } else {
02713 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02714                                 rcu_read_unlock();
02715 #else
02716                                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02717 #endif
02718                                 break;
02719                         }
02720                 }
02721         }
02722         
02723         i_path[tmplen]=0;
02724         strcat(i_path, path);
02725         strcpy(path, i_path);
02726         
02727         rsbac_kfree(i_path);
02728         return (len);
02729 }
02730 
02731 #if defined(CONFIG_RSBAC_REG)
02732 EXPORT_SYMBOL(rsbac_get_full_path_length);
02733 #endif
02734 int rsbac_get_full_path_length(struct dentry *dentry_p)
02735 {
02736         int len = 0;
02737         int tmplen = 0;
02738 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02739         u_long dflags;
02740 #endif
02741 
02742         if (!dentry_p)
02743                 return -RSBAC_EINVALIDPOINTER;
02744 
02745         while (dentry_p && dentry_p->d_name.len && dentry_p->d_name.name) {
02746                 tmplen = dentry_p->d_name.len;
02747                 if (len && (dentry_p->d_name.name[tmplen - 1] != '/')) {
02748                         tmplen++;
02749                 }
02750                 len += tmplen;
02751                 if (dentry_p->d_parent && (dentry_p->d_parent != dentry_p)
02752                     && (dentry_p->d_sb->s_root != dentry_p)
02753                     )
02754                         dentry_p = dentry_p->d_parent;
02755                 else {
02756                         struct rsbac_device_list_item_t *device_p;
02757                         u_int hash;
02758 
02759                         hash = device_hash(dentry_p->d_sb->s_dev);
02760 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02761                         rcu_read_lock();
02762 #else
02763                         rsbac_read_lock(&device_list_locks[hash], &dflags);
02764 #endif
02765                         device_p = lookup_device(dentry_p->d_sb->s_dev, hash);
02766                         if (device_p && device_p->d_covers) {
02767                                 dentry_p = device_p->d_covers;
02768 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02769                                 rcu_read_unlock();
02770 #else
02771                                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02772 #endif
02773                         } else {
02774 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02775                                 rcu_read_unlock();
02776 #else
02777                                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
02778 #endif
02779                                 break;
02780                         }
02781                 }
02782         }
02783         return (len);
02784 }
02785 
02786 /************************************************* */
02787 /*               proc fs functions                 */
02788 /************************************************* */
02789 
02790 #if defined(CONFIG_RSBAC_PROC)
02791 static int
02792 devices_proc_info(char *buffer, char **start, off_t offset, int length)
02793 {
02794         int len = 0;
02795         off_t pos = 0;
02796         off_t begin = 0;
02797         struct rsbac_device_list_item_t *device_p;
02798 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02799         u_long dflags;
02800 #endif
02801         u_int count = 0;
02802         u_int i;
02803 
02804         if (!rsbac_initialized)
02805                 return (-ENOSYS);
02806 
02807         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++)
02808                 count += rcu_dereference(device_head_p[i])->count;
02809         len += sprintf(buffer, "%u RSBAC Devices\n---------------\nHash size is %u\n",
02810                        count, RSBAC_NR_DEVICE_LISTS);
02811 
02812         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
02813 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02814                 rcu_read_lock();
02815 #else
02816                 rsbac_read_lock(&device_list_locks[i], &dflags);
02817 #endif
02818                 for (device_p = rcu_dereference(device_head_p[i])->head; device_p;
02819                      device_p = device_p->next) {
02820                         if (device_p->sb_p && device_p->sb_p->s_type
02821                             && device_p->sb_p->s_type->name)
02822                                 len +=
02823                                     sprintf(buffer + len,
02824                                             "%02u:%02u with mount_count = %u, d_covers = %p, fs_type = %s\n",
02825                                             RSBAC_MAJOR(device_p->id),
02826                                             RSBAC_MINOR(device_p->id),
02827                                             device_p->mount_count,
02828                                             device_p->d_covers,
02829                                             device_p->sb_p->s_type->name);
02830                         else
02831                                 len +=
02832                                     sprintf(buffer + len,
02833                                             "%02u:%02u with mount_count = %u, d_covers = %p\n",
02834                                             RSBAC_MAJOR(device_p->id),
02835                                             RSBAC_MINOR(device_p->id),
02836                                             device_p->mount_count,
02837                                             device_p->d_covers);
02838                         pos = begin + len;
02839                         if (pos < offset) {
02840                                 len = 0;
02841                                 begin = pos;
02842                         }
02843                         if (pos > offset + length)
02844                                 break;
02845                 }
02846 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02847                 rcu_read_unlock();
02848 #else
02849                 rsbac_read_unlock(&device_list_locks[i], &dflags);
02850 #endif
02851                 if (pos > offset + length)
02852                         break;
02853         }
02854 
02855         *start = buffer + (offset - begin);
02856         len -= (offset - begin);
02857 
02858         if (len > length)
02859                 len = length;
02860         return len;
02861 }
02862 
02863 static int
02864 stats_proc_info(char *buffer, char **start, off_t offset, int length)
02865 {
02866         u_int len = 0;
02867         off_t pos = 0;
02868         off_t begin = 0;
02869         struct rsbac_device_list_item_t *device_p;
02870         u_long fd_count, fd_dev_count, fd_sum = 0;
02871         u_long sum = 0;
02872         u_long total_sum = 0;
02873         long tmp_count;
02874 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02875         u_long dflags;
02876 #endif
02877         int i;
02878 
02879         union rsbac_target_id_t rsbac_target_id;
02880         union rsbac_attribute_value_t rsbac_attribute_value;
02881 
02882         if (!rsbac_initialized)
02883                 return (-ENOSYS);
02884 
02885         rsbac_pr_debug(aef, "calling ADF\n");
02886         rsbac_target_id.scd = ST_rsbac;
02887         rsbac_attribute_value.dummy = 0;
02888         if (!rsbac_adf_request(R_GET_STATUS_DATA,
02889                                current->pid,
02890                                T_SCD,
02891                                rsbac_target_id,
02892                                A_none, rsbac_attribute_value)) {
02893                 return -EPERM;
02894         }
02895 #ifdef CONFIG_RSBAC_MAINT
02896         len =
02897             sprintf(buffer,
02898                     "RSBAC Status\n------------\nRSBAC Version: %s (Maintenance Mode)\nSupported Modules:%s\n",
02899                     RSBAC_VERSION, compiled_modules);
02900 #else
02901         len =
02902             sprintf(buffer,
02903                     "RSBAC Status\n------------\nRSBAC Version: %s\nCompiled Modules:%s\n",
02904                     RSBAC_VERSION, compiled_modules);
02905 #endif
02906         pos = begin + len;
02907         if (pos < offset) {
02908                 len = 0;
02909                 begin = pos;
02910         }
02911         if (pos > offset + length)
02912                 goto out;
02913 
02914 #ifdef CONFIG_RSBAC_SWITCH
02915         {
02916                 char *active_modules;
02917 
02918                 active_modules = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02919                 if (active_modules) {
02920                         active_modules[0] = (char) 0;
02921 #ifdef CONFIG_RSBAC_REG
02922                         strcat(active_modules, " REG");
02923 #endif
02924 #ifdef CONFIG_RSBAC_MAC
02925 #ifdef CONFIG_RSBAC_SWITCH_MAC
02926                         if (rsbac_switch_mac)
02927 #endif
02928 #ifdef CONFIG_RSBAC_MAC_LIGHT
02929                                 strcat(active_modules, " MAC-L");
02930 #else
02931                                 strcat(active_modules, " MAC");
02932 #endif
02933 #endif
02934 #ifdef CONFIG_RSBAC_PM
02935 #ifdef CONFIG_RSBAC_SWITCH_PM
02936                         if (rsbac_switch_pm)
02937 #endif
02938                                 strcat(active_modules, " PM");
02939 #endif
02940 #ifdef CONFIG_RSBAC_DAZ
02941 #ifdef CONFIG_RSBAC_SWITCH_DAZ
02942                         if (rsbac_switch_daz)
02943 #endif
02944                                 strcat(active_modules, " DAZ");
02945 #endif
02946 #ifdef CONFIG_RSBAC_FF
02947 #ifdef CONFIG_RSBAC_SWITCH_FF
02948                         if (rsbac_switch_ff)
02949 #endif
02950                                 strcat(active_modules, " FF");
02951 #endif
02952 #ifdef CONFIG_RSBAC_RC
02953 #ifdef CONFIG_RSBAC_SWITCH_RC
02954                         if (rsbac_switch_rc)
02955 #endif
02956                                 strcat(active_modules, " RC");
02957 #endif
02958 #ifdef CONFIG_RSBAC_AUTH
02959 #ifdef CONFIG_RSBAC_SWITCH_AUTH
02960                         if (rsbac_switch_auth)
02961 #endif
02962                                 strcat(active_modules, " AUTH");
02963 #endif
02964 #ifdef CONFIG_RSBAC_ACL
02965 #ifdef CONFIG_RSBAC_SWITCH_ACL
02966                         if (rsbac_switch_acl)
02967 #endif
02968                                 strcat(active_modules, " ACL");
02969 #endif
02970 #ifdef CONFIG_RSBAC_CAP
02971 #ifdef CONFIG_RSBAC_SWITCH_CAP
02972                         if (rsbac_switch_cap)
02973 #endif
02974                                 strcat(active_modules, " CAP");
02975 #endif
02976 #ifdef CONFIG_RSBAC_JAIL
02977 #ifdef CONFIG_RSBAC_SWITCH_JAIL
02978                         if (rsbac_switch_jail)
02979 #endif
02980                                 strcat(active_modules, " JAIL");
02981 #endif
02982 #ifdef CONFIG_RSBAC_RES
02983 #ifdef CONFIG_RSBAC_SWITCH_RES
02984                         if (rsbac_switch_res)
02985 #endif
02986                                 strcat(active_modules, " RES");
02987 #endif
02988 #ifdef CONFIG_RSBAC_PAX
02989 #ifdef CONFIG_RSBAC_SWITCH_PAX
02990                         if (rsbac_switch_pax)
02991 #endif
02992                                 strcat(active_modules, " PAX");
02993 #endif
02994                         len +=
02995                             sprintf(buffer + len, "Active Modules:  %s\n",
02996                                     active_modules);
02997                         rsbac_kfree(active_modules);
02998                         pos = begin + len;
02999                         if (pos < offset) {
03000                                 len = 0;
03001                                 begin = pos;
03002                         }
03003                         if (pos > offset + length)
03004                                 goto out;
03005                 }
03006         }
03007 #else
03008         len +=
03009             sprintf(buffer + len, "All modules active (no switching)\n");
03010         pos = begin + len;
03011         if (pos < offset) {
03012                 len = 0;
03013                 begin = pos;
03014         }
03015         if (pos > offset + length)
03016                 goto out;
03017 #endif
03018 
03019 #ifdef CONFIG_RSBAC_SOFTMODE
03020         if (rsbac_softmode) {
03021 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03022                 len +=
03023                     sprintf(buffer + len, "Global softmode is enabled\n");
03024 #else
03025                 len += sprintf(buffer + len, "Softmode is enabled\n");
03026 #endif
03027                 pos = begin + len;
03028                 if (pos < offset) {
03029                         len = 0;
03030                         begin = pos;
03031                 }
03032                 if (pos > offset + length)
03033                         goto out;
03034         } else {
03035 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03036                 len +=
03037                     sprintf(buffer + len, "Global softmode is disabled\n");
03038 #else
03039                 len += sprintf(buffer + len, "Softmode is disabled\n");
03040 #endif
03041                 pos = begin + len;
03042                 if (pos < offset) {
03043                         len = 0;
03044                         begin = pos;
03045                 }
03046                 if (pos > offset + length)
03047                         goto out;
03048         }
03049 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03050         {
03051                 char *tmp;
03052 
03053                 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03054                 if (tmp) {
03055                         len +=
03056                             sprintf(buffer + len,
03057                                     "Individual softmode enabled for:");
03058                         for (i = 0; i <= RSBAC_MAX_MOD; i++)
03059                                 if (rsbac_ind_softmode[i])
03060                                         len +=
03061                                             sprintf(buffer + len, " %s",
03062                                                     get_switch_target_name
03063                                                     (tmp, i));
03064                         rsbac_kfree(tmp);
03065                         len += sprintf(buffer + len, "\n");
03066                         pos = begin + len;
03067                         if (pos < offset) {
03068                                 len = 0;
03069                                 begin = pos;
03070                         }
03071                         if (pos > offset + length)
03072                                 goto out;
03073                 }
03074         }
03075 #endif
03076 #endif
03077 
03078         len += sprintf(buffer + len, "\n");
03079 
03080         tmp_count = 0;
03081         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
03082 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03083                 rcu_read_lock();
03084 #else
03085                 rsbac_read_lock(&device_list_locks[i], &dflags);
03086 #endif
03087                 device_p = rcu_dereference(device_head_p[i])->head;
03088                 if (device_p)
03089                         len += sprintf(buffer + len, "FD items:\n");
03090                 while (device_p) {
03091                         fd_dev_count = 0;
03092                         fd_count = rsbac_list_count(device_p->handles.gen);
03093                         if (fd_count >= 0) {
03094                                 len += sprintf(buffer + len, "Dev %02u:%02u: %lu GEN",
03095                                                 RSBAC_MAJOR(device_p->id),
03096                                                 RSBAC_MINOR(device_p->id),
03097                                                 fd_count);
03098                                 fd_dev_count += fd_count;
03099                         }
03100 
03101 #if defined(CONFIG_RSBAC_MAC)
03102                         fd_count = rsbac_list_count(device_p->handles.mac);
03103                         if (fd_count >= 0) {
03104                                 len += sprintf(buffer + len, ", %lu MAC", fd_count);
03105                                 fd_dev_count += fd_count;
03106                         }
03107 #endif
03108 
03109 #if defined(CONFIG_RSBAC_PM)
03110                         fd_count = rsbac_list_count(device_p->handles.pm);
03111                         if (fd_count >= 0) {
03112                                 len += sprintf(buffer + len, ", %lu PM", fd_count);
03113                                 fd_dev_count += fd_count;
03114                         }
03115 #endif
03116 
03117 #if defined(CONFIG_RSBAC_DAZ)
03118                         fd_count = rsbac_list_count(device_p->handles.daz);
03119                         if (fd_count >= 0) {
03120                                 len += sprintf(buffer + len, ", %lu DAZ", fd_count);
03121                                 fd_dev_count += fd_count;
03122                         }
03123 #if defined(CONFIG_RSBAC_DAZ_CACHE)
03124                         fd_count = rsbac_list_count(device_p->handles.dazs);
03125                         if (fd_count >= 0) {
03126                                 len += sprintf(buffer + len, ", %lu DAZ SCANNED", fd_count);
03127                                 fd_dev_count += fd_count;
03128                         }
03129 #endif
03130 #endif
03131 
03132 #if defined(CONFIG_RSBAC_FF)
03133                         fd_count = rsbac_list_count(device_p->handles.ff);
03134                         if (fd_count >= 0) {
03135                                 len += sprintf(buffer + len, ", %lu FF", fd_count);
03136                                 fd_dev_count += fd_count;
03137                         }
03138 #endif
03139 
03140 #if defined(CONFIG_RSBAC_RC)
03141                         fd_count = rsbac_list_count(device_p->handles.rc);
03142                         if (fd_count >= 0) {
03143                                 len += sprintf(buffer + len, ", %lu RC", fd_count);
03144                                 fd_dev_count += fd_count;
03145                         }
03146 #endif
03147 
03148 #if defined(CONFIG_RSBAC_AUTH)
03149                         fd_count = rsbac_list_count(device_p->handles.auth);
03150                         if (fd_count >= 0) {
03151                                 len += sprintf(buffer + len, ", %lu AUTH", fd_count);
03152                                 fd_dev_count += fd_count;
03153                         }
03154 #endif
03155 
03156 #if defined(CONFIG_RSBAC_CAP)
03157                         fd_count = rsbac_list_count(device_p->handles.cap);
03158                         if (fd_count >= 0) {
03159                                 len += sprintf(buffer + len, ", %lu CAP", fd_count);
03160                                 fd_dev_count += fd_count;
03161                         }
03162 #endif
03163 
03164 #if defined(CONFIG_RSBAC_RES)
03165                         fd_count = rsbac_list_count(device_p->handles.res);
03166                         if (fd_count >= 0) {
03167                                 len += sprintf(buffer + len, ", %lu RES", fd_count);
03168                                 fd_dev_count += fd_count;
03169                         }
03170 #endif
03171 
03172 #if defined(CONFIG_RSBAC_PAX)
03173                         fd_count = rsbac_list_count(device_p->handles.pax);
03174                         if (fd_count >= 0) {
03175                                 len += sprintf(buffer + len, ", %lu PAX", fd_count);
03176                                 fd_dev_count += fd_count;
03177                         }
03178 #endif
03179 
03180                         len += sprintf(buffer + len, ", %lu total\n",
03181                                        fd_dev_count);
03182                         pos = begin + len;
03183                         if (pos < offset) {
03184                                 len = 0;
03185                                 begin = pos;
03186                         }
03187                         if (pos > offset + length) {
03188                                 /* free access to device_list_head */
03189 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03190                                 rcu_read_unlock();
03191 #else
03192                                 rsbac_read_unlock(&device_list_locks[i], &dflags);
03193 #endif
03194                                 goto out;
03195                         }
03196                         fd_sum += fd_dev_count;
03197                         device_p = device_p->next;
03198                 }
03199                 tmp_count += rcu_dereference(device_head_p[i])->count;
03200 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03201                 rcu_read_unlock();
03202 #else
03203                 rsbac_read_unlock(&device_list_locks[i], &dflags);
03204 #endif
03205         }
03206         len +=
03207             sprintf(buffer + len,
03208                     "Sum of %lu Devices with %lu fd-items\n\n",
03209                     tmp_count, fd_sum);
03210         total_sum += fd_sum;
03211         pos = begin + len;
03212         if (pos < offset) {
03213                 len = 0;
03214                 begin = pos;
03215         }
03216         if (pos > offset + length)
03217                 goto out;
03218 
03219         /* dev lists */
03220         sum = 0;
03221         tmp_count = rsbac_list_count(dev_handles.gen);
03222         len += sprintf(buffer + len, "DEV: %lu GEN", tmp_count);
03223         sum += tmp_count;
03224 #if defined(CONFIG_RSBAC_MAC)
03225         tmp_count = rsbac_list_count(dev_handles.mac);
03226         len += sprintf(buffer + len, ", %lu MAC", tmp_count);
03227         sum += tmp_count;
03228 #endif
03229 #if defined(CONFIG_RSBAC_PM)
03230         tmp_count = rsbac_list_count(dev_handles.pm);
03231         len += sprintf(buffer + len, ", %lu PM", tmp_count);
03232         sum += tmp_count;
03233 #endif
03234 #if defined(CONFIG_RSBAC_RC)
03235         tmp_count = rsbac_list_count(dev_major_handles.rc);
03236         len += sprintf(buffer + len, ", %lu major RC", tmp_count);
03237         sum += tmp_count;
03238         tmp_count = rsbac_list_count(dev_handles.rc);
03239         len += sprintf(buffer + len, ", %lu RC", tmp_count);
03240         sum += tmp_count;
03241 #endif
03242         len += sprintf(buffer + len, ", %lu total\n", sum);
03243         total_sum += sum;
03244         pos = begin + len;
03245         if (pos < offset) {
03246                 len = 0;
03247                 begin = pos;
03248         }
03249         if (pos > offset + length)
03250                 goto out;
03251 
03252         /* ipc lists */
03253         sum = 0;
03254         len += sprintf(buffer + len, "IPC: 0 GEN");
03255 #if defined(CONFIG_RSBAC_MAC)
03256         tmp_count = rsbac_list_count(ipc_handles.mac);
03257         len += sprintf(buffer + len, ", %lu MAC", tmp_count);
03258         sum += tmp_count;
03259 #endif
03260 #if defined(CONFIG_RSBAC_PM)
03261         tmp_count = rsbac_list_count(ipc_handles.pm);
03262         len += sprintf(buffer + len, ", %lu PM", tmp_count);
03263         sum += tmp_count;
03264 #endif
03265 #if defined(CONFIG_RSBAC_RC)
03266         tmp_count = rsbac_list_count(ipc_handles.rc);
03267         len += sprintf(buffer + len, ", %lu RC", tmp_count);
03268         sum += tmp_count;
03269 #endif
03270 #if defined(CONFIG_RSBAC_JAIL)
03271         tmp_count = rsbac_list_count(ipc_handles.jail);
03272         len += sprintf(buffer + len, ", %lu JAIL", tmp_count);
03273         sum += tmp_count;
03274 #endif
03275         len += sprintf(buffer + len, ", %lu total\n", sum);
03276         total_sum += sum;
03277         pos = begin + len;
03278         if (pos < offset) {
03279                 len = 0;
03280                 begin = pos;
03281         }
03282         if (pos > offset + length)
03283                 goto out;
03284 
03285         /* user lists */
03286         sum = 0;
03287         tmp_count = rsbac_list_count(user_handles.gen);
03288         len += sprintf(buffer + len, "USER: %lu GEN", tmp_count);
03289         sum += tmp_count;
03290 #if defined(CONFIG_RSBAC_MAC)
03291         tmp_count = rsbac_list_count(user_handles.mac);
03292         len += sprintf(buffer + len, ", %lu MAC", tmp_count);
03293         sum += tmp_count;
03294 #endif
03295 #if defined(CONFIG_RSBAC_PM)
03296         tmp_count = rsbac_list_count(user_handles.pm);
03297         len += sprintf(buffer + len, ", %lu PM", tmp_count);
03298         sum += tmp_count;
03299 #endif
03300 #if defined(CONFIG_RSBAC_DAZ)
03301         tmp_count = rsbac_list_count(user_handles.daz);
03302         len += sprintf(buffer + len, ", %lu DAZ", tmp_count);
03303         sum += tmp_count;
03304 #endif
03305 #if defined(CONFIG_RSBAC_FF)
03306         tmp_count = rsbac_list_count(user_handles.ff);
03307         len += sprintf(buffer + len, ", %lu FF", tmp_count);
03308         sum += tmp_count;
03309 #endif
03310 #if defined(CONFIG_RSBAC_RC)
03311         tmp_count = rsbac_list_count(user_handles.rc);
03312         len += sprintf(buffer + len, ", %lu RC", tmp_count);
03313         sum += tmp_count;
03314 #endif
03315 #if defined(CONFIG_RSBAC_AUTH)
03316         tmp_count = rsbac_list_count(user_handles.auth);
03317         len += sprintf(buffer + len, ", %lu AUTH", tmp_count);
03318         sum += tmp_count;
03319 #endif
03320 #if defined(CONFIG_RSBAC_CAP)
03321         tmp_count = rsbac_list_count(user_handles.cap);
03322         len += sprintf(buffer + len, ", %lu CAP", tmp_count);
03323         sum += tmp_count;
03324 #endif
03325 #if defined(CONFIG_RSBAC_JAIL)
03326         tmp_count = rsbac_list_count(user_handles.jail);
03327         len += sprintf(buffer + len, ", %lu JAIL", tmp_count);
03328         sum += tmp_count;
03329 #endif
03330 #if defined(CONFIG_RSBAC_RES)
03331         tmp_count = rsbac_list_count(user_handles.res);
03332         len += sprintf(buffer + len, ", %lu RES", tmp_count);
03333         sum += tmp_count;
03334 #endif
03335 #if defined(CONFIG_RSBAC_PAX)
03336         tmp_count = rsbac_list_count(user_handles.pax);
03337         len += sprintf(buffer + len, ", %lu PAX", tmp_count);
03338         sum += tmp_count;
03339 #endif
03340         len += sprintf(buffer + len, ", %lu total\n", sum);
03341         total_sum += sum;
03342         pos = begin + len;
03343         if (pos < offset) {
03344                 len = 0;
03345                 begin = pos;
03346         }
03347         if (pos > offset + length)
03348                 goto out;
03349 
03350         /* process lists */
03351         sum = 0;
03352         tmp_count = rsbac_list_count(process_handles.gen);
03353         len += sprintf(buffer + len, "PROCESS: %lu GEN", tmp_count);
03354         sum += tmp_count;
03355 #if defined(CONFIG_RSBAC_MAC)
03356         tmp_count = rsbac_list_count(process_handles.mac);
03357         len += sprintf(buffer + len, ", %lu MAC", tmp_count);
03358         sum += tmp_count;
03359 #endif
03360 #if defined(CONFIG_RSBAC_PM)
03361         tmp_count = rsbac_list_count(process_handles.pm);
03362         len += sprintf(buffer + len, ", %lu PM", tmp_count);
03363         sum += tmp_count;
03364 #endif
03365 #if defined(CONFIG_RSBAC_DAZ)
03366         tmp_count = rsbac_list_count(process_handles.daz);
03367         len += sprintf(buffer + len, ", %lu DAZ", tmp_count);
03368         sum += tmp_count;
03369 #endif
03370 #if defined(CONFIG_RSBAC_RC)
03371         tmp_count = rsbac_list_count(process_handles.rc);
03372         len += sprintf(buffer + len, ", %lu RC", tmp_count);
03373         sum += tmp_count;
03374 #endif
03375 #if defined(CONFIG_RSBAC_AUTH)
03376         tmp_count = rsbac_list_count(process_handles.auth);
03377         len += sprintf(buffer + len, ", %lu AUTH", tmp_count);
03378         sum += tmp_count;
03379 #endif
03380 #if defined(CONFIG_RSBAC_CAP)
03381         tmp_count = rsbac_list_count(process_handles.cap);
03382         len += sprintf(buffer + len, ", %lu CAP", tmp_count);
03383         sum += tmp_count;
03384 #endif
03385 #if defined(CONFIG_RSBAC_JAIL)
03386         tmp_count = rsbac_list_count(process_handles.jail);
03387         len += sprintf(buffer + len, ", %lu JAIL", tmp_count);
03388         sum += tmp_count;
03389 #endif
03390         len += sprintf(buffer + len, ", %lu total\n", sum);
03391         total_sum += sum;
03392         pos = begin + len;
03393         if (pos < offset) {
03394                 len = 0;
03395                 begin = pos;
03396         }
03397         if (pos > offset + length)
03398                 goto out;
03399 
03400 #if defined(CONFIG_RSBAC_UM)
03401         /* group lists */
03402         sum = 0;
03403         len += sprintf(buffer + len, "GROUP:");
03404 #if defined(CONFIG_RSBAC_RC_UM_PROT)
03405         tmp_count = rsbac_list_count(group_handles.rc);
03406         len += sprintf(buffer + len, " %lu RC,", tmp_count);
03407         sum += tmp_count;
03408 #endif
03409         len += sprintf(buffer + len, " %lu total\n", sum);
03410         total_sum += sum;
03411         pos = begin + len;
03412         if (pos < offset) {
03413                 len = 0;
03414                 begin = pos;
03415         }
03416         if (pos > offset + length)
03417                 goto out;
03418 #endif
03419 
03420 #if defined(CONFIG_RSBAC_NET_DEV)
03421         /* netdev lists */
03422         sum = 0;
03423 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
03424         tmp_count = rsbac_list_count(netdev_handles.gen);
03425         len += sprintf(buffer + len, "NETDEV: %lu GEN, ", tmp_count);
03426         sum += tmp_count;
03427 #else
03428         len += sprintf(buffer + len, "NETDEV: ");
03429 #endif
03430 #if defined(CONFIG_RSBAC_RC)
03431         tmp_count = rsbac_list_count(netdev_handles.rc);
03432         len += sprintf(buffer + len, "%lu RC, ", tmp_count);
03433         sum += tmp_count;
03434 #endif
03435         len += sprintf(buffer + len, "%lu total\n", sum);
03436         total_sum += sum;
03437         pos = begin + len;
03438         if (pos < offset) {
03439                 len = 0;
03440                 begin = pos;
03441         }
03442         if (pos > offset + length)
03443                 goto out;
03444 
03445 #endif
03446 
03447 #if defined(CONFIG_RSBAC_NET_OBJ)
03448         /* net template list */
03449         tmp_count = rsbac_list_count(net_temp_handle);
03450         len += sprintf(buffer + len, "%lu Network Templates\n", tmp_count);
03451 
03452         /* nettemp lists */
03453         sum = 0;
03454 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
03455         tmp_count = rsbac_list_count(nettemp_handles.gen);
03456         len += sprintf(buffer + len, "NETTEMP: %lu GEN, ", tmp_count);
03457         sum += tmp_count;
03458 #else
03459         len += sprintf(buffer + len, "NETTEMP: ");
03460 #endif
03461 #if defined(CONFIG_RSBAC_MAC)
03462         tmp_count = rsbac_list_count(nettemp_handles.mac);
03463         len += sprintf(buffer + len, "%lu MAC, ", tmp_count);
03464         sum += tmp_count;
03465 #endif
03466 #if defined(CONFIG_RSBAC_PM)
03467         tmp_count = rsbac_list_count(nettemp_handles.pm);
03468         len += sprintf(buffer + len, "%lu PM, ", tmp_count);
03469         sum += tmp_count;
03470 #endif
03471 #if defined(CONFIG_RSBAC_RC)
03472         tmp_count = rsbac_list_count(nettemp_handles.rc);
03473         len += sprintf(buffer + len, "%lu RC, ", tmp_count);
03474         sum += tmp_count;
03475 #endif
03476         len += sprintf(buffer + len, "%lu total\n", sum);
03477         total_sum += sum;
03478         pos = begin + len;
03479         if (pos < offset) {
03480                 len = 0;
03481                 begin = pos;
03482         }
03483         if (pos > offset + length)
03484                 goto out;
03485 
03486         /* local netobj lists */
03487         sum = 0;
03488         len += sprintf(buffer + len, "LNETOBJ: ");
03489 #if defined(CONFIG_RSBAC_MAC)
03490         tmp_count = rsbac_list_count(lnetobj_handles.mac);
03491         len += sprintf(buffer + len, "%lu MAC, ", tmp_count);
03492         sum += tmp_count;
03493 #endif
03494 #if defined(CONFIG_RSBAC_PM)
03495         tmp_count = rsbac_list_count(lnetobj_handles.pm);
03496         len += sprintf(buffer + len, "%lu PM, ", tmp_count);
03497         sum += tmp_count;
03498 #endif
03499 #if defined(CONFIG_RSBAC_RC)
03500         tmp_count = rsbac_list_count(lnetobj_handles.rc);
03501         len += sprintf(buffer + len, "%lu RC, ", tmp_count);
03502         sum += tmp_count;
03503 #endif
03504         len += sprintf(buffer + len, "%lu total\n", sum);
03505         total_sum += sum;
03506         pos = begin + len;
03507         if (pos < offset) {
03508                 len = 0;
03509                 begin = pos;
03510         }
03511         if (pos > offset + length)
03512                 goto out;
03513 
03514         /* remote netobj lists */
03515         sum = 0;
03516         len += sprintf(buffer + len, "RNETOBJ: ");
03517 #if defined(CONFIG_RSBAC_MAC)
03518         tmp_count = rsbac_list_count(rnetobj_handles.mac);
03519         len += sprintf(buffer + len, "%lu MAC, ", tmp_count);
03520         sum += tmp_count;
03521 #endif
03522 #if defined(CONFIG_RSBAC_PM)
03523         tmp_count = rsbac_list_count(rnetobj_handles.pm);
03524         len += sprintf(buffer + len, "%lu PM, ", tmp_count);
03525         sum += tmp_count;
03526 #endif
03527 #if defined(CONFIG_RSBAC_RC)
03528         tmp_count = rsbac_list_count(rnetobj_handles.rc);
03529         len += sprintf(buffer + len, "%lu RC, ", tmp_count);
03530         sum += tmp_count;
03531 #endif
03532         len += sprintf(buffer + len, "%lu total\n", sum);
03533         total_sum += sum;
03534         pos = begin + len;
03535         if (pos < offset) {
03536                 len = 0;
03537                 begin = pos;
03538         }
03539         if (pos > offset + length)
03540                 goto out;
03541 
03542 #endif                          /* NET_OBJ */
03543 
03544         len += sprintf(buffer + len,
03545                        "Total sum of %lu registered rsbac-items\n",
03546                        total_sum);
03547         pos = begin + len;
03548         if (pos < offset) {
03549                 len = 0;
03550                 begin = pos;
03551         }
03552         if (pos > offset + length)
03553                 goto out;
03554 
03555         len += sprintf(buffer + len,
03556                        "\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu\n",
03557                        rsbac_adf_request_count[T_FILE],
03558                        rsbac_adf_request_count[T_DIR],
03559                        rsbac_adf_request_count[T_FIFO],
03560                        rsbac_adf_request_count[T_SYMLINK],
03561                        rsbac_adf_request_count[T_DEV],
03562                        rsbac_adf_request_count[T_IPC],
03563                        rsbac_adf_request_count[T_SCD],
03564                        rsbac_adf_request_count[T_USER],
03565                        rsbac_adf_request_count[T_PROCESS],
03566                        rsbac_adf_request_count[T_NETDEV],
03567                        rsbac_adf_request_count[T_NETTEMP],
03568                        rsbac_adf_request_count[T_NETOBJ],
03569                        rsbac_adf_request_count[T_GROUP],
03570                        rsbac_adf_request_count[T_UNIXSOCK]);
03571         pos = begin + len;
03572         if (pos < offset) {
03573                 len = 0;
03574                 begin = pos;
03575         }
03576         if (pos > offset + length)
03577                 goto out;
03578 
03579         len += sprintf(buffer + len,
03580                        "adf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu\n",
03581                        rsbac_adf_set_attr_count[T_FILE],
03582                        rsbac_adf_set_attr_count[T_DIR],
03583                        rsbac_adf_set_attr_count[T_FIFO],
03584                        rsbac_adf_set_attr_count[T_SYMLINK],
03585                        rsbac_adf_set_attr_count[T_DEV],
03586                        rsbac_adf_set_attr_count[T_IPC],
03587                        rsbac_adf_set_attr_count[T_SCD],
03588                        rsbac_adf_set_attr_count[T_USER],
03589                        rsbac_adf_set_attr_count[T_PROCESS],
03590                        rsbac_adf_set_attr_count[T_NETDEV],
03591                        rsbac_adf_set_attr_count[T_NETTEMP],
03592                        rsbac_adf_set_attr_count[T_NETOBJ],
03593                        rsbac_adf_set_attr_count[T_GROUP],
03594                        rsbac_adf_set_attr_count[T_UNIXSOCK]);
03595         pos = begin + len;
03596         if (pos < offset) {
03597                 len = 0;
03598                 begin = pos;
03599         }
03600 
03601       out:
03602         *start = buffer + (offset - begin);
03603         len -= (offset - begin);
03604 
03605         if (len > length)
03606                 len = length;
03607         return len;
03608 }
03609 
03610 static int
03611 active_proc_info(char *buffer, char **start, off_t offset, int length)
03612 {
03613         u_int len = 0;
03614         off_t pos = 0;
03615         off_t begin = 0;
03616 
03617         union rsbac_target_id_t rsbac_target_id;
03618         union rsbac_attribute_value_t rsbac_attribute_value;
03619 
03620         if (!rsbac_initialized)
03621                 return (-ENOSYS);
03622 
03623         rsbac_pr_debug(aef, "calling ADF\n");
03624         rsbac_target_id.scd = ST_rsbac;
03625         rsbac_attribute_value.dummy = 0;
03626         if (!rsbac_adf_request(R_GET_STATUS_DATA,
03627                                current->pid,
03628                                T_SCD,
03629                                rsbac_target_id,
03630                                A_none, rsbac_attribute_value)) {
03631                 return -EPERM;
03632         }
03633 
03634         len = sprintf(buffer, "Version: %s\n", RSBAC_VERSION);
03635 #ifdef CONFIG_RSBAC_MAINT
03636         len += sprintf(buffer + len, "Mode: Maintenance\n");
03637         len += sprintf(buffer + len, "Softmode: unavailable\n");
03638 #else
03639 #ifdef CONFIG_RSBAC_SOFTMODE
03640         if (rsbac_softmode)
03641                 len += sprintf(buffer + len, "Mode: SOFTMODE\n");
03642         else
03643 #endif
03644                 len += sprintf(buffer + len, "Mode: Secure\n");
03645 #ifdef CONFIG_RSBAC_SOFTMODE
03646         len += sprintf(buffer + len, "Softmode: available\n");
03647 #else
03648         len += sprintf(buffer + len, "Softmode: unavailable\n");
03649 #endif
03650 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03651         len += sprintf(buffer + len, "Ind-Soft: available\n");
03652 #else
03653         len += sprintf(buffer + len, "Ind-Soft: unavailable\n");
03654 #endif
03655 #ifdef CONFIG_RSBAC_SWITCH
03656         len += sprintf(buffer + len, "Switching off: available for");
03657 #ifdef CONFIG_RSBAC_SWITCH_MAC
03658 #ifndef CONFIG_RSBAC_SWITCH_ON
03659         if (rsbac_switch_mac)
03660 #endif
03661                 len += sprintf(buffer + len, " MAC");
03662 #endif
03663 #ifdef CONFIG_RSBAC_SWITCH_PM
03664 #ifndef CONFIG_RSBAC_SWITCH_ON
03665         if (rsbac_switch_pm)
03666 #endif
03667                 len += sprintf(buffer + len, " PM");
03668 #endif
03669 #ifdef CONFIG_RSBAC_SWITCH_DAZ
03670         len += sprintf(buffer + len, " DAZ");
03671 #endif
03672 #ifdef CONFIG_RSBAC_SWITCH_FF
03673         len += sprintf(buffer + len, " FF");
03674 #endif
03675 #ifdef CONFIG_RSBAC_SWITCH_RC
03676 #ifndef CONFIG_RSBAC_SWITCH_ON
03677         if (rsbac_switch_rc)
03678 #endif
03679                 len += sprintf(buffer + len, " RC");
03680 #endif
03681 #ifdef CONFIG_RSBAC_SWITCH_AUTH
03682         len += sprintf(buffer + len, " AUTH");
03683 #endif
03684 #ifdef CONFIG_RSBAC_SWITCH_ACL
03685         len += sprintf(buffer + len, " ACL");
03686 #endif
03687 #ifdef CONFIG_RSBAC_SWITCH_CAP
03688         len += sprintf(buffer + len, " CAP");
03689 #endif
03690 #ifdef CONFIG_RSBAC_SWITCH_JAIL
03691         len += sprintf(buffer + len, " JAIL");
03692 #endif
03693 #ifdef CONFIG_RSBAC_SWITCH_RES
03694         len += sprintf(buffer + len, " RES");
03695 #endif
03696 #ifdef CONFIG_RSBAC_SWITCH_PAX
03697         len += sprintf(buffer + len, " PAX");
03698 #endif
03699         len += sprintf(buffer + len, "\n");
03700         len += sprintf(buffer + len, "Switching on: available for");
03701 #ifdef CONFIG_RSBAC_SWITCH_ON
03702 #ifdef CONFIG_RSBAC_SWITCH_MAC
03703         len += sprintf(buffer + len, " MAC");
03704 #endif
03705 #ifdef CONFIG_RSBAC_SWITCH_PM
03706         len += sprintf(buffer + len, " PM");
03707 #endif
03708 #ifdef CONFIG_RSBAC_SWITCH_RC
03709         len += sprintf(buffer + len, " RC");
03710 #endif
03711 #endif
03712 #ifdef CONFIG_RSBAC_SWITCH_DAZ
03713         len += sprintf(buffer + len, " DAZ");
03714 #endif
03715 #ifdef CONFIG_RSBAC_SWITCH_FF
03716         len += sprintf(buffer + len, " FF");
03717 #endif
03718 #ifdef CONFIG_RSBAC_SWITCH_AUTH
03719         len += sprintf(buffer + len, " AUTH");
03720 #endif
03721 #ifdef CONFIG_RSBAC_SWITCH_ACL
03722         len += sprintf(buffer + len, " ACL");
03723 #endif
03724 #ifdef CONFIG_RSBAC_SWITCH_CAP
03725         len += sprintf(buffer + len, " CAP");
03726 #endif
03727 #ifdef CONFIG_RSBAC_SWITCH_JAIL
03728         len += sprintf(buffer + len, " JAIL");
03729 #endif
03730 #ifdef CONFIG_RSBAC_SWITCH_RES
03731         len += sprintf(buffer + len, " RES");
03732 #endif
03733 #ifdef CONFIG_RSBAC_SWITCH_PAX
03734         len += sprintf(buffer + len, " PAX");
03735 #endif
03736         len += sprintf(buffer + len, "\n");
03737 #else
03738         len += sprintf(buffer + len, "Switching off: unavailable\n");
03739         len += sprintf(buffer + len, "Switching on: unavailable\n");
03740 #endif
03741 #endif
03742         pos = begin + len;
03743         if (pos < offset) {
03744                 len = 0;
03745                 begin = pos;
03746         }
03747         if (pos > offset + length)
03748                 goto out;
03749 
03750 #ifdef CONFIG_RSBAC_REG
03751 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03752         if (rsbac_ind_softmode[SW_REG])
03753                 len += sprintf(buffer + len, "Module: REG  SOFTMODE\n");
03754         else
03755 #endif
03756                 len += sprintf(buffer + len, "Module: REG  on\n");
03757 #endif
03758 
03759 #ifdef CONFIG_RSBAC_MAC
03760 #ifdef CONFIG_RSBAC_SWITCH_MAC
03761         if (!rsbac_switch_mac)
03762                 len += sprintf(buffer + len, "Module: MAC  OFF\n");
03763         else
03764 #endif
03765 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03766         if (rsbac_ind_softmode[SW_MAC])
03767                 len += sprintf(buffer + len, "Module: MAC  SOFTMODE\n");
03768         else
03769 #endif
03770                 len += sprintf(buffer + len, "Module: MAC  on\n");
03771 #endif
03772 
03773 #ifdef CONFIG_RSBAC_PM
03774 #ifdef CONFIG_RSBAC_SWITCH_PM
03775         if (!rsbac_switch_pm)
03776                 len += sprintf(buffer + len, "Module: PM   OFF\n");
03777         else
03778 #endif
03779 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03780         if (rsbac_ind_softmode[SW_PM])
03781                 len += sprintf(buffer + len, "Module: PM   SOFTMODE\n");
03782         else
03783 #endif
03784                 len += sprintf(buffer + len, "Module: PM   on\n");
03785 #endif
03786 
03787 #ifdef CONFIG_RSBAC_DAZ
03788 #ifdef CONFIG_RSBAC_SWITCH_DAZ
03789         if (!rsbac_switch_daz)
03790                 len += sprintf(buffer + len, "Module: DAZ  OFF\n");
03791         else
03792 #endif
03793 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03794         if (rsbac_ind_softmode[SW_DAZ])
03795                 len += sprintf(buffer + len, "Module: DAZ  SOFTMODE\n");
03796         else
03797 #endif
03798                 len += sprintf(buffer + len, "Module: DAZ  on\n");
03799 #endif
03800 
03801 #ifdef CONFIG_RSBAC_FF
03802 #ifdef CONFIG_RSBAC_SWITCH_FF
03803         if (!rsbac_switch_ff)
03804                 len += sprintf(buffer + len, "Module: FF   OFF\n");
03805         else
03806 #endif
03807 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03808         if (rsbac_ind_softmode[SW_FF])
03809                 len += sprintf(buffer + len, "Module: FF   SOFTMODE\n");
03810         else
03811 #endif
03812                 len += sprintf(buffer + len, "Module: FF   on\n");
03813 #endif
03814 
03815 #ifdef CONFIG_RSBAC_RC
03816 #ifdef CONFIG_RSBAC_SWITCH_RC
03817         if (!rsbac_switch_rc)
03818                 len += sprintf(buffer + len, "Module: RC   OFF\n");
03819         else
03820 #endif
03821 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03822         if (rsbac_ind_softmode[SW_RC])
03823                 len += sprintf(buffer + len, "Module: RC   SOFTMODE\n");
03824         else
03825 #endif
03826                 len += sprintf(buffer + len, "Module: RC   on\n");
03827 #endif
03828 
03829 #ifdef CONFIG_RSBAC_AUTH
03830 #ifdef CONFIG_RSBAC_SWITCH_AUTH
03831         if (!rsbac_switch_auth)
03832                 len += sprintf(buffer + len, "Module: AUTH OFF\n");
03833         else
03834 #endif
03835 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03836         if (rsbac_ind_softmode[SW_AUTH])
03837                 len += sprintf(buffer + len, "Module: AUTH SOFTMODE\n");
03838         else
03839 #endif
03840                 len += sprintf(buffer + len, "Module: AUTH on\n");
03841 #endif
03842 
03843 #ifdef CONFIG_RSBAC_ACL
03844 #ifdef CONFIG_RSBAC_SWITCH_ACL
03845         if (!rsbac_switch_acl)
03846                 len += sprintf(buffer + len, "Module: ACL  OFF\n");
03847         else
03848 #endif
03849 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03850         if (rsbac_ind_softmode[SW_ACL])
03851                 len += sprintf(buffer + len, "Module: ACL  SOFTMODE\n");
03852         else
03853 #endif
03854                 len += sprintf(buffer + len, "Module: ACL  on\n");
03855 #endif
03856 
03857 #ifdef CONFIG_RSBAC_CAP
03858 #ifdef CONFIG_RSBAC_SWITCH_CAP
03859         if (!rsbac_switch_cap)
03860                 len += sprintf(buffer + len, "Module: CAP  OFF\n");
03861         else
03862 #endif
03863 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03864         if (rsbac_ind_softmode[SW_CAP])
03865                 len += sprintf(buffer + len, "Module: CAP  SOFTMODE\n");
03866         else
03867 #endif
03868                 len += sprintf(buffer + len, "Module: CAP  on\n");
03869 #endif
03870 
03871 #ifdef CONFIG_RSBAC_JAIL
03872 #ifdef CONFIG_RSBAC_SWITCH_JAIL
03873         if (!rsbac_switch_jail)
03874                 len += sprintf(buffer + len, "Module: JAIL OFF\n");
03875         else
03876 #endif
03877 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03878         if (rsbac_ind_softmode[SW_JAIL])
03879                 len += sprintf(buffer + len, "Module: JAIL SOFTMODE\n");
03880         else
03881 #endif
03882                 len += sprintf(buffer + len, "Module: JAIL on\n");
03883 #endif
03884 
03885 #ifdef CONFIG_RSBAC_RES
03886 #ifdef CONFIG_RSBAC_SWITCH_RES
03887         if (!rsbac_switch_res)
03888                 len += sprintf(buffer + len, "Module: RES  OFF\n");
03889         else
03890 #endif
03891 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03892         if (rsbac_ind_softmode[SW_RES])
03893                 len += sprintf(buffer + len, "Module: RES  SOFTMODE\n");
03894         else
03895 #endif
03896                 len += sprintf(buffer + len, "Module: RES  on\n");
03897 #endif
03898 
03899 #ifdef CONFIG_RSBAC_PAX
03900 #ifdef CONFIG_RSBAC_SWITCH_PAX
03901         if (!rsbac_switch_pax)
03902                 len += sprintf(buffer + len, "Module: PAX  OFF\n");
03903         else
03904 #endif
03905 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03906         if (rsbac_ind_softmode[SW_PAX])
03907                 len += sprintf(buffer + len, "Module: PAX  SOFTMODE\n");
03908         else
03909 #endif
03910                 len += sprintf(buffer + len, "Module: PAX  on\n");
03911 #endif
03912 
03913         pos = begin + len;
03914         if (pos < offset) {
03915                 len = 0;
03916                 begin = pos;
03917         }
03918 
03919       out:
03920         *start = buffer + (offset - begin);
03921         len -= (offset - begin);
03922 
03923         if (len > length)
03924                 len = length;
03925         return len;
03926 }
03927 
03928 #ifdef CONFIG_RSBAC_XSTATS
03929 static int
03930 xstats_proc_info(char *buffer, char **start, off_t offset, int length)
03931 {
03932         u_int len = 0;
03933         off_t pos = 0;
03934         off_t begin = 0;
03935         int i, j;
03936         char name[80];
03937         union rsbac_target_id_t rsbac_target_id;
03938         union rsbac_attribute_value_t rsbac_attribute_value;
03939 
03940         if (!rsbac_initialized)
03941                 return (-ENOSYS);
03942 
03943         rsbac_pr_debug(aef, "calling ADF\n");
03944         rsbac_target_id.scd = ST_rsbac;
03945         rsbac_attribute_value.dummy = 0;
03946         if (!rsbac_adf_request(R_GET_STATUS_DATA,
03947                                current->pid,
03948                                T_SCD,
03949                                rsbac_target_id,
03950                                A_none, rsbac_attribute_value)) {
03951                 return -EPERM;
03952         }
03953 
03954         len += sprintf(buffer,
03955                        "RSBAC ADF call Statistics\n-------------------------\nadf_request table:\n");
03956         pos = begin + len;
03957         if (pos < offset) {
03958                 len = 0;
03959                 begin = pos;
03960         }
03961         if (pos > offset + length)
03962                 goto out;
03963 
03964         len +=
03965             sprintf(buffer + len,
03966                     "Request /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tGROUP\tUNIXSOCK NONE");
03967         pos = begin + len;
03968         if (pos < offset) {
03969                 len = 0;
03970                 begin = pos;
03971         }
03972         if (pos > offset + length)
03973                 goto out;
03974 
03975         for (i = 0; i < R_NONE; i++) {
03976                 get_request_name(name, i);
03977                 name[15] = 0;
03978                 len += sprintf(buffer + len, "\n%-14s\t", name);
03979                 pos = begin + len;
03980                 if (pos < offset) {
03981                         len = 0;
03982                         begin = pos;
03983                 }
03984                 if (pos > offset + length)
03985                         goto out;
03986                 for (j = 0; j <= T_NONE; j++) {
03987                         if ((j == T_NETTEMP_NT)
03988                             || (j == T_FD)
03989                             )
03990                                 continue;
03991                         len += sprintf(buffer + len, "%lu\t",
03992                                        rsbac_adf_request_xcount[j][i]);
03993                         pos = begin + len;
03994                         if (pos < offset) {
03995                                 len = 0;
03996                                 begin = pos;
03997                         }
03998                         if (pos > offset + length)
03999                                 goto out;
04000                 }
04001         }
04002 
04003         len += sprintf(buffer + len,
04004                        "\n\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu, none: %lu\n",
04005                        rsbac_adf_request_count[T_FILE],
04006                        rsbac_adf_request_count[T_DIR],
04007                        rsbac_adf_request_count[T_FIFO],
04008                        rsbac_adf_request_count[T_SYMLINK],
04009                        rsbac_adf_request_count[T_DEV],
04010                        rsbac_adf_request_count[T_IPC],
04011                        rsbac_adf_request_count[T_SCD],
04012                        rsbac_adf_request_count[T_USER],
04013                        rsbac_adf_request_count[T_PROCESS],
04014                        rsbac_adf_request_count[T_NETDEV],
04015                        rsbac_adf_request_count[T_NETTEMP],
04016                        rsbac_adf_request_count[T_NETOBJ],
04017                        rsbac_adf_request_count[T_GROUP],
04018                        rsbac_adf_request_count[T_UNIXSOCK],
04019                        rsbac_adf_request_count[T_NONE]);
04020         pos = begin + len;
04021         if (pos < offset) {
04022                 len = 0;
04023                 begin = pos;
04024         }
04025         if (pos > offset + length)
04026                 goto out;
04027 
04028         len += sprintf(buffer + len,
04029                        "\n\nadf_set_attr table:\nRequest /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tGROUP\tUNIXSOCK NONE");
04030         pos = begin + len;
04031         if (pos < offset) {
04032                 len = 0;
04033                 begin = pos;
04034         }
04035         if (pos > offset + length)
04036                 goto out;
04037 
04038         for (i = 0; i < R_NONE; i++) {
04039                 get_request_name(name, i);
04040                 name[15] = 0;
04041                 len += sprintf(buffer + len, "\n%-14s\t", name);
04042                 pos = begin + len;
04043                 if (pos < offset) {
04044                         len = 0;
04045                         begin = pos;
04046                 }
04047                 if (pos > offset + length)
04048                         goto out;
04049                 for (j = 0; j <= T_NONE; j++) {
04050                         if ((j == T_NETTEMP_NT)
04051                             || (j == T_FD)
04052                             )
04053                                 continue;
04054                         len += sprintf(buffer + len, "%lu\t",
04055                                        rsbac_adf_set_attr_xcount[j][i]);
04056                         pos = begin + len;
04057                         if (pos < offset) {
04058                                 len = 0;
04059                                 begin = pos;
04060                         }
04061                         if (pos > offset + length)
04062                                 goto out;
04063                 }
04064         }
04065 
04066         len += sprintf(buffer + len,
04067                        "\n\nadf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu, none: %lu\n",
04068                        rsbac_adf_set_attr_count[T_FILE],
04069                        rsbac_adf_set_attr_count[T_DIR],
04070                        rsbac_adf_set_attr_count[T_FIFO],
04071                        rsbac_adf_set_attr_count[T_SYMLINK],
04072                        rsbac_adf_set_attr_count[T_DEV],
04073                        rsbac_adf_set_attr_count[T_IPC],
04074                        rsbac_adf_set_attr_count[T_SCD],
04075                        rsbac_adf_set_attr_count[T_USER],
04076                        rsbac_adf_set_attr_count[T_PROCESS],
04077                        rsbac_adf_set_attr_count[T_NETDEV],
04078                        rsbac_adf_set_attr_count[T_NETTEMP],
04079                        rsbac_adf_set_attr_count[T_NETOBJ],
04080                        rsbac_adf_set_attr_count[T_GROUP],
04081                        rsbac_adf_set_attr_count[T_UNIXSOCK],
04082                        rsbac_adf_set_attr_count[T_NONE]);
04083         pos = begin + len;
04084         if (pos < offset) {
04085                 len = 0;
04086                 begin = pos;
04087         }
04088         if (pos > offset + length)
04089                 goto out;
04090 
04091         len += sprintf(buffer + len,
04092                        "\n\nData Structures:\nrsbac_get_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu\n",
04093                        get_attr_count[T_FILE],
04094                        get_attr_count[T_DIR],
04095                        get_attr_count[T_FIFO],
04096                        get_attr_count[T_SYMLINK],
04097                        get_attr_count[T_DEV],
04098                        get_attr_count[T_IPC],
04099                        get_attr_count[T_SCD],
04100                        get_attr_count[T_USER],
04101                        get_attr_count[T_PROCESS],
04102                        get_attr_count[T_NETDEV],
04103                        get_attr_count[T_NETTEMP],
04104                        get_attr_count[T_NETOBJ],
04105                        get_attr_count[T_GROUP],
04106                        get_attr_count[T_UNIXSOCK]);
04107         pos = begin + len;
04108         if (pos < offset) {
04109                 len = 0;
04110                 begin = pos;
04111         }
04112         if (pos > offset + length)
04113                 goto out;
04114 
04115         len += sprintf(buffer + len,
04116                        "\nrsbac_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu\n",
04117                        set_attr_count[T_FILE],
04118                        set_attr_count[T_DIR],
04119                        set_attr_count[T_FIFO],
04120                        set_attr_count[T_SYMLINK],
04121                        set_attr_count[T_DEV],
04122                        set_attr_count[T_IPC],
04123                        set_attr_count[T_SCD],
04124                        set_attr_count[T_USER],
04125                        set_attr_count[T_PROCESS],
04126                        set_attr_count[T_NETDEV],
04127                        set_attr_count[T_NETTEMP],
04128                        set_attr_count[T_NETOBJ],
04129                        set_attr_count[T_GROUP],
04130                        set_attr_count[T_UNIXSOCK]);
04131         pos = begin + len;
04132         if (pos < offset) {
04133                 len = 0;
04134                 begin = pos;
04135         }
04136         if (pos > offset + length)
04137                 goto out;
04138 
04139         len += sprintf(buffer + len,
04140                        "\nrsbac_remove_target calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, unixsock: %lu\n",
04141                        remove_count[T_FILE],
04142                        remove_count[T_DIR],
04143                        remove_count[T_FIFO],
04144                        remove_count[T_SYMLINK],
04145                        remove_count[T_DEV],
04146                        remove_count[T_IPC],
04147                        remove_count[T_SCD],
04148                        remove_count[T_USER],
04149                        remove_count[T_PROCESS],
04150                        remove_count[T_NETDEV],
04151                        remove_count[T_NETTEMP],
04152                        remove_count[T_NETOBJ],
04153                        remove_count[T_GROUP],
04154                        remove_count[T_UNIXSOCK]);
04155         pos = begin + len;
04156         if (pos < offset) {
04157                 len = 0;
04158                 begin = pos;
04159         }
04160         if (pos > offset + length)
04161                 goto out;
04162 
04163         len += sprintf(buffer + len,
04164                        "\nrsbac_get_parent calls: %lu\n",
04165                        get_parent_count);
04166         pos = begin + len;
04167         if (pos < offset) {
04168                 len = 0;
04169                 begin = pos;
04170         }
04171         if (pos > offset + length)
04172                 goto out;
04173 
04174 #ifdef CONFIG_RSBAC_FD_CACHE
04175         len += sprintf(buffer + len,
04176                         "\nFD Cache hits                 misses               items   subitem hm-ratio\n");
04177         for (i = 0; i < SW_NONE; i++) {
04178                 if (fd_cache_handle[i]) {
04179                         __u64 tmp_hits = fd_cache_hits[i];
04180                         __u64 tmp_misses = fd_cache_misses[i];
04181 
04182                         while ((tmp_hits > (__u32) -1) || (tmp_misses > (__u32) -1)) {
04183                                 tmp_hits >>= 1;
04184                                 tmp_misses >>= 1;
04185                         }
04186                         if (!tmp_misses)
04187                                 tmp_misses = 1;
04188                         len += sprintf(buffer + len,
04189                                         "%-8s %-20llu %-20llu %-7lu %-7lu %u\n",
04190                                get_switch_target_name(name, i),
04191                                fd_cache_hits[i], fd_cache_misses[i],
04192                                rsbac_list_lol_count(fd_cache_handle[i]),
04193                                rsbac_list_lol_all_subcount(fd_cache_handle[i]),
04194                                ((__u32) tmp_hits)/((__u32) tmp_misses));
04195                         pos = begin + len;
04196                         if (pos < offset) {
04197                                 len = 0;
04198                                 begin = pos;
04199                         }
04200                         if (pos > offset + length)
04201                                 goto out;
04202                 }
04203         }
04204         len += sprintf(buffer + len, "\n%u fd_cache_invalidates, %u fd_cache_invalidate_alls\n",
04205                         fd_cache_invalidates, fd_cache_invalidate_alls);
04206         pos = begin + len;
04207         if (pos < offset) {
04208                 len = 0;
04209                 begin = pos;
04210         }
04211 #endif
04212 
04213       out:
04214         *start = buffer + (offset - begin);
04215         len -= (offset - begin);
04216 
04217         if (len > length)
04218                 len = length;
04219         return len;
04220 }
04221 #endif
04222 
04223 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
04224 static int
04225 auto_write_proc_info(char *buffer, char **start, off_t offset, int length)
04226 {
04227         int len = 0;
04228         off_t pos = 0;
04229         off_t begin = 0;
04230 
04231         union rsbac_target_id_t rsbac_target_id;
04232         union rsbac_attribute_value_t rsbac_attribute_value;
04233 
04234         if (!rsbac_initialized)
04235                 return (-ENOSYS);
04236 
04237         rsbac_pr_debug(aef, "calling ADF\n");
04238         rsbac_target_id.scd = ST_rsbac;
04239         rsbac_attribute_value.dummy = 0;
04240         if (!rsbac_adf_request(R_GET_STATUS_DATA,
04241                                current->pid,
04242                                T_SCD,
04243                                rsbac_target_id,
04244                                A_none, rsbac_attribute_value)) {
04245                 return -EPERM;
04246         }
04247 
04248         len =
04249             sprintf(buffer,
04250                     "RSBAC auto write settings\n-------------------------\n");
04251         pos = begin + len;
04252         if (pos < offset) {
04253                 len = 0;
04254                 begin = pos;
04255         }
04256         if (pos > offset + length)
04257                 goto out;
04258 
04259         len +=
04260             sprintf(buffer + len,
04261                     "auto interval %u jiffies (%i jiffies = 1 second)\n",
04262                     auto_interval, HZ);
04263         pos = begin + len;
04264         if (pos < offset) {
04265                 len = 0;
04266                 begin = pos;
04267         }
04268         if (pos > offset + length)
04269                 goto out;
04270 
04271 #ifdef CONFIG_RSBAC_DEBUG
04272         len += sprintf(buffer + len, "debug level is %i\n",
04273                        rsbac_debug_auto);
04274         pos = begin + len;
04275         if (pos < offset) {
04276                 len = 0;
04277                 begin = pos;
04278         }
04279 #endif
04280 
04281       out:
04282         *start = buffer + (offset - begin);
04283         len -= (offset - begin);
04284 
04285         if (len > length)
04286                 len = length;
04287         return len;
04288 }
04289 
04290 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
04291 static int auto_write_proc_write(struct file *file, const char *buf,
04292                                  u_long count, void *ppos)
04293 #else
04294 static int auto_write_proc_write(struct file *file,
04295                                  const char __user * buf, u_long count,
04296                                  void *data)
04297 #endif
04298 {
04299         ssize_t err;
04300         char *k_buf;
04301         char *p;
04302 
04303         union rsbac_target_id_t rsbac_target_id;
04304         union rsbac_attribute_value_t rsbac_attribute_value;
04305 
04306         if (count > PROC_BLOCK_SIZE) {
04307                 return (-EOVERFLOW);
04308         }
04309 
04310         if (!(k_buf = (char *) __get_free_page(GFP_KERNEL)))
04311                 return (-ENOMEM);
04312         err = copy_from_user(k_buf, buf, count);
04313         if (err < 0)
04314                 return err;
04315 
04316         err = count;
04317         if (count < 13 || strncmp("auto", k_buf, 4)) {
04318                 goto out;
04319         }
04320         if (!rsbac_initialized) {
04321                 err = -ENOSYS;
04322                 goto out;
04323         }
04324         rsbac_pr_debug(aef, "calling ADF\n");
04325         rsbac_target_id.scd = ST_rsbac;
04326         rsbac_attribute_value.dummy = 0;
04327         if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
04328                                current->pid,
04329                                T_SCD,
04330                                rsbac_target_id,
04331                                A_none, rsbac_attribute_value)) {
04332                 err = -EPERM;
04333                 goto out;
04334         }
04335 
04336         /*
04337          * Usage: echo "auto interval #N" > /proc/rsbac_info/auto_write
04338          *   to set auto_interval to given value
04339          */
04340         if (!strncmp("interval", k_buf + 5, 8)) {
04341                 unsigned int interval;
04342 
04343                 p = k_buf + 5 + 9;
04344 
04345                 if (*p == '\0')
04346                         goto out;
04347 
04348                 interval = simple_strtoul(p, NULL, 0);
04349                 /* only accept minimum of 1 second */
04350                 if (interval >= HZ) {
04351                         rsbac_printk(KERN_INFO "auto_write_proc_write(): setting auto write interval to %u\n",
04352                                      interval);
04353                         auto_interval = interval;
04354                         err = count;
04355                         goto out;
04356                 } else {
04357                         rsbac_printk(KERN_INFO "auto_write_proc_write(): rejecting too short auto write interval %u (min. %i)\n",
04358                                      interval, HZ);
04359                         goto out;
04360                 }
04361         }
04362 #ifdef CONFIG_RSBAC_DEBUG
04363         /*
04364          * Usage: echo "auto debug #N" > /proc/rsbac_info/auto_write
04365          *   to set rsbac_debug_auto to given value
04366          */
04367         if (!strncmp("debug", k_buf + 5, 5)) {
04368                 unsigned int debug_level;
04369 
04370                 p = k_buf + 5 + 6;
04371 
04372                 if (*p == '\0')
04373                         goto out;
04374 
04375                 debug_level = simple_strtoul(p, NULL, 0);
04376                 /* only accept 0 or 1 */
04377                 if (!debug_level || (debug_level == 1)) {
04378                         rsbac_printk(KERN_INFO "auto_write_proc_write(): setting rsbac_debug_auto to %u\n",
04379                                      debug_level);
04380                         rsbac_debug_auto = debug_level;
04381                         err = count;
04382                 } else {
04383                         rsbac_printk(KERN_INFO "auto_write_proc_write(): rejecting invalid debug level (should be 0 or 1)\n");
04384                 }
04385         }
04386 #endif
04387 
04388       out:
04389         free_page((ulong) k_buf);
04390         return (err);
04391 }
04392 #endif                          /* CONFIG_RSBAC_AUTO_WRITE > 0 */
04393 
04394 static int
04395 versions_proc_info(char *buffer, char **start, off_t offset, int length)
04396 {
04397         int len = 0;
04398         off_t pos = 0;
04399         off_t begin = 0;
04400 
04401         union rsbac_target_id_t rsbac_target_id;
04402         union rsbac_attribute_value_t rsbac_attribute_value;
04403 
04404         if (!rsbac_initialized)
04405                 return (-ENOSYS);
04406 
04407         rsbac_pr_debug(aef, "calling ADF\n");
04408         rsbac_target_id.scd = ST_rsbac;
04409         rsbac_attribute_value.dummy = 0;
04410         if (!rsbac_adf_request(R_GET_STATUS_DATA,
04411                                current->pid,
04412                                T_SCD,
04413                                rsbac_target_id,
04414                                A_none, rsbac_attribute_value)) {
04415                 return -EPERM;
04416         }
04417 
04418         len = sprintf(buffer,
04419                       "RSBAC version settings (%s)\n----------------------\n",
04420                       RSBAC_VERSION);
04421         len +=
04422             sprintf(buffer + len,
04423                     "Device list head size is %u, hash size is %u\n",
04424                     (int) sizeof(struct rsbac_device_list_item_t),
04425                     RSBAC_NR_DEVICE_LISTS);
04426         pos = begin + len;
04427         if (pos < offset) {
04428                 len = 0;
04429                 begin = pos;
04430         }
04431         if (pos > offset + length)
04432                 goto out;
04433 
04434         len +=
04435             sprintf(buffer + len,
04436                     "FD lists:\nGEN  aci version is %u, aci entry size is %Zd, %u lists per device\n",
04437                     RSBAC_GEN_FD_ACI_VERSION,
04438                     sizeof(struct rsbac_gen_fd_aci_t),
04439                     gen_nr_fd_hashes);
04440         pos = begin + len;
04441         if (pos < offset) {
04442                 len = 0;
04443                 begin = pos;
04444         }
04445         if (pos > offset + length)
04446                 goto out;
04447 #if defined(CONFIG_RSBAC_MAC)
04448         len +=
04449             sprintf(buffer + len,
04450                     "MAC  aci version is %u, aci entry size is %Zd, %u lists per device\n",
04451                     RSBAC_MAC_FD_ACI_VERSION,
04452                     sizeof(struct rsbac_mac_fd_aci_t),
04453                     mac_nr_fd_hashes);
04454         pos = begin + len;
04455         if (pos < offset) {
04456                 len = 0;
04457                 begin = pos;
04458         }
04459         if (pos > offset + length)
04460                 goto out;
04461 #endif
04462 #if defined(CONFIG_RSBAC_PM)
04463         len +=
04464             sprintf(buffer + len,
04465                     "PM   aci version is %u, aci entry size is %Zd, %u lists per device\n",
04466                     RSBAC_PM_FD_ACI_VERSION,
04467                     sizeof(struct rsbac_pm_fd_aci_t),
04468                     pm_nr_fd_hashes);
04469         pos = begin + len;
04470         if (pos < offset) {
04471                 len = 0;
04472                 begin = pos;
04473         }
04474         if (pos > offset + length)
04475                 goto out;
04476 #endif
04477 #if defined(CONFIG_RSBAC_DAZ)
04478         len +=
04479             sprintf(buffer + len,
04480                     "DAZ  aci version is %u, aci entry size is %Zd, %u lists per device\n",
04481                     RSBAC_DAZ_FD_ACI_VERSION,
04482                     sizeof(struct rsbac_daz_fd_aci_t),
04483                     daz_nr_fd_hashes);
04484         pos = begin + len;
04485         if (pos < offset) {
04486                 len = 0;
04487                 begin = pos;
04488         }
04489         if (pos > offset + length)
04490                 goto out;
04491 #if defined(CONFIG_RSBAC_DAZ_CACHE)
04492         len +=
04493             sprintf(buffer + len,
04494                     "DAZS aci version is %u, aci entry size is %Zd, %u lists per device\n",
04495                     RSBAC_DAZ_SCANNED_FD_ACI_VERSION,
04496                     sizeof(rsbac_daz_scanned_t),
04497                     daz_scanned_nr_fd_hashes);
04498         pos = begin + len;
04499         if (pos < offset) {
04500                 len = 0;
04501                 begin = pos;
04502         }
04503         if (pos > offset + length)
04504                 goto out;
04505 #endif
04506 #endif
04507 #if defined(CONFIG_RSBAC_FF)
04508         len +=
04509             sprintf(buffer + len,
04510                     "FF   aci version is %u, aci entry size is %Zd, %u lists per device\n",
04511                     RSBAC_FF_FD_ACI_VERSION, sizeof(rsbac_ff_flags_t),
04512                     ff_nr_fd_hashes);
04513         pos = begin + len;
04514         if (pos < offset) {
04515                 len = 0;
04516                 begin = pos;
04517         }
04518         if (pos > offset + length)
04519                 goto out;
04520 #endif
04521 #if defined(CONFIG_RSBAC_RC)
04522         len +=
04523             sprintf(buffer + len,
04524                     "RC   aci version is %u, aci entry size is %Zd, %u lists per device\n",
04525                     RSBAC_RC_FD_ACI_VERSION,
04526                     sizeof(struct rsbac_rc_fd_aci_t),
04527                     rc_nr_fd_hashes);
04528         pos = begin + len;
04529         if (pos < offset) {
04530                 len = 0;
04531                 begin = pos;
04532         }
04533         if (pos > offset + length)
04534                 goto out;
04535 #endif
04536 #if defined(CONFIG_RSBAC_AUTH)
04537         len +=
04538             sprintf(buffer + len,
04539                     "AUTH aci version is %u, aci entry size is %Zd, %u lists per device\n",
04540                     RSBAC_AUTH_FD_ACI_VERSION,
04541                     sizeof(struct rsbac_auth_fd_aci_t),
04542                     auth_nr_fd_hashes);
04543         pos = begin + len;
04544         if (pos < offset) {
04545                 len = 0;
04546                 begin = pos;
04547         }
04548         if (pos > offset + length)
04549                 goto out;
04550 #endif
04551 #if defined(CONFIG_RSBAC_CAP)
04552         len +=
04553             sprintf(buffer + len,
04554                     "CAP  aci version is %u, aci entry size is %Zd, %u lists per device\n",
04555                     RSBAC_CAP_FD_ACI_VERSION,
04556                     sizeof(struct rsbac_cap_fd_aci_t),
04557                     cap_nr_fd_hashes);
04558         pos = begin + len;
04559         if (pos < offset) {
04560                 len = 0;
04561                 begin = pos;
04562         }
04563         if (pos > offset + length)
04564                 goto out;
04565 #endif
04566 #if defined(CONFIG_RSBAC_PAX)
04567         len +=
04568             sprintf(buffer + len,
04569                     "PAX  aci version is %u, aci entry size is %Zd, %u lists per device\n",
04570                     RSBAC_PAX_FD_ACI_VERSION, sizeof(rsbac_pax_flags_t),
04571                     pax_nr_fd_hashes);
04572         pos = begin + len;
04573         if (pos < offset) {
04574                 len = 0;
04575                 begin = pos;
04576         }
04577         if (pos > offset + length)
04578                 goto out;
04579 #endif
04580 #if defined(CONFIG_RSBAC_RES)
04581         len +=
04582             sprintf(buffer + len,
04583                     "RES  aci version is %u, aci entry size is %Zd, %u lists per device\n",
04584                     RSBAC_RES_FD_ACI_VERSION,
04585                     sizeof(struct rsbac_res_fd_aci_t),
04586                     res_nr_fd_hashes);
04587         pos = begin + len;
04588         if (pos < offset) {
04589                 len = 0;
04590                 begin = pos;
04591         }
04592         if (pos > offset + length)
04593                 goto out;
04594 #endif
04595 
04596 
04597         len +=
04598             sprintf(buffer + len,
04599                     "\nDEV lists:\nGEN  aci version is %u, aci entry size is %Zd\n",
04600                     RSBAC_GEN_DEV_ACI_VERSION,
04601                     sizeof(struct rsbac_gen_dev_aci_t));
04602         pos = begin + len;
04603         if (pos < offset) {
04604                 len = 0;
04605                 begin = pos;
04606         }
04607         if (pos > offset + length)
04608                 goto out;
04609 #if defined(CONFIG_RSBAC_MAC)
04610         len +=
04611             sprintf(buffer + len,
04612                     "MAC  aci version is %u, aci entry size is %Zd\n",
04613                     RSBAC_MAC_DEV_ACI_VERSION,
04614                     sizeof(struct rsbac_mac_dev_aci_t));
04615         pos = begin + len;
04616         if (pos < offset) {
04617                 len = 0;
04618                 begin = pos;
04619         }
04620         if (pos > offset + length)
04621                 goto out;
04622 #endif
04623 #if defined(CONFIG_RSBAC_PM)
04624         len +=
04625             sprintf(buffer + len,
04626                     "PM   aci version is %u, aci entry size is %Zd\n",
04627                     RSBAC_PM_DEV_ACI_VERSION,
04628                     sizeof(struct rsbac_pm_dev_aci_t));
04629         pos = begin + len;
04630         if (pos < offset) {
04631                 len = 0;
04632                 begin = pos;
04633         }
04634         if (pos > offset + length)
04635                 goto out;
04636 #endif
04637 #if defined(CONFIG_RSBAC_RC)
04638         len +=
04639             sprintf(buffer + len,
04640                     "RC   aci version is %u, aci entry size is %Zd\n",
04641                     RSBAC_RC_DEV_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
04642         pos = begin + len;
04643         if (pos < offset) {
04644                 len = 0;
04645                 begin = pos;
04646         }
04647         if (pos > offset + length)
04648                 goto out;
04649 #endif
04650 
04651 
04652         len += sprintf(buffer + len, "\nIPC lists:\n");
04653         pos = begin + len;
04654         if (pos < offset) {
04655                 len = 0;
04656                 begin = pos;
04657         }
04658         if (pos > offset + length)
04659                 goto out;
04660 #if defined(CONFIG_RSBAC_MAC)
04661         len +=
04662             sprintf(buffer + len,
04663                     "MAC  aci version is %u, aci entry size is %Zd\n",
04664                     RSBAC_MAC_IPC_ACI_VERSION,
04665                     sizeof(struct rsbac_mac_ipc_aci_t));
04666         pos = begin + len;
04667         if (pos < offset) {
04668                 len = 0;
04669                 begin = pos;
04670         }
04671         if (pos > offset + length)
04672                 goto out;
04673 #endif
04674 #if defined(CONFIG_RSBAC_PM)
04675         len +=
04676             sprintf(buffer + len,
04677                     "PM   aci version is %u, aci entry size is %Zd\n",
04678                     RSBAC_PM_IPC_ACI_VERSION,
04679                     sizeof(struct rsbac_pm_ipc_aci_t));
04680         pos = begin + len;
04681         if (pos < offset) {
04682                 len = 0;
04683                 begin = pos;
04684         }
04685         if (pos > offset + length)
04686                 goto out;
04687 #endif
04688 #if defined(CONFIG_RSBAC_RC)
04689         len +=
04690             sprintf(buffer + len,
04691                     "RC   aci version is %u, aci entry size is %Zd\n",
04692                     RSBAC_RC_IPC_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
04693         pos = begin + len;
04694         if (pos < offset) {
04695                 len = 0;
04696                 begin = pos;
04697         }
04698         if (pos > offset + length)
04699                 goto out;
04700 #endif
04701 #if defined(CONFIG_RSBAC_JAIL)
04702         len +=
04703             sprintf(buffer + len,
04704                     "JAIL aci version is %u, aci entry size is %Zd\n",
04705                     RSBAC_JAIL_IPC_ACI_VERSION, sizeof(rsbac_jail_id_t));
04706         pos = begin + len;
04707         if (pos < offset) {
04708                 len = 0;
04709                 begin = pos;
04710         }
04711         if (pos > offset + length)
04712                 goto out;
04713 #endif
04714 
04715 
04716         len +=
04717             sprintf(buffer + len,
04718                     "\nUSER lists:\nGEN  aci version is %u, aci entry size is %Zd\n",
04719                     RSBAC_GEN_USER_ACI_VERSION,
04720                     sizeof(struct rsbac_gen_user_aci_t));
04721         pos = begin + len;
04722         if (pos < offset) {
04723                 len = 0;
04724                 begin = pos;
04725         }
04726         if (pos > offset + length)
04727                 goto out;
04728 #if defined(CONFIG_RSBAC_MAC)
04729         len +=
04730             sprintf(buffer + len,
04731                     "MAC  aci version is %u, aci entry size is %Zd\n",
04732                     RSBAC_MAC_USER_ACI_VERSION,
04733                     sizeof(struct rsbac_mac_user_aci_t));
04734         pos = begin + len;
04735         if (pos < offset) {
04736                 len = 0;
04737                 begin = pos;
04738         }
04739         if (pos > offset + length)
04740                 goto out;
04741 #endif
04742 #if defined(CONFIG_RSBAC_PM)
04743         len +=
04744             sprintf(buffer + len,
04745                     "PM   aci version is %u, aci entry size is %Zd\n",
04746                     RSBAC_PM_USER_ACI_VERSION,
04747                     sizeof(struct rsbac_pm_user_aci_t));
04748         pos = begin + len;
04749         if (pos < offset) {
04750                 len = 0;
04751                 begin = pos;
04752         }
04753         if (pos > offset + length)
04754                 goto out;
04755 #endif
04756 #if defined(CONFIG_RSBAC_DAZ)
04757         len +=
04758             sprintf(buffer + len,
04759                     "DAZ  aci version is %u, aci entry size is %Zd\n",
04760                     RSBAC_DAZ_USER_ACI_VERSION,
04761                     sizeof(rsbac_system_role_int_t));
04762         pos = begin + len;
04763         if (pos < offset) {
04764                 len = 0;
04765                 begin = pos;
04766         }
04767         if (pos > offset + length)
04768                 goto out;
04769 #endif
04770 #if defined(CONFIG_RSBAC_RC)
04771         len +=
04772             sprintf(buffer + len,
04773                     "RC   aci version is %u, aci entry size is %Zd\n",
04774                     RSBAC_RC_USER_ACI_VERSION, sizeof(rsbac_rc_role_id_t));
04775         pos = begin + len;
04776         if (pos < offset) {
04777                 len = 0;
04778                 begin = pos;
04779         }
04780         if (pos > offset + length)
04781                 goto out;
04782 #endif
04783 #if defined(CONFIG_RSBAC_AUTH)
04784         len +=
04785             sprintf(buffer + len,
04786                     "AUTH aci version is %u, aci entry size is %Zd\n",
04787                     RSBAC_AUTH_USER_ACI_VERSION,
04788                     sizeof(rsbac_system_role_int_t));
04789         pos = begin + len;
04790         if (pos < offset) {
04791                 len = 0;
04792                 begin = pos;
04793         }
04794         if (pos > offset + length)
04795                 goto out;
04796 #endif
04797 #if defined(CONFIG_RSBAC_CAP)
04798         len +=
04799             sprintf(buffer + len,
04800                     "CAP  aci version is %u, aci entry size is %Zd\n",
04801                     RSBAC_CAP_USER_ACI_VERSION,
04802                     sizeof(struct rsbac_cap_user_aci_t));
04803         pos = begin + len;
04804         if (pos < offset) {
04805                 len = 0;
04806                 begin = pos;
04807         }
04808         if (pos > offset + length)
04809                 goto out;
04810 #endif
04811 #if defined(CONFIG_RSBAC_JAIL)
04812         len +=
04813             sprintf(buffer + len,
04814                     "JAIL aci version is %u, aci entry size is %Zd\n",
04815                     RSBAC_JAIL_USER_ACI_VERSION,
04816                     sizeof(rsbac_system_role_int_t));
04817         pos = begin + len;
04818         if (pos < offset) {
04819                 len = 0;
04820                 begin = pos;
04821         }
04822         if (pos > offset + length)
04823                 goto out;
04824 #endif
04825 #if defined(CONFIG_RSBAC_PAX)
04826         len +=
04827             sprintf(buffer + len,
04828                     "PAX  aci version is %u, aci entry size is %Zd\n",
04829                     RSBAC_PAX_USER_ACI_VERSION,
04830                     sizeof(rsbac_system_role_int_t));
04831         pos = begin + len;
04832         if (pos < offset) {
04833                 len = 0;
04834                 begin = pos;
04835         }
04836         if (pos > offset + length)
04837                 goto out;
04838 #endif
04839 #if defined(CONFIG_RSBAC_RES)
04840         len +=
04841             sprintf(buffer + len,
04842                     "RES aci version is %u, aci entry size is %Zd\n",
04843                     RSBAC_RES_USER_ACI_VERSION,
04844                     sizeof(struct rsbac_res_user_aci_t));
04845         pos = begin + len;
04846         if (pos < offset) {
04847                 len = 0;
04848                 begin = pos;
04849         }
04850         if (pos > offset + length)
04851                 goto out;
04852 #endif
04853 
04854 
04855         len +=
04856             sprintf(buffer + len,
04857                     "\nPROCESS lists:\nGEN  aci version is %i, aci entry size is %Zd, number of lists is %u\n",
04858                     RSBAC_GEN_PROCESS_ACI_VERSION,
04859                     sizeof(rsbac_request_vector_t),
04860                     CONFIG_RSBAC_GEN_NR_P_LISTS);
04861         pos = begin + len;
04862         if (pos < offset) {
04863                 len = 0;
04864                 begin = pos;
04865         }
04866         if (pos > offset + length)
04867                 goto out;
04868 #if defined(CONFIG_RSBAC_MAC)
04869         len +=
04870             sprintf(buffer + len,
04871                     "MAC  aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04872                     RSBAC_MAC_PROCESS_ACI_VERSION,
04873                     sizeof(struct rsbac_mac_process_aci_t),
04874                     CONFIG_RSBAC_MAC_NR_P_LISTS);
04875         pos = begin + len;
04876         if (pos < offset) {
04877                 len = 0;
04878                 begin = pos;
04879         }
04880         if (pos > offset + length)
04881                 goto out;
04882 #endif
04883 #if defined(CONFIG_RSBAC_PM)
04884         len +=
04885             sprintf(buffer + len,
04886                     "PM   aci version is %u, aci entry size is %Zd\n",
04887                     RSBAC_PM_PROCESS_ACI_VERSION,
04888                     sizeof(struct rsbac_pm_process_aci_t));
04889         pos = begin + len;
04890         if (pos < offset) {
04891                 len = 0;
04892                 begin = pos;
04893         }
04894         if (pos > offset + length)
04895                 goto out;
04896 #endif
04897 #if defined(CONFIG_RSBAC_RC)
04898         len +=
04899             sprintf(buffer + len,
04900                     "RC   aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04901                     RSBAC_RC_PROCESS_ACI_VERSION,
04902                     sizeof(struct rsbac_rc_process_aci_t),
04903                     CONFIG_RSBAC_RC_NR_P_LISTS);
04904         pos = begin + len;
04905         if (pos < offset) {
04906                 len = 0;
04907                 begin = pos;
04908         }
04909         if (pos > offset + length)
04910                 goto out;
04911 #endif
04912 #if defined(CONFIG_RSBAC_AUTH)
04913         len +=
04914             sprintf(buffer + len,
04915                     "AUTH aci version is %u, aci entry size is %Zd\n",
04916                     RSBAC_AUTH_PROCESS_ACI_VERSION,
04917                     sizeof(struct rsbac_auth_process_aci_t));
04918         pos = begin + len;
04919         if (pos < offset) {
04920                 len = 0;
04921                 begin = pos;
04922         }
04923         if (pos > offset + length)
04924                 goto out;
04925 #endif
04926 #if defined(CONFIG_RSBAC_CAP)
04927         len +=
04928             sprintf(buffer + len,
04929                     "CAP aci version is %u, aci entry size is %Zd\n",
04930                     RSBAC_CAP_PROCESS_ACI_VERSION,
04931                     sizeof(struct rsbac_cap_process_aci_t));
04932         pos = begin + len;
04933         if (pos < offset) {
04934                 len = 0;
04935                 begin = pos;
04936         }
04937         if (pos > offset + length)
04938                 goto out;
04939 #endif
04940 #if defined(CONFIG_RSBAC_JAIL)
04941         len +=
04942             sprintf(buffer + len,
04943                     "JAIL aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04944                     RSBAC_JAIL_PROCESS_ACI_VERSION,
04945                     sizeof(struct rsbac_jail_process_aci_t),
04946                     CONFIG_RSBAC_JAIL_NR_P_LISTS);
04947         pos = begin + len;
04948         if (pos < offset) {
04949                 len = 0;
04950                 begin = pos;
04951         }
04952         if (pos > offset + length)
04953                 goto out;
04954 #endif
04955 
04956 #if defined(CONFIG_RSBAC_NET_DEV)
04957         len += sprintf(buffer + len, "\nNETDEV lists:\n");
04958         pos = begin + len;
04959         if (pos < offset) {
04960                 len = 0;
04961                 begin = pos;
04962         }
04963         if (pos > offset + length)
04964                 goto out;
04965 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
04966         len +=
04967             sprintf(buffer + len,
04968                     "GEN  aci version is %u, aci entry size is %Zd\n",
04969                     RSBAC_GEN_NETDEV_ACI_VERSION,
04970                     sizeof(struct rsbac_gen_netdev_aci_t));
04971         pos = begin + len;
04972         if (pos < offset) {
04973                 len = 0;
04974                 begin = pos;
04975         }
04976         if (pos > offset + length)
04977                 goto out;
04978 #endif
04979 #if defined(CONFIG_RSBAC_RC)
04980         len +=
04981             sprintf(buffer + len,
04982                     "RC   aci version is %u, aci entry size is %Zd\n",
04983                     RSBAC_RC_NETDEV_ACI_VERSION,
04984                     sizeof(rsbac_rc_type_id_t));
04985         pos = begin + len;
04986         if (pos < offset) {
04987                 len = 0;
04988                 begin = pos;
04989         }
04990         if (pos > offset + length)
04991                 goto out;
04992 #endif
04993 #endif
04994 
04995 #if defined(CONFIG_RSBAC_NET_OBJ)
04996         len +=
04997             sprintf(buffer + len,
04998                     "\nNetwork Template list: version is %u, data size is %Zd\n",
04999                     RSBAC_NET_TEMP_VERSION,
05000                     sizeof(struct rsbac_net_temp_data_t));
05001         pos = begin + len;
05002         if (pos < offset) {
05003                 len = 0;
05004                 begin = pos;
05005         }
05006         if (pos > offset + length)
05007                 goto out;
05008         len +=
05009             sprintf(buffer + len,
05010                     "\nNETOBJ lists:\nGEN  aci version is %u, aci entry size is %Zd\n",
05011                     RSBAC_GEN_NETOBJ_ACI_VERSION,
05012                     sizeof(struct rsbac_gen_netobj_aci_t));
05013         pos = begin + len;
05014         if (pos < offset) {
05015                 len = 0;
05016                 begin = pos;
05017         }
05018         if (pos > offset + length)
05019                 goto out;
05020 #if defined(CONFIG_RSBAC_MAC)
05021         len +=
05022             sprintf(buffer + len,
05023                     "MAC  aci version is %u, aci entry size is %Zd\n",
05024                     RSBAC_MAC_NETOBJ_ACI_VERSION,
05025                     sizeof(struct rsbac_mac_netobj_aci_t));
05026         pos = begin + len;
05027         if (pos < offset) {
05028                 len = 0;
05029                 begin = pos;
05030         }
05031         if (pos > offset + length)
05032                 goto out;
05033 #endif
05034 #if defined(CONFIG_RSBAC_PM)
05035         len +=
05036             sprintf(buffer + len,
05037                     "PM   aci version is %u, aci entry size is %Zd\n",
05038                     RSBAC_PM_NETOBJ_ACI_VERSION,
05039                     sizeof(struct rsbac_pm_netobj_aci_t));
05040         pos = begin + len;
05041         if (pos < offset) {
05042                 len = 0;
05043                 begin = pos;
05044         }
05045         if (pos > offset + length)
05046                 goto out;
05047 #endif
05048 #if defined(CONFIG_RSBAC_RC)
05049         len +=
05050             sprintf(buffer + len,
05051                     "RC   aci version is %u, aci entry size is %Zd\n",
05052                     RSBAC_RC_NETOBJ_ACI_VERSION,
05053                     sizeof(rsbac_rc_type_id_t));
05054         pos = begin + len;
05055         if (pos < offset) {
05056                 len = 0;
05057                 begin = pos;
05058         }
05059         if (pos > offset + length)
05060                 goto out;
05061 #endif
05062 #endif
05063 
05064         len +=
05065             sprintf(buffer + len,
05066                     "\nlog_levels array: version is %u, array size is %Zd\n",
05067                     RSBAC_LOG_LEVEL_VERSION,
05068                     R_NONE * (T_NONE + 1) * sizeof(rsbac_enum_t));
05069         pos = begin + len;
05070         if (pos < offset) {
05071                 len = 0;
05072                 begin = pos;
05073         }
05074         if (pos > offset + length)
05075                 goto out;
05076         len +=
05077             sprintf(buffer + len,
05078                     "\nattribute value union size is %u\n",
05079                     (int) sizeof(union rsbac_attribute_value_t));
05080 #ifdef CONFIG_RSBAC_FD_CACHE
05081         len +=
05082             sprintf(buffer + len,
05083                     "fd cache attribute value union size is %u\n",
05084                     (int) sizeof(union rsbac_attribute_value_cache_t));
05085 #endif
05086         pos = begin + len;
05087         if (pos < offset) {
05088                 len = 0;
05089                 begin = pos;
05090         }
05091 
05092       out:
05093         *start = buffer + (offset - begin);
05094         len -= (offset - begin);
05095 
05096         if (len > length)
05097                 len = length;
05098         return len;
05099 }
05100 
05101 #ifdef CONFIG_RSBAC_NET_OBJ
05102 static int
05103 net_temp_proc_info(char *buffer, char **start, off_t offset, int length)
05104 {
05105         u_int len = 0;
05106         off_t pos = 0;
05107         off_t begin = 0;
05108         rsbac_net_temp_id_t *temp_array;
05109         long count;
05110 
05111         union rsbac_target_id_t rsbac_target_id;
05112         union rsbac_attribute_value_t rsbac_attribute_value;
05113 
05114         if (!rsbac_initialized)
05115                 return (-ENOSYS);
05116 
05117         rsbac_pr_debug(aef, "calling ADF\n");
05118         rsbac_target_id.scd = ST_rsbac;
05119         rsbac_attribute_value.dummy = 0;
05120         if (!rsbac_adf_request(R_GET_STATUS_DATA,
05121                                current->pid,
05122                                T_SCD,
05123                                rsbac_target_id,
05124                                A_none, rsbac_attribute_value)) {
05125                 return -EPERM;
05126         }
05127 
05128         len = sprintf(buffer, "Network Templates\n-----------------\n");
05129         pos = begin + len;
05130         if (pos < offset) {
05131                 len = 0;
05132                 begin = pos;
05133         }
05134         if (pos > offset + length)
05135                 goto out;
05136 
05137         count =
05138             rsbac_list_get_all_desc(net_temp_handle,
05139                                     (void **) &temp_array);
05140         if (count > 0) {
05141                 __u32 i;
05142                 struct rsbac_net_temp_data_t data;
05143 
05144                 for (i = 0; i < count; i++) {
05145                         if (!rsbac_list_get_data
05146                             (net_temp_handle, &temp_array[i], &data)) {
05147                                 len +=
05148                                     sprintf(buffer + len, "%10u  %s\n",
05149                                             temp_array[i], data.name);
05150                                 pos = begin + len;
05151                                 if (pos < offset) {
05152                                         len = 0;
05153                                         begin = pos;
05154                                 }
05155                                 if (pos > offset + length) {
05156                                         rsbac_vfree(temp_array);
05157                                         goto out;
05158                                 }
05159                         }
05160                 }
05161                 rsbac_vfree(temp_array);
05162         }
05163         len += sprintf(buffer + len, "%lu templates\n", count);
05164         pos = begin + len;
05165         if (pos < offset) {
05166                 len = 0;
05167                 begin = pos;
05168         }
05169 
05170       out:
05171         *start = buffer + (offset - begin);
05172         len -= (offset - begin);
05173 
05174         if (len > length)
05175                 len = length;
05176         return len;
05177 }
05178 #endif                          /* NET_OBJ */
05179 
05180 #ifdef CONFIG_RSBAC_JAIL
05181 static int
05182 jail_proc_info(char *buffer, char **start, off_t offset, int length)
05183 {
05184         u_int len = 0;
05185         off_t pos = 0;
05186         off_t begin = 0;
05187         rsbac_pid_t *pid_array;
05188         struct rsbac_ipc_t *ipc_array;
05189         u_long count = 0;
05190         u_int i;
05191         struct rsbac_jail_process_aci_t data;
05192         union rsbac_target_id_t rsbac_target_id;
05193         union rsbac_attribute_value_t rsbac_attribute_value;
05194 
05195         if (!rsbac_initialized)
05196                 return (-ENOSYS);
05197 
05198         rsbac_pr_debug(aef, "calling ADF\n");
05199         rsbac_target_id.scd = ST_rsbac;
05200         rsbac_attribute_value.dummy = 0;
05201         if (!rsbac_adf_request(R_GET_STATUS_DATA,
05202                                current->pid,
05203                                T_SCD,
05204                                rsbac_target_id,
05205                                A_none, rsbac_attribute_value)) {
05206                 return -EPERM;
05207         }
05208 
05209         len =
05210             sprintf(buffer,
05211                     "Syslog-Jail is %u\n\nJAILed Processes\n----------------\nPID    Jail-ID    Flags   Max Caps   SCD get    SCD modify IP\n",
05212                     rsbac_jail_syslog_jail_id);
05213         pos = begin + len;
05214         if (pos < offset) {
05215                 len = 0;
05216                 begin = pos;
05217         }
05218         if (pos > offset + length)
05219                 goto out;
05220 
05221         count = rsbac_list_get_all_desc(process_handles.jail,
05222                                         (void **) &pid_array);
05223         if (count > 0) {
05224                 for (i = 0; i < count; i++) {
05225                         if (!rsbac_list_get_data
05226                             (process_handles.jail,
05227                              &pid_array[i], &data)) {
05228                                 len +=
05229                                     sprintf(buffer + len,
05230                                             "%-5u  %-10u %-7u %-10i %-10u %-10u %u.%u.%u.%u\n",
05231                                             pid_array[i], data.id,
05232                                             data.flags,
05233                                             data.max_caps,
05234                                             data.scd_get,
05235                                             data.scd_modify,
05236                                             NIPQUAD(data.ip));
05237                                 pos = begin + len;
05238                                 if (pos < offset) {
05239                                         len = 0;
05240                                         begin = pos;
05241                                 }
05242                                 if (pos > offset + length) {
05243                                         rsbac_vfree(pid_array);
05244                                         goto out;
05245                                 }
05246                         }
05247                 }
05248                 rsbac_vfree(pid_array);
05249         }
05250         len += sprintf(buffer + len, "%lu jailed processes\n", count);
05251         pos = begin + len;
05252         if (pos < offset) {
05253                 len = 0;
05254                 begin = pos;
05255         }
05256         if (pos > offset + length)
05257                 goto out;
05258 
05259         len +=
05260             sprintf(buffer + len,
05261                     "\nJAIL IPCs\n---------\nType        IPC-ID     Jail-ID\n");
05262         pos = begin + len;
05263         if (pos < offset) {
05264                 len = 0;
05265                 begin = pos;
05266         }
05267         if (pos > offset + length)
05268                 goto out;
05269 
05270         count =
05271             rsbac_list_get_all_desc(ipc_handles.jail,
05272                                     (void **) &ipc_array);
05273         if (count > 0) {
05274                 __u32 i;
05275                 rsbac_jail_id_t data;
05276                 char tmp[RSBAC_MAXNAMELEN];
05277 
05278                 for (i = 0; i < count; i++) {
05279                         if (!rsbac_list_get_data
05280                             (ipc_handles.jail, &ipc_array[i], &data)) {
05281                                 len +=
05282                                     sprintf(buffer + len,
05283                                             "%-10s  %-10lu %-10u\n",
05284                                             get_ipc_target_name(tmp,
05285                                                                 ipc_array
05286                                                                 [i].type),
05287                                             ipc_array[i].id.id_nr, data);
05288                                 pos = begin + len;
05289                                 if (pos < offset) {
05290                                         len = 0;
05291                                         begin = pos;
05292                                 }
05293                                 if (pos > offset + length) {
05294                                         rsbac_vfree(ipc_array);
05295                                         goto out;
05296                                 }
05297                         }
05298                 }
05299                 rsbac_vfree(ipc_array);
05300         }
05301         len += sprintf(buffer + len, "%lu JAIL IPCs\n", count);
05302         pos = begin + len;
05303         if (pos < offset) {
05304                 len = 0;
05305                 begin = pos;
05306         }
05307         if (pos > offset + length)
05308                 goto out;
05309       out:
05310         *start = buffer + (offset - begin);
05311         len -= (offset - begin);
05312 
05313         if (len > length)
05314                 len = length;
05315         return len;
05316 }
05317 #endif                          /* JAIL */
05318 
05319 #ifdef CONFIG_RSBAC_PAX
05320 static int
05321 pax_proc_info(char *buffer, char **start, off_t offset, int length)
05322 {
05323         int len = 0;
05324         off_t pos = 0;
05325         off_t begin = 0;
05326 
05327         union rsbac_target_id_t rsbac_target_id;
05328         union rsbac_attribute_value_t rsbac_attribute_value;
05329 
05330         if (!rsbac_initialized)
05331                 return (-ENOSYS);
05332 
05333         rsbac_target_id.scd = ST_rsbac;
05334         rsbac_attribute_value.dummy = 0;
05335         if (!rsbac_adf_request(R_GET_STATUS_DATA,
05336                                current->pid,
05337                                T_SCD,
05338                                rsbac_target_id,
05339                                A_none, rsbac_attribute_value)) {
05340                 return -EPERM;
05341         }
05342         len += sprintf(buffer, "RSBAC PaX module\n----------------\n");
05343         pos = begin + len;
05344         if (pos < offset) {
05345                 len = 0;
05346                 begin = pos;
05347         }
05348         if (pos > offset + length)
05349                 goto out;
05350 
05351         len += sprintf(buffer + len, "%li user list items.\n",
05352                        rsbac_list_count(user_handles.pax));
05353         pos = begin + len;
05354         if (pos < offset) {
05355                 len = 0;
05356                 begin = pos;
05357         }
05358         if (pos > offset + length)
05359                 goto out;
05360 
05361       out:
05362         *start = buffer + (offset - begin);
05363         len -= (offset - begin);
05364 
05365         if (len > length)
05366                 len = length;
05367         return len;
05368 }
05369 #endif
05370 
05371 static int register_all_rsbac_proc(void)
05372 {
05373         struct proc_dir_entry *tmp_entry_p;
05374 
05375         proc_rsbac_root_p = create_proc_entry("rsbac-info",
05376                                               S_IFDIR | S_IRUGO | S_IXUGO,
05377                                               &proc_root);
05378         if (!proc_rsbac_root_p)
05379                 return -RSBAC_ECOULDNOTADDITEM;
05380 
05381         proc_rsbac_backup_p = create_proc_entry("backup",
05382                                                 S_IFDIR | S_IRUGO |
05383                                                 S_IXUGO,
05384                                                 proc_rsbac_root_p);
05385         if (!proc_rsbac_root_p)
05386                 return -RSBAC_ECOULDNOTADDITEM;
05387 
05388         tmp_entry_p = create_proc_entry("devices",
05389                                         S_IFREG | S_IRUGO,
05390                                         proc_rsbac_root_p);
05391         if (!tmp_entry_p)
05392                 return -RSBAC_ECOULDNOTADDITEM;
05393         tmp_entry_p->get_info = devices_proc_info;
05394 
05395         tmp_entry_p = create_proc_entry("stats",
05396                                         S_IFREG | S_IRUGO,
05397                                         proc_rsbac_root_p);
05398         if (!tmp_entry_p)
05399                 return -RSBAC_ECOULDNOTADDITEM;
05400         tmp_entry_p->get_info = stats_proc_info;
05401 
05402         tmp_entry_p = create_proc_entry("active",
05403                                         S_IFREG | S_IRUGO,
05404                                         proc_rsbac_root_p);
05405         if (!tmp_entry_p)
05406                 return -RSBAC_ECOULDNOTADDITEM;
05407         tmp_entry_p->get_info = active_proc_info;
05408 
05409 #ifdef CONFIG_RSBAC_XSTATS
05410         tmp_entry_p = create_proc_entry("xstats",
05411                                         S_IFREG | S_IRUGO,
05412                                         proc_rsbac_root_p);
05413         if (!tmp_entry_p)
05414                 return -RSBAC_ECOULDNOTADDITEM;
05415         tmp_entry_p->get_info = xstats_proc_info;
05416 #endif
05417 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
05418         tmp_entry_p = create_proc_entry("auto_write",
05419                                         S_IFREG | S_IRUGO | S_IWUGO,
05420                                         proc_rsbac_root_p);
05421         if (!tmp_entry_p)
05422                 return -RSBAC_ECOULDNOTADDITEM;
05423         tmp_entry_p->get_info = auto_write_proc_info;
05424         tmp_entry_p->write_proc = auto_write_proc_write;
05425 #endif
05426         tmp_entry_p = create_proc_entry("versions",
05427                                         S_IFREG | S_IRUGO,
05428                                         proc_rsbac_root_p);
05429         if (!tmp_entry_p)
05430                 return -RSBAC_ECOULDNOTADDITEM;
05431         tmp_entry_p->get_info = versions_proc_info;
05432 
05433 #ifdef CONFIG_RSBAC_NET_OBJ
05434         tmp_entry_p = create_proc_entry("net_temp",
05435                                         S_IFREG | S_IRUGO,
05436                                         proc_rsbac_root_p);
05437         if (!tmp_entry_p)
05438                 return -RSBAC_ECOULDNOTADDITEM;
05439         tmp_entry_p->get_info = net_temp_proc_info;
05440 #endif
05441 #ifdef CONFIG_RSBAC_JAIL
05442         tmp_entry_p = create_proc_entry("jails",
05443                                         S_IFREG | S_IRUGO,
05444                                         proc_rsbac_root_p);
05445         if (!tmp_entry_p)
05446                 return -RSBAC_ECOULDNOTADDITEM;
05447         tmp_entry_p->get_info = jail_proc_info;
05448 #endif
05449 #ifdef CONFIG_RSBAC_PAX
05450         tmp_entry_p = create_proc_entry("pax",
05451                                         S_IFREG | S_IRUGO,
05452                                         proc_rsbac_root_p);
05453         if (!tmp_entry_p)
05454                 return -RSBAC_ECOULDNOTADDITEM;
05455         tmp_entry_p->get_info = pax_proc_info;
05456 #endif
05457 
05458         return 0;
05459 }
05460 
05461 /*
05462 static int unregister_all_rsbac_proc(void)
05463   {
05464 #ifdef CONFIG_RSBAC_PAX
05465     remove_proc_entry("pax", proc_rsbac_root_p);
05466 #endif
05467 #ifdef CONFIG_RSBAC_JAIL
05468     remove_proc_entry("jails", proc_rsbac_root_p);
05469 #endif
05470 #ifdef CONFIG_RSBAC_NET_OBJ
05471     remove_proc_entry("net_temp", proc_rsbac_root_p);
05472 #endif
05473     remove_proc_entry("versions", proc_rsbac_root_p);
05474     remove_proc_entry("devices", proc_rsbac_root_p);
05475     remove_proc_entry("stats", proc_rsbac_root_p);
05476     remove_proc_entry("active", proc_rsbac_root_p);
05477     remove_proc_entry("auto-write", proc_rsbac_root_p);
05478     remove_proc_entry("backup", proc_rsbac_root_p);
05479     remove_proc_entry("rsbac-info", &proc_root);
05480     return0;
05481   }
05482 */
05483 #endif
05484 
05485 
05486 /************************************************* */
05487 /*               RSBAC daemon                      */
05488 /************************************************* */
05489 
05490 /************************************************************************** */
05491 /* Initialization, including ACI restoration for root device from disk.     */
05492 /* After this call, all ACI is kept in memory for performance reasons,      */
05493 /* but user and file/dir object ACI are written to disk on every change.    */
05494 
05495 /* Since there can be no access to aci data structures before init,         */
05496 /* rsbac_do_init() will initialize all rw-spinlocks to unlocked.               */
05497 
05498 /* DAZ init prototype */
05499 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
05500 #ifdef CONFIG_RSBAC_INIT_DELAY
05501 int rsbac_init_daz(void);
05502 #else
05503 int __init rsbac_init_daz(void);
05504 #endif
05505 #endif
05506 
05507 #ifdef CONFIG_RSBAC_INIT_DELAY
05508 static void registration_error(int err, char *listname)
05509 #else
05510 static void __init registration_error(int err, char *listname)
05511 #endif
05512 {
05513         if (err < 0) {
05514                 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05515 
05516                 if (tmp) {
05517                         rsbac_printk(KERN_WARNING "rsbac_do_init(): Registering %s list failed with error %s\n",
05518                                      listname, get_error_name(tmp, err));
05519                         rsbac_kfree(tmp);
05520                 }
05521         }
05522 }
05523 
05524 #ifdef CONFIG_RSBAC_FD_CACHE
05525 #ifdef CONFIG_RSBAC_INIT_DELAY
05526 static int register_fd_cache_lists(void)
05527 #else
05528 static int __init register_fd_cache_lists(void)
05529 #endif
05530 {
05531         int err = 0;
05532         struct rsbac_list_lol_info_t *list_info_p;
05533         char * tmp;
05534         u_int i;
05535 
05536         for (i = 0; i < SW_NONE; i++) {
05537                 fd_cache_handle[i] = NULL;
05538 #ifdef CONFIG_RSBAC_XSTATS
05539                 fd_cache_hits[i] = 0;
05540                 fd_cache_misses[i] = 0;
05541 #endif
05542         }
05543         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05544         if (!list_info_p) {
05545                 return -ENOMEM;
05546         }
05547         tmp = kmalloc(RSBAC_MAXNAMELEN, GFP_KERNEL);
05548         if (!tmp) {
05549                 kfree(list_info_p);
05550                 return -ENOMEM;
05551         }
05552         rsbac_pr_debug(ds, "registering FD Cache lists\n");
05553         list_info_p->version = RSBAC_FD_CACHE_VERSION;
05554         list_info_p->key = RSBAC_FD_CACHE_KEY;
05555         list_info_p->desc_size = sizeof(struct rsbac_fd_cache_desc_t);
05556         list_info_p->data_size = 0;
05557         list_info_p->subdesc_size = sizeof(rsbac_enum_t);
05558         list_info_p->subdata_size =
05559             sizeof(union rsbac_attribute_value_cache_t);
05560         list_info_p->max_age = 0;
05561         sprintf(tmp, "%sGEN", RSBAC_FD_CACHE_NAME);
05562         err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
05563                                   &fd_cache_handle[SW_GEN], list_info_p,
05564                                   RSBAC_LIST_DEF_DATA | \
05565                                     RSBAC_LIST_AUTO_HASH_RESIZE | \
05566                                     RSBAC_LIST_NO_MAX_WARN,
05567                                   NULL,
05568                                   NULL, /* subcompare */
05569                                   NULL, NULL, /* get_conv */
05570                                   NULL, NULL, /* def data */
05571                                   tmp,
05572                                   RSBAC_AUTO_DEV,
05573                                   RSBAC_LIST_MIN_MAX_HASHES,
05574                                   hash_fd_cache,
05575                                   NULL);
05576         if (err)
05577                 registration_error(err, "FD Cache GEN");
05578         else
05579                 rsbac_list_lol_max_items(fd_cache_handle[SW_GEN],
05580                         RSBAC_FD_CACHE_KEY,
05581                         CONFIG_RSBAC_FD_CACHE_MAX_ITEMS, A_none);
05582 
05583 #if defined(CONFIG_RSBAC_MAC) && defined(CONFIG_RSBAC_MAC_DEF_INHERIT)
05584         sprintf(tmp, "%sMAC", RSBAC_FD_CACHE_NAME);
05585         err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
05586                                   &fd_cache_handle[SW_MAC], list_info_p,
05587                                   RSBAC_LIST_DEF_DATA | \
05588                                     RSBAC_LIST_AUTO_HASH_RESIZE | \
05589                                     RSBAC_LIST_NO_MAX_WARN,
05590                                   NULL,
05591                                   NULL, /* subcompare */
05592                                   NULL, NULL, /* get_conv */
05593                                   NULL, NULL, /* def data */
05594                                   tmp,
05595                                   RSBAC_AUTO_DEV,
05596                                   RSBAC_LIST_MIN_MAX_HASHES,
05597                                   hash_fd_cache,
05598                                   NULL);
05599         if (err)
05600                 registration_error(err, "FD Cache MAC");
05601         else
05602                 rsbac_list_lol_max_items(fd_cache_handle[SW_MAC],
05603                         RSBAC_FD_CACHE_KEY,
05604                         CONFIG_RSBAC_FD_CACHE_MAX_ITEMS, A_none);
05605 #endif
05606 #if defined(CONFIG_RSBAC_FF)
05607         sprintf(tmp, "%sFF", RSBAC_FD_CACHE_NAME);
05608         err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
05609                                   &fd_cache_handle[SW_FF], list_info_p,
05610                                   RSBAC_LIST_DEF_DATA | \
05611                                     RSBAC_LIST_AUTO_HASH_RESIZE | \
05612                                     RSBAC_LIST_NO_MAX_WARN,
05613                                   NULL,
05614                                   NULL, /* subcompare */
05615                                   NULL, NULL, /* get_conv */
05616                                   NULL, NULL, /* def data */
05617                                   tmp,
05618                                   RSBAC_AUTO_DEV,
05619                                   RSBAC_LIST_MIN_MAX_HASHES,
05620                                   hash_fd_cache,
05621                                   NULL);
05622         if (err)
05623                 registration_error(err, "FD Cache FF");
05624         else
05625                 rsbac_list_lol_max_items(fd_cache_handle[SW_FF],
05626                         RSBAC_FD_CACHE_KEY,
05627                         CONFIG_RSBAC_FD_CACHE_MAX_ITEMS, A_none);
05628 #endif
05629 #if defined(CONFIG_RSBAC_RC)
05630         sprintf(tmp, "%sRC", RSBAC_FD_CACHE_NAME);
05631         err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
05632                                   &fd_cache_handle[SW_RC], list_info_p,
05633                                   RSBAC_LIST_DEF_DATA | \
05634                                     RSBAC_LIST_AUTO_HASH_RESIZE | \
05635                                     RSBAC_LIST_NO_MAX_WARN,
05636                                   NULL,
05637                                   NULL, /* subcompare */
05638                                   NULL, NULL, /* get_conv */
05639                                   NULL, NULL, /* def data */
05640                                   tmp,
05641                                   RSBAC_AUTO_DEV,
05642                                   RSBAC_LIST_MIN_MAX_HASHES,
05643                                   hash_fd_cache,
05644                                   NULL);
05645         if (err)
05646                 registration_error(err, "FD Cache RC");
05647         else
05648                 rsbac_list_lol_max_items(fd_cache_handle[SW_RC],
05649                         RSBAC_FD_CACHE_KEY,
05650                         CONFIG_RSBAC_FD_CACHE_MAX_ITEMS, A_none);
05651 #endif
05652 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_DAZ_CACHE)
05653         sprintf(tmp, "%sDAZ", RSBAC_FD_CACHE_NAME);
05654         err = rsbac_list_lol_register_hashed(RSBAC_LIST_VERSION,
05655                                   &fd_cache_handle[SW_DAZ], list_info_p,
05656                                   RSBAC_LIST_DEF_DATA | \
05657                                     RSBAC_LIST_AUTO_HASH_RESIZE | \
05658                                     RSBAC_LIST_NO_MAX_WARN,
05659                                   NULL,
05660                                   NULL, /* subcompare */
05661                                   NULL, NULL, /* get_conv */
05662                                   NULL, NULL, /* def data */
05663                                   tmp,
05664                                   RSBAC_AUTO_DEV,
05665                                   RSBAC_LIST_MIN_MAX_HASHES,
05666                                   hash_fd_cache,
05667                                   NULL);
05668         if (err)
05669                 registration_error(err, "FD Cache DAZ");
05670         else
05671                 rsbac_list_lol_max_items(fd_cache_handle[SW_DAZ],
05672                         RSBAC_FD_CACHE_KEY,
05673                         CONFIG_RSBAC_FD_CACHE_MAX_ITEMS,
05674                         A_none);
05675 #endif
05676 
05677         rsbac_kfree(list_info_p);
05678         rsbac_kfree(tmp);
05679         return err;
05680 }
05681 #endif
05682 
05683 #ifdef CONFIG_RSBAC_INIT_DELAY
05684 static int register_dev_lists(void)
05685 #else
05686 static int __init register_dev_lists(void)
05687 #endif
05688 {
05689         int err = 0;
05690         struct rsbac_list_info_t *list_info_p;
05691 
05692         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05693         if (!list_info_p) {
05694                 return -ENOMEM;
05695         }
05696         rsbac_pr_debug(ds, "registering DEV lists\n");
05697         {
05698                 struct rsbac_gen_dev_aci_t def_aci = DEFAULT_GEN_DEV_ACI;
05699 
05700                 list_info_p->version = RSBAC_GEN_DEV_ACI_VERSION;
05701                 list_info_p->key = RSBAC_GEN_DEV_ACI_KEY;
05702                 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05703                 list_info_p->data_size =
05704                     sizeof(struct rsbac_gen_dev_aci_t);
05705                 list_info_p->max_age = 0;
05706                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05707                                           &dev_handles.gen, list_info_p,
05708 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05709                                           RSBAC_LIST_BACKUP |
05710 #endif
05711                                           RSBAC_LIST_PERSIST |
05712                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05713                                           dev_compare,
05714                                           gen_dev_get_conv, &def_aci,
05715                                           RSBAC_GEN_ACI_DEV_NAME,
05716                                           RSBAC_AUTO_DEV,
05717                                           1,
05718                                           rsbac_list_hash_dev,
05719                                           NULL);
05720                 if (err) {
05721                         registration_error(err, "DEV General");
05722                 }
05723         }
05724 #if defined(CONFIG_RSBAC_MAC)
05725         {
05726                 struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI;
05727 
05728                 list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION;
05729                 list_info_p->key = RSBAC_MAC_DEV_ACI_KEY;
05730                 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05731                 list_info_p->data_size =
05732                     sizeof(struct rsbac_mac_dev_aci_t);
05733                 list_info_p->max_age = 0;
05734                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05735                                           &dev_handles.mac, list_info_p,
05736 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05737                                           RSBAC_LIST_BACKUP |
05738 #endif
05739                                           RSBAC_LIST_PERSIST |
05740                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05741                                           dev_compare,
05742                                           mac_dev_get_conv, &def_aci,
05743                                           RSBAC_MAC_ACI_DEV_NAME,
05744                                           RSBAC_AUTO_DEV,
05745                                           1,
05746                                           rsbac_list_hash_dev,
05747                                           NULL);
05748                 if (err) {
05749                         registration_error(err, "DEV MAC");
05750                 }
05751         }
05752 #endif
05753 #if defined(CONFIG_RSBAC_PM)
05754         {
05755                 struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI;
05756 
05757                 list_info_p->version = RSBAC_PM_DEV_ACI_VERSION;
05758                 list_info_p->key = RSBAC_PM_DEV_ACI_KEY;
05759                 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05760                 list_info_p->data_size = sizeof(struct rsbac_pm_dev_aci_t);
05761                 list_info_p->max_age = 0;
05762                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05763                                           &dev_handles.pm, list_info_p,
05764 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05765                                           RSBAC_LIST_BACKUP |
05766 #endif
05767                                           RSBAC_LIST_PERSIST |
05768                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05769                                           dev_compare,
05770                                           pm_dev_get_conv, &def_aci,
05771                                           RSBAC_PM_ACI_DEV_NAME,
05772                                           RSBAC_AUTO_DEV,
05773                                           1,
05774                                           rsbac_list_hash_dev,
05775                                           NULL);
05776                 if (err) {
05777                         registration_error(err, "DEV PM");
05778                 }
05779         }
05780 #endif
05781 #if defined(CONFIG_RSBAC_RC)
05782         {
05783                 rsbac_rc_type_id_t def_major_aci = RSBAC_RC_GENERAL_TYPE;
05784                 rsbac_rc_type_id_t def_aci = RC_type_inherit_parent;
05785 
05786                 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05787                 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05788                 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05789                 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05790                 list_info_p->max_age = 0;
05791                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05792                                           &dev_major_handles.rc,
05793                                           list_info_p,
05794 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05795                                           RSBAC_LIST_BACKUP |
05796 #endif
05797                                           RSBAC_LIST_PERSIST |
05798                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05799                                           dev_major_compare,
05800                                           rc_dev_get_conv, &def_major_aci,
05801                                           RSBAC_RC_ACI_DEV_MAJOR_NAME,
05802                                           RSBAC_AUTO_DEV,
05803                                           1,
05804                                           rsbac_list_hash_dev,
05805                                           NULL);
05806                 if (err) {
05807                         registration_error(err, "DEV major RC");
05808                 }
05809                 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05810                 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05811                 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05812                 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05813                 list_info_p->max_age = 0;
05814                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05815                                           &dev_handles.rc, list_info_p,
05816 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05817                                           RSBAC_LIST_BACKUP |
05818 #endif
05819                                           RSBAC_LIST_PERSIST |
05820                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05821                                           dev_compare,
05822                                           rc_dev_get_conv, &def_aci,
05823                                           RSBAC_RC_ACI_DEV_NAME,
05824                                           RSBAC_AUTO_DEV,
05825                                           1,
05826                                           rsbac_list_hash_dev,
05827                                           NULL);
05828                 if (err) {
05829                         registration_error(err, "DEV RC");
05830                 }
05831         }
05832 #endif
05833 
05834         rsbac_kfree(list_info_p);
05835         return err;
05836 }
05837 
05838 #ifdef CONFIG_RSBAC_INIT_DELAY
05839 static int register_ipc_lists(void)
05840 #else
05841 static int __init register_ipc_lists(void)
05842 #endif
05843 {
05844         int err = 0;
05845         struct rsbac_list_info_t *list_info_p;
05846 
05847         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05848         if (!list_info_p) {
05849                 return -ENOMEM;
05850         }
05851         rsbac_pr_debug(ds, "registering IPC lists\n");
05852 #if defined(CONFIG_RSBAC_MAC)
05853         {
05854                 struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI;
05855 
05856                 list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION;
05857                 list_info_p->key = RSBAC_MAC_IPC_ACI_KEY;
05858                 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05859                 list_info_p->data_size =
05860                     sizeof(struct rsbac_mac_ipc_aci_t);
05861                 list_info_p->max_age = 0;
05862                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05863                                           &ipc_handles.mac,
05864                                           list_info_p,
05865                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05866                                           ipc_compare,
05867                                           NULL,
05868                                           &def_aci,
05869                                           RSBAC_MAC_ACI_IPC_NAME,
05870                                           RSBAC_AUTO_DEV,
05871                                           1,
05872                                           rsbac_list_hash_ipc,
05873                                           NULL);
05874                 if (err) {
05875                         registration_error(err, "IPC MAC");
05876                 }
05877         }
05878 #endif
05879 #if defined(CONFIG_RSBAC_PM)
05880         {
05881                 struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI;
05882 
05883                 list_info_p->version = RSBAC_PM_IPC_ACI_VERSION;
05884                 list_info_p->key = RSBAC_PM_IPC_ACI_KEY;
05885                 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05886                 list_info_p->data_size = sizeof(struct rsbac_pm_ipc_aci_t);
05887                 list_info_p->max_age = 0;
05888                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05889                                           &ipc_handles.pm,
05890                                           list_info_p,
05891                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05892                                           ipc_compare,
05893                                           NULL,
05894                                           &def_aci,
05895                                           RSBAC_PM_ACI_IPC_NAME,
05896                                           RSBAC_AUTO_DEV,
05897                                           1,
05898                                           rsbac_list_hash_ipc,
05899                                           NULL);
05900                 if (err) {
05901                         registration_error(err, "IPC PM");
05902                 }
05903         }
05904 #endif
05905 #if defined(CONFIG_RSBAC_RC)
05906         {
05907                 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
05908 
05909                 list_info_p->version = RSBAC_RC_IPC_ACI_VERSION;
05910                 list_info_p->key = RSBAC_RC_IPC_ACI_KEY;
05911                 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05912                 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05913                 list_info_p->max_age = 0;
05914                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05915                                           &ipc_handles.rc,
05916                                           list_info_p,
05917                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05918                                           ipc_compare,
05919                                           NULL,
05920                                           &def_aci,
05921                                           RSBAC_RC_ACI_IPC_NAME,
05922                                           RSBAC_AUTO_DEV,
05923                                           1,
05924                                           rsbac_list_hash_ipc,
05925                                           NULL);
05926                 if (err) {
05927                         registration_error(err, "IPC RC");
05928                 }
05929         }
05930 #endif
05931 #if defined(CONFIG_RSBAC_JAIL)
05932         {
05933                 rsbac_jail_id_t def_aci = RSBAC_JAIL_DEF_ID;
05934 
05935                 list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION;
05936                 list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY;
05937                 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05938                 list_info_p->data_size = sizeof(rsbac_jail_id_t);
05939                 list_info_p->max_age = 0;
05940                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05941                                           &ipc_handles.jail,
05942                                           list_info_p,
05943                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05944                                           ipc_compare,
05945                                           NULL,
05946                                           &def_aci,
05947                                           RSBAC_JAIL_ACI_IPC_NAME,
05948                                           RSBAC_AUTO_DEV,
05949                                           1,
05950                                           rsbac_list_hash_ipc,
05951                                           NULL);
05952                 if (err) {
05953                         registration_error(err, "IPC JAIL");
05954                 }
05955         }
05956 #endif
05957 
05958         rsbac_kfree(list_info_p);
05959         return err;
05960 }
05961 
05962 #ifdef CONFIG_RSBAC_INIT_DELAY
05963 static int register_user_lists1(void)
05964 #else
05965 static int __init register_user_lists1(void)
05966 #endif
05967 {
05968         int err = 0;
05969         struct rsbac_list_info_t *list_info_p;
05970 
05971         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05972         if (!list_info_p) {
05973                 return -ENOMEM;
05974         }
05975         rsbac_pr_debug(ds, "registering USER lists\n");
05976         {
05977                 struct rsbac_gen_user_aci_t def_aci = DEFAULT_GEN_U_ACI;
05978 
05979                 list_info_p->version = RSBAC_GEN_USER_ACI_VERSION;
05980                 list_info_p->key = RSBAC_GEN_USER_ACI_KEY;
05981                 list_info_p->desc_size = sizeof(rsbac_uid_t);
05982                 list_info_p->data_size =
05983                     sizeof(struct rsbac_gen_user_aci_t);
05984                 list_info_p->max_age = 0;
05985                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
05986                                           &user_handles.gen, list_info_p,
05987 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05988                                           RSBAC_LIST_BACKUP |
05989 #endif
05990                                           RSBAC_LIST_PERSIST |
05991                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
05992                                           NULL, NULL,
05993                                           &def_aci,
05994                                           RSBAC_GEN_ACI_USER_NAME,
05995                                           RSBAC_AUTO_DEV,
05996                                           1,
05997                                           rsbac_list_hash_uid,
05998                                           NULL);
05999                 if (err) {
06000                         registration_error(err, "USER General");
06001                 }
06002         }
06003 #if defined(CONFIG_RSBAC_MAC)
06004         {
06005                 struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI;
06006 
06007                 list_info_p->version = RSBAC_MAC_USER_ACI_VERSION;
06008                 list_info_p->key = RSBAC_MAC_USER_ACI_KEY;
06009                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06010                 list_info_p->data_size =
06011                     sizeof(struct rsbac_mac_user_aci_t);
06012                 list_info_p->max_age = 0;
06013                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06014                                           &user_handles.mac, list_info_p,
06015 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06016                                           RSBAC_LIST_BACKUP |
06017 #endif
06018                                           RSBAC_LIST_PERSIST |
06019                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06020                                           NULL,
06021                                           mac_user_get_conv, &def_aci,
06022                                           RSBAC_MAC_ACI_USER_NAME,
06023                                           RSBAC_AUTO_DEV,
06024                                           1,
06025                                           rsbac_list_hash_uid,
06026                                           NULL);
06027                 if (err) {
06028                         registration_error(err, "USER MAC");
06029                 } else
06030                     if (!rsbac_no_defaults
06031                         && !rsbac_list_count(user_handles.mac)) {
06032                         struct rsbac_mac_user_aci_t sysadm_aci =
06033                             DEFAULT_MAC_U_SYSADM_ACI;
06034                         struct rsbac_mac_user_aci_t secoff_aci =
06035                             DEFAULT_MAC_U_SECOFF_ACI;
06036                         struct rsbac_mac_user_aci_t auditor_aci =
06037                             DEFAULT_MAC_U_AUDITOR_ACI;
06038                         rsbac_uid_t user;
06039 
06040                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n");
06041                         user = RSBAC_SYSADM_UID;
06042                         if (rsbac_list_add
06043                             (user_handles.mac, &user, &sysadm_aci))
06044                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER MAC entry could not be added!\n");
06045                         user = RSBAC_SECOFF_UID;
06046                         if (rsbac_list_add
06047                             (user_handles.mac, &user, &secoff_aci))
06048                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER MAC entry could not be added!\n");
06049                         user = RSBAC_AUDITOR_UID;
06050                         if (rsbac_list_add
06051                             (user_handles.mac, &user, &auditor_aci))
06052                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n");
06053                 }
06054         }
06055 #endif
06056 #if defined(CONFIG_RSBAC_PM)
06057         {
06058                 struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI;
06059 
06060                 list_info_p->version = RSBAC_PM_USER_ACI_VERSION;
06061                 list_info_p->key = RSBAC_PM_USER_ACI_KEY;
06062                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06063                 list_info_p->data_size =
06064                     sizeof(struct rsbac_pm_user_aci_t);
06065                 list_info_p->max_age = 0;
06066                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06067                                           &user_handles.pm, list_info_p,
06068 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06069                                           RSBAC_LIST_BACKUP |
06070 #endif
06071                                           RSBAC_LIST_PERSIST |
06072                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06073                                           NULL, NULL,
06074                                           &def_aci, RSBAC_PM_ACI_USER_NAME,
06075                                           RSBAC_AUTO_DEV,
06076                                           1,
06077                                           rsbac_list_hash_uid,
06078                                           NULL);
06079                 if (err) {
06080                         registration_error(err, "USER PM");
06081                 } else
06082                     if (!rsbac_no_defaults
06083                         && !rsbac_list_count(user_handles.pm)) {
06084                         struct rsbac_pm_user_aci_t sysadm_aci =
06085                             DEFAULT_PM_U_SYSADM_ACI;
06086                         struct rsbac_pm_user_aci_t secoff_aci =
06087                             DEFAULT_PM_U_SECOFF_ACI;
06088                         struct rsbac_pm_user_aci_t dataprot_aci =
06089                             DEFAULT_PM_U_DATAPROT_ACI;
06090                         struct rsbac_pm_user_aci_t tpman_aci =
06091                             DEFAULT_PM_U_TPMAN_ACI;
06092                         rsbac_uid_t user;
06093 
06094                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n");
06095                         user = RSBAC_SYSADM_UID;
06096                         if (rsbac_list_add
06097                             (user_handles.pm, &user, &sysadm_aci))
06098                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER PM entry could not be added!\n");
06099                         user = RSBAC_SECOFF_UID;
06100                         if (rsbac_list_add
06101                             (user_handles.pm, &user, &secoff_aci))
06102                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER PM entry could not be added!\n");
06103                         user = RSBAC_DATAPROT_UID;
06104                         if (rsbac_list_add
06105                             (user_handles.pm, &user, &dataprot_aci))
06106                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): DATAPROT USER PM entry could not be added!\n");
06107                         user = RSBAC_TPMAN_UID;
06108                         if (rsbac_list_add
06109                             (user_handles.pm, &user, &tpman_aci))
06110                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): TPMAN USER PM entry could not be added!\n");
06111                 }
06112         }
06113 #endif
06114 #if defined(CONFIG_RSBAC_DAZ)
06115         {
06116                 rsbac_system_role_int_t def_aci = SR_user;
06117 
06118                 list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION;
06119                 list_info_p->key = RSBAC_DAZ_USER_ACI_KEY;
06120                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06121                 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06122                 list_info_p->max_age = 0;
06123                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06124                                           &user_handles.daz, list_info_p,
06125 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06126                                           RSBAC_LIST_BACKUP |
06127 #endif
06128                                           RSBAC_LIST_PERSIST |
06129                                           RSBAC_LIST_DEF_DATA,
06130                                           NULL, NULL,
06131                                           &def_aci,
06132                                           RSBAC_DAZ_ACI_USER_NAME,
06133                                           RSBAC_AUTO_DEV);
06134                 if (err) {
06135                         registration_error(err, "USER DAZ");
06136                 } else
06137                     if (!rsbac_no_defaults
06138                         && !rsbac_list_count(user_handles.daz)) {
06139                         rsbac_uid_t user;
06140                         rsbac_system_role_int_t role;
06141 
06142                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n");
06143                         user = RSBAC_SYSADM_UID;
06144                         role = SR_administrator;
06145                         if (rsbac_list_add(user_handles.daz, &user, &role))
06146                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n");
06147                         user = RSBAC_SECOFF_UID;
06148                         role = SR_security_officer;
06149                         if (rsbac_list_add(user_handles.daz, &user, &role))
06150                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n");
06151                 }
06152         }
06153 #endif
06154 #if defined(CONFIG_RSBAC_FF)
06155         {
06156                 rsbac_system_role_int_t def_aci = SR_user;
06157 
06158                 list_info_p->version = RSBAC_FF_USER_ACI_VERSION;
06159                 list_info_p->key = RSBAC_FF_USER_ACI_KEY;
06160                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06161                 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06162                 list_info_p->max_age = 0;
06163                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06164                                           &user_handles.ff, list_info_p,
06165 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06166                                           RSBAC_LIST_BACKUP |
06167 #endif
06168                                           RSBAC_LIST_PERSIST |
06169                                           RSBAC_LIST_DEF_DATA,
06170                                           NULL, NULL,
06171                                           &def_aci, RSBAC_FF_ACI_USER_NAME,
06172                                           RSBAC_AUTO_DEV);
06173                 if (err) {
06174                         registration_error(err, "USER FF");
06175                 } else
06176                     if (!rsbac_no_defaults
06177                         && !rsbac_list_count(user_handles.ff)) {
06178                         rsbac_uid_t user;
06179                         rsbac_system_role_int_t role;
06180 
06181                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n");
06182                         user = RSBAC_SYSADM_UID;
06183                         role = SR_administrator;
06184                         if (rsbac_list_add(user_handles.ff, &user, &role))
06185                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER FF entry could not be added!\n");
06186                         user = RSBAC_SECOFF_UID;
06187                         role = SR_security_officer;
06188                         if (rsbac_list_add(user_handles.ff, &user, &role))
06189                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER FF entry could not be added!\n");
06190                         user = RSBAC_AUDITOR_UID;
06191                         role = SR_auditor;
06192                         if (rsbac_list_add(user_handles.ff, &user, &role))
06193                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER FF entry could not be added!\n");
06194                 }
06195         }
06196 #endif
06197 #if defined(CONFIG_RSBAC_CAP)
06198         {
06199                 struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI;
06200 
06201                 list_info_p->version = RSBAC_CAP_USER_ACI_VERSION;
06202                 list_info_p->key = RSBAC_CAP_USER_ACI_KEY;
06203                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06204                 list_info_p->data_size =
06205                     sizeof(struct rsbac_cap_user_aci_t);
06206                 list_info_p->max_age = 0;
06207                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06208                                           &user_handles.cap, list_info_p,
06209 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06210                                           RSBAC_LIST_BACKUP |
06211 #endif
06212                                           RSBAC_LIST_PERSIST |
06213                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06214                                           NULL, 
06215                                           cap_user_get_conv,
06216                                           &def_aci,
06217                                           RSBAC_CAP_ACI_USER_NAME,
06218                                           RSBAC_AUTO_DEV,
06219                                           1,
06220                                           rsbac_list_hash_uid,
06221                                           NULL);
06222                 if (err) {
06223                         registration_error(err, "USER CAP");
06224                 } else
06225                     if (!rsbac_no_defaults
06226                         && !rsbac_list_count(user_handles.cap)) {
06227                         struct rsbac_cap_user_aci_t sysadm_aci =
06228                             DEFAULT_CAP_U_SYSADM_ACI;
06229                         struct rsbac_cap_user_aci_t secoff_aci =
06230                             DEFAULT_CAP_U_SECOFF_ACI;
06231                         struct rsbac_cap_user_aci_t auditor_aci =
06232                             DEFAULT_CAP_U_AUDITOR_ACI;
06233                         rsbac_uid_t user;
06234 
06235                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06236                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06237                         user = RSBAC_SYSADM_UID;
06238                         if (rsbac_list_add
06239                             (user_handles.cap, &user, &sysadm_aci))
06240                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER CAP entry could not be added!\n");
06241                         user = RSBAC_SECOFF_UID;
06242                         if (rsbac_list_add
06243                             (user_handles.cap, &user, &secoff_aci))
06244                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER CAP entry could not be added!\n");
06245                         user = RSBAC_AUDITOR_UID;
06246                         if (rsbac_list_add
06247                             (user_handles.cap, &user, &auditor_aci))
06248                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n");
06249                 }
06250         }
06251 #endif
06252 
06253         rsbac_kfree(list_info_p);
06254         return err;
06255 }
06256 
06257 #ifdef CONFIG_RSBAC_INIT_DELAY
06258 static int register_user_lists2(void)
06259 #else
06260 static int __init register_user_lists2(void)
06261 #endif
06262 {
06263         int err = 0;
06264         struct rsbac_list_info_t *list_info_p;
06265 
06266         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06267         if (!list_info_p) {
06268                 return -ENOMEM;
06269         }
06270 
06271 #if defined(CONFIG_RSBAC_RC)
06272         {
06273                 struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI;
06274 
06275                 list_info_p->version = RSBAC_RC_USER_ACI_VERSION;
06276                 list_info_p->key = RSBAC_RC_USER_ACI_KEY;
06277                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06278                 list_info_p->data_size =
06279                     sizeof(struct rsbac_rc_user_aci_t);
06280                 list_info_p->max_age = 0;
06281                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06282                                           &user_handles.rc, list_info_p,
06283 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06284                                           RSBAC_LIST_BACKUP |
06285 #endif
06286                                           RSBAC_LIST_PERSIST |
06287                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06288                                           NULL,
06289                                           rc_user_get_conv, &def_aci,
06290                                           RSBAC_RC_ACI_USER_NAME,
06291                                           RSBAC_AUTO_DEV,
06292                                           1,
06293                                           rsbac_list_hash_uid,
06294                                           NULL);
06295                 if (err) {
06296                         registration_error(err, "USER RC");
06297                 } else
06298                     if (!rsbac_no_defaults
06299                         && !rsbac_list_count(user_handles.rc)) {
06300                         rsbac_uid_t user;
06301                         struct rsbac_rc_user_aci_t sysadm_aci =
06302                             DEFAULT_RC_U_SYSADM_ACI;
06303                         struct rsbac_rc_user_aci_t secoff_aci =
06304                             DEFAULT_RC_U_SECOFF_ACI;
06305                         struct rsbac_rc_user_aci_t auditor_aci =
06306                             DEFAULT_RC_U_AUDITOR_ACI;
06307 
06308                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n");
06309                         user = RSBAC_SYSADM_UID;
06310                         if (rsbac_list_add
06311                             (user_handles.rc, &user, &sysadm_aci))
06312                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER RC entry could not be added!\n");
06313                         user = RSBAC_SECOFF_UID;
06314                         if (rsbac_list_add
06315                             (user_handles.rc, &user, &secoff_aci))
06316                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER RC entry could not be added!\n");
06317                         user = RSBAC_AUDITOR_UID;
06318                         if (rsbac_list_add
06319                             (user_handles.rc, &user, &auditor_aci))
06320                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER RC entry could not be added!\n");
06321                 }
06322         }
06323 #endif
06324 #if defined(CONFIG_RSBAC_AUTH)
06325         {
06326                 rsbac_system_role_int_t def_aci = SR_user;
06327 
06328                 list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION;
06329                 list_info_p->key = RSBAC_AUTH_USER_ACI_KEY;
06330                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06331                 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06332                 list_info_p->max_age = 0;
06333                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06334                                           &user_handles.auth, list_info_p,
06335 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06336                                           RSBAC_LIST_BACKUP |
06337 #endif
06338                                           RSBAC_LIST_PERSIST |
06339                                           RSBAC_LIST_DEF_DATA,
06340                                           NULL, NULL,
06341                                           &def_aci,
06342                                           RSBAC_AUTH_ACI_USER_NAME,
06343                                           RSBAC_AUTO_DEV);
06344                 if (err) {
06345                         registration_error(err, "USER AUTH");
06346                 } else
06347                     if (!rsbac_no_defaults
06348                         && !rsbac_list_count(user_handles.auth)) {
06349                         rsbac_uid_t user;
06350                         rsbac_system_role_int_t role;
06351 
06352                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n");
06353                         user = RSBAC_SYSADM_UID;
06354                         role = SR_administrator;
06355                         if (rsbac_list_add
06356                             (user_handles.auth, &user, &role))
06357                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n");
06358                         user = RSBAC_SECOFF_UID;
06359                         role = SR_security_officer;
06360                         if (rsbac_list_add
06361                             (user_handles.auth, &user, &role))
06362                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n");
06363                         user = RSBAC_AUDITOR_UID;
06364                         role = SR_auditor;
06365                         if (rsbac_list_add
06366                             (user_handles.auth, &user, &role))
06367                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n");
06368                 }
06369         }
06370 #endif                          /* AUTH */
06371 #if defined(CONFIG_RSBAC_JAIL)
06372         {
06373                 rsbac_system_role_int_t def_aci = SR_user;
06374 
06375                 list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION;
06376                 list_info_p->key = RSBAC_JAIL_USER_ACI_KEY;
06377                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06378                 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06379                 list_info_p->max_age = 0;
06380                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06381                                           &user_handles.jail, list_info_p,
06382 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06383                                           RSBAC_LIST_BACKUP |
06384 #endif
06385                                           RSBAC_LIST_PERSIST |
06386                                           RSBAC_LIST_DEF_DATA,
06387                                           NULL, NULL,
06388                                           &def_aci,
06389                                           RSBAC_JAIL_ACI_USER_NAME,
06390                                           RSBAC_AUTO_DEV);
06391                 if (err) {
06392                         registration_error(err, "USER JAIL");
06393                 } else
06394                     if (!rsbac_no_defaults
06395                         && !rsbac_list_count(user_handles.jail)) {
06396                         rsbac_uid_t user;
06397                         rsbac_system_role_int_t role;
06398 
06399                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n");
06400                         user = RSBAC_SYSADM_UID;
06401                         role = SR_administrator;
06402                         if (rsbac_list_add
06403                             (user_handles.jail, &user, &role))
06404                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n");
06405                         user = RSBAC_SECOFF_UID;
06406                         role = SR_security_officer;
06407                         if (rsbac_list_add
06408                             (user_handles.jail, &user, &role))
06409                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n");
06410                 }
06411         }
06412 #endif
06413 #if defined(CONFIG_RSBAC_RES)
06414         {
06415                 list_info_p->version = RSBAC_RES_USER_ACI_VERSION;
06416                 list_info_p->key = RSBAC_RES_USER_ACI_KEY;
06417                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06418                 list_info_p->data_size =
06419                     sizeof(struct rsbac_res_user_aci_t);
06420                 list_info_p->max_age = 0;
06421                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06422                                           &user_handles.res, list_info_p,
06423 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06424                                           RSBAC_LIST_BACKUP |
06425 #endif
06426                                           RSBAC_LIST_PERSIST,
06427                                           NULL,
06428                                           NULL,
06429                                           NULL,
06430                                           RSBAC_RES_ACI_USER_NAME,
06431                                           RSBAC_AUTO_DEV);
06432                 if (err) {
06433                         registration_error(err, "USER RES");
06434                 } else
06435                     if (!rsbac_no_defaults
06436                         && !rsbac_list_count(user_handles.res)) {
06437                         struct rsbac_res_user_aci_t sysadm_aci =
06438                             DEFAULT_RES_U_SYSADM_ACI;
06439                         struct rsbac_res_user_aci_t secoff_aci =
06440                             DEFAULT_RES_U_SECOFF_ACI;
06441                         rsbac_uid_t user;
06442 
06443                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06444                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06445                         user = RSBAC_SYSADM_UID;
06446                         if (rsbac_list_add
06447                             (user_handles.res, &user, &sysadm_aci))
06448                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER RES entry could not be added!\n");
06449                         user = RSBAC_SECOFF_UID;
06450                         if (rsbac_list_add
06451                             (user_handles.res, &user, &secoff_aci))
06452                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER RES entry could not be added!\n");
06453                 }
06454         }
06455 #endif
06456 #if defined(CONFIG_RSBAC_PAX)
06457         {
06458                 rsbac_system_role_int_t def_aci = SR_user;
06459 
06460                 list_info_p->version = RSBAC_PAX_USER_ACI_VERSION;
06461                 list_info_p->key = RSBAC_PAX_USER_ACI_KEY;
06462                 list_info_p->desc_size = sizeof(rsbac_uid_t);
06463                 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06464                 list_info_p->max_age = 0;
06465                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06466                                           &user_handles.pax, list_info_p,
06467 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06468                                           RSBAC_LIST_BACKUP |
06469 #endif
06470                                           RSBAC_LIST_PERSIST |
06471                                           RSBAC_LIST_DEF_DATA,
06472                                           NULL, NULL,
06473                                           &def_aci,
06474                                           RSBAC_PAX_ACI_USER_NAME,
06475                                           RSBAC_AUTO_DEV);
06476                 if (err) {
06477                         registration_error(err, "USER PAX");
06478                 } else
06479                     if (!rsbac_no_defaults
06480                         && !rsbac_list_count(user_handles.pax)) {
06481                         rsbac_uid_t user;
06482                         rsbac_system_role_int_t role;
06483 
06484                         rsbac_printk(KERN_WARNING "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n");
06485                         user = RSBAC_SYSADM_UID;
06486                         role = SR_administrator;
06487                         if (rsbac_list_add(user_handles.pax, &user, &role))
06488                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER PAX entry could not be added!\n");
06489                         user = RSBAC_SECOFF_UID;
06490                         role = SR_security_officer;
06491                         if (rsbac_list_add(user_handles.pax, &user, &role))
06492                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER PAX entry could not be added!\n");
06493                 }
06494         }
06495 #endif
06496 
06497         rsbac_kfree(list_info_p);
06498         return err;
06499 }
06500 
06501 #ifdef CONFIG_RSBAC_INIT_DELAY
06502 static int register_process_lists(void)
06503 #else
06504 static int __init register_process_lists(void)
06505 #endif
06506 {
06507         int err = 0;
06508         struct rsbac_list_info_t *list_info_p;
06509 
06510         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06511         if (!list_info_p) {
06512                 return -ENOMEM;
06513         }
06514         rsbac_pr_debug(ds, "registering PROCESS lists\n");
06515         {
06516                 struct rsbac_gen_process_aci_t def_aci = DEFAULT_GEN_P_ACI;
06517 
06518                 list_info_p->version = RSBAC_GEN_PROCESS_ACI_VERSION;
06519                 list_info_p->key = RSBAC_GEN_PROCESS_ACI_KEY;
06520                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06521                 list_info_p->data_size =
06522                     sizeof(struct rsbac_gen_process_aci_t);
06523                 list_info_p->max_age = 0;
06524                 gen_nr_p_hashes = CONFIG_RSBAC_GEN_NR_P_LISTS;
06525                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06526                                                 &process_handles.gen,
06527                                                 list_info_p,
06528                                                 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06529                                                 NULL,
06530                                                 NULL, &def_aci,
06531                                                 RSBAC_GEN_ACI_PROCESS_NAME,
06532                                                 RSBAC_AUTO_DEV,
06533                                                 gen_nr_p_hashes,
06534                                                 (gen_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06535                                                 NULL);
06536                 if (err) {
06537                         registration_error(err, "PROCESS GEN");
06538                 }
06539         }
06540 #if defined(CONFIG_RSBAC_MAC)
06541         {
06542                 struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI;
06543 
06544                 list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION;
06545                 list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY;
06546                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06547                 list_info_p->data_size =
06548                     sizeof(struct rsbac_mac_process_aci_t);
06549                 list_info_p->max_age = 0;
06550                 mac_nr_p_hashes = CONFIG_RSBAC_MAC_NR_P_LISTS;
06551                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06552                                                 &process_handles.mac,
06553                                                 list_info_p,
06554                                                 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06555                                                 NULL,
06556                                                 NULL, &def_aci,
06557                                                 RSBAC_MAC_ACI_PROCESS_NAME,
06558                                                 RSBAC_AUTO_DEV,
06559                                                 mac_nr_p_hashes,
06560                                                 (mac_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06561                                                 NULL);
06562                 if (err) {
06563                         registration_error(err, "PROCESS MAC");
06564                 }
06565         }
06566 #endif
06567 #if defined(CONFIG_RSBAC_PM)
06568         {
06569                 struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI;
06570 
06571                 list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION;
06572                 list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY;
06573                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06574                 list_info_p->data_size =
06575                     sizeof(struct rsbac_pm_process_aci_t);
06576                 list_info_p->max_age = 0;
06577                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06578                                           &process_handles.pm,
06579                                           list_info_p,
06580                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06581                                           NULL,
06582                                           NULL,
06583                                           &def_aci,
06584                                           RSBAC_PM_ACI_PROCESS_NAME,
06585                                           RSBAC_AUTO_DEV,
06586                                           1,
06587                                           rsbac_list_hash_pid,
06588                                           NULL);
06589                 if (err) {
06590                         registration_error(err, "PROCESS PM");
06591                 }
06592         }
06593 #endif
06594 #if defined(CONFIG_RSBAC_DAZ)
06595         {
06596                 struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI;
06597 
06598                 list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION;
06599                 list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY;
06600                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06601                 list_info_p->data_size =
06602                     sizeof(struct rsbac_daz_process_aci_t);
06603                 list_info_p->max_age = 0;
06604                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06605                                           &process_handles.daz,
06606                                           list_info_p,
06607                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06608                                           NULL,
06609                                           NULL,
06610                                           &def_aci,
06611                                           RSBAC_DAZ_ACI_PROCESS_NAME,
06612                                           RSBAC_AUTO_DEV,
06613                                           1,
06614                                           rsbac_list_hash_pid,
06615                                           NULL);
06616                 if (err) {
06617                         registration_error(err, "PROCESS DAZ");
06618                 }
06619         }
06620 #endif
06621 #if defined(CONFIG_RSBAC_RC)
06622         {
06623                 struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI;
06624 
06625                 list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION;
06626                 list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY;
06627                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06628                 list_info_p->data_size =
06629                     sizeof(struct rsbac_rc_process_aci_t);
06630                 list_info_p->max_age = 0;
06631                 rc_nr_p_hashes = CONFIG_RSBAC_RC_NR_P_LISTS;
06632                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06633                                                 &process_handles.rc,
06634                                                 list_info_p,
06635                                                 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06636                                                 NULL,
06637                                                 NULL, &def_aci,
06638                                                 RSBAC_RC_ACI_PROCESS_NAME,
06639                                                 RSBAC_AUTO_DEV,
06640                                                 rc_nr_p_hashes,
06641                                                 (rc_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06642                                                 NULL);
06643                 if (err) {
06644                         registration_error(err, "PROCESS RC");
06645                 }
06646         }
06647 #endif
06648 #if defined(CONFIG_RSBAC_AUTH)
06649         {
06650                 struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI;
06651 
06652                 list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION;
06653                 list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY;
06654                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06655                 list_info_p->data_size =
06656                     sizeof(struct rsbac_auth_process_aci_t);
06657                 list_info_p->max_age = 0;
06658                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06659                                           &process_handles.auth,
06660                                           list_info_p,
06661                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06662                                           NULL,
06663                                           NULL,
06664                                           &def_aci,
06665                                           RSBAC_AUTH_ACI_PROCESS_NAME,
06666                                           RSBAC_AUTO_DEV,
06667 #if defined(CONFIG_RSBAC_AUTH_LEARN)
06668                                           RSBAC_LIST_MIN_MAX_HASHES,
06669                                           rsbac_list_hash_pid,
06670 #else
06671                                           1,
06672                                           NULL,
06673 #endif
06674                                           NULL);
06675                 if (err) {
06676                         registration_error(err, "PROCESS AUTH");
06677                 }
06678         }
06679 #endif
06680 #if defined(CONFIG_RSBAC_CAP)
06681         {
06682                 struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI;
06683 
06684 #if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
06685                 if (rsbac_cap_process_hiding)
06686                         def_aci.cap_process_hiding = PH_from_other_users;
06687 #endif
06688                 list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION;
06689                 list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY;
06690                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06691                 list_info_p->data_size =
06692                     sizeof(struct rsbac_cap_process_aci_t);
06693                 list_info_p->max_age = 0;
06694                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06695                                           &process_handles.cap,
06696                                           list_info_p,
06697                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06698                                           NULL,
06699                                           NULL,
06700                                           &def_aci,
06701                                           RSBAC_CAP_ACI_PROCESS_NAME,
06702                                           RSBAC_AUTO_DEV,
06703                                           1,
06704                                           rsbac_list_hash_pid,
06705                                           NULL);
06706                 if (err) {
06707                         registration_error(err, "PROCESS CAP");
06708                 }
06709         }
06710 #endif
06711 #if defined(CONFIG_RSBAC_JAIL)
06712         {
06713                 struct rsbac_jail_process_aci_t def_aci =
06714                     DEFAULT_JAIL_P_ACI;
06715 
06716                 list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION;
06717                 list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY;
06718                 list_info_p->desc_size = sizeof(rsbac_pid_t);
06719                 list_info_p->data_size =
06720                     sizeof(struct rsbac_jail_process_aci_t);
06721                 list_info_p->max_age = 0;
06722                 jail_nr_p_hashes = CONFIG_RSBAC_JAIL_NR_P_LISTS;
06723                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06724                                                 &process_handles.jail,
06725                                                 list_info_p,
06726                                                 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06727                                                 NULL,
06728                                                 NULL, &def_aci,
06729                                                 RSBAC_JAIL_ACI_PROCESS_NAME,
06730                                                 RSBAC_AUTO_DEV,
06731                                                 jail_nr_p_hashes,
06732                                                 (jail_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL,
06733                                                 NULL);
06734                 if (err) {
06735                         registration_error(err, "PROCESS JAIL");
06736                 }
06737         }
06738 #endif
06739 
06740         rsbac_kfree(list_info_p);
06741         return err;
06742 }
06743 
06744 #ifdef CONFIG_RSBAC_UM
06745 #ifdef CONFIG_RSBAC_INIT_DELAY
06746 static int register_group_lists(void)
06747 #else
06748 static int __init register_group_lists(void)
06749 #endif
06750 {
06751         int err = 0;
06752         struct rsbac_list_info_t *list_info_p;
06753 
06754         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06755         if (!list_info_p) {
06756                 return -ENOMEM;
06757         }
06758         rsbac_pr_debug(ds, "registering GROUP lists\n");
06759 #if defined(CONFIG_RSBAC_RC_UM_PROT)
06760         {
06761                 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06762 
06763                 list_info_p->version = RSBAC_RC_GROUP_ACI_VERSION;
06764                 list_info_p->key = RSBAC_RC_GROUP_ACI_KEY;
06765                 list_info_p->desc_size = sizeof(rsbac_gid_t);
06766                 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06767                 list_info_p->max_age = 0;
06768                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06769                                           &group_handles.rc, list_info_p,
06770 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06771                                           RSBAC_LIST_BACKUP |
06772 #endif
06773                                           RSBAC_LIST_PERSIST |
06774                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06775                                           NULL, NULL,
06776                                           &def_aci,
06777                                           RSBAC_RC_ACI_GROUP_NAME,
06778                                           RSBAC_AUTO_DEV,
06779                                           1,
06780                                           rsbac_list_hash_gid,
06781                                           NULL);
06782                 if (err) {
06783                         registration_error(err, "GROUP RC");
06784                 }
06785         }
06786 #endif
06787 
06788         rsbac_kfree(list_info_p);
06789         return err;
06790 }
06791 #endif                          /* UM */
06792 
06793 #ifdef CONFIG_RSBAC_NET_DEV
06794 #ifdef CONFIG_RSBAC_INIT_DELAY
06795 static int register_netdev_lists(void)
06796 #else
06797 static int __init register_netdev_lists(void)
06798 #endif
06799 {
06800         int err = 0;
06801         struct rsbac_list_info_t *list_info_p;
06802 
06803         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06804         if (!list_info_p) {
06805                 return -ENOMEM;
06806         }
06807         rsbac_pr_debug(ds, "registering NETDEV lists\n");
06808 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
06809         {
06810                 struct rsbac_gen_netdev_aci_t def_aci =
06811                     DEFAULT_GEN_NETDEV_ACI;
06812 
06813                 list_info_p->version = RSBAC_GEN_NETDEV_ACI_VERSION;
06814                 list_info_p->key = RSBAC_GEN_NETDEV_ACI_KEY;
06815                 list_info_p->desc_size = sizeof(rsbac_netdev_id_t);
06816                 list_info_p->data_size =
06817                     sizeof(struct rsbac_gen_netdev_aci_t);
06818                 list_info_p->max_age = 0;
06819                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06820                                           &netdev_handles.gen,
06821                                           list_info_p,
06822                                           RSBAC_LIST_BACKUP |
06823                                           RSBAC_LIST_PERSIST |
06824                                           RSBAC_LIST_DEF_DATA,
06825                                           netdev_compare, NULL, &def_aci,
06826                                           RSBAC_GEN_ACI_NETDEV_NAME,
06827                                           RSBAC_AUTO_DEV);
06828                 if (err) {
06829                         registration_error(err, "NETDEV General");
06830                 }
06831         }
06832 #endif
06833 #if defined(CONFIG_RSBAC_RC)
06834         {
06835                 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06836 
06837                 list_info_p->version = RSBAC_RC_NETDEV_ACI_VERSION;
06838                 list_info_p->key = RSBAC_RC_NETDEV_ACI_KEY;
06839                 list_info_p->desc_size = sizeof(rsbac_netdev_id_t);
06840                 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06841                 list_info_p->max_age = 0;
06842                 err = rsbac_list_register(RSBAC_LIST_VERSION,
06843                                           &netdev_handles.rc,
06844                                           list_info_p,
06845                                           RSBAC_LIST_BACKUP |
06846                                           RSBAC_LIST_PERSIST |
06847                                           RSBAC_LIST_DEF_DATA,
06848                                           netdev_compare, NULL, &def_aci,
06849                                           RSBAC_RC_ACI_NETDEV_NAME,
06850                                           RSBAC_AUTO_DEV);
06851                 if (err) {
06852                         registration_error(err, "NETDEV RC");
06853                 }
06854         }
06855 #endif
06856 
06857         rsbac_kfree(list_info_p);
06858         return err;
06859 }
06860 #endif                          /* NET_DEV */
06861 
06862 #ifdef CONFIG_RSBAC_NET_OBJ
06863 #ifdef CONFIG_RSBAC_INIT_DELAY
06864 static void fill_default_nettemp(void)
06865 #else
06866 static void __init fill_default_nettemp(void)
06867 #endif
06868 {
06869         rsbac_net_temp_id_t id;
06870         struct rsbac_net_temp_data_t data;
06871 
06872         id = RSBAC_NET_TEMP_LNET_ID;
06873         memset(&data, 0, sizeof(data));
06874         data.address_family = AF_INET;
06875         data.type = RSBAC_NET_ANY;
06876         data.protocol = RSBAC_NET_ANY;
06877         strcpy(data.name, "Localnet");
06878         data.address.inet.nr_addr = 1;
06879         data.address.inet.valid_bits[0] = 8;
06880         rsbac_net_str_to_inet(RSBAC_NET_TEMP_LNET_ADDRESS,
06881                               &data.address.inet.addr[0]);
06882         data.ports.nr_ports = 0;
06883         rsbac_list_add(net_temp_handle, &id, &data);
06884 
06885         id = RSBAC_NET_TEMP_LAN_ID;
06886         memset(&data, 0, sizeof(data));
06887         data.address_family = AF_INET;
06888         data.type = RSBAC_NET_ANY;
06889         data.protocol = RSBAC_NET_ANY;
06890         strcpy(data.name, "Internal LAN");
06891         data.address.inet.nr_addr = 1;
06892         data.address.inet.valid_bits[0] = 16;
06893         rsbac_net_str_to_inet(RSBAC_NET_TEMP_LAN_ADDRESS,
06894                               &data.address.inet.addr[0]);
06895         data.ports.nr_ports = 0;
06896         rsbac_list_add(net_temp_handle, &id, &data);
06897 
06898         id = RSBAC_NET_TEMP_AUTO_ID;
06899         memset(&data, 0, sizeof(data));
06900         data.address_family = AF_INET;
06901         data.type = RSBAC_NET_ANY;
06902         data.protocol = RSBAC_NET_ANY;
06903         strcpy(data.name, "Auto-IPv4");
06904         data.address.inet.nr_addr = 1;
06905         data.address.inet.valid_bits[0] = 32;
06906         data.ports.nr_ports = 0;
06907         rsbac_list_add(net_temp_handle, &id, &data);
06908 
06909         id = RSBAC_NET_TEMP_INET_ID;
06910         memset(&data, 0, sizeof(data));
06911         data.address_family = AF_INET;
06912         data.type = RSBAC_NET_ANY;
06913         data.protocol = RSBAC_NET_ANY;
06914         strcpy(data.name, "AF_INET");
06915         data.address.inet.nr_addr = 1;
06916         data.address.inet.valid_bits[0] = 0;
06917         data.ports.nr_ports = 0;
06918         rsbac_list_add(net_temp_handle, &id, &data);
06919 
06920         id = RSBAC_NET_TEMP_INET_ID;
06921         memset(&data, 0, sizeof(data));
06922         data.address_family = RSBAC_NET_ANY;
06923         data.type = RSBAC_NET_ANY;
06924         data.protocol = RSBAC_NET_ANY;
06925         strcpy(data.name, "ALL");
06926         data.ports.nr_ports = 0;
06927         rsbac_list_add(net_temp_handle, &id, &data);
06928 }
06929 
06930 #ifdef CONFIG_RSBAC_INIT_DELAY
06931 static int register_nettemp_list(void)
06932 #else
06933 static int __init register_nettemp_list(void)
06934 #endif
06935 {
06936         int err = 0;
06937         struct rsbac_list_info_t *list_info_p;
06938 
06939         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06940         if (!list_info_p) {
06941                 return -ENOMEM;
06942         }
06943         rsbac_pr_debug(ds, "registering network template list\n");
06944         list_info_p->version = RSBAC_NET_TEMP_VERSION;
06945         list_info_p->key = RSBAC_NET_TEMP_KEY;
06946         list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06947         list_info_p->data_size = sizeof(struct rsbac_net_temp_data_t);
06948         list_info_p->max_age = 0;
06949         err = rsbac_list_register(RSBAC_LIST_VERSION,
06950                                   &net_temp_handle,
06951                                   list_info_p,
06952                                   RSBAC_LIST_BACKUP |
06953                                   RSBAC_LIST_PERSIST,
06954                                   rsbac_list_compare_u32,
06955                                   net_temp_get_conv,
06956                                   NULL,
06957                                   RSBAC_NET_TEMP_NAME,
06958                                   RSBAC_AUTO_DEV);
06959         if (err) {
06960                 registration_error(err, "Network Template");
06961         } else
06962             if (!rsbac_no_defaults && !rsbac_list_count(net_temp_handle)) {
06963                 rsbac_printk(KERN_WARNING "rsbac_do_init(): Network Templates could not be read - generating standard entries!\n");
06964                 fill_default_nettemp();
06965         }
06966         rsbac_kfree(list_info_p);
06967         return err;
06968 }
06969 
06970 #ifdef CONFIG_RSBAC_INIT_DELAY
06971 static int register_nettemp_aci_lists(void)
06972 #else
06973 static int __init register_nettemp_aci_lists(void)
06974 #endif
06975 {
06976         int err = 0;
06977         struct rsbac_list_info_t *list_info_p;
06978 
06979         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06980         if (!list_info_p) {
06981                 return -ENOMEM;
06982         }
06983         rsbac_pr_debug(ds, "registering NETTEMP lists\n");
06984 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
06985         {
06986                 list_info_p->version = RSBAC_GEN_NETOBJ_ACI_VERSION;
06987                 list_info_p->key = RSBAC_GEN_NETOBJ_ACI_KEY;
06988                 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06989                 list_info_p->data_size =
06990                     sizeof(struct rsbac_gen_netobj_aci_t);
06991                 list_info_p->max_age = 0;
06992                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
06993                                           &nettemp_handles.gen,
06994                                           list_info_p,
06995                                           RSBAC_LIST_BACKUP |
06996                                           RSBAC_LIST_PERSIST |
06997                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
06998                                           NULL, NULL,
06999                                           &def_gen_netobj_aci,
07000                                           RSBAC_GEN_ACI_NETTEMP_NAME,
07001                                           RSBAC_AUTO_DEV,
07002                                           1,
07003                                           rsbac_list_hash_nettemp,
07004                                           NULL);
07005                 if (err) {
07006                         registration_error(err, "NETTEMP GEN");
07007                 }
07008         }
07009 #endif
07010 #if defined(CONFIG_RSBAC_MAC)
07011         {
07012                 struct rsbac_mac_netobj_aci_t def_aci =
07013                     DEFAULT_MAC_NETOBJ_ACI;
07014 
07015                 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
07016                 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
07017                 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
07018                 list_info_p->data_size =
07019                     sizeof(struct rsbac_mac_netobj_aci_t);
07020                 list_info_p->max_age = 0;
07021                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07022                                           &nettemp_handles.mac,
07023                                           list_info_p,
07024                                           RSBAC_LIST_BACKUP |
07025                                           RSBAC_LIST_PERSIST |
07026                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
07027                                           NULL, NULL,
07028                                           &def_aci,
07029                                           RSBAC_MAC_ACI_NETTEMP_NAME,
07030                                           RSBAC_AUTO_DEV,
07031                                           1,
07032                                           rsbac_list_hash_nettemp,
07033                                           NULL);
07034                 if (err) {
07035                         registration_error(err, "NETTEMP MAC");
07036                 }
07037         }
07038 #endif
07039 #if defined(CONFIG_RSBAC_PM)
07040         {
07041                 struct rsbac_pm_netobj_aci_t def_aci =
07042                     DEFAULT_PM_NETOBJ_ACI;
07043 
07044                 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
07045                 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
07046                 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
07047                 list_info_p->data_size =
07048                     sizeof(struct rsbac_pm_netobj_aci_t);
07049                 list_info_p->max_age = 0;
07050                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07051                                           &nettemp_handles.pm,
07052                                           list_info_p,
07053                                           RSBAC_LIST_BACKUP |
07054                                           RSBAC_LIST_PERSIST |
07055                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
07056                                           NULL, NULL,
07057                                           &def_aci,
07058                                           RSBAC_PM_ACI_NETTEMP_NAME,
07059                                           RSBAC_AUTO_DEV,
07060                                           1,
07061                                           rsbac_list_hash_nettemp,
07062                                           NULL);
07063                 if (err) {
07064                         registration_error(err, "NETTEMP PM");
07065                 }
07066         }
07067 #endif
07068 #if defined(CONFIG_RSBAC_RC)
07069         {
07070                 struct rsbac_rc_nettemp_aci_t def_aci =
07071                     DEFAULT_RC_NETTEMP_ACI;
07072 
07073                 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
07074                 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
07075                 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
07076                 list_info_p->data_size =
07077                     sizeof(struct rsbac_rc_nettemp_aci_t);
07078                 list_info_p->max_age = 0;
07079                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07080                                           &nettemp_handles.rc,
07081                                           list_info_p,
07082                                           RSBAC_LIST_BACKUP |
07083                                           RSBAC_LIST_PERSIST |
07084                                           RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE,
07085                                           NULL, NULL,
07086                                           &def_aci,
07087                                           RSBAC_RC_ACI_NETTEMP_NAME,
07088                                           RSBAC_AUTO_DEV,
07089                                           1,
07090                                           rsbac_list_hash_nettemp,
07091                                           NULL);
07092                 if (err) {
07093                         registration_error(err, "NETTEMP RC");
07094                 }
07095         }
07096 #endif
07097 
07098         rsbac_kfree(list_info_p);
07099         return err;
07100 }
07101 
07102 #ifdef CONFIG_RSBAC_INIT_DELAY
07103 static int register_netobj_lists(void)
07104 #else
07105 static int __init register_netobj_lists(void)
07106 #endif
07107 {
07108         int err = 0;
07109         struct rsbac_list_info_t *list_info_p;
07110 
07111         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07112         if (!list_info_p) {
07113                 return -ENOMEM;
07114         }
07115         rsbac_pr_debug(ds, "registering local NETOBJ lists\n");
07116 #if defined(CONFIG_RSBAC_MAC)
07117         {
07118                 struct rsbac_mac_netobj_aci_t def_aci =
07119                     DEFAULT_MAC_NETOBJ_ACI;
07120 
07121                 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
07122                 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
07123                 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07124                 list_info_p->data_size =
07125                     sizeof(struct rsbac_mac_netobj_aci_t);
07126                 list_info_p->max_age = 0;
07127                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07128                                           &lnetobj_handles.mac,
07129                                           list_info_p,
07130                                           RSBAC_LIST_AUTO_HASH_RESIZE,
07131                                           NULL,
07132                                           NULL,
07133                                           &def_aci,
07134                                           RSBAC_MAC_ACI_LNETOBJ_NAME,
07135                                           RSBAC_AUTO_DEV,
07136                                           1,
07137                                           rsbac_list_hash_netobj,
07138                                           NULL);
07139                 if (err) {
07140                         registration_error(err, "LNETOBJ MAC");
07141                 }
07142         }
07143 #endif
07144 #if defined(CONFIG_RSBAC_PM)
07145         {
07146                 struct rsbac_pm_netobj_aci_t def_aci =
07147                     DEFAULT_PM_NETOBJ_ACI;
07148 
07149                 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
07150                 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
07151                 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07152                 list_info_p->data_size =
07153                     sizeof(struct rsbac_pm_netobj_aci_t);
07154                 list_info_p->max_age = 0;
07155                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07156                                           &lnetobj_handles.pm,
07157                                           list_info_p,
07158                                           RSBAC_LIST_AUTO_HASH_RESIZE,
07159                                           NULL,
07160                                           NULL,
07161                                           &def_aci,
07162                                           RSBAC_PM_ACI_LNETOBJ_NAME,
07163                                           RSBAC_AUTO_DEV,
07164                                           1,
07165                                           rsbac_list_hash_netobj,
07166                                           NULL);
07167                 if (err) {
07168                         registration_error(err, "LNETOBJ PM");
07169                 }
07170         }
07171 #endif
07172 #if defined(CONFIG_RSBAC_RC)
07173         {
07174                 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
07175 
07176                 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
07177                 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
07178                 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07179                 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
07180                 list_info_p->max_age = 0;
07181                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07182                                           &lnetobj_handles.rc,
07183                                           list_info_p,
07184                                           RSBAC_LIST_AUTO_HASH_RESIZE,
07185                                           NULL,
07186                                           NULL,
07187                                           &def_aci,
07188                                           RSBAC_RC_ACI_LNETOBJ_NAME,
07189                                           RSBAC_AUTO_DEV,
07190                                           1,
07191                                           rsbac_list_hash_netobj,
07192                                           NULL);
07193                 if (err) {
07194                         registration_error(err, "LNETOBJ RC");
07195                 }
07196         }
07197 #endif
07198         rsbac_pr_debug(ds, "registering remote NETOBJ lists\n");
07199 #if defined(CONFIG_RSBAC_MAC)
07200         {
07201                 struct rsbac_mac_netobj_aci_t def_aci =
07202                     DEFAULT_MAC_NETOBJ_ACI;
07203 
07204                 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
07205                 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
07206                 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07207                 list_info_p->data_size =
07208                     sizeof(struct rsbac_mac_netobj_aci_t);
07209                 list_info_p->max_age = 0;
07210                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07211                                           &rnetobj_handles.mac,
07212                                           list_info_p,
07213                                           RSBAC_LIST_AUTO_HASH_RESIZE,
07214                                           NULL,
07215                                           NULL,
07216                                           &def_aci,
07217                                           RSBAC_MAC_ACI_RNETOBJ_NAME,
07218                                           RSBAC_AUTO_DEV,
07219                                           1,
07220                                           rsbac_list_hash_netobj,
07221                                           NULL);
07222                 if (err) {
07223                         registration_error(err, "RNETOBJ MAC");
07224                 }
07225         }
07226 #endif
07227 #if defined(CONFIG_RSBAC_PM)
07228         {
07229                 struct rsbac_pm_netobj_aci_t def_aci =
07230                     DEFAULT_PM_NETOBJ_ACI;
07231 
07232                 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
07233                 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
07234                 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07235                 list_info_p->data_size =
07236                     sizeof(struct rsbac_pm_netobj_aci_t);
07237                 list_info_p->max_age = 0;
07238                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07239                                           &rnetobj_handles.pm,
07240                                           list_info_p,
07241                                           RSBAC_LIST_AUTO_HASH_RESIZE,
07242                                           NULL,
07243                                           NULL,
07244                                           &def_aci,
07245                                           RSBAC_PM_ACI_RNETOBJ_NAME,
07246                                           RSBAC_AUTO_DEV,
07247                                           1,
07248                                           rsbac_list_hash_netobj,
07249                                           NULL);
07250                 if (err) {
07251                         registration_error(err, "RNETOBJ PM");
07252                 }
07253         }
07254 #endif
07255 #if defined(CONFIG_RSBAC_RC)
07256         {
07257                 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
07258 
07259                 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
07260                 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
07261                 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07262                 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
07263                 list_info_p->max_age = 0;
07264                 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION,
07265                                           &rnetobj_handles.rc,
07266                                           list_info_p,
07267                                           RSBAC_LIST_AUTO_HASH_RESIZE,
07268                                           NULL,
07269                                           NULL,
07270                                           &def_aci,
07271                                           RSBAC_RC_ACI_RNETOBJ_NAME,
07272                                           RSBAC_AUTO_DEV,
07273                                           1,
07274                                           rsbac_list_hash_netobj,
07275                                           NULL);
07276                 if (err) {
07277                         registration_error(err, "RNETOBJ RC");
07278                 }
07279         }
07280 #endif
07281 
07282         rsbac_kfree(list_info_p);
07283         return err;
07284 }
07285 #endif                          /* NET_OBJ */
07286 
07287 #ifdef CONFIG_RSBAC_INIT_DELAY
07288 static int rsbac_do_init(void)
07289 #else
07290 static int __init rsbac_do_init(void)
07291 #endif
07292 {
07293         int err = 0;
07294         struct rsbac_device_list_item_t *device_p;
07295         struct rsbac_device_list_item_t *new_device_p;
07296         struct rsbac_list_info_t *list_info_p;
07297         struct super_block *sb_p;
07298         u_int i;
07299 
07300         rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space());
07301         list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07302         if (!list_info_p) {
07303                 return -ENOMEM;
07304         }
07305         compiled_modules[0] = (char) 0;
07306 #ifdef CONFIG_RSBAC_REG
07307         strcat(compiled_modules, " REG");
07308 #endif
07309 #ifdef CONFIG_RSBAC_MAC
07310 #ifdef CONFIG_RSBAC_MAC_LIGHT
07311         strcat(compiled_modules, " MAC-L");
07312 #else
07313         strcat(compiled_modules, " MAC");
07314 #endif
07315 #endif
07316 #ifdef CONFIG_RSBAC_PM
07317         strcat(compiled_modules, " PM");
07318 #endif
07319 #ifdef CONFIG_RSBAC_DAZ
07320         strcat(compiled_modules, " DAZ");
07321 #endif
07322 #ifdef CONFIG_RSBAC_FF
07323         strcat(compiled_modules, " FF");
07324 #endif
07325 #ifdef CONFIG_RSBAC_RC
07326         strcat(compiled_modules, " RC");
07327 #endif
07328 #ifdef CONFIG_RSBAC_AUTH
07329         strcat(compiled_modules, " AUTH");
07330 #endif
07331 #ifdef CONFIG_RSBAC_ACL
07332         strcat(compiled_modules, " ACL");
07333 #endif
07334 #ifdef CONFIG_RSBAC_CAP
07335         strcat(compiled_modules, " CAP");
07336 #endif
07337 #ifdef CONFIG_RSBAC_JAIL
07338         strcat(compiled_modules, " JAIL");
07339 #endif
07340 #ifdef CONFIG_RSBAC_RES
07341         strcat(compiled_modules, " RES");
07342 #endif
07343 #ifdef CONFIG_RSBAC_PAX
07344         strcat(compiled_modules, " PAX");
07345 #endif
07346 #ifdef CONFIG_RSBAC_MAINT
07347         rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
07348                      RSBAC_VERSION);
07349         /* Print banner we are initializing */
07350         printk(KERN_INFO
07351                "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
07352                RSBAC_VERSION);
07353 
07354         rsbac_printk(KERN_INFO "rsbac_do_init(): Supported module data structures:%s\n",
07355                      compiled_modules);
07356 #else
07357         rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s\n",
07358                      RSBAC_VERSION);
07359         /* Print banner we are initializing */
07360 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07361         if (rsbac_nosyslog)
07362 #endif
07363                 printk(KERN_INFO
07364                        "rsbac_do_init(): Initializing RSBAC %s\n",
07365                        RSBAC_VERSION);
07366 
07367         rsbac_printk(KERN_INFO "rsbac_do_init(): compiled modules:%s\n",
07368                      compiled_modules);
07369 #endif
07370 
07371         /* init memory */
07372         rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing memory slabs\n");
07373         rsbac_kmem_cache_sizes_init();
07374 
07375         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
07376                 device_head_p[i] = kmalloc(sizeof(*device_head_p[i]), GFP_KERNEL);
07377                 if (!device_head_p[i]) {
07378                         rsbac_printk(KERN_WARNING
07379                                 "rsbac_do_init(): Failed to allocate device_list_heads[%s]\n", i);
07380                         return -ENOMEM;
07381                 }
07382 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07383                 spin_lock_init(&device_list_locks[i]);
07384 #else
07385                 rwlock_init(&device_list_locks[i]);
07386 #endif
07387                 device_head_p[i]->head = NULL;
07388                 device_head_p[i]->tail = NULL;
07389                 device_head_p[i]->curr = NULL;
07390                 device_head_p[i]->count = 0;
07391         }
07392 
07393 #if defined(CONFIG_RSBAC_PROC)
07394         rsbac_pr_debug(stack, "free stack before registering proc dir: %lu\n",
07395                        rsbac_stack_free_space());
07396         rsbac_printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n");
07397         register_all_rsbac_proc();
07398 #endif
07399         rsbac_pr_debug(stack, "free stack before get_super: %lu\n",
07400                        rsbac_stack_free_space());
07401 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07402         sb_p = user_get_super(rsbac_root_dev);
07403 #else
07404         sb_p = get_super(rsbac_root_dev);
07405 #endif
07406         if (!sb_p) {
07407                 kfree(list_info_p);
07408                 return -RSBAC_ENOROOTDEV;
07409         }
07410         /* read fd aci from root device */
07411         rsbac_pr_debug(ds, "reading aci from device "
07412                        "number %02u:%02u\n",
07413                        RSBAC_MAJOR(rsbac_root_dev),
07414                        RSBAC_MINOR(rsbac_root_dev));
07415         /* create a private device item */
07416         new_device_p = create_device_item(sb_p, NULL);
07417         if (!new_device_p) {
07418                 rsbac_printk(KERN_CRIT
07419                              "rsbac_do_init(): Could not alloc device item!\n");
07420                 err = -RSBAC_ECOULDNOTADDDEVICE;
07421                 goto out_free;
07422         }
07423         /* Add new_device_p to device list */
07424         /* OK, go on */
07425         device_p = add_device_item(new_device_p);
07426         if (!device_p) {
07427                 rsbac_printk(KERN_CRIT
07428                              "rsbac_do_init(): Could not add device!\n");
07429                 clear_device_item(new_device_p);
07430                 err = -RSBAC_ECOULDNOTADDDEVICE;
07431                 goto out_free;
07432         }
07433 
07434         /* init lists - we need the root device_p to be initialized, but no generic list registered */
07435         rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing generic lists\n");
07436         rsbac_list_init();
07437 
07438         rsbac_pr_debug(stack, "free stack before init_debug: %lu\n",
07439                        rsbac_stack_free_space());
07440         rsbac_init_debug();
07441 
07442         rsbac_printk(KERN_INFO "rsbac_do_init(): reading FD attributes from root dev\n");
07443         rsbac_pr_debug(stack, "free stack before reading FD lists: %lu\n",
07444                        rsbac_stack_free_space());
07445         /* no locking needed, device_p is known and there can be no parallel init! */
07446         if ((err = register_fd_lists(device_p, rsbac_root_dev))) {
07447                 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
07448 
07449                 if (tmp) {
07450                         rsbac_printk(KERN_WARNING "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n",
07451                                      RSBAC_MAJOR(rsbac_root_dev),
07452                                      RSBAC_MINOR(rsbac_root_dev),
07453                                      get_error_name(tmp, err));
07454                         rsbac_kfree(tmp);
07455                 }
07456         }
07457         rsbac_pr_debug(stack, "free stack before DEV lists registration: %lu\n",
07458                        rsbac_stack_free_space());
07459         register_dev_lists();
07460         rsbac_pr_debug(stack, "free stack before registering IPC lists: %lu\n",
07461                        rsbac_stack_free_space());
07462         register_ipc_lists();
07463         rsbac_pr_debug(stack, "free stack before registering USER lists 1: %lu\n",
07464                        rsbac_stack_free_space());
07465         register_user_lists1();
07466         rsbac_pr_debug(stack, "free stack before registering USER lists 2: %lu\n",
07467                        rsbac_stack_free_space());
07468         register_user_lists2();
07469         rsbac_pr_debug(stack, "free stack before registering PROCESS aci: %lu\n",
07470                        rsbac_stack_free_space());
07471         register_process_lists();
07472 
07473 
07474 #ifdef CONFIG_RSBAC_UM
07475         rsbac_pr_debug(stack, "free stack before GROUP lists registration: %lu\n",
07476                        rsbac_stack_free_space());
07477         register_group_lists();
07478 #endif                          /* CONFIG_RSBAC_UM */
07479 
07480 #ifdef CONFIG_RSBAC_NET_DEV
07481         register_netdev_lists();
07482 #endif
07483 
07484 #ifdef CONFIG_RSBAC_NET_OBJ
07485         register_nettemp_list();
07486         register_nettemp_aci_lists();
07487         register_netobj_lists();
07488 #endif                          /* NET_OBJ */
07489 
07490 #ifdef CONFIG_RSBAC_FD_CACHE
07491         if (!rsbac_fd_cache_disable)
07492                 register_fd_cache_lists();
07493 #endif
07494 
07495 /* Call other init functions */
07496 #if defined(CONFIG_RSBAC_MAC)
07497         rsbac_pr_debug(stack, "free stack before init_mac: %lu\n",
07498                        rsbac_stack_free_space());
07499         rsbac_init_mac();
07500 #endif
07501 
07502 #ifdef CONFIG_RSBAC_PM
07503         rsbac_pr_debug(stack, "free stack before init_pm: %lu\n",
07504                        rsbac_stack_free_space());
07505         rsbac_init_pm();
07506 #endif
07507 
07508 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
07509         rsbac_pr_debug(stack, "free stack before init_daz: %lu\n",
07510                        rsbac_stack_free_space());
07511         rsbac_init_daz();
07512 #endif
07513 
07514 #if defined(CONFIG_RSBAC_RC)
07515         rsbac_pr_debug(stack, "free stack before init_rc: %lu\n",
07516                        rsbac_stack_free_space());
07517         rsbac_init_rc();
07518 #endif
07519 
07520 #if defined(CONFIG_RSBAC_AUTH)
07521         rsbac_pr_debug(stack, "free stack before init_auth: %lu\n",
07522                        rsbac_stack_free_space());
07523         rsbac_init_auth();
07524         if (rsbac_auth_enable_login) {
07525                 struct dentry *t_dentry;
07526                 struct dentry *dir_dentry = NULL;
07527                 struct rsbac_auth_fd_aci_t auth_fd_aci =
07528                     DEFAULT_AUTH_FD_ACI;
07529 
07530                 rsbac_printk(KERN_WARNING "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n",
07531                              RSBAC_AUTH_LOGIN_PATH);
07532 
07533                 /* lookup filename */
07534                 if (sb_p) {
07535                         dir_dentry =
07536                             rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_DIR,
07537                                                  sb_p->s_root,
07538                                                  strlen
07539                                                  (RSBAC_AUTH_LOGIN_PATH_DIR));
07540                 }
07541                 if (!dir_dentry) {
07542                         err = -RSBAC_ENOTFOUND;
07543                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07544                                      RSBAC_AUTH_LOGIN_PATH_DIR);
07545                         goto auth_out;
07546                 }
07547                 if (IS_ERR(dir_dentry)) {
07548                         err = PTR_ERR(dir_dentry);
07549                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n",
07550                                      RSBAC_AUTH_LOGIN_PATH_DIR, err);
07551                         goto auth_out;
07552                 }
07553                 if (!dir_dentry->d_inode) {
07554                         err = -RSBAC_ENOTFOUND;
07555                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07556                                      RSBAC_AUTH_LOGIN_PATH_DIR);
07557                         dput(dir_dentry);
07558                         goto auth_out;
07559                 }
07560                 t_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_FILE,
07561                                                 dir_dentry,
07562                                                 strlen
07563                                                 (RSBAC_AUTH_LOGIN_PATH_FILE));
07564                 if (!t_dentry) {
07565                         err = -RSBAC_ENOTFOUND;
07566                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07567                                      RSBAC_AUTH_LOGIN_PATH_DIR,
07568                                      RSBAC_AUTH_LOGIN_PATH_FILE);
07569                         goto auth_out;
07570                 }
07571                 if (IS_ERR(t_dentry)) {
07572                         err = PTR_ERR(t_dentry);
07573                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n",
07574                                      RSBAC_AUTH_LOGIN_PATH_DIR,
07575                                      RSBAC_AUTH_LOGIN_PATH_FILE, err);
07576                         goto auth_out;
07577                 }
07578                 if (!t_dentry->d_inode) {
07579                         err = -RSBAC_ENOTFOUND;
07580                         rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07581                                      RSBAC_AUTH_LOGIN_PATH_DIR,
07582                                      RSBAC_AUTH_LOGIN_PATH_FILE);
07583                         dput(t_dentry);
07584                         goto auth_out;
07585                 }
07586 
07587                 if (!t_dentry->d_inode) {
07588                         rsbac_printk(KERN_WARNING "rsbac_do_init(): file %s not found\n",
07589                                      RSBAC_AUTH_LOGIN_PATH);
07590                         err = -RSBAC_EINVALIDTARGET;
07591                         goto auth_out_dput;
07592                 }
07593                 /* is inode of type file? */
07594                 if (!S_ISREG(t_dentry->d_inode->i_mode)) {
07595                         rsbac_printk(KERN_WARNING "rsbac_do_init(): %s is no file\n",
07596                                      RSBAC_AUTH_LOGIN_PATH);
07597                         err = -RSBAC_EINVALIDTARGET;
07598                         goto auth_out_dput;
07599                 }
07600                 rsbac_list_get_data(device_p->handles.auth,
07601                                     &t_dentry->d_inode->i_ino,
07602                                     &auth_fd_aci);
07603                 auth_fd_aci.auth_may_setuid = TRUE;
07604                 if (rsbac_list_add(device_p->handles.auth, &t_dentry->d_inode->i_ino, &auth_fd_aci)) {  /* Adding failed! */
07605                         rsbac_printk(KERN_WARNING "rsbac_do_init(): Could not add AUTH file/dir item!\n");
07606                         err = -RSBAC_ECOULDNOTADDITEM;
07607                 }
07608 
07609               auth_out_dput:
07610               auth_out:
07611                 {
07612                 }
07613         }
07614 #endif
07615 
07616 #if defined(CONFIG_RSBAC_ACL)
07617         rsbac_pr_debug(stack, "free stack before init_acl: %lu\n",
07618                        rsbac_stack_free_space());
07619         rsbac_init_acl();
07620 #endif
07621 
07622 #if defined(CONFIG_RSBAC_UM)
07623         rsbac_pr_debug(stack, "free stack before init_um: %lu\n",
07624                        rsbac_stack_free_space());
07625         rsbac_init_um();
07626 #endif
07627         rsbac_pr_debug(stack, "free stack before init_adf: %lu\n",
07628                        rsbac_stack_free_space());
07629         rsbac_init_adf();
07630 
07631         /* free super_block pointer */
07632         drop_super(sb_p);
07633 
07634 #if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS)
07635 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
07636         pax_set_initial_flags_func = rsbac_pax_set_flags_func;
07637 #else
07638         pax_set_flags_func = rsbac_pax_set_flags_func;
07639 #endif
07640 #endif
07641 
07642 /* Tell that rsbac is initialized                                       */
07643         rsbac_initialized = TRUE;
07644 
07645 /* Add initrd mount */
07646 #ifdef CONFIG_BLK_DEV_INITRD
07647         if (initrd_start) {
07648 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07649                 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR, 0));
07650 #else
07651                 sb_p = get_super(MKDEV(RAMDISK_MAJOR, 0));
07652 #endif
07653                 if (sb_p) {
07654                         rsbac_mount(sb_p, NULL);
07655                         drop_super(sb_p);
07656                 }
07657 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07658                 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR, INITRD_MINOR));
07659 #else
07660                 sb_p = get_super(MKDEV(RAMDISK_MAJOR, INITRD_MINOR));
07661 #endif
07662                 if (sb_p) {
07663                         rsbac_mount(sb_p, NULL);
07664                         drop_super(sb_p);
07665                 }
07666         }
07667 #endif
07668 
07669 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07670 /* Add sysfs mount */
07671         if (sysfs_covered_p && sysfs_sb_p) {
07672                 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n",
07673                              MAJOR(sysfs_sb_p->s_dev),
07674                              MINOR(sysfs_sb_p->s_dev));
07675                 rsbac_mount(sysfs_sb_p, sysfs_covered_p);
07676         }
07677 #endif
07678 
07679 /* Add devfs mount */
07680 #ifdef CONFIG_DEVFS_MOUNT
07681         if (devfs_covered_p && devfs_sb_p) {
07682                 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n",
07683                              MAJOR(devfs_sb_p->s_dev),
07684                              MINOR(devfs_sb_p->s_dev));
07685                 rsbac_mount(devfs_sb_p, devfs_covered_p);
07686         }
07687 #endif
07688 
07689 /* Force a check, if configured */
07690 #ifdef CONFIG_RSBAC_INIT_CHECK
07691         rsbac_pr_debug(stack, "free stack before rsbac_check: %lu\n",
07692                        rsbac_stack_free_space());
07693         rsbac_printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n");
07694         rsbac_check_lists(1);
07695 #if defined(CONFIG_RSBAC_ACL)
07696         rsbac_check_acl(1);
07697 #endif
07698 #endif
07699 
07700         if (!current->fs) {
07701                 rsbac_printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n");
07702                 err = -RSBAC_EINVALIDPOINTER;
07703         }
07704       out:
07705         /* We are up and running */
07706         rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n");
07707 
07708         kfree(list_info_p);
07709         return err;
07710 
07711       out_free:
07712         /* free super_block pointer */
07713         drop_super(sb_p);
07714         goto out;
07715 }
07716 
07717 
07718 #if  (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07719    || defined(CONFIG_RSBAC_INIT_THREAD)
07720 /* rsbac kernel timer for auto-write */
07721 void wakeup_rsbacd(u_long dummy)
07722 {
07723         wake_up(&rsbacd_wait);
07724 }
07725 #endif
07726 
07727 #ifdef CONFIG_RSBAC_INIT_THREAD
07728 /* rsbac kernel daemon for init */
07729 static int rsbac_initd(void *dummy)
07730 {
07731         rsbac_printk(KERN_INFO "rsbac_initd(): Initializing.\n");
07732 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07733         daemonize();
07734         strcpy(current->comm, "rsbac_initd");
07735 #endif
07736 
07737 /* Dead loop for timeout testing */
07738 /*    while(1) { } */
07739 
07740         rsbac_pr_debug(stack, "free stack before rsbac_do_init(): %lu\n",
07741                        rsbac_stack_free_space());
07742         /* init RSBAC */
07743         rsbac_do_init();
07744 
07745         rsbac_pr_debug(stack, "free stack after rsbac_do_init(): %lu\n",
07746                        rsbac_stack_free_space());
07747         /* wake up init process */
07748         wake_up(&rsbacd_wait);
07749         /* ready */
07750         rsbac_printk(KERN_INFO "rsbac_initd(): Exiting.\n");
07751         do_exit(0);
07752         return 0;
07753 }
07754 #endif
07755 
07756 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
07757 /* rsbac kernel daemon for auto-write */
07758 static int rsbacd(void *dummy)
07759 {
07760         struct task_struct *tsk = current;
07761         char *name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
07762         unsigned long list_check_time = jiffies + HZ * rsbac_list_check_interval;
07763 
07764         rsbac_printk(KERN_INFO "rsbacd(): Initializing.\n");
07765 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07766         daemonize();
07767         strcpy(tsk->comm, "rsbacd");
07768 #endif
07769 
07770 /*    lock_kernel(); */
07771 
07772         sys_close(0);
07773         sys_close(1);
07774         sys_close(2);
07775 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07776         reparent_to_init();
07777 #endif
07778 
07779         rsbac_pr_debug(auto, "Setting auto timer.\n");
07780 /* This might already have been done for rsbac_initd thread */
07781 #ifndef CONFIG_RSBAC_INIT_THREAD
07782         init_timer(&rsbac_timer);
07783         rsbac_timer.function = wakeup_rsbacd;
07784         rsbac_timer.data = 0;
07785         rsbac_timer.expires = jiffies + auto_interval;
07786         add_timer(&rsbac_timer);
07787 #endif
07788         rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space());
07789         for (;;) {
07790                 /* wait */
07791 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07792                 /* Unblock all signals. */
07793                 flush_signals(tsk);
07794                 spin_lock_irq(&tsk->sighand->siglock);
07795                 flush_signal_handlers(tsk, 1);
07796                 sigemptyset(&tsk->blocked);
07797                 recalc_sigpending();
07798                 spin_unlock_irq(&tsk->sighand->siglock);
07799 #else
07800                 spin_lock_irq(&tsk->sigmask_lock);
07801                 flush_signals(tsk);
07802                 sigfillset(&tsk->blocked);
07803                 recalc_sigpending(tsk);
07804                 spin_unlock_irq(&tsk->sigmask_lock);
07805 #endif
07806                 /* set new timer */
07807                 mod_timer(&rsbac_timer, jiffies + auto_interval);
07808                 interruptible_sleep_on(&rsbacd_wait);
07809                 /* sleep */
07810 
07811                 /* Cleanup lists regularly */
07812                 if (time_after_eq(jiffies, list_check_time)) {
07813                 list_check_time =
07814                             jiffies +
07815                             HZ * rsbac_list_check_interval;
07816                         rsbac_pr_debug(auto, "cleaning up lists\n");
07817                         rsbac_check_lists(1);
07818                 }
07819                 /* Write lists */
07820                 if (rsbac_initialized && !rsbac_debug_no_write) {
07821                         int err = 0;
07822                         /* rsbac_pr_debug(auto, "calling rsbac_write()\n"); */
07823                         /* call rsbac_write with lock_kernel() */
07824                         down(&rsbac_write_sem);
07825                         if (!rsbac_debug_no_write) {
07826 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07827                                 err = rsbac_write(FALSE);
07828 #else
07829                                 err = rsbac_write(TRUE);
07830 #endif
07831                         }
07832                         up(&rsbac_write_sem);
07833                         if (err < 0) {
07834                                 if (name)
07835                                         rsbac_printk(KERN_WARNING "rsbacd(): rsbac_write returned error %s!\n",
07836                                                      get_error_name(name,
07837                                                                     err));
07838                                 else
07839                                         rsbac_printk(KERN_WARNING "rsbacd(): rsbac_write returned error %i!\n",
07840                                                      err);
07841                         } else if (err > 0)
07842                                 rsbac_pr_debug(auto, "rsbac_write() wrote %i "
07843                                                "lists\n", err);
07844                 }
07845                 try_to_freeze();
07846         }
07847         return 0;
07848 }
07849 #endif
07850 
07851 /************************************************* */
07852 /*               Init function                     */
07853 /************************************************* */
07854 
07855 /* All functions return 0, if no error occurred, and a negative error code  */
07856 /* otherwise. The error codes are defined in rsbac_error.h.                 */
07857 
07858 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07859 /* declare sys_kill */
07860 extern long sys_kill(int pid, int sig);
07861 #endif
07862 
07863 struct rsbac_kthread_t {
07864         struct list_head list;
07865         rsbac_pid_t pid;
07866 };
07867 struct rsbac_kthread_t * rsbac_kthread;
07868 int rsbac_kthread_size_t;
07869 
07870 int rsbac_kthreads_init(void)
07871 {
07872         rsbac_kthread_size_t = sizeof(struct rsbac_kthread_t);
07873         rsbac_kthread = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07874         INIT_LIST_HEAD(&rsbac_kthread->list);
07875         return 0;
07876 }
07877 
07878 int rsbac_mark_kthread(rsbac_pid_t pid)
07879 {
07880         struct rsbac_kthread_t * rsbac_kthread_new;
07881 
07882         if (rsbac_initialized)
07883                 return 0;
07884         rsbac_kthread_new = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07885         rsbac_kthread_new->pid = pid;
07886         list_add(&rsbac_kthread_new->list, &rsbac_kthread->list);
07887         return 0;
07888 }
07889 
07890 #ifdef CONFIG_RSBAC_INIT_DELAY
07891 int rsbac_init(kdev_t root_dev)
07892 #else
07893 int __init rsbac_init(kdev_t root_dev)
07894 #endif
07895 {
07896         struct rsbac_kthread_t * rsbac_kthread_entry;
07897         struct list_head * p;
07898 #ifdef CONFIG_RSBAC_RC
07899         struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
07900 #endif
07901 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07902 #ifdef CONFIG_RSBAC_INIT_THREAD
07903         struct task_struct * rsbac_init_thread;
07904 #endif
07905         struct task_struct * rsbacd_thread;
07906 #endif
07907         rsbac_pid_t init_pid;
07908                         
07909         
07910         int err = 0;
07911 #if  (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07912    || defined(CONFIG_RSBAC_INIT_THREAD)
07913         rsbac_pid_t rsbacd_pid;
07914 #endif
07915 
07916         if (rsbac_initialized) {
07917                 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n");
07918                 return (-RSBAC_EREINIT);
07919         }
07920         if (!current->fs) {
07921                 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n");
07922                 return (-RSBAC_EINVALIDPOINTER);
07923         }
07924 
07925         rsbac_root_dev = root_dev;
07926 
07927 #if  (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07928    || defined(CONFIG_RSBAC_INIT_THREAD)
07929         /* init the rsbacd wait queue head */
07930         init_waitqueue_head(&rsbacd_wait);
07931 #endif
07932 
07933 #ifdef CONFIG_RSBAC_INIT_THREAD
07934 /* trigger dependency */
07935 #ifdef CONFIG_RSBAC_MAX_INIT_TIME
07936 #endif
07937         rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
07938                      RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
07939         init_timer(&rsbac_timer);
07940         rsbac_timer.function = wakeup_rsbacd;
07941         rsbac_timer.data = 0;
07942         rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
07943         add_timer(&rsbac_timer);
07944 
07945 /* Start rsbac thread for init */
07946 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07947         rsbac_init_thread = kthread_create(rsbac_initd, NULL, "rsbac_initd");
07948         if (IS_ERR(rsbac_init_thread))
07949                 goto panic;
07950         rsbacd_pid = rsbac_init_thread->pid;
07951         wake_up_process(rsbac_init_thread);
07952 #else
07953         rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0);
07954         if (rsbacd_pid < 0)
07955                 goto panic;
07956 #endif
07957         rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n",
07958                      rsbacd_pid);
07959 
07960         if (!rsbac_initialized)
07961                 interruptible_sleep_on(&rsbacd_wait);
07962         if (!rsbac_initialized) {
07963                 rsbac_printk(KERN_ERR
07964                              "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
07965                 rsbac_printk(KERN_ERR
07966                              "rsbac_init(): *** Killing rsbac_initd! ***\n");
07967                 sys_kill(rsbacd_pid, SIGKILL);
07968                 rsbac_initialized = FALSE;
07969         }
07970 #else
07971         rsbac_do_init();
07972 #endif
07973 
07974 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
07975         if (rsbac_initialized) {
07976                 /* Start rsbacd thread for auto write */
07977 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07978                 rsbacd_thread = kthread_create(rsbacd, NULL, "rsbacd");
07979                 rsbacd_pid = rsbacd_thread->pid;
07980                 wake_up_process(rsbacd_thread);
07981 #else
07982                 rsbacd_pid =
07983                     kernel_thread(rsbacd, NULL,
07984                                   CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
07985 #endif
07986                 if (rsbacd_pid < 0) {
07987                         rsbac_printk(KERN_ERR
07988                                      "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
07989                                      rsbacd_pid);
07990                 } else {
07991                         rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
07992                                      rsbacd_pid);
07993                 }
07994         }
07995 #endif
07996 
07997 /* Ready. */
07998 /*    schedule(); */
07999 #ifdef CONFIG_RSBAC_INIT_THREAD
08000         sys_wait4(-1, NULL, WNOHANG, NULL);
08001 #endif
08002 
08003 /* Add all processes to list of processes as init processes */
08004 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08005         {
08006 #ifdef CONFIG_RSBAC_MAC
08007                 struct rsbac_mac_user_aci_t * mac_u_aci_p;
08008 #endif
08009 #ifdef CONFIG_RSBAC_RC
08010                 struct rsbac_rc_user_aci_t * rc_u_aci_p;
08011 #endif
08012                 rsbac_uid_t user = RSBAC_SYSADM_UID;
08013                 rsbac_pid_t pid = 1;
08014                 struct task_struct *p;
08015 
08016                 union rsbac_target_id_t k_tid;
08017                 union rsbac_attribute_value_t k_attr_val;
08018 
08019                 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
08020 /* Prepare entries: change standard values to root's values */
08021 #ifdef CONFIG_RSBAC_MAC
08022                 mac_u_aci_p = rsbac_kmalloc(sizeof(*mac_u_aci_p));
08023                 if (mac_u_aci_p) {
08024                         if(!rsbac_list_get_data
08025                                 (user_handles.mac, &user, mac_u_aci_p)) {
08026                                 mac_init_p_aci.owner_sec_level =
08027                                     mac_u_aci_p->security_level;
08028                                 mac_init_p_aci.owner_initial_sec_level =
08029                                     mac_u_aci_p->initial_security_level;
08030                                 mac_init_p_aci.current_sec_level =
08031                                     mac_u_aci_p->initial_security_level;
08032                                 mac_init_p_aci.owner_min_sec_level =
08033                                     mac_u_aci_p->min_security_level;
08034                                 mac_init_p_aci.mac_owner_categories =
08035                                     mac_u_aci_p->mac_categories;
08036                                 mac_init_p_aci.mac_owner_initial_categories =
08037                                     mac_u_aci_p->mac_initial_categories;
08038                                 mac_init_p_aci.mac_curr_categories =
08039                                     mac_u_aci_p->mac_initial_categories;
08040                                 mac_init_p_aci.mac_owner_min_categories =
08041                                     mac_u_aci_p->mac_min_categories;
08042                                 mac_init_p_aci.min_write_open =
08043                                     mac_u_aci_p->security_level;
08044                                 mac_init_p_aci.max_read_open =
08045                                     mac_u_aci_p->min_security_level;
08046                                 mac_init_p_aci.min_write_categories =
08047                                     mac_u_aci_p->mac_categories;
08048                                 mac_init_p_aci.max_read_categories =
08049                                     mac_u_aci_p->mac_min_categories;
08050                                 mac_init_p_aci.mac_process_flags =
08051                                     (mac_u_aci_p->
08052                                      mac_user_flags & RSBAC_MAC_P_FLAGS) |
08053                                     RSBAC_MAC_DEF_INIT_P_FLAGS;
08054                         }
08055                         rsbac_kfree(mac_u_aci_p);
08056                 }
08057 #endif
08058 
08059 /* Set process aci - first init */
08060 #ifdef CONFIG_RSBAC_MAC
08061                 if (rsbac_list_add
08062                     (process_handles.mac, &pid,
08063                      &mac_init_p_aci))
08064                         rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process 1 could not be added!");
08065 #endif
08066 #ifdef CONFIG_RSBAC_RC
08067                 /* Get boot role */
08068                 if (rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) {   /* none: use root's role */
08069                         rc_u_aci_p = rsbac_kmalloc(sizeof(*rc_u_aci_p));
08070                         if (rc_u_aci_p) {
08071                                 if (!rsbac_list_get_data
08072                                     (user_handles.rc, &user, rc_u_aci_p)) {
08073                                         rc_init_p_aci.rc_role = rc_u_aci_p->rc_role;
08074                                 } else {        /* last resort: general role */
08075                                         rsbac_ds_get_error("rsbac_do_init",
08076                                                            A_rc_def_role);
08077                                         rc_init_p_aci.rc_role =
08078                                             RSBAC_RC_GENERAL_ROLE;
08079                                 }
08080                                 rsbac_kfree(rc_u_aci_p);
08081                         }
08082                 }
08083                 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
08084                 if (rsbac_list_add
08085                     (process_handles.rc, &pid,
08086                      &rc_init_p_aci))
08087                         rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Init process 1 could not be added!");
08088 #endif
08089                 read_lock(&tasklist_lock);
08090 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08091                 for_each_task(p)
08092 #else
08093                 for_each_process(p)
08094 #endif
08095                 {
08096                         /* not for kernel and init though... */
08097                         if (!p->pid || (p->pid == 1))
08098                                 continue;
08099                         pid = p->pid;
08100                         rsbac_pr_debug(ds, "setting aci for process %u (%s)\n", pid, p->comm);
08101 #ifdef CONFIG_RSBAC_MAC
08102                         if (rsbac_list_add
08103                             (process_handles.mac, &pid,
08104                              &mac_init_p_aci))
08105                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process %u could not be added!\n",
08106                                              pid);
08107 #endif
08108 #ifdef CONFIG_RSBAC_RC
08109                         k_tid.process = p->pid;
08110                         if (rsbac_get_attr(SW_GEN, T_PROCESS,
08111                                         k_tid,
08112                                         A_kernel_thread,
08113                                         &k_attr_val,
08114                                         FALSE)) {
08115                                 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", pid);
08116                         }
08117                         if (k_attr_val.kernel_thread) {
08118                                 if (rsbac_list_add
08119                                     (process_handles.rc,
08120                                      &pid, &rc_kernel_p_aci))
08121                                         rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n",
08122                                              pid);
08123                 }
08124 #endif
08125                 }
08126                 read_unlock(&tasklist_lock);
08127         }
08128         list_for_each(p, &rsbac_kthread->list) {
08129                 rsbac_kthread_entry = list_entry(p, 
08130                                 struct rsbac_kthread_t, list);
08131                 if (rsbac_kthread_entry->pid != 1 
08132                                 && rsbac_kthread_entry->pid != rsbacd_pid)
08133                 {
08134                         read_lock(&tasklist_lock);
08135                         if(find_task_by_pid(rsbac_kthread_entry->pid)) {
08136                                 read_unlock(&tasklist_lock);
08137                                 rsbac_kthread_notify(rsbac_kthread_entry->pid);
08138                         }
08139                         else {
08140                                 read_unlock(&tasklist_lock);
08141                                 rsbac_pr_debug(ds, "rsbac_do_init(): skipping gone away pid %u\n",
08142                                         rsbac_kthread_entry->pid);
08143                         }
08144                         /* kernel list implementation is for exclusive 
08145                          * wizards use, let's not free it now till 
08146                          * i know why it oops. consume about no 
08147                          * memory anyway. michal.
08148                          */
08149                         
08150                         /* list_del(&rsbac_kthread_entry->list);
08151                          * kfree(rsbac_kthread_entry);*/
08152                 }
08153         } /* explicitly mark init and rsbacd */
08154         init_pid = 1;
08155 #ifdef CONFIG_RSBAC_MAC
08156         if (rsbac_list_add(process_handles.mac, &init_pid, &mac_init_p_aci))
08157                 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"init\" process could not be added!");
08158         if (rsbac_list_add(process_handles.mac, &rsbacd_pid, &mac_init_p_aci))
08159                 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"rsbacd\" process could not be added!");
08160 #endif
08161 #ifdef CONFIG_RSBAC_RC
08162         if (rsbac_list_add(process_handles.rc, &init_pid, &rc_init_p_aci))
08163                 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"init\" process could not be added");
08164         if (rsbac_list_add(process_handles.rc, &rsbacd_pid, &rc_kernel_p_aci))
08165                 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"rsbacd\" process could not be added");
08166 #endif
08167         
08168         /*kfree(rsbac_kthread);*/
08169 #endif                          /* MAC or RC */
08170 
08171         rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n");
08172         return err;
08173 
08174 #ifdef CONFIG_RSBAC_INIT_THREAD
08175 panic:
08176         rsbac_printk(KERN_ERR "rsbac_init(): *** RSBAC init failed to start - RSBAC not correctly initialized! ***\n");
08177         /* let's panic - but only when in secure mode, warn otherwise */
08178 #if !defined(CONFIG_RSBAC_MAINT)
08179 #ifdef CONFIG_RSBAC_SOFTMODE
08180         if (!rsbac_softmode)
08181                 panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n");
08182 #endif
08183         panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n");
08184 #endif
08185 #endif
08186 }
08187 
08188 int rsbac_kthread_notify(rsbac_pid_t pid)
08189 {
08190         if (!rsbac_initialized)
08191                 return 0;
08192 //      rsbac_printk(KERN_DEBUG "rsbac_kthread_notify: marking pid %u!\n",
08193 //                   pid);
08194 /* Set process aci */
08195 #ifdef CONFIG_RSBAC_MAC
08196         if (rsbac_list_add
08197             (process_handles.mac, &pid, &mac_init_p_aci))
08198                 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): MAC ACI for kernel process %u could not be added!",
08199                              pid);
08200 #endif
08201 #ifdef CONFIG_RSBAC_RC
08202         if (rsbac_list_add
08203             (process_handles.rc, &pid, &rc_kernel_p_aci))
08204                 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): RC ACI for kernel process %u could not be added!",
08205                              pid);
08206 #endif
08207         return 0;
08208 }
08209 
08210 /* When mounting a device, its ACI must be read and added to the ACI lists. */
08211 
08212 int rsbac_mount(struct super_block *sb_p, struct dentry *d_covers)
08213 {
08214         int err = 0;
08215         struct rsbac_device_list_item_t *device_p;
08216         struct rsbac_device_list_item_t *new_device_p;
08217 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08218         u_long flags;
08219 #endif
08220         rsbac_boolean_t old_no_write;
08221         u_int hash;
08222 
08223         if (!sb_p) {
08224                 rsbac_printk(KERN_WARNING "rsbac_mount(): called with NULL pointer\n");
08225                 return -RSBAC_EINVALIDPOINTER;
08226         }
08227         if (!rsbac_initialized) {
08228 #ifdef CONFIG_RSBAC_INIT_DELAY
08229 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08230                 if (!RSBAC_MAJOR(rsbac_delayed_root)
08231                     && !RSBAC_MINOR(rsbac_delayed_root)
08232                     && rsbac_delayed_root_str[0]
08233                     ) {         /* translate string to kdev_t */
08234                         char *p = rsbac_delayed_root_str;
08235                         u_int major = 0;
08236                         u_int minor = 0;
08237 
08238                         major = simple_strtoul(p, NULL, 0);
08239                         while ((*p != ':') && (*p != '\0'))
08240                                 p++;
08241                         if (*p) {
08242                                 p++;
08243                                 minor = simple_strtoul(p, NULL, 0);
08244                         }
08245                         rsbac_delayed_root = RSBAC_MKDEV(major, minor);
08246                 }
08247 #endif
08248                 if (!rsbac_no_delay_init
08249                     && ((!RSBAC_MAJOR(rsbac_delayed_root)
08250                          && !RSBAC_MINOR(rsbac_delayed_root)
08251                          && (MAJOR(sb_p->s_dev) > 1)
08252                         )
08253                         || ((RSBAC_MAJOR(rsbac_delayed_root)
08254                              || RSBAC_MINOR(rsbac_delayed_root)
08255                             )
08256                             &&
08257                             ((MAJOR(sb_p->s_dev) ==
08258                               RSBAC_MAJOR(rsbac_delayed_root))
08259                              && (!RSBAC_MINOR(rsbac_delayed_root)
08260                                  || (MINOR(sb_p->s_dev) ==
08261                                      RSBAC_MINOR(rsbac_delayed_root))
08262                              )
08263                             )
08264                         )
08265                     )
08266                     ) {
08267                         if (RSBAC_MAJOR(rsbac_delayed_root)
08268                             || RSBAC_MINOR(rsbac_delayed_root)) {
08269                                 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
08270                                              MAJOR(sb_p->s_dev),
08271                                              MINOR(sb_p->s_dev),
08272                                              RSBAC_MAJOR
08273                                              (rsbac_delayed_root),
08274                                              RSBAC_MINOR
08275                                              (rsbac_delayed_root));
08276                         } else {
08277                                 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
08278                                              MAJOR(sb_p->s_dev),
08279                                              MINOR(sb_p->s_dev));
08280                         }
08281                         rsbac_init(sb_p->s_dev);
08282                         return 0;
08283                 }
08284 #endif
08285 
08286                 rsbac_printk(KERN_WARNING "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
08287                              MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08288 
08289 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08290                 if ((sb_p->s_magic == SYSFS_MAGIC)
08291                     && !RSBAC_MAJOR(sb_p->s_dev)
08292                     ) {
08293                         rsbac_printk(KERN_WARNING "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
08294                         sysfs_sb_p = sb_p;
08295                         sysfs_covered_p = d_covers;
08296                 }
08297 #endif
08298 #ifdef CONFIG_DEVFS_MOUNT
08299                 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC)
08300                     && !RSBAC_MAJOR(sb_p->s_dev)
08301                     ) {
08302                         rsbac_printk(KERN_WARNING "rsbac_mount(): devfs mount detected, keeping values for later use\n");
08303                         devfs_sb_p = sb_p;
08304                         devfs_covered_p = d_covers;
08305                 }
08306 #endif
08307                 return (-RSBAC_ENOTINITIALIZED);
08308         }
08309         rsbac_pr_debug(ds, "mounting device %02u:%02u\n",
08310                        MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08311         rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space());
08312         down(&rsbac_write_sem);
08313         old_no_write = rsbac_debug_no_write;
08314         rsbac_debug_no_write = TRUE;
08315         up(&rsbac_write_sem);
08316         hash = device_hash(sb_p->s_dev);
08317 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08318         rcu_read_lock();
08319 #else
08320         rsbac_read_lock(&device_list_locks[hash], &flags);
08321 #endif
08322         device_p = lookup_device(sb_p->s_dev, hash);
08323         /* repeated mount? */
08324         if (device_p) {
08325                 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
08326                              device_p->mount_count, MAJOR(sb_p->s_dev),
08327                              MINOR(sb_p->s_dev));
08328                 device_p->mount_count++;
08329                 if (d_covers
08330                     && !device_p->d_covers
08331                     && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev))
08332                     && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev))
08333                     ) {
08334                         rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
08335                                      d_covers);
08336                         device_p->d_covers = d_covers;
08337                 }
08338 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08339                 rcu_read_unlock();
08340 #else
08341                 rsbac_read_unlock(&device_list_locks[hash], &flags);
08342 #endif
08343         } else {
08344 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08345                 rcu_read_unlock();
08346 #else
08347                 rsbac_read_unlock(&device_list_locks[hash], &flags);
08348 #endif
08349                 /* OK, go on */
08350                 new_device_p = create_device_item(sb_p, d_covers);
08351                 rsbac_pr_debug(stack, "after creating device item: free stack: %lu\n",
08352                                rsbac_stack_free_space());
08353                 if (!new_device_p) {
08354                         rsbac_debug_no_write = old_no_write;
08355                         return -RSBAC_ECOULDNOTADDDEVICE;
08356                 }
08357 
08358 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08359                 rcu_read_lock();
08360 #else
08361                 rsbac_read_lock(&device_list_locks[hash], &flags);
08362 #endif
08363                 /* make sure to only add, if this device item has not been added in the meantime */
08364                 device_p = lookup_device(sb_p->s_dev, hash);
08365                 if (device_p) {
08366                         rsbac_printk(KERN_WARNING "rsbac_mount(): mount race for device %02u:%02u detected!\n",
08367                                      MAJOR(sb_p->s_dev),
08368                                      MINOR(sb_p->s_dev));
08369                         device_p->mount_count++;
08370 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08371                         rcu_read_unlock();
08372 #else
08373                         rsbac_read_unlock(&device_list_locks[hash], &flags);
08374 #endif
08375                         clear_device_item(new_device_p);
08376                 } else {
08377 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08378                         rcu_read_unlock();
08379 #else
08380                         rsbac_read_unlock(&device_list_locks[hash], &flags);
08381 #endif
08382                         device_p = add_device_item(new_device_p);
08383                         if (!device_p) {
08384                                 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
08385                                              MAJOR(sb_p->s_dev),
08386                                              MINOR(sb_p->s_dev));
08387                                 clear_device_item(new_device_p);
08388                                 rsbac_debug_no_write = old_no_write;
08389                                 return -RSBAC_ECOULDNOTADDDEVICE;
08390                         }
08391                 }
08392 
08393                 /* Generic lists */
08394                 rsbac_list_mount(sb_p->s_dev);
08395                 /* we do not lock device head - we know the device_p and hope for the best... */
08396                 /* also, we are within kernel mount sem */
08397                 if ((err = register_fd_lists(new_device_p, sb_p->s_dev))) {
08398                         char *tmp;
08399 
08400                         tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
08401                         if (tmp) {
08402                                 rsbac_printk(KERN_WARNING "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
08403                                              MAJOR(sb_p->s_dev),
08404                                              MINOR(sb_p->s_dev),
08405                                              get_error_name(tmp, err));
08406                                 rsbac_kfree(tmp);
08407                         }
08408                 }
08409                 rsbac_pr_debug(stack, "after registering fd lists: free stack: %lu\n",
08410                                rsbac_stack_free_space());
08411         }
08412 
08413 /* call other mount functions */
08414 #if defined(CONFIG_RSBAC_MAC)
08415         rsbac_mount_mac(sb_p->s_dev);
08416         rsbac_pr_debug(stack, "after mount_mac: free stack: %lu\n",
08417                        rsbac_stack_free_space());
08418 #endif
08419 #if defined(CONFIG_RSBAC_AUTH)
08420         rsbac_mount_auth(sb_p->s_dev);
08421         rsbac_pr_debug(stack, "after mount_auth: free stack: %lu\n",
08422                        rsbac_stack_free_space());
08423 #endif
08424 #if defined(CONFIG_RSBAC_ACL)
08425         rsbac_mount_acl(sb_p->s_dev);
08426         rsbac_pr_debug(stack, "after mount_acl: free stack: %lu\n",
08427                        rsbac_stack_free_space());
08428 #endif
08429 #if defined(CONFIG_RSBAC_REG)
08430         rsbac_mount_reg(sb_p->s_dev);
08431         rsbac_pr_debug(stack, "after mount_reg: free stack: %lu\n",
08432                        rsbac_stack_free_space());
08433 #endif                          /* REG */
08434 
08435         rsbac_debug_no_write = old_no_write;
08436         return (err);
08437 }
08438 
08439 /* When umounting a device, its ACI must be removed from the ACI lists.     */
08440 /* Removing the device ACI should be no problem.                            */
08441 
08442 int rsbac_umount(struct super_block *sb_p, struct dentry *d_covers)
08443 {
08444 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08445         u_long flags;
08446 #endif
08447         struct rsbac_device_list_item_t *device_p;
08448         kdev_t kdev;
08449         u_int hash;
08450 
08451         if (!sb_p) {
08452                 rsbac_printk(KERN_WARNING "rsbac_umount(): called with NULL pointer\n");
08453                 return -RSBAC_EINVALIDPOINTER;
08454         }
08455         if (!rsbac_initialized) {
08456                 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
08457 
08458 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08459                 if ((sb_p->s_magic == SYSFS_MAGIC)
08460                     && !RSBAC_MAJOR(sb_p->s_dev)
08461                     && sysfs_sb_p && sysfs_covered_p) {
08462                         rsbac_printk(KERN_WARNING "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
08463                         sysfs_sb_p = NULL;
08464                         sysfs_covered_p = NULL;
08465                 }
08466 #endif
08467 #ifdef CONFIG_DEVFS_MOUNT
08468                 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC)
08469                     && !RSBAC_MAJOR(sb_p->s_dev)
08470                     && devfs_sb_p && devfs_covered_p) {
08471                         rsbac_printk(KERN_WARNING "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
08472                         devfs_sb_p = NULL;
08473                         devfs_covered_p = NULL;
08474                 }
08475 #endif
08476 
08477                 return (-RSBAC_ENOTINITIALIZED);
08478         }
08479         rsbac_pr_debug(ds, "umounting device %02u:%02u\n",
08480                        MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08481         kdev = sb_p->s_dev;
08482 
08483         /* sync attribute lists */
08484 #if defined(CONFIG_RSBAC_AUTO_WRITE)
08485         if (!rsbac_debug_no_write) {
08486                 down(&rsbac_write_sem);
08487                 /* recheck no_write with lock - might have been set in between */
08488                 if (!rsbac_debug_no_write) {
08489                         rsbac_write(TRUE);
08490                 }
08491                 up(&rsbac_write_sem);
08492         }
08493 #endif
08494 /* call other umount functions */
08495 #if defined(CONFIG_RSBAC_MAC)
08496         rsbac_umount_mac(kdev);
08497 #endif
08498 #if defined(CONFIG_RSBAC_AUTH)
08499         rsbac_umount_auth(kdev);
08500 #endif
08501 #if defined(CONFIG_RSBAC_ACL)
08502         rsbac_umount_acl(kdev);
08503 #endif
08504 #if defined(CONFIG_RSBAC_REG)
08505         rsbac_umount_reg(kdev);
08506 #endif
08507 
08508         hash = device_hash(kdev);
08509         /* wait for write access to device_list_head */
08510 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08511         spin_lock(&device_list_locks[hash]);
08512 #else
08513         rsbac_write_lock(&device_list_locks[hash], &flags);
08514 #endif
08515         /* OK, nobody else is working on it... */
08516         device_p = lookup_device(kdev, hash);
08517         if (device_p) {
08518                 if (device_p->mount_count == 1) {
08519                         /* Generic lists */
08520                         rsbac_list_umount(kdev);
08521                         /* 2.6: remove_device_item unlocks! */
08522                         remove_device_item(kdev);
08523                 } else {
08524                         if (device_p->mount_count > 1) {
08525                                 device_p->mount_count--;
08526 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08527                                 spin_unlock(&device_list_locks[hash]);
08528 #endif
08529                                 if (device_p->d_covers == d_covers) {
08530                                         rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
08531                                                      RSBAC_MAJOR(kdev),
08532                                                      RSBAC_MINOR(kdev));
08533                                         device_p->d_covers = NULL;
08534                                 }
08535                         } else {
08536 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08537                                 spin_unlock(&device_list_locks[hash]);
08538 #endif
08539                                 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
08540                                              RSBAC_MAJOR(kdev),
08541                                              RSBAC_MINOR(kdev));
08542                         }
08543                 }
08544         }
08545 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08546         else
08547                 spin_unlock(&device_list_locks[hash]);
08548 #else
08549         rsbac_write_unlock(&device_list_locks[hash], &flags);
08550 #endif
08551 #ifdef CONFIG_RSBAC_FD_CACHE
08552         rsbac_fd_cache_invalidate_all();
08553 #endif
08554 
08555         return 0;
08556 }
08557 
08558 /* On pivot_root, we must unblock the dentry tree of the old root */
08559 /* by putting all cached rsbac.dat dentries */
08560 
08561 int rsbac_free_dat_dentries(void)
08562 {
08563 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08564         u_long flags;
08565 #endif
08566         struct rsbac_device_list_item_t *device_p;
08567         u_int i;
08568 
08569         if (!rsbac_initialized) {
08570                 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
08571                 return (-RSBAC_ENOTINITIALIZED);
08572         }
08573 
08574         rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
08575 
08576         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
08577 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08578                 spin_lock(&device_list_locks[i]);
08579 #else
08580                 rsbac_write_lock(&device_list_locks[i], &flags);
08581 #endif
08582                 device_p = device_head_p[i]->head;
08583                 while (device_p) {
08584                         if (device_p->rsbac_dir_dentry_p) {
08585                                 dput(device_p->rsbac_dir_dentry_p);
08586                                 device_p->rsbac_dir_dentry_p = NULL;
08587                         }
08588                         device_p = device_p->next;
08589                 }
08590 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08591                 spin_unlock(&device_list_locks[i]);
08592 #else
08593                 rsbac_write_unlock(&device_list_locks[i], &flags);
08594 #endif
08595         }
08596         return 0;
08597 }
08598 
08599 /***************************************************/
08600 /* We also need some status information...         */
08601 
08602 int rsbac_stats(void)
08603 {
08604         struct rsbac_device_list_item_t *device_p;
08605         u_long fd_count = 0, fd_sum = 0;
08606         u_long dev_sum = 0;
08607         u_long ipc_sum = 0;
08608         u_long user_sum = 0;
08609         u_long process_sum = 0;
08610 #if defined(CONFIG_RSBAC_UM)
08611         u_long group_sum = 0;
08612 #endif
08613 #if defined(CONFIG_RSBAC_NET_OBJ)
08614         u_long nettemp_sum = 0;
08615         u_long lnetobj_sum = 0;
08616         u_long rnetobj_sum = 0;
08617 #endif
08618         u_long total_sum = 0;
08619         long tmp_count = 0;
08620 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08621         u_long dflags;
08622 #endif
08623         u_int i;
08624 
08625         if (!rsbac_initialized) {
08626                 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
08627                 return (-RSBAC_ENOTINITIALIZED);
08628         }
08629         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
08630 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08631                 rcu_read_lock();
08632 #else
08633                 rsbac_read_lock(&device_list_locks[i], &dflags);
08634 #endif
08635 /*    rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n",
08636                      device_list_lock.lock); */
08637                 device_p = rcu_dereference(device_head_p[i])->head;
08638                 while (device_p) {      /* for all sublists */
08639                         fd_count = rsbac_list_count(device_p->handles.gen);
08640                         if (fd_count > 0) {
08641                                 rsbac_printk(", %lu GEN", fd_count);
08642                                 fd_sum += fd_count;
08643                         }
08644 
08645 #if defined(CONFIG_RSBAC_MAC)
08646                         fd_count = rsbac_list_count(device_p->handles.mac);
08647                         if (fd_count > 0) {
08648                                 rsbac_printk(", %lu MAC", fd_count);
08649                                 fd_sum += fd_count;
08650                         }
08651 #endif
08652 
08653 #if defined(CONFIG_RSBAC_PM)
08654                         fd_count = rsbac_list_count(device_p->handles.pm);
08655                         if (fd_count > 0) {
08656                                 rsbac_printk(", %lu PM", fd_count);
08657                                 fd_sum += fd_count;
08658                         }
08659 #endif
08660 
08661 #if defined(CONFIG_RSBAC_DAZ)
08662                         fd_count = rsbac_list_count(device_p->handles.daz);
08663                         if (fd_count > 0) {
08664                                 rsbac_printk(", %lu DAZ", fd_count);
08665                                 fd_sum += fd_count;
08666                         }
08667 #if defined(CONFIG_RSBAC_DAZ_CACHE)
08668                         fd_count = rsbac_list_count(device_p->handles.dazs);
08669                         if (fd_count > 0) {
08670                                 rsbac_printk(", %lu DAZ SCANNED", fd_count);
08671                                 fd_sum += fd_count;
08672                         }
08673 #endif
08674 #endif
08675 
08676 #if defined(CONFIG_RSBAC_FF)
08677                         fd_count = rsbac_list_count(device_p->handles.ff);
08678                         if (fd_count > 0) {
08679                                 rsbac_printk(", %lu FF", fd_count);
08680                                 fd_sum += fd_count;
08681                         }
08682 #endif
08683 
08684 #if defined(CONFIG_RSBAC_RC)
08685                         fd_count = rsbac_list_count(device_p->handles.rc);
08686                         if (fd_count > 0) {
08687                                 rsbac_printk(", %lu RC", fd_count);
08688                                 fd_sum += fd_count;
08689                         }
08690 #endif
08691 
08692 #if defined(CONFIG_RSBAC_AUTH)
08693                         fd_count = rsbac_list_count(device_p->handles.auth);
08694                         if (fd_count > 0) {
08695                                 rsbac_printk(", %lu AUTH", fd_count);
08696                                 fd_sum += fd_count;
08697                         }
08698 #endif
08699 
08700 #if defined(CONFIG_RSBAC_CAP)
08701                         fd_count = rsbac_list_count(device_p->handles.cap);
08702                         if (fd_count > 0) {
08703                                 rsbac_printk(", %lu CAP", fd_count);
08704                                 fd_sum += fd_count;
08705                         }
08706 #endif
08707 #if defined(CONFIG_RSBAC_RES)
08708                         fd_count = rsbac_list_count(device_p->handles.res);
08709                         if (fd_count > 0) {
08710                                 rsbac_printk(", %lu RES", fd_count);
08711                                 fd_sum += fd_count;
08712                         }
08713 #endif
08714 #if defined(CONFIG_RSBAC_PAX)
08715                         fd_count = rsbac_list_count(device_p->handles.pax);
08716                         if (fd_count > 0) {
08717                                 rsbac_printk(", %lu PAX", fd_count);
08718                                 fd_sum += fd_count;
08719                         }
08720 #endif
08721 
08722                         rsbac_printk("\n");
08723                         device_p = device_p->next;
08724                 }
08725                 tmp_count += rcu_dereference(device_head_p[i])->count;
08726 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08727                 rcu_read_unlock();
08728 #else
08729                 rsbac_read_unlock(&device_list_locks[i], &dflags);
08730 #endif
08731         }
08732         rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
08733                      tmp_count, fd_sum);
08734         /* free access to device_list_head */
08735         total_sum += fd_sum;
08736 
08737         /* dev lists */
08738         tmp_count = rsbac_list_count(dev_handles.gen);
08739         rsbac_printk(KERN_INFO "DEV items: %lu GEN", tmp_count);
08740         dev_sum += tmp_count;
08741 #if defined(CONFIG_RSBAC_MAC)
08742         tmp_count = rsbac_list_count(dev_handles.mac);
08743         rsbac_printk(", %lu MAC", tmp_count);
08744         dev_sum += tmp_count;
08745 #endif
08746 #if defined(CONFIG_RSBAC_PM)
08747         tmp_count = rsbac_list_count(dev_handles.pm);
08748         rsbac_printk(", %lu PM", tmp_count);
08749         dev_sum += tmp_count;
08750 #endif
08751 #if defined(CONFIG_RSBAC_RC)
08752         tmp_count = rsbac_list_count(dev_major_handles.rc);
08753         rsbac_printk(", %lu major RC", tmp_count);
08754         dev_sum += tmp_count;
08755         tmp_count = rsbac_list_count(dev_handles.rc);
08756         rsbac_printk(", %lu RC", tmp_count);
08757         dev_sum += tmp_count;
08758 #endif
08759         rsbac_printk("\n");
08760         rsbac_printk(KERN_INFO "Sum of %lu DEV items\n", dev_sum);
08761         total_sum += dev_sum;
08762 
08763         /* ipc lists */
08764         rsbac_printk(KERN_INFO "IPC items: no GEN");
08765 #if defined(CONFIG_RSBAC_MAC)
08766         tmp_count = rsbac_list_count(ipc_handles.mac);
08767         rsbac_printk(", %lu MAC", tmp_count);
08768         ipc_sum += tmp_count;
08769 #endif
08770 #if defined(CONFIG_RSBAC_PM)
08771         tmp_count = rsbac_list_count(ipc_handles.pm);
08772         rsbac_printk(", %lu PM", tmp_count);
08773         ipc_sum += tmp_count;
08774 #endif
08775 #if defined(CONFIG_RSBAC_RC)
08776         tmp_count = rsbac_list_count(ipc_handles.rc);
08777         rsbac_printk(", %lu RC", tmp_count);
08778         ipc_sum += tmp_count;
08779 #endif
08780 #if defined(CONFIG_RSBAC_JAIL)
08781         tmp_count = rsbac_list_count(ipc_handles.jail);
08782         rsbac_printk(", %lu JAIL", tmp_count);
08783         ipc_sum += tmp_count;
08784 #endif
08785         rsbac_printk("\n");
08786         rsbac_printk(KERN_INFO "Sum of %lu IPC items\n", ipc_sum);
08787         total_sum += ipc_sum;
08788 
08789         /* user lists */
08790         tmp_count = rsbac_list_count(user_handles.gen);
08791         rsbac_printk(KERN_INFO "USER items: %lu GEN", tmp_count);
08792         user_sum += tmp_count;
08793 #if defined(CONFIG_RSBAC_MAC)
08794         tmp_count = rsbac_list_count(user_handles.mac);
08795         rsbac_printk(", %lu MAC", tmp_count);
08796         user_sum += tmp_count;
08797 #endif
08798 #if defined(CONFIG_RSBAC_PM)
08799         tmp_count = rsbac_list_count(user_handles.pm);
08800         rsbac_printk(", %lu PM", tmp_count);
08801         user_sum += tmp_count;
08802 #endif
08803 #if defined(CONFIG_RSBAC_DAZ)
08804         tmp_count = rsbac_list_count(user_handles.daz);
08805         rsbac_printk(", %lu DAZ", tmp_count);
08806         user_sum += tmp_count;
08807 #endif
08808 #if defined(CONFIG_RSBAC_RC)
08809         tmp_count = rsbac_list_count(user_handles.rc);
08810         rsbac_printk(", %lu RC", tmp_count);
08811         user_sum += tmp_count;
08812 #endif
08813 #if defined(CONFIG_RSBAC_AUTH)
08814         tmp_count = rsbac_list_count(user_handles.auth);
08815         rsbac_printk(", %lu AUTH", tmp_count);
08816         user_sum += tmp_count;
08817 #endif
08818 #if defined(CONFIG_RSBAC_CAP)
08819         tmp_count = rsbac_list_count(user_handles.cap);
08820         rsbac_printk(", %lu CAP", tmp_count);
08821         user_sum += tmp_count;
08822 #endif
08823 #if defined(CONFIG_RSBAC_JAIL)
08824         tmp_count = rsbac_list_count(user_handles.jail);
08825         rsbac_printk(", %lu JAIL", tmp_count);
08826         user_sum += tmp_count;
08827 #endif
08828 #if defined(CONFIG_RSBAC_RES)
08829         tmp_count = rsbac_list_count(user_handles.res);
08830         rsbac_printk(", %lu RES", tmp_count);
08831         user_sum += tmp_count;
08832 #endif
08833 #if defined(CONFIG_RSBAC_PAX)
08834         tmp_count = rsbac_list_count(user_handles.pax);
08835         rsbac_printk(", %lu PAX", tmp_count);
08836         user_sum += tmp_count;
08837 #endif
08838         rsbac_printk("\n");
08839         rsbac_printk(KERN_INFO "Sum of %lu USER items\n", user_sum);
08840         total_sum += user_sum;
08841 
08842         /* process lists */
08843         tmp_count = rsbac_list_count(process_handles.gen);
08844         rsbac_printk(KERN_INFO "PROCESS items: %lu GEN", tmp_count);
08845         process_sum += tmp_count;
08846 #if defined(CONFIG_RSBAC_MAC)
08847         tmp_count = rsbac_list_count(process_handles.mac);
08848         rsbac_printk(", %lu MAC", tmp_count);
08849         process_sum += tmp_count;
08850 #endif
08851 #if defined(CONFIG_RSBAC_PM)
08852         tmp_count = rsbac_list_count(process_handles.pm);
08853         rsbac_printk(", %lu PM", tmp_count);
08854         process_sum += tmp_count;
08855 #endif
08856 #if defined(CONFIG_RSBAC_DAZ)
08857         tmp_count = rsbac_list_count(process_handles.daz);
08858         rsbac_printk(", %lu DAZ", tmp_count);
08859         process_sum += tmp_count;
08860 #endif
08861 #if defined(CONFIG_RSBAC_RC)
08862         tmp_count = rsbac_list_count(process_handles.rc);
08863         rsbac_printk(", %lu RC", tmp_count);
08864         process_sum += tmp_count;
08865 #endif
08866 #if defined(CONFIG_RSBAC_AUTH)
08867         tmp_count = rsbac_list_count(process_handles.auth);
08868         rsbac_printk(", %lu AUTH", tmp_count);
08869         process_sum += tmp_count;
08870 #endif
08871 #if defined(CONFIG_RSBAC_CAP)
08872         tmp_count = rsbac_list_count(process_handles.cap);
08873         rsbac_printk(", %lu CAP", tmp_count);
08874         process_sum += tmp_count;
08875 #endif
08876 #if defined(CONFIG_RSBAC_JAIL)
08877         tmp_count = rsbac_list_count(process_handles.jail);
08878         rsbac_printk(", %lu JAIL", tmp_count);
08879         process_sum += tmp_count;
08880 #endif
08881         rsbac_printk("\n");
08882         rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n", process_sum);
08883         total_sum += process_sum;
08884 
08885 #if defined(CONFIG_RSBAC_UM)
08886         /* group lists */
08887         rsbac_printk(KERN_INFO "GROUP items: ");
08888 #if defined(CONFIG_RSBAC_RC_UM_PROT)
08889         tmp_count = rsbac_list_count(group_handles.rc);
08890         rsbac_printk("%lu RC", tmp_count);
08891         user_sum += tmp_count;
08892 #endif
08893         rsbac_printk("\n");
08894         rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n", group_sum);
08895         total_sum += group_sum;
08896 #endif
08897 
08898 #if defined(CONFIG_RSBAC_NET_OBJ)
08899         /* nettemp lists */
08900         rsbac_printk(KERN_INFO "NETTEMP items: ");
08901 #if defined(CONFIG_RSBAC_MAC)
08902         tmp_count = rsbac_list_count(nettemp_handles.mac);
08903         rsbac_printk("%lu MAC, ", tmp_count);
08904         nettemp_sum += tmp_count;
08905 #endif
08906 #if defined(CONFIG_RSBAC_PM)
08907         tmp_count = rsbac_list_count(nettemp_handles.pm);
08908         rsbac_printk("%lu PM, ", tmp_count);
08909         nettemp_sum += tmp_count;
08910 #endif
08911 #if defined(CONFIG_RSBAC_RC)
08912         tmp_count = rsbac_list_count(nettemp_handles.rc);
08913         rsbac_printk("%lu RC, ", tmp_count);
08914         nettemp_sum += tmp_count;
08915 #endif
08916         rsbac_printk("\n");
08917         rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n", nettemp_sum);
08918         total_sum += nettemp_sum;
08919 
08920         /* local netobj lists */
08921         rsbac_printk(KERN_INFO "Local NETOBJ items:");
08922 #if defined(CONFIG_RSBAC_MAC)
08923         tmp_count = rsbac_list_count(lnetobj_handles.mac);
08924         rsbac_printk(" %lu MAC,", tmp_count);
08925         lnetobj_sum += tmp_count;
08926 #endif
08927 #if defined(CONFIG_RSBAC_PM)
08928         tmp_count = rsbac_list_count(lnetobj_handles.pm);
08929         rsbac_printk(" %lu PM,", tmp_count);
08930         lnetobj_sum += tmp_count;
08931 #endif
08932 #if defined(CONFIG_RSBAC_RC)
08933         tmp_count = rsbac_list_count(lnetobj_handles.rc);
08934         rsbac_printk(" %lu RC", tmp_count);
08935         lnetobj_sum += tmp_count;
08936 #endif
08937         rsbac_printk("\n");
08938         rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
08939                      lnetobj_sum);
08940         total_sum += lnetobj_sum;
08941 
08942         /* remote netobj lists */
08943         rsbac_printk(KERN_INFO "Remote NETOBJ items:");
08944 #if defined(CONFIG_RSBAC_MAC)
08945         tmp_count = rsbac_list_count(rnetobj_handles.mac);
08946         rsbac_printk(" %lu MAC,", tmp_count);
08947         rnetobj_sum += tmp_count;
08948 #endif
08949 #if defined(CONFIG_RSBAC_PM)
08950         tmp_count = rsbac_list_count(rnetobj_handles.pm);
08951         rsbac_printk(" %lu PM,", tmp_count);
08952         rnetobj_sum += tmp_count;
08953 #endif
08954 #if defined(CONFIG_RSBAC_RC)
08955         tmp_count = rsbac_list_count(rnetobj_handles.rc);
08956         rsbac_printk(" %lu RC", tmp_count);
08957         rnetobj_sum += tmp_count;
08958 #endif
08959         rsbac_printk("\n");
08960         rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
08961                      rnetobj_sum);
08962         total_sum += rnetobj_sum;
08963 #endif                          /* NET_OBJ */
08964 
08965         rsbac_printk(KERN_INFO "Total of %lu registered rsbac-items\n", total_sum);
08966 
08967         rsbac_printk(KERN_INFO "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n",
08968                      rsbac_adf_request_count[T_FILE],
08969                      rsbac_adf_request_count[T_DIR],
08970                      rsbac_adf_request_count[T_FIFO],
08971                      rsbac_adf_request_count[T_SYMLINK],
08972                      rsbac_adf_request_count[T_DEV],
08973                      rsbac_adf_request_count[T_IPC],
08974                      rsbac_adf_request_count[T_SCD],
08975                      rsbac_adf_request_count[T_USER],
08976                      rsbac_adf_request_count[T_PROCESS],
08977                      rsbac_adf_request_count[T_NETDEV],
08978                      rsbac_adf_request_count[T_NETTEMP],
08979                      rsbac_adf_request_count[T_NETOBJ],
08980                      rsbac_adf_request_count[T_UNIXSOCK]);
08981         rsbac_printk(KERN_INFO "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n",
08982                      rsbac_adf_set_attr_count[T_FILE],
08983                      rsbac_adf_set_attr_count[T_DIR],
08984                      rsbac_adf_set_attr_count[T_FIFO],
08985                      rsbac_adf_set_attr_count[T_SYMLINK],
08986                      rsbac_adf_set_attr_count[T_DEV],
08987                      rsbac_adf_set_attr_count[T_IPC],
08988                      rsbac_adf_set_attr_count[T_SCD],
08989                      rsbac_adf_set_attr_count[T_USER],
08990                      rsbac_adf_set_attr_count[T_PROCESS],
08991                      rsbac_adf_set_attr_count[T_NETDEV],
08992                      rsbac_adf_set_attr_count[T_NETTEMP],
08993                      rsbac_adf_set_attr_count[T_NETOBJ],
08994                      rsbac_adf_set_attr_count[T_UNIXSOCK]);
08995 
08996 #if defined(CONFIG_RSBAC_PM)
08997         rsbac_stats_pm();
08998 #endif
08999 #if defined(CONFIG_RSBAC_RC)
09000         rsbac_stats_rc();
09001 #endif
09002 #if defined(CONFIG_RSBAC_AUTH)
09003         rsbac_stats_auth();
09004 #endif
09005 #if defined(CONFIG_RSBAC_ACL)
09006         rsbac_stats_acl();
09007 #endif
09008         return 0;
09009 }
09010 
09011 /***************************************************/
09012 /* rsbac_write() to write all dirty lists to disk  */
09013 /*               returns no. of lists written      */
09014 
09015 #if defined(CONFIG_RSBAC_AUTO_WRITE)
09016 int rsbac_write(rsbac_boolean_t need_lock)
09017 {
09018         int err = 0;
09019         u_int count = 0;
09020         int subcount;
09021 
09022         if (!rsbac_initialized) {
09023                 rsbac_printk(KERN_WARNING "rsbac_write(): RSBAC not initialized\n");
09024                 return (-RSBAC_ENOTINITIALIZED);
09025         }
09026         if (rsbac_debug_no_write)
09027                 return 0;
09028 
09029         subcount = rsbac_write_lists(need_lock);
09030         if (subcount > 0) {
09031                 count += subcount;
09032         } else if (subcount < 0) {
09033                 err = subcount;
09034                 if (err != -RSBAC_ENOTWRITABLE) {
09035                         rsbac_printk(KERN_WARNING "rsbac_write(): rsbac_write_lists() returned error %i\n",
09036                                      err);
09037                 }
09038         }
09039 
09040 #if defined(CONFIG_RSBAC_REG)
09041         subcount = rsbac_write_reg(need_lock);
09042         if (subcount > 0) {
09043                 count += subcount;
09044         } else if (subcount < 0) {
09045                 err = subcount;
09046                 if (err != -RSBAC_ENOTWRITABLE) {
09047                         rsbac_printk(KERN_WARNING "rsbac_write(): rsbac_write_reg() returned error %i\n",
09048                                      err);
09049                 }
09050         }
09051 #endif
09052 
09053         if (count > 0)
09054                 rsbac_pr_debug(write, "total of %u lists written\n", count);
09055         return (count);
09056 }
09057 #endif
09058 
09059 /************************************************* */
09060 /*               Attribute functions               */
09061 /************************************************* */
09062 
09063 /* A rsbac_set_attr() call for a non-existing object, user                  */
09064 /* or process entry will first add the target and then set the attribute.   */
09065 /* Invalid combinations and trying to set security_level to or from         */
09066 /* SL_rsbac_internal return an error.                                       */
09067 /* A rsbac_get_attr() call for a non-existing target will return the        */
09068 /* default value stored in def_aci, which should be the first enum item.*/
09069 
09070 /* All these procedures handle the rw-spinlocks to protect the targets during */
09071 /* access.                                                                  */
09072 
09073 /* get the parent of a target
09074  * returns -RSBAC_EINVALIDTARGET for non-fs targets
09075  * and -RSBAC_ENOTFOUND, if no parent available
09076  * In kernels >= 2.4.0, device_p->d_covers is used and the device_p item is
09077  * properly locked for reading, so never call with a write lock held on
09078  * device_p!
09079  */
09080 #if defined(CONFIG_RSBAC_REG)
09081 EXPORT_SYMBOL(rsbac_get_parent);
09082 #endif
09083 int rsbac_get_parent(enum rsbac_target_t target,
09084                      union rsbac_target_id_t tid,
09085                      enum rsbac_target_t *parent_target_p,
09086                      union rsbac_target_id_t *parent_tid_p)
09087 {
09088         if (!parent_target_p || !parent_tid_p)
09089                 return -RSBAC_EINVALIDPOINTER;
09090 /*
09091         rsbac_pr_debug(ds, "Getting file/dir/fifo/symlink "
09092                        "parent for device %02u:%02u, inode %lu, dentry_p %p\n",
09093                        RSBAC_MAJOR(tid.file.device),
09094                        RSBAC_MINOR(tid.file.device),
09095                        (u_long)tid.file.inode, tid.file.dentry_p);
09096 */
09097         switch (target) {
09098         case T_FILE:
09099         case T_DIR:
09100         case T_FIFO:
09101         case T_SYMLINK:
09102         case T_UNIXSOCK:
09103                 break;
09104         default:
09105                 return -RSBAC_EINVALIDTARGET;
09106         }
09107 
09108         if (!tid.file.dentry_p)
09109                 return -RSBAC_ENOTFOUND;
09110 
09111 #ifdef CONFIG_RSBAC_XSTATS
09112         get_parent_count++;
09113 #endif
09114         *parent_target_p = T_DIR;
09115         /* Is this dentry root of a mounted device? */
09116         if (tid.file.dentry_p->d_sb
09117             && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
09118             ) {
09119                 struct rsbac_device_list_item_t *device_p;
09120 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09121                 u_long dflags;
09122 #endif
09123                 u_int hash;
09124 
09125                 hash = device_hash(tid.file.device);
09126                 /* wait for read access to device_list_head */
09127 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09128                 rcu_read_lock();
09129 #else
09130                 rsbac_read_lock(&device_list_locks[hash], &dflags);
09131 #endif
09132                 device_p = lookup_device(tid.file.device, hash);
09133                 if (!device_p
09134                     || !device_p->d_covers
09135                     || !device_p->d_covers->d_parent
09136                     || !device_p->d_covers->d_parent->d_inode) {
09137                         /* free access to device_list_head */
09138 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09139                         rcu_read_unlock();
09140 #else
09141                         rsbac_read_unlock(&device_list_locks[hash], &dflags);
09142 #endif
09143                         return -RSBAC_ENOTFOUND;
09144                 }
09145                 parent_tid_p->dir.device =
09146                     device_p->d_covers->d_parent->d_sb->s_dev;
09147                 parent_tid_p->dir.inode =
09148                     device_p->d_covers->d_parent->d_inode->i_ino;
09149                 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
09150                 /* free access to device_list_head */
09151 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09152                 rcu_read_unlock();
09153 #else
09154                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09155 #endif
09156         } else {                /* no root of filesystem -> use d_parent, dev keeps unchanged */
09157                 if (!tid.file.dentry_p->d_parent) {
09158                         rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent is NULL!\n");
09159                         return -RSBAC_ENOTFOUND;
09160                 }
09161                 if (tid.file.dentry_p == tid.file.dentry_p->d_parent) {
09162                         rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
09163                         return -RSBAC_ENOTFOUND;
09164                 }
09165                 if (!tid.file.dentry_p->d_parent->d_inode) {
09166                         rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
09167                         return -RSBAC_ENOTFOUND;
09168                 }
09169                 parent_tid_p->dir.device = tid.file.device;
09170                 parent_tid_p->dir.inode =
09171                     tid.file.dentry_p->d_parent->d_inode->i_ino;
09172                 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
09173         }
09174         return 0;
09175 }
09176 
09177 static int get_attr_fd(rsbac_list_ta_number_t ta_number,
09178                         enum rsbac_switch_target_t module,
09179                         enum rsbac_target_t target,
09180                         union rsbac_target_id_t *tid_p,
09181                         enum rsbac_attribute_t attr,
09182                         union rsbac_attribute_value_t *value,
09183                         rsbac_boolean_t inherit)
09184 {
09185         int err = 0;
09186         struct rsbac_device_list_item_t *device_p;
09187 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09188         u_long dflags;
09189 #endif
09190 #if defined(CONFIG_RSBAC_FF)
09191         rsbac_ff_flags_t ff_flags = 0;
09192         rsbac_ff_flags_t ff_tmp_flags;
09193         rsbac_ff_flags_t ff_mask = -1;
09194 #endif
09195         u_int hash;
09196 
09197 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09198         if (!RSBAC_MAJOR(tid_p->file.device)
09199             && !RSBAC_MINOR(tid_p->file.device)
09200             )
09201                 return -RSBAC_EINVALIDDEV;
09202 #endif
09203         /* use loop for inheritance - used to be recursive calls */
09204         for (;;) {
09205 /*              rsbac_pr_debug(ds, "Getting file/dir/fifo/"
09206                                "symlink attribute %u for device %02u:%02u, "
09207                                "inode %lu, dentry_p %p\n", attr,
09208                                RSBAC_MAJOR(tid_p->file.device),
09209                                RSBAC_MINOR(tid_p->file.device),
09210                                (u_long)tid_p->file.inode,
09211                                tid_p->file.dentry_p); */
09212                 hash = device_hash(tid_p->file.device);
09213                 /* wait for read access to device_list_head */
09214 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09215                 rcu_read_lock();
09216 #else
09217                 rsbac_read_lock(&device_list_locks[hash], &dflags);
09218 #endif
09219                 /* OK, go on */
09220                 /* rsbac_pr_debug(ds, "passed device read lock\n"); */
09221                 /* lookup device */
09222                 device_p = lookup_device(tid_p->file.device, hash);
09223                 if (!device_p) {
09224                         struct super_block *sb_p;
09225 
09226 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09227                         rcu_read_unlock();
09228 #else
09229                         rsbac_read_unlock(&device_list_locks[hash], &dflags);
09230 #endif
09231 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09232                         sb_p = user_get_super(tid_p->file.device);
09233 #else
09234                         sb_p = get_super(tid_p->file.device);
09235 #endif
09236                         if (sb_p) {
09237                                 if(RSBAC_MAJOR(tid_p->file.device) <= 1) {
09238                                         rsbac_printk(KERN_INFO "rsbac_get_attr(): auto-mounting device %02u:%02u\n",
09239                                              RSBAC_MAJOR(tid_p->file.
09240                                                          device),
09241                                              RSBAC_MINOR(tid_p->file.
09242                                                          device));
09243                                         rsbac_mount(sb_p, NULL);
09244                                 }
09245                                 /* free super_block pointer */
09246                                 drop_super(sb_p);
09247 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09248                                 rcu_read_lock();
09249 #else
09250                                 rsbac_read_lock(&device_list_locks[hash],
09251                                                 &dflags);
09252 #endif
09253                                 device_p =
09254                                     lookup_device(tid_p->file.device, hash);
09255                                 if (!device_p) {
09256                                         rsbac_printk(KERN_WARNING "rsbac_get_attr(): unknown device %02u:%02u\n",
09257                                                      RSBAC_MAJOR(tid_p->
09258                                                                  file.
09259                                                                  device),
09260                                                      RSBAC_MINOR(tid_p->
09261                                                                  file.
09262                                                                  device));
09263 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09264                                         rcu_read_unlock();
09265 #else
09266                                         rsbac_read_unlock
09267                                             (&device_list_locks[hash],
09268                                              &dflags);
09269 #endif
09270                                         return -RSBAC_EINVALIDDEV;
09271                                 }
09272                         } else
09273                                 return -RSBAC_EINVALIDDEV;
09274                 }
09275                 switch (module) {
09276                 case SW_GEN:
09277                         {
09278                                 struct rsbac_gen_fd_aci_t aci =
09279                                     DEFAULT_GEN_FD_ACI;
09280 
09281                                 if (attr == A_internal) {
09282                                         if (!device_p->rsbac_dir_inode
09283                                             || !tid_p->file.inode)
09284                                                 value->internal = FALSE;
09285                                         else if (device_p->
09286                                                  rsbac_dir_inode ==
09287                                                  tid_p->file.inode)
09288                                                 value->internal = TRUE;
09289                                         else if (inherit) {
09290                                                 enum rsbac_target_t
09291                                                     parent_target;
09292                                                 union rsbac_target_id_t
09293                                                     parent_tid;
09294 
09295                                                 /* inheritance possible? */
09296                                                 if (!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) {   /* yes: inherit this single level */
09297                                                         if (device_p->
09298                                                             rsbac_dir_inode
09299                                                             ==
09300                                                             parent_tid.
09301                                                             file.inode)
09302                                                                 value->
09303                                                                     internal
09304                                                                     = TRUE;
09305                                                         else
09306                                                                 value->
09307                                                                     internal
09308                                                                     =
09309                                                                     FALSE;
09310                                                 } else {
09311                                                         value->internal =
09312                                                             FALSE;
09313                                                 }
09314                                         } else {
09315                                                 value->internal = FALSE;
09316                                         }
09317 
09318                                         /* free access to device_list_head */
09319 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09320                                         rcu_read_unlock();
09321 #else
09322                                         rsbac_read_unlock
09323                                             (&device_list_locks[hash],
09324                                              &dflags);
09325 #endif
09326                                         return 0;
09327                                 }
09328                                 rsbac_ta_list_get_data_ttl(ta_number,
09329                                                            device_p->
09330                                                            handles.gen,
09331                                                            NULL,
09332                                                            &tid_p->file.
09333                                                            inode, &aci);
09334                                 switch (attr) {
09335                                 case A_log_array_low:
09336                                         value->log_array_low =
09337                                             aci.log_array_low;
09338                                         break;
09339                                 case A_log_array_high:
09340                                         value->log_array_high =
09341                                             aci.log_array_high;
09342                                         break;
09343                                 case A_log_program_based:
09344                                         value->log_program_based =
09345                                             aci.log_program_based;
09346                                         break;
09347                                 case A_symlink_add_remote_ip:
09348                                         value->symlink_add_remote_ip =
09349                                             aci.symlink_add_remote_ip;
09350                                         break;
09351                                 case A_symlink_add_uid:
09352                                         value->symlink_add_uid =
09353                                             aci.symlink_add_uid;
09354                                         break;
09355                                 case A_symlink_add_mac_level:
09356                                         value->symlink_add_mac_level =
09357                                             aci.symlink_add_mac_level;
09358                                         break;
09359                                 case A_symlink_add_rc_role:
09360                                         value->symlink_add_rc_role =
09361                                             aci.symlink_add_rc_role;
09362                                         break;
09363                                 case A_linux_dac_disable:
09364                                         value->linux_dac_disable =
09365                                             aci.linux_dac_disable;
09366                                         if ((value->linux_dac_disable ==
09367                                              LDD_inherit) && inherit) {
09368                                                 enum rsbac_target_t
09369                                                     parent_target;
09370                                                 union rsbac_target_id_t
09371                                                     parent_tid;
09372 
09373                                                 /* free access to device_list_head - see above */
09374 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09375                                                 rcu_read_unlock();
09376 #else
09377                                                 rsbac_read_unlock
09378                                                     (&device_list_locks[hash],
09379                                                      &dflags);
09380 #endif
09381                                                 /* inheritance possible? */
09382                                                 if (!rsbac_get_parent
09383                                                     (target, *tid_p,
09384                                                      &parent_target,
09385                                                      &parent_tid)) {
09386                                                         target =
09387                                                             parent_target;
09388                                                         *tid_p =
09389                                                             parent_tid;
09390                                                         continue;
09391                                                 } else {
09392                                                         value->
09393                                                             linux_dac_disable
09394                                                             =
09395                                                             def_gen_root_dir_aci.
09396                                                             linux_dac_disable;
09397                                                         return 0;
09398                                                 }
09399                                         }
09400                                         break;
09401                                 case A_fake_root_uid:
09402                                         value->fake_root_uid =
09403                                             aci.fake_root_uid;
09404                                         break;
09405                                 case A_auid_exempt:
09406                                         value->auid_exempt =
09407                                             aci.auid_exempt;
09408                                         break;
09409                                 default:
09410                                         err = -RSBAC_EINVALIDATTR;
09411                                 }
09412                         }
09413                         break;
09414 
09415 #if defined(CONFIG_RSBAC_MAC)
09416                 case SW_MAC:
09417                         {
09418                                 struct rsbac_mac_fd_aci_t aci =
09419                                     DEFAULT_MAC_FD_ACI;
09420 
09421                                 rsbac_ta_list_get_data_ttl(ta_number,
09422                                                            device_p->
09423                                                            handles.mac,
09424                                                            NULL,
09425                                                            &tid_p->file.
09426                                                            inode, &aci);
09427                                 switch (attr) {
09428                                 case A_security_level:
09429                                         value->security_level =
09430                                             aci.sec_level;
09431                                         if ((value->security_level ==
09432                                              SL_inherit) && inherit) {
09433                                                 enum rsbac_target_t
09434                                                     parent_target;
09435                                                 union rsbac_target_id_t
09436                                                     parent_tid;
09437 
09438                                                 /* free access to device_list_head - see above */
09439 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09440                                                 rcu_read_unlock();
09441 #else
09442                                                 rsbac_read_unlock
09443                                                     (&device_list_locks[hash], &dflags);
09444 #endif
09445                                                 /* inheritance possible? */
09446                                                 if (!rsbac_get_parent
09447                                                     (target, *tid_p,
09448                                                      &parent_target,
09449                                                      &parent_tid)) {
09450                                                         target =
09451                                                             parent_target;
09452                                                         *tid_p =
09453                                                             parent_tid;
09454                                                         continue;
09455                                                 } else {
09456                                                         value->
09457                                                             security_level
09458                                                             =
09459                                                             def_mac_root_dir_aci.
09460                                                             sec_level;
09461                                                         return 0;
09462                                                 }
09463                                         }
09464                                         break;
09465                                 case A_mac_categories:
09466                                         value->mac_categories =
09467                                             aci.mac_categories;
09468                                         if ((value->mac_categories ==
09469                                              RSBAC_MAC_INHERIT_CAT_VECTOR)
09470                                             && inherit) {
09471                                                 enum rsbac_target_t
09472                                                     parent_target;
09473                                                 union rsbac_target_id_t
09474                                                     parent_tid;
09475 
09476                                                 /* free access to device_list_head - see above */
09477 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09478                                                 rcu_read_unlock();
09479 #else
09480                                                 rsbac_read_unlock
09481                                                     (&device_list_locks[hash], &dflags);
09482 #endif
09483                                                 /* inheritance possible? */
09484                                                 if (!rsbac_get_parent
09485                                                     (target, *tid_p,
09486                                                      &parent_target,
09487                                                      &parent_tid)) {
09488                                                         target =
09489                                                             parent_target;
09490                                                         *tid_p =
09491                                                             parent_tid;
09492                                                         continue;
09493                                                 } else {
09494                                                         value->
09495                                                             mac_categories
09496                                                             =
09497                                                             def_mac_root_dir_aci.
09498                                                             mac_categories;
09499                                                         return 0;
09500                                                 }
09501                                         }
09502                                         break;
09503                                 case A_mac_auto:
09504                                         value->mac_auto = aci.mac_auto;
09505                                         if ((value->mac_auto == MA_inherit)
09506                                             && inherit) {
09507                                                 enum rsbac_target_t
09508                                                     parent_target;
09509                                                 union rsbac_target_id_t
09510                                                     parent_tid;
09511 
09512                                                 /* free access to device_list_head - see above */
09513 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09514                                                 rcu_read_unlock();
09515 #else
09516                                                 rsbac_read_unlock
09517                                                     (&device_list_locks[hash], &dflags);
09518 #endif
09519                                                 /* inheritance possible? */
09520                                                 if (!rsbac_get_parent
09521                                                     (target, *tid_p,
09522                                                      &parent_target,
09523                                                      &parent_tid)) {
09524                                                         target =
09525                                                             parent_target;
09526                                                         *tid_p =
09527                                                             parent_tid;
09528                                                         continue;
09529                                                 } else {
09530                                                         value->mac_auto
09531                                                             =
09532                                                             def_mac_root_dir_aci.
09533                                                             mac_auto;
09534                                                         return 0;
09535                                                 }
09536                                         }
09537                                         break;
09538                                 case A_mac_prop_trusted:
09539                                         value->mac_prop_trusted =
09540                                             aci.mac_prop_trusted;
09541                                         break;
09542                                 case A_mac_file_flags:
09543                                         value->mac_file_flags =
09544                                             aci.mac_file_flags;
09545                                         break;
09546 
09547                                 default:
09548                                         err = -RSBAC_EINVALIDATTR;
09549                                 }
09550                         }
09551                         break;
09552 #endif                          /* MAC */
09553 
09554 #if defined(CONFIG_RSBAC_PM)
09555                 case SW_PM:
09556                         {
09557                                 struct rsbac_pm_fd_aci_t aci =
09558                                     DEFAULT_PM_FD_ACI;
09559 
09560                                 rsbac_ta_list_get_data_ttl(ta_number,
09561                                                            device_p->
09562                                                            handles.pm,
09563                                                            NULL,
09564                                                            &tid_p->file.
09565                                                            inode, &aci);
09566                                 switch (attr) {
09567                                 case A_pm_object_class:
09568                                         value->pm_object_class =
09569                                             aci.pm_object_class;
09570                                         break;
09571                                 case A_pm_tp:
09572                                         value->pm_tp = aci.pm_tp;
09573                                         break;
09574                                 case A_pm_object_type:
09575                                         value->pm_object_type =
09576                                             aci.pm_object_type;
09577                                         break;
09578                                 default:
09579                                         err = -RSBAC_EINVALIDATTR;
09580                                 }
09581                         }
09582                         break;
09583 #endif                          /* PM */
09584 
09585 #if defined(CONFIG_RSBAC_DAZ)
09586                 case SW_DAZ:
09587                         {
09588 #if defined(CONFIG_RSBAC_DAZ_CACHE)
09589                                 if (attr == A_daz_scanned) {
09590                                         err = rsbac_ta_list_get_data_ttl
09591                                             (ta_number,
09592                                              device_p->handles.dazs,
09593                                              NULL, &tid_p->file.inode,
09594                                              &value->daz_scanned);
09595                                 } else
09596 #endif
09597                                 {
09598                                         struct rsbac_daz_fd_aci_t aci =
09599                                             DEFAULT_DAZ_FD_ACI;
09600 
09601                                         rsbac_ta_list_get_data_ttl
09602                                             (ta_number,
09603                                              device_p->handles.daz,
09604                                              NULL, &tid_p->file.inode,
09605                                              &aci);
09606                                         switch (attr) {
09607                                         case A_daz_scanner:
09608                                                 value->daz_scanner =
09609                                                     aci.daz_scanner;
09610                                                 break;
09611                                         case A_daz_do_scan:
09612                                                 value->daz_do_scan = aci.daz_do_scan;
09613                                                 if(   (value->daz_do_scan == DAZ_inherit)
09614                                                         && inherit) {
09615                                                         enum rsbac_target_t       parent_target;
09616                                                         union rsbac_target_id_t   parent_tid;
09617 
09618 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09619                                                         rcu_read_unlock();
09620 #else
09621                                                         rsbac_read_unlock(&device_list_locks[hash], &dflags);
09622 #endif
09623                                                         if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) {
09624                                                                 target = parent_target;
09625                                                                 *tid_p = parent_tid;
09626                                                                 continue;
09627                                                         } else {
09628                                                                 value->daz_do_scan
09629                                                                         = def_daz_root_dir_aci.daz_do_scan;
09630                                                                 return 0;
09631                                                         }
09632                                                 }
09633                                                 break;
09634                                         default:
09635                                                 err = -RSBAC_EINVALIDATTR;
09636                                         }
09637                                 }
09638                         }
09639                         break;
09640 #endif                          /* DAZ */
09641 
09642 #if defined(CONFIG_RSBAC_FF)
09643                 case SW_FF:
09644                         {
09645                                 switch (attr) {
09646                                 case A_ff_flags:
09647                                         ff_tmp_flags = RSBAC_FF_DEF;
09648                                         rsbac_ta_list_get_data_ttl
09649                                             (ta_number,
09650                                              device_p->handles.ff,
09651                                              NULL,
09652                                              &tid_p->file.inode,
09653                                              &ff_tmp_flags);
09654                                         ff_flags |= ff_tmp_flags & ff_mask;
09655                                         value->ff_flags = ff_flags;
09656                                         if ((ff_tmp_flags &
09657                                              FF_add_inherited)
09658                                             && inherit) {
09659                                                 /* inheritance possible? */
09660                                                 if (!rsbac_get_parent
09661                                                     (target, *tid_p,
09662                                                      &target, tid_p)) {
09663                                                         /* free access to device_list_head - see above */
09664 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09665                                                         rcu_read_unlock();
09666 #else
09667                                                         rsbac_read_unlock
09668                                                             (&device_list_locks[hash],
09669                                                              &dflags);
09670 #endif
09671                                                         ff_mask &=
09672                                                             ~
09673                                                             (FF_no_delete_or_rename
09674                                                              |
09675                                                              FF_add_inherited);
09676                                                         ff_flags &=
09677                                                             ~
09678                                                             (FF_add_inherited);
09679                                                         continue;
09680                                                 } else
09681                                                         value->ff_flags &=
09682                                                             ~
09683                                                             (FF_add_inherited);
09684                                         }
09685                                         break;
09686 
09687                                 default:
09688                                         err = -RSBAC_EINVALIDATTR;
09689                                 }
09690                         }
09691                         break;
09692 #endif                          /* FF */
09693 
09694 #if defined(CONFIG_RSBAC_RC)
09695                 case SW_RC:
09696                         {
09697                                 struct rsbac_rc_fd_aci_t aci =
09698                                     DEFAULT_RC_FD_ACI;
09699 
09700                                 rsbac_ta_list_get_data_ttl(ta_number,
09701                                                            device_p->
09702                                                            handles.rc,
09703                                                            NULL,
09704                                                            &tid_p->file.
09705                                                            inode, &aci);
09706                                 switch (attr) {
09707                                 case A_rc_type_fd:
09708                                         value->rc_type_fd = aci.rc_type_fd;
09709                                         if (value->rc_type_fd ==
09710                                             RC_type_inherit_parent
09711                                             && inherit) {
09712                                                 enum rsbac_target_t
09713                                                     parent_target;
09714                                                 union rsbac_target_id_t
09715                                                     parent_tid;
09716 
09717                                                 /* free access to device_list_head - see above */
09718 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09719                                                 rcu_read_unlock();
09720 #else
09721                                                 rsbac_read_unlock
09722                                                     (&device_list_locks[hash], &dflags);
09723 #endif
09724                                                 /* inheritance possible? */
09725                                                 if (!rsbac_get_parent
09726                                                     (target, *tid_p,
09727                                                      &parent_target,
09728                                                      &parent_tid)) {
09729                                                         target =
09730                                                             parent_target;
09731                                                         *tid_p =
09732                                                             parent_tid;
09733                                                         continue;
09734                                                 } else {
09735                                                         value->rc_type_fd
09736                                                             =
09737                                                             def_rc_root_dir_aci.
09738                                                             rc_type_fd;
09739                                                         return 0;
09740                                                 }
09741                                         }
09742                                         break;
09743                                 case A_rc_force_role:
09744                                         value->rc_force_role =
09745                                             aci.rc_force_role;
09746                                         if (value->rc_force_role ==
09747                                             RC_role_inherit_parent
09748                                             && inherit) {
09749                                                 enum rsbac_target_t
09750                                                     parent_target;
09751                                                 union rsbac_target_id_t
09752                                                     parent_tid;
09753 
09754                                                 /* free access to device_list_head - see above */
09755 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09756                                                 rcu_read_unlock();
09757 #else
09758                                                 rsbac_read_unlock
09759                                                     (&device_list_locks[hash], &dflags);
09760 #endif
09761                                                 /* inheritance possible? */
09762                                                 if (!rsbac_get_parent
09763                                                     (target, *tid_p,
09764                                                      &parent_target,
09765                                                      &parent_tid)) {
09766                                                         target =
09767                                                             parent_target;
09768                                                         *tid_p =
09769                                                             parent_tid;
09770                                                         continue;
09771                                                 } else {
09772                                                         value->
09773                                                             rc_force_role =
09774                                                             def_rc_root_dir_aci.
09775                                                             rc_force_role;
09776                                                         return 0;
09777                                                 }
09778                                         }
09779                                         break;
09780                                 case A_rc_initial_role:
09781                                         value->rc_initial_role =
09782                                             aci.rc_initial_role;
09783                                         if (value->rc_initial_role ==
09784                                             RC_role_inherit_parent
09785                                             && inherit) {
09786                                                 enum rsbac_target_t
09787                                                     parent_target;
09788                                                 union rsbac_target_id_t
09789                                                     parent_tid;
09790 
09791                                                 /* free access to device_list_head - see above */
09792 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09793                                                 rcu_read_unlock();
09794 #else
09795                                                 rsbac_read_unlock
09796                                                     (&device_list_locks[hash], &dflags);
09797 #endif
09798                                                 /* inheritance possible? */
09799                                                 if (!rsbac_get_parent
09800                                                     (target, *tid_p,
09801                                                      &parent_target,
09802                                                      &parent_tid)) {
09803                                                         target =
09804                                                             parent_target;
09805                                                         *tid_p =
09806                                                             parent_tid;
09807                                                         continue;
09808                                                 } else {
09809                                                         value->
09810                                                             rc_initial_role
09811                                                             =
09812                                                             def_rc_root_dir_aci.
09813                                                             rc_initial_role;
09814                                                         return 0;
09815                                                 }
09816                                         }
09817                                         break;
09818 
09819                                 default:
09820                                         err = -RSBAC_EINVALIDATTR;
09821                                 }
09822                         }
09823                         break;
09824 #endif                          /* RC */
09825 
09826 #if defined(CONFIG_RSBAC_AUTH)
09827                 case SW_AUTH:
09828                         {
09829                                 struct rsbac_auth_fd_aci_t aci =
09830                                     DEFAULT_AUTH_FD_ACI;
09831 
09832                                 rsbac_ta_list_get_data_ttl(ta_number,
09833                                                            device_p->
09834                                                            handles.auth,
09835                                                            NULL,
09836                                                            &tid_p->file.
09837                                                            inode, &aci);
09838                                 switch (attr) {
09839                                 case A_auth_may_setuid:
09840                                         value->auth_may_setuid =
09841                                             aci.auth_may_setuid;
09842                                         break;
09843                                 case A_auth_may_set_cap:
09844                                         value->auth_may_set_cap =
09845                                             aci.auth_may_set_cap;
09846                                         break;
09847                                 case A_auth_learn:
09848                                         value->auth_learn = aci.auth_learn;
09849                                         break;
09850                                 default:
09851                                         err = -RSBAC_EINVALIDATTR;
09852                                 }
09853                         }
09854                         break;
09855 #endif                          /* AUTH */
09856 
09857 #if defined(CONFIG_RSBAC_CAP)
09858                 case SW_CAP:
09859                         {
09860                                 struct rsbac_cap_fd_aci_t aci =
09861                                     DEFAULT_CAP_FD_ACI;
09862 
09863                                 rsbac_ta_list_get_data_ttl(ta_number,
09864                                                            device_p->
09865                                                            handles.cap,
09866                                                            NULL,
09867                                                            &tid_p->file.
09868                                                            inode, &aci);
09869                                 switch (attr) {
09870                                 case A_min_caps:
09871                                         value->min_caps = aci.min_caps;
09872                                         break;
09873                                 case A_max_caps:
09874                                         value->max_caps = aci.max_caps;
09875                                         break;
09876                                 case A_cap_ld_env:
09877                                         value->cap_ld_env = aci.cap_ld_env;
09878                                         if ((value->cap_ld_env == LD_inherit) && inherit) {
09879                                                 enum rsbac_target_t parent_target;
09880                                                 union rsbac_target_id_t parent_tid;
09881 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09882                                                 rcu_read_unlock();
09883 #else
09884                                                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09885 #endif
09886                                                 if (!rsbac_get_parent(target,
09887                                                                         *tid_p,
09888                                                                         &parent_target,
09889                                                                         &parent_tid)) {
09890                                                         target = parent_target;
09891                                                         *tid_p = parent_tid;
09892                                                         continue;
09893                                                 } else {
09894                                                         value->cap_ld_env = LD_deny;
09895                                                         return 0;
09896                                                 }
09897                                         }
09898                                         break;
09899                                 default:
09900                                         err = -RSBAC_EINVALIDATTR;
09901                                 }
09902                         }
09903                         break;
09904 #endif                          /* CAP */
09905 
09906 #if defined(CONFIG_RSBAC_RES)
09907                 case SW_RES:
09908                         {
09909                                 struct rsbac_res_fd_aci_t aci =
09910                                     DEFAULT_RES_FD_ACI;
09911 
09912                                 rsbac_ta_list_get_data_ttl(ta_number,
09913                                                            device_p->
09914                                                            handles.res,
09915                                                            NULL,
09916                                                            &tid_p->file.
09917                                                            inode, &aci);
09918                                 switch (attr) {
09919                                 case A_res_min:
09920                                         memcpy(&value->res_array,
09921                                                &aci.res_min,
09922                                                sizeof(aci.res_min));
09923                                         break;
09924                                 case A_res_max:
09925                                         memcpy(&value->res_array,
09926                                                &aci.res_max,
09927                                                sizeof(aci.res_max));
09928                                         break;
09929                                 default:
09930                                         err = -RSBAC_EINVALIDATTR;
09931                                 }
09932                         }
09933                         break;
09934 #endif                          /* RES */
09935 
09936 #if defined(CONFIG_RSBAC_PAX)
09937                 case SW_PAX:
09938                         {
09939                                 switch (attr) {
09940                                 case A_pax_flags:
09941                                         value->pax_flags =
09942                                             RSBAC_PAX_DEF_FLAGS;
09943                                         rsbac_ta_list_get_data_ttl
09944                                             (ta_number,
09945                                              device_p->handles.pax,
09946                                              NULL, &tid_p->file.inode,
09947                                              &value->pax_flags);
09948                                         break;
09949 
09950                                 default:
09951                                         err = -RSBAC_EINVALIDATTR;
09952                                 }
09953                         }
09954                         break;
09955 #endif                          /* PAX */
09956 
09957                 default:
09958                         err = -RSBAC_EINVALIDMODULE;
09959                 }
09960                 /* free access to device_list_head */
09961 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09962                 rcu_read_unlock();
09963 #else
09964                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
09965 #endif
09966                 /* and return */
09967                 return err;
09968         }                       /* end of for(;;) loop for inheritance */
09969 }
09970 
09971 static int get_attr_dev(rsbac_list_ta_number_t ta_number,
09972                         enum rsbac_switch_target_t module,
09973                         enum rsbac_target_t target,
09974                         struct rsbac_dev_desc_t dev,
09975                         enum rsbac_attribute_t attr,
09976                         union rsbac_attribute_value_t *value,
09977                         rsbac_boolean_t inherit)
09978 {
09979         int err = 0;
09980 /*      rsbac_pr_debug(ds, "Getting dev attribute\n"); */
09981         switch (module) {
09982         case SW_GEN:
09983                 {
09984                         struct rsbac_gen_dev_aci_t aci =
09985                             DEFAULT_GEN_DEV_ACI;
09986 
09987                         rsbac_ta_list_get_data_ttl(ta_number,
09988                                                    dev_handles.gen,
09989                                                    NULL, &dev, &aci);
09990                         switch (attr) {
09991                         case A_log_array_low:
09992                                 value->log_array_low = aci.log_array_low;
09993                                 break;
09994                         case A_log_array_high:
09995                                 value->log_array_high = aci.log_array_high;
09996                                 break;
09997                         default:
09998                                 err = -RSBAC_EINVALIDATTR;
09999                         }
10000                 }
10001                 break;
10002 
10003 #if defined(CONFIG_RSBAC_MAC)
10004         case SW_MAC:
10005                 {
10006                         struct rsbac_mac_dev_aci_t aci =
10007                             DEFAULT_MAC_DEV_ACI;
10008 
10009                         rsbac_ta_list_get_data_ttl(ta_number,
10010                                                    dev_handles.mac,
10011                                                    NULL, &dev, &aci);
10012                         switch (attr) {
10013                         case A_security_level:
10014                                 value->security_level = aci.sec_level;
10015                                 break;
10016                         case A_mac_categories:
10017                                 value->mac_categories = aci.mac_categories;
10018                                 break;
10019                         case A_mac_check:
10020                                 value->mac_check = aci.mac_check;
10021                                 break;
10022 
10023                         default:
10024                                 err = -RSBAC_EINVALIDATTR;
10025                         }
10026                 }
10027                 break;
10028 #endif                          /* MAC */
10029 
10030 #if defined(CONFIG_RSBAC_PM)
10031         case SW_PM:
10032                 {
10033                         struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
10034 
10035                         rsbac_ta_list_get_data_ttl(ta_number,
10036                                                    dev_handles.pm,
10037                                                    NULL, &dev, &aci);
10038                         switch (attr) {
10039                         case A_pm_object_class:
10040                                 value->pm_object_class =
10041                                     aci.pm_object_class;
10042                                 break;
10043                         case A_pm_object_type:
10044                                 value->pm_object_type = aci.pm_object_type;
10045                                 break;
10046                         default:
10047                                 err = -RSBAC_EINVALIDATTR;
10048                         }
10049                 }
10050                 break;
10051 #endif                          /* PM */
10052 
10053 #if defined(CONFIG_RSBAC_RC)
10054         case SW_RC:
10055                 {
10056                         rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10057 
10058                         switch (dev.type) {
10059                         case D_char:
10060                         case D_block:
10061                                 if (rsbac_ta_list_get_data_ttl(ta_number,
10062                                                                dev_handles.
10063                                                                rc, NULL,
10064                                                                &dev, &type)
10065                                     || ((type == RC_type_inherit_parent)
10066                                         && inherit)
10067                                     )
10068                                         rsbac_ta_list_get_data_ttl
10069                                             (ta_number,
10070                                              dev_major_handles.rc, NULL,
10071                                              &dev, &type);
10072                                 break;
10073                         case D_char_major:
10074                         case D_block_major:
10075                                 dev.type -= (D_block_major - D_block);
10076                                 rsbac_ta_list_get_data_ttl(ta_number,
10077                                                            dev_major_handles.
10078                                                            rc, NULL, &dev,
10079                                                            &type);
10080                                 break;
10081                         default:
10082                                 return -RSBAC_EINVALIDTARGET;
10083                         }
10084                         switch (attr) {
10085                         case A_rc_type:
10086                                 value->rc_type = type;
10087                                 break;
10088 
10089                         default:
10090                                 err = -RSBAC_EINVALIDATTR;
10091                         }
10092                 }
10093                 break;
10094 #endif                          /* RC */
10095 
10096         default:
10097                 err = -RSBAC_EINVALIDMODULE;
10098         }
10099         /* and return */
10100         return err;
10101 }
10102 
10103 static int get_attr_ipc(rsbac_list_ta_number_t ta_number,
10104                         enum rsbac_switch_target_t module,
10105                         enum rsbac_target_t target,
10106                         union rsbac_target_id_t *tid_p,
10107                         enum rsbac_attribute_t attr,
10108                         union rsbac_attribute_value_t *value,
10109                         rsbac_boolean_t inherit)
10110 {
10111         int err = 0;
10112         /* rsbac_pr_debug(ds, "Getting ipc attribute\n"); */
10113         /* lookup only, if not sock or (sock-id != NULL), OK with NULL fifo */
10114         switch (module) {
10115 #if defined(CONFIG_RSBAC_MAC)
10116         case SW_MAC:
10117                 {
10118                         struct rsbac_mac_ipc_aci_t aci =
10119                             DEFAULT_MAC_IPC_ACI;
10120 
10121                         rsbac_ta_list_get_data_ttl(ta_number,
10122                                                    ipc_handles.mac,
10123                                                    NULL,
10124                                                    &tid_p->ipc, &aci);
10125                         switch (attr) {
10126                         case A_security_level:
10127                                 value->security_level = aci.sec_level;
10128                                 break;
10129                         case A_mac_categories:
10130                                 value->mac_categories = aci.mac_categories;
10131                                 break;
10132 
10133                         default:
10134                                 err = -RSBAC_EINVALIDATTR;
10135                         }
10136                 }
10137                 break;
10138 #endif                          /* MAC */
10139 
10140 #if defined(CONFIG_RSBAC_PM)
10141         case SW_PM:
10142                 {
10143                         struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
10144 
10145                         rsbac_ta_list_get_data_ttl(ta_number,
10146                                                    ipc_handles.pm,
10147                                                    NULL,
10148                                                    &tid_p->ipc, &aci);
10149                         switch (attr) {
10150                         case A_pm_object_class:
10151                                 value->pm_object_class =
10152                                     aci.pm_object_class;
10153                                 break;
10154                         case A_pm_ipc_purpose:
10155                                 value->pm_ipc_purpose = aci.pm_ipc_purpose;
10156                                 break;
10157                         case A_pm_object_type:
10158                                 value->pm_object_type = aci.pm_object_type;
10159                                 break;
10160                         default:
10161                                 err = -RSBAC_EINVALIDATTR;
10162                         }
10163                 }
10164                 break;
10165 #endif                          /* PM */
10166 
10167 #if defined(CONFIG_RSBAC_RC)
10168         case SW_RC:
10169                 {
10170                         rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10171 
10172                         rsbac_ta_list_get_data_ttl(ta_number,
10173                                                    ipc_handles.rc,
10174                                                    NULL,
10175                                                    &tid_p->ipc, &type);
10176                         switch (attr) {
10177                         case A_rc_type:
10178                                 value->rc_type = type;
10179                                 break;
10180 
10181                         default:
10182                                 err = -RSBAC_EINVALIDATTR;
10183                         }
10184                 }
10185                 break;
10186 #endif                          /* RC */
10187 
10188 #if defined(CONFIG_RSBAC_JAIL)
10189         case SW_JAIL:
10190                 {
10191                         rsbac_jail_id_t id = RSBAC_JAIL_DEF_ID;
10192 
10193                         rsbac_ta_list_get_data_ttl(ta_number,
10194                                                    ipc_handles.jail,
10195                                                    NULL, &tid_p->ipc, &id);
10196                         switch (attr) {
10197                         case A_jail_id:
10198                                 value->jail_id = id;
10199                                 break;
10200 
10201                         default:
10202                                 err = -RSBAC_EINVALIDATTR;
10203                         }
10204                 }
10205                 break;
10206 #endif                          /* JAIL */
10207 
10208         default:
10209                 err = -RSBAC_EINVALIDMODULE;
10210         }
10211         /* and return */
10212         return err;
10213 }
10214 
10215 static int get_attr_user(rsbac_list_ta_number_t ta_number,
10216                         enum rsbac_switch_target_t module,
10217                         enum rsbac_target_t target,
10218                         union rsbac_target_id_t *tid_p,
10219                         enum rsbac_attribute_t attr,
10220                         union rsbac_attribute_value_t *value,
10221                         rsbac_boolean_t inherit)
10222 {
10223         int err = 0;
10224         /* rsbac_pr_debug(ds, "Getting user attribute\n"); */
10225         switch (module) {
10226         case SW_GEN:
10227                 {
10228                         struct rsbac_gen_user_aci_t aci =
10229                             DEFAULT_GEN_U_ACI;
10230 
10231                         rsbac_ta_list_get_data_ttl(ta_number,
10232                                                    user_handles.gen,
10233                                                    NULL,
10234                                                    &tid_p->user, &aci);
10235                         switch (attr) {
10236                         case A_pseudo:
10237                                 value->pseudo = aci.pseudo;
10238                                 break;
10239                         case A_log_user_based:
10240                                 value->log_user_based = aci.log_user_based;
10241                                 break;
10242                         default:
10243                                 err = -RSBAC_EINVALIDATTR;
10244                         }
10245                 }
10246                 break;
10247 
10248 #if defined(CONFIG_RSBAC_MAC)
10249         case SW_MAC:
10250                 {
10251                         struct rsbac_mac_user_aci_t aci =
10252                             DEFAULT_MAC_U_ACI;
10253 
10254                         rsbac_ta_list_get_data_ttl(ta_number,
10255                                                    user_handles.mac,
10256                                                    NULL,
10257                                                    &tid_p->user, &aci);
10258                         switch (attr) {
10259                         case A_security_level:
10260                                 value->security_level = aci.security_level;
10261                                 break;
10262                         case A_initial_security_level:
10263                                 value->security_level =
10264                                     aci.initial_security_level;
10265                                 break;
10266                         case A_min_security_level:
10267                                 value->security_level =
10268                                     aci.min_security_level;
10269                                 break;
10270                         case A_mac_categories:
10271                                 value->mac_categories = aci.mac_categories;
10272                                 break;
10273                         case A_mac_initial_categories:
10274                                 value->mac_categories =
10275                                     aci.mac_initial_categories;
10276                                 break;
10277                         case A_mac_min_categories:
10278                                 value->mac_categories =
10279                                     aci.mac_min_categories;
10280                                 break;
10281                         case A_system_role:
10282                         case A_mac_role:
10283                                 value->system_role = aci.system_role;
10284                                 break;
10285                         case A_mac_user_flags:
10286                                 value->mac_user_flags = aci.mac_user_flags;
10287                                 break;
10288 
10289                         default:
10290                                 err = -RSBAC_EINVALIDATTR;
10291                         }
10292                 }
10293                 break;
10294 #endif                          /* MAC */
10295 
10296 #if defined(CONFIG_RSBAC_PM)
10297         case SW_PM:
10298                 {
10299                         struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
10300 
10301                         rsbac_ta_list_get_data_ttl(ta_number,
10302                                                    user_handles.pm,
10303                                                    NULL,
10304                                                    &tid_p->user, &aci);
10305                         switch (attr) {
10306                         case A_pm_task_set:
10307                                 value->pm_task_set = aci.pm_task_set;
10308                                 break;
10309                         case A_pm_role:
10310                                 value->pm_role = aci.pm_role;
10311                                 break;
10312                         default:
10313                                 err = -RSBAC_EINVALIDATTR;
10314                         }
10315                 }
10316                 break;
10317 #endif                          /* PM */
10318 
10319 #if defined(CONFIG_RSBAC_DAZ)
10320         case SW_DAZ:
10321                 {
10322                         rsbac_system_role_int_t role = SR_user;
10323 
10324                         rsbac_ta_list_get_data_ttl(ta_number,
10325                                                    user_handles.daz,
10326                                                    NULL,
10327                                                    &tid_p->user, &role);
10328                         switch (attr) {
10329                         case A_system_role:
10330                         case A_daz_role:
10331                                 value->system_role = role;
10332                                 break;
10333 
10334                         default:
10335                                 err = -RSBAC_EINVALIDATTR;
10336                         }
10337                 }
10338                 break;
10339 #endif                          /* DAZ */
10340 
10341 #if defined(CONFIG_RSBAC_FF)
10342         case SW_FF:
10343                 {
10344                         rsbac_system_role_int_t role = SR_user;
10345 
10346                         rsbac_ta_list_get_data_ttl(ta_number,
10347                                                    user_handles.ff,
10348                                                    NULL,
10349                                                    &tid_p->user, &role);
10350                         switch (attr) {
10351                         case A_system_role:
10352                         case A_ff_role:
10353                                 value->system_role = role;
10354                                 break;
10355 
10356                         default:
10357                                 err = -RSBAC_EINVALIDATTR;
10358                         }
10359                 }
10360                 break;
10361 #endif                          /* FF */
10362 
10363 #if defined(CONFIG_RSBAC_RC)
10364         case SW_RC:
10365                 {
10366                         struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
10367 
10368                         rsbac_ta_list_get_data_ttl(ta_number,
10369                                                    user_handles.rc,
10370                                                    NULL,
10371                                                    &tid_p->user, &aci);
10372                         switch (attr) {
10373                         case A_rc_def_role:
10374                                 value->rc_def_role = aci.rc_role;
10375                                 break;
10376                         case A_rc_type:
10377                                 value->rc_type = aci.rc_type;
10378                                 break;
10379                         default:
10380                                 err = -RSBAC_EINVALIDATTR;
10381                         }
10382                 }
10383                 break;
10384 #endif                          /* RC */
10385 
10386 #if defined(CONFIG_RSBAC_AUTH)
10387         case SW_AUTH:
10388                 {
10389                         rsbac_system_role_int_t role = SR_user;
10390 
10391                         rsbac_ta_list_get_data_ttl(ta_number,
10392                                                    user_handles.auth,
10393                                                    NULL,
10394                                                    &tid_p->user, &role);
10395                         switch (attr) {
10396                         case A_system_role:
10397                         case A_auth_role:
10398                                 value->system_role = role;
10399                                 break;
10400 
10401                         default:
10402                                 err = -RSBAC_EINVALIDATTR;
10403                         }
10404                 }
10405                 break;
10406 #endif                          /* AUTH */
10407 
10408 #if defined(CONFIG_RSBAC_CAP)
10409         case SW_CAP:
10410                 {
10411                         struct rsbac_cap_user_aci_t aci =
10412                             DEFAULT_CAP_U_ACI;
10413 
10414                         rsbac_ta_list_get_data_ttl(ta_number,
10415                                                    user_handles.cap,
10416                                                    NULL,
10417                                                    &tid_p->user, &aci);
10418                         switch (attr) {
10419                         case A_system_role:
10420                         case A_cap_role:
10421                                 value->system_role = aci.cap_role;
10422                                 break;
10423                         case A_min_caps:
10424                                 value->min_caps = aci.min_caps;
10425                                 break;
10426                         case A_max_caps:
10427                                 value->max_caps = aci.max_caps;
10428                                 break;
10429                         case A_cap_ld_env:
10430                                 value->cap_ld_env = aci.cap_ld_env;
10431                                 break;
10432                         default:
10433                                 err = -RSBAC_EINVALIDATTR;
10434                         }
10435                 }
10436                 break;
10437 #endif                          /* CAP */
10438 
10439 #if defined(CONFIG_RSBAC_JAIL)
10440         case SW_JAIL:
10441                 {
10442                         rsbac_system_role_int_t role = SR_user;
10443 
10444                         rsbac_ta_list_get_data_ttl(ta_number,
10445                                                    user_handles.jail,
10446                                                    NULL,
10447                                                    &tid_p->user, &role);
10448                         switch (attr) {
10449                         case A_system_role:
10450                         case A_jail_role:
10451                                 value->system_role = role;
10452                                 break;
10453 
10454                         default:
10455                                 err = -RSBAC_EINVALIDATTR;
10456                         }
10457                 }
10458                 break;
10459 #endif                          /* JAIL */
10460 
10461 #if defined(CONFIG_RSBAC_RES)
10462         case SW_RES:
10463                 {
10464                         struct rsbac_res_user_aci_t aci =
10465                             DEFAULT_RES_U_ACI;
10466 
10467                         if (rsbac_ta_list_get_data_ttl(ta_number,
10468                                                        user_handles.res,
10469                                                        NULL,
10470                                                        &tid_p->user, &aci)
10471                             && (tid_p->user != RSBAC_ALL_USERS)
10472                             ) {
10473                                 tid_p->user = RSBAC_ALL_USERS;
10474                                 rsbac_ta_list_get_data_ttl(ta_number,
10475                                                            user_handles.
10476                                                            res, NULL,
10477                                                            &tid_p->user,
10478                                                            &aci);
10479                         }
10480                         switch (attr) {
10481                         case A_system_role:
10482                         case A_res_role:
10483                                 value->system_role = aci.res_role;
10484                                 break;
10485                         case A_res_min:
10486                                 memcpy(&value->res_array, &aci.res_min,
10487                                        sizeof(aci.res_min));
10488                                 break;
10489                         case A_res_max:
10490                                 memcpy(&value->res_array, &aci.res_max,
10491                                        sizeof(aci.res_max));
10492                                 break;
10493                         default:
10494                                 err = -RSBAC_EINVALIDATTR;
10495                         }
10496                 }
10497                 break;
10498 #endif                          /* RES */
10499 
10500 #if defined(CONFIG_RSBAC_PAX)
10501         case SW_PAX:
10502                 {
10503                         rsbac_system_role_int_t role = SR_user;
10504 
10505                         rsbac_ta_list_get_data_ttl(ta_number,
10506                                                    user_handles.pax,
10507                                                    NULL,
10508                                                    &tid_p->user, &role);
10509                         switch (attr) {
10510                         case A_system_role:
10511                         case A_pax_role:
10512                                 value->system_role = role;
10513                                 break;
10514 
10515                         default:
10516                                 err = -RSBAC_EINVALIDATTR;
10517                         }
10518                 }
10519                 break;
10520 #endif                          /* PAX */
10521 
10522         default:
10523                 err = -RSBAC_EINVALIDMODULE;
10524         }
10525         /* and return */
10526         return err;
10527 }
10528 
10529 static int get_attr_process(rsbac_list_ta_number_t ta_number,
10530                             enum rsbac_switch_target_t module,
10531                             enum rsbac_target_t target,
10532                             union rsbac_target_id_t *tid_p,
10533                             enum rsbac_attribute_t attr,
10534                             union rsbac_attribute_value_t *value,
10535                             rsbac_boolean_t inherit)
10536 {
10537         int err = 0;
10538 /*      rsbac_pr_debug(ds, "Getting process attribute"); */
10539         switch (module) {
10540         case SW_GEN:
10541                 {
10542                         struct rsbac_gen_process_aci_t aci =
10543                             DEFAULT_GEN_P_ACI;
10544 
10545                         rsbac_ta_list_get_data_ttl(ta_number,
10546                                                    process_handles.gen,
10547                                                    NULL, &tid_p->process,
10548                                                    &aci);
10549                         switch (attr) {
10550                         case A_log_program_based:
10551                                 value->log_program_based =
10552                                     aci.log_program_based;
10553                                 break;
10554                         case A_fake_root_uid:
10555                                 value->fake_root_uid = aci.fake_root_uid;
10556                                 break;
10557                         case A_audit_uid:
10558                                 value->audit_uid = aci.audit_uid;
10559                                 break;
10560                         case A_auid_exempt:
10561                                 value->auid_exempt = aci.auid_exempt;
10562                                 break;
10563                         case A_remote_ip:
10564                                 value->remote_ip = aci.remote_ip;
10565                                 break;
10566                         case A_kernel_thread:
10567                                 value->kernel_thread = aci.kernel_thread;
10568                                 break;
10569                         default:
10570                                 err = -RSBAC_EINVALIDATTR;
10571                         }
10572                 }
10573                 break;
10574 
10575 #if defined(CONFIG_RSBAC_MAC)
10576         case SW_MAC:
10577                 {
10578                         struct rsbac_mac_process_aci_t aci =
10579                             DEFAULT_MAC_P_ACI;
10580 
10581                         rsbac_ta_list_get_data_ttl(ta_number,
10582                                                    process_handles.mac,
10583                                                    NULL, &tid_p->process,
10584                                                    &aci);
10585                         switch (attr) {
10586                         case A_security_level:
10587                                 value->security_level =
10588                                     aci.owner_sec_level;
10589                                 break;
10590                         case A_initial_security_level:
10591                                 value->security_level =
10592                                     aci.owner_initial_sec_level;
10593                                 break;
10594                         case A_min_security_level:
10595                                 value->security_level =
10596                                     aci.owner_min_sec_level;
10597                                 break;
10598                         case A_mac_categories:
10599                                 value->mac_categories =
10600                                     aci.mac_owner_categories;
10601                                 break;
10602                         case A_mac_initial_categories:
10603                                 value->mac_categories =
10604                                     aci.mac_owner_initial_categories;
10605                                 break;
10606                         case A_mac_min_categories:
10607                                 value->mac_categories =
10608                                     aci.mac_owner_min_categories;
10609                                 break;
10610                         case A_current_sec_level:
10611                                 value->current_sec_level =
10612                                     aci.current_sec_level;
10613                                 break;
10614                         case A_mac_curr_categories:
10615                                 value->mac_categories =
10616                                     aci.mac_curr_categories;
10617                                 break;
10618                         case A_min_write_open:
10619                                 value->min_write_open = aci.min_write_open;
10620                                 break;
10621                         case A_min_write_categories:
10622                                 value->mac_categories =
10623                                     aci.min_write_categories;
10624                                 break;
10625                         case A_max_read_open:
10626                                 value->max_read_open = aci.max_read_open;
10627                                 break;
10628                         case A_max_read_categories:
10629                                 value->mac_categories =
10630                                     aci.max_read_categories;
10631                                 break;
10632                         case A_mac_process_flags:
10633                                 value->mac_process_flags =
10634                                     aci.mac_process_flags;
10635                                 break;
10636                         case A_mac_auto:
10637                                 if (aci.mac_process_flags & MAC_auto)
10638                                         value->mac_auto = TRUE;
10639                                 else
10640                                         value->mac_auto = FALSE;
10641                                 break;
10642 
10643                         default:
10644                                 err = -RSBAC_EINVALIDATTR;
10645                         }
10646                 }
10647                 break;
10648 #endif                          /* MAC */
10649 
10650 #if defined(CONFIG_RSBAC_PM)
10651         case SW_PM:
10652                 {
10653                         struct rsbac_pm_process_aci_t aci =
10654                             DEFAULT_PM_P_ACI;
10655 
10656                         rsbac_ta_list_get_data_ttl(ta_number,
10657                                                    process_handles.pm,
10658                                                    NULL,
10659                                                    &tid_p->process, &aci);
10660                         switch (attr) {
10661                         case A_pm_tp:
10662                                 value->pm_tp = aci.pm_tp;
10663                                 break;
10664                         case A_pm_current_task:
10665                                 value->pm_current_task =
10666                                     aci.pm_current_task;
10667                                 break;
10668                         case A_pm_process_type:
10669                                 value->pm_process_type =
10670                                     aci.pm_process_type;
10671                                 break;
10672                         default:
10673                                 err = -RSBAC_EINVALIDATTR;
10674                         }
10675                 }
10676                 break;
10677 #endif                          /* PM */
10678 
10679 #if defined(CONFIG_RSBAC_DAZ)
10680         case SW_DAZ:
10681                 {
10682                         struct rsbac_daz_process_aci_t aci =
10683                             DEFAULT_DAZ_P_ACI;
10684 
10685                         rsbac_ta_list_get_data_ttl(ta_number,
10686                                                    process_handles.daz,
10687                                                    NULL,
10688                                                    &tid_p->process, &aci);
10689                         switch (attr) {
10690                         case A_daz_scanner:
10691                                 value->daz_scanner = aci.daz_scanner;
10692                                 break;
10693                         default:
10694                                 err = -RSBAC_EINVALIDATTR;
10695                         }
10696                 }
10697                 break;
10698 #endif                          /* DAZ */
10699 
10700 #if defined(CONFIG_RSBAC_RC)
10701         case SW_RC:
10702                 {
10703                         struct rsbac_rc_process_aci_t aci =
10704                             DEFAULT_RC_P_ACI;
10705 
10706                         rsbac_ta_list_get_data_ttl(ta_number,
10707                                                    process_handles.rc,
10708                                                    NULL, &tid_p->process,
10709                                                    &aci);
10710                         switch (attr) {
10711                         case A_rc_role:
10712                                 value->rc_role = aci.rc_role;
10713                                 break;
10714                         case A_rc_type:
10715                                 value->rc_type = aci.rc_type;
10716                                 break;
10717                         case A_rc_select_type:
10718                                 value->rc_select_type = aci.rc_select_type;
10719                                 break;
10720                         case A_rc_force_role:
10721                                 value->rc_force_role = aci.rc_force_role;
10722                                 break;
10723                         default:
10724                                 err = -RSBAC_EINVALIDATTR;
10725                         }
10726                 }
10727                 break;
10728 #endif                          /* RC */
10729 
10730 #if defined(CONFIG_RSBAC_AUTH)
10731         case SW_AUTH:
10732                 {
10733                         struct rsbac_auth_process_aci_t aci =
10734                             DEFAULT_AUTH_P_ACI;
10735 
10736                         rsbac_ta_list_get_data_ttl(ta_number,
10737                                                    process_handles.auth,
10738                                                    NULL,
10739                                                    &tid_p->process, &aci);
10740                         switch (attr) {
10741                         case A_auth_may_setuid:
10742                                 value->auth_may_setuid =
10743                                     aci.auth_may_setuid;
10744                                 break;
10745                         case A_auth_may_set_cap:
10746                                 value->auth_may_set_cap =
10747                                     aci.auth_may_set_cap;
10748                                 break;
10749 #if defined(CONFIG_RSBAC_AUTH_LEARN)
10750                         case A_auth_program_file:
10751                                 value->auth_program_file =
10752                                     aci.auth_program_file;
10753                                 break;
10754                         case A_auth_start_uid:
10755                                 value->auth_start_uid = aci.auth_start_uid;
10756                                 break;
10757 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
10758                         case A_auth_start_euid:
10759                                 value->auth_start_euid =
10760                                     aci.auth_start_euid;
10761                                 break;
10762 #endif
10763 #ifdef CONFIG_RSBAC_AUTH_GROUP
10764                         case A_auth_start_gid:
10765                                 value->auth_start_gid = aci.auth_start_gid;
10766                                 break;
10767 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
10768                         case A_auth_start_egid:
10769                                 value->auth_start_egid =
10770                                     aci.auth_start_egid;
10771                                 break;
10772 #endif
10773 #endif
10774                         case A_auth_learn:
10775                                 value->auth_learn = aci.auth_learn;
10776                                 break;
10777 #else
10778                         case A_auth_learn:
10779                                 value->auth_learn = FALSE;
10780                                 break;
10781 #endif
10782                         case A_auth_last_auth:
10783                                 value->auth_last_auth = aci.auth_last_auth;
10784                                 break;
10785                         default:
10786                                 err = -RSBAC_EINVALIDATTR;
10787                         }
10788                 }
10789                 break;
10790 #endif                          /* AUTH */
10791 
10792 #if defined(CONFIG_RSBAC_CAP)
10793         case SW_CAP:
10794                 {
10795                         struct rsbac_cap_process_aci_t aci =
10796                             DEFAULT_CAP_P_ACI;
10797 
10798                         rsbac_ta_list_get_data_ttl(ta_number,
10799                                                    process_handles.cap,
10800                                                    NULL,
10801                                                    &tid_p->process, &aci);
10802                         switch (attr) {
10803                         case A_cap_process_hiding:
10804                                 value->cap_process_hiding =
10805                                     aci.cap_process_hiding;
10806                                 break;
10807 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
10808                         case A_max_caps_user:
10809                                 value->max_caps_user = aci.max_caps_user;
10810                                 break;
10811                         case A_max_caps_program:
10812                                 value->max_caps_program =
10813                                     aci.max_caps_program;
10814                                 break;
10815 #endif
10816                         case A_cap_ld_env:
10817                                 value->cap_ld_env = aci.cap_ld_env;
10818                                 break;
10819                         default:
10820                                 err = -RSBAC_EINVALIDATTR;
10821                         }
10822                 }
10823                 break;
10824 #endif                          /* CAP */
10825 
10826 #if defined(CONFIG_RSBAC_JAIL)
10827         case SW_JAIL:
10828                 {
10829                         struct rsbac_jail_process_aci_t aci =
10830                             DEFAULT_JAIL_P_ACI;
10831 
10832                         rsbac_ta_list_get_data_ttl(ta_number,
10833                                                    process_handles.jail,
10834                                                    NULL, &tid_p->process,
10835                                                    &aci);
10836                         switch (attr) {
10837                         case A_jail_id:
10838                                 value->jail_id = aci.id;
10839                                 break;
10840                         case A_jail_parent:
10841                                 value->jail_parent = aci.parent;
10842                                 break;
10843                         case A_jail_ip:
10844                                 value->jail_ip = aci.ip;
10845                                 break;
10846                         case A_jail_flags:
10847                                 value->jail_flags = aci.flags;
10848                                 break;
10849                         case A_jail_max_caps:
10850                                 value->jail_max_caps = aci.max_caps;
10851                                 break;
10852                         case A_jail_scd_get:
10853                                 value->jail_scd_get = aci.scd_get;
10854                                 break;
10855                         case A_jail_scd_modify:
10856                                 value->jail_scd_modify = aci.scd_modify;
10857                                 break;
10858                         default:
10859                                 err = -RSBAC_EINVALIDATTR;
10860                         }
10861                 }
10862                 break;
10863 #endif                          /* JAIL */
10864 
10865 #if defined(CONFIG_RSBAC_PAX)
10866         case SW_PAX:
10867                 {
10868                         struct task_struct *task_p;
10869 
10870                         switch (attr) {
10871                         case A_pax_flags:
10872                                 read_lock(&tasklist_lock);
10873                                 task_p = find_task_by_pid(tid_p->process);
10874                                 if (task_p) {
10875 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
10876 #if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
10877                                         if (task_p->mm)
10878                                                 value->pax_flags =
10879                                                     task_p->mm->
10880                                                     pax_flags &
10881                                                     RSBAC_PAX_ALL_FLAGS;
10882                                         else
10883 #endif
10884                                                 value->pax_flags = 0;
10885 #else
10886                                         value->pax_flags =
10887                                             task_p->
10888                                             flags & RSBAC_PAX_ALL_FLAGS;
10889 #endif
10890                                 } else
10891                                         err = -RSBAC_EINVALIDTARGET;
10892                                 read_unlock(&tasklist_lock);
10893                                 break;
10894                         default:
10895                                 err = -RSBAC_EINVALIDATTR;
10896                         }
10897                 }
10898                 break;
10899 #endif                          /* PAX */
10900 
10901         default:
10902                 err = -RSBAC_EINVALIDMODULE;
10903         }
10904         return err;
10905 }
10906 
10907 #ifdef CONFIG_RSBAC_UM
10908 static int get_attr_group(rsbac_list_ta_number_t ta_number,
10909                           enum rsbac_switch_target_t module,
10910                           enum rsbac_target_t target,
10911                           union rsbac_target_id_t *tid_p,
10912                           enum rsbac_attribute_t attr,
10913                           union rsbac_attribute_value_t *value,
10914                           rsbac_boolean_t inherit)
10915 {
10916         int err = 0;
10917         /* rsbac_pr_debug(ds, "Getting group attribute\n"); */
10918         switch (module) {
10919 #if defined(CONFIG_RSBAC_RC_UM_PROT)
10920         case SW_RC:
10921                 {
10922                         rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10923                         rsbac_gid_t group_desc;
10924 
10925                         group_desc = tid_p->group;
10926                         rsbac_ta_list_get_data_ttl(ta_number,
10927                                                    group_handles.rc,
10928                                                    NULL,
10929                                                    &group_desc, &type);
10930                         switch (attr) {
10931                         case A_rc_type:
10932                                 value->rc_type = type;
10933                                 break;
10934 
10935                         default:
10936                                 err = -RSBAC_EINVALIDATTR;
10937                         }
10938                 }
10939                 break;
10940 #endif                          /* RC */
10941 
10942         default:
10943                 err = -RSBAC_EINVALIDMODULE;
10944         }
10945         /* and return */
10946         return err;
10947 }
10948 #endif
10949 
10950 #ifdef CONFIG_RSBAC_NET_DEV
10951 static int get_attr_netdev(rsbac_list_ta_number_t ta_number,
10952                            enum rsbac_switch_target_t module,
10953                            enum rsbac_target_t target,
10954                            union rsbac_target_id_t *tid_p,
10955                            enum rsbac_attribute_t attr,
10956                            union rsbac_attribute_value_t *value,
10957                            rsbac_boolean_t inherit)
10958 {
10959         int err = 0;
10960         /* rsbac_pr_debug(ds, "Getting netdev attribute\n"); */
10961         switch (module) {
10962 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
10963         case SW_GEN:
10964                 {
10965                         struct rsbac_gen_netdev_aci_t aci =
10966                             DEFAULT_GEN_NETDEV_ACI;
10967 
10968                         rsbac_ta_list_get_data_ttl(ta_number,
10969                                                    netdev_handles.gen,
10970                                                    NULL,
10971                                                    &tid_p->netdev, &aci);
10972                         switch (attr) {
10973                         case A_log_array_low:
10974                                 value->log_array_low = aci.log_array_low;
10975                                 break;
10976                         case A_log_array_high:
10977                                 value->log_array_high = aci.log_array_high;
10978                                 break;
10979                         default:
10980                                 err = -RSBAC_EINVALIDATTR;
10981                         }
10982                 }
10983                 break;
10984 #endif
10985 #if defined(CONFIG_RSBAC_RC)
10986         case SW_RC:
10987                 {
10988                         rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10989 
10990                         rsbac_ta_list_get_data_ttl(ta_number,
10991                                                    netdev_handles.rc,
10992                                                    NULL,
10993                                                    &tid_p->netdev, &type);
10994                         switch (attr) {
10995                         case A_rc_type:
10996                                 value->rc_type = type;
10997                                 break;
10998 
10999                         default:
11000                                 err = -RSBAC_EINVALIDATTR;
11001                         }
11002                 }
11003                 break;
11004 #endif                          /* RC */
11005 
11006         default:
11007                 err = -RSBAC_EINVALIDMODULE;
11008         }
11009         /* and return */
11010         return err;
11011 }
11012 #endif
11013 
11014 #ifdef CONFIG_RSBAC_NET_OBJ
11015 static int get_attr_nettemp(rsbac_list_ta_number_t ta_number,
11016                             enum rsbac_switch_target_t module,
11017                             enum rsbac_target_t target,
11018                             union rsbac_target_id_t *tid_p,
11019                             enum rsbac_attribute_t attr,
11020                             union rsbac_attribute_value_t *value,
11021                             rsbac_boolean_t inherit)
11022 {
11023         int err = 0;
11024         /* rsbac_pr_debug(ds, "Getting nettemp attribute"); */
11025         if (tid_p->nettemp
11026             && !rsbac_list_exist(net_temp_handle, &tid_p->nettemp)
11027             )
11028                 return -RSBAC_EINVALIDTARGET;
11029         switch (module) {
11030 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
11031         case SW_GEN:
11032                 {
11033                         struct rsbac_gen_fd_aci_t aci =
11034                             DEFAULT_GEN_NETOBJ_ACI;
11035 
11036                         if (tid_p->nettemp)
11037                                 rsbac_ta_list_get_data_ttl(ta_number,
11038                                                            nettemp_handles.
11039                                                            gen, NULL,
11040                                                            &tid_p->nettemp,
11041                                                            &aci);
11042                         switch (attr) {
11043                         case A_log_array_low:
11044                                 value->log_array_low = aci.log_array_low;
11045                                 break;
11046                         case A_log_array_high:
11047                                 value->log_array_high = aci.log_array_high;
11048                                 break;
11049                         default:
11050                                 err = -RSBAC_EINVALIDATTR;
11051                         }
11052                 }
11053                 break;
11054 #endif
11055 #if defined(CONFIG_RSBAC_MAC)
11056         case SW_MAC:
11057                 {
11058                         struct rsbac_mac_netobj_aci_t aci =
11059                             DEFAULT_MAC_NETOBJ_ACI;
11060 
11061                         rsbac_ta_list_get_data_ttl(ta_number,
11062                                                    nettemp_handles.mac,
11063                                                    NULL,
11064                                                    &tid_p->nettemp, &aci);
11065                         switch (attr) {
11066                         case A_security_level:
11067                                 value->security_level = aci.sec_level;
11068                                 break;
11069                         case A_mac_categories:
11070                                 value->mac_categories = aci.mac_categories;
11071                                 break;
11072 
11073                         default:
11074                                 err = -RSBAC_EINVALIDATTR;
11075                         }
11076                 }
11077                 break;
11078 #endif                          /* MAC */
11079 
11080 #if defined(CONFIG_RSBAC_PM)
11081         case SW_PM:
11082                 {
11083                         struct rsbac_pm_netobj_aci_t aci =
11084                             DEFAULT_PM_NETOBJ_ACI;
11085 
11086                         rsbac_ta_list_get_data_ttl(ta_number,
11087                                                    nettemp_handles.pm,
11088                                                    NULL,
11089                                                    &tid_p->nettemp, &aci);
11090                         switch (attr) {
11091                         case A_pm_object_class:
11092                                 value->pm_object_class =
11093                                     aci.pm_object_class;
11094                                 break;
11095                         case A_pm_ipc_purpose:
11096                                 value->pm_ipc_purpose = aci.pm_ipc_purpose;
11097                                 break;
11098                         case A_pm_object_type:
11099                                 value->pm_object_type = aci.pm_object_type;
11100                                 break;
11101                         default:
11102                                 err = -RSBAC_EINVALIDATTR;
11103                         }
11104                 }
11105                 break;
11106 #endif                          /* PM */
11107 
11108 #if defined(CONFIG_RSBAC_RC)
11109         case SW_RC:
11110                 {
11111                         struct rsbac_rc_nettemp_aci_t aci =
11112                             DEFAULT_RC_NETTEMP_ACI;
11113 
11114                         rsbac_ta_list_get_data_ttl(ta_number,
11115                                                    nettemp_handles.rc,
11116                                                    NULL,
11117                                                    &tid_p->nettemp, &aci);
11118                         switch (attr) {
11119                         case A_rc_type:
11120                                 value->rc_type = aci.netobj_type;
11121                                 break;
11122 
11123                         case A_rc_type_nt:
11124                                 value->rc_type = aci.nettemp_type;
11125                                 break;
11126 
11127                         default:
11128                                 err = -RSBAC_EINVALIDATTR;
11129                         }
11130                 }
11131                 break;
11132 #endif                          /* RC */
11133 
11134         default:
11135                 err = -RSBAC_EINVALIDMODULE;
11136         }
11137         return err;
11138 }
11139 
11140 static int get_attr_netobj(rsbac_list_ta_number_t ta_number,
11141                            enum rsbac_switch_target_t module,
11142                            enum rsbac_target_t target,
11143                            union rsbac_target_id_t *tid_p,
11144                            enum rsbac_attribute_t attr,
11145                            union rsbac_attribute_value_t *value,
11146                            rsbac_boolean_t inherit)
11147 {
11148         int err = 0;
11149         /* rsbac_pr_debug(ds, "Getting netobj attribute"); */
11150         switch (module) {
11151 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
11152         case SW_GEN:
11153                 {
11154                         struct rsbac_gen_netobj_aci_t aci =
11155                             DEFAULT_GEN_NETOBJ_ACI;
11156                         rsbac_net_temp_id_t temp;
11157 
11158                         switch (attr) {
11159                         case A_local_log_array_low:
11160                         case A_local_log_array_high:
11161                                 if(!ta_number && tid_p->netobj.local_temp)
11162                                         temp = tid_p->netobj.local_temp;
11163                                 else
11164                                         rsbac_ta_net_lookup_templates(ta_number,
11165                                                                       &tid_p->
11166                                                                       netobj,
11167                                                                       &temp, NULL);
11168                                 break;
11169                         case A_remote_log_array_low:
11170                         case A_remote_log_array_high:
11171                                 if(!ta_number && tid_p->netobj.remote_temp)
11172                                         temp = tid_p->netobj.remote_temp;
11173                                 else
11174                                         rsbac_ta_net_lookup_templates(ta_number,
11175                                                                       &tid_p->
11176                                                                       netobj, NULL,
11177                                                                       &temp);
11178                                 break;
11179 
11180                         default:
11181                                 err = -RSBAC_EINVALIDATTR;
11182                         }
11183                         if (temp)
11184                                 rsbac_ta_list_get_data_ttl(ta_number,
11185                                                            nettemp_handles.
11186                                                            gen, NULL,
11187                                                            &temp, &aci);
11188                         switch (attr) {
11189                         case A_local_log_array_low:
11190                         case A_remote_log_array_low:
11191                                 value->log_array_low = aci.log_array_low;
11192                                 break;
11193                         case A_local_log_array_high:
11194                         case A_remote_log_array_high:
11195                                 value->log_array_high = aci.log_array_high;
11196                                 break;
11197 
11198                         default:
11199                                 err = -RSBAC_EINVALIDATTR;
11200                         }
11201                 }
11202                 break;
11203 #endif
11204 #if defined(CONFIG_RSBAC_MAC)
11205         case SW_MAC:
11206                 {
11207                         struct rsbac_mac_netobj_aci_t aci =
11208                             DEFAULT_MAC_NETOBJ_ACI;
11209 
11210                         switch (attr) {
11211                         case A_local_sec_level:
11212                         case A_local_mac_categories:
11213                                 if (rsbac_ta_list_get_data_ttl(ta_number, lnetobj_handles.mac, NULL, &tid_p->netobj.sock_p, &aci)) {    /* not found -> fallback to template */
11214                                         rsbac_net_temp_id_t temp = 0;
11215 
11216                                         if(!ta_number && tid_p->netobj.local_temp)
11217                                                 temp = tid_p->netobj.local_temp;
11218                                         else
11219                                                 rsbac_ta_net_lookup_templates
11220                                                     (ta_number, &tid_p->netobj,
11221                                                      &temp, NULL);
11222                                         if (temp)
11223                                                 rsbac_ta_list_get_data_ttl
11224                                                     (ta_number,
11225                                                      nettemp_handles.mac,
11226                                                      NULL, &temp, &aci);
11227                                 }
11228                                 break;
11229 
11230                         case A_remote_sec_level:
11231                         case A_remote_mac_categories:
11232                                 if (rsbac_ta_list_get_data_ttl(ta_number, rnetobj_handles.mac, NULL, &tid_p->netobj.sock_p, &aci)) {    /* not found -> fallback to template */
11233                                         rsbac_net_temp_id_t temp = 0;
11234 
11235                                         if(!ta_number && tid_p->netobj.remote_temp)
11236                                                 temp = tid_p->netobj.remote_temp;
11237                                         else
11238                                                 rsbac_ta_net_lookup_templates
11239                                                     (ta_number, &tid_p->netobj,
11240                                                      NULL, &temp);
11241                                         if (temp)
11242                                                 rsbac_ta_list_get_data_ttl
11243                                                     (ta_number,
11244                                                      nettemp_handles.mac,
11245                                                      NULL, &temp, &aci);
11246                                 }
11247                                 break;
11248 
11249                         default:
11250                                 err = -RSBAC_EINVALIDATTR;
11251                         }
11252                         if (err)
11253                                 break;
11254                         switch (attr) {
11255                         case A_local_sec_level:
11256                         case A_remote_sec_level:
11257                                 value->security_level = aci.sec_level;
11258                                 break;
11259                         case A_local_mac_categories:
11260                         case A_remote_mac_categories:
11261                                 value->mac_categories = aci.mac_categories;
11262                                 break;
11263 
11264                         default:
11265                                 err = -RSBAC_EINVALIDATTR;
11266                         }
11267                 }
11268                 break;
11269 #endif                          /* MAC */
11270 
11271 #if defined(CONFIG_RSBAC_PM)
11272         case SW_PM:
11273                 {
11274                         struct rsbac_pm_netobj_aci_t aci =
11275                             DEFAULT_PM_NETOBJ_ACI;
11276 
11277                         switch (attr) {
11278                         case A_local_pm_object_class:
11279                         case A_local_pm_ipc_purpose:
11280                         case A_local_pm_object_type:
11281                                 if (rsbac_ta_list_get_data_ttl(ta_number, lnetobj_handles.pm, NULL, &tid_p->netobj.sock_p, &aci)) {     /* not found -> fallback to template */
11282                                         rsbac_net_temp_id_t temp = 0;
11283 
11284                                         if(!ta_number && tid_p->netobj.local_temp)
11285                                                 temp = tid_p->netobj.local_temp;
11286                                         else
11287                                                 rsbac_ta_net_lookup_templates
11288                                             (ta_number, &tid_p->netobj,
11289                                              &temp, NULL);
11290                                         if (temp)
11291                                                 rsbac_ta_list_get_data_ttl
11292                                                     (ta_number,
11293                                                      nettemp_handles.pm,
11294                                                      NULL, &temp, &aci);
11295                                 }
11296                                 break;
11297 
11298                         case A_remote_pm_object_class:
11299                         case A_remote_pm_ipc_purpose:
11300                         case A_remote_pm_object_type:
11301                                 if (rsbac_ta_list_get_data_ttl(ta_number, rnetobj_handles.pm, NULL, &tid_p->netobj.sock_p, &aci)) {     /* not found -> fallback to template */
11302                                         rsbac_net_temp_id_t temp = 0;
11303 
11304                                         if(!ta_number && tid_p->netobj.remote_temp)
11305                                                 temp = tid_p->netobj.remote_temp;
11306                                         else
11307                                                 rsbac_ta_net_lookup_templates
11308                                                     (ta_number, &tid_p->netobj,
11309                                                      NULL, &temp);
11310                                         if (temp)
11311                                                 rsbac_ta_list_get_data_ttl
11312                                                     (ta_number,
11313                                                      nettemp_handles.pm,
11314                                                      NULL, &temp, &aci);
11315                                 }
11316                                 break;
11317 
11318                         default:
11319                                 err = -RSBAC_EINVALIDATTR;
11320                         }
11321                         if (err)
11322                                 break;
11323                         switch (attr) {
11324                         case A_local_pm_object_class:
11325                         case A_remote_pm_object_class:
11326                                 value->pm_object_class =
11327                                     aci.pm_object_class;
11328                                 break;
11329                         case A_local_pm_ipc_purpose:
11330                         case A_remote_pm_ipc_purpose:
11331                                 value->pm_ipc_purpose = aci.pm_ipc_purpose;
11332                                 break;
11333                         case A_local_pm_object_type:
11334                         case A_remote_pm_object_type:
11335                                 value->pm_object_type = aci.pm_object_type;
11336                                 break;
11337 
11338                         default:
11339                                 err = -RSBAC_EINVALIDATTR;
11340                         }
11341                 }
11342                 break;
11343 #endif                          /* PM */
11344 
11345 #if defined(CONFIG_RSBAC_RC)
11346         case SW_RC:
11347                 {
11348                         rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
11349 
11350                         switch (attr) {
11351                         case A_local_rc_type:
11352                                 if (rsbac_ta_list_get_data_ttl(ta_number, lnetobj_handles.rc, NULL, &tid_p->netobj.sock_p, &type)) {    /* not found -> fallback to template */
11353                                         rsbac_net_temp_id_t temp = 0;
11354                                         struct rsbac_rc_nettemp_aci_t aci;
11355 
11356                                         if(!ta_number && tid_p->netobj.local_temp)
11357                                                 temp = tid_p->netobj.local_temp;
11358                                         else
11359                                                 rsbac_ta_net_lookup_templates
11360                                                     (ta_number, &tid_p->netobj,
11361                                                      &temp, NULL);
11362                                         if (temp) {
11363                                                 if (!rsbac_ta_list_get_data_ttl(ta_number, nettemp_handles.rc, NULL, &temp, &aci))
11364                                                         type = aci.netobj_type;
11365                                         }
11366                                 }
11367                                 break;
11368 
11369                         case A_remote_rc_type:
11370                                 if (rsbac_ta_list_get_data_ttl(ta_number, rnetobj_handles.rc, NULL, &tid_p->netobj.sock_p, &type)) {    /* not found -> fallback to template */
11371                                         rsbac_net_temp_id_t temp = 0;
11372                                         struct rsbac_rc_nettemp_aci_t aci;
11373 
11374                                         if(!ta_number && tid_p->netobj.remote_temp)
11375                                                 temp = tid_p->netobj.remote_temp;
11376                                         else
11377                                                 rsbac_ta_net_lookup_templates
11378                                                     (ta_number, &tid_p->netobj,
11379                                                      NULL, &temp);
11380                                         if (temp) {
11381                                                 if (!rsbac_ta_list_get_data_ttl(ta_number, nettemp_handles.rc, NULL, &temp, &aci))
11382                                                         type =
11383                                                             aci.
11384                                                             netobj_type;
11385                                         }
11386                                 }
11387                                 break;
11388 
11389                         default:
11390                                 err = -RSBAC_EINVALIDATTR;
11391                         }
11392                         if (!err)
11393                                 value->rc_type = type;
11394                 }
11395                 break;
11396 #endif                          /* RC */
11397 
11398         default:
11399                 err = -RSBAC_EINVALIDMODULE;
11400         }
11401         return err;
11402 }
11403 #endif                          /* NET_OBJ */
11404 
11405 #ifdef CONFIG_RSBAC_FD_CACHE
11406 int rsbac_fd_cache_invalidate(struct rsbac_fs_file_t * file_p)
11407 {
11408         struct rsbac_fd_cache_desc_t fd_desc;
11409         int i;
11410 
11411         fd_desc.device = file_p->device;
11412         fd_desc.inode = file_p->inode;
11413                         
11414         for (i = 0; i < SW_NONE; i++) {
11415                 if (fd_cache_handle[i])
11416                         rsbac_list_lol_remove(fd_cache_handle[i], &fd_desc);
11417         }
11418 #ifdef CONFIG_RSBAC_XSTATS
11419         fd_cache_invalidates++;
11420 #endif
11421         return 0;
11422 }
11423 
11424 int rsbac_fd_cache_invalidate_all(void)
11425 {
11426         int i;
11427 
11428         for (i = 0; i < SW_NONE; i++) {
11429                 if (fd_cache_handle[i])
11430                         rsbac_list_lol_remove_all(fd_cache_handle[i]);
11431         }
11432 #ifdef CONFIG_RSBAC_XSTATS
11433         fd_cache_invalidate_alls++;
11434 #endif
11435         return 0;
11436 }
11437 #endif
11438 
11439 /* The value parameter to rsbac_get_attr(s) and rsbac_set_attr() is a pointer */
11440 /* to the appropiate data structure holding the attribute value.            */
11441 
11442 int rsbac_ta_get_attr(rsbac_list_ta_number_t ta_number,
11443                       enum rsbac_switch_target_t module,
11444                       enum rsbac_target_t target,
11445                       union rsbac_target_id_t tid,
11446                       enum rsbac_attribute_t attr,
11447                       union rsbac_attribute_value_t *value_p,
11448                       rsbac_boolean_t inherit)
11449 {
11450         int err = 0;
11451 
11452         if (!rsbac_initialized) {
11453                 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
11454                 return (-RSBAC_ENOTINITIALIZED);
11455         }
11456         if (!value_p)
11457                 return (-RSBAC_EINVALIDPOINTER);
11458         if (in_interrupt()) {
11459                 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
11460         }
11461 #ifdef CONFIG_RSBAC_XSTATS
11462         get_attr_count[target]++;
11463 #endif
11464         switch (target) {
11465         case T_FILE:
11466         case T_DIR:
11467         case T_FIFO:
11468         case T_SYMLINK:
11469         case T_UNIXSOCK:
11470 #ifdef CONFIG_RSBAC_FD_CACHE
11471                 if (inherit && !ta_number && fd_cache_handle[module] && (RSBAC_MAJOR(tid.file.device) > 1)) {
11472                         struct rsbac_fd_cache_desc_t fd_desc;
11473                         rsbac_enum_t cache_attr = attr;
11474 
11475                         fd_desc.device = tid.file.device;
11476                         fd_desc.inode = tid.file.inode;
11477                         if (!rsbac_list_lol_get_subdata(fd_cache_handle[module],
11478                                                 &fd_desc, &cache_attr,
11479                                                 value_p)) {
11480 #ifdef CONFIG_RSBAC_XSTATS
11481                                 fd_cache_hits[module]++;
11482 #endif
11483                                 return 0;
11484                         }
11485                         err = get_attr_fd(0, module, target, &tid,
11486                                    attr, value_p, TRUE);
11487                         if (!err) {
11488 #if 0
11489                                 rsbac_pr_debug(auto, "Adding fd cache item device %02u:%02u inode %u attr %u\n",
11490                                         RSBAC_MAJOR(fd_desc.device), RSBAC_MINOR(fd_desc.device),
11491                                         fd_desc.inode, attr);
11492 #endif
11493                                 rsbac_list_lol_subadd_ttl(fd_cache_handle[module],
11494                                                 rsbac_fd_cache_ttl,
11495                                                 &fd_desc, &cache_attr,
11496                                                 value_p);
11497 #ifdef CONFIG_RSBAC_XSTATS
11498                                 fd_cache_misses[module]++;
11499 #endif
11500                         }
11501                         return err;
11502                 }
11503 #endif
11504 
11505                 return get_attr_fd(ta_number, module, target, &tid,
11506                                    attr, value_p, inherit);
11507 
11508         case T_DEV:
11509                 return get_attr_dev(ta_number, module, target, tid.dev,
11510                                     attr, value_p, inherit);
11511 
11512         case T_IPC:
11513                 return get_attr_ipc(ta_number, module, target, &tid,
11514                                     attr, value_p, inherit);
11515 
11516         case T_USER:
11517                 return get_attr_user(ta_number, module, target, &tid,
11518                                      attr, value_p, inherit);
11519 
11520         case T_PROCESS:
11521                 return get_attr_process(ta_number, module, target, &tid,
11522                                         attr, value_p, inherit);
11523 
11524 #ifdef CONFIG_RSBAC_UM
11525         case T_GROUP:
11526                 return get_attr_group(ta_number, module, target, &tid,
11527                                       attr, value_p, inherit);
11528 #endif                          /* CONFIG_RSBAC_UM */
11529 
11530 #ifdef CONFIG_RSBAC_NET_DEV
11531         case T_NETDEV:
11532                 return get_attr_netdev(ta_number, module, target, &tid,
11533                                        attr, value_p, inherit);
11534 #endif
11535 
11536 #ifdef CONFIG_RSBAC_NET_OBJ
11537         case T_NETTEMP:
11538                 return get_attr_nettemp(ta_number, module, target, &tid,
11539                                         attr, value_p, inherit);
11540 
11541         case T_NETOBJ:
11542                 return get_attr_netobj(ta_number, module, target, &tid,
11543                                        attr, value_p, inherit);
11544 #endif
11545 
11546                 /* switch target: no valid target */
11547         default:
11548                 return -RSBAC_EINVALIDTARGET;
11549         }
11550 
11551         return err;
11552 }
11553 
11554 /************************************************************************** */
11555 
11556 static int set_attr_fd(rsbac_list_ta_number_t ta_number,
11557                        enum rsbac_switch_target_t module,
11558                        enum rsbac_target_t target,
11559                        union rsbac_target_id_t *tid_p,
11560                        enum rsbac_attribute_t attr,
11561                        union rsbac_attribute_value_t *value_p)
11562 {
11563         int err = 0;
11564         struct rsbac_device_list_item_t *device_p;
11565 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
11566         u_long dflags;
11567 #endif
11568         u_int hash;
11569 
11570         /* rsbac_pr_debug(ds, "Setting file/dir/fifo/symlink "
11571                        "attribute %u for device %02u:%02u, inode %lu, "
11572                        "dentry_p %p\n", attr,
11573                        RSBAC_MAJOR(tid_p->file.device),
11574                        RSBAC_MINOR(tid_p->file.device),
11575                        (u_long)tid_p->file.inode, tid_p->file.dentry_p); */
11576         hash = device_hash(tid_p->file.device);
11577 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11578         rcu_read_lock();
11579 #else
11580         rsbac_read_lock(&device_list_locks[hash], &dflags);
11581 #endif
11582         /* rsbac_pr_debug(ds, "passed device read lock\n"); */
11583         /* lookup device */
11584         device_p = lookup_device(tid_p->file.device, hash);
11585         if (!device_p) {
11586                 struct super_block *sb_p;
11587 
11588 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11589                 rcu_read_unlock();
11590 #else
11591                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
11592 #endif
11593 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11594                 sb_p = user_get_super(tid_p->file.device);
11595 #else
11596                 sb_p = get_super(tid_p->file.device);
11597 #endif
11598                 if (sb_p) {
11599                         if(RSBAC_MAJOR(tid_p->file.device) <= 1) {
11600                                 rsbac_printk(KERN_INFO "rsbac_set_attr(): auto-mounting device %02u:%02u\n",
11601                                      RSBAC_MAJOR(tid_p->file.device),
11602                                      RSBAC_MINOR(tid_p->file.device));
11603                                 rsbac_mount(sb_p, NULL);
11604                         }
11605                         /* free super_block pointer */
11606                         drop_super(sb_p);
11607 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11608                         rcu_read_lock();
11609 #else
11610                         rsbac_read_lock(&device_list_locks[hash], &dflags);
11611 #endif
11612                         device_p = lookup_device(tid_p->file.device, hash);
11613                         if (!device_p) {
11614                                 rsbac_printk(KERN_WARNING "rsbac_set_attr(): unknown device %02u:%02u\n",
11615                                              RSBAC_MAJOR(tid_p->file.
11616                                                          device),
11617                                              RSBAC_MINOR(tid_p->file.
11618                                                          device));
11619 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
11620                                 rcu_read_unlock();
11621 #else
11622                                 rsbac_read_unlock(&device_list_locks[hash],
11623                                                   &dflags);
11624 #endif
11625                                 return -RSBAC_EINVALIDDEV;
11626                         }
11627                 } else
11628                         return -RSBAC_EINVALIDDEV;
11629         }
11630         switch (module) {
11631         case SW_GEN:
11632                 {
11633                         struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
11634 
11635                         rsbac_ta_list_get_data_ttl(ta_number,
11636                                                    device_p->handles.gen,
11637                                                    NULL,
11638                                                    &tid_p->file.inode,
11639                                                    &aci);
11640                         switch (attr) {
11641                         case A_log_array_low:
11642                                 aci.log_array_low = value_p->log_array_low;
11643                                 break;
11644                         case A_log_array_high:
11645                                 aci.log_array_high =
11646                                     value_p->log_array_high;
11647                                 break;
11648                         case A_log_program_based:
11649                                 aci.log_program_based =
11650                                     value_p->log_program_based;
11651                                 break;
11652                         case A_symlink_add_remote_ip:
11653                                 aci.symlink_add_remote_ip =
11654                                     value_p->symlink_add_remote_ip;
11655                                 break;
11656                         case A_symlink_add_uid:
11657                                 aci.symlink_add_uid =
11658                                     value_p->symlink_add_uid;
11659                                 break;
11660                         case A_symlink_add_mac_level:
11661                                 aci.symlink_add_mac_level =
11662                                     value_p->symlink_add_mac_level;
11663                                 break;
11664                         case A_symlink_add_rc_role:
11665                                 aci.symlink_add_rc_role =
11666                                     value_p->symlink_add_rc_role;
11667                                 break;
11668                         case A_linux_dac_disable:
11669                                 aci.linux_dac_disable =
11670                                     value_p->linux_dac_disable;
11671                                 break;
11672                         case A_fake_root_uid:
11673                                 aci.fake_root_uid = value_p->fake_root_uid;
11674                                 break;
11675                         case A_auid_exempt:
11676                                 aci.auid_exempt = value_p->auid_exempt;
11677                                 break;
11678                         default:
11679                                 err = -RSBAC_EINVALIDATTR;
11680                         }
11681                         if (!err) {
11682                                 err = rsbac_ta_list_add_ttl(ta_number,
11683                                                             device_p->
11684                                                             handles.gen,
11685                                                             0,
11686                                                             &tid_p->file.
11687                                                             inode, &aci);
11688                         }
11689                 }
11690                 break;
11691 
11692 #if defined(CONFIG_RSBAC_MAC)
11693         case SW_MAC:
11694                 {
11695                         struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
11696 
11697                         rsbac_ta_list_get_data_ttl(ta_number,
11698                                                 device_p->handles.mac,
11699                                                 NULL,
11700                                                 &tid_p->file.inode,
11701                                                 &aci);
11702                         switch (attr) {
11703                         case A_security_level:
11704                                 aci.sec_level = value_p->security_level;
11705                                 break;
11706                         case A_mac_categories:
11707                                 aci.mac_categories =
11708                                     value_p->mac_categories;
11709                                 break;
11710                         case A_mac_auto:
11711                                 aci.mac_auto = value_p->mac_auto;
11712                                 break;
11713                         case A_mac_prop_trusted:
11714                                 aci.mac_prop_trusted =
11715                                     value_p->mac_prop_trusted;
11716                                 break;
11717                         case A_mac_file_flags:
11718                                 aci.mac_file_flags =
11719                                     value_p->
11720                                     mac_file_flags & RSBAC_MAC_F_FLAGS;
11721                                 break;
11722 
11723                         default:
11724                                 err = -RSBAC_EINVALIDATTR;
11725                         }
11726                         if (!err) {
11727                                 err = rsbac_ta_list_add_ttl(ta_number,
11728                                                         device_p->
11729                                                         handles.mac,
11730                                                         0,
11731                                                         &tid_p->file.
11732                                                         inode, &aci);
11733                         }
11734                 }
11735                 break;
11736 #endif                          /* MAC */
11737 
11738 #if defined(CONFIG_RSBAC_PM)
11739         case SW_PM:
11740                 {
11741                         struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
11742 
11743                         rsbac_ta_list_get_data_ttl(ta_number,
11744                                                    device_p->handles.pm,
11745                                                    NULL,
11746                                                    &tid_p->file.inode,
11747                                                    &aci);
11748                         switch (attr) {
11749                         case A_pm_object_class:
11750                                 aci.pm_object_class =
11751                                     value_p->pm_object_class;
11752                                 break;
11753                         case A_pm_tp:
11754                                 aci.pm_tp = value_p->pm_tp;
11755                                 break;
11756                         case A_pm_object_type:
11757                                 aci.pm_object_type =
11758                                     value_p->pm_object_type;
11759                                 break;
11760                         default:
11761                                 err = -RSBAC_EINVALIDATTR;
11762                         }
11763                         if (!err) {
11764                                 err = rsbac_ta_list_add_ttl(ta_number,
11765                                                         device_p->
11766                                                         handles.pm,
11767                                                         0,
11768                                                         &tid_p->file.
11769                                                         inode, &aci);
11770                         }
11771                 }
11772                 break;
11773 #endif                          /* PM */
11774 
11775 #if defined(CONFIG_RSBAC_DAZ)
11776         case SW_DAZ:
11777                 {
11778 #if defined(CONFIG_RSBAC_DAZ_CACHE)
11779                         if (attr == A_daz_scanned) {
11780                                 err =
11781                                     rsbac_list_add_ttl(device_p->handles.dazs,
11782                                                        rsbac_daz_ttl,
11783                                                        &tid_p->file.inode,
11784                                                        &value_p->
11785                                                        daz_scanned);
11786                         } else
11787 #endif
11788                         {
11789                                 struct rsbac_daz_fd_aci_t aci =
11790                                     DEFAULT_DAZ_FD_ACI;
11791 
11792                                 rsbac_ta_list_get_data_ttl(ta_number,
11793                                                            device_p->
11794                                                            handles.daz,
11795                                                            NULL,
11796                                                            &tid_p->file.inode,
11797                                                            &aci);
11798                                 switch (attr) {
11799                                 case A_daz_scanner:
11800                                         aci.daz_scanner =
11801                                             value_p->daz_scanner;
11802                                         break;
11803                                 case A_daz_do_scan:
11804                                         aci.daz_do_scan = value_p->daz_do_scan;
11805                                         break;
11806                                 default:
11807                                         err = -RSBAC_EINVALIDATTR;
11808                                 }
11809                                 if (!err) {
11810                                         err = rsbac_ta_list_add_ttl
11811                                                 (ta_number,
11812                                                 device_p->handles.daz,
11813                                                 0,
11814                                                 &tid_p->file.inode, &aci);
11815                                 }
11816                         }
11817                 }
11818                 break;
11819 #endif                          /* DAZ */
11820 
11821 #if defined(CONFIG_RSBAC_FF)
11822         case SW_FF:
11823                 {
11824                         switch (attr) {
11825                         case A_ff_flags:
11826                                 err = rsbac_ta_list_add_ttl(ta_number,
11827                                                         device_p->
11828                                                         handles.ff,
11829                                                         0,
11830                                                         &tid_p->file.
11831                                                         inode,
11832                                                         &value_p->ff_flags);
11833                                 break;
11834 
11835                         default:
11836                                 err = -RSBAC_EINVALIDATTR;
11837                         }
11838                 }
11839                 break;
11840 #endif                          /* FF */
11841 
11842 #if defined(CONFIG_RSBAC_RC)
11843         case SW_RC:
11844                 {
11845                         struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
11846 
11847                         rsbac_ta_list_get_data_ttl(ta_number,
11848                                                    device_p->handles.rc,
11849                                                    NULL,
11850                                                    &tid_p->file.inode,
11851                                                    &aci);
11852                         switch (attr) {
11853                         case A_rc_type_fd:
11854                                 aci.rc_type_fd = value_p->rc_type_fd;
11855                                 break;
11856                         case A_rc_force_role:
11857                                 aci.rc_force_role = value_p->rc_force_role;
11858                                 break;
11859                         case A_rc_initial_role:
11860                                 aci.rc_initial_role =
11861                                     value_p->rc_initial_role;
11862                                 break;
11863 
11864                         default:
11865                                 err = -RSBAC_EINVALIDATTR;
11866                         }
11867                         if (!err) {
11868                                 err = rsbac_ta_list_add_ttl(ta_number,
11869                                                         device_p->
11870                                                         handles.rc,
11871                                                         0,
11872                                                         &tid_p->file.
11873                                                         inode, &aci);
11874                         }
11875                 }
11876                 break;
11877 #endif                          /* RC */
11878 
11879 #if defined(CONFIG_RSBAC_AUTH)
11880         case SW_AUTH:
11881                 {
11882                         struct rsbac_auth_fd_aci_t aci =
11883                             DEFAULT_AUTH_FD_ACI;
11884 
11885                         rsbac_ta_list_get_data_ttl(ta_number,
11886                                                 device_p->handles.auth,
11887                                                 NULL,
11888                                                 &tid_p->file.inode,
11889                                                 &aci);
11890                         switch (attr) {
11891                         case A_auth_may_setuid:
11892                                 aci.auth_may_setuid =
11893                                     value_p->auth_may_setuid;
11894                                 break;
11895                         case A_auth_may_set_cap:
11896                                 aci.auth_may_set_cap =
11897                                     value_p->auth_may_set_cap;
11898                                 break;
11899                         case A_auth_learn:
11900                                 aci.auth_learn = value_p->auth_learn;
11901                                 break;
11902                         default:
11903                                 err = -RSBAC_EINVALIDATTR;
11904                         }
11905                         if (!err) {
11906                                 err = rsbac_ta_list_add_ttl(ta_number,
11907                                                         device_p->
11908                                                         handles.auth,
11909                                                         0,
11910                                                         &tid_p->file.
11911                                                         inode, &aci);
11912                         }
11913                 }
11914                 break;
11915 #endif                          /* AUTH */
11916 
11917 #if defined(CONFIG_RSBAC_CAP)
11918         case SW_CAP:
11919                 {
11920                         struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
11921 
11922                         rsbac_ta_list_get_data_ttl(ta_number,
11923                                                 device_p->handles.cap,
11924                                                 NULL,
11925                                                 &tid_p->file.inode,
11926                                                 &aci);
11927                         switch (attr) {
11928                         case A_min_caps:
11929                                 aci.min_caps = value_p->min_caps;
11930                                 break;
11931                         case A_max_caps:
11932                                 aci.max_caps = value_p->max_caps;
11933                                 break;
11934                         case A_cap_ld_env:
11935                                 aci.cap_ld_env = value_p->cap_ld_env;
11936                                 break;
11937                         default:
11938                                 err = -RSBAC_EINVALIDATTR;
11939                         }
11940                         if (!err) {
11941                                 err = rsbac_ta_list_add_ttl(ta_number,
11942                                                             device_p->
11943                                                             handles.cap,
11944                                                             0,
11945                                                             &tid_p->file.
11946                                                             inode, &aci);
11947                         }
11948                 }
11949                 break;
11950 #endif
11951 
11952 #if defined(CONFIG_RSBAC_RES)
11953         case SW_RES:
11954                 {
11955                         struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
11956 
11957                         rsbac_ta_list_get_data_ttl(ta_number,
11958                                                 device_p->handles.res,
11959                                                 NULL,
11960                                                 &tid_p->file.inode,
11961                                                 &aci);
11962                         switch (attr) {
11963                         case A_res_min:
11964                                 memcpy(&aci.res_min, &value_p->res_array,
11965                                        sizeof(aci.res_min));
11966                                 break;
11967                         case A_res_max:
11968                                 memcpy(&aci.res_max, &value_p->res_array,
11969                                        sizeof(aci.res_max));
11970                                 break;
11971                         default:
11972                                 err = -RSBAC_EINVALIDATTR;
11973                         }
11974                         if (!err) {
11975                                 struct rsbac_res_fd_aci_t def_aci =
11976                                     DEFAULT_RES_FD_ACI;
11977 
11978                                 if (memcmp(&aci, &def_aci, sizeof(aci)))
11979                                         err = rsbac_ta_list_add_ttl
11980                                                 (ta_number,
11981                                                 device_p->handles.res,
11982                                                 0,
11983                                                 &tid_p->file.inode, &aci);
11984                                 else
11985                                         err =
11986                                             rsbac_ta_list_remove(ta_number,
11987                                                                  device_p->
11988                                                                  handles.res,
11989                                                                  &tid_p->file.
11990                                                                  inode);
11991                         }
11992                 }
11993                 break;
11994 #endif
11995 
11996 #if defined(CONFIG_RSBAC_PAX)
11997         case SW_PAX:
11998                 {
11999                         switch (attr) {
12000                         case A_pax_flags:
12001                                 value_p->pax_flags &= RSBAC_PAX_ALL_FLAGS;
12002                                 err = rsbac_ta_list_add_ttl(ta_number,
12003                                                             device_p->
12004                                                             handles.pax,
12005                                                             0,
12006                                                             &tid_p->file.
12007                                                             inode,
12008                                                             &value_p->pax_flags);
12009                                 break;
12010 
12011                         default:
12012                                 err = -RSBAC_EINVALIDATTR;
12013                         }
12014                 }
12015                 break;
12016 #endif                          /* PAX */
12017 
12018         default:
12019                 err = -RSBAC_EINVALIDMODULE;
12020         }
12021         /* free access to device_list_head */
12022 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
12023         rcu_read_unlock();
12024 #else
12025         rsbac_read_unlock(&device_list_locks[hash], &dflags);
12026 #endif
12027 
12028 #ifdef CONFIG_RSBAC_FD_CACHE
12029         if (fd_cache_handle[module]) {
12030                 if (target == T_DIR)
12031                         rsbac_list_lol_remove_all(fd_cache_handle[module]);
12032                 else {
12033                         struct rsbac_fd_cache_desc_t fd_desc;
12034 
12035                         fd_desc.device = tid_p->file.device;
12036                         fd_desc.inode = tid_p->file.inode;
12037                         rsbac_list_lol_remove(fd_cache_handle[module], &fd_desc);
12038                 }
12039         }
12040 #endif
12041 
12042         return err;
12043 }
12044 
12045 static int set_attr_dev(rsbac_list_ta_number_t ta_number,
12046                         enum rsbac_switch_target_t module,
12047                         enum rsbac_target_t target,
12048                         struct rsbac_dev_desc_t dev,
12049                         enum rsbac_attribute_t attr,
12050                         union rsbac_attribute_value_t *value_p)
12051 {
12052         int err = 0;
12053         /* rsbac_pr_debug(ds, "Setting dev attribute\n"); */
12054         switch (module) {
12055         case SW_GEN:
12056                 {
12057                         struct rsbac_gen_dev_aci_t aci =
12058                             DEFAULT_GEN_DEV_ACI;
12059 
12060                         if (dev.type > D_char)
12061                                 return -RSBAC_EINVALIDTARGET;
12062                         rsbac_ta_list_get_data_ttl(ta_number,
12063                                                    dev_handles.gen,
12064                                                    NULL, &dev, &aci);
12065                         switch (attr) {
12066                         case A_log_array_low:
12067                                 aci.log_array_low = value_p->log_array_low;
12068                                 break;
12069                         case A_log_array_high:
12070                                 aci.log_array_high =
12071                                     value_p->log_array_high;
12072                                 break;
12073                         default:
12074                                 err = -RSBAC_EINVALIDATTR;
12075                         }
12076                         if (!err) {
12077                                 err = rsbac_ta_list_add_ttl(ta_number,
12078                                                             dev_handles.
12079                                                             gen, 0, &dev,
12080                                                             &aci);
12081                         }
12082                 }
12083                 break;
12084 
12085 #if defined(CONFIG_RSBAC_MAC)
12086         case SW_MAC:
12087                 {
12088                         struct rsbac_mac_dev_aci_t aci =
12089                             DEFAULT_MAC_DEV_ACI;
12090 
12091                         if (dev.type > D_char)
12092                                 return -RSBAC_EINVALIDTARGET;
12093                         rsbac_ta_list_get_data_ttl(ta_number,
12094                                                    dev_handles.mac,
12095                                                    NULL, &dev, &aci);
12096                         switch (attr) {
12097                         case A_security_level:
12098                                 aci.sec_level = value_p->security_level;
12099                                 break;
12100                         case A_mac_categories:
12101                                 aci.mac_categories =
12102                                     value_p->mac_categories;
12103                                 break;
12104                         case A_mac_check:
12105                                 aci.mac_check = value_p->mac_check;
12106                                 break;
12107                         default:
12108                                 err = -RSBAC_EINVALIDATTR;
12109                         }
12110                         if (!err) {
12111                                 err = rsbac_ta_list_add_ttl(ta_number,
12112                                                             dev_handles.
12113                                                             mac, 0, &dev,
12114                                                             &aci);
12115                         }
12116                 }
12117                 break;
12118 #endif
12119 
12120 #if defined(CONFIG_RSBAC_PM)
12121         case SW_PM:
12122                 {
12123                         struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
12124 
12125                         if (dev.type > D_char)
12126                                 return -RSBAC_EINVALIDTARGET;
12127                         rsbac_ta_list_get_data_ttl(ta_number,
12128                                                    dev_handles.pm,
12129                                                    NULL, &dev, &aci);
12130                         switch (attr) {
12131                         case A_pm_object_type:
12132                                 aci.pm_object_type =
12133                                     value_p->pm_object_type;
12134                                 break;
12135                         case A_pm_object_class:
12136                                 aci.pm_object_class =
12137                                     value_p->pm_object_class;
12138                                 break;
12139                         default:
12140                                 err = -RSBAC_EINVALIDATTR;
12141                         }
12142                         if (!err) {
12143                                 err = rsbac_ta_list_add_ttl(ta_number,
12144                                                             dev_handles.pm,
12145                                                             0, &dev, &aci);
12146                         }
12147                 }
12148                 break;
12149 #endif
12150 
12151 #if defined(CONFIG_RSBAC_RC)
12152         case SW_RC:
12153                 {
12154                         rsbac_rc_type_id_t type = value_p->rc_type;
12155                         struct rsbac_dev_desc_t dev_desc;
12156                         rsbac_list_handle_t handle;
12157 
12158                         switch (dev.type) {
12159                         case D_char:
12160                                 dev_desc.type = D_char;
12161                                 handle = dev_handles.rc;
12162                                 break;
12163                         case D_block:
12164                                 dev_desc.type = D_block;
12165                                 handle = dev_handles.rc;
12166                                 break;
12167                         case D_char_major:
12168                                 if (type > RC_type_max_value)
12169                                         return -RSBAC_EINVALIDVALUE;
12170                                 dev_desc.type = D_char;
12171                                 handle = dev_major_handles.rc;
12172                                 break;
12173                         case D_block_major:
12174                                 if (type > RC_type_max_value)
12175                                         return -RSBAC_EINVALIDVALUE;
12176                                 dev_desc.type = D_block;
12177                                 handle = dev_major_handles.rc;
12178                                 break;
12179                         default:
12180                                 return -RSBAC_EINVALIDTARGET;
12181                         }
12182                         dev_desc.major = dev.major;
12183                         dev_desc.minor = dev.minor;
12184 
12185                         switch (attr) {
12186                         case A_rc_type:
12187                                 err = rsbac_ta_list_add_ttl(ta_number,
12188                                                             handle,
12189                                                             0,
12190                                                             &dev_desc,
12191                                                             &type);
12192                                 break;
12193                         default:
12194                                 err = -RSBAC_EINVALIDATTR;
12195                         }
12196                 }
12197                 break;
12198 #endif
12199 
12200         default:
12201                 err = -RSBAC_EINVALIDMODULE;
12202         }
12203 
12204         return err;
12205 }
12206 
12207 static int set_attr_ipc(rsbac_list_ta_number_t ta_number,
12208                         enum rsbac_switch_target_t module,
12209                         enum rsbac_target_t target,
12210                         union rsbac_target_id_t *tid_p,
12211                         enum rsbac_attribute_t attr,
12212                         union rsbac_attribute_value_t *value_p)
12213 {
12214         int err = 0;
12215         /* rsbac_pr_debug(ds, "Setting ipc attribute"); */
12216         switch (module) {
12217 #if defined(CONFIG_RSBAC_MAC)
12218         case SW_MAC:
12219                 {
12220                         struct rsbac_mac_ipc_aci_t aci =
12221                             DEFAULT_MAC_IPC_ACI;
12222 
12223                         rsbac_ta_list_get_data_ttl(ta_number,
12224                                                    ipc_handles.mac,
12225                                                    NULL,
12226                                                    &tid_p->ipc, &aci);
12227                         switch (attr) {
12228                         case A_security_level:
12229                                 aci.sec_level = value_p->security_level;
12230                                 break;
12231                         case A_mac_categories:
12232                                 aci.mac_categories =
12233                                     value_p->mac_categories;
12234                                 break;
12235                         default:
12236                                 err = -RSBAC_EINVALIDATTR;
12237                         }
12238                         if (!err) {
12239                                 err = rsbac_ta_list_add_ttl(ta_number,
12240                                                             ipc_handles.
12241                                                             mac, 0,
12242                                                             &tid_p->ipc,
12243                                                             &aci);
12244                         }
12245                 }
12246                 break;
12247 #endif
12248 
12249 #if defined(CONFIG_RSBAC_PM)
12250         case SW_PM:
12251                 {
12252                         struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
12253 
12254                         rsbac_ta_list_get_data_ttl(ta_number,
12255                                                    ipc_handles.pm,
12256                                                    NULL,
12257                                                    &tid_p->ipc, &aci);
12258                         switch (attr) {
12259                         case A_pm_object_type:
12260                                 aci.pm_object_type =
12261                                     value_p->pm_object_type;
12262                                 break;
12263                         case A_pm_ipc_purpose:
12264                                 aci.pm_ipc_purpose =
12265                                     value_p->pm_ipc_purpose;
12266                                 break;
12267                         case A_pm_object_class:
12268                                 aci.pm_object_class =
12269                                     value_p->pm_object_class;
12270                                 break;
12271                         default:
12272                                 err = -RSBAC_EINVALIDATTR;
12273                         }
12274                         if (!err) {
12275                                 err = rsbac_ta_list_add_ttl(ta_number,
12276                                                             ipc_handles.pm,
12277                                                             0,
12278                                                             &tid_p->ipc,
12279                                                             &aci);
12280                         }
12281                 }
12282                 break;
12283 #endif
12284 
12285 #if defined(CONFIG_RSBAC_RC)
12286         case SW_RC:
12287                 {
12288                         rsbac_rc_type_id_t type = value_p->rc_type;
12289 
12290                         switch (attr) {
12291                         case A_rc_type:
12292                                 err = rsbac_ta_list_add_ttl(ta_number,
12293                                                             ipc_handles.rc,
12294                                                             0,
12295                                                             &tid_p->ipc,
12296                                                             &type);
12297                                 break;
12298                         default:
12299                                 err = -RSBAC_EINVALIDATTR;
12300                         }
12301                 }
12302                 break;
12303 #endif
12304 
12305 #if defined(CONFIG_RSBAC_JAIL)
12306         case SW_JAIL:
12307                 {
12308                         rsbac_jail_id_t id = value_p->jail_id;
12309 
12310                         switch (attr) {
12311                         case A_jail_id:
12312 /*                              if (id)
12313                                         rsbac_pr_debug(aef,
12314                                                        "Setting jail_id for IPC "
12315                                                        "%s %lu to %u\n",
12316                                                        get_ipc_target_name(tmp,
12317                                                                            tid_p->ipc.type),
12318                                                        tid_p->ipc.id.id_nr,
12319                                                        id); */
12320                                 err = rsbac_ta_list_add_ttl(ta_number,
12321                                                             ipc_handles.
12322                                                             jail, 0,
12323                                                             &tid_p->ipc,
12324                                                             &id);
12325                                 break;
12326                         default:
12327                                 err = -RSBAC_EINVALIDATTR;
12328                         }
12329                 }
12330                 break;
12331 #endif
12332 
12333         default:
12334                 err = -RSBAC_EINVALIDMODULE;
12335         }
12336 
12337         return err;
12338 }
12339 
12340 static int set_attr_user(rsbac_list_ta_number_t ta_number,
12341                          enum rsbac_switch_target_t module,
12342                          enum rsbac_target_t target,
12343                          union rsbac_target_id_t *tid_p,
12344                          enum rsbac_attribute_t attr,
12345                          union rsbac_attribute_value_t *value_p)
12346 {
12347         int err = 0;
12348         /* rsbac_pr_debug(ds, "Setting %s user attribute %i "
12349                        "for %u to %i\n",
12350                        get_switch_target_name(tmp, module), attr,
12351                        tid_p->user, value_p->dummy); */
12352         switch (module) {
12353         case SW_GEN:
12354                 {
12355                         struct rsbac_gen_user_aci_t aci =
12356                             DEFAULT_GEN_U_ACI;
12357 
12358                         rsbac_ta_list_get_data_ttl(ta_number,
12359                                                    user_handles.gen,
12360                                                    NULL,
12361                                                    &tid_p->user, &aci);
12362                         switch (attr) {
12363                         case A_pseudo:
12364                                 aci.pseudo = value_p->pseudo;
12365                                 break;
12366                         case A_log_user_based:
12367                                 aci.log_user_based =
12368                                     value_p->log_user_based;
12369                                 break;
12370                         default:
12371                                 err = -RSBAC_EINVALIDATTR;
12372                         }
12373                         if (!err) {
12374                                 err = rsbac_ta_list_add_ttl(ta_number,
12375                                                             user_handles.
12376                                                             gen, 0,
12377                                                             &tid_p->user,
12378                                                             &aci);
12379                         }
12380                 }
12381                 break;
12382 
12383 #if defined(CONFIG_RSBAC_MAC)
12384         case SW_MAC:
12385                 {
12386                         struct rsbac_mac_user_aci_t aci =
12387                             DEFAULT_MAC_U_ACI;
12388 
12389                         rsbac_ta_list_get_data_ttl(ta_number,
12390                                                    user_handles.mac,
12391                                                    NULL,
12392                                                    &tid_p->user, &aci);
12393                         switch (attr) {
12394                         case A_security_level:
12395                                 if (value_p->security_level <
12396                                     aci.min_security_level)
12397                                         err = -RSBAC_EINVALIDVALUE;
12398                                 else
12399                                         aci.security_level =
12400                                             value_p->security_level;
12401                                 break;
12402                         case A_initial_security_level:
12403                                 if ((value_p->security_level <
12404                                      aci.min_security_level)
12405                                     || (value_p->security_level >
12406                                         aci.security_level)
12407                                     )
12408                                         err = -RSBAC_EINVALIDVALUE;
12409                                 else
12410                                         aci.initial_security_level =
12411                                             value_p->security_level;
12412                                 break;
12413                         case A_min_security_level:
12414                                 if (value_p->security_level >
12415                                     aci.security_level)
12416                                         err = -RSBAC_EINVALIDVALUE;
12417                                 else
12418                                         aci.min_security_level =
12419                                             value_p->security_level;
12420                                 break;
12421                         case A_mac_categories:
12422                                 if ((value_p->mac_categories & aci.
12423                                      mac_min_categories) !=
12424                                     aci.mac_min_categories)
12425                                         err = -RSBAC_EINVALIDVALUE;
12426                                 else
12427                                         aci.mac_categories =
12428                                             value_p->mac_categories;
12429                                 break;
12430                         case A_mac_initial_categories:
12431                                 if (((value_p->mac_categories & aci.
12432                                       mac_min_categories) !=
12433                                      aci.mac_min_categories)
12434                                     ||
12435                                     ((value_p->mac_categories & aci.
12436                                       mac_categories) !=
12437                                      value_p->mac_categories)
12438                                     )
12439                                         err = -RSBAC_EINVALIDVALUE;
12440                                 else
12441                                         aci.mac_initial_categories =
12442                                             value_p->mac_categories;
12443                                 break;
12444                         case A_mac_min_categories:
12445                                 if ((value_p->mac_categories & aci.
12446                                      mac_categories) !=
12447                                     value_p->mac_categories)
12448                                         err = -RSBAC_EINVALIDVALUE;
12449                                 else
12450                                         aci.mac_min_categories =
12451                                             value_p->mac_categories;
12452                                 break;
12453                         case A_system_role:
12454                         case A_mac_role:
12455                                 aci.system_role = value_p->system_role;
12456                                 break;
12457                         case A_mac_user_flags:
12458                                 aci.mac_user_flags =
12459                                     value_p->
12460                                     mac_user_flags & RSBAC_MAC_U_FLAGS;
12461                                 break;
12462                         default:
12463                                 err = -RSBAC_EINVALIDATTR;
12464                         }
12465                         if (!err) {
12466                                 err = rsbac_ta_list_add_ttl(ta_number,
12467                                                             user_handles.
12468                                                             mac, 0,
12469                                                             &tid_p->user,
12470                                                             &aci);
12471                         }
12472                 }
12473                 break;
12474 #endif
12475 
12476 #if defined(CONFIG_RSBAC_PM)
12477         case SW_PM:
12478                 {
12479                         struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
12480 
12481                         rsbac_ta_list_get_data_ttl(ta_number,
12482                                                    user_handles.pm,
12483                                                    NULL,
12484                                                    &tid_p->user, &aci);
12485                         switch (attr) {
12486                         case A_pm_task_set:
12487                                 aci.pm_task_set = value_p->pm_task_set;
12488                                 break;
12489                         case A_pm_role:
12490                                 aci.pm_role = value_p->pm_role;
12491                                 break;
12492                         default:
12493                                 err = -RSBAC_EINVALIDATTR;
12494                         }
12495                         if (!err) {
12496                                 err = rsbac_ta_list_add_ttl(ta_number,
12497                                                             user_handles.
12498                                                             pm, 0,
12499                                                             &tid_p->user,
12500                                                             &aci);
12501                         }
12502                 }
12503                 break;
12504 #endif
12505 
12506 #if defined(CONFIG_RSBAC_DAZ)
12507         case SW_DAZ:
12508                 {
12509                         rsbac_system_role_int_t role =
12510                             value_p->system_role;
12511 
12512                         switch (attr) {
12513                         case A_system_role:
12514                         case A_daz_role:
12515                                 err = rsbac_ta_list_add_ttl(ta_number,
12516                                                             user_handles.
12517                                                             daz, 0,
12518                                                             &tid_p->user,
12519                                                             &role);
12520                                 break;
12521                         default:
12522                                 err = -RSBAC_EINVALIDATTR;
12523                         }
12524                 }
12525                 break;
12526 #endif
12527 
12528 #if defined(CONFIG_RSBAC_FF)
12529         case SW_FF:
12530                 {
12531                         rsbac_system_role_int_t role =
12532                             value_p->system_role;
12533 
12534                         switch (attr) {
12535                         case A_system_role:
12536                         case A_ff_role:
12537                                 err = rsbac_ta_list_add_ttl(ta_number,
12538                                                             user_handles.
12539                                                             ff, 0,
12540                                                             &tid_p->user,
12541                                                             &role);
12542                                 break;
12543                         default:
12544                                 err = -RSBAC_EINVALIDATTR;
12545                         }
12546                 }
12547                 break;
12548 #endif
12549 
12550 #if defined(CONFIG_RSBAC_RC)
12551         case SW_RC:
12552                 {
12553                         struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
12554 
12555                         rsbac_ta_list_get_data_ttl(ta_number,
12556                                                    user_handles.rc,
12557                                                    NULL,
12558                                                    &tid_p->user, &aci);
12559                         switch (attr) {
12560                         case A_rc_def_role:
12561                                 aci.rc_role = value_p->rc_def_role;
12562                                 break;
12563                         case A_rc_type:
12564                                 aci.rc_type = value_p->rc_type;
12565                                 break;
12566                         default:
12567                                 err = -RSBAC_EINVALIDATTR;
12568                         }
12569                         if (!err) {
12570                                 err = rsbac_ta_list_add_ttl(ta_number,
12571                                                             user_handles.
12572                                                             rc, 0,
12573                                                             &tid_p->user,
12574                                                             &aci);
12575                         }
12576                 }
12577                 break;
12578 #endif
12579 
12580 #if defined(CONFIG_RSBAC_AUTH)
12581         case SW_AUTH:
12582                 {
12583                         rsbac_system_role_int_t role =
12584                             value_p->system_role;
12585 
12586                         switch (attr) {
12587                         case A_system_role:
12588                         case A_auth_role:
12589                                 err = rsbac_ta_list_add_ttl(ta_number,
12590                                                             user_handles.
12591                                                             auth, 0,
12592                                                             &tid_p->user,
12593                                                             &role);
12594                                 break;
12595                         default:
12596                                 err = -RSBAC_EINVALIDATTR;
12597                         }
12598                 }
12599                 break;
12600 #endif
12601 
12602 #if defined(CONFIG_RSBAC_CAP)
12603         case SW_CAP:
12604                 {
12605                         struct rsbac_cap_user_aci_t aci =
12606                             DEFAULT_CAP_U_ACI;
12607 
12608                         rsbac_ta_list_get_data_ttl(ta_number,
12609                                                    user_handles.cap,
12610                                                    NULL,
12611                                                    &tid_p->user, &aci);
12612                         switch (attr) {
12613                         case A_system_role:
12614                         case A_cap_role:
12615                                 aci.cap_role = value_p->system_role;
12616                                 break;
12617                         case A_min_caps:
12618                                 aci.min_caps = value_p->min_caps;
12619                                 break;
12620                         case A_max_caps:
12621                                 aci.max_caps = value_p->max_caps;
12622                                 break;
12623                         case A_cap_ld_env:
12624                                 aci.cap_ld_env = value_p->cap_ld_env;
12625                                 break;
12626                         default:
12627                                 err = -RSBAC_EINVALIDATTR;
12628                         }
12629                         if (!err) {
12630                                 err = rsbac_ta_list_add_ttl(ta_number,
12631                                                             user_handles.
12632                                                             cap, 0,
12633                                                             &tid_p->user,
12634                                                             &aci);
12635                         }
12636                 }
12637                 break;
12638 #endif
12639 
12640 #if defined(CONFIG_RSBAC_JAIL)
12641         case SW_JAIL:
12642                 {
12643                         rsbac_system_role_int_t role =
12644                             value_p->system_role;
12645 
12646                         switch (attr) {
12647                         case A_system_role:
12648                         case A_jail_role:
12649                                 err = rsbac_ta_list_add_ttl(ta_number,
12650                                                             user_handles.
12651                                                             jail, 0,
12652                                                             &tid_p->user,
12653                                                             &role);
12654                                 break;
12655                         default:
12656                                 err = -RSBAC_EINVALIDATTR;
12657                         }
12658                 }
12659                 break;
12660 #endif
12661 
12662 #if defined(CONFIG_RSBAC_RES)
12663         case SW_RES:
12664                 {
12665                         struct rsbac_res_user_aci_t aci =
12666                             DEFAULT_RES_U_ACI;
12667 
12668                         rsbac_ta_list_get_data_ttl(ta_number,
12669                                                    user_handles.res,
12670                                                    NULL,
12671                                                    &tid_p->user, &aci);
12672                         switch (attr) {
12673                         case A_system_role:
12674                         case A_res_role:
12675                                 aci.res_role = value_p->system_role;
12676                                 break;
12677                         case A_res_min:
12678                                 memcpy(&aci.res_min, &value_p->res_array,
12679                                        sizeof(aci.res_min));
12680                                 break;
12681                         case A_res_max:
12682                                 memcpy(&aci.res_max, &value_p->res_array,
12683                                        sizeof(aci.res_max));
12684                                 break;
12685                         default:
12686                                 err = -RSBAC_EINVALIDATTR;
12687                         }
12688                         if (!err) {
12689                                 struct rsbac_res_user_aci_t def_aci =
12690                                     DEFAULT_RES_U_ACI;
12691 
12692                                 if (tid_p->user != RSBAC_ALL_USERS) {
12693                                         rsbac_uid_t all_users =
12694                                             RSBAC_ALL_USERS;
12695 
12696                                         rsbac_ta_list_get_data_ttl
12697                                             (ta_number, user_handles.res,
12698                                              NULL, &all_users, &def_aci);
12699                                 }
12700                                 if (memcmp(&aci, &def_aci, sizeof(aci)))
12701                                         err =
12702                                             rsbac_ta_list_add_ttl
12703                                             (ta_number, user_handles.res,
12704                                              0, &tid_p->user, &aci);
12705                                 else
12706                                         err =
12707                                             rsbac_ta_list_remove(ta_number,
12708                                                                  user_handles.
12709                                                                  res,
12710                                                                  &tid_p->
12711                                                                  user);
12712                         }
12713                 }
12714                 break;
12715 #endif
12716 
12717 #if defined(CONFIG_RSBAC_PAX)
12718         case SW_PAX:
12719                 {
12720                         rsbac_system_role_int_t role =
12721                             value_p->system_role;
12722 
12723                         switch (attr) {
12724                         case A_system_role:
12725                         case A_pax_role:
12726                                 err = rsbac_ta_list_add_ttl(ta_number,
12727                                                             user_handles.
12728                                                             pax, 0,
12729                                                             &tid_p->user,
12730                                                             &role);
12731                                 break;
12732                         default:
12733                                 err = -RSBAC_EINVALIDATTR;
12734                         }
12735                 }
12736                 break;
12737 #endif
12738 
12739         default:
12740                 err = -RSBAC_EINVALIDMODULE;
12741         }
12742 
12743         return err;
12744 }
12745 
12746 static int set_attr_process(rsbac_list_ta_number_t ta_number,
12747                             enum rsbac_switch_target_t module,
12748                             enum rsbac_target_t target,
12749                             union rsbac_target_id_t *tid_p,
12750                             enum rsbac_attribute_t attr,
12751                             union rsbac_attribute_value_t *value_p)
12752 {
12753         int err = 0;
12754         /* rsbac_pr_debug(ds, "Setting process attribute\n"); */
12755         if (!tid_p->process) {
12756                 rsbac_printk(KERN_WARNING "rsbac_set_attr(): Trying to set attribute for process 0!\n");
12757                 return -RSBAC_EINVALIDTARGET;
12758         }
12759         switch (module) {
12760         case SW_GEN:
12761                 {
12762                         struct rsbac_gen_process_aci_t aci =
12763                             DEFAULT_GEN_P_ACI;
12764 
12765                         rsbac_ta_list_get_data_ttl(ta_number,
12766                                                    process_handles.gen,
12767                                                    NULL, &tid_p->process,
12768                                                    &aci);
12769                         switch (attr) {
12770                         case A_log_program_based:
12771                                 aci.log_program_based =
12772                                     value_p->log_program_based;
12773                                 break;
12774                         case A_fake_root_uid:
12775                                 aci.fake_root_uid = value_p->fake_root_uid;
12776                                 break;
12777                         case A_audit_uid:
12778                                 aci.audit_uid = value_p->audit_uid;
12779                                 break;
12780                         case A_auid_exempt:
12781                                 aci.auid_exempt = value_p->auid_exempt;
12782                                 break;
12783                         case A_remote_ip:
12784                                 aci.remote_ip = value_p->remote_ip;
12785                                 break;
12786                         case A_kernel_thread:
12787                                 aci.kernel_thread = value_p->kernel_thread;
12788                                 break;
12789                         default:
12790                                 err = -RSBAC_EINVALIDATTR;
12791                         }
12792                         if (!err) {
12793                                 err = rsbac_ta_list_add_ttl(ta_number,
12794                                                             process_handles.gen,
12795                                                             0,
12796                                                             &tid_p->
12797                                                             process, &aci);
12798                         }
12799                 }
12800                 break;
12801 
12802 #if defined(CONFIG_RSBAC_MAC)
12803         case SW_MAC:
12804                 {
12805                         struct rsbac_mac_process_aci_t aci =
12806                             DEFAULT_MAC_P_ACI;
12807 
12808                         rsbac_ta_list_get_data_ttl(ta_number,
12809                                                    process_handles.mac,
12810                                                    NULL, &tid_p->process,
12811                                                    &aci);
12812                         switch (attr) {
12813                         case A_security_level:
12814                                 aci.owner_sec_level =
12815                                     value_p->security_level;
12816                                 break;
12817                         case A_initial_security_level:
12818                                 aci.owner_initial_sec_level =
12819                                     value_p->security_level;
12820                                 break;
12821                         case A_min_security_level:
12822                                 aci.owner_min_sec_level =
12823                                     value_p->security_level;
12824                                 break;
12825                         case A_mac_categories:
12826                                 aci.mac_owner_categories =
12827                                     value_p->mac_categories;
12828                                 break;
12829                         case A_mac_initial_categories:
12830                                 aci.mac_owner_initial_categories =
12831                                     value_p->mac_categories;
12832                                 break;
12833                         case A_mac_min_categories:
12834                                 aci.mac_owner_min_categories =
12835                                     value_p->mac_categories;
12836                                 break;
12837                         case A_current_sec_level:
12838                                 aci.current_sec_level =
12839                                     value_p->current_sec_level;
12840                                 break;
12841                         case A_mac_curr_categories:
12842                                 aci.mac_curr_categories =
12843                                     value_p->mac_categories;
12844                                 break;
12845                         case A_min_write_open:
12846                                 aci.min_write_open =
12847                                     value_p->min_write_open;
12848                                 break;
12849                         case A_min_write_categories:
12850                                 aci.min_write_categories =
12851                                     value_p->mac_categories;
12852                                 break;
12853                         case A_max_read_open:
12854                                 aci.max_read_open = value_p->max_read_open;
12855                                 break;
12856                         case A_max_read_categories:
12857                                 aci.max_read_categories =
12858                                     value_p->mac_categories;
12859                                 break;
12860                         case A_mac_process_flags:
12861                                 aci.mac_process_flags =
12862                                     value_p->
12863                                     mac_process_flags & RSBAC_MAC_P_FLAGS;
12864                                 break;
12865                         case A_mac_auto:
12866                                 if (value_p->mac_auto)
12867                                         aci.mac_process_flags |= MAC_auto;
12868                                 else
12869                                         aci.mac_process_flags &= ~MAC_auto;
12870                                 break;
12871                         default:
12872                                 err = -RSBAC_EINVALIDATTR;
12873                         }
12874                         if (!err) {
12875                                 err = rsbac_ta_list_add_ttl(ta_number,
12876                                                             process_handles.mac,
12877                                                             0,
12878                                                             &tid_p->
12879                                                             process, &aci);
12880                         }
12881                 }
12882                 break;
12883 #endif
12884 
12885 #if defined(CONFIG_RSBAC_PM)
12886         case SW_PM:
12887                 {
12888                         struct rsbac_pm_process_aci_t aci =
12889                             DEFAULT_PM_P_ACI;
12890 
12891                         rsbac_ta_list_get_data_ttl(ta_number,
12892                                                    process_handles.pm,
12893                                                    NULL,
12894                                                    &tid_p->process, &aci);
12895                         switch (attr) {
12896                         case A_pm_tp:
12897                                 aci.pm_tp = value_p->pm_tp;
12898                                 break;
12899                         case A_pm_current_task:
12900                                 aci.pm_current_task =
12901                                     value_p->pm_current_task;
12902                                 break;
12903                         case A_pm_process_type:
12904                                 aci.pm_process_type =
12905                                     value_p->pm_process_type;
12906                                 break;
12907                         default:
12908                                 err = -RSBAC_EINVALIDATTR;
12909                         }
12910                         if (!err) {
12911                                 err = rsbac_ta_list_add_ttl(ta_number,
12912                                                             process_handles.
12913                                                             pm, 0,
12914                                                             &tid_p->
12915                                                             process, &aci);
12916                         }
12917                 }
12918                 break;
12919 #endif
12920 
12921 #if defined(CONFIG_RSBAC_DAZ)
12922         case SW_DAZ:
12923                 {
12924                         struct rsbac_daz_process_aci_t aci =
12925                             DEFAULT_DAZ_P_ACI;
12926 
12927                         rsbac_ta_list_get_data_ttl(ta_number,
12928                                                    process_handles.daz,
12929                                                    NULL,
12930                                                    &tid_p->process, &aci);
12931                         switch (attr) {
12932                         case A_daz_scanner:
12933                                 aci.daz_scanner = value_p->daz_scanner;
12934                                 break;
12935                         default:
12936                                 err = -RSBAC_EINVALIDATTR;
12937                         }
12938                         if (!err) {
12939                                 err = rsbac_ta_list_add_ttl(ta_number,
12940                                                             process_handles.
12941                                                             daz, 0,
12942                                                             &tid_p->
12943                                                             process, &aci);
12944                         }
12945                 }
12946                 break;
12947 #endif
12948 
12949 #if defined(CONFIG_RSBAC_RC)
12950         case SW_RC:
12951                 {
12952                         struct rsbac_rc_process_aci_t aci =
12953                             DEFAULT_RC_P_ACI;
12954 
12955                         rsbac_ta_list_get_data_ttl(ta_number,
12956                                                    process_handles.rc,
12957                                                    NULL, &tid_p->process,
12958                                                    &aci);
12959                         switch (attr) {
12960                         case A_rc_role:
12961                                 aci.rc_role = value_p->rc_role;
12962                                 break;
12963                         case A_rc_type:
12964                                 aci.rc_type = value_p->rc_type;
12965                                 break;
12966                         case A_rc_select_type:
12967                                 aci.rc_select_type = value_p->rc_select_type;
12968                                 break;
12969                         case A_rc_force_role:
12970                                 aci.rc_force_role = value_p->rc_force_role;
12971                                 break;
12972                         default:
12973                                 err = -RSBAC_EINVALIDATTR;
12974                         }
12975                         if (!err) {
12976                                 err = rsbac_ta_list_add_ttl(ta_number,
12977                                                             process_handles.rc,
12978                                                             0,
12979                                                             &tid_p->
12980                                                             process, &aci);
12981                         }
12982                 }
12983                 break;
12984 #endif
12985 
12986 #if defined(CONFIG_RSBAC_AUTH)
12987         case SW_AUTH:
12988                 {
12989                         struct rsbac_auth_process_aci_t aci =
12990                             DEFAULT_AUTH_P_ACI;
12991 
12992                         rsbac_ta_list_get_data_ttl(ta_number,
12993                                                    process_handles.auth,
12994                                                    NULL,
12995                                                    &tid_p->process, &aci);
12996                         switch (attr) {
12997                         case A_auth_may_setuid:
12998                                 aci.auth_may_setuid =
12999                                     value_p->auth_may_setuid;
13000                                 break;
13001                         case A_auth_may_set_cap:
13002                                 aci.auth_may_set_cap =
13003                                     value_p->auth_may_set_cap;
13004                                 break;
13005 #if defined(CONFIG_RSBAC_AUTH_LEARN)
13006                         case A_auth_program_file:
13007                                 aci.auth_program_file =
13008                                     value_p->auth_program_file;
13009                                 break;
13010                         case A_auth_start_uid:
13011                                 aci.auth_start_uid =
13012                                     value_p->auth_start_uid;
13013                                 break;
13014 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
13015                         case A_auth_start_euid:
13016                                 aci.auth_start_euid =
13017                                     value_p->auth_start_euid;
13018                                 break;
13019 #endif
13020 #ifdef CONFIG_RSBAC_AUTH_GROUP
13021                         case A_auth_start_gid:
13022                                 aci.auth_start_gid =
13023                                     value_p->auth_start_gid;
13024                                 break;
13025 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
13026                         case A_auth_start_egid:
13027                                 aci.auth_start_egid =
13028                                     value_p->auth_start_egid;
13029                                 break;
13030 #endif
13031 #endif
13032                         case A_auth_learn:
13033                                 aci.auth_learn = value_p->auth_learn;
13034                                 break;
13035 #endif
13036                         case A_auth_last_auth:
13037                                 aci.auth_last_auth =
13038                                     value_p->auth_last_auth;
13039                                 break;
13040                         default:
13041                                 err = -RSBAC_EINVALIDATTR;
13042                         }
13043                         if (!err) {
13044                                 err = rsbac_ta_list_add_ttl(ta_number,
13045                                                             process_handles.auth,
13046                                                             0,
13047                                                             &tid_p->process,
13048                                                             &aci);
13049                         }
13050                 }
13051                 break;
13052 #endif
13053 
13054 #if defined(CONFIG_RSBAC_CAP)
13055         case SW_CAP:
13056                 {
13057                         struct rsbac_cap_process_aci_t aci =
13058                             DEFAULT_CAP_P_ACI;
13059 
13060                         rsbac_ta_list_get_data_ttl(ta_number,
13061                                                    process_handles.cap,
13062                                                    NULL,
13063                                                    &tid_p->process, &aci);
13064                         switch (attr) {
13065                         case A_cap_process_hiding:
13066                                 aci.cap_process_hiding =
13067                                     value_p->cap_process_hiding;
13068                                 break;
13069 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
13070                         case A_max_caps_user:
13071                                 aci.max_caps_user = value_p->max_caps_user;
13072                                 break;
13073                         case A_max_caps_program:
13074                                 aci.max_caps_program =
13075                                     value_p->max_caps_program;
13076                                 break;
13077 #endif
13078                         case A_cap_ld_env:
13079                                 aci.cap_ld_env = value_p->cap_ld_env;
13080                                 break;
13081                         default:
13082                                 err = -RSBAC_EINVALIDATTR;
13083                         }
13084                         if (!err) {
13085                                 err = rsbac_ta_list_add_ttl(ta_number,
13086                                                             process_handles.
13087                                                             cap, 0,
13088                                                             &tid_p->
13089                                                             process, &aci);
13090                         }
13091                 }
13092                 break;
13093 #endif
13094 
13095 #if defined(CONFIG_RSBAC_JAIL)
13096         case SW_JAIL:
13097                 {
13098                         struct rsbac_jail_process_aci_t aci =
13099                             DEFAULT_JAIL_P_ACI;
13100 
13101                         rsbac_ta_list_get_data_ttl(ta_number,
13102                                                    process_handles.jail,
13103                                                    NULL, &tid_p->process,
13104                                                    &aci);
13105                         switch (attr) {
13106                         case A_jail_id:
13107                                 aci.id = value_p->jail_id;
13108                                 break;
13109                         case A_jail_parent:
13110                                 aci.parent = value_p->jail_parent;
13111                                 break;
13112                         case A_jail_ip:
13113                                 aci.ip = value_p->jail_ip;
13114                                 break;
13115                         case A_jail_flags:
13116                                 aci.flags = value_p->jail_flags;
13117                                 break;
13118                         case A_jail_max_caps:
13119                                 aci.max_caps = value_p->jail_max_caps;
13120                                 break;
13121                         case A_jail_scd_get:
13122                                 aci.scd_get = value_p->jail_scd_get;
13123                                 break;
13124                         case A_jail_scd_modify:
13125                                 aci.scd_modify = value_p->jail_scd_modify;
13126                                 break;
13127                         default:
13128                                 err = -RSBAC_EINVALIDATTR;
13129                         }
13130                         if (!err) {
13131                                 err = rsbac_ta_list_add_ttl(ta_number,
13132                                                             process_handles.jail,
13133                                                             0,
13134                                                             &tid_p->
13135                                                             process, &aci);
13136                         }
13137                 }
13138                 break;
13139 #endif
13140 
13141         default:
13142                 err = -RSBAC_EINVALIDMODULE;
13143         }
13144 
13145         return err;
13146 }
13147 
13148 #ifdef CONFIG_RSBAC_UM
13149 static int set_attr_group(rsbac_list_ta_number_t ta_number,
13150                           enum rsbac_switch_target_t module,
13151                           enum rsbac_target_t target,
13152                           union rsbac_target_id_t *tid_p,
13153                           enum rsbac_attribute_t attr,
13154                           union rsbac_attribute_value_t *value_p)
13155 {
13156         int err = 0;
13157         /* rsbac_pr_debug(ds, "Setting group attribute\n"); */
13158         switch (module) {
13159 #if defined(CONFIG_RSBAC_RC_UM_PROT)
13160         case SW_RC:
13161                 {
13162                         rsbac_rc_type_id_t type = value_p->rc_type;
13163                         rsbac_gid_t group_desc;
13164 
13165                         group_desc = tid_p->group;
13166 
13167                         switch (attr) {
13168                         case A_rc_type:
13169                                 err = rsbac_ta_list_add_ttl(ta_number,
13170                                                             group_handles.
13171                                                             rc, 0,
13172                                                             &group_desc,
13173                                                             &type);
13174                                 break;
13175                         default:
13176                                 err = -RSBAC_EINVALIDATTR;
13177                         }
13178                 }
13179                 break;
13180 #endif
13181 
13182         default:
13183                 err = -RSBAC_EINVALIDMODULE;
13184         }
13185 
13186         return err;
13187 }
13188 #endif                          /* UM */
13189 
13190 #ifdef CONFIG_RSBAC_NET_DEV
13191 static int set_attr_netdev(rsbac_list_ta_number_t ta_number,
13192                            enum rsbac_switch_target_t module,
13193                            enum rsbac_target_t target,
13194                            union rsbac_target_id_t *tid_p,
13195                            enum rsbac_attribute_t attr,
13196                            union rsbac_attribute_value_t *value_p)
13197 {
13198         int err = 0;
13199         /* rsbac_pr_debug(ds, "Setting netdev attribute\n"); */
13200         switch (module) {
13201 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
13202         case SW_GEN:
13203                 {
13204                         struct rsbac_gen_netdev_aci_t aci =
13205                             DEFAULT_GEN_NETDEV_ACI;
13206 
13207                         rsbac_ta_list_get_data_ttl(ta_number,
13208                                                    netdev_handles.gen,
13209                                                    NULL,
13210                                                    &tid_p->netdev, &aci);
13211                         switch (attr) {
13212                         case A_log_array_low:
13213                                 aci.log_array_low = value_p->log_array_low;
13214                                 break;
13215                         case A_log_array_high:
13216                                 aci.log_array_high =
13217                                     value_p->log_array_high;
13218                                 break;
13219                         default:
13220                                 err = -RSBAC_EINVALIDATTR;
13221                         }
13222                         if (!err) {
13223                                 err = rsbac_ta_list_add_ttl(ta_number,
13224                                                             netdev_handles.
13225                                                             gen, 0,
13226                                                             &tid_p->netdev,
13227                                                             &aci);
13228                         }
13229                 }
13230                 break;
13231 #endif
13232 #if defined(CONFIG_RSBAC_RC)
13233         case SW_RC:
13234                 {
13235                         rsbac_rc_type_id_t type = value_p->rc_type;
13236 
13237                         switch (attr) {
13238                         case A_rc_type:
13239                                 err = rsbac_ta_list_add_ttl(ta_number,
13240                                                             netdev_handles.
13241                                                             rc, 0,
13242                                                             &tid_p->netdev,
13243                                                             &type);
13244                                 break;
13245                         default:
13246                                 err = -RSBAC_EINVALIDATTR;
13247                         }
13248                 }
13249                 break;
13250 #endif
13251 
13252         default:
13253                 err = -RSBAC_EINVALIDMODULE;
13254         }
13255 
13256         return err;
13257 }
13258 #endif
13259 
13260 #ifdef CONFIG_RSBAC_NET_OBJ
13261 static int set_attr_nettemp(rsbac_list_ta_number_t ta_number,
13262                             enum rsbac_switch_target_t module,
13263                             enum rsbac_target_t target,
13264                             union rsbac_target_id_t *tid_p,
13265                             enum rsbac_attribute_t attr,
13266                             union rsbac_attribute_value_t *value_p)
13267 {
13268         int err = 0;
13269         /* rsbac_pr_debug(ds, "Setting nettemp attribute\n"); */
13270         if (!rsbac_list_exist(net_temp_handle, &tid_p->nettemp))
13271                 return -RSBAC_EINVALIDTARGET;
13272         switch (module) {
13273 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
13274         case SW_GEN:
13275                 {
13276                         struct rsbac_gen_netobj_aci_t aci =
13277                             DEFAULT_GEN_NETOBJ_ACI;
13278 
13279                         rsbac_ta_list_get_data_ttl(ta_number,
13280                                                    nettemp_handles.gen,
13281                                                    NULL,
13282                                                    &tid_p->nettemp, &aci);
13283                         switch (attr) {
13284                         case A_log_array_low:
13285                                 aci.log_array_low = value_p->log_array_low;
13286                                 break;
13287                         case A_log_array_high:
13288                                 aci.log_array_high =
13289                                     value_p->log_array_high;
13290                                 break;
13291 
13292                         default:
13293                                 err = -RSBAC_EINVALIDATTR;
13294                         }
13295                         if (!err) {
13296                                 err = rsbac_ta_list_add_ttl(ta_number,
13297                                                             nettemp_handles.
13298                                                             gen, 0,
13299                                                             &tid_p->
13300                                                             nettemp, &aci);
13301                         }
13302                 }
13303                 break;
13304 #endif                          /* IND_NETOBJ_LOG */
13305 #if defined(CONFIG_RSBAC_MAC)
13306         case SW_MAC:
13307                 {
13308                         struct rsbac_mac_netobj_aci_t aci =
13309                             DEFAULT_MAC_NETOBJ_ACI;
13310 
13311                         rsbac_ta_list_get_data_ttl(ta_number,
13312                                                    nettemp_handles.mac,
13313                                                    NULL,
13314                                                    &tid_p->nettemp, &aci);
13315                         switch (attr) {
13316                         case A_security_level:
13317                                 aci.sec_level = value_p->security_level;
13318                                 break;
13319                         case A_mac_categories:
13320                                 aci.mac_categories =
13321                                     value_p->mac_categories;
13322                                 break;
13323 
13324                         default:
13325                                 err = -RSBAC_EINVALIDATTR;
13326                         }
13327                         if (!err) {
13328                                 err = rsbac_ta_list_add_ttl(ta_number,
13329                                                             nettemp_handles.
13330                                                             mac, 0,
13331                                                             &tid_p->
13332                                                             nettemp, &aci);
13333                         }
13334                 }
13335                 break;
13336 #endif                          /* MAC */
13337 
13338 #if defined(CONFIG_RSBAC_PM)
13339         case SW_PM:
13340                 {
13341                         struct rsbac_pm_netobj_aci_t aci =
13342                             DEFAULT_PM_NETOBJ_ACI;
13343 
13344                         rsbac_ta_list_get_data_ttl(ta_number,
13345                                                    nettemp_handles.pm,
13346                                                    NULL,
13347                                                    &tid_p->nettemp, &aci);
13348                         switch (attr) {
13349                         case A_pm_object_class:
13350                                 aci.pm_object_class =
13351                                     value_p->pm_object_class;
13352                                 break;
13353                         case A_pm_ipc_purpose:
13354                                 aci.pm_ipc_purpose =
13355                                     value_p->pm_ipc_purpose;
13356                                 break;
13357                         case A_pm_object_type:
13358                                 aci.pm_object_type =
13359                                     value_p->pm_object_type;
13360                                 break;
13361                         default:
13362                                 err = -RSBAC_EINVALIDATTR;
13363                         }
13364                         if (!err) {
13365                                 err = rsbac_ta_list_add_ttl(ta_number,
13366                                                             nettemp_handles.
13367                                                             pm, 0,
13368                                                             &tid_p->
13369                                                             nettemp, &aci);
13370                         }
13371                 }
13372                 break;
13373 #endif                          /* PM */
13374 
13375 #if defined(CONFIG_RSBAC_RC)
13376         case SW_RC:
13377                 {
13378                         struct rsbac_rc_nettemp_aci_t aci =
13379                             DEFAULT_RC_NETTEMP_ACI;
13380 
13381                         rsbac_ta_list_get_data_ttl(ta_number,
13382                                                    nettemp_handles.rc,
13383                                                    NULL,
13384                                                    &tid_p->nettemp, &aci);
13385                         switch (attr) {
13386                         case A_rc_type:
13387                                 aci.netobj_type = value_p->rc_type;
13388                                 break;
13389                         case A_rc_type_nt:
13390                                 aci.nettemp_type = value_p->rc_type;
13391                                 break;
13392 
13393                         default:
13394                                 err = -RSBAC_EINVALIDATTR;
13395                         }
13396                         if (!err) {
13397                                 err = rsbac_ta_list_add_ttl(ta_number,
13398                                                             nettemp_handles.
13399                                                             rc, 0,
13400                                                             &tid_p->
13401                                                             nettemp, &aci);
13402                         }
13403                 }
13404                 break;
13405 #endif                          /* RC */
13406 
13407         default:
13408                 err = -RSBAC_EINVALIDMODULE;
13409         }
13410 
13411         return err;
13412 }
13413 
13414 static int set_attr_netobj(rsbac_list_ta_number_t ta_number,
13415                            enum rsbac_switch_target_t module,
13416                            enum rsbac_target_t target,
13417                            union rsbac_target_id_t *tid_p,
13418                            enum rsbac_attribute_t attr,
13419                            union rsbac_attribute_value_t *value_p)
13420 {
13421         int err = 0;
13422         /* rsbac_pr_debug(ds, "Setting netobj attribute\n"); */
13423         switch (module) {
13424 #if defined(CONFIG_RSBAC_MAC)
13425         case SW_MAC:
13426                 {
13427                         struct rsbac_mac_netobj_aci_t aci =
13428                             DEFAULT_MAC_NETOBJ_ACI;
13429 
13430                         switch (attr) {
13431                         case A_local_sec_level:
13432                         case A_local_mac_categories:
13433                                 if (rsbac_ta_list_get_data_ttl(ta_number, lnetobj_handles.mac, NULL, &tid_p->netobj.sock_p, &aci)) {    /* not found -> fallback to template */
13434                                         rsbac_net_temp_id_t temp = 0;
13435 
13436                                         rsbac_ta_net_lookup_templates
13437                                             (ta_number, &tid_p->netobj,
13438                                              &temp, NULL);
13439                                         if (temp)
13440                                                 rsbac_ta_list_get_data_ttl
13441                                                     (ta_number,
13442                                                      nettemp_handles.mac,
13443                                                      NULL, &temp, &aci);
13444                                 }
13445                                 break;
13446 
13447                         case A_remote_sec_level:
13448                         case A_remote_mac_categories:
13449                                 if (rsbac_ta_list_get_data_ttl(ta_number, rnetobj_handles.mac, NULL, &tid_p->netobj.sock_p, &aci)) {    /* not found -> fallback to template */
13450                                         rsbac_net_temp_id_t temp = 0;
13451 
13452                                         rsbac_ta_net_lookup_templates
13453                                             (ta_number, &tid_p->netobj,
13454                                              NULL, &temp);
13455                                         if (temp)
13456                                                 rsbac_ta_list_get_data_ttl
13457                                                     (ta_number,
13458                                                      nettemp_handles.mac,
13459                                                      NULL, &temp, &aci);
13460                                 }
13461                                 break;
13462 
13463                         default:
13464                                 err = -RSBAC_EINVALIDATTR;
13465                         }
13466                         if (err)
13467                                 break;
13468                         {
13469                                 switch (attr) {
13470                                 case A_local_sec_level:
13471                                         aci.sec_level =
13472                                             value_p->security_level;
13473                                         err =
13474                                             rsbac_ta_list_add_ttl
13475                                             (ta_number,
13476                                              lnetobj_handles.mac, 0,
13477                                              &tid_p->netobj.sock_p, &aci);
13478                                         break;
13479                                 case A_remote_sec_level:
13480                                         aci.sec_level =
13481                                             value_p->security_level;
13482                                         err =
13483                                             rsbac_ta_list_add_ttl
13484                                             (ta_number,
13485                                              rnetobj_handles.mac, 0,
13486                                              &tid_p->netobj.sock_p, &aci);
13487                                         break;
13488                                 case A_local_mac_categories:
13489                                         aci.mac_categories =
13490                                             value_p->mac_categories;
13491                                         err =
13492                                             rsbac_ta_list_add_ttl
13493                                             (ta_number,
13494                                              lnetobj_handles.mac, 0,
13495                                              &tid_p->netobj.sock_p, &aci);
13496                                         break;
13497                                 case A_remote_mac_categories:
13498                                         aci.mac_categories =
13499                                             value_p->mac_categories;
13500                                         err =
13501                                             rsbac_ta_list_add_ttl
13502                                             (ta_number,
13503                                              rnetobj_handles.mac, 0,
13504                                              &tid_p->netobj.sock_p, &aci);
13505                                         break;
13506 
13507                                 default:
13508                                         err = -RSBAC_EINVALIDATTR;
13509                                 }
13510                         }
13511                 }
13512                 break;
13513 #endif                          /* MAC */
13514 
13515 #if defined(CONFIG_RSBAC_PM)
13516         case SW_PM:
13517                 {
13518                         struct rsbac_pm_netobj_aci_t aci =
13519                             DEFAULT_PM_NETOBJ_ACI;
13520 
13521                         switch (attr) {
13522                         case A_local_pm_object_class:
13523                         case A_local_pm_ipc_purpose:
13524                         case A_local_pm_object_type:
13525                                 if (rsbac_ta_list_get_data_ttl(ta_number, lnetobj_handles.pm, NULL, &tid_p->netobj.sock_p, &aci)) {     /* not found -> fallback to template */
13526                                         rsbac_net_temp_id_t temp = 0;
13527 
13528                                         rsbac_ta_net_lookup_templates
13529                                             (ta_number, &tid_p->netobj,
13530                                              &temp, NULL);
13531                                         if (temp)
13532                                                 rsbac_ta_list_get_data_ttl
13533                                                     (ta_number,
13534                                                      nettemp_handles.pm,
13535                                                      NULL, &temp, &aci);
13536                                 }
13537                                 break;
13538 
13539                         case A_remote_pm_object_class:
13540                         case A_remote_pm_ipc_purpose:
13541                         case A_remote_pm_object_type:
13542                                 if (rsbac_ta_list_get_data_ttl(ta_number, rnetobj_handles.pm, NULL, &tid_p->netobj.sock_p, &aci)) {     /* not found -> fallback to template */
13543                                         rsbac_net_temp_id_t temp = 0;
13544 
13545                                         rsbac_ta_net_lookup_templates
13546                                             (ta_number, &tid_p->netobj,
13547                                              NULL, &temp);
13548                                         if (temp)
13549                                                 rsbac_ta_list_get_data_ttl
13550                                                     (ta_number,
13551                                                      nettemp_handles.pm,
13552                                                      NULL, &temp, &aci);
13553                                 }
13554                                 break;
13555 
13556                         default:
13557                                 err = -RSBAC_EINVALIDATTR;
13558                         }
13559                         if (err)
13560                                 break;
13561                         {
13562                                 switch (attr) {
13563                                 case A_local_pm_object_class:
13564                                         aci.pm_object_class =
13565                                             value_p->pm_object_class;
13566                                         err =
13567                                             rsbac_ta_list_add_ttl
13568                                             (ta_number, lnetobj_handles.pm,
13569                                              0, &tid_p->netobj.sock_p,
13570                                              &aci);
13571                                         break;
13572                                 case A_remote_pm_object_class:
13573                                         aci.pm_object_class =
13574                                             value_p->pm_object_class;
13575                                         err =
13576                                             rsbac_ta_list_add_ttl
13577                                             (ta_number, rnetobj_handles.pm,
13578                                              0, &tid_p->netobj.sock_p,
13579                                              &aci);
13580                                         break;
13581                                 case A_local_pm_ipc_purpose:
13582                                         aci.pm_ipc_purpose =
13583                                             value_p->pm_ipc_purpose;
13584                                         err =
13585                                             rsbac_ta_list_add_ttl
13586                                             (ta_number, lnetobj_handles.pm,
13587                                              0, &tid_p->netobj.sock_p,
13588                                              &aci);
13589                                         break;
13590                                 case A_remote_pm_ipc_purpose:
13591                                         aci.pm_ipc_purpose =
13592                                             value_p->pm_ipc_purpose;
13593                                         err =
13594                                             rsbac_ta_list_add_ttl
13595                                             (ta_number, rnetobj_handles.pm,
13596                                              0, &tid_p->netobj.sock_p,
13597                                              &aci);
13598                                         break;
13599                                 case A_local_pm_object_type:
13600                                         aci.pm_object_type =
13601                                             value_p->pm_object_type;
13602                                         err =
13603                                             rsbac_ta_list_add_ttl
13604                                             (ta_number, lnetobj_handles.pm,
13605                                              0, &tid_p->netobj.sock_p,
13606                                              &aci);
13607                                         break;
13608                                 case A_remote_pm_object_type:
13609                                         aci.pm_object_type =
13610                                             value_p->pm_object_type;
13611                                         err =
13612                                             rsbac_ta_list_add_ttl
13613                                             (ta_number, rnetobj_handles.pm,
13614                                              0, &tid_p->netobj.sock_p,
13615                                              &aci);
13616                                         break;
13617 
13618                                 default:
13619                                         err = -RSBAC_EINVALIDATTR;
13620                                 }
13621                         }
13622                 }
13623                 break;
13624 #endif                          /* PM */
13625 
13626 #if defined(CONFIG_RSBAC_RC)
13627         case SW_RC:
13628                 {
13629                         rsbac_rc_type_id_t type = value_p->rc_type;
13630 
13631                         switch (attr) {
13632                         case A_local_rc_type:
13633                                 err = rsbac_ta_list_add_ttl(ta_number,
13634                                                             lnetobj_handles.
13635                                                             rc, 0,
13636                                                             &tid_p->netobj.
13637                                                             sock_p, &type);
13638                                 break;
13639 
13640                         case A_remote_rc_type:
13641                                 err = rsbac_ta_list_add_ttl(ta_number,
13642                                                             rnetobj_handles.
13643                                                             rc, 0,
13644                                                             &tid_p->netobj.
13645                                                             sock_p, &type);
13646                                 break;
13647 
13648                         default:
13649                                 err = -RSBAC_EINVALIDATTR;
13650                         }
13651                 }
13652                 break;
13653 #endif                          /* RC */
13654 
13655         default:
13656                 err = -RSBAC_EINVALIDMODULE;
13657         }
13658 
13659         return err;
13660 }
13661 #endif                          /* UM */
13662 
13663 
13664 int rsbac_ta_set_attr(rsbac_list_ta_number_t ta_number,
13665                       enum rsbac_switch_target_t module,
13666                       enum rsbac_target_t target,
13667                       union rsbac_target_id_t tid,
13668                       enum rsbac_attribute_t attr,
13669                       union rsbac_attribute_value_t value)
13670 {
13671         int err = 0;
13672 /*
13673 #ifdef CONFIG_RSBAC_DEBUG
13674       char tmp[RSBAC_MAXNAMELEN];
13675 #endif
13676 */
13677         if (!rsbac_initialized) {
13678                 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
13679                 return (-RSBAC_ENOTINITIALIZED);
13680         }
13681         if (in_interrupt()) {
13682                 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n");
13683         }
13684         switch (target) {
13685         case T_FILE:
13686         case T_DIR:
13687         case T_FIFO:
13688         case T_SYMLINK:
13689         case T_UNIXSOCK:
13690                 err = set_attr_fd(ta_number, module, target, &tid, attr, &value);
13691                 break;
13692 
13693         case T_DEV:
13694                 err =
13695                     set_attr_dev(ta_number, module, target, tid.dev, attr,
13696                                  &value);
13697                 break;
13698 
13699         case T_IPC:
13700                 err =
13701                     set_attr_ipc(ta_number, module, target, &tid, attr,
13702                                  &value);
13703                 break;
13704 
13705         case T_USER:
13706                 err =
13707                     set_attr_user(ta_number, module, target, &tid, attr,
13708                                   &value);
13709                 break;
13710 
13711         case T_PROCESS:
13712                 err =
13713                     set_attr_process(ta_number, module, target, &tid, attr,
13714                                      &value);
13715                 break;
13716 
13717 #ifdef CONFIG_RSBAC_UM
13718         case T_GROUP:
13719                 err =
13720                     set_attr_group(ta_number, module, target, &tid, attr,
13721                                    &value);
13722                 break;
13723 #endif                          /* CONFIG_RSBAC_UM */
13724 
13725 #ifdef CONFIG_RSBAC_NET_DEV
13726         case T_NETDEV:
13727                 err =
13728                     set_attr_netdev(ta_number, module, target, &tid, attr,
13729                                     &value);
13730                 break;
13731 #endif
13732 
13733 #ifdef CONFIG_RSBAC_NET_OBJ
13734         case T_NETTEMP:
13735                 err =
13736                     set_attr_nettemp(ta_number, module, target, &tid, attr,
13737                                      &value);
13738                 break;
13739 
13740         case T_NETOBJ:
13741                 err =
13742                     set_attr_netobj(ta_number, module, target, &tid, attr,
13743                                     &value);
13744                 break;
13745 #endif                          /* NET_OBJ */
13746 
13747                 /* switch(target): no valid target */
13748         default:
13749                 return (-RSBAC_EINVALIDTARGET);
13750         }
13751 #ifdef CONFIG_RSBAC_XSTATS
13752         if (!err)
13753                 set_attr_count[target]++;
13754 #endif
13755         return (err);
13756 }
13757 
13758 /************************************************************************** */
13759 
13760 int rsbac_ta_remove_target(rsbac_list_ta_number_t ta_number,
13761                            enum rsbac_target_t target,
13762                            union rsbac_target_id_t tid)
13763 {
13764         int error = 0;
13765         struct rsbac_device_list_item_t *device_p;
13766 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
13767         u_long dflags;
13768 #endif
13769         u_int hash;
13770 
13771         if (!rsbac_initialized) {
13772                 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
13773                 return (-RSBAC_ENOTINITIALIZED);
13774         }
13775         if (in_interrupt()) {
13776                 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n");
13777         }
13778         switch (target) {
13779         case T_FILE:
13780         case T_DIR:
13781         case T_FIFO:
13782         case T_SYMLINK:
13783         case T_UNIXSOCK:
13784                 /* rsbac_pr_debug(ds, "Removing file/dir/fifo/symlink ACI\n"); */
13785 #if defined(CONFIG_RSBAC_MAC)
13786                 /* file and dir items can also have mac_f_trusets -> remove first */
13787                 if ((target == T_FILE)
13788                     || (target == T_DIR)
13789                     )
13790                         error = rsbac_mac_remove_f_trusets(tid.file);
13791 #endif
13792 #if defined(CONFIG_RSBAC_AUTH)
13793                 /* file and dir items can also have auth_f_capsets -> remove first */
13794                 if ((target == T_FILE)
13795                     || (target == T_DIR)
13796                     )
13797                         error = rsbac_auth_remove_f_capsets(tid.file);
13798 #endif
13799 #if defined(CONFIG_RSBAC_ACL)
13800                 /* items can also have an acl_fd_item -> remove first */
13801                 error = rsbac_acl_remove_acl(ta_number, target, tid);
13802 #endif
13803                 hash = device_hash(tid.file.device);
13804                 /* wait for read access to device_list_head */
13805 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13806                 rcu_read_lock();
13807 #else
13808                 rsbac_read_lock(&device_list_locks[hash], &dflags);
13809 #endif
13810 
13811                 /* lookup device */
13812                 device_p = lookup_device(tid.file.device, hash);
13813                 if (!device_p) {
13814                         struct super_block *sb_p;
13815 
13816 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13817                         rcu_read_unlock();
13818 #else
13819                         rsbac_read_unlock(&device_list_locks[hash], &dflags);
13820 #endif
13821 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13822                         sb_p = user_get_super(tid.file.device);
13823 #else
13824                         sb_p = get_super(tid.file.device);
13825 #endif
13826                         if (sb_p) {
13827                                 if(RSBAC_MAJOR(tid.file.device) <= 1) {
13828                                         rsbac_printk(KERN_INFO "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
13829                                              RSBAC_MAJOR(tid.file.device),
13830                                              RSBAC_MINOR(tid.file.device));
13831                                         rsbac_mount(sb_p, NULL);
13832                                 }
13833                                 /* free super_block pointer */
13834                                 drop_super(sb_p);
13835 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13836                                 rcu_read_lock();
13837 #else
13838                                 rsbac_read_lock(&device_list_locks[hash],
13839                                                 &dflags);
13840 #endif
13841                                 device_p = lookup_device(tid.file.device, hash);
13842                                 if (!device_p) {
13843 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13844                                         rcu_read_unlock();
13845 #else
13846                                         rsbac_read_unlock
13847                                             (&device_list_locks[hash],
13848                                              &dflags);
13849 #endif
13850                                         rsbac_printk(KERN_WARNING "rsbac_remove_target(): unknown device %02u:%02u\n",
13851                                                      RSBAC_MAJOR(tid.file.
13852                                                                  device),
13853                                                      RSBAC_MINOR(tid.file.
13854                                                                  device));
13855                                         return -RSBAC_EINVALIDDEV;
13856                                 }
13857                         } else
13858                                 return -RSBAC_EINVALIDDEV;
13859                 }
13860                 rsbac_ta_list_remove(ta_number,
13861                                      device_p->handles.gen,
13862                                      &tid.file.inode);
13863 #if defined(CONFIG_RSBAC_MAC)
13864                 rsbac_ta_list_remove(ta_number,
13865                                      device_p->handles.mac,
13866                                      &tid.file.inode);
13867 #endif
13868 #if defined(CONFIG_RSBAC_PM)
13869                 rsbac_ta_list_remove(ta_number,
13870                                      device_p->handles.pm,
13871                                      &tid.file.inode);
13872 #endif
13873 #if defined(CONFIG_RSBAC_DAZ)
13874                 rsbac_ta_list_remove(ta_number,
13875                                      device_p->handles.daz,
13876                                      &tid.file.inode);
13877 #if defined(CONFIG_RSBAC_DAZ_CACHE)
13878                 rsbac_ta_list_remove(ta_number,
13879                                      device_p->handles.dazs,
13880                                      &tid.file.inode);
13881 #endif
13882 #endif
13883 #if defined(CONFIG_RSBAC_FF)
13884                 rsbac_ta_list_remove(ta_number,
13885                                      device_p->handles.ff,
13886                                      &tid.file.inode);
13887 #endif
13888 #if defined(CONFIG_RSBAC_RC)
13889                 rsbac_ta_list_remove(ta_number,
13890                                      device_p->handles.rc,
13891                                      &tid.file.inode);
13892 #endif
13893 #if defined(CONFIG_RSBAC_AUTH)
13894                 rsbac_ta_list_remove(ta_number,
13895                                      device_p->handles.auth,
13896                                      &tid.file.inode);
13897 #endif
13898 #if defined(CONFIG_RSBAC_CAP)
13899                 rsbac_ta_list_remove(ta_number,
13900                                      device_p->handles.cap,
13901                                      &tid.file.inode);
13902 #endif
13903 #if defined(CONFIG_RSBAC_PAX)
13904                 rsbac_ta_list_remove(ta_number,
13905                                      device_p->handles.pax,
13906                                      &tid.file.inode);
13907 #endif
13908 #if defined(CONFIG_RSBAC_RES)
13909                 rsbac_ta_list_remove(ta_number,
13910                                      device_p->handles.res,
13911                                      &tid.file.inode);
13912 #endif
13913 
13914                 /* free access to device_list_head */
13915 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
13916                 rcu_read_unlock();
13917 #else
13918                 rsbac_read_unlock(&device_list_locks[hash], &dflags);
13919 #endif
13920 #ifdef CONFIG_RSBAC_FD_CACHE
13921                 rsbac_fd_cache_invalidate(&tid.file);
13922 #endif
13923                 break;
13924 
13925         case T_DEV:
13926                 {
13927                   switch (tid.dev.type)
13928                     {
13929                       case D_block:
13930                       case D_char:
13931                         rsbac_ta_list_remove(ta_number,
13932                                          dev_handles.gen,
13933                                          &tid.dev);
13934 #if defined(CONFIG_RSBAC_MAC)
13935                         rsbac_ta_list_remove(ta_number,
13936                                          dev_handles.mac,
13937                                          &tid.dev);
13938 #endif
13939 #if defined(CONFIG_RSBAC_PM)
13940                         rsbac_ta_list_remove(ta_number,
13941                                          dev_handles.pm,
13942                                          &tid.dev);
13943 #endif
13944 #if defined(CONFIG_RSBAC_RC)
13945                         rsbac_ta_list_remove(ta_number,
13946                                          dev_handles.rc,
13947                                          &tid.dev);
13948 #endif
13949                         break;
13950                       case D_block_major:
13951                       case D_char_major:
13952                         {
13953                           enum rsbac_dev_type_t orig_devtype=tid.dev.type;
13954 
13955                           if (tid.dev.type==D_block_major)    
13956                             tid.dev.type=D_block;
13957                           else
13958                             tid.dev.type=D_char;
13959                           rsbac_ta_list_remove(ta_number,
13960                                            dev_major_handles.gen,
13961                                            &tid.dev);
13962 #if defined(CONFIG_RSBAC_MAC)
13963                           rsbac_ta_list_remove(ta_number,
13964                                            dev_major_handles.mac,
13965                                            &tid.dev);
13966 #endif
13967 #if defined(CONFIG_RSBAC_PM)
13968                           rsbac_ta_list_remove(ta_number,
13969                                            dev_major_handles.pm,
13970                                            &tid.dev);
13971 #endif
13972 #if defined(CONFIG_RSBAC_RC)
13973                           rsbac_ta_list_remove(ta_number,
13974                                            dev_major_handles.rc,
13975                                            &tid.dev);
13976 #endif
13977                           tid.dev.type=orig_devtype;
13978                           break;
13979                         }
13980                       default:
13981                         return -RSBAC_EINVALIDTARGET;
13982                     }
13983                 }
13984                 break;
13985 
13986         case T_IPC:
13987                 /* rsbac_pr_debug(ds, "Removing ipc ACI\n"); */
13988 #if defined(CONFIG_RSBAC_MAC)
13989                 rsbac_ta_list_remove(ta_number, ipc_handles.mac, &tid.ipc);
13990 #endif
13991 #if defined(CONFIG_RSBAC_PM)
13992                 rsbac_ta_list_remove(ta_number, ipc_handles.pm, &tid.ipc);
13993 #endif
13994 #if defined(CONFIG_RSBAC_RC)
13995                 rsbac_ta_list_remove(ta_number, ipc_handles.rc, &tid.ipc);
13996 #endif
13997 #if defined(CONFIG_RSBAC_JAIL)
13998                 rsbac_ta_list_remove(ta_number,
13999                                      ipc_handles.jail, &tid.ipc);
14000 #endif
14001                 break;
14002 
14003         case T_USER:
14004                 /* rsbac_pr_debug(ds, "Removing user ACI"); */
14005                 rsbac_ta_list_remove(ta_number,
14006                                      user_handles.gen, &tid.user);
14007 #if defined(CONFIG_RSBAC_MAC)
14008                 rsbac_ta_list_remove(ta_number,
14009                                      user_handles.mac, &tid.user);
14010 #endif
14011 #if defined(CONFIG_RSBAC_PM)
14012                 rsbac_ta_list_remove(ta_number,
14013                                      user_handles.pm, &tid.user);
14014 #endif
14015 #if defined(CONFIG_RSBAC_DAZ)
14016                 rsbac_ta_list_remove(ta_number,
14017                                      user_handles.daz, &tid.user);
14018 #endif
14019 #if defined(CONFIG_RSBAC_FF)
14020                 rsbac_ta_list_remove(ta_number,
14021                                      user_handles.ff, &tid.user);
14022 #endif
14023 #if defined(CONFIG_RSBAC_RC)
14024                 rsbac_ta_list_remove(ta_number,
14025                                      user_handles.rc, &tid.user);
14026 #endif
14027 #if defined(CONFIG_RSBAC_AUTH)
14028                 rsbac_ta_list_remove(ta_number,
14029                                      user_handles.auth, &tid.user);
14030 #endif
14031 #if defined(CONFIG_RSBAC_CAP)
14032                 rsbac_ta_list_remove(ta_number,
14033                                      user_handles.cap, &tid.user);
14034 #endif
14035 #if defined(CONFIG_RSBAC_JAIL)
14036                 rsbac_ta_list_remove(ta_number,
14037                                      user_handles.jail, &tid.user);
14038 #endif
14039 #if defined(CONFIG_RSBAC_PAX)
14040                 rsbac_ta_list_remove(ta_number,
14041                                      user_handles.pax, &tid.user);
14042 #endif
14043 #if defined(CONFIG_RSBAC_RES)
14044                 rsbac_ta_list_remove(ta_number,
14045                                      user_handles.res, &tid.user);
14046 #endif
14047                 break;
14048 
14049         case T_PROCESS:
14050 /* too noisy... kicked out.
14051                 rsbac_pr_debug(ds, "Removing process ACI\n");
14052 */
14053 #if defined(CONFIG_RSBAC_ACL)
14054                 /* process items can also have an acl_p_item -> remove first */
14055                 error = rsbac_acl_remove_acl(ta_number, target, tid);
14056 #endif
14057                 rsbac_ta_list_remove(ta_number,
14058                                      process_handles.gen,
14059                                      &tid.process);
14060 #if defined(CONFIG_RSBAC_MAC)
14061                 /* process items can also have mac_p_trusets -> remove first */
14062                 error = rsbac_mac_remove_p_trusets(tid.process);
14063                 rsbac_ta_list_remove(ta_number,
14064                                      process_handles.mac,
14065                                      &tid.process);
14066 #endif
14067 #if defined(CONFIG_RSBAC_PM)
14068                 rsbac_ta_list_remove(ta_number,
14069                                      process_handles.pm, &tid.process);
14070 #endif
14071 #if defined(CONFIG_RSBAC_DAZ)
14072                 rsbac_ta_list_remove(ta_number,
14073                                      process_handles.daz, &tid.process);
14074 #endif
14075 #if defined(CONFIG_RSBAC_RC)
14076                 rsbac_ta_list_remove(ta_number,
14077                                      process_handles.rc,
14078                                      &tid.process);
14079 #endif
14080 #if defined(CONFIG_RSBAC_AUTH)
14081                 /* process items can also have auth_p_capsets -> remove first */
14082                 error = rsbac_auth_remove_p_capsets(tid.process);
14083                 rsbac_ta_list_remove(ta_number,
14084                                      process_handles.auth, &tid.process);
14085 #endif
14086 #if defined(CONFIG_RSBAC_CAP)
14087                 rsbac_ta_list_remove(ta_number,
14088                                      process_handles.cap, &tid.process);
14089 #endif
14090 #if defined(CONFIG_RSBAC_JAIL)
14091                 rsbac_ta_list_remove(ta_number,
14092                                      process_handles.jail,
14093                                      &tid.process);
14094 #endif
14095                 break;
14096 
14097 #ifdef CONFIG_RSBAC_UM
14098         case T_GROUP:
14099                 /* rsbac_pr_debug(ds, "Removing group ACI\n"); */
14100 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14101                 rsbac_ta_list_remove(ta_number,
14102                                      group_handles.rc, &tid.group);
14103 #endif
14104                 break;
14105 #endif                          /* CONFIG_RSBAC_UM */
14106 
14107 #ifdef CONFIG_RSBAC_NET_DEV
14108         case T_NETDEV:
14109 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14110                 rsbac_ta_list_remove(ta_number,
14111                                      netdev_handles.gen, &tid.netdev);
14112 #endif
14113 #if defined(CONFIG_RSBAC_RC)
14114                 rsbac_ta_list_remove(ta_number,
14115                                      netdev_handles.rc, &tid.netdev);
14116 #endif
14117                 break;
14118 #endif
14119 
14120 #ifdef CONFIG_RSBAC_NET_OBJ
14121         case T_NETTEMP:
14122 /* too noisy... kicked out.
14123                 rsbac_pr_debug(ds, "Removing nettemp ACI\n");
14124 */
14125 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14126                 rsbac_ta_list_remove(ta_number,
14127                                      nettemp_handles.gen, &tid.nettemp);
14128 #endif
14129 #if defined(CONFIG_RSBAC_MAC)
14130                 rsbac_ta_list_remove(ta_number,
14131                                      nettemp_handles.mac, &tid.nettemp);
14132 #endif
14133 #if defined(CONFIG_RSBAC_PM)
14134                 rsbac_ta_list_remove(ta_number,
14135                                      nettemp_handles.pm, &tid.nettemp);
14136 #endif
14137 #if defined(CONFIG_RSBAC_RC)
14138                 rsbac_ta_list_remove(ta_number,
14139                                      nettemp_handles.rc, &tid.nettemp);
14140 #endif
14141 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
14142                 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid);
14143                 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid);
14144 #endif
14145                 break;
14146 
14147         case T_NETOBJ:
14148 /* too noisy... kicked out.
14149                 rsbac_pr_debug(ds, "Removing netobj ACI\n");
14150 */
14151 #if defined(CONFIG_RSBAC_MAC)
14152                 rsbac_ta_list_remove(ta_number,
14153                                      lnetobj_handles.mac,
14154                                      &tid.netobj.sock_p);
14155                 rsbac_ta_list_remove(ta_number,
14156                                      rnetobj_handles.mac,
14157                                      &tid.netobj.sock_p);
14158 #endif
14159 #if defined(CONFIG_RSBAC_PM)
14160                 rsbac_ta_list_remove(ta_number,
14161                                      lnetobj_handles.pm,
14162                                      &tid.netobj.sock_p);
14163                 rsbac_ta_list_remove(ta_number,
14164                                      rnetobj_handles.pm,
14165                                      &tid.netobj.sock_p);
14166 #endif
14167 #if defined(CONFIG_RSBAC_RC)
14168                 rsbac_ta_list_remove(ta_number,
14169                                      lnetobj_handles.rc,
14170                                      &tid.netobj.sock_p);
14171                 rsbac_ta_list_remove(ta_number,
14172                                      rnetobj_handles.rc,
14173                                      &tid.netobj.sock_p);
14174 #endif
14175                 break;
14176 
14177 #endif
14178 
14179         default:
14180                 return (-RSBAC_EINVALIDTARGET);
14181         }
14182 #ifdef CONFIG_RSBAC_XSTATS
14183         remove_count[target]++;
14184 #endif
14185         return (error);
14186 }
14187 
14188 int rsbac_ta_list_all_dev(rsbac_list_ta_number_t ta_number,
14189                           struct rsbac_dev_desc_t **id_pp)
14190 {
14191         int count = 0;
14192         int tmp_count;
14193 
14194         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen);
14195         if (tmp_count > 0)
14196                 count += tmp_count;
14197 #if defined(CONFIG_RSBAC_MAC)
14198         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac);
14199         if (tmp_count > 0)
14200                 count += tmp_count;
14201 #endif
14202 #if defined(CONFIG_RSBAC_PM)
14203         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm);
14204         if (tmp_count > 0)
14205                 count += tmp_count;
14206 #endif
14207 #if defined(CONFIG_RSBAC_RC)
14208         tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc);
14209         if (tmp_count > 0)
14210                 count += tmp_count;
14211         tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc);
14212         if (tmp_count > 0)
14213                 count += tmp_count;
14214 #endif
14215         if (id_pp) {
14216                 struct rsbac_dev_desc_t *i_id_p = NULL;
14217                 char *pos = NULL;
14218 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC)
14219                 u_int i;
14220 #endif
14221 
14222                 if (count > 0) {
14223                         int i_count = 0;
14224 
14225                         i_count = count + 20;   /* max value to expect */
14226                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14227                         if (!*id_pp)
14228                                 return -RSBAC_ENOMEM;
14229                         pos = (char *) *id_pp;
14230                         tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14231                                                                dev_handles.
14232                                                                gen,
14233                                                                (void **)
14234                                                                &i_id_p);
14235                         if (tmp_count > 0) {
14236                                 if (tmp_count > i_count)
14237                                         tmp_count = i_count;
14238                                 memcpy(pos, i_id_p,
14239                                        tmp_count * sizeof(*i_id_p));
14240                                 rsbac_vfree(i_id_p);
14241                                 count = tmp_count;
14242                                 i_count -= tmp_count;
14243                                 pos += tmp_count * sizeof(*i_id_p);
14244                         } else
14245                                 count = 0;
14246 #if defined(CONFIG_RSBAC_MAC)
14247                         if (i_count) {
14248                                 tmp_count =
14249                                     rsbac_ta_list_get_all_desc(ta_number,
14250                                                                dev_handles.
14251                                                                mac,
14252                                                                (void **)
14253                                                                &i_id_p);
14254                                 if (tmp_count > 0) {
14255                                         if (tmp_count > i_count)
14256                                                 tmp_count = i_count;
14257                                         for (i = 0; i < tmp_count; i++) {
14258                                                 if (!rsbac_ta_list_exist
14259                                                     (ta_number,
14260                                                      dev_handles.gen,
14261                                                      &i_id_p[i])) {
14262                                                         memcpy(pos,
14263                                                                &i_id_p[i],
14264                                                                sizeof
14265                                                                (*i_id_p));
14266                                                         pos +=
14267                                                             sizeof
14268                                                             (*i_id_p);
14269                                                         count++;
14270                                                         i_count--;
14271                                                 }
14272                                         }
14273                                         rsbac_vfree(i_id_p);
14274                                 }
14275                         }
14276 #endif
14277 #if defined(CONFIG_RSBAC_PM)
14278                         if (i_count) {
14279                                 tmp_count =
14280                                     rsbac_ta_list_get_all_desc(ta_number,
14281                                                                dev_handles.
14282                                                                pm,
14283                                                                (void **)
14284                                                                &i_id_p);
14285                                 if (tmp_count > 0) {
14286                                         if (tmp_count > i_count)
14287                                                 tmp_count = i_count;
14288                                         for (i = 0; i < tmp_count; i++) {
14289                                                 if (!rsbac_ta_list_exist
14290                                                     (ta_number,
14291                                                      dev_handles.gen,
14292                                                      &i_id_p[i]))
14293 #if defined(CONFIG_RSBAC_MAC)
14294                                                         if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14295 #endif
14296                                                         {
14297                                                                 memcpy(pos,
14298                                                                        &i_id_p
14299                                                                        [i],
14300                                                                        sizeof
14301                                                                        (*i_id_p));
14302                                                                 pos +=
14303                                                                     sizeof
14304                                                                     (*i_id_p);
14305                                                                 count++;
14306                                                                 i_count--;
14307                                                         }
14308                                         }
14309                                         rsbac_vfree(i_id_p);
14310                                 }
14311                         }
14312 #endif
14313 #if defined(CONFIG_RSBAC_RC)
14314                         if (i_count) {
14315                                 tmp_count =
14316                                     rsbac_ta_list_get_all_desc(ta_number,
14317                                                                dev_major_handles.
14318                                                                rc,
14319                                                                (void **)
14320                                                                &i_id_p);
14321                                 if (tmp_count > 0) {
14322                                         if (tmp_count > i_count)
14323                                                 tmp_count = i_count;
14324                                         for (i = 0; i < tmp_count; i++) {
14325                                                 i_id_p[i].type +=
14326                                                     (D_block_major -
14327                                                      D_block);
14328                                                 memcpy(pos, &i_id_p[i],
14329                                                        sizeof(*i_id_p));
14330                                                 pos += sizeof(*i_id_p);
14331                                                 count++;
14332                                                 i_count--;
14333                                         }
14334                                         rsbac_vfree(i_id_p);
14335                                 }
14336                         }
14337                         if (i_count) {
14338                                 tmp_count =
14339                                     rsbac_ta_list_get_all_desc(ta_number,
14340                                                                dev_handles.
14341                                                                rc,
14342                                                                (void **)
14343                                                                &i_id_p);
14344                                 if (tmp_count > 0) {
14345                                         if (tmp_count > i_count)
14346                                                 tmp_count = i_count;
14347                                         for (i = 0; i < tmp_count; i++) {
14348                                                 if (!rsbac_ta_list_exist
14349                                                     (ta_number,
14350                                                      dev_handles.gen,
14351                                                      &i_id_p[i]))
14352 #if defined(CONFIG_RSBAC_MAC)
14353                                                         if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14354 #endif
14355 #if defined(CONFIG_RSBAC_PM)
14356                                                                 if (!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i]))
14357 #endif
14358                                                                 {
14359                                                                         memcpy
14360                                                                             (pos,
14361                                                                              &i_id_p
14362                                                                              [i],
14363                                                                              sizeof
14364                                                                              (*i_id_p));
14365                                                                         pos += sizeof(*i_id_p);
14366                                                                         count++;
14367                                                                         i_count--;
14368                                                                 }
14369                                         }
14370                                         rsbac_vfree(i_id_p);
14371                                 }
14372                         }
14373 #endif
14374                         if (!count)
14375                                 rsbac_vfree(*id_pp);
14376                 }
14377         }
14378         return count;
14379 }
14380 
14381 /* Copy new items, of they do not exist. Adjust list counters. */
14382 static int copy_new_uids(rsbac_list_handle_t list,
14383                          rsbac_list_ta_number_t ta_number,
14384                          int *count_p,
14385                          int *i_count_p, rsbac_uid_t * res_id_p)
14386 {
14387         rsbac_uid_t *i_id_p = NULL;
14388         rsbac_boolean_t found;
14389         int tmp_count;
14390         int i;
14391         int j;
14392 
14393         if (!list || !count_p || !i_count_p || !res_id_p)
14394                 return -RSBAC_EINVALIDPOINTER;
14395         if (!*i_count_p)
14396                 return 0;
14397 /*      rsbac_pr_debug(ds, "list %p, ta_number %u, count %u, "
14398                        "i_count %u, res_id_p %p, res_id_p[0] %u\n",
14399                        list, ta_number, *count_p, *i_count_p, res_id_p,
14400                        res_id_p[0]); */
14401         tmp_count =
14402             rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p);
14403         if (tmp_count > 0) {
14404                 if (tmp_count > *i_count_p)
14405                         tmp_count = *i_count_p;
14406                 for (i = 0; i < tmp_count; i++) {
14407                         found = FALSE;
14408                         for (j = 0; j < *count_p; j++) {
14409                                 if (res_id_p[j] == i_id_p[i]) {
14410                                         found = TRUE;
14411                                         break;
14412                                 }
14413                         }
14414                         if (found == FALSE) {
14415                                 res_id_p[*count_p] = i_id_p[i];
14416                                 (*count_p)++;
14417                                 (*i_count_p)--;
14418                         }
14419                 }
14420                 rsbac_vfree(i_id_p);
14421         }
14422         return 0;
14423 }
14424 
14425 int rsbac_ta_list_all_user(rsbac_list_ta_number_t ta_number,
14426                            rsbac_uid_t ** id_pp)
14427 {
14428         int count = 0;
14429         int tmp_count;
14430 
14431         tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen);
14432         if (tmp_count > 0)
14433                 count += tmp_count;
14434 #if defined(CONFIG_RSBAC_MAC)
14435         tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac);
14436         if (tmp_count > 0)
14437                 count += tmp_count;
14438 #endif
14439 #if defined(CONFIG_RSBAC_PM)
14440         tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm);
14441         if (tmp_count > 0)
14442                 count += tmp_count;
14443 #endif
14444 #if defined(CONFIG_RSBAC_DAZ)
14445         tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz);
14446         if (tmp_count > 0)
14447                 count += tmp_count;
14448 #endif
14449 #if defined(CONFIG_RSBAC_FF)
14450         tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff);
14451         if (tmp_count > 0)
14452                 count += tmp_count;
14453 #endif
14454 #if defined(CONFIG_RSBAC_RC)
14455         tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc);
14456         if (tmp_count > 0)
14457                 count += tmp_count;
14458 #endif
14459 #if defined(CONFIG_RSBAC_AUTH)
14460         tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth);
14461         if (tmp_count > 0)
14462                 count += tmp_count;
14463 #endif
14464 #if defined(CONFIG_RSBAC_CAP)
14465         tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap);
14466         if (tmp_count > 0)
14467                 count += tmp_count;
14468 #endif
14469 #if defined(CONFIG_RSBAC_JAIL)
14470         tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail);
14471         if (tmp_count > 0)
14472                 count += tmp_count;
14473 #endif
14474 #if defined(CONFIG_RSBAC_PAX)
14475         tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax);
14476         if (tmp_count > 0)
14477                 count += tmp_count;
14478 #endif
14479 #if defined(CONFIG_RSBAC_RES)
14480         tmp_count = rsbac_ta_list_count(ta_number, user_handles.res);
14481         if (tmp_count > 0)
14482                 count += tmp_count;
14483 #endif
14484         if (id_pp) {
14485                 if (count > 0) {
14486                         int i_count;
14487                         rsbac_uid_t *i_id_p = NULL;
14488 
14489                         i_count = count + 20;   /* max value to expect */
14490                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14491                         if (!*id_pp)
14492                                 return -RSBAC_ENOMEM;
14493                         tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14494                                                                user_handles.
14495                                                                gen,
14496                                                                (void **)
14497                                                                &i_id_p);
14498                         if (tmp_count > 0) {
14499                                 if (tmp_count > i_count)
14500                                         tmp_count = i_count;
14501                                 memcpy(*id_pp, i_id_p,
14502                                        tmp_count * sizeof(*i_id_p));
14503                                 rsbac_vfree(i_id_p);
14504                                 count = tmp_count;
14505                                 i_count -= tmp_count;
14506                         } else
14507                                 count = 0;
14508 #if defined(CONFIG_RSBAC_MAC)
14509                         copy_new_uids(user_handles.mac, ta_number, &count,
14510                                       &i_count, *id_pp);
14511 #endif
14512 #if defined(CONFIG_RSBAC_PM)
14513                         copy_new_uids(user_handles.pm, ta_number, &count,
14514                                       &i_count, *id_pp);
14515 #endif
14516 #if defined(CONFIG_RSBAC_DAZ)
14517                         copy_new_uids(user_handles.daz, ta_number, &count,
14518                                       &i_count, *id_pp);
14519 #endif
14520 #if defined(CONFIG_RSBAC_FF)
14521                         copy_new_uids(user_handles.ff, ta_number, &count,
14522                                       &i_count, *id_pp);
14523 #endif
14524 #if defined(CONFIG_RSBAC_RC)
14525                         copy_new_uids(user_handles.rc, ta_number, &count,
14526                                       &i_count, *id_pp);
14527 #endif
14528 #if defined(CONFIG_RSBAC_AUTH)
14529                         copy_new_uids(user_handles.auth, ta_number, &count,
14530                                       &i_count, *id_pp);
14531 #endif
14532 #if defined(CONFIG_RSBAC_CAP)
14533                         copy_new_uids(user_handles.cap, ta_number, &count,
14534                                       &i_count, *id_pp);
14535 #endif
14536 #if defined(CONFIG_RSBAC_JAIL)
14537                         copy_new_uids(user_handles.jail, ta_number, &count,
14538                                       &i_count, *id_pp);
14539 #endif
14540 #if defined(CONFIG_RSBAC_PAX)
14541                         copy_new_uids(user_handles.pax, ta_number, &count,
14542                                       &i_count, *id_pp);
14543 #endif
14544 #if defined(CONFIG_RSBAC_RES)
14545                         copy_new_uids(user_handles.res, ta_number, &count,
14546                                       &i_count, *id_pp);
14547 #endif
14548                         if (!count)
14549                                 rsbac_vfree(*id_pp);
14550                 }
14551         }
14552         return count;
14553 }
14554 
14555 /* Copy new items, of they do not exist. Adjust list counters. */
14556 static int copy_new_ipcs(rsbac_list_handle_t list,
14557                          rsbac_list_ta_number_t ta_number,
14558                          int *count_p,
14559                          int *i_count_p, struct rsbac_ipc_t * res_id_p)
14560 {
14561         struct rsbac_ipc_t *i_id_p = NULL;
14562         rsbac_boolean_t found;
14563         int tmp_count;
14564         int i;
14565         int j;
14566 
14567         if (!list || !count_p || !i_count_p || !res_id_p)
14568                 return -RSBAC_EINVALIDPOINTER;
14569         if (!*i_count_p)
14570                 return 0;
14571 /*      rsbac_pr_debug(ds, "list %p, ta_number %u, count %u, "
14572                       "i_count %u, res_id_p %p, res_id_p[0] %u\n",
14573                        list, ta_number, *count_p, *i_count_p, res_id_p,
14574                        res_id_p[0]); */
14575         tmp_count =
14576             rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p);
14577         if (tmp_count > 0) {
14578                 if (tmp_count > *i_count_p)
14579                         tmp_count = *i_count_p;
14580                 for (i = 0; i < tmp_count; i++) {
14581                         found = FALSE;
14582                         for (j = 0; j < *count_p; j++) {
14583                                 if (!ipc_compare(&res_id_p[j], &i_id_p[i])) {
14584                                         found = TRUE;
14585                                         break;
14586                                 }
14587                         }
14588                         if (found == FALSE) {
14589                                 res_id_p[*count_p] = i_id_p[i];
14590                                 (*count_p)++;
14591                                 (*i_count_p)--;
14592                         }
14593                 }
14594                 rsbac_vfree(i_id_p);
14595         }
14596         return 0;
14597 }
14598 
14599 int rsbac_ta_list_all_ipc(rsbac_list_ta_number_t ta_number,
14600                            struct rsbac_ipc_t ** id_pp)
14601 {
14602         int count = 0;
14603         int tmp_count;
14604 
14605 #if defined(CONFIG_RSBAC_MAC)
14606         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.mac);
14607         if (tmp_count > 0)
14608                 count += tmp_count;
14609 #endif
14610 #if defined(CONFIG_RSBAC_PM)
14611         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.pm);
14612         if (tmp_count > 0)
14613                 count += tmp_count;
14614 #endif
14615 #if defined(CONFIG_RSBAC_RC)
14616         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.rc);
14617         if (tmp_count > 0)
14618                 count += tmp_count;
14619 #endif
14620 #if defined(CONFIG_RSBAC_JAIL)
14621         tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.jail);
14622         if (tmp_count > 0)
14623                 count += tmp_count;
14624 #endif
14625         if (id_pp) {
14626                 if (count > 0) {
14627                         int i_count;
14628 
14629                         i_count = count + 20;   /* max value to expect */
14630                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14631                         if (!*id_pp)
14632                                 return -RSBAC_ENOMEM;
14633                         count = 0;
14634 #if defined(CONFIG_RSBAC_MAC)
14635                         copy_new_ipcs(ipc_handles.mac, ta_number, &count,
14636                                       &i_count, *id_pp);
14637 #endif
14638 #if defined(CONFIG_RSBAC_PM)
14639                         copy_new_ipcs(ipc_handles.pm, ta_number, &count,
14640                                       &i_count, *id_pp);
14641 #endif
14642 #if defined(CONFIG_RSBAC_RC)
14643                         copy_new_ipcs(ipc_handles.rc, ta_number, &count,
14644                                       &i_count, *id_pp);
14645 #endif
14646 #if defined(CONFIG_RSBAC_JAIL)
14647                         copy_new_ipcs(ipc_handles.jail, ta_number, &count,
14648                                       &i_count, *id_pp);
14649 #endif
14650                         if (!count)
14651                                 rsbac_vfree(*id_pp);
14652                 }
14653         }
14654         return count;
14655 }
14656 
14657 int rsbac_ta_list_all_group(rsbac_list_ta_number_t ta_number,
14658                             rsbac_gid_t ** id_pp)
14659 {
14660 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14661         int count = 0;
14662         int tmp_count;
14663 
14664         tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc);
14665         if (tmp_count > 0)
14666                 count += tmp_count;
14667         if (id_pp) {
14668                 if (count > 0) {
14669                         int i_count;
14670                         rsbac_gid_t *i_id_p = NULL;
14671 
14672                         i_count = count + 20;   /* max value to expect */
14673                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14674                         if (!*id_pp)
14675                                 return -RSBAC_ENOMEM;
14676                         tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14677                                                                group_handles.
14678                                                                rc,
14679                                                                (void **)
14680                                                                &i_id_p);
14681                         if (tmp_count > 0) {
14682                                 if (tmp_count > i_count)
14683                                         tmp_count = i_count;
14684                                 memcpy(*id_pp, i_id_p,
14685                                        tmp_count * sizeof(*i_id_p));
14686                                 rsbac_vfree(i_id_p);
14687                                 count = tmp_count;
14688                                 i_count -= tmp_count;
14689                         } else
14690                                 count = 0;
14691                         if (!count)
14692                                 rsbac_vfree(*id_pp);
14693                 }
14694         }
14695         return count;
14696 #else
14697         return 0;
14698 #endif
14699 }
14700 
14701 
14702 #ifdef CONFIG_RSBAC_NET_DEV
14703 int rsbac_ta_net_list_all_netdev(rsbac_list_ta_number_t ta_number,
14704                                  rsbac_netdev_id_t ** id_pp)
14705 {
14706         int count = 0;
14707         int tmp_count;
14708 
14709 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14710         tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.gen);
14711         if (tmp_count > 0)
14712                 count += tmp_count;
14713 #endif
14714 #if defined(CONFIG_RSBAC_RC)
14715         tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.rc);
14716         if (tmp_count > 0)
14717                 count += tmp_count;
14718 #endif
14719         if (id_pp) {
14720                 rsbac_netdev_id_t *i_id_p = NULL;
14721                 char *pos = NULL;
14722 #if defined(CONFIG_RSBAC_RC)
14723                 u_int i;
14724 #endif
14725 
14726                 if (count > 0) {
14727                         int i_count = 0;
14728 
14729                         i_count = count + 20;   /* max value to expect */
14730                         *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14731                         if (!*id_pp)
14732                                 return -RSBAC_ENOMEM;
14733                         pos = (char *) *id_pp;
14734 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14735                         tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14736                                                                netdev_handles.
14737                                                                gen,
14738                                                                (void **)
14739                                                                &i_id_p);
14740                         if (tmp_count > 0) {
14741                                 if (tmp_count > i_count)
14742                                         tmp_count = i_count;
14743                                 memcpy(pos, i_id_p,
14744                                        tmp_count * sizeof(*i_id_p));
14745                                 rsbac_vfree(i_id_p);
14746                                 count = tmp_count;
14747                                 i_count -= tmp_count;
14748                                 pos += tmp_count * sizeof(*i_id_p);
14749                         } else
14750                                 count = 0;
14751 #endif
14752 #if defined(CONFIG_RSBAC_RC)
14753                         if (i_count) {
14754                                 tmp_count =
14755                                     rsbac_ta_list_get_all_desc(ta_number,
14756                                                                netdev_handles.
14757                                                                rc,
14758                                                                (void **)
14759                                                                &i_id_p);
14760                                 if (tmp_count > 0) {
14761                                         if (tmp_count > i_count)
14762                                                 tmp_count = i_count;
14763                                         for (i = 0; i < tmp_count; i++) {
14764 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14765                                                 if (!rsbac_ta_list_exist
14766                                                     (ta_number,
14767                                                      netdev_handles.gen,
14768                                                      &i_id_p[i]))
14769 #endif
14770                                                 {
14771                                                         memcpy(pos,
14772                                                                &i_id_p[i],
14773                                                                sizeof
14774                                                                (*i_id_p));
14775                                                         pos +=
14776                                                             sizeof
14777                                                             (*i_id_p);
14778                                                         count++;
14779                                                         i_count--;
14780                                                 }
14781                                         }
14782                                         rsbac_vfree(i_id_p);
14783                                 }
14784                         }
14785 #endif
14786                         if (!count)
14787                                 rsbac_vfree(*id_pp);
14788                 }
14789         }
14790         return count;
14791 }
14792 #endif
14793 
14794 #ifdef CONFIG_RSBAC_NET_OBJ
14795 /* Get a template id from a net description */
14796 int rsbac_net_get_id(rsbac_list_ta_number_t ta_number,
14797                      struct rsbac_net_description_t *desc_p,
14798                      rsbac_net_temp_id_t * id_p)
14799 {
14800         if (!rsbac_initialized)
14801                 return -RSBAC_ENOTINITIALIZED;
14802         if (!id_p || !desc_p)
14803                 return -RSBAC_EINVALIDPOINTER;
14804         if (rsbac_ta_list_get_desc(ta_number,
14805                                    net_temp_handle,
14806                                    id_p, desc_p, rsbac_net_compare_data)
14807             )
14808                 *id_p = RSBAC_NET_UNKNOWN;
14809         return 0;
14810 }
14811 
14812 /* get the template ids for a netobj */
14813 /* set *_temp_p to NULL, if you do not need it */
14814 int rsbac_ta_net_lookup_templates(rsbac_list_ta_number_t ta_number,
14815                                   struct rsbac_net_obj_desc_t *netobj_p,
14816                                   rsbac_net_temp_id_t * local_temp_p,
14817                                   rsbac_net_temp_id_t * remote_temp_p)
14818 {
14819         struct rsbac_net_description_t *rsbac_net_desc_p;
14820         int err = 0;
14821         struct net_device *dev;
14822 
14823         if (!netobj_p || !netobj_p->sock_p || !netobj_p->sock_p->sk
14824             || !netobj_p->sock_p->ops)
14825                 return -RSBAC_EINVALIDPOINTER;
14826         if (!local_temp_p && !remote_temp_p)
14827                 return -RSBAC_EINVALIDVALUE;
14828 
14829         rsbac_net_desc_p = rsbac_kmalloc(sizeof(*rsbac_net_desc_p));
14830         if (!rsbac_net_desc_p)
14831                 return -RSBAC_ENOMEM;
14832 
14833         rsbac_net_desc_p->address_family = netobj_p->sock_p->ops->family;
14834         rsbac_net_desc_p->type = netobj_p->sock_p->type;
14835 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14836         rsbac_net_desc_p->protocol = netobj_p->sock_p->sk->sk_protocol;
14837         if (netobj_p->sock_p->sk->sk_bound_dev_if) {
14838                 dev =
14839                     dev_get_by_index(netobj_p->sock_p->sk->
14840                                      sk_bound_dev_if);
14841 #else
14842         rsbac_net_desc_p->protocol = netobj_p->sock_p->sk->protocol;
14843         if (netobj_p->sock_p->sk->bound_dev_if) {
14844                 dev = dev_get_by_index(netobj_p->sock_p->sk->bound_dev_if);
14845 #endif
14846                 if (dev) {
14847                         strcpy(rsbac_net_desc_p->netdev, dev->name);
14848                         dev_put(dev);
14849                 } else
14850                         rsbac_net_desc_p->netdev[0] = RSBAC_NET_UNKNOWN;
14851         } else
14852                 rsbac_net_desc_p->netdev[0] = RSBAC_NET_UNKNOWN;
14853         if (local_temp_p) {
14854                 switch (rsbac_net_desc_p->address_family) {
14855                 case AF_INET:
14856                         if (netobj_p->local_addr) {
14857                                 struct sockaddr_in *addr =
14858                                     netobj_p->local_addr;
14859 
14860                                 rsbac_net_desc_p->address =
14861                                     &addr->sin_addr.s_addr;
14862                                 rsbac_net_desc_p->address_len =
14863                                     sizeof(__u32);
14864                                 rsbac_net_desc_p->port =
14865                                     ntohs(addr->sin_port);
14866                         } else {
14867 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14868                                 rsbac_net_desc_p->address =
14869                                     &inet_sk(netobj_p->sock_p->sk)->
14870                                     rcv_saddr;
14871                                 rsbac_net_desc_p->address_len =
14872                                     sizeof(__u32);
14873                                 rsbac_net_desc_p->port =
14874                                     inet_sk(netobj_p->sock_p->sk)->num;
14875 #else
14876                                 rsbac_net_desc_p->address =
14877                                     &netobj_p->sock_p->sk->rcv_saddr;
14878                                 rsbac_net_desc_p->address_len =
14879                                     sizeof(__u32);
14880                                 rsbac_net_desc_p->port =
14881                                     netobj_p->sock_p->sk->num;
14882 #endif
14883                         }
14884                         dev = ip_dev_find(*(__u32 *) rsbac_net_desc_p->address);
14885                         if (dev) {
14886                                 strcpy(rsbac_net_desc_p->netdev,
14887                                        dev->name);
14888                                 dev_put(dev);
14889                         }
14890                         break;
14891                 case AF_UNIX:
14892                         rsbac_printk(KERN_WARNING "rsbac_ta_net_lookup_templates(): unsupported family AF_UNIX, should be target UNIXSOCK or IPC-anonunix\n");
14893                         return (-RSBAC_EINVALIDTARGET);
14894 
14895                 default:
14896                         rsbac_net_desc_p->address = NULL;
14897                         rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
14898                 }
14899                 if ((err = rsbac_net_get_id(ta_number, rsbac_net_desc_p,
14900                         local_temp_p))) {
14901                         *local_temp_p = 0;
14902                         rsbac_printk(KERN_WARNING "rsbac_net_lookup_templates(): rsbac_net_get_id for local returned error %u\n",
14903                                      err);
14904                 }
14905                 if (rsbac_net_desc_p->address_family == AF_INET)
14906                         rsbac_pr_debug(ds_net,
14907                                        "user %u temp id for local is %u\n",
14908                                        current->uid, *local_temp_p);
14909         }
14910         if (remote_temp_p) {
14911                 switch (rsbac_net_desc_p->address_family) {
14912                 case AF_INET:
14913                         if (netobj_p->remote_addr) {
14914                                 struct sockaddr_in *addr =
14915                                     netobj_p->remote_addr;
14916 
14917                                 rsbac_net_desc_p->address =
14918                                     &addr->sin_addr.s_addr;
14919                                 rsbac_net_desc_p->address_len =
14920                                     sizeof(__u32);
14921                                 rsbac_net_desc_p->port =
14922                                     ntohs(addr->sin_port);
14923                         } else {
14924 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14925                                 rsbac_net_desc_p->address =
14926                                     &inet_sk(netobj_p->sock_p->sk)->daddr;
14927                                 rsbac_net_desc_p->address_len =
14928                                     sizeof(__u32);
14929                                 rsbac_net_desc_p->port =
14930                                     ntohs(inet_sk(netobj_p->sock_p->sk)->
14931                                           dport);
14932 #else
14933                                 rsbac_net_desc_p->address =
14934                                     &netobj_p->sock_p->sk->daddr;
14935                                 rsbac_net_desc_p->address_len =
14936                                     sizeof(__u32);
14937                                 rsbac_net_desc_p->port =
14938                                     ntohs(netobj_p->sock_p->sk->dport);
14939 #endif
14940                         }
14941                         dev = ip_dev_find(*(__u32 *) rsbac_net_desc_p->address);
14942                         if (dev) {
14943                                 strcpy(rsbac_net_desc_p->netdev,
14944                                        dev->name);
14945                                 dev_put(dev);
14946                         }
14947                         break;
14948                 case AF_UNIX:
14949                         rsbac_printk(KERN_WARNING "rsbac_ta_net_lookup_templates(): unsupported family AF_UNIX, should be target UNIXSOCK or IPC-anonunix\n");
14950                         return (-RSBAC_EINVALIDTARGET);
14951 
14952                 default:
14953                         rsbac_net_desc_p->address = NULL;
14954                         rsbac_net_desc_p->address_len = 0;
14955                         rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
14956                 }
14957                 if ((err =
14958                      rsbac_net_get_id(ta_number, rsbac_net_desc_p,
14959                                       remote_temp_p))) {
14960                         *remote_temp_p = 0;
14961                         rsbac_printk(KERN_WARNING "rsbac_net_lookup_templates(): rsbac_net_get_id for remote returned error %u\n",
14962                                      err);
14963                 }
14964                 if (rsbac_net_desc_p->address_family == AF_INET)
14965                         rsbac_pr_debug(ds_net,
14966                                        "user %u temp id for remote is %u\n",
14967                                        current->uid, *remote_temp_p);
14968         }
14969         rsbac_kfree(rsbac_net_desc_p);
14970         return 0;
14971 }
14972 
14973 void rsbac_net_obj_cleanup(rsbac_net_obj_id_t netobj)
14974 {
14975         union rsbac_target_id_t tid;
14976 
14977         tid.netobj.sock_p = netobj;
14978         rsbac_remove_target(T_NETOBJ, tid);
14979 }
14980 
14981 int rsbac_ta_net_template(rsbac_list_ta_number_t ta_number,
14982                           enum rsbac_net_temp_syscall_t call,
14983                           rsbac_net_temp_id_t id,
14984                           union rsbac_net_temp_syscall_data_t *data_p)
14985 {
14986         struct rsbac_net_temp_data_t int_data;
14987         int err;
14988 
14989         memset(&int_data, 0, sizeof(int_data));
14990         int_data.address_family = AF_MAX;
14991         int_data.type = RSBAC_NET_ANY;
14992         int_data.protocol = RSBAC_NET_ANY;
14993         strcpy(int_data.name, "DEFAULT");
14994 
14995         switch (call) {
14996         case NTS_new_template:
14997         case NTS_check_id:
14998                 break;
14999         case NTS_copy_template:
15000                 err = rsbac_ta_list_get_data_ttl(ta_number,
15001                                                  net_temp_handle,
15002                                                  NULL,
15003                                                  &data_p->id, &int_data);
15004                 if (err)
15005                         return err;
15006                 break;
15007         default:
15008                 err = rsbac_ta_list_get_data_ttl(ta_number,
15009                                                  net_temp_handle,
15010                                                  NULL, &id, &int_data);
15011                 if (err)
15012                         return err;
15013         }
15014         /* get data values from user space */
15015         switch (call) {
15016         case NTS_set_address:
15017                 if(int_data.address_family == AF_INET) {
15018                         int i;
15019 
15020                         memcpy(&int_data.address.inet, &data_p->address.inet,
15021                                 sizeof(int_data.address.inet));
15022                         if(int_data.address.inet.nr_addr > RSBAC_NET_NR_INET_ADDR)
15023                                 return -RSBAC_EINVALIDVALUE;
15024                         for(i=0; i<int_data.address.inet.nr_addr; i++)
15025                                 if(int_data.address.inet.valid_bits[i] > 32)
15026                                         return -RSBAC_EINVALIDVALUE;
15027                 } else {
15028                         memcpy(&int_data.address.other, &data_p->address.other,
15029                                 sizeof(int_data.address.other));
15030                 }
15031                 return rsbac_ta_list_add_ttl(ta_number, net_temp_handle, 0,
15032                                              &id, &int_data);
15033         case NTS_set_address_family:
15034                 if(int_data.address_family != data_p->address_family) {
15035                         int_data.address_family = data_p->address_family;
15036                         memset(&int_data.address, 0, sizeof(int_data.address));
15037                 }
15038                 return rsbac_ta_list_add_ttl(ta_number,
15039                                              net_temp_handle,
15040                                              0, &id, &int_data);
15041         case NTS_set_type:
15042                 int_data.type = data_p->type;
15043                 return rsbac_ta_list_add_ttl(ta_number,
15044                                              net_temp_handle,
15045                                              0, &id, &int_data);
15046         case NTS_set_protocol:
15047                 int_data.protocol = data_p->protocol;
15048                 return rsbac_ta_list_add_ttl(ta_number,
15049                                              net_temp_handle,
15050                                              0, &id, &int_data);
15051         case NTS_set_netdev:
15052                 strncpy(int_data.netdev, data_p->netdev, RSBAC_IFNAMSIZ);
15053                 int_data.netdev[RSBAC_IFNAMSIZ] = 0;
15054                 return rsbac_ta_list_add_ttl(ta_number,
15055                                              net_temp_handle,
15056                                              0, &id, &int_data);
15057         case NTS_set_ports:
15058                 memcpy(&int_data.ports, &data_p->ports,
15059                         sizeof(int_data.ports));
15060                 if(int_data.ports.nr_ports > RSBAC_NET_NR_PORTS)
15061                         return -RSBAC_EINVALIDVALUE;
15062                 return rsbac_ta_list_add_ttl(ta_number,
15063                                              net_temp_handle,
15064                                              0, &id, &int_data);
15065         case NTS_set_name:
15066                 strncpy(int_data.name, data_p->name,
15067                         RSBAC_NET_TEMP_NAMELEN - 1);
15068                 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0;
15069                 return rsbac_ta_list_add_ttl(ta_number,
15070                                              net_temp_handle,
15071                                              0, &id, &int_data);
15072         case NTS_new_template:
15073                 if (rsbac_list_exist(net_temp_handle, &id))
15074                         return -RSBAC_EEXISTS;
15075                 strncpy(int_data.name, data_p->name,
15076                         RSBAC_NET_TEMP_NAMELEN - 1);
15077                 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0;
15078                 return rsbac_ta_list_add_ttl(ta_number,
15079                                              net_temp_handle,
15080                                              0, &id, &int_data);
15081         case NTS_copy_template:
15082                 if (rsbac_list_exist(net_temp_handle, &id))
15083                         return -RSBAC_EEXISTS;
15084                 return rsbac_ta_list_add_ttl(ta_number,
15085                                              net_temp_handle,
15086                                              0, &id, &int_data);
15087         case NTS_delete_template:
15088                 return rsbac_ta_list_remove(ta_number, net_temp_handle,
15089                                             &id);
15090         case NTS_check_id:
15091                 if (rsbac_ta_list_exist(ta_number, net_temp_handle, &id)) {
15092                         data_p->id = id;
15093                         return 0;
15094                 } else
15095                         return -RSBAC_ENOTFOUND;
15096         case NTS_get_address:
15097                 memcpy(&data_p->address, &int_data.address,
15098                        sizeof(int_data.address));
15099                 return 0;
15100         case NTS_get_address_family:
15101                 data_p->address_family = int_data.address_family;
15102                 return 0;
15103         case NTS_get_type:
15104                 data_p->type = int_data.type;
15105                 return 0;
15106         case NTS_get_protocol:
15107                 data_p->protocol = int_data.protocol;
15108                 return 0;
15109         case NTS_get_netdev:
15110                 strncpy(data_p->netdev, int_data.netdev, RSBAC_IFNAMSIZ);
15111                 return 0;
15112         case NTS_get_ports:
15113                 memcpy(&data_p->ports, &int_data.ports,
15114                        sizeof(int_data.ports));
15115                 return 0;
15116         case NTS_get_name:
15117                 strcpy(data_p->name, int_data.name);
15118                 return 0;
15119 
15120         default:
15121                 return -RSBAC_EINVALIDREQUEST;
15122         }
15123 }
15124 
15125 int rsbac_ta_net_list_all_template(rsbac_list_ta_number_t ta_number,
15126                                    rsbac_net_temp_id_t ** id_pp)
15127 {
15128         if (id_pp)
15129                 return rsbac_ta_list_get_all_desc(ta_number,
15130                                                   net_temp_handle,
15131                                                   (void **) id_pp);
15132         else
15133                 return rsbac_ta_list_count(ta_number, net_temp_handle);
15134 }
15135 
15136 int rsbac_ta_net_template_exist(rsbac_list_ta_number_t ta_number,
15137                                 rsbac_net_temp_id_t temp)
15138 {
15139         return rsbac_ta_list_exist(ta_number, net_temp_handle, &temp);
15140 }
15141 
15142 int rsbac_net_remote_request(enum rsbac_adf_request_t request)
15143 {
15144         switch (request) {
15145         case R_ACCEPT:
15146         case R_CONNECT:
15147         case R_SEND:
15148         case R_RECEIVE:
15149         case R_READ:
15150         case R_WRITE:
15151                 return TRUE;
15152 
15153         default:
15154                 return FALSE;
15155         }
15156 }
15157 
15158 #endif                          /* NET_OBJ */
15159 
15160 #if defined(CONFIG_RSBAC_DAZ)
15161 EXPORT_SYMBOL(rsbac_daz_get_ttl);
15162 /* Get ttl for new cache items in seconds */
15163 rsbac_time_t rsbac_daz_get_ttl(void)
15164 {
15165 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15166         return rsbac_daz_ttl;
15167 #else
15168         return 0;
15169 #endif
15170 }
15171 
15172 EXPORT_SYMBOL(rsbac_daz_set_ttl);
15173 void rsbac_daz_set_ttl(rsbac_time_t ttl)
15174 {
15175 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15176         if (ttl) {
15177                 if (ttl > RSBAC_LIST_MAX_AGE_LIMIT)
15178                         ttl = RSBAC_LIST_MAX_AGE_LIMIT;
15179                 rsbac_daz_ttl = ttl;
15180         }
15181 #endif
15182 }
15183 
15184 EXPORT_SYMBOL(rsbac_daz_flush_cache);
15185 int rsbac_daz_flush_cache(void)
15186 {
15187 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15188         struct rsbac_device_list_item_t *device_p;
15189 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
15190         long dflags;
15191 #endif
15192         u_int i;
15193 
15194         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
15195 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15196                 rcu_read_lock();
15197 #else
15198                 rsbac_read_lock(&device_list_locks[i], &dflags);
15199 #endif
15200                 device_p = rcu_dereference(device_head_p[i])->head;
15201                 while (device_p) {
15202                         rsbac_list_remove_all(device_p->handles.dazs);
15203                         device_p = device_p->next;
15204                 }
15205 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15206                 rcu_read_unlock();
15207 #else
15208                 rsbac_read_unlock(&device_list_locks[i], &dflags);
15209 #endif
15210         }
15211 #endif
15212         return 0;
15213 }
15214 #endif
15215 
15216 #if defined(CONFIG_RSBAC_JAIL)
15217 static int rsbac_jail_exists_compare(void * data1, void * data2)
15218 {
15219   struct rsbac_jail_process_aci_t * aci_p = data1;
15220 
15221   return memcmp(&aci_p->id, data2, sizeof(rsbac_jail_id_t));
15222 }
15223 
15224 rsbac_boolean_t rsbac_jail_exists(rsbac_jail_id_t jail_id)
15225 {
15226         rsbac_pid_t pid;
15227 
15228         if(!rsbac_ta_list_get_desc(0,
15229                                 process_handles.jail,
15230                                 &pid,
15231                                 &jail_id,
15232                                 rsbac_jail_exists_compare))
15233                 return TRUE;
15234         else
15235                 return FALSE;
15236 }
15237 #endif
15238 
15239 void rsbac_flags_set(unsigned long int rsbac_flags)
15240 {
15241 #if 0
15242         printk("rsbac_flags set to: %lu\n", rsbac_flags);
15243 
15244         if (rsbac_flags & set_rsbac_softmode)
15245                 rsbac_softmode = 1;
15246         if (rsbac_flags & set_rsbac_softmode_once) {
15247                 rsbac_softmode = 1;
15248                 rsbac_softmode_prohibit = 1;
15249         }
15250         if (rsbac_flags & set_rsbac_softmode_never)
15251                 rsbac_softmode_prohibit = 1;
15252         if (rsbac_flags & set_rsbac_freeze)
15253                 rsbac_freeze = 1;
15254 #if defined(CONFIG_RSBAC_UM_EXCL)
15255         if (rsbac_flags & set_rsbac_um_no_excl)
15256                 rsbac_um_no_excl = 1;
15257 #endif
15258         if (rsbac_flags & set_rsbac_auth_learn)
15259                 rsbac_auth_learn = 1;
15260         if (rsbac_flags & set_rsbac_acl_learn_fd)
15261                 rsbac_acl_learn_fd = 1;
15262         if (rsbac_flags & set_rsbac_cap_log_missing)
15263                 rsbac_cap_log_missing = 1;
15264         if (rsbac_flags & set_rsbac_jail_log_missing)
15265                 rsbac_jail_log_missing = 1;
15266         if (rsbac_flags & set_rsbac_dac_disable)
15267                 rsbac_dac_disable = 1;
15268         if (rsbac_flags & set_rsbac_no_delay_init)
15269                 rsbac_no_delay_init = 1;
15270         if (rsbac_flags & set_rsbac_no_defaults)
15271                 rsbac_no_defaults = 1;
15272         if (rsbac_flags & set_rsbac_nosyslog)
15273                 rsbac_nosyslog = 1;
15274         if (rsbac_flags & set_rsbac_cap_process_hiding)
15275                 rsbac_cap_process_hiding = 1;
15276 #endif
15277 }

Generated on Wed May 16 11:53:38 2007 for RSBAC by  doxygen 1.5.1