#include <linux/init.h>
#include <rsbac/types.h>
Go to the source code of this file.
int rsbac_check_mac | ( | int | correct, | |
int | check_inode | |||
) |
int rsbac_init_mac | ( | void | ) |
Definition at line 712 of file mac_data_structures.c.
References add_device_item(), rsbac_mac_device_list_head_t::count, create_device_item(), rsbac_mac_device_list_head_t::curr, rsbac_list_lol_info_t::data_size, rsbac_list_lol_info_t::desc_size, device_list_head, get_error_name(), rsbac_mac_device_list_head_t::head, rsbac_list_lol_info_t::key, rsbac_mac_device_list_head_t::lock, mac_register_fd_lists(), rsbac_list_lol_info_t::max_age, NULL, proc_rsbac_root_p, process_handle, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EREINIT, rsbac_is_initialized(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_LIST_DEF_DATA, rsbac_list_lol_register(), RSBAC_LIST_VERSION, RSBAC_MAC_LIST_KEY, RSBAC_MAC_P_LIST_NAME, RSBAC_MAC_P_LIST_VERSION, RSBAC_MAXNAMELEN, rsbac_pr_debug, rsbac_printk(), rsbac_root_dev, rsbac_list_lol_info_t::subdata_size, rsbac_list_lol_info_t::subdesc_size, rsbac_mac_device_list_head_t::tail, and rsbac_list_lol_info_t::version.
Referenced by rsbac_do_init().
00714 { 00715 int err = 0; 00716 struct rsbac_mac_device_list_item_t *device_p = NULL; 00717 u_long dflags; 00718 struct proc_dir_entry *tmp_entry_p; 00719 struct rsbac_list_lol_info_t lol_info; 00720 00721 if (rsbac_is_initialized()) { 00722 rsbac_printk(KERN_WARNING "rsbac_init_mac(): RSBAC already initialized\n"); 00723 return (-RSBAC_EREINIT); 00724 } 00725 00726 /* set rw-spinlocks to unlocked status and init data structures */ 00727 rsbac_printk(KERN_INFO "rsbac_init_mac(): Initializing RSBAC: MAC subsystem\n"); 00728 00729 lol_info.version = RSBAC_MAC_P_LIST_VERSION; 00730 lol_info.key = RSBAC_MAC_LIST_KEY; 00731 lol_info.desc_size = sizeof(rsbac_pid_t); 00732 lol_info.data_size = 0; 00733 lol_info.subdesc_size = sizeof(rsbac_uid_t); 00734 lol_info.subdata_size = 0; 00735 lol_info.max_age = 0; 00736 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00737 &process_handle, 00738 &lol_info, 00739 RSBAC_LIST_DEF_DATA, 00740 NULL, 00741 NULL, 00742 NULL, 00743 NULL, 00744 NULL, 00745 NULL, 00746 RSBAC_MAC_P_LIST_NAME, 00747 RSBAC_AUTO_DEV); 00748 if (err) { 00749 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00750 00751 if (tmp) { 00752 rsbac_printk(KERN_WARNING "rsbac_init_mac(): Registering MAC process trusted user list failed with error %s\n", 00753 get_error_name(tmp, err)); 00754 rsbac_kfree(tmp); 00755 } 00756 } 00757 00758 /* Init FD lists */ 00759 device_list_head.lock = RW_LOCK_UNLOCKED; 00760 device_list_head.head = NULL; 00761 device_list_head.tail = NULL; 00762 device_list_head.curr = NULL; 00763 device_list_head.count = 0; 00764 00765 /* read all data */ 00766 rsbac_pr_debug(ds_mac, "rsbac_init_mac(): Registering FD lists\n"); 00767 device_p = create_device_item(rsbac_root_dev); 00768 if (!device_p) { 00769 rsbac_printk(KERN_CRIT 00770 "rsbac_init_mac(): Could not add device!\n"); 00771 return (-RSBAC_ECOULDNOTADDDEVICE); 00772 } 00773 if ((err = mac_register_fd_lists(device_p, rsbac_root_dev))) { 00774 char tmp[RSBAC_MAXNAMELEN]; 00775 00776 rsbac_printk(KERN_WARNING "rsbac_init_mac(): File/Dir trusted user set registration failed for dev %02u:%02u, err %s!\n", 00777 RSBAC_MAJOR(rsbac_root_dev), 00778 RSBAC_MINOR(rsbac_root_dev), 00779 get_error_name(tmp, err)); 00780 } 00781 /* wait for write access to device_list_head */ 00782 rsbac_write_lock_irq(&device_list_head.lock, &dflags); 00783 device_p = add_device_item(device_p); 00784 /* device was added, allow access */ 00785 rsbac_write_unlock_irq(&device_list_head.lock, &dflags); 00786 if (!device_p) { 00787 rsbac_printk(KERN_CRIT 00788 "rsbac_init_mac(): Could not add device!\n"); 00789 return (-RSBAC_ECOULDNOTADDDEVICE); 00790 } 00791 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS) 00792 tmp_entry_p = create_proc_entry("mac_devices", 00793 S_IFREG | S_IRUGO | S_IWUGO, 00794 proc_rsbac_root_p); 00795 if (tmp_entry_p) { 00796 tmp_entry_p->get_info = mac_devices_proc_info; 00797 } 00798 tmp_entry_p = create_proc_entry("stats_mac", 00799 S_IFREG | S_IRUGO, 00800 proc_rsbac_root_p); 00801 if (tmp_entry_p) { 00802 tmp_entry_p->get_info = stats_mac_proc_info; 00803 } 00804 tmp_entry_p = create_proc_entry("mac_trusted", 00805 S_IFREG | S_IRUGO, 00806 proc_rsbac_root_p); 00807 if (tmp_entry_p) { 00808 tmp_entry_p->get_info = mac_trulist_proc_info; 00809 } 00810 #endif 00811 00812 rsbac_pr_debug(aef_mac, "Ready.\n"); 00813 return (err); 00814 }
int rsbac_mac_add_to_f_truset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_mac_file_t | file, | |||
rsbac_uid_t | member, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 993 of file mac_data_structures.c.
References device_list_head, rsbac_mac_device_list_item_t::handle, rsbac_mac_device_list_head_t::lock, lookup_device(), NULL, RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl().
Referenced by rsbac_mac_add_f_tru().
00996 { 00997 int err = 0; 00998 u_long dflags; 00999 struct rsbac_mac_device_list_item_t *device_p; 01000 01001 if (!rsbac_is_initialized()) { 01002 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_f_truset(): RSBAC not initialized\n"); 01003 return (-RSBAC_ENOTINITIALIZED); 01004 } 01005 if (in_interrupt()) { 01006 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_f_truset(): called from interrupt!\n"); 01007 } 01008 01009 /* protect device list */ 01010 rsbac_read_lock(&device_list_head.lock, &dflags); 01011 device_p = lookup_device(file.device); 01012 if (!device_p) { 01013 /* trigger rsbac_mount() */ 01014 rsbac_read_unlock(&device_list_head.lock, &dflags); 01015 rsbac_get_super_block(file.device); 01016 /* retry */ 01017 rsbac_read_lock(&device_list_head.lock, &dflags); 01018 device_p = lookup_device(file.device); 01019 if (!device_p) { 01020 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_f_truset(): invalid device %02u:%02u!\n", 01021 RSBAC_MAJOR(file.device), 01022 RSBAC_MINOR(file.device)); 01023 rsbac_read_unlock(&device_list_head.lock, &dflags); 01024 return (-RSBAC_EINVALIDDEV); 01025 } 01026 } 01027 01028 err = rsbac_ta_list_lol_subadd_ttl(ta_number, 01029 device_p->handle, 01030 ttl, &file.inode, &member, 01031 NULL); 01032 rsbac_read_unlock(&device_list_head.lock, &dflags); 01033 return (err); 01034 }
int rsbac_mac_add_to_p_truset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
rsbac_uid_t | member, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 978 of file mac_data_structures.c.
References NULL, process_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl().
Referenced by rsbac_mac_add_p_tru().
00981 { 00982 if (!rsbac_is_initialized()) { 00983 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_p_truset(): RSBAC not initialized\n"); 00984 return (-RSBAC_ENOTINITIALIZED); 00985 } 00986 if (in_interrupt()) { 00987 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_p_truset(): called from interrupt!\n"); 00988 } 00989 return rsbac_ta_list_lol_subadd_ttl(ta_number, process_handle, ttl, 00990 &pid, &member, NULL); 00991 }
int rsbac_mac_clear_f_truset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_mac_file_t | file | |||
) |
Definition at line 1112 of file mac_data_structures.c.
References device_list_head, rsbac_mac_device_list_item_t::handle, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove().
Referenced by rsbac_mac_remove_f_trusets().
01114 { 01115 int err = 0; 01116 u_long dflags; 01117 struct rsbac_mac_device_list_item_t *device_p; 01118 01119 if (!rsbac_is_initialized()) { 01120 rsbac_printk(KERN_WARNING "rsbac_mac_clear_f_truset(): RSBAC not initialized\n"); 01121 return (-RSBAC_ENOTINITIALIZED); 01122 } 01123 if (in_interrupt()) { 01124 rsbac_printk(KERN_WARNING "rsbac_mac_clear_f_truset(): called from interrupt!\n"); 01125 } 01126 /* protect device list */ 01127 rsbac_read_lock(&device_list_head.lock, &dflags); 01128 device_p = lookup_device(file.device); 01129 if (!device_p) { 01130 /* trigger rsbac_mount() */ 01131 rsbac_read_unlock(&device_list_head.lock, &dflags); 01132 rsbac_get_super_block(file.device); 01133 /* retry */ 01134 rsbac_read_lock(&device_list_head.lock, &dflags); 01135 device_p = lookup_device(file.device); 01136 if (!device_p) { 01137 rsbac_printk(KERN_WARNING "rsbac_mac_clear_f_truset(): invalid device %02u:%02u!\n", 01138 RSBAC_MAJOR(file.device), 01139 RSBAC_MINOR(file.device)); 01140 rsbac_read_unlock(&device_list_head.lock, &dflags); 01141 return (-RSBAC_EINVALIDDEV); 01142 } 01143 } 01144 err = rsbac_ta_list_lol_remove(ta_number, 01145 device_p->handle, 01146 &file.inode); 01147 rsbac_read_unlock(&device_list_head.lock, &dflags); 01148 return (err); 01149 }
int rsbac_mac_clear_p_truset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid | |||
) |
Definition at line 1099 of file mac_data_structures.c.
References process_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove().
Referenced by rsbac_mac_remove_p_trusets().
01101 { 01102 if (!rsbac_is_initialized()) { 01103 rsbac_printk(KERN_WARNING "rsbac_mac_clear_p_truset(): RSBAC not initialized\n"); 01104 return (-RSBAC_ENOTINITIALIZED); 01105 } 01106 if (in_interrupt()) { 01107 rsbac_printk(KERN_WARNING "rsbac_mac_clear_p_truset(): called from interrupt!\n"); 01108 } 01109 return rsbac_ta_list_lol_remove(ta_number, process_handle, &pid); 01110 }
int rsbac_mac_copy_fp_truset | ( | rsbac_mac_file_t | file, | |
rsbac_pid_t | p_tru_set_id | |||
) |
Definition at line 1184 of file mac_data_structures.c.
References copy_fp_tru_set_item(), device_list_head, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), and rsbac_printk().
Referenced by rsbac_adf_set_attr_mac().
01186 { 01187 u_long dflags; 01188 struct rsbac_mac_device_list_item_t *device_p; 01189 int err = 0; 01190 01191 if (!rsbac_is_initialized()) { 01192 rsbac_printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): RSBAC not initialized\n"); 01193 return (-RSBAC_ENOTINITIALIZED); 01194 } 01195 if (in_interrupt()) { 01196 rsbac_printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): called from interrupt!\n"); 01197 } 01198 /* 01199 rsbac_pr_debug(ds_mac, "Copying file cap set data to process cap set\n"); 01200 */ 01201 /* protect device list */ 01202 rsbac_read_lock(&device_list_head.lock, &dflags); 01203 device_p = lookup_device(file.device); 01204 if (!device_p) { 01205 /* trigger rsbac_mount() */ 01206 rsbac_read_unlock(&device_list_head.lock, &dflags); 01207 rsbac_get_super_block(file.device); 01208 /* retry */ 01209 rsbac_read_lock(&device_list_head.lock, &dflags); 01210 device_p = lookup_device(file.device); 01211 if (!device_p) { 01212 rsbac_printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): invalid device %02u:%02u!\n", 01213 RSBAC_MAJOR(file.device), 01214 RSBAC_MINOR(file.device)); 01215 rsbac_read_unlock(&device_list_head.lock, &dflags); 01216 return (-RSBAC_EINVALIDDEV); 01217 } 01218 } 01219 /* call the copy function */ 01220 err = copy_fp_tru_set_item(device_p, file, p_tru_set_id); 01221 rsbac_read_unlock(&device_list_head.lock, &dflags); 01222 return (err); 01223 }
int rsbac_mac_copy_pp_truset | ( | rsbac_pid_t | old_p_set_id, | |
rsbac_pid_t | new_p_set_id | |||
) |
Definition at line 1225 of file mac_data_structures.c.
References copy_pp_tru_set_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), and rsbac_printk().
Referenced by rsbac_adf_set_attr_mac().
01227 { 01228 if (!rsbac_is_initialized()) { 01229 rsbac_printk(KERN_WARNING "rsbac_mac_copy_pp_truset(): RSBAC not initialized\n"); 01230 return (-RSBAC_ENOTINITIALIZED); 01231 } 01232 if (in_interrupt()) { 01233 rsbac_printk(KERN_WARNING "rsbac_mac_copy_pp_truset(): called from interrupt!\n"); 01234 } 01235 /* 01236 rsbac_pr_debug(ds_mac, "Copying process cap set data to process cap set\n"); 01237 */ 01238 /* call the copy function */ 01239 return copy_pp_tru_set_item(old_p_set_id, new_p_set_id); 01240 }
int rsbac_mac_get_f_trulist | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_mac_file_t | file, | |||
rsbac_uid_t ** | trulist_p, | |||
rsbac_time_t ** | ttllist_p | |||
) |
Definition at line 1242 of file mac_data_structures.c.
References device_list_head, rsbac_mac_device_list_item_t::handle, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_get_all_subdesc_ttl().
01246 { 01247 u_long dflags; 01248 struct rsbac_mac_device_list_item_t *device_p; 01249 long count; 01250 01251 if (!rsbac_is_initialized()) { 01252 rsbac_printk(KERN_WARNING "rsbac_mac_get_f_trulist(): RSBAC not initialized\n"); 01253 return (-RSBAC_ENOTINITIALIZED); 01254 } 01255 if (in_interrupt()) { 01256 rsbac_printk(KERN_WARNING "rsbac_mac_get_f_trulist(): called from interrupt!\n"); 01257 } 01258 /* 01259 rsbac_pr_debug(ds_mac, "Getting file/dir trusted user set list\n"); 01260 */ 01261 /* protect device list */ 01262 rsbac_read_lock(&device_list_head.lock, &dflags); 01263 device_p = lookup_device(file.device); 01264 if (!device_p) { 01265 /* trigger rsbac_mount() */ 01266 rsbac_read_unlock(&device_list_head.lock, &dflags); 01267 rsbac_get_super_block(file.device); 01268 /* retry */ 01269 rsbac_read_lock(&device_list_head.lock, &dflags); 01270 device_p = lookup_device(file.device); 01271 if (!device_p) { 01272 rsbac_printk(KERN_WARNING "rsbac_mac_get_f_trulist(): invalid device %02u:%02u!\n", 01273 RSBAC_MAJOR(file.device), 01274 RSBAC_MINOR(file.device)); 01275 rsbac_read_unlock(&device_list_head.lock, &dflags); 01276 return (-RSBAC_EINVALIDDEV); 01277 } 01278 } 01279 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 01280 device_p->handle, 01281 &file.inode, 01282 (void **) trulist_p, 01283 ttllist_p); 01284 rsbac_read_unlock(&device_list_head.lock, &dflags); 01285 return (count); 01286 }
int rsbac_mac_get_p_trulist | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
rsbac_uid_t ** | trulist_p, | |||
rsbac_time_t ** | ttllist_p | |||
) |
Definition at line 1288 of file mac_data_structures.c.
References process_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_get_all_subdesc_ttl().
01292 { 01293 if (!rsbac_is_initialized()) { 01294 rsbac_printk(KERN_WARNING "rsbac_mac_get_p_trulist(): RSBAC not initialized\n"); 01295 return (-RSBAC_ENOTINITIALIZED); 01296 } 01297 if (in_interrupt()) { 01298 rsbac_printk(KERN_WARNING "rsbac_mac_get_p_trulist(): called from interrupt!\n"); 01299 } 01300 /* 01301 rsbac_pr_debug(ds_mac, "Getting process trusted user set list\n"); 01302 */ 01303 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 01304 process_handle, 01305 &pid, 01306 (void **) trulist_p, 01307 ttllist_p); 01308 }
rsbac_boolean_t rsbac_mac_p_truset_member | ( | rsbac_pid_t | pid, | |
rsbac_uid_t | member | |||
) |
Definition at line 1154 of file mac_data_structures.c.
References FALSE, process_handle, RSBAC_ALL_USERS, rsbac_is_initialized(), rsbac_list_lol_subexist(), rsbac_printk(), and TRUE.
Referenced by rsbac_adf_set_attr_mac().
01156 { 01157 if (!rsbac_is_initialized()) { 01158 rsbac_printk(KERN_WARNING "rsbac_mac_p_truset_member(): RSBAC not initialized\n"); 01159 return FALSE; 01160 } 01161 if (in_interrupt()) { 01162 rsbac_printk(KERN_WARNING "rsbac_mac_p_truset_member(): called from interrupt!\n"); 01163 } 01164 if (rsbac_list_lol_subexist(process_handle, &pid, &member)) 01165 return TRUE; 01166 member = RSBAC_ALL_USERS; 01167 return rsbac_list_lol_subexist(process_handle, &pid, &member); 01168 }
int rsbac_mac_remove_f_trusets | ( | rsbac_mac_file_t | file | ) |
Definition at line 1179 of file mac_data_structures.c.
References FALSE, and rsbac_mac_clear_f_truset().
Referenced by rsbac_ta_remove_target().
01180 { 01181 return rsbac_mac_clear_f_truset(FALSE, file); 01182 }
int rsbac_mac_remove_from_f_truset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_mac_file_t | file, | |||
rsbac_uid_t | member | |||
) |
Definition at line 1054 of file mac_data_structures.c.
References device_list_head, rsbac_mac_device_list_item_t::handle, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove().
Referenced by rsbac_mac_remove_f_tru().
01057 { 01058 int err = 0; 01059 u_long dflags; 01060 struct rsbac_mac_device_list_item_t *device_p; 01061 01062 if (!rsbac_is_initialized()) { 01063 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_f_truset(): RSBAC not initialized\n"); 01064 return (-RSBAC_ENOTINITIALIZED); 01065 } 01066 if (in_interrupt()) { 01067 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_f_truset(): called from interrupt!\n"); 01068 } 01069 01070 /* protect device list */ 01071 rsbac_read_lock(&device_list_head.lock, &dflags); 01072 device_p = lookup_device(file.device); 01073 if (!device_p) { 01074 /* trigger rsbac_mount() */ 01075 rsbac_read_unlock(&device_list_head.lock, &dflags); 01076 rsbac_get_super_block(file.device); 01077 /* retry */ 01078 rsbac_read_lock(&device_list_head.lock, &dflags); 01079 device_p = lookup_device(file.device); 01080 if (!device_p) { 01081 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_f_truset(): invalid device %02u:%02u!\n", 01082 RSBAC_MAJOR(file.device), 01083 RSBAC_MINOR(file.device)); 01084 rsbac_read_unlock(&device_list_head.lock, &dflags); 01085 return (-RSBAC_EINVALIDDEV); 01086 } 01087 } 01088 err = rsbac_ta_list_lol_subremove(ta_number, 01089 device_p->handle, 01090 &file.inode, &member); 01091 rsbac_read_unlock(&device_list_head.lock, &dflags); 01092 return (err); 01093 }
int rsbac_mac_remove_from_p_truset | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
rsbac_uid_t | member | |||
) |
Definition at line 1040 of file mac_data_structures.c.
References process_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove().
Referenced by rsbac_mac_remove_p_tru().
01042 { 01043 if (!rsbac_is_initialized()) { 01044 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_p_truset(): RSBAC not initialized\n"); 01045 return (-RSBAC_ENOTINITIALIZED); 01046 } 01047 if (in_interrupt()) { 01048 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_p_truset(): called from interrupt!\n"); 01049 } 01050 return rsbac_ta_list_lol_subremove(ta_number, process_handle, &pid, 01051 &member); 01052 }
int rsbac_mac_remove_p_trusets | ( | rsbac_pid_t | pid | ) |
Definition at line 1174 of file mac_data_structures.c.
References FALSE, and rsbac_mac_clear_p_truset().
Referenced by rsbac_ta_remove_target().
01175 { 01176 return rsbac_mac_clear_p_truset(FALSE, pid); 01177 }
int rsbac_mount_mac | ( | kdev_t | kdev | ) |
Definition at line 816 of file mac_data_structures.c.
References add_device_item(), clear_device_item(), create_device_item(), device_list_head, get_error_name(), rsbac_mac_device_list_head_t::lock, lookup_device(), mac_register_fd_lists(), rsbac_mac_device_list_item_t::mount_count, RSBAC_ECOULDNOTADDDEVICE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), RSBAC_MAXNAMELEN, rsbac_pr_debug, and rsbac_printk().
Referenced by rsbac_mount().
00817 { 00818 int err = 0; 00819 struct rsbac_mac_device_list_item_t *device_p; 00820 struct rsbac_mac_device_list_item_t *new_device_p; 00821 u_long dflags; 00822 00823 if (!rsbac_is_initialized()) { 00824 rsbac_printk(KERN_WARNING "rsbac_mount_mac(): RSBAC not initialized\n"); 00825 return (-RSBAC_ENOTINITIALIZED); 00826 } 00827 rsbac_pr_debug(aef_mac, "mounting device %02u:%02u\n", 00828 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 00829 /* wait for write access to device_list_head */ 00830 rsbac_read_lock(&device_list_head.lock, &dflags); 00831 device_p = lookup_device(kdev); 00832 /* repeated mount? */ 00833 if (device_p) { 00834 rsbac_printk(KERN_WARNING "rsbac_mount_mac: repeated mount %u of device %02u:%02u\n", 00835 device_p->mount_count, RSBAC_MAJOR(kdev), 00836 RSBAC_MINOR(kdev)); 00837 device_p->mount_count++; 00838 rsbac_read_unlock(&device_list_head.lock, &dflags); 00839 return 0; 00840 } 00841 rsbac_read_unlock(&device_list_head.lock, &dflags); 00842 00843 new_device_p = create_device_item(kdev); 00844 if (!new_device_p) 00845 return -RSBAC_ECOULDNOTADDDEVICE; 00846 00847 /* register lists */ 00848 if ((err = mac_register_fd_lists(new_device_p, kdev))) { 00849 char tmp[RSBAC_MAXNAMELEN]; 00850 00851 rsbac_printk(KERN_WARNING "rsbac_mount_mac(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n", 00852 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), 00853 get_error_name(tmp, err)); 00854 } 00855 00856 /* wait for read access to device_list_head */ 00857 rsbac_read_lock(&device_list_head.lock, &dflags); 00858 /* make sure to only add, if this device item has not been added in the meantime */ 00859 device_p = lookup_device(kdev); 00860 if (device_p) { 00861 rsbac_printk(KERN_WARNING "rsbac_mount_mac(): mount race for device %02u:%02u detected!\n", 00862 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 00863 device_p->mount_count++; 00864 rsbac_read_unlock(&device_list_head.lock, &dflags); 00865 clear_device_item(new_device_p); 00866 } else { 00867 rsbac_read_unlock(&device_list_head.lock, &dflags); 00868 rsbac_write_lock_irq(&device_list_head.lock, &dflags); 00869 device_p = add_device_item(new_device_p); 00870 rsbac_write_unlock_irq(&device_list_head.lock, &dflags); 00871 if (!device_p) { 00872 rsbac_printk(KERN_WARNING "rsbac_mount_mac: adding device %02u:%02u failed!\n", 00873 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 00874 clear_device_item(new_device_p); 00875 err = -RSBAC_ECOULDNOTADDDEVICE; 00876 } 00877 } 00878 return (err); 00879 }
int rsbac_stats_mac | ( | void | ) |
Definition at line 921 of file mac_data_structures.c.
References A_none, device_list_head, rsbac_attribute_value_t::dummy, rsbac_mac_device_list_item_t::handle, rsbac_mac_device_list_head_t::head, rsbac_mac_device_list_item_t::id, rsbac_mac_device_list_head_t::lock, rsbac_mac_device_list_item_t::next, process_handle, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_lol_all_subcount(), rsbac_list_lol_count(), rsbac_pr_debug, rsbac_printk(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD.
00922 { 00923 u_long dflags; 00924 struct rsbac_mac_device_list_item_t *device_p; 00925 00926 union rsbac_target_id_t rsbac_target_id; 00927 union rsbac_attribute_value_t rsbac_attribute_value; 00928 00929 if (!rsbac_is_initialized()) { 00930 rsbac_printk(KERN_WARNING "rsbac_stats_mac(): RSBAC not initialized\n"); 00931 return (-RSBAC_ENOTINITIALIZED); 00932 } 00933 rsbac_pr_debug(aef_mac, "calling ADF\n"); 00934 rsbac_target_id.scd = ST_rsbac; 00935 rsbac_attribute_value.dummy = 0; 00936 if (!rsbac_adf_request(R_GET_STATUS_DATA, 00937 current->pid, 00938 T_SCD, 00939 rsbac_target_id, 00940 A_none, rsbac_attribute_value)) { 00941 return -EPERM; 00942 } 00943 00944 rsbac_printk(KERN_INFO "MAC Status\n----------\n"); 00945 00946 rsbac_printk(KERN_INFO "%lu process trusted user set items, sum of %lu members\n", 00947 rsbac_list_lol_count(process_handle), 00948 rsbac_list_lol_all_subcount(process_handle)); 00949 00950 /* protect device list */ 00951 rsbac_read_lock(&device_list_head.lock, &dflags); 00952 device_p = device_list_head.head; 00953 while (device_p) { 00954 rsbac_printk(KERN_INFO "device %02u:%02u has %u file trusted user set items, sum of %u members\n", 00955 RSBAC_MAJOR(device_p->id), 00956 RSBAC_MINOR(device_p->id), 00957 rsbac_list_lol_count(device_p->handle), 00958 rsbac_list_lol_all_subcount(device_p->handle)); 00959 device_p = device_p->next; 00960 } 00961 /* unprotect device list */ 00962 rsbac_read_unlock(&device_list_head.lock, &dflags); 00963 return 0; 00964 }
int rsbac_umount_mac | ( | kdev_t | kdev | ) |
Definition at line 883 of file mac_data_structures.c.
References device_list_head, rsbac_mac_device_list_head_t::lock, lookup_device(), rsbac_mac_device_list_item_t::mount_count, remove_device_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_pr_debug, and rsbac_printk().
Referenced by rsbac_umount().
00884 { 00885 u_long flags; 00886 struct rsbac_mac_device_list_item_t *device_p; 00887 00888 if (!rsbac_is_initialized()) { 00889 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n"); 00890 return (-RSBAC_ENOTINITIALIZED); 00891 } 00892 rsbac_pr_debug(aef_mac, "umounting device %02u:%02u\n", 00893 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 00894 /* sync of attribute lists was done in rsbac_umount */ 00895 /* wait for write access to device_list_head */ 00896 rsbac_write_lock(&device_list_head.lock, &flags); 00897 /* OK, nobody else is working on it... */ 00898 device_p = lookup_device(kdev); 00899 if (device_p) { 00900 if (device_p->mount_count == 1) 00901 remove_device_item(kdev); 00902 else { 00903 if (device_p->mount_count > 1) { 00904 device_p->mount_count--; 00905 } else { 00906 rsbac_printk(KERN_WARNING "rsbac_mount_mac: device %02u:%02u has mount_count < 1!\n", 00907 RSBAC_MAJOR(kdev), 00908 RSBAC_MINOR(kdev)); 00909 } 00910 } 00911 } 00912 00913 /* allow access */ 00914 rsbac_write_unlock(&device_list_head.lock, &flags); 00915 return 0; 00916 }