/linux-2.6.21.1-rsbac-1.3.4/rsbac/help/getname.c

Go to the documentation of this file.
00001 /************************************* */
00002 /* Rule Set Based Access Control       */
00003 /* Author and (c) 1999-2006:           */
00004 /*   Amon Ott <ao@rsbac.org>           */
00005 /* Helper functions for all parts      */
00006 /* Last modified: 30/Oct/2006          */
00007 /************************************* */
00008 
00009 #include <rsbac/types.h>
00010 #include <rsbac/getname.h>
00011 #include <rsbac/helpers.h>
00012 #include <rsbac/error.h>
00013 #include <rsbac/pax_getname.h>
00014 
00015 #ifdef __KERNEL__
00016 #include <linux/string.h>
00017 #include <linux/module.h>
00018 #include <linux/fs.h>
00019 #include <linux/kernel.h>
00020 #include <linux/netdevice.h>
00021 #include <linux/inetdevice.h>
00022 #include <rsbac/rkmem.h>
00023 #include <rsbac/network.h>
00024 #include <rsbac/net_getname.h>
00025 #else
00026 #include <string.h>
00027 #include <stdio.h>
00028 #include <errno.h>
00029 #endif
00030 
00031 static char request_list[R_NONE + 1][24] = {
00032         "ADD_TO_KERNEL",
00033         "ALTER",
00034         "APPEND_OPEN",
00035         "CHANGE_GROUP",
00036         "CHANGE_OWNER",
00037         "CHDIR",
00038         "CLONE",
00039         "CLOSE",
00040         "CREATE",
00041         "DELETE",
00042         "EXECUTE",
00043         "GET_PERMISSIONS_DATA",
00044         "GET_STATUS_DATA",
00045         "LINK_HARD",
00046         "MODIFY_ACCESS_DATA",
00047         "MODIFY_ATTRIBUTE",
00048         "MODIFY_PERMISSIONS_DATA",
00049         "MODIFY_SYSTEM_DATA",
00050         "MOUNT",
00051         "READ",
00052         "READ_ATTRIBUTE",
00053         "READ_WRITE_OPEN",
00054         "READ_OPEN",
00055         "REMOVE_FROM_KERNEL",
00056         "RENAME",
00057         "SEARCH",
00058         "SEND_SIGNAL",
00059         "SHUTDOWN",
00060         "SWITCH_LOG",
00061         "SWITCH_MODULE",
00062         "TERMINATE",
00063         "TRACE",
00064         "TRUNCATE",
00065         "UMOUNT",
00066         "WRITE",
00067         "WRITE_OPEN",
00068         "MAP_EXEC",
00069         "BIND",
00070         "LISTEN",
00071         "ACCEPT",
00072         "CONNECT",
00073         "SEND",
00074         "RECEIVE",
00075         "NET_SHUTDOWN",
00076         "CHANGE_DAC_EFF_OWNER",
00077         "CHANGE_DAC_FS_OWNER",
00078         "CHANGE_DAC_EFF_GROUP",
00079         "CHANGE_DAC_FS_GROUP",
00080         "IOCTL",
00081         "LOCK",
00082         "AUTHENTICATE",
00083         "NONE"
00084 };
00085 
00086 static char result_list[UNDEFINED + 1][12] = {
00087         "NOT_GRANTED",
00088         "GRANTED",
00089         "DO_NOT_CARE",
00090         "UNDEFINED"
00091 };
00092 
00093 static rsbac_switch_target_int_t attr_mod_list[A_none + 1] = {
00094         SW_GEN,                 /* pseudo */
00095         SW_MAC,                 /* security_level */
00096         SW_MAC,                 /* initial_security_level */
00097         SW_MAC,                 /* local_sec_level */
00098         SW_MAC,                 /* remote_sec_level */
00099         SW_MAC,                 /* min_security_level */
00100         SW_MAC,                 /* mac_categories */
00101         SW_MAC,                 /* mac_initial_categories */
00102         SW_MAC,                 /* local_mac_categories */
00103         SW_MAC,                 /* remote_mac_categories */
00104         SW_MAC,                 /* mac_min_categories */
00105         SW_MAC,                 /* mac_user_flags */
00106         SW_MAC,                 /* mac_process_flags */
00107         SW_MAC,                 /* mac_file_flags */
00108         SW_NONE,                /* system_role */
00109         SW_MAC,                 /* mac_role */
00110         SW_DAZ,                 /* daz_role */
00111         SW_FF,                  /* ff_role */
00112         SW_AUTH,                        /* auth_role */
00113         SW_CAP,                 /* cap_role */
00114         SW_JAIL,                        /* jail_role */
00115         SW_PAX,                 /* pax_role */
00116         SW_MAC,                 /* current_sec_level */
00117         SW_MAC,                 /* mac_curr_categories */
00118         SW_MAC,                 /* min_write_open */
00119         SW_MAC,                 /* min_write_categories */
00120         SW_MAC,                 /* max_read_open */
00121         SW_MAC,                 /* max_read_categories */
00122         SW_MAC,                 /* mac_auto */
00123         SW_MAC,                 /* mac_check */
00124         SW_MAC,                 /* mac_prop_trusted */
00125         SW_PM,                  /* pm_role */
00126         SW_PM,                  /* pm_process_type */
00127         SW_PM,                  /* pm_current_task */
00128         SW_PM,                  /* pm_object_class */
00129         SW_PM,                  /* local_pm_object_class */
00130         SW_PM,                  /* remote_pm_object_class */
00131         SW_PM,                  /* pm_ipc_purpose */
00132         SW_PM,                  /* local_pm_ipc_purpose */
00133         SW_PM,                  /* remote_pm_ipc_purpose */
00134         SW_PM,                  /* pm_object_type */
00135         SW_PM,                  /* local_pm_object_type */
00136         SW_PM,                  /* remote_pm_object_type */
00137         SW_PM,                  /* pm_program_type */
00138         SW_PM,                  /* pm_tp */
00139         SW_PM,                  /* pm_task_set */
00140         SW_DAZ,                 /* daz_scanned */
00141         SW_DAZ,                 /* daz_scanner */
00142         SW_FF,                  /* ff_flags */
00143         SW_RC,                  /* rc_type */
00144         SW_RC,                  /* rc_select_type */
00145         SW_RC,                  /* local_rc_type */
00146         SW_RC,                  /* remote_rc_type */
00147         SW_RC,                  /* rc_type_fd */
00148         SW_RC,                  /* rc_type_nt */
00149         SW_RC,                  /* rc_force_role */
00150         SW_RC,                  /* rc_initial_role */
00151         SW_RC,                  /* rc_role */
00152         SW_RC,                  /* rc_def_role */
00153         SW_AUTH,                        /* auth_may_setuid */
00154         SW_AUTH,                        /* auth_may_set_cap */
00155         SW_AUTH,                        /* auth_learn */
00156         SW_CAP,                 /* min_caps */
00157         SW_CAP,                 /* max_caps */
00158         SW_CAP,                 /* max_caps_user */
00159         SW_CAP,                 /* max_caps_program */
00160         SW_JAIL,                        /* jail_id */
00161         SW_JAIL,                        /* jail_parent */
00162         SW_JAIL,                        /* jail_ip */
00163         SW_JAIL,                        /* jail_flags */
00164         SW_JAIL,                        /* jail_max_caps */
00165         SW_JAIL,                        /* jail_scd_get */
00166         SW_JAIL,                        /* jail_scd_modify */
00167         SW_PAX,                 /* pax_flags */
00168         SW_RES,                 /* res_role */
00169         SW_RES,                 /* res_min */
00170         SW_RES,                 /* res_max */
00171         SW_GEN,                 /* log_array_low */
00172         SW_GEN,                 /* local_log_array_low */
00173         SW_GEN,                 /* remote_log_array_low */
00174         SW_GEN,                 /* log_array_high */
00175         SW_GEN,                 /* local_log_array_high */
00176         SW_GEN,                 /* remote_log_array_high */
00177         SW_GEN,                 /* log_program_based */
00178         SW_GEN,                 /* log_user_based */
00179         SW_GEN,                 /* symlink_add_remote_ip */
00180         SW_GEN,                 /* symlink_add_uid */
00181         SW_GEN,                 /* symlink_add_mac_level */
00182         SW_GEN,                 /* symlink_add_rc_role */
00183         SW_GEN,                 /* linux_dac_disable */
00184         SW_CAP,                 /* cap_process_hiding */
00185         SW_GEN,                 /* fake_root_uid */
00186         SW_GEN,                 /* audit_uid */
00187         SW_GEN,                 /* auid_exempt */
00188         SW_AUTH,                        /* auth_last_auth */
00189         SW_GEN,                 /* remote_ip */
00190         SW_CAP,                 /* cap_ld_env */
00191         SW_DAZ,                 /* daz_do_scan */
00192 #ifdef __KERNEL__
00193         /* adf-request helpers */
00194         SW_NONE,                /* group */
00195         SW_NONE,                /* signal */
00196         SW_NONE,                /* mode */
00197         SW_NONE,                /* nlink */
00198         SW_NONE,                /* switch_target */
00199         SW_NONE,                /* mod_name */
00200         SW_NONE,                /* request */
00201         SW_NONE,                /* trace_request */
00202         SW_NONE,                /* auth_add_f_cap */
00203         SW_NONE,                /* auth_remove_f_cap */
00204         SW_NONE,                /* auth_get_caplist */
00205         SW_NONE,                /* prot_bits */
00206         SW_NONE,                /* internal */
00207         SW_NONE,                /* create_data */
00208         SW_NONE,                /* new_object */
00209         SW_NONE,                /* rlimit */
00210         SW_NONE,                /* new_dir_dentry_p */
00211         SW_NONE,                /* auth_program_file */
00212         SW_NONE,                /* auth_start_uid */
00213         SW_NONE,                /* auth_start_euid */
00214         SW_NONE,                /* auth_start_gid */
00215         SW_NONE,                /* auth_start_egid */
00216         SW_NONE,                /* acl_learn */
00217         SW_NONE,                /* priority */
00218         SW_NONE,                /* pgid */
00219         SW_NONE,                /* kernel_thread */
00220         SW_NONE,                /* open_flag */
00221         SW_NONE,                /* reboot_cmd */
00222         SW_NONE,                /* setsockopt_level */
00223         SW_NONE,                /* ioctl_cmd */
00224         SW_NONE,                /* f_mode */
00225         SW_NONE,                /* process */
00226         SW_NONE,                /* sock_type */
00227 #endif
00228         SW_NONE /* none */
00229 };
00230 
00231 static char attribute_list[A_none + 1][23] = {
00232         "pseudo",
00233         "security_level",
00234         "initial_security_level",
00235         "local_sec_level",
00236         "remote_sec_level",
00237         "min_security_level",
00238         "mac_categories",
00239         "mac_initial_categories",
00240         "local_mac_categories",
00241         "remote_mac_categories",
00242         "mac_min_categories",
00243         "mac_user_flags",
00244         "mac_process_flags",
00245         "mac_file_flags",
00246         "system_role",
00247         "mac_role",
00248         "daz_role",
00249         "ff_role",
00250         "auth_role",
00251         "cap_role",
00252         "jail_role",
00253         "pax_role",
00254         "current_sec_level",
00255         "mac_curr_categories",
00256         "min_write_open",
00257         "min_write_categories",
00258         "max_read_open",
00259         "max_read_categories",
00260         "mac_auto",
00261         "mac_check",
00262         "mac_prop_trusted",
00263         "pm_role",
00264         "pm_process_type",
00265         "pm_current_task",
00266         "pm_object_class",
00267         "local_pm_object_class",
00268         "remote_pm_object_class",
00269         "pm_ipc_purpose",
00270         "local_pm_ipc_purpose",
00271         "remote_pm_ipc_purpose",
00272         "pm_object_type",
00273         "local_pm_object_type",
00274         "remote_pm_object_type",
00275         "pm_program_type",
00276         "pm_tp",
00277         "pm_task_set",
00278         "daz_scanned",
00279         "daz_scanner",
00280         "ff_flags",
00281         "rc_type",
00282         "rc_select_type",
00283         "local_rc_type",
00284         "remote_rc_type",
00285         "rc_type_fd",
00286         "rc_type_nt",
00287         "rc_force_role",
00288         "rc_initial_role",
00289         "rc_role",
00290         "rc_def_role",
00291         "auth_may_setuid",
00292         "auth_may_set_cap",
00293         "auth_learn",
00294         "min_caps",
00295         "max_caps",
00296         "max_caps_user",
00297         "max_caps_program",
00298         "jail_id",
00299         "jail_parent",
00300         "jail_ip",
00301         "jail_flags",
00302         "jail_max_caps",
00303         "jail_scd_get",
00304         "jail_scd_modify",
00305         "pax_flags",
00306         "res_role",
00307         "res_min",
00308         "res_max",
00309         "log_array_low",
00310         "local_log_array_low",
00311         "remote_log_array_low",
00312         "log_array_high",
00313         "local_log_array_high",
00314         "remote_log_array_high",
00315         "log_program_based",
00316         "log_user_based",
00317         "symlink_add_remote_ip",
00318         "symlink_add_uid",
00319         "symlink_add_mac_level",
00320         "symlink_add_rc_role",
00321         "linux_dac_disable",
00322         "cap_process_hiding",
00323         "fake_root_uid",
00324         "audit_uid",
00325         "auid_exempt",
00326         "auth_last_auth",
00327         "remote_ip",
00328         "cap_ld_env",
00329         "daz_do_scan",
00330 #ifdef __KERNEL__
00331         /* adf-request helpers */
00332         "owner",
00333         "group",
00334         "signal",
00335         "mode",
00336         "nlink",
00337         "switch_target",
00338         "mod_name",
00339         "request",
00340         "trace_request",
00341         "auth_add_f_cap",
00342         "auth_remove_f_cap",
00343         "auth_get_caplist",
00344         "prot_bits",
00345         "internal",
00346         "create_data",
00347         "new_object",
00348         "rlimit",
00349         "new_dir_dentry_p",
00350         "auth_program_file",
00351         "auth_start_uid",
00352         "auth_start_euid",
00353         "auth_start_gid",
00354         "auth_start_egid",
00355         "acl_learn",
00356         "priority",
00357         "pgid",
00358         "kernel_thread",
00359         "open_flag",
00360         "reboot_cmd",
00361         "setsockopt_level",
00362         "ioctl_cmd",
00363         "f_mode",
00364         "process",
00365         "sock_type",
00366 #endif
00367         "none"
00368 };
00369 
00370 static char target_list[T_NONE + 1][11] = {
00371         "FILE",
00372         "DIR",
00373         "FIFO",
00374         "SYMLINK",
00375         "DEV",
00376         "IPC",
00377         "SCD",
00378         "USER",
00379         "PROCESS",
00380         "NETDEV",
00381         "NETTEMP",
00382         "NETOBJ",
00383         "NETTEMP_NT",
00384         "GROUP",
00385         "FD",
00386         "UNIXSOCK",
00387         "NONE"
00388 };
00389 
00390 static char ipc_target_list[I_none + 1][9] = {
00391         "sem",
00392         "msg",
00393         "shm",
00394         "anonpipe",
00395         "mqueue",
00396         "anonunix",
00397         "none"
00398 };
00399 
00400 static char switch_target_list[SW_NONE + 1][12] = {
00401         "GEN",
00402         "MAC",
00403         "PM",
00404         "DAZ",
00405         "FF",
00406         "RC",
00407         "AUTH",
00408         "REG",
00409         "ACL",
00410         "CAP",
00411         "JAIL",
00412         "RES",
00413         "PAX",
00414         "SOFTMODE",
00415         "DAC_DISABLE",
00416         "UM",
00417         "FREEZE",
00418         "NONE"
00419 };
00420 
00421 static char error_list[RSBAC_EMAX][26] = {
00422         "RSBAC_EPERM",
00423         "RSBAC_EACCESS",
00424         "RSBAC_EREADFAILED",
00425         "RSBAC_EWRITEFAILED",
00426         "RSBAC_EINVALIDPOINTER",
00427         "RSBAC_ENOROOTDIR",
00428         "RSBAC_EPATHTOOLONG",
00429         "RSBAC_ENOROOTDEV",
00430         "RSBAC_ENOTFOUND",
00431         "RSBAC_ENOTINITIALIZED",
00432         "RSBAC_EREINIT",
00433         "RSBAC_ECOULDNOTADDDEVICE",
00434         "RSBAC_ECOULDNOTADDITEM",
00435         "RSBAC_ECOULDNOTCREATEPATH",
00436         "RSBAC_EINVALIDATTR",
00437         "RSBAC_EINVALIDDEV",
00438         "RSBAC_EINVALIDTARGET",
00439         "RSBAC_EINVALIDVALUE",
00440         "RSBAC_EEXISTS",
00441         "RSBAC_EINTERNONLY",
00442         "RSBAC_EINVALIDREQUEST",
00443         "RSBAC_ENOTWRITABLE",
00444         "RSBAC_EMALWAREDETECTED",
00445         "RSBAC_ENOMEM",
00446         "RSBAC_EDECISIONMISMATCH",
00447         "RSBAC_EINVALIDVERSION",
00448         "RSBAC_EINVALIDMODULE",
00449         "RSBAC_EEXPIRED",
00450         "RSBAC_EMUSTCHANGE",
00451         "RSBAC_EBUSY",
00452         "RSBAC_EINVALIDTRANSACTION",
00453         "RSBAC_EWEAKPASSWORD",
00454         "RSBAC_EINVALIDLIST"
00455 };
00456 
00457 static char scd_type_list[ST_none + 1][17] = {
00458         "time_strucs",
00459         "clock",
00460         "host_id",
00461         "net_id",
00462         "ioports",
00463         "rlimit",
00464         "swap",
00465         "syslog",
00466         "rsbac",
00467         "rsbac_log",
00468         "other",
00469         "kmem",
00470         "network",
00471         "firewall",
00472         "priority",
00473         "sysfs",
00474         "rsbac_remote_log",
00475         "quota",
00476         "sysctl",
00477         "nfsd",
00478         "ksyms",
00479         "mlock",
00480         "capability",
00481         "kexec",
00482         "none"
00483 };
00484 
00485 /* Attribute types */
00486 
00487 #ifndef __KERNEL__
00488 static char attribute_param_list[A_none + 1][194] = {
00489         "user-pseudo (positive long integer)", /* pseudo */
00490         "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252", /* security_level */
00491         "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252", /* initial_security_level */
00492         "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252", /* local_sec_level */
00493         "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252", /* remote_sec_level */
00494         "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252", /* min_security_level */
00495         "Bit Set String of length 64 for all categories", /* mac_categories */
00496         "Bit Set String of length 64 for all categories", /* mac_initial_categories */
00497         "Bit Set String of length 64 for all categories", /* local_mac_categories */
00498         "Bit Set String of length 64 for all categories", /* remote_mac_categories */
00499         "Bit Set String of length 64 for all categories", /* mac_min_categories */
00500         "1 = override, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down, 64 = allow_mac_auto", /* mac_user_flags */
00501         "1 = override, 2 = auto, 4 = trusted, 8 = write_up,\n\t16 = read_up, 32 = write_down, 128 = prop_trusted", /* mac_process_flags */
00502         "2 = auto, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down", /* mac_file_flags */
00503         "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", /* system_role */
00504         "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", /* mac_role */
00505         "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", /* daz_role */
00506         "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", /* ff_role */
00507         "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", /* auth_role */
00508         "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", /* cap_role */
00509         "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", /* jail_role */
00510         "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", /* pax_role */
00511         "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252", /* current_sec_level */
00512         "Bit Set String of length 64 for all categories", /* mac_curr_categories */
00513         "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252", /* min_write_open */
00514         "Bit Set String of length 64 for all categories", /* min_write_categories */
00515         "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252", /* max_read_open */
00516         "Bit Set String of length 64 for all categories", /* max_read_categories */
00517         "0 = no, 1 = yes, 2 = inherit (default value)", /* mac_auto */
00518         "0 = false, 1 = true", /* mac_check */
00519         "0 = false, 1 = true", /* mac_prop_trusted */
00520         "0 = user, 1 = security officer, 2 = data protection officer,\n\t3 = TP-manager, 4 = system-admin", /* pm_role */
00521         "0 = none, 1 = TP", /* pm_process_type */
00522         "Task-ID (positive integer)", /* pm_current_task */
00523         "Class-ID (positive integer)", /* pm_object_class */
00524         "Class-ID (positive integer)", /* local_pm_object_class */
00525         "Class-ID (positive integer)", /* remote_pm_object_class */
00526         "Purpose-ID (positive integer)", /* pm_ipc_purpose */
00527         "Purpose-ID (positive integer)", /* local_pm_ipc_purpose */
00528         "Purpose-ID (positive integer)", /* remote_pm_ipc_purpose */
00529         "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir", /* pm_object_type */
00530         "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir", /* local_pm_object_type */
00531         "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir", /* remote_pm_object_type */
00532         "0 = none, 1 = TP", /* pm_program_type */
00533         "TP-ID (positive integer)", /* pm_tp */
00534         "pm-task-list-ID (positive integer)", /* pm_task_set */
00535         "0 = unscanned, 1 = infected, 2 = clean", /* daz_scanned */
00536         "0 = FALSE, 1 = TRUE", /* daz_scanner */
00537         "1 = read_only, 2 = execute_only, 4 = search_only, 8 = write_only,\n\t16 = secure_delete, 32 = no_execute, 64 = no_delete_or_rename,\n\t128 = add_inherited (or'd), 256 = append_only, 512 = no_mount", /* ff_flags */
00538         "RC-type-id", /* rc_type */
00539         "RC-type-id (-7 = use fd)", /* rc_select_type */
00540         "RC-type-id", /* local_rc_type */
00541         "RC-type-id", /* remote_rc_type */
00542         "RC-type-id (-2 = inherit from parent)", /* rc_type_fd */
00543         "RC-type-id", /* rc_type_nt */
00544         "RC-role-id (-1 = inherit_user, -2 = inherit_process (keep),\n\t-3 = inherit_parent (def.),\n\t-4 = inherit_user_on_chown_only (root default)", /* rc_force_role */
00545         "RC-role-id (-3 = inherit_parent (default),\n\t-5 = use_force_role (root default)", /* rc_initial_role */
00546         "RC-role-id", /* rc_role */
00547         "RC-role-id", /* rc_def_role */
00548         "0 = off, 1 = full, 2 = last_auth_only, 3 = last_auth_and_gid", /* auth_may_setuid */
00549         "0 = false, 1 = true", /* auth_may_set_cap */
00550         "0 = false, 1 = true", /* auth_learn */
00551         "Bit-Vector value or name list of desired caps", /* min_caps */
00552         "Bit-Vector value or name list of desired caps", /* max_caps */
00553         "Bit-Vector value or name list of desired caps", /* max_caps_user */
00554         "Bit-Vector value or name list of desired caps", /* max_caps_program */
00555         "JAIL ID (0 = off)", /* jail_id */
00556         "JAIL ID (0 = no parent jail)", /* jail_parent */
00557         "JAIL IP address a.b.c.d", /* jail_ip */
00558         "JAIL flags (or'd, 1 = allow external IPC, 2 = allow all net families,\n\t4 = allow_rlimit, 8 = allow raw IP, 16 = auto adjust IP,\n\t32 = allow localhost, 64 = allow scd clock)", /* jail_flags */
00559         "Bit-Vector value or name list of desired caps", /* jail_max_caps */
00560         "List of SCD targets", /* jail_scd_get */
00561         "List of SCD targets", /* jail_scd_modify */
00562         "PAX flags with capital=on, non-capital=off, e.g. PeMRxS", /* pax_flags */
00563         "0 = user, 1 = security officer, 2 = administrator", /* res_role */
00564         "array of non-negative integer values, all 0 for unset", /* res_min */
00565         "array of non-negative integer values, all 0 for unset", /* res_max */
00566         "Bit-String for all Requests, low bit", /* log_array_low */
00567         "Bit-String for all Requests, low bit", /* local_log_array_low */
00568         "Bit-String for all Requests, low bit", /* remote_log_array_low */
00569         "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)", /* log_array_high */
00570         "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)", /* local_log_array_high */
00571         "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)", /* remote_log_array_high */
00572         "Bit-String for all Requests", /* log_program_based */
00573         "Bit-String for all Requests", /* log_user_based */
00574         "Number of bytes to add, 0 to turn off", /* symlink_add_remote_ip */
00575         "0 = false, 1 = true", /* symlink_add_uid */
00576         "0 = false, 1 = true", /* symlink_add_mac_level */
00577         "0 = false, 1 = true", /* symlink_add_rc_role */
00578         "0 = false, 1 = true, 2 = inherit (default)", /* linux_dac_disable */
00579         "0 = off (default), 1 = from other users, 2 = full", /* cap_process_hiding */
00580         "0 = off (default), 1 = uid_only, 2 = euid_only, 3 = both", /* fake_root_uid */
00581         "-3 = unset, uid otherwise", /* audit_uid */
00582         "-3 = unset, uid otherwise", /* auid_exempt */
00583         "-3 = unset, uid otherwise", /* auth_last_auth */
00584         "32 Bit value in network byte order", /* remote_ip */
00585         "0 = disallow executing of program file with LD_ variables set,\n\t1 = do not care (default)", /* cap_ld_env */
00586         "0 = never, 1 = registered, 2 = always, 3 = inherit",
00587         "INVALID!"
00588 };
00589 #endif
00590 
00591 static char log_level_list[LL_invalid + 1][9] = {
00592         "none",
00593         "denied",
00594         "full",
00595         "request",
00596         "invalid!"
00597 };
00598 
00599 static char cap_list[RSBAC_CAP_MAX + 1][17] = {
00600         "CHOWN",
00601         "DAC_OVERRIDE",
00602         "DAC_READ_SEARCH",
00603         "FOWNER",
00604         "FSETID",
00605         "KILL",
00606         "SETGID",
00607         "SETUID",
00608         "SETPCAP",
00609         "LINUX_IMMUTABLE",
00610         "NET_BIND_SERVICE",
00611         "NET_BROADCAST",
00612         "NET_ADMIN",
00613         "NET_RAW",
00614         "IPC_LOCK",
00615         "IPC_OWNER",
00616         "SYS_MODULE",
00617         "SYS_RAWIO",
00618         "SYS_CHROOT",
00619         "SYS_PTRACE",
00620         "SYS_PACCT",
00621         "SYS_ADMIN",
00622         "SYS_BOOT",
00623         "SYS_NICE",
00624         "SYS_RESOURCE",
00625         "SYS_TIME",
00626         "SYS_TTY_CONFIG",
00627         "MKNOD",
00628         "LEASE",
00629         "NONE"
00630 };
00631 
00632 /*****************************************/
00633 
00634 #ifdef __KERNEL__
00635 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00636 EXPORT_SYMBOL(get_request_name);
00637 #endif
00638 #endif
00639 
00640 char *get_request_name(char *request_name,
00641                        enum rsbac_adf_request_t request)
00642 {
00643         if (!request_name)
00644                 return (NULL);
00645         if (request >= R_NONE)
00646                 strcpy(request_name, "ERROR!");
00647         else
00648                 strcpy(request_name, request_list[request]);
00649         return (request_name);
00650 }
00651 
00652 enum rsbac_adf_request_t get_request_nr(const char *request_name)
00653 {
00654         enum rsbac_adf_request_t i;
00655 
00656         if (!request_name)
00657                 return (R_NONE);
00658         for (i = 0; i < R_NONE; i++) {
00659                 if (!strcmp(request_name, request_list[i])) {
00660                         return (i);
00661                 }
00662         }
00663         return (R_NONE);
00664 }
00665 
00666 
00667 char *get_result_name(char *res_name, enum rsbac_adf_req_ret_t res)
00668 {
00669         if (!res_name)
00670                 return (NULL);
00671         if (res > UNDEFINED)
00672                 strcpy(res_name, "ERROR!");
00673         else
00674                 strcpy(res_name, result_list[res]);
00675         return (res_name);
00676 }
00677 
00678 enum rsbac_adf_req_ret_t get_result_nr(const char *res_name)
00679 {
00680         enum rsbac_adf_req_ret_t i;
00681 
00682         if (!res_name)
00683                 return (UNDEFINED);
00684         for (i = 0; i < UNDEFINED; i++) {
00685                 if (!strcmp(res_name, result_list[i])) {
00686                         return (i);
00687                 }
00688         }
00689         return (UNDEFINED);
00690 }
00691 
00692 
00693 enum rsbac_switch_target_t get_attr_module(enum rsbac_attribute_t attr)
00694 {
00695         if (attr > A_none)
00696                 return SW_NONE;
00697         else
00698                 return attr_mod_list[attr];
00699 }
00700 
00701 #ifdef __KERNEL__
00702 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00703 EXPORT_SYMBOL(get_attribute_name);
00704 #endif
00705 #endif
00706 
00707 char *get_attribute_name(char *attr_name, enum rsbac_attribute_t attr)
00708 {
00709         if (!attr_name)
00710                 return (NULL);
00711         if (attr > A_none)
00712                 strcpy(attr_name, "ERROR!");
00713         else
00714                 strcpy(attr_name, attribute_list[attr]);
00715         return (attr_name);
00716 }
00717 
00718 enum rsbac_attribute_t get_attribute_nr(const char *attr_name)
00719 {
00720         enum rsbac_attribute_t i;
00721 
00722         if (!attr_name)
00723                 return (A_none);
00724         for (i = 0; i < A_none; i++) {
00725                 if (!strcmp(attr_name, attribute_list[i])) {
00726                         return (i);
00727                 }
00728         }
00729         return (A_none);
00730 }
00731 
00732 #ifdef __KERNEL__
00733 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00734 EXPORT_SYMBOL(get_attribute_value_name);
00735 #endif
00736 #endif
00737 
00738 char *get_attribute_value_name(char *attr_val_name,
00739                                enum rsbac_attribute_t attr,
00740                                union rsbac_attribute_value_t *attr_val_p)
00741 {
00742         if (!attr_val_name)
00743                 return (NULL);
00744         if (attr > A_none)
00745                 strcpy(attr_val_name, "ERROR!");
00746         else
00747                 switch (attr) {
00748                 case A_none:
00749                         strcpy(attr_val_name, "none");
00750                         break;
00751 #ifdef __KERNEL__
00752                 case A_create_data:
00753                         {
00754                                 char *tmp =
00755                                     rsbac_kmalloc(RSBAC_MAXNAMELEN);
00756 
00757                                 if (tmp) {
00758                                         if (attr_val_p->create_data.
00759                                             dentry_p)
00760                                                 snprintf(attr_val_name,
00761                                                          RSBAC_MAXNAMELEN -
00762                                                          1,
00763                                                          "%s %s, mode %o",
00764                                                          get_target_name_only
00765                                                          (tmp,
00766                                                           attr_val_p->
00767                                                           create_data.
00768                                                           target),
00769                                                          attr_val_p->
00770                                                          create_data.
00771                                                          dentry_p->d_name.
00772                                                          name,
00773                                                          attr_val_p->
00774                                                          create_data.
00775                                                          mode & S_IALLUGO);
00776                                         else
00777                                                 snprintf(attr_val_name,
00778                                                          RSBAC_MAXNAMELEN -
00779                                                          1, "%s, mode %o",
00780                                                          get_target_name_only
00781                                                          (tmp,
00782                                                           attr_val_p->
00783                                                           create_data.
00784                                                           target),
00785                                                          attr_val_p->
00786                                                          create_data.
00787                                                          mode & S_IALLUGO);
00788                                         rsbac_kfree(tmp);
00789                                 }
00790                         }
00791                         break;
00792                 case A_mode:
00793                         sprintf(attr_val_name, "%o", attr_val_p->mode);
00794                         break;
00795                 case A_priority:
00796                         sprintf(attr_val_name, "%i", attr_val_p->priority);
00797                         break;
00798                 case A_mod_name:
00799                         if (attr_val_p->mod_name)
00800                                 strncpy(attr_val_name,
00801                                         attr_val_p->mod_name,
00802                                         RSBAC_MAXNAMELEN - 1);
00803                         else
00804                                 strcpy(attr_val_name, "unknown");
00805                         attr_val_name[RSBAC_MAXNAMELEN - 1] = 0;
00806                         break;
00807                 case A_auth_add_f_cap:
00808                 case A_auth_remove_f_cap:
00809                         sprintf(attr_val_name, "%u:%u",
00810                                 attr_val_p->auth_cap_range.first,
00811                                 attr_val_p->auth_cap_range.last);
00812                         break;
00813                 case A_switch_target:
00814                         get_switch_target_name(attr_val_name,
00815                                                attr_val_p->switch_target);
00816                         break;
00817                 case A_request:
00818                         get_request_name(attr_val_name,
00819                                          attr_val_p->request);
00820                         break;
00821                 case A_sock_type:
00822                         rsbac_get_net_type_name(attr_val_name,
00823                                         attr_val_p->sock_type);
00824                         break;
00825 #endif
00826 #if defined(CONFIG_RSBAC_PAX) || !defined(__KERNEL__)
00827                 case A_pax_flags:
00828                         pax_print_flags(attr_val_name,
00829                                         attr_val_p->pax_flags);
00830                         break;
00831 #endif
00832 #if defined(CONFIG_RSBAC_AUTH) || !defined(__KERNEL__)
00833                 case A_auth_last_auth:
00834 #if defined(CONFIG_RSBAC_AUTH_LEARN) && defined(__KERNEL__)
00835                 case A_auth_start_uid:
00836                 case A_auth_start_euid:
00837 #endif
00838                         sprintf(attr_val_name, "%u",
00839                                 attr_val_p->auth_last_auth);
00840                         break;
00841 #endif
00842 #ifdef CONFIG_RSBAC_AUTH_GROUP
00843                 case A_auth_start_gid:
00844 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
00845                 case A_auth_start_egid:
00846 #endif
00847                         sprintf(attr_val_name, "%u",
00848                                 attr_val_p->auth_start_gid);
00849                         break;
00850 #endif
00851                 default:
00852                         snprintf(attr_val_name, RSBAC_MAXNAMELEN - 1, "%u",
00853                                  attr_val_p->u_dummy);
00854                 }
00855         return (attr_val_name);
00856 }
00857 
00858 
00859 #ifdef __KERNEL__
00860 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00861 EXPORT_SYMBOL(get_scd_type_name);
00862 #endif
00863 #endif
00864 
00865 char *get_scd_type_name(char *res_name, enum rsbac_scd_type_t res)
00866 {
00867         if (!res_name)
00868                 return (NULL);
00869         if (res > ST_none)
00870                 strcpy(res_name, "ERROR!");
00871         else
00872                 strcpy(res_name, scd_type_list[res]);
00873         return (res_name);
00874 }
00875 
00876 enum rsbac_scd_type_t get_scd_type_nr(const char *res_name)
00877 {
00878         enum rsbac_scd_type_t i;
00879 
00880         if (!res_name)
00881                 return (ST_none);
00882         for (i = 0; i < ST_none; i++) {
00883                 if (!strcmp(res_name, scd_type_list[i])) {
00884                         return (i);
00885                 }
00886         }
00887         return (ST_none);
00888 }
00889 
00890 
00891 #ifdef __KERNEL__
00892 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00893 EXPORT_SYMBOL(get_target_name);
00894 #endif
00895 #endif
00896 
00897 char *get_target_name(char *target_type_name,
00898                       enum rsbac_target_t target,
00899                       char *target_id_name, union rsbac_target_id_t tid)
00900 {
00901 #ifdef __KERNEL__
00902         char *help_name;
00903 #else
00904         char help_name[RSBAC_MAXNAMELEN + 4];
00905 #endif
00906 
00907         if (!target_type_name)
00908                 return (NULL);
00909 
00910 #ifdef __KERNEL__
00911 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00912         help_name = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + 4);
00913 #else
00914         help_name = rsbac_kmalloc(RSBAC_MAXNAMELEN + 4);
00915 #endif
00916         if (!help_name)
00917                 return NULL;
00918 #endif
00919 
00920         switch (target) {
00921 #ifdef __KERNEL__
00922         case T_FD:
00923                 strcpy(target_type_name, "FD");
00924                 if (!target_id_name)
00925                         break;
00926                 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00927                         RSBAC_MAJOR(tid.file.device),
00928                         RSBAC_MINOR(tid.file.device), tid.file.inode);
00929                 if (tid.file.dentry_p && tid.file.dentry_p->d_name.name
00930                     && tid.file.dentry_p->d_name.len) {
00931 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00932                         if (rsbac_get_full_path
00933                             (tid.file.dentry_p, help_name,
00934                              CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
00935                                 strcat(target_id_name, " Path ");
00936                                 strcat(target_id_name, help_name);
00937                         }
00938 #else
00939                         int namelen =
00940                             rsbac_min(tid.file.dentry_p->d_name.len,
00941                                       RSBAC_MAXNAMELEN);
00942 
00943                         strcat(target_id_name, " Name ");
00944                         strncpy(help_name, tid.file.dentry_p->d_name.name,
00945                                 namelen);
00946                         help_name[namelen] = 0;
00947                         strcat(target_id_name, help_name);
00948 #endif
00949                 }
00950                 break;
00951         case T_FILE:
00952                 strcpy(target_type_name, "FILE");
00953                 if (!target_id_name)
00954                         break;
00955                 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00956                         RSBAC_MAJOR(tid.file.device),
00957                         RSBAC_MINOR(tid.file.device), tid.file.inode);
00958                 if (tid.file.dentry_p && tid.file.dentry_p->d_name.name
00959                     && tid.file.dentry_p->d_name.len) {
00960 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00961                         if (rsbac_get_full_path
00962                             (tid.file.dentry_p, help_name,
00963                              CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
00964                                 strcat(target_id_name, " Path ");
00965                                 strcat(target_id_name, help_name);
00966                         }
00967 #else
00968                         int namelen =
00969                             rsbac_min(tid.file.dentry_p->d_name.len,
00970                                       RSBAC_MAXNAMELEN);
00971 
00972                         strcat(target_id_name, " Name ");
00973                         strncpy(help_name, tid.file.dentry_p->d_name.name,
00974                                 namelen);
00975                         help_name[namelen] = 0;
00976                         strcat(target_id_name, help_name);
00977 #endif
00978                 }
00979                 break;
00980         case T_DIR:
00981                 strcpy(target_type_name, "DIR");
00982                 if (!target_id_name)
00983                         break;
00984                 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00985                         RSBAC_MAJOR(tid.file.device),
00986                         RSBAC_MINOR(tid.file.device), tid.dir.inode);
00987                 if (tid.dir.dentry_p && tid.dir.dentry_p->d_name.name
00988                     && tid.dir.dentry_p->d_name.len) {
00989 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00990                         if (rsbac_get_full_path
00991                             (tid.dir.dentry_p, help_name,
00992                              CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
00993                                 strcat(target_id_name, " Path ");
00994                                 strcat(target_id_name, help_name);
00995                         }
00996 #else
00997                         int namelen =
00998                             rsbac_min(tid.dir.dentry_p->d_name.len,
00999                                       RSBAC_MAXNAMELEN);
01000 
01001                         strcat(target_id_name, " Name ");
01002                         strncpy(help_name, tid.dir.dentry_p->d_name.name,
01003                                 namelen);
01004                         help_name[namelen] = 0;
01005                         strcat(target_id_name, help_name);
01006 #endif
01007                 }
01008                 break;
01009         case T_FIFO:
01010                 strcpy(target_type_name, "FIFO");
01011                 if (!target_id_name)
01012                         break;
01013                 sprintf(target_id_name, "Device %02u:%02u Inode %u",
01014                         RSBAC_MAJOR(tid.file.device),
01015                         RSBAC_MINOR(tid.file.device), tid.fifo.inode);
01016                 if (tid.fifo.dentry_p && tid.fifo.dentry_p->d_name.name
01017                     && tid.fifo.dentry_p->d_name.len) {
01018 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
01019                         if (rsbac_get_full_path
01020                             (tid.fifo.dentry_p, help_name,
01021                              CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
01022                                 strcat(target_id_name, " Path ");
01023                                 strcat(target_id_name, help_name);
01024                         }
01025 #else
01026                         int namelen =
01027                             rsbac_min(tid.fifo.dentry_p->d_name.len,
01028                                       RSBAC_MAXNAMELEN);
01029 
01030                         strcat(target_id_name, " Name ");
01031                         strncpy(help_name, tid.fifo.dentry_p->d_name.name,
01032                                 namelen);
01033                         help_name[namelen] = 0;
01034                         strcat(target_id_name, help_name);
01035 #endif
01036                 }
01037                 break;
01038         case T_SYMLINK:
01039                 strcpy(target_type_name, "SYMLINK");
01040                 if (!target_id_name)
01041                         break;
01042                 sprintf(target_id_name, "Device %02u:%02u Inode %u",
01043                         RSBAC_MAJOR(tid.symlink.device),
01044                         RSBAC_MINOR(tid.symlink.device), tid.symlink.inode);
01045                 if (tid.symlink.dentry_p
01046                     && tid.symlink.dentry_p->d_name.name
01047                     && tid.symlink.dentry_p->d_name.len) {
01048 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
01049                         if (rsbac_get_full_path
01050                             (tid.symlink.dentry_p, help_name,
01051                              CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
01052                                 strcat(target_id_name, " Path ");
01053                                 strcat(target_id_name, help_name);
01054                         }
01055 #else
01056                         int namelen =
01057                             rsbac_min(tid.symlink.dentry_p->d_name.len,
01058                                       RSBAC_MAXNAMELEN);
01059 
01060                         strcat(target_id_name, " Name ");
01061                         strncpy(help_name,
01062                                 tid.symlink.dentry_p->d_name.name,
01063                                 namelen);
01064                         help_name[namelen] = 0;
01065                         strcat(target_id_name, help_name);
01066 #endif
01067                 }
01068                 break;
01069         case T_UNIXSOCK:
01070                 strcpy(target_type_name, "UNIXSOCK");
01071                 if (!target_id_name)
01072                         break;
01073                 sprintf(target_id_name, "Device %02u:%02u Inode %u",
01074                         RSBAC_MAJOR(tid.unixsock.device),
01075                         RSBAC_MINOR(tid.unixsock.device), tid.unixsock.inode);
01076                 if (tid.symlink.dentry_p
01077                     && tid.unixsock.dentry_p->d_name.name
01078                     && tid.unixsock.dentry_p->d_name.len) {
01079 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
01080                         if (rsbac_get_full_path
01081                             (tid.unixsock.dentry_p, help_name,
01082                              CONFIG_RSBAC_MAX_PATH_LEN) > 0) {
01083                                 strcat(target_id_name, " Path ");
01084                                 strcat(target_id_name, help_name);
01085                         }
01086 #else
01087                         int namelen =
01088                             rsbac_min(tid.unixsock.dentry_p->d_name.len,
01089                                       RSBAC_MAXNAMELEN);
01090 
01091                         strcat(target_id_name, " Name ");
01092                         strncpy(help_name,
01093                                 tid.unixsock.dentry_p->d_name.name,
01094                                 namelen);
01095                         help_name[namelen] = 0;
01096                         strcat(target_id_name, help_name);
01097 #endif
01098                 }
01099                 break;
01100         case T_DEV:
01101                 strcpy(target_type_name, "DEV");
01102                 if (!target_id_name)
01103                         break;
01104                 switch (tid.dev.type) {
01105                 case D_block:
01106                         sprintf(target_id_name, "block %02u:%02u",
01107                                 tid.dev.major, tid.dev.minor);
01108                         break;
01109                 case D_char:
01110                         sprintf(target_id_name, "char %02u:%02u",
01111                                 tid.dev.major, tid.dev.minor);
01112                         break;
01113                 case D_block_major:
01114                         sprintf(target_id_name, "block major %02u",
01115                                 tid.dev.major);
01116                         break;
01117                 case D_char_major:
01118                         sprintf(target_id_name, "char major %02u",
01119                                 tid.dev.major);
01120                         break;
01121                 default:
01122                         sprintf(target_id_name, "*unknown* %02u:%02u",
01123                                 tid.dev.major, tid.dev.minor);
01124                 }
01125                 break;
01126         case T_NETOBJ:
01127                 strcpy(target_type_name, "NETOBJ");
01128                 if (!target_id_name)
01129                         break;
01130 #ifdef CONFIG_NET
01131                 if (tid.netobj.sock_p
01132                     && tid.netobj.sock_p->ops && tid.netobj.sock_p->sk) {
01133                         char type_name[RSBAC_MAXNAMELEN];
01134 
01135                         switch (tid.netobj.sock_p->ops->family) {
01136                         case AF_INET:
01137                                 {
01138                                         __u32 saddr;
01139                                         __u16 sport;
01140                                         __u32 daddr;
01141                                         __u16 dport;
01142                                         struct net_device *dev;
01143                                         char ldevname[RSBAC_IFNAMSIZ + 10];
01144                                         char rdevname[RSBAC_IFNAMSIZ + 10];
01145 
01146                                         if (tid.netobj.local_addr) {
01147                                                 struct sockaddr_in *addr =
01148                                                     tid.netobj.local_addr;
01149 
01150                                                 saddr =
01151                                                     addr->sin_addr.s_addr;
01152                                                 sport =
01153                                                     ntohs(addr->sin_port);
01154                                         } else {
01155 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01156                                                 saddr =
01157                                                     inet_sk(tid.netobj.
01158                                                             sock_p->sk)->
01159                                                     saddr;
01160                                                 sport =
01161                                                     inet_sk(tid.netobj.
01162                                                             sock_p->sk)->
01163                                                     num;
01164 #else
01165                                                 saddr =
01166                                                     tid.netobj.sock_p->sk->
01167                                                     saddr;
01168                                                 sport =
01169                                                     tid.netobj.sock_p->sk->
01170                                                     num;
01171 #endif
01172                                         }
01173                                         if (tid.netobj.remote_addr) {
01174                                                 struct sockaddr_in *addr =
01175                                                     tid.netobj.remote_addr;
01176 
01177                                                 daddr =
01178                                                     addr->sin_addr.s_addr;
01179                                                 dport =
01180                                                     ntohs(addr->sin_port);
01181                                         } else {
01182 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01183                                                 daddr =
01184                                                     inet_sk(tid.netobj.
01185                                                             sock_p->sk)->
01186                                                     daddr;
01187                                                 dport =
01188                                                     ntohs(inet_sk
01189                                                           (tid.netobj.
01190                                                            sock_p->sk)->
01191                                                           dport);
01192 #else
01193                                                 daddr =
01194                                                     tid.netobj.sock_p->sk->
01195                                                     daddr;
01196                                                 dport =
01197                                                     ntohs(tid.netobj.
01198                                                           sock_p->sk->
01199                                                           dport);
01200 #endif
01201                                         }
01202                                         dev = ip_dev_find(saddr);
01203                                         if (dev) {
01204                                                 sprintf(ldevname, "%s:",
01205                                                         dev->name);
01206                                                 dev_put(dev);
01207                                         } else
01208                                                 ldevname[0] = 0;
01209                                         dev = ip_dev_find(daddr);
01210                                         if (dev) {
01211                                                 sprintf(rdevname, "%s:",
01212                                                         dev->name);
01213                                                 dev_put(dev);
01214                                         } else
01215                                                 rdevname[0] = 0;
01216                                         sprintf(target_id_name,
01217                                                 "%p INET %s proto %s local %s%u.%u.%u.%u:%u remote %s%u.%u.%u.%u:%u",
01218                                                 tid.netobj.sock_p,
01219                                                 rsbac_get_net_type_name
01220                                                 (type_name,
01221                                                  tid.netobj.sock_p->type),
01222 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01223                                                 rsbac_get_net_protocol_name
01224                                                 (help_name,
01225                                                  tid.netobj.sock_p->sk->
01226                                                  sk_protocol),
01227 #else
01228                                                 rsbac_get_net_protocol_name
01229                                                 (help_name,
01230                                                  tid.netobj.sock_p->sk->
01231                                                  protocol),
01232 #endif
01233                                                 ldevname,
01234                                                 NIPQUAD(saddr),
01235                                                 sport,
01236                                                 rdevname,
01237                                                 NIPQUAD(daddr), dport);
01238                                 }
01239                                 break;
01240                         case AF_UNIX:
01241 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01242                                 if (unix_sk(tid.netobj.sock_p->sk)->addr)
01243                                         sprintf(target_id_name,
01244                                                 "%p UNIX %s %s",
01245                                                 tid.netobj.sock_p,
01246                                                 rsbac_get_net_type_name
01247                                                 (type_name,
01248                                                  tid.netobj.sock_p->type),
01249                                                 unix_sk(tid.netobj.sock_p->
01250                                                         sk)->addr->name[0].
01251                                                 sun_path);
01252 #else
01253                                 if (tid.netobj.sock_p->sk->protinfo.
01254                                     af_unix.addr)
01255                                         sprintf(target_id_name,
01256                                                 "%p UNIX %s %s",
01257                                                 tid.netobj.sock_p,
01258                                                 rsbac_get_net_type_name
01259                                                 (type_name,
01260                                                  tid.netobj.sock_p->type),
01261                                                 tid.netobj.sock_p->sk->
01262                                                 protinfo.af_unix.addr->
01263                                                 name[0].sun_path);
01264 #endif
01265                                 else if (tid.netobj.local_addr) {
01266                                         struct sockaddr_un *addr =
01267                                             tid.netobj.local_addr;
01268 
01269                                         sprintf(target_id_name,
01270                                                 "%p UNIX %s %s",
01271                                                 tid.netobj.sock_p,
01272                                                 rsbac_get_net_type_name
01273                                                 (type_name,
01274                                                  tid.netobj.sock_p->type),
01275                                                 addr->sun_path);
01276                                 } else
01277                                         sprintf(target_id_name,
01278                                                 "%p UNIX %s",
01279                                                 tid.netobj.sock_p,
01280                                                 rsbac_get_net_type_name
01281                                                 (type_name,
01282                                                  tid.netobj.sock_p->type));
01283                                 break;
01284                         default:
01285                                 sprintf(target_id_name, "%p %s %s",
01286                                         tid.netobj.sock_p,
01287                                         rsbac_get_net_family_name
01288                                         (help_name,
01289                                          tid.netobj.sock_p->ops->family),
01290                                         rsbac_get_net_type_name(type_name,
01291                                                                 tid.netobj.
01292                                                                 sock_p->
01293                                                                 type));
01294                         }
01295                 } else
01296 #endif                          /* CONFIG_NET */
01297                 {
01298                         sprintf(target_id_name, "%p", tid.netobj.sock_p);
01299                 }
01300                 break;
01301 #endif                          /* __KERNEL__ */
01302         case T_IPC:
01303                 strcpy(target_type_name, "IPC");
01304                 if (!target_id_name)
01305                         break;
01306                 switch (tid.ipc.type) {
01307                 case I_sem:
01308                         strcpy(target_id_name, "Sem-ID ");
01309                         break;
01310                 case I_msg:
01311                         strcpy(target_id_name, "Msg-ID ");
01312                         break;
01313                 case I_shm:
01314                         strcpy(target_id_name, "Shm-ID ");
01315                         break;
01316                 case I_anonpipe:
01317                         strcpy(target_id_name, "AnonPipe-ID ");
01318                         break;
01319                 case I_mqueue:
01320                         strcpy(target_id_name, "Mqueue-ID ");
01321                         break;
01322                 case I_anonunix:
01323                         strcpy(target_id_name, "AnonUnix-ID ");
01324                         break;
01325                 default:
01326                         strcpy(target_id_name, "ID ");
01327                         break;
01328                 };
01329                 sprintf(help_name, "%lu", tid.ipc.id.id_nr);
01330                 strcat(target_id_name, help_name);
01331                 break;
01332         case T_SCD:
01333                 strcpy(target_type_name, "SCD");
01334                 if (target_id_name)
01335                         get_scd_type_name(target_id_name, tid.scd);
01336                 break;
01337         case T_USER:
01338                 strcpy(target_type_name, "USER");
01339                 if (target_id_name)
01340                         sprintf(target_id_name, "%u", tid.user);
01341                 break;
01342         case T_PROCESS:
01343                 strcpy(target_type_name, "PROCESS");
01344                 if (target_id_name)
01345                         sprintf(target_id_name, "%u", tid.process);
01346                 break;
01347         case T_GROUP:
01348                 strcpy(target_type_name, "GROUP");
01349                 if (target_id_name)
01350                         sprintf(target_id_name, "%u", tid.group);
01351                 break;
01352         case T_NETDEV:
01353                 strcpy(target_type_name, "NETDEV");
01354                 if (!target_id_name)
01355                         break;
01356                 strncpy(target_id_name, tid.netdev, RSBAC_IFNAMSIZ);
01357                 target_id_name[RSBAC_IFNAMSIZ] = 0;
01358                 break;
01359         case T_NETTEMP:
01360                 strcpy(target_type_name, "NETTEMP");
01361                 if (target_id_name)
01362                         sprintf(target_id_name, "%u", tid.nettemp);
01363                 break;
01364         case T_NETTEMP_NT:
01365                 strcpy(target_type_name, "NETTEMP_NT");
01366                 if (target_id_name)
01367                         sprintf(target_id_name, "%u", tid.nettemp);
01368                 break;
01369         case T_NONE:
01370                 strcpy(target_type_name, "NONE");
01371                 if (target_id_name)
01372                         strcpy(target_id_name, "NONE");
01373                 break;
01374         default:
01375                 strcpy(target_type_name, "ERROR!!!");
01376                 if (target_id_name)
01377                         sprintf(target_id_name, "%u", target);
01378         }
01379 #ifdef __KERNEL__
01380         rsbac_kfree(help_name);
01381 #endif
01382         return (target_type_name);
01383 }
01384 
01385 char *get_target_name_only(char *target_type_name,
01386                            enum rsbac_target_t target)
01387 {
01388         if (!target_type_name)
01389                 return (NULL);
01390 
01391         switch (target) {
01392         case T_FILE:
01393                 strcpy(target_type_name, "FILE");
01394                 break;
01395         case T_DIR:
01396                 strcpy(target_type_name, "DIR");
01397                 break;
01398         case T_FIFO:
01399                 strcpy(target_type_name, "FIFO");
01400                 break;
01401         case T_SYMLINK:
01402                 strcpy(target_type_name, "SYMLINK");
01403                 break;
01404         case T_UNIXSOCK:
01405                 strcpy(target_type_name, "UNIXSOCK");
01406                 break;
01407         case T_FD:
01408                 strcpy(target_type_name, "FD");
01409                 break;
01410         case T_DEV:
01411                 strcpy(target_type_name, "DEV");
01412                 break;
01413         case T_NETOBJ:
01414                 strcpy(target_type_name, "NETOBJ");
01415                 break;
01416         case T_IPC:
01417                 strcpy(target_type_name, "IPC");
01418                 break;
01419         case T_SCD:
01420                 strcpy(target_type_name, "SCD");
01421                 break;
01422         case T_USER:
01423                 strcpy(target_type_name, "USER");
01424                 break;
01425         case T_PROCESS:
01426                 strcpy(target_type_name, "PROCESS");
01427                 break;
01428         case T_GROUP:
01429                 strcpy(target_type_name, "GROUP");
01430                 break;
01431         case T_NETDEV:
01432                 strcpy(target_type_name, "NETDEV");
01433                 break;
01434         case T_NETTEMP:
01435                 strcpy(target_type_name, "NETTEMP");
01436                 break;
01437         case T_NETTEMP_NT:
01438                 strcpy(target_type_name, "NETTEMP_NT");
01439                 break;
01440         case T_NONE:
01441                 strcpy(target_type_name, "NONE");
01442                 break;
01443         default:
01444                 strcpy(target_type_name, "ERROR!!!");
01445         };
01446         return (target_type_name);
01447 }
01448 
01449 enum rsbac_target_t get_target_nr(const char *target_name)
01450 {
01451         enum rsbac_target_t i;
01452 
01453         if (!target_name)
01454                 return (T_NONE);
01455         for (i = 0; i < T_NONE; i++) {
01456                 if (!strcmp(target_name, target_list[i])) {
01457                         return (i);
01458                 }
01459         }
01460         return (T_NONE);
01461 }
01462 
01463 char *get_ipc_target_name(char *ipc_name, enum rsbac_ipc_type_t target)
01464 {
01465         if (!ipc_name)
01466                 return (NULL);
01467         if (target > I_none)
01468                 strcpy(ipc_name, "ERROR!");
01469         else
01470                 strcpy(ipc_name, ipc_target_list[target]);
01471         return (ipc_name);
01472 }
01473 
01474 enum rsbac_ipc_type_t get_ipc_target_nr(const char *ipc_name)
01475 {
01476         enum rsbac_ipc_type_t i;
01477 
01478         if (!ipc_name)
01479                 return (I_none);
01480         for (i = 0; i < I_none; i++) {
01481                 if (!strcmp(ipc_name, ipc_target_list[i])) {
01482                         return (i);
01483                 }
01484         }
01485         return (I_none);
01486 }
01487 
01488 
01489 #ifdef __KERNEL__
01490 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01491 EXPORT_SYMBOL(get_switch_target_name);
01492 #endif
01493 #endif
01494 
01495 char *get_switch_target_name(char *switch_name,
01496                              enum rsbac_switch_target_t target)
01497 {
01498         if (!switch_name)
01499                 return (NULL);
01500         if (target > SW_NONE)
01501                 strcpy(switch_name, "ERROR!");
01502         else
01503                 strcpy(switch_name, switch_target_list[target]);
01504         return (switch_name);
01505 }
01506 
01507 enum rsbac_switch_target_t get_switch_target_nr(const char *switch_name)
01508 {
01509         enum rsbac_switch_target_t i;
01510 
01511         if (!switch_name)
01512                 return (SW_NONE);
01513         for (i = 0; i < SW_NONE; i++) {
01514 #ifdef __KERNEL__
01515                 if (!strncmp
01516                     (switch_name, switch_target_list[i],
01517                      strlen(switch_target_list[i])))
01518 #else
01519                 if (!strcmp(switch_name, switch_target_list[i]))
01520 #endif
01521                 {
01522                         return (i);
01523                 }
01524         }
01525         return (SW_NONE);
01526 }
01527 
01528 
01529 #ifdef __KERNEL__
01530 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01531 EXPORT_SYMBOL(get_error_name);
01532 #endif
01533 #endif
01534 
01535 char *get_error_name(char *error_name, int error)
01536 {
01537         if (!error_name)
01538                 return (NULL);
01539 #ifndef __KERNEL__
01540         if((error == -1) && RSBAC_ERROR(-errno))
01541                 error = -errno;
01542 #endif
01543         if (RSBAC_ERROR(error))
01544                 strcpy(error_name, error_list[(-error) - RSBAC_EPERM]);
01545         else
01546 #ifdef __KERNEL__
01547                 inttostr(error_name, error);
01548 #else
01549                 strcpy(error_name, strerror(errno));
01550 #endif
01551         return (error_name);
01552 }
01553 
01554 #ifndef __KERNEL__
01555 char *get_attribute_param(char *attr_name, enum rsbac_attribute_t attr)
01556 {
01557         if (!attr_name)
01558                 return (NULL);
01559         if (attr > A_none)
01560                 strcpy(attr_name, "ERROR!");
01561         else
01562                 strcpy(attr_name, attribute_param_list[attr]);
01563         return (attr_name);
01564 }
01565 #endif
01566 
01567 char *get_log_level_name(char *ll_name, enum rsbac_log_level_t target)
01568 {
01569         if (!ll_name)
01570                 return (NULL);
01571         if (target > LL_invalid)
01572                 strcpy(ll_name, "ERROR!");
01573         else
01574                 strcpy(ll_name, log_level_list[target]);
01575         return (ll_name);
01576 }
01577 
01578 enum rsbac_log_level_t get_log_level_nr(const char *ll_name)
01579 {
01580         enum rsbac_log_level_t i;
01581 
01582         if (!ll_name)
01583                 return (LL_invalid);
01584         for (i = 0; i < LL_invalid; i++) {
01585                 if (!strcmp(ll_name, log_level_list[i])) {
01586                         return (i);
01587                 }
01588         }
01589         return (LL_invalid);
01590 }
01591 
01592 char *get_cap_name(char *name, u_int value)
01593 {
01594         if (!name)
01595                 return (NULL);
01596         if (value > CAP_NONE)
01597                 strcpy(name, "ERROR!");
01598         else
01599                 strcpy(name, cap_list[value]);
01600         return (name);
01601 }
01602 
01603 int get_cap_nr(const char *name)
01604 {
01605         int i;
01606 
01607         if (!name)
01608                 return (RT_NONE);
01609         for (i = 0; i < CAP_NONE; i++) {
01610                 if (!strcmp(name, cap_list[i])) {
01611                         return (i);
01612                 }
01613         }
01614         return (CAP_NONE);
01615 }

Generated on Wed May 16 11:53:48 2007 for RSBAC by  doxygen 1.5.1