#include <linux/types.h>
#include <linux/version.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include <linux/quotaops.h>
#include <linux/proc_fs.h>
#include <linux/msdos_fs.h>
#include <linux/iso_fs.h>
#include <linux/nfs_fs.h>
#include <linux/ext2_fs.h>
#include <linux/kthread.h>
#include <linux/coda.h>
#include <linux/initrd.h>
#include <linux/security.h>
#include <linux/syscalls.h>
#include <linux/rcupdate.h>
#include <linux/coda_psdev.h>
#include <linux/ncp_fs.h>
#include <linux/smb.h>
#include <linux/dnotify.h>
#include <linux/mm.h>
#include <linux/blkdev.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/inetdevice.h>
#include <asm/uaccess.h>
#include <asm/atomic.h>
#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/aci_data_structures.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/fs.h>
#include <rsbac/getname.h>
#include <rsbac/net_getname.h>
#include <rsbac/adf.h>
#include <rsbac/adf_main.h>
#include <rsbac/reg.h>
#include <rsbac/rkmem.h>
#include <rsbac/gen_lists.h>
#include <rsbac/jail.h>
#include <linux/string.h>
#include <linux/kdev_t.h>
#include <linux/smp_lock.h>
#include <linux/freezer.h>
Go to the source code of this file.
Data Structures | |
struct | rsbac_kthread_t |
Defines | |
#define | check_parent(dir, dentry) ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket)) |
Functions | |
DECLARE_MUTEX (rsbac_write_sem) | |
static struct rsbac_device_list_item_t * | lookup_device (kdev_t kdev, u_int hash) |
static u_int | device_hash (kdev_t id) |
rsbac_boolean_t | writable (struct super_block *sb_p) |
static int | lookup_aci_path_dentry (struct super_block *sb_p, struct dentry **dir_dentry_pp, rsbac_boolean_t create_dir, kdev_t kdev) |
static int | dev_compare (void *desc1, void *desc2) |
static int | dev_major_compare (void *desc1, void *desc2) |
static int | ipc_compare (void *desc1, void *desc2) |
static int | gen_fd_conv (void *old_desc, void *old_data, void *new_desc, void *new_data) |
static int | gen_fd_old_conv (void *old_desc, void *old_data, void *new_desc, void *new_data) |
static int | gen_fd_old_old_conv (void *old_desc, void *old_data, void *new_desc, void *new_data) |
rsbac_list_conv_function_t * | gen_fd_get_conv (rsbac_version_t old_version) |
static int | gen_dev_conv (void *old_desc, void *old_data, void *new_desc, void *new_data) |
rsbac_list_conv_function_t * | gen_dev_get_conv (rsbac_version_t old_version) |
static int | register_fd_lists (struct rsbac_device_list_item_t *device_p, kdev_t kdev) |
static int | aci_detach_fd_lists (struct rsbac_device_list_item_t *device_p) |
static struct rsbac_device_list_item_t * | create_device_item (struct super_block *sb_p, struct dentry *d_covers) |
static struct rsbac_device_list_item_t * | add_device_item (struct rsbac_device_list_item_t *device_p) |
static void | clear_device_item (struct rsbac_device_list_item_t *item_p) |
static void | remove_device_item (kdev_t kdev) |
static int | rsbac_clear_file (struct dentry *dentry) |
static void | wakeup_auto (u_long dummy) |
super_block * | rsbac_get_super_block (kdev_t kdev) |
int | rsbac_read_open (char *name, struct file *file_p, kdev_t kdev) |
int | rsbac_write_open (char *name, struct file *file_p, kdev_t kdev) |
void | rsbac_read_close (struct file *file_p) |
void | rsbac_write_close (struct file *file_p) |
int | rsbac_get_full_path (struct dentry *dentry_p, char path[], int maxlen) |
int | rsbac_get_full_path_length (struct dentry *dentry_p) |
static void __init | registration_error (int err, char *listname) |
static int __init | register_dev_lists (void) |
static int __init | register_ipc_lists (void) |
static int __init | register_user_lists1 (void) |
static int __init | register_user_lists2 (void) |
static int __init | register_process_lists (void) |
static int __init | rsbac_do_init (void) |
int | rsbac_kthreads_init (void) |
int | rsbac_mark_kthread (rsbac_pid_t pid) |
int __init | rsbac_init (kdev_t root_dev) |
int | rsbac_kthread_notify (rsbac_pid_t pid) |
int | rsbac_mount (struct super_block *sb_p, struct dentry *d_covers) |
int | rsbac_umount (struct super_block *sb_p, struct dentry *d_covers) |
int | rsbac_free_dat_dentries (void) |
int | rsbac_stats (void) |
int | rsbac_get_parent (enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t *parent_target_p, union rsbac_target_id_t *parent_tid_p) |
static int | get_attr_fd (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
static int | get_attr_dev (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, struct rsbac_dev_desc_t dev, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
static int | get_attr_ipc (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
static int | get_attr_user (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
static int | get_attr_process (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
int | rsbac_ta_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p, rsbac_boolean_t inherit) |
static int | set_attr_fd (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p) |
static int | set_attr_dev (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, struct rsbac_dev_desc_t dev, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p) |
static int | set_attr_ipc (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p) |
static int | set_attr_user (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p) |
static int | set_attr_process (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p) |
int | rsbac_ta_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value) |
int | rsbac_ta_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t tid) |
int | rsbac_ta_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t **id_pp) |
static int | copy_new_uids (rsbac_list_handle_t list, rsbac_list_ta_number_t ta_number, int *count_p, int *i_count_p, rsbac_uid_t *res_id_p) |
int | rsbac_ta_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t **id_pp) |
static int | copy_new_ipcs (rsbac_list_handle_t list, rsbac_list_ta_number_t ta_number, int *count_p, int *i_count_p, struct rsbac_ipc_t *res_id_p) |
int | rsbac_ta_list_all_ipc (rsbac_list_ta_number_t ta_number, struct rsbac_ipc_t **id_pp) |
int | rsbac_ta_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t **id_pp) |
void | rsbac_flags_set (unsigned long int rsbac_flags) |
Variables | |
rsbac_boolean_t | rsbac_initialized = FALSE |
static char | compiled_modules [80] |
kdev_t | rsbac_root_dev |
static struct rsbac_device_list_head_t * | device_head_p [RSBAC_NR_DEVICE_LISTS] |
static spinlock_t | device_list_locks [RSBAC_NR_DEVICE_LISTS] |
static struct rsbac_dev_handles_t | dev_handles |
static struct rsbac_dev_handles_t | dev_major_handles |
static struct rsbac_ipc_handles_t | ipc_handles |
static struct rsbac_user_handles_t | user_handles |
static struct rsbac_process_handles_t | process_handles |
static struct rsbac_gen_fd_aci_t | def_gen_root_dir_aci |
static struct rsbac_gen_fd_aci_t | def_gen_fd_aci = DEFAULT_GEN_FD_ACI |
static struct dentry * | sysfs_covered_p = NULL |
static struct super_block * | sysfs_sb_p = NULL |
static u_int | gen_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES |
static u_int | gen_nr_p_hashes = 1 |
rsbac_kthread_t * | rsbac_kthread |
int | rsbac_kthread_size_t |
#define check_parent | ( | dir, | |||
dentry | ) | ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket)) |
Definition at line 2249 of file aci_data_structures.c.
Referenced by rsbac_write_open(), and xp_id_compare().
static int aci_detach_fd_lists | ( | struct rsbac_device_list_item_t * | device_p | ) | [static] |
Definition at line 1647 of file aci_data_structures.c.
References get_error_name(), RSBAC_EINVALIDPOINTER, RSBAC_GEN_FD_ACI_KEY, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_detach(), RSBAC_MAXNAMELEN, and rsbac_printk().
Referenced by remove_device_item().
01648 { 01649 int err = 0; 01650 int tmperr; 01651 01652 if (!device_p) 01653 return (-RSBAC_EINVALIDPOINTER); 01654 01655 /* detach all general lists */ 01656 tmperr = rsbac_list_detach(&device_p->handles.gen, 01657 RSBAC_GEN_FD_ACI_KEY); 01658 if (tmperr) { 01659 char *tmp; 01660 01661 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01662 if (tmp) { 01663 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from general list %s for device %02u:%02u failed with error %s!\n", 01664 RSBAC_GEN_FD_NAME, 01665 RSBAC_MAJOR(device_p->id), 01666 RSBAC_MINOR(device_p->id), 01667 get_error_name(tmp, tmperr)); 01668 rsbac_kfree(tmp); 01669 } 01670 err = tmperr; 01671 } 01672 01673 #if defined(CONFIG_RSBAC_MAC) 01674 /* detach all MAC lists */ 01675 tmperr = rsbac_list_detach(&device_p->handles.mac, 01676 RSBAC_MAC_FD_ACI_KEY); 01677 if (tmperr) { 01678 char *tmp; 01679 01680 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01681 if (tmp) { 01682 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from MAC list %s for device %02u:%02u failed with error %s!\n", 01683 RSBAC_MAC_FD_NAME, 01684 RSBAC_MAJOR(device_p->id), 01685 RSBAC_MINOR(device_p->id), 01686 get_error_name(tmp, tmperr)); 01687 rsbac_kfree(tmp); 01688 } 01689 err = tmperr; 01690 } 01691 #endif 01692 01693 #if defined(CONFIG_RSBAC_PM) 01694 /* detach all PM lists */ 01695 tmperr = rsbac_list_detach(&device_p->handles.pm, 01696 RSBAC_PM_FD_ACI_KEY); 01697 if (tmperr) { 01698 char *tmp; 01699 01700 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01701 if (tmp) { 01702 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from PM list %s for device %02u:%02u failed with error %s!\n", 01703 RSBAC_PM_FD_NAME, 01704 RSBAC_MAJOR(device_p->id), 01705 RSBAC_MINOR(device_p->id), 01706 get_error_name(tmp, tmperr)); 01707 rsbac_kfree(tmp); 01708 } 01709 err = tmperr; 01710 } 01711 #endif 01712 01713 #if defined(CONFIG_RSBAC_DAZ) 01714 /* detach all DAZ lists */ 01715 tmperr = rsbac_list_detach(&device_p->handles.daz, 01716 RSBAC_DAZ_FD_ACI_KEY); 01717 if (tmperr) { 01718 char *tmp; 01719 01720 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01721 if (tmp) { 01722 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from DAZ list %s for device %02u:%02u failed with error %s!\n", 01723 RSBAC_DAZ_FD_NAME, 01724 RSBAC_MAJOR(device_p->id), 01725 RSBAC_MINOR(device_p->id), 01726 get_error_name(tmp, tmperr)); 01727 rsbac_kfree(tmp); 01728 } 01729 err = tmperr; 01730 } 01731 #if defined(CONFIG_RSBAC_DAZ_CACHE) 01732 /* detach all DAZ scanned lists */ 01733 tmperr = rsbac_list_detach(&device_p->handles.dazs, 01734 RSBAC_DAZ_FD_ACI_KEY); 01735 if (tmperr) { 01736 char *tmp; 01737 01738 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01739 if (tmp) { 01740 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from DAZ scanned list %s for device %02u:%02u failed with error %s!\n", 01741 RSBAC_DAZ_SCANNED_FD_NAME, 01742 RSBAC_MAJOR(device_p->id), 01743 RSBAC_MINOR(device_p->id), 01744 get_error_name(tmp, tmperr)); 01745 rsbac_kfree(tmp); 01746 } 01747 err = tmperr; 01748 } 01749 #endif 01750 #endif 01751 01752 #if defined(CONFIG_RSBAC_FF) 01753 /* detach all FF lists */ 01754 tmperr = rsbac_list_detach(&device_p->handles.ff, 01755 RSBAC_FF_FD_ACI_KEY); 01756 if (tmperr) { 01757 char *tmp; 01758 01759 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01760 if (tmp) { 01761 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from FF list %s for device %02u:%02u failed with error %s!\n", 01762 RSBAC_FF_FD_NAME, 01763 RSBAC_MAJOR(device_p->id), 01764 RSBAC_MINOR(device_p->id), 01765 get_error_name(tmp, tmperr)); 01766 rsbac_kfree(tmp); 01767 } 01768 err = tmperr; 01769 } 01770 #endif 01771 01772 #if defined(CONFIG_RSBAC_RC) 01773 /* detach all RC lists */ 01774 tmperr = rsbac_list_detach(&device_p->handles.rc, 01775 RSBAC_RC_FD_ACI_KEY); 01776 if (tmperr) { 01777 char *tmp; 01778 01779 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01780 if (tmp) { 01781 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from RC list %s for device %02u:%02u failed with error %s!\n", 01782 RSBAC_RC_FD_NAME, 01783 RSBAC_MAJOR(device_p->id), 01784 RSBAC_MINOR(device_p->id), 01785 get_error_name(tmp, tmperr)); 01786 rsbac_kfree(tmp); 01787 } 01788 err = tmperr; 01789 } 01790 #endif 01791 01792 #if defined(CONFIG_RSBAC_AUTH) 01793 /* detach all AUTH lists */ 01794 tmperr = rsbac_list_detach(&device_p->handles.auth, 01795 RSBAC_AUTH_FD_ACI_KEY); 01796 if (tmperr) { 01797 char *tmp; 01798 01799 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01800 if (tmp) { 01801 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from AUTH list %s for device %02u:%02u failed with error %s!\n", 01802 RSBAC_AUTH_FD_NAME, 01803 RSBAC_MAJOR(device_p->id), 01804 RSBAC_MINOR(device_p->id), 01805 get_error_name(tmp, tmperr)); 01806 rsbac_kfree(tmp); 01807 } 01808 err = tmperr; 01809 } 01810 #endif 01811 01812 #if defined(CONFIG_RSBAC_CAP) 01813 /* detach all CAP lists */ 01814 tmperr = rsbac_list_detach(&device_p->handles.cap, 01815 RSBAC_CAP_FD_ACI_KEY); 01816 if (tmperr) { 01817 char *tmp; 01818 01819 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01820 if (tmp) { 01821 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from CAP list %s for device %02u:%02u failed with error %s!\n", 01822 RSBAC_CAP_FD_NAME, 01823 RSBAC_MAJOR(device_p->id), 01824 RSBAC_MINOR(device_p->id), 01825 get_error_name(tmp, tmperr)); 01826 rsbac_kfree(tmp); 01827 } 01828 err = tmperr; 01829 } 01830 #endif 01831 01832 #if defined(CONFIG_RSBAC_PAX) 01833 /* detach all PAX lists */ 01834 tmperr = rsbac_list_detach(&device_p->handles.pax, 01835 RSBAC_PAX_FD_ACI_KEY); 01836 if (tmperr) { 01837 char *tmp; 01838 01839 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01840 if (tmp) { 01841 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from PAX list %s for device %02u:%02u failed with error %s!\n", 01842 RSBAC_PAX_FD_NAME, 01843 RSBAC_MAJOR(device_p->id), 01844 RSBAC_MINOR(device_p->id), 01845 get_error_name(tmp, tmperr)); 01846 rsbac_kfree(tmp); 01847 } 01848 err = tmperr; 01849 } 01850 #endif 01851 01852 #if defined(CONFIG_RSBAC_RES) 01853 /* detach all RES lists */ 01854 tmperr = rsbac_list_detach(&device_p->handles.res, 01855 RSBAC_RES_FD_ACI_KEY); 01856 if (tmperr) { 01857 char *tmp; 01858 01859 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01860 if (tmp) { 01861 rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from RES list %s for device %02u:%02u failed with error %s!\n", 01862 RSBAC_RES_FD_NAME, 01863 RSBAC_MAJOR(device_p->id), 01864 RSBAC_MINOR(device_p->id), 01865 get_error_name(tmp, tmperr)); 01866 rsbac_kfree(tmp); 01867 } 01868 err = tmperr; 01869 } 01870 #endif 01871 01872 return err; 01873 }
static struct rsbac_device_list_item_t* add_device_item | ( | struct rsbac_device_list_item_t * | device_p | ) | [static] |
Definition at line 1900 of file aci_data_structures.c.
References device_hash(), device_head_p, device_list_locks, NULL, rsbac_kfree(), and rsbac_kmalloc().
Referenced by rsbac_do_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac().
01901 { 01902 struct rsbac_device_list_head_t * new_p; 01903 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 01904 struct rsbac_device_list_head_t * old_p; 01905 #else 01906 u_long flags; 01907 #endif 01908 u_int hash; 01909 01910 if (!device_p) 01911 return (NULL); 01912 01913 hash = device_hash(device_p->id); 01914 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 01915 spin_lock(&device_list_locks[hash]); 01916 old_p = device_head_p[hash]; 01917 new_p = rsbac_kmalloc(sizeof(*new_p)); 01918 *new_p = *old_p; 01919 #else 01920 rsbac_write_lock(&device_list_locks[hash], &flags); 01921 new_p = device_head_p[hash]; 01922 #endif 01923 /* add new device to device list */ 01924 if (!new_p->head) { /* first device */ 01925 new_p->head = device_p; 01926 new_p->tail = device_p; 01927 new_p->curr = device_p; 01928 new_p->count = 1; 01929 device_p->prev = NULL; 01930 device_p->next = NULL; 01931 } else { /* there is another device -> hang to tail */ 01932 device_p->prev = new_p->tail; 01933 device_p->next = NULL; 01934 new_p->tail->next = device_p; 01935 new_p->tail = device_p; 01936 new_p->curr = device_p; 01937 new_p->count++; 01938 } 01939 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 01940 rcu_assign_pointer(device_head_p[hash], new_p); 01941 spin_unlock(&device_list_locks[hash]); 01942 synchronize_rcu(); 01943 rsbac_kfree(old_p); 01944 #else 01945 rsbac_write_unlock(&device_list_locks[hash], &flags); 01946 #endif 01947 return (device_p); 01948 }
static void clear_device_item | ( | struct rsbac_device_list_item_t * | item_p | ) | [static] |
Definition at line 1957 of file aci_data_structures.c.
References rsbac_kfree().
Referenced by remove_device_item(), rsbac_do_init(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac().
01958 { 01959 if (!item_p) 01960 return; 01961 01962 /* dput() rsbac_dir_dentry_p, if set */ 01963 if (item_p->rsbac_dir_dentry_p) 01964 dput(item_p->rsbac_dir_dentry_p); 01965 /* OK, lets remove the device item itself */ 01966 rsbac_kfree(item_p); 01967 }
static int copy_new_ipcs | ( | rsbac_list_handle_t | list, | |
rsbac_list_ta_number_t | ta_number, | |||
int * | count_p, | |||
int * | i_count_p, | |||
struct rsbac_ipc_t * | res_id_p | |||
) | [static] |
Definition at line 14556 of file aci_data_structures.c.
References FALSE, ipc_compare(), NULL, RSBAC_EINVALIDPOINTER, rsbac_ta_list_get_all_desc(), rsbac_vfree, and TRUE.
Referenced by rsbac_ta_list_all_ipc().
14560 { 14561 struct rsbac_ipc_t *i_id_p = NULL; 14562 rsbac_boolean_t found; 14563 int tmp_count; 14564 int i; 14565 int j; 14566 14567 if (!list || !count_p || !i_count_p || !res_id_p) 14568 return -RSBAC_EINVALIDPOINTER; 14569 if (!*i_count_p) 14570 return 0; 14571 /* rsbac_pr_debug(ds, "list %p, ta_number %u, count %u, " 14572 "i_count %u, res_id_p %p, res_id_p[0] %u\n", 14573 list, ta_number, *count_p, *i_count_p, res_id_p, 14574 res_id_p[0]); */ 14575 tmp_count = 14576 rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p); 14577 if (tmp_count > 0) { 14578 if (tmp_count > *i_count_p) 14579 tmp_count = *i_count_p; 14580 for (i = 0; i < tmp_count; i++) { 14581 found = FALSE; 14582 for (j = 0; j < *count_p; j++) { 14583 if (!ipc_compare(&res_id_p[j], &i_id_p[i])) { 14584 found = TRUE; 14585 break; 14586 } 14587 } 14588 if (found == FALSE) { 14589 res_id_p[*count_p] = i_id_p[i]; 14590 (*count_p)++; 14591 (*i_count_p)--; 14592 } 14593 } 14594 rsbac_vfree(i_id_p); 14595 } 14596 return 0; 14597 }
static int copy_new_uids | ( | rsbac_list_handle_t | list, | |
rsbac_list_ta_number_t | ta_number, | |||
int * | count_p, | |||
int * | i_count_p, | |||
rsbac_uid_t * | res_id_p | |||
) | [static] |
Definition at line 14382 of file aci_data_structures.c.
References FALSE, NULL, RSBAC_EINVALIDPOINTER, rsbac_ta_list_get_all_desc(), rsbac_vfree, and TRUE.
Referenced by rsbac_ta_list_all_user().
14386 { 14387 rsbac_uid_t *i_id_p = NULL; 14388 rsbac_boolean_t found; 14389 int tmp_count; 14390 int i; 14391 int j; 14392 14393 if (!list || !count_p || !i_count_p || !res_id_p) 14394 return -RSBAC_EINVALIDPOINTER; 14395 if (!*i_count_p) 14396 return 0; 14397 /* rsbac_pr_debug(ds, "list %p, ta_number %u, count %u, " 14398 "i_count %u, res_id_p %p, res_id_p[0] %u\n", 14399 list, ta_number, *count_p, *i_count_p, res_id_p, 14400 res_id_p[0]); */ 14401 tmp_count = 14402 rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p); 14403 if (tmp_count > 0) { 14404 if (tmp_count > *i_count_p) 14405 tmp_count = *i_count_p; 14406 for (i = 0; i < tmp_count; i++) { 14407 found = FALSE; 14408 for (j = 0; j < *count_p; j++) { 14409 if (res_id_p[j] == i_id_p[i]) { 14410 found = TRUE; 14411 break; 14412 } 14413 } 14414 if (found == FALSE) { 14415 res_id_p[*count_p] = i_id_p[i]; 14416 (*count_p)++; 14417 (*i_count_p)--; 14418 } 14419 } 14420 rsbac_vfree(i_id_p); 14421 } 14422 return 0; 14423 }
static struct rsbac_device_list_item_t* create_device_item | ( | struct super_block * | sb_p, | |
struct dentry * | d_covers | |||
) | [static] |
Definition at line 1878 of file aci_data_structures.c.
References NULL, and rsbac_kmalloc().
Referenced by rsbac_do_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac().
01879 { 01880 struct rsbac_device_list_item_t *new_item_p; 01881 01882 if (!sb_p) 01883 return NULL; 01884 /* allocate memory for new device, return NULL, if failed */ 01885 if (!(new_item_p = (struct rsbac_device_list_item_t *) 01886 rsbac_kmalloc(sizeof(*new_item_p)))) 01887 return (NULL); 01888 01889 memset(new_item_p, 0, sizeof(*new_item_p)); 01890 new_item_p->id = sb_p->s_dev; 01891 new_item_p->sb_p = sb_p; 01892 new_item_p->d_covers = d_covers; 01893 new_item_p->mount_count = 1; 01894 /* everything else is 0 by memset -> return */ 01895 return (new_item_p); 01896 }
DECLARE_MUTEX | ( | rsbac_write_sem | ) |
static int dev_compare | ( | void * | desc1, | |
void * | desc2 | |||
) | [static] |
Definition at line 603 of file aci_data_structures.c.
References rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, and rsbac_dev_desc_t::type.
Referenced by register_dev_lists(), and rsbac_init_acl().
00604 { 00605 int result; 00606 struct rsbac_dev_desc_t *i_desc1 = desc1; 00607 struct rsbac_dev_desc_t *i_desc2 = desc2; 00608 00609 result = memcmp(&i_desc1->type, 00610 &i_desc2->type, sizeof(i_desc1->type)); 00611 if (result) 00612 return result; 00613 result = memcmp(&i_desc1->major, 00614 &i_desc2->major, sizeof(i_desc1->major)); 00615 if (result) 00616 return result; 00617 return memcmp(&i_desc1->minor, 00618 &i_desc2->minor, sizeof(i_desc1->minor)); 00619 }
static int dev_major_compare | ( | void * | desc1, | |
void * | desc2 | |||
) | [static] |
Definition at line 621 of file aci_data_structures.c.
References rsbac_dev_desc_t::major, and rsbac_dev_desc_t::type.
Referenced by register_dev_lists(), and rsbac_init_acl().
00622 { 00623 int result; 00624 struct rsbac_dev_desc_t *i_desc1 = desc1; 00625 struct rsbac_dev_desc_t *i_desc2 = desc2; 00626 00627 result = memcmp(&i_desc1->type, 00628 &i_desc2->type, sizeof(i_desc1->type)); 00629 if (result) 00630 return result; 00631 return memcmp(&i_desc1->major, 00632 &i_desc2->major, sizeof(i_desc1->major)); 00633 }
static u_int device_hash | ( | kdev_t | id | ) | [inline, static] |
Definition at line 309 of file aci_data_structures.c.
Referenced by add_device_item(), get_attr_fd(), lookup_aci_path_dentry(), remove_device_item(), rsbac_get_full_path(), rsbac_get_full_path_length(), rsbac_get_parent(), rsbac_get_super_block(), rsbac_mount(), rsbac_ta_remove_target(), rsbac_umount(), and set_attr_fd().
static int gen_dev_conv | ( | void * | old_desc, | |
void * | old_data, | |||
void * | new_desc, | |||
void * | new_data | |||
) | [static] |
Definition at line 738 of file aci_data_structures.c.
Referenced by gen_dev_get_conv().
00740 { 00741 struct rsbac_dev_desc_t *new = new_desc; 00742 struct rsbac_dev_t *old = old_desc; 00743 00744 memcpy(new_data, old_data, sizeof(struct rsbac_gen_dev_aci_t)); 00745 new->type = old->type; 00746 new->major = RSBAC_MAJOR(old->id); 00747 new->minor = RSBAC_MINOR(old->id); 00748 return 0; 00749 }
rsbac_list_conv_function_t* gen_dev_get_conv | ( | rsbac_version_t | old_version | ) |
Definition at line 751 of file aci_data_structures.c.
References gen_dev_conv(), NULL, and RSBAC_GEN_DEV_OLD_ACI_VERSION.
Referenced by register_dev_lists().
00752 { 00753 switch (old_version) { 00754 case RSBAC_GEN_DEV_OLD_ACI_VERSION: 00755 return gen_dev_conv; 00756 default: 00757 return NULL; 00758 } 00759 }
static int gen_fd_conv | ( | void * | old_desc, | |
void * | old_data, | |||
void * | new_desc, | |||
void * | new_data | |||
) | [static] |
Definition at line 663 of file aci_data_structures.c.
References rsbac_gen_fd_old_aci_t::auid_exempt, rsbac_gen_fd_aci_t::auid_exempt, rsbac_gen_fd_old_aci_t::fake_root_uid, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_gen_fd_old_aci_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_gen_fd_old_aci_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_gen_fd_old_aci_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_gen_fd_old_aci_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, rsbac_gen_fd_old_aci_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_gen_fd_old_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_gen_fd_old_aci_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid.
Referenced by gen_fd_get_conv().
00665 { 00666 struct rsbac_gen_fd_aci_t *new_aci = new_data; 00667 struct rsbac_gen_fd_old_aci_t *old_aci = old_data; 00668 00669 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 00670 new_aci->log_array_low = old_aci->log_array_low; 00671 new_aci->log_array_high = old_aci->log_array_high; 00672 new_aci->log_program_based = old_aci->log_program_based; 00673 new_aci->symlink_add_remote_ip = 0; 00674 new_aci->symlink_add_uid = old_aci->symlink_add_uid; 00675 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level; 00676 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role; 00677 new_aci->linux_dac_disable = old_aci->linux_dac_disable; 00678 new_aci->fake_root_uid = old_aci->fake_root_uid; 00679 new_aci->auid_exempt = old_aci->auid_exempt; 00680 return 0; 00681 }
rsbac_list_conv_function_t* gen_fd_get_conv | ( | rsbac_version_t | old_version | ) |
Definition at line 724 of file aci_data_structures.c.
References gen_fd_conv(), gen_fd_old_conv(), gen_fd_old_old_conv(), NULL, RSBAC_GEN_FD_OLD_ACI_VERSION, RSBAC_GEN_FD_OLD_OLD_ACI_VERSION, and RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION.
Referenced by register_fd_lists().
00725 { 00726 switch (old_version) { 00727 case RSBAC_GEN_FD_OLD_ACI_VERSION: 00728 return gen_fd_conv; 00729 case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION: 00730 return gen_fd_old_conv; 00731 case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION: 00732 return gen_fd_old_old_conv; 00733 default: 00734 return NULL; 00735 } 00736 }
static int gen_fd_old_conv | ( | void * | old_desc, | |
void * | old_data, | |||
void * | new_desc, | |||
void * | new_data | |||
) | [static] |
Definition at line 683 of file aci_data_structures.c.
References rsbac_gen_fd_aci_t::auid_exempt, rsbac_gen_fd_old_aci_t::fake_root_uid, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_gen_fd_old_aci_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_gen_fd_old_aci_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_gen_fd_old_aci_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_gen_fd_old_aci_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, RSBAC_NO_USER, rsbac_gen_fd_old_aci_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_gen_fd_old_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_gen_fd_old_aci_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid.
Referenced by gen_fd_get_conv().
00685 { 00686 struct rsbac_gen_fd_aci_t *new_aci = new_data; 00687 struct rsbac_gen_fd_old_aci_t *old_aci = old_data; 00688 00689 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 00690 new_aci->log_array_low = old_aci->log_array_low; 00691 new_aci->log_array_high = old_aci->log_array_high; 00692 new_aci->log_program_based = old_aci->log_program_based; 00693 new_aci->symlink_add_remote_ip = 0; 00694 new_aci->symlink_add_uid = old_aci->symlink_add_uid; 00695 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level; 00696 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role; 00697 new_aci->linux_dac_disable = old_aci->linux_dac_disable; 00698 new_aci->fake_root_uid = old_aci->fake_root_uid; 00699 new_aci->auid_exempt = RSBAC_NO_USER; 00700 return 0; 00701 }
static int gen_fd_old_old_conv | ( | void * | old_desc, | |
void * | old_data, | |||
void * | new_desc, | |||
void * | new_data | |||
) | [static] |
Definition at line 703 of file aci_data_structures.c.
References rsbac_gen_fd_aci_t::auid_exempt, rsbac_gen_fd_aci_t::fake_root_uid, FR_off, rsbac_gen_fd_old_old_aci_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_gen_fd_old_old_aci_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_gen_fd_old_old_aci_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_gen_fd_old_old_aci_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, RSBAC_NO_USER, rsbac_gen_fd_old_old_aci_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_gen_fd_old_old_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_gen_fd_old_old_aci_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid.
Referenced by gen_fd_get_conv().
00706 { 00707 struct rsbac_gen_fd_aci_t *new_aci = new_data; 00708 struct rsbac_gen_fd_old_old_aci_t *old_aci = old_data; 00709 00710 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 00711 new_aci->log_array_low = old_aci->log_array_low; 00712 new_aci->log_array_high = old_aci->log_array_high; 00713 new_aci->log_program_based = old_aci->log_program_based; 00714 new_aci->symlink_add_remote_ip = 0; 00715 new_aci->symlink_add_uid = old_aci->symlink_add_uid; 00716 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level; 00717 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role; 00718 new_aci->linux_dac_disable = old_aci->linux_dac_disable; 00719 new_aci->fake_root_uid = FR_off; 00720 new_aci->auid_exempt = RSBAC_NO_USER; 00721 return 0; 00722 }
static int get_attr_dev | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
struct rsbac_dev_desc_t | dev, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value, | |||
rsbac_boolean_t | inherit | |||
) | [static] |
Definition at line 9971 of file aci_data_structures.c.
References A_log_array_high, A_log_array_low, A_mac_categories, A_mac_check, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, D_block, D_block_major, D_char, D_char_major, DEFAULT_GEN_DEV_ACI, dev_handles, dev_major_handles, rsbac_gen_dev_aci_t::log_array_high, rsbac_attribute_value_t::log_array_high, rsbac_gen_dev_aci_t::log_array_low, rsbac_attribute_value_t::log_array_low, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_check, NULL, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::rc_type, RC_type_inherit_parent, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_RC_GENERAL_TYPE, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SW_GEN, and rsbac_dev_desc_t::type.
Referenced by rsbac_ta_get_attr().
09978 { 09979 int err = 0; 09980 /* rsbac_pr_debug(ds, "Getting dev attribute\n"); */ 09981 switch (module) { 09982 case SW_GEN: 09983 { 09984 struct rsbac_gen_dev_aci_t aci = 09985 DEFAULT_GEN_DEV_ACI; 09986 09987 rsbac_ta_list_get_data_ttl(ta_number, 09988 dev_handles.gen, 09989 NULL, &dev, &aci); 09990 switch (attr) { 09991 case A_log_array_low: 09992 value->log_array_low = aci.log_array_low; 09993 break; 09994 case A_log_array_high: 09995 value->log_array_high = aci.log_array_high; 09996 break; 09997 default: 09998 err = -RSBAC_EINVALIDATTR; 09999 } 10000 } 10001 break; 10002 10003 #if defined(CONFIG_RSBAC_MAC) 10004 case SW_MAC: 10005 { 10006 struct rsbac_mac_dev_aci_t aci = 10007 DEFAULT_MAC_DEV_ACI; 10008 10009 rsbac_ta_list_get_data_ttl(ta_number, 10010 dev_handles.mac, 10011 NULL, &dev, &aci); 10012 switch (attr) { 10013 case A_security_level: 10014 value->security_level = aci.sec_level; 10015 break; 10016 case A_mac_categories: 10017 value->mac_categories = aci.mac_categories; 10018 break; 10019 case A_mac_check: 10020 value->mac_check = aci.mac_check; 10021 break; 10022 10023 default: 10024 err = -RSBAC_EINVALIDATTR; 10025 } 10026 } 10027 break; 10028 #endif /* MAC */ 10029 10030 #if defined(CONFIG_RSBAC_PM) 10031 case SW_PM: 10032 { 10033 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI; 10034 10035 rsbac_ta_list_get_data_ttl(ta_number, 10036 dev_handles.pm, 10037 NULL, &dev, &aci); 10038 switch (attr) { 10039 case A_pm_object_class: 10040 value->pm_object_class = 10041 aci.pm_object_class; 10042 break; 10043 case A_pm_object_type: 10044 value->pm_object_type = aci.pm_object_type; 10045 break; 10046 default: 10047 err = -RSBAC_EINVALIDATTR; 10048 } 10049 } 10050 break; 10051 #endif /* PM */ 10052 10053 #if defined(CONFIG_RSBAC_RC) 10054 case SW_RC: 10055 { 10056 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE; 10057 10058 switch (dev.type) { 10059 case D_char: 10060 case D_block: 10061 if (rsbac_ta_list_get_data_ttl(ta_number, 10062 dev_handles. 10063 rc, NULL, 10064 &dev, &type) 10065 || ((type == RC_type_inherit_parent) 10066 && inherit) 10067 ) 10068 rsbac_ta_list_get_data_ttl 10069 (ta_number, 10070 dev_major_handles.rc, NULL, 10071 &dev, &type); 10072 break; 10073 case D_char_major: 10074 case D_block_major: 10075 dev.type -= (D_block_major - D_block); 10076 rsbac_ta_list_get_data_ttl(ta_number, 10077 dev_major_handles. 10078 rc, NULL, &dev, 10079 &type); 10080 break; 10081 default: 10082 return -RSBAC_EINVALIDTARGET; 10083 } 10084 switch (attr) { 10085 case A_rc_type: 10086 value->rc_type = type; 10087 break; 10088 10089 default: 10090 err = -RSBAC_EINVALIDATTR; 10091 } 10092 } 10093 break; 10094 #endif /* RC */ 10095 10096 default: 10097 err = -RSBAC_EINVALIDMODULE; 10098 } 10099 /* and return */ 10100 return err; 10101 }
static int get_attr_fd | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid_p, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value, | |||
rsbac_boolean_t | inherit | |||
) | [static] |
Definition at line 9177 of file aci_data_structures.c.
References A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_ld_env, A_daz_do_scan, A_daz_scanned, A_daz_scanner, A_fake_root_uid, A_ff_flags, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_file_flags, A_mac_prop_trusted, A_max_caps, A_min_caps, A_pax_flags, A_pm_object_class, A_pm_object_type, A_pm_tp, A_rc_force_role, A_rc_initial_role, A_rc_type_fd, A_res_max, A_res_min, A_security_level, A_symlink_add_mac_level, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, rsbac_gen_fd_aci_t::auid_exempt, rsbac_attribute_value_t::auid_exempt, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, rsbac_attribute_value_t::cap_ld_env, rsbac_attribute_value_t::daz_do_scan, DAZ_inherit, rsbac_attribute_value_t::daz_scanned, rsbac_attribute_value_t::daz_scanner, def_gen_root_dir_aci, DEFAULT_GEN_FD_ACI, device_hash(), device_list_locks, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_attribute_value_t::fake_root_uid, FALSE, FF_add_inherited, rsbac_attribute_value_t::ff_flags, FF_no_delete_or_rename, KERNEL_VERSION, LD_deny, LD_inherit, LDD_inherit, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_attribute_value_t::linux_dac_disable, rsbac_gen_fd_aci_t::log_array_high, rsbac_attribute_value_t::log_array_high, rsbac_gen_fd_aci_t::log_array_low, rsbac_attribute_value_t::log_array_low, rsbac_gen_fd_aci_t::log_program_based, rsbac_attribute_value_t::log_program_based, lookup_device(), MA_inherit, rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_file_flags, rsbac_attribute_value_t::mac_prop_trusted, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, rsbac_attribute_value_t::pax_flags, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::pm_tp, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_initial_role, RC_role_inherit_parent, rsbac_attribute_value_t::rc_type_fd, RC_type_inherit_parent, rsbac_attribute_value_t::res_array, RSBAC_EINVALIDATTR, RSBAC_EINVALIDDEV, RSBAC_EINVALIDMODULE, RSBAC_FF_DEF, rsbac_get_parent(), RSBAC_MAC_INHERIT_CAT_VECTOR, rsbac_mount(), RSBAC_PAX_DEF_FLAGS, rsbac_printk(), rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SL_inherit, SW_GEN, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_attribute_value_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_attribute_value_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_attribute_value_t::symlink_add_remote_ip, rsbac_gen_fd_aci_t::symlink_add_uid, rsbac_attribute_value_t::symlink_add_uid, and TRUE.
Referenced by rsbac_ta_get_attr().
09184 { 09185 int err = 0; 09186 struct rsbac_device_list_item_t *device_p; 09187 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 09188 u_long dflags; 09189 #endif 09190 #if defined(CONFIG_RSBAC_FF) 09191 rsbac_ff_flags_t ff_flags = 0; 09192 rsbac_ff_flags_t ff_tmp_flags; 09193 rsbac_ff_flags_t ff_mask = -1; 09194 #endif 09195 u_int hash; 09196 09197 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 09198 if (!RSBAC_MAJOR(tid_p->file.device) 09199 && !RSBAC_MINOR(tid_p->file.device) 09200 ) 09201 return -RSBAC_EINVALIDDEV; 09202 #endif 09203 /* use loop for inheritance - used to be recursive calls */ 09204 for (;;) { 09205 /* rsbac_pr_debug(ds, "Getting file/dir/fifo/" 09206 "symlink attribute %u for device %02u:%02u, " 09207 "inode %lu, dentry_p %p\n", attr, 09208 RSBAC_MAJOR(tid_p->file.device), 09209 RSBAC_MINOR(tid_p->file.device), 09210 (u_long)tid_p->file.inode, 09211 tid_p->file.dentry_p); */ 09212 hash = device_hash(tid_p->file.device); 09213 /* wait for read access to device_list_head */ 09214 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09215 rcu_read_lock(); 09216 #else 09217 rsbac_read_lock(&device_list_locks[hash], &dflags); 09218 #endif 09219 /* OK, go on */ 09220 /* rsbac_pr_debug(ds, "passed device read lock\n"); */ 09221 /* lookup device */ 09222 device_p = lookup_device(tid_p->file.device, hash); 09223 if (!device_p) { 09224 struct super_block *sb_p; 09225 09226 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09227 rcu_read_unlock(); 09228 #else 09229 rsbac_read_unlock(&device_list_locks[hash], &dflags); 09230 #endif 09231 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09232 sb_p = user_get_super(tid_p->file.device); 09233 #else 09234 sb_p = get_super(tid_p->file.device); 09235 #endif 09236 if (sb_p) { 09237 if(RSBAC_MAJOR(tid_p->file.device) <= 1) { 09238 rsbac_printk(KERN_INFO "rsbac_get_attr(): auto-mounting device %02u:%02u\n", 09239 RSBAC_MAJOR(tid_p->file. 09240 device), 09241 RSBAC_MINOR(tid_p->file. 09242 device)); 09243 rsbac_mount(sb_p, NULL); 09244 } 09245 /* free super_block pointer */ 09246 drop_super(sb_p); 09247 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09248 rcu_read_lock(); 09249 #else 09250 rsbac_read_lock(&device_list_locks[hash], 09251 &dflags); 09252 #endif 09253 device_p = 09254 lookup_device(tid_p->file.device, hash); 09255 if (!device_p) { 09256 rsbac_printk(KERN_WARNING "rsbac_get_attr(): unknown device %02u:%02u\n", 09257 RSBAC_MAJOR(tid_p-> 09258 file. 09259 device), 09260 RSBAC_MINOR(tid_p-> 09261 file. 09262 device)); 09263 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09264 rcu_read_unlock(); 09265 #else 09266 rsbac_read_unlock 09267 (&device_list_locks[hash], 09268 &dflags); 09269 #endif 09270 return -RSBAC_EINVALIDDEV; 09271 } 09272 } else 09273 return -RSBAC_EINVALIDDEV; 09274 } 09275 switch (module) { 09276 case SW_GEN: 09277 { 09278 struct rsbac_gen_fd_aci_t aci = 09279 DEFAULT_GEN_FD_ACI; 09280 09281 if (attr == A_internal) { 09282 if (!device_p->rsbac_dir_inode 09283 || !tid_p->file.inode) 09284 value->internal = FALSE; 09285 else if (device_p-> 09286 rsbac_dir_inode == 09287 tid_p->file.inode) 09288 value->internal = TRUE; 09289 else if (inherit) { 09290 enum rsbac_target_t 09291 parent_target; 09292 union rsbac_target_id_t 09293 parent_tid; 09294 09295 /* inheritance possible? */ 09296 if (!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) { /* yes: inherit this single level */ 09297 if (device_p-> 09298 rsbac_dir_inode 09299 == 09300 parent_tid. 09301 file.inode) 09302 value-> 09303 internal 09304 = TRUE; 09305 else 09306 value-> 09307 internal 09308 = 09309 FALSE; 09310 } else { 09311 value->internal = 09312 FALSE; 09313 } 09314 } else { 09315 value->internal = FALSE; 09316 } 09317 09318 /* free access to device_list_head */ 09319 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09320 rcu_read_unlock(); 09321 #else 09322 rsbac_read_unlock 09323 (&device_list_locks[hash], 09324 &dflags); 09325 #endif 09326 return 0; 09327 } 09328 rsbac_ta_list_get_data_ttl(ta_number, 09329 device_p-> 09330 handles.gen, 09331 NULL, 09332 &tid_p->file. 09333 inode, &aci); 09334 switch (attr) { 09335 case A_log_array_low: 09336 value->log_array_low = 09337 aci.log_array_low; 09338 break; 09339 case A_log_array_high: 09340 value->log_array_high = 09341 aci.log_array_high; 09342 break; 09343 case A_log_program_based: 09344 value->log_program_based = 09345 aci.log_program_based; 09346 break; 09347 case A_symlink_add_remote_ip: 09348 value->symlink_add_remote_ip = 09349 aci.symlink_add_remote_ip; 09350 break; 09351 case A_symlink_add_uid: 09352 value->symlink_add_uid = 09353 aci.symlink_add_uid; 09354 break; 09355 case A_symlink_add_mac_level: 09356 value->symlink_add_mac_level = 09357 aci.symlink_add_mac_level; 09358 break; 09359 case A_symlink_add_rc_role: 09360 value->symlink_add_rc_role = 09361 aci.symlink_add_rc_role; 09362 break; 09363 case A_linux_dac_disable: 09364 value->linux_dac_disable = 09365 aci.linux_dac_disable; 09366 if ((value->linux_dac_disable == 09367 LDD_inherit) && inherit) { 09368 enum rsbac_target_t 09369 parent_target; 09370 union rsbac_target_id_t 09371 parent_tid; 09372 09373 /* free access to device_list_head - see above */ 09374 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09375 rcu_read_unlock(); 09376 #else 09377 rsbac_read_unlock 09378 (&device_list_locks[hash], 09379 &dflags); 09380 #endif 09381 /* inheritance possible? */ 09382 if (!rsbac_get_parent 09383 (target, *tid_p, 09384 &parent_target, 09385 &parent_tid)) { 09386 target = 09387 parent_target; 09388 *tid_p = 09389 parent_tid; 09390 continue; 09391 } else { 09392 value-> 09393 linux_dac_disable 09394 = 09395 def_gen_root_dir_aci. 09396 linux_dac_disable; 09397 return 0; 09398 } 09399 } 09400 break; 09401 case A_fake_root_uid: 09402 value->fake_root_uid = 09403 aci.fake_root_uid; 09404 break; 09405 case A_auid_exempt: 09406 value->auid_exempt = 09407 aci.auid_exempt; 09408 break; 09409 default: 09410 err = -RSBAC_EINVALIDATTR; 09411 } 09412 } 09413 break; 09414 09415 #if defined(CONFIG_RSBAC_MAC) 09416 case SW_MAC: 09417 { 09418 struct rsbac_mac_fd_aci_t aci = 09419 DEFAULT_MAC_FD_ACI; 09420 09421 rsbac_ta_list_get_data_ttl(ta_number, 09422 device_p-> 09423 handles.mac, 09424 NULL, 09425 &tid_p->file. 09426 inode, &aci); 09427 switch (attr) { 09428 case A_security_level: 09429 value->security_level = 09430 aci.sec_level; 09431 if ((value->security_level == 09432 SL_inherit) && inherit) { 09433 enum rsbac_target_t 09434 parent_target; 09435 union rsbac_target_id_t 09436 parent_tid; 09437 09438 /* free access to device_list_head - see above */ 09439 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09440 rcu_read_unlock(); 09441 #else 09442 rsbac_read_unlock 09443 (&device_list_locks[hash], &dflags); 09444 #endif 09445 /* inheritance possible? */ 09446 if (!rsbac_get_parent 09447 (target, *tid_p, 09448 &parent_target, 09449 &parent_tid)) { 09450 target = 09451 parent_target; 09452 *tid_p = 09453 parent_tid; 09454 continue; 09455 } else { 09456 value-> 09457 security_level 09458 = 09459 def_mac_root_dir_aci. 09460 sec_level; 09461 return 0; 09462 } 09463 } 09464 break; 09465 case A_mac_categories: 09466 value->mac_categories = 09467 aci.mac_categories; 09468 if ((value->mac_categories == 09469 RSBAC_MAC_INHERIT_CAT_VECTOR) 09470 && inherit) { 09471 enum rsbac_target_t 09472 parent_target; 09473 union rsbac_target_id_t 09474 parent_tid; 09475 09476 /* free access to device_list_head - see above */ 09477 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09478 rcu_read_unlock(); 09479 #else 09480 rsbac_read_unlock 09481 (&device_list_locks[hash], &dflags); 09482 #endif 09483 /* inheritance possible? */ 09484 if (!rsbac_get_parent 09485 (target, *tid_p, 09486 &parent_target, 09487 &parent_tid)) { 09488 target = 09489 parent_target; 09490 *tid_p = 09491 parent_tid; 09492 continue; 09493 } else { 09494 value-> 09495 mac_categories 09496 = 09497 def_mac_root_dir_aci. 09498 mac_categories; 09499 return 0; 09500 } 09501 } 09502 break; 09503 case A_mac_auto: 09504 value->mac_auto = aci.mac_auto; 09505 if ((value->mac_auto == MA_inherit) 09506 && inherit) { 09507 enum rsbac_target_t 09508 parent_target; 09509 union rsbac_target_id_t 09510 parent_tid; 09511 09512 /* free access to device_list_head - see above */ 09513 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09514 rcu_read_unlock(); 09515 #else 09516 rsbac_read_unlock 09517 (&device_list_locks[hash], &dflags); 09518 #endif 09519 /* inheritance possible? */ 09520 if (!rsbac_get_parent 09521 (target, *tid_p, 09522 &parent_target, 09523 &parent_tid)) { 09524 target = 09525 parent_target; 09526 *tid_p = 09527 parent_tid; 09528 continue; 09529 } else { 09530 value->mac_auto 09531 = 09532 def_mac_root_dir_aci. 09533 mac_auto; 09534 return 0; 09535 } 09536 } 09537 break; 09538 case A_mac_prop_trusted: 09539 value->mac_prop_trusted = 09540 aci.mac_prop_trusted; 09541 break; 09542 case A_mac_file_flags: 09543 value->mac_file_flags = 09544 aci.mac_file_flags; 09545 break; 09546 09547 default: 09548 err = -RSBAC_EINVALIDATTR; 09549 } 09550 } 09551 break; 09552 #endif /* MAC */ 09553 09554 #if defined(CONFIG_RSBAC_PM) 09555 case SW_PM: 09556 { 09557 struct rsbac_pm_fd_aci_t aci = 09558 DEFAULT_PM_FD_ACI; 09559 09560 rsbac_ta_list_get_data_ttl(ta_number, 09561 device_p-> 09562 handles.pm, 09563 NULL, 09564 &tid_p->file. 09565 inode, &aci); 09566 switch (attr) { 09567 case A_pm_object_class: 09568 value->pm_object_class = 09569 aci.pm_object_class; 09570 break; 09571 case A_pm_tp: 09572 value->pm_tp = aci.pm_tp; 09573 break; 09574 case A_pm_object_type: 09575 value->pm_object_type = 09576 aci.pm_object_type; 09577 break; 09578 default: 09579 err = -RSBAC_EINVALIDATTR; 09580 } 09581 } 09582 break; 09583 #endif /* PM */ 09584 09585 #if defined(CONFIG_RSBAC_DAZ) 09586 case SW_DAZ: 09587 { 09588 #if defined(CONFIG_RSBAC_DAZ_CACHE) 09589 if (attr == A_daz_scanned) { 09590 err = rsbac_ta_list_get_data_ttl 09591 (ta_number, 09592 device_p->handles.dazs, 09593 NULL, &tid_p->file.inode, 09594 &value->daz_scanned); 09595 } else 09596 #endif 09597 { 09598 struct rsbac_daz_fd_aci_t aci = 09599 DEFAULT_DAZ_FD_ACI; 09600 09601 rsbac_ta_list_get_data_ttl 09602 (ta_number, 09603 device_p->handles.daz, 09604 NULL, &tid_p->file.inode, 09605 &aci); 09606 switch (attr) { 09607 case A_daz_scanner: 09608 value->daz_scanner = 09609 aci.daz_scanner; 09610 break; 09611 case A_daz_do_scan: 09612 value->daz_do_scan = aci.daz_do_scan; 09613 if( (value->daz_do_scan == DAZ_inherit) 09614 && inherit) { 09615 enum rsbac_target_t parent_target; 09616 union rsbac_target_id_t parent_tid; 09617 09618 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09619 rcu_read_unlock(); 09620 #else 09621 rsbac_read_unlock(&device_list_locks[hash], &dflags); 09622 #endif 09623 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) { 09624 target = parent_target; 09625 *tid_p = parent_tid; 09626 continue; 09627 } else { 09628 value->daz_do_scan 09629 = def_daz_root_dir_aci.daz_do_scan; 09630 return 0; 09631 } 09632 } 09633 break; 09634 default: 09635 err = -RSBAC_EINVALIDATTR; 09636 } 09637 } 09638 } 09639 break; 09640 #endif /* DAZ */ 09641 09642 #if defined(CONFIG_RSBAC_FF) 09643 case SW_FF: 09644 { 09645 switch (attr) { 09646 case A_ff_flags: 09647 ff_tmp_flags = RSBAC_FF_DEF; 09648 rsbac_ta_list_get_data_ttl 09649 (ta_number, 09650 device_p->handles.ff, 09651 NULL, 09652 &tid_p->file.inode, 09653 &ff_tmp_flags); 09654 ff_flags |= ff_tmp_flags & ff_mask; 09655 value->ff_flags = ff_flags; 09656 if ((ff_tmp_flags & 09657 FF_add_inherited) 09658 && inherit) { 09659 /* inheritance possible? */ 09660 if (!rsbac_get_parent 09661 (target, *tid_p, 09662 &target, tid_p)) { 09663 /* free access to device_list_head - see above */ 09664 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09665 rcu_read_unlock(); 09666 #else 09667 rsbac_read_unlock 09668 (&device_list_locks[hash], 09669 &dflags); 09670 #endif 09671 ff_mask &= 09672 ~ 09673 (FF_no_delete_or_rename 09674 | 09675 FF_add_inherited); 09676 ff_flags &= 09677 ~ 09678 (FF_add_inherited); 09679 continue; 09680 } else 09681 value->ff_flags &= 09682 ~ 09683 (FF_add_inherited); 09684 } 09685 break; 09686 09687 default: 09688 err = -RSBAC_EINVALIDATTR; 09689 } 09690 } 09691 break; 09692 #endif /* FF */ 09693 09694 #if defined(CONFIG_RSBAC_RC) 09695 case SW_RC: 09696 { 09697 struct rsbac_rc_fd_aci_t aci = 09698 DEFAULT_RC_FD_ACI; 09699 09700 rsbac_ta_list_get_data_ttl(ta_number, 09701 device_p-> 09702 handles.rc, 09703 NULL, 09704 &tid_p->file. 09705 inode, &aci); 09706 switch (attr) { 09707 case A_rc_type_fd: 09708 value->rc_type_fd = aci.rc_type_fd; 09709 if (value->rc_type_fd == 09710 RC_type_inherit_parent 09711 && inherit) { 09712 enum rsbac_target_t 09713 parent_target; 09714 union rsbac_target_id_t 09715 parent_tid; 09716 09717 /* free access to device_list_head - see above */ 09718 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09719 rcu_read_unlock(); 09720 #else 09721 rsbac_read_unlock 09722 (&device_list_locks[hash], &dflags); 09723 #endif 09724 /* inheritance possible? */ 09725 if (!rsbac_get_parent 09726 (target, *tid_p, 09727 &parent_target, 09728 &parent_tid)) { 09729 target = 09730 parent_target; 09731 *tid_p = 09732 parent_tid; 09733 continue; 09734 } else { 09735 value->rc_type_fd 09736 = 09737 def_rc_root_dir_aci. 09738 rc_type_fd; 09739 return 0; 09740 } 09741 } 09742 break; 09743 case A_rc_force_role: 09744 value->rc_force_role = 09745 aci.rc_force_role; 09746 if (value->rc_force_role == 09747 RC_role_inherit_parent 09748 && inherit) { 09749 enum rsbac_target_t 09750 parent_target; 09751 union rsbac_target_id_t 09752 parent_tid; 09753 09754 /* free access to device_list_head - see above */ 09755 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09756 rcu_read_unlock(); 09757 #else 09758 rsbac_read_unlock 09759 (&device_list_locks[hash], &dflags); 09760 #endif 09761 /* inheritance possible? */ 09762 if (!rsbac_get_parent 09763 (target, *tid_p, 09764 &parent_target, 09765 &parent_tid)) { 09766 target = 09767 parent_target; 09768 *tid_p = 09769 parent_tid; 09770 continue; 09771 } else { 09772 value-> 09773 rc_force_role = 09774 def_rc_root_dir_aci. 09775 rc_force_role; 09776 return 0; 09777 } 09778 } 09779 break; 09780 case A_rc_initial_role: 09781 value->rc_initial_role = 09782 aci.rc_initial_role; 09783 if (value->rc_initial_role == 09784 RC_role_inherit_parent 09785 && inherit) { 09786 enum rsbac_target_t 09787 parent_target; 09788 union rsbac_target_id_t 09789 parent_tid; 09790 09791 /* free access to device_list_head - see above */ 09792 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09793 rcu_read_unlock(); 09794 #else 09795 rsbac_read_unlock 09796 (&device_list_locks[hash], &dflags); 09797 #endif 09798 /* inheritance possible? */ 09799 if (!rsbac_get_parent 09800 (target, *tid_p, 09801 &parent_target, 09802 &parent_tid)) { 09803 target = 09804 parent_target; 09805 *tid_p = 09806 parent_tid; 09807 continue; 09808 } else { 09809 value-> 09810 rc_initial_role 09811 = 09812 def_rc_root_dir_aci. 09813 rc_initial_role; 09814 return 0; 09815 } 09816 } 09817 break; 09818 09819 default: 09820 err = -RSBAC_EINVALIDATTR; 09821 } 09822 } 09823 break; 09824 #endif /* RC */ 09825 09826 #if defined(CONFIG_RSBAC_AUTH) 09827 case SW_AUTH: 09828 { 09829 struct rsbac_auth_fd_aci_t aci = 09830 DEFAULT_AUTH_FD_ACI; 09831 09832 rsbac_ta_list_get_data_ttl(ta_number, 09833 device_p-> 09834 handles.auth, 09835 NULL, 09836 &tid_p->file. 09837 inode, &aci); 09838 switch (attr) { 09839 case A_auth_may_setuid: 09840 value->auth_may_setuid = 09841 aci.auth_may_setuid; 09842 break; 09843 case A_auth_may_set_cap: 09844 value->auth_may_set_cap = 09845 aci.auth_may_set_cap; 09846 break; 09847 case A_auth_learn: 09848 value->auth_learn = aci.auth_learn; 09849 break; 09850 default: 09851 err = -RSBAC_EINVALIDATTR; 09852 } 09853 } 09854 break; 09855 #endif /* AUTH */ 09856 09857 #if defined(CONFIG_RSBAC_CAP) 09858 case SW_CAP: 09859 { 09860 struct rsbac_cap_fd_aci_t aci = 09861 DEFAULT_CAP_FD_ACI; 09862 09863 rsbac_ta_list_get_data_ttl(ta_number, 09864 device_p-> 09865 handles.cap, 09866 NULL, 09867 &tid_p->file. 09868 inode, &aci); 09869 switch (attr) { 09870 case A_min_caps: 09871 value->min_caps = aci.min_caps; 09872 break; 09873 case A_max_caps: 09874 value->max_caps = aci.max_caps; 09875 break; 09876 case A_cap_ld_env: 09877 value->cap_ld_env = aci.cap_ld_env; 09878 if ((value->cap_ld_env == LD_inherit) && inherit) { 09879 enum rsbac_target_t parent_target; 09880 union rsbac_target_id_t parent_tid; 09881 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09882 rcu_read_unlock(); 09883 #else 09884 rsbac_read_unlock(&device_list_locks[hash], &dflags); 09885 #endif 09886 if (!rsbac_get_parent(target, 09887 *tid_p, 09888 &parent_target, 09889 &parent_tid)) { 09890 target = parent_target; 09891 *tid_p = parent_tid; 09892 continue; 09893 } else { 09894 value->cap_ld_env = LD_deny; 09895 return 0; 09896 } 09897 } 09898 break; 09899 default: 09900 err = -RSBAC_EINVALIDATTR; 09901 } 09902 } 09903 break; 09904 #endif /* CAP */ 09905 09906 #if defined(CONFIG_RSBAC_RES) 09907 case SW_RES: 09908 { 09909 struct rsbac_res_fd_aci_t aci = 09910 DEFAULT_RES_FD_ACI; 09911 09912 rsbac_ta_list_get_data_ttl(ta_number, 09913 device_p-> 09914 handles.res, 09915 NULL, 09916 &tid_p->file. 09917 inode, &aci); 09918 switch (attr) { 09919 case A_res_min: 09920 memcpy(&value->res_array, 09921 &aci.res_min, 09922 sizeof(aci.res_min)); 09923 break; 09924 case A_res_max: 09925 memcpy(&value->res_array, 09926 &aci.res_max, 09927 sizeof(aci.res_max)); 09928 break; 09929 default: 09930 err = -RSBAC_EINVALIDATTR; 09931 } 09932 } 09933 break; 09934 #endif /* RES */ 09935 09936 #if defined(CONFIG_RSBAC_PAX) 09937 case SW_PAX: 09938 { 09939 switch (attr) { 09940 case A_pax_flags: 09941 value->pax_flags = 09942 RSBAC_PAX_DEF_FLAGS; 09943 rsbac_ta_list_get_data_ttl 09944 (ta_number, 09945 device_p->handles.pax, 09946 NULL, &tid_p->file.inode, 09947 &value->pax_flags); 09948 break; 09949 09950 default: 09951 err = -RSBAC_EINVALIDATTR; 09952 } 09953 } 09954 break; 09955 #endif /* PAX */ 09956 09957 default: 09958 err = -RSBAC_EINVALIDMODULE; 09959 } 09960 /* free access to device_list_head */ 09961 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09962 rcu_read_unlock(); 09963 #else 09964 rsbac_read_unlock(&device_list_locks[hash], &dflags); 09965 #endif 09966 /* and return */ 09967 return err; 09968 } /* end of for(;;) loop for inheritance */ 09969 }
static int get_attr_ipc | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid_p, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value, | |||
rsbac_boolean_t | inherit | |||
) | [static] |
Definition at line 10103 of file aci_data_structures.c.
References A_jail_id, A_mac_categories, A_pm_ipc_purpose, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, rsbac_target_id_t::ipc, ipc_handles, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::mac_categories, NULL, rsbac_attribute_value_t::pm_ipc_purpose, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::rc_type, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_JAIL_DEF_ID, RSBAC_RC_GENERAL_TYPE, rsbac_ta_list_get_data_ttl(), and rsbac_attribute_value_t::security_level.
Referenced by rsbac_ta_get_attr().
10110 { 10111 int err = 0; 10112 /* rsbac_pr_debug(ds, "Getting ipc attribute\n"); */ 10113 /* lookup only, if not sock or (sock-id != NULL), OK with NULL fifo */ 10114 switch (module) { 10115 #if defined(CONFIG_RSBAC_MAC) 10116 case SW_MAC: 10117 { 10118 struct rsbac_mac_ipc_aci_t aci = 10119 DEFAULT_MAC_IPC_ACI; 10120 10121 rsbac_ta_list_get_data_ttl(ta_number, 10122 ipc_handles.mac, 10123 NULL, 10124 &tid_p->ipc, &aci); 10125 switch (attr) { 10126 case A_security_level: 10127 value->security_level = aci.sec_level; 10128 break; 10129 case A_mac_categories: 10130 value->mac_categories = aci.mac_categories; 10131 break; 10132 10133 default: 10134 err = -RSBAC_EINVALIDATTR; 10135 } 10136 } 10137 break; 10138 #endif /* MAC */ 10139 10140 #if defined(CONFIG_RSBAC_PM) 10141 case SW_PM: 10142 { 10143 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI; 10144 10145 rsbac_ta_list_get_data_ttl(ta_number, 10146 ipc_handles.pm, 10147 NULL, 10148 &tid_p->ipc, &aci); 10149 switch (attr) { 10150 case A_pm_object_class: 10151 value->pm_object_class = 10152 aci.pm_object_class; 10153 break; 10154 case A_pm_ipc_purpose: 10155 value->pm_ipc_purpose = aci.pm_ipc_purpose; 10156 break; 10157 case A_pm_object_type: 10158 value->pm_object_type = aci.pm_object_type; 10159 break; 10160 default: 10161 err = -RSBAC_EINVALIDATTR; 10162 } 10163 } 10164 break; 10165 #endif /* PM */ 10166 10167 #if defined(CONFIG_RSBAC_RC) 10168 case SW_RC: 10169 { 10170 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE; 10171 10172 rsbac_ta_list_get_data_ttl(ta_number, 10173 ipc_handles.rc, 10174 NULL, 10175 &tid_p->ipc, &type); 10176 switch (attr) { 10177 case A_rc_type: 10178 value->rc_type = type; 10179 break; 10180 10181 default: 10182 err = -RSBAC_EINVALIDATTR; 10183 } 10184 } 10185 break; 10186 #endif /* RC */ 10187 10188 #if defined(CONFIG_RSBAC_JAIL) 10189 case SW_JAIL: 10190 { 10191 rsbac_jail_id_t id = RSBAC_JAIL_DEF_ID; 10192 10193 rsbac_ta_list_get_data_ttl(ta_number, 10194 ipc_handles.jail, 10195 NULL, &tid_p->ipc, &id); 10196 switch (attr) { 10197 case A_jail_id: 10198 value->jail_id = id; 10199 break; 10200 10201 default: 10202 err = -RSBAC_EINVALIDATTR; 10203 } 10204 } 10205 break; 10206 #endif /* JAIL */ 10207 10208 default: 10209 err = -RSBAC_EINVALIDMODULE; 10210 } 10211 /* and return */ 10212 return err; 10213 }
static int get_attr_process | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid_p, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value, | |||
rsbac_boolean_t | inherit | |||
) | [static] |
Definition at line 10529 of file aci_data_structures.c.
References A_audit_uid, A_auid_exempt, A_auth_last_auth, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_ld_env, A_cap_process_hiding, A_current_sec_level, A_daz_scanner, A_fake_root_uid, A_initial_security_level, A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_parent, A_jail_scd_get, A_jail_scd_modify, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_curr_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_process_flags, A_max_caps_program, A_max_caps_user, A_max_read_categories, A_max_read_open, A_min_security_level, A_min_write_categories, A_min_write_open, A_pax_flags, A_pm_current_task, A_pm_process_type, A_pm_tp, A_rc_force_role, A_rc_role, A_rc_select_type, A_rc_type, A_remote_ip, A_security_level, rsbac_gen_process_aci_t::audit_uid, rsbac_attribute_value_t::audit_uid, rsbac_gen_process_aci_t::auid_exempt, rsbac_attribute_value_t::auid_exempt, rsbac_attribute_value_t::auth_last_auth, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, rsbac_attribute_value_t::cap_ld_env, rsbac_attribute_value_t::cap_process_hiding, rsbac_attribute_value_t::current_sec_level, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_P_ACI, rsbac_gen_process_aci_t::fake_root_uid, rsbac_attribute_value_t::fake_root_uid, FALSE, rsbac_attribute_value_t::jail_flags, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::jail_ip, rsbac_attribute_value_t::jail_max_caps, rsbac_attribute_value_t::jail_parent, rsbac_attribute_value_t::jail_scd_get, rsbac_attribute_value_t::jail_scd_modify, rsbac_gen_process_aci_t::kernel_thread, rsbac_gen_process_aci_t::log_program_based, rsbac_attribute_value_t::log_program_based, rsbac_attribute_value_t::mac_auto, MAC_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_process_flags, rsbac_attribute_value_t::max_caps_program, rsbac_attribute_value_t::max_caps_user, rsbac_attribute_value_t::max_read_open, rsbac_attribute_value_t::min_write_open, NULL, rsbac_attribute_value_t::pax_flags, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_process_type, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, process_handles, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_role, rsbac_attribute_value_t::rc_select_type, rsbac_attribute_value_t::rc_type, rsbac_gen_process_aci_t::remote_ip, rsbac_attribute_value_t::remote_ip, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_PAX_ALL_FLAGS, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SW_GEN, and TRUE.
Referenced by rsbac_ta_get_attr().
10536 { 10537 int err = 0; 10538 /* rsbac_pr_debug(ds, "Getting process attribute"); */ 10539 switch (module) { 10540 case SW_GEN: 10541 { 10542 struct rsbac_gen_process_aci_t aci = 10543 DEFAULT_GEN_P_ACI; 10544 10545 rsbac_ta_list_get_data_ttl(ta_number, 10546 process_handles.gen, 10547 NULL, &tid_p->process, 10548 &aci); 10549 switch (attr) { 10550 case A_log_program_based: 10551 value->log_program_based = 10552 aci.log_program_based; 10553 break; 10554 case A_fake_root_uid: 10555 value->fake_root_uid = aci.fake_root_uid; 10556 break; 10557 case A_audit_uid: 10558 value->audit_uid = aci.audit_uid; 10559 break; 10560 case A_auid_exempt: 10561 value->auid_exempt = aci.auid_exempt; 10562 break; 10563 case A_remote_ip: 10564 value->remote_ip = aci.remote_ip; 10565 break; 10566 case A_kernel_thread: 10567 value->kernel_thread = aci.kernel_thread; 10568 break; 10569 default: 10570 err = -RSBAC_EINVALIDATTR; 10571 } 10572 } 10573 break; 10574 10575 #if defined(CONFIG_RSBAC_MAC) 10576 case SW_MAC: 10577 { 10578 struct rsbac_mac_process_aci_t aci = 10579 DEFAULT_MAC_P_ACI; 10580 10581 rsbac_ta_list_get_data_ttl(ta_number, 10582 process_handles.mac, 10583 NULL, &tid_p->process, 10584 &aci); 10585 switch (attr) { 10586 case A_security_level: 10587 value->security_level = 10588 aci.owner_sec_level; 10589 break; 10590 case A_initial_security_level: 10591 value->security_level = 10592 aci.owner_initial_sec_level; 10593 break; 10594 case A_min_security_level: 10595 value->security_level = 10596 aci.owner_min_sec_level; 10597 break; 10598 case A_mac_categories: 10599 value->mac_categories = 10600 aci.mac_owner_categories; 10601 break; 10602 case A_mac_initial_categories: 10603 value->mac_categories = 10604 aci.mac_owner_initial_categories; 10605 break; 10606 case A_mac_min_categories: 10607 value->mac_categories = 10608 aci.mac_owner_min_categories; 10609 break; 10610 case A_current_sec_level: 10611 value->current_sec_level = 10612 aci.current_sec_level; 10613 break; 10614 case A_mac_curr_categories: 10615 value->mac_categories = 10616 aci.mac_curr_categories; 10617 break; 10618 case A_min_write_open: 10619 value->min_write_open = aci.min_write_open; 10620 break; 10621 case A_min_write_categories: 10622 value->mac_categories = 10623 aci.min_write_categories; 10624 break; 10625 case A_max_read_open: 10626 value->max_read_open = aci.max_read_open; 10627 break; 10628 case A_max_read_categories: 10629 value->mac_categories = 10630 aci.max_read_categories; 10631 break; 10632 case A_mac_process_flags: 10633 value->mac_process_flags = 10634 aci.mac_process_flags; 10635 break; 10636 case A_mac_auto: 10637 if (aci.mac_process_flags & MAC_auto) 10638 value->mac_auto = TRUE; 10639 else 10640 value->mac_auto = FALSE; 10641 break; 10642 10643 default: 10644 err = -RSBAC_EINVALIDATTR; 10645 } 10646 } 10647 break; 10648 #endif /* MAC */ 10649 10650 #if defined(CONFIG_RSBAC_PM) 10651 case SW_PM: 10652 { 10653 struct rsbac_pm_process_aci_t aci = 10654 DEFAULT_PM_P_ACI; 10655 10656 rsbac_ta_list_get_data_ttl(ta_number, 10657 process_handles.pm, 10658 NULL, 10659 &tid_p->process, &aci); 10660 switch (attr) { 10661 case A_pm_tp: 10662 value->pm_tp = aci.pm_tp; 10663 break; 10664 case A_pm_current_task: 10665 value->pm_current_task = 10666 aci.pm_current_task; 10667 break; 10668 case A_pm_process_type: 10669 value->pm_process_type = 10670 aci.pm_process_type; 10671 break; 10672 default: 10673 err = -RSBAC_EINVALIDATTR; 10674 } 10675 } 10676 break; 10677 #endif /* PM */ 10678 10679 #if defined(CONFIG_RSBAC_DAZ) 10680 case SW_DAZ: 10681 { 10682 struct rsbac_daz_process_aci_t aci = 10683 DEFAULT_DAZ_P_ACI; 10684 10685 rsbac_ta_list_get_data_ttl(ta_number, 10686 process_handles.daz, 10687 NULL, 10688 &tid_p->process, &aci); 10689 switch (attr) { 10690 case A_daz_scanner: 10691 value->daz_scanner = aci.daz_scanner; 10692 break; 10693 default: 10694 err = -RSBAC_EINVALIDATTR; 10695 } 10696 } 10697 break; 10698 #endif /* DAZ */ 10699 10700 #if defined(CONFIG_RSBAC_RC) 10701 case SW_RC: 10702 { 10703 struct rsbac_rc_process_aci_t aci = 10704 DEFAULT_RC_P_ACI; 10705 10706 rsbac_ta_list_get_data_ttl(ta_number, 10707 process_handles.rc, 10708 NULL, &tid_p->process, 10709 &aci); 10710 switch (attr) { 10711 case A_rc_role: 10712 value->rc_role = aci.rc_role; 10713 break; 10714 case A_rc_type: 10715 value->rc_type = aci.rc_type; 10716 break; 10717 case A_rc_select_type: 10718 value->rc_select_type = aci.rc_select_type; 10719 break; 10720 case A_rc_force_role: 10721 value->rc_force_role = aci.rc_force_role; 10722 break; 10723 default: 10724 err = -RSBAC_EINVALIDATTR; 10725 } 10726 } 10727 break; 10728 #endif /* RC */ 10729 10730 #if defined(CONFIG_RSBAC_AUTH) 10731 case SW_AUTH: 10732 { 10733 struct rsbac_auth_process_aci_t aci = 10734 DEFAULT_AUTH_P_ACI; 10735 10736 rsbac_ta_list_get_data_ttl(ta_number, 10737 process_handles.auth, 10738 NULL, 10739 &tid_p->process, &aci); 10740 switch (attr) { 10741 case A_auth_may_setuid: 10742 value->auth_may_setuid = 10743 aci.auth_may_setuid; 10744 break; 10745 case A_auth_may_set_cap: 10746 value->auth_may_set_cap = 10747 aci.auth_may_set_cap; 10748 break; 10749 #if defined(CONFIG_RSBAC_AUTH_LEARN) 10750 case A_auth_program_file: 10751 value->auth_program_file = 10752 aci.auth_program_file; 10753 break; 10754 case A_auth_start_uid: 10755 value->auth_start_uid = aci.auth_start_uid; 10756 break; 10757 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 10758 case A_auth_start_euid: 10759 value->auth_start_euid = 10760 aci.auth_start_euid; 10761 break; 10762 #endif 10763 #ifdef CONFIG_RSBAC_AUTH_GROUP 10764 case A_auth_start_gid: 10765 value->auth_start_gid = aci.auth_start_gid; 10766 break; 10767 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 10768 case A_auth_start_egid: 10769 value->auth_start_egid = 10770 aci.auth_start_egid; 10771 break; 10772 #endif 10773 #endif 10774 case A_auth_learn: 10775 value->auth_learn = aci.auth_learn; 10776 break; 10777 #else 10778 case A_auth_learn: 10779 value->auth_learn = FALSE; 10780 break; 10781 #endif 10782 case A_auth_last_auth: 10783 value->auth_last_auth = aci.auth_last_auth; 10784 break; 10785 default: 10786 err = -RSBAC_EINVALIDATTR; 10787 } 10788 } 10789 break; 10790 #endif /* AUTH */ 10791 10792 #if defined(CONFIG_RSBAC_CAP) 10793 case SW_CAP: 10794 { 10795 struct rsbac_cap_process_aci_t aci = 10796 DEFAULT_CAP_P_ACI; 10797 10798 rsbac_ta_list_get_data_ttl(ta_number, 10799 process_handles.cap, 10800 NULL, 10801 &tid_p->process, &aci); 10802 switch (attr) { 10803 case A_cap_process_hiding: 10804 value->cap_process_hiding = 10805 aci.cap_process_hiding; 10806 break; 10807 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING 10808 case A_max_caps_user: 10809 value->max_caps_user = aci.max_caps_user; 10810 break; 10811 case A_max_caps_program: 10812 value->max_caps_program = 10813 aci.max_caps_program; 10814 break; 10815 #endif 10816 case A_cap_ld_env: 10817 value->cap_ld_env = aci.cap_ld_env; 10818 break; 10819 default: 10820 err = -RSBAC_EINVALIDATTR; 10821 } 10822 } 10823 break; 10824 #endif /* CAP */ 10825 10826 #if defined(CONFIG_RSBAC_JAIL) 10827 case SW_JAIL: 10828 { 10829 struct rsbac_jail_process_aci_t aci = 10830 DEFAULT_JAIL_P_ACI; 10831 10832 rsbac_ta_list_get_data_ttl(ta_number, 10833 process_handles.jail, 10834 NULL, &tid_p->process, 10835 &aci); 10836 switch (attr) { 10837 case A_jail_id: 10838 value->jail_id = aci.id; 10839 break; 10840 case A_jail_parent: 10841 value->jail_parent = aci.parent; 10842 break; 10843 case A_jail_ip: 10844 value->jail_ip = aci.ip; 10845 break; 10846 case A_jail_flags: 10847 value->jail_flags = aci.flags; 10848 break; 10849 case A_jail_max_caps: 10850 value->jail_max_caps = aci.max_caps; 10851 break; 10852 case A_jail_scd_get: 10853 value->jail_scd_get = aci.scd_get; 10854 break; 10855 case A_jail_scd_modify: 10856 value->jail_scd_modify = aci.scd_modify; 10857 break; 10858 default: 10859 err = -RSBAC_EINVALIDATTR; 10860 } 10861 } 10862 break; 10863 #endif /* JAIL */ 10864 10865 #if defined(CONFIG_RSBAC_PAX) 10866 case SW_PAX: 10867 { 10868 struct task_struct *task_p; 10869 10870 switch (attr) { 10871 case A_pax_flags: 10872 read_lock(&tasklist_lock); 10873 task_p = find_task_by_pid(tid_p->process); 10874 if (task_p) { 10875 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10) 10876 #if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) 10877 if (task_p->mm) 10878 value->pax_flags = 10879 task_p->mm-> 10880 pax_flags & 10881 RSBAC_PAX_ALL_FLAGS; 10882 else 10883 #endif 10884 value->pax_flags = 0; 10885 #else 10886 value->pax_flags = 10887 task_p-> 10888 flags & RSBAC_PAX_ALL_FLAGS; 10889 #endif 10890 } else 10891 err = -RSBAC_EINVALIDTARGET; 10892 read_unlock(&tasklist_lock); 10893 break; 10894 default: 10895 err = -RSBAC_EINVALIDATTR; 10896 } 10897 } 10898 break; 10899 #endif /* PAX */ 10900 10901 default: 10902 err = -RSBAC_EINVALIDMODULE; 10903 } 10904 return err; 10905 }
static int get_attr_user | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid_p, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value, | |||
rsbac_boolean_t | inherit | |||
) | [static] |
Definition at line 10215 of file aci_data_structures.c.
References A_auth_role, A_cap_ld_env, A_cap_role, A_daz_role, A_ff_role, A_initial_security_level, A_jail_role, A_log_user_based, A_mac_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_role, A_mac_user_flags, A_max_caps, A_min_caps, A_min_security_level, A_pax_role, A_pm_role, A_pm_task_set, A_pseudo, A_rc_def_role, A_rc_type, A_res_max, A_res_min, A_res_role, A_security_level, A_system_role, rsbac_attribute_value_t::cap_ld_env, DEFAULT_GEN_U_ACI, rsbac_gen_user_aci_t::log_user_based, rsbac_attribute_value_t::log_user_based, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_user_flags, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, rsbac_attribute_value_t::pm_role, rsbac_attribute_value_t::pm_task_set, rsbac_gen_user_aci_t::pseudo, rsbac_attribute_value_t::pseudo, rsbac_attribute_value_t::rc_def_role, rsbac_attribute_value_t::rc_type, rsbac_attribute_value_t::res_array, RSBAC_ALL_USERS, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SR_user, SW_GEN, rsbac_attribute_value_t::system_role, rsbac_target_id_t::user, and user_handles.
Referenced by rsbac_ta_get_attr().
10222 { 10223 int err = 0; 10224 /* rsbac_pr_debug(ds, "Getting user attribute\n"); */ 10225 switch (module) { 10226 case SW_GEN: 10227 { 10228 struct rsbac_gen_user_aci_t aci = 10229 DEFAULT_GEN_U_ACI; 10230 10231 rsbac_ta_list_get_data_ttl(ta_number, 10232 user_handles.gen, 10233 NULL, 10234 &tid_p->user, &aci); 10235 switch (attr) { 10236 case A_pseudo: 10237 value->pseudo = aci.pseudo; 10238 break; 10239 case A_log_user_based: 10240 value->log_user_based = aci.log_user_based; 10241 break; 10242 default: 10243 err = -RSBAC_EINVALIDATTR; 10244 } 10245 } 10246 break; 10247 10248 #if defined(CONFIG_RSBAC_MAC) 10249 case SW_MAC: 10250 { 10251 struct rsbac_mac_user_aci_t aci = 10252 DEFAULT_MAC_U_ACI; 10253 10254 rsbac_ta_list_get_data_ttl(ta_number, 10255 user_handles.mac, 10256 NULL, 10257 &tid_p->user, &aci); 10258 switch (attr) { 10259 case A_security_level: 10260 value->security_level = aci.security_level; 10261 break; 10262 case A_initial_security_level: 10263 value->security_level = 10264 aci.initial_security_level; 10265 break; 10266 case A_min_security_level: 10267 value->security_level = 10268 aci.min_security_level; 10269 break; 10270 case A_mac_categories: 10271 value->mac_categories = aci.mac_categories; 10272 break; 10273 case A_mac_initial_categories: 10274 value->mac_categories = 10275 aci.mac_initial_categories; 10276 break; 10277 case A_mac_min_categories: 10278 value->mac_categories = 10279 aci.mac_min_categories; 10280 break; 10281 case A_system_role: 10282 case A_mac_role: 10283 value->system_role = aci.system_role; 10284 break; 10285 case A_mac_user_flags: 10286 value->mac_user_flags = aci.mac_user_flags; 10287 break; 10288 10289 default: 10290 err = -RSBAC_EINVALIDATTR; 10291 } 10292 } 10293 break; 10294 #endif /* MAC */ 10295 10296 #if defined(CONFIG_RSBAC_PM) 10297 case SW_PM: 10298 { 10299 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI; 10300 10301 rsbac_ta_list_get_data_ttl(ta_number, 10302 user_handles.pm, 10303 NULL, 10304 &tid_p->user, &aci); 10305 switch (attr) { 10306 case A_pm_task_set: 10307 value->pm_task_set = aci.pm_task_set; 10308 break; 10309 case A_pm_role: 10310 value->pm_role = aci.pm_role; 10311 break; 10312 default: 10313 err = -RSBAC_EINVALIDATTR; 10314 } 10315 } 10316 break; 10317 #endif /* PM */ 10318 10319 #if defined(CONFIG_RSBAC_DAZ) 10320 case SW_DAZ: 10321 { 10322 rsbac_system_role_int_t role = SR_user; 10323 10324 rsbac_ta_list_get_data_ttl(ta_number, 10325 user_handles.daz, 10326 NULL, 10327 &tid_p->user, &role); 10328 switch (attr) { 10329 case A_system_role: 10330 case A_daz_role: 10331 value->system_role = role; 10332 break; 10333 10334 default: 10335 err = -RSBAC_EINVALIDATTR; 10336 } 10337 } 10338 break; 10339 #endif /* DAZ */ 10340 10341 #if defined(CONFIG_RSBAC_FF) 10342 case SW_FF: 10343 { 10344 rsbac_system_role_int_t role = SR_user; 10345 10346 rsbac_ta_list_get_data_ttl(ta_number, 10347 user_handles.ff, 10348 NULL, 10349 &tid_p->user, &role); 10350 switch (attr) { 10351 case A_system_role: 10352 case A_ff_role: 10353 value->system_role = role; 10354 break; 10355 10356 default: 10357 err = -RSBAC_EINVALIDATTR; 10358 } 10359 } 10360 break; 10361 #endif /* FF */ 10362 10363 #if defined(CONFIG_RSBAC_RC) 10364 case SW_RC: 10365 { 10366 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI; 10367 10368 rsbac_ta_list_get_data_ttl(ta_number, 10369 user_handles.rc, 10370 NULL, 10371 &tid_p->user, &aci); 10372 switch (attr) { 10373 case A_rc_def_role: 10374 value->rc_def_role = aci.rc_role; 10375 break; 10376 case A_rc_type: 10377 value->rc_type = aci.rc_type; 10378 break; 10379 default: 10380 err = -RSBAC_EINVALIDATTR; 10381 } 10382 } 10383 break; 10384 #endif /* RC */ 10385 10386 #if defined(CONFIG_RSBAC_AUTH) 10387 case SW_AUTH: 10388 { 10389 rsbac_system_role_int_t role = SR_user; 10390 10391 rsbac_ta_list_get_data_ttl(ta_number, 10392 user_handles.auth, 10393 NULL, 10394 &tid_p->user, &role); 10395 switch (attr) { 10396 case A_system_role: 10397 case A_auth_role: 10398 value->system_role = role; 10399 break; 10400 10401 default: 10402 err = -RSBAC_EINVALIDATTR; 10403 } 10404 } 10405 break; 10406 #endif /* AUTH */ 10407 10408 #if defined(CONFIG_RSBAC_CAP) 10409 case SW_CAP: 10410 { 10411 struct rsbac_cap_user_aci_t aci = 10412 DEFAULT_CAP_U_ACI; 10413 10414 rsbac_ta_list_get_data_ttl(ta_number, 10415 user_handles.cap, 10416 NULL, 10417 &tid_p->user, &aci); 10418 switch (attr) { 10419 case A_system_role: 10420 case A_cap_role: 10421 value->system_role = aci.cap_role; 10422 break; 10423 case A_min_caps: 10424 value->min_caps = aci.min_caps; 10425 break; 10426 case A_max_caps: 10427 value->max_caps = aci.max_caps; 10428 break; 10429 case A_cap_ld_env: 10430 value->cap_ld_env = aci.cap_ld_env; 10431 break; 10432 default: 10433 err = -RSBAC_EINVALIDATTR; 10434 } 10435 } 10436 break; 10437 #endif /* CAP */ 10438 10439 #if defined(CONFIG_RSBAC_JAIL) 10440 case SW_JAIL: 10441 { 10442 rsbac_system_role_int_t role = SR_user; 10443 10444 rsbac_ta_list_get_data_ttl(ta_number, 10445 user_handles.jail, 10446 NULL, 10447 &tid_p->user, &role); 10448 switch (attr) { 10449 case A_system_role: 10450 case A_jail_role: 10451 value->system_role = role; 10452 break; 10453 10454 default: 10455 err = -RSBAC_EINVALIDATTR; 10456 } 10457 } 10458 break; 10459 #endif /* JAIL */ 10460 10461 #if defined(CONFIG_RSBAC_RES) 10462 case SW_RES: 10463 { 10464 struct rsbac_res_user_aci_t aci = 10465 DEFAULT_RES_U_ACI; 10466 10467 if (rsbac_ta_list_get_data_ttl(ta_number, 10468 user_handles.res, 10469 NULL, 10470 &tid_p->user, &aci) 10471 && (tid_p->user != RSBAC_ALL_USERS) 10472 ) { 10473 tid_p->user = RSBAC_ALL_USERS; 10474 rsbac_ta_list_get_data_ttl(ta_number, 10475 user_handles. 10476 res, NULL, 10477 &tid_p->user, 10478 &aci); 10479 } 10480 switch (attr) { 10481 case A_system_role: 10482 case A_res_role: 10483 value->system_role = aci.res_role; 10484 break; 10485 case A_res_min: 10486 memcpy(&value->res_array, &aci.res_min, 10487 sizeof(aci.res_min)); 10488 break; 10489 case A_res_max: 10490 memcpy(&value->res_array, &aci.res_max, 10491 sizeof(aci.res_max)); 10492 break; 10493 default: 10494 err = -RSBAC_EINVALIDATTR; 10495 } 10496 } 10497 break; 10498 #endif /* RES */ 10499 10500 #if defined(CONFIG_RSBAC_PAX) 10501 case SW_PAX: 10502 { 10503 rsbac_system_role_int_t role = SR_user; 10504 10505 rsbac_ta_list_get_data_ttl(ta_number, 10506 user_handles.pax, 10507 NULL, 10508 &tid_p->user, &role); 10509 switch (attr) { 10510 case A_system_role: 10511 case A_pax_role: 10512 value->system_role = role; 10513 break; 10514 10515 default: 10516 err = -RSBAC_EINVALIDATTR; 10517 } 10518 } 10519 break; 10520 #endif /* PAX */ 10521 10522 default: 10523 err = -RSBAC_EINVALIDMODULE; 10524 } 10525 /* and return */ 10526 return err; 10527 }
static int ipc_compare | ( | void * | desc1, | |
void * | desc2 | |||
) | [static] |
Definition at line 635 of file aci_data_structures.c.
References rsbac_ipc_t::id, rsbac_ipc_id_t::id_nr, and rsbac_ipc_t::type.
Referenced by copy_new_ipcs(), and register_ipc_lists().
00636 { 00637 int result; 00638 struct rsbac_ipc_t *i_desc1 = desc1; 00639 struct rsbac_ipc_t *i_desc2 = desc2; 00640 00641 result = memcmp(&i_desc1->type, 00642 &i_desc2->type, sizeof(i_desc1->type)); 00643 if (result) 00644 return result; 00645 else 00646 return memcmp(&i_desc1->id.id_nr, 00647 &i_desc2->id.id_nr, 00648 sizeof(i_desc1->id.id_nr)); 00649 }
static int lookup_aci_path_dentry | ( | struct super_block * | sb_p, | |
struct dentry ** | dir_dentry_pp, | |||
rsbac_boolean_t | create_dir, | |||
kdev_t | kdev | |||
) | [static] |
Definition at line 358 of file aci_data_structures.c.
References device_hash(), device_list_locks, lookup_device(), NULL, RSBAC_EACCESS, RSBAC_ECOULDNOTCREATEPATH, RSBAC_EINVALIDDEV, RSBAC_EINVALIDPOINTER, RSBAC_ENOROOTDIR, RSBAC_ENOTFOUND, RSBAC_ENOTWRITABLE, RSBAC_EPATHTOOLONG, rsbac_get_super_block(), rsbac_lookup_one_len(), rsbac_pr_debug, rsbac_printk(), SOCKFS_MAGIC, and writable().
Referenced by rsbac_read_open(), and rsbac_write_open().
00361 { 00362 struct dentry *dir_dentry_p = NULL; 00363 struct dentry *root_dentry_p = NULL; 00364 int err = 0; 00365 struct rsbac_device_list_item_t *device_p; 00366 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00367 u_long dflags; 00368 #endif 00369 u_int hash; 00370 00371 if (!dir_dentry_pp) 00372 return (-RSBAC_EINVALIDPOINTER); 00373 00374 if (!sb_p) { 00375 sb_p = rsbac_get_super_block(kdev); 00376 if (!sb_p) { 00377 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): invalid device %02u:%02u\n", 00378 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 00379 return (-RSBAC_EINVALIDDEV); 00380 } 00381 } 00382 00383 /* pipefs must not be read from */ 00384 if ((sb_p->s_magic == PIPEFS_MAGIC) 00385 || (sb_p->s_magic == SOCKFS_MAGIC) 00386 ) { 00387 return -RSBAC_ENOTFOUND; 00388 } 00389 hash = device_hash(kdev); 00390 00391 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00392 rcu_read_lock(); 00393 #else 00394 rsbac_read_lock(&device_list_locks[hash], &dflags); 00395 #endif 00396 device_p = lookup_device(kdev, hash); 00397 if (!device_p) { 00398 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): No entry for device %02u:%02u\n", 00399 MAJOR(kdev), MINOR(kdev)); 00400 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00401 rcu_read_unlock(); 00402 #else 00403 rsbac_read_unlock(&device_list_locks[hash], &dflags); 00404 #endif 00405 return (-RSBAC_EINVALIDDEV); 00406 } 00407 /* already looked up earlier? */ 00408 if (device_p->rsbac_dir_dentry_p) { 00409 *dir_dentry_pp = device_p->rsbac_dir_dentry_p; 00410 rsbac_pr_debug(ds, "device_p->rsbac_dir_dentry_p->d_count " 00411 "for device %02u:%02u is %i!\n", 00412 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), 00413 atomic_read(&device_p->rsbac_dir_dentry_p->d_count)); 00414 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00415 rcu_read_unlock(); 00416 #else 00417 rsbac_read_unlock(&device_list_locks[hash], &dflags); 00418 #endif 00419 return 0; 00420 } 00421 /* Must unlock here for the lookup */ 00422 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00423 rcu_read_unlock(); 00424 #else 00425 rsbac_read_unlock(&device_list_locks[hash], &dflags); 00426 #endif 00427 rsbac_pr_debug(ds, "first time lookup for or non-existing %s on device " 00428 "%02u:%02u!\n", RSBAC_ACI_PATH, 00429 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 00430 if (!sb_p->s_root) { 00431 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n", 00432 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 00433 err = -RSBAC_EINVALIDDEV; 00434 goto out; 00435 } 00436 00437 if (!sb_p->s_root->d_inode) { 00438 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n", 00439 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 00440 err = -RSBAC_EINVALIDDEV; 00441 goto out; 00442 } 00443 00444 /* lookup dentry of ACI_PATH on this device */ 00445 rsbac_pr_debug(ds, "lookup rsbac path %s for device %02u:%02u, " 00446 "sb_p->s_root->d_count is %i!\n", 00447 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), 00448 MINOR(sb_p->s_dev), 00449 atomic_read(&sb_p->s_root->d_count)); 00450 dir_dentry_p = 00451 rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root, 00452 strlen(RSBAC_ACI_PATH)); 00453 if (IS_ERR(dir_dentry_p)) 00454 switch (PTR_ERR(dir_dentry_p)) { 00455 case -ENOENT: 00456 case -ENOTDIR: 00457 err = -RSBAC_ENOTFOUND; 00458 goto out; 00459 case -ENOMEM: 00460 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): memory allocation error!\n"); 00461 err = -RSBAC_ENOROOTDIR; 00462 goto out; 00463 case -ENAMETOOLONG: 00464 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n"); 00465 err = -RSBAC_EPATHTOOLONG; 00466 goto out; 00467 case -EACCES: 00468 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): No access to ACI_PATH!\n"); 00469 err = -RSBAC_EACCESS; 00470 goto out; 00471 default: 00472 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Error on root dir: %li!\n", 00473 PTR_ERR(dir_dentry_p)); 00474 err = -RSBAC_ENOROOTDIR; 00475 goto out; 00476 } 00477 00478 if (!dir_dentry_p) { 00479 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n"); 00480 err = -RSBAC_EINVALIDPOINTER; 00481 goto out; 00482 } 00483 if (!dir_dentry_p->d_inode) { /* dir could not be found -> try to create it */ 00484 /* but only, if allowed... */ 00485 if (!create_dir) { 00486 err = -RSBAC_ENOTFOUND; 00487 goto out_dir_dput; 00488 } 00489 rsbac_pr_debug(ds, "try to create dir, first test writable!\n"); 00490 /* ... and writable. */ 00491 if (!writable(sb_p)) { /* mounted read only or special case */ 00492 err = -RSBAC_ENOTWRITABLE; 00493 goto out_dir_dput; 00494 } 00495 root_dentry_p = lock_parent(dir_dentry_p); 00496 err = PTR_ERR(root_dentry_p); 00497 if (IS_ERR(root_dentry_p)) { 00498 err = -RSBAC_ECOULDNOTCREATEPATH; 00499 goto out_dir_dput; 00500 } 00501 if (!root_dentry_p->d_inode 00502 || !root_dentry_p->d_inode->i_op 00503 || !root_dentry_p->d_inode->i_op->mkdir) { 00504 unlock_dir(root_dentry_p); 00505 err = -RSBAC_ECOULDNOTCREATEPATH; 00506 goto out_dir_dput; 00507 } 00508 DQUOT_INIT(root_dentry_p->d_inode); 00509 err = 00510 root_dentry_p->d_inode->i_op->mkdir(root_dentry_p-> 00511 d_inode, 00512 dir_dentry_p, 00513 RSBAC_ACI_DIR_MODE); 00514 unlock_dir(root_dentry_p); 00515 if (err) { 00516 err = -RSBAC_ECOULDNOTCREATEPATH; 00517 goto out_dir_dput; 00518 } 00519 } else { /* was found */ 00520 /* check, whether this is a dir */ 00521 if (!S_ISDIR(dir_dentry_p->d_inode->i_mode)) { /* no dir! We have a real prob here! */ 00522 rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n", 00523 RSBAC_ACI_PATH, 00524 MAJOR(sb_p->s_dev), 00525 MINOR(sb_p->s_dev)); 00526 err = -RSBAC_EACCESS; 00527 goto out_dir_dput; 00528 } 00529 } 00530 rsbac_pr_debug(ds, "dir_dentry_p->d_count is %i!\n", 00531 atomic_read(&dir_dentry_p->d_count)); 00532 rsbac_pr_debug(ds, "sb_p->s_root->d_count is now %i!\n", 00533 atomic_read(&sb_p->s_root->d_count)); 00534 /* we want to keep dir_dentry_p in device_item */ 00535 /* dput must be done in remove_device_item! */ 00536 *dir_dentry_pp = dir_dentry_p; 00537 00538 /* Must lock and relookup device_p to cache result */ 00539 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00540 rcu_read_lock(); 00541 #else 00542 rsbac_read_lock(&device_list_locks[hash], &dflags); 00543 #endif 00544 device_p = lookup_device(kdev, hash); 00545 if (device_p && !device_p->rsbac_dir_dentry_p) { 00546 device_p->rsbac_dir_dentry_p = dir_dentry_p; 00547 device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino; 00548 } 00549 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00550 rcu_read_unlock(); 00551 #else 00552 rsbac_read_unlock(&device_list_locks[hash], &dflags); 00553 #endif 00554 00555 out: 00556 return (err); 00557 00558 out_dir_dput: 00559 dput(dir_dentry_p); 00560 goto out; 00561 }
static struct rsbac_device_list_item_t * lookup_device | ( | kdev_t | kdev, | |
u_int | hash | |||
) | [static] |
Definition at line 569 of file aci_data_structures.c.
References device_head_p.
Referenced by get_attr_fd(), lookup_aci_path_dentry(), remove_device_item(), rsbac_auth_add_to_f_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_p_capset_member(), rsbac_auth_remove_from_f_capset(), rsbac_get_full_path(), rsbac_get_full_path_length(), rsbac_get_parent(), rsbac_get_super_block(), rsbac_mac_add_to_f_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_remove_from_f_truset(), rsbac_mount(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_ta_remove_target(), rsbac_umount(), rsbac_umount_auth(), rsbac_umount_mac(), and set_attr_fd().
00570 { 00571 struct rsbac_device_list_item_t *curr = rcu_dereference(device_head_p[hash])->curr; 00572 00573 /* if there is no current item or it is not the right one, search... */ 00574 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00575 if (!(curr && (MAJOR(curr->id) == MAJOR(kdev)) 00576 && (MINOR(curr->id) == MINOR(kdev)))) 00577 #else 00578 if (!(curr && (curr->id == kdev))) 00579 #endif 00580 { 00581 curr = rcu_dereference(device_head_p[hash])->head; 00582 while (curr 00583 && ((RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev)) 00584 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev)) 00585 ) 00586 ) { 00587 curr = curr->next; 00588 } 00589 if (curr) 00590 rcu_dereference(device_head_p[hash])->curr = curr; 00591 } 00592 /* it is the current item -> return it */ 00593 return curr; 00594 }
static int __init register_dev_lists | ( | void | ) | [static] |
Definition at line 5686 of file aci_data_structures.c.
References DEFAULT_GEN_DEV_ACI, dev_compare(), dev_handles, dev_major_compare(), dev_major_handles, gen_dev_get_conv(), NULL, RC_type_inherit_parent, registration_error(), RSBAC_GEN_ACI_DEV_NAME, RSBAC_GEN_DEV_ACI_KEY, RSBAC_GEN_DEV_ACI_VERSION, rsbac_kfree(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_BACKUP, RSBAC_LIST_DEF_DATA, rsbac_list_hash_dev(), RSBAC_LIST_PERSIST, rsbac_list_register_hashed(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_DEV_NAME, RSBAC_PM_ACI_DEV_NAME, rsbac_pr_debug, RSBAC_RC_ACI_DEV_MAJOR_NAME, RSBAC_RC_ACI_DEV_NAME, and RSBAC_RC_GENERAL_TYPE.
Referenced by rsbac_do_init().
05688 { 05689 int err = 0; 05690 struct rsbac_list_info_t *list_info_p; 05691 05692 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); 05693 if (!list_info_p) { 05694 return -ENOMEM; 05695 } 05696 rsbac_pr_debug(ds, "registering DEV lists\n"); 05697 { 05698 struct rsbac_gen_dev_aci_t def_aci = DEFAULT_GEN_DEV_ACI; 05699 05700 list_info_p->version = RSBAC_GEN_DEV_ACI_VERSION; 05701 list_info_p->key = RSBAC_GEN_DEV_ACI_KEY; 05702 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 05703 list_info_p->data_size = 05704 sizeof(struct rsbac_gen_dev_aci_t); 05705 list_info_p->max_age = 0; 05706 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 05707 &dev_handles.gen, list_info_p, 05708 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 05709 RSBAC_LIST_BACKUP | 05710 #endif 05711 RSBAC_LIST_PERSIST | 05712 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 05713 dev_compare, 05714 gen_dev_get_conv, &def_aci, 05715 RSBAC_GEN_ACI_DEV_NAME, 05716 RSBAC_AUTO_DEV, 05717 1, 05718 rsbac_list_hash_dev, 05719 NULL); 05720 if (err) { 05721 registration_error(err, "DEV General"); 05722 } 05723 } 05724 #if defined(CONFIG_RSBAC_MAC) 05725 { 05726 struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI; 05727 05728 list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION; 05729 list_info_p->key = RSBAC_MAC_DEV_ACI_KEY; 05730 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 05731 list_info_p->data_size = 05732 sizeof(struct rsbac_mac_dev_aci_t); 05733 list_info_p->max_age = 0; 05734 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 05735 &dev_handles.mac, list_info_p, 05736 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 05737 RSBAC_LIST_BACKUP | 05738 #endif 05739 RSBAC_LIST_PERSIST | 05740 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 05741 dev_compare, 05742 mac_dev_get_conv, &def_aci, 05743 RSBAC_MAC_ACI_DEV_NAME, 05744 RSBAC_AUTO_DEV, 05745 1, 05746 rsbac_list_hash_dev, 05747 NULL); 05748 if (err) { 05749 registration_error(err, "DEV MAC"); 05750 } 05751 } 05752 #endif 05753 #if defined(CONFIG_RSBAC_PM) 05754 { 05755 struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI; 05756 05757 list_info_p->version = RSBAC_PM_DEV_ACI_VERSION; 05758 list_info_p->key = RSBAC_PM_DEV_ACI_KEY; 05759 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 05760 list_info_p->data_size = sizeof(struct rsbac_pm_dev_aci_t); 05761 list_info_p->max_age = 0; 05762 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 05763 &dev_handles.pm, list_info_p, 05764 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 05765 RSBAC_LIST_BACKUP | 05766 #endif 05767 RSBAC_LIST_PERSIST | 05768 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 05769 dev_compare, 05770 pm_dev_get_conv, &def_aci, 05771 RSBAC_PM_ACI_DEV_NAME, 05772 RSBAC_AUTO_DEV, 05773 1, 05774 rsbac_list_hash_dev, 05775 NULL); 05776 if (err) { 05777 registration_error(err, "DEV PM"); 05778 } 05779 } 05780 #endif 05781 #if defined(CONFIG_RSBAC_RC) 05782 { 05783 rsbac_rc_type_id_t def_major_aci = RSBAC_RC_GENERAL_TYPE; 05784 rsbac_rc_type_id_t def_aci = RC_type_inherit_parent; 05785 05786 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION; 05787 list_info_p->key = RSBAC_RC_DEV_ACI_KEY; 05788 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 05789 list_info_p->data_size = sizeof(rsbac_rc_type_id_t); 05790 list_info_p->max_age = 0; 05791 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 05792 &dev_major_handles.rc, 05793 list_info_p, 05794 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 05795 RSBAC_LIST_BACKUP | 05796 #endif 05797 RSBAC_LIST_PERSIST | 05798 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 05799 dev_major_compare, 05800 rc_dev_get_conv, &def_major_aci, 05801 RSBAC_RC_ACI_DEV_MAJOR_NAME, 05802 RSBAC_AUTO_DEV, 05803 1, 05804 rsbac_list_hash_dev, 05805 NULL); 05806 if (err) { 05807 registration_error(err, "DEV major RC"); 05808 } 05809 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION; 05810 list_info_p->key = RSBAC_RC_DEV_ACI_KEY; 05811 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 05812 list_info_p->data_size = sizeof(rsbac_rc_type_id_t); 05813 list_info_p->max_age = 0; 05814 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 05815 &dev_handles.rc, list_info_p, 05816 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 05817 RSBAC_LIST_BACKUP | 05818 #endif 05819 RSBAC_LIST_PERSIST | 05820 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 05821 dev_compare, 05822 rc_dev_get_conv, &def_aci, 05823 RSBAC_RC_ACI_DEV_NAME, 05824 RSBAC_AUTO_DEV, 05825 1, 05826 rsbac_list_hash_dev, 05827 NULL); 05828 if (err) { 05829 registration_error(err, "DEV RC"); 05830 } 05831 } 05832 #endif 05833 05834 rsbac_kfree(list_info_p); 05835 return err; 05836 }
static int register_fd_lists | ( | struct rsbac_device_list_item_t * | device_p, | |
kdev_t | kdev | |||
) | [static] |
Definition at line 1153 of file aci_data_structures.c.
References def_gen_fd_aci, DEFAULT_DAZ_FD_SCANNED, gen_fd_get_conv(), gen_nr_fd_hashes, get_error_name(), name, NULL, PF_PAX_EMUTRAMP, PF_PAX_MPROTECT, PF_PAX_PAGEEXEC, PF_PAX_RANDEXEC, PF_PAX_RANDMMAP, PF_PAX_SEGMEXEC, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_FF_DEF, RSBAC_GEN_FD_ACI_KEY, RSBAC_GEN_FD_ACI_VERSION, rsbac_kfree(), rsbac_kmalloc(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_DEF_DATA, rsbac_list_hash_fd(), RSBAC_LIST_NO_MAX, RSBAC_LIST_PERSIST, rsbac_list_register_hashed(), RSBAC_LIST_VERSION, RSBAC_MAXNAMELEN, RSBAC_PAX_DEF_FLAGS, and rsbac_printk().
Referenced by rsbac_do_init(), and rsbac_mount().
01155 { 01156 char *name; 01157 int err = 0; 01158 int tmperr; 01159 struct rsbac_list_info_t *info_p; 01160 if (!device_p) 01161 return (-RSBAC_EINVALIDPOINTER); 01162 name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01163 if (!name) 01164 return -RSBAC_ENOMEM; 01165 info_p = rsbac_kmalloc(sizeof(*info_p)); 01166 if (!info_p) { 01167 rsbac_kfree(name); 01168 return -RSBAC_ENOMEM; 01169 } 01170 01171 /* register general lists */ 01172 { 01173 info_p->version = RSBAC_GEN_FD_ACI_VERSION; 01174 info_p->key = RSBAC_GEN_FD_ACI_KEY; 01175 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01176 info_p->data_size = 01177 sizeof(struct rsbac_gen_fd_aci_t); 01178 info_p->max_age = 0; 01179 gen_nr_fd_hashes = RSBAC_GEN_NR_FD_LISTS; 01180 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01181 &device_p->handles.gen, 01182 info_p, 01183 RSBAC_LIST_PERSIST | 01184 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 01185 NULL, 01186 gen_fd_get_conv, 01187 &def_gen_fd_aci, 01188 RSBAC_GEN_FD_NAME, 01189 kdev, 01190 gen_nr_fd_hashes, 01191 rsbac_list_hash_fd, 01192 RSBAC_GEN_OLD_FD_NAME); 01193 if (tmperr) { 01194 char *tmp; 01195 01196 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01197 if (tmp) { 01198 rsbac_printk(KERN_WARNING "register_fd_lists(): registering general list %s for device %02u:%02u failed with error %s!\n", 01199 RSBAC_GEN_FD_NAME, 01200 RSBAC_MAJOR(kdev), 01201 RSBAC_MINOR(kdev), 01202 get_error_name(tmp, 01203 tmperr)); 01204 rsbac_kfree(tmp); 01205 } 01206 err = tmperr; 01207 } 01208 } 01209 01210 #if defined(CONFIG_RSBAC_MAC) 01211 { 01212 /* register MAC lists */ 01213 info_p->version = RSBAC_MAC_FD_ACI_VERSION; 01214 info_p->key = RSBAC_MAC_FD_ACI_KEY; 01215 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01216 info_p->data_size = 01217 sizeof(struct rsbac_mac_fd_aci_t); 01218 info_p->max_age = 0; 01219 mac_nr_fd_hashes = RSBAC_MAC_NR_FD_LISTS; 01220 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01221 &device_p->handles.mac, 01222 info_p, 01223 RSBAC_LIST_PERSIST | 01224 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 01225 NULL, 01226 mac_fd_get_conv, 01227 &def_mac_fd_aci, 01228 RSBAC_MAC_FD_NAME, 01229 kdev, 01230 mac_nr_fd_hashes, 01231 rsbac_list_hash_fd, 01232 RSBAC_MAC_OLD_FD_NAME); 01233 if (tmperr) { 01234 char *tmp; 01235 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01236 if (tmp) { 01237 rsbac_printk(KERN_WARNING "register_fd_lists(): registering MAC list %s for device %02u:%02u failed with error %s!\n", 01238 RSBAC_MAC_FD_NAME, 01239 RSBAC_MAJOR(kdev), 01240 RSBAC_MINOR(kdev), 01241 get_error_name(tmp, 01242 tmperr)); 01243 rsbac_kfree(tmp); 01244 } 01245 err = tmperr; 01246 } 01247 } 01248 #endif 01249 01250 #if defined(CONFIG_RSBAC_PM) 01251 { 01252 /* register PM lists */ 01253 info_p->version = RSBAC_PM_FD_ACI_VERSION; 01254 info_p->key = RSBAC_PM_FD_ACI_KEY; 01255 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01256 info_p->data_size = 01257 sizeof(struct rsbac_pm_fd_aci_t); 01258 info_p->max_age = 0; 01259 pm_nr_fd_hashes = RSBAC_PM_NR_FD_LISTS; 01260 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01261 &device_p->handles.pm, 01262 info_p, 01263 RSBAC_LIST_PERSIST | 01264 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 01265 NULL, 01266 NULL, &def_pm_fd_aci, 01267 RSBAC_PM_FD_NAME, kdev, 01268 pm_nr_fd_hashes, 01269 rsbac_list_hash_fd, 01270 RSBAC_PM_OLD_FD_NAME); 01271 if (tmperr) { 01272 char *tmp; 01273 01274 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01275 if (tmp) { 01276 rsbac_printk(KERN_WARNING "register_fd_lists(): registering PM list %s for device %02u:%02u failed with error %s!\n", 01277 RSBAC_PM_FD_NAME, 01278 RSBAC_MAJOR(kdev), 01279 RSBAC_MINOR(kdev), 01280 get_error_name(tmp, 01281 tmperr)); 01282 rsbac_kfree(tmp); 01283 } 01284 err = tmperr; 01285 } 01286 } 01287 #endif 01288 01289 #if defined(CONFIG_RSBAC_DAZ) 01290 { 01291 struct rsbac_daz_fd_aci_t def_daz_fd_aci = 01292 DEFAULT_DAZ_FD_ACI; 01293 /* register DAZ lists */ 01294 info_p->version = RSBAC_DAZ_FD_ACI_VERSION; 01295 info_p->key = RSBAC_DAZ_FD_ACI_KEY; 01296 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01297 info_p->data_size = 01298 sizeof(struct rsbac_daz_fd_aci_t); 01299 info_p->max_age = 0; 01300 daz_nr_fd_hashes = RSBAC_DAZ_NR_FD_LISTS; 01301 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01302 &device_p->handles.daz, 01303 info_p, 01304 RSBAC_LIST_PERSIST | 01305 RSBAC_LIST_DEF_DATA | 01306 RSBAC_LIST_AUTO_HASH_RESIZE, 01307 NULL, 01308 daz_fd_get_conv, 01309 &def_daz_fd_aci, 01310 RSBAC_DAZ_FD_NAME, kdev, 01311 daz_nr_fd_hashes, 01312 rsbac_list_hash_fd, 01313 RSBAC_DAZ_OLD_FD_NAME); 01314 if (tmperr) { 01315 char *tmp; 01316 01317 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01318 if (tmp) { 01319 rsbac_printk(KERN_WARNING "register_fd_lists(): registering DAZ list %s for device %02u:%02u failed with error %s!\n", 01320 RSBAC_DAZ_FD_NAME, 01321 RSBAC_MAJOR(kdev), 01322 RSBAC_MINOR(kdev), 01323 get_error_name(tmp, 01324 tmperr)); 01325 rsbac_kfree(tmp); 01326 } 01327 err = tmperr; 01328 } 01329 } 01330 #if defined(CONFIG_RSBAC_DAZ_CACHE) 01331 { 01332 rsbac_daz_scanned_t def_daz_scanned_fd_aci = 01333 DEFAULT_DAZ_FD_SCANNED; 01334 01335 info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION; 01336 info_p->key = RSBAC_DAZ_FD_ACI_KEY; 01337 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01338 info_p->data_size = sizeof(rsbac_daz_scanned_t); 01339 info_p->max_age = 0; 01340 daz_scanned_nr_fd_hashes = RSBAC_DAZ_SCANNED_NR_FD_LISTS; 01341 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01342 &device_p->handles.dazs, 01343 info_p, 01344 #ifdef CONFIG_RSBAC_DAZ_PERSIST 01345 RSBAC_LIST_PERSIST | 01346 #endif 01347 RSBAC_LIST_DEF_DATA | 01348 RSBAC_LIST_AUTO_HASH_RESIZE | 01349 RSBAC_LIST_NO_MAX, 01350 NULL, 01351 NULL, 01352 &def_daz_scanned_fd_aci, 01353 RSBAC_DAZ_SCANNED_FD_NAME, kdev, 01354 daz_scanned_nr_fd_hashes, 01355 rsbac_list_hash_fd, 01356 RSBAC_DAZ_SCANNED_OLD_FD_NAME); 01357 if (tmperr) { 01358 char *tmp; 01359 01360 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01361 if (tmp) { 01362 rsbac_printk(KERN_WARNING "register_fd_lists(): registering DAZ scanned list %s for device %02u:%02u failed with error %s!\n", 01363 RSBAC_DAZ_SCANNED_FD_NAME, 01364 RSBAC_MAJOR(kdev), 01365 RSBAC_MINOR(kdev), 01366 get_error_name(tmp, 01367 tmperr)); 01368 rsbac_kfree(tmp); 01369 } 01370 err = tmperr; 01371 } 01372 } 01373 #endif 01374 #endif 01375 01376 #if defined(CONFIG_RSBAC_FF) 01377 { 01378 rsbac_ff_flags_t def_ff_fd_aci = RSBAC_FF_DEF; 01379 01380 info_p->version = RSBAC_FF_FD_ACI_VERSION; 01381 info_p->key = RSBAC_FF_FD_ACI_KEY; 01382 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01383 info_p->data_size = sizeof(rsbac_ff_flags_t); 01384 info_p->max_age = 0; 01385 ff_nr_fd_hashes = RSBAC_FF_NR_FD_LISTS; 01386 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01387 &device_p->handles.ff, 01388 info_p, 01389 RSBAC_LIST_PERSIST | 01390 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 01391 NULL, 01392 NULL, &def_ff_fd_aci, 01393 RSBAC_FF_FD_NAME, kdev, 01394 ff_nr_fd_hashes, 01395 rsbac_list_hash_fd, 01396 RSBAC_FF_OLD_FD_NAME); 01397 if (tmperr) { 01398 char *tmp; 01399 01400 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01401 if (tmp) { 01402 rsbac_printk(KERN_WARNING "register_fd_lists(): registering FF list %s for device %02u:%02u failed with error %s!\n", 01403 RSBAC_FF_FD_NAME, 01404 RSBAC_MAJOR(kdev), 01405 RSBAC_MINOR(kdev), 01406 get_error_name(tmp, 01407 tmperr)); 01408 rsbac_kfree(tmp); 01409 } 01410 err = tmperr; 01411 } 01412 } 01413 #endif 01414 01415 #if defined(CONFIG_RSBAC_RC) 01416 { 01417 info_p->version = RSBAC_RC_FD_ACI_VERSION; 01418 info_p->key = RSBAC_RC_FD_ACI_KEY; 01419 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01420 info_p->data_size = 01421 sizeof(struct rsbac_rc_fd_aci_t); 01422 info_p->max_age = 0; 01423 rc_nr_fd_hashes = RSBAC_RC_NR_FD_LISTS; 01424 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01425 &device_p->handles.rc, 01426 info_p, 01427 RSBAC_LIST_PERSIST | 01428 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 01429 NULL, 01430 NULL, &def_rc_fd_aci, 01431 RSBAC_RC_FD_NAME, kdev, 01432 rc_nr_fd_hashes, 01433 rsbac_list_hash_fd, 01434 RSBAC_RC_OLD_FD_NAME); 01435 if (tmperr) { 01436 char *tmp; 01437 01438 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01439 if (tmp) { 01440 rsbac_printk(KERN_WARNING "register_fd_lists(): registering RC list %s for device %02u:%02u failed with error %s!\n", 01441 RSBAC_RC_FD_NAME, 01442 RSBAC_MAJOR(kdev), 01443 RSBAC_MINOR(kdev), 01444 get_error_name(tmp, 01445 tmperr)); 01446 rsbac_kfree(tmp); 01447 } 01448 err = tmperr; 01449 } 01450 } 01451 #endif 01452 01453 #if defined(CONFIG_RSBAC_AUTH) 01454 { 01455 struct rsbac_auth_fd_aci_t def_auth_fd_aci = 01456 DEFAULT_AUTH_FD_ACI; 01457 01458 info_p->version = RSBAC_AUTH_FD_ACI_VERSION; 01459 info_p->key = RSBAC_AUTH_FD_ACI_KEY; 01460 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01461 info_p->data_size = 01462 sizeof(struct rsbac_auth_fd_aci_t); 01463 info_p->max_age = 0; 01464 auth_nr_fd_hashes = RSBAC_AUTH_NR_FD_LISTS; 01465 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01466 &device_p->handles.auth, 01467 info_p, 01468 RSBAC_LIST_PERSIST | 01469 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 01470 NULL, 01471 auth_fd_get_conv, 01472 &def_auth_fd_aci, 01473 RSBAC_AUTH_FD_NAME, kdev, 01474 auth_nr_fd_hashes, 01475 rsbac_list_hash_fd, 01476 RSBAC_AUTH_OLD_FD_NAME); 01477 if (tmperr) { 01478 char *tmp; 01479 01480 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01481 if (tmp) { 01482 rsbac_printk(KERN_WARNING "register_fd_lists(): registering AUTH list %s for device %02u:%02u failed with error %s!\n", 01483 RSBAC_AUTH_FD_NAME, 01484 RSBAC_MAJOR(kdev), 01485 RSBAC_MINOR(kdev), 01486 get_error_name(tmp, 01487 tmperr)); 01488 rsbac_kfree(tmp); 01489 } 01490 err = tmperr; 01491 } 01492 } 01493 #endif 01494 01495 #if defined(CONFIG_RSBAC_CAP) 01496 { 01497 struct rsbac_cap_fd_aci_t def_cap_fd_aci = 01498 DEFAULT_CAP_FD_ACI; 01499 01500 info_p->version = RSBAC_CAP_FD_ACI_VERSION; 01501 info_p->key = RSBAC_CAP_FD_ACI_KEY; 01502 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01503 info_p->data_size = 01504 sizeof(struct rsbac_cap_fd_aci_t); 01505 info_p->max_age = 0; 01506 cap_nr_fd_hashes = RSBAC_CAP_NR_FD_LISTS; 01507 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01508 &device_p->handles.cap, 01509 info_p, 01510 RSBAC_LIST_PERSIST | 01511 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 01512 NULL, 01513 cap_fd_get_conv, 01514 &def_cap_fd_aci, 01515 RSBAC_CAP_FD_NAME, kdev, 01516 cap_nr_fd_hashes, 01517 rsbac_list_hash_fd, 01518 RSBAC_CAP_OLD_FD_NAME); 01519 if (tmperr) { 01520 char *tmp; 01521 01522 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01523 if (tmp) { 01524 rsbac_printk(KERN_WARNING "register_fd_lists(): registering CAP list %s for device %02u:%02u failed with error %s!\n", 01525 RSBAC_CAP_FD_NAME, 01526 RSBAC_MAJOR(kdev), 01527 RSBAC_MINOR(kdev), 01528 get_error_name(tmp, 01529 tmperr)); 01530 rsbac_kfree(tmp); 01531 } 01532 err = tmperr; 01533 } 01534 } 01535 #endif 01536 01537 #if defined(CONFIG_RSBAC_PAX) 01538 { 01539 rsbac_pax_flags_t def_pax_fd_aci; 01540 01541 #ifdef CONFIG_RSBAC_PAX_DEFAULT 01542 def_pax_fd_aci = 0; 01543 #ifdef CONFIG_RSBAC_PAX_PAGEEXEC 01544 def_pax_fd_aci |= PF_PAX_PAGEEXEC; 01545 #endif 01546 #ifdef CONFIG_RSBAC_PAX_EMUTRAMP 01547 def_pax_fd_aci |= PF_PAX_EMUTRAMP; 01548 #endif 01549 #ifdef CONFIG_RSBAC_PAX_MPROTECT 01550 def_pax_fd_aci |= PF_PAX_MPROTECT; 01551 #endif 01552 #ifdef CONFIG_RSBAC_PAX_RANDMMAP 01553 def_pax_fd_aci |= PF_PAX_RANDMMAP; 01554 #endif 01555 #ifdef CONFIG_RSBAC_PAX_RANDEXEC 01556 def_pax_fd_aci |= PF_PAX_RANDEXEC; 01557 #endif 01558 #ifdef CONFIG_RSBAC_PAX_SEGMEXEC 01559 def_pax_fd_aci |= PF_PAX_SEGMEXEC; 01560 #endif 01561 01562 #else 01563 def_pax_fd_aci = RSBAC_PAX_DEF_FLAGS; 01564 #endif 01565 01566 info_p->version = RSBAC_PAX_FD_ACI_VERSION; 01567 info_p->key = RSBAC_PAX_FD_ACI_KEY; 01568 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01569 info_p->data_size = sizeof(rsbac_pax_flags_t); 01570 info_p->max_age = 0; 01571 pax_nr_fd_hashes = RSBAC_PAX_NR_FD_LISTS; 01572 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01573 &device_p->handles.pax, 01574 info_p, 01575 RSBAC_LIST_PERSIST | 01576 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 01577 NULL, 01578 NULL, &def_pax_fd_aci, 01579 RSBAC_PAX_FD_NAME, kdev, 01580 pax_nr_fd_hashes, 01581 rsbac_list_hash_fd, 01582 RSBAC_PAX_OLD_FD_NAME); 01583 if (tmperr) { 01584 char *tmp; 01585 01586 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01587 if (tmp) { 01588 rsbac_printk(KERN_WARNING "register_fd_lists(): registering PAX list %s for device %02u:%02u failed with error %s!\n", 01589 RSBAC_PAX_FD_NAME, 01590 RSBAC_MAJOR(kdev), 01591 RSBAC_MINOR(kdev), 01592 get_error_name(tmp, 01593 tmperr)); 01594 rsbac_kfree(tmp); 01595 } 01596 err = tmperr; 01597 } 01598 } 01599 #endif 01600 01601 #if defined(CONFIG_RSBAC_RES) 01602 { 01603 info_p->version = RSBAC_RES_FD_ACI_VERSION; 01604 info_p->key = RSBAC_RES_FD_ACI_KEY; 01605 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01606 info_p->data_size = 01607 sizeof(struct rsbac_res_fd_aci_t); 01608 info_p->max_age = 0; 01609 res_nr_fd_hashes = RSBAC_RES_NR_FD_LISTS; 01610 tmperr = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 01611 &device_p->handles.res, 01612 info_p, 01613 RSBAC_LIST_PERSIST | 01614 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 01615 NULL, 01616 NULL, &def_res_fd_aci, 01617 RSBAC_RES_FD_NAME, kdev, 01618 res_nr_fd_hashes, 01619 rsbac_list_hash_fd, 01620 RSBAC_RES_OLD_FD_NAME); 01621 if (tmperr) { 01622 char *tmp; 01623 01624 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01625 if (tmp) { 01626 rsbac_printk(KERN_WARNING "register_fd_lists(): registering RES list %s for device %02u:%02u failed with error %s!\n", 01627 RSBAC_RES_FD_NAME, 01628 RSBAC_MAJOR(kdev), 01629 RSBAC_MINOR(kdev), 01630 get_error_name(tmp, 01631 tmperr)); 01632 rsbac_kfree(tmp); 01633 } 01634 err = tmperr; 01635 } 01636 } 01637 #endif 01638 01639 rsbac_kfree(name); 01640 rsbac_kfree(info_p); 01641 return err; 01642 }
static int __init register_ipc_lists | ( | void | ) | [static] |
Definition at line 5841 of file aci_data_structures.c.
References ipc_compare(), ipc_handles, NULL, registration_error(), RSBAC_JAIL_ACI_IPC_NAME, RSBAC_JAIL_DEF_ID, rsbac_kfree(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_DEF_DATA, rsbac_list_hash_ipc(), rsbac_list_register_hashed(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_IPC_NAME, RSBAC_PM_ACI_IPC_NAME, rsbac_pr_debug, RSBAC_RC_ACI_IPC_NAME, and RSBAC_RC_GENERAL_TYPE.
Referenced by rsbac_do_init().
05843 { 05844 int err = 0; 05845 struct rsbac_list_info_t *list_info_p; 05846 05847 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); 05848 if (!list_info_p) { 05849 return -ENOMEM; 05850 } 05851 rsbac_pr_debug(ds, "registering IPC lists\n"); 05852 #if defined(CONFIG_RSBAC_MAC) 05853 { 05854 struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI; 05855 05856 list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION; 05857 list_info_p->key = RSBAC_MAC_IPC_ACI_KEY; 05858 list_info_p->desc_size = sizeof(struct rsbac_ipc_t); 05859 list_info_p->data_size = 05860 sizeof(struct rsbac_mac_ipc_aci_t); 05861 list_info_p->max_age = 0; 05862 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 05863 &ipc_handles.mac, 05864 list_info_p, 05865 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 05866 ipc_compare, 05867 NULL, 05868 &def_aci, 05869 RSBAC_MAC_ACI_IPC_NAME, 05870 RSBAC_AUTO_DEV, 05871 1, 05872 rsbac_list_hash_ipc, 05873 NULL); 05874 if (err) { 05875 registration_error(err, "IPC MAC"); 05876 } 05877 } 05878 #endif 05879 #if defined(CONFIG_RSBAC_PM) 05880 { 05881 struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI; 05882 05883 list_info_p->version = RSBAC_PM_IPC_ACI_VERSION; 05884 list_info_p->key = RSBAC_PM_IPC_ACI_KEY; 05885 list_info_p->desc_size = sizeof(struct rsbac_ipc_t); 05886 list_info_p->data_size = sizeof(struct rsbac_pm_ipc_aci_t); 05887 list_info_p->max_age = 0; 05888 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 05889 &ipc_handles.pm, 05890 list_info_p, 05891 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 05892 ipc_compare, 05893 NULL, 05894 &def_aci, 05895 RSBAC_PM_ACI_IPC_NAME, 05896 RSBAC_AUTO_DEV, 05897 1, 05898 rsbac_list_hash_ipc, 05899 NULL); 05900 if (err) { 05901 registration_error(err, "IPC PM"); 05902 } 05903 } 05904 #endif 05905 #if defined(CONFIG_RSBAC_RC) 05906 { 05907 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE; 05908 05909 list_info_p->version = RSBAC_RC_IPC_ACI_VERSION; 05910 list_info_p->key = RSBAC_RC_IPC_ACI_KEY; 05911 list_info_p->desc_size = sizeof(struct rsbac_ipc_t); 05912 list_info_p->data_size = sizeof(rsbac_rc_type_id_t); 05913 list_info_p->max_age = 0; 05914 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 05915 &ipc_handles.rc, 05916 list_info_p, 05917 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 05918 ipc_compare, 05919 NULL, 05920 &def_aci, 05921 RSBAC_RC_ACI_IPC_NAME, 05922 RSBAC_AUTO_DEV, 05923 1, 05924 rsbac_list_hash_ipc, 05925 NULL); 05926 if (err) { 05927 registration_error(err, "IPC RC"); 05928 } 05929 } 05930 #endif 05931 #if defined(CONFIG_RSBAC_JAIL) 05932 { 05933 rsbac_jail_id_t def_aci = RSBAC_JAIL_DEF_ID; 05934 05935 list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION; 05936 list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY; 05937 list_info_p->desc_size = sizeof(struct rsbac_ipc_t); 05938 list_info_p->data_size = sizeof(rsbac_jail_id_t); 05939 list_info_p->max_age = 0; 05940 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 05941 &ipc_handles.jail, 05942 list_info_p, 05943 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 05944 ipc_compare, 05945 NULL, 05946 &def_aci, 05947 RSBAC_JAIL_ACI_IPC_NAME, 05948 RSBAC_AUTO_DEV, 05949 1, 05950 rsbac_list_hash_ipc, 05951 NULL); 05952 if (err) { 05953 registration_error(err, "IPC JAIL"); 05954 } 05955 } 05956 #endif 05957 05958 rsbac_kfree(list_info_p); 05959 return err; 05960 }
static int __init register_process_lists | ( | void | ) | [static] |
Definition at line 6504 of file aci_data_structures.c.
References DEFAULT_GEN_P_ACI, gen_nr_p_hashes, NULL, PH_from_other_users, process_handles, registration_error(), RSBAC_AUTH_ACI_PROCESS_NAME, RSBAC_CAP_ACI_PROCESS_NAME, RSBAC_DAZ_ACI_PROCESS_NAME, RSBAC_GEN_ACI_PROCESS_NAME, RSBAC_GEN_PROCESS_ACI_KEY, RSBAC_GEN_PROCESS_ACI_VERSION, RSBAC_JAIL_ACI_PROCESS_NAME, rsbac_kfree(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_DEF_DATA, rsbac_list_hash_pid(), RSBAC_LIST_MIN_MAX_HASHES, rsbac_list_register_hashed(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_PROCESS_NAME, RSBAC_PM_ACI_PROCESS_NAME, rsbac_pr_debug, and RSBAC_RC_ACI_PROCESS_NAME.
Referenced by rsbac_do_init().
06506 { 06507 int err = 0; 06508 struct rsbac_list_info_t *list_info_p; 06509 06510 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); 06511 if (!list_info_p) { 06512 return -ENOMEM; 06513 } 06514 rsbac_pr_debug(ds, "registering PROCESS lists\n"); 06515 { 06516 struct rsbac_gen_process_aci_t def_aci = DEFAULT_GEN_P_ACI; 06517 06518 list_info_p->version = RSBAC_GEN_PROCESS_ACI_VERSION; 06519 list_info_p->key = RSBAC_GEN_PROCESS_ACI_KEY; 06520 list_info_p->desc_size = sizeof(rsbac_pid_t); 06521 list_info_p->data_size = 06522 sizeof(struct rsbac_gen_process_aci_t); 06523 list_info_p->max_age = 0; 06524 gen_nr_p_hashes = CONFIG_RSBAC_GEN_NR_P_LISTS; 06525 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06526 &process_handles.gen, 06527 list_info_p, 06528 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06529 NULL, 06530 NULL, &def_aci, 06531 RSBAC_GEN_ACI_PROCESS_NAME, 06532 RSBAC_AUTO_DEV, 06533 gen_nr_p_hashes, 06534 (gen_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL, 06535 NULL); 06536 if (err) { 06537 registration_error(err, "PROCESS GEN"); 06538 } 06539 } 06540 #if defined(CONFIG_RSBAC_MAC) 06541 { 06542 struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI; 06543 06544 list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION; 06545 list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY; 06546 list_info_p->desc_size = sizeof(rsbac_pid_t); 06547 list_info_p->data_size = 06548 sizeof(struct rsbac_mac_process_aci_t); 06549 list_info_p->max_age = 0; 06550 mac_nr_p_hashes = CONFIG_RSBAC_MAC_NR_P_LISTS; 06551 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06552 &process_handles.mac, 06553 list_info_p, 06554 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06555 NULL, 06556 NULL, &def_aci, 06557 RSBAC_MAC_ACI_PROCESS_NAME, 06558 RSBAC_AUTO_DEV, 06559 mac_nr_p_hashes, 06560 (mac_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL, 06561 NULL); 06562 if (err) { 06563 registration_error(err, "PROCESS MAC"); 06564 } 06565 } 06566 #endif 06567 #if defined(CONFIG_RSBAC_PM) 06568 { 06569 struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI; 06570 06571 list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION; 06572 list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY; 06573 list_info_p->desc_size = sizeof(rsbac_pid_t); 06574 list_info_p->data_size = 06575 sizeof(struct rsbac_pm_process_aci_t); 06576 list_info_p->max_age = 0; 06577 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06578 &process_handles.pm, 06579 list_info_p, 06580 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06581 NULL, 06582 NULL, 06583 &def_aci, 06584 RSBAC_PM_ACI_PROCESS_NAME, 06585 RSBAC_AUTO_DEV, 06586 1, 06587 rsbac_list_hash_pid, 06588 NULL); 06589 if (err) { 06590 registration_error(err, "PROCESS PM"); 06591 } 06592 } 06593 #endif 06594 #if defined(CONFIG_RSBAC_DAZ) 06595 { 06596 struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI; 06597 06598 list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION; 06599 list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY; 06600 list_info_p->desc_size = sizeof(rsbac_pid_t); 06601 list_info_p->data_size = 06602 sizeof(struct rsbac_daz_process_aci_t); 06603 list_info_p->max_age = 0; 06604 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06605 &process_handles.daz, 06606 list_info_p, 06607 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06608 NULL, 06609 NULL, 06610 &def_aci, 06611 RSBAC_DAZ_ACI_PROCESS_NAME, 06612 RSBAC_AUTO_DEV, 06613 1, 06614 rsbac_list_hash_pid, 06615 NULL); 06616 if (err) { 06617 registration_error(err, "PROCESS DAZ"); 06618 } 06619 } 06620 #endif 06621 #if defined(CONFIG_RSBAC_RC) 06622 { 06623 struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI; 06624 06625 list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION; 06626 list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY; 06627 list_info_p->desc_size = sizeof(rsbac_pid_t); 06628 list_info_p->data_size = 06629 sizeof(struct rsbac_rc_process_aci_t); 06630 list_info_p->max_age = 0; 06631 rc_nr_p_hashes = CONFIG_RSBAC_RC_NR_P_LISTS; 06632 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06633 &process_handles.rc, 06634 list_info_p, 06635 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06636 NULL, 06637 NULL, &def_aci, 06638 RSBAC_RC_ACI_PROCESS_NAME, 06639 RSBAC_AUTO_DEV, 06640 rc_nr_p_hashes, 06641 (rc_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL, 06642 NULL); 06643 if (err) { 06644 registration_error(err, "PROCESS RC"); 06645 } 06646 } 06647 #endif 06648 #if defined(CONFIG_RSBAC_AUTH) 06649 { 06650 struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI; 06651 06652 list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION; 06653 list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY; 06654 list_info_p->desc_size = sizeof(rsbac_pid_t); 06655 list_info_p->data_size = 06656 sizeof(struct rsbac_auth_process_aci_t); 06657 list_info_p->max_age = 0; 06658 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06659 &process_handles.auth, 06660 list_info_p, 06661 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06662 NULL, 06663 NULL, 06664 &def_aci, 06665 RSBAC_AUTH_ACI_PROCESS_NAME, 06666 RSBAC_AUTO_DEV, 06667 #if defined(CONFIG_RSBAC_AUTH_LEARN) 06668 RSBAC_LIST_MIN_MAX_HASHES, 06669 rsbac_list_hash_pid, 06670 #else 06671 1, 06672 NULL, 06673 #endif 06674 NULL); 06675 if (err) { 06676 registration_error(err, "PROCESS AUTH"); 06677 } 06678 } 06679 #endif 06680 #if defined(CONFIG_RSBAC_CAP) 06681 { 06682 struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI; 06683 06684 #if defined(CONFIG_RSBAC_CAP_PROC_HIDE) 06685 if (rsbac_cap_process_hiding) 06686 def_aci.cap_process_hiding = PH_from_other_users; 06687 #endif 06688 list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION; 06689 list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY; 06690 list_info_p->desc_size = sizeof(rsbac_pid_t); 06691 list_info_p->data_size = 06692 sizeof(struct rsbac_cap_process_aci_t); 06693 list_info_p->max_age = 0; 06694 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06695 &process_handles.cap, 06696 list_info_p, 06697 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06698 NULL, 06699 NULL, 06700 &def_aci, 06701 RSBAC_CAP_ACI_PROCESS_NAME, 06702 RSBAC_AUTO_DEV, 06703 1, 06704 rsbac_list_hash_pid, 06705 NULL); 06706 if (err) { 06707 registration_error(err, "PROCESS CAP"); 06708 } 06709 } 06710 #endif 06711 #if defined(CONFIG_RSBAC_JAIL) 06712 { 06713 struct rsbac_jail_process_aci_t def_aci = 06714 DEFAULT_JAIL_P_ACI; 06715 06716 list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION; 06717 list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY; 06718 list_info_p->desc_size = sizeof(rsbac_pid_t); 06719 list_info_p->data_size = 06720 sizeof(struct rsbac_jail_process_aci_t); 06721 list_info_p->max_age = 0; 06722 jail_nr_p_hashes = CONFIG_RSBAC_JAIL_NR_P_LISTS; 06723 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06724 &process_handles.jail, 06725 list_info_p, 06726 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06727 NULL, 06728 NULL, &def_aci, 06729 RSBAC_JAIL_ACI_PROCESS_NAME, 06730 RSBAC_AUTO_DEV, 06731 jail_nr_p_hashes, 06732 (jail_nr_p_hashes > 1) ? rsbac_list_hash_pid : NULL, 06733 NULL); 06734 if (err) { 06735 registration_error(err, "PROCESS JAIL"); 06736 } 06737 } 06738 #endif 06739 06740 rsbac_kfree(list_info_p); 06741 return err; 06742 }
static int __init register_user_lists1 | ( | void | ) | [static] |
Definition at line 5965 of file aci_data_structures.c.
References DEFAULT_GEN_U_ACI, NULL, registration_error(), RSBAC_AUDITOR_UID, RSBAC_CAP_ACI_USER_NAME, RSBAC_DATAPROT_UID, RSBAC_DAZ_ACI_USER_NAME, RSBAC_FF_ACI_USER_NAME, RSBAC_GEN_ACI_USER_NAME, RSBAC_GEN_USER_ACI_KEY, RSBAC_GEN_USER_ACI_VERSION, rsbac_kfree(), rsbac_list_add(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_BACKUP, rsbac_list_count(), RSBAC_LIST_DEF_DATA, rsbac_list_hash_uid(), RSBAC_LIST_PERSIST, rsbac_list_register(), rsbac_list_register_hashed(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_USER_NAME, rsbac_no_defaults, RSBAC_PM_ACI_USER_NAME, rsbac_pr_debug, rsbac_printk(), RSBAC_SECOFF_UID, RSBAC_SYSADM_UID, RSBAC_TPMAN_UID, SR_administrator, SR_auditor, SR_security_officer, SR_user, and user_handles.
Referenced by rsbac_do_init().
05967 { 05968 int err = 0; 05969 struct rsbac_list_info_t *list_info_p; 05970 05971 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); 05972 if (!list_info_p) { 05973 return -ENOMEM; 05974 } 05975 rsbac_pr_debug(ds, "registering USER lists\n"); 05976 { 05977 struct rsbac_gen_user_aci_t def_aci = DEFAULT_GEN_U_ACI; 05978 05979 list_info_p->version = RSBAC_GEN_USER_ACI_VERSION; 05980 list_info_p->key = RSBAC_GEN_USER_ACI_KEY; 05981 list_info_p->desc_size = sizeof(rsbac_uid_t); 05982 list_info_p->data_size = 05983 sizeof(struct rsbac_gen_user_aci_t); 05984 list_info_p->max_age = 0; 05985 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 05986 &user_handles.gen, list_info_p, 05987 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 05988 RSBAC_LIST_BACKUP | 05989 #endif 05990 RSBAC_LIST_PERSIST | 05991 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 05992 NULL, NULL, 05993 &def_aci, 05994 RSBAC_GEN_ACI_USER_NAME, 05995 RSBAC_AUTO_DEV, 05996 1, 05997 rsbac_list_hash_uid, 05998 NULL); 05999 if (err) { 06000 registration_error(err, "USER General"); 06001 } 06002 } 06003 #if defined(CONFIG_RSBAC_MAC) 06004 { 06005 struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI; 06006 06007 list_info_p->version = RSBAC_MAC_USER_ACI_VERSION; 06008 list_info_p->key = RSBAC_MAC_USER_ACI_KEY; 06009 list_info_p->desc_size = sizeof(rsbac_uid_t); 06010 list_info_p->data_size = 06011 sizeof(struct rsbac_mac_user_aci_t); 06012 list_info_p->max_age = 0; 06013 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06014 &user_handles.mac, list_info_p, 06015 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06016 RSBAC_LIST_BACKUP | 06017 #endif 06018 RSBAC_LIST_PERSIST | 06019 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06020 NULL, 06021 mac_user_get_conv, &def_aci, 06022 RSBAC_MAC_ACI_USER_NAME, 06023 RSBAC_AUTO_DEV, 06024 1, 06025 rsbac_list_hash_uid, 06026 NULL); 06027 if (err) { 06028 registration_error(err, "USER MAC"); 06029 } else 06030 if (!rsbac_no_defaults 06031 && !rsbac_list_count(user_handles.mac)) { 06032 struct rsbac_mac_user_aci_t sysadm_aci = 06033 DEFAULT_MAC_U_SYSADM_ACI; 06034 struct rsbac_mac_user_aci_t secoff_aci = 06035 DEFAULT_MAC_U_SECOFF_ACI; 06036 struct rsbac_mac_user_aci_t auditor_aci = 06037 DEFAULT_MAC_U_AUDITOR_ACI; 06038 rsbac_uid_t user; 06039 06040 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n"); 06041 user = RSBAC_SYSADM_UID; 06042 if (rsbac_list_add 06043 (user_handles.mac, &user, &sysadm_aci)) 06044 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER MAC entry could not be added!\n"); 06045 user = RSBAC_SECOFF_UID; 06046 if (rsbac_list_add 06047 (user_handles.mac, &user, &secoff_aci)) 06048 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER MAC entry could not be added!\n"); 06049 user = RSBAC_AUDITOR_UID; 06050 if (rsbac_list_add 06051 (user_handles.mac, &user, &auditor_aci)) 06052 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n"); 06053 } 06054 } 06055 #endif 06056 #if defined(CONFIG_RSBAC_PM) 06057 { 06058 struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI; 06059 06060 list_info_p->version = RSBAC_PM_USER_ACI_VERSION; 06061 list_info_p->key = RSBAC_PM_USER_ACI_KEY; 06062 list_info_p->desc_size = sizeof(rsbac_uid_t); 06063 list_info_p->data_size = 06064 sizeof(struct rsbac_pm_user_aci_t); 06065 list_info_p->max_age = 0; 06066 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06067 &user_handles.pm, list_info_p, 06068 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06069 RSBAC_LIST_BACKUP | 06070 #endif 06071 RSBAC_LIST_PERSIST | 06072 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06073 NULL, NULL, 06074 &def_aci, RSBAC_PM_ACI_USER_NAME, 06075 RSBAC_AUTO_DEV, 06076 1, 06077 rsbac_list_hash_uid, 06078 NULL); 06079 if (err) { 06080 registration_error(err, "USER PM"); 06081 } else 06082 if (!rsbac_no_defaults 06083 && !rsbac_list_count(user_handles.pm)) { 06084 struct rsbac_pm_user_aci_t sysadm_aci = 06085 DEFAULT_PM_U_SYSADM_ACI; 06086 struct rsbac_pm_user_aci_t secoff_aci = 06087 DEFAULT_PM_U_SECOFF_ACI; 06088 struct rsbac_pm_user_aci_t dataprot_aci = 06089 DEFAULT_PM_U_DATAPROT_ACI; 06090 struct rsbac_pm_user_aci_t tpman_aci = 06091 DEFAULT_PM_U_TPMAN_ACI; 06092 rsbac_uid_t user; 06093 06094 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n"); 06095 user = RSBAC_SYSADM_UID; 06096 if (rsbac_list_add 06097 (user_handles.pm, &user, &sysadm_aci)) 06098 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER PM entry could not be added!\n"); 06099 user = RSBAC_SECOFF_UID; 06100 if (rsbac_list_add 06101 (user_handles.pm, &user, &secoff_aci)) 06102 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER PM entry could not be added!\n"); 06103 user = RSBAC_DATAPROT_UID; 06104 if (rsbac_list_add 06105 (user_handles.pm, &user, &dataprot_aci)) 06106 rsbac_printk(KERN_WARNING "rsbac_do_init(): DATAPROT USER PM entry could not be added!\n"); 06107 user = RSBAC_TPMAN_UID; 06108 if (rsbac_list_add 06109 (user_handles.pm, &user, &tpman_aci)) 06110 rsbac_printk(KERN_WARNING "rsbac_do_init(): TPMAN USER PM entry could not be added!\n"); 06111 } 06112 } 06113 #endif 06114 #if defined(CONFIG_RSBAC_DAZ) 06115 { 06116 rsbac_system_role_int_t def_aci = SR_user; 06117 06118 list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION; 06119 list_info_p->key = RSBAC_DAZ_USER_ACI_KEY; 06120 list_info_p->desc_size = sizeof(rsbac_uid_t); 06121 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 06122 list_info_p->max_age = 0; 06123 err = rsbac_list_register(RSBAC_LIST_VERSION, 06124 &user_handles.daz, list_info_p, 06125 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06126 RSBAC_LIST_BACKUP | 06127 #endif 06128 RSBAC_LIST_PERSIST | 06129 RSBAC_LIST_DEF_DATA, 06130 NULL, NULL, 06131 &def_aci, 06132 RSBAC_DAZ_ACI_USER_NAME, 06133 RSBAC_AUTO_DEV); 06134 if (err) { 06135 registration_error(err, "USER DAZ"); 06136 } else 06137 if (!rsbac_no_defaults 06138 && !rsbac_list_count(user_handles.daz)) { 06139 rsbac_uid_t user; 06140 rsbac_system_role_int_t role; 06141 06142 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n"); 06143 user = RSBAC_SYSADM_UID; 06144 role = SR_administrator; 06145 if (rsbac_list_add(user_handles.daz, &user, &role)) 06146 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n"); 06147 user = RSBAC_SECOFF_UID; 06148 role = SR_security_officer; 06149 if (rsbac_list_add(user_handles.daz, &user, &role)) 06150 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n"); 06151 } 06152 } 06153 #endif 06154 #if defined(CONFIG_RSBAC_FF) 06155 { 06156 rsbac_system_role_int_t def_aci = SR_user; 06157 06158 list_info_p->version = RSBAC_FF_USER_ACI_VERSION; 06159 list_info_p->key = RSBAC_FF_USER_ACI_KEY; 06160 list_info_p->desc_size = sizeof(rsbac_uid_t); 06161 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 06162 list_info_p->max_age = 0; 06163 err = rsbac_list_register(RSBAC_LIST_VERSION, 06164 &user_handles.ff, list_info_p, 06165 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06166 RSBAC_LIST_BACKUP | 06167 #endif 06168 RSBAC_LIST_PERSIST | 06169 RSBAC_LIST_DEF_DATA, 06170 NULL, NULL, 06171 &def_aci, RSBAC_FF_ACI_USER_NAME, 06172 RSBAC_AUTO_DEV); 06173 if (err) { 06174 registration_error(err, "USER FF"); 06175 } else 06176 if (!rsbac_no_defaults 06177 && !rsbac_list_count(user_handles.ff)) { 06178 rsbac_uid_t user; 06179 rsbac_system_role_int_t role; 06180 06181 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n"); 06182 user = RSBAC_SYSADM_UID; 06183 role = SR_administrator; 06184 if (rsbac_list_add(user_handles.ff, &user, &role)) 06185 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER FF entry could not be added!\n"); 06186 user = RSBAC_SECOFF_UID; 06187 role = SR_security_officer; 06188 if (rsbac_list_add(user_handles.ff, &user, &role)) 06189 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER FF entry could not be added!\n"); 06190 user = RSBAC_AUDITOR_UID; 06191 role = SR_auditor; 06192 if (rsbac_list_add(user_handles.ff, &user, &role)) 06193 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER FF entry could not be added!\n"); 06194 } 06195 } 06196 #endif 06197 #if defined(CONFIG_RSBAC_CAP) 06198 { 06199 struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI; 06200 06201 list_info_p->version = RSBAC_CAP_USER_ACI_VERSION; 06202 list_info_p->key = RSBAC_CAP_USER_ACI_KEY; 06203 list_info_p->desc_size = sizeof(rsbac_uid_t); 06204 list_info_p->data_size = 06205 sizeof(struct rsbac_cap_user_aci_t); 06206 list_info_p->max_age = 0; 06207 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06208 &user_handles.cap, list_info_p, 06209 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06210 RSBAC_LIST_BACKUP | 06211 #endif 06212 RSBAC_LIST_PERSIST | 06213 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06214 NULL, 06215 cap_user_get_conv, 06216 &def_aci, 06217 RSBAC_CAP_ACI_USER_NAME, 06218 RSBAC_AUTO_DEV, 06219 1, 06220 rsbac_list_hash_uid, 06221 NULL); 06222 if (err) { 06223 registration_error(err, "USER CAP"); 06224 } else 06225 if (!rsbac_no_defaults 06226 && !rsbac_list_count(user_handles.cap)) { 06227 struct rsbac_cap_user_aci_t sysadm_aci = 06228 DEFAULT_CAP_U_SYSADM_ACI; 06229 struct rsbac_cap_user_aci_t secoff_aci = 06230 DEFAULT_CAP_U_SECOFF_ACI; 06231 struct rsbac_cap_user_aci_t auditor_aci = 06232 DEFAULT_CAP_U_AUDITOR_ACI; 06233 rsbac_uid_t user; 06234 06235 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n"); 06236 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n"); 06237 user = RSBAC_SYSADM_UID; 06238 if (rsbac_list_add 06239 (user_handles.cap, &user, &sysadm_aci)) 06240 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER CAP entry could not be added!\n"); 06241 user = RSBAC_SECOFF_UID; 06242 if (rsbac_list_add 06243 (user_handles.cap, &user, &secoff_aci)) 06244 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER CAP entry could not be added!\n"); 06245 user = RSBAC_AUDITOR_UID; 06246 if (rsbac_list_add 06247 (user_handles.cap, &user, &auditor_aci)) 06248 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n"); 06249 } 06250 } 06251 #endif 06252 06253 rsbac_kfree(list_info_p); 06254 return err; 06255 }
static int __init register_user_lists2 | ( | void | ) | [static] |
Definition at line 6260 of file aci_data_structures.c.
References NULL, registration_error(), RSBAC_AUDITOR_UID, RSBAC_AUTH_ACI_USER_NAME, RSBAC_JAIL_ACI_USER_NAME, rsbac_kfree(), rsbac_list_add(), RSBAC_LIST_AUTO_HASH_RESIZE, RSBAC_LIST_BACKUP, rsbac_list_count(), RSBAC_LIST_DEF_DATA, rsbac_list_hash_uid(), RSBAC_LIST_PERSIST, rsbac_list_register(), rsbac_list_register_hashed(), RSBAC_LIST_VERSION, rsbac_no_defaults, RSBAC_PAX_ACI_USER_NAME, rsbac_printk(), RSBAC_RC_ACI_USER_NAME, RSBAC_RES_ACI_USER_NAME, RSBAC_SECOFF_UID, RSBAC_SYSADM_UID, SR_administrator, SR_auditor, SR_security_officer, SR_user, and user_handles.
Referenced by rsbac_do_init().
06262 { 06263 int err = 0; 06264 struct rsbac_list_info_t *list_info_p; 06265 06266 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); 06267 if (!list_info_p) { 06268 return -ENOMEM; 06269 } 06270 06271 #if defined(CONFIG_RSBAC_RC) 06272 { 06273 struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI; 06274 06275 list_info_p->version = RSBAC_RC_USER_ACI_VERSION; 06276 list_info_p->key = RSBAC_RC_USER_ACI_KEY; 06277 list_info_p->desc_size = sizeof(rsbac_uid_t); 06278 list_info_p->data_size = 06279 sizeof(struct rsbac_rc_user_aci_t); 06280 list_info_p->max_age = 0; 06281 err = rsbac_list_register_hashed(RSBAC_LIST_VERSION, 06282 &user_handles.rc, list_info_p, 06283 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06284 RSBAC_LIST_BACKUP | 06285 #endif 06286 RSBAC_LIST_PERSIST | 06287 RSBAC_LIST_DEF_DATA | RSBAC_LIST_AUTO_HASH_RESIZE, 06288 NULL, 06289 rc_user_get_conv, &def_aci, 06290 RSBAC_RC_ACI_USER_NAME, 06291 RSBAC_AUTO_DEV, 06292 1, 06293 rsbac_list_hash_uid, 06294 NULL); 06295 if (err) { 06296 registration_error(err, "USER RC"); 06297 } else 06298 if (!rsbac_no_defaults 06299 && !rsbac_list_count(user_handles.rc)) { 06300 rsbac_uid_t user; 06301 struct rsbac_rc_user_aci_t sysadm_aci = 06302 DEFAULT_RC_U_SYSADM_ACI; 06303 struct rsbac_rc_user_aci_t secoff_aci = 06304 DEFAULT_RC_U_SECOFF_ACI; 06305 struct rsbac_rc_user_aci_t auditor_aci = 06306 DEFAULT_RC_U_AUDITOR_ACI; 06307 06308 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n"); 06309 user = RSBAC_SYSADM_UID; 06310 if (rsbac_list_add 06311 (user_handles.rc, &user, &sysadm_aci)) 06312 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER RC entry could not be added!\n"); 06313 user = RSBAC_SECOFF_UID; 06314 if (rsbac_list_add 06315 (user_handles.rc, &user, &secoff_aci)) 06316 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER RC entry could not be added!\n"); 06317 user = RSBAC_AUDITOR_UID; 06318 if (rsbac_list_add 06319 (user_handles.rc, &user, &auditor_aci)) 06320 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER RC entry could not be added!\n"); 06321 } 06322 } 06323 #endif 06324 #if defined(CONFIG_RSBAC_AUTH) 06325 { 06326 rsbac_system_role_int_t def_aci = SR_user; 06327 06328 list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION; 06329 list_info_p->key = RSBAC_AUTH_USER_ACI_KEY; 06330 list_info_p->desc_size = sizeof(rsbac_uid_t); 06331 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 06332 list_info_p->max_age = 0; 06333 err = rsbac_list_register(RSBAC_LIST_VERSION, 06334 &user_handles.auth, list_info_p, 06335 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06336 RSBAC_LIST_BACKUP | 06337 #endif 06338 RSBAC_LIST_PERSIST | 06339 RSBAC_LIST_DEF_DATA, 06340 NULL, NULL, 06341 &def_aci, 06342 RSBAC_AUTH_ACI_USER_NAME, 06343 RSBAC_AUTO_DEV); 06344 if (err) { 06345 registration_error(err, "USER AUTH"); 06346 } else 06347 if (!rsbac_no_defaults 06348 && !rsbac_list_count(user_handles.auth)) { 06349 rsbac_uid_t user; 06350 rsbac_system_role_int_t role; 06351 06352 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n"); 06353 user = RSBAC_SYSADM_UID; 06354 role = SR_administrator; 06355 if (rsbac_list_add 06356 (user_handles.auth, &user, &role)) 06357 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n"); 06358 user = RSBAC_SECOFF_UID; 06359 role = SR_security_officer; 06360 if (rsbac_list_add 06361 (user_handles.auth, &user, &role)) 06362 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n"); 06363 user = RSBAC_AUDITOR_UID; 06364 role = SR_auditor; 06365 if (rsbac_list_add 06366 (user_handles.auth, &user, &role)) 06367 rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n"); 06368 } 06369 } 06370 #endif /* AUTH */ 06371 #if defined(CONFIG_RSBAC_JAIL) 06372 { 06373 rsbac_system_role_int_t def_aci = SR_user; 06374 06375 list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION; 06376 list_info_p->key = RSBAC_JAIL_USER_ACI_KEY; 06377 list_info_p->desc_size = sizeof(rsbac_uid_t); 06378 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 06379 list_info_p->max_age = 0; 06380 err = rsbac_list_register(RSBAC_LIST_VERSION, 06381 &user_handles.jail, list_info_p, 06382 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06383 RSBAC_LIST_BACKUP | 06384 #endif 06385 RSBAC_LIST_PERSIST | 06386 RSBAC_LIST_DEF_DATA, 06387 NULL, NULL, 06388 &def_aci, 06389 RSBAC_JAIL_ACI_USER_NAME, 06390 RSBAC_AUTO_DEV); 06391 if (err) { 06392 registration_error(err, "USER JAIL"); 06393 } else 06394 if (!rsbac_no_defaults 06395 && !rsbac_list_count(user_handles.jail)) { 06396 rsbac_uid_t user; 06397 rsbac_system_role_int_t role; 06398 06399 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n"); 06400 user = RSBAC_SYSADM_UID; 06401 role = SR_administrator; 06402 if (rsbac_list_add 06403 (user_handles.jail, &user, &role)) 06404 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n"); 06405 user = RSBAC_SECOFF_UID; 06406 role = SR_security_officer; 06407 if (rsbac_list_add 06408 (user_handles.jail, &user, &role)) 06409 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n"); 06410 } 06411 } 06412 #endif 06413 #if defined(CONFIG_RSBAC_RES) 06414 { 06415 list_info_p->version = RSBAC_RES_USER_ACI_VERSION; 06416 list_info_p->key = RSBAC_RES_USER_ACI_KEY; 06417 list_info_p->desc_size = sizeof(rsbac_uid_t); 06418 list_info_p->data_size = 06419 sizeof(struct rsbac_res_user_aci_t); 06420 list_info_p->max_age = 0; 06421 err = rsbac_list_register(RSBAC_LIST_VERSION, 06422 &user_handles.res, list_info_p, 06423 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06424 RSBAC_LIST_BACKUP | 06425 #endif 06426 RSBAC_LIST_PERSIST, 06427 NULL, 06428 NULL, 06429 NULL, 06430 RSBAC_RES_ACI_USER_NAME, 06431 RSBAC_AUTO_DEV); 06432 if (err) { 06433 registration_error(err, "USER RES"); 06434 } else 06435 if (!rsbac_no_defaults 06436 && !rsbac_list_count(user_handles.res)) { 06437 struct rsbac_res_user_aci_t sysadm_aci = 06438 DEFAULT_RES_U_SYSADM_ACI; 06439 struct rsbac_res_user_aci_t secoff_aci = 06440 DEFAULT_RES_U_SECOFF_ACI; 06441 rsbac_uid_t user; 06442 06443 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n"); 06444 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n"); 06445 user = RSBAC_SYSADM_UID; 06446 if (rsbac_list_add 06447 (user_handles.res, &user, &sysadm_aci)) 06448 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER RES entry could not be added!\n"); 06449 user = RSBAC_SECOFF_UID; 06450 if (rsbac_list_add 06451 (user_handles.res, &user, &secoff_aci)) 06452 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER RES entry could not be added!\n"); 06453 } 06454 } 06455 #endif 06456 #if defined(CONFIG_RSBAC_PAX) 06457 { 06458 rsbac_system_role_int_t def_aci = SR_user; 06459 06460 list_info_p->version = RSBAC_PAX_USER_ACI_VERSION; 06461 list_info_p->key = RSBAC_PAX_USER_ACI_KEY; 06462 list_info_p->desc_size = sizeof(rsbac_uid_t); 06463 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 06464 list_info_p->max_age = 0; 06465 err = rsbac_list_register(RSBAC_LIST_VERSION, 06466 &user_handles.pax, list_info_p, 06467 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06468 RSBAC_LIST_BACKUP | 06469 #endif 06470 RSBAC_LIST_PERSIST | 06471 RSBAC_LIST_DEF_DATA, 06472 NULL, NULL, 06473 &def_aci, 06474 RSBAC_PAX_ACI_USER_NAME, 06475 RSBAC_AUTO_DEV); 06476 if (err) { 06477 registration_error(err, "USER PAX"); 06478 } else 06479 if (!rsbac_no_defaults 06480 && !rsbac_list_count(user_handles.pax)) { 06481 rsbac_uid_t user; 06482 rsbac_system_role_int_t role; 06483 06484 rsbac_printk(KERN_WARNING "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n"); 06485 user = RSBAC_SYSADM_UID; 06486 role = SR_administrator; 06487 if (rsbac_list_add(user_handles.pax, &user, &role)) 06488 rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER PAX entry could not be added!\n"); 06489 user = RSBAC_SECOFF_UID; 06490 role = SR_security_officer; 06491 if (rsbac_list_add(user_handles.pax, &user, &role)) 06492 rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER PAX entry could not be added!\n"); 06493 } 06494 } 06495 #endif 06496 06497 rsbac_kfree(list_info_p); 06498 return err; 06499 }
static void __init registration_error | ( | int | err, | |
char * | listname | |||
) | [static] |
Definition at line 5510 of file aci_data_structures.c.
References get_error_name(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, and rsbac_printk().
Referenced by register_dev_lists(), register_ipc_lists(), register_process_lists(), register_user_lists1(), register_user_lists2(), rsbac_init_acl(), rsbac_init_pm(), and rsbac_init_rc().
05512 { 05513 if (err < 0) { 05514 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 05515 05516 if (tmp) { 05517 rsbac_printk(KERN_WARNING "rsbac_do_init(): Registering %s list failed with error %s\n", 05518 listname, get_error_name(tmp, err)); 05519 rsbac_kfree(tmp); 05520 } 05521 } 05522 }
static void remove_device_item | ( | kdev_t | kdev | ) | [static] |
Definition at line 1969 of file aci_data_structures.c.
References aci_detach_fd_lists(), clear_device_item(), device_hash(), device_head_p, device_list_locks, lookup_device(), NULL, rsbac_kfree(), and rsbac_kmalloc().
Referenced by rsbac_umount(), rsbac_umount_acl(), rsbac_umount_auth(), and rsbac_umount_mac().
01970 { 01971 struct rsbac_device_list_item_t *item_p; 01972 struct rsbac_device_list_head_t * new_p; 01973 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 01974 struct rsbac_device_list_head_t * old_p; 01975 #endif 01976 u_int hash; 01977 01978 hash = device_hash(kdev); 01979 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 01980 old_p = device_head_p[hash]; 01981 new_p = rsbac_kmalloc(sizeof(*new_p)); 01982 *new_p = *old_p; 01983 #else 01984 new_p = device_head_p[hash]; 01985 #endif 01986 /* first we must locate the item. */ 01987 if ((item_p = lookup_device(kdev, hash))) { /* ok, item was found */ 01988 if (new_p->head == item_p) { /* item is head */ 01989 if (new_p->tail == item_p) { /* item is head and tail = only item -> list will be empty */ 01990 new_p->head = NULL; 01991 new_p->tail = NULL; 01992 } else { /* item is head, but not tail -> next item becomes head */ 01993 item_p->next->prev = NULL; 01994 new_p->head = item_p->next; 01995 } 01996 } else { /* item is not head */ 01997 if (new_p->tail == item_p) { /*item is not head, but tail -> previous item becomes tail */ 01998 item_p->prev->next = NULL; 01999 new_p->tail = item_p->prev; 02000 } else { /* item is neither head nor tail -> item is cut out */ 02001 item_p->prev->next = item_p->next; 02002 item_p->next->prev = item_p->prev; 02003 } 02004 } 02005 02006 /* curr is no longer valid -> reset. */ 02007 new_p->curr = NULL; 02008 /* adjust counter */ 02009 new_p->count--; 02010 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02011 rcu_assign_pointer(device_head_p[hash], new_p); 02012 spin_unlock(&device_list_locks[hash]); 02013 synchronize_rcu(); 02014 rsbac_kfree(old_p); 02015 #endif 02016 /* clean up */ 02017 aci_detach_fd_lists(item_p); 02018 02019 /* clear item */ 02020 clear_device_item(item_p); 02021 } 02022 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02023 else 02024 spin_unlock(&device_list_locks[hash]); 02025 #endif 02026 }
static int rsbac_clear_file | ( | struct dentry * | dentry | ) | [static] |
Definition at line 2033 of file aci_data_structures.c.
Referenced by rsbac_write_open().
02034 { 02035 struct inode *inode = dentry->d_inode; 02036 int error; 02037 struct iattr newattrs; 02038 02039 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02040 mutex_lock(&inode->i_mutex); 02041 #else 02042 down(&inode->i_sem); 02043 #endif 02044 newattrs.ia_size = 0; 02045 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; 02046 error = notify_change(dentry, &newattrs); 02047 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02048 mutex_unlock(&inode->i_mutex); 02049 #else 02050 up(&inode->i_sem); 02051 #endif 02052 return error; 02053 }
static int __init rsbac_do_init | ( | void | ) | [static] |
Definition at line 7290 of file aci_data_structures.c.
References add_device_item(), clear_device_item(), compiled_modules, create_device_item(), device_head_p, device_list_locks, get_error_name(), NULL, register_dev_lists(), register_fd_lists(), register_ipc_lists(), register_process_lists(), register_user_lists1(), register_user_lists2(), RSBAC_AUTH_LOGIN_PATH, RSBAC_AUTH_LOGIN_PATH_DIR, RSBAC_AUTH_LOGIN_PATH_FILE, rsbac_check_acl(), rsbac_check_lists(), RSBAC_ECOULDNOTADDDEVICE, RSBAC_ECOULDNOTADDITEM, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOROOTDEV, RSBAC_ENOTFOUND, rsbac_init_acl(), rsbac_init_adf(), rsbac_init_auth(), rsbac_init_daz(), rsbac_init_debug(), rsbac_init_mac(), rsbac_init_pm(), rsbac_init_rc(), rsbac_init_um(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_kmem_cache_sizes_init(), rsbac_list_add(), rsbac_list_get_data(), rsbac_list_init(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, rsbac_mount(), rsbac_pax_set_flags_func(), rsbac_pr_debug, rsbac_printk(), rsbac_root_dev, RSBAC_VERSION, sysfs_covered_p, sysfs_sb_p, and TRUE.
Referenced by rsbac_init().
07292 { 07293 int err = 0; 07294 struct rsbac_device_list_item_t *device_p; 07295 struct rsbac_device_list_item_t *new_device_p; 07296 struct rsbac_list_info_t *list_info_p; 07297 struct super_block *sb_p; 07298 u_int i; 07299 07300 rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space()); 07301 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); 07302 if (!list_info_p) { 07303 return -ENOMEM; 07304 } 07305 compiled_modules[0] = (char) 0; 07306 #ifdef CONFIG_RSBAC_REG 07307 strcat(compiled_modules, " REG"); 07308 #endif 07309 #ifdef CONFIG_RSBAC_MAC 07310 #ifdef CONFIG_RSBAC_MAC_LIGHT 07311 strcat(compiled_modules, " MAC-L"); 07312 #else 07313 strcat(compiled_modules, " MAC"); 07314 #endif 07315 #endif 07316 #ifdef CONFIG_RSBAC_PM 07317 strcat(compiled_modules, " PM"); 07318 #endif 07319 #ifdef CONFIG_RSBAC_DAZ 07320 strcat(compiled_modules, " DAZ"); 07321 #endif 07322 #ifdef CONFIG_RSBAC_FF 07323 strcat(compiled_modules, " FF"); 07324 #endif 07325 #ifdef CONFIG_RSBAC_RC 07326 strcat(compiled_modules, " RC"); 07327 #endif 07328 #ifdef CONFIG_RSBAC_AUTH 07329 strcat(compiled_modules, " AUTH"); 07330 #endif 07331 #ifdef CONFIG_RSBAC_ACL 07332 strcat(compiled_modules, " ACL"); 07333 #endif 07334 #ifdef CONFIG_RSBAC_CAP 07335 strcat(compiled_modules, " CAP"); 07336 #endif 07337 #ifdef CONFIG_RSBAC_JAIL 07338 strcat(compiled_modules, " JAIL"); 07339 #endif 07340 #ifdef CONFIG_RSBAC_RES 07341 strcat(compiled_modules, " RES"); 07342 #endif 07343 #ifdef CONFIG_RSBAC_PAX 07344 strcat(compiled_modules, " PAX"); 07345 #endif 07346 #ifdef CONFIG_RSBAC_MAINT 07347 rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n", 07348 RSBAC_VERSION); 07349 /* Print banner we are initializing */ 07350 printk(KERN_INFO 07351 "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n", 07352 RSBAC_VERSION); 07353 07354 rsbac_printk(KERN_INFO "rsbac_do_init(): Supported module data structures:%s\n", 07355 compiled_modules); 07356 #else 07357 rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s\n", 07358 RSBAC_VERSION); 07359 /* Print banner we are initializing */ 07360 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07361 if (rsbac_nosyslog) 07362 #endif 07363 printk(KERN_INFO 07364 "rsbac_do_init(): Initializing RSBAC %s\n", 07365 RSBAC_VERSION); 07366 07367 rsbac_printk(KERN_INFO "rsbac_do_init(): compiled modules:%s\n", 07368 compiled_modules); 07369 #endif 07370 07371 /* init memory */ 07372 rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing memory slabs\n"); 07373 rsbac_kmem_cache_sizes_init(); 07374 07375 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) { 07376 device_head_p[i] = kmalloc(sizeof(*device_head_p[i]), GFP_KERNEL); 07377 if (!device_head_p[i]) { 07378 rsbac_printk(KERN_WARNING 07379 "rsbac_do_init(): Failed to allocate device_list_heads[%s]\n", i); 07380 return -ENOMEM; 07381 } 07382 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07383 spin_lock_init(&device_list_locks[i]); 07384 #else 07385 rwlock_init(&device_list_locks[i]); 07386 #endif 07387 device_head_p[i]->head = NULL; 07388 device_head_p[i]->tail = NULL; 07389 device_head_p[i]->curr = NULL; 07390 device_head_p[i]->count = 0; 07391 } 07392 07393 #if defined(CONFIG_RSBAC_PROC) 07394 rsbac_pr_debug(stack, "free stack before registering proc dir: %lu\n", 07395 rsbac_stack_free_space()); 07396 rsbac_printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n"); 07397 register_all_rsbac_proc(); 07398 #endif 07399 rsbac_pr_debug(stack, "free stack before get_super: %lu\n", 07400 rsbac_stack_free_space()); 07401 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07402 sb_p = user_get_super(rsbac_root_dev); 07403 #else 07404 sb_p = get_super(rsbac_root_dev); 07405 #endif 07406 if (!sb_p) { 07407 kfree(list_info_p); 07408 return -RSBAC_ENOROOTDEV; 07409 } 07410 /* read fd aci from root device */ 07411 rsbac_pr_debug(ds, "reading aci from device " 07412 "number %02u:%02u\n", 07413 RSBAC_MAJOR(rsbac_root_dev), 07414 RSBAC_MINOR(rsbac_root_dev)); 07415 /* create a private device item */ 07416 new_device_p = create_device_item(sb_p, NULL); 07417 if (!new_device_p) { 07418 rsbac_printk(KERN_CRIT 07419 "rsbac_do_init(): Could not alloc device item!\n"); 07420 err = -RSBAC_ECOULDNOTADDDEVICE; 07421 goto out_free; 07422 } 07423 /* Add new_device_p to device list */ 07424 /* OK, go on */ 07425 device_p = add_device_item(new_device_p); 07426 if (!device_p) { 07427 rsbac_printk(KERN_CRIT 07428 "rsbac_do_init(): Could not add device!\n"); 07429 clear_device_item(new_device_p); 07430 err = -RSBAC_ECOULDNOTADDDEVICE; 07431 goto out_free; 07432 } 07433 07434 /* init lists - we need the root device_p to be initialized, but no generic list registered */ 07435 rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing generic lists\n"); 07436 rsbac_list_init(); 07437 07438 rsbac_pr_debug(stack, "free stack before init_debug: %lu\n", 07439 rsbac_stack_free_space()); 07440 rsbac_init_debug(); 07441 07442 rsbac_printk(KERN_INFO "rsbac_do_init(): reading FD attributes from root dev\n"); 07443 rsbac_pr_debug(stack, "free stack before reading FD lists: %lu\n", 07444 rsbac_stack_free_space()); 07445 /* no locking needed, device_p is known and there can be no parallel init! */ 07446 if ((err = register_fd_lists(device_p, rsbac_root_dev))) { 07447 char *tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 07448 07449 if (tmp) { 07450 rsbac_printk(KERN_WARNING "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n", 07451 RSBAC_MAJOR(rsbac_root_dev), 07452 RSBAC_MINOR(rsbac_root_dev), 07453 get_error_name(tmp, err)); 07454 rsbac_kfree(tmp); 07455 } 07456 } 07457 rsbac_pr_debug(stack, "free stack before DEV lists registration: %lu\n", 07458 rsbac_stack_free_space()); 07459 register_dev_lists(); 07460 rsbac_pr_debug(stack, "free stack before registering IPC lists: %lu\n", 07461 rsbac_stack_free_space()); 07462 register_ipc_lists(); 07463 rsbac_pr_debug(stack, "free stack before registering USER lists 1: %lu\n", 07464 rsbac_stack_free_space()); 07465 register_user_lists1(); 07466 rsbac_pr_debug(stack, "free stack before registering USER lists 2: %lu\n", 07467 rsbac_stack_free_space()); 07468 register_user_lists2(); 07469 rsbac_pr_debug(stack, "free stack before registering PROCESS aci: %lu\n", 07470 rsbac_stack_free_space()); 07471 register_process_lists(); 07472 07473 07474 #ifdef CONFIG_RSBAC_UM 07475 rsbac_pr_debug(stack, "free stack before GROUP lists registration: %lu\n", 07476 rsbac_stack_free_space()); 07477 register_group_lists(); 07478 #endif /* CONFIG_RSBAC_UM */ 07479 07480 #ifdef CONFIG_RSBAC_NET_DEV 07481 register_netdev_lists(); 07482 #endif 07483 07484 #ifdef CONFIG_RSBAC_NET_OBJ 07485 register_nettemp_list(); 07486 register_nettemp_aci_lists(); 07487 register_netobj_lists(); 07488 #endif /* NET_OBJ */ 07489 07490 #ifdef CONFIG_RSBAC_FD_CACHE 07491 if (!rsbac_fd_cache_disable) 07492 register_fd_cache_lists(); 07493 #endif 07494 07495 /* Call other init functions */ 07496 #if defined(CONFIG_RSBAC_MAC) 07497 rsbac_pr_debug(stack, "free stack before init_mac: %lu\n", 07498 rsbac_stack_free_space()); 07499 rsbac_init_mac(); 07500 #endif 07501 07502 #ifdef CONFIG_RSBAC_PM 07503 rsbac_pr_debug(stack, "free stack before init_pm: %lu\n", 07504 rsbac_stack_free_space()); 07505 rsbac_init_pm(); 07506 #endif 07507 07508 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT) 07509 rsbac_pr_debug(stack, "free stack before init_daz: %lu\n", 07510 rsbac_stack_free_space()); 07511 rsbac_init_daz(); 07512 #endif 07513 07514 #if defined(CONFIG_RSBAC_RC) 07515 rsbac_pr_debug(stack, "free stack before init_rc: %lu\n", 07516 rsbac_stack_free_space()); 07517 rsbac_init_rc(); 07518 #endif 07519 07520 #if defined(CONFIG_RSBAC_AUTH) 07521 rsbac_pr_debug(stack, "free stack before init_auth: %lu\n", 07522 rsbac_stack_free_space()); 07523 rsbac_init_auth(); 07524 if (rsbac_auth_enable_login) { 07525 struct dentry *t_dentry; 07526 struct dentry *dir_dentry = NULL; 07527 struct rsbac_auth_fd_aci_t auth_fd_aci = 07528 DEFAULT_AUTH_FD_ACI; 07529 07530 rsbac_printk(KERN_WARNING "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n", 07531 RSBAC_AUTH_LOGIN_PATH); 07532 07533 /* lookup filename */ 07534 if (sb_p) { 07535 dir_dentry = 07536 rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_DIR, 07537 sb_p->s_root, 07538 strlen 07539 (RSBAC_AUTH_LOGIN_PATH_DIR)); 07540 } 07541 if (!dir_dentry) { 07542 err = -RSBAC_ENOTFOUND; 07543 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n", 07544 RSBAC_AUTH_LOGIN_PATH_DIR); 07545 goto auth_out; 07546 } 07547 if (IS_ERR(dir_dentry)) { 07548 err = PTR_ERR(dir_dentry); 07549 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n", 07550 RSBAC_AUTH_LOGIN_PATH_DIR, err); 07551 goto auth_out; 07552 } 07553 if (!dir_dentry->d_inode) { 07554 err = -RSBAC_ENOTFOUND; 07555 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n", 07556 RSBAC_AUTH_LOGIN_PATH_DIR); 07557 dput(dir_dentry); 07558 goto auth_out; 07559 } 07560 t_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_FILE, 07561 dir_dentry, 07562 strlen 07563 (RSBAC_AUTH_LOGIN_PATH_FILE)); 07564 if (!t_dentry) { 07565 err = -RSBAC_ENOTFOUND; 07566 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n", 07567 RSBAC_AUTH_LOGIN_PATH_DIR, 07568 RSBAC_AUTH_LOGIN_PATH_FILE); 07569 goto auth_out; 07570 } 07571 if (IS_ERR(t_dentry)) { 07572 err = PTR_ERR(t_dentry); 07573 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n", 07574 RSBAC_AUTH_LOGIN_PATH_DIR, 07575 RSBAC_AUTH_LOGIN_PATH_FILE, err); 07576 goto auth_out; 07577 } 07578 if (!t_dentry->d_inode) { 07579 err = -RSBAC_ENOTFOUND; 07580 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n", 07581 RSBAC_AUTH_LOGIN_PATH_DIR, 07582 RSBAC_AUTH_LOGIN_PATH_FILE); 07583 dput(t_dentry); 07584 goto auth_out; 07585 } 07586 07587 if (!t_dentry->d_inode) { 07588 rsbac_printk(KERN_WARNING "rsbac_do_init(): file %s not found\n", 07589 RSBAC_AUTH_LOGIN_PATH); 07590 err = -RSBAC_EINVALIDTARGET; 07591 goto auth_out_dput; 07592 } 07593 /* is inode of type file? */ 07594 if (!S_ISREG(t_dentry->d_inode->i_mode)) { 07595 rsbac_printk(KERN_WARNING "rsbac_do_init(): %s is no file\n", 07596 RSBAC_AUTH_LOGIN_PATH); 07597 err = -RSBAC_EINVALIDTARGET; 07598 goto auth_out_dput; 07599 } 07600 rsbac_list_get_data(device_p->handles.auth, 07601 &t_dentry->d_inode->i_ino, 07602 &auth_fd_aci); 07603 auth_fd_aci.auth_may_setuid = TRUE; 07604 if (rsbac_list_add(device_p->handles.auth, &t_dentry->d_inode->i_ino, &auth_fd_aci)) { /* Adding failed! */ 07605 rsbac_printk(KERN_WARNING "rsbac_do_init(): Could not add AUTH file/dir item!\n"); 07606 err = -RSBAC_ECOULDNOTADDITEM; 07607 } 07608 07609 auth_out_dput: 07610 auth_out: 07611 { 07612 } 07613 } 07614 #endif 07615 07616 #if defined(CONFIG_RSBAC_ACL) 07617 rsbac_pr_debug(stack, "free stack before init_acl: %lu\n", 07618 rsbac_stack_free_space()); 07619 rsbac_init_acl(); 07620 #endif 07621 07622 #if defined(CONFIG_RSBAC_UM) 07623 rsbac_pr_debug(stack, "free stack before init_um: %lu\n", 07624 rsbac_stack_free_space()); 07625 rsbac_init_um(); 07626 #endif 07627 rsbac_pr_debug(stack, "free stack before init_adf: %lu\n", 07628 rsbac_stack_free_space()); 07629 rsbac_init_adf(); 07630 07631 /* free super_block pointer */ 07632 drop_super(sb_p); 07633 07634 #if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS) 07635 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10) 07636 pax_set_initial_flags_func = rsbac_pax_set_flags_func; 07637 #else 07638 pax_set_flags_func = rsbac_pax_set_flags_func; 07639 #endif 07640 #endif 07641 07642 /* Tell that rsbac is initialized */ 07643 rsbac_initialized = TRUE; 07644 07645 /* Add initrd mount */ 07646 #ifdef CONFIG_BLK_DEV_INITRD 07647 if (initrd_start) { 07648 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07649 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR, 0)); 07650 #else 07651 sb_p = get_super(MKDEV(RAMDISK_MAJOR, 0)); 07652 #endif 07653 if (sb_p) { 07654 rsbac_mount(sb_p, NULL); 07655 drop_super(sb_p); 07656 } 07657 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07658 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR, INITRD_MINOR)); 07659 #else 07660 sb_p = get_super(MKDEV(RAMDISK_MAJOR, INITRD_MINOR)); 07661 #endif 07662 if (sb_p) { 07663 rsbac_mount(sb_p, NULL); 07664 drop_super(sb_p); 07665 } 07666 } 07667 #endif 07668 07669 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07670 /* Add sysfs mount */ 07671 if (sysfs_covered_p && sysfs_sb_p) { 07672 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n", 07673 MAJOR(sysfs_sb_p->s_dev), 07674 MINOR(sysfs_sb_p->s_dev)); 07675 rsbac_mount(sysfs_sb_p, sysfs_covered_p); 07676 } 07677 #endif 07678 07679 /* Add devfs mount */ 07680 #ifdef CONFIG_DEVFS_MOUNT 07681 if (devfs_covered_p && devfs_sb_p) { 07682 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n", 07683 MAJOR(devfs_sb_p->s_dev), 07684 MINOR(devfs_sb_p->s_dev)); 07685 rsbac_mount(devfs_sb_p, devfs_covered_p); 07686 } 07687 #endif 07688 07689 /* Force a check, if configured */ 07690 #ifdef CONFIG_RSBAC_INIT_CHECK 07691 rsbac_pr_debug(stack, "free stack before rsbac_check: %lu\n", 07692 rsbac_stack_free_space()); 07693 rsbac_printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n"); 07694 rsbac_check_lists(1); 07695 #if defined(CONFIG_RSBAC_ACL) 07696 rsbac_check_acl(1); 07697 #endif 07698 #endif 07699 07700 if (!current->fs) { 07701 rsbac_printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n"); 07702 err = -RSBAC_EINVALIDPOINTER; 07703 } 07704 out: 07705 /* We are up and running */ 07706 rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n"); 07707 07708 kfree(list_info_p); 07709 return err; 07710 07711 out_free: 07712 /* free super_block pointer */ 07713 drop_super(sb_p); 07714 goto out; 07715 }
void rsbac_flags_set | ( | unsigned long int | rsbac_flags | ) |
Definition at line 15239 of file aci_data_structures.c.
References rsbac_no_defaults, set_rsbac_acl_learn_fd, set_rsbac_auth_learn, set_rsbac_cap_log_missing, set_rsbac_cap_process_hiding, set_rsbac_dac_disable, set_rsbac_freeze, set_rsbac_jail_log_missing, set_rsbac_no_defaults, set_rsbac_no_delay_init, set_rsbac_nosyslog, set_rsbac_softmode, set_rsbac_softmode_never, set_rsbac_softmode_once, and set_rsbac_um_no_excl.
Referenced by rsbac_flags_setup().
15240 { 15241 #if 0 15242 printk("rsbac_flags set to: %lu\n", rsbac_flags); 15243 15244 if (rsbac_flags & set_rsbac_softmode) 15245 rsbac_softmode = 1; 15246 if (rsbac_flags & set_rsbac_softmode_once) { 15247 rsbac_softmode = 1; 15248 rsbac_softmode_prohibit = 1; 15249 } 15250 if (rsbac_flags & set_rsbac_softmode_never) 15251 rsbac_softmode_prohibit = 1; 15252 if (rsbac_flags & set_rsbac_freeze) 15253 rsbac_freeze = 1; 15254 #if defined(CONFIG_RSBAC_UM_EXCL) 15255 if (rsbac_flags & set_rsbac_um_no_excl) 15256 rsbac_um_no_excl = 1; 15257 #endif 15258 if (rsbac_flags & set_rsbac_auth_learn) 15259 rsbac_auth_learn = 1; 15260 if (rsbac_flags & set_rsbac_acl_learn_fd) 15261 rsbac_acl_learn_fd = 1; 15262 if (rsbac_flags & set_rsbac_cap_log_missing) 15263 rsbac_cap_log_missing = 1; 15264 if (rsbac_flags & set_rsbac_jail_log_missing) 15265 rsbac_jail_log_missing = 1; 15266 if (rsbac_flags & set_rsbac_dac_disable) 15267 rsbac_dac_disable = 1; 15268 if (rsbac_flags & set_rsbac_no_delay_init) 15269 rsbac_no_delay_init = 1; 15270 if (rsbac_flags & set_rsbac_no_defaults) 15271 rsbac_no_defaults = 1; 15272 if (rsbac_flags & set_rsbac_nosyslog) 15273 rsbac_nosyslog = 1; 15274 if (rsbac_flags & set_rsbac_cap_process_hiding) 15275 rsbac_cap_process_hiding = 1; 15276 #endif 15277 }
int rsbac_free_dat_dentries | ( | void | ) |
Definition at line 8561 of file aci_data_structures.c.
References device_head_p, device_list_locks, KERNEL_VERSION, NULL, RSBAC_ENOTINITIALIZED, rsbac_initialized, and rsbac_printk().
08562 { 08563 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08564 u_long flags; 08565 #endif 08566 struct rsbac_device_list_item_t *device_p; 08567 u_int i; 08568 08569 if (!rsbac_initialized) { 08570 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n"); 08571 return (-RSBAC_ENOTINITIALIZED); 08572 } 08573 08574 rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n"); 08575 08576 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) { 08577 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08578 spin_lock(&device_list_locks[i]); 08579 #else 08580 rsbac_write_lock(&device_list_locks[i], &flags); 08581 #endif 08582 device_p = device_head_p[i]->head; 08583 while (device_p) { 08584 if (device_p->rsbac_dir_dentry_p) { 08585 dput(device_p->rsbac_dir_dentry_p); 08586 device_p->rsbac_dir_dentry_p = NULL; 08587 } 08588 device_p = device_p->next; 08589 } 08590 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08591 spin_unlock(&device_list_locks[i]); 08592 #else 08593 rsbac_write_unlock(&device_list_locks[i], &flags); 08594 #endif 08595 } 08596 return 0; 08597 }
int rsbac_get_full_path | ( | struct dentry * | dentry_p, | |
char | path[], | |||
int | maxlen | |||
) |
Definition at line 2627 of file aci_data_structures.c.
References A_pseudo, device_hash(), device_list_locks, FALSE, lookup_device(), rsbac_attribute_value_t::pseudo, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOMEM, rsbac_get_attr, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, SW_GEN, T_USER, and rsbac_target_id_t::user.
Referenced by get_target_name(), rsbac_adf_request_int(), rsbac_jail_sys_jail(), and xp_fill_file_struct().
02628 { 02629 int len = 0; 02630 char *i_path; 02631 int tmplen = 0; 02632 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS 02633 union rsbac_target_id_t i_tid; 02634 union rsbac_attribute_value_t i_attr_val; 02635 #endif 02636 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 02637 u_long dflags; 02638 #endif 02639 02640 if (!dentry_p || !path) 02641 return -RSBAC_EINVALIDPOINTER; 02642 if (maxlen <= 0) 02643 return -RSBAC_EINVALIDVALUE; 02644 i_path = rsbac_kmalloc(maxlen + RSBAC_MAXNAMELEN); 02645 if (!i_path) 02646 return -RSBAC_ENOMEM; 02647 02648 path[0] = 0; 02649 02650 while (dentry_p && (len < maxlen) && dentry_p->d_name.len 02651 && dentry_p->d_name.name) { 02652 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS 02653 if (dentry_p->d_inode 02654 && dentry_p->d_parent 02655 && dentry_p->d_parent->d_inode 02656 && (i_tid.user = dentry_p->d_inode->i_uid) 02657 && (dentry_p->d_inode->i_uid != 02658 dentry_p->d_parent->d_inode->i_uid) 02659 && !rsbac_get_attr(SW_GEN, T_USER, i_tid, A_pseudo, 02660 &i_attr_val, FALSE) 02661 && i_attr_val.pseudo) { /* Max len of 32 Bit value in decimal print is 11 */ 02662 if ((maxlen - len) < 12) { 02663 rsbac_kfree(i_path); 02664 return (len); 02665 } 02666 tmplen = 02667 snprintf(i_path, 11, "%u", i_attr_val.pseudo); 02668 } else 02669 #endif 02670 { 02671 tmplen = dentry_p->d_name.len; 02672 if ((tmplen + 1) > (maxlen - len)) { 02673 rsbac_kfree(i_path); 02674 return (len); 02675 } 02676 strncpy(i_path, dentry_p->d_name.name, tmplen); 02677 } 02678 /* Skip double / on multi mounts. 02679 * Last / is appended at the end of the function */ 02680 if((i_path[tmplen-1] != '/') && (tmplen != 1)) { 02681 if(len && (i_path[tmplen-1] != '/')) { 02682 i_path[tmplen] = '/'; 02683 tmplen++; 02684 } 02685 i_path[tmplen]=0; 02686 strcat(i_path, path); 02687 strcpy(path, i_path); 02688 len += tmplen; 02689 } 02690 if (dentry_p->d_parent && (dentry_p->d_parent != dentry_p) 02691 && (dentry_p->d_sb->s_root != dentry_p) 02692 ) 02693 dentry_p = dentry_p->d_parent; 02694 else { 02695 struct rsbac_device_list_item_t *device_p; 02696 u_int hash; 02697 02698 hash = device_hash(dentry_p->d_sb->s_dev); 02699 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02700 rcu_read_lock(); 02701 #else 02702 rsbac_read_lock(&device_list_locks[hash], &dflags); 02703 #endif 02704 device_p = lookup_device(dentry_p->d_sb->s_dev, hash); 02705 if (device_p && device_p->d_covers) { 02706 dentry_p = device_p->d_covers; 02707 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02708 rcu_read_unlock(); 02709 #else 02710 rsbac_read_unlock(&device_list_locks[hash], &dflags); 02711 #endif 02712 } else { 02713 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02714 rcu_read_unlock(); 02715 #else 02716 rsbac_read_unlock(&device_list_locks[hash], &dflags); 02717 #endif 02718 break; 02719 } 02720 } 02721 } 02722 02723 i_path[tmplen]=0; 02724 strcat(i_path, path); 02725 strcpy(path, i_path); 02726 02727 rsbac_kfree(i_path); 02728 return (len); 02729 }
int rsbac_get_full_path_length | ( | struct dentry * | dentry_p | ) |
Definition at line 2734 of file aci_data_structures.c.
References device_hash(), device_list_locks, lookup_device(), and RSBAC_EINVALIDPOINTER.
Referenced by xp_fill_file_struct().
02735 { 02736 int len = 0; 02737 int tmplen = 0; 02738 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 02739 u_long dflags; 02740 #endif 02741 02742 if (!dentry_p) 02743 return -RSBAC_EINVALIDPOINTER; 02744 02745 while (dentry_p && dentry_p->d_name.len && dentry_p->d_name.name) { 02746 tmplen = dentry_p->d_name.len; 02747 if (len && (dentry_p->d_name.name[tmplen - 1] != '/')) { 02748 tmplen++; 02749 } 02750 len += tmplen; 02751 if (dentry_p->d_parent && (dentry_p->d_parent != dentry_p) 02752 && (dentry_p->d_sb->s_root != dentry_p) 02753 ) 02754 dentry_p = dentry_p->d_parent; 02755 else { 02756 struct rsbac_device_list_item_t *device_p; 02757 u_int hash; 02758 02759 hash = device_hash(dentry_p->d_sb->s_dev); 02760 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02761 rcu_read_lock(); 02762 #else 02763 rsbac_read_lock(&device_list_locks[hash], &dflags); 02764 #endif 02765 device_p = lookup_device(dentry_p->d_sb->s_dev, hash); 02766 if (device_p && device_p->d_covers) { 02767 dentry_p = device_p->d_covers; 02768 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02769 rcu_read_unlock(); 02770 #else 02771 rsbac_read_unlock(&device_list_locks[hash], &dflags); 02772 #endif 02773 } else { 02774 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02775 rcu_read_unlock(); 02776 #else 02777 rsbac_read_unlock(&device_list_locks[hash], &dflags); 02778 #endif 02779 break; 02780 } 02781 } 02782 } 02783 return (len); 02784 }
int rsbac_get_parent | ( | enum rsbac_target_t | target, | |
union rsbac_target_id_t | tid, | |||
enum rsbac_target_t * | parent_target_p, | |||
union rsbac_target_id_t * | parent_tid_p | |||
) |
Definition at line 9083 of file aci_data_structures.c.
References device_hash(), device_list_locks, lookup_device(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTFOUND, rsbac_printk(), T_DIR, T_FIFO, T_FILE, T_SYMLINK, and T_UNIXSOCK.
Referenced by copy_fp_cap_set_item(), copy_fp_tru_set_item(), get_attr_fd(), rsbac_acl_get_rights(), and rsbac_acl_get_single_right().
09087 { 09088 if (!parent_target_p || !parent_tid_p) 09089 return -RSBAC_EINVALIDPOINTER; 09090 /* 09091 rsbac_pr_debug(ds, "Getting file/dir/fifo/symlink " 09092 "parent for device %02u:%02u, inode %lu, dentry_p %p\n", 09093 RSBAC_MAJOR(tid.file.device), 09094 RSBAC_MINOR(tid.file.device), 09095 (u_long)tid.file.inode, tid.file.dentry_p); 09096 */ 09097 switch (target) { 09098 case T_FILE: 09099 case T_DIR: 09100 case T_FIFO: 09101 case T_SYMLINK: 09102 case T_UNIXSOCK: 09103 break; 09104 default: 09105 return -RSBAC_EINVALIDTARGET; 09106 } 09107 09108 if (!tid.file.dentry_p) 09109 return -RSBAC_ENOTFOUND; 09110 09111 #ifdef CONFIG_RSBAC_XSTATS 09112 get_parent_count++; 09113 #endif 09114 *parent_target_p = T_DIR; 09115 /* Is this dentry root of a mounted device? */ 09116 if (tid.file.dentry_p->d_sb 09117 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p) 09118 ) { 09119 struct rsbac_device_list_item_t *device_p; 09120 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 09121 u_long dflags; 09122 #endif 09123 u_int hash; 09124 09125 hash = device_hash(tid.file.device); 09126 /* wait for read access to device_list_head */ 09127 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09128 rcu_read_lock(); 09129 #else 09130 rsbac_read_lock(&device_list_locks[hash], &dflags); 09131 #endif 09132 device_p = lookup_device(tid.file.device, hash); 09133 if (!device_p 09134 || !device_p->d_covers 09135 || !device_p->d_covers->d_parent 09136 || !device_p->d_covers->d_parent->d_inode) { 09137 /* free access to device_list_head */ 09138 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09139 rcu_read_unlock(); 09140 #else 09141 rsbac_read_unlock(&device_list_locks[hash], &dflags); 09142 #endif 09143 return -RSBAC_ENOTFOUND; 09144 } 09145 parent_tid_p->dir.device = 09146 device_p->d_covers->d_parent->d_sb->s_dev; 09147 parent_tid_p->dir.inode = 09148 device_p->d_covers->d_parent->d_inode->i_ino; 09149 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent; 09150 /* free access to device_list_head */ 09151 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09152 rcu_read_unlock(); 09153 #else 09154 rsbac_read_unlock(&device_list_locks[hash], &dflags); 09155 #endif 09156 } else { /* no root of filesystem -> use d_parent, dev keeps unchanged */ 09157 if (!tid.file.dentry_p->d_parent) { 09158 rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent is NULL!\n"); 09159 return -RSBAC_ENOTFOUND; 09160 } 09161 if (tid.file.dentry_p == tid.file.dentry_p->d_parent) { 09162 rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent == dentry_p!\n"); 09163 return -RSBAC_ENOTFOUND; 09164 } 09165 if (!tid.file.dentry_p->d_parent->d_inode) { 09166 rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent has no d_inode!\n"); 09167 return -RSBAC_ENOTFOUND; 09168 } 09169 parent_tid_p->dir.device = tid.file.device; 09170 parent_tid_p->dir.inode = 09171 tid.file.dentry_p->d_parent->d_inode->i_ino; 09172 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent; 09173 } 09174 return 0; 09175 }
struct super_block* rsbac_get_super_block | ( | kdev_t | kdev | ) |
Definition at line 2063 of file aci_data_structures.c.
References device_hash(), device_list_locks, lookup_device(), NULL, rsbac_mount(), rsbac_printk(), rsbac_write_sem, and wakeup_auto().
Referenced by lookup_aci_path_dentry(), rsbac_acl_add_to_acl_entry(), rsbac_acl_get_mask(), rsbac_acl_get_rights(), rsbac_acl_get_single_right(), rsbac_acl_get_tlist(), rsbac_acl_remove_acl(), rsbac_acl_remove_acl_entry(), rsbac_acl_remove_from_acl_entry(), rsbac_acl_set_acl_entry(), rsbac_acl_set_mask(), rsbac_adf_request_int(), rsbac_adf_set_attr(), rsbac_auth_add_to_f_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_remove_from_f_capset(), rsbac_mac_add_to_f_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_remove_from_f_truset(), and rsbac_write_open().
02064 { 02065 struct rsbac_device_list_item_t *device_p; 02066 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 02067 u_long dflags; 02068 #endif 02069 struct super_block *sb_p; 02070 u_int hash; 02071 02072 if (RSBAC_IS_AUTO_DEV(kdev)) 02073 return NULL; 02074 02075 hash = device_hash(kdev); 02076 /* get super_block-pointer */ 02077 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02078 rcu_read_lock(); 02079 #else 02080 rsbac_read_lock(&device_list_locks[hash], &dflags); 02081 #endif 02082 device_p = lookup_device(kdev, hash); 02083 if (!device_p) { 02084 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02085 rcu_read_unlock(); 02086 #else 02087 rsbac_read_unlock(&device_list_locks[hash], &dflags); 02088 #endif 02089 down(&rsbac_write_sem); 02090 up(&rsbac_write_sem); 02091 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02092 sb_p = user_get_super(kdev); 02093 #else 02094 sb_p = get_super(kdev); 02095 #endif 02096 if (!sb_p) { /* Wait a second and retry */ 02097 DECLARE_WAIT_QUEUE_HEAD(auto_wait); 02098 struct timer_list auto_timer; 02099 02100 rsbac_printk(KERN_INFO "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n", 02101 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02102 init_timer(&auto_timer); 02103 auto_timer.function = wakeup_auto; 02104 auto_timer.data = (u_long) & auto_wait; 02105 auto_timer.expires = jiffies + HZ; 02106 add_timer(&auto_timer); 02107 interruptible_sleep_on(&auto_wait); 02108 02109 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02110 sb_p = user_get_super(kdev); 02111 #else 02112 sb_p = get_super(kdev); 02113 #endif 02114 } 02115 if (sb_p) { 02116 device_p = lookup_device(kdev, hash); 02117 /* Never auto-mount <= 01:xx devices */ 02118 if (!device_p && (RSBAC_MAJOR(kdev) <= 1)) { 02119 rsbac_printk(KERN_INFO "rsbac_get_super_block(): auto-mounting device %02u:%02u\n", 02120 RSBAC_MAJOR(kdev), 02121 RSBAC_MINOR(kdev)); 02122 rsbac_mount(sb_p, NULL); 02123 } 02124 /* free super_block pointer */ 02125 drop_super(sb_p); 02126 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02127 rcu_read_lock(); 02128 #else 02129 rsbac_read_lock(&device_list_locks[hash], &dflags); 02130 #endif 02131 device_p = lookup_device(kdev, hash); 02132 if (!device_p) { 02133 rsbac_printk(KERN_WARNING "rsbac_get_super_block(): unknown device %02u:%02u\n", 02134 RSBAC_MAJOR(kdev), 02135 RSBAC_MINOR(kdev)); 02136 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02137 rcu_read_unlock(); 02138 #else 02139 rsbac_read_unlock(&device_list_locks[hash], 02140 &dflags); 02141 #endif 02142 return NULL; 02143 } 02144 } else { 02145 return NULL; 02146 } 02147 } 02148 sb_p = device_p->sb_p; 02149 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02150 rcu_read_unlock(); 02151 #else 02152 rsbac_read_unlock(&device_list_locks[hash], &dflags); 02153 #endif 02154 return sb_p; 02155 }
int __init rsbac_init | ( | kdev_t | root_dev | ) |
Definition at line 7893 of file aci_data_structures.c.
Referenced by rsbac_mount().
07895 { 07896 struct rsbac_kthread_t * rsbac_kthread_entry; 07897 struct list_head * p; 07898 #ifdef CONFIG_RSBAC_RC 07899 struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI; 07900 #endif 07901 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07902 #ifdef CONFIG_RSBAC_INIT_THREAD 07903 struct task_struct * rsbac_init_thread; 07904 #endif 07905 struct task_struct * rsbacd_thread; 07906 #endif 07907 rsbac_pid_t init_pid; 07908 07909 07910 int err = 0; 07911 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \ 07912 || defined(CONFIG_RSBAC_INIT_THREAD) 07913 rsbac_pid_t rsbacd_pid; 07914 #endif 07915 07916 if (rsbac_initialized) { 07917 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n"); 07918 return (-RSBAC_EREINIT); 07919 } 07920 if (!current->fs) { 07921 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n"); 07922 return (-RSBAC_EINVALIDPOINTER); 07923 } 07924 07925 rsbac_root_dev = root_dev; 07926 07927 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \ 07928 || defined(CONFIG_RSBAC_INIT_THREAD) 07929 /* init the rsbacd wait queue head */ 07930 init_waitqueue_head(&rsbacd_wait); 07931 #endif 07932 07933 #ifdef CONFIG_RSBAC_INIT_THREAD 07934 /* trigger dependency */ 07935 #ifdef CONFIG_RSBAC_MAX_INIT_TIME 07936 #endif 07937 rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n", 07938 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ); 07939 init_timer(&rsbac_timer); 07940 rsbac_timer.function = wakeup_rsbacd; 07941 rsbac_timer.data = 0; 07942 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ); 07943 add_timer(&rsbac_timer); 07944 07945 /* Start rsbac thread for init */ 07946 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07947 rsbac_init_thread = kthread_create(rsbac_initd, NULL, "rsbac_initd"); 07948 if (IS_ERR(rsbac_init_thread)) 07949 goto panic; 07950 rsbacd_pid = rsbac_init_thread->pid; 07951 wake_up_process(rsbac_init_thread); 07952 #else 07953 rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0); 07954 if (rsbacd_pid < 0) 07955 goto panic; 07956 #endif 07957 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n", 07958 rsbacd_pid); 07959 07960 if (!rsbac_initialized) 07961 interruptible_sleep_on(&rsbacd_wait); 07962 if (!rsbac_initialized) { 07963 rsbac_printk(KERN_ERR 07964 "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n"); 07965 rsbac_printk(KERN_ERR 07966 "rsbac_init(): *** Killing rsbac_initd! ***\n"); 07967 sys_kill(rsbacd_pid, SIGKILL); 07968 rsbac_initialized = FALSE; 07969 } 07970 #else 07971 rsbac_do_init(); 07972 #endif 07973 07974 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0) 07975 if (rsbac_initialized) { 07976 /* Start rsbacd thread for auto write */ 07977 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07978 rsbacd_thread = kthread_create(rsbacd, NULL, "rsbacd"); 07979 rsbacd_pid = rsbacd_thread->pid; 07980 wake_up_process(rsbacd_thread); 07981 #else 07982 rsbacd_pid = 07983 kernel_thread(rsbacd, NULL, 07984 CLONE_FS | CLONE_FILES | CLONE_SIGHAND); 07985 #endif 07986 if (rsbacd_pid < 0) { 07987 rsbac_printk(KERN_ERR 07988 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n", 07989 rsbacd_pid); 07990 } else { 07991 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n", 07992 rsbacd_pid); 07993 } 07994 } 07995 #endif 07996 07997 /* Ready. */ 07998 /* schedule(); */ 07999 #ifdef CONFIG_RSBAC_INIT_THREAD 08000 sys_wait4(-1, NULL, WNOHANG, NULL); 08001 #endif 08002 08003 /* Add all processes to list of processes as init processes */ 08004 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC) 08005 { 08006 #ifdef CONFIG_RSBAC_MAC 08007 struct rsbac_mac_user_aci_t * mac_u_aci_p; 08008 #endif 08009 #ifdef CONFIG_RSBAC_RC 08010 struct rsbac_rc_user_aci_t * rc_u_aci_p; 08011 #endif 08012 rsbac_uid_t user = RSBAC_SYSADM_UID; 08013 rsbac_pid_t pid = 1; 08014 struct task_struct *p; 08015 08016 union rsbac_target_id_t k_tid; 08017 union rsbac_attribute_value_t k_attr_val; 08018 08019 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n"); 08020 /* Prepare entries: change standard values to root's values */ 08021 #ifdef CONFIG_RSBAC_MAC 08022 mac_u_aci_p = rsbac_kmalloc(sizeof(*mac_u_aci_p)); 08023 if (mac_u_aci_p) { 08024 if(!rsbac_list_get_data 08025 (user_handles.mac, &user, mac_u_aci_p)) { 08026 mac_init_p_aci.owner_sec_level = 08027 mac_u_aci_p->security_level; 08028 mac_init_p_aci.owner_initial_sec_level = 08029 mac_u_aci_p->initial_security_level; 08030 mac_init_p_aci.current_sec_level = 08031 mac_u_aci_p->initial_security_level; 08032 mac_init_p_aci.owner_min_sec_level = 08033 mac_u_aci_p->min_security_level; 08034 mac_init_p_aci.mac_owner_categories = 08035 mac_u_aci_p->mac_categories; 08036 mac_init_p_aci.mac_owner_initial_categories = 08037 mac_u_aci_p->mac_initial_categories; 08038 mac_init_p_aci.mac_curr_categories = 08039 mac_u_aci_p->mac_initial_categories; 08040 mac_init_p_aci.mac_owner_min_categories = 08041 mac_u_aci_p->mac_min_categories; 08042 mac_init_p_aci.min_write_open = 08043 mac_u_aci_p->security_level; 08044 mac_init_p_aci.max_read_open = 08045 mac_u_aci_p->min_security_level; 08046 mac_init_p_aci.min_write_categories = 08047 mac_u_aci_p->mac_categories; 08048 mac_init_p_aci.max_read_categories = 08049 mac_u_aci_p->mac_min_categories; 08050 mac_init_p_aci.mac_process_flags = 08051 (mac_u_aci_p-> 08052 mac_user_flags & RSBAC_MAC_P_FLAGS) | 08053 RSBAC_MAC_DEF_INIT_P_FLAGS; 08054 } 08055 rsbac_kfree(mac_u_aci_p); 08056 } 08057 #endif 08058 08059 /* Set process aci - first init */ 08060 #ifdef CONFIG_RSBAC_MAC 08061 if (rsbac_list_add 08062 (process_handles.mac, &pid, 08063 &mac_init_p_aci)) 08064 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process 1 could not be added!"); 08065 #endif 08066 #ifdef CONFIG_RSBAC_RC 08067 /* Get boot role */ 08068 if (rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) { /* none: use root's role */ 08069 rc_u_aci_p = rsbac_kmalloc(sizeof(*rc_u_aci_p)); 08070 if (rc_u_aci_p) { 08071 if (!rsbac_list_get_data 08072 (user_handles.rc, &user, rc_u_aci_p)) { 08073 rc_init_p_aci.rc_role = rc_u_aci_p->rc_role; 08074 } else { /* last resort: general role */ 08075 rsbac_ds_get_error("rsbac_do_init", 08076 A_rc_def_role); 08077 rc_init_p_aci.rc_role = 08078 RSBAC_RC_GENERAL_ROLE; 08079 } 08080 rsbac_kfree(rc_u_aci_p); 08081 } 08082 } 08083 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role; 08084 if (rsbac_list_add 08085 (process_handles.rc, &pid, 08086 &rc_init_p_aci)) 08087 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Init process 1 could not be added!"); 08088 #endif 08089 read_lock(&tasklist_lock); 08090 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08091 for_each_task(p) 08092 #else 08093 for_each_process(p) 08094 #endif 08095 { 08096 /* not for kernel and init though... */ 08097 if (!p->pid || (p->pid == 1)) 08098 continue; 08099 pid = p->pid; 08100 rsbac_pr_debug(ds, "setting aci for process %u (%s)\n", pid, p->comm); 08101 #ifdef CONFIG_RSBAC_MAC 08102 if (rsbac_list_add 08103 (process_handles.mac, &pid, 08104 &mac_init_p_aci)) 08105 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process %u could not be added!\n", 08106 pid); 08107 #endif 08108 #ifdef CONFIG_RSBAC_RC 08109 k_tid.process = p->pid; 08110 if (rsbac_get_attr(SW_GEN, T_PROCESS, 08111 k_tid, 08112 A_kernel_thread, 08113 &k_attr_val, 08114 FALSE)) { 08115 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", pid); 08116 } 08117 if (k_attr_val.kernel_thread) { 08118 if (rsbac_list_add 08119 (process_handles.rc, 08120 &pid, &rc_kernel_p_aci)) 08121 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", 08122 pid); 08123 } 08124 #endif 08125 } 08126 read_unlock(&tasklist_lock); 08127 } 08128 list_for_each(p, &rsbac_kthread->list) { 08129 rsbac_kthread_entry = list_entry(p, 08130 struct rsbac_kthread_t, list); 08131 if (rsbac_kthread_entry->pid != 1 08132 && rsbac_kthread_entry->pid != rsbacd_pid) 08133 { 08134 read_lock(&tasklist_lock); 08135 if(find_task_by_pid(rsbac_kthread_entry->pid)) { 08136 read_unlock(&tasklist_lock); 08137 rsbac_kthread_notify(rsbac_kthread_entry->pid); 08138 } 08139 else { 08140 read_unlock(&tasklist_lock); 08141 rsbac_pr_debug(ds, "rsbac_do_init(): skipping gone away pid %u\n", 08142 rsbac_kthread_entry->pid); 08143 } 08144 /* kernel list implementation is for exclusive 08145 * wizards use, let's not free it now till 08146 * i know why it oops. consume about no 08147 * memory anyway. michal. 08148 */ 08149 08150 /* list_del(&rsbac_kthread_entry->list); 08151 * kfree(rsbac_kthread_entry);*/ 08152 } 08153 } /* explicitly mark init and rsbacd */ 08154 init_pid = 1; 08155 #ifdef CONFIG_RSBAC_MAC 08156 if (rsbac_list_add(process_handles.mac, &init_pid, &mac_init_p_aci)) 08157 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"init\" process could not be added!"); 08158 if (rsbac_list_add(process_handles.mac, &rsbacd_pid, &mac_init_p_aci)) 08159 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"rsbacd\" process could not be added!"); 08160 #endif 08161 #ifdef CONFIG_RSBAC_RC 08162 if (rsbac_list_add(process_handles.rc, &init_pid, &rc_init_p_aci)) 08163 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"init\" process could not be added"); 08164 if (rsbac_list_add(process_handles.rc, &rsbacd_pid, &rc_kernel_p_aci)) 08165 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"rsbacd\" process could not be added"); 08166 #endif 08167 08168 /*kfree(rsbac_kthread);*/ 08169 #endif /* MAC or RC */ 08170 08171 rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n"); 08172 return err; 08173 08174 #ifdef CONFIG_RSBAC_INIT_THREAD 08175 panic: 08176 rsbac_printk(KERN_ERR "rsbac_init(): *** RSBAC init failed to start - RSBAC not correctly initialized! ***\n"); 08177 /* let's panic - but only when in secure mode, warn otherwise */ 08178 #if !defined(CONFIG_RSBAC_MAINT) 08179 #ifdef CONFIG_RSBAC_SOFTMODE 08180 if (!rsbac_softmode) 08181 panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n"); 08182 #endif 08183 panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n"); 08184 #endif 08185 #endif 08186 }
int rsbac_kthread_notify | ( | rsbac_pid_t | pid | ) |
Definition at line 8188 of file aci_data_structures.c.
References process_handles, rsbac_initialized, rsbac_list_add(), and rsbac_printk().
Referenced by rsbac_init().
08189 { 08190 if (!rsbac_initialized) 08191 return 0; 08192 // rsbac_printk(KERN_DEBUG "rsbac_kthread_notify: marking pid %u!\n", 08193 // pid); 08194 /* Set process aci */ 08195 #ifdef CONFIG_RSBAC_MAC 08196 if (rsbac_list_add 08197 (process_handles.mac, &pid, &mac_init_p_aci)) 08198 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): MAC ACI for kernel process %u could not be added!", 08199 pid); 08200 #endif 08201 #ifdef CONFIG_RSBAC_RC 08202 if (rsbac_list_add 08203 (process_handles.rc, &pid, &rc_kernel_p_aci)) 08204 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): RC ACI for kernel process %u could not be added!", 08205 pid); 08206 #endif 08207 return 0; 08208 }
int rsbac_kthreads_init | ( | void | ) |
Definition at line 7870 of file aci_data_structures.c.
References rsbac_kthread_t::list, and rsbac_kthread.
07871 { 07872 rsbac_kthread_size_t = sizeof(struct rsbac_kthread_t); 07873 rsbac_kthread = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC); 07874 INIT_LIST_HEAD(&rsbac_kthread->list); 07875 return 0; 07876 }
int rsbac_mark_kthread | ( | rsbac_pid_t | pid | ) |
Definition at line 7878 of file aci_data_structures.c.
References rsbac_kthread_t::list, rsbac_kthread_t::pid, rsbac_initialized, and rsbac_kthread.
07879 { 07880 struct rsbac_kthread_t * rsbac_kthread_new; 07881 07882 if (rsbac_initialized) 07883 return 0; 07884 rsbac_kthread_new = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC); 07885 rsbac_kthread_new->pid = pid; 07886 list_add(&rsbac_kthread_new->list, &rsbac_kthread->list); 07887 return 0; 07888 }
int rsbac_mount | ( | struct super_block * | sb_p, | |
struct dentry * | d_covers | |||
) |
Definition at line 8212 of file aci_data_structures.c.
References add_device_item(), clear_device_item(), create_device_item(), device_hash(), device_list_locks, get_error_name(), lookup_device(), NULL, register_fd_lists(), rsbac_debug_no_write, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_init(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_mount(), RSBAC_MAXNAMELEN, rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_mount_reg(), rsbac_pr_debug, rsbac_printk(), rsbac_root_dev, rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE.
Referenced by get_attr_fd(), rsbac_do_init(), rsbac_get_super_block(), rsbac_ta_remove_target(), and set_attr_fd().
08213 { 08214 int err = 0; 08215 struct rsbac_device_list_item_t *device_p; 08216 struct rsbac_device_list_item_t *new_device_p; 08217 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08218 u_long flags; 08219 #endif 08220 rsbac_boolean_t old_no_write; 08221 u_int hash; 08222 08223 if (!sb_p) { 08224 rsbac_printk(KERN_WARNING "rsbac_mount(): called with NULL pointer\n"); 08225 return -RSBAC_EINVALIDPOINTER; 08226 } 08227 if (!rsbac_initialized) { 08228 #ifdef CONFIG_RSBAC_INIT_DELAY 08229 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08230 if (!RSBAC_MAJOR(rsbac_delayed_root) 08231 && !RSBAC_MINOR(rsbac_delayed_root) 08232 && rsbac_delayed_root_str[0] 08233 ) { /* translate string to kdev_t */ 08234 char *p = rsbac_delayed_root_str; 08235 u_int major = 0; 08236 u_int minor = 0; 08237 08238 major = simple_strtoul(p, NULL, 0); 08239 while ((*p != ':') && (*p != '\0')) 08240 p++; 08241 if (*p) { 08242 p++; 08243 minor = simple_strtoul(p, NULL, 0); 08244 } 08245 rsbac_delayed_root = RSBAC_MKDEV(major, minor); 08246 } 08247 #endif 08248 if (!rsbac_no_delay_init 08249 && ((!RSBAC_MAJOR(rsbac_delayed_root) 08250 && !RSBAC_MINOR(rsbac_delayed_root) 08251 && (MAJOR(sb_p->s_dev) > 1) 08252 ) 08253 || ((RSBAC_MAJOR(rsbac_delayed_root) 08254 || RSBAC_MINOR(rsbac_delayed_root) 08255 ) 08256 && 08257 ((MAJOR(sb_p->s_dev) == 08258 RSBAC_MAJOR(rsbac_delayed_root)) 08259 && (!RSBAC_MINOR(rsbac_delayed_root) 08260 || (MINOR(sb_p->s_dev) == 08261 RSBAC_MINOR(rsbac_delayed_root)) 08262 ) 08263 ) 08264 ) 08265 ) 08266 ) { 08267 if (RSBAC_MAJOR(rsbac_delayed_root) 08268 || RSBAC_MINOR(rsbac_delayed_root)) { 08269 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n", 08270 MAJOR(sb_p->s_dev), 08271 MINOR(sb_p->s_dev), 08272 RSBAC_MAJOR 08273 (rsbac_delayed_root), 08274 RSBAC_MINOR 08275 (rsbac_delayed_root)); 08276 } else { 08277 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n", 08278 MAJOR(sb_p->s_dev), 08279 MINOR(sb_p->s_dev)); 08280 } 08281 rsbac_init(sb_p->s_dev); 08282 return 0; 08283 } 08284 #endif 08285 08286 rsbac_printk(KERN_WARNING "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n", 08287 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 08288 08289 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08290 if ((sb_p->s_magic == SYSFS_MAGIC) 08291 && !RSBAC_MAJOR(sb_p->s_dev) 08292 ) { 08293 rsbac_printk(KERN_WARNING "rsbac_mount(): sysfs mount detected, keeping values for later use\n"); 08294 sysfs_sb_p = sb_p; 08295 sysfs_covered_p = d_covers; 08296 } 08297 #endif 08298 #ifdef CONFIG_DEVFS_MOUNT 08299 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC) 08300 && !RSBAC_MAJOR(sb_p->s_dev) 08301 ) { 08302 rsbac_printk(KERN_WARNING "rsbac_mount(): devfs mount detected, keeping values for later use\n"); 08303 devfs_sb_p = sb_p; 08304 devfs_covered_p = d_covers; 08305 } 08306 #endif 08307 return (-RSBAC_ENOTINITIALIZED); 08308 } 08309 rsbac_pr_debug(ds, "mounting device %02u:%02u\n", 08310 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 08311 rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space()); 08312 down(&rsbac_write_sem); 08313 old_no_write = rsbac_debug_no_write; 08314 rsbac_debug_no_write = TRUE; 08315 up(&rsbac_write_sem); 08316 hash = device_hash(sb_p->s_dev); 08317 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08318 rcu_read_lock(); 08319 #else 08320 rsbac_read_lock(&device_list_locks[hash], &flags); 08321 #endif 08322 device_p = lookup_device(sb_p->s_dev, hash); 08323 /* repeated mount? */ 08324 if (device_p) { 08325 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n", 08326 device_p->mount_count, MAJOR(sb_p->s_dev), 08327 MINOR(sb_p->s_dev)); 08328 device_p->mount_count++; 08329 if (d_covers 08330 && !device_p->d_covers 08331 && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev)) 08332 && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev)) 08333 ) { 08334 rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n", 08335 d_covers); 08336 device_p->d_covers = d_covers; 08337 } 08338 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08339 rcu_read_unlock(); 08340 #else 08341 rsbac_read_unlock(&device_list_locks[hash], &flags); 08342 #endif 08343 } else { 08344 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08345 rcu_read_unlock(); 08346 #else 08347 rsbac_read_unlock(&device_list_locks[hash], &flags); 08348 #endif 08349 /* OK, go on */ 08350 new_device_p = create_device_item(sb_p, d_covers); 08351 rsbac_pr_debug(stack, "after creating device item: free stack: %lu\n", 08352 rsbac_stack_free_space()); 08353 if (!new_device_p) { 08354 rsbac_debug_no_write = old_no_write; 08355 return -RSBAC_ECOULDNOTADDDEVICE; 08356 } 08357 08358 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08359 rcu_read_lock(); 08360 #else 08361 rsbac_read_lock(&device_list_locks[hash], &flags); 08362 #endif 08363 /* make sure to only add, if this device item has not been added in the meantime */ 08364 device_p = lookup_device(sb_p->s_dev, hash); 08365 if (device_p) { 08366 rsbac_printk(KERN_WARNING "rsbac_mount(): mount race for device %02u:%02u detected!\n", 08367 MAJOR(sb_p->s_dev), 08368 MINOR(sb_p->s_dev)); 08369 device_p->mount_count++; 08370 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08371 rcu_read_unlock(); 08372 #else 08373 rsbac_read_unlock(&device_list_locks[hash], &flags); 08374 #endif 08375 clear_device_item(new_device_p); 08376 } else { 08377 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08378 rcu_read_unlock(); 08379 #else 08380 rsbac_read_unlock(&device_list_locks[hash], &flags); 08381 #endif 08382 device_p = add_device_item(new_device_p); 08383 if (!device_p) { 08384 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n", 08385 MAJOR(sb_p->s_dev), 08386 MINOR(sb_p->s_dev)); 08387 clear_device_item(new_device_p); 08388 rsbac_debug_no_write = old_no_write; 08389 return -RSBAC_ECOULDNOTADDDEVICE; 08390 } 08391 } 08392 08393 /* Generic lists */ 08394 rsbac_list_mount(sb_p->s_dev); 08395 /* we do not lock device head - we know the device_p and hope for the best... */ 08396 /* also, we are within kernel mount sem */ 08397 if ((err = register_fd_lists(new_device_p, sb_p->s_dev))) { 08398 char *tmp; 08399 08400 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 08401 if (tmp) { 08402 rsbac_printk(KERN_WARNING "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n", 08403 MAJOR(sb_p->s_dev), 08404 MINOR(sb_p->s_dev), 08405 get_error_name(tmp, err)); 08406 rsbac_kfree(tmp); 08407 } 08408 } 08409 rsbac_pr_debug(stack, "after registering fd lists: free stack: %lu\n", 08410 rsbac_stack_free_space()); 08411 } 08412 08413 /* call other mount functions */ 08414 #if defined(CONFIG_RSBAC_MAC) 08415 rsbac_mount_mac(sb_p->s_dev); 08416 rsbac_pr_debug(stack, "after mount_mac: free stack: %lu\n", 08417 rsbac_stack_free_space()); 08418 #endif 08419 #if defined(CONFIG_RSBAC_AUTH) 08420 rsbac_mount_auth(sb_p->s_dev); 08421 rsbac_pr_debug(stack, "after mount_auth: free stack: %lu\n", 08422 rsbac_stack_free_space()); 08423 #endif 08424 #if defined(CONFIG_RSBAC_ACL) 08425 rsbac_mount_acl(sb_p->s_dev); 08426 rsbac_pr_debug(stack, "after mount_acl: free stack: %lu\n", 08427 rsbac_stack_free_space()); 08428 #endif 08429 #if defined(CONFIG_RSBAC_REG) 08430 rsbac_mount_reg(sb_p->s_dev); 08431 rsbac_pr_debug(stack, "after mount_reg: free stack: %lu\n", 08432 rsbac_stack_free_space()); 08433 #endif /* REG */ 08434 08435 rsbac_debug_no_write = old_no_write; 08436 return (err); 08437 }
void rsbac_read_close | ( | struct file * | file_p | ) |
Definition at line 2602 of file aci_data_structures.c.
References NULL.
Referenced by do_read_list(), do_read_lol_list(), read_info(), and rsbac_write_close().
02603 { 02604 /* cleanup copied from __fput */ 02605 struct dentry *dentry = file_p->f_dentry; 02606 struct inode *inode = dentry->d_inode; 02607 02608 if (file_p->f_op && file_p->f_op->release) 02609 file_p->f_op->release(inode, file_p); 02610 file_p->f_dentry = NULL; 02611 if (file_p->f_mode & FMODE_WRITE) 02612 put_write_access(inode); 02613 dput(dentry); 02614 }
int rsbac_read_open | ( | char * | name, | |
struct file * | file_p, | |||
kdev_t | kdev | |||
) |
Definition at line 2160 of file aci_data_structures.c.
References FALSE, init_private_file(), lookup_aci_path_dentry(), NULL, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_ENOTFOUND, RSBAC_EREADFAILED, rsbac_kfree(), rsbac_kmalloc(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, rsbac_pr_debug, and rsbac_printk().
Referenced by do_read_list(), do_read_lol_list(), and read_info().
02161 { 02162 struct dentry *dir_dentry_p; 02163 struct dentry *file_dentry_p; 02164 int tmperr, err; 02165 02166 if (!name || !file_p) { 02167 rsbac_pr_debug(ds, "called with NULL pointer!"); 02168 return (-RSBAC_EINVALIDPOINTER); 02169 } 02170 02171 /* lookup dentry of ACI_PATH on root device, lock is released there */ 02172 if ((err = 02173 lookup_aci_path_dentry(NULL, &dir_dentry_p, FALSE, kdev))) { 02174 return (err); 02175 } 02176 02177 /* open file for reading - this must be done 'by hand', because */ 02178 /* standard system calls are now extended by rsbac decision calls. */ 02179 file_dentry_p = 02180 rsbac_lookup_one_len(name, dir_dentry_p, strlen(name)); 02181 if (!file_dentry_p || IS_ERR(file_dentry_p)) { /* error in lookup */ 02182 return (-RSBAC_EREADFAILED); 02183 } 02184 if (!file_dentry_p->d_inode) { /* file not found: trying backup */ 02185 char *bname; 02186 int name_len = strlen(name); 02187 02188 dput(file_dentry_p); 02189 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02190 if (!bname) { 02191 return -RSBAC_ENOMEM; 02192 } 02193 02194 strcpy(bname, name); 02195 bname[name_len] = 'b'; 02196 name_len++; 02197 bname[name_len] = (char) 0; 02198 rsbac_pr_debug(ds, "could not lookup file %s, trying backup %s\n", 02199 name, bname); 02200 file_dentry_p = 02201 rsbac_lookup_one_len(bname, dir_dentry_p, 02202 strlen(bname)); 02203 rsbac_kfree(bname); 02204 if (!file_dentry_p || IS_ERR(file_dentry_p)) { /* error in lookup */ 02205 return (-RSBAC_EREADFAILED); 02206 } 02207 if (!file_dentry_p->d_inode) { /* backup file also not found: return error */ 02208 rsbac_pr_debug(ds, "could not lookup backup file %sb\n", 02209 name); 02210 dput(file_dentry_p); 02211 return (-RSBAC_ENOTFOUND); 02212 } 02213 } 02214 if (!(S_ISREG(file_dentry_p->d_inode->i_mode))) { /* this is not a file! -> error! */ 02215 rsbac_printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n"); 02216 dput(file_dentry_p); 02217 return (-RSBAC_EREADFAILED); 02218 } 02219 02220 /* Now we fill the file structure and */ 02221 /* if there is an open func for this file, use it, otherwise ignore */ 02222 if ((tmperr = init_private_file(file_p, file_dentry_p, O_RDONLY))) { 02223 dput(file_dentry_p); 02224 rsbac_printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n", 02225 name); 02226 return -RSBAC_EREADFAILED; 02227 } 02228 02229 /* if there is no read func, we get a problem -> error */ 02230 if ((!file_p->f_op) || (!file_p->f_op->read)) { 02231 if (!file_p->f_op) { 02232 rsbac_printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n", 02233 name); 02234 } else { 02235 rsbac_printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n", 02236 name); 02237 if (file_p->f_op->release) 02238 file_p->f_op->release(file_dentry_p-> 02239 d_inode, file_p); 02240 } 02241 dput(file_dentry_p); 02242 return -RSBAC_EREADFAILED; 02243 } 02244 return 0; 02245 }
int rsbac_stats | ( | void | ) |
Definition at line 8602 of file aci_data_structures.c.
References dev_handles, dev_major_handles, device_head_p, device_list_locks, ipc_handles, KERNEL_VERSION, process_handles, rsbac_adf_request_count, rsbac_adf_set_attr_count, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_count(), rsbac_printk(), rsbac_stats_acl(), rsbac_stats_auth(), rsbac_stats_pm(), rsbac_stats_rc(), T_DEV, T_DIR, T_FIFO, T_FILE, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SCD, T_SYMLINK, T_UNIXSOCK, T_USER, and user_handles.
Referenced by sys_rsbac_stats().
08603 { 08604 struct rsbac_device_list_item_t *device_p; 08605 u_long fd_count = 0, fd_sum = 0; 08606 u_long dev_sum = 0; 08607 u_long ipc_sum = 0; 08608 u_long user_sum = 0; 08609 u_long process_sum = 0; 08610 #if defined(CONFIG_RSBAC_UM) 08611 u_long group_sum = 0; 08612 #endif 08613 #if defined(CONFIG_RSBAC_NET_OBJ) 08614 u_long nettemp_sum = 0; 08615 u_long lnetobj_sum = 0; 08616 u_long rnetobj_sum = 0; 08617 #endif 08618 u_long total_sum = 0; 08619 long tmp_count = 0; 08620 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08621 u_long dflags; 08622 #endif 08623 u_int i; 08624 08625 if (!rsbac_initialized) { 08626 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n"); 08627 return (-RSBAC_ENOTINITIALIZED); 08628 } 08629 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) { 08630 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08631 rcu_read_lock(); 08632 #else 08633 rsbac_read_lock(&device_list_locks[i], &dflags); 08634 #endif 08635 /* rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n", 08636 device_list_lock.lock); */ 08637 device_p = rcu_dereference(device_head_p[i])->head; 08638 while (device_p) { /* for all sublists */ 08639 fd_count = rsbac_list_count(device_p->handles.gen); 08640 if (fd_count > 0) { 08641 rsbac_printk(", %lu GEN", fd_count); 08642 fd_sum += fd_count; 08643 } 08644 08645 #if defined(CONFIG_RSBAC_MAC) 08646 fd_count = rsbac_list_count(device_p->handles.mac); 08647 if (fd_count > 0) { 08648 rsbac_printk(", %lu MAC", fd_count); 08649 fd_sum += fd_count; 08650 } 08651 #endif 08652 08653 #if defined(CONFIG_RSBAC_PM) 08654 fd_count = rsbac_list_count(device_p->handles.pm); 08655 if (fd_count > 0) { 08656 rsbac_printk(", %lu PM", fd_count); 08657 fd_sum += fd_count; 08658 } 08659 #endif 08660 08661 #if defined(CONFIG_RSBAC_DAZ) 08662 fd_count = rsbac_list_count(device_p->handles.daz); 08663 if (fd_count > 0) { 08664 rsbac_printk(", %lu DAZ", fd_count); 08665 fd_sum += fd_count; 08666 } 08667 #if defined(CONFIG_RSBAC_DAZ_CACHE) 08668 fd_count = rsbac_list_count(device_p->handles.dazs); 08669 if (fd_count > 0) { 08670 rsbac_printk(", %lu DAZ SCANNED", fd_count); 08671 fd_sum += fd_count; 08672 } 08673 #endif 08674 #endif 08675 08676 #if defined(CONFIG_RSBAC_FF) 08677 fd_count = rsbac_list_count(device_p->handles.ff); 08678 if (fd_count > 0) { 08679 rsbac_printk(", %lu FF", fd_count); 08680 fd_sum += fd_count; 08681 } 08682 #endif 08683 08684 #if defined(CONFIG_RSBAC_RC) 08685 fd_count = rsbac_list_count(device_p->handles.rc); 08686 if (fd_count > 0) { 08687 rsbac_printk(", %lu RC", fd_count); 08688 fd_sum += fd_count; 08689 } 08690 #endif 08691 08692 #if defined(CONFIG_RSBAC_AUTH) 08693 fd_count = rsbac_list_count(device_p->handles.auth); 08694 if (fd_count > 0) { 08695 rsbac_printk(", %lu AUTH", fd_count); 08696 fd_sum += fd_count; 08697 } 08698 #endif 08699 08700 #if defined(CONFIG_RSBAC_CAP) 08701 fd_count = rsbac_list_count(device_p->handles.cap); 08702 if (fd_count > 0) { 08703 rsbac_printk(", %lu CAP", fd_count); 08704 fd_sum += fd_count; 08705 } 08706 #endif 08707 #if defined(CONFIG_RSBAC_RES) 08708 fd_count = rsbac_list_count(device_p->handles.res); 08709 if (fd_count > 0) { 08710 rsbac_printk(", %lu RES", fd_count); 08711 fd_sum += fd_count; 08712 } 08713 #endif 08714 #if defined(CONFIG_RSBAC_PAX) 08715 fd_count = rsbac_list_count(device_p->handles.pax); 08716 if (fd_count > 0) { 08717 rsbac_printk(", %lu PAX", fd_count); 08718 fd_sum += fd_count; 08719 } 08720 #endif 08721 08722 rsbac_printk("\n"); 08723 device_p = device_p->next; 08724 } 08725 tmp_count += rcu_dereference(device_head_p[i])->count; 08726 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08727 rcu_read_unlock(); 08728 #else 08729 rsbac_read_unlock(&device_list_locks[i], &dflags); 08730 #endif 08731 } 08732 rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n", 08733 tmp_count, fd_sum); 08734 /* free access to device_list_head */ 08735 total_sum += fd_sum; 08736 08737 /* dev lists */ 08738 tmp_count = rsbac_list_count(dev_handles.gen); 08739 rsbac_printk(KERN_INFO "DEV items: %lu GEN", tmp_count); 08740 dev_sum += tmp_count; 08741 #if defined(CONFIG_RSBAC_MAC) 08742 tmp_count = rsbac_list_count(dev_handles.mac); 08743 rsbac_printk(", %lu MAC", tmp_count); 08744 dev_sum += tmp_count; 08745 #endif 08746 #if defined(CONFIG_RSBAC_PM) 08747 tmp_count = rsbac_list_count(dev_handles.pm); 08748 rsbac_printk(", %lu PM", tmp_count); 08749 dev_sum += tmp_count; 08750 #endif 08751 #if defined(CONFIG_RSBAC_RC) 08752 tmp_count = rsbac_list_count(dev_major_handles.rc); 08753 rsbac_printk(", %lu major RC", tmp_count); 08754 dev_sum += tmp_count; 08755 tmp_count = rsbac_list_count(dev_handles.rc); 08756 rsbac_printk(", %lu RC", tmp_count); 08757 dev_sum += tmp_count; 08758 #endif 08759 rsbac_printk("\n"); 08760 rsbac_printk(KERN_INFO "Sum of %lu DEV items\n", dev_sum); 08761 total_sum += dev_sum; 08762 08763 /* ipc lists */ 08764 rsbac_printk(KERN_INFO "IPC items: no GEN"); 08765 #if defined(CONFIG_RSBAC_MAC) 08766 tmp_count = rsbac_list_count(ipc_handles.mac); 08767 rsbac_printk(", %lu MAC", tmp_count); 08768 ipc_sum += tmp_count; 08769 #endif 08770 #if defined(CONFIG_RSBAC_PM) 08771 tmp_count = rsbac_list_count(ipc_handles.pm); 08772 rsbac_printk(", %lu PM", tmp_count); 08773 ipc_sum += tmp_count; 08774 #endif 08775 #if defined(CONFIG_RSBAC_RC) 08776 tmp_count = rsbac_list_count(ipc_handles.rc); 08777 rsbac_printk(", %lu RC", tmp_count); 08778 ipc_sum += tmp_count; 08779 #endif 08780 #if defined(CONFIG_RSBAC_JAIL) 08781 tmp_count = rsbac_list_count(ipc_handles.jail); 08782 rsbac_printk(", %lu JAIL", tmp_count); 08783 ipc_sum += tmp_count; 08784 #endif 08785 rsbac_printk("\n"); 08786 rsbac_printk(KERN_INFO "Sum of %lu IPC items\n", ipc_sum); 08787 total_sum += ipc_sum; 08788 08789 /* user lists */ 08790 tmp_count = rsbac_list_count(user_handles.gen); 08791 rsbac_printk(KERN_INFO "USER items: %lu GEN", tmp_count); 08792 user_sum += tmp_count; 08793 #if defined(CONFIG_RSBAC_MAC) 08794 tmp_count = rsbac_list_count(user_handles.mac); 08795 rsbac_printk(", %lu MAC", tmp_count); 08796 user_sum += tmp_count; 08797 #endif 08798 #if defined(CONFIG_RSBAC_PM) 08799 tmp_count = rsbac_list_count(user_handles.pm); 08800 rsbac_printk(", %lu PM", tmp_count); 08801 user_sum += tmp_count; 08802 #endif 08803 #if defined(CONFIG_RSBAC_DAZ) 08804 tmp_count = rsbac_list_count(user_handles.daz); 08805 rsbac_printk(", %lu DAZ", tmp_count); 08806 user_sum += tmp_count; 08807 #endif 08808 #if defined(CONFIG_RSBAC_RC) 08809 tmp_count = rsbac_list_count(user_handles.rc); 08810 rsbac_printk(", %lu RC", tmp_count); 08811 user_sum += tmp_count; 08812 #endif 08813 #if defined(CONFIG_RSBAC_AUTH) 08814 tmp_count = rsbac_list_count(user_handles.auth); 08815 rsbac_printk(", %lu AUTH", tmp_count); 08816 user_sum += tmp_count; 08817 #endif 08818 #if defined(CONFIG_RSBAC_CAP) 08819 tmp_count = rsbac_list_count(user_handles.cap); 08820 rsbac_printk(", %lu CAP", tmp_count); 08821 user_sum += tmp_count; 08822 #endif 08823 #if defined(CONFIG_RSBAC_JAIL) 08824 tmp_count = rsbac_list_count(user_handles.jail); 08825 rsbac_printk(", %lu JAIL", tmp_count); 08826 user_sum += tmp_count; 08827 #endif 08828 #if defined(CONFIG_RSBAC_RES) 08829 tmp_count = rsbac_list_count(user_handles.res); 08830 rsbac_printk(", %lu RES", tmp_count); 08831 user_sum += tmp_count; 08832 #endif 08833 #if defined(CONFIG_RSBAC_PAX) 08834 tmp_count = rsbac_list_count(user_handles.pax); 08835 rsbac_printk(", %lu PAX", tmp_count); 08836 user_sum += tmp_count; 08837 #endif 08838 rsbac_printk("\n"); 08839 rsbac_printk(KERN_INFO "Sum of %lu USER items\n", user_sum); 08840 total_sum += user_sum; 08841 08842 /* process lists */ 08843 tmp_count = rsbac_list_count(process_handles.gen); 08844 rsbac_printk(KERN_INFO "PROCESS items: %lu GEN", tmp_count); 08845 process_sum += tmp_count; 08846 #if defined(CONFIG_RSBAC_MAC) 08847 tmp_count = rsbac_list_count(process_handles.mac); 08848 rsbac_printk(", %lu MAC", tmp_count); 08849 process_sum += tmp_count; 08850 #endif 08851 #if defined(CONFIG_RSBAC_PM) 08852 tmp_count = rsbac_list_count(process_handles.pm); 08853 rsbac_printk(", %lu PM", tmp_count); 08854 process_sum += tmp_count; 08855 #endif 08856 #if defined(CONFIG_RSBAC_DAZ) 08857 tmp_count = rsbac_list_count(process_handles.daz); 08858 rsbac_printk(", %lu DAZ", tmp_count); 08859 process_sum += tmp_count; 08860 #endif 08861 #if defined(CONFIG_RSBAC_RC) 08862 tmp_count = rsbac_list_count(process_handles.rc); 08863 rsbac_printk(", %lu RC", tmp_count); 08864 process_sum += tmp_count; 08865 #endif 08866 #if defined(CONFIG_RSBAC_AUTH) 08867 tmp_count = rsbac_list_count(process_handles.auth); 08868 rsbac_printk(", %lu AUTH", tmp_count); 08869 process_sum += tmp_count; 08870 #endif 08871 #if defined(CONFIG_RSBAC_CAP) 08872 tmp_count = rsbac_list_count(process_handles.cap); 08873 rsbac_printk(", %lu CAP", tmp_count); 08874 process_sum += tmp_count; 08875 #endif 08876 #if defined(CONFIG_RSBAC_JAIL) 08877 tmp_count = rsbac_list_count(process_handles.jail); 08878 rsbac_printk(", %lu JAIL", tmp_count); 08879 process_sum += tmp_count; 08880 #endif 08881 rsbac_printk("\n"); 08882 rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n", process_sum); 08883 total_sum += process_sum; 08884 08885 #if defined(CONFIG_RSBAC_UM) 08886 /* group lists */ 08887 rsbac_printk(KERN_INFO "GROUP items: "); 08888 #if defined(CONFIG_RSBAC_RC_UM_PROT) 08889 tmp_count = rsbac_list_count(group_handles.rc); 08890 rsbac_printk("%lu RC", tmp_count); 08891 user_sum += tmp_count; 08892 #endif 08893 rsbac_printk("\n"); 08894 rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n", group_sum); 08895 total_sum += group_sum; 08896 #endif 08897 08898 #if defined(CONFIG_RSBAC_NET_OBJ) 08899 /* nettemp lists */ 08900 rsbac_printk(KERN_INFO "NETTEMP items: "); 08901 #if defined(CONFIG_RSBAC_MAC) 08902 tmp_count = rsbac_list_count(nettemp_handles.mac); 08903 rsbac_printk("%lu MAC, ", tmp_count); 08904 nettemp_sum += tmp_count; 08905 #endif 08906 #if defined(CONFIG_RSBAC_PM) 08907 tmp_count = rsbac_list_count(nettemp_handles.pm); 08908 rsbac_printk("%lu PM, ", tmp_count); 08909 nettemp_sum += tmp_count; 08910 #endif 08911 #if defined(CONFIG_RSBAC_RC) 08912 tmp_count = rsbac_list_count(nettemp_handles.rc); 08913 rsbac_printk("%lu RC, ", tmp_count); 08914 nettemp_sum += tmp_count; 08915 #endif 08916 rsbac_printk("\n"); 08917 rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n", nettemp_sum); 08918 total_sum += nettemp_sum; 08919 08920 /* local netobj lists */ 08921 rsbac_printk(KERN_INFO "Local NETOBJ items:"); 08922 #if defined(CONFIG_RSBAC_MAC) 08923 tmp_count = rsbac_list_count(lnetobj_handles.mac); 08924 rsbac_printk(" %lu MAC,", tmp_count); 08925 lnetobj_sum += tmp_count; 08926 #endif 08927 #if defined(CONFIG_RSBAC_PM) 08928 tmp_count = rsbac_list_count(lnetobj_handles.pm); 08929 rsbac_printk(" %lu PM,", tmp_count); 08930 lnetobj_sum += tmp_count; 08931 #endif 08932 #if defined(CONFIG_RSBAC_RC) 08933 tmp_count = rsbac_list_count(lnetobj_handles.rc); 08934 rsbac_printk(" %lu RC", tmp_count); 08935 lnetobj_sum += tmp_count; 08936 #endif 08937 rsbac_printk("\n"); 08938 rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n", 08939 lnetobj_sum); 08940 total_sum += lnetobj_sum; 08941 08942 /* remote netobj lists */ 08943 rsbac_printk(KERN_INFO "Remote NETOBJ items:"); 08944 #if defined(CONFIG_RSBAC_MAC) 08945 tmp_count = rsbac_list_count(rnetobj_handles.mac); 08946 rsbac_printk(" %lu MAC,", tmp_count); 08947 rnetobj_sum += tmp_count; 08948 #endif 08949 #if defined(CONFIG_RSBAC_PM) 08950 tmp_count = rsbac_list_count(rnetobj_handles.pm); 08951 rsbac_printk(" %lu PM,", tmp_count); 08952 rnetobj_sum += tmp_count; 08953 #endif 08954 #if defined(CONFIG_RSBAC_RC) 08955 tmp_count = rsbac_list_count(rnetobj_handles.rc); 08956 rsbac_printk(" %lu RC", tmp_count); 08957 rnetobj_sum += tmp_count; 08958 #endif 08959 rsbac_printk("\n"); 08960 rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n", 08961 rnetobj_sum); 08962 total_sum += rnetobj_sum; 08963 #endif /* NET_OBJ */ 08964 08965 rsbac_printk(KERN_INFO "Total of %lu registered rsbac-items\n", total_sum); 08966 08967 rsbac_printk(KERN_INFO "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n", 08968 rsbac_adf_request_count[T_FILE], 08969 rsbac_adf_request_count[T_DIR], 08970 rsbac_adf_request_count[T_FIFO], 08971 rsbac_adf_request_count[T_SYMLINK], 08972 rsbac_adf_request_count[T_DEV], 08973 rsbac_adf_request_count[T_IPC], 08974 rsbac_adf_request_count[T_SCD], 08975 rsbac_adf_request_count[T_USER], 08976 rsbac_adf_request_count[T_PROCESS], 08977 rsbac_adf_request_count[T_NETDEV], 08978 rsbac_adf_request_count[T_NETTEMP], 08979 rsbac_adf_request_count[T_NETOBJ], 08980 rsbac_adf_request_count[T_UNIXSOCK]); 08981 rsbac_printk(KERN_INFO "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n", 08982 rsbac_adf_set_attr_count[T_FILE], 08983 rsbac_adf_set_attr_count[T_DIR], 08984 rsbac_adf_set_attr_count[T_FIFO], 08985 rsbac_adf_set_attr_count[T_SYMLINK], 08986 rsbac_adf_set_attr_count[T_DEV], 08987 rsbac_adf_set_attr_count[T_IPC], 08988 rsbac_adf_set_attr_count[T_SCD], 08989 rsbac_adf_set_attr_count[T_USER], 08990 rsbac_adf_set_attr_count[T_PROCESS], 08991 rsbac_adf_set_attr_count[T_NETDEV], 08992 rsbac_adf_set_attr_count[T_NETTEMP], 08993 rsbac_adf_set_attr_count[T_NETOBJ], 08994 rsbac_adf_set_attr_count[T_UNIXSOCK]); 08995 08996 #if defined(CONFIG_RSBAC_PM) 08997 rsbac_stats_pm(); 08998 #endif 08999 #if defined(CONFIG_RSBAC_RC) 09000 rsbac_stats_rc(); 09001 #endif 09002 #if defined(CONFIG_RSBAC_AUTH) 09003 rsbac_stats_auth(); 09004 #endif 09005 #if defined(CONFIG_RSBAC_ACL) 09006 rsbac_stats_acl(); 09007 #endif 09008 return 0; 09009 }
int rsbac_ta_get_attr | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value_p, | |||
rsbac_boolean_t | inherit | |||
) |
Definition at line 11442 of file aci_data_structures.c.
References rsbac_target_id_t::dev, get_attr_dev(), get_attr_fd(), get_attr_ipc(), get_attr_process(), get_attr_user(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_lol_get_subdata(), rsbac_list_lol_subadd_ttl(), rsbac_pr_debug, rsbac_printk(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, T_UNIXSOCK, T_USER, and TRUE.
Referenced by rsbac_pm(), sys_rsbac_get_attr(), and sys_rsbac_get_attr_n().
11449 { 11450 int err = 0; 11451 11452 if (!rsbac_initialized) { 11453 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n"); 11454 return (-RSBAC_ENOTINITIALIZED); 11455 } 11456 if (!value_p) 11457 return (-RSBAC_EINVALIDPOINTER); 11458 if (in_interrupt()) { 11459 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n"); 11460 } 11461 #ifdef CONFIG_RSBAC_XSTATS 11462 get_attr_count[target]++; 11463 #endif 11464 switch (target) { 11465 case T_FILE: 11466 case T_DIR: 11467 case T_FIFO: 11468 case T_SYMLINK: 11469 case T_UNIXSOCK: 11470 #ifdef CONFIG_RSBAC_FD_CACHE 11471 if (inherit && !ta_number && fd_cache_handle[module] && (RSBAC_MAJOR(tid.file.device) > 1)) { 11472 struct rsbac_fd_cache_desc_t fd_desc; 11473 rsbac_enum_t cache_attr = attr; 11474 11475 fd_desc.device = tid.file.device; 11476 fd_desc.inode = tid.file.inode; 11477 if (!rsbac_list_lol_get_subdata(fd_cache_handle[module], 11478 &fd_desc, &cache_attr, 11479 value_p)) { 11480 #ifdef CONFIG_RSBAC_XSTATS 11481 fd_cache_hits[module]++; 11482 #endif 11483 return 0; 11484 } 11485 err = get_attr_fd(0, module, target, &tid, 11486 attr, value_p, TRUE); 11487 if (!err) { 11488 #if 0 11489 rsbac_pr_debug(auto, "Adding fd cache item device %02u:%02u inode %u attr %u\n", 11490 RSBAC_MAJOR(fd_desc.device), RSBAC_MINOR(fd_desc.device), 11491 fd_desc.inode, attr); 11492 #endif 11493 rsbac_list_lol_subadd_ttl(fd_cache_handle[module], 11494 rsbac_fd_cache_ttl, 11495 &fd_desc, &cache_attr, 11496 value_p); 11497 #ifdef CONFIG_RSBAC_XSTATS 11498 fd_cache_misses[module]++; 11499 #endif 11500 } 11501 return err; 11502 } 11503 #endif 11504 11505 return get_attr_fd(ta_number, module, target, &tid, 11506 attr, value_p, inherit); 11507 11508 case T_DEV: 11509 return get_attr_dev(ta_number, module, target, tid.dev, 11510 attr, value_p, inherit); 11511 11512 case T_IPC: 11513 return get_attr_ipc(ta_number, module, target, &tid, 11514 attr, value_p, inherit); 11515 11516 case T_USER: 11517 return get_attr_user(ta_number, module, target, &tid, 11518 attr, value_p, inherit); 11519 11520 case T_PROCESS: 11521 return get_attr_process(ta_number, module, target, &tid, 11522 attr, value_p, inherit); 11523 11524 #ifdef CONFIG_RSBAC_UM 11525 case T_GROUP: 11526 return get_attr_group(ta_number, module, target, &tid, 11527 attr, value_p, inherit); 11528 #endif /* CONFIG_RSBAC_UM */ 11529 11530 #ifdef CONFIG_RSBAC_NET_DEV 11531 case T_NETDEV: 11532 return get_attr_netdev(ta_number, module, target, &tid, 11533 attr, value_p, inherit); 11534 #endif 11535 11536 #ifdef CONFIG_RSBAC_NET_OBJ 11537 case T_NETTEMP: 11538 return get_attr_nettemp(ta_number, module, target, &tid, 11539 attr, value_p, inherit); 11540 11541 case T_NETOBJ: 11542 return get_attr_netobj(ta_number, module, target, &tid, 11543 attr, value_p, inherit); 11544 #endif 11545 11546 /* switch target: no valid target */ 11547 default: 11548 return -RSBAC_EINVALIDTARGET; 11549 } 11550 11551 return err; 11552 }
int rsbac_ta_list_all_dev | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_dev_desc_t ** | id_pp | |||
) |
Definition at line 14188 of file aci_data_structures.c.
References D_block, D_block_major, dev_handles, dev_major_handles, NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_exist(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc.
Referenced by sys_rsbac_list_all_dev().
14190 { 14191 int count = 0; 14192 int tmp_count; 14193 14194 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen); 14195 if (tmp_count > 0) 14196 count += tmp_count; 14197 #if defined(CONFIG_RSBAC_MAC) 14198 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac); 14199 if (tmp_count > 0) 14200 count += tmp_count; 14201 #endif 14202 #if defined(CONFIG_RSBAC_PM) 14203 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm); 14204 if (tmp_count > 0) 14205 count += tmp_count; 14206 #endif 14207 #if defined(CONFIG_RSBAC_RC) 14208 tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc); 14209 if (tmp_count > 0) 14210 count += tmp_count; 14211 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc); 14212 if (tmp_count > 0) 14213 count += tmp_count; 14214 #endif 14215 if (id_pp) { 14216 struct rsbac_dev_desc_t *i_id_p = NULL; 14217 char *pos = NULL; 14218 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC) 14219 u_int i; 14220 #endif 14221 14222 if (count > 0) { 14223 int i_count = 0; 14224 14225 i_count = count + 20; /* max value to expect */ 14226 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); 14227 if (!*id_pp) 14228 return -RSBAC_ENOMEM; 14229 pos = (char *) *id_pp; 14230 tmp_count = rsbac_ta_list_get_all_desc(ta_number, 14231 dev_handles. 14232 gen, 14233 (void **) 14234 &i_id_p); 14235 if (tmp_count > 0) { 14236 if (tmp_count > i_count) 14237 tmp_count = i_count; 14238 memcpy(pos, i_id_p, 14239 tmp_count * sizeof(*i_id_p)); 14240 rsbac_vfree(i_id_p); 14241 count = tmp_count; 14242 i_count -= tmp_count; 14243 pos += tmp_count * sizeof(*i_id_p); 14244 } else 14245 count = 0; 14246 #if defined(CONFIG_RSBAC_MAC) 14247 if (i_count) { 14248 tmp_count = 14249 rsbac_ta_list_get_all_desc(ta_number, 14250 dev_handles. 14251 mac, 14252 (void **) 14253 &i_id_p); 14254 if (tmp_count > 0) { 14255 if (tmp_count > i_count) 14256 tmp_count = i_count; 14257 for (i = 0; i < tmp_count; i++) { 14258 if (!rsbac_ta_list_exist 14259 (ta_number, 14260 dev_handles.gen, 14261 &i_id_p[i])) { 14262 memcpy(pos, 14263 &i_id_p[i], 14264 sizeof 14265 (*i_id_p)); 14266 pos += 14267 sizeof 14268 (*i_id_p); 14269 count++; 14270 i_count--; 14271 } 14272 } 14273 rsbac_vfree(i_id_p); 14274 } 14275 } 14276 #endif 14277 #if defined(CONFIG_RSBAC_PM) 14278 if (i_count) { 14279 tmp_count = 14280 rsbac_ta_list_get_all_desc(ta_number, 14281 dev_handles. 14282 pm, 14283 (void **) 14284 &i_id_p); 14285 if (tmp_count > 0) { 14286 if (tmp_count > i_count) 14287 tmp_count = i_count; 14288 for (i = 0; i < tmp_count; i++) { 14289 if (!rsbac_ta_list_exist 14290 (ta_number, 14291 dev_handles.gen, 14292 &i_id_p[i])) 14293 #if defined(CONFIG_RSBAC_MAC) 14294 if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i])) 14295 #endif 14296 { 14297 memcpy(pos, 14298 &i_id_p 14299 [i], 14300 sizeof 14301 (*i_id_p)); 14302 pos += 14303 sizeof 14304 (*i_id_p); 14305 count++; 14306 i_count--; 14307 } 14308 } 14309 rsbac_vfree(i_id_p); 14310 } 14311 } 14312 #endif 14313 #if defined(CONFIG_RSBAC_RC) 14314 if (i_count) { 14315 tmp_count = 14316 rsbac_ta_list_get_all_desc(ta_number, 14317 dev_major_handles. 14318 rc, 14319 (void **) 14320 &i_id_p); 14321 if (tmp_count > 0) { 14322 if (tmp_count > i_count) 14323 tmp_count = i_count; 14324 for (i = 0; i < tmp_count; i++) { 14325 i_id_p[i].type += 14326 (D_block_major - 14327 D_block); 14328 memcpy(pos, &i_id_p[i], 14329 sizeof(*i_id_p)); 14330 pos += sizeof(*i_id_p); 14331 count++; 14332 i_count--; 14333 } 14334 rsbac_vfree(i_id_p); 14335 } 14336 } 14337 if (i_count) { 14338 tmp_count = 14339 rsbac_ta_list_get_all_desc(ta_number, 14340 dev_handles. 14341 rc, 14342 (void **) 14343 &i_id_p); 14344 if (tmp_count > 0) { 14345 if (tmp_count > i_count) 14346 tmp_count = i_count; 14347 for (i = 0; i < tmp_count; i++) { 14348 if (!rsbac_ta_list_exist 14349 (ta_number, 14350 dev_handles.gen, 14351 &i_id_p[i])) 14352 #if defined(CONFIG_RSBAC_MAC) 14353 if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i])) 14354 #endif 14355 #if defined(CONFIG_RSBAC_PM) 14356 if (!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i])) 14357 #endif 14358 { 14359 memcpy 14360 (pos, 14361 &i_id_p 14362 [i], 14363 sizeof 14364 (*i_id_p)); 14365 pos += sizeof(*i_id_p); 14366 count++; 14367 i_count--; 14368 } 14369 } 14370 rsbac_vfree(i_id_p); 14371 } 14372 } 14373 #endif 14374 if (!count) 14375 rsbac_vfree(*id_pp); 14376 } 14377 } 14378 return count; 14379 }
int rsbac_ta_list_all_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t ** | id_pp | |||
) |
Definition at line 14657 of file aci_data_structures.c.
References NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc.
Referenced by sys_rsbac_list_all_group().
14659 { 14660 #if defined(CONFIG_RSBAC_RC_UM_PROT) 14661 int count = 0; 14662 int tmp_count; 14663 14664 tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc); 14665 if (tmp_count > 0) 14666 count += tmp_count; 14667 if (id_pp) { 14668 if (count > 0) { 14669 int i_count; 14670 rsbac_gid_t *i_id_p = NULL; 14671 14672 i_count = count + 20; /* max value to expect */ 14673 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); 14674 if (!*id_pp) 14675 return -RSBAC_ENOMEM; 14676 tmp_count = rsbac_ta_list_get_all_desc(ta_number, 14677 group_handles. 14678 rc, 14679 (void **) 14680 &i_id_p); 14681 if (tmp_count > 0) { 14682 if (tmp_count > i_count) 14683 tmp_count = i_count; 14684 memcpy(*id_pp, i_id_p, 14685 tmp_count * sizeof(*i_id_p)); 14686 rsbac_vfree(i_id_p); 14687 count = tmp_count; 14688 i_count -= tmp_count; 14689 } else 14690 count = 0; 14691 if (!count) 14692 rsbac_vfree(*id_pp); 14693 } 14694 } 14695 return count; 14696 #else 14697 return 0; 14698 #endif 14699 }
int rsbac_ta_list_all_ipc | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_ipc_t ** | id_pp | |||
) |
Definition at line 14599 of file aci_data_structures.c.
References copy_new_ipcs(), ipc_handles, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_vfree, and rsbac_vmalloc.
Referenced by sys_rsbac_list_all_ipc().
14601 { 14602 int count = 0; 14603 int tmp_count; 14604 14605 #if defined(CONFIG_RSBAC_MAC) 14606 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.mac); 14607 if (tmp_count > 0) 14608 count += tmp_count; 14609 #endif 14610 #if defined(CONFIG_RSBAC_PM) 14611 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.pm); 14612 if (tmp_count > 0) 14613 count += tmp_count; 14614 #endif 14615 #if defined(CONFIG_RSBAC_RC) 14616 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.rc); 14617 if (tmp_count > 0) 14618 count += tmp_count; 14619 #endif 14620 #if defined(CONFIG_RSBAC_JAIL) 14621 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.jail); 14622 if (tmp_count > 0) 14623 count += tmp_count; 14624 #endif 14625 if (id_pp) { 14626 if (count > 0) { 14627 int i_count; 14628 14629 i_count = count + 20; /* max value to expect */ 14630 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); 14631 if (!*id_pp) 14632 return -RSBAC_ENOMEM; 14633 count = 0; 14634 #if defined(CONFIG_RSBAC_MAC) 14635 copy_new_ipcs(ipc_handles.mac, ta_number, &count, 14636 &i_count, *id_pp); 14637 #endif 14638 #if defined(CONFIG_RSBAC_PM) 14639 copy_new_ipcs(ipc_handles.pm, ta_number, &count, 14640 &i_count, *id_pp); 14641 #endif 14642 #if defined(CONFIG_RSBAC_RC) 14643 copy_new_ipcs(ipc_handles.rc, ta_number, &count, 14644 &i_count, *id_pp); 14645 #endif 14646 #if defined(CONFIG_RSBAC_JAIL) 14647 copy_new_ipcs(ipc_handles.jail, ta_number, &count, 14648 &i_count, *id_pp); 14649 #endif 14650 if (!count) 14651 rsbac_vfree(*id_pp); 14652 } 14653 } 14654 return count; 14655 }
int rsbac_ta_list_all_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t ** | id_pp | |||
) |
Definition at line 14425 of file aci_data_structures.c.
References copy_new_uids(), NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, rsbac_vmalloc, and user_handles.
Referenced by sys_rsbac_list_all_user().
14427 { 14428 int count = 0; 14429 int tmp_count; 14430 14431 tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen); 14432 if (tmp_count > 0) 14433 count += tmp_count; 14434 #if defined(CONFIG_RSBAC_MAC) 14435 tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac); 14436 if (tmp_count > 0) 14437 count += tmp_count; 14438 #endif 14439 #if defined(CONFIG_RSBAC_PM) 14440 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm); 14441 if (tmp_count > 0) 14442 count += tmp_count; 14443 #endif 14444 #if defined(CONFIG_RSBAC_DAZ) 14445 tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz); 14446 if (tmp_count > 0) 14447 count += tmp_count; 14448 #endif 14449 #if defined(CONFIG_RSBAC_FF) 14450 tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff); 14451 if (tmp_count > 0) 14452 count += tmp_count; 14453 #endif 14454 #if defined(CONFIG_RSBAC_RC) 14455 tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc); 14456 if (tmp_count > 0) 14457 count += tmp_count; 14458 #endif 14459 #if defined(CONFIG_RSBAC_AUTH) 14460 tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth); 14461 if (tmp_count > 0) 14462 count += tmp_count; 14463 #endif 14464 #if defined(CONFIG_RSBAC_CAP) 14465 tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap); 14466 if (tmp_count > 0) 14467 count += tmp_count; 14468 #endif 14469 #if defined(CONFIG_RSBAC_JAIL) 14470 tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail); 14471 if (tmp_count > 0) 14472 count += tmp_count; 14473 #endif 14474 #if defined(CONFIG_RSBAC_PAX) 14475 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax); 14476 if (tmp_count > 0) 14477 count += tmp_count; 14478 #endif 14479 #if defined(CONFIG_RSBAC_RES) 14480 tmp_count = rsbac_ta_list_count(ta_number, user_handles.res); 14481 if (tmp_count > 0) 14482 count += tmp_count; 14483 #endif 14484 if (id_pp) { 14485 if (count > 0) { 14486 int i_count; 14487 rsbac_uid_t *i_id_p = NULL; 14488 14489 i_count = count + 20; /* max value to expect */ 14490 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); 14491 if (!*id_pp) 14492 return -RSBAC_ENOMEM; 14493 tmp_count = rsbac_ta_list_get_all_desc(ta_number, 14494 user_handles. 14495 gen, 14496 (void **) 14497 &i_id_p); 14498 if (tmp_count > 0) { 14499 if (tmp_count > i_count) 14500 tmp_count = i_count; 14501 memcpy(*id_pp, i_id_p, 14502 tmp_count * sizeof(*i_id_p)); 14503 rsbac_vfree(i_id_p); 14504 count = tmp_count; 14505 i_count -= tmp_count; 14506 } else 14507 count = 0; 14508 #if defined(CONFIG_RSBAC_MAC) 14509 copy_new_uids(user_handles.mac, ta_number, &count, 14510 &i_count, *id_pp); 14511 #endif 14512 #if defined(CONFIG_RSBAC_PM) 14513 copy_new_uids(user_handles.pm, ta_number, &count, 14514 &i_count, *id_pp); 14515 #endif 14516 #if defined(CONFIG_RSBAC_DAZ) 14517 copy_new_uids(user_handles.daz, ta_number, &count, 14518 &i_count, *id_pp); 14519 #endif 14520 #if defined(CONFIG_RSBAC_FF) 14521 copy_new_uids(user_handles.ff, ta_number, &count, 14522 &i_count, *id_pp); 14523 #endif 14524 #if defined(CONFIG_RSBAC_RC) 14525 copy_new_uids(user_handles.rc, ta_number, &count, 14526 &i_count, *id_pp); 14527 #endif 14528 #if defined(CONFIG_RSBAC_AUTH) 14529 copy_new_uids(user_handles.auth, ta_number, &count, 14530 &i_count, *id_pp); 14531 #endif 14532 #if defined(CONFIG_RSBAC_CAP) 14533 copy_new_uids(user_handles.cap, ta_number, &count, 14534 &i_count, *id_pp); 14535 #endif 14536 #if defined(CONFIG_RSBAC_JAIL) 14537 copy_new_uids(user_handles.jail, ta_number, &count, 14538 &i_count, *id_pp); 14539 #endif 14540 #if defined(CONFIG_RSBAC_PAX) 14541 copy_new_uids(user_handles.pax, ta_number, &count, 14542 &i_count, *id_pp); 14543 #endif 14544 #if defined(CONFIG_RSBAC_RES) 14545 copy_new_uids(user_handles.res, ta_number, &count, 14546 &i_count, *id_pp); 14547 #endif 14548 if (!count) 14549 rsbac_vfree(*id_pp); 14550 } 14551 } 14552 return count; 14553 }
int rsbac_ta_remove_target | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid | |||
) |
Definition at line 13760 of file aci_data_structures.c.
References D_block, D_block_major, D_char, D_char_major, rsbac_target_id_t::dev, dev_handles, dev_major_handles, device_hash(), device_list_locks, rsbac_target_id_t::group, rsbac_target_id_t::ipc, ipc_handles, lookup_device(), rsbac_target_id_t::netdev, rsbac_target_id_t::netobj, rsbac_target_id_t::nettemp, NULL, rsbac_target_id_t::process, process_handles, rsbac_acl_remove_acl(), rsbac_auth_remove_f_capsets(), rsbac_auth_remove_p_capsets(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_mac_remove_f_trusets(), rsbac_mac_remove_p_trusets(), rsbac_mount(), rsbac_printk(), rsbac_ta_list_remove(), rsbac_net_obj_desc_t::sock_p, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SYMLINK, T_UNIXSOCK, T_USER, rsbac_dev_desc_t::type, rsbac_target_id_t::user, and user_handles.
Referenced by rsbac_pm(), sys_rsbac_remove_target(), and sys_rsbac_remove_target_n().
13763 { 13764 int error = 0; 13765 struct rsbac_device_list_item_t *device_p; 13766 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 13767 u_long dflags; 13768 #endif 13769 u_int hash; 13770 13771 if (!rsbac_initialized) { 13772 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n"); 13773 return (-RSBAC_ENOTINITIALIZED); 13774 } 13775 if (in_interrupt()) { 13776 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n"); 13777 } 13778 switch (target) { 13779 case T_FILE: 13780 case T_DIR: 13781 case T_FIFO: 13782 case T_SYMLINK: 13783 case T_UNIXSOCK: 13784 /* rsbac_pr_debug(ds, "Removing file/dir/fifo/symlink ACI\n"); */ 13785 #if defined(CONFIG_RSBAC_MAC) 13786 /* file and dir items can also have mac_f_trusets -> remove first */ 13787 if ((target == T_FILE) 13788 || (target == T_DIR) 13789 ) 13790 error = rsbac_mac_remove_f_trusets(tid.file); 13791 #endif 13792 #if defined(CONFIG_RSBAC_AUTH) 13793 /* file and dir items can also have auth_f_capsets -> remove first */ 13794 if ((target == T_FILE) 13795 || (target == T_DIR) 13796 ) 13797 error = rsbac_auth_remove_f_capsets(tid.file); 13798 #endif 13799 #if defined(CONFIG_RSBAC_ACL) 13800 /* items can also have an acl_fd_item -> remove first */ 13801 error = rsbac_acl_remove_acl(ta_number, target, tid); 13802 #endif 13803 hash = device_hash(tid.file.device); 13804 /* wait for read access to device_list_head */ 13805 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13806 rcu_read_lock(); 13807 #else 13808 rsbac_read_lock(&device_list_locks[hash], &dflags); 13809 #endif 13810 13811 /* lookup device */ 13812 device_p = lookup_device(tid.file.device, hash); 13813 if (!device_p) { 13814 struct super_block *sb_p; 13815 13816 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13817 rcu_read_unlock(); 13818 #else 13819 rsbac_read_unlock(&device_list_locks[hash], &dflags); 13820 #endif 13821 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13822 sb_p = user_get_super(tid.file.device); 13823 #else 13824 sb_p = get_super(tid.file.device); 13825 #endif 13826 if (sb_p) { 13827 if(RSBAC_MAJOR(tid.file.device) <= 1) { 13828 rsbac_printk(KERN_INFO "rsbac_remove_target(): auto-mounting device %02u:%02u\n", 13829 RSBAC_MAJOR(tid.file.device), 13830 RSBAC_MINOR(tid.file.device)); 13831 rsbac_mount(sb_p, NULL); 13832 } 13833 /* free super_block pointer */ 13834 drop_super(sb_p); 13835 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13836 rcu_read_lock(); 13837 #else 13838 rsbac_read_lock(&device_list_locks[hash], 13839 &dflags); 13840 #endif 13841 device_p = lookup_device(tid.file.device, hash); 13842 if (!device_p) { 13843 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13844 rcu_read_unlock(); 13845 #else 13846 rsbac_read_unlock 13847 (&device_list_locks[hash], 13848 &dflags); 13849 #endif 13850 rsbac_printk(KERN_WARNING "rsbac_remove_target(): unknown device %02u:%02u\n", 13851 RSBAC_MAJOR(tid.file. 13852 device), 13853 RSBAC_MINOR(tid.file. 13854 device)); 13855 return -RSBAC_EINVALIDDEV; 13856 } 13857 } else 13858 return -RSBAC_EINVALIDDEV; 13859 } 13860 rsbac_ta_list_remove(ta_number, 13861 device_p->handles.gen, 13862 &tid.file.inode); 13863 #if defined(CONFIG_RSBAC_MAC) 13864 rsbac_ta_list_remove(ta_number, 13865 device_p->handles.mac, 13866 &tid.file.inode); 13867 #endif 13868 #if defined(CONFIG_RSBAC_PM) 13869 rsbac_ta_list_remove(ta_number, 13870 device_p->handles.pm, 13871 &tid.file.inode); 13872 #endif 13873 #if defined(CONFIG_RSBAC_DAZ) 13874 rsbac_ta_list_remove(ta_number, 13875 device_p->handles.daz, 13876 &tid.file.inode); 13877 #if defined(CONFIG_RSBAC_DAZ_CACHE) 13878 rsbac_ta_list_remove(ta_number, 13879 device_p->handles.dazs, 13880 &tid.file.inode); 13881 #endif 13882 #endif 13883 #if defined(CONFIG_RSBAC_FF) 13884 rsbac_ta_list_remove(ta_number, 13885 device_p->handles.ff, 13886 &tid.file.inode); 13887 #endif 13888 #if defined(CONFIG_RSBAC_RC) 13889 rsbac_ta_list_remove(ta_number, 13890 device_p->handles.rc, 13891 &tid.file.inode); 13892 #endif 13893 #if defined(CONFIG_RSBAC_AUTH) 13894 rsbac_ta_list_remove(ta_number, 13895 device_p->handles.auth, 13896 &tid.file.inode); 13897 #endif 13898 #if defined(CONFIG_RSBAC_CAP) 13899 rsbac_ta_list_remove(ta_number, 13900 device_p->handles.cap, 13901 &tid.file.inode); 13902 #endif 13903 #if defined(CONFIG_RSBAC_PAX) 13904 rsbac_ta_list_remove(ta_number, 13905 device_p->handles.pax, 13906 &tid.file.inode); 13907 #endif 13908 #if defined(CONFIG_RSBAC_RES) 13909 rsbac_ta_list_remove(ta_number, 13910 device_p->handles.res, 13911 &tid.file.inode); 13912 #endif 13913 13914 /* free access to device_list_head */ 13915 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13916 rcu_read_unlock(); 13917 #else 13918 rsbac_read_unlock(&device_list_locks[hash], &dflags); 13919 #endif 13920 #ifdef CONFIG_RSBAC_FD_CACHE 13921 rsbac_fd_cache_invalidate(&tid.file); 13922 #endif 13923 break; 13924 13925 case T_DEV: 13926 { 13927 switch (tid.dev.type) 13928 { 13929 case D_block: 13930 case D_char: 13931 rsbac_ta_list_remove(ta_number, 13932 dev_handles.gen, 13933 &tid.dev); 13934 #if defined(CONFIG_RSBAC_MAC) 13935 rsbac_ta_list_remove(ta_number, 13936 dev_handles.mac, 13937 &tid.dev); 13938 #endif 13939 #if defined(CONFIG_RSBAC_PM) 13940 rsbac_ta_list_remove(ta_number, 13941 dev_handles.pm, 13942 &tid.dev); 13943 #endif 13944 #if defined(CONFIG_RSBAC_RC) 13945 rsbac_ta_list_remove(ta_number, 13946 dev_handles.rc, 13947 &tid.dev); 13948 #endif 13949 break; 13950 case D_block_major: 13951 case D_char_major: 13952 { 13953 enum rsbac_dev_type_t orig_devtype=tid.dev.type; 13954 13955 if (tid.dev.type==D_block_major) 13956 tid.dev.type=D_block; 13957 else 13958 tid.dev.type=D_char; 13959 rsbac_ta_list_remove(ta_number, 13960 dev_major_handles.gen, 13961 &tid.dev); 13962 #if defined(CONFIG_RSBAC_MAC) 13963 rsbac_ta_list_remove(ta_number, 13964 dev_major_handles.mac, 13965 &tid.dev); 13966 #endif 13967 #if defined(CONFIG_RSBAC_PM) 13968 rsbac_ta_list_remove(ta_number, 13969 dev_major_handles.pm, 13970 &tid.dev); 13971 #endif 13972 #if defined(CONFIG_RSBAC_RC) 13973 rsbac_ta_list_remove(ta_number, 13974 dev_major_handles.rc, 13975 &tid.dev); 13976 #endif 13977 tid.dev.type=orig_devtype; 13978 break; 13979 } 13980 default: 13981 return -RSBAC_EINVALIDTARGET; 13982 } 13983 } 13984 break; 13985 13986 case T_IPC: 13987 /* rsbac_pr_debug(ds, "Removing ipc ACI\n"); */ 13988 #if defined(CONFIG_RSBAC_MAC) 13989 rsbac_ta_list_remove(ta_number, ipc_handles.mac, &tid.ipc); 13990 #endif 13991 #if defined(CONFIG_RSBAC_PM) 13992 rsbac_ta_list_remove(ta_number, ipc_handles.pm, &tid.ipc); 13993 #endif 13994 #if defined(CONFIG_RSBAC_RC) 13995 rsbac_ta_list_remove(ta_number, ipc_handles.rc, &tid.ipc); 13996 #endif 13997 #if defined(CONFIG_RSBAC_JAIL) 13998 rsbac_ta_list_remove(ta_number, 13999 ipc_handles.jail, &tid.ipc); 14000 #endif 14001 break; 14002 14003 case T_USER: 14004 /* rsbac_pr_debug(ds, "Removing user ACI"); */ 14005 rsbac_ta_list_remove(ta_number, 14006 user_handles.gen, &tid.user); 14007 #if defined(CONFIG_RSBAC_MAC) 14008 rsbac_ta_list_remove(ta_number, 14009 user_handles.mac, &tid.user); 14010 #endif 14011 #if defined(CONFIG_RSBAC_PM) 14012 rsbac_ta_list_remove(ta_number, 14013 user_handles.pm, &tid.user); 14014 #endif 14015 #if defined(CONFIG_RSBAC_DAZ) 14016 rsbac_ta_list_remove(ta_number, 14017 user_handles.daz, &tid.user); 14018 #endif 14019 #if defined(CONFIG_RSBAC_FF) 14020 rsbac_ta_list_remove(ta_number, 14021 user_handles.ff, &tid.user); 14022 #endif 14023 #if defined(CONFIG_RSBAC_RC) 14024 rsbac_ta_list_remove(ta_number, 14025 user_handles.rc, &tid.user); 14026 #endif 14027 #if defined(CONFIG_RSBAC_AUTH) 14028 rsbac_ta_list_remove(ta_number, 14029 user_handles.auth, &tid.user); 14030 #endif 14031 #if defined(CONFIG_RSBAC_CAP) 14032 rsbac_ta_list_remove(ta_number, 14033 user_handles.cap, &tid.user); 14034 #endif 14035 #if defined(CONFIG_RSBAC_JAIL) 14036 rsbac_ta_list_remove(ta_number, 14037 user_handles.jail, &tid.user); 14038 #endif 14039 #if defined(CONFIG_RSBAC_PAX) 14040 rsbac_ta_list_remove(ta_number, 14041 user_handles.pax, &tid.user); 14042 #endif 14043 #if defined(CONFIG_RSBAC_RES) 14044 rsbac_ta_list_remove(ta_number, 14045 user_handles.res, &tid.user); 14046 #endif 14047 break; 14048 14049 case T_PROCESS: 14050 /* too noisy... kicked out. 14051 rsbac_pr_debug(ds, "Removing process ACI\n"); 14052 */ 14053 #if defined(CONFIG_RSBAC_ACL) 14054 /* process items can also have an acl_p_item -> remove first */ 14055 error = rsbac_acl_remove_acl(ta_number, target, tid); 14056 #endif 14057 rsbac_ta_list_remove(ta_number, 14058 process_handles.gen, 14059 &tid.process); 14060 #if defined(CONFIG_RSBAC_MAC) 14061 /* process items can also have mac_p_trusets -> remove first */ 14062 error = rsbac_mac_remove_p_trusets(tid.process); 14063 rsbac_ta_list_remove(ta_number, 14064 process_handles.mac, 14065 &tid.process); 14066 #endif 14067 #if defined(CONFIG_RSBAC_PM) 14068 rsbac_ta_list_remove(ta_number, 14069 process_handles.pm, &tid.process); 14070 #endif 14071 #if defined(CONFIG_RSBAC_DAZ) 14072 rsbac_ta_list_remove(ta_number, 14073 process_handles.daz, &tid.process); 14074 #endif 14075 #if defined(CONFIG_RSBAC_RC) 14076 rsbac_ta_list_remove(ta_number, 14077 process_handles.rc, 14078 &tid.process); 14079 #endif 14080 #if defined(CONFIG_RSBAC_AUTH) 14081 /* process items can also have auth_p_capsets -> remove first */ 14082 error = rsbac_auth_remove_p_capsets(tid.process); 14083 rsbac_ta_list_remove(ta_number, 14084 process_handles.auth, &tid.process); 14085 #endif 14086 #if defined(CONFIG_RSBAC_CAP) 14087 rsbac_ta_list_remove(ta_number, 14088 process_handles.cap, &tid.process); 14089 #endif 14090 #if defined(CONFIG_RSBAC_JAIL) 14091 rsbac_ta_list_remove(ta_number, 14092 process_handles.jail, 14093 &tid.process); 14094 #endif 14095 break; 14096 14097 #ifdef CONFIG_RSBAC_UM 14098 case T_GROUP: 14099 /* rsbac_pr_debug(ds, "Removing group ACI\n"); */ 14100 #if defined(CONFIG_RSBAC_RC_UM_PROT) 14101 rsbac_ta_list_remove(ta_number, 14102 group_handles.rc, &tid.group); 14103 #endif 14104 break; 14105 #endif /* CONFIG_RSBAC_UM */ 14106 14107 #ifdef CONFIG_RSBAC_NET_DEV 14108 case T_NETDEV: 14109 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 14110 rsbac_ta_list_remove(ta_number, 14111 netdev_handles.gen, &tid.netdev); 14112 #endif 14113 #if defined(CONFIG_RSBAC_RC) 14114 rsbac_ta_list_remove(ta_number, 14115 netdev_handles.rc, &tid.netdev); 14116 #endif 14117 break; 14118 #endif 14119 14120 #ifdef CONFIG_RSBAC_NET_OBJ 14121 case T_NETTEMP: 14122 /* too noisy... kicked out. 14123 rsbac_pr_debug(ds, "Removing nettemp ACI\n"); 14124 */ 14125 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG) 14126 rsbac_ta_list_remove(ta_number, 14127 nettemp_handles.gen, &tid.nettemp); 14128 #endif 14129 #if defined(CONFIG_RSBAC_MAC) 14130 rsbac_ta_list_remove(ta_number, 14131 nettemp_handles.mac, &tid.nettemp); 14132 #endif 14133 #if defined(CONFIG_RSBAC_PM) 14134 rsbac_ta_list_remove(ta_number, 14135 nettemp_handles.pm, &tid.nettemp); 14136 #endif 14137 #if defined(CONFIG_RSBAC_RC) 14138 rsbac_ta_list_remove(ta_number, 14139 nettemp_handles.rc, &tid.nettemp); 14140 #endif 14141 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT) 14142 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid); 14143 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid); 14144 #endif 14145 break; 14146 14147 case T_NETOBJ: 14148 /* too noisy... kicked out. 14149 rsbac_pr_debug(ds, "Removing netobj ACI\n"); 14150 */ 14151 #if defined(CONFIG_RSBAC_MAC) 14152 rsbac_ta_list_remove(ta_number, 14153 lnetobj_handles.mac, 14154 &tid.netobj.sock_p); 14155 rsbac_ta_list_remove(ta_number, 14156 rnetobj_handles.mac, 14157 &tid.netobj.sock_p); 14158 #endif 14159 #if defined(CONFIG_RSBAC_PM) 14160 rsbac_ta_list_remove(ta_number, 14161 lnetobj_handles.pm, 14162 &tid.netobj.sock_p); 14163 rsbac_ta_list_remove(ta_number, 14164 rnetobj_handles.pm, 14165 &tid.netobj.sock_p); 14166 #endif 14167 #if defined(CONFIG_RSBAC_RC) 14168 rsbac_ta_list_remove(ta_number, 14169 lnetobj_handles.rc, 14170 &tid.netobj.sock_p); 14171 rsbac_ta_list_remove(ta_number, 14172 rnetobj_handles.rc, 14173 &tid.netobj.sock_p); 14174 #endif 14175 break; 14176 14177 #endif 14178 14179 default: 14180 return (-RSBAC_EINVALIDTARGET); 14181 } 14182 #ifdef CONFIG_RSBAC_XSTATS 14183 remove_count[target]++; 14184 #endif 14185 return (error); 14186 }
int rsbac_ta_set_attr | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t | value | |||
) |
Definition at line 13664 of file aci_data_structures.c.
References rsbac_target_id_t::dev, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), set_attr_dev(), set_attr_fd(), set_attr_ipc(), set_attr_process(), set_attr_user(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, T_UNIXSOCK, and T_USER.
Referenced by rsbac_pm(), sys_rsbac_set_attr(), and sys_rsbac_set_attr_n().
13670 { 13671 int err = 0; 13672 /* 13673 #ifdef CONFIG_RSBAC_DEBUG 13674 char tmp[RSBAC_MAXNAMELEN]; 13675 #endif 13676 */ 13677 if (!rsbac_initialized) { 13678 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n"); 13679 return (-RSBAC_ENOTINITIALIZED); 13680 } 13681 if (in_interrupt()) { 13682 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n"); 13683 } 13684 switch (target) { 13685 case T_FILE: 13686 case T_DIR: 13687 case T_FIFO: 13688 case T_SYMLINK: 13689 case T_UNIXSOCK: 13690 err = set_attr_fd(ta_number, module, target, &tid, attr, &value); 13691 break; 13692 13693 case T_DEV: 13694 err = 13695 set_attr_dev(ta_number, module, target, tid.dev, attr, 13696 &value); 13697 break; 13698 13699 case T_IPC: 13700 err = 13701 set_attr_ipc(ta_number, module, target, &tid, attr, 13702 &value); 13703 break; 13704 13705 case T_USER: 13706 err = 13707 set_attr_user(ta_number, module, target, &tid, attr, 13708 &value); 13709 break; 13710 13711 case T_PROCESS: 13712 err = 13713 set_attr_process(ta_number, module, target, &tid, attr, 13714 &value); 13715 break; 13716 13717 #ifdef CONFIG_RSBAC_UM 13718 case T_GROUP: 13719 err = 13720 set_attr_group(ta_number, module, target, &tid, attr, 13721 &value); 13722 break; 13723 #endif /* CONFIG_RSBAC_UM */ 13724 13725 #ifdef CONFIG_RSBAC_NET_DEV 13726 case T_NETDEV: 13727 err = 13728 set_attr_netdev(ta_number, module, target, &tid, attr, 13729 &value); 13730 break; 13731 #endif 13732 13733 #ifdef CONFIG_RSBAC_NET_OBJ 13734 case T_NETTEMP: 13735 err = 13736 set_attr_nettemp(ta_number, module, target, &tid, attr, 13737 &value); 13738 break; 13739 13740 case T_NETOBJ: 13741 err = 13742 set_attr_netobj(ta_number, module, target, &tid, attr, 13743 &value); 13744 break; 13745 #endif /* NET_OBJ */ 13746 13747 /* switch(target): no valid target */ 13748 default: 13749 return (-RSBAC_EINVALIDTARGET); 13750 } 13751 #ifdef CONFIG_RSBAC_XSTATS 13752 if (!err) 13753 set_attr_count[target]++; 13754 #endif 13755 return (err); 13756 }
int rsbac_umount | ( | struct super_block * | sb_p, | |
struct dentry * | d_covers | |||
) |
Definition at line 8442 of file aci_data_structures.c.
References device_hash(), device_list_locks, lookup_device(), NULL, remove_device_item(), rsbac_debug_no_write, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_umount(), rsbac_pr_debug, rsbac_printk(), rsbac_umount_acl(), rsbac_umount_auth(), rsbac_umount_mac(), rsbac_umount_reg(), rsbac_write(), rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE.
08443 { 08444 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08445 u_long flags; 08446 #endif 08447 struct rsbac_device_list_item_t *device_p; 08448 kdev_t kdev; 08449 u_int hash; 08450 08451 if (!sb_p) { 08452 rsbac_printk(KERN_WARNING "rsbac_umount(): called with NULL pointer\n"); 08453 return -RSBAC_EINVALIDPOINTER; 08454 } 08455 if (!rsbac_initialized) { 08456 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n"); 08457 08458 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08459 if ((sb_p->s_magic == SYSFS_MAGIC) 08460 && !RSBAC_MAJOR(sb_p->s_dev) 08461 && sysfs_sb_p && sysfs_covered_p) { 08462 rsbac_printk(KERN_WARNING "rsbac_umount(): sysfs umount detected, removing auto-mount values\n"); 08463 sysfs_sb_p = NULL; 08464 sysfs_covered_p = NULL; 08465 } 08466 #endif 08467 #ifdef CONFIG_DEVFS_MOUNT 08468 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC) 08469 && !RSBAC_MAJOR(sb_p->s_dev) 08470 && devfs_sb_p && devfs_covered_p) { 08471 rsbac_printk(KERN_WARNING "rsbac_umount(): devfs umount detected, removing auto-mount values\n"); 08472 devfs_sb_p = NULL; 08473 devfs_covered_p = NULL; 08474 } 08475 #endif 08476 08477 return (-RSBAC_ENOTINITIALIZED); 08478 } 08479 rsbac_pr_debug(ds, "umounting device %02u:%02u\n", 08480 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 08481 kdev = sb_p->s_dev; 08482 08483 /* sync attribute lists */ 08484 #if defined(CONFIG_RSBAC_AUTO_WRITE) 08485 if (!rsbac_debug_no_write) { 08486 down(&rsbac_write_sem); 08487 /* recheck no_write with lock - might have been set in between */ 08488 if (!rsbac_debug_no_write) { 08489 rsbac_write(TRUE); 08490 } 08491 up(&rsbac_write_sem); 08492 } 08493 #endif 08494 /* call other umount functions */ 08495 #if defined(CONFIG_RSBAC_MAC) 08496 rsbac_umount_mac(kdev); 08497 #endif 08498 #if defined(CONFIG_RSBAC_AUTH) 08499 rsbac_umount_auth(kdev); 08500 #endif 08501 #if defined(CONFIG_RSBAC_ACL) 08502 rsbac_umount_acl(kdev); 08503 #endif 08504 #if defined(CONFIG_RSBAC_REG) 08505 rsbac_umount_reg(kdev); 08506 #endif 08507 08508 hash = device_hash(kdev); 08509 /* wait for write access to device_list_head */ 08510 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08511 spin_lock(&device_list_locks[hash]); 08512 #else 08513 rsbac_write_lock(&device_list_locks[hash], &flags); 08514 #endif 08515 /* OK, nobody else is working on it... */ 08516 device_p = lookup_device(kdev, hash); 08517 if (device_p) { 08518 if (device_p->mount_count == 1) { 08519 /* Generic lists */ 08520 rsbac_list_umount(kdev); 08521 /* 2.6: remove_device_item unlocks! */ 08522 remove_device_item(kdev); 08523 } else { 08524 if (device_p->mount_count > 1) { 08525 device_p->mount_count--; 08526 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08527 spin_unlock(&device_list_locks[hash]); 08528 #endif 08529 if (device_p->d_covers == d_covers) { 08530 rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n", 08531 RSBAC_MAJOR(kdev), 08532 RSBAC_MINOR(kdev)); 08533 device_p->d_covers = NULL; 08534 } 08535 } else { 08536 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08537 spin_unlock(&device_list_locks[hash]); 08538 #endif 08539 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n", 08540 RSBAC_MAJOR(kdev), 08541 RSBAC_MINOR(kdev)); 08542 } 08543 } 08544 } 08545 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08546 else 08547 spin_unlock(&device_list_locks[hash]); 08548 #else 08549 rsbac_write_unlock(&device_list_locks[hash], &flags); 08550 #endif 08551 #ifdef CONFIG_RSBAC_FD_CACHE 08552 rsbac_fd_cache_invalidate_all(); 08553 #endif 08554 08555 return 0; 08556 }
void rsbac_write_close | ( | struct file * | file_p | ) |
Definition at line 2619 of file aci_data_structures.c.
References rsbac_read_close().
Referenced by rsbac_list_write_buffers(), rsbac_list_write_lol_buffers(), and write_info().
02620 { 02621 rsbac_read_close(file_p); 02622 }
int rsbac_write_open | ( | char * | name, | |
struct file * | file_p, | |||
kdev_t | kdev | |||
) |
Definition at line 2260 of file aci_data_structures.c.
References check_parent, init_private_file(), KERNEL_VERSION, lookup_aci_path_dentry(), NULL, rsbac_clear_file(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_ENOTWRITABLE, RSBAC_EWRITEFAILED, rsbac_get_super_block(), rsbac_kfree(), rsbac_kmalloc(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, rsbac_pr_debug, rsbac_printk(), TRUE, and writable().
Referenced by rsbac_list_write_buffers(), rsbac_list_write_lol_buffers(), and write_info().
02261 { 02262 struct dentry *dir_dentry_p = NULL; 02263 struct dentry *ldir_dentry_p = NULL; 02264 struct dentry *file_dentry_p = NULL; 02265 int err = 0; 02266 int tmperr = 0; 02267 struct super_block *sb_p; 02268 02269 if (!file_p || !name) { 02270 rsbac_pr_debug(write, "called with NULL pointer!\n"); 02271 return (-RSBAC_EINVALIDPOINTER); 02272 } 02273 02274 /* get super_block-pointer */ 02275 sb_p = rsbac_get_super_block(kdev); 02276 if (!sb_p) { 02277 rsbac_printk(KERN_WARNING "rsbac_write_open(): invalid device %02u:%02u\n", 02278 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02279 return (-RSBAC_EINVALIDDEV); 02280 } 02281 if (!writable(sb_p)) { 02282 rsbac_pr_debug(write, "called for non-writable device\n"); 02283 err = -RSBAC_ENOTWRITABLE; 02284 goto out; 02285 } 02286 02287 /* lookup dentry of ACI_PATH on this device (create, if needed and possible), 02288 * returns errorcode, if failed */ 02289 if ((tmperr = lookup_aci_path_dentry(sb_p, &dir_dentry_p, TRUE, 02290 kdev))) { 02291 err = tmperr; 02292 goto out; 02293 } 02294 02295 /* open file for reading - this must be done 'by hand', because */ 02296 /* standard system calls are now extended by rsbac decision calls. */ 02297 file_dentry_p = 02298 rsbac_lookup_one_len(name, dir_dentry_p, strlen(name)); 02299 if (!file_dentry_p || IS_ERR(file_dentry_p)) { 02300 rsbac_pr_debug(write, "lookup of %s returned error %li\n", 02301 name, PTR_ERR(file_dentry_p)); 02302 err = -RSBAC_EWRITEFAILED; 02303 goto out; 02304 } 02305 #if 1 02306 if (file_dentry_p->d_inode) { /* file was found: try to rename it as backup file */ 02307 if (!dir_dentry_p->d_inode->i_op 02308 || !dir_dentry_p->d_inode->i_op->rename) { 02309 rsbac_printk(KERN_WARNING "rsbac_write_open(): File system supports no rename - no backup of %s made!", 02310 name); 02311 } else { 02312 char *bname; 02313 int name_len = strlen(name); 02314 struct dentry *new_file_dentry_p = NULL; 02315 struct dentry *old_dir_p, *new_dir_p; 02316 02317 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02318 if (!bname) { 02319 err = -RSBAC_ENOMEM; 02320 goto out_dput; 02321 } 02322 strcpy(bname, name); 02323 bname[name_len] = 'b'; 02324 bname[name_len + 1] = (char) 0; 02325 new_file_dentry_p = 02326 rsbac_lookup_one_len(bname, dir_dentry_p, 02327 strlen(bname)); 02328 if (new_file_dentry_p 02329 && !IS_ERR(new_file_dentry_p)) { 02330 /* lock parent == rsbac-dir for rest of rename */ 02331 old_dir_p = dget(file_dentry_p->d_parent); 02332 new_dir_p = 02333 dget(new_file_dentry_p->d_parent); 02334 double_lock(new_dir_p, old_dir_p); 02335 02336 DQUOT_INIT(old_dir_p->d_inode); 02337 DQUOT_INIT(new_dir_p->d_inode); 02338 /* try to rename file in rsbac dir */ 02339 /* rsbac_pr_debug(write, "calling rename function\n"); */ 02340 err = 02341 dir_dentry_p->d_inode->i_op-> 02342 rename(old_dir_p->d_inode, 02343 file_dentry_p, 02344 new_dir_p->d_inode, 02345 new_file_dentry_p); 02346 /* unlock dir (dputs both dentries) */ 02347 double_unlock(new_dir_p, old_dir_p); 02348 if (err) { 02349 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n", 02350 name, bname, 02351 RSBAC_MAJOR(kdev), 02352 RSBAC_MINOR(kdev), 02353 err); 02354 } else { 02355 /* The following d_move() should become unconditional */ 02356 if (! 02357 (sb_p->s_type-> 02358 fs_flags 02359 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02360 & FS_RENAME_DOES_D_MOVE 02361 #else 02362 & FS_ODD_RENAME 02363 #endif 02364 )) 02365 d_move(file_dentry_p, 02366 new_file_dentry_p); 02367 inode_dir_notify(old_dir_p-> 02368 d_inode, 02369 DN_RENAME); 02370 } 02371 dput(new_file_dentry_p); 02372 dput(file_dentry_p); 02373 /* re-init dentry structure */ 02374 file_dentry_p = 02375 rsbac_lookup_one_len(name, 02376 dir_dentry_p, 02377 strlen(name)); 02378 if (!file_dentry_p 02379 || IS_ERR(file_dentry_p)) { 02380 rsbac_pr_debug(write, "relookup of %s " 02381 "returned error %li\n", 02382 name, 02383 PTR_ERR(file_dentry_p)); 02384 err = -RSBAC_EWRITEFAILED; 02385 goto out; 02386 } 02387 if (file_dentry_p->d_inode) { 02388 rsbac_printk(KERN_WARNING "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n", 02389 name, 02390 file_dentry_p-> 02391 d_inode->i_ino); 02392 /* file was found: try to delete it */ 02393 if (!dir_dentry_p->d_inode->i_op 02394 || !dir_dentry_p->d_inode-> 02395 i_op->unlink) { 02396 rsbac_printk(KERN_WARNING "rsbac_write_open(): File system supports no unlink - %s not deleted!", 02397 name); 02398 rsbac_kfree(bname); 02399 err = -RSBAC_EWRITEFAILED; 02400 goto out_dput; 02401 } else { 02402 old_dir_p = 02403 lock_parent 02404 (file_dentry_p); 02405 02406 DQUOT_INIT(old_dir_p-> 02407 d_inode); 02408 err = -ENOENT; 02409 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 02410 if (check_parent 02411 (old_dir_p, 02412 file_dentry_p)) { 02413 #endif 02414 err = 02415 dir_dentry_p-> 02416 d_inode->i_op-> 02417 unlink 02418 (old_dir_p-> 02419 d_inode, 02420 file_dentry_p); 02421 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 02422 } else { 02423 rsbac_printk 02424 (KERN_WARNING 02425 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n", 02426 name, 02427 RSBAC_MAJOR 02428 (kdev), 02429 RSBAC_MINOR 02430 (kdev)); 02431 } 02432 #endif 02433 /* unlock parent dir */ 02434 unlock_dir(old_dir_p); 02435 /* free file dentry */ 02436 dput(file_dentry_p); 02437 if (err) { 02438 rsbac_printk 02439 (KERN_WARNING 02440 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n", 02441 name, 02442 RSBAC_MAJOR 02443 (kdev), 02444 RSBAC_MINOR 02445 (kdev), err); 02446 } 02447 /* re-init dentry structure */ 02448 file_dentry_p = 02449 rsbac_lookup_one_len 02450 (name, dir_dentry_p, 02451 strlen(name)); 02452 if (!file_dentry_p 02453 || 02454 IS_ERR(file_dentry_p)) { 02455 rsbac_pr_debug(write, "relookup of %s returned error %li\n", 02456 name, 02457 PTR_ERR(file_dentry_p)); 02458 rsbac_kfree(bname); 02459 err = 02460 -RSBAC_EWRITEFAILED; 02461 goto out; 02462 } 02463 if (file_dentry_p->d_inode) { 02464 rsbac_printk 02465 (KERN_WARNING 02466 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n", 02467 name, 02468 file_dentry_p-> 02469 d_inode-> 02470 i_ino); 02471 rsbac_kfree(bname); 02472 err = 02473 -RSBAC_EWRITEFAILED; 02474 goto out_dput; 02475 } 02476 } 02477 } 02478 } else { 02479 rsbac_printk(KERN_WARNING "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n", 02480 bname, RSBAC_MAJOR(kdev), 02481 RSBAC_MINOR(kdev), 02482 PTR_ERR(new_file_dentry_p)); 02483 } 02484 rsbac_kfree(bname); 02485 } 02486 } 02487 #endif /* backup part */ 02488 02489 if (!file_dentry_p->d_inode) { 02490 /* file not found or renamed away: try to create a new one */ 02491 if (!dir_dentry_p->d_inode->i_op 02492 || !dir_dentry_p->d_inode->i_op->create) { 02493 rsbac_printk(KERN_WARNING "%s\n", 02494 "rsbac_write_open(): File system supports no create!"); 02495 err = -RSBAC_EWRITEFAILED; 02496 goto out_dput; 02497 } 02498 02499 /* lock parent == rsbac-dir for create */ 02500 ldir_dentry_p = lock_parent(file_dentry_p); 02501 if (IS_ERR(ldir_dentry_p)) { 02502 rsbac_pr_debug(write, "lock_parent of %s returned " 02503 "error %li\n", name, 02504 PTR_ERR(ldir_dentry_p)); 02505 err = -RSBAC_EWRITEFAILED; 02506 goto out_dput; 02507 } 02508 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 02509 if (!check_parent(ldir_dentry_p, file_dentry_p)) { 02510 rsbac_pr_debug(write, "check_parent of %s returned " 02511 "error\n", name); 02512 unlock_dir(ldir_dentry_p); 02513 err = -RSBAC_EWRITEFAILED; 02514 goto out_dput; 02515 } 02516 #endif 02517 /* try to create file in rsbac dir */ 02518 /* rsbac_pr_debug(write, "calling create function\n"); */ 02519 DQUOT_INIT(ldir_dentry_p->d_inode); 02520 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02521 err = 02522 dir_dentry_p->d_inode->i_op->create(ldir_dentry_p-> 02523 d_inode, 02524 file_dentry_p, 02525 RSBAC_ACI_FILE_MODE, 02526 NULL); 02527 #else 02528 err = 02529 dir_dentry_p->d_inode->i_op->create(ldir_dentry_p-> 02530 d_inode, 02531 file_dentry_p, 02532 RSBAC_ACI_FILE_MODE); 02533 #endif 02534 unlock_dir(ldir_dentry_p); 02535 02536 if (err) { 02537 goto out_dput; 02538 } 02539 /* create was successful */ 02540 } 02541 02542 if (!(S_ISREG(file_dentry_p->d_inode->i_mode))) { /* this is not a file! -> error! */ 02543 rsbac_printk(KERN_WARNING "rsbac_write_open(): expected file is not a file, mode is %o!\n", 02544 file_dentry_p->d_inode->i_mode); 02545 err = -RSBAC_EWRITEFAILED; 02546 goto out_dput; 02547 } 02548 /* Now we fill the file structure and */ 02549 /* if there is an open func for this file, use it, otherwise ignore */ 02550 if ((tmperr = init_private_file(file_p, file_dentry_p, O_RDONLY))) { 02551 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not init file!\n"); 02552 err = -RSBAC_EWRITEFAILED; 02553 goto out_dput; 02554 } 02555 02556 /* Without a write function we get into troubles -> error */ 02557 if ((!file_p->f_op) || (!file_p->f_op->write)) { 02558 rsbac_printk(KERN_WARNING "rsbac_write_open(): file write function missing!\n"); 02559 if (file_p->f_op && file_p->f_op->release) { 02560 file_p->f_op->release(file_dentry_p->d_inode, 02561 file_p); 02562 } 02563 err = -RSBAC_EWRITEFAILED; 02564 goto out_dput; 02565 } 02566 02567 /* trying to get write access */ 02568 /* rsbac_pr_debug(write, "trying to get write access!\n"); */ 02569 if (get_write_access(file_dentry_p->d_inode)) { 02570 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not get write access!\n"); 02571 if (file_p->f_op->release) 02572 file_p->f_op->release(file_dentry_p->d_inode, 02573 file_p); 02574 err = -RSBAC_EWRITEFAILED; 02575 goto out_dput; 02576 } 02577 /* truncating */ 02578 if (rsbac_clear_file(file_dentry_p)) { 02579 if (file_p->f_op->release) 02580 file_p->f_op->release(file_dentry_p->d_inode, 02581 file_p); 02582 put_write_access(file_dentry_p->d_inode); 02583 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not truncate!\n"); 02584 err = -RSBAC_EWRITEFAILED; 02585 goto out_dput; 02586 } 02587 /* set synchronous mode for this file */ 02588 file_p->f_flags |= O_SYNC; 02589 02590 out: 02591 return err; 02592 02593 out_dput: 02594 dput(file_dentry_p); 02595 goto out; 02596 }
static int set_attr_dev | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
struct rsbac_dev_desc_t | dev, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value_p | |||
) | [static] |
Definition at line 12045 of file aci_data_structures.c.
References A_log_array_high, A_log_array_low, A_mac_categories, A_mac_check, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, D_block, D_block_major, D_char, D_char_major, DEFAULT_GEN_DEV_ACI, dev_handles, dev_major_handles, handle, rsbac_attribute_value_t::log_array_high, rsbac_gen_dev_aci_t::log_array_high, rsbac_attribute_value_t::log_array_low, rsbac_gen_dev_aci_t::log_array_low, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_check, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::rc_type, RC_type_max_value, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SW_GEN, and rsbac_dev_desc_t::type.
Referenced by rsbac_ta_set_attr().
12051 { 12052 int err = 0; 12053 /* rsbac_pr_debug(ds, "Setting dev attribute\n"); */ 12054 switch (module) { 12055 case SW_GEN: 12056 { 12057 struct rsbac_gen_dev_aci_t aci = 12058 DEFAULT_GEN_DEV_ACI; 12059 12060 if (dev.type > D_char) 12061 return -RSBAC_EINVALIDTARGET; 12062 rsbac_ta_list_get_data_ttl(ta_number, 12063 dev_handles.gen, 12064 NULL, &dev, &aci); 12065 switch (attr) { 12066 case A_log_array_low: 12067 aci.log_array_low = value_p->log_array_low; 12068 break; 12069 case A_log_array_high: 12070 aci.log_array_high = 12071 value_p->log_array_high; 12072 break; 12073 default: 12074 err = -RSBAC_EINVALIDATTR; 12075 } 12076 if (!err) { 12077 err = rsbac_ta_list_add_ttl(ta_number, 12078 dev_handles. 12079 gen, 0, &dev, 12080 &aci); 12081 } 12082 } 12083 break; 12084 12085 #if defined(CONFIG_RSBAC_MAC) 12086 case SW_MAC: 12087 { 12088 struct rsbac_mac_dev_aci_t aci = 12089 DEFAULT_MAC_DEV_ACI; 12090 12091 if (dev.type > D_char) 12092 return -RSBAC_EINVALIDTARGET; 12093 rsbac_ta_list_get_data_ttl(ta_number, 12094 dev_handles.mac, 12095 NULL, &dev, &aci); 12096 switch (attr) { 12097 case A_security_level: 12098 aci.sec_level = value_p->security_level; 12099 break; 12100 case A_mac_categories: 12101 aci.mac_categories = 12102 value_p->mac_categories; 12103 break; 12104 case A_mac_check: 12105 aci.mac_check = value_p->mac_check; 12106 break; 12107 default: 12108 err = -RSBAC_EINVALIDATTR; 12109 } 12110 if (!err) { 12111 err = rsbac_ta_list_add_ttl(ta_number, 12112 dev_handles. 12113 mac, 0, &dev, 12114 &aci); 12115 } 12116 } 12117 break; 12118 #endif 12119 12120 #if defined(CONFIG_RSBAC_PM) 12121 case SW_PM: 12122 { 12123 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI; 12124 12125 if (dev.type > D_char) 12126 return -RSBAC_EINVALIDTARGET; 12127 rsbac_ta_list_get_data_ttl(ta_number, 12128 dev_handles.pm, 12129 NULL, &dev, &aci); 12130 switch (attr) { 12131 case A_pm_object_type: 12132 aci.pm_object_type = 12133 value_p->pm_object_type; 12134 break; 12135 case A_pm_object_class: 12136 aci.pm_object_class = 12137 value_p->pm_object_class; 12138 break; 12139 default: 12140 err = -RSBAC_EINVALIDATTR; 12141 } 12142 if (!err) { 12143 err = rsbac_ta_list_add_ttl(ta_number, 12144 dev_handles.pm, 12145 0, &dev, &aci); 12146 } 12147 } 12148 break; 12149 #endif 12150 12151 #if defined(CONFIG_RSBAC_RC) 12152 case SW_RC: 12153 { 12154 rsbac_rc_type_id_t type = value_p->rc_type; 12155 struct rsbac_dev_desc_t dev_desc; 12156 rsbac_list_handle_t handle; 12157 12158 switch (dev.type) { 12159 case D_char: 12160 dev_desc.type = D_char; 12161 handle = dev_handles.rc; 12162 break; 12163 case D_block: 12164 dev_desc.type = D_block; 12165 handle = dev_handles.rc; 12166 break; 12167 case D_char_major: 12168 if (type > RC_type_max_value) 12169 return -RSBAC_EINVALIDVALUE; 12170 dev_desc.type = D_char; 12171 handle = dev_major_handles.rc; 12172 break; 12173 case D_block_major: 12174 if (type > RC_type_max_value) 12175 return -RSBAC_EINVALIDVALUE; 12176 dev_desc.type = D_block; 12177 handle = dev_major_handles.rc; 12178 break; 12179 default: 12180 return -RSBAC_EINVALIDTARGET; 12181 } 12182 dev_desc.major = dev.major; 12183 dev_desc.minor = dev.minor; 12184 12185 switch (attr) { 12186 case A_rc_type: 12187 err = rsbac_ta_list_add_ttl(ta_number, 12188 handle, 12189 0, 12190 &dev_desc, 12191 &type); 12192 break; 12193 default: 12194 err = -RSBAC_EINVALIDATTR; 12195 } 12196 } 12197 break; 12198 #endif 12199 12200 default: 12201 err = -RSBAC_EINVALIDMODULE; 12202 } 12203 12204 return err; 12205 }
static int set_attr_fd | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid_p, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value_p | |||
) | [static] |
Definition at line 11556 of file aci_data_structures.c.
References A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_ld_env, A_daz_do_scan, A_daz_scanned, A_daz_scanner, A_fake_root_uid, A_ff_flags, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_file_flags, A_mac_prop_trusted, A_max_caps, A_min_caps, A_pax_flags, A_pm_object_class, A_pm_object_type, A_pm_tp, A_rc_force_role, A_rc_initial_role, A_rc_type_fd, A_res_max, A_res_min, A_security_level, A_symlink_add_mac_level, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, rsbac_attribute_value_t::auid_exempt, rsbac_gen_fd_aci_t::auid_exempt, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, rsbac_attribute_value_t::cap_ld_env, rsbac_attribute_value_t::daz_do_scan, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_FD_ACI, device_hash(), device_list_locks, rsbac_attribute_value_t::fake_root_uid, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_attribute_value_t::ff_flags, rsbac_attribute_value_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_attribute_value_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_attribute_value_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_attribute_value_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, lookup_device(), rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_prop_trusted, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, rsbac_attribute_value_t::pax_flags, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::pm_tp, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_initial_role, rsbac_attribute_value_t::rc_type_fd, rsbac_attribute_value_t::res_array, RSBAC_EINVALIDATTR, RSBAC_EINVALIDDEV, RSBAC_EINVALIDMODULE, rsbac_list_add_ttl(), rsbac_list_lol_remove(), rsbac_list_lol_remove_all(), RSBAC_MAC_F_FLAGS, rsbac_mount(), RSBAC_PAX_ALL_FLAGS, rsbac_printk(), rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_remove(), rsbac_attribute_value_t::security_level, SW_GEN, rsbac_attribute_value_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_attribute_value_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_attribute_value_t::symlink_add_remote_ip, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_attribute_value_t::symlink_add_uid, rsbac_gen_fd_aci_t::symlink_add_uid, and T_DIR.
Referenced by rsbac_ta_set_attr().
11562 { 11563 int err = 0; 11564 struct rsbac_device_list_item_t *device_p; 11565 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 11566 u_long dflags; 11567 #endif 11568 u_int hash; 11569 11570 /* rsbac_pr_debug(ds, "Setting file/dir/fifo/symlink " 11571 "attribute %u for device %02u:%02u, inode %lu, " 11572 "dentry_p %p\n", attr, 11573 RSBAC_MAJOR(tid_p->file.device), 11574 RSBAC_MINOR(tid_p->file.device), 11575 (u_long)tid_p->file.inode, tid_p->file.dentry_p); */ 11576 hash = device_hash(tid_p->file.device); 11577 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 11578 rcu_read_lock(); 11579 #else 11580 rsbac_read_lock(&device_list_locks[hash], &dflags); 11581 #endif 11582 /* rsbac_pr_debug(ds, "passed device read lock\n"); */ 11583 /* lookup device */ 11584 device_p = lookup_device(tid_p->file.device, hash); 11585 if (!device_p) { 11586 struct super_block *sb_p; 11587 11588 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 11589 rcu_read_unlock(); 11590 #else 11591 rsbac_read_unlock(&device_list_locks[hash], &dflags); 11592 #endif 11593 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 11594 sb_p = user_get_super(tid_p->file.device); 11595 #else 11596 sb_p = get_super(tid_p->file.device); 11597 #endif 11598 if (sb_p) { 11599 if(RSBAC_MAJOR(tid_p->file.device) <= 1) { 11600 rsbac_printk(KERN_INFO "rsbac_set_attr(): auto-mounting device %02u:%02u\n", 11601 RSBAC_MAJOR(tid_p->file.device), 11602 RSBAC_MINOR(tid_p->file.device)); 11603 rsbac_mount(sb_p, NULL); 11604 } 11605 /* free super_block pointer */ 11606 drop_super(sb_p); 11607 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 11608 rcu_read_lock(); 11609 #else 11610 rsbac_read_lock(&device_list_locks[hash], &dflags); 11611 #endif 11612 device_p = lookup_device(tid_p->file.device, hash); 11613 if (!device_p) { 11614 rsbac_printk(KERN_WARNING "rsbac_set_attr(): unknown device %02u:%02u\n", 11615 RSBAC_MAJOR(tid_p->file. 11616 device), 11617 RSBAC_MINOR(tid_p->file. 11618 device)); 11619 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 11620 rcu_read_unlock(); 11621 #else 11622 rsbac_read_unlock(&device_list_locks[hash], 11623 &dflags); 11624 #endif 11625 return -RSBAC_EINVALIDDEV; 11626 } 11627 } else 11628 return -RSBAC_EINVALIDDEV; 11629 } 11630 switch (module) { 11631 case SW_GEN: 11632 { 11633 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI; 11634 11635 rsbac_ta_list_get_data_ttl(ta_number, 11636 device_p->handles.gen, 11637 NULL, 11638 &tid_p->file.inode, 11639 &aci); 11640 switch (attr) { 11641 case A_log_array_low: 11642 aci.log_array_low = value_p->log_array_low; 11643 break; 11644 case A_log_array_high: 11645 aci.log_array_high = 11646 value_p->log_array_high; 11647 break; 11648 case A_log_program_based: 11649 aci.log_program_based = 11650 value_p->log_program_based; 11651 break; 11652 case A_symlink_add_remote_ip: 11653 aci.symlink_add_remote_ip = 11654 value_p->symlink_add_remote_ip; 11655 break; 11656 case A_symlink_add_uid: 11657 aci.symlink_add_uid = 11658 value_p->symlink_add_uid; 11659 break; 11660 case A_symlink_add_mac_level: 11661 aci.symlink_add_mac_level = 11662 value_p->symlink_add_mac_level; 11663 break; 11664 case A_symlink_add_rc_role: 11665 aci.symlink_add_rc_role = 11666 value_p->symlink_add_rc_role; 11667 break; 11668 case A_linux_dac_disable: 11669 aci.linux_dac_disable = 11670 value_p->linux_dac_disable; 11671 break; 11672 case A_fake_root_uid: 11673 aci.fake_root_uid = value_p->fake_root_uid; 11674 break; 11675 case A_auid_exempt: 11676 aci.auid_exempt = value_p->auid_exempt; 11677 break; 11678 default: 11679 err = -RSBAC_EINVALIDATTR; 11680 } 11681 if (!err) { 11682 err = rsbac_ta_list_add_ttl(ta_number, 11683 device_p-> 11684 handles.gen, 11685 0, 11686 &tid_p->file. 11687 inode, &aci); 11688 } 11689 } 11690 break; 11691 11692 #if defined(CONFIG_RSBAC_MAC) 11693 case SW_MAC: 11694 { 11695 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI; 11696 11697 rsbac_ta_list_get_data_ttl(ta_number, 11698 device_p->handles.mac, 11699 NULL, 11700 &tid_p->file.inode, 11701 &aci); 11702 switch (attr) { 11703 case A_security_level: 11704 aci.sec_level = value_p->security_level; 11705 break; 11706 case A_mac_categories: 11707 aci.mac_categories = 11708 value_p->mac_categories; 11709 break; 11710 case A_mac_auto: 11711 aci.mac_auto = value_p->mac_auto; 11712 break; 11713 case A_mac_prop_trusted: 11714 aci.mac_prop_trusted = 11715 value_p->mac_prop_trusted; 11716 break; 11717 case A_mac_file_flags: 11718 aci.mac_file_flags = 11719 value_p-> 11720 mac_file_flags & RSBAC_MAC_F_FLAGS; 11721 break; 11722 11723 default: 11724 err = -RSBAC_EINVALIDATTR; 11725 } 11726 if (!err) { 11727 err = rsbac_ta_list_add_ttl(ta_number, 11728 device_p-> 11729 handles.mac, 11730 0, 11731 &tid_p->file. 11732 inode, &aci); 11733 } 11734 } 11735 break; 11736 #endif /* MAC */ 11737 11738 #if defined(CONFIG_RSBAC_PM) 11739 case SW_PM: 11740 { 11741 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI; 11742 11743 rsbac_ta_list_get_data_ttl(ta_number, 11744 device_p->handles.pm, 11745 NULL, 11746 &tid_p->file.inode, 11747 &aci); 11748 switch (attr) { 11749 case A_pm_object_class: 11750 aci.pm_object_class = 11751 value_p->pm_object_class; 11752 break; 11753 case A_pm_tp: 11754 aci.pm_tp = value_p->pm_tp; 11755 break; 11756 case A_pm_object_type: 11757 aci.pm_object_type = 11758 value_p->pm_object_type; 11759 break; 11760 default: 11761 err = -RSBAC_EINVALIDATTR; 11762 } 11763 if (!err) { 11764 err = rsbac_ta_list_add_ttl(ta_number, 11765 device_p-> 11766 handles.pm, 11767 0, 11768 &tid_p->file. 11769 inode, &aci); 11770 } 11771 } 11772 break; 11773 #endif /* PM */ 11774 11775 #if defined(CONFIG_RSBAC_DAZ) 11776 case SW_DAZ: 11777 { 11778 #if defined(CONFIG_RSBAC_DAZ_CACHE) 11779 if (attr == A_daz_scanned) { 11780 err = 11781 rsbac_list_add_ttl(device_p->handles.dazs, 11782 rsbac_daz_ttl, 11783 &tid_p->file.inode, 11784 &value_p-> 11785 daz_scanned); 11786 } else 11787 #endif 11788 { 11789 struct rsbac_daz_fd_aci_t aci = 11790 DEFAULT_DAZ_FD_ACI; 11791 11792 rsbac_ta_list_get_data_ttl(ta_number, 11793 device_p-> 11794 handles.daz, 11795 NULL, 11796 &tid_p->file.inode, 11797 &aci); 11798 switch (attr) { 11799 case A_daz_scanner: 11800 aci.daz_scanner = 11801 value_p->daz_scanner; 11802 break; 11803 case A_daz_do_scan: 11804 aci.daz_do_scan = value_p->daz_do_scan; 11805 break; 11806 default: 11807 err = -RSBAC_EINVALIDATTR; 11808 } 11809 if (!err) { 11810 err = rsbac_ta_list_add_ttl 11811 (ta_number, 11812 device_p->handles.daz, 11813 0, 11814 &tid_p->file.inode, &aci); 11815 } 11816 } 11817 } 11818 break; 11819 #endif /* DAZ */ 11820 11821 #if defined(CONFIG_RSBAC_FF) 11822 case SW_FF: 11823 { 11824 switch (attr) { 11825 case A_ff_flags: 11826 err = rsbac_ta_list_add_ttl(ta_number, 11827 device_p-> 11828 handles.ff, 11829 0, 11830 &tid_p->file. 11831 inode, 11832 &value_p->ff_flags); 11833 break; 11834 11835 default: 11836 err = -RSBAC_EINVALIDATTR; 11837 } 11838 } 11839 break; 11840 #endif /* FF */ 11841 11842 #if defined(CONFIG_RSBAC_RC) 11843 case SW_RC: 11844 { 11845 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI; 11846 11847 rsbac_ta_list_get_data_ttl(ta_number, 11848 device_p->handles.rc, 11849 NULL, 11850 &tid_p->file.inode, 11851 &aci); 11852 switch (attr) { 11853 case A_rc_type_fd: 11854 aci.rc_type_fd = value_p->rc_type_fd; 11855 break; 11856 case A_rc_force_role: 11857 aci.rc_force_role = value_p->rc_force_role; 11858 break; 11859 case A_rc_initial_role: 11860 aci.rc_initial_role = 11861 value_p->rc_initial_role; 11862 break; 11863 11864 default: 11865 err = -RSBAC_EINVALIDATTR; 11866 } 11867 if (!err) { 11868 err = rsbac_ta_list_add_ttl(ta_number, 11869 device_p-> 11870 handles.rc, 11871 0, 11872 &tid_p->file. 11873 inode, &aci); 11874 } 11875 } 11876 break; 11877 #endif /* RC */ 11878 11879 #if defined(CONFIG_RSBAC_AUTH) 11880 case SW_AUTH: 11881 { 11882 struct rsbac_auth_fd_aci_t aci = 11883 DEFAULT_AUTH_FD_ACI; 11884 11885 rsbac_ta_list_get_data_ttl(ta_number, 11886 device_p->handles.auth, 11887 NULL, 11888 &tid_p->file.inode, 11889 &aci); 11890 switch (attr) { 11891 case A_auth_may_setuid: 11892 aci.auth_may_setuid = 11893 value_p->auth_may_setuid; 11894 break; 11895 case A_auth_may_set_cap: 11896 aci.auth_may_set_cap = 11897 value_p->auth_may_set_cap; 11898 break; 11899 case A_auth_learn: 11900 aci.auth_learn = value_p->auth_learn; 11901 break; 11902 default: 11903 err = -RSBAC_EINVALIDATTR; 11904 } 11905 if (!err) { 11906 err = rsbac_ta_list_add_ttl(ta_number, 11907 device_p-> 11908 handles.auth, 11909 0, 11910 &tid_p->file. 11911 inode, &aci); 11912 } 11913 } 11914 break; 11915 #endif /* AUTH */ 11916 11917 #if defined(CONFIG_RSBAC_CAP) 11918 case SW_CAP: 11919 { 11920 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI; 11921 11922 rsbac_ta_list_get_data_ttl(ta_number, 11923 device_p->handles.cap, 11924 NULL, 11925 &tid_p->file.inode, 11926 &aci); 11927 switch (attr) { 11928 case A_min_caps: 11929 aci.min_caps = value_p->min_caps; 11930 break; 11931 case A_max_caps: 11932 aci.max_caps = value_p->max_caps; 11933 break; 11934 case A_cap_ld_env: 11935 aci.cap_ld_env = value_p->cap_ld_env; 11936 break; 11937 default: 11938 err = -RSBAC_EINVALIDATTR; 11939 } 11940 if (!err) { 11941 err = rsbac_ta_list_add_ttl(ta_number, 11942 device_p-> 11943 handles.cap, 11944 0, 11945 &tid_p->file. 11946 inode, &aci); 11947 } 11948 } 11949 break; 11950 #endif 11951 11952 #if defined(CONFIG_RSBAC_RES) 11953 case SW_RES: 11954 { 11955 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI; 11956 11957 rsbac_ta_list_get_data_ttl(ta_number, 11958 device_p->handles.res, 11959 NULL, 11960 &tid_p->file.inode, 11961 &aci); 11962 switch (attr) { 11963 case A_res_min: 11964 memcpy(&aci.res_min, &value_p->res_array, 11965 sizeof(aci.res_min)); 11966 break; 11967 case A_res_max: 11968 memcpy(&aci.res_max, &value_p->res_array, 11969 sizeof(aci.res_max)); 11970 break; 11971 default: 11972 err = -RSBAC_EINVALIDATTR; 11973 } 11974 if (!err) { 11975 struct rsbac_res_fd_aci_t def_aci = 11976 DEFAULT_RES_FD_ACI; 11977 11978 if (memcmp(&aci, &def_aci, sizeof(aci))) 11979 err = rsbac_ta_list_add_ttl 11980 (ta_number, 11981 device_p->handles.res, 11982 0, 11983 &tid_p->file.inode, &aci); 11984 else 11985 err = 11986 rsbac_ta_list_remove(ta_number, 11987 device_p-> 11988 handles.res, 11989 &tid_p->file. 11990 inode); 11991 } 11992 } 11993 break; 11994 #endif 11995 11996 #if defined(CONFIG_RSBAC_PAX) 11997 case SW_PAX: 11998 { 11999 switch (attr) { 12000 case A_pax_flags: 12001 value_p->pax_flags &= RSBAC_PAX_ALL_FLAGS; 12002 err = rsbac_ta_list_add_ttl(ta_number, 12003 device_p-> 12004 handles.pax, 12005 0, 12006 &tid_p->file. 12007 inode, 12008 &value_p->pax_flags); 12009 break; 12010 12011 default: 12012 err = -RSBAC_EINVALIDATTR; 12013 } 12014 } 12015 break; 12016 #endif /* PAX */ 12017 12018 default: 12019 err = -RSBAC_EINVALIDMODULE; 12020 } 12021 /* free access to device_list_head */ 12022 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 12023 rcu_read_unlock(); 12024 #else 12025 rsbac_read_unlock(&device_list_locks[hash], &dflags); 12026 #endif 12027 12028 #ifdef CONFIG_RSBAC_FD_CACHE 12029 if (fd_cache_handle[module]) { 12030 if (target == T_DIR) 12031 rsbac_list_lol_remove_all(fd_cache_handle[module]); 12032 else { 12033 struct rsbac_fd_cache_desc_t fd_desc; 12034 12035 fd_desc.device = tid_p->file.device; 12036 fd_desc.inode = tid_p->file.inode; 12037 rsbac_list_lol_remove(fd_cache_handle[module], &fd_desc); 12038 } 12039 } 12040 #endif 12041 12042 return err; 12043 }
static int set_attr_ipc | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid_p, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value_p | |||
) | [static] |
Definition at line 12207 of file aci_data_structures.c.
References A_jail_id, A_mac_categories, A_pm_ipc_purpose, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, rsbac_target_id_t::ipc, ipc_handles, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::mac_categories, NULL, rsbac_attribute_value_t::pm_ipc_purpose, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::rc_type, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), and rsbac_attribute_value_t::security_level.
Referenced by rsbac_ta_set_attr().
12213 { 12214 int err = 0; 12215 /* rsbac_pr_debug(ds, "Setting ipc attribute"); */ 12216 switch (module) { 12217 #if defined(CONFIG_RSBAC_MAC) 12218 case SW_MAC: 12219 { 12220 struct rsbac_mac_ipc_aci_t aci = 12221 DEFAULT_MAC_IPC_ACI; 12222 12223 rsbac_ta_list_get_data_ttl(ta_number, 12224 ipc_handles.mac, 12225 NULL, 12226 &tid_p->ipc, &aci); 12227 switch (attr) { 12228 case A_security_level: 12229 aci.sec_level = value_p->security_level; 12230 break; 12231 case A_mac_categories: 12232 aci.mac_categories = 12233 value_p->mac_categories; 12234 break; 12235 default: 12236 err = -RSBAC_EINVALIDATTR; 12237 } 12238 if (!err) { 12239 err = rsbac_ta_list_add_ttl(ta_number, 12240 ipc_handles. 12241 mac, 0, 12242 &tid_p->ipc, 12243 &aci); 12244 } 12245 } 12246 break; 12247 #endif 12248 12249 #if defined(CONFIG_RSBAC_PM) 12250 case SW_PM: 12251 { 12252 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI; 12253 12254 rsbac_ta_list_get_data_ttl(ta_number, 12255 ipc_handles.pm, 12256 NULL, 12257 &tid_p->ipc, &aci); 12258 switch (attr) { 12259 case A_pm_object_type: 12260 aci.pm_object_type = 12261 value_p->pm_object_type; 12262 break; 12263 case A_pm_ipc_purpose: 12264 aci.pm_ipc_purpose = 12265 value_p->pm_ipc_purpose; 12266 break; 12267 case A_pm_object_class: 12268 aci.pm_object_class = 12269 value_p->pm_object_class; 12270 break; 12271 default: 12272 err = -RSBAC_EINVALIDATTR; 12273 } 12274 if (!err) { 12275 err = rsbac_ta_list_add_ttl(ta_number, 12276 ipc_handles.pm, 12277 0, 12278 &tid_p->ipc, 12279 &aci); 12280 } 12281 } 12282 break; 12283 #endif 12284 12285 #if defined(CONFIG_RSBAC_RC) 12286 case SW_RC: 12287 { 12288 rsbac_rc_type_id_t type = value_p->rc_type; 12289 12290 switch (attr) { 12291 case A_rc_type: 12292 err = rsbac_ta_list_add_ttl(ta_number, 12293 ipc_handles.rc, 12294 0, 12295 &tid_p->ipc, 12296 &type); 12297 break; 12298 default: 12299 err = -RSBAC_EINVALIDATTR; 12300 } 12301 } 12302 break; 12303 #endif 12304 12305 #if defined(CONFIG_RSBAC_JAIL) 12306 case SW_JAIL: 12307 { 12308 rsbac_jail_id_t id = value_p->jail_id; 12309 12310 switch (attr) { 12311 case A_jail_id: 12312 /* if (id) 12313 rsbac_pr_debug(aef, 12314 "Setting jail_id for IPC " 12315 "%s %lu to %u\n", 12316 get_ipc_target_name(tmp, 12317 tid_p->ipc.type), 12318 tid_p->ipc.id.id_nr, 12319 id); */ 12320 err = rsbac_ta_list_add_ttl(ta_number, 12321 ipc_handles. 12322 jail, 0, 12323 &tid_p->ipc, 12324 &id); 12325 break; 12326 default: 12327 err = -RSBAC_EINVALIDATTR; 12328 } 12329 } 12330 break; 12331 #endif 12332 12333 default: 12334 err = -RSBAC_EINVALIDMODULE; 12335 } 12336 12337 return err; 12338 }
static int set_attr_process | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid_p, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value_p | |||
) | [static] |
Definition at line 12746 of file aci_data_structures.c.
References A_audit_uid, A_auid_exempt, A_auth_last_auth, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_ld_env, A_cap_process_hiding, A_current_sec_level, A_daz_scanner, A_fake_root_uid, A_initial_security_level, A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_parent, A_jail_scd_get, A_jail_scd_modify, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_curr_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_process_flags, A_max_caps_program, A_max_caps_user, A_max_read_categories, A_max_read_open, A_min_security_level, A_min_write_categories, A_min_write_open, A_pm_current_task, A_pm_process_type, A_pm_tp, A_rc_force_role, A_rc_role, A_rc_select_type, A_rc_type, A_remote_ip, A_security_level, rsbac_attribute_value_t::audit_uid, rsbac_gen_process_aci_t::audit_uid, rsbac_attribute_value_t::auid_exempt, rsbac_gen_process_aci_t::auid_exempt, rsbac_attribute_value_t::auth_last_auth, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, rsbac_attribute_value_t::cap_ld_env, rsbac_attribute_value_t::cap_process_hiding, rsbac_attribute_value_t::current_sec_level, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_P_ACI, rsbac_attribute_value_t::fake_root_uid, rsbac_gen_process_aci_t::fake_root_uid, rsbac_attribute_value_t::jail_flags, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::jail_ip, rsbac_attribute_value_t::jail_max_caps, rsbac_attribute_value_t::jail_parent, rsbac_attribute_value_t::jail_scd_get, rsbac_attribute_value_t::jail_scd_modify, rsbac_gen_process_aci_t::kernel_thread, rsbac_attribute_value_t::log_program_based, rsbac_gen_process_aci_t::log_program_based, MAC_auto, rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::max_caps_program, rsbac_attribute_value_t::max_caps_user, rsbac_attribute_value_t::max_read_open, rsbac_attribute_value_t::min_write_open, NULL, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_process_type, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, process_handles, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_role, rsbac_attribute_value_t::rc_select_type, rsbac_attribute_value_t::rc_type, rsbac_attribute_value_t::remote_ip, rsbac_gen_process_aci_t::remote_ip, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_MAC_P_FLAGS, rsbac_printk(), rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, and SW_GEN.
Referenced by rsbac_ta_set_attr().
12752 { 12753 int err = 0; 12754 /* rsbac_pr_debug(ds, "Setting process attribute\n"); */ 12755 if (!tid_p->process) { 12756 rsbac_printk(KERN_WARNING "rsbac_set_attr(): Trying to set attribute for process 0!\n"); 12757 return -RSBAC_EINVALIDTARGET; 12758 } 12759 switch (module) { 12760 case SW_GEN: 12761 { 12762 struct rsbac_gen_process_aci_t aci = 12763 DEFAULT_GEN_P_ACI; 12764 12765 rsbac_ta_list_get_data_ttl(ta_number, 12766 process_handles.gen, 12767 NULL, &tid_p->process, 12768 &aci); 12769 switch (attr) { 12770 case A_log_program_based: 12771 aci.log_program_based = 12772 value_p->log_program_based; 12773 break; 12774 case A_fake_root_uid: 12775 aci.fake_root_uid = value_p->fake_root_uid; 12776 break; 12777 case A_audit_uid: 12778 aci.audit_uid = value_p->audit_uid; 12779 break; 12780 case A_auid_exempt: 12781 aci.auid_exempt = value_p->auid_exempt; 12782 break; 12783 case A_remote_ip: 12784 aci.remote_ip = value_p->remote_ip; 12785 break; 12786 case A_kernel_thread: 12787 aci.kernel_thread = value_p->kernel_thread; 12788 break; 12789 default: 12790 err = -RSBAC_EINVALIDATTR; 12791 } 12792 if (!err) { 12793 err = rsbac_ta_list_add_ttl(ta_number, 12794 process_handles.gen, 12795 0, 12796 &tid_p-> 12797 process, &aci); 12798 } 12799 } 12800 break; 12801 12802 #if defined(CONFIG_RSBAC_MAC) 12803 case SW_MAC: 12804 { 12805 struct rsbac_mac_process_aci_t aci = 12806 DEFAULT_MAC_P_ACI; 12807 12808 rsbac_ta_list_get_data_ttl(ta_number, 12809 process_handles.mac, 12810 NULL, &tid_p->process, 12811 &aci); 12812 switch (attr) { 12813 case A_security_level: 12814 aci.owner_sec_level = 12815 value_p->security_level; 12816 break; 12817 case A_initial_security_level: 12818 aci.owner_initial_sec_level = 12819 value_p->security_level; 12820 break; 12821 case A_min_security_level: 12822 aci.owner_min_sec_level = 12823 value_p->security_level; 12824 break; 12825 case A_mac_categories: 12826 aci.mac_owner_categories = 12827 value_p->mac_categories; 12828 break; 12829 case A_mac_initial_categories: 12830 aci.mac_owner_initial_categories = 12831 value_p->mac_categories; 12832 break; 12833 case A_mac_min_categories: 12834 aci.mac_owner_min_categories = 12835 value_p->mac_categories; 12836 break; 12837 case A_current_sec_level: 12838 aci.current_sec_level = 12839 value_p->current_sec_level; 12840 break; 12841 case A_mac_curr_categories: 12842 aci.mac_curr_categories = 12843 value_p->mac_categories; 12844 break; 12845 case A_min_write_open: 12846 aci.min_write_open = 12847 value_p->min_write_open; 12848 break; 12849 case A_min_write_categories: 12850 aci.min_write_categories = 12851 value_p->mac_categories; 12852 break; 12853 case A_max_read_open: 12854 aci.max_read_open = value_p->max_read_open; 12855 break; 12856 case A_max_read_categories: 12857 aci.max_read_categories = 12858 value_p->mac_categories; 12859 break; 12860 case A_mac_process_flags: 12861 aci.mac_process_flags = 12862 value_p-> 12863 mac_process_flags & RSBAC_MAC_P_FLAGS; 12864 break; 12865 case A_mac_auto: 12866 if (value_p->mac_auto) 12867 aci.mac_process_flags |= MAC_auto; 12868 else 12869 aci.mac_process_flags &= ~MAC_auto; 12870 break; 12871 default: 12872 err = -RSBAC_EINVALIDATTR; 12873 } 12874 if (!err) { 12875 err = rsbac_ta_list_add_ttl(ta_number, 12876 process_handles.mac, 12877 0, 12878 &tid_p-> 12879 process, &aci); 12880 } 12881 } 12882 break; 12883 #endif 12884 12885 #if defined(CONFIG_RSBAC_PM) 12886 case SW_PM: 12887 { 12888 struct rsbac_pm_process_aci_t aci = 12889 DEFAULT_PM_P_ACI; 12890 12891 rsbac_ta_list_get_data_ttl(ta_number, 12892 process_handles.pm, 12893 NULL, 12894 &tid_p->process, &aci); 12895 switch (attr) { 12896 case A_pm_tp: 12897 aci.pm_tp = value_p->pm_tp; 12898 break; 12899 case A_pm_current_task: 12900 aci.pm_current_task = 12901 value_p->pm_current_task; 12902 break; 12903 case A_pm_process_type: 12904 aci.pm_process_type = 12905 value_p->pm_process_type; 12906 break; 12907 default: 12908 err = -RSBAC_EINVALIDATTR; 12909 } 12910 if (!err) { 12911 err = rsbac_ta_list_add_ttl(ta_number, 12912 process_handles. 12913 pm, 0, 12914 &tid_p-> 12915 process, &aci); 12916 } 12917 } 12918 break; 12919 #endif 12920 12921 #if defined(CONFIG_RSBAC_DAZ) 12922 case SW_DAZ: 12923 { 12924 struct rsbac_daz_process_aci_t aci = 12925 DEFAULT_DAZ_P_ACI; 12926 12927 rsbac_ta_list_get_data_ttl(ta_number, 12928 process_handles.daz, 12929 NULL, 12930 &tid_p->process, &aci); 12931 switch (attr) { 12932 case A_daz_scanner: 12933 aci.daz_scanner = value_p->daz_scanner; 12934 break; 12935 default: 12936 err = -RSBAC_EINVALIDATTR; 12937 } 12938 if (!err) { 12939 err = rsbac_ta_list_add_ttl(ta_number, 12940 process_handles. 12941 daz, 0, 12942 &tid_p-> 12943 process, &aci); 12944 } 12945 } 12946 break; 12947 #endif 12948 12949 #if defined(CONFIG_RSBAC_RC) 12950 case SW_RC: 12951 { 12952 struct rsbac_rc_process_aci_t aci = 12953 DEFAULT_RC_P_ACI; 12954 12955 rsbac_ta_list_get_data_ttl(ta_number, 12956 process_handles.rc, 12957 NULL, &tid_p->process, 12958 &aci); 12959 switch (attr) { 12960 case A_rc_role: 12961 aci.rc_role = value_p->rc_role; 12962 break; 12963 case A_rc_type: 12964 aci.rc_type = value_p->rc_type; 12965 break; 12966 case A_rc_select_type: 12967 aci.rc_select_type = value_p->rc_select_type; 12968 break; 12969 case A_rc_force_role: 12970 aci.rc_force_role = value_p->rc_force_role; 12971 break; 12972 default: 12973 err = -RSBAC_EINVALIDATTR; 12974 } 12975 if (!err) { 12976 err = rsbac_ta_list_add_ttl(ta_number, 12977 process_handles.rc, 12978 0, 12979 &tid_p-> 12980 process, &aci); 12981 } 12982 } 12983 break; 12984 #endif 12985 12986 #if defined(CONFIG_RSBAC_AUTH) 12987 case SW_AUTH: 12988 { 12989 struct rsbac_auth_process_aci_t aci = 12990 DEFAULT_AUTH_P_ACI; 12991 12992 rsbac_ta_list_get_data_ttl(ta_number, 12993 process_handles.auth, 12994 NULL, 12995 &tid_p->process, &aci); 12996 switch (attr) { 12997 case A_auth_may_setuid: 12998 aci.auth_may_setuid = 12999 value_p->auth_may_setuid; 13000 break; 13001 case A_auth_may_set_cap: 13002 aci.auth_may_set_cap = 13003 value_p->auth_may_set_cap; 13004 break; 13005 #if defined(CONFIG_RSBAC_AUTH_LEARN) 13006 case A_auth_program_file: 13007 aci.auth_program_file = 13008 value_p->auth_program_file; 13009 break; 13010 case A_auth_start_uid: 13011 aci.auth_start_uid = 13012 value_p->auth_start_uid; 13013 break; 13014 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 13015 case A_auth_start_euid: 13016 aci.auth_start_euid = 13017 value_p->auth_start_euid; 13018 break; 13019 #endif 13020 #ifdef CONFIG_RSBAC_AUTH_GROUP 13021 case A_auth_start_gid: 13022 aci.auth_start_gid = 13023 value_p->auth_start_gid; 13024 break; 13025 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP 13026 case A_auth_start_egid: 13027 aci.auth_start_egid = 13028 value_p->auth_start_egid; 13029 break; 13030 #endif 13031 #endif 13032 case A_auth_learn: 13033 aci.auth_learn = value_p->auth_learn; 13034 break; 13035 #endif 13036 case A_auth_last_auth: 13037 aci.auth_last_auth = 13038 value_p->auth_last_auth; 13039 break; 13040 default: 13041 err = -RSBAC_EINVALIDATTR; 13042 } 13043 if (!err) { 13044 err = rsbac_ta_list_add_ttl(ta_number, 13045 process_handles.auth, 13046 0, 13047 &tid_p->process, 13048 &aci); 13049 } 13050 } 13051 break; 13052 #endif 13053 13054 #if defined(CONFIG_RSBAC_CAP) 13055 case SW_CAP: 13056 { 13057 struct rsbac_cap_process_aci_t aci = 13058 DEFAULT_CAP_P_ACI; 13059 13060 rsbac_ta_list_get_data_ttl(ta_number, 13061 process_handles.cap, 13062 NULL, 13063 &tid_p->process, &aci); 13064 switch (attr) { 13065 case A_cap_process_hiding: 13066 aci.cap_process_hiding = 13067 value_p->cap_process_hiding; 13068 break; 13069 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING 13070 case A_max_caps_user: 13071 aci.max_caps_user = value_p->max_caps_user; 13072 break; 13073 case A_max_caps_program: 13074 aci.max_caps_program = 13075 value_p->max_caps_program; 13076 break; 13077 #endif 13078 case A_cap_ld_env: 13079 aci.cap_ld_env = value_p->cap_ld_env; 13080 break; 13081 default: 13082 err = -RSBAC_EINVALIDATTR; 13083 } 13084 if (!err) { 13085 err = rsbac_ta_list_add_ttl(ta_number, 13086 process_handles. 13087 cap, 0, 13088 &tid_p-> 13089 process, &aci); 13090 } 13091 } 13092 break; 13093 #endif 13094 13095 #if defined(CONFIG_RSBAC_JAIL) 13096 case SW_JAIL: 13097 { 13098 struct rsbac_jail_process_aci_t aci = 13099 DEFAULT_JAIL_P_ACI; 13100 13101 rsbac_ta_list_get_data_ttl(ta_number, 13102 process_handles.jail, 13103 NULL, &tid_p->process, 13104 &aci); 13105 switch (attr) { 13106 case A_jail_id: 13107 aci.id = value_p->jail_id; 13108 break; 13109 case A_jail_parent: 13110 aci.parent = value_p->jail_parent; 13111 break; 13112 case A_jail_ip: 13113 aci.ip = value_p->jail_ip; 13114 break; 13115 case A_jail_flags: 13116 aci.flags = value_p->jail_flags; 13117 break; 13118 case A_jail_max_caps: 13119 aci.max_caps = value_p->jail_max_caps; 13120 break; 13121 case A_jail_scd_get: 13122 aci.scd_get = value_p->jail_scd_get; 13123 break; 13124 case A_jail_scd_modify: 13125 aci.scd_modify = value_p->jail_scd_modify; 13126 break; 13127 default: 13128 err = -RSBAC_EINVALIDATTR; 13129 } 13130 if (!err) { 13131 err = rsbac_ta_list_add_ttl(ta_number, 13132 process_handles.jail, 13133 0, 13134 &tid_p-> 13135 process, &aci); 13136 } 13137 } 13138 break; 13139 #endif 13140 13141 default: 13142 err = -RSBAC_EINVALIDMODULE; 13143 } 13144 13145 return err; 13146 }
static int set_attr_user | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid_p, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value_p | |||
) | [static] |
Definition at line 12340 of file aci_data_structures.c.
References A_auth_role, A_cap_ld_env, A_cap_role, A_daz_role, A_ff_role, A_initial_security_level, A_jail_role, A_log_user_based, A_mac_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_role, A_mac_user_flags, A_max_caps, A_min_caps, A_min_security_level, A_pax_role, A_pm_role, A_pm_task_set, A_pseudo, A_rc_def_role, A_rc_type, A_res_max, A_res_min, A_res_role, A_security_level, A_system_role, rsbac_attribute_value_t::cap_ld_env, DEFAULT_GEN_U_ACI, rsbac_attribute_value_t::log_user_based, rsbac_gen_user_aci_t::log_user_based, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, rsbac_attribute_value_t::pm_role, rsbac_attribute_value_t::pm_task_set, rsbac_attribute_value_t::pseudo, rsbac_gen_user_aci_t::pseudo, rsbac_attribute_value_t::rc_def_role, rsbac_attribute_value_t::rc_type, rsbac_attribute_value_t::res_array, RSBAC_ALL_USERS, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, RSBAC_MAC_U_FLAGS, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_remove(), rsbac_attribute_value_t::security_level, SW_GEN, rsbac_attribute_value_t::system_role, rsbac_target_id_t::user, and user_handles.
Referenced by rsbac_ta_set_attr().
12346 { 12347 int err = 0; 12348 /* rsbac_pr_debug(ds, "Setting %s user attribute %i " 12349 "for %u to %i\n", 12350 get_switch_target_name(tmp, module), attr, 12351 tid_p->user, value_p->dummy); */ 12352 switch (module) { 12353 case SW_GEN: 12354 { 12355 struct rsbac_gen_user_aci_t aci = 12356 DEFAULT_GEN_U_ACI; 12357 12358 rsbac_ta_list_get_data_ttl(ta_number, 12359 user_handles.gen, 12360 NULL, 12361 &tid_p->user, &aci); 12362 switch (attr) { 12363 case A_pseudo: 12364 aci.pseudo = value_p->pseudo; 12365 break; 12366 case A_log_user_based: 12367 aci.log_user_based = 12368 value_p->log_user_based; 12369 break; 12370 default: 12371 err = -RSBAC_EINVALIDATTR; 12372 } 12373 if (!err) { 12374 err = rsbac_ta_list_add_ttl(ta_number, 12375 user_handles. 12376 gen, 0, 12377 &tid_p->user, 12378 &aci); 12379 } 12380 } 12381 break; 12382 12383 #if defined(CONFIG_RSBAC_MAC) 12384 case SW_MAC: 12385 { 12386 struct rsbac_mac_user_aci_t aci = 12387 DEFAULT_MAC_U_ACI; 12388 12389 rsbac_ta_list_get_data_ttl(ta_number, 12390 user_handles.mac, 12391 NULL, 12392 &tid_p->user, &aci); 12393 switch (attr) { 12394 case A_security_level: 12395 if (value_p->security_level < 12396 aci.min_security_level) 12397 err = -RSBAC_EINVALIDVALUE; 12398 else 12399 aci.security_level = 12400 value_p->security_level; 12401 break; 12402 case A_initial_security_level: 12403 if ((value_p->security_level < 12404 aci.min_security_level) 12405 || (value_p->security_level > 12406 aci.security_level) 12407 ) 12408 err = -RSBAC_EINVALIDVALUE; 12409 else 12410 aci.initial_security_level = 12411 value_p->security_level; 12412 break; 12413 case A_min_security_level: 12414 if (value_p->security_level > 12415 aci.security_level) 12416 err = -RSBAC_EINVALIDVALUE; 12417 else 12418 aci.min_security_level = 12419 value_p->security_level; 12420 break; 12421 case A_mac_categories: 12422 if ((value_p->mac_categories & aci. 12423 mac_min_categories) != 12424 aci.mac_min_categories) 12425 err = -RSBAC_EINVALIDVALUE; 12426 else 12427 aci.mac_categories = 12428 value_p->mac_categories; 12429 break; 12430 case A_mac_initial_categories: 12431 if (((value_p->mac_categories & aci. 12432 mac_min_categories) != 12433 aci.mac_min_categories) 12434 || 12435 ((value_p->mac_categories & aci. 12436 mac_categories) != 12437 value_p->mac_categories) 12438 ) 12439 err = -RSBAC_EINVALIDVALUE; 12440 else 12441 aci.mac_initial_categories = 12442 value_p->mac_categories; 12443 break; 12444 case A_mac_min_categories: 12445 if ((value_p->mac_categories & aci. 12446 mac_categories) != 12447 value_p->mac_categories) 12448 err = -RSBAC_EINVALIDVALUE; 12449 else 12450 aci.mac_min_categories = 12451 value_p->mac_categories; 12452 break; 12453 case A_system_role: 12454 case A_mac_role: 12455 aci.system_role = value_p->system_role; 12456 break; 12457 case A_mac_user_flags: 12458 aci.mac_user_flags = 12459 value_p-> 12460 mac_user_flags & RSBAC_MAC_U_FLAGS; 12461 break; 12462 default: 12463 err = -RSBAC_EINVALIDATTR; 12464 } 12465 if (!err) { 12466 err = rsbac_ta_list_add_ttl(ta_number, 12467 user_handles. 12468 mac, 0, 12469 &tid_p->user, 12470 &aci); 12471 } 12472 } 12473 break; 12474 #endif 12475 12476 #if defined(CONFIG_RSBAC_PM) 12477 case SW_PM: 12478 { 12479 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI; 12480 12481 rsbac_ta_list_get_data_ttl(ta_number, 12482 user_handles.pm, 12483 NULL, 12484 &tid_p->user, &aci); 12485 switch (attr) { 12486 case A_pm_task_set: 12487 aci.pm_task_set = value_p->pm_task_set; 12488 break; 12489 case A_pm_role: 12490 aci.pm_role = value_p->pm_role; 12491 break; 12492 default: 12493 err = -RSBAC_EINVALIDATTR; 12494 } 12495 if (!err) { 12496 err = rsbac_ta_list_add_ttl(ta_number, 12497 user_handles. 12498 pm, 0, 12499 &tid_p->user, 12500 &aci); 12501 } 12502 } 12503 break; 12504 #endif 12505 12506 #if defined(CONFIG_RSBAC_DAZ) 12507 case SW_DAZ: 12508 { 12509 rsbac_system_role_int_t role = 12510 value_p->system_role; 12511 12512 switch (attr) { 12513 case A_system_role: 12514 case A_daz_role: 12515 err = rsbac_ta_list_add_ttl(ta_number, 12516 user_handles. 12517 daz, 0, 12518 &tid_p->user, 12519 &role); 12520 break; 12521 default: 12522 err = -RSBAC_EINVALIDATTR; 12523 } 12524 } 12525 break; 12526 #endif 12527 12528 #if defined(CONFIG_RSBAC_FF) 12529 case SW_FF: 12530 { 12531 rsbac_system_role_int_t role = 12532 value_p->system_role; 12533 12534 switch (attr) { 12535 case A_system_role: 12536 case A_ff_role: 12537 err = rsbac_ta_list_add_ttl(ta_number, 12538 user_handles. 12539 ff, 0, 12540 &tid_p->user, 12541 &role); 12542 break; 12543 default: 12544 err = -RSBAC_EINVALIDATTR; 12545 } 12546 } 12547 break; 12548 #endif 12549 12550 #if defined(CONFIG_RSBAC_RC) 12551 case SW_RC: 12552 { 12553 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI; 12554 12555 rsbac_ta_list_get_data_ttl(ta_number, 12556 user_handles.rc, 12557 NULL, 12558 &tid_p->user, &aci); 12559 switch (attr) { 12560 case A_rc_def_role: 12561 aci.rc_role = value_p->rc_def_role; 12562 break; 12563 case A_rc_type: 12564 aci.rc_type = value_p->rc_type; 12565 break; 12566 default: 12567 err = -RSBAC_EINVALIDATTR; 12568 } 12569 if (!err) { 12570 err = rsbac_ta_list_add_ttl(ta_number, 12571 user_handles. 12572 rc, 0, 12573 &tid_p->user, 12574 &aci); 12575 } 12576 } 12577 break; 12578 #endif 12579 12580 #if defined(CONFIG_RSBAC_AUTH) 12581 case SW_AUTH: 12582 { 12583 rsbac_system_role_int_t role = 12584 value_p->system_role; 12585 12586 switch (attr) { 12587 case A_system_role: 12588 case A_auth_role: 12589 err = rsbac_ta_list_add_ttl(ta_number, 12590 user_handles. 12591 auth, 0, 12592 &tid_p->user, 12593 &role); 12594 break; 12595 default: 12596 err = -RSBAC_EINVALIDATTR; 12597 } 12598 } 12599 break; 12600 #endif 12601 12602 #if defined(CONFIG_RSBAC_CAP) 12603 case SW_CAP: 12604 { 12605 struct rsbac_cap_user_aci_t aci = 12606 DEFAULT_CAP_U_ACI; 12607 12608 rsbac_ta_list_get_data_ttl(ta_number, 12609 user_handles.cap, 12610 NULL, 12611 &tid_p->user, &aci); 12612 switch (attr) { 12613 case A_system_role: 12614 case A_cap_role: 12615 aci.cap_role = value_p->system_role; 12616 break; 12617 case A_min_caps: 12618 aci.min_caps = value_p->min_caps; 12619 break; 12620 case A_max_caps: 12621 aci.max_caps = value_p->max_caps; 12622 break; 12623 case A_cap_ld_env: 12624 aci.cap_ld_env = value_p->cap_ld_env; 12625 break; 12626 default: 12627 err = -RSBAC_EINVALIDATTR; 12628 } 12629 if (!err) { 12630 err = rsbac_ta_list_add_ttl(ta_number, 12631 user_handles. 12632 cap, 0, 12633 &tid_p->user, 12634 &aci); 12635 } 12636 } 12637 break; 12638 #endif 12639 12640 #if defined(CONFIG_RSBAC_JAIL) 12641 case SW_JAIL: 12642 { 12643 rsbac_system_role_int_t role = 12644 value_p->system_role; 12645 12646 switch (attr) { 12647 case A_system_role: 12648 case A_jail_role: 12649 err = rsbac_ta_list_add_ttl(ta_number, 12650 user_handles. 12651 jail, 0, 12652 &tid_p->user, 12653 &role); 12654 break; 12655 default: 12656 err = -RSBAC_EINVALIDATTR; 12657 } 12658 } 12659 break; 12660 #endif 12661 12662 #if defined(CONFIG_RSBAC_RES) 12663 case SW_RES: 12664 { 12665 struct rsbac_res_user_aci_t aci = 12666 DEFAULT_RES_U_ACI; 12667 12668 rsbac_ta_list_get_data_ttl(ta_number, 12669 user_handles.res, 12670 NULL, 12671 &tid_p->user, &aci); 12672 switch (attr) { 12673 case A_system_role: 12674 case A_res_role: 12675 aci.res_role = value_p->system_role; 12676 break; 12677 case A_res_min: 12678 memcpy(&aci.res_min, &value_p->res_array, 12679 sizeof(aci.res_min)); 12680 break; 12681 case A_res_max: 12682 memcpy(&aci.res_max, &value_p->res_array, 12683 sizeof(aci.res_max)); 12684 break; 12685 default: 12686 err = -RSBAC_EINVALIDATTR; 12687 } 12688 if (!err) { 12689 struct rsbac_res_user_aci_t def_aci = 12690 DEFAULT_RES_U_ACI; 12691 12692 if (tid_p->user != RSBAC_ALL_USERS) { 12693 rsbac_uid_t all_users = 12694 RSBAC_ALL_USERS; 12695 12696 rsbac_ta_list_get_data_ttl 12697 (ta_number, user_handles.res, 12698 NULL, &all_users, &def_aci); 12699 } 12700 if (memcmp(&aci, &def_aci, sizeof(aci))) 12701 err = 12702 rsbac_ta_list_add_ttl 12703 (ta_number, user_handles.res, 12704 0, &tid_p->user, &aci); 12705 else 12706 err = 12707 rsbac_ta_list_remove(ta_number, 12708 user_handles. 12709 res, 12710 &tid_p-> 12711 user); 12712 } 12713 } 12714 break; 12715 #endif 12716 12717 #if defined(CONFIG_RSBAC_PAX) 12718 case SW_PAX: 12719 { 12720 rsbac_system_role_int_t role = 12721 value_p->system_role; 12722 12723 switch (attr) { 12724 case A_system_role: 12725 case A_pax_role: 12726 err = rsbac_ta_list_add_ttl(ta_number, 12727 user_handles. 12728 pax, 0, 12729 &tid_p->user, 12730 &role); 12731 break; 12732 default: 12733 err = -RSBAC_EINVALIDATTR; 12734 } 12735 } 12736 break; 12737 #endif 12738 12739 default: 12740 err = -RSBAC_EINVALIDMODULE; 12741 } 12742 12743 return err; 12744 }
static void wakeup_auto | ( | u_long | dummy | ) | [static] |
rsbac_boolean_t writable | ( | struct super_block * | sb_p | ) |
Definition at line 323 of file aci_data_structures.c.
References FALSE, KERNEL_VERSION, rsbac_debug_no_write, SOCKFS_MAGIC, SYSFS_MAGIC, and TRUE.
Referenced by lookup_aci_path_dentry(), and rsbac_write_open().
00324 { 00325 #ifdef CONFIG_RSBAC_NO_WRITE 00326 return (FALSE); 00327 #else 00328 if (!sb_p || !sb_p->s_dev) 00329 return (FALSE); 00330 if (rsbac_debug_no_write || (sb_p->s_flags & MS_RDONLY) 00331 || in_interrupt()) 00332 return (FALSE); 00333 if (!MAJOR(sb_p->s_dev) 00334 #ifndef CONFIG_RSBAC_MSDOS_WRITE 00335 || (sb_p->s_magic == MSDOS_SUPER_MAGIC) 00336 #endif 00337 || (sb_p->s_magic == SOCKFS_MAGIC) 00338 || (sb_p->s_magic == PIPEFS_MAGIC) 00339 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00340 || (sb_p->s_magic == SYSFS_MAGIC) 00341 #endif 00342 || (sb_p->s_magic == NFS_SUPER_MAGIC) 00343 || (sb_p->s_magic == CODA_SUPER_MAGIC) 00344 || (sb_p->s_magic == NCP_SUPER_MAGIC) 00345 || (sb_p->s_magic == SMB_SUPER_MAGIC) 00346 || (sb_p->s_magic == ISOFS_SUPER_MAGIC)) 00347 return (FALSE); 00348 else 00349 return (TRUE); 00350 #endif 00351 }
char compiled_modules[80] [static] |
struct rsbac_gen_fd_aci_t def_gen_fd_aci = DEFAULT_GEN_FD_ACI [static] |
struct rsbac_gen_fd_aci_t def_gen_root_dir_aci [static] |
struct rsbac_dev_handles_t dev_handles [static] |
Definition at line 163 of file aci_data_structures.c.
Referenced by get_attr_dev(), register_dev_lists(), rsbac_stats(), rsbac_ta_list_all_dev(), rsbac_ta_remove_target(), and set_attr_dev().
struct rsbac_dev_handles_t dev_major_handles [static] |
Definition at line 164 of file aci_data_structures.c.
Referenced by get_attr_dev(), register_dev_lists(), rsbac_stats(), rsbac_ta_list_all_dev(), rsbac_ta_remove_target(), and set_attr_dev().
struct rsbac_device_list_head_t* device_head_p[RSBAC_NR_DEVICE_LISTS] [static] |
Definition at line 146 of file aci_data_structures.c.
Referenced by add_device_item(), lookup_device(), remove_device_item(), rsbac_do_init(), rsbac_free_dat_dentries(), and rsbac_stats().
spinlock_t device_list_locks[RSBAC_NR_DEVICE_LISTS] [static] |
Definition at line 148 of file aci_data_structures.c.
Referenced by add_device_item(), get_attr_fd(), lookup_aci_path_dentry(), remove_device_item(), rsbac_do_init(), rsbac_free_dat_dentries(), rsbac_get_full_path(), rsbac_get_full_path_length(), rsbac_get_parent(), rsbac_get_super_block(), rsbac_mount(), rsbac_stats(), rsbac_ta_remove_target(), rsbac_umount(), and set_attr_fd().
u_int gen_nr_fd_hashes = RSBAC_LIST_MIN_MAX_HASHES [static] |
u_int gen_nr_p_hashes = 1 [static] |
struct rsbac_ipc_handles_t ipc_handles [static] |
Definition at line 165 of file aci_data_structures.c.
Referenced by get_attr_ipc(), register_ipc_lists(), rsbac_stats(), rsbac_ta_list_all_ipc(), rsbac_ta_remove_target(), and set_attr_ipc().
struct rsbac_process_handles_t process_handles [static] |
Definition at line 170 of file aci_data_structures.c.
Referenced by get_attr_process(), register_process_lists(), rsbac_init(), rsbac_kthread_notify(), rsbac_stats(), rsbac_ta_remove_target(), and set_attr_process().
rsbac_boolean_t rsbac_initialized = FALSE |
Definition at line 136 of file aci_data_structures.c.
Referenced by rsbac_do_init(), rsbac_free_dat_dentries(), rsbac_init(), rsbac_is_initialized(), rsbac_kthread_notify(), rsbac_mark_kthread(), rsbac_mount(), rsbac_stats(), rsbac_ta_get_attr(), rsbac_ta_remove_target(), rsbac_ta_set_attr(), and rsbac_umount().
struct rsbac_kthread_t* rsbac_kthread |
Definition at line 7867 of file aci_data_structures.c.
Referenced by rsbac_init(), rsbac_kthreads_init(), and rsbac_mark_kthread().
Definition at line 7868 of file aci_data_structures.c.
kdev_t rsbac_root_dev |
Definition at line 140 of file aci_data_structures.c.
Referenced by acl_create_def(), acl_create_def2(), read_info(), rsbac_do_init(), rsbac_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_list_lol_register_hashed(), rsbac_list_register_hashed(), rsbac_mount(), and write_info().
struct dentry* sysfs_covered_p = NULL [static] |
Definition at line 245 of file aci_data_structures.c.
Referenced by rsbac_do_init(), rsbac_mount(), and rsbac_umount().
struct super_block* sysfs_sb_p = NULL [static] |
Definition at line 246 of file aci_data_structures.c.
Referenced by rsbac_do_init(), rsbac_mount(), and rsbac_umount().
struct rsbac_user_handles_t user_handles [static] |
Definition at line 166 of file aci_data_structures.c.
Referenced by get_attr_user(), register_user_lists1(), register_user_lists2(), rsbac_init(), rsbac_stats(), rsbac_ta_list_all_user(), rsbac_ta_remove_target(), and set_attr_user().