#include <rsbac/types.h>
#include <linux/init.h>
Go to the source code of this file.
Defines | |
#define | rsbac_get_attr(module, target, tid, attr, value, inherit) rsbac_ta_get_attr(0, module, target, tid, attr, value, inherit) |
#define | rsbac_set_attr(module, target, tid, attr, value) rsbac_ta_set_attr(0, module, target, tid, attr, value) |
#define | rsbac_remove_target(target, tid) rsbac_ta_remove_target(0, target, tid) |
Functions | |
int | rsbac_init (kdev_t root_dev) __init |
int | rsbac_kthread_notify (rsbac_pid_t pid) |
void | rsbac_off (void) |
static rsbac_boolean_t | rsbac_is_initialized (void) |
int | rsbac_mount (struct super_block *sb_p, struct dentry *d_covers) |
int | rsbac_umount (struct super_block *sb_p, struct dentry *d_covers) |
int | rsbac_free_dat_dentries (void) |
int | rsbac_stats (void) |
int | rsbac_check (int correct, int check_inode) |
int | rsbac_get_parent (enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t *parent_target_p, union rsbac_target_id_t *parent_tid_p) |
int | rsbac_ta_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
int | rsbac_ta_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value) |
int | rsbac_ta_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t tid) |
int | rsbac_ta_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t **id_pp) |
int | rsbac_ta_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t **id_pp) |
int | rsbac_ta_list_all_ipc (rsbac_list_ta_number_t ta_number, struct rsbac_ipc_t **id_pp) |
int | rsbac_ta_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t **id_pp) |
int | rsbac_mark_kthread (rsbac_pid_t pid) |
int | rsbac_kthreads_init (void) |
Variables | |
rsbac_boolean_t | rsbac_initialized |
#define rsbac_get_attr | ( | module, | |||
target, | |||||
tid, | |||||
attr, | |||||
value, | |||||
inherit | ) | rsbac_ta_get_attr(0, module, target, tid, attr, value, inherit) |
Definition at line 103 of file aci.h.
Referenced by adjust_in_out_pp(), auto_read_attr(), auto_read_write_attr(), auto_write_attr(), check_comp_rc(), check_comp_rc_scd(), check_flags_ff(), daz_check_secoff(), daz_ignored(), get_ipc_purpose(), jail_check_sysrole(), jail_get_flags_process(), jail_get_id(), jail_get_id_process(), jail_get_parent_process(), jail_get_scd_get_process(), jail_get_scd_modify_process(), mac_check_role(), mac_sys_check_role(), na_and_pp_ipc(), na_and_pp_or_cs(), na_dev(), na_ipc(), rsbac_acl_check_right(), rsbac_acl_check_super(), rsbac_acl_sys_get_rights(), rsbac_adf_request_auth(), rsbac_adf_request_cap(), rsbac_adf_request_daz(), rsbac_adf_request_ff(), rsbac_adf_request_int(), rsbac_adf_request_mac(), rsbac_adf_request_pax(), rsbac_adf_request_pm(), rsbac_adf_request_rc(), rsbac_adf_request_res(), rsbac_adf_set_attr(), rsbac_adf_set_attr_auth(), rsbac_adf_set_attr_cap(), rsbac_adf_set_attr_daz(), rsbac_adf_set_attr_jail(), rsbac_adf_set_attr_mac(), rsbac_adf_set_attr_pm(), rsbac_adf_set_attr_rc(), rsbac_adf_set_attr_res(), rsbac_auth_add_p_cap(), rsbac_auth_p_capset_member(), rsbac_auth_remove_p_cap(), rsbac_get_full_path(), rsbac_init(), rsbac_jail_sys_jail(), rsbac_mac_get_curr_level(), rsbac_mac_get_max_level(), rsbac_mac_get_min_level(), rsbac_mac_set_curr_level(), rsbac_pm_change_current_task(), rsbac_pm_create_file(), rsbac_rc_check_type_comp(), rsbac_rc_sys_change_role(), rsbac_rc_sys_get_current_role(), rsbac_rc_sys_get_eff_rights(), rsbac_rc_sys_set_item(), rsbac_rc_test_admin_roles(), rsbac_rc_test_assign_roles(), rsbac_rc_test_role_admin(), rsbac_set_audit_uid(), sys_rsbac_daz_flush_cache(), and tp_check().
#define rsbac_remove_target | ( | target, | |||
tid | ) | rsbac_ta_remove_target(0, target, tid) |
Definition at line 125 of file aci.h.
Referenced by rsbac_adf_request_int(), and rsbac_adf_set_attr().
#define rsbac_set_attr | ( | module, | |||
target, | |||||
tid, | |||||
attr, | |||||
value | ) | rsbac_ta_set_attr(0, module, target, tid, attr, value) |
Definition at line 114 of file aci.h.
Referenced by auto_read_attr(), auto_read_write_attr(), auto_write_attr(), rsbac_adf_request_daz(), rsbac_adf_request_mac(), rsbac_adf_set_attr(), rsbac_adf_set_attr_auth(), rsbac_adf_set_attr_cap(), rsbac_adf_set_attr_daz(), rsbac_adf_set_attr_jail(), rsbac_adf_set_attr_mac(), rsbac_adf_set_attr_pm(), rsbac_adf_set_attr_rc(), rsbac_jail_sys_jail(), rsbac_mac_set_curr_level(), rsbac_pm_change_current_task(), rsbac_pm_create_file(), rsbac_rc_select_fd_create_type(), rsbac_rc_sys_change_role(), rsbac_set_audit_uid(), sys_rsbac_um_auth_name(), and sys_rsbac_um_auth_uid().
int rsbac_check | ( | int | correct, | |
int | check_inode | |||
) |
int rsbac_free_dat_dentries | ( | void | ) |
Definition at line 8561 of file aci_data_structures.c.
References device_head_p, device_list_locks, KERNEL_VERSION, NULL, RSBAC_ENOTINITIALIZED, rsbac_initialized, and rsbac_printk().
08562 { 08563 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08564 u_long flags; 08565 #endif 08566 struct rsbac_device_list_item_t *device_p; 08567 u_int i; 08568 08569 if (!rsbac_initialized) { 08570 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n"); 08571 return (-RSBAC_ENOTINITIALIZED); 08572 } 08573 08574 rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n"); 08575 08576 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) { 08577 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08578 spin_lock(&device_list_locks[i]); 08579 #else 08580 rsbac_write_lock(&device_list_locks[i], &flags); 08581 #endif 08582 device_p = device_head_p[i]->head; 08583 while (device_p) { 08584 if (device_p->rsbac_dir_dentry_p) { 08585 dput(device_p->rsbac_dir_dentry_p); 08586 device_p->rsbac_dir_dentry_p = NULL; 08587 } 08588 device_p = device_p->next; 08589 } 08590 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08591 spin_unlock(&device_list_locks[i]); 08592 #else 08593 rsbac_write_unlock(&device_list_locks[i], &flags); 08594 #endif 08595 } 08596 return 0; 08597 }
int rsbac_get_parent | ( | enum rsbac_target_t | target, | |
union rsbac_target_id_t | tid, | |||
enum rsbac_target_t * | parent_target_p, | |||
union rsbac_target_id_t * | parent_tid_p | |||
) |
Definition at line 9083 of file aci_data_structures.c.
References device_hash(), device_list_locks, lookup_device(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTFOUND, rsbac_printk(), T_DIR, T_FIFO, T_FILE, T_SYMLINK, and T_UNIXSOCK.
Referenced by copy_fp_cap_set_item(), copy_fp_tru_set_item(), get_attr_fd(), rsbac_acl_get_rights(), and rsbac_acl_get_single_right().
09087 { 09088 if (!parent_target_p || !parent_tid_p) 09089 return -RSBAC_EINVALIDPOINTER; 09090 /* 09091 rsbac_pr_debug(ds, "Getting file/dir/fifo/symlink " 09092 "parent for device %02u:%02u, inode %lu, dentry_p %p\n", 09093 RSBAC_MAJOR(tid.file.device), 09094 RSBAC_MINOR(tid.file.device), 09095 (u_long)tid.file.inode, tid.file.dentry_p); 09096 */ 09097 switch (target) { 09098 case T_FILE: 09099 case T_DIR: 09100 case T_FIFO: 09101 case T_SYMLINK: 09102 case T_UNIXSOCK: 09103 break; 09104 default: 09105 return -RSBAC_EINVALIDTARGET; 09106 } 09107 09108 if (!tid.file.dentry_p) 09109 return -RSBAC_ENOTFOUND; 09110 09111 #ifdef CONFIG_RSBAC_XSTATS 09112 get_parent_count++; 09113 #endif 09114 *parent_target_p = T_DIR; 09115 /* Is this dentry root of a mounted device? */ 09116 if (tid.file.dentry_p->d_sb 09117 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p) 09118 ) { 09119 struct rsbac_device_list_item_t *device_p; 09120 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 09121 u_long dflags; 09122 #endif 09123 u_int hash; 09124 09125 hash = device_hash(tid.file.device); 09126 /* wait for read access to device_list_head */ 09127 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09128 rcu_read_lock(); 09129 #else 09130 rsbac_read_lock(&device_list_locks[hash], &dflags); 09131 #endif 09132 device_p = lookup_device(tid.file.device, hash); 09133 if (!device_p 09134 || !device_p->d_covers 09135 || !device_p->d_covers->d_parent 09136 || !device_p->d_covers->d_parent->d_inode) { 09137 /* free access to device_list_head */ 09138 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09139 rcu_read_unlock(); 09140 #else 09141 rsbac_read_unlock(&device_list_locks[hash], &dflags); 09142 #endif 09143 return -RSBAC_ENOTFOUND; 09144 } 09145 parent_tid_p->dir.device = 09146 device_p->d_covers->d_parent->d_sb->s_dev; 09147 parent_tid_p->dir.inode = 09148 device_p->d_covers->d_parent->d_inode->i_ino; 09149 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent; 09150 /* free access to device_list_head */ 09151 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09152 rcu_read_unlock(); 09153 #else 09154 rsbac_read_unlock(&device_list_locks[hash], &dflags); 09155 #endif 09156 } else { /* no root of filesystem -> use d_parent, dev keeps unchanged */ 09157 if (!tid.file.dentry_p->d_parent) { 09158 rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent is NULL!\n"); 09159 return -RSBAC_ENOTFOUND; 09160 } 09161 if (tid.file.dentry_p == tid.file.dentry_p->d_parent) { 09162 rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent == dentry_p!\n"); 09163 return -RSBAC_ENOTFOUND; 09164 } 09165 if (!tid.file.dentry_p->d_parent->d_inode) { 09166 rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent has no d_inode!\n"); 09167 return -RSBAC_ENOTFOUND; 09168 } 09169 parent_tid_p->dir.device = tid.file.device; 09170 parent_tid_p->dir.inode = 09171 tid.file.dentry_p->d_parent->d_inode->i_ino; 09172 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent; 09173 } 09174 return 0; 09175 }
int rsbac_init | ( | kdev_t | root_dev | ) |
Definition at line 7893 of file aci_data_structures.c.
References A_rc_def_role, FALSE, rsbac_kthread_t::list, list_head, rsbac_attribute_value_t::mac_user_flags, NULL, rsbac_kthread_t::pid, rsbac_target_id_t::process, process_handles, rsbac_do_init(), RSBAC_EINVALIDPOINTER, RSBAC_EREINIT, rsbac_get_attr, rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_kthread, rsbac_kthread_notify(), rsbac_list_add(), rsbac_list_get_data(), RSBAC_MAC_DEF_INIT_P_FLAGS, RSBAC_MAC_P_FLAGS, rsbac_pr_debug, rsbac_printk(), RSBAC_RC_GENERAL_ROLE, rsbac_rc_get_boot_role(), rsbac_root_dev, RSBAC_SYSADM_UID, SW_GEN, T_PROCESS, user_handles, and wakeup_rsbacd().
07895 { 07896 struct rsbac_kthread_t * rsbac_kthread_entry; 07897 struct list_head * p; 07898 #ifdef CONFIG_RSBAC_RC 07899 struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI; 07900 #endif 07901 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07902 #ifdef CONFIG_RSBAC_INIT_THREAD 07903 struct task_struct * rsbac_init_thread; 07904 #endif 07905 struct task_struct * rsbacd_thread; 07906 #endif 07907 rsbac_pid_t init_pid; 07908 07909 07910 int err = 0; 07911 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \ 07912 || defined(CONFIG_RSBAC_INIT_THREAD) 07913 rsbac_pid_t rsbacd_pid; 07914 #endif 07915 07916 if (rsbac_initialized) { 07917 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n"); 07918 return (-RSBAC_EREINIT); 07919 } 07920 if (!current->fs) { 07921 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n"); 07922 return (-RSBAC_EINVALIDPOINTER); 07923 } 07924 07925 rsbac_root_dev = root_dev; 07926 07927 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \ 07928 || defined(CONFIG_RSBAC_INIT_THREAD) 07929 /* init the rsbacd wait queue head */ 07930 init_waitqueue_head(&rsbacd_wait); 07931 #endif 07932 07933 #ifdef CONFIG_RSBAC_INIT_THREAD 07934 /* trigger dependency */ 07935 #ifdef CONFIG_RSBAC_MAX_INIT_TIME 07936 #endif 07937 rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n", 07938 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ); 07939 init_timer(&rsbac_timer); 07940 rsbac_timer.function = wakeup_rsbacd; 07941 rsbac_timer.data = 0; 07942 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ); 07943 add_timer(&rsbac_timer); 07944 07945 /* Start rsbac thread for init */ 07946 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07947 rsbac_init_thread = kthread_create(rsbac_initd, NULL, "rsbac_initd"); 07948 if (IS_ERR(rsbac_init_thread)) 07949 goto panic; 07950 rsbacd_pid = rsbac_init_thread->pid; 07951 wake_up_process(rsbac_init_thread); 07952 #else 07953 rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0); 07954 if (rsbacd_pid < 0) 07955 goto panic; 07956 #endif 07957 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n", 07958 rsbacd_pid); 07959 07960 if (!rsbac_initialized) 07961 interruptible_sleep_on(&rsbacd_wait); 07962 if (!rsbac_initialized) { 07963 rsbac_printk(KERN_ERR 07964 "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n"); 07965 rsbac_printk(KERN_ERR 07966 "rsbac_init(): *** Killing rsbac_initd! ***\n"); 07967 sys_kill(rsbacd_pid, SIGKILL); 07968 rsbac_initialized = FALSE; 07969 } 07970 #else 07971 rsbac_do_init(); 07972 #endif 07973 07974 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0) 07975 if (rsbac_initialized) { 07976 /* Start rsbacd thread for auto write */ 07977 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 07978 rsbacd_thread = kthread_create(rsbacd, NULL, "rsbacd"); 07979 rsbacd_pid = rsbacd_thread->pid; 07980 wake_up_process(rsbacd_thread); 07981 #else 07982 rsbacd_pid = 07983 kernel_thread(rsbacd, NULL, 07984 CLONE_FS | CLONE_FILES | CLONE_SIGHAND); 07985 #endif 07986 if (rsbacd_pid < 0) { 07987 rsbac_printk(KERN_ERR 07988 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n", 07989 rsbacd_pid); 07990 } else { 07991 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n", 07992 rsbacd_pid); 07993 } 07994 } 07995 #endif 07996 07997 /* Ready. */ 07998 /* schedule(); */ 07999 #ifdef CONFIG_RSBAC_INIT_THREAD 08000 sys_wait4(-1, NULL, WNOHANG, NULL); 08001 #endif 08002 08003 /* Add all processes to list of processes as init processes */ 08004 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC) 08005 { 08006 #ifdef CONFIG_RSBAC_MAC 08007 struct rsbac_mac_user_aci_t * mac_u_aci_p; 08008 #endif 08009 #ifdef CONFIG_RSBAC_RC 08010 struct rsbac_rc_user_aci_t * rc_u_aci_p; 08011 #endif 08012 rsbac_uid_t user = RSBAC_SYSADM_UID; 08013 rsbac_pid_t pid = 1; 08014 struct task_struct *p; 08015 08016 union rsbac_target_id_t k_tid; 08017 union rsbac_attribute_value_t k_attr_val; 08018 08019 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n"); 08020 /* Prepare entries: change standard values to root's values */ 08021 #ifdef CONFIG_RSBAC_MAC 08022 mac_u_aci_p = rsbac_kmalloc(sizeof(*mac_u_aci_p)); 08023 if (mac_u_aci_p) { 08024 if(!rsbac_list_get_data 08025 (user_handles.mac, &user, mac_u_aci_p)) { 08026 mac_init_p_aci.owner_sec_level = 08027 mac_u_aci_p->security_level; 08028 mac_init_p_aci.owner_initial_sec_level = 08029 mac_u_aci_p->initial_security_level; 08030 mac_init_p_aci.current_sec_level = 08031 mac_u_aci_p->initial_security_level; 08032 mac_init_p_aci.owner_min_sec_level = 08033 mac_u_aci_p->min_security_level; 08034 mac_init_p_aci.mac_owner_categories = 08035 mac_u_aci_p->mac_categories; 08036 mac_init_p_aci.mac_owner_initial_categories = 08037 mac_u_aci_p->mac_initial_categories; 08038 mac_init_p_aci.mac_curr_categories = 08039 mac_u_aci_p->mac_initial_categories; 08040 mac_init_p_aci.mac_owner_min_categories = 08041 mac_u_aci_p->mac_min_categories; 08042 mac_init_p_aci.min_write_open = 08043 mac_u_aci_p->security_level; 08044 mac_init_p_aci.max_read_open = 08045 mac_u_aci_p->min_security_level; 08046 mac_init_p_aci.min_write_categories = 08047 mac_u_aci_p->mac_categories; 08048 mac_init_p_aci.max_read_categories = 08049 mac_u_aci_p->mac_min_categories; 08050 mac_init_p_aci.mac_process_flags = 08051 (mac_u_aci_p-> 08052 mac_user_flags & RSBAC_MAC_P_FLAGS) | 08053 RSBAC_MAC_DEF_INIT_P_FLAGS; 08054 } 08055 rsbac_kfree(mac_u_aci_p); 08056 } 08057 #endif 08058 08059 /* Set process aci - first init */ 08060 #ifdef CONFIG_RSBAC_MAC 08061 if (rsbac_list_add 08062 (process_handles.mac, &pid, 08063 &mac_init_p_aci)) 08064 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process 1 could not be added!"); 08065 #endif 08066 #ifdef CONFIG_RSBAC_RC 08067 /* Get boot role */ 08068 if (rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) { /* none: use root's role */ 08069 rc_u_aci_p = rsbac_kmalloc(sizeof(*rc_u_aci_p)); 08070 if (rc_u_aci_p) { 08071 if (!rsbac_list_get_data 08072 (user_handles.rc, &user, rc_u_aci_p)) { 08073 rc_init_p_aci.rc_role = rc_u_aci_p->rc_role; 08074 } else { /* last resort: general role */ 08075 rsbac_ds_get_error("rsbac_do_init", 08076 A_rc_def_role); 08077 rc_init_p_aci.rc_role = 08078 RSBAC_RC_GENERAL_ROLE; 08079 } 08080 rsbac_kfree(rc_u_aci_p); 08081 } 08082 } 08083 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role; 08084 if (rsbac_list_add 08085 (process_handles.rc, &pid, 08086 &rc_init_p_aci)) 08087 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Init process 1 could not be added!"); 08088 #endif 08089 read_lock(&tasklist_lock); 08090 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08091 for_each_task(p) 08092 #else 08093 for_each_process(p) 08094 #endif 08095 { 08096 /* not for kernel and init though... */ 08097 if (!p->pid || (p->pid == 1)) 08098 continue; 08099 pid = p->pid; 08100 rsbac_pr_debug(ds, "setting aci for process %u (%s)\n", pid, p->comm); 08101 #ifdef CONFIG_RSBAC_MAC 08102 if (rsbac_list_add 08103 (process_handles.mac, &pid, 08104 &mac_init_p_aci)) 08105 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process %u could not be added!\n", 08106 pid); 08107 #endif 08108 #ifdef CONFIG_RSBAC_RC 08109 k_tid.process = p->pid; 08110 if (rsbac_get_attr(SW_GEN, T_PROCESS, 08111 k_tid, 08112 A_kernel_thread, 08113 &k_attr_val, 08114 FALSE)) { 08115 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", pid); 08116 } 08117 if (k_attr_val.kernel_thread) { 08118 if (rsbac_list_add 08119 (process_handles.rc, 08120 &pid, &rc_kernel_p_aci)) 08121 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", 08122 pid); 08123 } 08124 #endif 08125 } 08126 read_unlock(&tasklist_lock); 08127 } 08128 list_for_each(p, &rsbac_kthread->list) { 08129 rsbac_kthread_entry = list_entry(p, 08130 struct rsbac_kthread_t, list); 08131 if (rsbac_kthread_entry->pid != 1 08132 && rsbac_kthread_entry->pid != rsbacd_pid) 08133 { 08134 read_lock(&tasklist_lock); 08135 if(find_task_by_pid(rsbac_kthread_entry->pid)) { 08136 read_unlock(&tasklist_lock); 08137 rsbac_kthread_notify(rsbac_kthread_entry->pid); 08138 } 08139 else { 08140 read_unlock(&tasklist_lock); 08141 rsbac_pr_debug(ds, "rsbac_do_init(): skipping gone away pid %u\n", 08142 rsbac_kthread_entry->pid); 08143 } 08144 /* kernel list implementation is for exclusive 08145 * wizards use, let's not free it now till 08146 * i know why it oops. consume about no 08147 * memory anyway. michal. 08148 */ 08149 08150 /* list_del(&rsbac_kthread_entry->list); 08151 * kfree(rsbac_kthread_entry);*/ 08152 } 08153 } /* explicitly mark init and rsbacd */ 08154 init_pid = 1; 08155 #ifdef CONFIG_RSBAC_MAC 08156 if (rsbac_list_add(process_handles.mac, &init_pid, &mac_init_p_aci)) 08157 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"init\" process could not be added!"); 08158 if (rsbac_list_add(process_handles.mac, &rsbacd_pid, &mac_init_p_aci)) 08159 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"rsbacd\" process could not be added!"); 08160 #endif 08161 #ifdef CONFIG_RSBAC_RC 08162 if (rsbac_list_add(process_handles.rc, &init_pid, &rc_init_p_aci)) 08163 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"init\" process could not be added"); 08164 if (rsbac_list_add(process_handles.rc, &rsbacd_pid, &rc_kernel_p_aci)) 08165 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"rsbacd\" process could not be added"); 08166 #endif 08167 08168 /*kfree(rsbac_kthread);*/ 08169 #endif /* MAC or RC */ 08170 08171 rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n"); 08172 return err; 08173 08174 #ifdef CONFIG_RSBAC_INIT_THREAD 08175 panic: 08176 rsbac_printk(KERN_ERR "rsbac_init(): *** RSBAC init failed to start - RSBAC not correctly initialized! ***\n"); 08177 /* let's panic - but only when in secure mode, warn otherwise */ 08178 #if !defined(CONFIG_RSBAC_MAINT) 08179 #ifdef CONFIG_RSBAC_SOFTMODE 08180 if (!rsbac_softmode) 08181 panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n"); 08182 #endif 08183 panic("RSBAC: rsbac_init(): *** Unable to initialize - PANIC ***\n"); 08184 #endif 08185 #endif 08186 }
static rsbac_boolean_t rsbac_is_initialized | ( | void | ) | [inline, static] |
Definition at line 44 of file aci.h.
References rsbac_initialized.
Referenced by rsbac_acl_add_to_acl_entry(), rsbac_acl_get_mask(), rsbac_acl_get_rights(), rsbac_acl_get_single_right(), rsbac_acl_get_tlist(), rsbac_acl_remove_acl(), rsbac_acl_remove_acl_entry(), rsbac_acl_remove_from_acl_entry(), rsbac_acl_set_acl_entry(), rsbac_acl_set_mask(), rsbac_adf_request_int(), rsbac_adf_set_attr(), rsbac_auth_add_to_f_capset(), rsbac_auth_add_to_p_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_clear_p_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_copy_pp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_get_p_caplist(), rsbac_auth_p_capset_member(), rsbac_auth_remove_from_f_capset(), rsbac_auth_remove_from_p_capset(), rsbac_check_acl(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_daz(), rsbac_init_mac(), rsbac_init_pm(), rsbac_init_rc(), rsbac_init_um(), rsbac_mac_add_to_f_truset(), rsbac_mac_add_to_p_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_clear_p_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_copy_pp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_get_p_trulist(), rsbac_mac_p_truset_member(), rsbac_mac_remove_from_f_truset(), rsbac_mac_remove_from_p_truset(), rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_pm(), rsbac_pm_change_current_task(), rsbac_printk(), rsbac_rc_check_comp(), rsbac_rc_copy_role(), rsbac_rc_copy_type(), rsbac_rc_get_item(), rsbac_rc_get_list(), rsbac_rc_set_item(), rsbac_reg_init(), rsbac_stats_acl(), rsbac_stats_auth(), rsbac_stats_mac(), rsbac_stats_pm(), rsbac_stats_rc(), rsbac_stats_um(), rsbac_um_add_gm(), rsbac_um_add_group(), rsbac_um_add_user(), rsbac_um_get_group_item(), rsbac_um_get_user_item(), rsbac_um_mod_group(), rsbac_um_mod_user(), rsbac_um_remove_gm(), rsbac_umount_acl(), rsbac_umount_auth(), and rsbac_umount_mac().
00045 { 00046 return rsbac_initialized; 00047 }
int rsbac_kthread_notify | ( | rsbac_pid_t | pid | ) |
Definition at line 8188 of file aci_data_structures.c.
References process_handles, rsbac_initialized, rsbac_list_add(), and rsbac_printk().
Referenced by rsbac_init().
08189 { 08190 if (!rsbac_initialized) 08191 return 0; 08192 // rsbac_printk(KERN_DEBUG "rsbac_kthread_notify: marking pid %u!\n", 08193 // pid); 08194 /* Set process aci */ 08195 #ifdef CONFIG_RSBAC_MAC 08196 if (rsbac_list_add 08197 (process_handles.mac, &pid, &mac_init_p_aci)) 08198 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): MAC ACI for kernel process %u could not be added!", 08199 pid); 08200 #endif 08201 #ifdef CONFIG_RSBAC_RC 08202 if (rsbac_list_add 08203 (process_handles.rc, &pid, &rc_kernel_p_aci)) 08204 rsbac_printk(KERN_WARNING "rsbac_kthread_notify(): RC ACI for kernel process %u could not be added!", 08205 pid); 08206 #endif 08207 return 0; 08208 }
int rsbac_kthreads_init | ( | void | ) |
Definition at line 7870 of file aci_data_structures.c.
References rsbac_kthread_t::list, and rsbac_kthread.
07871 { 07872 rsbac_kthread_size_t = sizeof(struct rsbac_kthread_t); 07873 rsbac_kthread = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC); 07874 INIT_LIST_HEAD(&rsbac_kthread->list); 07875 return 0; 07876 }
int rsbac_mark_kthread | ( | rsbac_pid_t | pid | ) |
Definition at line 7878 of file aci_data_structures.c.
References rsbac_kthread_t::list, rsbac_kthread_t::pid, rsbac_initialized, and rsbac_kthread.
07879 { 07880 struct rsbac_kthread_t * rsbac_kthread_new; 07881 07882 if (rsbac_initialized) 07883 return 0; 07884 rsbac_kthread_new = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC); 07885 rsbac_kthread_new->pid = pid; 07886 list_add(&rsbac_kthread_new->list, &rsbac_kthread->list); 07887 return 0; 07888 }
int rsbac_mount | ( | struct super_block * | sb_p, | |
struct dentry * | d_covers | |||
) |
Definition at line 8212 of file aci_data_structures.c.
References add_device_item(), clear_device_item(), create_device_item(), device_hash(), device_list_locks, get_error_name(), lookup_device(), NULL, register_fd_lists(), rsbac_debug_no_write, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_init(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_mount(), RSBAC_MAXNAMELEN, rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_mount_reg(), rsbac_pr_debug, rsbac_printk(), rsbac_root_dev, rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE.
Referenced by get_attr_fd(), rsbac_do_init(), rsbac_get_super_block(), rsbac_ta_remove_target(), and set_attr_fd().
08213 { 08214 int err = 0; 08215 struct rsbac_device_list_item_t *device_p; 08216 struct rsbac_device_list_item_t *new_device_p; 08217 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08218 u_long flags; 08219 #endif 08220 rsbac_boolean_t old_no_write; 08221 u_int hash; 08222 08223 if (!sb_p) { 08224 rsbac_printk(KERN_WARNING "rsbac_mount(): called with NULL pointer\n"); 08225 return -RSBAC_EINVALIDPOINTER; 08226 } 08227 if (!rsbac_initialized) { 08228 #ifdef CONFIG_RSBAC_INIT_DELAY 08229 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08230 if (!RSBAC_MAJOR(rsbac_delayed_root) 08231 && !RSBAC_MINOR(rsbac_delayed_root) 08232 && rsbac_delayed_root_str[0] 08233 ) { /* translate string to kdev_t */ 08234 char *p = rsbac_delayed_root_str; 08235 u_int major = 0; 08236 u_int minor = 0; 08237 08238 major = simple_strtoul(p, NULL, 0); 08239 while ((*p != ':') && (*p != '\0')) 08240 p++; 08241 if (*p) { 08242 p++; 08243 minor = simple_strtoul(p, NULL, 0); 08244 } 08245 rsbac_delayed_root = RSBAC_MKDEV(major, minor); 08246 } 08247 #endif 08248 if (!rsbac_no_delay_init 08249 && ((!RSBAC_MAJOR(rsbac_delayed_root) 08250 && !RSBAC_MINOR(rsbac_delayed_root) 08251 && (MAJOR(sb_p->s_dev) > 1) 08252 ) 08253 || ((RSBAC_MAJOR(rsbac_delayed_root) 08254 || RSBAC_MINOR(rsbac_delayed_root) 08255 ) 08256 && 08257 ((MAJOR(sb_p->s_dev) == 08258 RSBAC_MAJOR(rsbac_delayed_root)) 08259 && (!RSBAC_MINOR(rsbac_delayed_root) 08260 || (MINOR(sb_p->s_dev) == 08261 RSBAC_MINOR(rsbac_delayed_root)) 08262 ) 08263 ) 08264 ) 08265 ) 08266 ) { 08267 if (RSBAC_MAJOR(rsbac_delayed_root) 08268 || RSBAC_MINOR(rsbac_delayed_root)) { 08269 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n", 08270 MAJOR(sb_p->s_dev), 08271 MINOR(sb_p->s_dev), 08272 RSBAC_MAJOR 08273 (rsbac_delayed_root), 08274 RSBAC_MINOR 08275 (rsbac_delayed_root)); 08276 } else { 08277 rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n", 08278 MAJOR(sb_p->s_dev), 08279 MINOR(sb_p->s_dev)); 08280 } 08281 rsbac_init(sb_p->s_dev); 08282 return 0; 08283 } 08284 #endif 08285 08286 rsbac_printk(KERN_WARNING "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n", 08287 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 08288 08289 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08290 if ((sb_p->s_magic == SYSFS_MAGIC) 08291 && !RSBAC_MAJOR(sb_p->s_dev) 08292 ) { 08293 rsbac_printk(KERN_WARNING "rsbac_mount(): sysfs mount detected, keeping values for later use\n"); 08294 sysfs_sb_p = sb_p; 08295 sysfs_covered_p = d_covers; 08296 } 08297 #endif 08298 #ifdef CONFIG_DEVFS_MOUNT 08299 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC) 08300 && !RSBAC_MAJOR(sb_p->s_dev) 08301 ) { 08302 rsbac_printk(KERN_WARNING "rsbac_mount(): devfs mount detected, keeping values for later use\n"); 08303 devfs_sb_p = sb_p; 08304 devfs_covered_p = d_covers; 08305 } 08306 #endif 08307 return (-RSBAC_ENOTINITIALIZED); 08308 } 08309 rsbac_pr_debug(ds, "mounting device %02u:%02u\n", 08310 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 08311 rsbac_pr_debug(stack, "free stack: %lu\n", rsbac_stack_free_space()); 08312 down(&rsbac_write_sem); 08313 old_no_write = rsbac_debug_no_write; 08314 rsbac_debug_no_write = TRUE; 08315 up(&rsbac_write_sem); 08316 hash = device_hash(sb_p->s_dev); 08317 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08318 rcu_read_lock(); 08319 #else 08320 rsbac_read_lock(&device_list_locks[hash], &flags); 08321 #endif 08322 device_p = lookup_device(sb_p->s_dev, hash); 08323 /* repeated mount? */ 08324 if (device_p) { 08325 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n", 08326 device_p->mount_count, MAJOR(sb_p->s_dev), 08327 MINOR(sb_p->s_dev)); 08328 device_p->mount_count++; 08329 if (d_covers 08330 && !device_p->d_covers 08331 && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev)) 08332 && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev)) 08333 ) { 08334 rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n", 08335 d_covers); 08336 device_p->d_covers = d_covers; 08337 } 08338 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08339 rcu_read_unlock(); 08340 #else 08341 rsbac_read_unlock(&device_list_locks[hash], &flags); 08342 #endif 08343 } else { 08344 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08345 rcu_read_unlock(); 08346 #else 08347 rsbac_read_unlock(&device_list_locks[hash], &flags); 08348 #endif 08349 /* OK, go on */ 08350 new_device_p = create_device_item(sb_p, d_covers); 08351 rsbac_pr_debug(stack, "after creating device item: free stack: %lu\n", 08352 rsbac_stack_free_space()); 08353 if (!new_device_p) { 08354 rsbac_debug_no_write = old_no_write; 08355 return -RSBAC_ECOULDNOTADDDEVICE; 08356 } 08357 08358 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08359 rcu_read_lock(); 08360 #else 08361 rsbac_read_lock(&device_list_locks[hash], &flags); 08362 #endif 08363 /* make sure to only add, if this device item has not been added in the meantime */ 08364 device_p = lookup_device(sb_p->s_dev, hash); 08365 if (device_p) { 08366 rsbac_printk(KERN_WARNING "rsbac_mount(): mount race for device %02u:%02u detected!\n", 08367 MAJOR(sb_p->s_dev), 08368 MINOR(sb_p->s_dev)); 08369 device_p->mount_count++; 08370 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08371 rcu_read_unlock(); 08372 #else 08373 rsbac_read_unlock(&device_list_locks[hash], &flags); 08374 #endif 08375 clear_device_item(new_device_p); 08376 } else { 08377 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08378 rcu_read_unlock(); 08379 #else 08380 rsbac_read_unlock(&device_list_locks[hash], &flags); 08381 #endif 08382 device_p = add_device_item(new_device_p); 08383 if (!device_p) { 08384 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n", 08385 MAJOR(sb_p->s_dev), 08386 MINOR(sb_p->s_dev)); 08387 clear_device_item(new_device_p); 08388 rsbac_debug_no_write = old_no_write; 08389 return -RSBAC_ECOULDNOTADDDEVICE; 08390 } 08391 } 08392 08393 /* Generic lists */ 08394 rsbac_list_mount(sb_p->s_dev); 08395 /* we do not lock device head - we know the device_p and hope for the best... */ 08396 /* also, we are within kernel mount sem */ 08397 if ((err = register_fd_lists(new_device_p, sb_p->s_dev))) { 08398 char *tmp; 08399 08400 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 08401 if (tmp) { 08402 rsbac_printk(KERN_WARNING "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n", 08403 MAJOR(sb_p->s_dev), 08404 MINOR(sb_p->s_dev), 08405 get_error_name(tmp, err)); 08406 rsbac_kfree(tmp); 08407 } 08408 } 08409 rsbac_pr_debug(stack, "after registering fd lists: free stack: %lu\n", 08410 rsbac_stack_free_space()); 08411 } 08412 08413 /* call other mount functions */ 08414 #if defined(CONFIG_RSBAC_MAC) 08415 rsbac_mount_mac(sb_p->s_dev); 08416 rsbac_pr_debug(stack, "after mount_mac: free stack: %lu\n", 08417 rsbac_stack_free_space()); 08418 #endif 08419 #if defined(CONFIG_RSBAC_AUTH) 08420 rsbac_mount_auth(sb_p->s_dev); 08421 rsbac_pr_debug(stack, "after mount_auth: free stack: %lu\n", 08422 rsbac_stack_free_space()); 08423 #endif 08424 #if defined(CONFIG_RSBAC_ACL) 08425 rsbac_mount_acl(sb_p->s_dev); 08426 rsbac_pr_debug(stack, "after mount_acl: free stack: %lu\n", 08427 rsbac_stack_free_space()); 08428 #endif 08429 #if defined(CONFIG_RSBAC_REG) 08430 rsbac_mount_reg(sb_p->s_dev); 08431 rsbac_pr_debug(stack, "after mount_reg: free stack: %lu\n", 08432 rsbac_stack_free_space()); 08433 #endif /* REG */ 08434 08435 rsbac_debug_no_write = old_no_write; 08436 return (err); 08437 }
void rsbac_off | ( | void | ) |
int rsbac_stats | ( | void | ) |
Definition at line 8602 of file aci_data_structures.c.
08603 { 08604 struct rsbac_device_list_item_t *device_p; 08605 u_long fd_count = 0, fd_sum = 0; 08606 u_long dev_sum = 0; 08607 u_long ipc_sum = 0; 08608 u_long user_sum = 0; 08609 u_long process_sum = 0; 08610 #if defined(CONFIG_RSBAC_UM) 08611 u_long group_sum = 0; 08612 #endif 08613 #if defined(CONFIG_RSBAC_NET_OBJ) 08614 u_long nettemp_sum = 0; 08615 u_long lnetobj_sum = 0; 08616 u_long rnetobj_sum = 0; 08617 #endif 08618 u_long total_sum = 0; 08619 long tmp_count = 0; 08620 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08621 u_long dflags; 08622 #endif 08623 u_int i; 08624 08625 if (!rsbac_initialized) { 08626 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n"); 08627 return (-RSBAC_ENOTINITIALIZED); 08628 } 08629 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) { 08630 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08631 rcu_read_lock(); 08632 #else 08633 rsbac_read_lock(&device_list_locks[i], &dflags); 08634 #endif 08635 /* rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n", 08636 device_list_lock.lock); */ 08637 device_p = rcu_dereference(device_head_p[i])->head; 08638 while (device_p) { /* for all sublists */ 08639 fd_count = rsbac_list_count(device_p->handles.gen); 08640 if (fd_count > 0) { 08641 rsbac_printk(", %lu GEN", fd_count); 08642 fd_sum += fd_count; 08643 } 08644 08645 #if defined(CONFIG_RSBAC_MAC) 08646 fd_count = rsbac_list_count(device_p->handles.mac); 08647 if (fd_count > 0) { 08648 rsbac_printk(", %lu MAC", fd_count); 08649 fd_sum += fd_count; 08650 } 08651 #endif 08652 08653 #if defined(CONFIG_RSBAC_PM) 08654 fd_count = rsbac_list_count(device_p->handles.pm); 08655 if (fd_count > 0) { 08656 rsbac_printk(", %lu PM", fd_count); 08657 fd_sum += fd_count; 08658 } 08659 #endif 08660 08661 #if defined(CONFIG_RSBAC_DAZ) 08662 fd_count = rsbac_list_count(device_p->handles.daz); 08663 if (fd_count > 0) { 08664 rsbac_printk(", %lu DAZ", fd_count); 08665 fd_sum += fd_count; 08666 } 08667 #if defined(CONFIG_RSBAC_DAZ_CACHE) 08668 fd_count = rsbac_list_count(device_p->handles.dazs); 08669 if (fd_count > 0) { 08670 rsbac_printk(", %lu DAZ SCANNED", fd_count); 08671 fd_sum += fd_count; 08672 } 08673 #endif 08674 #endif 08675 08676 #if defined(CONFIG_RSBAC_FF) 08677 fd_count = rsbac_list_count(device_p->handles.ff); 08678 if (fd_count > 0) { 08679 rsbac_printk(", %lu FF", fd_count); 08680 fd_sum += fd_count; 08681 } 08682 #endif 08683 08684 #if defined(CONFIG_RSBAC_RC) 08685 fd_count = rsbac_list_count(device_p->handles.rc); 08686 if (fd_count > 0) { 08687 rsbac_printk(", %lu RC", fd_count); 08688 fd_sum += fd_count; 08689 } 08690 #endif 08691 08692 #if defined(CONFIG_RSBAC_AUTH) 08693 fd_count = rsbac_list_count(device_p->handles.auth); 08694 if (fd_count > 0) { 08695 rsbac_printk(", %lu AUTH", fd_count); 08696 fd_sum += fd_count; 08697 } 08698 #endif 08699 08700 #if defined(CONFIG_RSBAC_CAP) 08701 fd_count = rsbac_list_count(device_p->handles.cap); 08702 if (fd_count > 0) { 08703 rsbac_printk(", %lu CAP", fd_count); 08704 fd_sum += fd_count; 08705 } 08706 #endif 08707 #if defined(CONFIG_RSBAC_RES) 08708 fd_count = rsbac_list_count(device_p->handles.res); 08709 if (fd_count > 0) { 08710 rsbac_printk(", %lu RES", fd_count); 08711 fd_sum += fd_count; 08712 } 08713 #endif 08714 #if defined(CONFIG_RSBAC_PAX) 08715 fd_count = rsbac_list_count(device_p->handles.pax); 08716 if (fd_count > 0) { 08717 rsbac_printk(", %lu PAX", fd_count); 08718 fd_sum += fd_count; 08719 } 08720 #endif 08721 08722 rsbac_printk("\n"); 08723 device_p = device_p->next; 08724 } 08725 tmp_count += rcu_dereference(device_head_p[i])->count; 08726 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08727 rcu_read_unlock(); 08728 #else 08729 rsbac_read_unlock(&device_list_locks[i], &dflags); 08730 #endif 08731 } 08732 rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n", 08733 tmp_count, fd_sum); 08734 /* free access to device_list_head */ 08735 total_sum += fd_sum; 08736 08737 /* dev lists */ 08738 tmp_count = rsbac_list_count(dev_handles.gen); 08739 rsbac_printk(KERN_INFO "DEV items: %lu GEN", tmp_count); 08740 dev_sum += tmp_count; 08741 #if defined(CONFIG_RSBAC_MAC) 08742 tmp_count = rsbac_list_count(dev_handles.mac); 08743 rsbac_printk(", %lu MAC", tmp_count); 08744 dev_sum += tmp_count; 08745 #endif 08746 #if defined(CONFIG_RSBAC_PM) 08747 tmp_count = rsbac_list_count(dev_handles.pm); 08748 rsbac_printk(", %lu PM", tmp_count); 08749 dev_sum += tmp_count; 08750 #endif 08751 #if defined(CONFIG_RSBAC_RC) 08752 tmp_count = rsbac_list_count(dev_major_handles.rc); 08753 rsbac_printk(", %lu major RC", tmp_count); 08754 dev_sum += tmp_count; 08755 tmp_count = rsbac_list_count(dev_handles.rc); 08756 rsbac_printk(", %lu RC", tmp_count); 08757 dev_sum += tmp_count; 08758 #endif 08759 rsbac_printk("\n"); 08760 rsbac_printk(KERN_INFO "Sum of %lu DEV items\n", dev_sum); 08761 total_sum += dev_sum; 08762 08763 /* ipc lists */ 08764 rsbac_printk(KERN_INFO "IPC items: no GEN"); 08765 #if defined(CONFIG_RSBAC_MAC) 08766 tmp_count = rsbac_list_count(ipc_handles.mac); 08767 rsbac_printk(", %lu MAC", tmp_count); 08768 ipc_sum += tmp_count; 08769 #endif 08770 #if defined(CONFIG_RSBAC_PM) 08771 tmp_count = rsbac_list_count(ipc_handles.pm); 08772 rsbac_printk(", %lu PM", tmp_count); 08773 ipc_sum += tmp_count; 08774 #endif 08775 #if defined(CONFIG_RSBAC_RC) 08776 tmp_count = rsbac_list_count(ipc_handles.rc); 08777 rsbac_printk(", %lu RC", tmp_count); 08778 ipc_sum += tmp_count; 08779 #endif 08780 #if defined(CONFIG_RSBAC_JAIL) 08781 tmp_count = rsbac_list_count(ipc_handles.jail); 08782 rsbac_printk(", %lu JAIL", tmp_count); 08783 ipc_sum += tmp_count; 08784 #endif 08785 rsbac_printk("\n"); 08786 rsbac_printk(KERN_INFO "Sum of %lu IPC items\n", ipc_sum); 08787 total_sum += ipc_sum; 08788 08789 /* user lists */ 08790 tmp_count = rsbac_list_count(user_handles.gen); 08791 rsbac_printk(KERN_INFO "USER items: %lu GEN", tmp_count); 08792 user_sum += tmp_count; 08793 #if defined(CONFIG_RSBAC_MAC) 08794 tmp_count = rsbac_list_count(user_handles.mac); 08795 rsbac_printk(", %lu MAC", tmp_count); 08796 user_sum += tmp_count; 08797 #endif 08798 #if defined(CONFIG_RSBAC_PM) 08799 tmp_count = rsbac_list_count(user_handles.pm); 08800 rsbac_printk(", %lu PM", tmp_count); 08801 user_sum += tmp_count; 08802 #endif 08803 #if defined(CONFIG_RSBAC_DAZ) 08804 tmp_count = rsbac_list_count(user_handles.daz); 08805 rsbac_printk(", %lu DAZ", tmp_count); 08806 user_sum += tmp_count; 08807 #endif 08808 #if defined(CONFIG_RSBAC_RC) 08809 tmp_count = rsbac_list_count(user_handles.rc); 08810 rsbac_printk(", %lu RC", tmp_count); 08811 user_sum += tmp_count; 08812 #endif 08813 #if defined(CONFIG_RSBAC_AUTH) 08814 tmp_count = rsbac_list_count(user_handles.auth); 08815 rsbac_printk(", %lu AUTH", tmp_count); 08816 user_sum += tmp_count; 08817 #endif 08818 #if defined(CONFIG_RSBAC_CAP) 08819 tmp_count = rsbac_list_count(user_handles.cap); 08820 rsbac_printk(", %lu CAP", tmp_count); 08821 user_sum += tmp_count; 08822 #endif 08823 #if defined(CONFIG_RSBAC_JAIL) 08824 tmp_count = rsbac_list_count(user_handles.jail); 08825 rsbac_printk(", %lu JAIL", tmp_count); 08826 user_sum += tmp_count; 08827 #endif 08828 #if defined(CONFIG_RSBAC_RES) 08829 tmp_count = rsbac_list_count(user_handles.res); 08830 rsbac_printk(", %lu RES", tmp_count); 08831 user_sum += tmp_count; 08832 #endif 08833 #if defined(CONFIG_RSBAC_PAX) 08834 tmp_count = rsbac_list_count(user_handles.pax); 08835 rsbac_printk(", %lu PAX", tmp_count); 08836 user_sum += tmp_count; 08837 #endif 08838 rsbac_printk("\n"); 08839 rsbac_printk(KERN_INFO "Sum of %lu USER items\n", user_sum); 08840 total_sum += user_sum; 08841 08842 /* process lists */ 08843 tmp_count = rsbac_list_count(process_handles.gen); 08844 rsbac_printk(KERN_INFO "PROCESS items: %lu GEN", tmp_count); 08845 process_sum += tmp_count; 08846 #if defined(CONFIG_RSBAC_MAC) 08847 tmp_count = rsbac_list_count(process_handles.mac); 08848 rsbac_printk(", %lu MAC", tmp_count); 08849 process_sum += tmp_count; 08850 #endif 08851 #if defined(CONFIG_RSBAC_PM) 08852 tmp_count = rsbac_list_count(process_handles.pm); 08853 rsbac_printk(", %lu PM", tmp_count); 08854 process_sum += tmp_count; 08855 #endif 08856 #if defined(CONFIG_RSBAC_DAZ) 08857 tmp_count = rsbac_list_count(process_handles.daz); 08858 rsbac_printk(", %lu DAZ", tmp_count); 08859 process_sum += tmp_count; 08860 #endif 08861 #if defined(CONFIG_RSBAC_RC) 08862 tmp_count = rsbac_list_count(process_handles.rc); 08863 rsbac_printk(", %lu RC", tmp_count); 08864 process_sum += tmp_count; 08865 #endif 08866 #if defined(CONFIG_RSBAC_AUTH) 08867 tmp_count = rsbac_list_count(process_handles.auth); 08868 rsbac_printk(", %lu AUTH", tmp_count); 08869 process_sum += tmp_count; 08870 #endif 08871 #if defined(CONFIG_RSBAC_CAP) 08872 tmp_count = rsbac_list_count(process_handles.cap); 08873 rsbac_printk(", %lu CAP", tmp_count); 08874 process_sum += tmp_count; 08875 #endif 08876 #if defined(CONFIG_RSBAC_JAIL) 08877 tmp_count = rsbac_list_count(process_handles.jail); 08878 rsbac_printk(", %lu JAIL", tmp_count); 08879 process_sum += tmp_count; 08880 #endif 08881 rsbac_printk("\n"); 08882 rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n", process_sum); 08883 total_sum += process_sum; 08884 08885 #if defined(CONFIG_RSBAC_UM) 08886 /* group lists */ 08887 rsbac_printk(KERN_INFO "GROUP items: "); 08888 #if defined(CONFIG_RSBAC_RC_UM_PROT) 08889 tmp_count = rsbac_list_count(group_handles.rc); 08890 rsbac_printk("%lu RC", tmp_count); 08891 user_sum += tmp_count; 08892 #endif 08893 rsbac_printk("\n"); 08894 rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n", group_sum); 08895 total_sum += group_sum; 08896 #endif 08897 08898 #if defined(CONFIG_RSBAC_NET_OBJ) 08899 /* nettemp lists */ 08900 rsbac_printk(KERN_INFO "NETTEMP items: "); 08901 #if defined(CONFIG_RSBAC_MAC) 08902 tmp_count = rsbac_list_count(nettemp_handles.mac); 08903 rsbac_printk("%lu MAC, ", tmp_count); 08904 nettemp_sum += tmp_count; 08905 #endif 08906 #if defined(CONFIG_RSBAC_PM) 08907 tmp_count = rsbac_list_count(nettemp_handles.pm); 08908 rsbac_printk("%lu PM, ", tmp_count); 08909 nettemp_sum += tmp_count; 08910 #endif 08911 #if defined(CONFIG_RSBAC_RC) 08912 tmp_count = rsbac_list_count(nettemp_handles.rc); 08913 rsbac_printk("%lu RC, ", tmp_count); 08914 nettemp_sum += tmp_count; 08915 #endif 08916 rsbac_printk("\n"); 08917 rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n", nettemp_sum); 08918 total_sum += nettemp_sum; 08919 08920 /* local netobj lists */ 08921 rsbac_printk(KERN_INFO "Local NETOBJ items:"); 08922 #if defined(CONFIG_RSBAC_MAC) 08923 tmp_count = rsbac_list_count(lnetobj_handles.mac); 08924 rsbac_printk(" %lu MAC,", tmp_count); 08925 lnetobj_sum += tmp_count; 08926 #endif 08927 #if defined(CONFIG_RSBAC_PM) 08928 tmp_count = rsbac_list_count(lnetobj_handles.pm); 08929 rsbac_printk(" %lu PM,", tmp_count); 08930 lnetobj_sum += tmp_count; 08931 #endif 08932 #if defined(CONFIG_RSBAC_RC) 08933 tmp_count = rsbac_list_count(lnetobj_handles.rc); 08934 rsbac_printk(" %lu RC", tmp_count); 08935 lnetobj_sum += tmp_count; 08936 #endif 08937 rsbac_printk("\n"); 08938 rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n", 08939 lnetobj_sum); 08940 total_sum += lnetobj_sum; 08941 08942 /* remote netobj lists */ 08943 rsbac_printk(KERN_INFO "Remote NETOBJ items:"); 08944 #if defined(CONFIG_RSBAC_MAC) 08945 tmp_count = rsbac_list_count(rnetobj_handles.mac); 08946 rsbac_printk(" %lu MAC,", tmp_count); 08947 rnetobj_sum += tmp_count; 08948 #endif 08949 #if defined(CONFIG_RSBAC_PM) 08950 tmp_count = rsbac_list_count(rnetobj_handles.pm); 08951 rsbac_printk(" %lu PM,", tmp_count); 08952 rnetobj_sum += tmp_count; 08953 #endif 08954 #if defined(CONFIG_RSBAC_RC) 08955 tmp_count = rsbac_list_count(rnetobj_handles.rc); 08956 rsbac_printk(" %lu RC", tmp_count); 08957 rnetobj_sum += tmp_count; 08958 #endif 08959 rsbac_printk("\n"); 08960 rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n", 08961 rnetobj_sum); 08962 total_sum += rnetobj_sum; 08963 #endif /* NET_OBJ */ 08964 08965 rsbac_printk(KERN_INFO "Total of %lu registered rsbac-items\n", total_sum); 08966 08967 rsbac_printk(KERN_INFO "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n", 08968 rsbac_adf_request_count[T_FILE], 08969 rsbac_adf_request_count[T_DIR], 08970 rsbac_adf_request_count[T_FIFO], 08971 rsbac_adf_request_count[T_SYMLINK], 08972 rsbac_adf_request_count[T_DEV], 08973 rsbac_adf_request_count[T_IPC], 08974 rsbac_adf_request_count[T_SCD], 08975 rsbac_adf_request_count[T_USER], 08976 rsbac_adf_request_count[T_PROCESS], 08977 rsbac_adf_request_count[T_NETDEV], 08978 rsbac_adf_request_count[T_NETTEMP], 08979 rsbac_adf_request_count[T_NETOBJ], 08980 rsbac_adf_request_count[T_UNIXSOCK]); 08981 rsbac_printk(KERN_INFO "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n", 08982 rsbac_adf_set_attr_count[T_FILE], 08983 rsbac_adf_set_attr_count[T_DIR], 08984 rsbac_adf_set_attr_count[T_FIFO], 08985 rsbac_adf_set_attr_count[T_SYMLINK], 08986 rsbac_adf_set_attr_count[T_DEV], 08987 rsbac_adf_set_attr_count[T_IPC], 08988 rsbac_adf_set_attr_count[T_SCD], 08989 rsbac_adf_set_attr_count[T_USER], 08990 rsbac_adf_set_attr_count[T_PROCESS], 08991 rsbac_adf_set_attr_count[T_NETDEV], 08992 rsbac_adf_set_attr_count[T_NETTEMP], 08993 rsbac_adf_set_attr_count[T_NETOBJ], 08994 rsbac_adf_set_attr_count[T_UNIXSOCK]); 08995 08996 #if defined(CONFIG_RSBAC_PM) 08997 rsbac_stats_pm(); 08998 #endif 08999 #if defined(CONFIG_RSBAC_RC) 09000 rsbac_stats_rc(); 09001 #endif 09002 #if defined(CONFIG_RSBAC_AUTH) 09003 rsbac_stats_auth(); 09004 #endif 09005 #if defined(CONFIG_RSBAC_ACL) 09006 rsbac_stats_acl(); 09007 #endif 09008 return 0; 09009 }
int rsbac_ta_get_attr | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value, | |||
rsbac_boolean_t | inherit | |||
) |
Definition at line 11442 of file aci_data_structures.c.
References rsbac_target_id_t::dev, get_attr_dev(), get_attr_fd(), get_attr_ipc(), get_attr_process(), get_attr_user(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_lol_get_subdata(), rsbac_list_lol_subadd_ttl(), rsbac_pr_debug, rsbac_printk(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, T_UNIXSOCK, T_USER, and TRUE.
Referenced by rsbac_pm(), sys_rsbac_get_attr(), and sys_rsbac_get_attr_n().
11449 { 11450 int err = 0; 11451 11452 if (!rsbac_initialized) { 11453 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n"); 11454 return (-RSBAC_ENOTINITIALIZED); 11455 } 11456 if (!value_p) 11457 return (-RSBAC_EINVALIDPOINTER); 11458 if (in_interrupt()) { 11459 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n"); 11460 } 11461 #ifdef CONFIG_RSBAC_XSTATS 11462 get_attr_count[target]++; 11463 #endif 11464 switch (target) { 11465 case T_FILE: 11466 case T_DIR: 11467 case T_FIFO: 11468 case T_SYMLINK: 11469 case T_UNIXSOCK: 11470 #ifdef CONFIG_RSBAC_FD_CACHE 11471 if (inherit && !ta_number && fd_cache_handle[module] && (RSBAC_MAJOR(tid.file.device) > 1)) { 11472 struct rsbac_fd_cache_desc_t fd_desc; 11473 rsbac_enum_t cache_attr = attr; 11474 11475 fd_desc.device = tid.file.device; 11476 fd_desc.inode = tid.file.inode; 11477 if (!rsbac_list_lol_get_subdata(fd_cache_handle[module], 11478 &fd_desc, &cache_attr, 11479 value_p)) { 11480 #ifdef CONFIG_RSBAC_XSTATS 11481 fd_cache_hits[module]++; 11482 #endif 11483 return 0; 11484 } 11485 err = get_attr_fd(0, module, target, &tid, 11486 attr, value_p, TRUE); 11487 if (!err) { 11488 #if 0 11489 rsbac_pr_debug(auto, "Adding fd cache item device %02u:%02u inode %u attr %u\n", 11490 RSBAC_MAJOR(fd_desc.device), RSBAC_MINOR(fd_desc.device), 11491 fd_desc.inode, attr); 11492 #endif 11493 rsbac_list_lol_subadd_ttl(fd_cache_handle[module], 11494 rsbac_fd_cache_ttl, 11495 &fd_desc, &cache_attr, 11496 value_p); 11497 #ifdef CONFIG_RSBAC_XSTATS 11498 fd_cache_misses[module]++; 11499 #endif 11500 } 11501 return err; 11502 } 11503 #endif 11504 11505 return get_attr_fd(ta_number, module, target, &tid, 11506 attr, value_p, inherit); 11507 11508 case T_DEV: 11509 return get_attr_dev(ta_number, module, target, tid.dev, 11510 attr, value_p, inherit); 11511 11512 case T_IPC: 11513 return get_attr_ipc(ta_number, module, target, &tid, 11514 attr, value_p, inherit); 11515 11516 case T_USER: 11517 return get_attr_user(ta_number, module, target, &tid, 11518 attr, value_p, inherit); 11519 11520 case T_PROCESS: 11521 return get_attr_process(ta_number, module, target, &tid, 11522 attr, value_p, inherit); 11523 11524 #ifdef CONFIG_RSBAC_UM 11525 case T_GROUP: 11526 return get_attr_group(ta_number, module, target, &tid, 11527 attr, value_p, inherit); 11528 #endif /* CONFIG_RSBAC_UM */ 11529 11530 #ifdef CONFIG_RSBAC_NET_DEV 11531 case T_NETDEV: 11532 return get_attr_netdev(ta_number, module, target, &tid, 11533 attr, value_p, inherit); 11534 #endif 11535 11536 #ifdef CONFIG_RSBAC_NET_OBJ 11537 case T_NETTEMP: 11538 return get_attr_nettemp(ta_number, module, target, &tid, 11539 attr, value_p, inherit); 11540 11541 case T_NETOBJ: 11542 return get_attr_netobj(ta_number, module, target, &tid, 11543 attr, value_p, inherit); 11544 #endif 11545 11546 /* switch target: no valid target */ 11547 default: 11548 return -RSBAC_EINVALIDTARGET; 11549 } 11550 11551 return err; 11552 }
int rsbac_ta_list_all_dev | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_dev_desc_t ** | id_pp | |||
) |
Definition at line 14188 of file aci_data_structures.c.
References D_block, D_block_major, dev_handles, dev_major_handles, NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_exist(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc.
Referenced by sys_rsbac_list_all_dev().
14190 { 14191 int count = 0; 14192 int tmp_count; 14193 14194 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen); 14195 if (tmp_count > 0) 14196 count += tmp_count; 14197 #if defined(CONFIG_RSBAC_MAC) 14198 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac); 14199 if (tmp_count > 0) 14200 count += tmp_count; 14201 #endif 14202 #if defined(CONFIG_RSBAC_PM) 14203 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm); 14204 if (tmp_count > 0) 14205 count += tmp_count; 14206 #endif 14207 #if defined(CONFIG_RSBAC_RC) 14208 tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc); 14209 if (tmp_count > 0) 14210 count += tmp_count; 14211 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc); 14212 if (tmp_count > 0) 14213 count += tmp_count; 14214 #endif 14215 if (id_pp) { 14216 struct rsbac_dev_desc_t *i_id_p = NULL; 14217 char *pos = NULL; 14218 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC) 14219 u_int i; 14220 #endif 14221 14222 if (count > 0) { 14223 int i_count = 0; 14224 14225 i_count = count + 20; /* max value to expect */ 14226 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); 14227 if (!*id_pp) 14228 return -RSBAC_ENOMEM; 14229 pos = (char *) *id_pp; 14230 tmp_count = rsbac_ta_list_get_all_desc(ta_number, 14231 dev_handles. 14232 gen, 14233 (void **) 14234 &i_id_p); 14235 if (tmp_count > 0) { 14236 if (tmp_count > i_count) 14237 tmp_count = i_count; 14238 memcpy(pos, i_id_p, 14239 tmp_count * sizeof(*i_id_p)); 14240 rsbac_vfree(i_id_p); 14241 count = tmp_count; 14242 i_count -= tmp_count; 14243 pos += tmp_count * sizeof(*i_id_p); 14244 } else 14245 count = 0; 14246 #if defined(CONFIG_RSBAC_MAC) 14247 if (i_count) { 14248 tmp_count = 14249 rsbac_ta_list_get_all_desc(ta_number, 14250 dev_handles. 14251 mac, 14252 (void **) 14253 &i_id_p); 14254 if (tmp_count > 0) { 14255 if (tmp_count > i_count) 14256 tmp_count = i_count; 14257 for (i = 0; i < tmp_count; i++) { 14258 if (!rsbac_ta_list_exist 14259 (ta_number, 14260 dev_handles.gen, 14261 &i_id_p[i])) { 14262 memcpy(pos, 14263 &i_id_p[i], 14264 sizeof 14265 (*i_id_p)); 14266 pos += 14267 sizeof 14268 (*i_id_p); 14269 count++; 14270 i_count--; 14271 } 14272 } 14273 rsbac_vfree(i_id_p); 14274 } 14275 } 14276 #endif 14277 #if defined(CONFIG_RSBAC_PM) 14278 if (i_count) { 14279 tmp_count = 14280 rsbac_ta_list_get_all_desc(ta_number, 14281 dev_handles. 14282 pm, 14283 (void **) 14284 &i_id_p); 14285 if (tmp_count > 0) { 14286 if (tmp_count > i_count) 14287 tmp_count = i_count; 14288 for (i = 0; i < tmp_count; i++) { 14289 if (!rsbac_ta_list_exist 14290 (ta_number, 14291 dev_handles.gen, 14292 &i_id_p[i])) 14293 #if defined(CONFIG_RSBAC_MAC) 14294 if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i])) 14295 #endif 14296 { 14297 memcpy(pos, 14298 &i_id_p 14299 [i], 14300 sizeof 14301 (*i_id_p)); 14302 pos += 14303 sizeof 14304 (*i_id_p); 14305 count++; 14306 i_count--; 14307 } 14308 } 14309 rsbac_vfree(i_id_p); 14310 } 14311 } 14312 #endif 14313 #if defined(CONFIG_RSBAC_RC) 14314 if (i_count) { 14315 tmp_count = 14316 rsbac_ta_list_get_all_desc(ta_number, 14317 dev_major_handles. 14318 rc, 14319 (void **) 14320 &i_id_p); 14321 if (tmp_count > 0) { 14322 if (tmp_count > i_count) 14323 tmp_count = i_count; 14324 for (i = 0; i < tmp_count; i++) { 14325 i_id_p[i].type += 14326 (D_block_major - 14327 D_block); 14328 memcpy(pos, &i_id_p[i], 14329 sizeof(*i_id_p)); 14330 pos += sizeof(*i_id_p); 14331 count++; 14332 i_count--; 14333 } 14334 rsbac_vfree(i_id_p); 14335 } 14336 } 14337 if (i_count) { 14338 tmp_count = 14339 rsbac_ta_list_get_all_desc(ta_number, 14340 dev_handles. 14341 rc, 14342 (void **) 14343 &i_id_p); 14344 if (tmp_count > 0) { 14345 if (tmp_count > i_count) 14346 tmp_count = i_count; 14347 for (i = 0; i < tmp_count; i++) { 14348 if (!rsbac_ta_list_exist 14349 (ta_number, 14350 dev_handles.gen, 14351 &i_id_p[i])) 14352 #if defined(CONFIG_RSBAC_MAC) 14353 if (!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i])) 14354 #endif 14355 #if defined(CONFIG_RSBAC_PM) 14356 if (!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i])) 14357 #endif 14358 { 14359 memcpy 14360 (pos, 14361 &i_id_p 14362 [i], 14363 sizeof 14364 (*i_id_p)); 14365 pos += sizeof(*i_id_p); 14366 count++; 14367 i_count--; 14368 } 14369 } 14370 rsbac_vfree(i_id_p); 14371 } 14372 } 14373 #endif 14374 if (!count) 14375 rsbac_vfree(*id_pp); 14376 } 14377 } 14378 return count; 14379 }
int rsbac_ta_list_all_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t ** | id_pp | |||
) |
Definition at line 14657 of file aci_data_structures.c.
References NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc.
Referenced by sys_rsbac_list_all_group().
14659 { 14660 #if defined(CONFIG_RSBAC_RC_UM_PROT) 14661 int count = 0; 14662 int tmp_count; 14663 14664 tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc); 14665 if (tmp_count > 0) 14666 count += tmp_count; 14667 if (id_pp) { 14668 if (count > 0) { 14669 int i_count; 14670 rsbac_gid_t *i_id_p = NULL; 14671 14672 i_count = count + 20; /* max value to expect */ 14673 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); 14674 if (!*id_pp) 14675 return -RSBAC_ENOMEM; 14676 tmp_count = rsbac_ta_list_get_all_desc(ta_number, 14677 group_handles. 14678 rc, 14679 (void **) 14680 &i_id_p); 14681 if (tmp_count > 0) { 14682 if (tmp_count > i_count) 14683 tmp_count = i_count; 14684 memcpy(*id_pp, i_id_p, 14685 tmp_count * sizeof(*i_id_p)); 14686 rsbac_vfree(i_id_p); 14687 count = tmp_count; 14688 i_count -= tmp_count; 14689 } else 14690 count = 0; 14691 if (!count) 14692 rsbac_vfree(*id_pp); 14693 } 14694 } 14695 return count; 14696 #else 14697 return 0; 14698 #endif 14699 }
int rsbac_ta_list_all_ipc | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_ipc_t ** | id_pp | |||
) |
Definition at line 14599 of file aci_data_structures.c.
References copy_new_ipcs(), ipc_handles, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_vfree, and rsbac_vmalloc.
Referenced by sys_rsbac_list_all_ipc().
14601 { 14602 int count = 0; 14603 int tmp_count; 14604 14605 #if defined(CONFIG_RSBAC_MAC) 14606 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.mac); 14607 if (tmp_count > 0) 14608 count += tmp_count; 14609 #endif 14610 #if defined(CONFIG_RSBAC_PM) 14611 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.pm); 14612 if (tmp_count > 0) 14613 count += tmp_count; 14614 #endif 14615 #if defined(CONFIG_RSBAC_RC) 14616 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.rc); 14617 if (tmp_count > 0) 14618 count += tmp_count; 14619 #endif 14620 #if defined(CONFIG_RSBAC_JAIL) 14621 tmp_count = rsbac_ta_list_count(ta_number, ipc_handles.jail); 14622 if (tmp_count > 0) 14623 count += tmp_count; 14624 #endif 14625 if (id_pp) { 14626 if (count > 0) { 14627 int i_count; 14628 14629 i_count = count + 20; /* max value to expect */ 14630 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); 14631 if (!*id_pp) 14632 return -RSBAC_ENOMEM; 14633 count = 0; 14634 #if defined(CONFIG_RSBAC_MAC) 14635 copy_new_ipcs(ipc_handles.mac, ta_number, &count, 14636 &i_count, *id_pp); 14637 #endif 14638 #if defined(CONFIG_RSBAC_PM) 14639 copy_new_ipcs(ipc_handles.pm, ta_number, &count, 14640 &i_count, *id_pp); 14641 #endif 14642 #if defined(CONFIG_RSBAC_RC) 14643 copy_new_ipcs(ipc_handles.rc, ta_number, &count, 14644 &i_count, *id_pp); 14645 #endif 14646 #if defined(CONFIG_RSBAC_JAIL) 14647 copy_new_ipcs(ipc_handles.jail, ta_number, &count, 14648 &i_count, *id_pp); 14649 #endif 14650 if (!count) 14651 rsbac_vfree(*id_pp); 14652 } 14653 } 14654 return count; 14655 }
int rsbac_ta_list_all_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t ** | id_pp | |||
) |
Definition at line 14425 of file aci_data_structures.c.
References copy_new_uids(), NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, rsbac_vmalloc, and user_handles.
Referenced by sys_rsbac_list_all_user().
14427 { 14428 int count = 0; 14429 int tmp_count; 14430 14431 tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen); 14432 if (tmp_count > 0) 14433 count += tmp_count; 14434 #if defined(CONFIG_RSBAC_MAC) 14435 tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac); 14436 if (tmp_count > 0) 14437 count += tmp_count; 14438 #endif 14439 #if defined(CONFIG_RSBAC_PM) 14440 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm); 14441 if (tmp_count > 0) 14442 count += tmp_count; 14443 #endif 14444 #if defined(CONFIG_RSBAC_DAZ) 14445 tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz); 14446 if (tmp_count > 0) 14447 count += tmp_count; 14448 #endif 14449 #if defined(CONFIG_RSBAC_FF) 14450 tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff); 14451 if (tmp_count > 0) 14452 count += tmp_count; 14453 #endif 14454 #if defined(CONFIG_RSBAC_RC) 14455 tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc); 14456 if (tmp_count > 0) 14457 count += tmp_count; 14458 #endif 14459 #if defined(CONFIG_RSBAC_AUTH) 14460 tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth); 14461 if (tmp_count > 0) 14462 count += tmp_count; 14463 #endif 14464 #if defined(CONFIG_RSBAC_CAP) 14465 tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap); 14466 if (tmp_count > 0) 14467 count += tmp_count; 14468 #endif 14469 #if defined(CONFIG_RSBAC_JAIL) 14470 tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail); 14471 if (tmp_count > 0) 14472 count += tmp_count; 14473 #endif 14474 #if defined(CONFIG_RSBAC_PAX) 14475 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax); 14476 if (tmp_count > 0) 14477 count += tmp_count; 14478 #endif 14479 #if defined(CONFIG_RSBAC_RES) 14480 tmp_count = rsbac_ta_list_count(ta_number, user_handles.res); 14481 if (tmp_count > 0) 14482 count += tmp_count; 14483 #endif 14484 if (id_pp) { 14485 if (count > 0) { 14486 int i_count; 14487 rsbac_uid_t *i_id_p = NULL; 14488 14489 i_count = count + 20; /* max value to expect */ 14490 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); 14491 if (!*id_pp) 14492 return -RSBAC_ENOMEM; 14493 tmp_count = rsbac_ta_list_get_all_desc(ta_number, 14494 user_handles. 14495 gen, 14496 (void **) 14497 &i_id_p); 14498 if (tmp_count > 0) { 14499 if (tmp_count > i_count) 14500 tmp_count = i_count; 14501 memcpy(*id_pp, i_id_p, 14502 tmp_count * sizeof(*i_id_p)); 14503 rsbac_vfree(i_id_p); 14504 count = tmp_count; 14505 i_count -= tmp_count; 14506 } else 14507 count = 0; 14508 #if defined(CONFIG_RSBAC_MAC) 14509 copy_new_uids(user_handles.mac, ta_number, &count, 14510 &i_count, *id_pp); 14511 #endif 14512 #if defined(CONFIG_RSBAC_PM) 14513 copy_new_uids(user_handles.pm, ta_number, &count, 14514 &i_count, *id_pp); 14515 #endif 14516 #if defined(CONFIG_RSBAC_DAZ) 14517 copy_new_uids(user_handles.daz, ta_number, &count, 14518 &i_count, *id_pp); 14519 #endif 14520 #if defined(CONFIG_RSBAC_FF) 14521 copy_new_uids(user_handles.ff, ta_number, &count, 14522 &i_count, *id_pp); 14523 #endif 14524 #if defined(CONFIG_RSBAC_RC) 14525 copy_new_uids(user_handles.rc, ta_number, &count, 14526 &i_count, *id_pp); 14527 #endif 14528 #if defined(CONFIG_RSBAC_AUTH) 14529 copy_new_uids(user_handles.auth, ta_number, &count, 14530 &i_count, *id_pp); 14531 #endif 14532 #if defined(CONFIG_RSBAC_CAP) 14533 copy_new_uids(user_handles.cap, ta_number, &count, 14534 &i_count, *id_pp); 14535 #endif 14536 #if defined(CONFIG_RSBAC_JAIL) 14537 copy_new_uids(user_handles.jail, ta_number, &count, 14538 &i_count, *id_pp); 14539 #endif 14540 #if defined(CONFIG_RSBAC_PAX) 14541 copy_new_uids(user_handles.pax, ta_number, &count, 14542 &i_count, *id_pp); 14543 #endif 14544 #if defined(CONFIG_RSBAC_RES) 14545 copy_new_uids(user_handles.res, ta_number, &count, 14546 &i_count, *id_pp); 14547 #endif 14548 if (!count) 14549 rsbac_vfree(*id_pp); 14550 } 14551 } 14552 return count; 14553 }
int rsbac_ta_remove_target | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid | |||
) |
Definition at line 13760 of file aci_data_structures.c.
References D_block, D_block_major, D_char, D_char_major, rsbac_target_id_t::dev, dev_handles, dev_major_handles, device_hash(), device_list_locks, rsbac_target_id_t::group, rsbac_target_id_t::ipc, ipc_handles, lookup_device(), rsbac_target_id_t::netdev, rsbac_target_id_t::netobj, rsbac_target_id_t::nettemp, NULL, rsbac_target_id_t::process, process_handles, rsbac_acl_remove_acl(), rsbac_auth_remove_f_capsets(), rsbac_auth_remove_p_capsets(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_mac_remove_f_trusets(), rsbac_mac_remove_p_trusets(), rsbac_mount(), rsbac_printk(), rsbac_ta_list_remove(), rsbac_net_obj_desc_t::sock_p, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SYMLINK, T_UNIXSOCK, T_USER, rsbac_dev_desc_t::type, rsbac_target_id_t::user, and user_handles.
Referenced by rsbac_pm(), sys_rsbac_remove_target(), and sys_rsbac_remove_target_n().
13763 { 13764 int error = 0; 13765 struct rsbac_device_list_item_t *device_p; 13766 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 13767 u_long dflags; 13768 #endif 13769 u_int hash; 13770 13771 if (!rsbac_initialized) { 13772 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n"); 13773 return (-RSBAC_ENOTINITIALIZED); 13774 } 13775 if (in_interrupt()) { 13776 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n"); 13777 } 13778 switch (target) { 13779 case T_FILE: 13780 case T_DIR: 13781 case T_FIFO: 13782 case T_SYMLINK: 13783 case T_UNIXSOCK: 13784 /* rsbac_pr_debug(ds, "Removing file/dir/fifo/symlink ACI\n"); */ 13785 #if defined(CONFIG_RSBAC_MAC) 13786 /* file and dir items can also have mac_f_trusets -> remove first */ 13787 if ((target == T_FILE) 13788 || (target == T_DIR) 13789 ) 13790 error = rsbac_mac_remove_f_trusets(tid.file); 13791 #endif 13792 #if defined(CONFIG_RSBAC_AUTH) 13793 /* file and dir items can also have auth_f_capsets -> remove first */ 13794 if ((target == T_FILE) 13795 || (target == T_DIR) 13796 ) 13797 error = rsbac_auth_remove_f_capsets(tid.file); 13798 #endif 13799 #if defined(CONFIG_RSBAC_ACL) 13800 /* items can also have an acl_fd_item -> remove first */ 13801 error = rsbac_acl_remove_acl(ta_number, target, tid); 13802 #endif 13803 hash = device_hash(tid.file.device); 13804 /* wait for read access to device_list_head */ 13805 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13806 rcu_read_lock(); 13807 #else 13808 rsbac_read_lock(&device_list_locks[hash], &dflags); 13809 #endif 13810 13811 /* lookup device */ 13812 device_p = lookup_device(tid.file.device, hash); 13813 if (!device_p) { 13814 struct super_block *sb_p; 13815 13816 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13817 rcu_read_unlock(); 13818 #else 13819 rsbac_read_unlock(&device_list_locks[hash], &dflags); 13820 #endif 13821 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13822 sb_p = user_get_super(tid.file.device); 13823 #else 13824 sb_p = get_super(tid.file.device); 13825 #endif 13826 if (sb_p) { 13827 if(RSBAC_MAJOR(tid.file.device) <= 1) { 13828 rsbac_printk(KERN_INFO "rsbac_remove_target(): auto-mounting device %02u:%02u\n", 13829 RSBAC_MAJOR(tid.file.device), 13830 RSBAC_MINOR(tid.file.device)); 13831 rsbac_mount(sb_p, NULL); 13832 } 13833 /* free super_block pointer */ 13834 drop_super(sb_p); 13835 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13836 rcu_read_lock(); 13837 #else 13838 rsbac_read_lock(&device_list_locks[hash], 13839 &dflags); 13840 #endif 13841 device_p = lookup_device(tid.file.device, hash); 13842 if (!device_p) { 13843 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13844 rcu_read_unlock(); 13845 #else 13846 rsbac_read_unlock 13847 (&device_list_locks[hash], 13848 &dflags); 13849 #endif 13850 rsbac_printk(KERN_WARNING "rsbac_remove_target(): unknown device %02u:%02u\n", 13851 RSBAC_MAJOR(tid.file. 13852 device), 13853 RSBAC_MINOR(tid.file. 13854 device)); 13855 return -RSBAC_EINVALIDDEV; 13856 } 13857 } else 13858 return -RSBAC_EINVALIDDEV; 13859 } 13860 rsbac_ta_list_remove(ta_number, 13861 device_p->handles.gen, 13862 &tid.file.inode); 13863 #if defined(CONFIG_RSBAC_MAC) 13864 rsbac_ta_list_remove(ta_number, 13865 device_p->handles.mac, 13866 &tid.file.inode); 13867 #endif 13868 #if defined(CONFIG_RSBAC_PM) 13869 rsbac_ta_list_remove(ta_number, 13870 device_p->handles.pm, 13871 &tid.file.inode); 13872 #endif 13873 #if defined(CONFIG_RSBAC_DAZ) 13874 rsbac_ta_list_remove(ta_number, 13875 device_p->handles.daz, 13876 &tid.file.inode); 13877 #if defined(CONFIG_RSBAC_DAZ_CACHE) 13878 rsbac_ta_list_remove(ta_number, 13879 device_p->handles.dazs, 13880 &tid.file.inode); 13881 #endif 13882 #endif 13883 #if defined(CONFIG_RSBAC_FF) 13884 rsbac_ta_list_remove(ta_number, 13885 device_p->handles.ff, 13886 &tid.file.inode); 13887 #endif 13888 #if defined(CONFIG_RSBAC_RC) 13889 rsbac_ta_list_remove(ta_number, 13890 device_p->handles.rc, 13891 &tid.file.inode); 13892 #endif 13893 #if defined(CONFIG_RSBAC_AUTH) 13894 rsbac_ta_list_remove(ta_number, 13895 device_p->handles.auth, 13896 &tid.file.inode); 13897 #endif 13898 #if defined(CONFIG_RSBAC_CAP) 13899 rsbac_ta_list_remove(ta_number, 13900 device_p->handles.cap, 13901 &tid.file.inode); 13902 #endif 13903 #if defined(CONFIG_RSBAC_PAX) 13904 rsbac_ta_list_remove(ta_number, 13905 device_p->handles.pax, 13906 &tid.file.inode); 13907 #endif 13908 #if defined(CONFIG_RSBAC_RES) 13909 rsbac_ta_list_remove(ta_number, 13910 device_p->handles.res, 13911 &tid.file.inode); 13912 #endif 13913 13914 /* free access to device_list_head */ 13915 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 13916 rcu_read_unlock(); 13917 #else 13918 rsbac_read_unlock(&device_list_locks[hash], &dflags); 13919 #endif 13920 #ifdef CONFIG_RSBAC_FD_CACHE 13921 rsbac_fd_cache_invalidate(&tid.file); 13922 #endif 13923 break; 13924 13925 case T_DEV: 13926 { 13927 switch (tid.dev.type) 13928 { 13929 case D_block: 13930 case D_char: 13931 rsbac_ta_list_remove(ta_number, 13932 dev_handles.gen, 13933 &tid.dev); 13934 #if defined(CONFIG_RSBAC_MAC) 13935 rsbac_ta_list_remove(ta_number, 13936 dev_handles.mac, 13937 &tid.dev); 13938 #endif 13939 #if defined(CONFIG_RSBAC_PM) 13940 rsbac_ta_list_remove(ta_number, 13941 dev_handles.pm, 13942 &tid.dev); 13943 #endif 13944 #if defined(CONFIG_RSBAC_RC) 13945 rsbac_ta_list_remove(ta_number, 13946 dev_handles.rc, 13947 &tid.dev); 13948 #endif 13949 break; 13950 case D_block_major: 13951 case D_char_major: 13952 { 13953 enum rsbac_dev_type_t orig_devtype=tid.dev.type; 13954 13955 if (tid.dev.type==D_block_major) 13956 tid.dev.type=D_block; 13957 else 13958 tid.dev.type=D_char; 13959 rsbac_ta_list_remove(ta_number, 13960 dev_major_handles.gen, 13961 &tid.dev); 13962 #if defined(CONFIG_RSBAC_MAC) 13963 rsbac_ta_list_remove(ta_number, 13964 dev_major_handles.mac, 13965 &tid.dev); 13966 #endif 13967 #if defined(CONFIG_RSBAC_PM) 13968 rsbac_ta_list_remove(ta_number, 13969 dev_major_handles.pm, 13970 &tid.dev); 13971 #endif 13972 #if defined(CONFIG_RSBAC_RC) 13973 rsbac_ta_list_remove(ta_number, 13974 dev_major_handles.rc, 13975 &tid.dev); 13976 #endif 13977 tid.dev.type=orig_devtype; 13978 break; 13979 } 13980 default: 13981 return -RSBAC_EINVALIDTARGET; 13982 } 13983 } 13984 break; 13985 13986 case T_IPC: 13987 /* rsbac_pr_debug(ds, "Removing ipc ACI\n"); */ 13988 #if defined(CONFIG_RSBAC_MAC) 13989 rsbac_ta_list_remove(ta_number, ipc_handles.mac, &tid.ipc); 13990 #endif 13991 #if defined(CONFIG_RSBAC_PM) 13992 rsbac_ta_list_remove(ta_number, ipc_handles.pm, &tid.ipc); 13993 #endif 13994 #if defined(CONFIG_RSBAC_RC) 13995 rsbac_ta_list_remove(ta_number, ipc_handles.rc, &tid.ipc); 13996 #endif 13997 #if defined(CONFIG_RSBAC_JAIL) 13998 rsbac_ta_list_remove(ta_number, 13999 ipc_handles.jail, &tid.ipc); 14000 #endif 14001 break; 14002 14003 case T_USER: 14004 /* rsbac_pr_debug(ds, "Removing user ACI"); */ 14005 rsbac_ta_list_remove(ta_number, 14006 user_handles.gen, &tid.user); 14007 #if defined(CONFIG_RSBAC_MAC) 14008 rsbac_ta_list_remove(ta_number, 14009 user_handles.mac, &tid.user); 14010 #endif 14011 #if defined(CONFIG_RSBAC_PM) 14012 rsbac_ta_list_remove(ta_number, 14013 user_handles.pm, &tid.user); 14014 #endif 14015 #if defined(CONFIG_RSBAC_DAZ) 14016 rsbac_ta_list_remove(ta_number, 14017 user_handles.daz, &tid.user); 14018 #endif 14019 #if defined(CONFIG_RSBAC_FF) 14020 rsbac_ta_list_remove(ta_number, 14021 user_handles.ff, &tid.user); 14022 #endif 14023 #if defined(CONFIG_RSBAC_RC) 14024 rsbac_ta_list_remove(ta_number, 14025 user_handles.rc, &tid.user); 14026 #endif 14027 #if defined(CONFIG_RSBAC_AUTH) 14028 rsbac_ta_list_remove(ta_number, 14029 user_handles.auth, &tid.user); 14030 #endif 14031 #if defined(CONFIG_RSBAC_CAP) 14032 rsbac_ta_list_remove(ta_number, 14033 user_handles.cap, &tid.user); 14034 #endif 14035 #if defined(CONFIG_RSBAC_JAIL) 14036 rsbac_ta_list_remove(ta_number, 14037 user_handles.jail, &tid.user); 14038 #endif 14039 #if defined(CONFIG_RSBAC_PAX) 14040 rsbac_ta_list_remove(ta_number, 14041 user_handles.pax, &tid.user); 14042 #endif 14043 #if defined(CONFIG_RSBAC_RES) 14044 rsbac_ta_list_remove(ta_number, 14045 user_handles.res, &tid.user); 14046 #endif 14047 break; 14048 14049 case T_PROCESS: 14050 /* too noisy... kicked out. 14051 rsbac_pr_debug(ds, "Removing process ACI\n"); 14052 */ 14053 #if defined(CONFIG_RSBAC_ACL) 14054 /* process items can also have an acl_p_item -> remove first */ 14055 error = rsbac_acl_remove_acl(ta_number, target, tid); 14056 #endif 14057 rsbac_ta_list_remove(ta_number, 14058 process_handles.gen, 14059 &tid.process); 14060 #if defined(CONFIG_RSBAC_MAC) 14061 /* process items can also have mac_p_trusets -> remove first */ 14062 error = rsbac_mac_remove_p_trusets(tid.process); 14063 rsbac_ta_list_remove(ta_number, 14064 process_handles.mac, 14065 &tid.process); 14066 #endif 14067 #if defined(CONFIG_RSBAC_PM) 14068 rsbac_ta_list_remove(ta_number, 14069 process_handles.pm, &tid.process); 14070 #endif 14071 #if defined(CONFIG_RSBAC_DAZ) 14072 rsbac_ta_list_remove(ta_number, 14073 process_handles.daz, &tid.process); 14074 #endif 14075 #if defined(CONFIG_RSBAC_RC) 14076 rsbac_ta_list_remove(ta_number, 14077 process_handles.rc, 14078 &tid.process); 14079 #endif 14080 #if defined(CONFIG_RSBAC_AUTH) 14081 /* process items can also have auth_p_capsets -> remove first */ 14082 error = rsbac_auth_remove_p_capsets(tid.process); 14083 rsbac_ta_list_remove(ta_number, 14084 process_handles.auth, &tid.process); 14085 #endif 14086 #if defined(CONFIG_RSBAC_CAP) 14087 rsbac_ta_list_remove(ta_number, 14088 process_handles.cap, &tid.process); 14089 #endif 14090 #if defined(CONFIG_RSBAC_JAIL) 14091 rsbac_ta_list_remove(ta_number, 14092 process_handles.jail, 14093 &tid.process); 14094 #endif 14095 break; 14096 14097 #ifdef CONFIG_RSBAC_UM 14098 case T_GROUP: 14099 /* rsbac_pr_debug(ds, "Removing group ACI\n"); */ 14100 #if defined(CONFIG_RSBAC_RC_UM_PROT) 14101 rsbac_ta_list_remove(ta_number, 14102 group_handles.rc, &tid.group); 14103 #endif 14104 break; 14105 #endif /* CONFIG_RSBAC_UM */ 14106 14107 #ifdef CONFIG_RSBAC_NET_DEV 14108 case T_NETDEV: 14109 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 14110 rsbac_ta_list_remove(ta_number, 14111 netdev_handles.gen, &tid.netdev); 14112 #endif 14113 #if defined(CONFIG_RSBAC_RC) 14114 rsbac_ta_list_remove(ta_number, 14115 netdev_handles.rc, &tid.netdev); 14116 #endif 14117 break; 14118 #endif 14119 14120 #ifdef CONFIG_RSBAC_NET_OBJ 14121 case T_NETTEMP: 14122 /* too noisy... kicked out. 14123 rsbac_pr_debug(ds, "Removing nettemp ACI\n"); 14124 */ 14125 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG) 14126 rsbac_ta_list_remove(ta_number, 14127 nettemp_handles.gen, &tid.nettemp); 14128 #endif 14129 #if defined(CONFIG_RSBAC_MAC) 14130 rsbac_ta_list_remove(ta_number, 14131 nettemp_handles.mac, &tid.nettemp); 14132 #endif 14133 #if defined(CONFIG_RSBAC_PM) 14134 rsbac_ta_list_remove(ta_number, 14135 nettemp_handles.pm, &tid.nettemp); 14136 #endif 14137 #if defined(CONFIG_RSBAC_RC) 14138 rsbac_ta_list_remove(ta_number, 14139 nettemp_handles.rc, &tid.nettemp); 14140 #endif 14141 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT) 14142 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid); 14143 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid); 14144 #endif 14145 break; 14146 14147 case T_NETOBJ: 14148 /* too noisy... kicked out. 14149 rsbac_pr_debug(ds, "Removing netobj ACI\n"); 14150 */ 14151 #if defined(CONFIG_RSBAC_MAC) 14152 rsbac_ta_list_remove(ta_number, 14153 lnetobj_handles.mac, 14154 &tid.netobj.sock_p); 14155 rsbac_ta_list_remove(ta_number, 14156 rnetobj_handles.mac, 14157 &tid.netobj.sock_p); 14158 #endif 14159 #if defined(CONFIG_RSBAC_PM) 14160 rsbac_ta_list_remove(ta_number, 14161 lnetobj_handles.pm, 14162 &tid.netobj.sock_p); 14163 rsbac_ta_list_remove(ta_number, 14164 rnetobj_handles.pm, 14165 &tid.netobj.sock_p); 14166 #endif 14167 #if defined(CONFIG_RSBAC_RC) 14168 rsbac_ta_list_remove(ta_number, 14169 lnetobj_handles.rc, 14170 &tid.netobj.sock_p); 14171 rsbac_ta_list_remove(ta_number, 14172 rnetobj_handles.rc, 14173 &tid.netobj.sock_p); 14174 #endif 14175 break; 14176 14177 #endif 14178 14179 default: 14180 return (-RSBAC_EINVALIDTARGET); 14181 } 14182 #ifdef CONFIG_RSBAC_XSTATS 14183 remove_count[target]++; 14184 #endif 14185 return (error); 14186 }
int rsbac_ta_set_attr | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t | value | |||
) |
Definition at line 13664 of file aci_data_structures.c.
References rsbac_target_id_t::dev, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), set_attr_dev(), set_attr_fd(), set_attr_ipc(), set_attr_process(), set_attr_user(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, T_UNIXSOCK, and T_USER.
Referenced by rsbac_pm(), sys_rsbac_set_attr(), and sys_rsbac_set_attr_n().
13670 { 13671 int err = 0; 13672 /* 13673 #ifdef CONFIG_RSBAC_DEBUG 13674 char tmp[RSBAC_MAXNAMELEN]; 13675 #endif 13676 */ 13677 if (!rsbac_initialized) { 13678 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n"); 13679 return (-RSBAC_ENOTINITIALIZED); 13680 } 13681 if (in_interrupt()) { 13682 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n"); 13683 } 13684 switch (target) { 13685 case T_FILE: 13686 case T_DIR: 13687 case T_FIFO: 13688 case T_SYMLINK: 13689 case T_UNIXSOCK: 13690 err = set_attr_fd(ta_number, module, target, &tid, attr, &value); 13691 break; 13692 13693 case T_DEV: 13694 err = 13695 set_attr_dev(ta_number, module, target, tid.dev, attr, 13696 &value); 13697 break; 13698 13699 case T_IPC: 13700 err = 13701 set_attr_ipc(ta_number, module, target, &tid, attr, 13702 &value); 13703 break; 13704 13705 case T_USER: 13706 err = 13707 set_attr_user(ta_number, module, target, &tid, attr, 13708 &value); 13709 break; 13710 13711 case T_PROCESS: 13712 err = 13713 set_attr_process(ta_number, module, target, &tid, attr, 13714 &value); 13715 break; 13716 13717 #ifdef CONFIG_RSBAC_UM 13718 case T_GROUP: 13719 err = 13720 set_attr_group(ta_number, module, target, &tid, attr, 13721 &value); 13722 break; 13723 #endif /* CONFIG_RSBAC_UM */ 13724 13725 #ifdef CONFIG_RSBAC_NET_DEV 13726 case T_NETDEV: 13727 err = 13728 set_attr_netdev(ta_number, module, target, &tid, attr, 13729 &value); 13730 break; 13731 #endif 13732 13733 #ifdef CONFIG_RSBAC_NET_OBJ 13734 case T_NETTEMP: 13735 err = 13736 set_attr_nettemp(ta_number, module, target, &tid, attr, 13737 &value); 13738 break; 13739 13740 case T_NETOBJ: 13741 err = 13742 set_attr_netobj(ta_number, module, target, &tid, attr, 13743 &value); 13744 break; 13745 #endif /* NET_OBJ */ 13746 13747 /* switch(target): no valid target */ 13748 default: 13749 return (-RSBAC_EINVALIDTARGET); 13750 } 13751 #ifdef CONFIG_RSBAC_XSTATS 13752 if (!err) 13753 set_attr_count[target]++; 13754 #endif 13755 return (err); 13756 }
int rsbac_umount | ( | struct super_block * | sb_p, | |
struct dentry * | d_covers | |||
) |
Definition at line 8442 of file aci_data_structures.c.
References device_hash(), device_list_locks, lookup_device(), NULL, remove_device_item(), rsbac_debug_no_write, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_umount(), rsbac_pr_debug, rsbac_printk(), rsbac_umount_acl(), rsbac_umount_auth(), rsbac_umount_mac(), rsbac_umount_reg(), rsbac_write(), rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE.
08443 { 08444 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08445 u_long flags; 08446 #endif 08447 struct rsbac_device_list_item_t *device_p; 08448 kdev_t kdev; 08449 u_int hash; 08450 08451 if (!sb_p) { 08452 rsbac_printk(KERN_WARNING "rsbac_umount(): called with NULL pointer\n"); 08453 return -RSBAC_EINVALIDPOINTER; 08454 } 08455 if (!rsbac_initialized) { 08456 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n"); 08457 08458 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08459 if ((sb_p->s_magic == SYSFS_MAGIC) 08460 && !RSBAC_MAJOR(sb_p->s_dev) 08461 && sysfs_sb_p && sysfs_covered_p) { 08462 rsbac_printk(KERN_WARNING "rsbac_umount(): sysfs umount detected, removing auto-mount values\n"); 08463 sysfs_sb_p = NULL; 08464 sysfs_covered_p = NULL; 08465 } 08466 #endif 08467 #ifdef CONFIG_DEVFS_MOUNT 08468 if ((sb_p->s_magic == DEVFS_SUPER_MAGIC) 08469 && !RSBAC_MAJOR(sb_p->s_dev) 08470 && devfs_sb_p && devfs_covered_p) { 08471 rsbac_printk(KERN_WARNING "rsbac_umount(): devfs umount detected, removing auto-mount values\n"); 08472 devfs_sb_p = NULL; 08473 devfs_covered_p = NULL; 08474 } 08475 #endif 08476 08477 return (-RSBAC_ENOTINITIALIZED); 08478 } 08479 rsbac_pr_debug(ds, "umounting device %02u:%02u\n", 08480 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 08481 kdev = sb_p->s_dev; 08482 08483 /* sync attribute lists */ 08484 #if defined(CONFIG_RSBAC_AUTO_WRITE) 08485 if (!rsbac_debug_no_write) { 08486 down(&rsbac_write_sem); 08487 /* recheck no_write with lock - might have been set in between */ 08488 if (!rsbac_debug_no_write) { 08489 rsbac_write(TRUE); 08490 } 08491 up(&rsbac_write_sem); 08492 } 08493 #endif 08494 /* call other umount functions */ 08495 #if defined(CONFIG_RSBAC_MAC) 08496 rsbac_umount_mac(kdev); 08497 #endif 08498 #if defined(CONFIG_RSBAC_AUTH) 08499 rsbac_umount_auth(kdev); 08500 #endif 08501 #if defined(CONFIG_RSBAC_ACL) 08502 rsbac_umount_acl(kdev); 08503 #endif 08504 #if defined(CONFIG_RSBAC_REG) 08505 rsbac_umount_reg(kdev); 08506 #endif 08507 08508 hash = device_hash(kdev); 08509 /* wait for write access to device_list_head */ 08510 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08511 spin_lock(&device_list_locks[hash]); 08512 #else 08513 rsbac_write_lock(&device_list_locks[hash], &flags); 08514 #endif 08515 /* OK, nobody else is working on it... */ 08516 device_p = lookup_device(kdev, hash); 08517 if (device_p) { 08518 if (device_p->mount_count == 1) { 08519 /* Generic lists */ 08520 rsbac_list_umount(kdev); 08521 /* 2.6: remove_device_item unlocks! */ 08522 remove_device_item(kdev); 08523 } else { 08524 if (device_p->mount_count > 1) { 08525 device_p->mount_count--; 08526 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08527 spin_unlock(&device_list_locks[hash]); 08528 #endif 08529 if (device_p->d_covers == d_covers) { 08530 rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n", 08531 RSBAC_MAJOR(kdev), 08532 RSBAC_MINOR(kdev)); 08533 device_p->d_covers = NULL; 08534 } 08535 } else { 08536 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08537 spin_unlock(&device_list_locks[hash]); 08538 #endif 08539 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n", 08540 RSBAC_MAJOR(kdev), 08541 RSBAC_MINOR(kdev)); 08542 } 08543 } 08544 } 08545 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08546 else 08547 spin_unlock(&device_list_locks[hash]); 08548 #else 08549 rsbac_write_unlock(&device_list_locks[hash], &flags); 08550 #endif 08551 #ifdef CONFIG_RSBAC_FD_CACHE 08552 rsbac_fd_cache_invalidate_all(); 08553 #endif 08554 08555 return 0; 08556 }
Definition at line 136 of file aci_data_structures.c.
Referenced by rsbac_do_init(), rsbac_free_dat_dentries(), rsbac_init(), rsbac_is_initialized(), rsbac_kthread_notify(), rsbac_mark_kthread(), rsbac_mount(), rsbac_stats(), rsbac_ta_get_attr(), rsbac_ta_remove_target(), rsbac_ta_set_attr(), and rsbac_umount().