00001
00002
00003
00004
00005
00006
00007
00008
00009 #include <linux/types.h>
00010 #include <linux/sched.h>
00011 #include <linux/mm.h>
00012 #include <linux/init.h>
00013 #include <linux/ext2_fs.h>
00014 #include <asm/uaccess.h>
00015 #include <rsbac/types.h>
00016 #include <rsbac/aci_data_structures.h>
00017 #include <rsbac/acl_data_structures.h>
00018 #include <rsbac/error.h>
00019 #include <rsbac/helpers.h>
00020 #include <rsbac/adf.h>
00021 #include <rsbac/aci.h>
00022 #include <rsbac/acl.h>
00023 #include <rsbac/lists.h>
00024 #include <rsbac/proc_fs.h>
00025 #include <rsbac/getname.h>
00026 #include <rsbac/acl_getname.h>
00027 #include <rsbac/rkmem.h>
00028 #include <rsbac/network.h>
00029 #include <linux/string.h>
00030 #include <linux/smp_lock.h>
00031
00032
00033
00034
00035
00036
00037
00038 static struct rsbac_acl_device_list_head_t device_list_head;
00039
00040 static rsbac_list_handle_t dev_handle = NULL;
00041 static rsbac_list_handle_t scd_handle = NULL;
00042 static rsbac_list_handle_t group_handle = NULL;
00043 static rsbac_list_handle_t gm_handle = NULL;
00044 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00045 static rsbac_list_handle_t netdev_handle = NULL;
00046 #endif
00047 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00048 static rsbac_list_handle_t nettemp_nt_handle = NULL;
00049 static rsbac_list_handle_t nettemp_handle = NULL;
00050 static rsbac_list_handle_t netobj_handle = NULL;
00051 #endif
00052
00053 static rsbac_list_handle_t default_fd_handle = NULL;
00054 static rsbac_list_handle_t default_dev_handle = NULL;
00055 static rsbac_list_handle_t default_ipc_handle = NULL;
00056 static rsbac_list_handle_t default_scd_handle = NULL;
00057 static rsbac_list_handle_t u_handle = NULL;
00058 static rsbac_list_handle_t default_u_handle = NULL;
00059 static rsbac_list_handle_t default_p_handle = NULL;
00060 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00061 static rsbac_list_handle_t g_handle = NULL;
00062 static rsbac_list_handle_t default_g_handle = NULL;
00063 #endif
00064 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00065 static rsbac_list_handle_t default_netdev_handle = NULL;
00066 static rsbac_acl_rights_vector_t default_netdev_rights = 0;
00067 #endif
00068 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00069 static rsbac_list_handle_t default_nettemp_nt_handle = NULL;
00070 static rsbac_list_handle_t default_netobj_handle = NULL;
00071 static rsbac_acl_rights_vector_t default_nettemp_nt_rights = 0;
00072 static rsbac_acl_rights_vector_t default_netobj_rights = 0;
00073 #endif
00074
00075 static rsbac_acl_group_id_t group_last_new = 0;
00076
00077 static rsbac_acl_rights_vector_t default_fd_rights = 0;
00078 static rsbac_acl_rights_vector_t default_dev_rights = 0;
00079 static rsbac_acl_rights_vector_t default_ipc_rights = 0;
00080 static rsbac_acl_rights_vector_t default_scd_rights = 0;
00081 static rsbac_acl_rights_vector_t default_u_rights = 0;
00082 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00083 static rsbac_acl_rights_vector_t default_g_rights = 0;
00084 #endif
00085 static rsbac_acl_rights_vector_t default_p_rights = 0;
00086
00087
00088
00089
00090
00091 rsbac_boolean_t writable(struct super_block * sb_p);
00092
00093
00094
00095
00096
00097
00098
00099
00100
00101 static inline int fd_hash(rsbac_inode_nr_t inode)
00102 {
00103 return(inode % RSBAC_ACL_NR_FD_LISTS);
00104 }
00105
00106 static int entry_compare(void * desc1, void * desc2)
00107 {
00108 int result;
00109 struct rsbac_acl_entry_desc_t * i_desc1 = desc1;
00110 struct rsbac_acl_entry_desc_t * i_desc2 = desc2;
00111
00112 result = memcmp(&i_desc1->subj_type,
00113 &i_desc2->subj_type,
00114 sizeof(i_desc1->subj_type));
00115 if(result)
00116 return result;
00117 else
00118 return memcmp(&i_desc1->subj_id,
00119 &i_desc2->subj_id,
00120 sizeof(i_desc1->subj_id));
00121 }
00122
00123 static int dev_compare(void * desc1, void * desc2)
00124 {
00125 int result;
00126 struct rsbac_dev_desc_t * i_desc1 = desc1;
00127 struct rsbac_dev_desc_t * i_desc2 = desc2;
00128
00129 result = memcmp(&i_desc1->type,
00130 &i_desc2->type,
00131 sizeof(i_desc1->type));
00132 if(result)
00133 return result;
00134 result = memcmp(&i_desc1->major,
00135 &i_desc2->major,
00136 sizeof(i_desc1->major));
00137 if(result)
00138 return result;
00139 return memcmp(&i_desc1->minor,
00140 &i_desc2->minor,
00141 sizeof(i_desc1->minor));
00142 }
00143
00144 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00145 static int netdev_compare(void * desc1, void * desc2)
00146 {
00147 return strncmp(desc1,
00148 desc2,
00149 RSBAC_IFNAMSIZ);
00150 }
00151 #endif
00152
00153 static int fd_conv(
00154 void * old_desc,
00155 void * old_data,
00156 void * new_desc,
00157 void * new_data)
00158 {
00159 rsbac_acl_rights_vector_t * new = new_data;
00160 rsbac_acl_rights_vector_t * old = old_data;
00161
00162 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00163 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00164 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00165 return 0;
00166 }
00167
00168 rsbac_list_conv_function_t * fd_get_conv(rsbac_version_t old_version)
00169 {
00170 switch(old_version)
00171 {
00172 case RSBAC_ACL_FD_OLD_LIST_VERSION:
00173 return fd_conv;
00174 default:
00175 return NULL;
00176 }
00177 }
00178
00179 static int dev_conv(
00180 void * old_desc,
00181 void * old_data,
00182 void * new_desc,
00183 void * new_data)
00184 {
00185 rsbac_acl_rights_vector_t * new = new_data;
00186 rsbac_acl_rights_vector_t * old = old_data;
00187
00188 memcpy(new_desc, old_desc, sizeof(struct rsbac_dev_desc_t));
00189 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00190 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00191 return 0;
00192 }
00193
00194 static int dev_old_conv(
00195 void * old_desc,
00196 void * old_data,
00197 void * new_desc,
00198 void * new_data)
00199 {
00200 struct rsbac_dev_desc_t * new = new_desc;
00201 struct rsbac_dev_t * old = old_desc;
00202 rsbac_acl_rights_vector_t * newd = new_data;
00203 rsbac_acl_rights_vector_t * oldd = old_data;
00204
00205
00206 memcpy(new_data, old_data, sizeof(rsbac_acl_rights_vector_t));
00207 new->type = old->type;
00208 new->major = RSBAC_MAJOR(old->id);
00209 new->minor = RSBAC_MINOR(old->id);
00210 *newd = (*oldd & RSBAC_ALL_REQUEST_VECTOR)
00211 | ( (*oldd & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00212 return 0;
00213 }
00214
00215 rsbac_list_conv_function_t * dev_get_conv(rsbac_version_t old_version)
00216 {
00217 switch(old_version)
00218 {
00219 case RSBAC_ACL_DEV_OLD_LIST_VERSION:
00220 return dev_conv;
00221 case RSBAC_ACL_DEV_OLD_OLD_LIST_VERSION:
00222 return dev_old_conv;
00223 default:
00224 return NULL;
00225 }
00226 }
00227
00228 static int scd_conv(
00229 void * old_desc,
00230 void * old_data,
00231 void * new_desc,
00232 void * new_data)
00233 {
00234 rsbac_acl_rights_vector_t * new = new_data;
00235 rsbac_acl_rights_vector_t * old = old_data;
00236
00237 memcpy(new_desc, old_desc, sizeof(__u8));
00238 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00239 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00240 return 0;
00241 }
00242
00243 rsbac_list_conv_function_t * scd_get_conv(rsbac_version_t old_version)
00244 {
00245 switch(old_version)
00246 {
00247 case RSBAC_ACL_SCD_OLD_LIST_VERSION:
00248 return scd_conv;
00249 default:
00250 return NULL;
00251 }
00252 }
00253
00254 static int netdev_conv(
00255 void * old_desc,
00256 void * old_data,
00257 void * new_desc,
00258 void * new_data)
00259 {
00260 rsbac_acl_rights_vector_t * new = new_data;
00261 rsbac_acl_rights_vector_t * old = old_data;
00262
00263 memcpy(new_desc, old_desc, sizeof(rsbac_netdev_id_t));
00264 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00265 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00266 return 0;
00267 }
00268
00269 rsbac_list_conv_function_t * netdev_get_conv(rsbac_version_t old_version)
00270 {
00271 switch(old_version)
00272 {
00273 case RSBAC_ACL_NETDEV_OLD_LIST_VERSION:
00274 return netdev_conv;
00275 default:
00276 return NULL;
00277 }
00278 }
00279
00280 static int nettemp_nt_conv(
00281 void * old_desc,
00282 void * old_data,
00283 void * new_desc,
00284 void * new_data)
00285 {
00286 rsbac_acl_rights_vector_t * new = new_data;
00287 rsbac_acl_rights_vector_t * old = old_data;
00288
00289 memcpy(new_desc, old_desc, sizeof(rsbac_net_temp_id_t));
00290 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00291 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00292 return 0;
00293 }
00294
00295 rsbac_list_conv_function_t * nettemp_nt_get_conv(rsbac_version_t old_version)
00296 {
00297 switch(old_version)
00298 {
00299 case RSBAC_ACL_NETTEMP_NT_OLD_LIST_VERSION:
00300 return nettemp_nt_conv;
00301 default:
00302 return NULL;
00303 }
00304 }
00305
00306 static int nettemp_conv(
00307 void * old_desc,
00308 void * old_data,
00309 void * new_desc,
00310 void * new_data)
00311 {
00312 rsbac_acl_rights_vector_t * new = new_data;
00313 rsbac_acl_rights_vector_t * old = old_data;
00314
00315 memcpy(new_desc, old_desc, sizeof(rsbac_net_temp_id_t));
00316 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00317 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00318 return 0;
00319 }
00320
00321 rsbac_list_conv_function_t * nettemp_get_conv(rsbac_version_t old_version)
00322 {
00323 switch(old_version)
00324 {
00325 case RSBAC_ACL_NETTEMP_OLD_LIST_VERSION:
00326 return nettemp_conv;
00327 default:
00328 return NULL;
00329 }
00330 }
00331
00332
00333 static int common_subconv(
00334 void * old_desc,
00335 void * old_data,
00336 void * new_desc,
00337 void * new_data)
00338 {
00339 rsbac_acl_rights_vector_t * new = new_data;
00340 rsbac_acl_rights_vector_t * old = old_data;
00341
00342 memcpy(new_desc, old_desc, sizeof(struct rsbac_acl_entry_desc_t));
00343 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00344 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00345 return 0;
00346 }
00347
00348 rsbac_list_conv_function_t * fd_get_subconv(rsbac_version_t old_version)
00349 {
00350 switch(old_version)
00351 {
00352 case RSBAC_ACL_FD_OLD_LIST_VERSION:
00353 return common_subconv;
00354 default:
00355 return NULL;
00356 }
00357 }
00358
00359 rsbac_list_conv_function_t * dev_get_subconv(rsbac_version_t old_version)
00360 {
00361 switch(old_version)
00362 {
00363 case RSBAC_ACL_DEV_OLD_LIST_VERSION:
00364 return common_subconv;
00365 case RSBAC_ACL_DEV_OLD_OLD_LIST_VERSION:
00366 return common_subconv;
00367 default:
00368 return NULL;
00369 }
00370 }
00371
00372 rsbac_list_conv_function_t * scd_get_subconv(rsbac_version_t old_version)
00373 {
00374 switch(old_version)
00375 {
00376 case RSBAC_ACL_SCD_OLD_LIST_VERSION:
00377 return common_subconv;
00378 default:
00379 return NULL;
00380 }
00381 }
00382
00383 rsbac_list_conv_function_t * netdev_get_subconv(rsbac_version_t old_version)
00384 {
00385 switch(old_version)
00386 {
00387 case RSBAC_ACL_NETDEV_OLD_LIST_VERSION:
00388 return common_subconv;
00389 default:
00390 return NULL;
00391 }
00392 }
00393
00394 rsbac_list_conv_function_t * nettemp_nt_get_subconv(rsbac_version_t old_version)
00395 {
00396 switch(old_version)
00397 {
00398 case RSBAC_ACL_NETTEMP_NT_OLD_LIST_VERSION:
00399 return common_subconv;
00400 default:
00401 return NULL;
00402 }
00403 }
00404
00405 rsbac_list_conv_function_t * nettemp_get_subconv(rsbac_version_t old_version)
00406 {
00407 switch(old_version)
00408 {
00409 case RSBAC_ACL_NETTEMP_OLD_LIST_VERSION:
00410 return common_subconv;
00411 default:
00412 return NULL;
00413 }
00414 }
00415
00416 rsbac_list_conv_function_t * def_fd_get_conv(rsbac_version_t old_version)
00417 {
00418 switch(old_version)
00419 {
00420 case RSBAC_ACL_DEF_FD_OLD_LIST_VERSION:
00421 return common_subconv;
00422 default:
00423 return NULL;
00424 }
00425 }
00426
00427 rsbac_list_conv_function_t * def_dev_get_conv(rsbac_version_t old_version)
00428 {
00429 switch(old_version)
00430 {
00431 case RSBAC_ACL_DEF_DEV_OLD_LIST_VERSION:
00432 return common_subconv;
00433 default:
00434 return NULL;
00435 }
00436 }
00437
00438 rsbac_list_conv_function_t * def_ipc_get_conv(rsbac_version_t old_version)
00439 {
00440 switch(old_version)
00441 {
00442 case RSBAC_ACL_DEF_IPC_OLD_LIST_VERSION:
00443 return common_subconv;
00444 default:
00445 return NULL;
00446 }
00447 }
00448
00449 rsbac_list_conv_function_t * def_scd_get_conv(rsbac_version_t old_version)
00450 {
00451 switch(old_version)
00452 {
00453 case RSBAC_ACL_DEF_SCD_OLD_LIST_VERSION:
00454 return common_subconv;
00455 default:
00456 return NULL;
00457 }
00458 }
00459
00460 rsbac_list_conv_function_t * def_u_get_conv(rsbac_version_t old_version)
00461 {
00462 switch(old_version)
00463 {
00464 case RSBAC_ACL_DEF_U_OLD_LIST_VERSION:
00465 return common_subconv;
00466 default:
00467 return NULL;
00468 }
00469 }
00470
00471 rsbac_list_conv_function_t * def_p_get_conv(rsbac_version_t old_version)
00472 {
00473 switch(old_version)
00474 {
00475 case RSBAC_ACL_DEF_P_OLD_LIST_VERSION:
00476 return common_subconv;
00477 default:
00478 return NULL;
00479 }
00480 }
00481
00482 rsbac_list_conv_function_t * def_g_get_conv(rsbac_version_t old_version)
00483 {
00484 switch(old_version)
00485 {
00486 case RSBAC_ACL_DEF_G_OLD_LIST_VERSION:
00487 return common_subconv;
00488 default:
00489 return NULL;
00490 }
00491 }
00492
00493 rsbac_list_conv_function_t * def_netdev_get_conv(rsbac_version_t old_version)
00494 {
00495 switch(old_version)
00496 {
00497 case RSBAC_ACL_DEF_NETDEV_OLD_LIST_VERSION:
00498 return common_subconv;
00499 default:
00500 return NULL;
00501 }
00502 }
00503
00504 rsbac_list_conv_function_t * def_nettemp_nt_get_conv(rsbac_version_t old_version)
00505 {
00506 switch(old_version)
00507 {
00508 case RSBAC_ACL_DEF_NETTEMP_NT_OLD_LIST_VERSION:
00509 return common_subconv;
00510 default:
00511 return NULL;
00512 }
00513 }
00514
00515 rsbac_list_conv_function_t * def_netobj_get_conv(rsbac_version_t old_version)
00516 {
00517 switch(old_version)
00518 {
00519 case RSBAC_ACL_DEF_NETOBJ_OLD_LIST_VERSION:
00520 return common_subconv;
00521 default:
00522 return NULL;
00523 }
00524 }
00525
00526
00527
00528
00529
00530 static int acl_register_fd_lists(struct rsbac_acl_device_list_item_t * device_p,
00531 kdev_t kdev)
00532 {
00533 char * name;
00534 int err = 0;
00535 int tmperr;
00536 char number[10];
00537 u_int file_no;
00538 struct rsbac_list_lol_info_t lol_info;
00539 rsbac_acl_rights_vector_t def_mask=RSBAC_ACL_DEFAULT_FD_MASK;
00540
00541 if(!device_p)
00542 return(-RSBAC_EINVALIDPOINTER);
00543 name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00544 if(!name)
00545 return -RSBAC_ENOMEM;
00546
00547
00548 for (file_no = 0; file_no < RSBAC_ACL_NR_FD_LISTS; file_no++)
00549 {
00550
00551 strcpy(name, RSBAC_ACL_FD_FILENAME);
00552 strcat(name, inttostr(number,file_no) );
00553
00554 lol_info.version = RSBAC_ACL_FD_LIST_VERSION;
00555 lol_info.key = RSBAC_ACL_LIST_KEY;
00556 lol_info.desc_size = sizeof(rsbac_inode_nr_t);
00557 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
00558 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
00559 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
00560 lol_info.max_age = 0;
00561 tmperr = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00562 &(device_p->handles[file_no]),
00563 &lol_info,
00564 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
00565 rsbac_list_compare_u32,
00566 entry_compare,
00567 fd_get_conv,
00568 fd_get_subconv,
00569 &def_mask,
00570 NULL,
00571 name,
00572 kdev);
00573 if(tmperr)
00574 {
00575 char * tmp;
00576
00577 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00578 if(tmp)
00579 {
00580 #ifdef CONFIG_RSBAC_RMSG
00581 rsbac_printk(KERN_WARNING
00582 "acl_register_fd_lists(): registering list %u for device %02u:%02u failed with error %s!\n",
00583 file_no,
00584 RSBAC_MAJOR(kdev),
00585 RSBAC_MINOR(kdev),
00586 get_error_name(tmp, tmperr));
00587 #endif
00588 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00589 if (!rsbac_nosyslog)
00590 #endif
00591 printk(KERN_WARNING
00592 "acl_register_fd_lists(): registering list %u for device %02u:%02u failed with error %s!\n",
00593 file_no,
00594 RSBAC_MAJOR(kdev),
00595 RSBAC_MINOR(kdev),
00596 get_error_name(tmp, tmperr));
00597 rsbac_kfree(tmp);
00598 }
00599 err = tmperr;
00600 }
00601 }
00602 return err;
00603 }
00604
00605
00606
00607
00608 static int acl_detach_fd_lists(struct rsbac_acl_device_list_item_t * device_p)
00609 {
00610 char * name;
00611 int err = 0;
00612 int tmperr;
00613 char number[10];
00614 u_int file_no;
00615
00616 if(!device_p)
00617 return(-RSBAC_EINVALIDPOINTER);
00618 name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00619 if(!name)
00620 return -RSBAC_ENOMEM;
00621
00622
00623 for (file_no = 0; file_no < RSBAC_ACL_NR_FD_LISTS; file_no++)
00624 {
00625
00626 strcpy(name, RSBAC_ACL_FD_FILENAME);
00627 strcat(name, inttostr(number,file_no) );
00628
00629 tmperr = rsbac_list_lol_detach(&device_p->handles[file_no],
00630 RSBAC_ACL_LIST_KEY);
00631 if(tmperr)
00632 {
00633 char * tmp;
00634
00635 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00636 if(tmp)
00637 {
00638 #ifdef CONFIG_RSBAC_RMSG
00639 rsbac_printk(KERN_WARNING
00640 "acl_detach_fd_lists(): detaching from list %u for device %02u:%02u failed with error %s!\n",
00641 file_no,
00642 RSBAC_MAJOR(device_p->id),
00643 RSBAC_MINOR(device_p->id),
00644 get_error_name(tmp, tmperr));
00645 #endif
00646 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00647 if (!rsbac_nosyslog)
00648 #endif
00649 printk(KERN_WARNING
00650 "acl_detach_fd_lists(): detaching from list %u for device %02u:%02u failed with error %s!\n",
00651 file_no,
00652 RSBAC_MAJOR(device_p->id),
00653 RSBAC_MINOR(device_p->id),
00654 get_error_name(tmp, tmperr));
00655 rsbac_kfree(tmp);
00656 }
00657 err = tmperr;
00658 }
00659 }
00660 return err;
00661 }
00662
00663
00664
00665
00666
00667
00668 static struct rsbac_acl_device_list_item_t * acl_lookup_device(kdev_t kdev)
00669 {
00670 struct rsbac_acl_device_list_item_t * curr = device_list_head.curr;
00671
00672
00673 if( !curr
00674 || (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00675 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00676 )
00677 {
00678 curr = device_list_head.head;
00679 while( curr
00680 && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00681 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00682 )
00683 )
00684 {
00685 curr = curr->next;
00686 }
00687 if (curr)
00688 device_list_head.curr=curr;
00689 }
00690
00691 return (curr);
00692 };
00693
00694
00695
00696
00697
00698
00699
00700
00701 static struct rsbac_acl_device_list_item_t
00702 * create_device_item(kdev_t kdev)
00703 {
00704 struct rsbac_acl_device_list_item_t * new_item_p;
00705
00706
00707 if ( !(new_item_p = (struct rsbac_acl_device_list_item_t *)
00708 rsbac_kmalloc(sizeof(*new_item_p)) ) )
00709 return(NULL);
00710
00711 memset(new_item_p, 0, sizeof(*new_item_p));
00712 new_item_p->id = kdev;
00713 new_item_p->mount_count = 1;
00714 return(new_item_p);
00715 };
00716
00717
00718 static struct rsbac_acl_device_list_item_t
00719 * add_device_item(struct rsbac_acl_device_list_item_t * device_p)
00720 {
00721 if (!device_p)
00722 return(NULL);
00723
00724
00725 if (!device_list_head.head)
00726 {
00727 device_list_head.head=device_p;
00728 device_list_head.tail=device_p;
00729 device_list_head.curr=device_p;
00730 device_list_head.count=1;
00731 device_p->prev=NULL;
00732 device_p->next=NULL;
00733 }
00734 else
00735 {
00736 device_p->prev=device_list_head.tail;
00737 device_p->next=NULL;
00738 device_list_head.tail->next=device_p;
00739 device_list_head.tail=device_p;
00740 device_list_head.curr=device_p;
00741 device_list_head.count++;
00742 };
00743 return(device_p);
00744 };
00745
00746
00747
00748
00749
00750
00751
00752
00753 static void clear_device_item(struct rsbac_acl_device_list_item_t * device_p)
00754 {
00755 if(!device_p)
00756 return;
00757
00758
00759 acl_detach_fd_lists(device_p);
00760
00761 rsbac_kfree(device_p);
00762 };
00763
00764 static void remove_device_item(kdev_t kdev)
00765 {
00766 struct rsbac_acl_device_list_item_t * item_p;
00767
00768
00769 if ( (item_p = acl_lookup_device(kdev)) )
00770 {
00771 if (device_list_head.head == item_p)
00772 {
00773 if (device_list_head.tail == item_p)
00774 {
00775 device_list_head.head = NULL;
00776 device_list_head.tail = NULL;
00777 }
00778 else
00779 {
00780 item_p->next->prev = NULL;
00781 device_list_head.head = item_p->next;
00782 };
00783 }
00784 else
00785 {
00786 if (device_list_head.tail == item_p)
00787 {
00788 item_p->prev->next = NULL;
00789 device_list_head.tail = item_p->prev;
00790 }
00791 else
00792 {
00793 item_p->prev->next = item_p->next;
00794 item_p->next->prev = item_p->prev;
00795 };
00796 };
00797
00798
00799 device_list_head.curr=NULL;
00800
00801 device_list_head.count--;
00802
00803
00804
00805 clear_device_item(item_p);
00806 };
00807
00808 };
00809
00810
00811
00812
00813
00814 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00815 static int
00816 acl_devices_proc_info(char *buffer, char **start, off_t offset, int length)
00817 {
00818 int len = 0;
00819 off_t pos = 0;
00820 off_t begin = 0;
00821 struct rsbac_acl_device_list_item_t * device_p;
00822 u_long dflags;
00823
00824 if (!rsbac_is_initialized()) return (-ENOSYS);
00825
00826 len += sprintf(buffer, "%u RSBAC ACL Devices\n-------------------\n",
00827 device_list_head.count);
00828
00829
00830 rsbac_read_lock(&device_list_head.lock, &dflags);
00831
00832 for (device_p = device_list_head.head; device_p; device_p = device_p->next)
00833 {
00834 len += sprintf(buffer + len, "%02u:%02u with mount_count = %u\n",
00835 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
00836 device_p->mount_count);
00837 pos = begin + len;
00838 if (pos < offset)
00839 {
00840 len = 0;
00841 begin = pos;
00842 }
00843 if (pos > offset+length)
00844 break;
00845 }
00846
00847
00848 rsbac_read_unlock(&device_list_head.lock, &dflags);
00849
00850 *start = buffer + (offset - begin);
00851 len -= (offset - begin);
00852
00853 if (len > length)
00854 len = length;
00855 return len;
00856 }
00857
00858 static int
00859 stats_acl_proc_info(char *buffer, char **start, off_t offset, int length)
00860 {
00861 u_int len = 0;
00862 off_t pos = 0;
00863 off_t begin = 0;
00864
00865 u_int item_count = 0;
00866 u_int member_count = 0;
00867 u_int tmp_count;
00868 u_int i;
00869 u_long dflags;
00870 struct rsbac_acl_device_list_item_t * device_p;
00871
00872 union rsbac_target_id_t rsbac_target_id;
00873 union rsbac_attribute_value_t rsbac_attribute_value;
00874
00875 if (!rsbac_is_initialized())
00876 {
00877 #ifdef CONFIG_RSBAC_RMSG
00878 rsbac_printk(KERN_WARNING "stats_acl_proc_info(): RSBAC not initialized\n");
00879 #endif
00880 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00881 if (!rsbac_nosyslog)
00882 #endif
00883 printk(KERN_WARNING "stats_acl_proc_info(): RSBAC not initialized\n");
00884 return(-RSBAC_ENOTINITIALIZED);
00885 }
00886 #ifdef CONFIG_RSBAC_DEBUG
00887 if (rsbac_debug_aef_acl)
00888 {
00889 #ifdef CONFIG_RSBAC_RMSG
00890 rsbac_printk(KERN_DEBUG "stats_acl_proc_info(): calling ADF\n");
00891 #endif
00892 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00893 if (!rsbac_nosyslog)
00894 #endif
00895 printk(KERN_DEBUG "stats_acl_proc_info(): calling ADF\n");
00896 }
00897 #endif
00898 rsbac_target_id.scd = ST_rsbac;
00899 rsbac_attribute_value.dummy = 0;
00900 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00901 current->pid,
00902 T_SCD,
00903 rsbac_target_id,
00904 A_none,
00905 rsbac_attribute_value))
00906 {
00907 return -EPERM;
00908 }
00909
00910 len += sprintf(buffer, "ACL Status\n-----------\n");
00911
00912
00913 rsbac_read_lock(&device_list_head.lock, &dflags);
00914 device_p = device_list_head.head;
00915 while(device_p)
00916 {
00917
00918 item_count = 0;
00919 member_count = 0;
00920 for(i=0; i<RSBAC_ACL_NR_FD_LISTS; i++)
00921 {
00922 tmp_count = rsbac_list_lol_count(device_p->handles[i]);
00923 if(tmp_count > 0)
00924 item_count+=tmp_count;
00925 tmp_count = rsbac_list_lol_all_subcount(device_p->handles[i]);
00926 if(tmp_count > 0)
00927 member_count += tmp_count;
00928 }
00929 len += sprintf(buffer + len, "device %02u:%02u has %i file ACLs, sum of %i members\n",
00930 RSBAC_MAJOR(device_p->id),
00931 RSBAC_MINOR(device_p->id),
00932 item_count,
00933 member_count);
00934 pos = begin + len;
00935 if (pos < offset)
00936 {
00937 len = 0;
00938 begin = pos;
00939 }
00940 if (pos > offset+length)
00941 {
00942 rsbac_read_unlock(&device_list_head.lock, &dflags);
00943 goto out;
00944 }
00945 device_p = device_p->next;
00946 }
00947
00948 rsbac_read_unlock(&device_list_head.lock, &dflags);
00949
00950
00951 len += sprintf(buffer + len, "%li device ACL items, sum of %li members\n",
00952 rsbac_list_lol_count(dev_handle),
00953 rsbac_list_lol_all_subcount(dev_handle));
00954 pos = begin + len;
00955 if (pos < offset)
00956 {
00957 len = 0;
00958 begin = pos;
00959 }
00960 if (pos > offset+length)
00961 goto out;
00962
00963
00964 len += sprintf(buffer + len, "%li scd ACL items, sum of %li members\n",
00965 rsbac_list_lol_count(scd_handle),
00966 rsbac_list_lol_all_subcount(scd_handle));
00967 pos = begin + len;
00968 if (pos < offset)
00969 {
00970 len = 0;
00971 begin = pos;
00972 }
00973 if (pos > offset+length)
00974 goto out;
00975
00976
00977 len += sprintf(buffer + len, "%li user ACL items, sum of %li members\n",
00978 rsbac_list_lol_count(u_handle),
00979 rsbac_list_lol_all_subcount(u_handle));
00980 pos = begin + len;
00981 if (pos < offset)
00982 {
00983 len = 0;
00984 begin = pos;
00985 }
00986 if (pos > offset+length)
00987 goto out;
00988
00989 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00990
00991 len += sprintf(buffer + len, "%li Linux group ACL items, sum of %li members\n",
00992 rsbac_list_lol_count(g_handle),
00993 rsbac_list_lol_all_subcount(g_handle));
00994 pos = begin + len;
00995 if (pos < offset)
00996 {
00997 len = 0;
00998 begin = pos;
00999 }
01000 if (pos > offset+length)
01001 goto out;
01002 #endif
01003
01004 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
01005
01006 len += sprintf(buffer + len, "%li network device ACL items, sum of %li members\n",
01007 rsbac_list_lol_count(netdev_handle),
01008 rsbac_list_lol_all_subcount(netdev_handle));
01009 pos = begin + len;
01010 if (pos < offset)
01011 {
01012 len = 0;
01013 begin = pos;
01014 }
01015 if (pos > offset+length)
01016 goto out;
01017 #endif
01018
01019 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
01020
01021 len += sprintf(buffer + len, "%li network template NT ACL items, sum of %li members\n",
01022 rsbac_list_lol_count(nettemp_nt_handle),
01023 rsbac_list_lol_all_subcount(nettemp_nt_handle));
01024 pos = begin + len;
01025 if (pos < offset)
01026 {
01027 len = 0;
01028 begin = pos;
01029 }
01030 if (pos > offset+length)
01031 goto out;
01032
01033 len += sprintf(buffer + len, "%li network template ACL items, sum of %li members\n",
01034 rsbac_list_lol_count(nettemp_handle),
01035 rsbac_list_lol_all_subcount(nettemp_handle));
01036 pos = begin + len;
01037 if (pos < offset)
01038 {
01039 len = 0;
01040 begin = pos;
01041 }
01042 if (pos > offset+length)
01043 goto out;
01044
01045 len += sprintf(buffer + len, "%li network object ACL items, sum of %li members\n",
01046 rsbac_list_lol_count(netobj_handle),
01047 rsbac_list_lol_all_subcount(netobj_handle));
01048 pos = begin + len;
01049 if (pos < offset)
01050 {
01051 len = 0;
01052 begin = pos;
01053 }
01054 if (pos > offset+length)
01055 goto out;
01056 #endif
01057
01058 len += sprintf(buffer + len, "%li groups, last new is %u\n",
01059 rsbac_list_count(group_handle),
01060 group_last_new);
01061 pos = begin + len;
01062 if (pos < offset)
01063 {
01064 len = 0;
01065 begin = pos;
01066 }
01067 if (pos > offset+length)
01068 goto out;
01069
01070
01071 len += sprintf(buffer + len, "%li group member items, sum of %li group memberships\n",
01072 rsbac_list_lol_count(gm_handle),
01073 rsbac_list_lol_all_subcount(gm_handle));
01074 pos = begin + len;
01075 if (pos < offset)
01076 {
01077 len = 0;
01078 begin = pos;
01079 }
01080 if (pos > offset+length)
01081 goto out;
01082
01083 out:
01084 *start = buffer + (offset - begin);
01085 len -= (offset - begin);
01086
01087 if (len > length)
01088 len = length;
01089 return len;
01090 }
01091
01092 static int
01093 acl_acllist_proc_info(char *buffer, char **start, off_t offset, int length)
01094 {
01095 u_int len = 0;
01096 off_t pos = 0;
01097 off_t begin = 0;
01098
01099 u_int i,j,k;
01100 char tmp1[80], tmp2[80];
01101 u_int count = 0;
01102 int tmp_count;
01103 int tmp_sub_count;
01104 u_int member_count = 0;
01105 u_long dflags;
01106 struct rsbac_acl_device_list_item_t * device_p;
01107 rsbac_inode_nr_t * fd_desc_p;
01108 struct rsbac_dev_desc_t * dev_desc_p;
01109 __u8 * scd_desc_p;
01110 rsbac_uid_t * u_desc_p;
01111 #ifdef CONFIG_RSBAC_ACL_UM_PROT
01112 rsbac_gid_t * g_desc_p;
01113 #endif
01114 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
01115 rsbac_netdev_id_t * netdev_desc_p;
01116 #endif
01117 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
01118 rsbac_net_temp_id_t * nettemp_desc_p;
01119 rsbac_net_obj_id_t * netobj_desc_p;
01120 #endif
01121 struct rsbac_acl_entry_desc_t * sub_desc_p;
01122 rsbac_acl_rights_vector_t rights;
01123
01124 union rsbac_target_id_t rsbac_target_id;
01125 union rsbac_attribute_value_t rsbac_attribute_value;
01126
01127 if (!rsbac_is_initialized())
01128 {
01129 #ifdef CONFIG_RSBAC_RMSG
01130 rsbac_printk(KERN_WARNING "acl_acllist_proc_info(): RSBAC not initialized\n");
01131 #endif
01132 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01133 if (!rsbac_nosyslog)
01134 #endif
01135 printk(KERN_WARNING "acl_acllist_proc_info(): RSBAC not initialized\n");
01136 return(-RSBAC_ENOTINITIALIZED);
01137 }
01138 #ifdef CONFIG_RSBAC_DEBUG
01139 if (rsbac_debug_aef_acl)
01140 {
01141 #ifdef CONFIG_RSBAC_RMSG
01142 rsbac_printk(KERN_DEBUG "acl_acllist_proc_info(): calling ADF\n");
01143 #endif
01144 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01145 if (!rsbac_nosyslog)
01146 printk(KERN_DEBUG "acl_acllist_proc_info(): calling ADF\n");
01147 #endif
01148 }
01149 #endif
01150 rsbac_target_id.scd = ST_rsbac;
01151 rsbac_attribute_value.dummy = 0;
01152 if (!rsbac_adf_request(R_GET_STATUS_DATA,
01153 current->pid,
01154 T_SCD,
01155 rsbac_target_id,
01156 A_none,
01157 rsbac_attribute_value))
01158 {
01159 return -EPERM;
01160 }
01161
01162 len += sprintf(buffer, "ACL Lists\n----------\n");
01163
01164 len += sprintf(buffer + len,
01165 "Default FD ACL: %li members:",
01166 rsbac_list_count(default_fd_handle));
01167 pos = begin + len;
01168 if (pos < offset)
01169 {
01170 len = 0;
01171 begin = pos;
01172 }
01173 if (pos > offset+length)
01174 goto out;
01175 tmp_count = rsbac_list_get_all_desc(default_fd_handle, (void **) &sub_desc_p);
01176 if(tmp_count > 0)
01177 {
01178 for(i=0; i<tmp_count; i++)
01179 {
01180 len += sprintf(buffer + len, " %s %u,",
01181 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01182 sub_desc_p[i].subj_id);
01183 pos = begin + len;
01184 if (pos < offset)
01185 {
01186 len = 0;
01187 begin = pos;
01188 }
01189 if (pos > offset+length)
01190 {
01191 rsbac_vfree(sub_desc_p);
01192 goto out;
01193 }
01194 }
01195 rsbac_vfree(sub_desc_p);
01196 }
01197
01198
01199 len += sprintf(buffer + len, "\nDefault Device ACL: %li members:",
01200 rsbac_list_count(default_dev_handle));
01201 pos = begin + len;
01202 if (pos < offset)
01203 {
01204 len = 0;
01205 begin = pos;
01206 }
01207 if (pos > offset+length)
01208 goto out;
01209 tmp_count = rsbac_list_get_all_desc(default_dev_handle, (void **) &sub_desc_p);
01210 if(tmp_count > 0)
01211 {
01212 for(i=0; i<tmp_count; i++)
01213 {
01214 len += sprintf(buffer + len, " %s %u,",
01215 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01216 sub_desc_p[i].subj_id);
01217 pos = begin + len;
01218 if (pos < offset)
01219 {
01220 len = 0;
01221 begin = pos;
01222 }
01223 if (pos > offset+length)
01224 {
01225 rsbac_vfree(sub_desc_p);
01226 goto out;
01227 }
01228 }
01229 rsbac_vfree(sub_desc_p);
01230 }
01231
01232
01233 len += sprintf(buffer + len, "\nDefault IPC ACL: %li members:",
01234 rsbac_list_count(default_ipc_handle));
01235 pos = begin + len;
01236 if (pos < offset)
01237 {
01238 len = 0;
01239 begin = pos;
01240 }
01241 if (pos > offset+length)
01242 goto out;
01243 tmp_count = rsbac_list_get_all_desc(default_ipc_handle, (void **) &sub_desc_p);
01244 if(tmp_count > 0)
01245 {
01246 for(i=0; i<tmp_count; i++)
01247 {
01248 len += sprintf(buffer + len, " %s %u,",
01249 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01250 sub_desc_p[i].subj_id);
01251 pos = begin + len;
01252 if (pos < offset)
01253 {
01254 len = 0;
01255 begin = pos;
01256 }
01257 if (pos > offset+length)
01258 {
01259 rsbac_vfree(sub_desc_p);
01260 goto out;
01261 }
01262 }
01263 rsbac_vfree(sub_desc_p);
01264 }
01265
01266
01267 len += sprintf(buffer + len, "\nDefault SCD ACL: %li members:",
01268 rsbac_list_count(default_scd_handle));
01269 pos = begin + len;
01270 if (pos < offset)
01271 {
01272 len = 0;
01273 begin = pos;
01274 }
01275 if (pos > offset+length)
01276 goto out;
01277 tmp_count = rsbac_list_get_all_desc(default_scd_handle, (void **) &sub_desc_p);
01278 if(tmp_count > 0)
01279 {
01280 for(i=0; i<tmp_count; i++)
01281 {
01282 len += sprintf(buffer + len, " %s %u,",
01283 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01284 sub_desc_p[i].subj_id);
01285 pos = begin + len;
01286 if (pos < offset)
01287 {
01288 len = 0;
01289 begin = pos;
01290 }
01291 if (pos > offset+length)
01292 {
01293 rsbac_vfree(sub_desc_p);
01294 goto out;
01295 }
01296 }
01297 rsbac_vfree(sub_desc_p);
01298 }
01299
01300
01301 len += sprintf(buffer + len, "\nDefault User ACL: %li members:",
01302 rsbac_list_count(default_u_handle));
01303 pos = begin + len;
01304 if (pos < offset)
01305 {
01306 len = 0;
01307 begin = pos;
01308 }
01309 if (pos > offset+length)
01310 goto out;
01311 tmp_count = rsbac_list_get_all_desc(default_u_handle, (void **) &sub_desc_p);
01312 if(tmp_count > 0)
01313 {
01314 for(i=0; i<tmp_count; i++)
01315 {
01316 len += sprintf(buffer + len, " %s %u,",
01317 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01318 sub_desc_p[i].subj_id);
01319 pos = begin + len;
01320 if (pos < offset)
01321 {
01322 len = 0;
01323 begin = pos;
01324 }
01325 if (pos > offset+length)
01326 {
01327 rsbac_vfree(sub_desc_p);
01328 goto out;
01329 }
01330 }
01331 rsbac_vfree(sub_desc_p);
01332 }
01333
01334
01335 len += sprintf(buffer + len, "\nDefault Process ACL: %li members:",
01336 rsbac_list_count(default_p_handle));
01337 pos = begin + len;
01338 if (pos < offset)
01339 {
01340 len = 0;
01341 begin = pos;
01342 }
01343 if (pos > offset+length)
01344 goto out;
01345 tmp_count = rsbac_list_get_all_desc(default_p_handle, (void **) &sub_desc_p);
01346 if(tmp_count > 0)
01347 {
01348 for(i=0; i<tmp_count; i++)
01349 {
01350 len += sprintf(buffer + len, " %s %u,",
01351 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01352 sub_desc_p[i].subj_id);
01353 pos = begin + len;
01354 if (pos < offset)
01355 {
01356 len = 0;
01357 begin = pos;
01358 }
01359 if (pos > offset+length)
01360 {
01361 rsbac_vfree(sub_desc_p);
01362 goto out;
01363 }
01364 }
01365 rsbac_vfree(sub_desc_p);
01366 }
01367
01368 #ifdef CONFIG_RSBAC_ACL_UM_PROT
01369
01370 len += sprintf(buffer + len, "\nDefault Linux Group ACL: %li members:",
01371 rsbac_list_count(default_g_handle));
01372 pos = begin + len;
01373 if (pos < offset)
01374 {
01375 len = 0;
01376 begin = pos;
01377 }
01378 if (pos > offset+length)
01379 goto out;
01380 tmp_count = rsbac_list_get_all_desc(default_g_handle, (void **) &sub_desc_p);
01381 if(tmp_count > 0)
01382 {
01383 for(i=0; i<tmp_count; i++)
01384 {
01385 len += sprintf(buffer + len, " %s %u,",
01386 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01387 sub_desc_p[i].subj_id);
01388 pos = begin + len;
01389 if (pos < offset)
01390 {
01391 len = 0;
01392 begin = pos;
01393 }
01394 if (pos > offset+length)
01395 {
01396 rsbac_vfree(sub_desc_p);
01397 goto out;
01398 }
01399 }
01400 rsbac_vfree(sub_desc_p);
01401 }
01402 #endif
01403
01404 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
01405
01406 len += sprintf(buffer + len, "\nDefault Network Device ACL: %li members:",
01407 rsbac_list_count(default_netdev_handle));
01408 pos = begin + len;
01409 if (pos < offset)
01410 {
01411 len = 0;
01412 begin = pos;
01413 }
01414 if (pos > offset+length)
01415 goto out;
01416 tmp_count = rsbac_list_get_all_desc(default_netdev_handle, (void **) &sub_desc_p);
01417 if(tmp_count > 0)
01418 {
01419 for(i=0; i<tmp_count; i++)
01420 {
01421 len += sprintf(buffer + len, " %s %u,",
01422 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01423 sub_desc_p[i].subj_id);
01424 pos = begin + len;
01425 if (pos < offset)
01426 {
01427 len = 0;
01428 begin = pos;
01429 }
01430 if (pos > offset+length)
01431 {
01432 rsbac_vfree(sub_desc_p);
01433 goto out;
01434 }
01435 }
01436 rsbac_vfree(sub_desc_p);
01437 }
01438 #endif
01439
01440 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
01441
01442 len += sprintf(buffer + len, "\nDefault Network Template NT ACL: %li members:",
01443 rsbac_list_count(default_nettemp_nt_handle));
01444 pos = begin + len;
01445 if (pos < offset)
01446 {
01447 len = 0;
01448 begin = pos;
01449 }
01450 if (pos > offset+length)
01451 goto out;
01452 tmp_count = rsbac_list_get_all_desc(default_nettemp_nt_handle, (void **) &sub_desc_p);
01453 if(tmp_count > 0)
01454 {
01455 for(i=0; i<tmp_count; i++)
01456 {
01457 len += sprintf(buffer + len, " %s %u,",
01458 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01459 sub_desc_p[i].subj_id);
01460 pos = begin + len;
01461 if (pos < offset)
01462 {
01463 len = 0;
01464 begin = pos;
01465 }
01466 if (pos > offset+length)
01467 {
01468 rsbac_vfree(sub_desc_p);
01469 goto out;
01470 }
01471 }
01472 rsbac_vfree(sub_desc_p);
01473 }
01474
01475 len += sprintf(buffer + len, "\nDefault Network Object ACL: %li members:",
01476 rsbac_list_count(default_netobj_handle));
01477 pos = begin + len;
01478 if (pos < offset)
01479 {
01480 len = 0;
01481 begin = pos;
01482 }
01483 if (pos > offset+length)
01484 goto out;
01485 tmp_count = rsbac_list_get_all_desc(default_netobj_handle, (void **) &sub_desc_p);
01486 if(tmp_count > 0)
01487 {
01488 for(i=0; i<tmp_count; i++)
01489 {
01490 len += sprintf(buffer + len, " %s %u,",
01491 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01492 sub_desc_p[i].subj_id);
01493 pos = begin + len;
01494 if (pos < offset)
01495 {
01496 len = 0;
01497 begin = pos;
01498 }
01499 if (pos > offset+length)
01500 {
01501 rsbac_vfree(sub_desc_p);
01502 goto out;
01503 }
01504 }
01505 rsbac_vfree(sub_desc_p);
01506 }
01507 #endif
01508
01509 len += sprintf(buffer + len, "\n\nFile/Dir/Fifo/Symlink ACLs:\n");
01510 pos = begin + len;
01511 if (pos < offset)
01512 {
01513 len = 0;
01514 begin = pos;
01515 }
01516 if (pos > offset+length)
01517 goto out;
01518
01519
01520 rsbac_read_lock(&device_list_head.lock, &dflags);
01521 device_p = device_list_head.head;
01522 while(device_p)
01523 {
01524
01525 count = 0;
01526 member_count = 0;
01527 len += sprintf(buffer + len, "\nDevice %02u:%02u\n inode count mask+members",
01528 RSBAC_MAJOR(device_p->id),
01529 RSBAC_MINOR(device_p->id));
01530 pos = begin + len;
01531 if (pos < offset)
01532 {
01533 len = 0;
01534 begin = pos;
01535 }
01536 if (pos > offset+length)
01537 {
01538 rsbac_read_unlock(&device_list_head.lock, &dflags);
01539 goto out;
01540 }
01541 for(i=0; i<RSBAC_ACL_NR_FD_LISTS; i++)
01542 {
01543 tmp_count = rsbac_list_lol_get_all_desc(device_p->handles[i], (void **) &fd_desc_p);
01544 if(tmp_count > 0)
01545 {
01546 for(j=0; j<tmp_count; j++)
01547 {
01548 len += sprintf(buffer + len, "\n%6u\t %li\t",
01549 fd_desc_p[j],
01550 rsbac_list_lol_subcount(device_p->handles[i], &fd_desc_p[j]));
01551 pos = begin + len;
01552 if (pos < offset)
01553 {
01554 len = 0;
01555 begin = pos;
01556 }
01557 if (pos > offset+length)
01558 {
01559 rsbac_vfree(fd_desc_p);
01560 rsbac_read_unlock(&device_list_head.lock, &dflags);
01561 goto out;
01562 }
01563 if(!rsbac_list_lol_get_data(device_p->handles[i], &fd_desc_p[j], &rights))
01564 {
01565 len += sprintf(buffer + len, "%s\n\t\t",
01566 u64tostracl(tmp1, rights));
01567 pos = begin + len;
01568 if (pos < offset)
01569 {
01570 len = 0;
01571 begin = pos;
01572 }
01573 if (pos > offset+length)
01574 {
01575 rsbac_vfree(fd_desc_p);
01576 rsbac_read_unlock(&device_list_head.lock, &dflags);
01577 goto out;
01578 }
01579 }
01580
01581 tmp_sub_count = rsbac_list_lol_get_all_subdesc(device_p->handles[i], &fd_desc_p[j], (void **) &sub_desc_p);
01582 if(tmp_sub_count > 0)
01583 {
01584 for(k=0; k<tmp_sub_count; k++)
01585 {
01586 len += sprintf(buffer + len, "%s %u, ",
01587 get_acl_subject_type_name(tmp1, sub_desc_p[k].subj_type),
01588 sub_desc_p[k].subj_id);
01589 pos = begin + len;
01590 if (pos < offset)
01591 {
01592 len = 0;
01593 begin = pos;
01594 }
01595 if (pos > offset+length)
01596 {
01597 rsbac_vfree(sub_desc_p);
01598 rsbac_vfree(fd_desc_p);
01599 rsbac_read_unlock(&device_list_head.lock, &dflags);
01600 goto out;
01601 }
01602 }
01603 rsbac_vfree(sub_desc_p);
01604 member_count += tmp_sub_count;
01605 }
01606 }
01607 count += tmp_count;
01608 rsbac_vfree(fd_desc_p);
01609 }
01610 }
01611 len += sprintf(buffer + len, "\n%u file ACLs, sum of %u members\n",
01612 count,member_count);
01613 pos = begin + len;
01614 if (pos < offset)
01615 {
01616 len = 0;
01617 begin = pos;
01618 }
01619 if (pos > offset+length)
01620 {
01621 rsbac_read_unlock(&device_list_head.lock, &dflags);
01622 goto out;
01623 }
01624 device_p = device_p->next;
01625 }
01626
01627 rsbac_read_unlock(&device_list_head.lock, &dflags);
01628
01629
01630 len += sprintf(buffer + len, "\nDevice ACLs:\ntype+id count mask+members");
01631 pos = begin + len;
01632 if (pos < offset)
01633 {
01634 len = 0;
01635 begin = pos;
01636 }
01637 if (pos > offset+length)
01638 goto out;
01639
01640 member_count = 0;
01641 tmp_count = rsbac_list_lol_get_all_desc(dev_handle, (void **) &dev_desc_p);
01642 if(tmp_count > 0)
01643 {
01644 for(i=0; i<tmp_count; i++)
01645 {
01646 if(!rsbac_list_lol_get_data(dev_handle, &dev_desc_p[i], &rights))
01647 {
01648 len += sprintf(buffer + len, "\n%c%02u:%02u\t %3li\t%s\n\t\t",
01649 'B' + dev_desc_p[i].type,
01650 dev_desc_p[i].major,
01651 dev_desc_p[i].minor,
01652 rsbac_list_lol_subcount(dev_handle, &dev_desc_p[i]),
01653 u64tostracl(tmp1, rights));
01654 pos = begin + len;
01655 if (pos < offset)
01656 {
01657 len = 0;
01658 begin = pos;
01659 }
01660 if (pos > offset+length)
01661 {
01662 rsbac_vfree(dev_desc_p);
01663 goto out;
01664 }
01665 }
01666 tmp_sub_count = rsbac_list_lol_get_all_subdesc(dev_handle, &dev_desc_p[i], (void **) &sub_desc_p);
01667 if(tmp_sub_count > 0)
01668 {
01669 for(j=0; j<tmp_sub_count; j++)
01670 {
01671 len += sprintf(buffer + len, "%s %u, ",
01672 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01673 sub_desc_p[j].subj_id);
01674 pos = begin + len;
01675 if (pos < offset)
01676 {
01677 len = 0;
01678 begin = pos;
01679 }
01680 if (pos > offset+length)
01681 {
01682 rsbac_vfree(sub_desc_p);
01683 rsbac_vfree(dev_desc_p);
01684 goto out;
01685 }
01686 }
01687 rsbac_vfree(sub_desc_p);
01688 member_count += tmp_sub_count;
01689 }
01690 }
01691 rsbac_vfree(dev_desc_p);
01692 };
01693 len += sprintf(buffer + len, "\n\n%i device ACL items, sum of %u members\n",
01694 tmp_count, member_count);
01695 pos = begin + len;
01696 if (pos < offset)
01697 {
01698 len = 0;
01699 begin = pos;
01700 }
01701 if (pos > offset+length)
01702 goto out;
01703
01704
01705 member_count = 0;
01706 len += sprintf(buffer + len, "\nSCD ACLs:\nname count mask+members");
01707 pos = begin + len;
01708 if (pos < offset)
01709 {
01710 len = 0;
01711 begin = pos;
01712 }
01713 if (pos > offset+length)
01714 goto out;
01715
01716 tmp_count = rsbac_list_lol_get_all_desc(scd_handle, (void **) &scd_desc_p);
01717 if(tmp_count > 0)
01718 {
01719 for(i=0; i<tmp_count; i++)
01720 {
01721 if(!rsbac_list_lol_get_data(scd_handle, &scd_desc_p[i], &rights))
01722 {
01723 len += sprintf(buffer + len, "\n%-16s %3li\t%s\n\t\t\t",
01724 get_acl_scd_type_name(tmp1, scd_desc_p[i]),
01725 rsbac_list_lol_subcount(scd_handle, &scd_desc_p[i]),
01726 u64tostracl(tmp2, rights));
01727 pos = begin + len;
01728 if (pos < offset)
01729 {
01730 len = 0;
01731 begin = pos;
01732 }
01733 if (pos > offset+length)
01734 {
01735 rsbac_vfree(scd_desc_p);
01736 goto out;
01737 }
01738 }
01739 tmp_sub_count = rsbac_list_lol_get_all_subdesc(scd_handle, &scd_desc_p[i], (void **) &sub_desc_p);
01740 if(tmp_sub_count > 0)
01741 {
01742 for(j=0; j<tmp_sub_count; j++)
01743 {
01744 len += sprintf(buffer + len, "%s %u, ",
01745 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01746 sub_desc_p[j].subj_id);
01747 pos = begin + len;
01748 if (pos < offset)
01749 {
01750 len = 0;
01751 begin = pos;
01752 }
01753 if (pos > offset+length)
01754 {
01755 rsbac_vfree(sub_desc_p);
01756 rsbac_vfree(scd_desc_p);
01757 goto out;
01758 }
01759 }
01760 rsbac_vfree(sub_desc_p);
01761 member_count += tmp_sub_count;
01762 }
01763 }
01764 rsbac_vfree(scd_desc_p);
01765 };
01766 len += sprintf(buffer + len, "\n\n%u SCD ACL items, sum of %u members\n",
01767 tmp_count, member_count);
01768 pos = begin + len;
01769 if (pos < offset)
01770 {
01771 len = 0;
01772 begin = pos;
01773 }
01774 if (pos > offset+length)
01775 goto out;
01776
01777
01778 len += sprintf(buffer + len, "\nUser ACLs:\nuid count mask+members");
01779 pos = begin + len;
01780 if (pos < offset)
01781 {
01782 len = 0;
01783 begin = pos;
01784 }
01785 if (pos > offset+length)
01786 goto out;
01787
01788 member_count = 0;
01789 tmp_count = rsbac_list_lol_get_all_desc(u_handle, (void **) &u_desc_p);
01790 if(tmp_count > 0)
01791 {
01792 for(i=0; i<tmp_count; i++)
01793 {
01794 if(!rsbac_list_lol_get_data(u_handle, &u_desc_p[i], &rights))
01795 {
01796 len += sprintf(buffer + len, "\n%u\t %3li\t%s\n\t\t",
01797 u_desc_p[i],
01798 rsbac_list_lol_subcount(u_handle, &u_desc_p[i]),
01799 u64tostracl(tmp1, rights));
01800 pos = begin + len;
01801 if (pos < offset)
01802 {
01803 len = 0;
01804 begin = pos;
01805 }
01806 if (pos > offset+length)
01807 {
01808 rsbac_vfree(dev_desc_p);
01809 goto out;
01810 }
01811 }
01812 tmp_sub_count = rsbac_list_lol_get_all_subdesc(u_handle, &u_desc_p[i], (void **) &sub_desc_p);
01813 if(tmp_sub_count > 0)
01814 {
01815 for(j=0; j<tmp_sub_count; j++)
01816 {
01817 len += sprintf(buffer + len, "%s %u, ",
01818 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01819 sub_desc_p[j].subj_id);
01820 pos = begin + len;
01821 if (pos < offset)
01822 {
01823 len = 0;
01824 begin = pos;
01825 }
01826 if (pos > offset+length)
01827 {
01828 rsbac_vfree(sub_desc_p);
01829 rsbac_vfree(dev_desc_p);
01830 goto out;
01831 }
01832 }
01833 rsbac_vfree(sub_desc_p);
01834 member_count += tmp_sub_count;
01835 }
01836 }
01837 rsbac_vfree(u_desc_p);
01838 }
01839 len += sprintf(buffer + len, "\n\n%i user ACL items, sum of %u members\n",
01840 tmp_count, member_count);
01841 pos = begin + len;
01842 if (pos < offset)
01843 {
01844 len = 0;
01845 begin = pos;
01846 }
01847 if (pos > offset+length)
01848 goto out;
01849
01850 #ifdef CONFIG_RSBAC_ACL_UM_PROT
01851
01852 len += sprintf(buffer + len, "\nLinux group ACLs:\ngid count mask+members");
01853 pos = begin + len;
01854 if (pos < offset)
01855 {
01856 len = 0;
01857 begin = pos;
01858 }
01859 if (pos > offset+length)
01860 goto out;
01861
01862 member_count = 0;
01863 tmp_count = rsbac_list_lol_get_all_desc(g_handle, (void **) &g_desc_p);
01864 if(tmp_count > 0)
01865 {
01866 for(i=0; i<tmp_count; i++)
01867 {
01868 if(!rsbac_list_lol_get_data(g_handle, &g_desc_p[i], &rights))
01869 {
01870 len += sprintf(buffer + len, "\n%u\t %3li\t%s\n\t\t",
01871 g_desc_p[i],
01872 rsbac_list_lol_subcount(g_handle, &g_desc_p[i]),
01873 u64tostracl(tmp1, rights));
01874 pos = begin + len;
01875 if (pos < offset)
01876 {
01877 len = 0;
01878 begin = pos;
01879 }
01880 if (pos > offset+length)
01881 {
01882 rsbac_vfree(dev_desc_p);
01883 goto out;
01884 }
01885 }
01886 tmp_sub_count = rsbac_list_lol_get_all_subdesc(g_handle, &g_desc_p[i], (void **) &sub_desc_p);
01887 if(tmp_sub_count > 0)
01888 {
01889 for(j=0; j<tmp_sub_count; j++)
01890 {
01891 len += sprintf(buffer + len, "%s %u, ",
01892 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01893 sub_desc_p[j].subj_id);
01894 pos = begin + len;
01895 if (pos < offset)
01896 {
01897 len = 0;
01898 begin = pos;
01899 }
01900 if (pos > offset+length)
01901 {
01902 rsbac_vfree(sub_desc_p);
01903 rsbac_vfree(dev_desc_p);
01904 goto out;
01905 }
01906 }
01907 rsbac_vfree(sub_desc_p);
01908 member_count += tmp_sub_count;
01909 }
01910 }
01911 rsbac_vfree(g_desc_p);
01912 }
01913 len += sprintf(buffer + len, "\n\n%i Linux group ACL items, sum of %u members\n",
01914 tmp_count, member_count);
01915 pos = begin + len;
01916 if (pos < offset)
01917 {
01918 len = 0;
01919 begin = pos;
01920 }
01921 if (pos > offset+length)
01922 goto out;
01923 #endif
01924
01925 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
01926
01927 len += sprintf(buffer + len, "\nNetwork Device ACLs:\nname\t\t count mask+members");
01928 pos = begin + len;
01929 if (pos < offset)
01930 {
01931 len = 0;
01932 begin = pos;
01933 }
01934 if (pos > offset+length)
01935 goto out;
01936
01937 member_count = 0;
01938 tmp_count = rsbac_list_lol_get_all_desc(netdev_handle, (void **) &netdev_desc_p);
01939 if(tmp_count > 0)
01940 {
01941 for(i=0; i<tmp_count; i++)
01942 {
01943 if(!rsbac_list_lol_get_data(netdev_handle, &netdev_desc_p[i], &rights))
01944 {
01945 len += sprintf(buffer + len, "\n%-16s %3li\t %s\n\t\t",
01946 netdev_desc_p[i],
01947 rsbac_list_lol_subcount(netdev_handle, &netdev_desc_p[i]),
01948 u64tostracl(tmp1, rights));
01949 pos = begin + len;
01950 if (pos < offset)
01951 {
01952 len = 0;
01953 begin = pos;
01954 }
01955 if (pos > offset+length)
01956 {
01957 rsbac_vfree(netdev_desc_p);
01958 goto out;
01959 }
01960 }
01961 tmp_sub_count = rsbac_list_lol_get_all_subdesc(netdev_handle, &netdev_desc_p[i], (void **) &sub_desc_p);
01962 if(tmp_sub_count > 0)
01963 {
01964 for(j=0; j<tmp_sub_count; j++)
01965 {
01966 len += sprintf(buffer + len, "%s %u, ",
01967 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01968 sub_desc_p[j].subj_id);
01969 pos = begin + len;
01970 if (pos < offset)
01971 {
01972 len = 0;
01973 begin = pos;
01974 }
01975 if (pos > offset+length)
01976 {
01977 rsbac_vfree(sub_desc_p);
01978 rsbac_vfree(netdev_desc_p);
01979 goto out;
01980 }
01981 }
01982 rsbac_vfree(sub_desc_p);
01983 member_count += tmp_sub_count;
01984 }
01985 }
01986 rsbac_vfree(netdev_desc_p);
01987 };
01988 len += sprintf(buffer + len, "\n\n%i network device ACL items, sum of %u members\n",
01989 tmp_count, member_count);
01990 pos = begin + len;
01991 if (pos < offset)
01992 {
01993 len = 0;
01994 begin = pos;
01995 }
01996 if (pos > offset+length)
01997 goto out;
01998 #endif
01999
02000 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
02001
02002 len += sprintf(buffer + len, "\nNetwork Template NT (template protection) ACLs:\nTemplate count mask+members");
02003 pos = begin + len;
02004 if (pos < offset)
02005 {
02006 len = 0;
02007 begin = pos;
02008 }
02009 if (pos > offset+length)
02010 goto out;
02011
02012 member_count = 0;
02013 tmp_count = rsbac_list_lol_get_all_desc(nettemp_nt_handle, (void **) &nettemp_desc_p);
02014 if(tmp_count > 0)
02015 {
02016 for(i=0; i<tmp_count; i++)
02017 {
02018 if(!rsbac_list_lol_get_data(nettemp_nt_handle, &nettemp_desc_p[i], &rights))
02019 {
02020 len += sprintf(buffer + len, "\n%10u %3li\t%s\n\t\t",
02021 nettemp_desc_p[i],
02022 rsbac_list_lol_subcount(nettemp_nt_handle, &nettemp_desc_p[i]),
02023 u64tostracl(tmp1, rights));
02024 pos = begin + len;
02025 if (pos < offset)
02026 {
02027 len = 0;
02028 begin = pos;
02029 }
02030 if (pos > offset+length)
02031 {
02032 rsbac_vfree(nettemp_desc_p);
02033 goto out;
02034 }
02035 }
02036 tmp_sub_count = rsbac_list_lol_get_all_subdesc(nettemp_nt_handle, &nettemp_desc_p[i], (void **) &sub_desc_p);
02037 if(tmp_sub_count > 0)
02038 {
02039 for(j=0; j<tmp_sub_count; j++)
02040 {
02041 len += sprintf(buffer + len, "%s %u, ",
02042 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
02043 sub_desc_p[j].subj_id);
02044 pos = begin + len;
02045 if (pos < offset)
02046 {
02047 len = 0;
02048 begin = pos;
02049 }
02050 if (pos > offset+length)
02051 {
02052 rsbac_vfree(sub_desc_p);
02053 rsbac_vfree(nettemp_desc_p);
02054 goto out;
02055 }
02056 }
02057 rsbac_vfree(sub_desc_p);
02058 member_count += tmp_sub_count;
02059 }
02060 }
02061 rsbac_vfree(nettemp_desc_p);
02062 };
02063 len += sprintf(buffer + len, "\n\n%i network template NT ACL items, sum of %u members\n",
02064 tmp_count, member_count);
02065 pos = begin + len;
02066 if (pos < offset)
02067 {
02068 len = 0;
02069 begin = pos;
02070 }
02071 if (pos > offset+length)
02072 goto out;
02073
02074
02075 len += sprintf(buffer + len, "\nNetwork Template (netobj protection) ACLs:\nTemplate count mask+members");
02076 pos = begin + len;
02077 if (pos < offset)
02078 {
02079 len = 0;
02080 begin = pos;
02081 }
02082 if (pos > offset+length)
02083 goto out;
02084
02085 member_count = 0;
02086 tmp_count = rsbac_list_lol_get_all_desc(nettemp_handle, (void **) &nettemp_desc_p);
02087 if(tmp_count > 0)
02088 {
02089 for(i=0; i<tmp_count; i++)
02090 {
02091 if(!rsbac_list_lol_get_data(nettemp_handle, &nettemp_desc_p[i], &rights))
02092 {
02093 len += sprintf(buffer + len, "\n%10u %3li\t%s\n\t\t",
02094 nettemp_desc_p[i],
02095 rsbac_list_lol_subcount(nettemp_handle, &nettemp_desc_p[i]),
02096 u64tostracl(tmp1, rights));
02097 pos = begin + len;
02098 if (pos < offset)
02099 {
02100 len = 0;
02101 begin = pos;
02102 }
02103 if (pos > offset+length)
02104 {
02105 rsbac_vfree(nettemp_desc_p);
02106 goto out;
02107 }
02108 }
02109 tmp_sub_count = rsbac_list_lol_get_all_subdesc(nettemp_handle, &nettemp_desc_p[i], (void **) &sub_desc_p);
02110 if(tmp_sub_count > 0)
02111 {
02112 for(j=0; j<tmp_sub_count; j++)
02113 {
02114 len += sprintf(buffer + len, "%s %u, ",
02115 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
02116 sub_desc_p[j].subj_id);
02117 pos = begin + len;
02118 if (pos < offset)
02119 {
02120 len = 0;
02121 begin = pos;
02122 }
02123 if (pos > offset+length)
02124 {
02125 rsbac_vfree(sub_desc_p);
02126 rsbac_vfree(nettemp_desc_p);
02127 goto out;
02128 }
02129 }
02130 rsbac_vfree(sub_desc_p);
02131 member_count += tmp_sub_count;
02132 }
02133 }
02134 rsbac_vfree(nettemp_desc_p);
02135 };
02136 len += sprintf(buffer + len, "\n\n%i network template ACL items, sum of %u members\n",
02137 tmp_count, member_count);
02138 pos = begin + len;
02139 if (pos < offset)
02140 {
02141 len = 0;
02142 begin = pos;
02143 }
02144 if (pos > offset+length)
02145 goto out;
02146
02147
02148 len += sprintf(buffer + len, "\nNetwork Object ACLs:\nObject-ID count mask+members");
02149 pos = begin + len;
02150 if (pos < offset)
02151 {
02152 len = 0;
02153 begin = pos;
02154 }
02155 if (pos > offset+length)
02156 goto out;
02157
02158 member_count = 0;
02159 tmp_count = rsbac_list_lol_get_all_desc(netobj_handle, (void **) &netobj_desc_p);
02160 if(tmp_count > 0)
02161 {
02162 for(i=0; i<tmp_count; i++)
02163 {
02164 if(!rsbac_list_lol_get_data(netobj_handle, &netobj_desc_p[i], &rights))
02165 {
02166 len += sprintf(buffer + len, "\n%p %3li\t%s\n\t\t",
02167 netobj_desc_p[i],
02168 rsbac_list_lol_subcount(netobj_handle, &netobj_desc_p[i]),
02169 u64tostracl(tmp1, rights));
02170 pos = begin + len;
02171 if (pos < offset)
02172 {
02173 len = 0;
02174 begin = pos;
02175 }
02176 if (pos > offset+length)
02177 {
02178 rsbac_vfree(netobj_desc_p);
02179 goto out;
02180 }
02181 }
02182 tmp_sub_count = rsbac_list_lol_get_all_subdesc(netobj_handle, &netobj_desc_p[i], (void **) &sub_desc_p);
02183 if(tmp_sub_count > 0)
02184 {
02185 for(j=0; j<tmp_sub_count; j++)
02186 {
02187 len += sprintf(buffer + len, "%s %u, ",
02188 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
02189 sub_desc_p[j].subj_id);
02190 pos = begin + len;
02191 if (pos < offset)
02192 {
02193 len = 0;
02194 begin = pos;
02195 }
02196 if (pos > offset+length)
02197 {
02198 rsbac_vfree(sub_desc_p);
02199 rsbac_vfree(netobj_desc_p);
02200 goto out;
02201 }
02202 }
02203 rsbac_vfree(sub_desc_p);
02204 member_count += tmp_sub_count;
02205 }
02206 }
02207 rsbac_vfree(netobj_desc_p);
02208 };
02209 len += sprintf(buffer + len, "\n\n%i network object ACL items, sum of %u members\n",
02210 tmp_count, member_count);
02211 pos = begin + len;
02212 if (pos < offset)
02213 {
02214 len = 0;
02215 begin = pos;
02216 }
02217 if (pos > offset+length)
02218 goto out;
02219 #endif
02220
02221 out:
02222 *start = buffer + (offset - begin);
02223 len -= (offset - begin);
02224
02225 if (len > length)
02226 len = length;
02227 return len;
02228 }
02229
02230 static int
02231 acl_grouplist_proc_info(char *buffer, char **start, off_t offset, int length)
02232 {
02233 u_int len = 0;
02234 off_t pos = 0;
02235 off_t begin = 0;
02236
02237 char type;
02238 int count, sub_count;
02239 int i,j;
02240 u_int member_count = 0;
02241 struct rsbac_acl_group_entry_t * entry_p;
02242 rsbac_uid_t * user_p;
02243 rsbac_acl_group_id_t * group_p;
02244 rsbac_time_t * ttl_p;
02245
02246 union rsbac_target_id_t rsbac_target_id;
02247 union rsbac_attribute_value_t rsbac_attribute_value;
02248
02249 if (!rsbac_is_initialized())
02250 {
02251 #ifdef CONFIG_RSBAC_RMSG
02252 rsbac_printk(KERN_WARNING "acl_grouplist_proc_info(): RSBAC not initialized\n");
02253 #endif
02254 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02255 if (!rsbac_nosyslog)
02256 #endif
02257 printk(KERN_WARNING "acl_grouplist_proc_info(): RSBAC not initialized\n");
02258 return(-RSBAC_ENOTINITIALIZED);
02259 }
02260 #ifdef CONFIG_RSBAC_DEBUG
02261 if (rsbac_debug_aef_acl)
02262 {
02263 #ifdef CONFIG_RSBAC_RMSG
02264 rsbac_printk(KERN_DEBUG "acl_grouplist_proc_info(): calling ADF\n");
02265 #endif
02266 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02267 if (!rsbac_nosyslog)
02268 #endif
02269 printk(KERN_DEBUG "acl_grouplist_proc_info(): calling ADF\n");
02270 }
02271 #endif
02272 rsbac_target_id.scd = ST_rsbac;
02273 rsbac_attribute_value.dummy = 0;
02274 if (!rsbac_adf_request(R_GET_STATUS_DATA,
02275 current->pid,
02276 T_SCD,
02277 rsbac_target_id,
02278 A_none,
02279 rsbac_attribute_value))
02280 {
02281 return -EPERM;
02282 }
02283
02284 len += sprintf(buffer, "ACL Groups\n----------\n");
02285
02286
02287 len += sprintf(buffer + len, "Group list: %li groups, last new is %u\nID\ttype name\t\towner\n",
02288 rsbac_list_count(group_handle), group_last_new);
02289 pos = begin + len;
02290 if (pos < offset)
02291 {
02292 len = 0;
02293 begin = pos;
02294 }
02295 if (pos > offset+length)
02296 {
02297 goto out;
02298 }
02299
02300 count = rsbac_list_get_all_data(group_handle, (void **) &entry_p);
02301 if(count > 0)
02302 {
02303 for(i=0; i<count; i++)
02304 {
02305 if(entry_p[i].type == ACLG_GLOBAL)
02306 type = 'G';
02307 else
02308 type = 'P';
02309 len += sprintf(buffer + len, "%u\t%c %-18s %u\n",
02310 entry_p[i].id,
02311 type,
02312 entry_p[i].name,
02313 entry_p[i].owner);
02314 pos = begin + len;
02315 if (pos < offset)
02316 {
02317 len = 0;
02318 begin = pos;
02319 }
02320 if (pos > offset+length)
02321 {
02322 rsbac_vfree(entry_p);
02323 goto out;
02324 }
02325 }
02326 rsbac_vfree(entry_p);
02327 }
02328
02329
02330 member_count = 0;
02331 len += sprintf(buffer + len, "\nGroup memberships:\nuser count\tgroups");
02332 pos = begin + len;
02333 if (pos < offset)
02334 {
02335 len = 0;
02336 begin = pos;
02337 }
02338 if (pos > offset+length)
02339 {
02340 goto out;
02341 }
02342
02343 count = rsbac_list_lol_get_all_desc(gm_handle, (void **) &user_p);
02344 if(count > 0)
02345 {
02346 for(i=0; i<count; i++)
02347 {
02348 sub_count = rsbac_list_lol_get_all_subdesc_ttl(gm_handle,
02349 &user_p[i],
02350 (void **) &group_p,
02351 &ttl_p);
02352 len += sprintf(buffer + len, "\n%u\t%i\t",
02353 user_p[i],
02354 sub_count);
02355 pos = begin + len;
02356 if (pos < offset)
02357 {
02358 len = 0;
02359 begin = pos;
02360 }
02361 if (pos > offset+length)
02362 {
02363 rsbac_vfree(user_p);
02364 goto out;
02365 }
02366
02367 if(sub_count > 0)
02368 {
02369 for(j=0; j<sub_count; j++)
02370 {
02371 if(ttl_p[j])
02372 len += sprintf(buffer + len, "%u(ttl:%i) ",
02373 group_p[j], ttl_p[j]);
02374 else
02375 len += sprintf(buffer + len, "%u ",
02376 group_p[j]);
02377 pos = begin + len;
02378 if (pos < offset)
02379 {
02380 len = 0;
02381 begin = pos;
02382 }
02383 if (pos > offset+length)
02384 {
02385 rsbac_vfree(group_p);
02386 rsbac_vfree(user_p);
02387 goto out;
02388 }
02389 }
02390 member_count+=sub_count;
02391 rsbac_vfree(group_p);
02392 rsbac_vfree(ttl_p);
02393 }
02394 }
02395 rsbac_vfree(user_p);
02396 }
02397 len += sprintf(buffer + len, "\n\n%u user items, sum of %u memberships\n",
02398 count,member_count);
02399 pos = begin + len;
02400 if (pos < offset)
02401 {
02402 len = 0;
02403 begin = pos;
02404 }
02405 if (pos > offset+length)
02406 goto out;
02407
02408 out:
02409 *start = buffer + (offset - begin);
02410 len -= (offset - begin);
02411
02412 if (len > length)
02413 len = length;
02414 return len;
02415 }
02416
02417 #endif
02418
02419
02420
02421
02422
02423
02424
02425
02426
02427
02428
02429
02430
02431
02432 #ifdef CONFIG_RSBAC_INIT_DELAY
02433 static void registration_error(int err, char * listname)
02434 #else
02435 static void __init registration_error(int err, char * listname)
02436 #endif
02437 {
02438 if(err)
02439 {
02440 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02441
02442 if(tmp)
02443 {
02444 #ifdef CONFIG_RSBAC_RMSG
02445 rsbac_printk(KERN_WARNING
02446 "rsbac_init_acl(): Registering ACL %s list failed with error %s\n",
02447 listname,
02448 get_error_name(tmp, err));
02449 #endif
02450 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02451 if (!rsbac_nosyslog)
02452 #endif
02453 printk(KERN_WARNING
02454 "rsbac_init_acl(): Registering ACL %s list failed with error %s\n",
02455 listname,
02456 get_error_name(tmp, err));
02457 rsbac_kfree(tmp);
02458 }
02459 }
02460 }
02461
02462
02463
02464
02465 #ifdef CONFIG_RSBAC_INIT_DELAY
02466 int rsbac_init_acl(void)
02467 #else
02468 int __init rsbac_init_acl(void)
02469 #endif
02470 {
02471 int err = 0;
02472 struct rsbac_acl_device_list_item_t * device_p = NULL;
02473 char tmp[80];
02474 u_long flags;
02475 struct proc_dir_entry * tmp_entry_p;
02476 struct rsbac_list_lol_info_t lol_info;
02477 struct rsbac_list_info_t list_info;
02478 rsbac_acl_rights_vector_t def_mask;
02479
02480 if (rsbac_is_initialized())
02481 {
02482 printk(KERN_WARNING "rsbac_init_acl(): RSBAC already initialized\n");
02483 return(-RSBAC_EREINIT);
02484 }
02485
02486
02487 #ifdef CONFIG_RSBAC_RMSG
02488 rsbac_printk(KERN_INFO "rsbac_init_acl(): Initializing RSBAC: ACL subsystem\n");
02489 #endif
02490 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02491 if (!rsbac_nosyslog)
02492 #endif
02493 printk(KERN_INFO "rsbac_init_acl(): Initializing RSBAC: ACL subsystem\n");
02494
02495
02496 device_list_head.lock = RW_LOCK_UNLOCKED;
02497 device_list_head.head = NULL;
02498 device_list_head.tail = NULL;
02499 device_list_head.curr = NULL;
02500 device_list_head.count = 0;
02501
02502
02503 #ifdef CONFIG_RSBAC_DEBUG
02504 if (rsbac_debug_ds_acl)
02505 {
02506 #ifdef CONFIG_RSBAC_RMSG
02507 rsbac_printk(KERN_DEBUG "rsbac_init_acl(): Registering lists\n");
02508 #endif
02509 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02510 if (!rsbac_nosyslog)
02511 #endif
02512 printk(KERN_DEBUG "rsbac_init_acl(): Registering lists\n");
02513 }
02514 #endif
02515 device_p = create_device_item(rsbac_root_dev);
02516 if (!device_p)
02517 {
02518 #ifdef CONFIG_RSBAC_RMSG
02519 rsbac_printk(KERN_CRIT "rsbac_init_acl(): Could not create device!\n");
02520 #endif
02521 printk(KERN_CRIT "rsbac_init_acl(): Could not create device!\n");
02522 return(-RSBAC_ECOULDNOTADDDEVICE);
02523 }
02524 if((err = acl_register_fd_lists(device_p,rsbac_root_dev)))
02525 {
02526 #ifdef CONFIG_RSBAC_RMSG
02527 rsbac_printk(KERN_WARNING
02528 "rsbac_init_acl(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
02529 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err));
02530 #endif
02531 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02532 if (!rsbac_nosyslog)
02533 #endif
02534 printk(KERN_WARNING
02535 "rsbac_init_acl(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
02536 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err));
02537 }
02538
02539 rsbac_write_lock_irq(&device_list_head.lock, &flags);
02540 device_p = add_device_item(device_p);
02541
02542 rsbac_write_unlock_irq(&device_list_head.lock, &flags);
02543 if (!device_p)
02544 {
02545 #ifdef CONFIG_RSBAC_RMSG
02546 rsbac_printk(KERN_CRIT "rsbac_init_acl(): Could not add device!\n");
02547 #endif
02548 printk(KERN_CRIT "rsbac_init_acl(): Could not add device!\n");
02549 return(-RSBAC_ECOULDNOTADDDEVICE);
02550 }
02551
02552 list_info.version = RSBAC_ACL_DEF_FD_LIST_VERSION;
02553 list_info.key = RSBAC_ACL_LIST_KEY;
02554 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02555 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02556 list_info.max_age = 0;
02557 err = rsbac_list_register(RSBAC_LIST_VERSION,
02558 &default_fd_handle,
02559 &list_info,
02560 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02561 RSBAC_LIST_BACKUP |
02562 #endif
02563 RSBAC_LIST_PERSIST,
02564 entry_compare,
02565 def_fd_get_conv,
02566 NULL,
02567 RSBAC_ACL_DEF_FD_FILENAME,
02568 RSBAC_AUTO_DEV);
02569 if(err)
02570 {
02571 registration_error(err, "default fd");
02572 }
02573 if(!rsbac_no_defaults && !rsbac_list_count(default_fd_handle))
02574 {
02575 struct rsbac_acl_entry_desc_t desc;
02576 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_FD_ENTRY;
02577 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_FD_ENTRY;
02578 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_FD_ENTRY;
02579
02580 #ifdef CONFIG_RSBAC_RMSG
02581 rsbac_printk(KERN_WARNING
02582 "rsbac_init_acl(): File/Dir default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02583 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02584 #endif
02585 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02586 if (!rsbac_nosyslog)
02587 #endif
02588 printk(KERN_WARNING
02589 "rsbac_init_acl(): File/Dir default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02590 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02591 desc.subj_type = acman_entry.subj_type;
02592 desc.subj_id = acman_entry.subj_id;
02593 rsbac_list_add(default_fd_handle, &desc, &acman_entry.rights);
02594 desc.subj_type = sysadm_entry.subj_type;
02595 desc.subj_id = sysadm_entry.subj_id;
02596 rsbac_list_add(default_fd_handle, &desc, &sysadm_entry.rights);
02597 desc.subj_type = gen_entry.subj_type;
02598 desc.subj_id = gen_entry.subj_id;
02599 rsbac_list_add(default_fd_handle, &desc, &gen_entry.rights);
02600 }
02601
02602 lol_info.version = RSBAC_ACL_DEV_LIST_VERSION;
02603 lol_info.key = RSBAC_ACL_LIST_KEY;
02604 lol_info.desc_size = sizeof(struct rsbac_dev_desc_t);
02605 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02606 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
02607 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
02608 lol_info.max_age = 0;
02609 def_mask=RSBAC_ACL_DEFAULT_DEV_MASK;
02610 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02611 &dev_handle,
02612 &lol_info,
02613 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02614 RSBAC_LIST_BACKUP |
02615 #endif
02616 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
02617 dev_compare,
02618 entry_compare,
02619 dev_get_conv,
02620 dev_get_subconv,
02621 &def_mask,
02622 NULL,
02623 RSBAC_ACL_DEV_FILENAME,
02624 RSBAC_AUTO_DEV);
02625 if(err)
02626 {
02627 registration_error(err, "dev");
02628 }
02629 list_info.version = RSBAC_ACL_DEF_DEV_LIST_VERSION;
02630 list_info.key = RSBAC_ACL_LIST_KEY;
02631 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02632 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02633 list_info.max_age = 0;
02634 err = rsbac_list_register(RSBAC_LIST_VERSION,
02635 &default_dev_handle,
02636 &list_info,
02637 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02638 RSBAC_LIST_BACKUP |
02639 #endif
02640 RSBAC_LIST_PERSIST,
02641 entry_compare,
02642 def_dev_get_conv,
02643 NULL,
02644 RSBAC_ACL_DEF_DEV_FILENAME,
02645 RSBAC_AUTO_DEV);
02646 if(err)
02647 {
02648 registration_error(err, "default dev");
02649 }
02650 if(!rsbac_no_defaults && !rsbac_list_count(default_dev_handle))
02651 {
02652 struct rsbac_acl_entry_desc_t desc;
02653 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_DEV_ENTRY;
02654 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_DEV_ENTRY;
02655 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_DEV_ENTRY;
02656
02657 #ifdef CONFIG_RSBAC_RMSG
02658 rsbac_printk(KERN_WARNING
02659 "rsbac_init_acl(): Device default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02660 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02661 #endif
02662 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02663 if (!rsbac_nosyslog)
02664 #endif
02665 printk(KERN_WARNING
02666 "rsbac_init_acl(): Device default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02667 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02668 desc.subj_type = acman_entry.subj_type;
02669 desc.subj_id = acman_entry.subj_id;
02670 rsbac_list_add(default_dev_handle, &desc, &acman_entry.rights);
02671 desc.subj_type = sysadm_entry.subj_type;
02672 desc.subj_id = sysadm_entry.subj_id;
02673 rsbac_list_add(default_dev_handle, &desc, &sysadm_entry.rights);
02674 desc.subj_type = gen_entry.subj_type;
02675 desc.subj_id = gen_entry.subj_id;
02676 rsbac_list_add(default_dev_handle, &desc, &gen_entry.rights);
02677 }
02678
02679 list_info.version = RSBAC_ACL_DEF_IPC_LIST_VERSION;
02680 list_info.key = RSBAC_ACL_LIST_KEY;
02681 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02682 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02683 list_info.max_age = 0;
02684 err = rsbac_list_register(RSBAC_LIST_VERSION,
02685 &default_ipc_handle,
02686 &list_info,
02687 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02688 RSBAC_LIST_BACKUP |
02689 #endif
02690 RSBAC_LIST_PERSIST,
02691 entry_compare,
02692 def_ipc_get_conv,
02693 NULL,
02694 RSBAC_ACL_DEF_IPC_FILENAME,
02695 RSBAC_AUTO_DEV);
02696 if(err)
02697 {
02698 registration_error(err, "default ipc");
02699 }
02700 if(!rsbac_no_defaults && !rsbac_list_count(default_ipc_handle))
02701 {
02702 struct rsbac_acl_entry_desc_t desc;
02703 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_IPC_ENTRY;
02704 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_IPC_ENTRY;
02705 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_IPC_ENTRY;
02706
02707 #ifdef CONFIG_RSBAC_RMSG
02708 rsbac_printk(KERN_WARNING
02709 "rsbac_init_acl(): IPC default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02710 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02711 #endif
02712 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02713 if (!rsbac_nosyslog)
02714 #endif
02715 printk(KERN_WARNING
02716 "rsbac_init_acl(): IPC default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02717 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02718 desc.subj_type = acman_entry.subj_type;
02719 desc.subj_id = acman_entry.subj_id;
02720 rsbac_list_add(default_ipc_handle, &desc, &acman_entry.rights);
02721 desc.subj_type = sysadm_entry.subj_type;
02722 desc.subj_id = sysadm_entry.subj_id;
02723 rsbac_list_add(default_ipc_handle, &desc, &sysadm_entry.rights);
02724 desc.subj_type = gen_entry.subj_type;
02725 desc.subj_id = gen_entry.subj_id;
02726 rsbac_list_add(default_ipc_handle, &desc, &gen_entry.rights);
02727 }
02728
02729 lol_info.version = RSBAC_ACL_SCD_LIST_VERSION;
02730 lol_info.key = RSBAC_ACL_LIST_KEY;
02731 lol_info.desc_size = sizeof(__u8);
02732 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02733 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
02734 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
02735 lol_info.max_age = 0;
02736 def_mask=RSBAC_ACL_DEFAULT_SCD_MASK;
02737 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02738 &scd_handle,
02739 &lol_info,
02740 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02741 RSBAC_LIST_BACKUP |
02742 #endif
02743 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
02744 NULL,
02745 entry_compare,
02746 scd_get_conv,
02747 scd_get_subconv,
02748 &def_mask,
02749 NULL,
02750 RSBAC_ACL_SCD_FILENAME,
02751 RSBAC_AUTO_DEV);
02752 if(err)
02753 {
02754 registration_error(err, "scd");
02755 }
02756 if(!rsbac_no_defaults && !rsbac_list_lol_count(scd_handle))
02757 {
02758 struct rsbac_acl_entry_desc_t desc;
02759 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_SCD_MASK;
02760 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_SCD_ENTRY;
02761 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
02762 struct rsbac_acl_entry_t gen_ioports_entry = RSBAC_ACL_GENERAL_SCD_IOPORTS_ENTRY;
02763 #endif
02764 struct rsbac_acl_entry_t gen_other_entry = RSBAC_ACL_GENERAL_SCD_OTHER_ENTRY;
02765 struct rsbac_acl_entry_t gen_network_entry = RSBAC_ACL_GENERAL_SCD_NETWORK_ENTRY;
02766 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_SCD_ENTRY;
02767 struct rsbac_acl_entry_t sysadm_other_entry = RSBAC_ACL_SYSADM_SCD_OTHER_ENTRY;
02768 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
02769 struct rsbac_acl_entry_t sysadm_kmem_entry = RSBAC_ACL_SYSADM_SCD_KMEM_ENTRY;
02770 #endif
02771 struct rsbac_acl_entry_t acman_other_entry = RSBAC_ACL_ACMAN_SCD_OTHER_ENTRY;
02772 struct rsbac_acl_entry_t auditor_rsbaclog_entry = RSBAC_ACL_AUDITOR_SCD_RSBACLOG_ENTRY;
02773 __u8 scd;
02774
02775 #ifdef CONFIG_RSBAC_RMSG
02776 rsbac_printk(KERN_WARNING
02777 "rsbac_init_acl(): SCD ACLs empty on dev %02u:%02u, generating standard entries!\n",
02778 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02779 #endif
02780 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02781 if (!rsbac_nosyslog)
02782 #endif
02783 printk(KERN_WARNING
02784 "rsbac_init_acl(): SCD ACLs empty on dev %02u:%02u, generating standard entries!\n",
02785 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02786 scd = ST_rlimit;
02787 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02788 {
02789 desc.subj_type = gen_entry.subj_type;
02790 desc.subj_id = gen_entry.subj_id;
02791 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &gen_entry.rights);
02792 }
02793 for(scd=ST_time_strucs; scd<=ST_rsbac; scd++)
02794 {
02795 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02796 {
02797 desc.subj_type = sysadm_entry.subj_type;
02798 desc.subj_id = sysadm_entry.subj_id;
02799 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02800 }
02801 }
02802 scd = ST_rsbaclog;
02803 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02804 {
02805 desc.subj_type = auditor_rsbaclog_entry.subj_type;
02806 desc.subj_id = auditor_rsbaclog_entry.subj_id;
02807 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &auditor_rsbaclog_entry.rights);
02808 }
02809 scd=ST_network;
02810 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02811 {
02812 desc.subj_type = sysadm_entry.subj_type;
02813 desc.subj_id = sysadm_entry.subj_id;
02814 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02815 desc.subj_type = gen_network_entry.subj_type;
02816 desc.subj_id = gen_network_entry.subj_id;
02817 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &gen_network_entry.rights);
02818 }
02819 scd=ST_firewall;
02820 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02821 {
02822 desc.subj_type = sysadm_entry.subj_type;
02823 desc.subj_id = sysadm_entry.subj_id;
02824 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02825 desc.subj_type = gen_network_entry.subj_type;
02826 desc.subj_id = gen_network_entry.subj_id;
02827 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &gen_network_entry.rights);
02828 }
02829 scd=ST_priority;
02830 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02831 {
02832 desc.subj_type = sysadm_entry.subj_type;
02833 desc.subj_id = sysadm_entry.subj_id;
02834 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02835 }
02836 scd=ST_sysfs;
02837 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02838 {
02839 desc.subj_type = sysadm_entry.subj_type;
02840 desc.subj_id = sysadm_entry.subj_id;
02841 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02842 }
02843 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
02844 scd = ST_ioports;
02845 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02846 {
02847 desc.subj_type = gen_ioports_entry.subj_type;
02848 desc.subj_id = gen_ioports_entry.subj_id;
02849 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &gen_ioports_entry.rights);
02850 }
02851 scd = ST_kmem;
02852 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02853 {
02854 desc.subj_type = sysadm_kmem_entry.subj_type;
02855 desc.subj_id = sysadm_kmem_entry.subj_id;
02856 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_kmem_entry.rights);
02857 }
02858 #endif
02859
02860 scd = ST_other;
02861 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02862 {
02863 desc.subj_type = sysadm_other_entry.subj_type;
02864 desc.subj_id = sysadm_other_entry.subj_id;
02865 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_other_entry.rights);
02866 desc.subj_type = acman_other_entry.subj_type;
02867 desc.subj_id = acman_other_entry.subj_id;
02868 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &acman_other_entry.rights);
02869 desc.subj_type = gen_other_entry.subj_type;
02870 desc.subj_id = gen_other_entry.subj_id;
02871 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &gen_other_entry.rights);
02872 }
02873 }
02874
02875 list_info.version = RSBAC_ACL_DEF_SCD_LIST_VERSION;
02876 list_info.key = RSBAC_ACL_LIST_KEY;
02877 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02878 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02879 list_info.max_age = 0;
02880 err = rsbac_list_register(RSBAC_LIST_VERSION,
02881 &default_scd_handle,
02882 &list_info,
02883 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02884 RSBAC_LIST_BACKUP |
02885 #endif
02886 RSBAC_LIST_PERSIST,
02887 entry_compare,
02888 def_scd_get_conv,
02889 NULL,
02890 RSBAC_ACL_DEF_SCD_FILENAME,
02891 RSBAC_AUTO_DEV);
02892 if(err)
02893 {
02894 registration_error(err, "default scd");
02895 }
02896 if(!rsbac_no_defaults && !rsbac_list_count(default_scd_handle))
02897 {
02898 struct rsbac_acl_entry_desc_t desc;
02899 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_SCD_ENTRY;
02900
02901 #ifdef CONFIG_RSBAC_RMSG
02902 rsbac_printk(KERN_WARNING
02903 "rsbac_init_acl(): SCD default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02904 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02905 #endif
02906 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02907 if (!rsbac_nosyslog)
02908 #endif
02909 printk(KERN_WARNING
02910 "rsbac_init_acl(): SCD default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02911 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02912 desc.subj_type = acman_entry.subj_type;
02913 desc.subj_id = acman_entry.subj_id;
02914 rsbac_list_add(default_scd_handle, &desc, &acman_entry.rights);
02915 }
02916
02917 lol_info.version = RSBAC_ACL_U_LIST_VERSION;
02918 lol_info.key = RSBAC_ACL_LIST_KEY;
02919 lol_info.desc_size = sizeof(rsbac_uid_t);
02920 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02921 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
02922 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
02923 lol_info.max_age = 0;
02924 def_mask=RSBAC_ACL_DEFAULT_U_MASK;
02925 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02926 &u_handle,
02927 &lol_info,
02928 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02929 RSBAC_LIST_BACKUP |
02930 #endif
02931 RSBAC_LIST_PERSIST,
02932 rsbac_list_compare_u32,
02933 entry_compare,
02934 NULL,
02935 NULL,
02936 &def_mask,
02937 NULL,
02938 RSBAC_ACL_U_FILENAME,
02939 RSBAC_AUTO_DEV);
02940 if(err)
02941 {
02942 registration_error(err, "user");
02943 }
02944 list_info.version = RSBAC_ACL_DEF_U_LIST_VERSION;
02945 list_info.key = RSBAC_ACL_LIST_KEY;
02946 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02947 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02948 list_info.max_age = 0;
02949 err = rsbac_list_register(RSBAC_LIST_VERSION,
02950 &default_u_handle,
02951 &list_info,
02952 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02953 RSBAC_LIST_BACKUP |
02954 #endif
02955 RSBAC_LIST_PERSIST,
02956 entry_compare,
02957 def_u_get_conv,
02958 NULL,
02959 RSBAC_ACL_DEF_U_FILENAME,
02960 RSBAC_AUTO_DEV);
02961 if(err)
02962 {
02963 registration_error(err, "default user");
02964 }
02965 if(!rsbac_no_defaults && !rsbac_list_count(default_u_handle))
02966 {
02967 struct rsbac_acl_entry_desc_t desc;
02968 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_U_ENTRY;
02969 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_U_ENTRY;
02970 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_U_ENTRY;
02971
02972 #ifdef CONFIG_RSBAC_RMSG
02973 rsbac_printk(KERN_WARNING
02974 "rsbac_init_acl(): User default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02975 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02976 #endif
02977 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02978 if (!rsbac_nosyslog)
02979 #endif
02980 printk(KERN_WARNING
02981 "rsbac_init_acl(): User default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02982 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02983 desc.subj_type = sysadm_entry.subj_type;
02984 desc.subj_id = sysadm_entry.subj_id;
02985 rsbac_list_add(default_u_handle, &desc, &sysadm_entry.rights);
02986 desc.subj_type = acman_entry.subj_type;
02987 desc.subj_id = acman_entry.subj_id;
02988 rsbac_list_add(default_u_handle, &desc, &acman_entry.rights);
02989 desc.subj_type = gen_entry.subj_type;
02990 desc.subj_id = gen_entry.subj_id;
02991 rsbac_list_add(default_u_handle, &desc, &gen_entry.rights);
02992 }
02993
02994 list_info.version = RSBAC_ACL_DEF_P_LIST_VERSION;
02995 list_info.key = RSBAC_ACL_LIST_KEY;
02996 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02997 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02998 list_info.max_age = 0;
02999 err = rsbac_list_register(RSBAC_LIST_VERSION,
03000 &default_p_handle,
03001 &list_info,
03002 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03003 RSBAC_LIST_BACKUP |
03004 #endif
03005 RSBAC_LIST_PERSIST,
03006 entry_compare,
03007 def_p_get_conv,
03008 NULL,
03009 RSBAC_ACL_DEF_P_FILENAME,
03010 RSBAC_AUTO_DEV);
03011 if(err)
03012 {
03013 registration_error(err, "default process");
03014 }
03015 if(!rsbac_no_defaults && !rsbac_list_count(default_p_handle))
03016 {
03017 struct rsbac_acl_entry_desc_t desc;
03018 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_P_ENTRY;
03019 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_P_ENTRY;
03020 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_P_ENTRY;
03021
03022 #ifdef CONFIG_RSBAC_RMSG
03023 rsbac_printk(KERN_WARNING
03024 "rsbac_init_acl(): Process default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03025 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03026 #endif
03027 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03028 if (!rsbac_nosyslog)
03029 #endif
03030 printk(KERN_WARNING
03031 "rsbac_init_acl(): Process default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03032 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03033 desc.subj_type = sysadm_entry.subj_type;
03034 desc.subj_id = sysadm_entry.subj_id;
03035 rsbac_list_add(default_p_handle, &desc, &sysadm_entry.rights);
03036 desc.subj_type = acman_entry.subj_type;
03037 desc.subj_id = acman_entry.subj_id;
03038 rsbac_list_add(default_p_handle, &desc, &acman_entry.rights);
03039 desc.subj_type = gen_entry.subj_type;
03040 desc.subj_id = gen_entry.subj_id;
03041 rsbac_list_add(default_p_handle, &desc, &gen_entry.rights);
03042 }
03043
03044 #ifdef CONFIG_RSBAC_ACL_UM_PROT
03045 lol_info.version = RSBAC_ACL_G_LIST_VERSION;
03046 lol_info.key = RSBAC_ACL_LIST_KEY;
03047 lol_info.desc_size = sizeof(rsbac_gid_t);
03048 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03049 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
03050 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
03051 lol_info.max_age = 0;
03052 def_mask=RSBAC_ACL_DEFAULT_G_MASK;
03053 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03054 &g_handle,
03055 &lol_info,
03056 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03057 RSBAC_LIST_BACKUP |
03058 #endif
03059 RSBAC_LIST_PERSIST,
03060 rsbac_list_compare_u32,
03061 entry_compare,
03062 NULL,
03063 NULL,
03064 &def_mask,
03065 NULL,
03066 RSBAC_ACL_G_FILENAME,
03067 RSBAC_AUTO_DEV);
03068 if(err)
03069 {
03070 registration_error(err, "Linux group");
03071 }
03072 list_info.version = RSBAC_ACL_DEF_G_LIST_VERSION;
03073 list_info.key = RSBAC_ACL_LIST_KEY;
03074 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
03075 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03076 list_info.max_age = 0;
03077 err = rsbac_list_register(RSBAC_LIST_VERSION,
03078 &default_g_handle,
03079 &list_info,
03080 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03081 RSBAC_LIST_BACKUP |
03082 #endif
03083 RSBAC_LIST_PERSIST,
03084 entry_compare,
03085 def_g_get_conv,
03086 NULL,
03087 RSBAC_ACL_DEF_G_FILENAME,
03088 RSBAC_AUTO_DEV);
03089 if(err)
03090 {
03091 registration_error(err, "default Linux group");
03092 }
03093 if(!rsbac_no_defaults && !rsbac_list_count(default_g_handle))
03094 {
03095 struct rsbac_acl_entry_desc_t desc;
03096 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_G_ENTRY;
03097 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_G_ENTRY;
03098 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_G_ENTRY;
03099
03100 #ifdef CONFIG_RSBAC_RMSG
03101 rsbac_printk(KERN_WARNING
03102 "rsbac_init_acl(): Linux group default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03103 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03104 #endif
03105 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03106 if (!rsbac_nosyslog)
03107 #endif
03108 printk(KERN_WARNING
03109 "rsbac_init_acl(): Linux group default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03110 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03111 desc.subj_type = sysadm_entry.subj_type;
03112 desc.subj_id = sysadm_entry.subj_id;
03113 rsbac_list_add(default_g_handle, &desc, &sysadm_entry.rights);
03114 desc.subj_type = acman_entry.subj_type;
03115 desc.subj_id = acman_entry.subj_id;
03116 rsbac_list_add(default_g_handle, &desc, &acman_entry.rights);
03117 desc.subj_type = gen_entry.subj_type;
03118 desc.subj_id = gen_entry.subj_id;
03119 rsbac_list_add(default_g_handle, &desc, &gen_entry.rights);
03120 }
03121 #endif
03122
03123 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
03124 lol_info.version = RSBAC_ACL_NETDEV_LIST_VERSION;
03125 lol_info.key = RSBAC_ACL_LIST_KEY;
03126 lol_info.desc_size = sizeof(rsbac_netdev_id_t);
03127 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03128 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
03129 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
03130 lol_info.max_age = 0;
03131 def_mask=RSBAC_ACL_DEFAULT_NETDEV_MASK;
03132 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03133 &netdev_handle,
03134 &lol_info,
03135 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03136 RSBAC_LIST_BACKUP |
03137 #endif
03138 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
03139 netdev_compare,
03140 entry_compare,
03141 netdev_get_conv,
03142 netdev_get_subconv,
03143 &def_mask,
03144 NULL,
03145 RSBAC_ACL_NETDEV_FILENAME,
03146 RSBAC_AUTO_DEV);
03147 if(err)
03148 {
03149 registration_error(err, "netdev");
03150 }
03151 list_info.version = RSBAC_ACL_DEF_NETDEV_LIST_VERSION;
03152 list_info.key = RSBAC_ACL_LIST_KEY;
03153 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
03154 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03155 list_info.max_age = 0;
03156 err = rsbac_list_register(RSBAC_LIST_VERSION,
03157 &default_netdev_handle,
03158 &list_info,
03159 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03160 RSBAC_LIST_BACKUP |
03161 #endif
03162 RSBAC_LIST_PERSIST,
03163 entry_compare,
03164 def_netdev_get_conv,
03165 NULL,
03166 RSBAC_ACL_DEF_NETDEV_FILENAME,
03167 RSBAC_AUTO_DEV);
03168 if(err)
03169 {
03170 registration_error(err, "default netdev");
03171 }
03172 if(!rsbac_no_defaults && !rsbac_list_count(default_netdev_handle))
03173 {
03174 struct rsbac_acl_entry_desc_t desc;
03175 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_NETDEV_ENTRY;
03176 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_NETDEV_ENTRY;
03177 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_NETDEV_ENTRY;
03178
03179 #ifdef CONFIG_RSBAC_RMSG
03180 rsbac_printk(KERN_WARNING
03181 "rsbac_init_acl(): Network Device default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03182 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03183 #endif
03184 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03185 if (!rsbac_nosyslog)
03186 #endif
03187 printk(KERN_WARNING
03188 "rsbac_init_acl(): Network Device default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03189 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03190 desc.subj_type = acman_entry.subj_type;
03191 desc.subj_id = acman_entry.subj_id;
03192 rsbac_list_add(default_netdev_handle, &desc, &acman_entry.rights);
03193 desc.subj_type = sysadm_entry.subj_type;
03194 desc.subj_id = sysadm_entry.subj_id;
03195 rsbac_list_add(default_netdev_handle, &desc, &sysadm_entry.rights);
03196 desc.subj_type = gen_entry.subj_type;
03197 desc.subj_id = gen_entry.subj_id;
03198 rsbac_list_add(default_netdev_handle, &desc, &gen_entry.rights);
03199 }
03200 #endif
03201
03202 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
03203 lol_info.version = RSBAC_ACL_NETTEMP_NT_LIST_VERSION;
03204 lol_info.key = RSBAC_ACL_LIST_KEY;
03205 lol_info.desc_size = sizeof(rsbac_net_temp_id_t);
03206 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03207 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
03208 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
03209 lol_info.max_age = 0;
03210 def_mask=RSBAC_ACL_DEFAULT_NETTEMP_MASK;
03211 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03212 &nettemp_nt_handle,
03213 &lol_info,
03214 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03215 RSBAC_LIST_BACKUP |
03216 #endif
03217 RSBAC_LIST_PERSIST,
03218 rsbac_list_compare_u32,
03219 entry_compare,
03220 nettemp_nt_get_conv,
03221 nettemp_nt_get_subconv,
03222 &def_mask,
03223 NULL,
03224 RSBAC_ACL_NETTEMP_NT_FILENAME,
03225 RSBAC_AUTO_DEV);
03226 if(err)
03227 {
03228 registration_error(err, "nettemp_nt");
03229 }
03230 list_info.version = RSBAC_ACL_DEF_NETTEMP_NT_LIST_VERSION;
03231 list_info.key = RSBAC_ACL_LIST_KEY;
03232 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
03233 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03234 list_info.max_age = 0;
03235 err = rsbac_list_register(RSBAC_LIST_VERSION,
03236 &default_nettemp_nt_handle,
03237 &list_info,
03238 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03239 RSBAC_LIST_BACKUP |
03240 #endif
03241 RSBAC_LIST_PERSIST,
03242 entry_compare,
03243 def_nettemp_nt_get_conv,
03244 NULL,
03245 RSBAC_ACL_DEF_NETTEMP_NT_FILENAME,
03246 RSBAC_AUTO_DEV);
03247 if(err)
03248 {
03249 registration_error(err, "default nettemp_nt");
03250 }
03251 if(!rsbac_no_defaults && !rsbac_list_count(default_nettemp_nt_handle))
03252 {
03253 struct rsbac_acl_entry_desc_t desc;
03254 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_NETTEMP_NT_ENTRY;
03255 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_NETTEMP_NT_ENTRY;
03256 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_NETTEMP_NT_ENTRY;
03257
03258 #ifdef CONFIG_RSBAC_RMSG
03259 rsbac_printk(KERN_WARNING
03260 "rsbac_init_acl(): Network Template NT (template protection) default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03261 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03262 #endif
03263 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03264 if (!rsbac_nosyslog)
03265 #endif
03266 printk(KERN_WARNING
03267 "rsbac_init_acl(): Network Template NT (template protection) default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03268 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03269 desc.subj_type = acman_entry.subj_type;
03270 desc.subj_id = acman_entry.subj_id;
03271 rsbac_list_add(default_nettemp_nt_handle, &desc, &acman_entry.rights);
03272 desc.subj_type = sysadm_entry.subj_type;
03273 desc.subj_id = sysadm_entry.subj_id;
03274 rsbac_list_add(default_nettemp_nt_handle, &desc, &sysadm_entry.rights);
03275 desc.subj_type = gen_entry.subj_type;
03276 desc.subj_id = gen_entry.subj_id;
03277 rsbac_list_add(default_nettemp_nt_handle, &desc, &gen_entry.rights);
03278 }
03279 lol_info.version = RSBAC_ACL_NETTEMP_LIST_VERSION;
03280 lol_info.key = RSBAC_ACL_LIST_KEY;
03281 lol_info.desc_size = sizeof(rsbac_net_temp_id_t);
03282 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03283 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
03284 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
03285 lol_info.max_age = 0;
03286 def_mask=RSBAC_ACL_DEFAULT_NETOBJ_MASK;
03287 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03288 &nettemp_handle,
03289 &lol_info,
03290 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03291 RSBAC_LIST_BACKUP |
03292 #endif
03293 RSBAC_LIST_PERSIST,
03294 rsbac_list_compare_u32,
03295 entry_compare,
03296 nettemp_get_conv,
03297 nettemp_get_subconv,
03298 &def_mask,
03299 NULL,
03300 RSBAC_ACL_NETTEMP_FILENAME,
03301 RSBAC_AUTO_DEV);
03302 if(err)
03303 {
03304 registration_error(err, "nettemp");
03305 }
03306 lol_info.version = RSBAC_ACL_NETOBJ_LIST_VERSION;
03307 lol_info.key = RSBAC_ACL_LIST_KEY;
03308 lol_info.desc_size = sizeof(rsbac_net_obj_id_t);
03309 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03310 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
03311 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
03312 lol_info.max_age = 0;
03313 def_mask=RSBAC_ACL_DEFAULT_NETOBJ_MASK;
03314 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03315 &netobj_handle,
03316 &lol_info,
03317 0,
03318 rsbac_list_compare_u32,
03319 entry_compare,
03320 NULL,
03321 NULL,
03322 &def_mask,
03323 NULL,
03324 RSBAC_ACL_NETOBJ_FILENAME,
03325 RSBAC_AUTO_DEV);
03326 if(err)
03327 {
03328 registration_error(err, "netobj");
03329 }
03330 list_info.version = RSBAC_ACL_DEF_NETOBJ_LIST_VERSION;
03331 list_info.key = RSBAC_ACL_LIST_KEY;
03332 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
03333 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03334 list_info.max_age = 0;
03335 err = rsbac_list_register(RSBAC_LIST_VERSION,
03336 &default_netobj_handle,
03337 &list_info,
03338 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03339 RSBAC_LIST_BACKUP |
03340 #endif
03341 RSBAC_LIST_PERSIST,
03342 entry_compare,
03343 def_netobj_get_conv,
03344 NULL,
03345 RSBAC_ACL_DEF_NETOBJ_FILENAME,
03346 RSBAC_AUTO_DEV);
03347 if(err)
03348 {
03349 registration_error(err, "default netobj");
03350 }
03351 if(!rsbac_no_defaults && !rsbac_list_count(default_netobj_handle))
03352 {
03353 struct rsbac_acl_entry_desc_t desc;
03354 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_NETOBJ_ENTRY;
03355 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_NETOBJ_ENTRY;
03356 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_NETOBJ_ENTRY;
03357
03358 #ifdef CONFIG_RSBAC_RMSG
03359 rsbac_printk(KERN_WARNING
03360 "rsbac_init_acl(): Network Object default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03361 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03362 #endif
03363 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03364 if (!rsbac_nosyslog)
03365 #endif
03366 printk(KERN_WARNING
03367 "rsbac_init_acl(): Network Object default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03368 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03369 desc.subj_type = acman_entry.subj_type;
03370 desc.subj_id = acman_entry.subj_id;
03371 rsbac_list_add(default_netobj_handle, &desc, &acman_entry.rights);
03372 desc.subj_type = sysadm_entry.subj_type;
03373 desc.subj_id = sysadm_entry.subj_id;
03374 rsbac_list_add(default_netobj_handle, &desc, &sysadm_entry.rights);
03375 desc.subj_type = gen_entry.subj_type;
03376 desc.subj_id = gen_entry.subj_id;
03377 rsbac_list_add(default_netobj_handle, &desc, &gen_entry.rights);
03378 }
03379 #endif
03380
03381
03382 list_info.version = RSBAC_ACL_GROUP_VERSION;
03383 list_info.key = RSBAC_ACL_LIST_KEY;
03384 list_info.desc_size = sizeof(rsbac_acl_group_id_t);
03385 list_info.data_size = sizeof(struct rsbac_acl_group_entry_t);
03386 list_info.max_age = 0;
03387 err = rsbac_list_register(RSBAC_LIST_VERSION,
03388 &group_handle,
03389 &list_info,
03390 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03391 RSBAC_LIST_BACKUP |
03392 #endif
03393 RSBAC_LIST_PERSIST,
03394 rsbac_list_compare_u32,
03395 NULL,
03396 NULL,
03397 RSBAC_ACL_GROUP_FILENAME,
03398 RSBAC_AUTO_DEV);
03399 if(err)
03400 {
03401 registration_error(err, "group");
03402 }
03403 if(!rsbac_no_defaults && !rsbac_list_count(group_handle))
03404 {
03405 #ifdef CONFIG_RSBAC_RMSG
03406 rsbac_printk(KERN_WARNING
03407 "rsbac_init_acl(): Group list empty on dev %02u:%02u!\n",
03408 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03409 #endif
03410 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03411 if (!rsbac_nosyslog)
03412 #endif
03413 printk(KERN_WARNING
03414 "rsbac_init_acl(): Group list empty on dev %02u:%02u!\n",
03415 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03416 }
03417 else
03418 {
03419 rsbac_list_get_max_desc(group_handle, &group_last_new);
03420 }
03421
03422
03423 lol_info.version = RSBAC_ACL_GM_VERSION;
03424 lol_info.key = RSBAC_ACL_LIST_KEY;
03425 lol_info.desc_size = sizeof(rsbac_uid_t);
03426 lol_info.data_size = 0;
03427 lol_info.subdesc_size = sizeof(rsbac_acl_group_id_t);
03428 lol_info.subdata_size = 0;
03429 lol_info.max_age = 0;
03430 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03431 &gm_handle,
03432 &lol_info,
03433 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03434 RSBAC_LIST_BACKUP |
03435 #endif
03436 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
03437 rsbac_list_compare_u32,
03438 rsbac_list_compare_u32,
03439 NULL,
03440 NULL,
03441 NULL,
03442 NULL,
03443 RSBAC_ACL_GM_FILENAME,
03444 RSBAC_AUTO_DEV);
03445 if(err)
03446 {
03447 registration_error(err, "gm");
03448 }
03449 if(!rsbac_no_defaults && !rsbac_list_lol_count(gm_handle))
03450 {
03451 #ifdef CONFIG_RSBAC_RMSG
03452 rsbac_printk(KERN_WARNING
03453 "rsbac_init_acl(): Group membership list empty on dev %02u:%02u!\n",
03454 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03455 #endif
03456 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03457 if (!rsbac_nosyslog)
03458 #endif
03459 printk(KERN_WARNING
03460 "rsbac_init_acl(): Group membership list empty on dev %02u:%02u!\n",
03461 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03462 }
03463
03464 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
03465 tmp_entry_p = create_proc_entry("acl_devices",
03466 S_IFREG | S_IRUGO,
03467 proc_rsbac_root_p);
03468 if(tmp_entry_p)
03469 {
03470 tmp_entry_p->get_info = acl_devices_proc_info;
03471 }
03472 tmp_entry_p = create_proc_entry("stats_acl",
03473 S_IFREG | S_IRUGO,
03474 proc_rsbac_root_p);
03475 if(tmp_entry_p)
03476 {
03477 tmp_entry_p->get_info = stats_acl_proc_info;
03478 }
03479 tmp_entry_p = create_proc_entry("acl_acllist",
03480 S_IFREG | S_IRUGO,
03481 proc_rsbac_root_p);
03482 if(tmp_entry_p)
03483 {
03484 tmp_entry_p->get_info = acl_acllist_proc_info;
03485 }
03486 tmp_entry_p = create_proc_entry("acl_grouplist",
03487 S_IFREG | S_IRUGO,
03488 proc_rsbac_root_p);
03489 if(tmp_entry_p)
03490 {
03491 tmp_entry_p->get_info = acl_grouplist_proc_info;
03492 }
03493 #endif
03494
03495 #ifdef CONFIG_RSBAC_DEBUG
03496 if (rsbac_debug_ds_acl)
03497 {
03498 #ifdef CONFIG_RSBAC_RMSG
03499 rsbac_printk(KERN_DEBUG "rsbac_init_acl(): Ready.\n");
03500 #endif
03501 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03502 if (!rsbac_nosyslog)
03503 #endif
03504 printk(KERN_DEBUG "rsbac_init_acl(): Ready.\n");
03505 }
03506 #endif
03507 return(err);
03508 };
03509
03510 int rsbac_mount_acl(kdev_t kdev)
03511 {
03512 int err = 0;
03513 struct rsbac_acl_device_list_item_t * device_p;
03514 struct rsbac_acl_device_list_item_t * new_device_p;
03515 u_long flags;
03516
03517 if (!rsbac_is_initialized())
03518 {
03519 #ifdef CONFIG_RSBAC_RMSG
03520 rsbac_printk(KERN_WARNING "rsbac_mount_acl(): RSBAC not initialized\n");
03521 #endif
03522 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03523 if (!rsbac_nosyslog)
03524 #endif
03525 printk(KERN_WARNING "rsbac_mount_acl(): RSBAC not initialized\n");
03526 return(-RSBAC_ENOTINITIALIZED);
03527 }
03528 #ifdef CONFIG_RSBAC_DEBUG
03529 if (rsbac_debug_ds_acl)
03530 {
03531 #ifdef CONFIG_RSBAC_RMSG
03532 rsbac_printk(KERN_DEBUG "rsbac_mount_acl(): mounting device %02u:%02u\n",
03533 RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
03534 #endif
03535 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03536 if (!rsbac_nosyslog)
03537 #endif
03538 printk(KERN_DEBUG "rsbac_mount_acl(): mounting device %02u:%02u\n",
03539 RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
03540 }
03541 #endif
03542
03543 rsbac_read_lock(&device_list_head.lock, &flags);
03544 device_p = acl_lookup_device(kdev);
03545
03546 if(device_p)
03547 {
03548 #ifdef CONFIG_RSBAC_RMSG
03549 rsbac_printk(KERN_INFO "rsbac_mount_acl: repeated mount %u of device %02u:%02u\n",
03550 device_p->mount_count, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03551 #endif
03552 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03553 if (!rsbac_nosyslog)
03554 #endif
03555 printk(KERN_INFO "rsbac_mount_acl: repeated mount %u of device %02u:%02u\n",
03556 device_p->mount_count, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03557 device_p->mount_count++;
03558 rsbac_read_unlock(&device_list_head.lock, &flags);
03559 return 0;
03560 }
03561 rsbac_read_unlock(&device_list_head.lock, &flags);
03562
03563 new_device_p = create_device_item(kdev);
03564 if(!new_device_p)
03565 return -RSBAC_ECOULDNOTADDDEVICE;
03566
03567 if((err = acl_register_fd_lists(new_device_p, kdev)))
03568 {
03569 char * tmp;
03570
03571 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03572 if(tmp)
03573 {
03574 #ifdef CONFIG_RSBAC_RMSG
03575 rsbac_printk(KERN_WARNING
03576 "rsbac_mount_acl(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
03577 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp,err));
03578 #endif
03579 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03580 if (!rsbac_nosyslog)
03581 #endif
03582 printk(KERN_WARNING
03583 "rsbac_mount_acl(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
03584 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp,err));
03585 rsbac_kfree(tmp);
03586 }
03587 }
03588
03589
03590 rsbac_read_lock(&device_list_head.lock, &flags);
03591
03592 device_p = acl_lookup_device(kdev);
03593 if(device_p)
03594 {
03595 #ifdef CONFIG_RSBAC_RMSG
03596 rsbac_printk(KERN_WARNING
03597 "rsbac_mount_acl(): mount race for device %02u:%02u detected!\n",
03598 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03599 #endif
03600 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03601 if (!rsbac_nosyslog)
03602 #endif
03603 printk(KERN_WARNING
03604 "rsbac_mount_acl(): mount race for device %02u:%02u detected!\n",
03605 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03606 device_p->mount_count++;
03607
03608 clear_device_item(new_device_p);
03609 rsbac_read_unlock(&device_list_head.lock, &flags);
03610 }
03611 else
03612 {
03613 rsbac_read_unlock(&device_list_head.lock, &flags);
03614 rsbac_write_lock_irq(&device_list_head.lock, &flags);
03615 device_p = add_device_item(new_device_p);
03616 rsbac_write_unlock_irq(&device_list_head.lock, &flags);
03617 if(!device_p)
03618 {
03619 #ifdef CONFIG_RSBAC_RMSG
03620 rsbac_printk(KERN_WARNING "rsbac_mount_acl: adding device %02u:%02u failed!\n",
03621 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03622 #endif
03623 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03624 if (!rsbac_nosyslog)
03625 #endif
03626 printk(KERN_WARNING "rsbac_mount_acl: adding device %02u:%02u failed!\n",
03627 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03628
03629 clear_device_item(new_device_p);
03630 err = -RSBAC_ECOULDNOTADDDEVICE;
03631 }
03632 }
03633
03634 return(err);
03635 };
03636
03637
03638
03639 int rsbac_umount_acl(kdev_t kdev)
03640 {
03641 u_long flags;
03642 struct rsbac_acl_device_list_item_t * device_p;
03643
03644 if (!rsbac_is_initialized())
03645 {
03646 #ifdef CONFIG_RSBAC_RMSG
03647 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
03648 #endif
03649 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03650 if (!rsbac_nosyslog)
03651 #endif
03652 printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
03653 return(-RSBAC_ENOTINITIALIZED);
03654 }
03655
03656 #ifdef CONFIG_RSBAC_DEBUG
03657 if (rsbac_debug_ds)
03658 {
03659 #ifdef CONFIG_RSBAC_RMSG
03660 rsbac_printk(KERN_DEBUG "rsbac_umount_acl(): umounting device %02u:%02u\n",
03661 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03662 #endif
03663 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03664 if (!rsbac_nosyslog)
03665 #endif
03666 printk(KERN_DEBUG "rsbac_umount_acl(): umounting device %02u:%02u\n",
03667 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03668 }
03669 #endif
03670
03671
03672 rsbac_write_lock(&device_list_head.lock, &flags);
03673
03674 device_p = acl_lookup_device(kdev);
03675 if(device_p)
03676 {
03677 if(device_p->mount_count == 1)
03678 remove_device_item(kdev);
03679 else
03680 {
03681 if(device_p->mount_count > 1)
03682 {
03683 device_p->mount_count--;
03684 }
03685 else
03686 {
03687 #ifdef CONFIG_RSBAC_RMSG
03688 rsbac_printk(KERN_WARNING "rsbac_umount_acl: device %02u:%02u has mount_count < 1!\n",
03689 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03690 #endif
03691 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03692 if (!rsbac_nosyslog)
03693 #endif
03694 printk(KERN_WARNING "rsbac_umount_acl: device %02u:%02u has mount_count < 1!\n",
03695 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03696 }
03697 }
03698 }
03699
03700 rsbac_write_unlock(&device_list_head.lock, &flags);
03701 return(0);
03702 };
03703
03704
03705
03706
03707 int rsbac_stats_acl(void)
03708 {
03709 u_int item_count = 0;
03710 u_int member_count = 0;
03711 int tmp_count;
03712 u_int i;
03713 u_long dflags;
03714 struct rsbac_acl_device_list_item_t * device_p;
03715
03716 union rsbac_target_id_t rsbac_target_id;
03717 union rsbac_attribute_value_t rsbac_attribute_value;
03718
03719 if (!rsbac_is_initialized())
03720 {
03721 printk(KERN_WARNING "rsbac_stats_acl(): RSBAC not initialized\n");
03722 return(-RSBAC_ENOTINITIALIZED);
03723 }
03724 #ifdef CONFIG_RSBAC_DEBUG
03725 if (rsbac_debug_aef_acl)
03726 {
03727 #ifdef CONFIG_RSBAC_RMSG
03728 rsbac_printk(KERN_DEBUG "rsbac_stats_acl(): calling ADF\n");
03729 #endif
03730 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03731 if (!rsbac_nosyslog)
03732 #endif
03733 printk(KERN_DEBUG "rsbac_stats_acl(): calling ADF\n");
03734 }
03735 #endif
03736 rsbac_target_id.scd = ST_rsbac;
03737 rsbac_attribute_value.dummy = 0;
03738 if (!rsbac_adf_request(R_GET_STATUS_DATA,
03739 current->pid,
03740 T_SCD,
03741 rsbac_target_id,
03742 A_none,
03743 rsbac_attribute_value))
03744 {
03745 return -EPERM;
03746 }
03747
03748 printk(KERN_INFO "ACL Status\n-----------\n");
03749
03750
03751 rsbac_read_lock(&device_list_head.lock, &dflags);
03752 device_p = device_list_head.head;
03753 while(device_p)
03754 {
03755
03756 item_count = 0;
03757 member_count = 0;
03758 for(i=0; i<RSBAC_ACL_NR_FD_LISTS; i++)
03759 {
03760 tmp_count = rsbac_list_lol_count(device_p->handles[i]);
03761 if(tmp_count > 0)
03762 item_count+=tmp_count;
03763 tmp_count = rsbac_list_lol_all_subcount(device_p->handles[i]);
03764 if(tmp_count > 0)
03765 member_count += tmp_count;
03766 }
03767 printk(KERN_INFO
03768 "device %02u:%02u has %u file ACLs, sum of %u members\n",
03769 RSBAC_MAJOR(device_p->id),
03770 RSBAC_MINOR(device_p->id),
03771 item_count,
03772 member_count);
03773 device_p = device_p->next;
03774 }
03775
03776 rsbac_read_unlock(&device_list_head.lock, &dflags);
03777
03778
03779 printk(KERN_INFO
03780 "%li device ACL items, sum of %li members\n",
03781 rsbac_list_lol_count(dev_handle),
03782 rsbac_list_lol_all_subcount(dev_handle));
03783
03784
03785 printk(KERN_INFO
03786 "%li scd ACL items, sum of %li members\n",
03787 rsbac_list_lol_count(scd_handle),
03788 rsbac_list_lol_all_subcount(scd_handle));
03789
03790
03791 printk(KERN_INFO
03792 "%li user ACL items, sum of %li members\n",
03793 rsbac_list_lol_count(u_handle),
03794 rsbac_list_lol_all_subcount(u_handle));
03795
03796 #ifdef CONFIG_RSBAC_ACL_UM_PROT
03797
03798 printk(KERN_INFO
03799 "%li Linux group ACL items, sum of %li members\n",
03800 rsbac_list_lol_count(g_handle),
03801 rsbac_list_lol_all_subcount(g_handle));
03802 #endif
03803
03804 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
03805
03806 printk(KERN_INFO
03807 "%li network device ACL items, sum of %li members\n",
03808 rsbac_list_lol_count(netdev_handle),
03809 rsbac_list_lol_all_subcount(netdev_handle));
03810 #endif
03811
03812 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
03813
03814 printk(KERN_INFO
03815 "%li network template NT ACL items, sum of %li members\n",
03816 rsbac_list_lol_count(nettemp_nt_handle),
03817 rsbac_list_lol_all_subcount(nettemp_nt_handle));
03818
03819 printk(KERN_INFO
03820 "%li network template ACL items, sum of %li members\n",
03821 rsbac_list_lol_count(nettemp_handle),
03822 rsbac_list_lol_all_subcount(nettemp_handle));
03823
03824 printk(KERN_INFO
03825 "%li network object ACL items, sum of %li members\n",
03826 rsbac_list_lol_count(netobj_handle),
03827 rsbac_list_lol_all_subcount(netobj_handle));
03828 #endif
03829
03830 printk(KERN_INFO
03831 "%li groups, last new is %u\n",
03832 rsbac_list_count(group_handle),
03833 group_last_new);
03834
03835
03836 printk(KERN_INFO
03837 "%li group member items, sum of %li group memberships\n",
03838 rsbac_list_lol_count(gm_handle),
03839 rsbac_list_lol_all_subcount(gm_handle));
03840
03841 return(0);
03842 };
03843
03844
03845
03846
03847 int rsbac_check_acl(int correct, int check_inode)
03848 {
03849 struct rsbac_acl_device_list_item_t * device_p;
03850 u_long f_count = 0, f_sum = 0, tmp_count,
03851 r_count, u_count, b_count, no_member_count;
03852 int list_no;
03853 u_long dflags;
03854 long desc_count;
03855 long sub_desc_count;
03856 rsbac_inode_nr_t * fd_desc_p;
03857 struct rsbac_dev_desc_t * dev_desc_p;
03858 __u8 * scd_desc_p;
03859 rsbac_uid_t * u_desc_p;
03860 #ifdef CONFIG_RSBAC_ACL_UM_PROT
03861 rsbac_gid_t * g_desc_p;
03862 #endif
03863 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
03864 rsbac_netdev_id_t * netdev_desc_p;
03865 #endif
03866 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
03867 rsbac_net_temp_id_t * nettemp_desc_p;
03868 rsbac_net_obj_id_t * netobj_desc_p;
03869 #endif
03870 struct rsbac_acl_entry_desc_t * sub_desc_p;
03871 struct super_block * sb_p;
03872 struct inode * inode_p;
03873 rsbac_uid_t * user_p;
03874 rsbac_acl_group_id_t * group_p;
03875 u_int i,j;
03876
03877 if (!rsbac_is_initialized())
03878 {
03879 #ifdef CONFIG_RSBAC_RMSG
03880 rsbac_printk(KERN_WARNING "rsbac_check_acl(): RSBAC not initialized\n");
03881 #endif
03882 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03883 if (!rsbac_nosyslog)
03884 #endif
03885 printk(KERN_WARNING "rsbac_check_acl(): RSBAC not initialized\n");
03886 return(-RSBAC_ENOTINITIALIZED);
03887 }
03888
03889
03890 tmp_count = 0;
03891 desc_count = rsbac_list_lol_get_all_desc(gm_handle, (void **) &user_p);
03892 if(desc_count > 0)
03893 {
03894 for(i=0; i<desc_count; i++)
03895 {
03896 sub_desc_count = rsbac_list_lol_get_all_subdesc(gm_handle, &user_p[i], (void **) &group_p);
03897 if(sub_desc_count > 0)
03898 {
03899 for(j=0; j<sub_desc_count; j++)
03900 {
03901 if(!rsbac_list_exist(group_handle, &group_p[j]))
03902 {
03903 #ifdef CONFIG_RSBAC_RMSG
03904 rsbac_printk(KERN_WARNING
03905 "rsbac_check_acl(): removing user %u membership in non-existent group %u!\n",
03906 user_p[i], group_p[j]);
03907 #endif
03908 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03909 if (!rsbac_nosyslog)
03910 #endif
03911 printk(KERN_WARNING
03912 "rsbac_check_acl(): removing user %u membership in non-existent group %u!\n",
03913 user_p[i], group_p[j]);
03914 rsbac_list_lol_subremove(gm_handle, &user_p[i], &group_p[j]);
03915 }
03916 }
03917 rsbac_vfree(group_p);
03918 }
03919 else
03920 {
03921
03922 if(!sub_desc_count)
03923 rsbac_list_lol_remove(gm_handle, &user_p[i]);
03924 }
03925 }
03926 rsbac_vfree(user_p);
03927 }
03928
03929 #ifdef CONFIG_RSBAC_RMSG
03930 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li group membership items\n",
03931 rsbac_list_lol_count(gm_handle));
03932 #endif
03933 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03934 if (!rsbac_nosyslog)
03935 #endif
03936 printk(KERN_INFO "rsbac_check_acl(): %li group membership items\n",
03937 rsbac_list_lol_count(gm_handle));
03938
03939
03940 #ifdef CONFIG_RSBAC_RMSG
03941 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li group items\n",
03942 rsbac_list_count(group_handle));
03943 #endif
03944 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03945 if (!rsbac_nosyslog)
03946 #endif
03947 printk(KERN_INFO "rsbac_check_acl(): %li group items\n",
03948 rsbac_list_count(group_handle));
03949
03950
03951
03952 rsbac_read_lock(&device_list_head.lock, &dflags);
03953
03954
03955
03956 device_p = device_list_head.head;
03957 while (device_p)
03958 {
03959 f_count = 0;
03960 r_count = 0;
03961 u_count = 0;
03962 b_count = 0;
03963 no_member_count = 0;
03964 if(check_inode)
03965 {
03966 sb_p = rsbac_get_super_block(device_p->id);
03967 if(!sb_p)
03968 {
03969 #ifdef CONFIG_RSBAC_RMSG
03970 rsbac_printk(KERN_WARNING "rsbac_check_acl(): no super block for device %02u:%02u!\n",
03971 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
03972 #endif
03973 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03974 if (!rsbac_nosyslog)
03975 #endif
03976 printk(KERN_WARNING "rsbac_check_acl(): no super block for device %02u:%02u!\n",
03977 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
03978 }
03979 }
03980 else
03981 sb_p = NULL;
03982
03983
03984 for(list_no = 0; list_no < RSBAC_ACL_NR_FD_LISTS; list_no++)
03985 {
03986
03987
03988 tmp_count = 0;
03989 desc_count = rsbac_list_lol_get_all_desc(device_p->handles[list_no], (void **) &fd_desc_p);
03990 if(desc_count > 0)
03991 {
03992 for(i=0; i<desc_count; i++)
03993 {
03994
03995 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03996 if(sb_p)
03997 #else
03998 if(sb_p && !sb_p->s_op->read_inode2)
03999 #endif
04000 {
04001 inode_p = iget(sb_p, fd_desc_p[i]);
04002 if(is_bad_inode(inode_p))
04003 {
04004 b_count++;
04005 if(correct)
04006 {
04007 #ifdef CONFIG_RSBAC_RMSG
04008 rsbac_printk(KERN_INFO
04009 "rsbac_check_acl(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
04010 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04011 #endif
04012 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04013 if (!rsbac_nosyslog)
04014 #endif
04015 printk(KERN_INFO
04016 "rsbac_check_acl(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
04017 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04018 rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
04019 continue;
04020 }
04021 else
04022 {
04023 #ifdef CONFIG_RSBAC_RMSG
04024 rsbac_printk(KERN_INFO
04025 "rsbac_check_acl(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
04026 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04027 #endif
04028 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04029 if (!rsbac_nosyslog)
04030 #endif
04031 printk(KERN_INFO
04032 "rsbac_check_acl(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
04033 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04034 }
04035 }
04036 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
04037 else
04038 {
04039
04040 if(sb_p->s_magic == EXT2_SUPER_MAGIC)
04041 {
04042 if(inode_p->u.ext2_i.i_dtime)
04043 {
04044 r_count++;
04045 if(correct)
04046 {
04047 #ifdef CONFIG_RSBAC_RMSG
04048 rsbac_printk(KERN_INFO
04049 "rsbac_check_acl(): fd_item for deleted inode %u on device %02u:%02u, list %u, removing!\n",
04050 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04051 #endif
04052 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04053 if (!rsbac_nosyslog)
04054 #endif
04055 printk(KERN_INFO
04056 "rsbac_check_acl(): fd_item for deleted inode %u on device %02u:%02u, list %u, removing!\n",
04057 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04058 rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
04059 continue;
04060 }
04061 else
04062 {
04063 #ifdef CONFIG_RSBAC_RMSG
04064 rsbac_printk(KERN_INFO
04065 "rsbac_check_acl(): fd_item for deleted inode %u on device %02u:%02u, list %u!\n",
04066 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04067 #endif
04068 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04069 if (!rsbac_nosyslog)
04070 #endif
04071 printk(KERN_INFO
04072 "rsbac_check_acl(): fd_item for deleted inode %u on device %02u:%02u, list %u!\n",
04073 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04074 }
04075 }
04076 else
04077 {
04078 if(inode_p->i_nlink <= 0)
04079 {
04080 u_count++;
04081 if(correct >= 2)
04082 {
04083 #ifdef CONFIG_RSBAC_RMSG
04084 rsbac_printk(KERN_INFO
04085 "rsbac_check_acl(): fd_item for inode %u with nlink <= 0 on device %02u:%02u, list %u, removing!\n",
04086 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04087 #endif
04088 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04089 if (!rsbac_nosyslog)
04090 #endif
04091 printk(KERN_INFO
04092 "rsbac_check_acl(): fd_item for inode %u with nlink <= 0 on device %02u:%02u, list %u, removing!\n",
04093 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04094 rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
04095 continue;
04096 }
04097 else
04098 {
04099 #ifdef CONFIG_RSBAC_RMSG
04100 rsbac_printk(KERN_INFO
04101 "rsbac_check_acl(): deleted inode %u on device %02u:%02u, list %u, has no dtime!\n",
04102 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04103 #endif
04104 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04105 if (!rsbac_nosyslog)
04106 #endif
04107 printk(KERN_INFO
04108 "rsbac_check_acl(): deleted inode %u on device %02u:%02u, list %u, has no dtime!\n",
04109 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
04110 }
04111 }
04112 }
04113 }
04114 }
04115 #endif
04116 iput(inode_p);
04117 }
04118
04119
04120 sub_desc_count = rsbac_list_lol_get_all_subdesc(device_p->handles[list_no],
04121 &fd_desc_p[i],
04122 (void **) &sub_desc_p);
04123 if(sub_desc_count > 0)
04124 {
04125 for(j=0; j<sub_desc_count; j++)
04126 {
04127 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04128 && sub_desc_p[j].subj_id
04129 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04130 {
04131 if(correct)
04132 {
04133
04134 #ifdef CONFIG_RSBAC_DEBUG
04135 if(rsbac_debug_ds)
04136 {
04137 #ifdef CONFIG_RSBAC_RMSG
04138 rsbac_printk(KERN_DEBUG
04139 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid group %u in ACL -> removing entry!\n",
04140 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
04141 #endif
04142 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04143 if (!rsbac_nosyslog)
04144 #endif
04145 printk(KERN_DEBUG
04146 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid group %u in ACL -> removing entry!\n",
04147 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
04148 }
04149 #endif
04150 rsbac_list_lol_subremove(device_p->handles[list_no],
04151 &fd_desc_p[i], &sub_desc_p[j]);
04152 }
04153 else
04154 {
04155
04156 #ifdef CONFIG_RSBAC_DEBUG
04157 if(rsbac_debug_ds)
04158 {
04159 #ifdef CONFIG_RSBAC_RMSG
04160 rsbac_printk(KERN_DEBUG
04161 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid group %u in ACL!\n",
04162 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
04163 #endif
04164 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04165 if (!rsbac_nosyslog)
04166 #endif
04167 printk(KERN_DEBUG
04168 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid group %u in ACL!\n",
04169 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
04170 }
04171 #endif
04172 }
04173 }
04174 #if defined(CONFIG_RSBAC_RC)
04175 else
04176 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04177 && (sub_desc_p[j].subj_id > RC_role_max_value)
04178 )
04179 {
04180 if(correct)
04181 {
04182
04183 #ifdef CONFIG_RSBAC_DEBUG
04184 if(rsbac_debug_ds)
04185 {
04186 #ifdef CONFIG_RSBAC_RMSG
04187 rsbac_printk(KERN_DEBUG
04188 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid RC role %u in ACL -> removing entry!\n",
04189 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
04190 #endif
04191 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04192 if (!rsbac_nosyslog)
04193 #endif
04194 printk(KERN_DEBUG
04195 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid RC role %u in ACL -> removing entry!\n",
04196 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
04197 }
04198 #endif
04199 rsbac_list_lol_subremove(device_p->handles[list_no],
04200 &fd_desc_p[i], &sub_desc_p[j]);
04201 }
04202 else
04203 {
04204
04205 #ifdef CONFIG_RSBAC_DEBUG
04206 if(rsbac_debug_ds)
04207 {
04208 #ifdef CONFIG_RSBAC_RMSG
04209 rsbac_printk(KERN_DEBUG
04210 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid role %u in ACL!\n",
04211 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
04212 #endif
04213 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04214 if (!rsbac_nosyslog)
04215 #endif
04216 printk(KERN_DEBUG
04217 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid role %u in ACL!\n",
04218 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
04219 }
04220 #endif
04221 }
04222 }
04223 #endif
04224 }
04225 rsbac_vfree(sub_desc_p);
04226 }
04227 }
04228 tmp_count++;
04229 rsbac_vfree(fd_desc_p);
04230 f_count += desc_count;
04231 }
04232 }
04233
04234 switch(correct)
04235 {
04236 case 2:
04237 #ifdef CONFIG_RSBAC_RMSG
04238 rsbac_printk(KERN_INFO
04239 "rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu unlinked inodes, %lu had no members and default mask))\n",
04240 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + u_count + no_member_count,
04241 b_count, r_count, u_count, no_member_count);
04242 #endif
04243 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04244 if (!rsbac_nosyslog)
04245 #endif
04246 printk(KERN_INFO
04247 "rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu unlinked inodes, %lu had no members and default mask))\n",
04248 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + u_count + no_member_count,
04249 b_count, r_count, u_count, no_member_count);
04250 break;
04251 case 1:
04252 #ifdef CONFIG_RSBAC_RMSG
04253 rsbac_printk(KERN_INFO
04254 "rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu had no members and default mask), %lu unlinked inodes)\n",
04255 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + no_member_count,
04256 b_count, r_count, no_member_count, u_count);
04257 #endif
04258 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04259 if (!rsbac_nosyslog)
04260 #endif
04261 printk(KERN_INFO
04262 "rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu had no members and default mask), %lu unlinked inodes)\n",
04263 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + no_member_count,
04264 b_count, r_count, no_member_count, u_count);
04265 break;
04266 default:
04267 #ifdef CONFIG_RSBAC_RMSG
04268 rsbac_printk(KERN_INFO
04269 "rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu with bad inodes, %lu with dtimed inodes, %lu unlinked inodes, %lu without members and with default mask)\n",
04270 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count,
04271 b_count, r_count, u_count, no_member_count);
04272 #endif
04273 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04274 if (!rsbac_nosyslog)
04275 #endif
04276 printk(KERN_INFO
04277 "rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu with bad inodes, %lu with dtimed inodes, %lu unlinked inodes, %lu without members and with default mask)\n",
04278 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count,
04279 b_count, r_count, u_count, no_member_count);
04280 }
04281 f_sum += f_count;
04282
04283 device_p = device_p->next;
04284 }
04285 #ifdef CONFIG_RSBAC_RMSG
04286 rsbac_printk(KERN_INFO "rsbac_check_acl(): Sum of %u Devices with %lu file/dir ACLs\n",
04287 device_list_head.count, f_sum);
04288 #endif
04289 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04290 if (!rsbac_nosyslog)
04291 #endif
04292 printk(KERN_INFO "rsbac_check_acl(): Sum of %u Devices with %lu file/dir ACLs\n",
04293 device_list_head.count, f_sum);
04294
04295 rsbac_read_unlock(&device_list_head.lock, &dflags);
04296
04297
04298 tmp_count = 0;
04299 desc_count = rsbac_list_lol_get_all_desc(dev_handle, (void **) &dev_desc_p);
04300 if(desc_count > 0)
04301 {
04302 for(i=0; i<desc_count; i++)
04303 {
04304
04305 sub_desc_count = rsbac_list_lol_get_all_subdesc(dev_handle,
04306 &dev_desc_p[i],
04307 (void **) &sub_desc_p);
04308 if(sub_desc_count > 0)
04309 {
04310 for(j=0; j<sub_desc_count; j++)
04311 {
04312 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04313 && sub_desc_p[j].subj_id
04314 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04315 {
04316 if(correct)
04317 {
04318
04319 #ifdef CONFIG_RSBAC_DEBUG
04320 if(rsbac_debug_ds)
04321 {
04322 #ifdef CONFIG_RSBAC_RMSG
04323 rsbac_printk(KERN_DEBUG
04324 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL -> removing entry!\n",
04325 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04326 #endif
04327 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04328 if (!rsbac_nosyslog)
04329 #endif
04330 printk(KERN_DEBUG
04331 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL -> removing entry!\n",
04332 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04333 }
04334 #endif
04335 rsbac_list_lol_subremove(dev_handle, &dev_desc_p[i], &sub_desc_p[j]);
04336 }
04337 else
04338 {
04339 #ifdef CONFIG_RSBAC_DEBUG
04340
04341 if(rsbac_debug_ds)
04342 {
04343 #ifdef CONFIG_RSBAC_RMSG
04344 rsbac_printk(KERN_DEBUG
04345 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL!\n",
04346 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04347 #endif
04348 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04349 if (!rsbac_nosyslog)
04350 #endif
04351 printk(KERN_DEBUG
04352 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL!\n",
04353 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04354 }
04355 #endif
04356 }
04357 }
04358 #if defined(CONFIG_RSBAC_RC)
04359 else
04360 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04361 && (sub_desc_p[j].subj_id > RC_role_max_value)
04362 )
04363 {
04364 if(correct)
04365 {
04366
04367 #ifdef CONFIG_RSBAC_DEBUG
04368 if(rsbac_debug_ds)
04369 {
04370 #ifdef CONFIG_RSBAC_RMSG
04371 rsbac_printk(KERN_DEBUG
04372 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL -> removing entry!\n",
04373 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04374 #endif
04375 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04376 if (!rsbac_nosyslog)
04377 #endif
04378 printk(KERN_DEBUG
04379 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL -> removing entry!\n",
04380 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04381 }
04382 #endif
04383 rsbac_list_lol_subremove(dev_handle, &dev_desc_p[i], &sub_desc_p[j]);
04384 }
04385 else
04386 {
04387 #ifdef CONFIG_RSBAC_DEBUG
04388
04389 if(rsbac_debug_ds)
04390 {
04391 #ifdef CONFIG_RSBAC_RMSG
04392 rsbac_printk(KERN_DEBUG
04393 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL!\n",
04394 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04395 #endif
04396 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04397 if (!rsbac_nosyslog)
04398 #endif
04399 printk(KERN_DEBUG
04400 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL!\n",
04401 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04402 }
04403 #endif
04404 }
04405 }
04406 #endif
04407 }
04408 rsbac_vfree(sub_desc_p);
04409 }
04410 }
04411 rsbac_vfree(dev_desc_p);
04412 f_sum += desc_count;
04413 }
04414 #ifdef CONFIG_RSBAC_RMSG
04415 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li device items\n",
04416 desc_count);
04417 #endif
04418 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04419 if (!rsbac_nosyslog)
04420 #endif
04421 printk(KERN_INFO "rsbac_check_acl(): %li device items\n",
04422 desc_count);
04423
04424
04425 tmp_count = 0;
04426 desc_count = rsbac_list_lol_get_all_desc(scd_handle, (void **) &scd_desc_p);
04427 if(desc_count > 0)
04428 {
04429 for(i=0; i<desc_count; i++)
04430 {
04431
04432 sub_desc_count = rsbac_list_lol_get_all_subdesc(scd_handle,
04433 &scd_desc_p[i],
04434 (void **) &sub_desc_p);
04435 if(sub_desc_count > 0)
04436 {
04437 for(j=0; j<sub_desc_count; j++)
04438 {
04439 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04440 && sub_desc_p[j].subj_id
04441 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04442 {
04443 if(correct)
04444 {
04445
04446 #ifdef CONFIG_RSBAC_DEBUG
04447 if(rsbac_debug_ds)
04448 {
04449 #ifdef CONFIG_RSBAC_RMSG
04450 rsbac_printk(KERN_DEBUG
04451 "rsbac_check_acl(): scd_item %u has invalid group %u in ACL -> removing entry!\n",
04452 scd_desc_p[i], sub_desc_p[j].subj_id);
04453 #endif
04454 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04455 if (!rsbac_nosyslog)
04456 #endif
04457 printk(KERN_DEBUG
04458 "rsbac_check_acl(): scd_item %u has invalid group %u in ACL -> removing entry!\n",
04459 scd_desc_p[i], sub_desc_p[j].subj_id);
04460 }
04461 #endif
04462 rsbac_list_lol_subremove(scd_handle, &scd_desc_p[i], &sub_desc_p[j]);
04463 }
04464 else
04465 {
04466 #ifdef CONFIG_RSBAC_DEBUG
04467
04468 if(rsbac_debug_ds)
04469 {
04470 #ifdef CONFIG_RSBAC_RMSG
04471 rsbac_printk(KERN_DEBUG
04472 "rsbac_check_acl(): scd_item %u has invalid group %u in ACL!\n",
04473 scd_desc_p[i], sub_desc_p[j].subj_id);
04474 #endif
04475 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04476 if (!rsbac_nosyslog)
04477 #endif
04478 printk(KERN_DEBUG
04479 "rsbac_check_acl(): scd_item %u has invalid group %u in ACL!\n",
04480 scd_desc_p[i], sub_desc_p[j].subj_id);
04481 }
04482 #endif
04483 }
04484 }
04485 #if defined(CONFIG_RSBAC_RC)
04486 else
04487 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04488 && (sub_desc_p[j].subj_id > RC_role_max_value)
04489 )
04490 {
04491 if(correct)
04492 {
04493
04494 #ifdef CONFIG_RSBAC_DEBUG
04495 if(rsbac_debug_ds)
04496 {
04497 #ifdef CONFIG_RSBAC_RMSG
04498 rsbac_printk(KERN_DEBUG
04499 "rsbac_check_acl(): scd_item %u has invalid role %u in ACL -> removing entry!\n",
04500 scd_desc_p[i], sub_desc_p[j].subj_id);
04501 #endif
04502 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04503 if (!rsbac_nosyslog)
04504 #endif
04505 printk(KERN_DEBUG
04506 "rsbac_check_acl(): scd_item %u has invalid role %u in ACL -> removing entry!\n",
04507 scd_desc_p[i], sub_desc_p[j].subj_id);
04508 }
04509 #endif
04510 rsbac_list_lol_subremove(scd_handle, &scd_desc_p[i], &sub_desc_p[j]);
04511 }
04512 else
04513 {
04514 #ifdef CONFIG_RSBAC_DEBUG
04515
04516 if(rsbac_debug_ds)
04517 {
04518 #ifdef CONFIG_RSBAC_RMSG
04519 rsbac_printk(KERN_DEBUG
04520 "rsbac_check_acl(): scd_item %u has invalid role %u in ACL!\n",
04521 scd_desc_p[i], sub_desc_p[j].subj_id);
04522 #endif
04523 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04524 if (!rsbac_nosyslog)
04525 #endif
04526 printk(KERN_DEBUG
04527 "rsbac_check_acl(): scd_item %u has invalid role %u in ACL!\n",
04528 scd_desc_p[i], sub_desc_p[j].subj_id);
04529 }
04530 #endif
04531 }
04532 }
04533 #endif
04534 }
04535 rsbac_vfree(sub_desc_p);
04536 }
04537 }
04538 rsbac_vfree(scd_desc_p);
04539 f_sum += desc_count;
04540 }
04541 #ifdef CONFIG_RSBAC_RMSG
04542 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li SCD items\n",
04543 desc_count);
04544 #endif
04545 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04546 if (!rsbac_nosyslog)
04547 #endif
04548 printk(KERN_INFO "rsbac_check_acl(): %li SCD items\n",
04549 desc_count);
04550
04551
04552 tmp_count = 0;
04553 desc_count = rsbac_list_lol_get_all_desc(u_handle, (void **) &u_desc_p);
04554 if(desc_count > 0)
04555 {
04556 for(i=0; i<desc_count; i++)
04557 {
04558
04559 sub_desc_count = rsbac_list_lol_get_all_subdesc(u_handle,
04560 &u_desc_p[i],
04561 (void **) &sub_desc_p);
04562 if(sub_desc_count > 0)
04563 {
04564 for(j=0; j<sub_desc_count; j++)
04565 {
04566 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04567 && sub_desc_p[j].subj_id
04568 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04569 {
04570 if(correct)
04571 {
04572
04573 #ifdef CONFIG_RSBAC_DEBUG
04574 if(rsbac_debug_ds)
04575 {
04576 #ifdef CONFIG_RSBAC_RMSG
04577 rsbac_printk(KERN_DEBUG
04578 "rsbac_check_acl(): u_item %u has invalid group %u in ACL -> removing entry!\n",
04579 u_desc_p[i], sub_desc_p[j].subj_id);
04580 #endif
04581 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04582 if (!rsbac_nosyslog)
04583 #endif
04584 printk(KERN_DEBUG
04585 "rsbac_check_acl(): u_item %u has invalid group %u in ACL -> removing entry!\n",
04586 u_desc_p[i], sub_desc_p[j].subj_id);
04587 }
04588 #endif
04589 rsbac_list_lol_subremove(u_handle, &u_desc_p[i], &sub_desc_p[j]);
04590 }
04591 else
04592 {
04593 #ifdef CONFIG_RSBAC_DEBUG
04594
04595 if(rsbac_debug_ds)
04596 {
04597 #ifdef CONFIG_RSBAC_RMSG
04598 rsbac_printk(KERN_DEBUG
04599 "rsbac_check_acl(): u_item %u has invalid group %u in ACL!\n",
04600 u_desc_p[i], sub_desc_p[j].subj_id);
04601 #endif
04602 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04603 if (!rsbac_nosyslog)
04604 #endif
04605 printk(KERN_DEBUG
04606 "rsbac_check_acl(): u_item %u has invalid group %u in ACL!\n",
04607 u_desc_p[i], sub_desc_p[j].subj_id);
04608 }
04609 #endif
04610 }
04611 }
04612 #if defined(CONFIG_RSBAC_RC)
04613 else
04614 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04615 && (sub_desc_p[j].subj_id > RC_role_max_value)
04616 )
04617 {
04618 if(correct)
04619 {
04620
04621 #ifdef CONFIG_RSBAC_DEBUG
04622 if(rsbac_debug_ds)
04623 {
04624 #ifdef CONFIG_RSBAC_RMSG
04625 rsbac_printk(KERN_DEBUG
04626 "rsbac_check_acl(): u_item %u has invalid role %u in ACL -> removing entry!\n",
04627 u_desc_p[i], sub_desc_p[j].subj_id);
04628 #endif
04629 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04630 if (!rsbac_nosyslog)
04631 #endif
04632 printk(KERN_DEBUG
04633 "rsbac_check_acl(): u_item %u has invalid role %u in ACL -> removing entry!\n",
04634 u_desc_p[i], sub_desc_p[j].subj_id);
04635 }
04636 #endif
04637 rsbac_list_lol_subremove(u_handle, &u_desc_p[i], &sub_desc_p[j]);
04638 }
04639 else
04640 {
04641 #ifdef CONFIG_RSBAC_DEBUG
04642
04643 if(rsbac_debug_ds)
04644 {
04645 #ifdef CONFIG_RSBAC_RMSG
04646 rsbac_printk(KERN_DEBUG
04647 "rsbac_check_acl(): u_item %u has invalid role %u in ACL!\n",
04648 u_desc_p[i], sub_desc_p[j].subj_id);
04649 #endif
04650 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04651 if (!rsbac_nosyslog)
04652 #endif
04653 printk(KERN_DEBUG
04654 "rsbac_check_acl(): u_item %u has invalid role %u in ACL!\n",
04655 u_desc_p[i], sub_desc_p[j].subj_id);
04656 }
04657 #endif
04658 }
04659 }
04660 #endif
04661 }
04662 rsbac_vfree(sub_desc_p);
04663 }
04664 }
04665 rsbac_vfree(u_desc_p);
04666 f_sum += desc_count;
04667 }
04668 #ifdef CONFIG_RSBAC_RMSG
04669 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li user items\n",
04670 desc_count);
04671 #endif
04672 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04673 if (!rsbac_nosyslog)
04674 #endif
04675 printk(KERN_INFO "rsbac_check_acl(): %li user items\n",
04676 desc_count);
04677
04678 #ifdef CONFIG_RSBAC_ACL_UM_PROT
04679
04680 tmp_count = 0;
04681 desc_count = rsbac_list_lol_get_all_desc(g_handle, (void **) &g_desc_p);
04682 if(desc_count > 0)
04683 {
04684 for(i=0; i<desc_count; i++)
04685 {
04686
04687 sub_desc_count = rsbac_list_lol_get_all_subdesc(g_handle,
04688 &g_desc_p[i],
04689 (void **) &sub_desc_p);
04690 if(sub_desc_count > 0)
04691 {
04692 for(j=0; j<sub_desc_count; j++)
04693 {
04694 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04695 && sub_desc_p[j].subj_id
04696 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04697 {
04698 if(correct)
04699 {
04700
04701 #ifdef CONFIG_RSBAC_DEBUG
04702 if(rsbac_debug_ds)
04703 {
04704 #ifdef CONFIG_RSBAC_RMSG
04705 rsbac_printk(KERN_DEBUG
04706 "rsbac_check_acl(): g_item %u has invalid group %u in ACL -> removing entry!\n",
04707 g_desc_p[i], sub_desc_p[j].subj_id);
04708 #endif
04709 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04710 if (!rsbac_nosyslog)
04711 #endif
04712 printk(KERN_DEBUG
04713 "rsbac_check_acl(): g_item %u has invalid group %u in ACL -> removing entry!\n",
04714 g_desc_p[i], sub_desc_p[j].subj_id);
04715 }
04716 #endif
04717 rsbac_list_lol_subremove(g_handle, &g_desc_p[i], &sub_desc_p[j]);
04718 }
04719 else
04720 {
04721 #ifdef CONFIG_RSBAC_DEBUG
04722
04723 if(rsbac_debug_ds)
04724 {
04725 #ifdef CONFIG_RSBAC_RMSG
04726 rsbac_printk(KERN_DEBUG
04727 "rsbac_check_acl(): g_item %u has invalid group %u in ACL!\n",
04728 g_desc_p[i], sub_desc_p[j].subj_id);
04729 #endif
04730 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04731 if (!rsbac_nosyslog)
04732 #endif
04733 printk(KERN_DEBUG
04734 "rsbac_check_acl(): g_item %u has invalid group %u in ACL!\n",
04735 g_desc_p[i], sub_desc_p[j].subj_id);
04736 }
04737 #endif
04738 }
04739 }
04740 #if defined(CONFIG_RSBAC_RC)
04741 else
04742 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04743 && (sub_desc_p[j].subj_id > RC_role_max_value)
04744 )
04745 {
04746 if(correct)
04747 {
04748
04749 #ifdef CONFIG_RSBAC_DEBUG
04750 if(rsbac_debug_ds)
04751 {
04752 #ifdef CONFIG_RSBAC_RMSG
04753 rsbac_printk(KERN_DEBUG
04754 "rsbac_check_acl(): g_item %u has invalid role %u in ACL -> removing entry!\n",
04755 g_desc_p[i], sub_desc_p[j].subj_id);
04756 #endif
04757 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04758 if (!rsbac_nosyslog)
04759 #endif
04760 printk(KERN_DEBUG
04761 "rsbac_check_acl(): g_item %u has invalid role %u in ACL -> removing entry!\n",
04762 g_desc_p[i], sub_desc_p[j].subj_id);
04763 }
04764 #endif
04765 rsbac_list_lol_subremove(g_handle, &g_desc_p[i], &sub_desc_p[j]);
04766 }
04767 else
04768 {
04769 #ifdef CONFIG_RSBAC_DEBUG
04770
04771 if(rsbac_debug_ds)
04772 {
04773 #ifdef CONFIG_RSBAC_RMSG
04774 rsbac_printk(KERN_DEBUG
04775 "rsbac_check_acl(): g_item %u has invalid role %u in ACL!\n",
04776 g_desc_p[i], sub_desc_p[j].subj_id);
04777 #endif
04778 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04779 if (!rsbac_nosyslog)
04780 #endif
04781 printk(KERN_DEBUG
04782 "rsbac_check_acl(): g_item %u has invalid role %u in ACL!\n",
04783 g_desc_p[i], sub_desc_p[j].subj_id);
04784 }
04785 #endif
04786 }
04787 }
04788 #endif
04789 }
04790 rsbac_vfree(sub_desc_p);
04791 }
04792 }
04793 rsbac_vfree(g_desc_p);
04794 f_sum += desc_count;
04795 }
04796 #ifdef CONFIG_RSBAC_RMSG
04797 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li Linux group items\n",
04798 desc_count);
04799 #endif
04800 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04801 if (!rsbac_nosyslog)
04802 #endif
04803 printk(KERN_INFO "rsbac_check_acl(): %li Linux group items\n",
04804 desc_count);
04805 #endif
04806
04807 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
04808
04809 tmp_count = 0;
04810 desc_count = rsbac_list_lol_get_all_desc(netdev_handle, (void **) &netdev_desc_p);
04811 if(desc_count > 0)
04812 {
04813 for(i=0; i<desc_count; i++)
04814 {
04815
04816 sub_desc_count = rsbac_list_lol_get_all_subdesc(netdev_handle,
04817 &netdev_desc_p[i],
04818 (void **) &sub_desc_p);
04819 if(sub_desc_count > 0)
04820 {
04821 for(j=0; j<sub_desc_count; j++)
04822 {
04823 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04824 && sub_desc_p[j].subj_id
04825 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04826 {
04827 if(correct)
04828 {
04829
04830 #ifdef CONFIG_RSBAC_DEBUG
04831 if(rsbac_debug_ds)
04832 {
04833 #ifdef CONFIG_RSBAC_RMSG
04834 rsbac_printk(KERN_DEBUG
04835 "rsbac_check_acl(): netdev_item %s has invalid group %u in ACL -> removing entry!\n",
04836 netdev_desc_p[i], sub_desc_p[j].subj_id);
04837 #endif
04838 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04839 if (!rsbac_nosyslog)
04840 #endif
04841 printk(KERN_DEBUG
04842 "rsbac_check_acl(): netdev_item %s has invalid group %u in ACL -> removing entry!\n",
04843 netdev_desc_p[i], sub_desc_p[j].subj_id);
04844 }
04845 #endif
04846 rsbac_list_lol_subremove(netdev_handle, &netdev_desc_p[i], &sub_desc_p[j]);
04847 }
04848 else
04849 {
04850 #ifdef CONFIG_RSBAC_DEBUG
04851
04852 if(rsbac_debug_ds)
04853 {
04854 #ifdef CONFIG_RSBAC_RMSG
04855 rsbac_printk(KERN_DEBUG
04856 "rsbac_check_acl(): netdev_item %s has invalid group %u in ACL!\n",
04857 netdev_desc_p[i], sub_desc_p[j].subj_id);
04858 #endif
04859 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04860 if (!rsbac_nosyslog)
04861 #endif
04862 printk(KERN_DEBUG
04863 "rsbac_check_acl(): netdev_item %s has invalid group %u in ACL!\n",
04864 netdev_desc_p[i], sub_desc_p[j].subj_id);
04865 }
04866 #endif
04867 }
04868 }
04869 #if defined(CONFIG_RSBAC_RC)
04870 else
04871 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04872 && (sub_desc_p[j].subj_id > RC_role_max_value)
04873 )
04874 {
04875 if(correct)
04876 {
04877
04878 #ifdef CONFIG_RSBAC_DEBUG
04879 if(rsbac_debug_ds)
04880 {
04881 #ifdef CONFIG_RSBAC_RMSG
04882 rsbac_printk(KERN_DEBUG
04883 "rsbac_check_acl(): netdev_item %s has invalid role %u in ACL -> removing entry!\n",
04884 netdev_desc_p[i], sub_desc_p[j].subj_id);
04885 #endif
04886 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04887 if (!rsbac_nosyslog)
04888 #endif
04889 printk(KERN_DEBUG
04890 "rsbac_check_acl(): netdev_item %s has invalid role %u in ACL -> removing entry!\n",
04891 netdev_desc_p[i], sub_desc_p[j].subj_id);
04892 }
04893 #endif
04894 rsbac_list_lol_subremove(netdev_handle, &netdev_desc_p[i], &sub_desc_p[j]);
04895 }
04896 else
04897 {
04898 #ifdef CONFIG_RSBAC_DEBUG
04899
04900 if(rsbac_debug_ds)
04901 {
04902 #ifdef CONFIG_RSBAC_RMSG
04903 rsbac_printk(KERN_DEBUG
04904 "rsbac_check_acl(): netdev_item %s has invalid role %u in ACL!\n",
04905 netdev_desc_p[i], sub_desc_p[j].subj_id);
04906 #endif
04907 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04908 if (!rsbac_nosyslog)
04909 #endif
04910 printk(KERN_DEBUG
04911 "rsbac_check_acl(): netdev_item %s has invalid role %u in ACL!\n",
04912 netdev_desc_p[i], sub_desc_p[j].subj_id);
04913 }
04914 #endif
04915 }
04916 }
04917 #endif
04918 }
04919 rsbac_vfree(sub_desc_p);
04920 }
04921 }
04922 rsbac_vfree(netdev_desc_p);
04923 f_sum += desc_count;
04924 }
04925 #ifdef CONFIG_RSBAC_RMSG
04926 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li network device items\n",
04927 desc_count);
04928 #endif
04929 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04930 if (!rsbac_nosyslog)
04931 #endif
04932 printk(KERN_INFO "rsbac_check_acl(): %li network device items\n",
04933 desc_count);
04934 #endif
04935
04936 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
04937
04938 tmp_count = 0;
04939 desc_count = rsbac_list_lol_get_all_desc(nettemp_nt_handle, (void **) &nettemp_desc_p);
04940 if(desc_count > 0)
04941 {
04942 for(i=0; i<desc_count; i++)
04943 {
04944
04945 sub_desc_count = rsbac_list_lol_get_all_subdesc(nettemp_nt_handle,
04946 &nettemp_desc_p[i],
04947 (void **) &sub_desc_p);
04948 if(sub_desc_count > 0)
04949 {
04950 for(j=0; j<sub_desc_count; j++)
04951 {
04952 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04953 && sub_desc_p[j].subj_id
04954 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04955 {
04956 if(correct)
04957 {
04958
04959 #ifdef CONFIG_RSBAC_DEBUG
04960 if(rsbac_debug_ds)
04961 {
04962 #ifdef CONFIG_RSBAC_RMSG
04963 rsbac_printk(KERN_DEBUG
04964 "rsbac_check_acl(): nettemp_nt_item %u has invalid group %u in ACL -> removing entry!\n",
04965 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04966 #endif
04967 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04968 if (!rsbac_nosyslog)
04969 #endif
04970 printk(KERN_DEBUG
04971 "rsbac_check_acl(): nettemp_nt_item %u has invalid group %u in ACL -> removing entry!\n",
04972 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04973 }
04974 #endif
04975 rsbac_list_lol_subremove(nettemp_nt_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
04976 }
04977 else
04978 {
04979 #ifdef CONFIG_RSBAC_DEBUG
04980
04981 if(rsbac_debug_ds)
04982 {
04983 #ifdef CONFIG_RSBAC_RMSG
04984 rsbac_printk(KERN_DEBUG
04985 "rsbac_check_acl(): nettemp_nt_item %u has invalid group %u in ACL!\n",
04986 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04987 #endif
04988 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04989 if (!rsbac_nosyslog)
04990 #endif
04991 printk(KERN_DEBUG
04992 "rsbac_check_acl(): nettemp_nt_item %u has invalid group %u in ACL!\n",
04993 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04994 }
04995 #endif
04996 }
04997 }
04998 #if defined(CONFIG_RSBAC_RC)
04999 else
05000 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
05001 && (sub_desc_p[j].subj_id > RC_role_max_value)
05002 )
05003 {
05004 if(correct)
05005 {
05006
05007 #ifdef CONFIG_RSBAC_DEBUG
05008 if(rsbac_debug_ds)
05009 {
05010 #ifdef CONFIG_RSBAC_RMSG
05011 rsbac_printk(KERN_DEBUG
05012 "rsbac_check_acl(): nettemp_nt_item %u has invalid role %u in ACL -> removing entry!\n",
05013 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05014 #endif
05015 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05016 if (!rsbac_nosyslog)
05017 #endif
05018 printk(KERN_DEBUG
05019 "rsbac_check_acl(): nettemp_nt_item %u has invalid role %u in ACL -> removing entry!\n",
05020 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05021 }
05022 #endif
05023 rsbac_list_lol_subremove(nettemp_nt_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
05024 }
05025 else
05026 {
05027 #ifdef CONFIG_RSBAC_DEBUG
05028
05029 if(rsbac_debug_ds)
05030 {
05031 #ifdef CONFIG_RSBAC_RMSG
05032 rsbac_printk(KERN_DEBUG
05033 "rsbac_check_acl(): nettemp_nt_item %u has invalid role %u in ACL!\n",
05034 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05035 #endif
05036 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05037 if (!rsbac_nosyslog)
05038 #endif
05039 printk(KERN_DEBUG
05040 "rsbac_check_acl(): nettemp_nt_item %u has invalid role %u in ACL!\n",
05041 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05042 }
05043 #endif
05044 }
05045 }
05046 #endif
05047 }
05048 rsbac_vfree(sub_desc_p);
05049 }
05050 }
05051 rsbac_vfree(nettemp_desc_p);
05052 f_sum += desc_count;
05053 }
05054 #ifdef CONFIG_RSBAC_RMSG
05055 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li network template NT items\n",
05056 desc_count);
05057 #endif
05058 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05059 if (!rsbac_nosyslog)
05060 #endif
05061 printk(KERN_INFO "rsbac_check_acl(): %li network template NT items\n",
05062 desc_count);
05063
05064
05065 tmp_count = 0;
05066 desc_count = rsbac_list_lol_get_all_desc(nettemp_handle, (void **) &nettemp_desc_p);
05067 if(desc_count > 0)
05068 {
05069 for(i=0; i<desc_count; i++)
05070 {
05071
05072 sub_desc_count = rsbac_list_lol_get_all_subdesc(nettemp_handle,
05073 &nettemp_desc_p[i],
05074 (void **) &sub_desc_p);
05075 if(sub_desc_count > 0)
05076 {
05077 for(j=0; j<sub_desc_count; j++)
05078 {
05079 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
05080 && sub_desc_p[j].subj_id
05081 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
05082 {
05083 if(correct)
05084 {
05085
05086 #ifdef CONFIG_RSBAC_DEBUG
05087 if(rsbac_debug_ds)
05088 {
05089 #ifdef CONFIG_RSBAC_RMSG
05090 rsbac_printk(KERN_DEBUG
05091 "rsbac_check_acl(): nettemp_item %u has invalid group %u in ACL -> removing entry!\n",
05092 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05093 #endif
05094 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05095 if (!rsbac_nosyslog)
05096 #endif
05097 printk(KERN_DEBUG
05098 "rsbac_check_acl(): nettemp_item %u has invalid group %u in ACL -> removing entry!\n",
05099 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05100 }
05101 #endif
05102 rsbac_list_lol_subremove(nettemp_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
05103 }
05104 else
05105 {
05106 #ifdef CONFIG_RSBAC_DEBUG
05107
05108 if(rsbac_debug_ds)
05109 {
05110 #ifdef CONFIG_RSBAC_RMSG
05111 rsbac_printk(KERN_DEBUG
05112 "rsbac_check_acl(): nettemp_item %u has invalid group %u in ACL!\n",
05113 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05114 #endif
05115 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05116 if (!rsbac_nosyslog)
05117 #endif
05118 printk(KERN_DEBUG
05119 "rsbac_check_acl(): nettemp_item %u has invalid group %u in ACL!\n",
05120 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05121 }
05122 #endif
05123 }
05124 }
05125 #if defined(CONFIG_RSBAC_RC)
05126 else
05127 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
05128 && (sub_desc_p[j].subj_id > RC_role_max_value)
05129 )
05130 {
05131 if(correct)
05132 {
05133
05134 #ifdef CONFIG_RSBAC_DEBUG
05135 if(rsbac_debug_ds)
05136 {
05137 #ifdef CONFIG_RSBAC_RMSG
05138 rsbac_printk(KERN_DEBUG
05139 "rsbac_check_acl(): nettemp_item %u has invalid role %u in ACL -> removing entry!\n",
05140 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05141 #endif
05142 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05143 if (!rsbac_nosyslog)
05144 #endif
05145 printk(KERN_DEBUG
05146 "rsbac_check_acl(): nettemp_item %u has invalid role %u in ACL -> removing entry!\n",
05147 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05148 }
05149 #endif
05150 rsbac_list_lol_subremove(nettemp_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
05151 }
05152 else
05153 {
05154 #ifdef CONFIG_RSBAC_DEBUG
05155
05156 if(rsbac_debug_ds)
05157 {
05158 #ifdef CONFIG_RSBAC_RMSG
05159 rsbac_printk(KERN_DEBUG
05160 "rsbac_check_acl(): nettemp_item %u has invalid role %u in ACL!\n",
05161 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05162 #endif
05163 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05164 if (!rsbac_nosyslog)
05165 #endif
05166 printk(KERN_DEBUG
05167 "rsbac_check_acl(): nettemp_item %u has invalid role %u in ACL!\n",
05168 nettemp_desc_p[i], sub_desc_p[j].subj_id);
05169 }
05170 #endif
05171 }
05172 }
05173 #endif
05174 }
05175 rsbac_vfree(sub_desc_p);
05176 }
05177 }
05178 rsbac_vfree(nettemp_desc_p);
05179 f_sum += desc_count;
05180 }
05181 #ifdef CONFIG_RSBAC_RMSG
05182 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li network template items\n",
05183 desc_count);
05184 #endif
05185 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05186 if (!rsbac_nosyslog)
05187 #endif
05188 printk(KERN_INFO "rsbac_check_acl(): %li network template items\n",
05189 desc_count);
05190
05191
05192 tmp_count = 0;
05193 desc_count = rsbac_list_lol_get_all_desc(netobj_handle, (void **) &netobj_desc_p);
05194 if(desc_count > 0)
05195 {
05196 for(i=0; i<desc_count; i++)
05197 {
05198
05199 sub_desc_count = rsbac_list_lol_get_all_subdesc(netobj_handle,
05200 &netobj_desc_p[i],
05201 (void **) &sub_desc_p);
05202 if(sub_desc_count > 0)
05203 {
05204 for(j=0; j<sub_desc_count; j++)
05205 {
05206 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
05207 && sub_desc_p[j].subj_id
05208 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
05209 {
05210 if(correct)
05211 {
05212
05213 #ifdef CONFIG_RSBAC_DEBUG
05214 if(rsbac_debug_ds)
05215 {
05216 #ifdef CONFIG_RSBAC_RMSG
05217 rsbac_printk(KERN_DEBUG
05218 "rsbac_check_acl(): netobj_item %p has invalid group %u in ACL -> removing entry!\n",
05219 netobj_desc_p[i], sub_desc_p[j].subj_id);
05220 #endif
05221 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05222 if (!rsbac_nosyslog)
05223 #endif
05224 printk(KERN_DEBUG
05225 "rsbac_check_acl(): netobj_item %p has invalid group %u in ACL -> removing entry!\n",
05226 netobj_desc_p[i], sub_desc_p[j].subj_id);
05227 }
05228 #endif
05229 rsbac_list_lol_subremove(netobj_handle, &netobj_desc_p[i], &sub_desc_p[j]);
05230 }
05231 else
05232 {
05233 #ifdef CONFIG_RSBAC_DEBUG
05234
05235 if(rsbac_debug_ds)
05236 {
05237 #ifdef CONFIG_RSBAC_RMSG
05238 rsbac_printk(KERN_DEBUG
05239 "rsbac_check_acl(): netobj_item %p has invalid group %u in ACL!\n",
05240 netobj_desc_p[i], sub_desc_p[j].subj_id);
05241 #endif
05242 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05243 if (!rsbac_nosyslog)
05244 #endif
05245 printk(KERN_DEBUG
05246 "rsbac_check_acl(): netobj_item %p has invalid group %u in ACL!\n",
05247 netobj_desc_p[i], sub_desc_p[j].subj_id);
05248 }
05249 #endif
05250 }
05251 }
05252 #if defined(CONFIG_RSBAC_RC)
05253 else
05254 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
05255 && (sub_desc_p[j].subj_id > RC_role_max_value)
05256 )
05257 {
05258 if(correct)
05259 {
05260
05261 #ifdef CONFIG_RSBAC_DEBUG
05262 if(rsbac_debug_ds)
05263 {
05264 #ifdef CONFIG_RSBAC_RMSG
05265 rsbac_printk(KERN_DEBUG
05266 "rsbac_check_acl(): netobj_item %p has invalid role %u in ACL -> removing entry!\n",
05267 netobj_desc_p[i], sub_desc_p[j].subj_id);
05268 #endif
05269 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05270 if (!rsbac_nosyslog)
05271 #endif
05272 printk(KERN_DEBUG
05273 "rsbac_check_acl(): netobj_item %p has invalid role %u in ACL -> removing entry!\n",
05274 netobj_desc_p[i], sub_desc_p[j].subj_id);
05275 }
05276 #endif
05277 rsbac_list_lol_subremove(netobj_handle, &netobj_desc_p[i], &sub_desc_p[j]);
05278 }
05279 else
05280 {
05281 #ifdef CONFIG_RSBAC_DEBUG
05282
05283 if(rsbac_debug_ds)
05284 {
05285 #ifdef CONFIG_RSBAC_RMSG
05286 rsbac_printk(KERN_DEBUG
05287 "rsbac_check_acl(): netobj_item %p has invalid role %u in ACL!\n",
05288 netobj_desc_p[i], sub_desc_p[j].subj_id);
05289 #endif
05290 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05291 if (!rsbac_nosyslog)
05292 #endif
05293 printk(KERN_DEBUG
05294 "rsbac_check_acl(): netobj_item %p has invalid role %u in ACL!\n",
05295 netobj_desc_p[i], sub_desc_p[j].subj_id);
05296 }
05297 #endif
05298 }
05299 }
05300 #endif
05301 }
05302 rsbac_vfree(sub_desc_p);
05303 }
05304 }
05305 rsbac_vfree(netobj_desc_p);
05306 f_sum += desc_count;
05307 }
05308 #ifdef CONFIG_RSBAC_RMSG
05309 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li network object items\n",
05310 desc_count);
05311 #endif
05312 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05313 if (!rsbac_nosyslog)
05314 #endif
05315 printk(KERN_INFO "rsbac_check_acl(): %li network object items\n",
05316 desc_count);
05317 #endif
05318
05319 #ifdef CONFIG_RSBAC_RMSG
05320 rsbac_printk(KERN_INFO
05321 "rsbac_check_acl(): Total of %lu registered ACLs\n",
05322 f_sum);
05323 #endif
05324 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05325 if (!rsbac_nosyslog)
05326 #endif
05327 printk(KERN_INFO
05328 "rsbac_check_acl(): Total of %lu registered ACLs\n",
05329 f_sum);
05330
05331 return(0);
05332 };
05333
05334
05335
05336
05337
05338
05339
05340
05341
05342
05343
05344
05345
05346 int rsbac_acl_set_acl_entry(
05347 rsbac_list_ta_number_t ta_number,
05348 enum rsbac_target_t target,
05349 union rsbac_target_id_t tid,
05350 enum rsbac_acl_subject_type_t subj_type,
05351 rsbac_acl_subject_id_t subj_id,
05352 rsbac_acl_rights_vector_t rights,
05353 rsbac_time_t ttl)
05354 {
05355 int err = 0;
05356 int list_no;
05357 struct rsbac_acl_device_list_item_t * device_p;
05358 struct rsbac_acl_entry_desc_t desc;
05359 u_long dflags;
05360
05361 if (!rsbac_is_initialized())
05362 {
05363 printk(KERN_WARNING "rsbac_acl_set_acl_entry(): RSBAC not initialized\n");
05364 return(-RSBAC_ENOTINITIALIZED);
05365 }
05366 if (subj_type >= ACLS_NONE)
05367 return(-RSBAC_EINVALIDVALUE);
05368 #ifdef CONFIG_RSBAC_DEBUG
05369 if (in_interrupt())
05370 {
05371 #ifdef CONFIG_RSBAC_RMSG
05372 rsbac_printk(KERN_WARNING "rsbac_acl_set_acl_entry(): called from interrupt!\n");
05373 #endif
05374 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05375 if (!rsbac_nosyslog)
05376 #endif
05377 printk(KERN_WARNING "rsbac_acl_set_acl_entry(): called from interrupt!\n");
05378 }
05379 #endif
05380 desc.subj_type = subj_type;
05381 desc.subj_id = subj_id;
05382
05383 switch (target)
05384 {
05385 case T_FILE:
05386 case T_DIR:
05387 case T_FIFO:
05388 case T_SYMLINK:
05389 #ifdef CONFIG_RSBAC_DEBUG
05390 if (rsbac_debug_ds_acl)
05391 {
05392 #ifdef CONFIG_RSBAC_RMSG
05393 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting file/dir/fifo/symlink ACL for device %02u:%02u, inode %u\n",
05394 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
05395 #endif
05396 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05397 if (!rsbac_nosyslog)
05398 #endif
05399 printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting file/dir/fifo/symlink ACL for device %02u:%02u, inode %u\n",
05400 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
05401 }
05402 #endif
05403
05404 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
05405 return rsbac_ta_list_add_ttl(ta_number, default_fd_handle, ttl, &desc, &rights);
05406
05407 rsbac_read_lock(&device_list_head.lock, &dflags);
05408
05409
05410 device_p = acl_lookup_device(tid.file.device);
05411 if (!device_p)
05412 {
05413
05414 rsbac_read_unlock(&device_list_head.lock, &dflags);
05415 rsbac_get_super_block(tid.file.device);
05416
05417 rsbac_read_lock(&device_list_head.lock, &dflags);
05418 device_p = acl_lookup_device(tid.file.device);
05419 if(!device_p)
05420 {
05421 #ifdef CONFIG_RSBAC_RMSG
05422 rsbac_printk(KERN_WARNING
05423 "rsbac_acl_set_acl_entry(): Could not lookup device!\n");
05424 #endif
05425 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05426 if (!rsbac_nosyslog)
05427 #endif
05428 printk(KERN_WARNING
05429 "rsbac_acl_set_acl_entry(): Could not lookup device!\n");
05430
05431 rsbac_read_unlock(&device_list_head.lock, &dflags);
05432 return(-RSBAC_EINVALIDDEV);
05433 }
05434 }
05435 list_no = fd_hash(tid.file.inode);
05436 if(!rsbac_ta_list_lol_exist(ta_number, device_p->handles[list_no], &tid.file.inode))
05437 {
05438 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_FD_MASK;
05439
05440 err = rsbac_ta_list_lol_add_ttl(ta_number,
05441 device_p->handles[list_no],
05442 0,
05443 &tid.file.inode,
05444 &mask);
05445 if(err)
05446 {
05447 rsbac_read_unlock(&device_list_head.lock, &dflags);
05448 return err;
05449 }
05450 }
05451 err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->handles[list_no], ttl, &tid.file.inode, &desc, &rights);
05452 rsbac_read_unlock(&device_list_head.lock, &dflags);
05453
05454 return err;
05455
05456 case T_DEV:
05457 #ifdef CONFIG_RSBAC_DEBUG
05458 if (rsbac_debug_ds_acl)
05459 {
05460 #ifdef CONFIG_RSBAC_RMSG
05461 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting device ACL for dev %c %02u:%02u\n",
05462 'B'+tid.dev.type,
05463 RSBAC_MAJOR(tid.dev.id),
05464 RSBAC_MINOR(tid.dev.id));
05465 #endif
05466 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05467 if (!rsbac_nosyslog)
05468 #endif
05469 printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting device ACL for dev %c %02u:%02u\n",
05470 'B'+tid.dev.type,
05471 RSBAC_MAJOR(tid.dev.id),
05472 RSBAC_MINOR(tid.dev.id));
05473 }
05474 #endif
05475
05476 if((tid.dev.type == D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
05477 return rsbac_ta_list_add_ttl(ta_number, default_dev_handle, ttl, &desc, &rights);
05478
05479 {
05480 struct rsbac_dev_desc_t dev_desc;
05481
05482 dev_desc.type = tid.dev.type;
05483 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
05484 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
05485 if(!rsbac_ta_list_lol_exist(ta_number, dev_handle, &dev_desc))
05486 {
05487 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_DEV_MASK;
05488
05489 err = rsbac_ta_list_lol_add_ttl(ta_number, dev_handle,
05490 0, &dev_desc, &mask);
05491 if(err)
05492 return err;
05493 }
05494 return rsbac_ta_list_lol_subadd_ttl(ta_number, dev_handle, ttl, &dev_desc, &desc, &rights);
05495 }
05496
05497 case T_IPC:
05498
05499
05500
05501
05502
05503
05504
05505
05506
05507
05508
05509
05510
05511
05512
05513
05514
05515 if(tid.ipc.type == I_none)
05516 return rsbac_ta_list_add_ttl(ta_number, default_ipc_handle, ttl, &desc, &rights);
05517 else
05518 return -RSBAC_EINVALIDTARGET;
05519
05520 case T_SCD:
05521
05522
05523
05524
05525
05526
05527
05528
05529
05530
05531
05532 if(tid.scd == AST_none)
05533 return rsbac_ta_list_add_ttl(ta_number, default_scd_handle, ttl, &desc, &rights);
05534
05535 if(!rsbac_ta_list_lol_exist(ta_number, scd_handle, &tid.scd))
05536 {
05537 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_SCD_MASK;
05538
05539 err = rsbac_ta_list_lol_add_ttl(ta_number,
05540 scd_handle,
05541 0,
05542 &tid.scd,
05543 &mask);
05544 if(err)
05545 return err;
05546 }
05547 return rsbac_ta_list_lol_subadd_ttl(ta_number, scd_handle, ttl, &tid.scd, &desc, &rights);
05548
05549 case T_USER:
05550
05551
05552
05553
05554
05555
05556
05557
05558 if(tid.user == RSBAC_NO_USER)
05559 return rsbac_ta_list_add_ttl(ta_number, default_u_handle, ttl, &desc, &rights);
05560 if(!rsbac_ta_list_lol_exist(ta_number, u_handle, &tid.user))
05561 {
05562 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_U_MASK;
05563
05564 err = rsbac_ta_list_lol_add_ttl(ta_number,
05565 u_handle,
05566 0,
05567 &tid.user,
05568 &mask);
05569 if(err)
05570 return err;
05571 }
05572 return rsbac_ta_list_lol_subadd_ttl(ta_number, u_handle, ttl, &tid.user, &desc, &rights);
05573
05574
05575 case T_PROCESS:
05576
05577
05578
05579
05580
05581
05582
05583
05584 if(!tid.process)
05585 return rsbac_ta_list_add_ttl(ta_number, default_p_handle, ttl, &desc, &rights);
05586 else
05587 return -RSBAC_EINVALIDTARGET;
05588
05589 #ifdef CONFIG_RSBAC_ACL_UM_PROT
05590 case T_GROUP:
05591
05592
05593
05594
05595
05596
05597
05598
05599 if(tid.group == RSBAC_NO_GROUP)
05600 return rsbac_ta_list_add_ttl(ta_number, default_g_handle, ttl, &desc, &rights);
05601 if(!rsbac_ta_list_lol_exist(ta_number, g_handle, &tid.group))
05602 {
05603 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_G_MASK;
05604
05605 err = rsbac_ta_list_lol_add_ttl(ta_number,
05606 g_handle,
05607 0,
05608 &tid.group,
05609 &mask);
05610 if(err)
05611 return err;
05612 }
05613 return rsbac_ta_list_lol_subadd_ttl(ta_number, g_handle, ttl, &tid.group, &desc, &rights);
05614 #endif
05615
05616 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
05617 case T_NETDEV:
05618 #ifdef CONFIG_RSBAC_DEBUG
05619 if (rsbac_debug_ds_acl)
05620 {
05621 #ifdef CONFIG_RSBAC_RMSG
05622 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network device ACL for netdev %s\n",
05623 tid.netdev);
05624 #endif
05625 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05626 if (!rsbac_nosyslog)
05627 #endif
05628 printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network device ACL for netdev %s\n",
05629 tid.netdev);
05630 }
05631 #endif
05632
05633 if(!tid.netdev[0])
05634 return rsbac_ta_list_add_ttl(ta_number, default_netdev_handle, ttl, &desc, &rights);
05635
05636 if(!rsbac_ta_list_lol_exist(ta_number, netdev_handle, &tid.netdev))
05637 {
05638 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETDEV_MASK;
05639
05640 err = rsbac_ta_list_lol_add_ttl(ta_number,
05641 netdev_handle,
05642 0,
05643 &tid.netdev,
05644 &mask);
05645 if(err)
05646 return err;
05647 }
05648 return rsbac_ta_list_lol_subadd_ttl(ta_number, netdev_handle, ttl, &tid.netdev, &desc, &rights);
05649 #endif
05650
05651 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
05652 case T_NETTEMP_NT:
05653 #ifdef CONFIG_RSBAC_DEBUG
05654 if (rsbac_debug_ds_acl)
05655 {
05656 #ifdef CONFIG_RSBAC_RMSG
05657 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network template NT ACL for nettemp_nt %u\n",
05658 tid.nettemp);
05659 #endif
05660 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05661 if (!rsbac_nosyslog)
05662 #endif
05663 printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network template NT ACL for nettemp_nt %u\n",
05664 tid.nettemp);
05665 }
05666 #endif
05667
05668 if(!tid.nettemp)
05669 return rsbac_ta_list_add_ttl(ta_number, default_nettemp_nt_handle, ttl, &desc, &rights);
05670
05671 if(!rsbac_ta_list_lol_exist(ta_number, nettemp_nt_handle, &tid.nettemp))
05672 {
05673 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETTEMP_MASK;
05674
05675 err = rsbac_ta_list_lol_add_ttl(ta_number,
05676 nettemp_nt_handle,
05677 0,
05678 &tid.nettemp,
05679 &mask);
05680 if(err)
05681 return err;
05682 }
05683 return rsbac_ta_list_lol_subadd_ttl(ta_number, nettemp_nt_handle, ttl, &tid.nettemp, &desc, &rights);
05684
05685 case T_NETTEMP:
05686 #ifdef CONFIG_RSBAC_DEBUG
05687 if (rsbac_debug_ds_acl)
05688 {
05689 #ifdef CONFIG_RSBAC_RMSG
05690 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network template ACL for nettemp %u\n",
05691 tid.nettemp);
05692 #endif
05693 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05694 if (!rsbac_nosyslog)
05695 #endif
05696 printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network template ACL for nettemp %u\n",
05697 tid.nettemp);
05698 }
05699 #endif
05700
05701 if(!tid.nettemp)
05702 return -RSBAC_EINVALIDTARGET;
05703 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
05704 return -RSBAC_EINVALIDTARGET;
05705
05706 if(!rsbac_ta_list_lol_exist(ta_number, nettemp_handle, &tid.nettemp))
05707 {
05708 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
05709
05710 err = rsbac_ta_list_lol_add_ttl(ta_number,
05711 nettemp_handle,
05712 0,
05713 &tid.nettemp,
05714 &mask);
05715 if(err)
05716 return err;
05717 }
05718 return rsbac_ta_list_lol_subadd_ttl(ta_number, nettemp_handle, ttl, &tid.nettemp, &desc, &rights);
05719
05720 case T_NETOBJ:
05721 #ifdef CONFIG_RSBAC_DEBUG
05722 if (rsbac_debug_ds_acl)
05723 {
05724 #ifdef CONFIG_RSBAC_RMSG
05725 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network object ACL for netobj %p\n",
05726 tid.netobj.sock_p);
05727 #endif
05728 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05729 if (!rsbac_nosyslog)
05730 #endif
05731 printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network object ACL for netobj %p\n",
05732 tid.netobj.sock_p);
05733 }
05734 #endif
05735
05736 if(!tid.netobj.sock_p)
05737 return rsbac_ta_list_add_ttl(ta_number, default_netobj_handle, ttl, &desc, &rights);
05738
05739 if(!rsbac_ta_list_lol_exist(ta_number, netobj_handle, &tid.netobj.sock_p))
05740 {
05741 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
05742
05743 err = rsbac_ta_list_lol_add_ttl(ta_number,
05744 netobj_handle,
05745 0,
05746 &tid.netobj.sock_p,
05747 &mask);
05748 if(err)
05749 return err;
05750 }
05751 return rsbac_ta_list_lol_subadd_ttl(ta_number, netobj_handle, ttl, &tid.netobj.sock_p, &desc, &rights);
05752 #endif
05753
05754
05755 default:
05756 err = -RSBAC_EINVALIDTARGET;
05757 }
05758 return(err);
05759 }
05760
05761
05762
05763
05764
05765
05766 int rsbac_acl_remove_acl_entry(
05767 rsbac_list_ta_number_t ta_number,
05768 enum rsbac_target_t target,
05769 union rsbac_target_id_t tid,
05770 enum rsbac_acl_subject_type_t subj_type,
05771 rsbac_acl_subject_id_t subj_id)
05772 {
05773 int err = 0;
05774 int list_no;
05775 struct rsbac_acl_device_list_item_t * device_p;
05776 struct rsbac_acl_entry_desc_t desc;
05777 u_long dflags;
05778 rsbac_acl_rights_vector_t mask;
05779
05780 if (!rsbac_is_initialized())
05781 {
05782 printk(KERN_WARNING "rsbac_acl_remove_acl_entry(): RSBAC not initialized\n");
05783 return(-RSBAC_ENOTINITIALIZED);
05784 }
05785 if (subj_type >= ACLS_NONE)
05786 return(-RSBAC_EINVALIDVALUE);
05787 #ifdef CONFIG_RSBAC_DEBUG
05788 if (in_interrupt())
05789 {
05790 printk(KERN_WARNING "rsbac_acl_remove_acl_entry(): called from interrupt!\n");
05791 }
05792 #endif
05793 desc.subj_type = subj_type;
05794 desc.subj_id = subj_id;
05795
05796 switch (target)
05797 {
05798 case T_FILE:
05799 case T_DIR:
05800 case T_FIFO:
05801 case T_SYMLINK:
05802 #ifdef CONFIG_RSBAC_DEBUG
05803 if (rsbac_debug_ds_acl)
05804 {
05805 char tmp[RSBAC_MAXNAMELEN];
05806
05807 #ifdef CONFIG_RSBAC_RMSG
05808 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing file/dir/fifo/symlink ACL entry %s %u for device %02u:%02u, inode %u\n",
05809 get_acl_subject_type_name(tmp,desc.subj_type), desc.subj_id,
05810 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
05811 #endif
05812 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05813 if (!rsbac_nosyslog)
05814 #endif
05815 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing file/dir/fifo/symlink ACL entry %s %u for device %02u:%02u, inode %u\n",
05816 get_acl_subject_type_name(tmp,desc.subj_type), desc.subj_id,
05817 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
05818 }
05819 #endif
05820
05821 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
05822 return rsbac_ta_list_remove(ta_number, default_fd_handle, &desc);
05823
05824
05825 rsbac_read_lock(&device_list_head.lock, &dflags);
05826
05827
05828 device_p = acl_lookup_device(tid.file.device);
05829 if (!device_p)
05830 {
05831
05832 rsbac_read_unlock(&device_list_head.lock, &dflags);
05833 rsbac_get_super_block(tid.file.device);
05834
05835 rsbac_read_lock(&device_list_head.lock, &dflags);
05836 device_p = acl_lookup_device(tid.file.device);
05837 if(!device_p)
05838 {
05839 printk(KERN_WARNING
05840 "rsbac_acl_remove_acl_entry(): Could not lookup device!\n");
05841
05842 rsbac_read_unlock(&device_list_head.lock, &dflags);
05843 return(-RSBAC_EINVALIDDEV);
05844 }
05845 }
05846 list_no = fd_hash(tid.file.inode);
05847 err = rsbac_ta_list_lol_subremove(ta_number, device_p->handles[list_no], &tid.file.inode, &desc);
05848
05849 if( !err
05850 && !rsbac_ta_list_lol_subcount(ta_number, device_p->handles[list_no], &tid.file.inode)
05851 && !rsbac_ta_list_lol_get_data_ttl(ta_number, device_p->handles[list_no],
05852 NULL,
05853 &tid.file.inode,
05854 &mask)
05855 && (mask == RSBAC_ACL_DEFAULT_FD_MASK)
05856 )
05857 {
05858 err = rsbac_ta_list_lol_remove(ta_number, device_p->handles[list_no], &tid.file.inode);
05859 }
05860 rsbac_read_unlock(&device_list_head.lock, &dflags);
05861
05862 return err;
05863
05864 case T_DEV:
05865 #ifdef CONFIG_RSBAC_DEBUG
05866 if (rsbac_debug_ds_acl)
05867 {
05868 #ifdef CONFIG_RSBAC_RMSG
05869 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing device ACL entry for dev %c %02u:%02u\n",
05870 'B'+tid.dev.type,
05871 RSBAC_MAJOR(tid.dev.id),
05872 RSBAC_MINOR(tid.dev.id));
05873 #endif
05874 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05875 if (!rsbac_nosyslog)
05876 #endif
05877 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing device ACL entry for dev %c %02u:%02u\n",
05878 'B'+tid.dev.type,
05879 RSBAC_MAJOR(tid.dev.id),
05880 RSBAC_MINOR(tid.dev.id));
05881 }
05882 #endif
05883
05884 if((tid.dev.type == D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
05885 return rsbac_ta_list_remove(ta_number, default_dev_handle, &desc);
05886
05887 {
05888 struct rsbac_dev_desc_t dev_desc;
05889
05890 dev_desc.type = tid.dev.type;
05891 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
05892 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
05893 err = rsbac_ta_list_lol_subremove(ta_number, dev_handle, &dev_desc, &desc);
05894
05895 if( !err
05896 && !rsbac_ta_list_lol_subcount(ta_number, dev_handle, &dev_desc)
05897 && !rsbac_ta_list_lol_get_data_ttl(ta_number, dev_handle,
05898 NULL,
05899 &dev_desc,
05900 &mask)
05901 && (mask == RSBAC_ACL_DEFAULT_DEV_MASK)
05902 )
05903 {
05904 err = rsbac_ta_list_lol_remove(ta_number, dev_handle, &dev_desc);
05905 }
05906 return err;
05907 }
05908
05909 case T_IPC:
05910 #ifdef CONFIG_RSBAC_DEBUG
05911 if (rsbac_debug_ds_acl)
05912 {
05913 #ifdef CONFIG_RSBAC_RMSG
05914 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing IPC ACL for type %u\n",
05915 tid.ipc.type);
05916 #endif
05917 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05918 if (!rsbac_nosyslog)
05919 #endif
05920 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing IPC ACL for type %u\n",
05921 tid.ipc.type);
05922 }
05923 #endif
05924
05925 if(tid.ipc.type == I_none)
05926 return rsbac_ta_list_remove(ta_number, default_ipc_handle, &desc);
05927 else
05928 return -RSBAC_EINVALIDTARGET;
05929
05930 case T_SCD:
05931 #ifdef CONFIG_RSBAC_DEBUG
05932 if (rsbac_debug_ds_acl)
05933 {
05934 char tmp[80];
05935
05936 get_acl_scd_type_name(tmp, tid.scd);
05937 #ifdef CONFIG_RSBAC_RMSG
05938 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing SCD ACL entry for %s\n",
05939 tmp);
05940 #endif
05941 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05942 if (!rsbac_nosyslog)
05943 #endif
05944 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing SCD ACL entry for %s\n",
05945 tmp);
05946 }
05947 #endif
05948
05949 if(tid.scd == AST_none)
05950 return rsbac_ta_list_remove(ta_number, default_scd_handle, &desc);
05951 err = rsbac_ta_list_lol_subremove(ta_number, scd_handle, &tid.scd, &desc);
05952
05953 if( !err
05954 && !rsbac_ta_list_lol_subcount(ta_number, scd_handle, &tid.scd)
05955 && !rsbac_ta_list_lol_get_data_ttl(ta_number, scd_handle,
05956 NULL,
05957 &tid.scd,
05958 &mask)
05959 && (mask == RSBAC_ACL_DEFAULT_SCD_MASK)
05960 )
05961 {
05962 err = rsbac_ta_list_lol_remove(ta_number, scd_handle, &tid.scd);
05963 }
05964 return err;
05965
05966 case T_USER:
05967 #ifdef CONFIG_RSBAC_DEBUG
05968 if (rsbac_debug_ds_acl)
05969 {
05970 #ifdef CONFIG_RSBAC_RMSG
05971 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing user ACL for user %u\n",
05972 tid.user);
05973 #endif
05974 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05975 if (!rsbac_nosyslog)
05976 #endif
05977 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing user ACL for user %u\n",
05978 tid.user);
05979 }
05980 #endif
05981
05982 if(tid.user == RSBAC_NO_USER)
05983 return rsbac_ta_list_remove(ta_number, default_u_handle, &desc);
05984 err = rsbac_ta_list_lol_subremove(ta_number, u_handle, &tid.user, &desc);
05985
05986 if( !err
05987 && !rsbac_ta_list_lol_subcount(ta_number, u_handle, &tid.user)
05988 && !rsbac_ta_list_lol_get_data_ttl(ta_number, u_handle,
05989 NULL,
05990 &tid.user,
05991 &mask)
05992 && (mask == RSBAC_ACL_DEFAULT_U_MASK)
05993 )
05994 {
05995 err = rsbac_ta_list_lol_remove(ta_number, u_handle, &tid.user);
05996 }
05997 return err;
05998
05999 case T_PROCESS:
06000 #ifdef CONFIG_RSBAC_DEBUG
06001 if (rsbac_debug_ds_acl)
06002 {
06003 #ifdef CONFIG_RSBAC_RMSG
06004 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing process ACL for pid %u\n",
06005 tid.process);
06006 #endif
06007 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06008 if (!rsbac_nosyslog)
06009 #endif
06010 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing process ACL for pid %u\n",
06011 tid.process);
06012 }
06013 #endif
06014
06015 if(!tid.process)
06016 return rsbac_ta_list_remove(ta_number, default_p_handle, &desc);
06017 else
06018 return -RSBAC_EINVALIDTARGET;
06019
06020 #ifdef CONFIG_RSBAC_ACL_UM_PROT
06021 case T_GROUP:
06022 #ifdef CONFIG_RSBAC_DEBUG
06023 if (rsbac_debug_ds_acl)
06024 {
06025 #ifdef CONFIG_RSBAC_RMSG
06026 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing Linux group ACL for group %u\n",
06027 tid.group);
06028 #endif
06029 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06030 if (!rsbac_nosyslog)
06031 #endif
06032 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing Linux group ACL for group %u\n",
06033 tid.group);
06034 }
06035 #endif
06036
06037 if(tid.group == RSBAC_NO_GROUP)
06038 return rsbac_ta_list_remove(ta_number, default_g_handle, &desc);
06039 err = rsbac_ta_list_lol_subremove(ta_number, g_handle, &tid.group, &desc);
06040
06041 if( !err
06042 && !rsbac_ta_list_lol_subcount(ta_number, g_handle, &tid.group)
06043 && !rsbac_ta_list_lol_get_data_ttl(ta_number, g_handle,
06044 NULL,
06045 &tid.group,
06046 &mask)
06047 && (mask == RSBAC_ACL_DEFAULT_G_MASK)
06048 )
06049 {
06050 err = rsbac_ta_list_lol_remove(ta_number, g_handle, &tid.group);
06051 }
06052 return err;
06053 #endif
06054
06055 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
06056 case T_NETDEV:
06057 #ifdef CONFIG_RSBAC_DEBUG
06058 if (rsbac_debug_ds_acl)
06059 {
06060 #ifdef CONFIG_RSBAC_RMSG
06061 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network device ACL entry for netdev %s\n",
06062 tid.netdev);
06063 #endif
06064 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06065 if (!rsbac_nosyslog)
06066 #endif
06067 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network device ACL entry for netdev %s\n",
06068 tid.netdev);
06069 }
06070 #endif
06071
06072 if(!tid.netdev[0])
06073 return rsbac_ta_list_remove(ta_number, default_netdev_handle, &desc);
06074
06075 err = rsbac_ta_list_lol_subremove(ta_number, netdev_handle, &tid.netdev, &desc);
06076
06077 if( !err
06078 && !rsbac_ta_list_lol_subcount(ta_number, netdev_handle, &tid.netdev)
06079 && !rsbac_ta_list_lol_get_data_ttl(ta_number, netdev_handle,
06080 NULL,
06081 &tid.netdev,
06082 &mask)
06083 && (mask == RSBAC_ACL_DEFAULT_NETDEV_MASK)
06084 )
06085 {
06086 err = rsbac_ta_list_lol_remove(ta_number, netdev_handle, &tid.netdev);
06087 }
06088 return err;
06089 #endif
06090
06091 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
06092 case T_NETTEMP_NT:
06093 #ifdef CONFIG_RSBAC_DEBUG
06094 if (rsbac_debug_ds_acl)
06095 {
06096 #ifdef CONFIG_RSBAC_RMSG
06097 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network template NT ACL entry for nettemp_nt %u\n",
06098 tid.nettemp);
06099 #endif
06100 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06101 if (!rsbac_nosyslog)
06102 #endif
06103 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network template NT ACL entry for nettemp_nt %u\n",
06104 tid.nettemp);
06105 }
06106 #endif
06107
06108 if(!tid.nettemp)
06109 return rsbac_ta_list_remove(ta_number, default_nettemp_nt_handle, &desc);
06110 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
06111 return -RSBAC_EINVALIDTARGET;
06112
06113 err = rsbac_ta_list_lol_subremove(ta_number, nettemp_nt_handle, &tid.nettemp, &desc);
06114
06115 if( !err
06116 && !rsbac_ta_list_lol_subcount(ta_number, nettemp_nt_handle, &tid.nettemp)
06117 && !rsbac_ta_list_lol_get_data_ttl(ta_number, nettemp_nt_handle,
06118 NULL,
06119 &tid.nettemp,
06120 &mask)
06121 && (mask == RSBAC_ACL_DEFAULT_NETTEMP_MASK)
06122 )
06123 {
06124 err = rsbac_ta_list_lol_remove(ta_number, nettemp_nt_handle, &tid.nettemp);
06125 }
06126 return err;
06127
06128 case T_NETTEMP:
06129 #ifdef CONFIG_RSBAC_DEBUG
06130 if (rsbac_debug_ds_acl)
06131 {
06132 #ifdef CONFIG_RSBAC_RMSG
06133 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network template ACL entry for nettemp_nt %u\n",
06134 tid.nettemp);
06135 #endif
06136 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06137 if (!rsbac_nosyslog)
06138 #endif
06139 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network template ACL entry for nettemp_nt %u\n",
06140 tid.nettemp);
06141 }
06142 #endif
06143
06144 if(!tid.nettemp)
06145 return -RSBAC_EINVALIDTARGET;
06146 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
06147 return -RSBAC_EINVALIDTARGET;
06148
06149 err = rsbac_ta_list_lol_subremove(ta_number, nettemp_handle, &tid.nettemp, &desc);
06150
06151 if( !err
06152 && !rsbac_ta_list_lol_subcount(ta_number, nettemp_handle, &tid.nettemp)
06153 && !rsbac_ta_list_lol_get_data_ttl(ta_number, nettemp_handle,
06154 NULL,
06155 &tid.nettemp,
06156 &mask)
06157 && (mask == RSBAC_ACL_DEFAULT_NETOBJ_MASK)
06158 )
06159 {
06160 err = rsbac_ta_list_lol_remove(ta_number, nettemp_handle, &tid.nettemp);
06161 }
06162 return err;
06163
06164 case T_NETOBJ:
06165 #ifdef CONFIG_RSBAC_DEBUG
06166 if (rsbac_debug_ds_acl)
06167 {
06168 #ifdef CONFIG_RSBAC_RMSG
06169 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network object ACL entry for netobj %p\n",
06170 tid.netobj.sock_p);
06171 #endif
06172 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06173 if (!rsbac_nosyslog)
06174 #endif
06175 printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network object ACL entry for netobj %p\n",
06176 tid.netobj.sock_p);
06177 }
06178 #endif
06179
06180 if(!tid.netobj.sock_p)
06181 return rsbac_ta_list_remove(ta_number, default_netobj_handle, &desc);
06182
06183 err = rsbac_ta_list_lol_subremove(ta_number, netobj_handle, &tid.netobj.sock_p, &desc);
06184
06185 if( !err
06186 && !rsbac_ta_list_lol_subcount(ta_number, netobj_handle, &tid.netobj.sock_p)
06187 && !rsbac_ta_list_lol_get_data_ttl(ta_number, netobj_handle,
06188 NULL,
06189 &tid.netobj,
06190 &mask)
06191 && (mask == RSBAC_ACL_DEFAULT_NETOBJ_MASK)
06192 )
06193 {
06194 err = rsbac_ta_list_lol_remove(ta_number, netobj_handle, &tid.netobj.sock_p);
06195 }
06196 return err;
06197 #endif
06198
06199 default:
06200 return -RSBAC_EINVALIDTARGET;
06201 }
06202 }
06203
06204
06205
06206
06207
06208 int rsbac_acl_remove_acl(
06209 rsbac_list_ta_number_t ta_number,
06210 enum rsbac_target_t target,
06211 union rsbac_target_id_t tid)
06212 {
06213 int err = 0;
06214 int list_no;
06215 struct rsbac_acl_device_list_item_t * device_p;
06216 u_long dflags;
06217
06218 if (!rsbac_is_initialized())
06219 {
06220 printk(KERN_WARNING "rsbac_acl_remove_acl(): RSBAC not initialized\n");
06221 return(-RSBAC_ENOTINITIALIZED);
06222 }
06223 #ifdef CONFIG_RSBAC_DEBUG
06224 if (in_interrupt())
06225 {
06226 #ifdef CONFIG_RSBAC_RMSG
06227 rsbac_printk(KERN_WARNING "rsbac_acl_remove_acl(): called from interrupt!\n");
06228 #endif
06229 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06230 if (!rsbac_nosyslog)
06231 #endif
06232 printk(KERN_WARNING "rsbac_acl_remove_acl(): called from interrupt!\n");
06233 }
06234 #endif
06235 switch (target)
06236 {
06237 case T_FILE:
06238 case T_DIR:
06239 case T_FIFO:
06240 case T_SYMLINK:
06241 #ifdef CONFIG_RSBAC_DEBUG
06242 if (rsbac_debug_ds_acl)
06243 {
06244 #ifdef CONFIG_RSBAC_RMSG
06245 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing file/dir/fifo/symlink ACL for device %02u:%02u, inode %u\n",
06246 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
06247 #endif
06248 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06249 if (!rsbac_nosyslog)
06250 #endif
06251 printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing file/dir/fifo/symlink ACL for device %02u:%02u, inode %u\n",
06252 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
06253 }
06254 #endif
06255
06256 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
06257 return -RSBAC_EINVALIDTARGET;
06258
06259
06260 rsbac_read_lock(&device_list_head.lock, &dflags);
06261
06262
06263 device_p = acl_lookup_device(tid.file.device);
06264 if (!device_p)
06265 {
06266
06267 rsbac_read_unlock(&device_list_head.lock, &dflags);
06268 rsbac_get_super_block(tid.file.device);
06269
06270 rsbac_read_lock(&device_list_head.lock, &dflags);
06271 device_p = acl_lookup_device(tid.file.device);
06272 if(!device_p)
06273 {
06274 printk(KERN_WARNING
06275 "rsbac_acl_remove_acl(): Could not lookup device!\n");
06276 rsbac_read_unlock(&device_list_head.lock, &dflags);
06277 return -RSBAC_EINVALIDDEV;
06278 }
06279 }
06280 list_no = fd_hash(tid.file.inode);
06281 err = rsbac_ta_list_lol_remove(ta_number, device_p->handles[list_no], &tid.file.inode);
06282 rsbac_read_unlock(&device_list_head.lock, &dflags);
06283 return err;
06284
06285 case T_DEV:
06286 #ifdef CONFIG_RSBAC_DEBUG
06287 if (rsbac_debug_ds_acl)
06288 {
06289 #ifdef CONFIG_RSBAC_RMSG
06290 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing device ACL for dev %c %02u:%02u\n",
06291 'B'+tid.dev.type,
06292 RSBAC_MAJOR(tid.dev.id),
06293 RSBAC_MINOR(tid.dev.id));
06294 #endif
06295 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06296 if (!rsbac_nosyslog)
06297 #endif
06298 printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing device ACL for dev %c %02u:%02u\n",
06299 'B'+tid.dev.type,
06300 RSBAC_MAJOR(tid.dev.id),
06301 RSBAC_MINOR(tid.dev.id));
06302 }
06303 #endif
06304
06305 if((tid.dev.type == D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
06306 return -RSBAC_EINVALIDTARGET;
06307 else
06308 {
06309 struct rsbac_dev_desc_t dev_desc;
06310
06311 dev_desc.type = tid.dev.type;
06312 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
06313 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
06314 return rsbac_ta_list_lol_remove(ta_number, dev_handle, &dev_desc);
06315 }
06316
06317 case T_SCD:
06318 #ifdef CONFIG_RSBAC_DEBUG
06319 if (rsbac_debug_ds_acl)
06320 {
06321 char tmp[80];
06322
06323 get_acl_scd_type_name(tmp, tid.scd);
06324 #ifdef CONFIG_RSBAC_RMSG
06325 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing SCD ACL for %s\n",
06326 tmp);
06327 #endif
06328 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06329 if (!rsbac_nosyslog)
06330 #endif
06331 printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing SCD ACL for %s\n",
06332 tmp);
06333 }
06334 #endif
06335
06336 if(tid.scd == AST_none)
06337 return -RSBAC_EINVALIDTARGET;
06338 else
06339 return rsbac_ta_list_lol_remove(ta_number, scd_handle, &tid.scd);
06340
06341 case T_USER:
06342 #ifdef CONFIG_RSBAC_DEBUG
06343 if (rsbac_debug_ds_acl)
06344 {
06345 #ifdef CONFIG_RSBAC_RMSG
06346 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing user ACL for user %u\n",
06347 tid.user);
06348 #endif
06349 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06350 if (!rsbac_nosyslog)
06351 #endif
06352 printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing user ACL for user %u\n",
06353 tid.user);
06354 }
06355 #endif
06356
06357 if(tid.user == RSBAC_NO_USER)
06358 return -RSBAC_EINVALIDTARGET;
06359 else
06360 return rsbac_ta_list_lol_remove(ta_number, u_handle, &tid.user);
06361
06362 #ifdef CONFIG_RSBAC_ACL_UM_PROT
06363 case T_GROUP:
06364 #ifdef CONFIG_RSBAC_DEBUG
06365 if (rsbac_debug_ds_acl)
06366 {
06367 #ifdef CONFIG_RSBAC_RMSG
06368 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing Linux group ACL for group %u\n",
06369 tid.group);
06370 #endif
06371 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06372 if (!rsbac_nosyslog)
06373 #endif
06374 printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing Linux group ACL for group %u\n",
06375 tid.group);
06376 }
06377 #endif
06378
06379 if(tid.group == RSBAC_NO_GROUP)
06380 return -RSBAC_EINVALIDTARGET;
06381 else
06382 return rsbac_ta_list_lol_remove(ta_number, g_handle, &tid.group);
06383 #endif
06384
06385 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
06386 case T_NETDEV:
06387 #ifdef CONFIG_RSBAC_DEBUG
06388 if (rsbac_debug_ds_acl)
06389 {
06390 #ifdef CONFIG_RSBAC_RMSG
06391 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network device ACL for netdev %s\n",
06392 tid.netdev);
06393 #endif
06394 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06395 if (!rsbac_nosyslog)
06396 #endif
06397 printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network device ACL for netdev %s\n",
06398 tid.netdev);
06399 }
06400 #endif
06401
06402 if(!tid.netdev[0])
06403 return -RSBAC_EINVALIDTARGET;
06404 else
06405 return rsbac_ta_list_lol_remove(ta_number, netdev_handle, &tid.netdev);
06406 #endif
06407
06408 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
06409 case T_NETTEMP_NT:
06410 #ifdef CONFIG_RSBAC_DEBUG
06411 if (rsbac_debug_ds_acl)
06412 {
06413 #ifdef CONFIG_RSBAC_RMSG
06414 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network template NT ACL for nettemp_nt %u\n",
06415 tid.nettemp);
06416 #endif
06417 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06418 if (!rsbac_nosyslog)
06419 #endif
06420 printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network template NT ACL for nettemp_nt %u\n",
06421 tid.nettemp);
06422 }
06423 #endif
06424
06425 if(!tid.nettemp)
06426 return -RSBAC_EINVALIDTARGET;
06427 else
06428 return rsbac_ta_list_lol_remove(ta_number, nettemp_nt_handle, &tid.nettemp);
06429 case T_NETTEMP:
06430 #ifdef CONFIG_RSBAC_DEBUG
06431 if (rsbac_debug_ds_acl)
06432 {
06433 #ifdef CONFIG_RSBAC_RMSG
06434 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network template ACL for nettemp %u\n",
06435 tid.nettemp);
06436 #endif
06437 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06438 if (!rsbac_nosyslog)
06439 #endif
06440 printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network template ACL for nettemp %u\n",
06441 tid.nettemp);
06442 }
06443 #endif
06444
06445 if(!tid.nettemp)
06446 return -RSBAC_EINVALIDTARGET;
06447 else
06448 return rsbac_ta_list_lol_remove(ta_number, nettemp_handle, &tid.nettemp);
06449 case T_NETOBJ:
06450 #ifdef CONFIG_RSBAC_DEBUG
06451 if (rsbac_debug_ds_acl)
06452 {
06453 #ifdef CONFIG_RSBAC_RMSG
06454 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network object ACL for netobj %p\n",
06455 tid.netobj.sock_p);
06456 #endif
06457 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06458 if (!rsbac_nosyslog)
06459 #endif
06460 printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network object ACL for netobj %p\n",
06461 tid.netobj.sock_p);
06462 }
06463 #endif
06464
06465 if(!tid.netobj.sock_p)
06466 return -RSBAC_EINVALIDTARGET;
06467 else
06468 return rsbac_ta_list_lol_remove(ta_number, netobj_handle, &tid.netobj.sock_p);
06469 #endif
06470
06471 default:
06472 err = -RSBAC_EINVALIDTARGET;
06473 }
06474 return(err);
06475 }
06476
06477
06478
06479
06480
06481
06482 int rsbac_acl_add_to_acl_entry(
06483 rsbac_list_ta_number_t ta_number,
06484 enum rsbac_target_t target,
06485 union rsbac_target_id_t tid,
06486 enum rsbac_acl_subject_type_t subj_type,
06487 rsbac_acl_subject_id_t subj_id,
06488 rsbac_acl_rights_vector_t rights,
06489 rsbac_time_t ttl)
06490 {
06491 int err = 0;
06492 int list_no;
06493 struct rsbac_acl_device_list_item_t * device_p;
06494 rsbac_acl_rights_vector_t old_rights;
06495 struct rsbac_acl_entry_desc_t desc;
06496 u_long dflags;
06497
06498 if (!rsbac_is_initialized())
06499 {
06500 printk(KERN_WARNING "rsbac_acl_add_to_acl_entry(): RSBAC not initialized\n");
06501 return(-RSBAC_ENOTINITIALIZED);
06502 }
06503 if (subj_type >= ACLS_NONE)
06504 return(-RSBAC_EINVALIDVALUE);
06505 #ifdef CONFIG_RSBAC_DEBUG
06506 if (in_interrupt())
06507 {
06508 #ifdef CONFIG_RSBAC_RMSG
06509 rsbac_printk(KERN_WARNING "rsbac_acl_add_to_acl_entry(): called from interrupt!\n");
06510 #endif
06511 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06512 if (!rsbac_nosyslog)
06513 #endif
06514 printk(KERN_WARNING "rsbac_acl_add_to_acl_entry(): called from interrupt!\n");
06515 }
06516 #endif
06517 desc.subj_type = subj_type;
06518 desc.subj_id = subj_id;
06519
06520 switch (target)
06521 {
06522 case T_FILE:
06523 case T_DIR:
06524 case T_FIFO:
06525 case T_SYMLINK:
06526
06527
06528
06529
06530
06531
06532
06533
06534
06535
06536 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
06537 {
06538 if(!rsbac_ta_list_get_data_ttl(ta_number, default_fd_handle, NULL, &desc, &old_rights))
06539 rights |= old_rights;
06540 return rsbac_ta_list_add_ttl(ta_number, default_fd_handle, ttl, &desc, &rights);
06541 }
06542
06543 rsbac_read_lock(&device_list_head.lock, &dflags);
06544
06545
06546 device_p = acl_lookup_device(tid.file.device);
06547 if (!device_p)
06548 {
06549
06550 rsbac_read_unlock(&device_list_head.lock, &dflags);
06551 rsbac_get_super_block(tid.file.device);
06552
06553 rsbac_read_lock(&device_list_head.lock, &dflags);
06554 device_p = acl_lookup_device(tid.file.device);
06555 if(!device_p)
06556 {
06557 printk(KERN_WARNING
06558 "rsbac_acl_set_acl_entry(): Could not lookup device!\n");
06559
06560 rsbac_read_unlock(&device_list_head.lock, &dflags);
06561 return(-RSBAC_EINVALIDDEV);
06562 }
06563 }
06564
06565 list_no = fd_hash(tid.file.inode);
06566 if(!rsbac_ta_list_lol_exist(ta_number, device_p->handles[list_no], &tid.file.inode))
06567 {
06568 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_FD_MASK;
06569
06570 err = rsbac_ta_list_lol_add_ttl(ta_number, device_p->handles[list_no],
06571 0, &tid.file.inode, &mask);
06572 if(err)
06573 {
06574 rsbac_read_unlock(&device_list_head.lock, &dflags);
06575 return err;
06576 }
06577 }
06578 else
06579 {
06580 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06581 device_p->handles[list_no],
06582 NULL,
06583 &tid.file.inode,
06584 &desc,
06585 &old_rights))
06586 rights |= old_rights;
06587 }
06588 err = rsbac_ta_list_lol_subadd_ttl(ta_number,
06589 device_p->handles[list_no],
06590 ttl,
06591 &tid.file.inode,
06592 &desc,
06593 &rights);
06594 rsbac_read_unlock(&device_list_head.lock, &dflags);
06595
06596 return err;
06597
06598 case T_DEV:
06599
06600
06601
06602
06603
06604
06605
06606
06607
06608
06609 if((tid.dev.type == D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
06610 {
06611 if(!rsbac_ta_list_get_data_ttl(ta_number, default_dev_handle,
06612 NULL, &desc, &old_rights))
06613 rights |= old_rights;
06614 return rsbac_ta_list_add_ttl(ta_number, default_dev_handle, ttl, &desc, &rights);
06615 }
06616 {
06617 struct rsbac_dev_desc_t dev_desc;
06618
06619 dev_desc.type = tid.dev.type;
06620 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
06621 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
06622 if(!rsbac_ta_list_lol_exist(ta_number, dev_handle, &dev_desc))
06623 {
06624 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_DEV_MASK;
06625
06626 err = rsbac_ta_list_lol_add_ttl(ta_number, dev_handle,
06627 0, &dev_desc, &mask);
06628 if(err)
06629 return err;
06630 }
06631 else
06632 {
06633 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number, dev_handle,
06634 NULL,
06635 &dev_desc,
06636 &desc,
06637 &old_rights))
06638 rights |= old_rights;
06639 }
06640 return rsbac_ta_list_lol_subadd_ttl(ta_number, dev_handle,
06641 ttl,
06642 &dev_desc,
06643 &desc,
06644 &rights);
06645 }
06646
06647 case T_IPC:
06648
06649
06650
06651
06652
06653
06654
06655
06656 if(tid.ipc.type == I_none)
06657 {
06658 if(!rsbac_ta_list_get_data_ttl(ta_number, default_ipc_handle,
06659 NULL, &desc, &old_rights))
06660 rights |= old_rights;
06661 return rsbac_ta_list_add_ttl(ta_number, default_ipc_handle, ttl, &desc, &rights);
06662 }
06663 else
06664 return -RSBAC_EINVALIDTARGET;
06665
06666 case T_SCD:
06667
06668
06669
06670
06671
06672
06673
06674
06675
06676
06677
06678
06679 if(tid.scd == AST_none)
06680 {
06681 if(!rsbac_ta_list_get_data_ttl(ta_number, default_scd_handle,
06682 NULL, &desc, &old_rights))
06683 rights |= old_rights;
06684 return rsbac_ta_list_add_ttl(ta_number, default_scd_handle, ttl, &desc, &rights);
06685 }
06686 if(!rsbac_ta_list_lol_exist(ta_number, scd_handle, &tid.scd))
06687 {
06688 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_SCD_MASK;
06689
06690 err = rsbac_ta_list_lol_add_ttl(ta_number, scd_handle, 0, &tid.scd, &mask);
06691 if(err)
06692 return err;
06693 }
06694 else
06695 {
06696 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06697 scd_handle,
06698 NULL,
06699 &tid.scd,
06700 &desc,
06701 &old_rights))
06702 rights |= old_rights;
06703 }
06704 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06705 scd_handle,
06706 ttl,
06707 &tid.scd,
06708 &desc,
06709 &rights);
06710
06711 case T_USER:
06712
06713
06714
06715
06716
06717
06718
06719
06720 if(tid.user == RSBAC_NO_USER)
06721 {
06722 if(!rsbac_ta_list_get_data_ttl(ta_number, default_u_handle, NULL, &desc, &old_rights))
06723 rights |= old_rights;
06724 return rsbac_ta_list_add_ttl(ta_number, default_u_handle, ttl, &desc, &rights);
06725 }
06726 if(!rsbac_ta_list_lol_exist(ta_number, u_handle, &tid.user))
06727 {
06728 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_U_MASK;
06729
06730 err = rsbac_ta_list_lol_add_ttl(ta_number, u_handle, 0, &tid.user, &mask);
06731 if(err)
06732 return err;
06733 }
06734 else
06735 {
06736 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06737 u_handle,
06738 NULL,
06739 &tid.user,
06740 &desc,
06741 &old_rights))
06742 rights |= old_rights;
06743 }
06744 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06745 u_handle,
06746 ttl,
06747 &tid.user,
06748 &desc,
06749 &rights);
06750
06751 case T_PROCESS:
06752
06753
06754
06755
06756
06757
06758
06759
06760 if(!tid.process)
06761 {
06762 if(!rsbac_ta_list_get_data_ttl(ta_number, default_p_handle, NULL, &desc, &old_rights))
06763 rights |= old_rights;
06764 return rsbac_ta_list_add_ttl(ta_number, default_p_handle, ttl, &desc, &rights);
06765 }
06766 else
06767 return -RSBAC_EINVALIDTARGET;
06768
06769 #ifdef CONFIG_RSBAC_ACL_UM_PROT
06770 case T_GROUP:
06771
06772
06773
06774
06775
06776
06777
06778
06779 if(tid.group == RSBAC_NO_GROUP)
06780 {
06781 if(!rsbac_ta_list_get_data_ttl(ta_number, default_g_handle, NULL, &desc, &old_rights))
06782 rights |= old_rights;
06783 return rsbac_ta_list_add_ttl(ta_number, default_g_handle, ttl, &desc, &rights);
06784 }
06785 if(!rsbac_ta_list_lol_exist(ta_number, g_handle, &tid.group))
06786 {
06787 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_G_MASK;
06788
06789 err = rsbac_ta_list_lol_add_ttl(ta_number, g_handle, 0, &tid.group, &mask);
06790 if(err)
06791 return err;
06792 }
06793 else
06794 {
06795 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06796 g_handle,
06797 NULL,
06798 &tid.group,
06799 &desc,
06800 &old_rights))
06801 rights |= old_rights;
06802 }
06803 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06804 g_handle,
06805 ttl,
06806 &tid.group,
06807 &desc,
06808 &rights);
06809 #endif
06810
06811 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
06812 case T_NETDEV:
06813
06814
06815
06816
06817
06818
06819
06820
06821 if(!tid.netdev[0])
06822 {
06823 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netdev_handle, NULL, &desc, &old_rights))
06824 rights |= old_rights;
06825 return rsbac_ta_list_add_ttl(ta_number, default_netdev_handle, ttl, &desc, &rights);
06826 }
06827 if(!rsbac_ta_list_lol_exist(ta_number, netdev_handle, &tid.netdev))
06828 {
06829 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETDEV_MASK;
06830
06831 err = rsbac_ta_list_lol_add_ttl(ta_number, netdev_handle, 0, &tid.netdev, &mask);
06832 if(err)
06833 return err;
06834 }
06835 else
06836 {
06837 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06838 netdev_handle,
06839 NULL,
06840 &tid.netdev,
06841 &desc,
06842 &old_rights))
06843 rights |= old_rights;
06844 }
06845 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06846 netdev_handle,
06847 ttl,
06848 &tid.netdev,
06849 &desc,
06850 &rights);
06851 #endif
06852
06853 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
06854 case T_NETTEMP_NT:
06855
06856
06857
06858
06859
06860
06861
06862
06863 if(!tid.nettemp)
06864 {
06865 if(!rsbac_ta_list_get_data_ttl(ta_number, default_nettemp_nt_handle, NULL, &desc, &old_rights))
06866 rights |= old_rights;
06867 return rsbac_ta_list_add_ttl(ta_number, default_nettemp_nt_handle, ttl, &desc, &rights);
06868 }
06869 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
06870 return -RSBAC_EINVALIDTARGET;
06871 if(!rsbac_ta_list_lol_exist(ta_number, nettemp_nt_handle, &tid.nettemp))
06872 {
06873 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETTEMP_MASK;
06874
06875 err = rsbac_ta_list_lol_add_ttl(ta_number, nettemp_nt_handle, 0, &tid.nettemp, &mask);
06876 if(err)
06877 return err;
06878 }
06879 else
06880 {
06881 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06882 nettemp_nt_handle,
06883 NULL,
06884 &tid.nettemp,
06885 &desc,
06886 &old_rights))
06887 rights |= old_rights;
06888 }
06889 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06890 nettemp_nt_handle,
06891 ttl,
06892 &tid.nettemp,
06893 &desc,
06894 &rights);
06895 case T_NETTEMP:
06896
06897
06898
06899
06900
06901
06902
06903
06904 if(!tid.nettemp)
06905 {
06906 return -RSBAC_EINVALIDTARGET;
06907 }
06908 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
06909 return -RSBAC_EINVALIDTARGET;
06910 if(!rsbac_ta_list_lol_exist(ta_number, nettemp_handle, &tid.nettemp))
06911 {
06912 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
06913
06914 err = rsbac_ta_list_lol_add_ttl(ta_number, nettemp_handle, 0, &tid.nettemp, &mask);
06915 if(err)
06916 return err;
06917 }
06918 else
06919 {
06920 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number, nettemp_handle,
06921 NULL, &tid.nettemp,
06922 &desc,
06923 &old_rights))
06924 rights |= old_rights;
06925 }
06926 return rsbac_ta_list_lol_subadd_ttl(ta_number, nettemp_handle,
06927 ttl,
06928 &tid.nettemp,
06929 &desc,
06930 &rights);
06931 case T_NETOBJ:
06932
06933
06934
06935
06936
06937
06938
06939
06940 if(!tid.netobj.sock_p)
06941 {
06942 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle, NULL, &desc, &old_rights))
06943 rights |= old_rights;
06944 return rsbac_ta_list_add_ttl(ta_number, default_netobj_handle, ttl,&desc, &rights);
06945 }
06946 if(!rsbac_ta_list_lol_exist(ta_number, netobj_handle, &tid.netobj.sock_p))
06947 {
06948 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
06949
06950 err = rsbac_ta_list_lol_add_ttl(ta_number, netobj_handle, 0, &tid.netobj.sock_p, &mask);
06951 if(err)
06952 return err;
06953 }
06954 else
06955 {
06956 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06957 netobj_handle,
06958 NULL,
06959 &tid.netobj.sock_p,
06960 &desc,
06961 &old_rights))
06962 rights |= old_rights;
06963 }
06964 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06965 netobj_handle,
06966 ttl,
06967 &tid.netobj.sock_p,
06968 &desc,
06969 &rights);
06970 #endif
06971
06972 default:
06973 return -RSBAC_EINVALIDTARGET;
06974 }
06975 }
06976
06977
06978
06979
06980
06981
06982
06983
06984 int rsbac_acl_remove_from_acl_entry(
06985 rsbac_list_ta_number_t ta_number,
06986 enum rsbac_target_t target,
06987 union rsbac_target_id_t tid,
06988 enum rsbac_acl_subject_type_t subj_type,
06989 rsbac_acl_subject_id_t subj_id,
06990 rsbac_acl_rights_vector_t rights)
06991 {
06992 int err = 0;
06993 int list_no;
06994 struct rsbac_acl_device_list_item_t * device_p;
06995 rsbac_acl_rights_vector_t old_rights;
06996 struct rsbac_acl_entry_desc_t desc;
06997 u_long dflags;
06998 rsbac_time_t ttl;
06999
07000 if (!rsbac_is_initialized())
07001 {
07002 printk(KERN_WARNING "rsbac_acl_remove_from_acl_entry(): RSBAC not initialized\n");
07003 return(-RSBAC_ENOTINITIALIZED);
07004 }
07005 if (subj_type >= ACLS_NONE)
07006 return(-RSBAC_EINVALIDVALUE);
07007 #ifdef CONFIG_RSBAC_DEBUG
07008 if (in_interrupt())
07009 {
07010 #ifdef CONFIG_RSBAC_RMSG
07011 rsbac_printk(KERN_WARNING "rsbac_acl_remove_from_acl_entry(): called from interrupt!\n");
07012 #endif
07013 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07014 if (!rsbac_nosyslog)
07015 #endif
07016 printk(KERN_WARNING "rsbac_acl_remove_from_acl_entry(): called from interrupt!\n");
07017 }
07018 #endif
07019 desc.subj_type = subj_type;
07020 desc.subj_id = subj_id;
07021
07022 switch (target)
07023 {
07024 case T_FILE:
07025 case T_DIR:
07026 case T_FIFO:
07027 case T_SYMLINK:
07028
07029
07030
07031
07032
07033
07034
07035
07036 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
07037 {
07038 if(!rsbac_ta_list_get_data_ttl(ta_number, default_fd_handle,
07039 &ttl, &desc, &old_rights))
07040 {
07041 old_rights &= ~rights;
07042 return rsbac_ta_list_add_ttl(ta_number, default_fd_handle,
07043 ttl, &desc, &old_rights);
07044 }
07045 else
07046 return 0;
07047 }
07048
07049 rsbac_read_lock(&device_list_head.lock, &dflags);
07050
07051
07052 device_p = acl_lookup_device(tid.file.device);
07053 if (!device_p)
07054 {
07055
07056 rsbac_read_unlock(&device_list_head.lock, &dflags);
07057 rsbac_get_super_block(tid.file.device);
07058
07059 rsbac_read_lock(&device_list_head.lock, &dflags);
07060 device_p = acl_lookup_device(tid.file.device);
07061 if(!device_p)
07062 {
07063 printk(KERN_WARNING
07064 "rsbac_acl_remove_from_acl_entry(): Could not lookup device!\n");
07065
07066 rsbac_read_unlock(&device_list_head.lock, &dflags);
07067 return(-RSBAC_EINVALIDDEV);
07068 }
07069 }
07070 list_no = fd_hash(tid.file.inode);
07071 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07072 device_p->handles[list_no],
07073 &ttl,
07074 &tid.file.inode,
07075 &desc,
07076 &old_rights))
07077 {
07078 old_rights &= ~rights;
07079 err = rsbac_ta_list_lol_subadd_ttl(ta_number,
07080 device_p->handles[list_no],
07081 ttl,
07082 &tid.file.inode,
07083 &desc,
07084 &old_rights);
07085 }
07086 else
07087 err = 0;
07088 rsbac_read_unlock(&device_list_head.lock, &dflags);
07089 return err;
07090
07091 case T_DEV:
07092
07093
07094
07095
07096
07097
07098
07099
07100
07101
07102 if((tid.dev.type == D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
07103 {
07104 if(!rsbac_ta_list_get_data_ttl(ta_number, default_dev_handle,
07105 &ttl, &desc, &old_rights))
07106 {
07107 old_rights &= ~rights;
07108 return rsbac_ta_list_add_ttl(ta_number, default_dev_handle,
07109 ttl, &desc, &old_rights);
07110 }
07111 else
07112 return 0;
07113 }
07114 {
07115 struct rsbac_dev_desc_t dev_desc;
07116
07117 dev_desc.type = tid.dev.type;
07118 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
07119 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
07120 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number, dev_handle,
07121 &ttl,
07122 &dev_desc,
07123 &desc,
07124 &old_rights))
07125 {
07126 old_rights &= ~rights;
07127 return rsbac_ta_list_lol_subadd_ttl(ta_number, dev_handle,
07128 ttl,
07129 &dev_desc,
07130 &desc,
07131 &old_rights);
07132 }
07133 else
07134 return 0;
07135 }
07136
07137 case T_IPC:
07138
07139
07140
07141
07142
07143
07144
07145
07146 if(tid.ipc.type == I_none)
07147 {
07148 if(!rsbac_ta_list_get_data_ttl(ta_number, default_ipc_handle,
07149 &ttl, &desc, &old_rights))
07150 {
07151 old_rights &= ~rights;
07152 return rsbac_ta_list_add_ttl(ta_number, default_ipc_handle,
07153 ttl, &desc, &old_rights);
07154 }
07155 else
07156 return 0;
07157 }
07158 else
07159 return -RSBAC_EINVALIDTARGET;
07160
07161 case T_SCD:
07162
07163
07164
07165
07166
07167
07168
07169
07170
07171
07172
07173
07174 if(tid.scd == AST_none)
07175 {
07176 if(!rsbac_ta_list_get_data_ttl(ta_number, default_scd_handle,
07177 &ttl, &desc, &old_rights))
07178 {
07179 old_rights &= ~rights;
07180 return rsbac_ta_list_add_ttl(ta_number, default_scd_handle,
07181 ttl, &desc, &old_rights);
07182 }
07183 else
07184 return 0;
07185 }
07186 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07187 scd_handle,
07188 &ttl,
07189 &tid.scd,
07190 &desc,
07191 &old_rights))
07192 {
07193 old_rights &= ~rights;
07194 return rsbac_ta_list_lol_subadd_ttl(ta_number,
07195 scd_handle,
07196 ttl,
07197 &tid.scd,
07198 &desc,
07199 &old_rights);
07200 }
07201 else
07202 return 0;
07203
07204 case T_USER:
07205
07206
07207
07208
07209
07210
07211
07212
07213 if(tid.user == RSBAC_NO_USER)
07214 {
07215 if(!rsbac_ta_list_get_data_ttl(ta_number, default_u_handle,
07216 &ttl, &desc, &old_rights))
07217 {
07218 old_rights &= ~rights;
07219 return rsbac_ta_list_add_ttl(ta_number, default_u_handle,
07220 ttl, &desc, &old_rights);
07221 }
07222 else
07223 return 0;
07224 }
07225 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07226 u_handle,
07227 &ttl,
07228 &tid.user,
07229 &desc,
07230 &old_rights))
07231 {
07232 old_rights &= ~rights;
07233 return rsbac_ta_list_lol_subadd_ttl(ta_number,
07234 u_handle,
07235 ttl,
07236 &tid.user,
07237 &desc,
07238 &old_rights);
07239 }
07240 else
07241 return 0;
07242
07243 case T_PROCESS:
07244
07245
07246
07247
07248
07249
07250
07251
07252 if(!tid.process)
07253 {
07254 if(!rsbac_ta_list_get_data_ttl(ta_number, default_p_handle,
07255 &ttl, &desc, &old_rights))
07256 {
07257 old_rights &= ~rights;
07258 return rsbac_ta_list_add_ttl(ta_number, default_p_handle,
07259 ttl, &desc, &old_rights);
07260 }
07261 else
07262 return 0;
07263 }
07264 else
07265 return -RSBAC_EINVALIDTARGET;
07266
07267 #ifdef CONFIG_RSBAC_ACL_UM_PROT
07268 case T_GROUP:
07269
07270
07271
07272
07273
07274
07275
07276
07277 if(tid.group == RSBAC_NO_GROUP)
07278 {
07279 if(!rsbac_ta_list_get_data_ttl(ta_number, default_g_handle,
07280 &ttl, &desc, &old_rights))
07281 {
07282 old_rights &= ~rights;
07283 return rsbac_ta_list_add_ttl(ta_number, default_g_handle,
07284 ttl, &desc, &old_rights);
07285 }
07286 else
07287 return 0;
07288 }
07289 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07290 g_handle,
07291 &ttl,
07292 &tid.group,
07293 &desc,
07294 &old_rights))
07295 {
07296 old_rights &= ~rights;
07297 return rsbac_ta_list_lol_subadd_ttl(ta_number,
07298 g_handle,
07299 ttl,
07300 &tid.group,
07301 &desc,
07302 &old_rights);
07303 }
07304 else
07305 return 0;
07306 #endif
07307
07308 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
07309 case T_NETDEV:
07310
07311
07312
07313
07314
07315
07316
07317
07318 if(!tid.netdev[0])
07319 {
07320 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netdev_handle,
07321 &ttl, &desc, &old_rights))
07322 {
07323 old_rights &= ~rights;
07324 return rsbac_ta_list_add_ttl(ta_number, default_netdev_handle,
07325 ttl, &desc, &old_rights);
07326 }
07327 else
07328 return 0;
07329 }
07330 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07331 netdev_handle,
07332 &ttl,
07333 &tid.netdev,
07334 &desc,
07335 &old_rights))
07336 {
07337 old_rights &= ~rights;
07338 return rsbac_ta_list_lol_subadd_ttl(ta_number,
07339 netdev_handle,
07340 ttl,
07341 &tid.netdev,
07342 &desc,
07343 &old_rights);
07344 }
07345 else
07346 return 0;
07347 #endif
07348
07349 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
07350 case T_NETTEMP_NT:
07351
07352
07353
07354
07355
07356
07357
07358
07359 if(!tid.nettemp)
07360 {
07361 if(!rsbac_ta_list_get_data_ttl(ta_number, default_nettemp_nt_handle,
07362 &ttl, &desc, &old_rights))
07363 {
07364 old_rights &= ~rights;
07365 return rsbac_ta_list_add_ttl(ta_number, default_nettemp_nt_handle,
07366 ttl, &desc, &old_rights);
07367 }
07368 else
07369 return 0;
07370 }
07371 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07372 return -RSBAC_EINVALIDTARGET;
07373 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07374 nettemp_nt_handle,
07375 &ttl,
07376 &tid.nettemp,
07377 &desc,
07378 &old_rights))
07379 {
07380 old_rights &= ~rights;
07381 return rsbac_ta_list_lol_subadd_ttl(ta_number,
07382 nettemp_nt_handle,
07383 ttl,
07384 &tid.nettemp,
07385 &desc,
07386 &old_rights);
07387 }
07388 else
07389 return 0;
07390 case T_NETTEMP:
07391
07392
07393
07394
07395
07396
07397
07398
07399 if(!tid.nettemp)
07400 {
07401 return -RSBAC_EINVALIDTARGET;
07402 }
07403 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07404 return -RSBAC_EINVALIDTARGET;
07405 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07406 nettemp_handle,
07407 &ttl,
07408 &tid.nettemp,
07409 &desc,
07410 &old_rights))
07411 {
07412 old_rights &= ~rights;
07413 return rsbac_ta_list_lol_subadd_ttl(ta_number,
07414 nettemp_handle,
07415 ttl,
07416 &tid.nettemp,
07417 &desc,
07418 &old_rights);
07419 }
07420 else
07421 return 0;
07422 case T_NETOBJ:
07423
07424
07425
07426
07427
07428
07429
07430
07431 if(!tid.netobj.sock_p)
07432 {
07433 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle,
07434 &ttl, &desc, &old_rights))
07435 {
07436 old_rights &= ~rights;
07437 return rsbac_ta_list_add_ttl(ta_number, default_netobj_handle,
07438 ttl, &desc, &old_rights);
07439 }
07440 else
07441 return 0;
07442 }
07443 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07444 netobj_handle,
07445 &ttl,
07446 &tid.netobj.sock_p,
07447 &desc,
07448 &old_rights))
07449 {
07450 old_rights &= ~rights;
07451 return rsbac_ta_list_lol_subadd_ttl(ta_number,
07452 netobj_handle,
07453 ttl,
07454 &tid.netobj.sock_p,
07455 &desc,
07456 &old_rights);
07457 }
07458 else
07459 return 0;
07460 #endif
07461
07462 default:
07463 return -RSBAC_EINVALIDTARGET;
07464 }
07465 }
07466
07467
07468
07469
07470
07471
07472 int rsbac_acl_set_mask(
07473 rsbac_list_ta_number_t ta_number,
07474 enum rsbac_target_t target,
07475 union rsbac_target_id_t tid,
07476 rsbac_acl_rights_vector_t mask)
07477 {
07478 int err = 0;
07479 int list_no;
07480 struct rsbac_acl_device_list_item_t * device_p;
07481 u_long dflags;
07482
07483 if (!rsbac_is_initialized())
07484 {
07485 printk(KERN_WARNING "rsbac_acl_set_mask(): RSBAC not initialized\n");
07486 return(-RSBAC_ENOTINITIALIZED);
07487 }
07488 if (target >= T_NONE)
07489 return(-RSBAC_EINVALIDTARGET);
07490 #ifdef CONFIG_RSBAC_DEBUG
07491 if (in_interrupt())
07492 {
07493 #ifdef CONFIG_RSBAC_RMSG
07494 rsbac_printk(KERN_WARNING "rsbac_acl_set_mask(): called from interrupt!\n");
07495 #endif
07496 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07497 if (!rsbac_nosyslog)
07498 #endif
07499 printk(KERN_WARNING "rsbac_acl_set_mask(): called from interrupt!\n");
07500 }
07501 #endif
07502 switch (target)
07503 {
07504 case T_FILE:
07505 case T_DIR:
07506 case T_FIFO:
07507 case T_SYMLINK:
07508
07509 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
07510 {
07511 return -RSBAC_EINVALIDTARGET;
07512 }
07513 #ifdef CONFIG_RSBAC_DEBUG
07514 if (rsbac_debug_ds_acl)
07515 {
07516 #ifdef CONFIG_RSBAC_RMSG
07517 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting file/dir/fifo/symlink inheritance mask for device %02u:%02u, inode %u\n",
07518 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
07519 #endif
07520 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07521 if (!rsbac_nosyslog)
07522 #endif
07523 printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting file/dir/fifo/symlink inheritance mask for device %02u:%02u, inode %u\n",
07524 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
07525 }
07526 #endif
07527
07528 rsbac_read_lock(&device_list_head.lock, &dflags);
07529
07530
07531 device_p = acl_lookup_device(tid.file.device);
07532 if (!device_p)
07533 {
07534
07535 rsbac_read_unlock(&device_list_head.lock, &dflags);
07536 rsbac_get_super_block(tid.file.device);
07537
07538 rsbac_read_lock(&device_list_head.lock, &dflags);
07539 device_p = acl_lookup_device(tid.file.device);
07540 if(!device_p)
07541 {
07542 printk(KERN_WARNING
07543 "rsbac_acl_set_mask(): Could not lookup device!\n");
07544
07545 rsbac_read_unlock(&device_list_head.lock, &dflags);
07546 return(-RSBAC_EINVALIDDEV);
07547 }
07548 }
07549 list_no = fd_hash(tid.file.inode);
07550 err = rsbac_ta_list_lol_add_ttl(ta_number, device_p->handles[list_no],
07551 0, &tid.file.inode, &mask);
07552 rsbac_read_unlock(&device_list_head.lock, &dflags);
07553
07554 return err;
07555
07556 case T_DEV:
07557
07558 if(tid.dev.type == D_none)
07559 {
07560 return -RSBAC_EINVALIDTARGET;
07561 }
07562 #ifdef CONFIG_RSBAC_DEBUG
07563 if (rsbac_debug_ds_acl)
07564 {
07565 #ifdef CONFIG_RSBAC_RMSG
07566 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting device inheritance mask for dev %c %02u:%02u\n",
07567 'B'+tid.dev.type,
07568 RSBAC_MAJOR(tid.dev.id),
07569 RSBAC_MINOR(tid.dev.id));
07570 #endif
07571 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07572 if (!rsbac_nosyslog)
07573 #endif
07574 printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting device inheritance mask for dev %c %02u:%02u\n",
07575 'B'+tid.dev.type,
07576 RSBAC_MAJOR(tid.dev.id),
07577 RSBAC_MINOR(tid.dev.id));
07578 }
07579 #endif
07580 {
07581 struct rsbac_dev_desc_t dev_desc;
07582
07583 dev_desc.type = tid.dev.type;
07584 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
07585 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
07586 return rsbac_ta_list_lol_add_ttl(ta_number, dev_handle, 0, &dev_desc, &mask);
07587 }
07588
07589 case T_SCD:
07590
07591 if(tid.scd == AST_none)
07592 {
07593 return -RSBAC_EINVALIDTARGET;
07594 }
07595 #ifdef CONFIG_RSBAC_DEBUG
07596 if (rsbac_debug_ds_acl)
07597 {
07598 char tmp[80];
07599
07600 get_acl_scd_type_name(tmp, tid.scd);
07601 #ifdef CONFIG_RSBAC_RMSG
07602 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting SCD inheritance mask for %s\n",
07603 tmp);
07604 #endif
07605 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07606 if (!rsbac_nosyslog)
07607 #endif
07608 printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting SCD inheritance mask for %s\n",
07609 tmp);
07610 }
07611 #endif
07612 return rsbac_ta_list_lol_add_ttl(ta_number, scd_handle, 0, &tid.scd, &mask);
07613
07614 case T_USER:
07615
07616 if(tid.user == RSBAC_NO_USER)
07617 {
07618 return -RSBAC_EINVALIDTARGET;
07619 }
07620 #ifdef CONFIG_RSBAC_DEBUG
07621 if (rsbac_debug_ds_acl)
07622 {
07623 #ifdef CONFIG_RSBAC_RMSG
07624 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting user inheritance mask for user %u\n",
07625 tid.user);
07626 #endif
07627 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07628 if (!rsbac_nosyslog)
07629 #endif
07630 printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting user inheritance mask for user %u\n",
07631 tid.user);
07632 }
07633 #endif
07634 return rsbac_ta_list_lol_add_ttl(ta_number, u_handle, 0, &tid.user, &mask);
07635
07636 #ifdef CONFIG_RSBAC_ACL_UM_PROT
07637 case T_GROUP:
07638
07639 if(tid.group == RSBAC_NO_GROUP)
07640 {
07641 return -RSBAC_EINVALIDTARGET;
07642 }
07643 #ifdef CONFIG_RSBAC_DEBUG
07644 if (rsbac_debug_ds_acl)
07645 {
07646 #ifdef CONFIG_RSBAC_RMSG
07647 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting Linux group inheritance mask for group %u\n",
07648 tid.group);
07649 #endif
07650 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07651 if (!rsbac_nosyslog)
07652 #endif
07653 printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting Linux group inheritance mask for group %u\n",
07654 tid.group);
07655 }
07656 #endif
07657 return rsbac_ta_list_lol_add_ttl(ta_number, g_handle, 0, &tid.group, &mask);
07658 #endif
07659
07660 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
07661 case T_NETDEV:
07662
07663 if(!tid.netdev[0])
07664 {
07665 return -RSBAC_EINVALIDTARGET;
07666 }
07667 #ifdef CONFIG_RSBAC_DEBUG
07668 if (rsbac_debug_ds_acl)
07669 {
07670 #ifdef CONFIG_RSBAC_RMSG
07671 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network device inheritance mask for netdev %s\n",
07672 tid.netdev);
07673 #endif
07674 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07675 if (!rsbac_nosyslog)
07676 #endif
07677 printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network device inheritance mask for netdev %s\n",
07678 tid.netdev);
07679 }
07680 #endif
07681 return rsbac_ta_list_lol_add_ttl(ta_number, netdev_handle, 0, &tid.netdev, &mask);
07682 #endif
07683
07684 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
07685 case T_NETTEMP_NT:
07686
07687 if(!tid.nettemp)
07688 {
07689 return -RSBAC_EINVALIDTARGET;
07690 }
07691 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07692 return -RSBAC_EINVALIDTARGET;
07693 #ifdef CONFIG_RSBAC_DEBUG
07694 if (rsbac_debug_ds_acl)
07695 {
07696 #ifdef CONFIG_RSBAC_RMSG
07697 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network template NT inheritance mask for nettemp %u\n",
07698 tid.nettemp);
07699 #endif
07700 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07701 if (!rsbac_nosyslog)
07702 #endif
07703 printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network template NT inheritance mask for nettemp %u\n",
07704 tid.nettemp);
07705 }
07706 #endif
07707 return rsbac_ta_list_lol_add_ttl(ta_number, nettemp_nt_handle, 0, &tid.nettemp, &mask);
07708
07709 case T_NETTEMP:
07710
07711 if(!tid.nettemp)
07712 {
07713 return -RSBAC_EINVALIDTARGET;
07714 }
07715 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07716 return -RSBAC_EINVALIDTARGET;
07717 #ifdef CONFIG_RSBAC_DEBUG
07718 if (rsbac_debug_ds_acl)
07719 {
07720 #ifdef CONFIG_RSBAC_RMSG
07721 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network template inheritance mask for nettemp %u\n",
07722 tid.nettemp);
07723 #endif
07724 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07725 if (!rsbac_nosyslog)
07726 #endif
07727 printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network template inheritance mask for nettemp %u\n",
07728 tid.nettemp);
07729 }
07730 #endif
07731 return rsbac_ta_list_lol_add_ttl(ta_number, nettemp_handle, 0, &tid.nettemp, &mask);
07732
07733 case T_NETOBJ:
07734
07735 if(!tid.netobj.sock_p)
07736 {
07737 return -RSBAC_EINVALIDTARGET;
07738 }
07739 #ifdef CONFIG_RSBAC_DEBUG
07740 if (rsbac_debug_ds_acl)
07741 {
07742 #ifdef CONFIG_RSBAC_RMSG
07743 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network object inheritance mask for netobj %p\n",
07744 tid.netobj.sock_p);
07745 #endif
07746 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07747 if (!rsbac_nosyslog)
07748 #endif
07749 printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network object inheritance mask for netobj %p\n",
07750 tid.netobj.sock_p);
07751 }
07752 #endif
07753 return rsbac_ta_list_lol_add_ttl(ta_number, netobj_handle, 0, &tid.netobj.sock_p, &mask);
07754 #endif
07755
07756 default:
07757 err = -RSBAC_EINVALIDTARGET;
07758 }
07759 return(err);
07760 }
07761
07762
07763
07764
07765
07766
07767 int rsbac_acl_get_mask(
07768 rsbac_list_ta_number_t ta_number,
07769 enum rsbac_target_t target,
07770 union rsbac_target_id_t tid,
07771 rsbac_acl_rights_vector_t * mask_p)
07772 {
07773 int err = 0;
07774 int list_no;
07775 struct rsbac_acl_device_list_item_t * device_p;
07776 u_long dflags;
07777
07778 if (!rsbac_is_initialized())
07779 {
07780 printk(KERN_WARNING "rsbac_acl_get_mask(): RSBAC not initialized\n");
07781 return(-RSBAC_ENOTINITIALIZED);
07782 }
07783 if (target >= T_NONE)
07784 return(-RSBAC_EINVALIDTARGET);
07785 #ifdef CONFIG_RSBAC_DEBUG
07786 if (in_interrupt())
07787 {
07788 #ifdef CONFIG_RSBAC_RMSG
07789 rsbac_printk(KERN_WARNING "rsbac_acl_get_mask(): called from interrupt!\n");
07790 #endif
07791 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07792 if (!rsbac_nosyslog)
07793 #endif
07794 printk(KERN_WARNING "rsbac_acl_get_mask(): called from interrupt!\n");
07795 }
07796 #endif
07797 switch (target)
07798 {
07799 case T_FILE:
07800 case T_DIR:
07801 case T_FIFO:
07802 case T_SYMLINK:
07803
07804 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
07805 {
07806 return -RSBAC_EINVALIDTARGET;
07807 }
07808
07809
07810
07811
07812
07813
07814
07815
07816 rsbac_read_lock(&device_list_head.lock, &dflags);
07817
07818
07819 device_p = acl_lookup_device(tid.file.device);
07820 if (!device_p)
07821 {
07822
07823 rsbac_read_unlock(&device_list_head.lock, &dflags);
07824 rsbac_get_super_block(tid.file.device);
07825
07826 rsbac_read_lock(&device_list_head.lock, &dflags);
07827 device_p = acl_lookup_device(tid.file.device);
07828 if(!device_p)
07829 {
07830 printk(KERN_WARNING
07831 "rsbac_acl_get_mask(): Could not lookup device!\n");
07832
07833 rsbac_read_unlock(&device_list_head.lock, &dflags);
07834 return(-RSBAC_EINVALIDDEV);
07835 }
07836 }
07837 list_no = fd_hash(tid.file.inode);
07838 err = rsbac_ta_list_lol_get_data_ttl(ta_number, device_p->handles[list_no],
07839 NULL, &tid.file.inode, mask_p);
07840
07841 rsbac_read_unlock(&device_list_head.lock, &dflags);
07842 if(err == -RSBAC_ENOTFOUND)
07843 {
07844 *mask_p = RSBAC_ACL_DEFAULT_FD_MASK;
07845 err = 0;
07846 }
07847
07848 return err;
07849
07850 case T_DEV:
07851
07852 if(tid.dev.type == D_none)
07853 {
07854 return -RSBAC_EINVALIDTARGET;
07855 }
07856
07857
07858
07859
07860
07861
07862
07863
07864
07865 {
07866 struct rsbac_dev_desc_t dev_desc;
07867
07868 dev_desc.type = tid.dev.type;
07869 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
07870 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
07871 err = rsbac_ta_list_lol_get_data_ttl(ta_number, dev_handle,
07872 NULL, &dev_desc, mask_p);
07873 }
07874 if(err == -RSBAC_ENOTFOUND)
07875 {
07876 *mask_p = RSBAC_ACL_DEFAULT_DEV_MASK;
07877 err = 0;
07878 }
07879
07880 return err;
07881
07882 case T_SCD:
07883
07884 if(tid.scd == AST_none)
07885 {
07886 return -RSBAC_EINVALIDTARGET;
07887 }
07888 err = rsbac_ta_list_lol_get_data_ttl(ta_number, scd_handle, NULL,
07889 &tid.scd, mask_p);
07890 if(err == -RSBAC_ENOTFOUND)
07891 {
07892 *mask_p = RSBAC_ACL_DEFAULT_SCD_MASK;
07893 err = 0;
07894 }
07895
07896 return err;
07897
07898 case T_USER:
07899
07900 if(tid.user == RSBAC_NO_USER)
07901 {
07902 return -RSBAC_EINVALIDTARGET;
07903 }
07904 err = rsbac_ta_list_lol_get_data_ttl(ta_number, u_handle, NULL,
07905 &tid.user, mask_p);
07906 if(err == -RSBAC_ENOTFOUND)
07907 {
07908 *mask_p = RSBAC_ACL_DEFAULT_U_MASK;
07909 err = 0;
07910 }
07911
07912 return err;
07913
07914 #ifdef CONFIG_RSBAC_ACL_UM_PROT
07915 case T_GROUP:
07916
07917 if(tid.group == RSBAC_NO_GROUP)
07918 {
07919 return -RSBAC_EINVALIDTARGET;
07920 }
07921 err = rsbac_ta_list_lol_get_data_ttl(ta_number, g_handle, NULL,
07922 &tid.group, mask_p);
07923 if(err == -RSBAC_ENOTFOUND)
07924 {
07925 *mask_p = RSBAC_ACL_DEFAULT_G_MASK;
07926 err = 0;
07927 }
07928
07929 return err;
07930 #endif
07931
07932 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
07933 case T_NETDEV:
07934
07935 if(!tid.netdev[0])
07936 {
07937 return -RSBAC_EINVALIDTARGET;
07938 }
07939
07940
07941
07942
07943
07944
07945
07946
07947 err = rsbac_ta_list_lol_get_data_ttl(ta_number, netdev_handle,
07948 NULL, &tid.netdev, mask_p);
07949 if(err == -RSBAC_ENOTFOUND)
07950 {
07951 *mask_p = RSBAC_ACL_DEFAULT_NETDEV_MASK;
07952 err = 0;
07953 }
07954
07955 return err;
07956 #endif
07957
07958 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
07959 case T_NETTEMP_NT:
07960
07961 if(!tid.nettemp)
07962 {
07963 return -RSBAC_EINVALIDTARGET;
07964 }
07965 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07966 return -RSBAC_EINVALIDTARGET;
07967
07968
07969
07970
07971
07972
07973
07974
07975 err = rsbac_ta_list_lol_get_data_ttl(ta_number, nettemp_nt_handle,
07976 NULL, &tid.nettemp, mask_p);
07977 if(err == -RSBAC_ENOTFOUND)
07978 {
07979 *mask_p = RSBAC_ACL_DEFAULT_NETTEMP_MASK;
07980 err = 0;
07981 }
07982
07983 return err;
07984 case T_NETTEMP:
07985
07986 if(!tid.nettemp)
07987 {
07988 return -RSBAC_EINVALIDTARGET;
07989 }
07990 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07991 return -RSBAC_EINVALIDTARGET;
07992
07993
07994
07995
07996
07997
07998
07999
08000 err = rsbac_ta_list_lol_get_data_ttl(ta_number, nettemp_handle,
08001 NULL, &tid.nettemp, mask_p);
08002 if(err == -RSBAC_ENOTFOUND)
08003 {
08004 *mask_p = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
08005 err = 0;
08006 }
08007
08008 return err;
08009 case T_NETOBJ:
08010
08011 if(!tid.netobj.sock_p)
08012 {
08013 return -RSBAC_EINVALIDTARGET;
08014 }
08015
08016
08017
08018
08019
08020
08021
08022
08023 err = rsbac_ta_list_lol_get_data_ttl(ta_number, netobj_handle,
08024 NULL, &tid.netobj.sock_p, mask_p);
08025 if(err == -RSBAC_ENOTFOUND)
08026 {
08027 *mask_p = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
08028 err = 0;
08029 }
08030
08031 return err;
08032 #endif
08033
08034 default:
08035 err = -RSBAC_EINVALIDTARGET;
08036 }
08037 return(err);
08038 }
08039
08040
08041
08042
08043
08044
08045
08046
08047 int rsbac_acl_get_rights(
08048 rsbac_list_ta_number_t ta_number,
08049 enum rsbac_target_t target,
08050 union rsbac_target_id_t tid,
08051 enum rsbac_acl_subject_type_t subj_type,
08052 rsbac_acl_subject_id_t subj_id,
08053 rsbac_acl_rights_vector_t * rights_p,
08054 rsbac_boolean_t inherit)
08055 {
08056 int err = 0;
08057 int list_no;
08058 struct rsbac_acl_device_list_item_t * device_p;
08059 u_long dflags;
08060 struct rsbac_acl_entry_desc_t desc;
08061 rsbac_acl_rights_vector_t i_rights = 0;
08062 rsbac_acl_rights_vector_t mask = -1;
08063
08064 if (!rsbac_is_initialized())
08065 {
08066 printk(KERN_WARNING "rsbac_acl_get_rights(): RSBAC not initialized\n");
08067 return(-RSBAC_ENOTINITIALIZED);
08068 }
08069 if (!rights_p)
08070 return(-RSBAC_EINVALIDPOINTER);
08071 if (subj_type >= ACLS_NONE)
08072 return(-RSBAC_EINVALIDVALUE);
08073 #ifdef CONFIG_RSBAC_DEBUG
08074 if (in_interrupt())
08075 {
08076 #ifdef CONFIG_RSBAC_RMSG
08077 rsbac_printk(KERN_WARNING "rsbac_acl_get_rights(): called from interrupt!\n");
08078 #endif
08079 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08080 if (!rsbac_nosyslog)
08081 #endif
08082 printk(KERN_WARNING "rsbac_acl_get_rights(): called from interrupt!\n");
08083 }
08084 #endif
08085 desc.subj_type = subj_type;
08086 desc.subj_id = subj_id;
08087
08088 switch (target)
08089 {
08090 case T_FILE:
08091 case T_DIR:
08092 case T_FIFO:
08093 case T_SYMLINK:
08094
08095
08096
08097
08098
08099
08100
08101
08102
08103
08104
08105 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
08106 {
08107 if(rsbac_ta_list_get_data_ttl(ta_number, default_fd_handle,
08108 NULL, &desc, rights_p))
08109 {
08110
08111 *rights_p = default_fd_rights;
08112 }
08113 return 0;
08114 }
08115 *rights_p = 0;
08116
08117 rsbac_read_lock(&device_list_head.lock, &dflags);
08118
08119
08120 for (;;)
08121 {
08122
08123 device_p = acl_lookup_device(tid.file.device);
08124 if (!device_p)
08125 {
08126
08127 rsbac_read_unlock(&device_list_head.lock, &dflags);
08128 rsbac_get_super_block(tid.file.device);
08129
08130 rsbac_read_lock(&device_list_head.lock, &dflags);
08131 device_p = acl_lookup_device(tid.file.device);
08132 if(!device_p)
08133 {
08134 printk(KERN_WARNING
08135 "rsbac_acl_get_rights(): Could not lookup device %02u:%02u!\n",
08136 RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device));
08137
08138 rsbac_read_unlock(&device_list_head.lock, &dflags);
08139 return(-RSBAC_EINVALIDDEV);
08140 }
08141 }
08142 list_no = fd_hash(tid.file.inode);
08143 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08144 device_p->handles[list_no],
08145 NULL,
08146 &tid.file.inode,
08147 &desc,
08148 &i_rights))
08149 {
08150 *rights_p |= (i_rights & mask);
08151
08152 break;
08153 }
08154 else
08155 if(inherit)
08156 {
08157 enum rsbac_target_t parent_target;
08158 union rsbac_target_id_t parent_tid;
08159 rsbac_acl_rights_vector_t i_mask;
08160
08161
08162 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
08163 device_p->handles[list_no],
08164 NULL,
08165 &tid.file.inode,
08166 &i_mask))
08167 {
08168
08169 i_mask = RSBAC_ACL_DEFAULT_FD_MASK;
08170 }
08171
08172 mask &= i_mask;
08173
08174
08175 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid))
08176 {
08177 target = parent_target;
08178 tid = parent_tid;
08179
08180 continue;
08181 }
08182 else
08183 {
08184
08185 if(!rsbac_ta_list_get_data_ttl(ta_number,
08186 default_fd_handle,
08187 NULL,
08188 &desc,
08189 &i_rights))
08190 {
08191
08192 *rights_p |= (i_rights & mask);
08193 }
08194 else
08195 {
08196
08197 *rights_p |= (default_fd_rights & mask);
08198 }
08199 }
08200
08201 break;
08202 }
08203 else
08204 {
08205
08206 *rights_p |= default_fd_rights;
08207
08208 break;
08209 }
08210 }
08211
08212 rsbac_read_unlock(&device_list_head.lock, &dflags);
08213 return err;
08214
08215 case T_DEV:
08216
08217
08218
08219
08220
08221
08222
08223
08224
08225
08226 if((tid.dev.type == D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
08227 {
08228 if(rsbac_ta_list_get_data_ttl(ta_number, default_dev_handle,
08229 NULL, &desc, rights_p))
08230 {
08231
08232 *rights_p = default_dev_rights;
08233 }
08234 return 0;
08235 }
08236 {
08237 struct rsbac_dev_desc_t dev_desc;
08238
08239 dev_desc.type = tid.dev.type;
08240 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
08241 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
08242 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08243 dev_handle,
08244 NULL,
08245 &dev_desc,
08246 &desc,
08247 &i_rights))
08248 {
08249 *rights_p |= i_rights;
08250 }
08251 else
08252 {
08253 rsbac_acl_rights_vector_t mask;
08254
08255
08256 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
08257 dev_handle,
08258 NULL,
08259 &dev_desc,
08260 &mask))
08261 {
08262
08263 mask = RSBAC_ACL_DEFAULT_DEV_MASK;
08264 }
08265
08266 if(!rsbac_ta_list_get_data_ttl(ta_number, default_dev_handle,
08267 NULL, &desc, rights_p))
08268 {
08269 *rights_p &= mask;
08270 }
08271 else
08272 {
08273
08274 *rights_p = default_dev_rights & mask;
08275 }
08276 }
08277 }
08278 return 0;
08279
08280 case T_IPC:
08281
08282
08283
08284
08285
08286
08287
08288
08289 if(rsbac_ta_list_get_data_ttl(ta_number, default_ipc_handle,
08290 NULL, &desc, rights_p))
08291 {
08292
08293 *rights_p = default_ipc_rights;
08294 }
08295 return 0;
08296
08297 case T_SCD:
08298
08299 if( (tid.scd == AST_none)
08300 || (tid.scd == ST_none)
08301 )
08302 {
08303 if(rsbac_ta_list_get_data_ttl(ta_number, default_scd_handle,
08304 NULL, &desc, rights_p))
08305 {
08306
08307 *rights_p = default_scd_rights;
08308 }
08309 return 0;
08310 }
08311 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08312 scd_handle,
08313 NULL,
08314 &tid.scd,
08315 &desc,
08316 &i_rights))
08317 {
08318 *rights_p |= i_rights;
08319 }
08320 else
08321 {
08322 rsbac_acl_rights_vector_t mask;
08323
08324
08325 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
08326 scd_handle,
08327 NULL,
08328 &tid.scd,
08329 &mask))
08330 {
08331
08332 mask = RSBAC_ACL_DEFAULT_SCD_MASK;
08333 }
08334
08335 if(!rsbac_ta_list_get_data_ttl(ta_number, default_scd_handle,
08336 NULL, &desc, rights_p))
08337 {
08338 *rights_p &= mask;
08339 }
08340 else
08341 {
08342
08343 *rights_p = default_scd_rights & mask;
08344 }
08345 }
08346 return 0;
08347
08348 case T_USER:
08349
08350 if(tid.user == RSBAC_NO_USER)
08351 {
08352 if(rsbac_ta_list_get_data_ttl(ta_number, default_u_handle,
08353 NULL, &desc, rights_p))
08354 {
08355
08356 *rights_p = default_u_rights;
08357 }
08358 return 0;
08359 }
08360 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08361 u_handle,
08362 NULL,
08363 &tid.user,
08364 &desc,
08365 &i_rights))
08366 {
08367 *rights_p |= i_rights;
08368 }
08369 else
08370 {
08371 rsbac_acl_rights_vector_t mask;
08372
08373
08374 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
08375 u_handle,
08376 NULL,
08377 &tid.user,
08378 &mask))
08379 {
08380
08381 mask = RSBAC_ACL_DEFAULT_U_MASK;
08382 }
08383
08384 if(!rsbac_ta_list_get_data_ttl(ta_number, default_u_handle,
08385 NULL, &desc, rights_p))
08386 {
08387 *rights_p &= mask;
08388 }
08389 else
08390 {
08391
08392 *rights_p = default_u_rights & mask;
08393 }
08394 }
08395 return 0;
08396
08397 case T_PROCESS:
08398
08399
08400
08401
08402
08403
08404
08405
08406 if(rsbac_ta_list_get_data_ttl(ta_number, default_p_handle,
08407 NULL, &desc, rights_p))
08408 {
08409
08410 *rights_p = default_p_rights;
08411 }
08412 return 0;
08413
08414 #ifdef CONFIG_RSBAC_ACL_UM_PROT
08415 case T_GROUP:
08416
08417 if(tid.group == RSBAC_NO_GROUP)
08418 {
08419 if(rsbac_ta_list_get_data_ttl(ta_number, default_g_handle,
08420 NULL, &desc, rights_p))
08421 {
08422
08423 *rights_p = default_g_rights;
08424 }
08425 return 0;
08426 }
08427 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08428 g_handle,
08429 NULL,
08430 &tid.group,
08431 &desc,
08432 &i_rights))
08433 {
08434 *rights_p |= i_rights;
08435 }
08436 else
08437 {
08438 rsbac_acl_rights_vector_t mask;
08439
08440
08441 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
08442 g_handle,
08443 NULL,
08444 &tid.group,
08445 &mask))
08446 {
08447
08448 mask = RSBAC_ACL_DEFAULT_G_MASK;
08449 }
08450
08451 if(!rsbac_ta_list_get_data_ttl(ta_number, default_g_handle,
08452 NULL, &desc, rights_p))
08453 {
08454 *rights_p &= mask;
08455 }
08456 else
08457 {
08458
08459 *rights_p = default_g_rights & mask;
08460 }
08461 }
08462 return 0;
08463 #endif
08464
08465 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
08466 case T_NETDEV:
08467
08468
08469
08470
08471
08472
08473
08474
08475 if(!tid.netdev[0])
08476 {
08477 if(rsbac_ta_list_get_data_ttl(ta_number, default_netdev_handle,
08478 NULL, &desc, rights_p))
08479 {
08480
08481 *rights_p = default_netdev_rights;
08482 }
08483 return 0;
08484 }
08485 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08486 netdev_handle,
08487 NULL,
08488 &tid.netdev,
08489 &desc,
08490 &i_rights))
08491 {
08492 *rights_p |= i_rights;
08493 }
08494 else
08495 {
08496 rsbac_acl_rights_vector_t mask;
08497
08498
08499 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
08500 netdev_handle,
08501 NULL,
08502 &tid.netdev,
08503 &mask))
08504 {
08505
08506 mask = RSBAC_ACL_DEFAULT_NETDEV_MASK;
08507 }
08508
08509 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netdev_handle,
08510 NULL, &desc, rights_p))
08511 {
08512 *rights_p &= mask;
08513 }
08514 else
08515 {
08516
08517 *rights_p = default_netdev_rights & mask;
08518 }
08519 }
08520 return 0;
08521 #endif
08522
08523 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
08524
08525 case T_NETTEMP_NT:
08526
08527
08528
08529
08530
08531
08532
08533
08534 if(!tid.nettemp)
08535 {
08536 if(rsbac_ta_list_get_data_ttl(ta_number, default_nettemp_nt_handle,
08537 NULL, &desc, rights_p))
08538 {
08539
08540 *rights_p = default_nettemp_nt_rights;
08541 }
08542 return 0;
08543 }
08544 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
08545 return -RSBAC_EINVALIDTARGET;
08546 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08547 nettemp_nt_handle,
08548 NULL,
08549 &tid.nettemp,
08550 &desc,
08551 &i_rights))
08552 {
08553 *rights_p |= i_rights;
08554 }
08555 else
08556 {
08557 rsbac_acl_rights_vector_t mask;
08558
08559
08560 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
08561 nettemp_nt_handle,
08562 NULL,
08563 &tid.nettemp,
08564 &mask))
08565 {
08566
08567 mask = RSBAC_ACL_DEFAULT_NETTEMP_MASK;
08568 }
08569
08570 if(!rsbac_ta_list_get_data_ttl(ta_number, default_nettemp_nt_handle,
08571 NULL, &desc, rights_p))
08572 {
08573 *rights_p &= mask;
08574 }
08575 else
08576 {
08577
08578 *rights_p = default_nettemp_nt_rights & mask;
08579 }
08580 }
08581 return 0;
08582
08583
08584 case T_NETTEMP:
08585
08586
08587
08588
08589
08590
08591
08592
08593 if(!tid.nettemp)
08594 {
08595 if(rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle,
08596 NULL, &desc, rights_p))
08597 {
08598
08599 *rights_p = default_netobj_rights;
08600 }
08601 return 0;
08602 }
08603 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
08604 return -RSBAC_EINVALIDTARGET;
08605 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08606 nettemp_handle,
08607 NULL,
08608 &tid.nettemp,
08609 &desc,
08610 &i_rights))
08611 {
08612 *rights_p |= i_rights;
08613 }
08614 else
08615 {
08616 rsbac_acl_rights_vector_t mask;
08617
08618
08619 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
08620 nettemp_handle,
08621 NULL,
08622 &tid.nettemp,
08623 &mask))
08624 {
08625
08626 mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
08627 }
08628
08629 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle,
08630 NULL, &desc, rights_p))
08631 {
08632 *rights_p &= mask;
08633 }
08634 else
08635 {
08636
08637 *rights_p = default_netobj_rights & mask;
08638 }
08639 }
08640 return 0;
08641
08642 case T_NETOBJ:
08643
08644
08645
08646
08647
08648
08649
08650
08651 if(!tid.nettemp)
08652 {
08653 if(rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle,
08654 NULL, &desc, rights_p))
08655 {
08656
08657 *rights_p = default_netobj_rights;
08658 }
08659 return 0;
08660 }
08661 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08662 netobj_handle,
08663 NULL,
08664 &tid.netobj.sock_p,
08665 &desc,
08666 &i_rights))
08667 {
08668 *rights_p |= i_rights;
08669 }
08670 else
08671 {
08672 rsbac_acl_rights_vector_t mask;
08673 rsbac_net_temp_id_t temp = 0;
08674
08675
08676 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
08677 nettemp_handle,
08678 NULL,
08679 &temp,
08680 &mask))
08681 {
08682
08683 mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
08684 }
08685
08686 rsbac_ta_net_lookup_templates(ta_number,
08687 &tid.netobj,
08688 &temp,
08689 NULL);
08690
08691 if( temp
08692 && !rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08693 nettemp_handle,
08694 NULL,
08695 &temp,
08696 &desc,
08697 &i_rights))
08698 {
08699 *rights_p |= i_rights;
08700 }
08701 else
08702 {
08703
08704 if( temp
08705 && rsbac_ta_list_lol_get_data_ttl(ta_number,
08706 nettemp_handle,
08707 NULL,
08708 &temp,
08709 &mask))
08710 {
08711
08712 mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
08713 }
08714
08715 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle,
08716 NULL, &desc, rights_p))
08717 {
08718 *rights_p &= mask;
08719 }
08720 else
08721 {
08722
08723 *rights_p = default_netobj_rights & mask;
08724 }
08725 }
08726 }
08727 return 0;
08728 #endif
08729
08730 default:
08731 return -RSBAC_EINVALIDTARGET;
08732 }
08733 }
08734
08735
08736
08737
08738
08739
08740
08741
08742 int rsbac_acl_get_single_right (enum rsbac_target_t target,
08743 union rsbac_target_id_t tid,
08744 enum rsbac_acl_subject_type_t subj_type,
08745 rsbac_acl_subject_id_t subj_id,
08746 enum rsbac_adf_request_t right,
08747 rsbac_boolean_t * result)
08748 {
08749 int list_no;
08750 struct rsbac_acl_device_list_item_t * device_p;
08751 u_long dflags;
08752 rsbac_acl_rights_vector_t i_rvec;
08753 rsbac_acl_rights_vector_t i_rights;
08754 struct rsbac_acl_entry_desc_t desc;
08755
08756 if (!rsbac_is_initialized())
08757 {
08758 printk(KERN_WARNING "rsbac_acl_get_single_right(): RSBAC not initialized\n");
08759 return(-RSBAC_ENOTINITIALIZED);
08760 }
08761 if (!result)
08762 return(-RSBAC_EINVALIDPOINTER);
08763 if ( (subj_type >= ACLS_NONE)
08764 || (right >= ACLR_NONE)
08765 )
08766 return(-RSBAC_EINVALIDVALUE);
08767 #ifdef CONFIG_RSBAC_DEBUG
08768 if (in_interrupt())
08769 {
08770 #ifdef CONFIG_RSBAC_RMSG
08771 rsbac_printk(KERN_WARNING "rsbac_acl_get_single_right(): called from interrupt!\n");
08772 #endif
08773 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08774 if (!rsbac_nosyslog)
08775 #endif
08776 printk(KERN_WARNING "rsbac_acl_get_single_right(): called from interrupt!\n");
08777 }
08778 #endif
08779 i_rvec = (rsbac_acl_rights_vector_t) 1 << right;
08780
08781 desc.subj_type = subj_type;
08782 desc.subj_id = subj_id;
08783
08784 switch (target)
08785 {
08786 case T_FILE:
08787 case T_DIR:
08788 case T_FIFO:
08789 case T_SYMLINK:
08790
08791
08792
08793
08794
08795
08796
08797
08798 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
08799 {
08800 if(!rsbac_ta_list_get_data_ttl(0, default_fd_handle,
08801 NULL, &desc, &i_rights))
08802 {
08803 if(i_rights & i_rvec)
08804 *result = TRUE;
08805 else
08806 *result = FALSE;
08807 }
08808 else
08809 {
08810 if(default_fd_rights & i_rvec)
08811 *result = TRUE;
08812 else
08813 *result = FALSE;
08814 }
08815 return 0;
08816 }
08817
08818 rsbac_read_lock(&device_list_head.lock, &dflags);
08819
08820
08821 for (;;)
08822 {
08823
08824 device_p = acl_lookup_device(tid.file.device);
08825 if (!device_p)
08826 {
08827
08828 rsbac_read_unlock(&device_list_head.lock, &dflags);
08829 rsbac_get_super_block(tid.file.device);
08830
08831 rsbac_read_lock(&device_list_head.lock, &dflags);
08832 device_p = acl_lookup_device(tid.file.device);
08833 if(!device_p)
08834 {
08835 #ifdef CONFIG_RSBAC_RMSG
08836 rsbac_printk(KERN_WARNING
08837 "rsbac_acl_get_single_right(): Could not lookup device, blindly granting access!\n");
08838 #endif
08839 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08840 if (!rsbac_nosyslog)
08841 #endif
08842 printk(KERN_WARNING
08843 "rsbac_acl_get_single_right(): Could not lookup device, blindly granting access!\n");
08844
08845 rsbac_read_unlock(&device_list_head.lock, &dflags);
08846 *result = TRUE;
08847 return 0;
08848 }
08849 }
08850 list_no = fd_hash(tid.file.inode);
08851 if( !rsbac_ta_list_lol_get_subdata_ttl(0,
08852 device_p->handles[list_no],
08853 NULL,
08854 &tid.file.inode,
08855 &desc,
08856 &i_rights)
08857 )
08858 {
08859 if(i_rights & i_rvec)
08860 *result = TRUE;
08861 else
08862 *result = FALSE;
08863 rsbac_read_unlock(&device_list_head.lock, &dflags);
08864 return 0;
08865 }
08866
08867 {
08868 enum rsbac_target_t parent_target;
08869 union rsbac_target_id_t parent_tid;
08870
08871 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08872 if(right != ACLR_SUPERVISOR)
08873 #endif
08874 {
08875 rsbac_acl_rights_vector_t mask;
08876
08877
08878 if( !rsbac_ta_list_lol_get_data_ttl(0,
08879 device_p->handles[list_no],
08880 NULL,
08881 &tid.file.inode,
08882 &mask)
08883 && !(mask & i_rvec)
08884 )
08885 {
08886 rsbac_read_unlock(&device_list_head.lock, &dflags);
08887 *result = FALSE;
08888 return 0;
08889 }
08890 }
08891
08892
08893 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid))
08894 {
08895 target = parent_target;
08896 tid = parent_tid;
08897 continue;
08898 }
08899 else
08900 {
08901
08902 if( !rsbac_ta_list_get_data_ttl(0, default_fd_handle,
08903 NULL,
08904 &desc,
08905 &i_rights)
08906 )
08907 {
08908 if(i_rights & i_rvec)
08909 *result = TRUE;
08910 else
08911 *result = FALSE;
08912 }
08913 else
08914 {
08915 if(default_fd_rights & i_rvec)
08916 *result = TRUE;
08917 else
08918 *result = FALSE;
08919 }
08920
08921 rsbac_read_unlock(&device_list_head.lock, &dflags);
08922 return 0;
08923 }
08924 }
08925 }
08926
08927 case T_DEV:
08928
08929
08930
08931
08932
08933
08934
08935
08936
08937 if((tid.dev.type == D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
08938 {
08939 if(!rsbac_ta_list_get_data_ttl(0, default_dev_handle,
08940 NULL, &desc, &i_rights))
08941 {
08942 if(i_rights & i_rvec)
08943 *result = TRUE;
08944 else
08945 *result = FALSE;
08946 }
08947 else
08948 {
08949 if(default_dev_rights & i_rvec)
08950 *result = TRUE;
08951 else
08952 *result = FALSE;
08953 }
08954 return 0;
08955 }
08956
08957 {
08958 struct rsbac_dev_desc_t dev_desc;
08959
08960 dev_desc.type = tid.dev.type;
08961 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
08962 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
08963 if( !rsbac_ta_list_lol_get_subdata_ttl(0, dev_handle,
08964 NULL,
08965 &dev_desc,
08966 &desc,
08967 &i_rights)
08968 )
08969 {
08970 if(i_rights & i_rvec)
08971 *result = TRUE;
08972 else
08973 *result = FALSE;
08974 return 0;
08975 }
08976 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08977 if(right != ACLR_SUPERVISOR)
08978 #endif
08979 {
08980 rsbac_acl_rights_vector_t mask;
08981
08982
08983 if( !rsbac_ta_list_lol_get_data_ttl(0, dev_handle,
08984 NULL,
08985 &dev_desc,
08986 &mask)
08987 && !(mask & i_rvec)
08988 )
08989 {
08990 *result = FALSE;
08991 return 0;
08992 }
08993 }
08994 }
08995
08996 if( !rsbac_ta_list_get_data_ttl(0, default_dev_handle,
08997 NULL,
08998 &desc,
08999 &i_rights)
09000 )
09001 {
09002 if(i_rights & i_rvec)
09003 *result = TRUE;
09004 else
09005 *result = FALSE;
09006 }
09007 else
09008 {
09009 if(default_dev_rights & i_rvec)
09010 *result = TRUE;
09011 else
09012 *result = FALSE;
09013 }
09014 return 0;
09015
09016 case T_IPC:
09017
09018
09019
09020
09021
09022
09023
09024
09025 if(!rsbac_ta_list_get_data_ttl(0, default_ipc_handle,
09026 NULL, &desc, &i_rights))
09027 {
09028 if(i_rights & i_rvec)
09029 *result = TRUE;
09030 else
09031 *result = FALSE;
09032 }
09033 else
09034 {
09035 if(default_ipc_rights & i_rvec)
09036 *result = TRUE;
09037 else
09038 *result = FALSE;
09039 }
09040 return 0;
09041
09042 case T_SCD:
09043 if(tid.scd == AST_none)
09044 {
09045 if(!rsbac_ta_list_get_data_ttl(0, default_scd_handle,
09046 NULL, &desc, &i_rights))
09047 {
09048 if(i_rights & i_rvec)
09049 *result = TRUE;
09050 else
09051 *result = FALSE;
09052 }
09053 else
09054 {
09055 if(default_scd_rights & i_rvec)
09056 *result = TRUE;
09057 else
09058 *result = FALSE;
09059 }
09060 return 0;
09061 }
09062
09063 if( !rsbac_ta_list_lol_get_subdata_ttl(0, scd_handle,
09064 NULL,
09065 &tid.scd,
09066 &desc,
09067 &i_rights)
09068 )
09069 {
09070 if(i_rights & i_rvec)
09071 *result = TRUE;
09072 else
09073 *result = FALSE;
09074 return 0;
09075 }
09076 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
09077 if(right != ACLR_SUPERVISOR)
09078 #endif
09079 {
09080 rsbac_acl_rights_vector_t mask;
09081
09082
09083 if( !rsbac_ta_list_lol_get_data_ttl(0, scd_handle,
09084 NULL,
09085 &tid.scd,
09086 &mask)
09087 && !(mask & i_rvec)
09088 )
09089 {
09090 *result = FALSE;
09091 return 0;
09092 }
09093 }
09094
09095
09096 if( !rsbac_ta_list_get_data_ttl(0, default_scd_handle,
09097 NULL,
09098 &desc,
09099 &i_rights)
09100 )
09101 {
09102 if(i_rights & i_rvec)
09103 *result = TRUE;
09104 else
09105 *result = FALSE;
09106 }
09107 else
09108 {
09109 if(default_scd_rights & i_rvec)
09110 *result = TRUE;
09111 else
09112 *result = FALSE;
09113 }
09114 return 0;
09115
09116 case T_USER:
09117 if(tid.user == RSBAC_NO_USER)
09118 {
09119 if(!rsbac_ta_list_get_data_ttl(0, default_u_handle,
09120 NULL, &desc, &i_rights))
09121 {
09122 if(i_rights & i_rvec)
09123 *result = TRUE;
09124 else
09125 *result = FALSE;
09126 }
09127 else
09128 {
09129 if(default_u_rights & i_rvec)
09130 *result = TRUE;
09131 else
09132 *result = FALSE;
09133 }
09134 return 0;
09135 }
09136
09137 if( !rsbac_ta_list_lol_get_subdata_ttl(0, u_handle,
09138 NULL,
09139 &tid.user,
09140 &desc,
09141 &i_rights)
09142 )
09143 {
09144 if(i_rights & i_rvec)
09145 *result = TRUE;
09146 else
09147 *result = FALSE;
09148 return 0;
09149 }
09150 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
09151 if(right != ACLR_SUPERVISOR)
09152 #endif
09153 {
09154 rsbac_acl_rights_vector_t mask;
09155
09156
09157 if( !rsbac_ta_list_lol_get_data_ttl(0, u_handle,
09158 NULL,
09159 &tid.user,
09160 &mask)
09161 && !(mask & i_rvec)
09162 )
09163 {
09164 *result = FALSE;
09165 return 0;
09166 }
09167 }
09168
09169
09170 if( !rsbac_ta_list_get_data_ttl(0, default_u_handle,
09171 NULL,
09172 &desc,
09173 &i_rights)
09174 )
09175 {
09176 if(i_rights & i_rvec)
09177 *result = TRUE;
09178 else
09179 *result = FALSE;
09180 }
09181 else
09182 {
09183 if(default_u_rights & i_rvec)
09184 *result = TRUE;
09185 else
09186 *result = FALSE;
09187 }
09188 return 0;
09189
09190 case T_PROCESS:
09191
09192 if(!rsbac_ta_list_get_data_ttl(0, default_p_handle,
09193 NULL, &desc, &i_rights))
09194 {
09195 if(i_rights & i_rvec)
09196 *result = TRUE;
09197 else
09198 *result = FALSE;
09199 }
09200 else
09201 {
09202 if(default_p_rights & i_rvec)
09203 *result = TRUE;
09204 else
09205 *result = FALSE;
09206 }
09207 return 0;
09208
09209 #ifdef CONFIG_RSBAC_ACL_UM_PROT
09210 case T_GROUP:
09211 if(tid.group == RSBAC_NO_GROUP)
09212 {
09213 if(!rsbac_ta_list_get_data_ttl(0, default_g_handle,
09214 NULL, &desc, &i_rights))
09215 {
09216 if(i_rights & i_rvec)
09217 *result = TRUE;
09218 else
09219 *result = FALSE;
09220 }
09221 else
09222 {
09223 if(default_g_rights & i_rvec)
09224 *result = TRUE;
09225 else
09226 *result = FALSE;
09227 }
09228 return 0;
09229 }
09230
09231 if( !rsbac_ta_list_lol_get_subdata_ttl(0, g_handle,
09232 NULL,
09233 &tid.group,
09234 &desc,
09235 &i_rights)
09236 )
09237 {
09238 if(i_rights & i_rvec)
09239 *result = TRUE;
09240 else
09241 *result = FALSE;
09242 return 0;
09243 }
09244 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
09245 if(right != ACLR_SUPERVISOR)
09246 #endif
09247 {
09248 rsbac_acl_rights_vector_t mask;
09249
09250
09251 if( !rsbac_ta_list_lol_get_data_ttl(0, g_handle,
09252 NULL,
09253 &tid.group,
09254 &mask)
09255 && !(mask & i_rvec)
09256 )
09257 {
09258 *result = FALSE;
09259 return 0;
09260 }
09261 }
09262
09263
09264 if( !rsbac_ta_list_get_data_ttl(0, default_g_handle,
09265 NULL,
09266 &desc,
09267 &i_rights)
09268 )
09269 {
09270 if(i_rights & i_rvec)
09271 *result = TRUE;
09272 else
09273 *result = FALSE;
09274 }
09275 else
09276 {
09277 if(default_g_rights & i_rvec)
09278 *result = TRUE;
09279 else
09280 *result = FALSE;
09281 }
09282 return 0;
09283 #endif
09284
09285 #if defined(CONFIG_RSBAC_ACL_NET_DEV_PROT)
09286 case T_NETDEV:
09287
09288
09289
09290
09291
09292
09293
09294 if(!tid.netdev[0])
09295 {
09296 if(!rsbac_ta_list_get_data_ttl(0, default_netdev_handle,
09297 NULL, &desc, &i_rights))
09298 {
09299 if(i_rights & i_rvec)
09300 *result = TRUE;
09301 else
09302 *result = FALSE;
09303 }
09304 else
09305 {
09306 if(default_netdev_rights & i_rvec)
09307 *result = TRUE;
09308 else
09309 *result = FALSE;
09310 }
09311 return 0;
09312 }
09313
09314 if( !rsbac_ta_list_lol_get_subdata_ttl(0, netdev_handle,
09315 NULL,
09316 &tid.netdev,
09317 &desc,
09318 &i_rights)
09319 )
09320 {
09321 if(i_rights & i_rvec)
09322 *result = TRUE;
09323 else
09324 *result = FALSE;
09325 return 0;
09326 }
09327 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
09328 if(right != ACLR_SUPERVISOR)
09329 #endif
09330 {
09331 rsbac_acl_rights_vector_t mask;
09332
09333
09334 if( !rsbac_ta_list_lol_get_data_ttl(0, netdev_handle,
09335 NULL,
09336 &tid.netdev,
09337 &mask)
09338 && !(mask & i_rvec)
09339 )
09340 {
09341 *result = FALSE;
09342 return 0;
09343 }
09344 }
09345
09346
09347 if( !rsbac_ta_list_get_data_ttl(0, default_netdev_handle,
09348 NULL,
09349 &desc,
09350 &i_rights)
09351 )
09352 {
09353 if(i_rights & i_rvec)
09354 *result = TRUE;
09355 else
09356 *result = FALSE;
09357 }
09358 else
09359 {
09360 if(default_netdev_rights & i_rvec)
09361 *result = TRUE;
09362 else
09363 *result = FALSE;
09364 }
09365 return 0;
09366 #endif
09367
09368 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
09369 case T_NETTEMP_NT:
09370 case T_NETTEMP:
09371
09372
09373
09374
09375
09376
09377
09378 if(!tid.nettemp)
09379 {
09380 if(!rsbac_ta_list_get_data_ttl(0, default_nettemp_nt_handle,
09381 NULL, &desc, &i_rights))
09382 {
09383 if(i_rights & i_rvec)
09384 *result = TRUE;
09385 else
09386 *result = FALSE;
09387 }
09388 else
09389 {
09390 if(default_nettemp_nt_rights & i_rvec)
09391 *result = TRUE;
09392 else
09393 *result = FALSE;
09394 }
09395 return 0;
09396 }
09397
09398
09399 if(right != R_CREATE)
09400 {
09401 if(!rsbac_net_template_exist(tid.nettemp))
09402 return FALSE;
09403 if( !rsbac_ta_list_lol_get_subdata_ttl(0, nettemp_nt_handle,
09404 NULL,
09405 &tid.nettemp,
09406 &desc,
09407 &i_rights)
09408 && (i_rights & i_rvec)
09409 )
09410 {
09411 *result = TRUE;
09412 return 0;
09413 }
09414 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
09415 if(right != ACLR_SUPERVISOR)
09416 #endif
09417 {
09418 rsbac_acl_rights_vector_t mask;
09419
09420
09421 if( !rsbac_ta_list_lol_get_data_ttl(0, nettemp_nt_handle,
09422 NULL,
09423 &tid.nettemp,
09424 &mask)
09425 && !(mask & i_rvec)
09426 )
09427 {
09428 *result = FALSE;
09429 return 0;
09430 }
09431 }
09432 }
09433
09434
09435 if( !rsbac_ta_list_get_data_ttl(0, default_nettemp_nt_handle,
09436 NULL,
09437 &desc,
09438 &i_rights)
09439 )
09440 {
09441 if(i_rights & i_rvec)
09442 *result = TRUE;
09443 else
09444 *result = FALSE;
09445 }
09446 else
09447 {
09448 if(default_nettemp_nt_rights & i_rvec)
09449 *result = TRUE;
09450 else
09451 *result = FALSE;
09452 }
09453 return 0;
09454
09455 case T_NETOBJ:
09456
09457
09458
09459
09460
09461
09462
09463 if(!tid.netobj.sock_p)
09464 {
09465 if(!rsbac_ta_list_get_data_ttl(0, default_netobj_handle,
09466 NULL, &desc, &i_rights))
09467 {
09468 if(i_rights & i_rvec)
09469 *result = TRUE;
09470 else
09471 *result = FALSE;
09472 }
09473 else
09474 {
09475 if(default_netobj_rights & i_rvec)
09476 *result = TRUE;
09477 else
09478 *result = FALSE;
09479 }
09480 return 0;
09481 }
09482
09483 if( !rsbac_ta_list_lol_get_subdata_ttl(0, netobj_handle,
09484 NULL,
09485 &tid.netobj.sock_p,
09486 &desc,
09487 &i_rights)
09488 )
09489 {
09490 if(i_rights & i_rvec)
09491 *result = TRUE;
09492 else
09493 *result = FALSE;
09494 return 0;
09495 }
09496 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
09497 if(right != ACLR_SUPERVISOR)
09498 #endif
09499 {
09500 rsbac_acl_rights_vector_t mask;
09501
09502
09503 if( !rsbac_ta_list_lol_get_data_ttl(0, netobj_handle,
09504 NULL,
09505 &tid.netobj.sock_p,
09506 &mask)
09507 && !(mask & i_rvec)
09508 )
09509 {
09510 *result = FALSE;
09511 return 0;
09512 }
09513 }
09514
09515 {
09516 rsbac_net_temp_id_t temp = 0;
09517
09518 if(rsbac_net_remote_request(right))
09519 rsbac_ta_net_lookup_templates(0,
09520 &tid.netobj,
09521 NULL,
09522 &temp);
09523 else
09524 rsbac_ta_net_lookup_templates(0,
09525 &tid.netobj,
09526 &temp,
09527 NULL);
09528 if( temp
09529 && !rsbac_ta_list_lol_get_subdata_ttl(0, nettemp_handle,
09530 NULL,
09531 &temp,
09532 &desc,
09533 &i_rights)
09534 )
09535 {
09536 if(i_rights & i_rvec)
09537 *result = TRUE;
09538 else
09539 *result = FALSE;
09540 return 0;
09541 }
09542 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
09543 if(right != ACLR_SUPERVISOR)
09544 #endif
09545 {
09546 rsbac_acl_rights_vector_t mask;
09547
09548
09549 if( !rsbac_ta_list_lol_get_data_ttl(0, nettemp_handle,
09550 NULL,
09551 &temp,
09552 &mask)
09553 && !(mask & i_rvec)
09554 )
09555 {
09556 *result = FALSE;
09557 return 0;
09558 }
09559 }
09560 }
09561
09562
09563 if( !rsbac_ta_list_get_data_ttl(0, default_netobj_handle,
09564 NULL,
09565 &desc,
09566 &i_rights)
09567 )
09568 {
09569 if(i_rights & i_rvec)
09570 *result = TRUE;
09571 else
09572 *result = FALSE;
09573 }
09574 else
09575 {
09576 if(default_netobj_rights & i_rvec)
09577 *result = TRUE;
09578 else
09579 *result = FALSE;
09580 }
09581 return 0;
09582 #endif
09583
09584 default:
09585 return -RSBAC_EINVALIDTARGET;
09586 }
09587 }
09588
09589
09590
09591
09592
09593
09594 int rsbac_acl_get_tlist(
09595 rsbac_list_ta_number_t ta_number,
09596 enum rsbac_target_t target,
09597 union rsbac_target_id_t tid,
09598 struct rsbac_acl_entry_t ** entry_pp,
09599 rsbac_time_t ** ttl_pp)
09600 {
09601 int count = 0;
09602 int list_no;
09603 struct rsbac_acl_device_list_item_t * device_p;
09604 u_long dflags;
09605
09606 if (!rsbac_is_initialized())
09607 {
09608 printk(KERN_WARNING "rsbac_acl_get_tlist(): RSBAC not initialized\n");
09609 return(-RSBAC_ENOTINITIALIZED);
09610 }
09611 if (!entry_pp)
09612 return(-RSBAC_EINVALIDPOINTER);
09613 #ifdef CONFIG_RSBAC_DEBUG
09614 if (in_interrupt())
09615 {
09616 #ifdef CONFIG_RSBAC_RMSG
09617 rsbac_printk(KERN_WARNING "rsbac_acl_get_tlist(): called from interrupt!\n");
09618 #endif
09619 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09620 if (!rsbac_nosyslog)
09621 #endif
09622 printk(KERN_WARNING "rsbac_acl_get_tlist(): called from interrupt!\n");
09623 }
09624 #endif
09625 switch (target)
09626 {
09627 case T_FD:
09628 case T_FILE:
09629 case T_DIR:
09630 case T_FIFO:
09631 case T_SYMLINK:
09632
09633
09634
09635
09636
09637
09638
09639
09640 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
09641 return rsbac_ta_list_get_all_items_ttl(ta_number,
09642 default_fd_handle,
09643 (void **) entry_pp,
09644 ttl_pp);
09645
09646 rsbac_read_lock(&device_list_head.lock, &dflags);
09647
09648
09649 device_p = acl_lookup_device(tid.file.device);
09650 if (!device_p)
09651 {
09652
09653 rsbac_read_unlock(&device_list_head.lock, &dflags);
09654 rsbac_get_super_block(tid.file.device);
09655
09656 rsbac_read_lock(&device_list_head.lock, &dflags);
09657 device_p = acl_lookup_device(tid.file.device);
09658 if(!device_p)
09659 {
09660 #ifdef CONFIG_RSBAC_RMSG
09661 rsbac_printk(KERN_WARNING
09662 "rsbac_acl_get_tlist(): Could not lookup device!\n");
09663 #endif
09664 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09665 if (!rsbac_nosyslog)
09666 #endif
09667 printk(KERN_WARNING
09668 "rsbac_acl_get_tlist(): Could not lookup device!\n");
09669
09670 rsbac_read_unlock(&device_list_head.lock, &dflags);
09671 return(-RSBAC_EINVALIDDEV);
09672 }
09673 }
09674
09675 list_no = fd_hash(tid.file.inode);
09676 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09677 device_p->handles[list_no],
09678 &tid.file.inode,
09679 (void **) entry_pp,
09680 ttl_pp);
09681 rsbac_read_unlock(&device_list_head.lock, &dflags);
09682
09683 return count;
09684
09685 case T_DEV:
09686
09687
09688
09689
09690
09691
09692
09693
09694
09695 if((tid.dev.type == D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
09696 return rsbac_ta_list_get_all_items_ttl(ta_number,
09697 default_dev_handle,
09698 (void **) entry_pp,
09699 ttl_pp);
09700 else
09701 {
09702 struct rsbac_dev_desc_t dev_desc;
09703
09704 dev_desc.type = tid.dev.type;
09705 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
09706 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
09707 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09708 dev_handle,
09709 &dev_desc,
09710 (void **) entry_pp,
09711 ttl_pp);
09712 }
09713
09714 case T_IPC:
09715
09716 return rsbac_ta_list_get_all_items_ttl(ta_number,
09717 default_ipc_handle,
09718 (void **) entry_pp,
09719 ttl_pp);
09720
09721 case T_SCD:
09722 if( (tid.scd == AST_none)
09723 || (tid.scd == ST_none)
09724 )
09725 return rsbac_ta_list_get_all_items_ttl(ta_number,
09726 default_scd_handle,
09727 (void **) entry_pp,
09728 ttl_pp);
09729 else
09730 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09731 scd_handle,
09732 &tid.scd,
09733 (void **) entry_pp,
09734 ttl_pp);
09735
09736 case T_USER:
09737 if(tid.user == RSBAC_NO_USER)
09738 return rsbac_ta_list_get_all_items_ttl(ta_number,
09739 default_u_handle,
09740 (void **) entry_pp,
09741 ttl_pp);
09742 else
09743 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09744 u_handle,
09745 &tid.user,
09746 (void **) entry_pp,
09747 ttl_pp);
09748
09749 case T_PROCESS:
09750 return rsbac_ta_list_get_all_items_ttl(ta_number,
09751 default_p_handle,
09752 (void **) entry_pp,
09753 ttl_pp);
09754
09755 #ifdef CONFIG_RSBAC_ACL_UM_PROT
09756 case T_GROUP:
09757 if(tid.group == RSBAC_NO_GROUP)
09758 return rsbac_ta_list_get_all_items_ttl(ta_number,
09759 default_g_handle,
09760 (void **) entry_pp,
09761 ttl_pp);
09762 else
09763 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09764 g_handle,
09765 &tid.group,
09766 (void **) entry_pp,
09767 ttl_pp);
09768 #endif
09769
09770 #if defined(CONFIG_RSBAC_ACL_NET_DEV_PROT)
09771 case T_NETDEV:
09772
09773
09774
09775
09776
09777
09778
09779 if(!tid.netdev[0])
09780 return rsbac_ta_list_get_all_items_ttl(ta_number,
09781 default_netdev_handle,
09782 (void **) entry_pp,
09783 ttl_pp);
09784 else
09785 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09786 netdev_handle,
09787 &tid.netdev,
09788 (void **) entry_pp,
09789 ttl_pp);
09790 #endif
09791
09792 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
09793 case T_NETTEMP_NT:
09794
09795
09796
09797
09798
09799
09800
09801 if(!tid.nettemp)
09802 return rsbac_ta_list_get_all_items_ttl(ta_number,
09803 default_nettemp_nt_handle,
09804 (void **) entry_pp,
09805 ttl_pp);
09806 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
09807 return -RSBAC_EINVALIDTARGET;
09808 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09809 nettemp_nt_handle,
09810 &tid.nettemp,
09811 (void **) entry_pp,
09812 ttl_pp);
09813
09814 case T_NETTEMP:
09815
09816
09817
09818
09819
09820
09821
09822 if(!tid.nettemp)
09823 return -RSBAC_EINVALIDTARGET;
09824 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
09825 return -RSBAC_EINVALIDTARGET;
09826 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09827 nettemp_handle,
09828 &tid.nettemp,
09829 (void **) entry_pp,
09830 ttl_pp);
09831
09832 case T_NETOBJ:
09833
09834
09835
09836
09837
09838
09839
09840 if(!tid.nettemp)
09841 return rsbac_ta_list_get_all_items_ttl(ta_number,
09842 default_netobj_handle,
09843 (void **) entry_pp,
09844 ttl_pp);
09845 else
09846 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09847 netobj_handle,
09848 &tid.netobj.sock_p,
09849 (void **) entry_pp,
09850 ttl_pp);
09851 #endif
09852
09853 default:
09854 return -RSBAC_EINVALIDTARGET;
09855 }
09856 }
09857
09858
09859 int rsbac_acl_remove_subject(
09860 rsbac_list_ta_number_t ta_number,
09861 struct rsbac_acl_entry_desc_t desc)
09862 {
09863 struct rsbac_acl_device_list_item_t * device_p;
09864 u_long dflags;
09865 u_int i;
09866
09867 if(desc.subj_type >= ACLS_NONE)
09868 return -RSBAC_EINVALIDVALUE;
09869
09870
09871 rsbac_ta_list_remove(ta_number, default_fd_handle, &desc);
09872 rsbac_ta_list_remove(ta_number, default_dev_handle, &desc);
09873 rsbac_ta_list_remove(ta_number, default_ipc_handle, &desc);
09874 rsbac_ta_list_remove(ta_number, default_scd_handle, &desc);
09875 rsbac_ta_list_remove(ta_number, default_u_handle, &desc);
09876 rsbac_ta_list_remove(ta_number, default_p_handle, &desc);
09877 #ifdef CONFIG_RSBAC_ACL_UM_PROT
09878 rsbac_ta_list_remove(ta_number, default_g_handle, &desc);
09879 #endif
09880 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
09881 rsbac_ta_list_remove(ta_number, default_netdev_handle, &desc);
09882 #endif
09883 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
09884 rsbac_ta_list_remove(ta_number, default_nettemp_nt_handle, &desc);
09885 rsbac_ta_list_remove(ta_number, default_netobj_handle, &desc);
09886 #endif
09887
09888
09889 rsbac_read_lock(&device_list_head.lock, &dflags);
09890 device_p = device_list_head.head;
09891 while(device_p)
09892 {
09893 for(i=0; i<RSBAC_ACL_NR_FD_LISTS; i++)
09894 {
09895 rsbac_ta_list_lol_subremove_from_all(ta_number,
09896 device_p->handles[i],
09897 &desc);
09898 }
09899 device_p = device_p->next;
09900 }
09901
09902 rsbac_read_unlock(&device_list_head.lock, &dflags);
09903
09904
09905 rsbac_ta_list_lol_subremove_from_all(ta_number, dev_handle, &desc);
09906
09907
09908 rsbac_ta_list_lol_subremove_from_all(ta_number, scd_handle, &desc);
09909
09910
09911 rsbac_ta_list_lol_subremove_from_all(ta_number, u_handle, &desc);
09912
09913 #ifdef CONFIG_RSBAC_ACL_UM_PROT
09914
09915 rsbac_ta_list_lol_subremove_from_all(ta_number, g_handle, &desc);
09916 #endif
09917
09918 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
09919
09920 rsbac_ta_list_lol_subremove_from_all(ta_number, netdev_handle, &desc);
09921 #endif
09922 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
09923 rsbac_ta_list_lol_subremove_from_all(ta_number, nettemp_nt_handle, &desc);
09924 rsbac_ta_list_lol_subremove_from_all(ta_number, nettemp_handle, &desc);
09925 rsbac_ta_list_lol_subremove_from_all(ta_number, netobj_handle, &desc);
09926 #endif
09927
09928 return 0;
09929 }
09930
09931
09932
09933 int rsbac_acl_add_group(
09934 rsbac_list_ta_number_t ta_number,
09935 rsbac_uid_t owner,
09936 enum rsbac_acl_group_type_t type,
09937 char * name,
09938 rsbac_acl_group_id_t * group_id_p)
09939 {
09940 struct rsbac_acl_group_entry_t entry;
09941 int err=0;
09942
09943 if(type >= ACLG_NONE)
09944 return -RSBAC_EINVALIDVALUE;
09945 if(!name || !group_id_p)
09946 return -RSBAC_EINVALIDPOINTER;
09947 if(!name[0])
09948 return -RSBAC_EINVALIDVALUE;
09949 entry.owner = owner;
09950 entry.type = type;
09951 strncpy(entry.name, name, RSBAC_ACL_GROUP_NAMELEN-1);
09952 entry.name[RSBAC_ACL_GROUP_NAMELEN-1] = 0;
09953 if(!*group_id_p)
09954 {
09955
09956 group_last_new++;
09957
09958 while(!group_last_new || rsbac_ta_list_exist(ta_number, group_handle, &group_last_new))
09959 group_last_new++;
09960
09961 entry.id = group_last_new;
09962 }
09963 else
09964 {
09965 if(rsbac_ta_list_exist(ta_number, group_handle, group_id_p))
09966 {
09967 return(-RSBAC_EEXISTS);
09968 }
09969 else
09970 entry.id = *group_id_p;
09971 }
09972 if(rsbac_ta_list_add_ttl(ta_number, group_handle, 0, &entry.id, &entry))
09973 err = -RSBAC_ECOULDNOTADDITEM;
09974 else
09975 {
09976 *group_id_p = entry.id;
09977 }
09978 return(err);
09979 }
09980
09981 int rsbac_acl_change_group(
09982 rsbac_list_ta_number_t ta_number,
09983 rsbac_acl_group_id_t id,
09984 rsbac_uid_t owner,
09985 enum rsbac_acl_group_type_t type,
09986 char * name)
09987 {
09988 struct rsbac_acl_group_entry_t entry;
09989
09990 if(!id)
09991 return -RSBAC_EINVALIDVALUE;
09992 if(!rsbac_ta_list_exist(ta_number, group_handle, &id))
09993 return(-RSBAC_ENOTFOUND);
09994 if(!name)
09995 return -RSBAC_EINVALIDPOINTER;
09996 if(!name[0])
09997 return -RSBAC_EINVALIDVALUE;
09998 entry.id = id;
09999 entry.owner = owner;
10000 entry.type = type;
10001 strncpy(entry.name, name, RSBAC_ACL_GROUP_NAMELEN);
10002 entry.name[RSBAC_ACL_GROUP_NAMELEN-1] = 0;
10003 return rsbac_ta_list_add_ttl(ta_number, group_handle, 0, &entry.id, &entry);
10004 }
10005
10006 int rsbac_acl_remove_group(
10007 rsbac_list_ta_number_t ta_number,
10008 rsbac_acl_group_id_t id)
10009 {
10010 int err=0;
10011
10012 if(!id)
10013 return -RSBAC_EINVALIDVALUE;
10014
10015 err = rsbac_ta_list_remove(ta_number, group_handle, &id);
10016 if(!err)
10017 {
10018 struct rsbac_acl_entry_desc_t desc;
10019
10020
10021 rsbac_ta_list_lol_subremove_from_all(ta_number, gm_handle, &id);
10022 desc.subj_type = ACLS_GROUP;
10023 desc.subj_id = id;
10024 err = rsbac_acl_remove_subject(ta_number, desc);
10025 }
10026 return(err);
10027 }
10028
10029 int rsbac_acl_get_group_entry(
10030 rsbac_list_ta_number_t ta_number,
10031 rsbac_acl_group_id_t group,
10032 struct rsbac_acl_group_entry_t * entry_p)
10033 {
10034 if(!group)
10035 return -RSBAC_EINVALIDVALUE;
10036 if(!entry_p)
10037 return -RSBAC_EINVALIDPOINTER;
10038 return rsbac_ta_list_get_data_ttl(ta_number, group_handle, NULL, &group, entry_p);
10039 }
10040
10041 int rsbac_acl_list_groups(
10042 rsbac_list_ta_number_t ta_number,
10043 rsbac_uid_t owner,
10044 rsbac_boolean_t include_global,
10045 struct rsbac_acl_group_entry_t ** entry_pp)
10046 {
10047 long count;
10048 struct rsbac_acl_group_entry_t * local_entry_p;
10049
10050 if(!entry_pp)
10051 return -RSBAC_EINVALIDPOINTER;
10052 count = rsbac_ta_list_get_all_data(ta_number, group_handle, (void **) &local_entry_p);
10053 if(count > 0)
10054 {
10055 long i;
10056 long rescount = 0;
10057
10058 *entry_pp = rsbac_vmalloc(count * sizeof(**entry_pp));
10059 if(!*entry_pp)
10060 {
10061 rsbac_vfree(local_entry_p);
10062 return -RSBAC_ENOMEM;
10063 }
10064 for(i=0; i<count; i++)
10065 {
10066 if( (local_entry_p[i].owner == owner)
10067 || ( include_global
10068 && (local_entry_p[i].type == ACLG_GLOBAL)
10069 )
10070 )
10071 {
10072 memcpy(&(*entry_pp)[rescount], &local_entry_p[i], sizeof(local_entry_p[i]));
10073 rescount++;
10074 }
10075 }
10076 rsbac_vfree(local_entry_p);
10077 count = rescount;
10078 }
10079 return count;
10080 }
10081
10082
10083 rsbac_boolean_t rsbac_acl_group_exist(rsbac_acl_group_id_t group)
10084 {
10085 if(!group)
10086 return TRUE;
10087 return rsbac_ta_list_exist(0, group_handle, &group);
10088 }
10089
10090 int rsbac_acl_add_group_member(
10091 rsbac_list_ta_number_t ta_number,
10092 rsbac_acl_group_id_t group,
10093 rsbac_uid_t user,
10094 rsbac_time_t ttl)
10095 {
10096 int err = 0;
10097
10098 if(!group)
10099 return -RSBAC_EINVALIDVALUE;
10100 if(!rsbac_ta_list_exist(ta_number, group_handle, &group))
10101 return -RSBAC_EINVALIDVALUE;
10102
10103 if(!rsbac_ta_list_lol_exist(ta_number, gm_handle, &user))
10104 {
10105 err = rsbac_ta_list_lol_add_ttl(ta_number, gm_handle, 0, &user, NULL);
10106 if(err)
10107 return err;
10108 }
10109 return rsbac_ta_list_lol_subadd_ttl(ta_number, gm_handle, ttl, &user, &group, NULL);
10110 }
10111
10112 int rsbac_acl_remove_group_member(
10113 rsbac_list_ta_number_t ta_number,
10114 rsbac_acl_group_id_t group,
10115 rsbac_uid_t user)
10116 {
10117 int err;
10118
10119 if(!group)
10120 return -RSBAC_EINVALIDVALUE;
10121 if(!rsbac_ta_list_exist(ta_number, group_handle, &group))
10122 return -RSBAC_EINVALIDVALUE;
10123
10124 err = rsbac_ta_list_lol_subremove(ta_number, gm_handle, &user, &group);
10125
10126 if( !err
10127 && !rsbac_ta_list_lol_subcount(ta_number, gm_handle, &user)
10128 )
10129 err = rsbac_ta_list_lol_remove(ta_number, gm_handle, &user);
10130
10131 return err;
10132 }
10133
10134
10135 rsbac_boolean_t rsbac_acl_group_member(rsbac_acl_group_id_t group, rsbac_uid_t user)
10136 {
10137 return rsbac_ta_list_lol_subexist(0, gm_handle, &user, &group);
10138 }
10139
10140
10141
10142
10143 int rsbac_acl_get_user_groups(
10144 rsbac_list_ta_number_t ta_number,
10145 rsbac_uid_t user,
10146 rsbac_acl_group_id_t ** group_pp,
10147 rsbac_time_t ** ttl_pp)
10148 {
10149 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
10150 gm_handle,
10151 &user,
10152 (void **) group_pp,
10153 ttl_pp);
10154 }
10155
10156
10157 int rsbac_acl_get_group_members(
10158 rsbac_list_ta_number_t ta_number,
10159 rsbac_acl_group_id_t group,
10160 rsbac_uid_t user_array[],
10161 rsbac_time_t ttl_array[],
10162 int maxnum)
10163 {
10164 long desc_count;
10165 long i;
10166 rsbac_uid_t * user_p;
10167 int err = 0;
10168
10169 if(!group || (maxnum <= 0))
10170 return -RSBAC_EINVALIDVALUE;
10171 if(!rsbac_ta_list_exist(ta_number, group_handle, &group))
10172 return -RSBAC_EINVALIDVALUE;
10173 if(!user_array)
10174 return -RSBAC_EINVALIDPOINTER;
10175
10176
10177 desc_count = rsbac_ta_list_lol_get_all_desc(ta_number, gm_handle, (void **) &user_p);
10178 if(desc_count > 0)
10179 {
10180 rsbac_time_t ttl;
10181
10182 for(i=0; i<desc_count; i++)
10183 {
10184 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number, gm_handle, &ttl, &user_p[i], &group, NULL))
10185 {
10186 user_array[err] = user_p[i];
10187 if(ttl_array)
10188 ttl_array[err] = ttl;
10189 err++;
10190 if(err >= maxnum)
10191 break;
10192 }
10193 }
10194 rsbac_vfree(user_p);
10195 }
10196 return(err);
10197 }
10198
10199
10200
10201 int rsbac_acl_remove_user(
10202 rsbac_list_ta_number_t ta_number,
10203 rsbac_uid_t user)
10204 {
10205 u_long i;
10206 struct rsbac_acl_group_entry_t * entry_p;
10207 long desc_count;
10208 struct rsbac_acl_entry_desc_t desc;
10209
10210 rsbac_ta_list_lol_remove(ta_number, gm_handle, &user);
10211
10212 desc_count = rsbac_ta_list_get_all_data(ta_number, group_handle, (void **) &entry_p);
10213 if(desc_count > 0)
10214 {
10215 for(i=0; i<desc_count; i++)
10216 {
10217 if(entry_p[i].owner == user)
10218 {
10219 rsbac_ta_list_remove(ta_number, group_handle, &entry_p[i].id);
10220
10221 rsbac_ta_list_lol_subremove_from_all(ta_number,
10222 gm_handle,
10223 &entry_p[i].id);
10224 }
10225 }
10226 rsbac_vfree(entry_p);
10227 }
10228
10229 desc.subj_type = ACLS_USER;
10230 desc.subj_id = user;
10231
10232 return rsbac_acl_remove_subject(ta_number, desc);
10233 }
10234
10235
