00001
00002
00003
00004
00005
00006
00007
00008
00009 #include <rsbac/types.h>
00010 #include <rsbac/getname.h>
00011 #include <rsbac/helpers.h>
00012 #include <rsbac/error.h>
00013 #include <rsbac/pax_getname.h>
00014
00015 #ifdef __KERNEL__
00016 #include <linux/string.h>
00017 #include <linux/module.h>
00018 #include <linux/fs.h>
00019 #include <linux/kernel.h>
00020 #include <linux/netdevice.h>
00021 #include <linux/inetdevice.h>
00022 #include <rsbac/rkmem.h>
00023 #include <rsbac/network.h>
00024 #include <rsbac/net_getname.h>
00025 #else
00026 #include <string.h>
00027 #include <errno.h>
00028 #endif
00029
00030 static char request_list[R_NONE+1][24] = {
00031 "ADD_TO_KERNEL",
00032 "ALTER",
00033 "APPEND_OPEN",
00034 "CHANGE_GROUP",
00035 "CHANGE_OWNER",
00036 "CHDIR",
00037 "CLONE",
00038 "CLOSE",
00039 "CREATE",
00040 "DELETE",
00041 "EXECUTE",
00042 "GET_PERMISSIONS_DATA",
00043 "GET_STATUS_DATA",
00044 "LINK_HARD",
00045 "MODIFY_ACCESS_DATA",
00046 "MODIFY_ATTRIBUTE",
00047 "MODIFY_PERMISSIONS_DATA",
00048 "MODIFY_SYSTEM_DATA",
00049 "MOUNT",
00050 "READ",
00051 "READ_ATTRIBUTE",
00052 "READ_WRITE_OPEN",
00053 "READ_OPEN",
00054 "REMOVE_FROM_KERNEL",
00055 "RENAME",
00056 "SEARCH",
00057 "SEND_SIGNAL",
00058 "SHUTDOWN",
00059 "SWITCH_LOG",
00060 "SWITCH_MODULE",
00061 "TERMINATE",
00062 "TRACE",
00063 "TRUNCATE",
00064 "UMOUNT",
00065 "WRITE",
00066 "WRITE_OPEN",
00067 "MAP_EXEC",
00068 "BIND",
00069 "LISTEN",
00070 "ACCEPT",
00071 "CONNECT",
00072 "SEND",
00073 "RECEIVE",
00074 "NET_SHUTDOWN",
00075 "CHANGE_DAC_EFF_OWNER",
00076 "CHANGE_DAC_FS_OWNER",
00077 "CHANGE_DAC_EFF_GROUP",
00078 "CHANGE_DAC_FS_GROUP",
00079 "NONE" };
00080
00081 static char result_list[UNDEFINED+1][12] = {
00082 "NOT_GRANTED",
00083 "GRANTED",
00084 "DO_NOT_CARE",
00085 "UNDEFINED" };
00086
00087 static rsbac_switch_target_int_t attr_mod_list[A_none+1] = {
00088 GEN,
00089 MAC,
00090 MAC,
00091 MAC,
00092 MAC,
00093 MAC,
00094 MAC,
00095 MAC,
00096 MAC,
00097 MAC,
00098 MAC,
00099 MAC,
00100 MAC,
00101 MAC,
00102 FC,
00103 FC,
00104 FC,
00105 SIM,
00106 SIM,
00107 SIM,
00108 SW_NONE,
00109 MAC,
00110 FC,
00111 SIM,
00112 DAZ,
00113 FF,
00114 AUTH,
00115 CAP,
00116 JAIL,
00117 PAX,
00118 MAC,
00119 MAC,
00120 MAC,
00121 MAC,
00122 MAC,
00123 MAC,
00124 MAC,
00125 MAC,
00126 MAC,
00127 PM,
00128 PM,
00129 PM,
00130 PM,
00131 PM,
00132 PM,
00133 PM,
00134 PM,
00135 PM,
00136 PM,
00137 PM,
00138 PM,
00139 PM,
00140 PM,
00141 PM,
00142 DAZ,
00143 DAZ,
00144 FF,
00145 RC,
00146 RC,
00147 RC,
00148 RC,
00149 RC,
00150 RC,
00151 RC,
00152 RC,
00153 RC,
00154 AUTH,
00155 AUTH,
00156 AUTH,
00157 CAP,
00158 CAP,
00159 CAP,
00160 CAP,
00161 JAIL,
00162 JAIL,
00163 JAIL,
00164 JAIL,
00165 PAX,
00166 RES,
00167 RES,
00168 RES,
00169 GEN,
00170 GEN,
00171 GEN,
00172 GEN,
00173 GEN,
00174 GEN,
00175 GEN,
00176 GEN,
00177 GEN,
00178 GEN,
00179 GEN,
00180 GEN,
00181 CAP,
00182 GEN,
00183 GEN,
00184 GEN,
00185 AUTH,
00186 #ifdef __KERNEL__
00187
00188 SW_NONE,
00189 SW_NONE,
00190 SW_NONE,
00191 SW_NONE,
00192 SW_NONE,
00193 SW_NONE,
00194 SW_NONE,
00195 SW_NONE,
00196 SW_NONE,
00197 SW_NONE,
00198 SW_NONE,
00199 SW_NONE,
00200 SW_NONE,
00201 SW_NONE,
00202 SW_NONE,
00203 SW_NONE,
00204 SW_NONE,
00205 SW_NONE,
00206 SW_NONE,
00207 SW_NONE,
00208 SW_NONE,
00209 SW_NONE,
00210 SW_NONE,
00211 SW_NONE,
00212 #endif
00213 SW_NONE };
00214
00215 static char attribute_list[A_none+1][23] = {
00216 "pseudo",
00217 "security_level",
00218 "initial_security_level",
00219 "local_sec_level",
00220 "remote_sec_level",
00221 "min_security_level",
00222 "mac_categories",
00223 "mac_initial_categories",
00224 "local_mac_categories",
00225 "remote_mac_categories",
00226 "mac_min_categories",
00227 "mac_user_flags",
00228 "mac_process_flags",
00229 "mac_file_flags",
00230 "object_category",
00231 "local_object_category",
00232 "remote_object_category",
00233 "data_type",
00234 "local_data_type",
00235 "remote_data_type",
00236 "system_role",
00237 "mac_role",
00238 "fc_role",
00239 "sim_role",
00240 "daz_role",
00241 "ff_role",
00242 "auth_role",
00243 "cap_role",
00244 "jail_role",
00245 "pax_role",
00246 "current_sec_level",
00247 "mac_curr_categories",
00248 "min_write_open",
00249 "min_write_categories",
00250 "max_read_open",
00251 "max_read_categories",
00252 "mac_auto",
00253 "mac_check",
00254 "mac_prop_trusted",
00255 "pm_role",
00256 "pm_process_type",
00257 "pm_current_task",
00258 "pm_object_class",
00259 "local_pm_object_class",
00260 "remote_pm_object_class",
00261 "pm_ipc_purpose",
00262 "local_pm_ipc_purpose",
00263 "remote_pm_ipc_purpose",
00264 "pm_object_type",
00265 "local_pm_object_type",
00266 "remote_pm_object_type",
00267 "pm_program_type",
00268 "pm_tp",
00269 "pm_task_set",
00270 "daz_scanned",
00271 "daz_scanner",
00272 "ff_flags",
00273 "rc_type",
00274 "local_rc_type",
00275 "remote_rc_type",
00276 "rc_type_fd",
00277 "rc_type_nt",
00278 "rc_force_role",
00279 "rc_initial_role",
00280 "rc_role",
00281 "rc_def_role",
00282 "auth_may_setuid",
00283 "auth_may_set_cap",
00284 "auth_learn",
00285 "min_caps",
00286 "max_caps",
00287 "max_caps_user",
00288 "max_caps_program",
00289 "jail_id",
00290 "jail_ip",
00291 "jail_flags",
00292 "jail_max_caps",
00293 "pax_flags",
00294 "res_role",
00295 "res_min",
00296 "res_max",
00297 "log_array_low",
00298 "local_log_array_low",
00299 "remote_log_array_low",
00300 "log_array_high",
00301 "local_log_array_high",
00302 "remote_log_array_high",
00303 "log_program_based",
00304 "log_user_based",
00305 "symlink_add_uid",
00306 "symlink_add_mac_level",
00307 "symlink_add_rc_role",
00308 "linux_dac_disable",
00309 "cap_process_hiding",
00310 "fake_root_uid",
00311 "audit_uid",
00312 "auid_exempt",
00313 "auth_last_auth",
00314 #ifdef __KERNEL__
00315
00316 "owner",
00317 "group",
00318 "signal",
00319 "mode",
00320 "nlink",
00321 "switch_target",
00322 "mod_name",
00323 "request",
00324 "trace_request",
00325 "auth_add_f_cap",
00326 "auth_remove_f_cap",
00327 "auth_get_caplist",
00328 "prot_bits",
00329 "internal",
00330 "create_data",
00331 "new_object",
00332 "rlimit",
00333 "new_dir_dentry_p",
00334 "auth_program_file",
00335 "auth_start_uid",
00336 "acl_learn",
00337 "priority",
00338 "pgid",
00339 "kernel_thread",
00340 "open_flag",
00341 #endif
00342 "none" };
00343
00344 static char target_list[T_NONE+1][11] = {
00345 "FILE",
00346 "DIR",
00347 "FIFO",
00348 "SYMLINK",
00349 "DEV",
00350 "IPC",
00351 "SCD",
00352 "USER",
00353 "PROCESS",
00354 "NETDEV",
00355 "NETTEMP",
00356 "NETOBJ",
00357 "NETTEMP_NT",
00358 "GROUP",
00359 "FD",
00360 "NONE" };
00361
00362 static char ipc_target_list[I_none+1][7] = {
00363 "sem",
00364 "msg",
00365 "shm",
00366 "none" };
00367
00368 static char switch_target_list[SW_NONE+1][12] = {
00369 "GEN",
00370 "MAC",
00371 "FC",
00372 "SIM",
00373 "PM",
00374 "DAZ",
00375 "FF",
00376 "RC",
00377 "AUTH",
00378 "REG",
00379 "ACL",
00380 "CAP",
00381 "JAIL",
00382 "RES",
00383 "PAX",
00384 "SOFTMODE",
00385 "DAC_DISABLE",
00386 "UM",
00387 "FREEZE",
00388 "NONE" };
00389
00390 static char error_list[RSBAC_EMAX][25] = {
00391 "RSBAC_EPERM",
00392 "RSBAC_EACCESS",
00393 "RSBAC_EREADFAILED",
00394 "RSBAC_EWRITEFAILED",
00395 "RSBAC_EINVALIDPOINTER",
00396 "RSBAC_ENOROOTDIR",
00397 "RSBAC_EPATHTOOLONG",
00398 "RSBAC_ENOROOTDEV",
00399 "RSBAC_ENOTFOUND",
00400 "RSBAC_ENOTINITIALIZED",
00401 "RSBAC_EREINIT",
00402 "RSBAC_ECOULDNOTADDDEVICE",
00403 "RSBAC_ECOULDNOTADDITEM",
00404 "RSBAC_ECOULDNOTCREATEPATH",
00405 "RSBAC_EINVALIDATTR",
00406 "RSBAC_EINVALIDDEV",
00407 "RSBAC_EINVALIDTARGET",
00408 "RSBAC_EINVALIDVALUE",
00409 "RSBAC_EEXISTS",
00410 "RSBAC_EINTERNONLY",
00411 "RSBAC_EINVALIDREQUEST",
00412 "RSBAC_ENOTWRITABLE",
00413 "RSBAC_EMALWAREDETECTED",
00414 "RSBAC_ENOMEM",
00415 "RSBAC_EDECISIONMISMATCH",
00416 "RSBAC_EINVALIDVERSION",
00417 "RSBAC_EINVALIDMODULE",
00418 "RSBAC_EEXPIRED",
00419 "RSBAC_EMUSTCHANGE",
00420 "RSBAC_EBUSY",
00421 "RSBAC_EINVALIDTRANSACTION"
00422 };
00423
00424 static char scd_type_list[ST_none+1][17] = {
00425 "time_strucs",
00426 "clock",
00427 "host_id",
00428 "net_id",
00429 "ioports",
00430 "rlimit",
00431 "swap",
00432 "syslog",
00433 "rsbac",
00434 "rsbac_log",
00435 "other",
00436 "kmem",
00437 "network",
00438 "firewall",
00439 "priority",
00440 "sysfs",
00441 "rsbac_remote_log",
00442 "none" };
00443
00444
00445
00446 #ifndef __KERNEL__
00447 static char attribute_param_list[A_none+1][193] = {
00448 "user-pseudo (positive long integer)",
00449 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00450 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00451 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00452 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00453 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00454 "Bit Set String of length 64 for all categories",
00455 "Bit Set String of length 64 for all categories",
00456 "Bit Set String of length 64 for all categories",
00457 "Bit Set String of length 64 for all categories",
00458 "Bit Set String of length 64 for all categories",
00459 "1 = override, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down, 64 = allow_mac_auto",
00460 "1 = override, 2 = auto, 4 = trusted, 8 = write_up,\n\t16 = read_up, 32 = write_down, 128 = prop_trusted",
00461 "2 = auto, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down",
00462 "0 = general, 1 = security, 2 = system, 3 = inherit",
00463 "0 = general, 1 = security, 2 = system, 3 = inherit",
00464 "0 = general, 1 = security, 2 = system, 3 = inherit",
00465 "0 = none, 1 = SI, 2 = inherit",
00466 "0 = none, 1 = SI, 2 = inherit",
00467 "0 = none, 1 = SI, 2 = inherit",
00468 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00469 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00470 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00471 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00472 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00473 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00474 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00475 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00476 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00477 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00478 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00479 "Bit Set String of length 64 for all categories",
00480 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00481 "Bit Set String of length 64 for all categories",
00482 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00483 "Bit Set String of length 64 for all categories",
00484 "0 = no, 1 = yes, 2 = inherit (default value)",
00485 "0 = false, 1 = true",
00486 "0 = false, 1 = true",
00487 "0 = user, 1 = security officer, 2 = data protection officer,\n\t3 = TP-manager, 4 = system-admin",
00488 "0 = none, 1 = TP",
00489 "Task-ID (positive integer)",
00490 "Class-ID (positive integer)",
00491 "Class-ID (positive integer)",
00492 "Class-ID (positive integer)",
00493 "Purpose-ID (positive integer)",
00494 "Purpose-ID (positive integer)",
00495 "Purpose-ID (positive integer)",
00496 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00497 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00498 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00499 "0 = none, 1 = TP",
00500 "TP-ID (positive integer)",
00501 "pm-task-list-ID (positive integer)",
00502 "0 = unscanned, 1 = infected, 2 = clean",
00503 "0 = FALSE, 1 = TRUE",
00504 "1 = read_only, 2 = execute_only, 4 = search_only, 8 = write_only,\n\t16 = secure_delete, 32 = no_execute, 64 = no_delete_or_rename,\n\t128 = add_inherited (or'd), 256 = append_only, 512 = no_mount",
00505 "RC-type-id",
00506 "RC-type-id",
00507 "RC-type-id",
00508 "RC-type-id (-2 = inherit from parent)",
00509 "RC-type-id",
00510 "RC-role-id (-1 = inherit_user, -2 = inherit_process (keep),\n\t-3 = inherit_parent (def.),\n\t-4 = inherit_user_on_chown_only (root default)",
00511 "RC-role-id (-3 = inherit_parent (default),\n\t-5 = use_force_role (root default)",
00512 "RC-role-id",
00513 "RC-role-id",
00514 "0 = off, 1 = full, 2 = last_auth_only, 3 = last_auth_and_gid",
00515 "0 = false, 1 = true",
00516 "0 = false, 1 = true",
00517 "Bit-Vector value or name list of desired caps",
00518 "Bit-Vector value or name list of desired caps",
00519 "Bit-Vector value or name list of desired caps",
00520 "Bit-Vector value or name list of desired caps",
00521 "JAIL ID (0 = off)",
00522 "JAIL IP address a.b.c.d",
00523 "JAIL flags (or'd, 1 = allow external IPC, 2 = allow all net families,\n\t4 = allow_rlimit, 8 = allow raw IP, 16 = auto adjust IP,\n\t32 = allow localhost, 64 = allow scd clock)",
00524 "Bit-Vector value or name list of desired caps",
00525 "PAX flags with capital=on, non-capital=off, e.g. PeMRxS",
00526 "0 = user, 1 = security officer, 2 = administrator",
00527 "array of non-negative integer values, all 0 for unset",
00528 "array of non-negative integer values, all 0 for unset",
00529 "Bit-String for all Requests, low bit",
00530 "Bit-String for all Requests, low bit",
00531 "Bit-String for all Requests, low bit",
00532 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00533 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00534 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00535 "Bit-String for all Requests",
00536 "Bit-String for all Requests",
00537 "0 = false, 1 = true",
00538 "0 = false, 1 = true",
00539 "0 = false, 1 = true",
00540 "0 = false, 1 = true, 2 = inherit (default)",
00541 "0 = off (default), 1 = from other users, 2 = full",
00542 "0 = off (default), 1 = uid_only, 2 = euid_only, 3 = both",
00543 "-3 = unset, uid otherwise",
00544 "-3 = unset, uid otherwise",
00545 "-3 = unset, uid otherwise",
00546 "INVALID!" };
00547 #endif
00548
00549 static char log_level_list[LL_invalid+1][9] = {
00550 "none",
00551 "denied",
00552 "full",
00553 "request",
00554 "invalid!" };
00555
00556
00557
00558 #ifdef __KERNEL__
00559 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00560 EXPORT_SYMBOL(get_request_name);
00561 #endif
00562 #endif
00563
00564 char * get_request_name(char * request_name,
00565 enum rsbac_adf_request_t request)
00566 {
00567 if(!request_name)
00568 return(NULL);
00569 if(request >= R_NONE)
00570 strcpy(request_name, "ERROR!");
00571 else
00572 strcpy(request_name, request_list[request]);
00573 return(request_name);
00574 }
00575
00576 enum rsbac_adf_request_t get_request_nr(const char * request_name)
00577 {
00578 enum rsbac_adf_request_t i;
00579
00580 if(!request_name)
00581 return(R_NONE);
00582 for (i = 0; i < R_NONE; i++)
00583 {
00584 if (!strcmp(request_name,request_list[i]))
00585 {
00586 return(i);
00587 }
00588 }
00589 return(R_NONE);
00590 }
00591
00592
00593 char * get_result_name(char * res_name,
00594 enum rsbac_adf_req_ret_t res)
00595 {
00596 if(!res_name)
00597 return(NULL);
00598 if(res > UNDEFINED)
00599 strcpy(res_name, "ERROR!");
00600 else
00601 strcpy(res_name, result_list[res]);
00602 return(res_name);
00603 }
00604
00605 enum rsbac_adf_req_ret_t get_result_nr(const char * res_name)
00606 {
00607 enum rsbac_adf_req_ret_t i;
00608
00609 if(!res_name)
00610 return(UNDEFINED);
00611 for (i = 0; i < UNDEFINED; i++)
00612 {
00613 if (!strcmp(res_name,result_list[i]))
00614 {
00615 return(i);
00616 }
00617 }
00618 return(UNDEFINED);
00619 }
00620
00621
00622 enum rsbac_switch_target_t get_attr_module(enum rsbac_attribute_t attr)
00623 {
00624 if(attr > A_none)
00625 return SW_NONE;
00626 else
00627 return attr_mod_list[attr];
00628 }
00629
00630 #ifdef __KERNEL__
00631 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00632 EXPORT_SYMBOL(get_attribute_name);
00633 #endif
00634 #endif
00635
00636 char * get_attribute_name( char * attr_name,
00637 enum rsbac_attribute_t attr)
00638 {
00639 if(!attr_name)
00640 return(NULL);
00641 if(attr > A_none)
00642 strcpy(attr_name, "ERROR!");
00643 else
00644 strcpy(attr_name, attribute_list[attr]);
00645 return(attr_name);
00646 }
00647
00648 enum rsbac_attribute_t get_attribute_nr(const char * attr_name)
00649 {
00650 enum rsbac_attribute_t i;
00651
00652 if(!attr_name)
00653 return(A_none);
00654 for (i = 0; i < A_none; i++)
00655 {
00656 if (!strcmp(attr_name,attribute_list[i]))
00657 {
00658 return(i);
00659 }
00660 }
00661 return(A_none);
00662 }
00663
00664 #ifdef __KERNEL__
00665 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00666 EXPORT_SYMBOL(get_attribute_value_name);
00667 #endif
00668 #endif
00669
00670 char * get_attribute_value_name( char * attr_val_name,
00671 enum rsbac_attribute_t attr,
00672 union rsbac_attribute_value_t * attr_val_p)
00673 {
00674 if(!attr_val_name)
00675 return(NULL);
00676 if(attr > A_none)
00677 strcpy(attr_val_name, "ERROR!");
00678 else
00679 switch(attr)
00680 {
00681 case A_none:
00682 strcpy(attr_val_name, "none");
00683 break;
00684 #ifdef __KERNEL__
00685 case A_create_data:
00686 {
00687 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00688
00689 if(tmp)
00690 {
00691 if(attr_val_p->create_data.dentry_p)
00692 snprintf(attr_val_name, RSBAC_MAXNAMELEN - 1,
00693 "%s %s, mode %o",
00694 get_target_name_only(tmp, attr_val_p->create_data.target),
00695 attr_val_p->create_data.dentry_p->d_name.name,
00696 attr_val_p->create_data.mode & S_IALLUGO);
00697 else
00698 snprintf(attr_val_name, RSBAC_MAXNAMELEN - 1,
00699 "%s, mode %o",
00700 get_target_name_only(tmp, attr_val_p->create_data.target),
00701 attr_val_p->create_data.mode & S_IALLUGO);
00702 rsbac_kfree(tmp);
00703 }
00704 }
00705 break;
00706 case A_mode:
00707 sprintf(attr_val_name, "%o", attr_val_p->mode);
00708 break;
00709 case A_mod_name:
00710 if(attr_val_p->mod_name)
00711 strncpy(attr_val_name, attr_val_p->mod_name, RSBAC_MAXNAMELEN - 1);
00712 else
00713 strcpy(attr_val_name, "unknown");
00714 attr_val_name[RSBAC_MAXNAMELEN - 1] = 0;
00715 break;
00716 case A_auth_add_f_cap:
00717 case A_auth_remove_f_cap:
00718 sprintf(attr_val_name, "%u:%u",
00719 attr_val_p->auth_cap_range.first,
00720 attr_val_p->auth_cap_range.last);
00721 break;
00722 case A_switch_target:
00723 get_switch_target_name(attr_val_name, attr_val_p->switch_target);
00724 break;
00725 case A_request:
00726 get_request_name(attr_val_name, attr_val_p->request);
00727 break;
00728 #endif
00729 #if defined(CONFIG_RSBAC_PAX) || !defined(__KERNEL__)
00730 case A_pax_flags:
00731 pax_print_flags(attr_val_name, attr_val_p->pax_flags);
00732 break;
00733 #endif
00734 default:
00735 snprintf(attr_val_name, RSBAC_MAXNAMELEN - 1, "%u", attr_val_p->u_dummy);
00736 }
00737 return(attr_val_name);
00738 }
00739
00740
00741 #ifdef __KERNEL__
00742 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00743 EXPORT_SYMBOL(get_scd_type_name);
00744 #endif
00745 #endif
00746
00747 char * get_scd_type_name(char * res_name,
00748 enum rsbac_scd_type_t res)
00749 {
00750 if(!res_name)
00751 return(NULL);
00752 if(res > ST_none)
00753 strcpy(res_name, "ERROR!");
00754 else
00755 strcpy(res_name, scd_type_list[res]);
00756 return(res_name);
00757 }
00758
00759 enum rsbac_scd_type_t get_scd_type_nr(const char * res_name)
00760 {
00761 enum rsbac_scd_type_t i;
00762
00763 if(!res_name)
00764 return(ST_none);
00765 for (i = 0; i < ST_none; i++)
00766 {
00767 if (!strcmp(res_name, scd_type_list[i]))
00768 {
00769 return(i);
00770 }
00771 }
00772 return(ST_none);
00773 }
00774
00775
00776 #ifdef __KERNEL__
00777 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00778 EXPORT_SYMBOL(get_target_name);
00779 #endif
00780 #endif
00781
00782 char * get_target_name(char * target_type_name,
00783 enum rsbac_target_t target,
00784 char * target_id_name,
00785 union rsbac_target_id_t tid)
00786 {
00787 #ifdef __KERNEL__
00788 char * help_name;
00789 #else
00790 char help_name[RSBAC_MAXNAMELEN+4];
00791 #endif
00792
00793 if(!target_type_name)
00794 return(NULL);
00795
00796 #ifdef __KERNEL__
00797 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00798 help_name = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + 4);
00799 #else
00800 help_name = rsbac_kmalloc(RSBAC_MAXNAMELEN + 4);
00801 #endif
00802 if(!help_name)
00803 return NULL;
00804 #endif
00805
00806 switch(target)
00807 {
00808 #ifdef __KERNEL__
00809 case T_FD: strcpy (target_type_name, "FD");
00810 if(!target_id_name)
00811 break;
00812 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00813 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00814 tid.file.inode);
00815 if( tid.file.dentry_p
00816 && tid.file.dentry_p->d_name.name
00817 && tid.file.dentry_p->d_name.len
00818 )
00819 {
00820 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00821 if(rsbac_get_full_path(tid.file.dentry_p, help_name,
00822 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00823 {
00824 strcat(target_id_name, " Path ");
00825 strcat(target_id_name, help_name);
00826 }
00827 #else
00828 int namelen = rsbac_min(tid.file.dentry_p->d_name.len, RSBAC_MAXNAMELEN);
00829
00830 strcat(target_id_name, " Name ");
00831 strncpy(help_name, tid.file.dentry_p->d_name.name, namelen);
00832 help_name[namelen]=0;
00833 strcat(target_id_name, help_name);
00834 #endif
00835 }
00836 break;
00837 case T_FILE: strcpy (target_type_name, "FILE");
00838 if(!target_id_name)
00839 break;
00840 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00841 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00842 tid.file.inode);
00843 if( tid.file.dentry_p
00844 && tid.file.dentry_p->d_name.name
00845 && tid.file.dentry_p->d_name.len
00846 )
00847 {
00848 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00849 if(rsbac_get_full_path(tid.file.dentry_p, help_name,
00850 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00851 {
00852 strcat(target_id_name, " Path ");
00853 strcat(target_id_name, help_name);
00854 }
00855 #else
00856 int namelen = rsbac_min(tid.file.dentry_p->d_name.len, RSBAC_MAXNAMELEN);
00857
00858 strcat(target_id_name, " Name ");
00859 strncpy(help_name, tid.file.dentry_p->d_name.name, namelen);
00860 help_name[namelen]=0;
00861 strcat(target_id_name, help_name);
00862 #endif
00863 }
00864 break;
00865 case T_DIR: strcpy (target_type_name, "DIR");
00866 if(!target_id_name)
00867 break;
00868 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00869 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00870 tid.dir.inode);
00871 if( tid.dir.dentry_p
00872 && tid.dir.dentry_p->d_name.name
00873 && tid.dir.dentry_p->d_name.len
00874 )
00875 {
00876 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00877 if(rsbac_get_full_path(tid.dir.dentry_p, help_name,
00878 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00879 {
00880 strcat(target_id_name, " Path ");
00881 strcat(target_id_name, help_name);
00882 }
00883 #else
00884 int namelen = rsbac_min(tid.dir.dentry_p->d_name.len, RSBAC_MAXNAMELEN);
00885
00886 strcat(target_id_name, " Name ");
00887 strncpy(help_name, tid.dir.dentry_p->d_name.name, namelen);
00888 help_name[namelen]=0;
00889 strcat(target_id_name, help_name);
00890 #endif
00891 }
00892 break;
00893 case T_FIFO: strcpy (target_type_name, "FIFO");
00894 if(!target_id_name)
00895 break;
00896 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00897 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00898 tid.fifo.inode);
00899 if( tid.fifo.dentry_p
00900 && tid.fifo.dentry_p->d_name.name
00901 && tid.fifo.dentry_p->d_name.len
00902 )
00903 {
00904 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00905 if(rsbac_get_full_path(tid.fifo.dentry_p, help_name,
00906 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00907 {
00908 strcat(target_id_name, " Path ");
00909 strcat(target_id_name, help_name);
00910 }
00911 #else
00912 int namelen = rsbac_min(tid.fifo.dentry_p->d_name.len, RSBAC_MAXNAMELEN);
00913
00914 strcat(target_id_name, " Name ");
00915 strncpy(help_name, tid.fifo.dentry_p->d_name.name, namelen);
00916 help_name[namelen]=0;
00917 strcat(target_id_name, help_name);
00918 #endif
00919 }
00920 break;
00921 case T_SYMLINK: strcpy (target_type_name, "SYMLINK");
00922 if(!target_id_name)
00923 break;
00924 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00925 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00926 tid.symlink.inode);
00927 if( tid.symlink.dentry_p
00928 && tid.symlink.dentry_p->d_name.name
00929 && tid.symlink.dentry_p->d_name.len
00930 )
00931 {
00932 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00933 if(rsbac_get_full_path(tid.symlink.dentry_p, help_name,
00934 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00935 {
00936 strcat(target_id_name, " Path ");
00937 strcat(target_id_name, help_name);
00938 }
00939 #else
00940 int namelen = rsbac_min(tid.symlink.dentry_p->d_name.len, RSBAC_MAXNAMELEN);
00941
00942 strcat(target_id_name, " Name ");
00943 strncpy(help_name, tid.symlink.dentry_p->d_name.name, namelen);
00944 help_name[namelen]=0;
00945 strcat(target_id_name, help_name);
00946 #endif
00947 }
00948 break;
00949 case T_DEV: strcpy (target_type_name, "DEV");
00950 if(!target_id_name)
00951 break;
00952 if(tid.dev.type == D_block)
00953 sprintf(target_id_name, "block %02u:%02u",
00954 RSBAC_MAJOR(tid.dev.id), RSBAC_MINOR(tid.dev.id));
00955 else
00956 sprintf(target_id_name, "char %02u:%02u",
00957 RSBAC_MAJOR(tid.dev.id), RSBAC_MINOR(tid.dev.id));
00958 break;
00959 case T_NETOBJ: strcpy (target_type_name, "NETOBJ");
00960 if(!target_id_name)
00961 break;
00962 #ifdef CONFIG_NET
00963 if( tid.netobj.sock_p
00964 && tid.netobj.sock_p->ops
00965 && tid.netobj.sock_p->sk
00966 )
00967 {
00968 char type_name[RSBAC_MAXNAMELEN];
00969
00970 switch(tid.netobj.sock_p->ops->family)
00971 {
00972 case AF_INET:
00973 {
00974 __u32 saddr;
00975 __u16 sport;
00976 __u32 daddr;
00977 __u16 dport;
00978 struct net_device *dev;
00979 char ldevname[RSBAC_IFNAMSIZ+10];
00980 char rdevname[RSBAC_IFNAMSIZ+10];
00981
00982 if(tid.netobj.local_addr)
00983 {
00984 struct sockaddr_in * addr = tid.netobj.local_addr;
00985
00986 saddr = addr->sin_addr.s_addr;
00987 sport = ntohs(addr->sin_port);
00988 }
00989 else
00990 {
00991 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00992 saddr = inet_sk(tid.netobj.sock_p->sk)->saddr;
00993 sport = inet_sk(tid.netobj.sock_p->sk)->num;
00994 #else
00995 saddr = tid.netobj.sock_p->sk->saddr;
00996 sport = tid.netobj.sock_p->sk->num;
00997 #endif
00998 }
00999 if(tid.netobj.remote_addr)
01000 {
01001 struct sockaddr_in * addr = tid.netobj.remote_addr;
01002
01003 daddr = addr->sin_addr.s_addr;
01004 dport = ntohs(addr->sin_port);
01005 }
01006 else
01007 {
01008 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01009 daddr = inet_sk(tid.netobj.sock_p->sk)->daddr;
01010 dport = ntohs(inet_sk(tid.netobj.sock_p->sk)->dport);
01011 #else
01012 daddr = tid.netobj.sock_p->sk->daddr;
01013 dport = ntohs(tid.netobj.sock_p->sk->dport);
01014 #endif
01015 }
01016 dev = ip_dev_find(saddr);
01017 if(dev)
01018 {
01019 sprintf(ldevname, "%s:", dev->name);
01020 dev_put(dev);
01021 }
01022 else
01023 ldevname[0] = 0;
01024 dev = ip_dev_find(daddr);
01025 if(dev)
01026 {
01027 sprintf(rdevname, "%s:", dev->name);
01028 dev_put(dev);
01029 }
01030 else
01031 rdevname[0] = 0;
01032 sprintf(target_id_name, "%p INET %s proto %s local %s%u.%u.%u.%u:%u remote %s%u.%u.%u.%u:%u",
01033 tid.netobj.sock_p,
01034 rsbac_get_net_type_name(type_name,
01035 tid.netobj.sock_p->type),
01036 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01037 rsbac_get_net_protocol_name(help_name,
01038 tid.netobj.sock_p->sk->sk_protocol),
01039 #else
01040 rsbac_get_net_protocol_name(help_name,
01041 tid.netobj.sock_p->sk->protocol),
01042 #endif
01043 ldevname,
01044 NIPQUAD(saddr),
01045 sport,
01046 rdevname,
01047 NIPQUAD(daddr),
01048 dport);
01049 }
01050 break;
01051 case AF_UNIX:
01052 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01053 if(unix_sk(tid.netobj.sock_p->sk)->addr)
01054 sprintf(target_id_name, "%p UNIX %s %s",
01055 tid.netobj.sock_p,
01056 rsbac_get_net_type_name(type_name,
01057 tid.netobj.sock_p->type),
01058 unix_sk(tid.netobj.sock_p->sk)->addr->name[0].sun_path);
01059 #else
01060 if(tid.netobj.sock_p->sk->protinfo.af_unix.addr)
01061 sprintf(target_id_name, "%p UNIX %s %s",
01062 tid.netobj.sock_p,
01063 rsbac_get_net_type_name(type_name,
01064 tid.netobj.sock_p->type),
01065 tid.netobj.sock_p->sk->protinfo.af_unix.addr->name[0].sun_path);
01066 #endif
01067 else
01068 if(tid.netobj.local_addr)
01069 {
01070 struct sockaddr_un * addr = tid.netobj.local_addr;
01071
01072 sprintf(target_id_name, "%p UNIX %s %s",
01073 tid.netobj.sock_p,
01074 rsbac_get_net_type_name(type_name,
01075 tid.netobj.sock_p->type),
01076 addr->sun_path);
01077 }
01078 else
01079 sprintf(target_id_name, "%p UNIX %s",
01080 tid.netobj.sock_p,
01081 rsbac_get_net_type_name(type_name,
01082 tid.netobj.sock_p->type));
01083 break;
01084 default:
01085 sprintf(target_id_name, "%p %s %s",
01086 tid.netobj.sock_p,
01087 rsbac_get_net_family_name(help_name,
01088 tid.netobj.sock_p->ops->family),
01089 rsbac_get_net_type_name(type_name,
01090 tid.netobj.sock_p->type));
01091 }
01092 }
01093 else
01094 #endif
01095 {
01096 sprintf(target_id_name, "%p", tid.netobj.sock_p);
01097 }
01098 break;
01099 #endif
01100 case T_IPC: strcpy (target_type_name, "IPC");
01101 if(!target_id_name)
01102 break;
01103 switch (tid.ipc.type)
01104 {
01105 case I_sem: strcpy(target_id_name, "Sem-ID ");
01106 break;
01107 case I_msg: strcpy(target_id_name, "Msg-ID ");
01108 break;
01109 case I_shm: strcpy(target_id_name, "Shm-ID ");
01110 break;
01111 default: strcpy(target_id_name, "???-ID ");
01112 break;
01113 };
01114 ulongtostr(help_name, tid.ipc.id.id_nr);
01115 strcat(target_id_name, help_name);
01116 break;
01117 case T_SCD: strcpy (target_type_name, "SCD");
01118 if(!target_id_name)
01119 break;
01120 get_scd_type_name(target_id_name, tid.scd);
01121 break;
01122 case T_USER: strcpy (target_type_name, "USER");
01123 if(!target_id_name)
01124 break;
01125 inttostr(target_id_name, tid.user);
01126 break;
01127 case T_PROCESS: strcpy (target_type_name, "PROCESS");
01128 if(!target_id_name)
01129 break;
01130 ulongtostr(target_id_name, tid.process);
01131 break;
01132 case T_GROUP: strcpy (target_type_name, "GROUP");
01133 if(!target_id_name)
01134 break;
01135 inttostr(target_id_name, tid.group);
01136 break;
01137 case T_NETDEV: strcpy (target_type_name, "NETDEV");
01138 if(!target_id_name)
01139 break;
01140 strncpy(target_id_name, tid.netdev, RSBAC_IFNAMSIZ);
01141 target_id_name[RSBAC_IFNAMSIZ] = 0;
01142 break;
01143 case T_NETTEMP: strcpy (target_type_name, "NETTEMP");
01144 if(!target_id_name)
01145 break;
01146 sprintf(target_id_name, "%u", tid.nettemp);
01147 break;
01148 case T_NETTEMP_NT: strcpy (target_type_name, "NETTEMP_NT");
01149 if(!target_id_name)
01150 break;
01151 sprintf(target_id_name, "%u", tid.nettemp);
01152 break;
01153 case T_NONE: strcpy (target_type_name, "NONE");
01154 if(!target_id_name)
01155 break;
01156 strcpy (target_id_name, "NONE");
01157 break;
01158 default: strcpy (target_type_name, "ERROR!!!");
01159 if(!target_id_name)
01160 break;
01161 sprintf(target_id_name, "%u", target);
01162 };
01163 #ifdef __KERNEL__
01164 rsbac_kfree(help_name);
01165 #endif
01166 return(target_type_name);
01167 }
01168
01169 char * get_target_name_only(char * target_type_name,
01170 enum rsbac_target_t target)
01171 {
01172 if(!target_type_name)
01173 return(NULL);
01174
01175 switch(target)
01176 {
01177 case T_FILE: strcpy (target_type_name, "FILE");
01178 break;
01179 case T_DIR: strcpy (target_type_name, "DIR");
01180 break;
01181 case T_FIFO: strcpy (target_type_name, "FIFO");
01182 break;
01183 case T_SYMLINK: strcpy (target_type_name, "SYMLINK");
01184 break;
01185 case T_FD: strcpy (target_type_name, "FD");
01186 break;
01187 case T_DEV: strcpy (target_type_name, "DEV");
01188 break;
01189 case T_NETOBJ: strcpy (target_type_name, "NETOBJ");
01190 break;
01191 case T_IPC: strcpy (target_type_name, "IPC");
01192 break;
01193 case T_SCD: strcpy (target_type_name, "SCD");
01194 break;
01195 case T_USER: strcpy (target_type_name, "USER");
01196 break;
01197 case T_PROCESS: strcpy (target_type_name, "PROCESS");
01198 break;
01199 case T_GROUP: strcpy (target_type_name, "GROUP");
01200 break;
01201 case T_NETDEV: strcpy (target_type_name, "NETDEV");
01202 break;
01203 case T_NETTEMP: strcpy (target_type_name, "NETTEMP");
01204 break;
01205 case T_NETTEMP_NT: strcpy (target_type_name, "NETTEMP_NT");
01206 break;
01207 case T_NONE: strcpy (target_type_name, "NONE");
01208 break;
01209 default: strcpy (target_type_name, "ERROR!!!");
01210 };
01211 return(target_type_name);
01212 }
01213
01214 enum rsbac_target_t get_target_nr(const char * target_name)
01215 {
01216 enum rsbac_target_t i;
01217
01218 if(!target_name)
01219 return(T_NONE);
01220 for (i = 0; i < T_NONE; i++)
01221 {
01222 if (!strcmp(target_name,target_list[i]))
01223 {
01224 return(i);
01225 }
01226 }
01227 return(T_NONE);
01228 }
01229
01230 char * get_ipc_target_name(char * ipc_name,
01231 enum rsbac_ipc_type_t target)
01232 {
01233 if(!ipc_name)
01234 return(NULL);
01235 if(target > I_none)
01236 strcpy(ipc_name, "ERROR!");
01237 else
01238 strcpy(ipc_name, ipc_target_list[target]);
01239 return(ipc_name);
01240 }
01241
01242 enum rsbac_ipc_type_t get_ipc_target_nr(const char * ipc_name)
01243 {
01244 enum rsbac_ipc_type_t i;
01245
01246 if(!ipc_name)
01247 return(I_none);
01248 for (i = 0; i < I_none; i++)
01249 {
01250 if (!strcmp(ipc_name,ipc_target_list[i]))
01251 {
01252 return(i);
01253 }
01254 }
01255 return(I_none);
01256 }
01257
01258
01259 #ifdef __KERNEL__
01260 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01261 EXPORT_SYMBOL(get_switch_target_name);
01262 #endif
01263 #endif
01264
01265 char * get_switch_target_name(char * switch_name,
01266 enum rsbac_switch_target_t target)
01267 {
01268 if(!switch_name)
01269 return(NULL);
01270 if(target > SW_NONE)
01271 strcpy(switch_name, "ERROR!");
01272 else
01273 strcpy(switch_name, switch_target_list[target]);
01274 return(switch_name);
01275 }
01276
01277 enum rsbac_switch_target_t get_switch_target_nr(const char * switch_name)
01278 {
01279 enum rsbac_switch_target_t i;
01280
01281 if(!switch_name)
01282 return(SW_NONE);
01283 for (i = 0; i < SW_NONE; i++)
01284 {
01285 #ifdef __KERNEL__
01286 if (!strncmp(switch_name,switch_target_list[i],strlen(switch_target_list[i])))
01287 #else
01288 if (!strcmp(switch_name,switch_target_list[i]))
01289 #endif
01290 {
01291 return(i);
01292 }
01293 }
01294 return(SW_NONE);
01295 }
01296
01297
01298 #ifdef __KERNEL__
01299 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01300 EXPORT_SYMBOL(get_error_name);
01301 #endif
01302 #endif
01303
01304 char * get_error_name(char * error_name,
01305 int error)
01306 {
01307 if(!error_name)
01308 return(NULL);
01309 if(RSBAC_ERROR(error))
01310 strcpy(error_name, error_list[(-error)-RSBAC_EPERM]);
01311 else
01312 #ifdef __KERNEL__
01313 inttostr(error_name, error);
01314 #else
01315 strcpy(error_name, strerror(errno));
01316 #endif
01317 return(error_name);
01318 }
01319
01320 #ifndef __KERNEL__
01321 char * get_attribute_param( char * attr_name,
01322 enum rsbac_attribute_t attr)
01323 {
01324 if(!attr_name)
01325 return(NULL);
01326 if(attr > A_none)
01327 strcpy(attr_name, "ERROR!");
01328 else
01329 strcpy(attr_name, attribute_param_list[attr]);
01330 return(attr_name);
01331 }
01332 #endif
01333
01334 char * get_log_level_name(char * ll_name,
01335 enum rsbac_log_level_t target)
01336 {
01337 if(!ll_name)
01338 return(NULL);
01339 if(target > LL_invalid)
01340 strcpy(ll_name, "ERROR!");
01341 else
01342 strcpy(ll_name, log_level_list[target]);
01343 return(ll_name);
01344 }
01345
01346 enum rsbac_log_level_t get_log_level_nr(const char * ll_name)
01347 {
01348 enum rsbac_log_level_t i;
01349
01350 if(!ll_name)
01351 return(LL_invalid);
01352 for (i = 0; i < LL_invalid; i++)
01353 {
01354 if (!strcmp(ll_name,log_level_list[i]))
01355 {
01356 return(i);
01357 }
01358 }
01359 return(LL_invalid);
01360 }
01361
