00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011 #include <linux/types.h>
00012 #include <linux/version.h>
00013 #include <linux/fs.h>
00014 #include <linux/sched.h>
00015 #include <linux/quotaops.h>
00016 #include <linux/proc_fs.h>
00017 #include <linux/msdos_fs.h>
00018 #include <linux/iso_fs.h>
00019 #include <linux/nfs_fs.h>
00020 #include <linux/ext2_fs.h>
00021 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00022 #include <linux/coda.h>
00023 #include <linux/initrd.h>
00024 #include <linux/security.h>
00025
00026 #include <linux/syscalls.h>
00027 #endif
00028 #include <linux/coda_psdev.h>
00029 #include <linux/ncp_fs.h>
00030 #include <linux/smb.h>
00031 #include <linux/dnotify.h>
00032 #include <linux/mm.h>
00033 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00034 #include <linux/blkdev.h>
00035 #else
00036 #include <linux/blk.h>
00037 #endif
00038 #include <linux/init.h>
00039 #include <linux/config.h>
00040 #include <linux/module.h>
00041 #include <linux/netdevice.h>
00042 #include <linux/inetdevice.h>
00043 #include <asm/uaccess.h>
00044 #include <asm/atomic.h>
00045 #include <rsbac/types.h>
00046 #include <rsbac/aci.h>
00047 #include <rsbac/aci_data_structures.h>
00048 #include <rsbac/error.h>
00049 #include <rsbac/helpers.h>
00050 #include <rsbac/fs.h>
00051 #include <rsbac/getname.h>
00052 #include <rsbac/net_getname.h>
00053 #include <rsbac/adf.h>
00054 #include <rsbac/adf_main.h>
00055 #include <rsbac/reg.h>
00056 #include <rsbac/rkmem.h>
00057 #include <rsbac/gen_lists.h>
00058 #include <linux/string.h>
00059 #include <linux/kdev_t.h>
00060 #include <linux/smp_lock.h>
00061
00062 #ifdef CONFIG_RSBAC_MAC
00063 #include <rsbac/mac.h>
00064 #endif
00065
00066 #ifdef CONFIG_RSBAC_PM
00067 #include <rsbac/pm.h>
00068 #endif
00069
00070 #ifdef CONFIG_RSBAC_DAZ
00071 #include <rsbac/daz.h>
00072 #endif
00073
00074 #if defined(CONFIG_RSBAC_RC)
00075 #include <rsbac/rc.h>
00076 #endif
00077
00078 #if defined(CONFIG_RSBAC_AUTH)
00079 #include <rsbac/auth.h>
00080 #endif
00081
00082 #if defined(CONFIG_RSBAC_ACL)
00083 #include <rsbac/acl.h>
00084 #endif
00085
00086 #if defined(CONFIG_RSBAC_PAX) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
00087 #include <rsbac/pax.h>
00088 #endif
00089
00090 #ifdef CONFIG_RSBAC_UM
00091 #include <rsbac/um.h>
00092 #endif
00093
00094 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
00095 #include <linux/unistd.h>
00096 #include <linux/timer.h>
00097 static u_int auto_interval = CONFIG_RSBAC_AUTO_WRITE * HZ;
00098 #endif
00099
00100 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
00101 || defined(CONFIG_RSBAC_INIT_THREAD)
00102 static DECLARE_WAIT_QUEUE_HEAD(rsbacd_wait);
00103 static struct timer_list rsbac_timer;
00104 #endif
00105
00106 #if defined(CONFIG_RSBAC_NET_OBJ)
00107 #include <rsbac/network.h>
00108 #endif
00109
00110
00111
00112
00113
00114
00115
00116
00117
00118 static rsbac_boolean_t rsbac_initialized = FALSE;
00119
00120 static char compiled_modules[80];
00121
00122 kdev_t rsbac_root_dev;
00123 #if defined(CONFIG_RSBAC_REG)
00124 EXPORT_SYMBOL(rsbac_root_dev);
00125 #endif
00126 DECLARE_MUTEX(rsbac_write_sem);
00127
00128 static struct rsbac_device_list_head_t device_list_head;
00129 static struct rsbac_dev_handles_t dev_handles;
00130 static struct rsbac_ipc_handles_t ipc_handles;
00131 static struct rsbac_user_handles_t user_handles;
00132 #ifdef CONFIG_RSBAC_UM
00133 static struct rsbac_group_handles_t group_handles;
00134 #endif
00135 static struct rsbac_process_handles_t process_handles;
00136
00137 #ifdef CONFIG_RSBAC_NET_DEV
00138 static struct rsbac_netdev_handles_t netdev_handles;
00139 #endif
00140 #ifdef CONFIG_RSBAC_NET_OBJ
00141 static rsbac_list_handle_t net_temp_handle;
00142 static struct rsbac_nettemp_handles_t nettemp_handles;
00143 static struct rsbac_lnetobj_handles_t lnetobj_handles;
00144 static struct rsbac_rnetobj_handles_t rnetobj_handles;
00145 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
00146 static struct rsbac_gen_netobj_aci_t def_gen_netobj_aci = DEFAULT_GEN_NETOBJ_ACI;
00147 #endif
00148 #endif
00149
00150
00151
00152
00153 static struct rsbac_gen_fd_aci_t def_gen_root_dir_aci = DEFAULT_GEN_ROOT_DIR_ACI;
00154 static struct rsbac_gen_fd_aci_t def_gen_fd_aci = DEFAULT_GEN_FD_ACI;
00155
00156 #if defined(CONFIG_RSBAC_MAC)
00157 static struct rsbac_mac_fd_aci_t def_mac_root_dir_aci = DEFAULT_MAC_ROOT_DIR_ACI;
00158 static struct rsbac_mac_fd_aci_t def_mac_fd_aci = DEFAULT_MAC_FD_ACI;
00159 #endif
00160 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00161 static rsbac_time_t rsbac_daz_ttl = CONFIG_RSBAC_DAZ_TTL;
00162 #endif
00163 #if defined(CONFIG_RSBAC_PM)
00164 static struct rsbac_pm_fd_aci_t def_pm_fd_aci = DEFAULT_PM_FD_ACI;
00165 #endif
00166 #if defined(CONFIG_RSBAC_RC)
00167 static struct rsbac_rc_fd_aci_t def_rc_root_dir_aci = DEFAULT_RC_ROOT_DIR_ACI;
00168 static struct rsbac_rc_fd_aci_t def_rc_fd_aci = DEFAULT_RC_FD_ACI;
00169 #endif
00170 #if defined(CONFIG_RSBAC_RES)
00171 static struct rsbac_res_fd_aci_t def_res_fd_aci = DEFAULT_RES_FD_ACI;
00172 #endif
00173
00174 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00175 #include <rsbac/proc_fs.h>
00176
00177 #ifdef CONFIG_RSBAC_XSTATS
00178 static u_long get_attr_count[T_NONE] = {0,0,0,0,0,0,0};
00179 static u_long set_attr_count[T_NONE] = {0,0,0,0,0,0,0};
00180 static u_long remove_count[T_NONE] = {0,0,0,0,0,0,0};
00181 #endif
00182
00183 #if defined(CONFIG_RSBAC_REG)
00184 EXPORT_SYMBOL(proc_rsbac_root_p);
00185 #endif
00186 struct proc_dir_entry * proc_rsbac_root_p = NULL;
00187
00188 #if defined(CONFIG_RSBAC_REG)
00189 EXPORT_SYMBOL(proc_rsbac_backup_p);
00190 #endif
00191 struct proc_dir_entry * proc_rsbac_backup_p = NULL;
00192
00193 #endif
00194
00195 #ifdef CONFIG_DEVFS_MOUNT
00196 #include <linux/devfs_fs_kernel.h>
00197 static struct dentry * devfs_covered_p = NULL;
00198 static struct super_block * devfs_sb_p = NULL;
00199 #endif
00200
00201 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00202 static struct dentry * sysfs_covered_p = NULL;
00203 static struct super_block * sysfs_sb_p = NULL;
00204 #endif
00205
00206 #ifdef CONFIG_RSBAC_MAC
00207 static struct rsbac_mac_process_aci_t mac_init_p_aci = DEFAULT_MAC_P_INIT_ACI;
00208 #endif
00209 #ifdef CONFIG_RSBAC_RC
00210 static struct rsbac_rc_process_aci_t rc_kernel_p_aci = DEFAULT_RC_P_KERNEL_ACI;
00211 #endif
00212
00213
00214
00215
00216
00217 static struct rsbac_device_list_item_t * lookup_device(kdev_t);
00218
00219
00220
00221
00222
00223 static inline int gen_fd_hash(u_long inode)
00224 {
00225 return(inode % RSBAC_GEN_NR_FD_LISTS);
00226 }
00227 #if defined(CONFIG_RSBAC_MAC)
00228 static inline int mac_fd_hash(u_long inode)
00229 {
00230 return(inode % RSBAC_MAC_NR_FD_LISTS);
00231 }
00232 static inline int mac_p_hash(rsbac_pid_t pid)
00233 {
00234 return(pid % CONFIG_RSBAC_MAC_NR_P_LISTS);
00235 }
00236 #endif
00237 #if defined(CONFIG_RSBAC_FC)
00238 static inline int fc_fd_hash(u_long inode)
00239 {
00240 return(inode % RSBAC_FC_NR_FD_LISTS);
00241 }
00242 #endif
00243 #if defined(CONFIG_RSBAC_SIM)
00244 static inline int sim_fd_hash(u_long inode)
00245 {
00246 return(inode % RSBAC_SIM_NR_FD_LISTS);
00247 }
00248 #endif
00249 #if defined(CONFIG_RSBAC_PM)
00250 static inline int pm_fd_hash(u_long inode)
00251 {
00252 return(inode % RSBAC_PM_NR_FD_LISTS);
00253 }
00254 #endif
00255 #if defined(CONFIG_RSBAC_DAZ)
00256 static inline int daz_fd_hash(u_long inode)
00257 {
00258 return(inode % RSBAC_DAZ_NR_FD_LISTS);
00259 }
00260 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00261 static inline int daz_scanned_fd_hash(u_long inode)
00262 {
00263 return(inode % RSBAC_DAZ_SCANNED_NR_FD_LISTS);
00264 }
00265 #endif
00266 #endif
00267 #if defined(CONFIG_RSBAC_FF)
00268 static inline int ff_fd_hash(u_long inode)
00269 {
00270 return(inode % RSBAC_FF_NR_FD_LISTS);
00271 }
00272 #endif
00273 #if defined(CONFIG_RSBAC_RC)
00274 static inline int rc_fd_hash(u_long inode)
00275 {
00276 return(inode % RSBAC_RC_NR_FD_LISTS);
00277 }
00278 static inline int rc_p_hash(rsbac_pid_t pid)
00279 {
00280 return(pid % CONFIG_RSBAC_RC_NR_P_LISTS);
00281 }
00282 #endif
00283 #if defined(CONFIG_RSBAC_AUTH)
00284 static inline int auth_fd_hash(u_long inode)
00285 {
00286 return(inode % RSBAC_AUTH_NR_FD_LISTS);
00287 }
00288 #endif
00289 #if defined(CONFIG_RSBAC_CAP)
00290 static inline int cap_fd_hash(u_long inode)
00291 {
00292 return(inode % RSBAC_CAP_NR_FD_LISTS);
00293 }
00294 #endif
00295 #if defined(CONFIG_RSBAC_JAIL)
00296 static inline int jail_p_hash(rsbac_pid_t pid)
00297 {
00298 return(pid % CONFIG_RSBAC_JAIL_NR_P_LISTS);
00299 }
00300 #endif
00301 #if defined(CONFIG_RSBAC_PAX)
00302 static inline int pax_fd_hash(u_long inode)
00303 {
00304 return(inode % RSBAC_PAX_NR_FD_LISTS);
00305 }
00306 #endif
00307 #if defined(CONFIG_RSBAC_RES)
00308 static inline int res_fd_hash(u_long inode)
00309 {
00310 return(inode % RSBAC_RES_NR_FD_LISTS);
00311 }
00312 #endif
00313
00314
00315
00316
00317
00318
00319
00320
00321
00322
00323 rsbac_boolean_t writable(struct super_block * sb_p)
00324 {
00325 #ifdef CONFIG_RSBAC_NO_WRITE
00326 return(FALSE);
00327 #else
00328 if (!sb_p || !sb_p->s_dev)
00329 return(FALSE);
00330 if (
00331 rsbac_debug_no_write ||
00332 (sb_p->s_flags & MS_RDONLY)
00333 || in_interrupt())
00334 return(FALSE);
00335 if ( !MAJOR(sb_p->s_dev)
00336 #ifndef CONFIG_RSBAC_MSDOS_WRITE
00337 || (sb_p->s_magic == MSDOS_SUPER_MAGIC)
00338 #endif
00339 || (sb_p->s_magic == SOCKFS_MAGIC)
00340 || (sb_p->s_magic == PIPEFS_MAGIC)
00341 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00342 || (sb_p->s_magic == SYSFS_MAGIC)
00343 #endif
00344 || (sb_p->s_magic == NFS_SUPER_MAGIC)
00345 || (sb_p->s_magic == CODA_SUPER_MAGIC)
00346 || (sb_p->s_magic == NCP_SUPER_MAGIC)
00347 || (sb_p->s_magic == SMB_SUPER_MAGIC)
00348 || (sb_p->s_magic == ISOFS_SUPER_MAGIC))
00349 return(FALSE);
00350 else
00351 return(TRUE);
00352 #endif
00353 }
00354
00355
00356
00357
00358
00359
00360 static int lookup_aci_path_dentry(struct super_block * sb_p,
00361 struct dentry ** dir_dentry_pp,
00362 rsbac_boolean_t create_dir,
00363 kdev_t kdev)
00364 {
00365 struct dentry * dir_dentry_p = NULL;
00366 struct dentry * root_dentry_p = NULL;
00367 int err=0;
00368 struct rsbac_device_list_item_t * device_p;
00369 u_long dflags;
00370
00371 if(!dir_dentry_pp)
00372 return(-RSBAC_EINVALIDPOINTER);
00373
00374 if(!sb_p)
00375 {
00376 sb_p = rsbac_get_super_block(kdev);
00377 if (!sb_p)
00378 {
00379 #ifdef CONFIG_RSBAC_RMSG
00380 rsbac_printk(KERN_WARNING
00381 "lookup_aci_path_dentry(): invalid device %02u:%02u\n",
00382 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00383 #endif
00384 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00385 if (!rsbac_nosyslog)
00386 #endif
00387 printk(KERN_WARNING
00388 "lookup_aci_path_dentry(): invalid device %02u:%02u\n",
00389 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00390 return (-RSBAC_EINVALIDDEV);
00391 }
00392 }
00393
00394
00395 if( (sb_p->s_magic == PIPEFS_MAGIC)
00396 || (sb_p->s_magic == SOCKFS_MAGIC)
00397 )
00398 {
00399 return -RSBAC_ENOTFOUND;
00400 }
00401
00402 rsbac_read_lock(&device_list_head.lock, &dflags);
00403 device_p = lookup_device(kdev);
00404 if(!device_p)
00405 {
00406 #ifdef CONFIG_RSBAC_RMSG
00407 rsbac_printk(KERN_WARNING
00408 "lookup_aci_path_dentry(): No entry for device %02u:%02u\n",
00409 MAJOR(kdev), MINOR(kdev));
00410 #endif
00411 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00412 if (!rsbac_nosyslog)
00413 #endif
00414 printk(KERN_WARNING
00415 "lookup_aci_path_dentry(): No entry for device %02u:%02u\n",
00416 MAJOR(kdev), MINOR(kdev));
00417 rsbac_read_unlock(&device_list_head.lock, &dflags);
00418 return(-RSBAC_EINVALIDDEV);
00419 }
00420
00421 if(device_p->rsbac_dir_dentry_p)
00422 {
00423 *dir_dentry_pp = device_p->rsbac_dir_dentry_p;
00424 #ifdef CONFIG_RSBAC_DEBUG
00425 if(rsbac_debug_ds)
00426 {
00427 #ifdef CONFIG_RSBAC_RMSG
00428 rsbac_printk(KERN_DEBUG
00429 "lookup_aci_path_dentry(): device_p->rsbac_dir_dentry_p->d_count for device %02u:%02u is %i!\n",
00430 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00431 atomic_read(&device_p->rsbac_dir_dentry_p->d_count));
00432 #endif
00433 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00434 if (!rsbac_nosyslog)
00435 #endif
00436 printk(KERN_DEBUG
00437 "lookup_aci_path_dentry(): device_p->rsbac_dir_dentry_p->d_count for device %02u:%02u is %i!\n",
00438 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00439 atomic_read(&device_p->rsbac_dir_dentry_p->d_count));
00440 }
00441 #endif
00442 rsbac_read_unlock(&device_list_head.lock, &dflags);
00443 return(0);
00444 }
00445
00446 rsbac_read_unlock(&device_list_head.lock, &dflags);
00447
00448 #ifdef CONFIG_RSBAC_DEBUG
00449 if(rsbac_debug_ds)
00450 {
00451 #ifdef CONFIG_RSBAC_RMSG
00452 rsbac_printk(KERN_DEBUG
00453 "lookup_aci_path_dentry(): first time lookup for or non-existing %s on device %02u:%02u!\n",
00454 RSBAC_ACI_PATH,
00455 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00456 #endif
00457 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00458 if (!rsbac_nosyslog)
00459 #endif
00460 printk(KERN_DEBUG
00461 "lookup_aci_path_dentry(): first time lookup for or non-existing %s on device %02u:%02u!\n",
00462 RSBAC_ACI_PATH,
00463 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00464 }
00465 #endif
00466 if (!sb_p->s_root)
00467 {
00468 #ifdef CONFIG_RSBAC_RMSG
00469 rsbac_printk(KERN_WARNING
00470 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n",
00471 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00472 #endif
00473 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00474 if (!rsbac_nosyslog)
00475 #endif
00476 printk(KERN_WARNING
00477 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n",
00478 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00479 err = -RSBAC_EINVALIDDEV;
00480 goto out;
00481 }
00482
00483 if (!sb_p->s_root->d_inode)
00484 {
00485 #ifdef CONFIG_RSBAC_RMSG
00486 rsbac_printk(KERN_WARNING
00487 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n",
00488 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00489 #endif
00490 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00491 if (!rsbac_nosyslog)
00492 #endif
00493 printk(KERN_WARNING
00494 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n",
00495 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00496 err = -RSBAC_EINVALIDDEV;
00497 goto out;
00498 }
00499
00500
00501 #ifdef CONFIG_RSBAC_DEBUG
00502 if(rsbac_debug_ds)
00503 {
00504 #ifdef CONFIG_RSBAC_RMSG
00505 rsbac_printk(KERN_DEBUG
00506 "lookup_aci_path_dentry(): lookup rsbac path %s for device %02u:%02u, sb_p->s_root->d_count is %i!\n",
00507 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00508 atomic_read(&sb_p->s_root->d_count));
00509 #endif
00510 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00511 if (!rsbac_nosyslog)
00512 #endif
00513 printk(KERN_DEBUG
00514 "lookup_aci_path_dentry(): lookup rsbac path %s for device %02u:%02u, sb_p->s_root->d_count is %i!\n",
00515 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00516 atomic_read(&sb_p->s_root->d_count));
00517 }
00518 #endif
00519 dir_dentry_p = rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root, strlen(RSBAC_ACI_PATH));
00520 if(IS_ERR(dir_dentry_p))
00521 switch(PTR_ERR(dir_dentry_p))
00522 {
00523 case -ENOENT:
00524 case -ENOTDIR:
00525 err = -RSBAC_ENOTFOUND;
00526 goto out;
00527 case -ENOMEM:
00528 #ifdef CONFIG_RSBAC_RMSG
00529 rsbac_printk(KERN_WARNING
00530 "lookup_aci_path_dentry(): memory allocation error!\n");
00531 #endif
00532 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00533 if (!rsbac_nosyslog)
00534 #endif
00535 printk(KERN_WARNING
00536 "lookup_aci_path_dentry(): memory allocation error!\n");
00537 err = -RSBAC_ENOROOTDIR;
00538 goto out;
00539 case -ENAMETOOLONG:
00540 #ifdef CONFIG_RSBAC_RMSG
00541 rsbac_printk(KERN_WARNING
00542 "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n");
00543 #endif
00544 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00545 if (!rsbac_nosyslog)
00546 #endif
00547 printk(KERN_WARNING
00548 "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n");
00549 err = -RSBAC_EPATHTOOLONG;
00550 goto out;
00551 case -EACCES:
00552 #ifdef CONFIG_RSBAC_RMSG
00553 rsbac_printk(KERN_WARNING
00554 "lookup_aci_path_dentry(): No access to ACI_PATH!\n");
00555 #endif
00556 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00557 if (!rsbac_nosyslog)
00558 #endif
00559 printk(KERN_WARNING
00560 "lookup_aci_path_dentry(): No access to ACI_PATH!\n");
00561 err = -RSBAC_EACCESS;
00562 goto out;
00563 default:
00564 #ifdef CONFIG_RSBAC_RMSG
00565 rsbac_printk(KERN_WARNING
00566 "lookup_aci_path_dentry(): Error on root dir: %li!\n",
00567 PTR_ERR(dir_dentry_p));
00568 #endif
00569 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00570 if (!rsbac_nosyslog)
00571 #endif
00572 printk(KERN_WARNING
00573 "lookup_aci_path_dentry(): Error on root dir: %li!\n",
00574 PTR_ERR(dir_dentry_p));
00575 err = -RSBAC_ENOROOTDIR;
00576 goto out;
00577 }
00578
00579 if (!dir_dentry_p)
00580 {
00581 #ifdef CONFIG_RSBAC_RMSG
00582 rsbac_printk(KERN_WARNING
00583 "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n");
00584 #endif
00585 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00586 if (!rsbac_nosyslog)
00587 #endif
00588 printk(KERN_WARNING
00589 "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n");
00590 err = -RSBAC_EINVALIDPOINTER;
00591 goto out;
00592 }
00593 if (!dir_dentry_p->d_inode)
00594 {
00595
00596 if (!create_dir)
00597 {
00598 err = -RSBAC_ENOTFOUND;
00599 goto out_dir_dput;
00600 }
00601 #ifdef CONFIG_RSBAC_DEBUG
00602 if(rsbac_debug_ds)
00603 {
00604 #ifdef CONFIG_RSBAC_RMSG
00605 rsbac_printk(KERN_DEBUG
00606 "lookup_aci_path_dentry(): try to create dir, first test writable!\n");
00607 #endif
00608 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00609 if (!rsbac_nosyslog)
00610 #endif
00611 printk(KERN_DEBUG
00612 "lookup_aci_path_dentry(): try to create dir, first test writable!\n");
00613 }
00614 #endif
00615
00616 if (!writable(sb_p))
00617 {
00618 err = -RSBAC_ENOTWRITABLE;
00619 goto out_dir_dput;
00620 }
00621 root_dentry_p = lock_parent(dir_dentry_p);
00622 err = PTR_ERR(root_dentry_p);
00623 if ( IS_ERR(root_dentry_p))
00624 {
00625 err = -RSBAC_ECOULDNOTCREATEPATH;
00626 goto out_dir_dput;
00627 }
00628 if ( !root_dentry_p->d_inode
00629 || !root_dentry_p->d_inode->i_op
00630 || !root_dentry_p->d_inode->i_op->mkdir)
00631 {
00632 unlock_dir(root_dentry_p);
00633 err = -RSBAC_ECOULDNOTCREATEPATH;
00634 goto out_dir_dput;
00635 }
00636 DQUOT_INIT(root_dentry_p->d_inode);
00637 err = root_dentry_p->d_inode->i_op->mkdir(root_dentry_p->d_inode,
00638 dir_dentry_p,
00639 RSBAC_ACI_DIR_MODE);
00640 unlock_dir(root_dentry_p);
00641 if (err)
00642 {
00643 err = -RSBAC_ECOULDNOTCREATEPATH;
00644 goto out_dir_dput;
00645 }
00646 }
00647 else
00648 {
00649 if(!S_ISDIR(dir_dentry_p->d_inode->i_mode))
00650 {
00651 #ifdef CONFIG_RSBAC_RMSG
00652 rsbac_printk(KERN_WARNING
00653 "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n",
00654 RSBAC_ACI_PATH,
00655 MAJOR(sb_p->s_dev),
00656 MINOR(sb_p->s_dev));
00657 #endif
00658 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00659 if (!rsbac_nosyslog)
00660 #endif
00661 printk(KERN_WARNING
00662 "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n",
00663 RSBAC_ACI_PATH,
00664 MAJOR(sb_p->s_dev),
00665 MINOR(sb_p->s_dev));
00666 err = -RSBAC_EACCESS;
00667 goto out_dir_dput;
00668 }
00669 }
00670 #ifdef CONFIG_RSBAC_DEBUG
00671 if(rsbac_debug_ds)
00672 {
00673 #ifdef CONFIG_RSBAC_RMSG
00674 rsbac_printk(KERN_DEBUG
00675 "lookup_aci_path_dentry(): dir_dentry_p->d_count is %i!\n",
00676 atomic_read(&dir_dentry_p->d_count));
00677 rsbac_printk(KERN_DEBUG
00678 "lookup_aci_path_dentry(): sb_p->s_root->d_count is now %i!\n",
00679 atomic_read(&sb_p->s_root->d_count));
00680 #endif
00681 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00682 if (!rsbac_nosyslog)
00683 #endif
00684 {
00685 printk(KERN_DEBUG
00686 "lookup_aci_path_dentry(): dir_dentry_p->d_count is %i!\n",
00687 atomic_read(&dir_dentry_p->d_count));
00688 printk(KERN_DEBUG
00689 "lookup_aci_path_dentry(): sb_p->s_root->d_count is now %i!\n",
00690 atomic_read(&sb_p->s_root->d_count));
00691 }
00692 }
00693 #endif
00694
00695
00696 *dir_dentry_pp = dir_dentry_p;
00697
00698
00699 rsbac_read_lock(&device_list_head.lock, &dflags);
00700 device_p = lookup_device(kdev);
00701 if(device_p && !device_p->rsbac_dir_dentry_p)
00702 {
00703 device_p->rsbac_dir_dentry_p = dir_dentry_p;
00704 device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino;
00705 }
00706 rsbac_read_unlock(&device_list_head.lock, &dflags);
00707
00708 out:
00709 return (err);
00710
00711 out_dir_dput:
00712 dput(dir_dentry_p);
00713 goto out;
00714 }
00715
00716
00717
00718
00719
00720
00721
00722
00723
00724
00725 static struct rsbac_device_list_item_t * lookup_device(kdev_t kdev)
00726 {
00727 struct rsbac_device_list_item_t * curr = device_list_head.curr;
00728
00729
00730 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00731 if(! (curr && (MAJOR(curr->id) == MAJOR(kdev)) && (MINOR(curr->id) == MINOR(kdev)) ) )
00732 #else
00733 if(! (curr && (curr->id == kdev) ) )
00734 #endif
00735 {
00736 curr = device_list_head.head;
00737 while ( curr
00738 && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00739 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00740 )
00741 )
00742 {
00743 curr = curr->next;
00744 }
00745 if (curr)
00746 device_list_head.curr=curr;
00747 }
00748
00749 return (curr);
00750 }
00751
00752 static int dev_compare(void * desc1, void * desc2)
00753 {
00754 int result;
00755 struct rsbac_dev_desc_t * i_desc1 = desc1;
00756 struct rsbac_dev_desc_t * i_desc2 = desc2;
00757
00758 result = memcmp(&i_desc1->type,
00759 &i_desc2->type,
00760 sizeof(i_desc1->type));
00761 if(result)
00762 return result;
00763 result = memcmp(&i_desc1->major,
00764 &i_desc2->major,
00765 sizeof(i_desc1->major));
00766 if(result)
00767 return result;
00768 return memcmp(&i_desc1->minor,
00769 &i_desc2->minor,
00770 sizeof(i_desc1->minor));
00771 }
00772
00773 static int ipc_compare(void * desc1, void * desc2)
00774 {
00775 int result;
00776 struct rsbac_ipc_t * i_desc1 = desc1;
00777 struct rsbac_ipc_t * i_desc2 = desc2;
00778
00779 result = memcmp(&i_desc1->type,
00780 &i_desc2->type,
00781 sizeof(i_desc1->type));
00782 if(result)
00783 return result;
00784 else
00785 return memcmp(&i_desc1->id.id_nr,
00786 &i_desc2->id.id_nr,
00787 sizeof(i_desc1->id.id_nr));
00788 }
00789
00790 #ifdef CONFIG_RSBAC_NET_DEV
00791 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) || defined(CONFIG_RSBAC_RC)
00792 static int netdev_compare(void * desc1, void * desc2)
00793 {
00794 return strncmp(desc1,
00795 desc2,
00796 RSBAC_IFNAMSIZ);
00797 }
00798 #endif
00799 #endif
00800
00801
00802
00803
00804 static int gen_fd_conv(
00805 void * old_desc,
00806 void * old_data,
00807 void * new_desc,
00808 void * new_data)
00809 {
00810 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00811 struct rsbac_gen_fd_old_aci_t * old_aci = old_data;
00812
00813 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00814 new_aci->log_array_low = old_aci->log_array_low;
00815 new_aci->log_array_high = old_aci->log_array_high;
00816 new_aci->log_program_based = old_aci->log_program_based;
00817 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00818 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00819 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00820 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00821 new_aci->fake_root_uid = old_aci->fake_root_uid;
00822 new_aci->auid_exempt = RSBAC_NO_USER;
00823 return 0;
00824 }
00825
00826 static int gen_fd_old_conv(
00827 void * old_desc,
00828 void * old_data,
00829 void * new_desc,
00830 void * new_data)
00831 {
00832 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00833 struct rsbac_gen_fd_old_old_aci_t * old_aci = old_data;
00834
00835 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00836 new_aci->log_array_low = old_aci->log_array_low;
00837 new_aci->log_array_high = old_aci->log_array_high;
00838 new_aci->log_program_based = old_aci->log_program_based;
00839 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00840 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00841 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00842 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00843 new_aci->fake_root_uid = FR_off;
00844 new_aci->auid_exempt = RSBAC_NO_USER;
00845 return 0;
00846 }
00847
00848 static int gen_fd_old_old_conv(
00849 void * old_desc,
00850 void * old_data,
00851 void * new_desc,
00852 void * new_data)
00853 {
00854 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00855 struct rsbac_gen_fd_old_old_old_aci_t * old_aci = old_data;
00856
00857 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00858 new_aci->log_array_low = old_aci->log_array_low;
00859 new_aci->log_array_high = old_aci->log_array_high;
00860 new_aci->log_program_based = old_aci->log_program_based;
00861 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00862 new_aci->symlink_add_mac_level = FALSE;
00863 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00864 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00865 new_aci->fake_root_uid = FR_off;
00866 new_aci->auid_exempt = RSBAC_NO_USER;
00867 return 0;
00868 }
00869
00870 static int gen_fd_old_old_old_conv(
00871 void * old_desc,
00872 void * old_data,
00873 void * new_desc,
00874 void * new_data)
00875 {
00876 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00877 struct rsbac_gen_fd_old_old_old_old_aci_t * old_aci = old_data;
00878
00879 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00880 new_aci->log_array_low = old_aci->log_array_low;
00881 new_aci->log_array_high = old_aci->log_array_high;
00882 new_aci->log_program_based = old_aci->log_program_based;
00883 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00884 new_aci->symlink_add_mac_level = FALSE;
00885 new_aci->symlink_add_rc_role = FALSE;
00886 new_aci->linux_dac_disable = LDD_false;
00887 new_aci->fake_root_uid = FR_off;
00888 new_aci->auid_exempt = RSBAC_NO_USER;
00889 return 0;
00890 }
00891
00892 static int gen_fd_old_old_old_old_conv(
00893 void * old_desc,
00894 void * old_data,
00895 void * new_desc,
00896 void * new_data)
00897 {
00898 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00899 struct rsbac_gen_fd_old_old_old_old_old_aci_t * old_aci = old_data;
00900
00901 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00902 new_aci->log_array_low = old_aci->log_array_low;
00903 new_aci->log_array_high = old_aci->log_array_high;
00904 new_aci->log_program_based = old_aci->log_program_based;
00905 new_aci->symlink_add_uid = FALSE;
00906 new_aci->symlink_add_mac_level = FALSE;
00907 new_aci->symlink_add_rc_role = FALSE;
00908 new_aci->linux_dac_disable = LDD_false;
00909 new_aci->fake_root_uid = FR_off;
00910 new_aci->auid_exempt = RSBAC_NO_USER;
00911 return 0;
00912 }
00913
00914 rsbac_list_conv_function_t * gen_fd_get_conv(rsbac_version_t old_version)
00915 {
00916 switch(old_version)
00917 {
00918 case RSBAC_GEN_FD_OLD_ACI_VERSION:
00919 return gen_fd_conv;
00920 case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION:
00921 return gen_fd_old_conv;
00922 case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION:
00923 return gen_fd_old_old_conv;
00924 case RSBAC_GEN_FD_OLD_OLD_OLD_OLD_ACI_VERSION:
00925 return gen_fd_old_old_old_conv;
00926 case RSBAC_GEN_FD_OLD_OLD_OLD_OLD_OLD_ACI_VERSION:
00927 return gen_fd_old_old_old_old_conv;
00928 default:
00929 return NULL;
00930 }
00931 }
00932
00933 static int gen_dev_conv(
00934 void * old_desc,
00935 void * old_data,
00936 void * new_desc,
00937 void * new_data)
00938 {
00939 struct rsbac_dev_desc_t * new = new_desc;
00940 struct rsbac_dev_t * old = old_desc;
00941
00942 memcpy(new_data, old_data, sizeof(struct rsbac_gen_dev_aci_t));
00943 new->type = old->type;
00944 new->major = RSBAC_MAJOR(old->id);
00945 new->minor = RSBAC_MINOR(old->id);
00946 return 0;
00947 }
00948
00949 rsbac_list_conv_function_t * gen_dev_get_conv(rsbac_version_t old_version)
00950 {
00951 switch(old_version)
00952 {
00953 case RSBAC_GEN_DEV_OLD_ACI_VERSION:
00954 return gen_dev_conv;
00955 default:
00956 return NULL;
00957 }
00958 }
00959
00960 #ifdef CONFIG_RSBAC_MAC
00961 static int mac_old_fd_conv(
00962 void * old_desc,
00963 void * old_data,
00964 void * new_desc,
00965 void * new_data)
00966 {
00967 struct rsbac_mac_fd_aci_t * new_aci = new_data;
00968 struct rsbac_mac_fd_old_aci_t * old_aci = old_data;
00969
00970 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00971 new_aci->sec_level = old_aci->sec_level;
00972 new_aci->mac_categories = old_aci->mac_categories;
00973 new_aci->mac_auto = old_aci->mac_auto;
00974 new_aci->mac_prop_trusted = old_aci->mac_prop_trusted;
00975 new_aci->mac_file_flags = old_aci->mac_file_flags;
00976 return 0;
00977 }
00978
00979 static int mac_old_old_fd_conv(
00980 void * old_desc,
00981 void * old_data,
00982 void * new_desc,
00983 void * new_data)
00984 {
00985 struct rsbac_mac_fd_aci_t * new_aci = new_data;
00986 struct rsbac_mac_fd_old_old_aci_t * old_aci = old_data;
00987
00988 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00989 new_aci->sec_level = old_aci->sec_level;
00990 new_aci->mac_categories = old_aci->mac_categories;
00991 new_aci->mac_auto = old_aci->mac_auto;
00992 new_aci->mac_prop_trusted = FALSE;
00993 if(old_aci->mac_shared)
00994 new_aci->mac_file_flags = MAC_write_up;
00995 else
00996 new_aci->mac_file_flags = 0;
00997 return 0;
00998 }
00999
01000 static int mac_old_old_old_fd_conv(
01001 void * old_desc,
01002 void * old_data,
01003 void * new_desc,
01004 void * new_data)
01005 {
01006 struct rsbac_mac_fd_aci_t * new_aci = new_data;
01007 struct rsbac_mac_fd_old_old_old_aci_t * old_aci = old_data;
01008
01009 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01010 new_aci->sec_level = old_aci->sec_level;
01011 new_aci->mac_categories = old_aci->mac_categories;
01012 new_aci->mac_auto = old_aci->mac_auto;
01013 new_aci->mac_prop_trusted = FALSE;
01014 new_aci->mac_file_flags = 0;
01015 return 0;
01016 }
01017
01018 rsbac_list_conv_function_t * mac_fd_get_conv(rsbac_version_t old_version)
01019 {
01020 switch(old_version)
01021 {
01022 case RSBAC_MAC_FD_OLD_ACI_VERSION:
01023 return mac_old_fd_conv;
01024 case RSBAC_MAC_FD_OLD_OLD_ACI_VERSION:
01025 return mac_old_old_fd_conv;
01026 case RSBAC_MAC_FD_OLD_OLD_OLD_ACI_VERSION:
01027 return mac_old_old_old_fd_conv;
01028 default:
01029 return NULL;
01030 }
01031 }
01032
01033 static int mac_dev_conv(
01034 void * old_desc,
01035 void * old_data,
01036 void * new_desc,
01037 void * new_data)
01038 {
01039 struct rsbac_dev_desc_t * new = new_desc;
01040 struct rsbac_dev_t * old = old_desc;
01041
01042 memcpy(new_data, old_data, sizeof(struct rsbac_mac_dev_aci_t));
01043 new->type = old->type;
01044 new->major = RSBAC_MAJOR(old->id);
01045 new->minor = RSBAC_MINOR(old->id);
01046 return 0;
01047 }
01048
01049 rsbac_list_conv_function_t * mac_dev_get_conv(rsbac_version_t old_version)
01050 {
01051 switch(old_version)
01052 {
01053 case RSBAC_MAC_DEV_OLD_ACI_VERSION:
01054 return mac_dev_conv;
01055 default:
01056 return NULL;
01057 }
01058 }
01059
01060 static int mac_old_user_conv(
01061 void * old_desc,
01062 void * old_data,
01063 void * new_desc,
01064 void * new_data)
01065 {
01066 struct rsbac_mac_user_aci_t * new_aci = new_data;
01067 struct rsbac_mac_user_old_aci_t * old_aci = old_data;
01068
01069 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
01070 new_aci->security_level = old_aci->access_appr;
01071 new_aci->initial_security_level = old_aci->access_appr;
01072 new_aci->min_security_level = old_aci->min_access_appr;
01073 new_aci->mac_categories = old_aci->mac_categories;
01074 new_aci->mac_initial_categories = old_aci->mac_categories;
01075 new_aci->mac_min_categories = old_aci->mac_min_categories;
01076 new_aci->system_role = old_aci->system_role;
01077 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
01078 if(old_aci->mac_allow_auto)
01079 new_aci->mac_user_flags |= MAC_allow_auto;
01080 return 0;
01081 }
01082
01083 static int mac_old_old_user_conv(
01084 void * old_desc,
01085 void * old_data,
01086 void * new_desc,
01087 void * new_data)
01088 {
01089 struct rsbac_mac_user_aci_t * new_aci = new_data;
01090 struct rsbac_mac_user_old_old_aci_t * old_aci = old_data;
01091
01092 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
01093 new_aci->security_level = old_aci->access_appr;
01094 new_aci->initial_security_level = old_aci->access_appr;
01095 new_aci->min_security_level = old_aci->min_access_appr;
01096 new_aci->mac_categories = old_aci->mac_categories;
01097 new_aci->mac_initial_categories = old_aci->mac_categories;
01098 new_aci->mac_min_categories = old_aci->mac_min_categories;
01099 new_aci->system_role = old_aci->system_role;
01100 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
01101 return 0;
01102 }
01103
01104 static int mac_old_old_old_user_conv(
01105 void * old_desc,
01106 void * old_data,
01107 void * new_desc,
01108 void * new_data)
01109 {
01110 struct rsbac_mac_user_aci_t * new_aci = new_data;
01111 struct rsbac_mac_user_old_old_old_aci_t * old_aci = old_data;
01112
01113 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
01114 new_aci->security_level = old_aci->access_appr;
01115 new_aci->initial_security_level = old_aci->access_appr;
01116 new_aci->min_security_level = SL_unclassified;
01117 new_aci->mac_categories = old_aci->mac_categories;
01118 new_aci->mac_initial_categories = old_aci->mac_categories;
01119 new_aci->mac_min_categories = RSBAC_MAC_MIN_CAT_VECTOR;
01120 new_aci->system_role = old_aci->system_role;
01121 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
01122 return 0;
01123 }
01124
01125 rsbac_list_conv_function_t * mac_user_get_conv(rsbac_version_t old_version)
01126 {
01127 switch(old_version)
01128 {
01129 case RSBAC_MAC_USER_OLD_ACI_VERSION:
01130 return mac_old_user_conv;
01131 case RSBAC_MAC_USER_OLD_OLD_ACI_VERSION:
01132 return mac_old_old_user_conv;
01133 case RSBAC_MAC_USER_OLD_OLD_OLD_ACI_VERSION:
01134 return mac_old_old_old_user_conv;
01135 default:
01136 return NULL;
01137 }
01138 }
01139 #endif
01140
01141 #ifdef CONFIG_RSBAC_FC
01142 static int fc_dev_conv(
01143 void * old_desc,
01144 void * old_data,
01145 void * new_desc,
01146 void * new_data)
01147 {
01148 struct rsbac_dev_desc_t * new = new_desc;
01149 struct rsbac_dev_t * old = old_desc;
01150
01151 memcpy(new_data, old_data, sizeof(rsbac_fc_oc_t));
01152 new->type = old->type;
01153 new->major = RSBAC_MAJOR(old->id);
01154 new->minor = RSBAC_MINOR(old->id);
01155 return 0;
01156 }
01157
01158 rsbac_list_conv_function_t * fc_dev_get_conv(rsbac_version_t old_version)
01159 {
01160 switch(old_version)
01161 {
01162 case RSBAC_FC_DEV_OLD_ACI_VERSION:
01163 return fc_dev_conv;
01164 default:
01165 return NULL;
01166 }
01167 }
01168 #endif
01169
01170 #ifdef CONFIG_RSBAC_SIM
01171 static int sim_dev_conv(
01172 void * old_desc,
01173 void * old_data,
01174 void * new_desc,
01175 void * new_data)
01176 {
01177 struct rsbac_dev_desc_t * new = new_desc;
01178 struct rsbac_dev_t * old = old_desc;
01179
01180 memcpy(new_data, old_data, sizeof(rsbac_sim_dt_t));
01181 new->type = old->type;
01182 new->major = RSBAC_MAJOR(old->id);
01183 new->minor = RSBAC_MINOR(old->id);
01184 return 0;
01185 }
01186
01187 rsbac_list_conv_function_t * sim_dev_get_conv(rsbac_version_t old_version)
01188 {
01189 switch(old_version)
01190 {
01191 case RSBAC_SIM_DEV_OLD_ACI_VERSION:
01192 return sim_dev_conv;
01193 default:
01194 return NULL;
01195 }
01196 }
01197 #endif
01198
01199 #ifdef CONFIG_RSBAC_PM
01200 static int pm_dev_conv(
01201 void * old_desc,
01202 void * old_data,
01203 void * new_desc,
01204 void * new_data)
01205 {
01206 struct rsbac_dev_desc_t * new = new_desc;
01207 struct rsbac_dev_t * old = old_desc;
01208
01209 memcpy(new_data, old_data, sizeof(struct rsbac_pm_dev_aci_t));
01210 new->type = old->type;
01211 new->major = RSBAC_MAJOR(old->id);
01212 new->minor = RSBAC_MINOR(old->id);
01213 return 0;
01214 }
01215
01216 rsbac_list_conv_function_t * pm_dev_get_conv(rsbac_version_t old_version)
01217 {
01218 switch(old_version)
01219 {
01220 case RSBAC_PM_DEV_OLD_ACI_VERSION:
01221 return pm_dev_conv;
01222 default:
01223 return NULL;
01224 }
01225 }
01226 #endif
01227
01228 #ifdef CONFIG_RSBAC_RC
01229 static int rc_dev_conv(
01230 void * old_desc,
01231 void * old_data,
01232 void * new_desc,
01233 void * new_data)
01234 {
01235 struct rsbac_dev_desc_t * new = new_desc;
01236 struct rsbac_dev_t * old = old_desc;
01237
01238 memcpy(new_data, old_data, sizeof(rsbac_rc_type_id_t));
01239 new->type = old->type;
01240 new->major = RSBAC_MAJOR(old->id);
01241 new->minor = RSBAC_MINOR(old->id);
01242 return 0;
01243 }
01244
01245 rsbac_list_conv_function_t * rc_dev_get_conv(rsbac_version_t old_version)
01246 {
01247 switch(old_version)
01248 {
01249 case RSBAC_RC_DEV_OLD_ACI_VERSION:
01250 return rc_dev_conv;
01251 default:
01252 return NULL;
01253 }
01254 }
01255
01256 static int rc_user_conv(
01257 void * old_desc,
01258 void * old_data,
01259 void * new_desc,
01260 void * new_data)
01261 {
01262 struct rsbac_rc_user_aci_t * new_aci = new_data;
01263 rsbac_rc_role_id_t * old_aci = old_data;
01264
01265 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
01266 new_aci->rc_role = *old_aci;
01267 new_aci->rc_type = RSBAC_RC_GENERAL_TYPE;
01268 return 0;
01269 }
01270
01271 rsbac_list_conv_function_t * rc_user_get_conv(rsbac_version_t old_version)
01272 {
01273 switch(old_version)
01274 {
01275 case RSBAC_RC_USER_OLD_ACI_VERSION:
01276 return rc_user_conv;
01277 default:
01278 return NULL;
01279 }
01280 }
01281 #endif
01282
01283 #ifdef CONFIG_RSBAC_AUTH
01284 static int auth_old_fd_conv(
01285 void * old_desc,
01286 void * old_data,
01287 void * new_desc,
01288 void * new_data)
01289 {
01290 struct rsbac_auth_fd_aci_t * new_aci = new_data;
01291 struct rsbac_auth_fd_old_aci_t * old_aci = old_data;
01292
01293 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01294 new_aci->auth_may_setuid = old_aci->auth_may_setuid;
01295 new_aci->auth_may_set_cap = old_aci->auth_may_set_cap;
01296 new_aci->auth_learn = FALSE;
01297 return 0;
01298 }
01299
01300 rsbac_list_conv_function_t * auth_fd_get_conv(rsbac_version_t old_version)
01301 {
01302 switch(old_version)
01303 {
01304 case RSBAC_AUTH_FD_OLD_ACI_VERSION:
01305 return auth_old_fd_conv;
01306 default:
01307 return NULL;
01308 }
01309 }
01310
01311 #endif
01312
01313
01314
01315
01316
01317
01318
01319
01320
01321
01322
01323
01324 static int register_fd_lists(struct rsbac_device_list_item_t * device_p,
01325 kdev_t kdev)
01326 {
01327 char * name;
01328 int err = 0;
01329 int tmperr;
01330 u_int file_no;
01331 struct rsbac_list_info_t * info_p;
01332 if(!device_p)
01333 return(-RSBAC_EINVALIDPOINTER);
01334 name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01335 if(!name)
01336 return -RSBAC_ENOMEM;
01337 info_p = rsbac_kmalloc(sizeof(*info_p));
01338 if(!info_p)
01339 {
01340 rsbac_kfree(name);
01341 return -RSBAC_ENOMEM;
01342 }
01343
01344
01345 {
01346 for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++)
01347 {
01348
01349 sprintf(name, "%s%u", RSBAC_GEN_FD_NAME, file_no);
01350 info_p->version = RSBAC_GEN_FD_ACI_VERSION;
01351 info_p->key = RSBAC_GEN_FD_ACI_KEY;
01352 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01353 info_p->data_size = sizeof(struct rsbac_gen_fd_aci_t);
01354 info_p->max_age = 0;
01355 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01356 &(device_p->handles.gen[file_no]),
01357 info_p,
01358 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01359 rsbac_list_compare_u32,
01360 gen_fd_get_conv,
01361 &def_gen_fd_aci,
01362 name,
01363 kdev);
01364 if(tmperr)
01365 {
01366 char * tmp;
01367
01368 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01369 if(tmp)
01370 {
01371 #ifdef CONFIG_RSBAC_RMSG
01372 rsbac_printk(KERN_WARNING
01373 "register_fd_lists(): registering general list %u for device %02u:%02u failed with error %s!\n",
01374 file_no,
01375 RSBAC_MAJOR(kdev),
01376 RSBAC_MINOR(kdev),
01377 get_error_name(tmp, tmperr));
01378 #endif
01379 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01380 if (!rsbac_nosyslog)
01381 #endif
01382 printk(KERN_WARNING
01383 "register_fd_lists(): registering general list %u for device %02u:%02u failed with error %s!\n",
01384 file_no,
01385 RSBAC_MAJOR(kdev),
01386 RSBAC_MINOR(kdev),
01387 get_error_name(tmp, tmperr));
01388 rsbac_kfree(tmp);
01389 }
01390 err = tmperr;
01391 }
01392 }
01393 }
01394
01395 #if defined(CONFIG_RSBAC_MAC)
01396 {
01397
01398 for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++)
01399 {
01400
01401 sprintf(name, "%s%u", RSBAC_MAC_FD_NAME, file_no);
01402 info_p->version = RSBAC_MAC_FD_ACI_VERSION;
01403 info_p->key = RSBAC_MAC_FD_ACI_KEY;
01404 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01405 info_p->data_size = sizeof(struct rsbac_mac_fd_aci_t);
01406 info_p->max_age = 0;
01407 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01408 &(device_p->handles.mac[file_no]),
01409 info_p,
01410 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01411 rsbac_list_compare_u32,
01412 mac_fd_get_conv,
01413 &def_mac_fd_aci,
01414 name,
01415 kdev);
01416 if(tmperr)
01417 {
01418 char * tmp;
01419
01420 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01421 if(tmp)
01422 {
01423 #ifdef CONFIG_RSBAC_RMSG
01424 rsbac_printk(KERN_WARNING
01425 "register_fd_lists(): registering MAC list %u for device %02u:%02u failed with error %s!\n",
01426 file_no,
01427 RSBAC_MAJOR(kdev),
01428 RSBAC_MINOR(kdev),
01429 get_error_name(tmp, tmperr));
01430 #endif
01431 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01432 if (!rsbac_nosyslog)
01433 #endif
01434 printk(KERN_WARNING
01435 "register_fd_lists(): registering MAC list %u for device %02u:%02u failed with error %s!\n",
01436 file_no,
01437 RSBAC_MAJOR(kdev),
01438 RSBAC_MINOR(kdev),
01439 get_error_name(tmp, tmperr));
01440 rsbac_kfree(tmp);
01441 }
01442 err = tmperr;
01443 }
01444 }
01445 }
01446 #endif
01447
01448 #if defined(CONFIG_RSBAC_FC)
01449 {
01450 rsbac_fc_oc_t def_fc_fd_aci = RSBAC_FC_OC_DEF;
01451
01452
01453 for (file_no = 0; file_no < RSBAC_FC_NR_FD_LISTS; file_no++)
01454 {
01455
01456 sprintf(name, "%s%u", RSBAC_FC_FD_NAME, file_no);
01457 info_p->version = RSBAC_FC_FD_ACI_VERSION;
01458 info_p->key = RSBAC_FC_FD_ACI_KEY;
01459 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01460 info_p->data_size = sizeof(rsbac_fc_oc_t);
01461 info_p->max_age = 0;
01462 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01463 &(device_p->handles.fc[file_no]),
01464 info_p,
01465 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01466 rsbac_list_compare_u32,
01467 NULL,
01468 &def_fc_fd_aci,
01469 name,
01470 kdev);
01471 if(tmperr)
01472 {
01473 char * tmp;
01474
01475 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01476 if(tmp)
01477 {
01478 #ifdef CONFIG_RSBAC_RMSG
01479 rsbac_printk(KERN_WARNING
01480 "register_fd_lists(): registering FC list %u for device %02u:%02u failed with error %s!\n",
01481 file_no,
01482 RSBAC_MAJOR(kdev),
01483 RSBAC_MINOR(kdev),
01484 get_error_name(tmp, tmperr));
01485 #endif
01486 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01487 if (!rsbac_nosyslog)
01488 #endif
01489 printk(KERN_WARNING
01490 "register_fd_lists(): registering FC list %u for device %02u:%02u failed with error %s!\n",
01491 file_no,
01492 RSBAC_MAJOR(kdev),
01493 RSBAC_MINOR(kdev),
01494 get_error_name(tmp, tmperr));
01495 rsbac_kfree(tmp);
01496 }
01497 err = tmperr;
01498 }
01499 }
01500 }
01501 #endif
01502
01503 #if defined(CONFIG_RSBAC_SIM)
01504 {
01505 rsbac_sim_dt_t def_sim_fd_aci = RSBAC_SIM_DT_DEF;
01506
01507
01508 for (file_no = 0; file_no < RSBAC_SIM_NR_FD_LISTS; file_no++)
01509 {
01510
01511 sprintf(name, "%s%u", RSBAC_SIM_FD_NAME, file_no);
01512 info_p->version = RSBAC_SIM_FD_ACI_VERSION;
01513 info_p->key = RSBAC_SIM_FD_ACI_KEY;
01514 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01515 info_p->data_size = sizeof(rsbac_sim_dt_t);
01516 info_p->max_age = 0;
01517 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01518 &(device_p->handles.sim[file_no]),
01519 info_p,
01520 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01521 rsbac_list_compare_u32,
01522 NULL,
01523 &def_sim_fd_aci,
01524 name,
01525 kdev);
01526 if(tmperr)
01527 {
01528 char * tmp;
01529
01530 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01531 if(tmp)
01532 {
01533 #ifdef CONFIG_RSBAC_RMSG
01534 rsbac_printk(KERN_WARNING
01535 "register_fd_lists(): registering SIM list %u for device %02u:%02u failed with error %s!\n",
01536 file_no,
01537 RSBAC_MAJOR(kdev),
01538 RSBAC_MINOR(kdev),
01539 get_error_name(tmp, tmperr));
01540 #endif
01541 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01542 if (!rsbac_nosyslog)
01543 #endif
01544 printk(KERN_WARNING
01545 "register_fd_lists(): registering SIM list %u for device %02u:%02u failed with error %s!\n",
01546 file_no,
01547 RSBAC_MAJOR(kdev),
01548 RSBAC_MINOR(kdev),
01549 get_error_name(tmp, tmperr));
01550 rsbac_kfree(tmp);
01551 }
01552 err = tmperr;
01553 }
01554 }
01555 }
01556 #endif
01557
01558 #if defined(CONFIG_RSBAC_PM)
01559 {
01560
01561 for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++)
01562 {
01563
01564 sprintf(name, "%s%u", RSBAC_PM_FD_NAME, file_no);
01565 info_p->version = RSBAC_PM_FD_ACI_VERSION;
01566 info_p->key = RSBAC_PM_FD_ACI_KEY;
01567 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01568 info_p->data_size = sizeof(struct rsbac_pm_fd_aci_t);
01569 info_p->max_age = 0;
01570 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01571 &(device_p->handles.pm[file_no]),
01572 info_p,
01573 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01574 rsbac_list_compare_u32,
01575 NULL,
01576 &def_pm_fd_aci,
01577 name,
01578 kdev);
01579 if(tmperr)
01580 {
01581 char * tmp;
01582
01583 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01584 if(tmp)
01585 {
01586 #ifdef CONFIG_RSBAC_RMSG
01587 rsbac_printk(KERN_WARNING
01588 "register_fd_lists(): registering PM list %u for device %02u:%02u failed with error %s!\n",
01589 file_no,
01590 RSBAC_MAJOR(kdev),
01591 RSBAC_MINOR(kdev),
01592 get_error_name(tmp, tmperr));
01593 #endif
01594 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01595 if (!rsbac_nosyslog)
01596 #endif
01597 printk(KERN_WARNING
01598 "register_fd_lists(): registering PM list %u for device %02u:%02u failed with error %s!\n",
01599 file_no,
01600 RSBAC_MAJOR(kdev),
01601 RSBAC_MINOR(kdev),
01602 get_error_name(tmp, tmperr));
01603 rsbac_kfree(tmp);
01604 }
01605 err = tmperr;
01606 }
01607 }
01608 }
01609 #endif
01610
01611 #if defined(CONFIG_RSBAC_DAZ)
01612 {
01613 struct rsbac_daz_fd_aci_t def_daz_fd_aci = DEFAULT_DAZ_FD_ACI;
01614
01615 for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++)
01616 {
01617
01618 sprintf(name, "%s%u", RSBAC_DAZ_FD_NAME, file_no);
01619 info_p->version = RSBAC_DAZ_FD_ACI_VERSION;
01620 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01621 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01622 info_p->data_size = sizeof(struct rsbac_daz_fd_aci_t);
01623 info_p->max_age = 0;
01624 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01625 &(device_p->handles.daz[file_no]),
01626 info_p,
01627 RSBAC_LIST_PERSIST |
01628 RSBAC_LIST_DEF_DATA,
01629 rsbac_list_compare_u32,
01630 NULL,
01631 &def_daz_fd_aci,
01632 name,
01633 kdev);
01634 if(tmperr)
01635 {
01636 char * tmp;
01637
01638 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01639 if(tmp)
01640 {
01641 #ifdef CONFIG_RSBAC_RMSG
01642 rsbac_printk(KERN_WARNING
01643 "register_fd_lists(): registering DAZ list %u for device %02u:%02u failed with error %s!\n",
01644 file_no,
01645 RSBAC_MAJOR(kdev),
01646 RSBAC_MINOR(kdev),
01647 get_error_name(tmp, tmperr));
01648 #endif
01649 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01650 if (!rsbac_nosyslog)
01651 #endif
01652 printk(KERN_WARNING
01653 "register_fd_lists(): registering DAZ list %u for device %02u:%02u failed with error %s!\n",
01654 file_no,
01655 RSBAC_MAJOR(kdev),
01656 RSBAC_MINOR(kdev),
01657 get_error_name(tmp, tmperr));
01658 rsbac_kfree(tmp);
01659 }
01660 err = tmperr;
01661 }
01662 }
01663 }
01664 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01665 {
01666 rsbac_daz_scanned_t def_daz_scanned_fd_aci = DEFAULT_DAZ_FD_SCANNED;
01667
01668
01669 for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++)
01670 {
01671
01672 sprintf(name, "%s%u", RSBAC_DAZ_SCANNED_FD_NAME, file_no);
01673 info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION;
01674 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01675 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01676 info_p->data_size = sizeof(rsbac_daz_scanned_t);
01677 info_p->max_age = 0;
01678 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01679 &(device_p->handles.dazs[file_no]),
01680 info_p,
01681 #ifdef CONFIG_RSBAC_DAZ_PERSIST
01682 RSBAC_LIST_PERSIST |
01683 #endif
01684 RSBAC_LIST_DEF_DATA,
01685 rsbac_list_compare_u32,
01686 NULL,
01687 &def_daz_scanned_fd_aci,
01688 name,
01689 kdev);
01690 if(tmperr)
01691 {
01692 char * tmp;
01693
01694 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01695 if(tmp)
01696 {
01697 #ifdef CONFIG_RSBAC_RMSG
01698 rsbac_printk(KERN_WARNING
01699 "register_fd_lists(): registering DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
01700 file_no,
01701 RSBAC_MAJOR(kdev),
01702 RSBAC_MINOR(kdev),
01703 get_error_name(tmp, tmperr));
01704 #endif
01705 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01706 if (!rsbac_nosyslog)
01707 #endif
01708 printk(KERN_WARNING
01709 "register_fd_lists(): registering DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
01710 file_no,
01711 RSBAC_MAJOR(kdev),
01712 RSBAC_MINOR(kdev),
01713 get_error_name(tmp, tmperr));
01714 rsbac_kfree(tmp);
01715 }
01716 err = tmperr;
01717 }
01718 }
01719 }
01720 #endif
01721 #endif
01722
01723 #if defined(CONFIG_RSBAC_FF)
01724 {
01725 rsbac_ff_flags_t def_ff_fd_aci = RSBAC_FF_DEF;
01726
01727
01728 for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++)
01729 {
01730
01731 sprintf(name, "%s%u", RSBAC_FF_FD_NAME, file_no);
01732 info_p->version = RSBAC_FF_FD_ACI_VERSION;
01733 info_p->key = RSBAC_FF_FD_ACI_KEY;
01734 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01735 info_p->data_size = sizeof(rsbac_ff_flags_t);
01736 info_p->max_age = 0;
01737 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01738 &(device_p->handles.ff[file_no]),
01739 info_p,
01740 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01741 rsbac_list_compare_u32,
01742 NULL,
01743 &def_ff_fd_aci,
01744 name,
01745 kdev);
01746 if(tmperr)
01747 {
01748 char * tmp;
01749
01750 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01751 if(tmp)
01752 {
01753 #ifdef CONFIG_RSBAC_RMSG
01754 rsbac_printk(KERN_WARNING
01755 "register_fd_lists(): registering FF list %u for device %02u:%02u failed with error %s!\n",
01756 file_no,
01757 RSBAC_MAJOR(kdev),
01758 RSBAC_MINOR(kdev),
01759 get_error_name(tmp, tmperr));
01760 #endif
01761 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01762 if (!rsbac_nosyslog)
01763 #endif
01764 printk(KERN_WARNING
01765 "register_fd_lists(): registering FF list %u for device %02u:%02u failed with error %s!\n",
01766 file_no,
01767 RSBAC_MAJOR(kdev),
01768 RSBAC_MINOR(kdev),
01769 get_error_name(tmp, tmperr));
01770 rsbac_kfree(tmp);
01771 }
01772 err = tmperr;
01773 }
01774 }
01775 }
01776 #endif
01777
01778 #if defined(CONFIG_RSBAC_RC)
01779 {
01780
01781 for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++)
01782 {
01783
01784 sprintf(name, "%s%u", RSBAC_RC_FD_NAME, file_no);
01785 info_p->version = RSBAC_RC_FD_ACI_VERSION;
01786 info_p->key = RSBAC_RC_FD_ACI_KEY;
01787 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01788 info_p->data_size = sizeof(struct rsbac_rc_fd_aci_t);
01789 info_p->max_age = 0;
01790 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01791 &(device_p->handles.rc[file_no]),
01792 info_p,
01793 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01794 rsbac_list_compare_u32,
01795 NULL,
01796 &def_rc_fd_aci,
01797 name,
01798 kdev);
01799 if(tmperr)
01800 {
01801 char * tmp;
01802
01803 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01804 if(tmp)
01805 {
01806 #ifdef CONFIG_RSBAC_RMSG
01807 rsbac_printk(KERN_WARNING
01808 "register_fd_lists(): registering RC list %u for device %02u:%02u failed with error %s!\n",
01809 file_no,
01810 RSBAC_MAJOR(kdev),
01811 RSBAC_MINOR(kdev),
01812 get_error_name(tmp, tmperr));
01813 #endif
01814 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01815 if (!rsbac_nosyslog)
01816 #endif
01817 printk(KERN_WARNING
01818 "register_fd_lists(): registering RC list %u for device %02u:%02u failed with error %s!\n",
01819 file_no,
01820 RSBAC_MAJOR(kdev),
01821 RSBAC_MINOR(kdev),
01822 get_error_name(tmp, tmperr));
01823 rsbac_kfree(tmp);
01824 }
01825 err = tmperr;
01826 }
01827 }
01828 }
01829 #endif
01830
01831 #if defined(CONFIG_RSBAC_AUTH)
01832 {
01833 struct rsbac_auth_fd_aci_t def_auth_fd_aci = DEFAULT_AUTH_FD_ACI;
01834
01835
01836 for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++)
01837 {
01838
01839 sprintf(name, "%s%u", RSBAC_AUTH_FD_NAME, file_no);
01840 info_p->version = RSBAC_AUTH_FD_ACI_VERSION;
01841 info_p->key = RSBAC_AUTH_FD_ACI_KEY;
01842 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01843 info_p->data_size = sizeof(struct rsbac_auth_fd_aci_t);
01844 info_p->max_age = 0;
01845 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01846 &(device_p->handles.auth[file_no]),
01847 info_p,
01848 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01849 rsbac_list_compare_u32,
01850 auth_fd_get_conv,
01851 &def_auth_fd_aci,
01852 name,
01853 kdev);
01854 if(tmperr)
01855 {
01856 char * tmp;
01857
01858 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01859 if(tmp)
01860 {
01861 #ifdef CONFIG_RSBAC_RMSG
01862 rsbac_printk(KERN_WARNING
01863 "register_fd_lists(): registering AUTH list %u for device %02u:%02u failed with error %s!\n",
01864 file_no,
01865 RSBAC_MAJOR(kdev),
01866 RSBAC_MINOR(kdev),
01867 get_error_name(tmp, tmperr));
01868 #endif
01869 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01870 if (!rsbac_nosyslog)
01871 #endif
01872 printk(KERN_WARNING
01873 "register_fd_lists(): registering AUTH list %u for device %02u:%02u failed with error %s!\n",
01874 file_no,
01875 RSBAC_MAJOR(kdev),
01876 RSBAC_MINOR(kdev),
01877 get_error_name(tmp, tmperr));
01878 rsbac_kfree(tmp);
01879 }
01880 err = tmperr;
01881 }
01882 }
01883 }
01884 #endif
01885
01886 #if defined(CONFIG_RSBAC_CAP)
01887 {
01888 struct rsbac_cap_fd_aci_t def_cap_fd_aci = DEFAULT_CAP_FD_ACI;
01889
01890
01891 for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++)
01892 {
01893
01894 sprintf(name, "%s%u", RSBAC_CAP_FD_NAME, file_no);
01895 info_p->version = RSBAC_CAP_FD_ACI_VERSION;
01896 info_p->key = RSBAC_CAP_FD_ACI_KEY;
01897 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01898 info_p->data_size = sizeof(struct rsbac_cap_fd_aci_t);
01899 info_p->max_age = 0;
01900 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01901 &(device_p->handles.cap[file_no]),
01902 info_p,
01903 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01904 rsbac_list_compare_u32,
01905 NULL,
01906 &def_cap_fd_aci,
01907 name,
01908 kdev);
01909 if(tmperr)
01910 {
01911 char * tmp;
01912
01913 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01914 if(tmp)
01915 {
01916 #ifdef CONFIG_RSBAC_RMSG
01917 rsbac_printk(KERN_WARNING
01918 "register_fd_lists(): registering CAP list %u for device %02u:%02u failed with error %s!\n",
01919 file_no,
01920 RSBAC_MAJOR(kdev),
01921 RSBAC_MINOR(kdev),
01922 get_error_name(tmp, tmperr));
01923 #endif
01924 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01925 if (!rsbac_nosyslog)
01926 #endif
01927 printk(KERN_WARNING
01928 "register_fd_lists(): registering CAP list %u for device %02u:%02u failed with error %s!\n",
01929 file_no,
01930 RSBAC_MAJOR(kdev),
01931 RSBAC_MINOR(kdev),
01932 get_error_name(tmp, tmperr));
01933 rsbac_kfree(tmp);
01934 }
01935 err = tmperr;
01936 }
01937 }
01938 }
01939 #endif
01940
01941 #if defined(CONFIG_RSBAC_PAX)
01942 {
01943 rsbac_pax_flags_t def_pax_fd_aci;
01944
01945 #ifdef CONFIG_RSBAC_PAX_DEFAULT
01946 def_pax_fd_aci = 0;
01947 #ifdef CONFIG_RSBAC_PAX_PAGEEXEC
01948 def_pax_fd_aci |= PF_PAX_PAGEEXEC;
01949 #endif
01950 #ifdef CONFIG_RSBAC_PAX_EMUTRAMP
01951 def_pax_fd_aci |= PF_PAX_EMUTRAMP;
01952 #endif
01953 #ifdef CONFIG_RSBAC_PAX_MPROTECT
01954 def_pax_fd_aci |= PF_PAX_MPROTECT;
01955 #endif
01956 #ifdef CONFIG_RSBAC_PAX_RANDMMAP
01957 def_pax_fd_aci |= PF_PAX_RANDMMAP;
01958 #endif
01959 #ifdef CONFIG_RSBAC_PAX_RANDEXEC
01960 def_pax_fd_aci |= PF_PAX_RANDEXEC;
01961 #endif
01962 #ifdef CONFIG_RSBAC_PAX_SEGMEXEC
01963 def_pax_fd_aci |= PF_PAX_SEGMEXEC;
01964 #endif
01965
01966 #else
01967 def_pax_fd_aci = RSBAC_PAX_DEF_FLAGS;
01968 #endif
01969
01970 info_p->version = RSBAC_PAX_FD_ACI_VERSION;
01971 info_p->key = RSBAC_PAX_FD_ACI_KEY;
01972 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01973 info_p->data_size = sizeof(rsbac_pax_flags_t);
01974 info_p->max_age = 0;
01975
01976 for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++)
01977 {
01978
01979 sprintf(name, "%s%u", RSBAC_PAX_FD_NAME, file_no);
01980 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01981 &(device_p->handles.pax[file_no]),
01982 info_p,
01983 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01984 rsbac_list_compare_u32,
01985 NULL,
01986 &def_pax_fd_aci,
01987 name,
01988 kdev);
01989 if(tmperr)
01990 {
01991 char * tmp;
01992
01993 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01994 if(tmp)
01995 {
01996 #ifdef CONFIG_RSBAC_RMSG
01997 rsbac_printk(KERN_WARNING
01998 "register_fd_lists(): registering PAX list %u for device %02u:%02u failed with error %s!\n",
01999 file_no,
02000 RSBAC_MAJOR(kdev),
02001 RSBAC_MINOR(kdev),
02002 get_error_name(tmp, tmperr));
02003 #endif
02004 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02005 if (!rsbac_nosyslog)
02006 #endif
02007 printk(KERN_WARNING
02008 "register_fd_lists(): registering PAX list %u for device %02u:%02u failed with error %s!\n",
02009 file_no,
02010 RSBAC_MAJOR(kdev),
02011 RSBAC_MINOR(kdev),
02012 get_error_name(tmp, tmperr));
02013 rsbac_kfree(tmp);
02014 }
02015 err = tmperr;
02016 }
02017 }
02018 }
02019 #endif
02020
02021 #if defined(CONFIG_RSBAC_RES)
02022 {
02023
02024 for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++)
02025 {
02026
02027 sprintf(name, "%s%u", RSBAC_RES_FD_NAME, file_no);
02028 info_p->version = RSBAC_RES_FD_ACI_VERSION;
02029 info_p->key = RSBAC_RES_FD_ACI_KEY;
02030 info_p->desc_size = sizeof(rsbac_inode_nr_t);
02031 info_p->data_size = sizeof(struct rsbac_res_fd_aci_t);
02032 info_p->max_age = 0;
02033 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
02034 &(device_p->handles.res[file_no]),
02035 info_p,
02036 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
02037 rsbac_list_compare_u32,
02038 NULL,
02039 &def_res_fd_aci,
02040 name,
02041 kdev);
02042 if(tmperr)
02043 {
02044 char * tmp;
02045
02046 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02047 if(tmp)
02048 {
02049 #ifdef CONFIG_RSBAC_RMSG
02050 rsbac_printk(KERN_WARNING
02051 "register_fd_lists(): registering RES list %u for device %02u:%02u failed with error %s!\n",
02052 file_no,
02053 RSBAC_MAJOR(kdev),
02054 RSBAC_MINOR(kdev),
02055 get_error_name(tmp, tmperr));
02056 #endif
02057 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02058 if (!rsbac_nosyslog)
02059 #endif
02060 printk(KERN_WARNING
02061 "register_fd_lists(): registering RES list %u for device %02u:%02u failed with error %s!\n",
02062 file_no,
02063 RSBAC_MAJOR(kdev),
02064 RSBAC_MINOR(kdev),
02065 get_error_name(tmp, tmperr));
02066 rsbac_kfree(tmp);
02067 }
02068 err = tmperr;
02069 }
02070 }
02071 }
02072 #endif
02073
02074 return err;
02075 }
02076
02077
02078
02079
02080 static int aci_detach_fd_lists(struct rsbac_device_list_item_t * device_p)
02081 {
02082 int err = 0;
02083 int tmperr;
02084 u_int file_no;
02085
02086 if(!device_p)
02087 return(-RSBAC_EINVALIDPOINTER);
02088
02089
02090 for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++)
02091 {
02092 tmperr = rsbac_list_detach(&device_p->handles.gen[file_no],
02093 RSBAC_GEN_FD_ACI_KEY);
02094 if(tmperr)
02095 {
02096 char * tmp;
02097
02098 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02099 if(tmp)
02100 {
02101 #ifdef CONFIG_RSBAC_RMSG
02102 rsbac_printk(KERN_WARNING
02103 "detach_fd_lists(): detaching from general list %u for device %02u:%02u failed with error %s!\n",
02104 file_no,
02105 RSBAC_MAJOR(device_p->id),
02106 RSBAC_MINOR(device_p->id),
02107 get_error_name(tmp, tmperr));
02108 #endif
02109 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02110 if (!rsbac_nosyslog)
02111 #endif
02112 printk(KERN_WARNING
02113 "detach_fd_lists(): detaching from general list %u for device %02u:%02u failed with error %s!\n",
02114 file_no,
02115 RSBAC_MAJOR(device_p->id),
02116 RSBAC_MINOR(device_p->id),
02117 get_error_name(tmp, tmperr));
02118 rsbac_kfree(tmp);
02119 }
02120 err = tmperr;
02121 }
02122 }
02123
02124 #if defined(CONFIG_RSBAC_MAC)
02125
02126 for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++)
02127 {
02128 tmperr = rsbac_list_detach(&device_p->handles.mac[file_no],
02129 RSBAC_MAC_FD_ACI_KEY);
02130 if(tmperr)
02131 {
02132 char * tmp;
02133
02134 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02135 if(tmp)
02136 {
02137 #ifdef CONFIG_RSBAC_RMSG
02138 rsbac_printk(KERN_WARNING
02139 "detach_fd_lists(): detaching from MAC list %u for device %02u:%02u failed with error %s!\n",
02140 file_no,
02141 RSBAC_MAJOR(device_p->id),
02142 RSBAC_MINOR(device_p->id),
02143 get_error_name(tmp, tmperr));
02144 #endif
02145 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02146 if (!rsbac_nosyslog)
02147 #endif
02148 printk(KERN_WARNING
02149 "detach_fd_lists(): detaching from MAC list %u for device %02u:%02u failed with error %s!\n",
02150 file_no,
02151 RSBAC_MAJOR(device_p->id),
02152 RSBAC_MINOR(device_p->id),
02153 get_error_name(tmp, tmperr));
02154 rsbac_kfree(tmp);
02155 }
02156 err = tmperr;
02157 }
02158 }
02159 #endif
02160
02161 #if defined(CONFIG_RSBAC_FC)
02162
02163 for (file_no = 0; file_no < RSBAC_FC_NR_FD_LISTS; file_no++)
02164 {
02165 tmperr = rsbac_list_detach(&device_p->handles.fc[file_no],
02166 RSBAC_FC_FD_ACI_KEY);
02167 if(tmperr)
02168 {
02169 char * tmp;
02170
02171 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02172 if(tmp)
02173 {
02174 #ifdef CONFIG_RSBAC_RMSG
02175 rsbac_printk(KERN_WARNING
02176 "detach_fd_lists(): detaching from FC list %u for device %02u:%02u failed with error %s!\n",
02177 file_no,
02178 RSBAC_MAJOR(device_p->id),
02179 RSBAC_MINOR(device_p->id),
02180 get_error_name(tmp, tmperr));
02181 #endif
02182 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02183 if (!rsbac_nosyslog)
02184 #endif
02185 printk(KERN_WARNING
02186 "detach_fd_lists(): detaching from FC list %u for device %02u:%02u failed with error %s!\n",
02187 file_no,
02188 RSBAC_MAJOR(device_p->id),
02189 RSBAC_MINOR(device_p->id),
02190 get_error_name(tmp, tmperr));
02191 rsbac_kfree(tmp);
02192 }
02193 err = tmperr;
02194 }
02195 }
02196 #endif
02197
02198 #if defined(CONFIG_RSBAC_SIM)
02199
02200 for (file_no = 0; file_no < RSBAC_SIM_NR_FD_LISTS; file_no++)
02201 {
02202 tmperr = rsbac_list_detach(&device_p->handles.sim[file_no],
02203 RSBAC_SIM_FD_ACI_KEY);
02204 if(tmperr)
02205 {
02206 char * tmp;
02207
02208 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02209 if(tmp)
02210 {
02211 #ifdef CONFIG_RSBAC_RMSG
02212 rsbac_printk(KERN_WARNING
02213 "detach_fd_lists(): detaching from SIM list %u for device %02u:%02u failed with error %s!\n",
02214 file_no,
02215 RSBAC_MAJOR(device_p->id),
02216 RSBAC_MINOR(device_p->id),
02217 get_error_name(tmp, tmperr));
02218 #endif
02219 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02220 if (!rsbac_nosyslog)
02221 #endif
02222 printk(KERN_WARNING
02223 "detach_fd_lists(): detaching from SIM list %u for device %02u:%02u failed with error %s!\n",
02224 file_no,
02225 RSBAC_MAJOR(device_p->id),
02226 RSBAC_MINOR(device_p->id),
02227 get_error_name(tmp, tmperr));
02228 rsbac_kfree(tmp);
02229 }
02230 err = tmperr;
02231 }
02232 }
02233 #endif
02234
02235 #if defined(CONFIG_RSBAC_PM)
02236
02237 for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++)
02238 {
02239 tmperr = rsbac_list_detach(&device_p->handles.pm[file_no],
02240 RSBAC_PM_FD_ACI_KEY);
02241 if(tmperr)
02242 {
02243 char * tmp;
02244
02245 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02246 if(tmp)
02247 {
02248 #ifdef CONFIG_RSBAC_RMSG
02249 rsbac_printk(KERN_WARNING
02250 "detach_fd_lists(): detaching from PM list %u for device %02u:%02u failed with error %s!\n",
02251 file_no,
02252 RSBAC_MAJOR(device_p->id),
02253 RSBAC_MINOR(device_p->id),
02254 get_error_name(tmp, tmperr));
02255 #endif
02256 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02257 if (!rsbac_nosyslog)
02258 #endif
02259 printk(KERN_WARNING
02260 "detach_fd_lists(): detaching from PM list %u for device %02u:%02u failed with error %s!\n",
02261 file_no,
02262 RSBAC_MAJOR(device_p->id),
02263 RSBAC_MINOR(device_p->id),
02264 get_error_name(tmp, tmperr));
02265 rsbac_kfree(tmp);
02266 }
02267 err = tmperr;
02268 }
02269 }
02270 #endif
02271
02272 #if defined(CONFIG_RSBAC_DAZ)
02273
02274 for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++)
02275 {
02276 tmperr = rsbac_list_detach(&device_p->handles.daz[file_no],
02277 RSBAC_DAZ_FD_ACI_KEY);
02278 if(tmperr)
02279 {
02280 char * tmp;
02281
02282 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02283 if(tmp)
02284 {
02285 #ifdef CONFIG_RSBAC_RMSG
02286 rsbac_printk(KERN_WARNING
02287 "detach_fd_lists(): detaching from DAZ list %u for device %02u:%02u failed with error %s!\n",
02288 file_no,
02289 RSBAC_MAJOR(device_p->id),
02290 RSBAC_MINOR(device_p->id),
02291 get_error_name(tmp, tmperr));
02292 #endif
02293 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02294 if (!rsbac_nosyslog)
02295 #endif
02296 printk(KERN_WARNING
02297 "detach_fd_lists(): detaching from DAZ list %u for device %02u:%02u failed with error %s!\n",
02298 file_no,
02299 RSBAC_MAJOR(device_p->id),
02300 RSBAC_MINOR(device_p->id),
02301 get_error_name(tmp, tmperr));
02302 rsbac_kfree(tmp);
02303 }
02304 err = tmperr;
02305 }
02306 }
02307 #if defined(CONFIG_RSBAC_DAZ_CACHE)
02308
02309 for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++)
02310 {
02311 tmperr = rsbac_list_detach(&device_p->handles.dazs[file_no],
02312 RSBAC_DAZ_FD_ACI_KEY);
02313 if(tmperr)
02314 {
02315 char * tmp;
02316
02317 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02318 if(tmp)
02319 {
02320 #ifdef CONFIG_RSBAC_RMSG
02321 rsbac_printk(KERN_WARNING
02322 "detach_fd_lists(): detaching from DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
02323 file_no,
02324 RSBAC_MAJOR(device_p->id),
02325 RSBAC_MINOR(device_p->id),
02326 get_error_name(tmp, tmperr));
02327 #endif
02328 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02329 if (!rsbac_nosyslog)
02330 #endif
02331 printk(KERN_WARNING
02332 "detach_fd_lists(): detaching from DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
02333 file_no,
02334 RSBAC_MAJOR(device_p->id),
02335 RSBAC_MINOR(device_p->id),
02336 get_error_name(tmp, tmperr));
02337 rsbac_kfree(tmp);
02338 }
02339 err = tmperr;
02340 }
02341 }
02342 #endif
02343 #endif
02344
02345 #if defined(CONFIG_RSBAC_FF)
02346
02347 for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++)
02348 {
02349 tmperr = rsbac_list_detach(&device_p->handles.ff[file_no],
02350 RSBAC_FF_FD_ACI_KEY);
02351 if(tmperr)
02352 {
02353 char * tmp;
02354
02355 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02356 if(tmp)
02357 {
02358 #ifdef CONFIG_RSBAC_RMSG
02359 rsbac_printk(KERN_WARNING
02360 "detach_fd_lists(): detaching from FF list %u for device %02u:%02u failed with error %s!\n",
02361 file_no,
02362 RSBAC_MAJOR(device_p->id),
02363 RSBAC_MINOR(device_p->id),
02364 get_error_name(tmp, tmperr));
02365 #endif
02366 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02367 if (!rsbac_nosyslog)
02368 #endif
02369 printk(KERN_WARNING
02370 "detach_fd_lists(): detaching from FF list %u for device %02u:%02u failed with error %s!\n",
02371 file_no,
02372 RSBAC_MAJOR(device_p->id),
02373 RSBAC_MINOR(device_p->id),
02374 get_error_name(tmp, tmperr));
02375 rsbac_kfree(tmp);
02376 }
02377 err = tmperr;
02378 }
02379 }
02380 #endif
02381
02382 #if defined(CONFIG_RSBAC_RC)
02383
02384 for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++)
02385 {
02386 tmperr = rsbac_list_detach(&device_p->handles.rc[file_no],
02387 RSBAC_RC_FD_ACI_KEY);
02388 if(tmperr)
02389 {
02390 char * tmp;
02391
02392 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02393 if(tmp)
02394 {
02395 #ifdef CONFIG_RSBAC_RMSG
02396 rsbac_printk(KERN_WARNING
02397 "detach_fd_lists(): detaching from RC list %u for device %02u:%02u failed with error %s!\n",
02398 file_no,
02399 RSBAC_MAJOR(device_p->id),
02400 RSBAC_MINOR(device_p->id),
02401 get_error_name(tmp, tmperr));
02402 #endif
02403 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02404 if (!rsbac_nosyslog)
02405 #endif
02406 printk(KERN_WARNING
02407 "detach_fd_lists(): detaching from RC list %u for device %02u:%02u failed with error %s!\n",
02408 file_no,
02409 RSBAC_MAJOR(device_p->id),
02410 RSBAC_MINOR(device_p->id),
02411 get_error_name(tmp, tmperr));
02412 rsbac_kfree(tmp);
02413 }
02414 err = tmperr;
02415 }
02416 }
02417 #endif
02418
02419 #if defined(CONFIG_RSBAC_AUTH)
02420
02421 for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++)
02422 {
02423 tmperr = rsbac_list_detach(&device_p->handles.auth[file_no],
02424 RSBAC_AUTH_FD_ACI_KEY);
02425 if(tmperr)
02426 {
02427 char * tmp;
02428
02429 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02430 if(tmp)
02431 {
02432 #ifdef CONFIG_RSBAC_RMSG
02433 rsbac_printk(KERN_WARNING
02434 "detach_fd_lists(): detaching from AUTH list %u for device %02u:%02u failed with error %s!\n",
02435 file_no,
02436 RSBAC_MAJOR(device_p->id),
02437 RSBAC_MINOR(device_p->id),
02438 get_error_name(tmp, tmperr));
02439 #endif
02440 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02441 if (!rsbac_nosyslog)
02442 #endif
02443 printk(KERN_WARNING
02444 "detach_fd_lists(): detaching from AUTH list %u for device %02u:%02u failed with error %s!\n",
02445 file_no,
02446 RSBAC_MAJOR(device_p->id),
02447 RSBAC_MINOR(device_p->id),
02448 get_error_name(tmp, tmperr));
02449 rsbac_kfree(tmp);
02450 }
02451 err = tmperr;
02452 }
02453 }
02454 #endif
02455
02456 #if defined(CONFIG_RSBAC_CAP)
02457
02458 for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++)
02459 {
02460 tmperr = rsbac_list_detach(&device_p->handles.cap[file_no],
02461 RSBAC_CAP_FD_ACI_KEY);
02462 if(tmperr)
02463 {
02464 char * tmp;
02465
02466 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02467 if(tmp)
02468 {
02469 #ifdef CONFIG_RSBAC_RMSG
02470 rsbac_printk(KERN_WARNING
02471 "detach_fd_lists(): detaching from CAP list %u for device %02u:%02u failed with error %s!\n",
02472 file_no,
02473 RSBAC_MAJOR(device_p->id),
02474 RSBAC_MINOR(device_p->id),
02475 get_error_name(tmp, tmperr));
02476 #endif
02477 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02478 if (!rsbac_nosyslog)
02479 #endif
02480 printk(KERN_WARNING
02481 "detach_fd_lists(): detaching from CAP list %u for device %02u:%02u failed with error %s!\n",
02482 file_no,
02483 RSBAC_MAJOR(device_p->id),
02484 RSBAC_MINOR(device_p->id),
02485 get_error_name(tmp, tmperr));
02486 rsbac_kfree(tmp);
02487 }
02488 err = tmperr;
02489 }
02490 }
02491 #endif
02492
02493 #if defined(CONFIG_RSBAC_PAX)
02494
02495 for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++)
02496 {
02497 tmperr = rsbac_list_detach(&device_p->handles.pax[file_no],
02498 RSBAC_PAX_FD_ACI_KEY);
02499 if(tmperr)
02500 {
02501 char * tmp;
02502
02503 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02504 if(tmp)
02505 {
02506 #ifdef CONFIG_RSBAC_RMSG
02507 rsbac_printk(KERN_WARNING
02508 "detach_fd_lists(): detaching from PAX list %u for device %02u:%02u failed with error %s!\n",
02509 file_no,
02510 RSBAC_MAJOR(device_p->id),
02511 RSBAC_MINOR(device_p->id),
02512 get_error_name(tmp, tmperr));
02513 #endif
02514 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02515 if (!rsbac_nosyslog)
02516 #endif
02517 printk(KERN_WARNING
02518 "detach_fd_lists(): detaching from PAX list %u for device %02u:%02u failed with error %s!\n",
02519 file_no,
02520 RSBAC_MAJOR(device_p->id),
02521 RSBAC_MINOR(device_p->id),
02522 get_error_name(tmp, tmperr));
02523 rsbac_kfree(tmp);
02524 }
02525 err = tmperr;
02526 }
02527 }
02528 #endif
02529
02530 #if defined(CONFIG_RSBAC_RES)
02531
02532 for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++)
02533 {
02534 tmperr = rsbac_list_detach(&device_p->handles.res[file_no],
02535 RSBAC_RES_FD_ACI_KEY);
02536 if(tmperr)
02537 {
02538 char * tmp;
02539
02540 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02541 if(tmp)
02542 {
02543 #ifdef CONFIG_RSBAC_RMSG
02544 rsbac_printk(KERN_WARNING
02545 "detach_fd_lists(): detaching from RES list %u for device %02u:%02u failed with error %s!\n",
02546 file_no,
02547 RSBAC_MAJOR(device_p->id),
02548 RSBAC_MINOR(device_p->id),
02549 get_error_name(tmp, tmperr));
02550 #endif
02551 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02552 if (!rsbac_nosyslog)
02553 #endif
02554 printk(KERN_WARNING
02555 "detach_fd_lists(): detaching from RES list %u for device %02u:%02u failed with error %s!\n",
02556 file_no,
02557 RSBAC_MAJOR(device_p->id),
02558 RSBAC_MINOR(device_p->id),
02559 get_error_name(tmp, tmperr));
02560 rsbac_kfree(tmp);
02561 }
02562 err = tmperr;
02563 }
02564 }
02565 #endif
02566
02567 return err;
02568 }
02569
02570
02571
02572 static struct rsbac_device_list_item_t
02573 * create_device_item(struct super_block * sb_p, struct dentry * d_covers)
02574 {
02575 struct rsbac_device_list_item_t * new_item_p;
02576
02577 if(!sb_p)
02578 return NULL;
02579
02580 if ( !(new_item_p = (struct rsbac_device_list_item_t *)
02581 rsbac_kmalloc(sizeof(*new_item_p)) ) )
02582 return(NULL);
02583
02584 memset(new_item_p, 0, sizeof(*new_item_p));
02585 new_item_p->id = sb_p->s_dev;
02586 new_item_p->sb_p = sb_p;
02587 new_item_p->d_covers = d_covers;
02588 new_item_p->mount_count = 1;
02589
02590 return(new_item_p);
02591 }
02592
02593
02594 static struct rsbac_device_list_item_t
02595 * add_device_item(struct rsbac_device_list_item_t * device_p)
02596 {
02597 if (!device_p)
02598 return(NULL);
02599
02600
02601 if (!device_list_head.head)
02602 {
02603 device_list_head.head=device_p;
02604 device_list_head.tail=device_p;
02605 device_list_head.curr=device_p;
02606 device_list_head.count=1;
02607 device_p->prev=NULL;
02608 device_p->next=NULL;
02609 }
02610 else
02611 {
02612 device_p->prev=device_list_head.tail;
02613 device_p->next=NULL;
02614 device_list_head.tail->next=device_p;
02615 device_list_head.tail=device_p;
02616 device_list_head.curr=device_p;
02617 device_list_head.count++;
02618 }
02619 return(device_p);
02620 }
02621
02622
02623
02624
02625
02626
02627
02628
02629 static void clear_device_item(struct rsbac_device_list_item_t * item_p)
02630 {
02631 if(!item_p)
02632 return;
02633
02634
02635 if(item_p->rsbac_dir_dentry_p)
02636 dput(item_p->rsbac_dir_dentry_p);
02637
02638 rsbac_kfree(item_p);
02639 }
02640
02641 static void remove_device_item(kdev_t kdev)
02642 {
02643 struct rsbac_device_list_item_t * item_p;
02644
02645
02646 if ( (item_p = lookup_device(kdev)) )
02647 {
02648 if (device_list_head.head == item_p)
02649 {
02650 if (device_list_head.tail == item_p)
02651 {
02652 device_list_head.head = NULL;
02653 device_list_head.tail = NULL;
02654 }
02655 else
02656 {
02657 item_p->next->prev = NULL;
02658 device_list_head.head = item_p->next;
02659 }
02660 }
02661 else
02662 {
02663 if (device_list_head.tail == item_p)
02664 {
02665 item_p->prev->next = NULL;
02666 device_list_head.tail = item_p->prev;
02667 }
02668 else
02669 {
02670 item_p->prev->next = item_p->next;
02671 item_p->next->prev = item_p->prev;
02672 }
02673 }
02674
02675
02676 device_list_head.curr=NULL;
02677
02678 device_list_head.count--;
02679
02680
02681 aci_detach_fd_lists(item_p);
02682
02683
02684 clear_device_item(item_p);
02685 }
02686
02687 }
02688
02689
02690
02691
02692
02693
02694 static int rsbac_clear_file(struct dentry *dentry)
02695 {
02696 struct inode *inode = dentry->d_inode;
02697 int error;
02698 struct iattr newattrs;
02699
02700 down(&inode->i_sem);
02701 newattrs.ia_size = 0;
02702 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
02703 error = notify_change(dentry, &newattrs);
02704 up(&inode->i_sem);
02705 return error;
02706 }
02707
02708 static void wakeup_auto(u_long dummy)
02709 {
02710 wake_up((void *) dummy);
02711 }
02712
02713 #if defined(CONFIG_RSBAC_REG)
02714 EXPORT_SYMBOL(rsbac_get_super_block);
02715 #endif
02716 struct super_block * rsbac_get_super_block(kdev_t kdev)
02717 {
02718 struct rsbac_device_list_item_t * device_p;
02719 u_long dflags;
02720 struct super_block * sb_p;
02721
02722 if(RSBAC_IS_AUTO_DEV(kdev))
02723 return NULL;
02724
02725
02726 rsbac_read_lock(&device_list_head.lock, &dflags);
02727 device_p = lookup_device(kdev);
02728 if (!device_p)
02729 {
02730 rsbac_read_unlock(&device_list_head.lock, &dflags);
02731 down(&rsbac_write_sem);
02732 up(&rsbac_write_sem);
02733 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02734 sb_p = user_get_super(kdev);
02735 #else
02736 sb_p = get_super(kdev);
02737 #endif
02738 if(!sb_p)
02739 {
02740 DECLARE_WAIT_QUEUE_HEAD(auto_wait);
02741 struct timer_list auto_timer;
02742
02743 #ifdef CONFIG_RSBAC_RMSG
02744 rsbac_printk(KERN_INFO
02745 "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n",
02746 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02747 #endif
02748 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02749 if (!rsbac_nosyslog)
02750 #endif
02751 printk(KERN_INFO
02752 "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n",
02753 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02754 init_timer(&auto_timer);
02755 auto_timer.function = wakeup_auto;
02756 auto_timer.data = (u_long) &auto_wait;
02757 auto_timer.expires = jiffies + HZ;
02758 add_timer(&auto_timer);
02759 interruptible_sleep_on(&auto_wait);
02760
02761 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02762 sb_p = user_get_super(kdev);
02763 #else
02764 sb_p = get_super(kdev);
02765 #endif
02766 }
02767 if(sb_p)
02768 {
02769 device_p = lookup_device(kdev);
02770 if (!device_p)
02771 {
02772 #ifdef CONFIG_RSBAC_RMSG
02773 rsbac_printk(KERN_INFO
02774 "rsbac_get_super_block(): auto-mounting device %02u:%02u\n",
02775 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02776 #endif
02777 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02778 if (!rsbac_nosyslog)
02779 #endif
02780 printk(KERN_INFO
02781 "rsbac_get_super_block(): auto-mounting device %02u:%02u\n",
02782 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02783 rsbac_mount(sb_p, NULL);
02784 }
02785
02786 drop_super(sb_p);
02787 rsbac_read_lock(&device_list_head.lock, &dflags);
02788 device_p = lookup_device(kdev);
02789 if (!device_p)
02790 {
02791 #ifdef CONFIG_RSBAC_RMSG
02792 rsbac_printk(KERN_WARNING
02793 "rsbac_get_super_block(): unknown device %02u:%02u\n",
02794 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02795 #endif
02796 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02797 if (!rsbac_nosyslog)
02798 #endif
02799 printk(KERN_WARNING
02800 "rsbac_get_super_block(): unknown device %02u:%02u\n",
02801 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02802 rsbac_read_unlock(&device_list_head.lock, &dflags);
02803 return NULL;
02804 }
02805 }
02806 else
02807 {
02808 return NULL;
02809 }
02810 }
02811 sb_p = device_p->sb_p;
02812 rsbac_read_unlock(&device_list_head.lock, &dflags);
02813 return sb_p;
02814 }
02815
02816 #if defined(CONFIG_RSBAC_REG)
02817 EXPORT_SYMBOL(rsbac_read_open);
02818 #endif
02819 int rsbac_read_open(char * name,
02820 struct file * file_p,
02821 kdev_t kdev)
02822 {
02823 struct dentry * dir_dentry_p;
02824 struct dentry * file_dentry_p;
02825 int tmperr, err;
02826
02827 if(!name || !file_p)
02828 {
02829 #ifdef CONFIG_RSBAC_DEBUG
02830 if (rsbac_debug_ds)
02831 {
02832 #ifdef CONFIG_RSBAC_RMSG
02833 rsbac_printk(KERN_DEBUG "rsbac_read_open(): called with NULL pointer!");
02834 #endif
02835 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02836 if (!rsbac_nosyslog)
02837 #endif
02838 printk(KERN_DEBUG "rsbac_read_open(): called with NULL pointer!");
02839 }
02840 #endif
02841 return(-RSBAC_EINVALIDPOINTER);
02842 }
02843
02844
02845 if ((err=lookup_aci_path_dentry(NULL, &dir_dentry_p, FALSE, kdev)))
02846 {
02847 return(err);
02848 }
02849
02850
02851
02852 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02853 if (!file_dentry_p || IS_ERR (file_dentry_p))
02854 {
02855 return(-RSBAC_EREADFAILED);
02856 }
02857 if (!file_dentry_p->d_inode)
02858 {
02859 char * bname;
02860 int name_len = strlen(name);
02861
02862 dput(file_dentry_p);
02863 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02864 if(!bname)
02865 {
02866 return -RSBAC_ENOMEM;
02867 }
02868
02869 strcpy(bname,name);
02870 bname[name_len] = 'b';
02871 name_len++;
02872 bname[name_len] = (char) 0;
02873 #ifdef CONFIG_RSBAC_DEBUG
02874 if (rsbac_debug_ds)
02875 {
02876 #ifdef CONFIG_RSBAC_RMSG
02877 rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup file %s, trying backup %s\n",
02878 name,bname);
02879 #endif
02880 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02881 if (!rsbac_nosyslog)
02882 #endif
02883 printk(KERN_DEBUG "rsbac_read_open(): could not lookup file %s, trying backup %s\n",
02884 name,bname);
02885 }
02886 #endif
02887 file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname));
02888 rsbac_kfree(bname);
02889 if (!file_dentry_p || IS_ERR (file_dentry_p))
02890 {
02891 return(-RSBAC_EREADFAILED);
02892 }
02893 if (!file_dentry_p->d_inode)
02894 {
02895 #ifdef CONFIG_RSBAC_DEBUG
02896 if (rsbac_debug_ds)
02897 {
02898 #ifdef CONFIG_RSBAC_RMSG
02899 rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup backup file %sb\n",
02900 name);
02901 #endif
02902 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02903 if (!rsbac_nosyslog)
02904 #endif
02905 printk(KERN_DEBUG "rsbac_read_open(): could not lookup backup file %sb\n",
02906 name);
02907 }
02908 #endif
02909 dput(file_dentry_p);
02910 return(-RSBAC_ENOTFOUND);
02911 }
02912 }
02913 if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) )
02914 {
02915 #ifdef CONFIG_RSBAC_RMSG
02916 rsbac_printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n");
02917 #endif
02918 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02919 if (!rsbac_nosyslog)
02920 #endif
02921 printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n");
02922 dput(file_dentry_p);
02923 return(-RSBAC_EREADFAILED);
02924 }
02925
02926
02927
02928 if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY)))
02929 {
02930 dput(file_dentry_p);
02931 #ifdef CONFIG_RSBAC_RMSG
02932 rsbac_printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n", name);
02933 #endif
02934 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02935 if (!rsbac_nosyslog)
02936 #endif
02937 printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n", name);
02938 return -RSBAC_EREADFAILED;
02939 }
02940
02941
02942 if ((!file_p->f_op) || (!file_p->f_op->read))
02943 {
02944 if (!file_p->f_op)
02945 {
02946 #ifdef CONFIG_RSBAC_RMSG
02947 rsbac_printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n", name);
02948 #endif
02949 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02950 if (!rsbac_nosyslog)
02951 #endif
02952 printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n", name);
02953 }
02954 else
02955 {
02956 #ifdef CONFIG_RSBAC_RMSG
02957 rsbac_printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n", name);
02958 #endif
02959 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02960 if (!rsbac_nosyslog)
02961 #endif
02962 printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n", name);
02963 if (file_p->f_op->release)
02964 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02965 }
02966 dput(file_dentry_p);
02967 return -RSBAC_EREADFAILED;
02968 }
02969 return 0;
02970 }
02971
02972
02973 #ifndef check_parent
02974 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02975 #define check_parent(dir, dentry) \
02976 ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket))
02977 #else
02978 #define check_parent(dir, dentry) \
02979 ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_hash))
02980 #endif
02981 #endif
02982
02983 #if defined(CONFIG_RSBAC_REG)
02984 EXPORT_SYMBOL(rsbac_write_open);
02985 #endif
02986 int rsbac_write_open(char * name,
02987 struct file * file_p,
02988 kdev_t kdev)
02989 {
02990 struct dentry * dir_dentry_p = NULL;
02991 struct dentry * ldir_dentry_p = NULL;
02992 struct dentry * file_dentry_p = NULL;
02993 int err = 0;
02994 int tmperr = 0;
02995 struct super_block * sb_p;
02996
02997 if(!file_p || !name)
02998 {
02999 #ifdef CONFIG_RSBAC_DEBUG
03000 if (rsbac_debug_write)
03001 {
03002 #ifdef CONFIG_RSBAC_RMSG
03003 rsbac_printk(KERN_DEBUG "rsbac_write_open(): called with NULL pointer!\n");
03004 #endif
03005 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03006 if (!rsbac_nosyslog)
03007 #endif
03008 printk(KERN_DEBUG "rsbac_write_open(): called with NULL pointer!\n");
03009 }
03010 #endif
03011 return(-RSBAC_EINVALIDPOINTER);
03012 }
03013
03014
03015 sb_p = rsbac_get_super_block(kdev);
03016 if (!sb_p)
03017 {
03018 #ifdef CONFIG_RSBAC_RMSG
03019 rsbac_printk(KERN_WARNING
03020 "rsbac_write_open(): invalid device %02u:%02u\n",
03021 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03022 #endif
03023 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03024 if (!rsbac_nosyslog)
03025 #endif
03026 printk(KERN_WARNING
03027 "rsbac_write_open(): invalid device %02u:%02u\n",
03028 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03029 return (-RSBAC_EINVALIDDEV);
03030 }
03031 if(!writable(sb_p))
03032 {
03033 #ifdef CONFIG_RSBAC_DEBUG
03034 if (rsbac_debug_write)
03035 {
03036 #ifdef CONFIG_RSBAC_RMSG
03037 rsbac_printk(KERN_DEBUG
03038 "rsbac_write_open(): called for non-writable device\n");
03039 #endif
03040 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03041 if (!rsbac_nosyslog)
03042 #endif
03043 printk(KERN_DEBUG
03044 "rsbac_write_open(): called for non-writable device\n");
03045 }
03046 #endif
03047 err = -RSBAC_ENOTWRITABLE;
03048 goto out;
03049 }
03050
03051
03052
03053 if ((tmperr = lookup_aci_path_dentry(sb_p, &dir_dentry_p, TRUE,
03054 kdev)))
03055 {
03056 err = tmperr;
03057 goto out;
03058 }
03059
03060
03061
03062 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
03063 if (!file_dentry_p || IS_ERR(file_dentry_p))
03064 {
03065 #ifdef CONFIG_RSBAC_DEBUG
03066 if (rsbac_debug_write)
03067 {
03068 #ifdef CONFIG_RSBAC_RMSG
03069 rsbac_printk(KERN_DEBUG
03070 "rsbac_write_open(): lookup of %s returned error %li\n",
03071 name, PTR_ERR(file_dentry_p));
03072 #endif
03073 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03074 if (!rsbac_nosyslog)
03075 #endif
03076 printk(KERN_DEBUG
03077 "rsbac_write_open(): lookup of %s returned error %li\n",
03078 name, PTR_ERR(file_dentry_p));
03079 }
03080 #endif
03081 err = -RSBAC_EWRITEFAILED;
03082 goto out;
03083 }
03084
03085 #if 1
03086 if (file_dentry_p->d_inode)
03087 {
03088 if ( !dir_dentry_p->d_inode->i_op
03089 || !dir_dentry_p->d_inode->i_op->rename)
03090 {
03091 #ifdef CONFIG_RSBAC_RMSG
03092 rsbac_printk(KERN_WARNING
03093 "rsbac_write_open(): File system supports no rename - no backup of %s made!",
03094 name);
03095 #endif
03096 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03097 if (!rsbac_nosyslog)
03098 #endif
03099 printk(KERN_WARNING
03100 "rsbac_write_open(): File system supports no rename - no backup of %s made!",
03101 name);
03102 }
03103 else
03104 {
03105 char * bname;
03106 int name_len = strlen(name);
03107 struct dentry * new_file_dentry_p = NULL;
03108 struct dentry * old_dir_p, * new_dir_p;
03109
03110 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03111 if(!bname)
03112 {
03113 err = -RSBAC_ENOMEM;
03114 goto out_dput;
03115 }
03116 strcpy(bname,name);
03117 bname[name_len] = 'b';
03118 bname[name_len+1] = (char) 0;
03119 new_file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname));
03120 if(new_file_dentry_p && !IS_ERR(new_file_dentry_p))
03121 {
03122
03123 old_dir_p = dget(file_dentry_p->d_parent);
03124 new_dir_p = dget(new_file_dentry_p->d_parent);
03125 double_lock(new_dir_p, old_dir_p);
03126
03127 DQUOT_INIT(old_dir_p->d_inode);
03128 DQUOT_INIT(new_dir_p->d_inode);
03129
03130
03131
03132
03133 err = dir_dentry_p->d_inode->i_op->rename(old_dir_p->d_inode,
03134 file_dentry_p,
03135 new_dir_p->d_inode,
03136 new_file_dentry_p);
03137
03138 double_unlock(new_dir_p, old_dir_p);
03139 if(err)
03140 {
03141 #ifdef CONFIG_RSBAC_RMSG
03142 rsbac_printk(KERN_WARNING
03143 "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n",
03144 name,bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
03145 #endif
03146 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03147 if (!rsbac_nosyslog)
03148 #endif
03149 printk(KERN_WARNING
03150 "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n",
03151 name,bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
03152 }
03153 else
03154 {
03155
03156 if (!(sb_p->s_type->fs_flags & FS_ODD_RENAME))
03157 d_move(file_dentry_p, new_file_dentry_p);
03158 inode_dir_notify(old_dir_p->d_inode, DN_RENAME);
03159 }
03160 dput(new_file_dentry_p);
03161 dput(file_dentry_p);
03162
03163 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
03164 if (!file_dentry_p || IS_ERR (file_dentry_p))
03165 {
03166 #ifdef CONFIG_RSBAC_DEBUG
03167 if (rsbac_debug_write)
03168 {
03169 #ifdef CONFIG_RSBAC_RMSG
03170 rsbac_printk(KERN_DEBUG
03171 "rsbac_write_open(): relookup of %s returned error %li\n",
03172 name, PTR_ERR(file_dentry_p));
03173 #endif
03174 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03175 if (!rsbac_nosyslog)
03176 #endif
03177 printk(KERN_DEBUG
03178 "rsbac_write_open(): relookup of %s returned error %li\n",
03179 name, PTR_ERR(file_dentry_p));
03180 }
03181 #endif
03182 err = -RSBAC_EWRITEFAILED;
03183 goto out;
03184 }
03185 if (file_dentry_p->d_inode)
03186 {
03187 #ifdef CONFIG_RSBAC_RMSG
03188 rsbac_printk(KERN_WARNING
03189 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n",
03190 name, file_dentry_p->d_inode->i_ino);
03191 #endif
03192 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03193 if (!rsbac_nosyslog)
03194 #endif
03195 printk(KERN_WARNING
03196 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n",
03197 name, file_dentry_p->d_inode->i_ino);
03198
03199 if ( !dir_dentry_p->d_inode->i_op
03200 || !dir_dentry_p->d_inode->i_op->unlink)
03201 {
03202 #ifdef CONFIG_RSBAC_RMSG
03203 rsbac_printk(KERN_WARNING
03204 "rsbac_write_open(): File system supports no unlink - %s not deleted!",
03205 name);
03206 #endif
03207 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03208 if (!rsbac_nosyslog)
03209 #endif
03210 printk(KERN_WARNING
03211 "rsbac_write_open(): File system supports no unlink - %s not deleted!",
03212 name);
03213 rsbac_kfree(bname);
03214 err = -RSBAC_EWRITEFAILED;
03215 goto out_dput;
03216 }
03217 else
03218 {
03219 old_dir_p = lock_parent(file_dentry_p);
03220
03221 DQUOT_INIT(old_dir_p->d_inode);
03222 err = -ENOENT;
03223 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
03224 if (check_parent(old_dir_p, file_dentry_p))
03225 {
03226 #endif
03227 err = dir_dentry_p->d_inode->i_op->unlink(old_dir_p->d_inode,
03228 file_dentry_p);
03229 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
03230 }
03231 else
03232 {
03233 #ifdef CONFIG_RSBAC_RMSG
03234 rsbac_printk(KERN_WARNING
03235 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n",
03236 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
03237 #endif
03238 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03239 if (!rsbac_nosyslog)
03240 #endif
03241 printk(KERN_WARNING
03242 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n",
03243 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
03244 }
03245 #endif
03246
03247 unlock_dir(old_dir_p);
03248
03249 dput(file_dentry_p);
03250 if(err)
03251 {
03252 #ifdef CONFIG_RSBAC_RMSG
03253 rsbac_printk(KERN_WARNING
03254 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n",
03255 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
03256 #endif
03257 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03258 if (!rsbac_nosyslog)
03259 #endif
03260 printk(KERN_WARNING
03261 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n",
03262 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
03263 }
03264
03265 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
03266 if (!file_dentry_p || IS_ERR (file_dentry_p))
03267 {
03268 #ifdef CONFIG_RSBAC_DEBUG
03269 if (rsbac_debug_write)
03270 {
03271 #ifdef CONFIG_RSBAC_RMSG
03272 rsbac_printk(KERN_DEBUG
03273 "rsbac_write_open(): relookup of %s returned error %li\n",
03274 name, PTR_ERR(file_dentry_p));
03275 #endif
03276 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03277 if (!rsbac_nosyslog)
03278 #endif
03279 printk(KERN_DEBUG
03280 "rsbac_write_open(): relookup of %s returned error %li\n",
03281 name, PTR_ERR(file_dentry_p));
03282 }
03283 #endif
03284 rsbac_kfree(bname);
03285 err = -RSBAC_EWRITEFAILED;
03286 goto out;
03287 }
03288 if (file_dentry_p->d_inode)
03289 {
03290 #ifdef CONFIG_RSBAC_RMSG
03291 rsbac_printk(KERN_WARNING
03292 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n",
03293 name, file_dentry_p->d_inode->i_ino);
03294 #endif
03295 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03296 if (!rsbac_nosyslog)
03297 #endif
03298 printk(KERN_WARNING
03299 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n",
03300 name, file_dentry_p->d_inode->i_ino);
03301 rsbac_kfree(bname);
03302 err = -RSBAC_EWRITEFAILED;
03303 goto out_dput;
03304 }
03305 }
03306 }
03307 }
03308 else
03309 {
03310 #ifdef CONFIG_RSBAC_RMSG
03311 rsbac_printk(KERN_WARNING
03312 "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n",
03313 bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), PTR_ERR(new_file_dentry_p));
03314 #endif
03315 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03316 if (!rsbac_nosyslog)
03317 #endif
03318 printk(KERN_WARNING
03319 "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n",
03320 bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), PTR_ERR(new_file_dentry_p));
03321 }
03322 rsbac_kfree(bname);
03323 }
03324 }
03325 #endif
03326
03327 if(!file_dentry_p->d_inode)
03328 {
03329
03330 if ( !dir_dentry_p->d_inode->i_op
03331 || !dir_dentry_p->d_inode->i_op->create)
03332 {
03333 #ifdef CONFIG_RSBAC_RMSG
03334 rsbac_printk(KERN_WARNING "%s\n",
03335 "rsbac_write_open(): File system supports no create!");
03336 #endif
03337 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03338 if (!rsbac_nosyslog)
03339 #endif
03340 printk(KERN_WARNING "%s\n",
03341 "rsbac_write_open(): File system supports no create!");
03342 err = -RSBAC_EWRITEFAILED;
03343 goto out_dput;
03344 }
03345
03346
03347 ldir_dentry_p = lock_parent(file_dentry_p);
03348 if(IS_ERR(ldir_dentry_p))
03349 {
03350 #ifdef CONFIG_RSBAC_DEBUG
03351 if (rsbac_debug_write)
03352 {
03353 #ifdef CONFIG_RSBAC_RMSG
03354 rsbac_printk(KERN_DEBUG
03355 "rsbac_write_open(): lock_parent of %s returned error %li\n",
03356 name, PTR_ERR(ldir_dentry_p));
03357 #endif
03358 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03359 if (!rsbac_nosyslog)
03360 #endif
03361 printk(KERN_DEBUG
03362 "rsbac_write_open(): lock_parent of %s returned error %li\n",
03363 name, PTR_ERR(ldir_dentry_p));
03364 }
03365 #endif
03366 err = -RSBAC_EWRITEFAILED;
03367 goto out_dput;
03368 }
03369 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
03370 if (!check_parent(ldir_dentry_p, file_dentry_p))
03371 {
03372 #ifdef CONFIG_RSBAC_DEBUG
03373 if (rsbac_debug_write)
03374 {
03375 #ifdef CONFIG_RSBAC_RMSG
03376 rsbac_printk(KERN_DEBUG
03377 "rsbac_write_open(): check_parent of %s returned error\n",
03378 name);
03379 #endif
03380 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03381 if (!rsbac_nosyslog)
03382 #endif
03383 printk(KERN_DEBUG
03384 "rsbac_write_open(): check_parent of %s returned error\n",
03385 name);
03386 }
03387 #endif
03388 unlock_dir(ldir_dentry_p);
03389 err = -RSBAC_EWRITEFAILED;
03390 goto out_dput;
03391 }
03392 #endif
03393
03394
03395
03396
03397
03398 DQUOT_INIT(ldir_dentry_p->d_inode);
03399 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03400 err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode,
03401 file_dentry_p,
03402 RSBAC_ACI_FILE_MODE,
03403 NULL);
03404 #else
03405 err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode,
03406 file_dentry_p,
03407 RSBAC_ACI_FILE_MODE);
03408 #endif
03409 unlock_dir(ldir_dentry_p);
03410
03411 if (err)
03412 {
03413 goto out_dput;
03414 }
03415
03416 }
03417
03418 if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) )
03419 {
03420 #ifdef CONFIG_RSBAC_RMSG
03421 rsbac_printk(KERN_WARNING
03422 "rsbac_write_open(): expected file is not a file, mode is %o!\n",
03423 file_dentry_p->d_inode->i_mode);
03424 #endif
03425 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03426 if (!rsbac_nosyslog)
03427 #endif
03428 printk(KERN_WARNING
03429 "rsbac_write_open(): expected file is not a file, mode is %o!\n",
03430 file_dentry_p->d_inode->i_mode);
03431 err = -RSBAC_EWRITEFAILED;
03432 goto out_dput;
03433 }
03434
03435
03436 if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY)))
03437 {
03438 #ifdef CONFIG_RSBAC_RMSG
03439 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not init file!\n");
03440 #endif
03441 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03442 if (!rsbac_nosyslog)
03443 #endif
03444 printk(KERN_WARNING "rsbac_write_open(): could not init file!\n");
03445 err = -RSBAC_EWRITEFAILED;
03446 goto out_dput;
03447 }
03448
03449
03450 if ((!file_p->f_op) || (!file_p->f_op->write))
03451 {
03452 #ifdef CONFIG_RSBAC_RMSG
03453 rsbac_printk(KERN_WARNING
03454 "rsbac_write_open(): file write function missing!\n");
03455 #endif
03456 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03457 if (!rsbac_nosyslog)
03458 #endif
03459 printk(KERN_WARNING
03460 "rsbac_write_open(): file write function missing!\n");
03461 if(file_p->f_op && file_p->f_op->release)
03462 {
03463 file_p->f_op->release(file_dentry_p->d_inode, file_p);
03464 }
03465 err = -RSBAC_EWRITEFAILED;
03466 goto out_dput;
03467 }
03468
03469
03470
03471
03472
03473 if (get_write_access(file_dentry_p->d_inode))
03474 {
03475 #ifdef CONFIG_RSBAC_RMSG
03476 rsbac_printk(KERN_WARNING
03477 "rsbac_write_open(): could not get write access!\n");
03478 #endif
03479 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03480 if (!rsbac_nosyslog)
03481 #endif
03482 printk(KERN_WARNING
03483 "rsbac_write_open(): could not get write access!\n");
03484 if (file_p->f_op->release)
03485 file_p->f_op->release(file_dentry_p->d_inode, file_p);
03486 err = -RSBAC_EWRITEFAILED;
03487 goto out_dput;
03488 }
03489
03490 if(rsbac_clear_file(file_dentry_p))
03491 {
03492 if (file_p->f_op->release)
03493 file_p->f_op->release(file_dentry_p->d_inode, file_p);
03494 put_write_access(file_dentry_p->d_inode);
03495 #ifdef CONFIG_RSBAC_RMSG
03496 rsbac_printk(KERN_WARNING
03497 "rsbac_write_open(): could not truncate!\n");
03498 #endif
03499 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03500 if (!rsbac_nosyslog)
03501 #endif
03502 printk(KERN_WARNING
03503 "rsbac_write_open(): could not truncate!\n");
03504 err = -RSBAC_EWRITEFAILED;
03505 goto out_dput;
03506 }
03507
03508 file_p->f_flags |= O_SYNC;
03509
03510 out:
03511 return err;
03512
03513 out_dput:
03514 dput(file_dentry_p);
03515 goto out;
03516 }
03517
03518
03519 #if defined(CONFIG_RSBAC_REG)
03520 EXPORT_SYMBOL(rsbac_read_close);
03521 #endif
03522 void rsbac_read_close(struct file * file_p)
03523 {
03524
03525 struct dentry * dentry = file_p->f_dentry;
03526 struct inode * inode = dentry->d_inode;
03527
03528 if (file_p->f_op && file_p->f_op->release)
03529 file_p->f_op->release(inode, file_p);
03530 file_p->f_dentry = NULL;
03531 if (file_p->f_mode & FMODE_WRITE)
03532 put_write_access(inode);
03533 dput(dentry);
03534 }
03535
03536 #if defined(CONFIG_RSBAC_REG)
03537 EXPORT_SYMBOL(rsbac_write_close);
03538 #endif
03539 void rsbac_write_close(struct file * file_p)
03540 {
03541 rsbac_read_close(file_p);
03542 }
03543
03544 #if defined(CONFIG_RSBAC_REG)
03545 EXPORT_SYMBOL(rsbac_get_full_path);
03546 #endif
03547 int rsbac_get_full_path(struct dentry * dentry_p, char path[], int maxlen)
03548 {
03549 int len=0;
03550 char * i_path;
03551 int tmplen=0;
03552 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
03553 union rsbac_target_id_t i_tid;
03554 union rsbac_attribute_value_t i_attr_val;
03555 #endif
03556
03557 if(!dentry_p || !path)
03558 return -RSBAC_EINVALIDPOINTER;
03559 if(maxlen <= 0)
03560 return -RSBAC_EINVALIDVALUE;
03561 i_path = rsbac_kmalloc(maxlen + RSBAC_MAXNAMELEN);
03562 if(!i_path)
03563 return -RSBAC_ENOMEM;
03564
03565 path[0] = 0;
03566
03567 while(dentry_p && (len<maxlen) && dentry_p->d_name.len && dentry_p->d_name.name)
03568 {
03569 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
03570 if( dentry_p->d_inode
03571 && dentry_p->d_parent
03572 && dentry_p->d_parent->d_inode
03573 && (i_tid.user = dentry_p->d_inode->i_uid)
03574 && (dentry_p->d_inode->i_uid != dentry_p->d_parent->d_inode->i_uid)
03575 && !rsbac_get_attr(GEN,T_USER,i_tid,A_pseudo,&i_attr_val,FALSE)
03576 && i_attr_val.pseudo
03577 )
03578 {
03579 if((maxlen-len) < 12)
03580 {
03581 rsbac_kfree(i_path);
03582 return(len);
03583 }
03584 tmplen = snprintf(i_path, 11, "%u", i_attr_val.pseudo);
03585 }
03586 else
03587 #endif
03588 {
03589 tmplen = dentry_p->d_name.len;
03590 if((tmplen+1) > (maxlen-len))
03591 {
03592 rsbac_kfree(i_path);
03593 return(len);
03594 }
03595 strncpy(i_path, dentry_p->d_name.name, tmplen);
03596 }
03597 if(len && (i_path[tmplen-1] != '/'))
03598 {
03599 i_path[tmplen] = '/';
03600 tmplen++;
03601 }
03602 i_path[tmplen]=0;
03603 strcat(i_path, path);
03604 strcpy(path, i_path);
03605 len += tmplen;
03606 if( dentry_p->d_parent
03607 && (dentry_p->d_parent != dentry_p)
03608 && (dentry_p->d_sb->s_root != dentry_p)
03609 )
03610 dentry_p = dentry_p->d_parent;
03611 else
03612 {
03613 struct rsbac_device_list_item_t * device_p;
03614
03615 device_p = lookup_device(dentry_p->d_sb->s_dev);
03616 if( device_p
03617 && device_p->d_covers
03618 )
03619 dentry_p = device_p->d_covers;
03620 else
03621 break;
03622 }
03623 }
03624 rsbac_kfree(i_path);
03625 return(len);
03626 }
03627
03628 #if defined(CONFIG_RSBAC_REG)
03629 EXPORT_SYMBOL(rsbac_get_full_path_length);
03630 #endif
03631 int rsbac_get_full_path_length(struct dentry * dentry_p)
03632 {
03633 int len=0;
03634 int tmplen=0;
03635
03636 if(!dentry_p)
03637 return -RSBAC_EINVALIDPOINTER;
03638
03639 while(dentry_p && dentry_p->d_name.len && dentry_p->d_name.name)
03640 {
03641 tmplen = dentry_p->d_name.len;
03642 if(len && (dentry_p->d_name.name[tmplen-1] != '/'))
03643 {
03644 tmplen++;
03645 }
03646 len += tmplen;
03647 if( dentry_p->d_parent
03648 && (dentry_p->d_parent != dentry_p)
03649 && (dentry_p->d_sb->s_root != dentry_p)
03650 )
03651 dentry_p = dentry_p->d_parent;
03652 else
03653 {
03654 struct rsbac_device_list_item_t * device_p;
03655
03656 device_p = lookup_device(dentry_p->d_sb->s_dev);
03657 if( device_p
03658 && device_p->d_covers
03659 )
03660 dentry_p = device_p->d_covers;
03661 else
03662 break;
03663 }
03664 }
03665 return(len);
03666 }
03667
03668
03669
03670
03671
03672 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
03673 static int
03674 devices_proc_info(char *buffer, char **start, off_t offset, int length)
03675 {
03676 int len = 0;
03677 off_t pos = 0;
03678 off_t begin = 0;
03679 struct rsbac_device_list_item_t * device_p;
03680 u_long dflags;
03681
03682 if (!rsbac_initialized) return (-ENOSYS);
03683
03684 len += sprintf(buffer, "%u RSBAC Devices\n---------------\n",
03685 device_list_head.count);
03686
03687
03688 rsbac_read_lock(&device_list_head.lock, &dflags);
03689
03690 for (device_p = device_list_head.head; device_p; device_p = device_p->next)
03691 {
03692 if(device_p->sb_p && device_p->sb_p->s_type && device_p->sb_p->s_type->name)
03693 len += sprintf(buffer + len, "%02u:%02u with mount_count = %u, d_covers = %p, fs_type = %s\n",
03694 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
03695 device_p->mount_count,
03696 device_p->d_covers,
03697 device_p->sb_p->s_type->name);
03698 else
03699 len += sprintf(buffer + len, "%02u:%02u with mount_count = %u, d_covers = %p\n",
03700 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
03701 device_p->mount_count,
03702 device_p->d_covers);
03703 pos = begin + len;
03704 if (pos < offset)
03705 {
03706 len = 0;
03707 begin = pos;
03708 }
03709 if (pos > offset+length) break;
03710 }
03711
03712
03713 rsbac_read_unlock(&device_list_head.lock, &dflags);
03714
03715 *start = buffer + (offset - begin);
03716 len -= (offset - begin);
03717
03718 if (len > length)
03719 len = length;
03720 return len;
03721 }
03722
03723 static int
03724 stats_proc_info(char *buffer, char **start, off_t offset, int length)
03725 {
03726 u_int len = 0;
03727 off_t pos = 0;
03728 off_t begin = 0;
03729 struct rsbac_device_list_item_t * device_p;
03730 int i;
03731 u_long fd_count, fd_dev_count, fd_sum = 0;
03732 u_long sum = 0;
03733 u_long total_sum = 0;
03734 long tmp_count;
03735 u_long dflags;
03736
03737 union rsbac_target_id_t rsbac_target_id;
03738 union rsbac_attribute_value_t rsbac_attribute_value;
03739
03740 if (!rsbac_initialized) return (-ENOSYS);
03741
03742 #ifdef CONFIG_RSBAC_DEBUG
03743 if (rsbac_debug_aef)
03744 {
03745 #ifdef CONFIG_RSBAC_RMSG
03746 rsbac_printk(KERN_DEBUG "stats_proc_info(): calling ADF\n");
03747 #endif
03748 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03749 if (!rsbac_nosyslog)
03750 #endif
03751 printk(KERN_DEBUG "stats_proc_info(): calling ADF\n");
03752 }
03753 #endif
03754 rsbac_target_id.scd = ST_rsbac;
03755 rsbac_attribute_value.dummy = 0;
03756 if (!rsbac_adf_request(R_GET_STATUS_DATA,
03757 current->pid,
03758 T_SCD,
03759 rsbac_target_id,
03760 A_none,
03761 rsbac_attribute_value))
03762 {
03763 return -EPERM;
03764 }
03765
03766 #ifdef CONFIG_RSBAC_MAINT
03767 len = sprintf(buffer, "RSBAC Status\n------------\nRSBAC Version: %s (Maintenance Mode)\nSupported Modules:%s\n",
03768 RSBAC_VERSION, compiled_modules);
03769 #else
03770 len = sprintf(buffer, "RSBAC Status\n------------\nRSBAC Version: %s\nCompiled Modules:%s\n",
03771 RSBAC_VERSION, compiled_modules);
03772 #endif
03773 pos = begin + len;
03774 if (pos < offset)
03775 {
03776 len = 0;
03777 begin = pos;
03778 }
03779 if (pos > offset+length)
03780 goto out;
03781
03782 #ifdef CONFIG_RSBAC_SWITCH
03783 {
03784 char * active_modules;
03785
03786 active_modules = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03787 if(active_modules)
03788 {
03789 active_modules[0] = (char) 0;
03790 #ifdef CONFIG_RSBAC_REG
03791 strcat(active_modules, " REG");
03792 #endif
03793 #ifdef CONFIG_RSBAC_MAC
03794 if(rsbac_switch_mac)
03795 #ifdef CONFIG_RSBAC_MAC_LIGHT
03796 strcat(active_modules, " MAC-L");
03797 #else
03798 strcat(active_modules, " MAC");
03799 #endif
03800 #endif
03801 #ifdef CONFIG_RSBAC_FC
03802 if(rsbac_switch_fc)
03803 strcat(active_modules, " FC");
03804 #endif
03805 #ifdef CONFIG_RSBAC_SIM
03806 if(rsbac_switch_sim)
03807 strcat(active_modules, " SIM");
03808 #endif
03809 #ifdef CONFIG_RSBAC_PM
03810 if(rsbac_switch_pm)
03811 strcat(active_modules, " PM");
03812 #endif
03813 #ifdef CONFIG_RSBAC_DAZ
03814 if(rsbac_switch_daz)
03815 strcat(active_modules, " DAZ");
03816 #endif
03817 #ifdef CONFIG_RSBAC_FF
03818 if(rsbac_switch_ff)
03819 strcat(active_modules, " FF");
03820 #endif
03821 #ifdef CONFIG_RSBAC_RC
03822 if(rsbac_switch_rc)
03823 strcat(active_modules, " RC");
03824 #endif
03825 #ifdef CONFIG_RSBAC_AUTH
03826 if(rsbac_switch_auth)
03827 strcat(active_modules, " AUTH");
03828 #endif
03829 #ifdef CONFIG_RSBAC_ACL
03830 if(rsbac_switch_acl)
03831 strcat(active_modules, " ACL");
03832 #endif
03833 #ifdef CONFIG_RSBAC_CAP
03834 if(rsbac_switch_cap)
03835 strcat(active_modules, " CAP");
03836 #endif
03837 #ifdef CONFIG_RSBAC_JAIL
03838 if(rsbac_switch_jail)
03839 strcat(active_modules, " JAIL");
03840 #endif
03841 #ifdef CONFIG_RSBAC_RES
03842 if(rsbac_switch_res)
03843 strcat(active_modules, " RES");
03844 #endif
03845 #ifdef CONFIG_RSBAC_PAX
03846 if(rsbac_switch_pax)
03847 strcat(active_modules, " PAX");
03848 #endif
03849 len += sprintf(buffer+len, "Active Modules: %s\n",
03850 active_modules);
03851 rsbac_kfree(active_modules);
03852 pos = begin + len;
03853 if (pos < offset)
03854 {
03855 len = 0;
03856 begin = pos;
03857 }
03858 if (pos > offset+length)
03859 goto out;
03860 }
03861 }
03862 #else
03863 len += sprintf(buffer+len, "All modules active (no switching)\n");
03864 pos = begin + len;
03865 if (pos < offset)
03866 {
03867 len = 0;
03868 begin = pos;
03869 }
03870 if (pos > offset+length)
03871 goto out;
03872 #endif
03873
03874 #ifdef CONFIG_RSBAC_SOFTMODE
03875 if(rsbac_softmode)
03876 {
03877 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03878 len += sprintf(buffer+len, "Global softmode is enabled\n");
03879 #else
03880 len += sprintf(buffer+len, "Softmode is enabled\n");
03881 #endif
03882 pos = begin + len;
03883 if (pos < offset)
03884 {
03885 len = 0;
03886 begin = pos;
03887 }
03888 if (pos > offset+length)
03889 goto out;
03890 }
03891 else
03892 {
03893 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03894 len += sprintf(buffer+len, "Global softmode is disabled\n");
03895 #else
03896 len += sprintf(buffer+len, "Softmode is disabled\n");
03897 #endif
03898 pos = begin + len;
03899 if (pos < offset)
03900 {
03901 len = 0;
03902 begin = pos;
03903 }
03904 if (pos > offset+length)
03905 goto out;
03906 }
03907 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03908 {
03909 char * tmp;
03910
03911 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03912 if(tmp)
03913 {
03914 len += sprintf(buffer+len, "Individual softmode enabled for:");
03915 for(i=0; i<=RSBAC_MAX_MOD; i++)
03916 if(rsbac_ind_softmode[i])
03917 len += sprintf(buffer+len, " %s", get_switch_target_name(tmp, i));
03918 rsbac_kfree(tmp);
03919 len += sprintf(buffer+len, "\n");
03920 pos = begin + len;
03921 if (pos < offset)
03922 {
03923 len = 0;
03924 begin = pos;
03925 }
03926 if (pos > offset+length)
03927 goto out;
03928 }
03929 }
03930 #endif
03931 #endif
03932
03933 len += sprintf(buffer+len, "\n");
03934
03935
03936 rsbac_read_lock(&device_list_head.lock, &dflags);
03937
03938 device_p = device_list_head.head;
03939 if(device_p)
03940 len += sprintf(buffer + len, "FD items:\n");
03941 while (device_p)
03942 {
03943 fd_dev_count = 0;
03944
03945 fd_count = 0;
03946 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
03947 {
03948 tmp_count = rsbac_list_count(device_p->handles.gen[i]);
03949 if(tmp_count > 0)
03950 fd_count+=tmp_count;
03951 }
03952 len += sprintf(buffer + len, "Dev %02u:%02u: %lu GEN",
03953 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
03954 fd_dev_count += fd_count;
03955
03956 #if defined(CONFIG_RSBAC_MAC)
03957 fd_count = 0;
03958 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
03959 {
03960 tmp_count = rsbac_list_count(device_p->handles.mac[i]);
03961 if(tmp_count > 0)
03962 fd_count+=tmp_count;
03963 }
03964 len += sprintf(buffer + len, ", %lu MAC",
03965 fd_count);
03966 fd_dev_count += fd_count;
03967 #endif
03968
03969 #if defined(CONFIG_RSBAC_FC)
03970 fd_count = 0;
03971 for (i=0; i < RSBAC_FC_NR_FD_LISTS; i++)
03972 {
03973 tmp_count = rsbac_list_count(device_p->handles.fc[i]);
03974 if(tmp_count > 0)
03975 fd_count+=tmp_count;
03976 }
03977 len += sprintf(buffer + len, ", %lu FC",
03978 fd_count);
03979 fd_dev_count += fd_count;
03980 #endif
03981
03982 #if defined(CONFIG_RSBAC_SIM)
03983 fd_count = 0;
03984 for (i=0; i < RSBAC_SIM_NR_FD_LISTS; i++)
03985 {
03986 tmp_count = rsbac_list_count(device_p->handles.sim[i]);
03987 if(tmp_count > 0)
03988 fd_count+=tmp_count;
03989 }
03990 len += sprintf(buffer + len, ", %lu SIM",
03991 fd_count);
03992 fd_dev_count += fd_count;
03993 #endif
03994
03995 #if defined(CONFIG_RSBAC_PM)
03996 fd_count = 0;
03997 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
03998 {
03999 tmp_count = rsbac_list_count(device_p->handles.pm[i]);
04000 if(tmp_count > 0)
04001 fd_count+=tmp_count;
04002 }
04003 len += sprintf(buffer + len, ", %lu PM",
04004 fd_count);
04005 fd_dev_count += fd_count;
04006 #endif
04007
04008 #if defined(CONFIG_RSBAC_DAZ)
04009 fd_count = 0;
04010 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
04011 {
04012 tmp_count = rsbac_list_count(device_p->handles.daz[i]);
04013 if(tmp_count > 0)
04014 fd_count+=tmp_count;
04015 }
04016 len += sprintf(buffer + len, ", %lu DAZ",
04017 fd_count);
04018 fd_dev_count += fd_count;
04019 #if defined(CONFIG_RSBAC_DAZ_CACHE)
04020 fd_count = 0;
04021 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
04022 {
04023 tmp_count = rsbac_list_count(device_p->handles.dazs[i]);
04024 if(tmp_count > 0)
04025 fd_count+=tmp_count;
04026 }
04027 len += sprintf(buffer + len, ", %lu DAZ_SCANNED",
04028 fd_count);
04029 fd_dev_count += fd_count;
04030 #endif
04031 #endif
04032
04033 #if defined(CONFIG_RSBAC_FF)
04034 fd_count = 0;
04035 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
04036 {
04037 tmp_count = rsbac_list_count(device_p->handles.ff[i]);
04038 if(tmp_count > 0)
04039 fd_count+=tmp_count;
04040 }
04041 len += sprintf(buffer + len, ", %lu FF",
04042 fd_count);
04043 fd_dev_count += fd_count;
04044 #endif
04045
04046 #if defined(CONFIG_RSBAC_RC)
04047 fd_count = 0;
04048 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
04049 {
04050 tmp_count = rsbac_list_count(device_p->handles.rc[i]);
04051 if(tmp_count > 0)
04052 fd_count+=tmp_count;
04053 }
04054 len += sprintf(buffer + len, ", %lu RC",
04055 fd_count);
04056 fd_dev_count += fd_count;
04057 #endif
04058
04059 #if defined(CONFIG_RSBAC_AUTH)
04060 fd_count = 0;
04061 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
04062 {
04063 tmp_count = rsbac_list_count(device_p->handles.auth[i]);
04064 if(tmp_count > 0)
04065 fd_count+=tmp_count;
04066 }
04067 len += sprintf(buffer + len, ", %lu AUTH",
04068 fd_count);
04069 fd_dev_count += fd_count;
04070 #endif
04071
04072 #if defined(CONFIG_RSBAC_CAP)
04073 fd_count = 0;
04074 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
04075 {
04076 tmp_count = rsbac_list_count(device_p->handles.cap[i]);
04077 if(tmp_count > 0)
04078 fd_count+=tmp_count;
04079 }
04080 len += sprintf(buffer + len, ", %lu CAP",
04081 fd_count);
04082 fd_dev_count += fd_count;
04083 #endif
04084
04085 #if defined(CONFIG_RSBAC_RES)
04086 fd_count = 0;
04087 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
04088 {
04089 tmp_count = rsbac_list_count(device_p->handles.res[i]);
04090 if(tmp_count > 0)
04091 fd_count+=tmp_count;
04092 }
04093 len += sprintf(buffer + len, ", %lu RES",
04094 fd_count);
04095 fd_dev_count += fd_count;
04096 #endif
04097
04098 #if defined(CONFIG_RSBAC_PAX)
04099 fd_count = 0;
04100 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
04101 {
04102 tmp_count = rsbac_list_count(device_p->handles.pax[i]);
04103 if(tmp_count > 0)
04104 fd_count+=tmp_count;
04105 }
04106 len += sprintf(buffer + len, ", %lu PAX",
04107 fd_count);
04108 fd_dev_count += fd_count;
04109 #endif
04110
04111 len += sprintf(buffer + len, ", %lu total\n",
04112 fd_dev_count);
04113 pos = begin + len;
04114 if (pos < offset)
04115 {
04116 len = 0;
04117 begin = pos;
04118 }
04119 if (pos > offset+length)
04120 {
04121
04122 rsbac_read_unlock(&device_list_head.lock, &dflags);
04123 goto out;
04124 }
04125 fd_sum += fd_dev_count;
04126 device_p = device_p->next;
04127 }
04128 len += sprintf(buffer + len, "Sum of %u Devices with %lu fd-items\n\n",
04129 device_list_head.count, fd_sum);
04130 total_sum += fd_sum;
04131
04132 rsbac_read_unlock(&device_list_head.lock, &dflags);
04133 pos = begin + len;
04134 if (pos < offset)
04135 {
04136 len = 0;
04137 begin = pos;
04138 }
04139 if (pos > offset+length)
04140 goto out;
04141
04142
04143 sum = 0;
04144 tmp_count = rsbac_list_count(dev_handles.gen);
04145 len += sprintf(buffer + len, "DEV: %lu GEN",
04146 tmp_count);
04147 sum += tmp_count;
04148 #if defined(CONFIG_RSBAC_MAC)
04149 tmp_count = rsbac_list_count(dev_handles.mac);
04150 len += sprintf(buffer + len, ", %lu MAC",
04151 tmp_count);
04152 sum += tmp_count;
04153 #endif
04154 #if defined(CONFIG_RSBAC_FC)
04155 tmp_count = rsbac_list_count(dev_handles.fc);
04156 len += sprintf(buffer + len, ", %lu FC",
04157 tmp_count);
04158 sum += tmp_count;
04159 #endif
04160 #if defined(CONFIG_RSBAC_SIM)
04161 tmp_count = rsbac_list_count(dev_handles.sim);
04162 len += sprintf(buffer + len, ", %lu SIM",
04163 tmp_count);
04164 sum += tmp_count;
04165 #endif
04166 #if defined(CONFIG_RSBAC_PM)
04167 tmp_count = rsbac_list_count(dev_handles.pm);
04168 len += sprintf(buffer + len, ", %lu PM",
04169 tmp_count);
04170 sum += tmp_count;
04171 #endif
04172 #if defined(CONFIG_RSBAC_RC)
04173 tmp_count = rsbac_list_count(dev_handles.rc);
04174 len += sprintf(buffer + len, ", %lu RC",
04175 tmp_count);
04176 sum += tmp_count;
04177 #endif
04178 len += sprintf(buffer + len, ", %lu total\n",
04179 sum);
04180 total_sum += sum;
04181 pos = begin + len;
04182 if (pos < offset)
04183 {
04184 len = 0;
04185 begin = pos;
04186 }
04187 if (pos > offset+length)
04188 goto out;
04189
04190
04191 sum = 0;
04192 len += sprintf(buffer + len, "IPC: 0 GEN");
04193 #if defined(CONFIG_RSBAC_MAC)
04194 tmp_count = rsbac_list_count(ipc_handles.mac);
04195 len += sprintf(buffer + len, ", %lu MAC",
04196 tmp_count);
04197 sum += tmp_count;
04198 #endif
04199 #if defined(CONFIG_RSBAC_FC)
04200 tmp_count = rsbac_list_count(ipc_handles.fc);
04201 len += sprintf(buffer + len, ", %lu FC",
04202 tmp_count);
04203 sum += tmp_count;
04204 #endif
04205 #if defined(CONFIG_RSBAC_SIM)
04206 tmp_count = rsbac_list_count(ipc_handles.sim);
04207 len += sprintf(buffer + len, ", %lu SIM",
04208 tmp_count);
04209 sum += tmp_count;
04210 #endif
04211 #if defined(CONFIG_RSBAC_PM)
04212 tmp_count = rsbac_list_count(ipc_handles.pm);
04213 len += sprintf(buffer + len, ", %lu PM",
04214 tmp_count);
04215 sum += tmp_count;
04216 #endif
04217 #if defined(CONFIG_RSBAC_RC)
04218 tmp_count = rsbac_list_count(ipc_handles.rc);
04219 len += sprintf(buffer + len, ", %lu RC",
04220 tmp_count);
04221 sum += tmp_count;
04222 #endif
04223 #if defined(CONFIG_RSBAC_JAIL)
04224 tmp_count = rsbac_list_count(ipc_handles.jail);
04225 len += sprintf(buffer + len, ", %lu JAIL",
04226 tmp_count);
04227 sum += tmp_count;
04228 #endif
04229 len += sprintf(buffer + len, ", %lu total\n",
04230 sum);
04231 total_sum += sum;
04232 pos = begin + len;
04233 if (pos < offset)
04234 {
04235 len = 0;
04236 begin = pos;
04237 }
04238 if (pos > offset+length)
04239 goto out;
04240
04241
04242 sum = 0;
04243 tmp_count = rsbac_list_count(user_handles.gen);
04244 len += sprintf(buffer + len, "USER: %lu GEN",
04245 tmp_count);
04246 sum += tmp_count;
04247 #if defined(CONFIG_RSBAC_MAC)
04248 tmp_count = rsbac_list_count(user_handles.mac);
04249 len += sprintf(buffer + len, ", %lu MAC",
04250 tmp_count);
04251 sum += tmp_count;
04252 #endif
04253 #if defined(CONFIG_RSBAC_FC)
04254 tmp_count = rsbac_list_count(user_handles.fc);
04255 len += sprintf(buffer + len, ", %lu FC",
04256 tmp_count);
04257 sum += tmp_count;
04258 #endif
04259 #if defined(CONFIG_RSBAC_SIM)
04260 tmp_count = rsbac_list_count(user_handles.sim);
04261 len += sprintf(buffer + len, ", %lu SIM",
04262 tmp_count);
04263 sum += tmp_count;
04264 #endif
04265 #if defined(CONFIG_RSBAC_PM)
04266 tmp_count = rsbac_list_count(user_handles.pm);
04267 len += sprintf(buffer + len, ", %lu PM",
04268 tmp_count);
04269 sum += tmp_count;
04270 #endif
04271 #if defined(CONFIG_RSBAC_DAZ)
04272 tmp_count = rsbac_list_count(user_handles.daz);
04273 len += sprintf(buffer + len, ", %lu DAZ",
04274 tmp_count);
04275 sum += tmp_count;
04276 #endif
04277 #if defined(CONFIG_RSBAC_FF)
04278 tmp_count = rsbac_list_count(user_handles.ff);
04279 len += sprintf(buffer + len, ", %lu FF",
04280 tmp_count);
04281 sum += tmp_count;
04282 #endif
04283 #if defined(CONFIG_RSBAC_RC)
04284 tmp_count = rsbac_list_count(user_handles.rc);
04285 len += sprintf(buffer + len, ", %lu RC",
04286 tmp_count);
04287 sum += tmp_count;
04288 #endif
04289 #if defined(CONFIG_RSBAC_AUTH)
04290 tmp_count = rsbac_list_count(user_handles.auth);
04291 len += sprintf(buffer + len, ", %lu AUTH",
04292 tmp_count);
04293 sum += tmp_count;
04294 #endif
04295 #if defined(CONFIG_RSBAC_CAP)
04296 tmp_count = rsbac_list_count(user_handles.cap);
04297 len += sprintf(buffer + len, ", %lu CAP",
04298 tmp_count);
04299 sum += tmp_count;
04300 #endif
04301 #if defined(CONFIG_RSBAC_JAIL)
04302 tmp_count = rsbac_list_count(user_handles.jail);
04303 len += sprintf(buffer + len, ", %lu JAIL",
04304 tmp_count);
04305 sum += tmp_count;
04306 #endif
04307 #if defined(CONFIG_RSBAC_RES)
04308 tmp_count = rsbac_list_count(user_handles.res);
04309 len += sprintf(buffer + len, ", %lu RES",
04310 tmp_count);
04311 sum += tmp_count;
04312 #endif
04313 #if defined(CONFIG_RSBAC_PAX)
04314 tmp_count = rsbac_list_count(user_handles.pax);
04315 len += sprintf(buffer + len, ", %lu PAX",
04316 tmp_count);
04317 sum += tmp_count;
04318 #endif
04319 len += sprintf(buffer + len, ", %lu total\n",
04320 sum);
04321 total_sum += sum;
04322 pos = begin + len;
04323 if (pos < offset)
04324 {
04325 len = 0;
04326 begin = pos;
04327 }
04328 if (pos > offset+length)
04329 goto out;
04330
04331
04332 sum = 0;
04333 tmp_count = rsbac_list_count(process_handles.gen);
04334 len += sprintf(buffer + len, "PROCESS: %lu GEN",
04335 tmp_count);
04336 sum += tmp_count;
04337 #if defined(CONFIG_RSBAC_MAC)
04338 tmp_count = 0;
04339 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
04340 tmp_count += rsbac_list_count(process_handles.mac[i]);
04341 len += sprintf(buffer + len, ", %lu MAC",
04342 tmp_count);
04343 sum += tmp_count;
04344 #endif
04345 #if defined(CONFIG_RSBAC_PM)
04346 tmp_count = rsbac_list_count(process_handles.pm);
04347 len += sprintf(buffer + len, ", %lu PM",
04348 tmp_count);
04349 sum += tmp_count;
04350 #endif
04351 #if defined(CONFIG_RSBAC_DAZ)
04352 tmp_count = rsbac_list_count(process_handles.daz);
04353 len += sprintf(buffer + len, ", %lu DAZ",
04354 tmp_count);
04355 sum += tmp_count;
04356 #endif
04357 #if defined(CONFIG_RSBAC_RC)
04358 tmp_count = 0;
04359 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
04360 tmp_count += rsbac_list_count(process_handles.rc[i]);
04361 len += sprintf(buffer + len, ", %lu RC",
04362 tmp_count);
04363 sum += tmp_count;
04364 #endif
04365 #if defined(CONFIG_RSBAC_AUTH)
04366 tmp_count = rsbac_list_count(process_handles.auth);
04367 len += sprintf(buffer + len, ", %lu AUTH",
04368 tmp_count);
04369 sum += tmp_count;
04370 #endif
04371 #if defined(CONFIG_RSBAC_CAP)
04372 tmp_count = rsbac_list_count(process_handles.cap);
04373 len += sprintf(buffer + len, ", %lu CAP",
04374 tmp_count);
04375 sum += tmp_count;
04376 #endif
04377 #if defined(CONFIG_RSBAC_JAIL)
04378 tmp_count = 0;
04379 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
04380 tmp_count += rsbac_list_count(process_handles.jail[i]);
04381 len += sprintf(buffer + len, ", %lu JAIL",
04382 tmp_count);
04383 sum += tmp_count;
04384 #endif
04385 len += sprintf(buffer + len, ", %lu total\n",
04386 sum);
04387 total_sum += sum;
04388 pos = begin + len;
04389 if (pos < offset)
04390 {
04391 len = 0;
04392 begin = pos;
04393 }
04394 if (pos > offset+length)
04395 goto out;
04396
04397 #if defined(CONFIG_RSBAC_UM)
04398
04399 sum = 0;
04400 len += sprintf(buffer + len, "GROUP:");
04401 #if defined(CONFIG_RSBAC_RC_UM_PROT)
04402 tmp_count = rsbac_list_count(group_handles.rc);
04403 len += sprintf(buffer + len, " %lu RC,",
04404 tmp_count);
04405 sum += tmp_count;
04406 #endif
04407 len += sprintf(buffer + len, " %lu total\n",
04408 sum);
04409 total_sum += sum;
04410 pos = begin + len;
04411 if (pos < offset)
04412 {
04413 len = 0;
04414 begin = pos;
04415 }
04416 if (pos > offset+length)
04417 goto out;
04418 #endif
04419
04420 #if defined(CONFIG_RSBAC_NET_DEV)
04421
04422 sum = 0;
04423 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
04424 tmp_count = rsbac_list_count(netdev_handles.gen);
04425 len += sprintf(buffer + len, "NETDEV: %lu GEN, ",
04426 tmp_count);
04427 sum += tmp_count;
04428 #else
04429 len += sprintf(buffer + len, "NETDEV: ");
04430 #endif
04431 #if defined(CONFIG_RSBAC_RC)
04432 tmp_count = rsbac_list_count(netdev_handles.rc);
04433 len += sprintf(buffer + len, "%lu RC, ",
04434 tmp_count);
04435 sum += tmp_count;
04436 #endif
04437 len += sprintf(buffer + len, "%lu total\n",
04438 sum);
04439 total_sum += sum;
04440 pos = begin + len;
04441 if (pos < offset)
04442 {
04443 len = 0;
04444 begin = pos;
04445 }
04446 if (pos > offset+length)
04447 goto out;
04448
04449 #endif
04450
04451 #if defined(CONFIG_RSBAC_NET_OBJ)
04452
04453 tmp_count = rsbac_list_count(net_temp_handle);
04454 len += sprintf(buffer + len, "%lu Network Templates\n",
04455 tmp_count);
04456
04457
04458 sum = 0;
04459 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
04460 tmp_count = rsbac_list_count(nettemp_handles.gen);
04461 len += sprintf(buffer + len, "NETTEMP: %lu GEN, ",
04462 tmp_count);
04463 sum += tmp_count;
04464 #else
04465 len += sprintf(buffer + len, "NETTEMP: ");
04466 #endif
04467 #if defined(CONFIG_RSBAC_MAC)
04468 tmp_count = rsbac_list_count(nettemp_handles.mac);
04469 len += sprintf(buffer + len, "%lu MAC, ",
04470 tmp_count);
04471 sum += tmp_count;
04472 #endif
04473 #if defined(CONFIG_RSBAC_FC)
04474 tmp_count = rsbac_list_count(nettemp_handles.fc);
04475 len += sprintf(buffer + len, "%lu FC, ",
04476 tmp_count);
04477 sum += tmp_count;
04478 #endif
04479 #if defined(CONFIG_RSBAC_SIM)
04480 tmp_count = rsbac_list_count(nettemp_handles.sim);
04481 len += sprintf(buffer + len, "%lu SIM, ",
04482 tmp_count);
04483 sum += tmp_count;
04484 #endif
04485 #if defined(CONFIG_RSBAC_PM)
04486 tmp_count = rsbac_list_count(nettemp_handles.pm);
04487 len += sprintf(buffer + len, "%lu PM, ",
04488 tmp_count);
04489 sum += tmp_count;
04490 #endif
04491 #if defined(CONFIG_RSBAC_RC)
04492 tmp_count = rsbac_list_count(nettemp_handles.rc);
04493 len += sprintf(buffer + len, "%lu RC, ",
04494 tmp_count);
04495 sum += tmp_count;
04496 #endif
04497 len += sprintf(buffer + len, "%lu total\n",
04498 sum);
04499 total_sum += sum;
04500 pos = begin + len;
04501 if (pos < offset)
04502 {
04503 len = 0;
04504 begin = pos;
04505 }
04506 if (pos > offset+length)
04507 goto out;
04508
04509
04510 sum = 0;
04511 len += sprintf(buffer + len, "LNETOBJ: ");
04512 #if defined(CONFIG_RSBAC_MAC)
04513 tmp_count = rsbac_list_count(lnetobj_handles.mac);
04514 len += sprintf(buffer + len, "%lu MAC, ",
04515 tmp_count);
04516 sum += tmp_count;
04517 #endif
04518 #if defined(CONFIG_RSBAC_FC)
04519 tmp_count = rsbac_list_count(lnetobj_handles.fc);
04520 len += sprintf(buffer + len, "%lu FC, ",
04521 tmp_count);
04522 sum += tmp_count;
04523 #endif
04524 #if defined(CONFIG_RSBAC_SIM)
04525 tmp_count = rsbac_list_count(lnetobj_handles.sim);
04526 len += sprintf(buffer + len, "%lu SIM, ",
04527 tmp_count);
04528 sum += tmp_count;
04529 #endif
04530 #if defined(CONFIG_RSBAC_PM)
04531 tmp_count = rsbac_list_count(lnetobj_handles.pm);
04532 len += sprintf(buffer + len, "%lu PM, ",
04533 tmp_count);
04534 sum += tmp_count;
04535 #endif
04536 #if defined(CONFIG_RSBAC_RC)
04537 tmp_count = rsbac_list_count(lnetobj_handles.rc);
04538 len += sprintf(buffer + len, "%lu RC, ",
04539 tmp_count);
04540 sum += tmp_count;
04541 #endif
04542 len += sprintf(buffer + len, "%lu total\n",
04543 sum);
04544 total_sum += sum;
04545 pos = begin + len;
04546 if (pos < offset)
04547 {
04548 len = 0;
04549 begin = pos;
04550 }
04551 if (pos > offset+length)
04552 goto out;
04553
04554
04555 sum = 0;
04556 len += sprintf(buffer + len, "RNETOBJ: ");
04557 #if defined(CONFIG_RSBAC_MAC)
04558 tmp_count = rsbac_list_count(rnetobj_handles.mac);
04559 len += sprintf(buffer + len, "%lu MAC, ",
04560 tmp_count);
04561 sum += tmp_count;
04562 #endif
04563 #if defined(CONFIG_RSBAC_FC)
04564 tmp_count = rsbac_list_count(rnetobj_handles.fc);
04565 len += sprintf(buffer + len, "%lu FC, ",
04566 tmp_count);
04567 sum += tmp_count;
04568 #endif
04569 #if defined(CONFIG_RSBAC_SIM)
04570 tmp_count = rsbac_list_count(rnetobj_handles.sim);
04571 len += sprintf(buffer + len, "%lu SIM, ",
04572 tmp_count);
04573 sum += tmp_count;
04574 #endif
04575 #if defined(CONFIG_RSBAC_PM)
04576 tmp_count = rsbac_list_count(rnetobj_handles.pm);
04577 len += sprintf(buffer + len, "%lu PM, ",
04578 tmp_count);
04579 sum += tmp_count;
04580 #endif
04581 #if defined(CONFIG_RSBAC_RC)
04582 tmp_count = rsbac_list_count(rnetobj_handles.rc);
04583 len += sprintf(buffer + len, "%lu RC, ",
04584 tmp_count);
04585 sum += tmp_count;
04586 #endif
04587 len += sprintf(buffer + len, "%lu total\n",
04588 sum);
04589 total_sum += sum;
04590 pos = begin + len;
04591 if (pos < offset)
04592 {
04593 len = 0;
04594 begin = pos;
04595 }
04596 if (pos > offset+length)
04597 goto out;
04598
04599 #endif
04600
04601 len += sprintf(buffer + len,
04602 "Total sum of %lu registered rsbac-items\n",
04603 total_sum);
04604 pos = begin + len;
04605 if (pos < offset)
04606 {
04607 len = 0;
04608 begin = pos;
04609 }
04610 if (pos > offset+length)
04611 goto out;
04612
04613 len += sprintf(buffer + len,
04614 "\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
04615 rsbac_adf_request_count[T_FILE],
04616 rsbac_adf_request_count[T_DIR],
04617 rsbac_adf_request_count[T_FIFO],
04618 rsbac_adf_request_count[T_SYMLINK],
04619 rsbac_adf_request_count[T_DEV],
04620 rsbac_adf_request_count[T_IPC],
04621 rsbac_adf_request_count[T_SCD],
04622 rsbac_adf_request_count[T_USER],
04623 rsbac_adf_request_count[T_PROCESS],
04624 rsbac_adf_request_count[T_NETDEV],
04625 rsbac_adf_request_count[T_NETTEMP],
04626 rsbac_adf_request_count[T_NETOBJ]);
04627 pos = begin + len;
04628 if (pos < offset)
04629 {
04630 len = 0;
04631 begin = pos;
04632 }
04633 if (pos > offset+length)
04634 goto out;
04635
04636 len += sprintf(buffer + len,
04637 "adf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
04638 rsbac_adf_set_attr_count[T_FILE],
04639 rsbac_adf_set_attr_count[T_DIR],
04640 rsbac_adf_set_attr_count[T_FIFO],
04641 rsbac_adf_set_attr_count[T_SYMLINK],
04642 rsbac_adf_set_attr_count[T_DEV],
04643 rsbac_adf_set_attr_count[T_IPC],
04644 rsbac_adf_set_attr_count[T_SCD],
04645 rsbac_adf_set_attr_count[T_USER],
04646 rsbac_adf_set_attr_count[T_PROCESS],
04647 rsbac_adf_set_attr_count[T_NETDEV],
04648 rsbac_adf_set_attr_count[T_NETTEMP],
04649 rsbac_adf_set_attr_count[T_NETOBJ]);
04650 pos = begin + len;
04651 if (pos < offset)
04652 {
04653 len = 0;
04654 begin = pos;
04655 }
04656
04657 out:
04658 *start = buffer + (offset - begin);
04659 len -= (offset - begin);
04660
04661 if (len > length)
04662 len = length;
04663 return len;
04664 }
04665
04666 static int
04667 active_proc_info(char *buffer, char **start, off_t offset, int length)
04668 {
04669 u_int len = 0;
04670 off_t pos = 0;
04671 off_t begin = 0;
04672
04673 union rsbac_target_id_t rsbac_target_id;
04674 union rsbac_attribute_value_t rsbac_attribute_value;
04675
04676 if (!rsbac_initialized) return (-ENOSYS);
04677
04678 #ifdef CONFIG_RSBAC_DEBUG
04679 if (rsbac_debug_aef)
04680 {
04681 #ifdef CONFIG_RSBAC_RMSG
04682 rsbac_printk(KERN_DEBUG "stats_proc_info(): calling ADF\n");
04683 #endif
04684 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04685 if (!rsbac_nosyslog)
04686 #endif
04687 printk(KERN_DEBUG "stats_proc_info(): calling ADF\n");
04688 }
04689 #endif
04690 rsbac_target_id.scd = ST_rsbac;
04691 rsbac_attribute_value.dummy = 0;
04692 if (!rsbac_adf_request(R_GET_STATUS_DATA,
04693 current->pid,
04694 T_SCD,
04695 rsbac_target_id,
04696 A_none,
04697 rsbac_attribute_value))
04698 {
04699 return -EPERM;
04700 }
04701
04702 len = sprintf(buffer, "Version: %s\n",
04703 RSBAC_VERSION);
04704 #ifdef CONFIG_RSBAC_MAINT
04705 len += sprintf(buffer+len, "Mode: Maintenance\n");
04706 len += sprintf(buffer+len, "Softmode: unavailable\n");
04707 #else
04708 #ifdef CONFIG_RSBAC_SOFTMODE
04709 if(rsbac_softmode)
04710 len += sprintf(buffer+len, "Mode: Softmode\n");
04711 else
04712 #endif
04713 len += sprintf(buffer+len, "Mode: Secure\n");
04714 #ifdef CONFIG_RSBAC_SOFTMODE
04715 len += sprintf(buffer+len, "Softmode: available\n");
04716 #else
04717 len += sprintf(buffer+len, "Softmode: unavailable\n");
04718 #endif
04719 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04720 len += sprintf(buffer+len, "Ind-Soft: available\n");
04721 #else
04722 len += sprintf(buffer+len, "Ind-Soft: unavailable\n");
04723 #endif
04724 #endif
04725 pos = begin + len;
04726 if (pos < offset)
04727 {
04728 len = 0;
04729 begin = pos;
04730 }
04731 if (pos > offset+length)
04732 goto out;
04733
04734 #ifdef CONFIG_RSBAC_REG
04735 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04736 if(rsbac_ind_softmode[REG])
04737 len += sprintf(buffer+len, "Module: REG softmode\n");
04738 else
04739 #endif
04740 len += sprintf(buffer+len, "Module: REG on\n");
04741 #endif
04742
04743 #ifdef CONFIG_RSBAC_MAC
04744 #ifdef CONFIG_RSBAC_SWITCH
04745 if(!rsbac_switch_mac)
04746 len += sprintf(buffer+len, "Module: MAC off\n");
04747 else
04748 #endif
04749 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04750 if(rsbac_ind_softmode[MAC])
04751 len += sprintf(buffer+len, "Module: MAC softmode\n");
04752 else
04753 #endif
04754 len += sprintf(buffer+len, "Module: MAC on\n");
04755 #endif
04756
04757 #ifdef CONFIG_RSBAC_FC
04758 #ifdef CONFIG_RSBAC_SWITCH
04759 if(!rsbac_switch_fc)
04760 len += sprintf(buffer+len, "Module: FC off\n");
04761 else
04762 #endif
04763 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04764 if(rsbac_ind_softmode[FC])
04765 len += sprintf(buffer+len, "Module: FC softmode\n");
04766 else
04767 #endif
04768 len += sprintf(buffer+len, "Module: FC on\n");
04769 #endif
04770
04771 #ifdef CONFIG_RSBAC_SIM
04772 #ifdef CONFIG_RSBAC_SWITCH
04773 if(!rsbac_switch_sim)
04774 len += sprintf(buffer+len, "Module: SIM off\n");
04775 else
04776 #endif
04777 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04778 if(rsbac_ind_softmode[SIM])
04779 len += sprintf(buffer+len, "Module: SIM softmode\n");
04780 else
04781 #endif
04782 len += sprintf(buffer+len, "Module: SIM on\n");
04783 #endif
04784
04785 #ifdef CONFIG_RSBAC_PM
04786 #ifdef CONFIG_RSBAC_SWITCH
04787 if(!rsbac_switch_pm)
04788 len += sprintf(buffer+len, "Module: PM off\n");
04789 else
04790 #endif
04791 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04792 if(rsbac_ind_softmode[PM])
04793 len += sprintf(buffer+len, "Module: PM softmode\n");
04794 else
04795 #endif
04796 len += sprintf(buffer+len, "Module: PM on\n");
04797 #endif
04798
04799 #ifdef CONFIG_RSBAC_DAZ
04800 #ifdef CONFIG_RSBAC_SWITCH
04801 if(!rsbac_switch_daz)
04802 len += sprintf(buffer+len, "Module: DAZ off\n");
04803 else
04804 #endif
04805 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04806 if(rsbac_ind_softmode[DAZ])
04807 len += sprintf(buffer+len, "Module: DAZ softmode\n");
04808 else
04809 #endif
04810 len += sprintf(buffer+len, "Module: DAZ on\n");
04811 #endif
04812
04813 #ifdef CONFIG_RSBAC_FF
04814 #ifdef CONFIG_RSBAC_SWITCH
04815 if(!rsbac_switch_ff)
04816 len += sprintf(buffer+len, "Module: FF off\n");
04817 else
04818 #endif
04819 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04820 if(rsbac_ind_softmode[FF])
04821 len += sprintf(buffer+len, "Module: FF softmode\n");
04822 else
04823 #endif
04824 len += sprintf(buffer+len, "Module: FF on\n");
04825 #endif
04826
04827 #ifdef CONFIG_RSBAC_RC
04828 #ifdef CONFIG_RSBAC_SWITCH
04829 if(!rsbac_switch_rc)
04830 len += sprintf(buffer+len, "Module: RC off\n");
04831 else
04832 #endif
04833 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04834 if(rsbac_ind_softmode[RC])
04835 len += sprintf(buffer+len, "Module: RC softmode\n");
04836 else
04837 #endif
04838 len += sprintf(buffer+len, "Module: RC on\n");
04839 #endif
04840
04841 #ifdef CONFIG_RSBAC_AUTH
04842 #ifdef CONFIG_RSBAC_SWITCH
04843 if(!rsbac_switch_auth)
04844 len += sprintf(buffer+len, "Module: AUTH off\n");
04845 else
04846 #endif
04847 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04848 if(rsbac_ind_softmode[AUTH])
04849 len += sprintf(buffer+len, "Module: AUTH softmode\n");
04850 else
04851 #endif
04852 len += sprintf(buffer+len, "Module: AUTH on\n");
04853 #endif
04854
04855 #ifdef CONFIG_RSBAC_ACL
04856 #ifdef CONFIG_RSBAC_SWITCH
04857 if(!rsbac_switch_acl)
04858 len += sprintf(buffer+len, "Module: ACL off\n");
04859 else
04860 #endif
04861 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04862 if(rsbac_ind_softmode[ACL])
04863 len += sprintf(buffer+len, "Module: ACL softmode\n");
04864 else
04865 #endif
04866 len += sprintf(buffer+len, "Module: ACL on\n");
04867 #endif
04868
04869 #ifdef CONFIG_RSBAC_CAP
04870 #ifdef CONFIG_RSBAC_SWITCH
04871 if(!rsbac_switch_cap)
04872 len += sprintf(buffer+len, "Module: CAP off\n");
04873 else
04874 #endif
04875 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04876 if(rsbac_ind_softmode[CAP])
04877 len += sprintf(buffer+len, "Module: CAP softmode\n");
04878 else
04879 #endif
04880 len += sprintf(buffer+len, "Module: CAP on\n");
04881 #endif
04882
04883 #ifdef CONFIG_RSBAC_JAIL
04884 #ifdef CONFIG_RSBAC_SWITCH
04885 if(!rsbac_switch_jail)
04886 len += sprintf(buffer+len, "Module: JAIL off\n");
04887 else
04888 #endif
04889 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04890 if(rsbac_ind_softmode[JAIL])
04891 len += sprintf(buffer+len, "Module: JAIL softmode\n");
04892 else
04893 #endif
04894 len += sprintf(buffer+len, "Module: JAIL on\n");
04895 #endif
04896
04897 #ifdef CONFIG_RSBAC_RES
04898 #ifdef CONFIG_RSBAC_SWITCH
04899 if(!rsbac_switch_res)
04900 len += sprintf(buffer+len, "Module: RES off\n");
04901 else
04902 #endif
04903 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04904 if(rsbac_ind_softmode[RES])
04905 len += sprintf(buffer+len, "Module: RES softmode\n");
04906 else
04907 #endif
04908 len += sprintf(buffer+len, "Module: RES on\n");
04909 #endif
04910
04911 #ifdef CONFIG_RSBAC_PAX
04912 #ifdef CONFIG_RSBAC_SWITCH
04913 if(!rsbac_switch_pax)
04914 len += sprintf(buffer+len, "Module: PAX off\n");
04915 else
04916 #endif
04917 #ifdef CONFIG_RSBAC_SOFTMODE_IND
04918 if(rsbac_ind_softmode[PAX])
04919 len += sprintf(buffer+len, "Module: PAX softmode\n");
04920 else
04921 #endif
04922 len += sprintf(buffer+len, "Module: PAX on\n");
04923 #endif
04924
04925 pos = begin + len;
04926 if (pos < offset)
04927 {
04928 len = 0;
04929 begin = pos;
04930 }
04931
04932 out:
04933 *start = buffer + (offset - begin);
04934 len -= (offset - begin);
04935
04936 if (len > length)
04937 len = length;
04938 return len;
04939 }
04940
04941 #ifdef CONFIG_RSBAC_XSTATS
04942 static int
04943 xstats_proc_info(char *buffer, char **start, off_t offset, int length)
04944 {
04945 u_int len = 0;
04946 off_t pos = 0;
04947 off_t begin = 0;
04948 int i,j;
04949 char name[80];
04950 union rsbac_target_id_t rsbac_target_id;
04951 union rsbac_attribute_value_t rsbac_attribute_value;
04952
04953 if (!rsbac_initialized) return (-ENOSYS);
04954
04955 #ifdef CONFIG_RSBAC_DEBUG
04956 if (rsbac_debug_aef)
04957 {
04958 #ifdef CONFIG_RSBAC_RMSG
04959 rsbac_printk(KERN_DEBUG "xstats_proc_info(): calling ADF\n");
04960 #endif
04961 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04962 if (!rsbac_nosyslog)
04963 #endif
04964 printk(KERN_DEBUG "xstats_proc_info(): calling ADF\n");
04965 }
04966 #endif
04967 rsbac_target_id.scd = ST_rsbac;
04968 rsbac_attribute_value.dummy = 0;
04969 if (!rsbac_adf_request(R_GET_STATUS_DATA,
04970 current->pid,
04971 T_SCD,
04972 rsbac_target_id,
04973 A_none,
04974 rsbac_attribute_value))
04975 {
04976 return -EPERM;
04977 }
04978
04979 len += sprintf(buffer,
04980 "RSBAC ADF call Statistics\n-------------------------\nadf_request table:\n");
04981 pos = begin + len;
04982 if (pos < offset)
04983 {
04984 len = 0;
04985 begin = pos;
04986 }
04987 if (pos > offset+length)
04988 goto out;
04989
04990 len += sprintf(buffer + len, "Request /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tNONE");
04991 pos = begin + len;
04992 if (pos < offset)
04993 {
04994 len = 0;
04995 begin = pos;
04996 }
04997 if (pos > offset+length)
04998 goto out;
04999
05000 for(i=0;i<R_NONE;i++)
05001 {
05002 get_request_name(name, i);
05003 name[15]=0;
05004 len += sprintf(buffer + len, "\n%-14s\t",name);
05005 pos = begin + len;
05006 if (pos < offset)
05007 {
05008 len = 0;
05009 begin = pos;
05010 }
05011 if (pos > offset+length)
05012 goto out;
05013 for(j=0;j<=T_NONE;j++)
05014 {
05015 if( (j == T_NETTEMP_NT)
05016 || (j == T_FD)
05017 )
05018 continue;
05019 len += sprintf(buffer + len, "%lu\t",
05020 rsbac_adf_request_xcount[j][i]);
05021 pos = begin + len;
05022 if (pos < offset)
05023 {
05024 len = 0;
05025 begin = pos;
05026 }
05027 if (pos > offset+length)
05028 goto out;
05029 }
05030 }
05031
05032 len += sprintf(buffer + len,
05033 "\n\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, none: %lu\n",
05034 rsbac_adf_request_count[T_FILE],
05035 rsbac_adf_request_count[T_DIR],
05036 rsbac_adf_request_count[T_FIFO],
05037 rsbac_adf_request_count[T_SYMLINK],
05038 rsbac_adf_request_count[T_DEV],
05039 rsbac_adf_request_count[T_IPC],
05040 rsbac_adf_request_count[T_SCD],
05041 rsbac_adf_request_count[T_USER],
05042 rsbac_adf_request_count[T_PROCESS],
05043 rsbac_adf_request_count[T_NETDEV],
05044 rsbac_adf_request_count[T_NETTEMP],
05045 rsbac_adf_request_count[T_NETOBJ],
05046 rsbac_adf_request_count[T_NONE]);
05047 pos = begin + len;
05048 if (pos < offset)
05049 {
05050 len = 0;
05051 begin = pos;
05052 }
05053 if (pos > offset+length)
05054 goto out;
05055
05056 len += sprintf(buffer+len,
05057 "\n\nadf_set_attr table:\nRequest /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tNONE");
05058 pos = begin + len;
05059 if (pos < offset)
05060 {
05061 len = 0;
05062 begin = pos;
05063 }
05064 if (pos > offset+length)
05065 goto out;
05066
05067 for(i=0;i<R_NONE;i++)
05068 {
05069 get_request_name(name, i);
05070 name[15]=0;
05071 len += sprintf(buffer + len, "\n%-14s\t",name);
05072 pos = begin + len;
05073 if (pos < offset)
05074 {
05075 len = 0;
05076 begin = pos;
05077 }
05078 if (pos > offset+length)
05079 goto out;
05080 for(j=0;j<=T_NONE;j++)
05081 {
05082 if( (j == T_NETTEMP_NT)
05083 || (j == T_FD)
05084 )
05085 continue;
05086 len += sprintf(buffer + len, "%lu\t",
05087 rsbac_adf_set_attr_xcount[j][i]);
05088 pos = begin + len;
05089 if (pos < offset)
05090 {
05091 len = 0;
05092 begin = pos;
05093 }
05094 if (pos > offset+length)
05095 goto out;
05096 }
05097 }
05098
05099 len += sprintf(buffer + len,
05100 "\n\nadf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, none: %lu\n",
05101 rsbac_adf_set_attr_count[T_FILE],
05102 rsbac_adf_set_attr_count[T_DIR],
05103 rsbac_adf_set_attr_count[T_FIFO],
05104 rsbac_adf_set_attr_count[T_SYMLINK],
05105 rsbac_adf_set_attr_count[T_DEV],
05106 rsbac_adf_set_attr_count[T_IPC],
05107 rsbac_adf_set_attr_count[T_SCD],
05108 rsbac_adf_set_attr_count[T_USER],
05109 rsbac_adf_set_attr_count[T_PROCESS],
05110 rsbac_adf_set_attr_count[T_NETDEV],
05111 rsbac_adf_set_attr_count[T_NETTEMP],
05112 rsbac_adf_set_attr_count[T_NETOBJ],
05113 rsbac_adf_set_attr_count[T_NONE]);
05114 pos = begin + len;
05115 if (pos < offset)
05116 {
05117 len = 0;
05118 begin = pos;
05119 }
05120 if (pos > offset+length)
05121 goto out;
05122
05123 len += sprintf(buffer + len,
05124 "\n\nData Structures:\nrsbac_get_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
05125 get_attr_count[T_FILE],
05126 get_attr_count[T_DIR],
05127 get_attr_count[T_FIFO],
05128 get_attr_count[T_SYMLINK],
05129 get_attr_count[T_DEV],
05130 get_attr_count[T_IPC],
05131 get_attr_count[T_SCD],
05132 get_attr_count[T_USER],
05133 get_attr_count[T_PROCESS],
05134 get_attr_count[T_NETDEV],
05135 get_attr_count[T_NETTEMP],
05136 get_attr_count[T_NETOBJ]);
05137 pos = begin + len;
05138 if (pos < offset)
05139 {
05140 len = 0;
05141 begin = pos;
05142 }
05143 if (pos > offset+length)
05144 goto out;
05145
05146 len += sprintf(buffer + len,
05147 "\nrsbac_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
05148 set_attr_count[T_FILE],
05149 set_attr_count[T_DIR],
05150 set_attr_count[T_FIFO],
05151 set_attr_count[T_SYMLINK],
05152 set_attr_count[T_DEV],
05153 set_attr_count[T_IPC],
05154 set_attr_count[T_SCD],
05155 set_attr_count[T_USER],
05156 set_attr_count[T_PROCESS],
05157 set_attr_count[T_NETDEV],
05158 set_attr_count[T_NETTEMP],
05159 set_attr_count[T_NETOBJ]);
05160 pos = begin + len;
05161 if (pos < offset)
05162 {
05163 len = 0;
05164 begin = pos;
05165 }
05166 if (pos > offset+length)
05167 goto out;
05168
05169 len += sprintf(buffer + len,
05170 "\nrsbac_remove_target calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
05171 remove_count[T_FILE],
05172 remove_count[T_DIR],
05173 remove_count[T_FIFO],
05174 remove_count[T_SYMLINK],
05175 remove_count[T_DEV],
05176 remove_count[T_IPC],
05177 remove_count[T_SCD],
05178 remove_count[T_USER],
05179 remove_count[T_PROCESS],
05180 remove_count[T_NETDEV],
05181 remove_count[T_NETTEMP],
05182 remove_count[T_NETOBJ]);
05183 pos = begin + len;
05184 if (pos < offset)
05185 {
05186 len = 0;
05187 begin = pos;
05188 }
05189
05190 out:
05191 *start = buffer + (offset - begin);
05192 len -= (offset - begin);
05193
05194 if (len > length)
05195 len = length;
05196 return len;
05197 }
05198 #endif
05199
05200 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
05201 static int
05202 auto_write_proc_info(char *buffer, char **start, off_t offset, int length)
05203 {
05204 int len = 0;
05205 off_t pos = 0;
05206 off_t begin = 0;
05207
05208 union rsbac_target_id_t rsbac_target_id;
05209 union rsbac_attribute_value_t rsbac_attribute_value;
05210
05211 if (!rsbac_initialized) return (-ENOSYS);
05212
05213 #ifdef CONFIG_RSBAC_DEBUG
05214 if (rsbac_debug_aef)
05215 {
05216 #ifdef CONFIG_RSBAC_RMSG
05217 rsbac_printk(KERN_DEBUG "auto_write_proc_info(): calling ADF\n");
05218 #endif
05219 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05220 if (!rsbac_nosyslog)
05221 #endif
05222 printk(KERN_DEBUG "auto_write_proc_info(): calling ADF\n");
05223 }
05224 #endif
05225 rsbac_target_id.scd = ST_rsbac;
05226 rsbac_attribute_value.dummy = 0;
05227 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05228 current->pid,
05229 T_SCD,
05230 rsbac_target_id,
05231 A_none,
05232 rsbac_attribute_value))
05233 {
05234 return -EPERM;
05235 }
05236
05237 len = sprintf(buffer, "RSBAC auto write settings\n-------------------------\n");
05238 pos = begin + len;
05239 if (pos < offset)
05240 {
05241 len = 0;
05242 begin = pos;
05243 }
05244 if (pos > offset+length)
05245 goto out;
05246
05247 len += sprintf(buffer + len, "auto interval %u jiffies (%i jiffies = 1 second)\n",
05248 auto_interval, HZ);
05249 pos = begin + len;
05250 if (pos < offset)
05251 {
05252 len = 0;
05253 begin = pos;
05254 }
05255 if (pos > offset+length)
05256 goto out;
05257
05258 #ifdef CONFIG_RSBAC_DEBUG
05259 len += sprintf(buffer + len, "debug level is %i\n",
05260 rsbac_debug_auto);
05261 pos = begin + len;
05262 if (pos < offset)
05263 {
05264 len = 0;
05265 begin = pos;
05266 }
05267 #endif
05268
05269 out:
05270 *start = buffer + (offset - begin);
05271 len -= (offset - begin);
05272
05273 if (len > length)
05274 len = length;
05275 return len;
05276 }
05277
05278 static ssize_t auto_write_proc_write(struct file * file, const char * buf,
05279 u_long count, void *ppos)
05280 {
05281 ssize_t err;
05282 char * k_buf;
05283 char * p;
05284
05285 union rsbac_target_id_t rsbac_target_id;
05286 union rsbac_attribute_value_t rsbac_attribute_value;
05287
05288 if(count > PROC_BLOCK_SIZE) {
05289 return(-EOVERFLOW);
05290 }
05291
05292 if (!(k_buf = (char *) __get_free_page(GFP_KERNEL)))
05293 return(-ENOMEM);
05294 err = copy_from_user(k_buf, buf, count);
05295 if(err < 0)
05296 return err;
05297
05298 err = count;
05299 if(count < 13 || strncmp("auto", k_buf, 4))
05300 {
05301 goto out;
05302 }
05303 if (!rsbac_initialized)
05304 {
05305 err=-ENOSYS;
05306 goto out;
05307 }
05308
05309 #ifdef CONFIG_RSBAC_DEBUG
05310 if (rsbac_debug_aef)
05311 {
05312 #ifdef CONFIG_RSBAC_RMSG
05313 rsbac_printk(KERN_DEBUG "auto_write_proc_write(): calling ADF\n");
05314 #endif
05315 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05316 if (!rsbac_nosyslog)
05317 #endif
05318 printk(KERN_DEBUG "auto_write_proc_write(): calling ADF\n");
05319 }
05320 #endif
05321 rsbac_target_id.scd = ST_rsbac;
05322 rsbac_attribute_value.dummy = 0;
05323 if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
05324 current->pid,
05325 T_SCD,
05326 rsbac_target_id,
05327 A_none,
05328 rsbac_attribute_value))
05329 {
05330 err = -EPERM;
05331 goto out;
05332 }
05333
05334
05335
05336
05337
05338 if(!strncmp("interval", k_buf + 5, 8))
05339 {
05340 unsigned int interval;
05341
05342 p = k_buf + 5 + 9;
05343
05344 if( *p == '\0' )
05345 goto out;
05346
05347 interval = simple_strtoul(p, NULL, 0);
05348
05349 if(interval >= HZ)
05350 {
05351 #ifdef CONFIG_RSBAC_RMSG
05352 rsbac_printk(KERN_INFO
05353 "auto_write_proc_write(): setting auto write interval to %u\n",
05354 interval);
05355 #endif
05356 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05357 if (!rsbac_nosyslog)
05358 #endif
05359 printk(KERN_INFO
05360 "auto_write_proc_write(): setting auto write interval to %u\n",
05361 interval);
05362 auto_interval = interval;
05363 err = count;
05364 goto out;
05365 }
05366 else
05367 {
05368 #ifdef CONFIG_RSBAC_RMSG
05369 rsbac_printk(KERN_INFO
05370 "auto_write_proc_write(): rejecting too short auto write interval %u (min. %i)\n",
05371 interval, HZ);
05372 #endif
05373 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05374 if (!rsbac_nosyslog)
05375 #endif
05376 printk(KERN_INFO
05377 "auto_write_proc_write(): rejecting too short auto write interval %u (min. %i)\n",
05378 interval, HZ);
05379 goto out;
05380 }
05381 }
05382
05383 #ifdef CONFIG_RSBAC_DEBUG
05384
05385
05386
05387
05388 if(!strncmp("debug", k_buf + 5, 5))
05389 {
05390 unsigned int debug_level;
05391
05392 p = k_buf + 5 + 6;
05393
05394 if( *p == '\0' )
05395 goto out;
05396
05397 debug_level = simple_strtoul(p, NULL, 0);
05398
05399 if(!debug_level || (debug_level == 1))
05400 {
05401 #ifdef CONFIG_RSBAC_RMSG
05402 rsbac_printk(KERN_INFO
05403 "auto_write_proc_write(): setting rsbac_debug_auto to %u\n",
05404 debug_level);
05405 #endif
05406 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05407 if (!rsbac_nosyslog)
05408 #endif
05409 printk(KERN_INFO
05410 "auto_write_proc_write(): setting rsbac_debug_auto to %u\n",
05411 debug_level);
05412 rsbac_debug_auto = debug_level;
05413 err = count;
05414 }
05415 else
05416 {
05417 #ifdef CONFIG_RSBAC_RMSG
05418 rsbac_printk(KERN_INFO
05419 "auto_write_proc_write(): rejecting invalid debug level (should be 0 or 1)\n");
05420 #endif
05421 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05422 if (!rsbac_nosyslog)
05423 #endif
05424 printk(KERN_INFO
05425 "auto_write_proc_write(): rejecting invalid debug level (should be 0 or 1)\n");
05426 }
05427 }
05428 #endif
05429
05430 out:
05431 free_page((ulong) k_buf);
05432 return(err);
05433 }
05434 #endif
05435
05436 static int
05437 versions_proc_info(char *buffer, char **start, off_t offset, int length)
05438 {
05439 int len = 0;
05440 off_t pos = 0;
05441 off_t begin = 0;
05442
05443 union rsbac_target_id_t rsbac_target_id;
05444 union rsbac_attribute_value_t rsbac_attribute_value;
05445
05446 if (!rsbac_initialized) return (-ENOSYS);
05447
05448 #ifdef CONFIG_RSBAC_DEBUG
05449 if (rsbac_debug_aef)
05450 {
05451 #ifdef CONFIG_RSBAC_RMSG
05452 rsbac_printk(KERN_DEBUG "versions_proc_info(): calling ADF\n");
05453 #endif
05454 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05455 if (!rsbac_nosyslog)
05456 #endif
05457 printk(KERN_DEBUG "versions_proc_info(): calling ADF\n");
05458 }
05459 #endif
05460 rsbac_target_id.scd = ST_rsbac;
05461 rsbac_attribute_value.dummy = 0;
05462 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05463 current->pid,
05464 T_SCD,
05465 rsbac_target_id,
05466 A_none,
05467 rsbac_attribute_value))
05468 {
05469 return -EPERM;
05470 }
05471
05472 len = sprintf(buffer,
05473 "RSBAC version settings (%s)\n----------------------\n",
05474 RSBAC_VERSION);
05475 pos = begin + len;
05476 if (pos < offset)
05477 {
05478 len = 0;
05479 begin = pos;
05480 }
05481 if (pos > offset+length)
05482 goto out;
05483
05484 len += sprintf(buffer + len, "FD lists:\nGEN aci version is %i, aci entry size is %i, %i lists per device\n",
05485 RSBAC_GEN_FD_ACI_VERSION, sizeof(struct rsbac_gen_fd_aci_t), RSBAC_GEN_NR_FD_LISTS);
05486 pos = begin + len;
05487 if (pos < offset)
05488 {
05489 len = 0;
05490 begin = pos;
05491 }
05492 if (pos > offset+length)
05493 goto out;
05494 #if defined(CONFIG_RSBAC_MAC)
05495 len += sprintf(buffer + len, "MAC aci version is %i, aci entry size is %i, %i lists per device\n",
05496 RSBAC_MAC_FD_ACI_VERSION, sizeof(struct rsbac_mac_fd_aci_t), RSBAC_MAC_NR_FD_LISTS);
05497 pos = begin + len;
05498 if (pos < offset)
05499 {
05500 len = 0;
05501 begin = pos;
05502 }
05503 if (pos > offset+length)
05504 goto out;
05505 #endif
05506 #if defined(CONFIG_RSBAC_FC)
05507 len += sprintf(buffer + len, "FC aci version is %i, aci entry size is %i, %i lists per device\n",
05508 RSBAC_FC_FD_ACI_VERSION, sizeof(rsbac_fc_oc_t), RSBAC_FC_NR_FD_LISTS);
05509 pos = begin + len;
05510 if (pos < offset)
05511 {
05512 len = 0;
05513 begin = pos;
05514 }
05515 if (pos > offset+length)
05516 goto out;
05517 #endif
05518 #if defined(CONFIG_RSBAC_SIM)
05519 len += sprintf(buffer + len, "SIM aci version is %i, aci entry size is %i, %i lists per device\n",
05520 RSBAC_SIM_FD_ACI_VERSION, sizeof(rsbac_sim_dt_t), RSBAC_SIM_NR_FD_LISTS);
05521 pos = begin + len;
05522 if (pos < offset)
05523 {
05524 len = 0;
05525 begin = pos;
05526 }
05527 if (pos > offset+length)
05528 goto out;
05529 #endif
05530 #if defined(CONFIG_RSBAC_PM)
05531 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i, %i lists per device\n",
05532 RSBAC_PM_FD_ACI_VERSION, sizeof(struct rsbac_pm_fd_aci_t), RSBAC_PM_NR_FD_LISTS);
05533 pos = begin + len;
05534 if (pos < offset)
05535 {
05536 len = 0;
05537 begin = pos;
05538 }
05539 if (pos > offset+length)
05540 goto out;
05541 #endif
05542 #if defined(CONFIG_RSBAC_DAZ)
05543 len += sprintf(buffer + len, "DAZ aci version is %i, aci entry size is %i, %i lists per device\n",
05544 RSBAC_DAZ_FD_ACI_VERSION, sizeof(struct rsbac_daz_fd_aci_t), RSBAC_DAZ_NR_FD_LISTS);
05545 pos = begin + len;
05546 if (pos < offset)
05547 {
05548 len = 0;
05549 begin = pos;
05550 }
05551 if (pos > offset+length)
05552 goto out;
05553 #if defined(CONFIG_RSBAC_DAZ_CACHE)
05554 len += sprintf(buffer + len, "DAZS aci version is %i, aci entry size is %i, %i lists per device\n",
05555 RSBAC_DAZ_SCANNED_FD_ACI_VERSION,
05556 sizeof(rsbac_daz_scanned_t),
05557 RSBAC_DAZ_SCANNED_NR_FD_LISTS);
05558 pos = begin + len;
05559 if (pos < offset)
05560 {
05561 len = 0;
05562 begin = pos;
05563 }
05564 if (pos > offset+length)
05565 goto out;
05566 #endif
05567 #endif
05568 #if defined(CONFIG_RSBAC_FF)
05569 len += sprintf(buffer + len, "FF aci version is %i, aci entry size is %i, %i lists per device\n",
05570 RSBAC_FF_FD_ACI_VERSION, sizeof(rsbac_ff_flags_t), RSBAC_FF_NR_FD_LISTS);
05571 pos = begin + len;
05572 if (pos < offset)
05573 {
05574 len = 0;
05575 begin = pos;
05576 }
05577 if (pos > offset+length)
05578 goto out;
05579 #endif
05580 #if defined(CONFIG_RSBAC_RC)
05581 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i, %i lists per device\n",
05582 RSBAC_RC_FD_ACI_VERSION, sizeof(struct rsbac_rc_fd_aci_t), RSBAC_RC_NR_FD_LISTS);
05583 pos = begin + len;
05584 if (pos < offset)
05585 {
05586 len = 0;
05587 begin = pos;
05588 }
05589 if (pos > offset+length)
05590 goto out;
05591 #endif
05592 #if defined(CONFIG_RSBAC_AUTH)
05593 len += sprintf(buffer + len, "AUTH aci version is %i, aci entry size is %i, %i lists per device\n",
05594 RSBAC_AUTH_FD_ACI_VERSION, sizeof(struct rsbac_auth_fd_aci_t), RSBAC_AUTH_NR_FD_LISTS);
05595 pos = begin + len;
05596 if (pos < offset)
05597 {
05598 len = 0;
05599 begin = pos;
05600 }
05601 if (pos > offset+length)
05602 goto out;
05603 #endif
05604 #if defined(CONFIG_RSBAC_CAP)
05605 len += sprintf(buffer + len, "CAP aci version is %i, aci entry size is %i, %i lists per device\n",
05606 RSBAC_CAP_FD_ACI_VERSION, sizeof(struct rsbac_cap_fd_aci_t), RSBAC_CAP_NR_FD_LISTS);
05607 pos = begin + len;
05608 if (pos < offset)
05609 {
05610 len = 0;
05611 begin = pos;
05612 }
05613 if (pos > offset+length)
05614 goto out;
05615 #endif
05616 #if defined(CONFIG_RSBAC_PAX)
05617 len += sprintf(buffer + len, "PAX aci version is %i, aci entry size is %i, %i lists per device\n",
05618 RSBAC_PAX_FD_ACI_VERSION, sizeof(rsbac_pax_flags_t), RSBAC_PAX_NR_FD_LISTS);
05619 pos = begin + len;
05620 if (pos < offset)
05621 {
05622 len = 0;
05623 begin = pos;
05624 }
05625 if (pos > offset+length)
05626 goto out;
05627 #endif
05628 #if defined(CONFIG_RSBAC_RES)
05629 len += sprintf(buffer + len, "RES aci version is %i, aci entry size is %i, %i lists per device\n",
05630 RSBAC_RES_FD_ACI_VERSION, sizeof(struct rsbac_res_fd_aci_t), RSBAC_RES_NR_FD_LISTS);
05631 pos = begin + len;
05632 if (pos < offset)
05633 {
05634 len = 0;
05635 begin = pos;
05636 }
05637 if (pos > offset+length)
05638 goto out;
05639 #endif
05640
05641
05642 len += sprintf(buffer + len, "\nDEV lists:\nGEN aci version is %i, aci entry size is %i\n",
05643 RSBAC_GEN_DEV_ACI_VERSION, sizeof(struct rsbac_gen_dev_aci_t));
05644 pos = begin + len;
05645 if (pos < offset)
05646 {
05647 len = 0;
05648 begin = pos;
05649 }
05650 if (pos > offset+length)
05651 goto out;
05652 #if defined(CONFIG_RSBAC_MAC)
05653 len += sprintf(buffer + len, "MAC aci version is %i, aci entry size is %i\n",
05654 RSBAC_MAC_DEV_ACI_VERSION, sizeof(struct rsbac_mac_dev_aci_t));
05655 pos = begin + len;
05656 if (pos < offset)
05657 {
05658 len = 0;
05659 begin = pos;
05660 }
05661 if (pos > offset+length)
05662 goto out;
05663 #endif
05664 #if defined(CONFIG_RSBAC_FC)
05665 len += sprintf(buffer + len, "FC aci version is %i, aci entry size is %i\n",
05666 RSBAC_FC_DEV_ACI_VERSION, sizeof(rsbac_fc_oc_t));
05667 pos = begin + len;
05668 if (pos < offset)
05669 {
05670 len = 0;
05671 begin = pos;
05672 }
05673 if (pos > offset+length)
05674 goto out;
05675 #endif
05676 #if defined(CONFIG_RSBAC_SIM)
05677 len += sprintf(buffer + len, "SIM aci version is %i, aci entry size is %i\n",
05678 RSBAC_SIM_DEV_ACI_VERSION, sizeof(rsbac_sim_dt_t));
05679 pos = begin + len;
05680 if (pos < offset)
05681 {
05682 len = 0;
05683 begin = pos;
05684 }
05685 if (pos > offset+length)
05686 goto out;
05687 #endif
05688 #if defined(CONFIG_RSBAC_PM)
05689 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i\n",
05690 RSBAC_PM_DEV_ACI_VERSION, sizeof(struct rsbac_pm_dev_aci_t));
05691 pos = begin + len;
05692 if (pos < offset)
05693 {
05694 len = 0;
05695 begin = pos;
05696 }
05697 if (pos > offset+length)
05698 goto out;
05699 #endif
05700 #if defined(CONFIG_RSBAC_RC)
05701 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i\n",
05702 RSBAC_RC_DEV_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
05703 pos = begin + len;
05704 if (pos < offset)
05705 {
05706 len = 0;
05707 begin = pos;
05708 }
05709 if (pos > offset+length)
05710 goto out;
05711 #endif
05712
05713
05714 len += sprintf(buffer + len, "\nIPC lists:\n");
05715 pos = begin + len;
05716 if (pos < offset)
05717 {
05718 len = 0;
05719 begin = pos;
05720 }
05721 if (pos > offset+length)
05722 goto out;
05723 #if defined(CONFIG_RSBAC_MAC)
05724 len += sprintf(buffer + len, "MAC aci version is %i, aci entry size is %i\n",
05725 RSBAC_MAC_IPC_ACI_VERSION, sizeof(struct rsbac_mac_ipc_aci_t));
05726 pos = begin + len;
05727 if (pos < offset)
05728 {
05729 len = 0;
05730 begin = pos;
05731 }
05732 if (pos > offset+length)
05733 goto out;
05734 #endif
05735 #if defined(CONFIG_RSBAC_FC)
05736 len += sprintf(buffer + len, "FC aci version is %i, aci entry size is %i\n",
05737 RSBAC_FC_IPC_ACI_VERSION, sizeof(rsbac_fc_oc_t));
05738 pos = begin + len;
05739 if (pos < offset)
05740 {
05741 len = 0;
05742 begin = pos;
05743 }
05744 if (pos > offset+length)
05745 goto out;
05746 #endif
05747 #if defined(CONFIG_RSBAC_SIM)
05748 len += sprintf(buffer + len, "SIM aci version is %i, aci entry size is %i\n",
05749 RSBAC_SIM_IPC_ACI_VERSION, sizeof(rsbac_sim_dt_t));
05750 pos = begin + len;
05751 if (pos < offset)
05752 {
05753 len = 0;
05754 begin = pos;
05755 }
05756 if (pos > offset+length)
05757 goto out;
05758 #endif
05759 #if defined(CONFIG_RSBAC_PM)
05760 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i\n",
05761 RSBAC_PM_IPC_ACI_VERSION, sizeof(struct rsbac_pm_ipc_aci_t));
05762 pos = begin + len;
05763 if (pos < offset)
05764 {
05765 len = 0;
05766 begin = pos;
05767 }
05768 if (pos > offset+length)
05769 goto out;
05770 #endif
05771 #if defined(CONFIG_RSBAC_RC)
05772 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i\n",
05773 RSBAC_RC_IPC_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
05774 pos = begin + len;
05775 if (pos < offset)
05776 {
05777 len = 0;
05778 begin = pos;
05779 }
05780 if (pos > offset+length)
05781 goto out;
05782 #endif
05783 #if defined(CONFIG_RSBAC_JAIL)
05784 len += sprintf(buffer + len, "JAIL aci version is %i, aci entry size is %i\n",
05785 RSBAC_JAIL_IPC_ACI_VERSION, sizeof(rsbac_jail_id_t));
05786 pos = begin + len;
05787 if (pos < offset)
05788 {
05789 len = 0;
05790 begin = pos;
05791 }
05792 if (pos > offset+length)
05793 goto out;
05794 #endif
05795
05796
05797 len += sprintf(buffer + len, "\nUSER lists:\nGEN aci version is %i, aci entry size is %i\n",
05798 RSBAC_GEN_USER_ACI_VERSION, sizeof(struct rsbac_gen_user_aci_t));
05799 pos = begin + len;
05800 if (pos < offset)
05801 {
05802 len = 0;
05803 begin = pos;
05804 }
05805 if (pos > offset+length)
05806 goto out;
05807 #if defined(CONFIG_RSBAC_MAC)
05808 len += sprintf(buffer + len, "MAC aci version is %i, aci entry size is %i\n",
05809 RSBAC_MAC_USER_ACI_VERSION, sizeof(struct rsbac_mac_user_aci_t));
05810 pos = begin + len;
05811 if (pos < offset)
05812 {
05813 len = 0;
05814 begin = pos;
05815 }
05816 if (pos > offset+length)
05817 goto out;
05818 #endif
05819 #if defined(CONFIG_RSBAC_FC)
05820 len += sprintf(buffer + len, "FC aci version is %i, aci entry size is %i\n",
05821 RSBAC_FC_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
05822 pos = begin + len;
05823 if (pos < offset)
05824 {
05825 len = 0;
05826 begin = pos;
05827 }
05828 if (pos > offset+length)
05829 goto out;
05830 #endif
05831 #if defined(CONFIG_RSBAC_SIM)
05832 len += sprintf(buffer + len, "SIM aci version is %i, aci entry size is %i\n",
05833 RSBAC_SIM_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
05834 pos = begin + len;
05835 if (pos < offset)
05836 {
05837 len = 0;
05838 begin = pos;
05839 }
05840 if (pos > offset+length)
05841 goto out;
05842 #endif
05843 #if defined(CONFIG_RSBAC_PM)
05844 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i\n",
05845 RSBAC_PM_USER_ACI_VERSION, sizeof(struct rsbac_pm_user_aci_t));
05846 pos = begin + len;
05847 if (pos < offset)
05848 {
05849 len = 0;
05850 begin = pos;
05851 }
05852 if (pos > offset+length)
05853 goto out;
05854 #endif
05855 #if defined(CONFIG_RSBAC_DAZ)
05856 len += sprintf(buffer + len, "DAZ aci version is %i, aci entry size is %i\n",
05857 RSBAC_DAZ_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
05858 pos = begin + len;
05859 if (pos < offset)
05860 {
05861 len = 0;
05862 begin = pos;
05863 }
05864 if (pos > offset+length)
05865 goto out;
05866 #endif
05867 #if defined(CONFIG_RSBAC_RC)
05868 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i\n",
05869 RSBAC_RC_USER_ACI_VERSION, sizeof(rsbac_rc_role_id_t));
05870 pos = begin + len;
05871 if (pos < offset)
05872 {
05873 len = 0;
05874 begin = pos;
05875 }
05876 if (pos > offset+length)
05877 goto out;
05878 #endif
05879 #if defined(CONFIG_RSBAC_AUTH)
05880 len += sprintf(buffer + len, "AUTH aci version is %i, aci entry size is %i\n",
05881 RSBAC_AUTH_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
05882 pos = begin + len;
05883 if (pos < offset)
05884 {
05885 len = 0;
05886 begin = pos;
05887 }
05888 if (pos > offset+length)
05889 goto out;
05890 #endif
05891 #if defined(CONFIG_RSBAC_CAP)
05892 len += sprintf(buffer + len, "CAP aci version is %i, aci entry size is %i\n",
05893 RSBAC_CAP_USER_ACI_VERSION, sizeof(struct rsbac_cap_user_aci_t));
05894 pos = begin + len;
05895 if (pos < offset)
05896 {
05897 len = 0;
05898 begin = pos;
05899 }
05900 if (pos > offset+length)
05901 goto out;
05902 #endif
05903 #if defined(CONFIG_RSBAC_JAIL)
05904 len += sprintf(buffer + len, "JAIL aci version is %i, aci entry size is %i\n",
05905 RSBAC_JAIL_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
05906 pos = begin + len;
05907 if (pos < offset)
05908 {
05909 len = 0;
05910 begin = pos;
05911 }
05912 if (pos > offset+length)
05913 goto out;
05914 #endif
05915 #if defined(CONFIG_RSBAC_PAX)
05916 len += sprintf(buffer + len, "PAX aci version is %i, aci entry size is %i\n",
05917 RSBAC_PAX_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
05918 pos = begin + len;
05919 if (pos < offset)
05920 {
05921 len = 0;
05922 begin = pos;
05923 }
05924 if (pos > offset+length)
05925 goto out;
05926 #endif
05927 #if defined(CONFIG_RSBAC_RES)
05928 len += sprintf(buffer + len, "RES aci version is %i, aci entry size is %i\n",
05929 RSBAC_RES_USER_ACI_VERSION, sizeof(struct rsbac_res_user_aci_t));
05930 pos = begin + len;
05931 if (pos < offset)
05932 {
05933 len = 0;
05934 begin = pos;
05935 }
05936 if (pos > offset+length)
05937 goto out;
05938 #endif
05939
05940
05941 len += sprintf(buffer + len, "\nPROCESS lists:\nGEN aci version is %i, aci entry size is %i\n",
05942 RSBAC_GEN_PROCESS_ACI_VERSION, sizeof(rsbac_request_vector_t));
05943 pos = begin + len;
05944 if (pos < offset)
05945 {
05946 len = 0;
05947 begin = pos;
05948 }
05949 if (pos > offset+length)
05950 goto out;
05951 #if defined(CONFIG_RSBAC_MAC)
05952 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %u, number of lists is %u\n",
05953 RSBAC_MAC_PROCESS_ACI_VERSION,
05954 sizeof(struct rsbac_mac_process_aci_t),
05955 CONFIG_RSBAC_MAC_NR_P_LISTS);
05956 pos = begin + len;
05957 if (pos < offset)
05958 {
05959 len = 0;
05960 begin = pos;
05961 }
05962 if (pos > offset+length)
05963 goto out;
05964 #endif
05965 #if defined(CONFIG_RSBAC_PM)
05966 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i\n",
05967 RSBAC_PM_PROCESS_ACI_VERSION, sizeof(struct rsbac_pm_process_aci_t));
05968 pos = begin + len;
05969 if (pos < offset)
05970 {
05971 len = 0;
05972 begin = pos;
05973 }
05974 if (pos > offset+length)
05975 goto out;
05976 #endif
05977 #if defined(CONFIG_RSBAC_RC)
05978 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %u, number of lists is %u\n",
05979 RSBAC_RC_PROCESS_ACI_VERSION,
05980 sizeof(struct rsbac_rc_process_aci_t),
05981 CONFIG_RSBAC_RC_NR_P_LISTS);
05982 pos = begin + len;
05983 if (pos < offset)
05984 {
05985 len = 0;
05986 begin = pos;
05987 }
05988 if (pos > offset+length)
05989 goto out;
05990 #endif
05991 #if defined(CONFIG_RSBAC_AUTH)
05992 len += sprintf(buffer + len, "AUTH aci version is %i, aci entry size is %i\n",
05993 RSBAC_AUTH_PROCESS_ACI_VERSION, sizeof(struct rsbac_auth_process_aci_t));
05994 pos = begin + len;
05995 if (pos < offset)
05996 {
05997 len = 0;
05998 begin = pos;
05999 }
06000 if (pos > offset+length)
06001 goto out;
06002 #endif
06003 #if defined(CONFIG_RSBAC_CAP)
06004 len += sprintf(buffer + len, "CAP aci version is %i, aci entry size is %i\n",
06005 RSBAC_CAP_PROCESS_ACI_VERSION, sizeof(struct rsbac_cap_process_aci_t));
06006 pos = begin + len;
06007 if (pos < offset)
06008 {
06009 len = 0;
06010 begin = pos;
06011 }
06012 if (pos > offset+length)
06013 goto out;
06014 #endif
06015 #if defined(CONFIG_RSBAC_JAIL)
06016 len += sprintf(buffer + len, "JAIL aci version is %u, aci entry size is %u, number of lists is %u\n",
06017 RSBAC_JAIL_PROCESS_ACI_VERSION,
06018 sizeof(struct rsbac_jail_process_aci_t),
06019 CONFIG_RSBAC_JAIL_NR_P_LISTS);
06020 pos = begin + len;
06021 if (pos < offset)
06022 {
06023 len = 0;
06024 begin = pos;
06025 }
06026 if (pos > offset+length)
06027 goto out;
06028 #endif
06029
06030 #if defined(CONFIG_RSBAC_NET_DEV)
06031 len += sprintf(buffer + len, "\nNETDEV lists:\n");
06032 pos = begin + len;
06033 if (pos < offset)
06034 {
06035 len = 0;
06036 begin = pos;
06037 }
06038 if (pos > offset+length)
06039 goto out;
06040 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
06041 len += sprintf(buffer + len, "GEN aci version is %i, aci entry size is %i\n",
06042 RSBAC_GEN_NETDEV_ACI_VERSION, sizeof(struct rsbac_gen_netdev_aci_t));
06043 pos = begin + len;
06044 if (pos < offset)
06045 {
06046 len = 0;
06047 begin = pos;
06048 }
06049 if (pos > offset+length)
06050 goto out;
06051 #endif
06052 #if defined(CONFIG_RSBAC_RC)
06053 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i\n",
06054 RSBAC_RC_NETDEV_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
06055 pos = begin + len;
06056 if (pos < offset)
06057 {
06058 len = 0;
06059 begin = pos;
06060 }
06061 if (pos > offset+length)
06062 goto out;
06063 #endif
06064 #endif
06065
06066 #if defined(CONFIG_RSBAC_NET_OBJ)
06067 len += sprintf(buffer + len, "\nNetwork Template list: version is %i, data size is %i\n",
06068 RSBAC_NET_TEMP_VERSION, sizeof(struct rsbac_net_temp_data_t));
06069 pos = begin + len;
06070 if (pos < offset)
06071 {
06072 len = 0;
06073 begin = pos;
06074 }
06075 if (pos > offset+length)
06076 goto out;
06077 len += sprintf(buffer + len, "\nNETOBJ lists:\nGEN aci version is %i, aci entry size is %i\n",
06078 RSBAC_GEN_NETOBJ_ACI_VERSION, sizeof(struct rsbac_gen_netobj_aci_t));
06079 pos = begin + len;
06080 if (pos < offset)
06081 {
06082 len = 0;
06083 begin = pos;
06084 }
06085 if (pos > offset+length)
06086 goto out;
06087 #if defined(CONFIG_RSBAC_MAC)
06088 len += sprintf(buffer + len, "MAC aci version is %i, aci entry size is %i\n",
06089 RSBAC_MAC_NETOBJ_ACI_VERSION, sizeof(struct rsbac_mac_netobj_aci_t));
06090 pos = begin + len;
06091 if (pos < offset)
06092 {
06093 len = 0;
06094 begin = pos;
06095 }
06096 if (pos > offset+length)
06097 goto out;
06098 #endif
06099 #if defined(CONFIG_RSBAC_FC)
06100 len += sprintf(buffer + len, "FC aci version is %i, aci entry size is %i\n",
06101 RSBAC_FC_NETOBJ_ACI_VERSION, sizeof(rsbac_fc_oc_t));
06102 pos = begin + len;
06103 if (pos < offset)
06104 {
06105 len = 0;
06106 begin = pos;
06107 }
06108 if (pos > offset+length)
06109 goto out;
06110 #endif
06111 #if defined(CONFIG_RSBAC_SIM)
06112 len += sprintf(buffer + len, "SIM aci version is %i, aci entry size is %i\n",
06113 RSBAC_SIM_NETOBJ_ACI_VERSION, sizeof(rsbac_sim_dt_t));
06114 pos = begin + len;
06115 if (pos < offset)
06116 {
06117 len = 0;
06118 begin = pos;
06119 }
06120 if (pos > offset+length)
06121 goto out;
06122 #endif
06123 #if defined(CONFIG_RSBAC_PM)
06124 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i\n",
06125 RSBAC_PM_NETOBJ_ACI_VERSION, sizeof(struct rsbac_pm_netobj_aci_t));
06126 pos = begin + len;
06127 if (pos < offset)
06128 {
06129 len = 0;
06130 begin = pos;
06131 }
06132 if (pos > offset+length)
06133 goto out;
06134 #endif
06135 #if defined(CONFIG_RSBAC_RC)
06136 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i\n",
06137 RSBAC_RC_NETOBJ_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
06138 pos = begin + len;
06139 if (pos < offset)
06140 {
06141 len = 0;
06142 begin = pos;
06143 }
06144 if (pos > offset+length)
06145 goto out;
06146 #endif
06147 #endif
06148
06149 len += sprintf(buffer + len, "\nlog_levels array: version is %i, array size is %i\n",
06150 RSBAC_LOG_LEVEL_VERSION, R_NONE * (T_NONE+1) * sizeof(rsbac_enum_t));
06151 pos = begin + len;
06152 if (pos < offset)
06153 {
06154 len = 0;
06155 begin = pos;
06156 }
06157
06158 out:
06159 *start = buffer + (offset - begin);
06160 len -= (offset - begin);
06161
06162 if (len > length)
06163 len = length;
06164 return len;
06165 }
06166
06167 #ifdef CONFIG_RSBAC_NET_OBJ
06168 static int
06169 net_temp_proc_info(char *buffer, char **start, off_t offset, int length)
06170 {
06171 u_int len = 0;
06172 off_t pos = 0;
06173 off_t begin = 0;
06174 rsbac_net_temp_id_t * temp_array;
06175 long count;
06176
06177 union rsbac_target_id_t rsbac_target_id;
06178 union rsbac_attribute_value_t rsbac_attribute_value;
06179
06180 if (!rsbac_initialized) return (-ENOSYS);
06181
06182 #ifdef CONFIG_RSBAC_DEBUG
06183 if (rsbac_debug_aef)
06184 {
06185 #ifdef CONFIG_RSBAC_RMSG
06186 rsbac_printk(KERN_DEBUG "net_temp_proc_info(): calling ADF\n");
06187 #endif
06188 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06189 if (!rsbac_nosyslog)
06190 #endif
06191 printk(KERN_DEBUG "net_temp_proc_info(): calling ADF\n");
06192 }
06193 #endif
06194 rsbac_target_id.scd = ST_rsbac;
06195 rsbac_attribute_value.dummy = 0;
06196 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06197 current->pid,
06198 T_SCD,
06199 rsbac_target_id,
06200 A_none,
06201 rsbac_attribute_value))
06202 {
06203 return -EPERM;
06204 }
06205
06206 len = sprintf(buffer, "Network Templates\n-----------------\n");
06207 pos = begin + len;
06208 if (pos < offset)
06209 {
06210 len = 0;
06211 begin = pos;
06212 }
06213 if (pos > offset+length)
06214 goto out;
06215
06216 count = rsbac_list_get_all_desc(net_temp_handle, (void **) &temp_array);
06217 if(count > 0)
06218 {
06219 __u32 i;
06220 struct rsbac_net_temp_data_t data;
06221
06222 for(i=0; i < count; i++)
06223 {
06224 if(!rsbac_list_get_data(net_temp_handle, &temp_array[i], &data))
06225 {
06226 len += sprintf(buffer + len, "%10u %s\n",
06227 temp_array[i], data.name);
06228 pos = begin + len;
06229 if (pos < offset)
06230 {
06231 len = 0;
06232 begin = pos;
06233 }
06234 if (pos > offset+length)
06235 {
06236 rsbac_vfree(temp_array);
06237 goto out;
06238 }
06239 }
06240 }
06241 rsbac_vfree(temp_array);
06242 }
06243 len += sprintf(buffer + len, "%lu templates\n",
06244 count);
06245 pos = begin + len;
06246 if (pos < offset)
06247 {
06248 len = 0;
06249 begin = pos;
06250 }
06251
06252 out:
06253 *start = buffer + (offset - begin);
06254 len -= (offset - begin);
06255
06256 if (len > length)
06257 len = length;
06258 return len;
06259 }
06260 #endif
06261
06262 #ifdef CONFIG_RSBAC_JAIL
06263 static int
06264 jail_proc_info(char *buffer, char **start, off_t offset, int length)
06265 {
06266 u_int len = 0;
06267 off_t pos = 0;
06268 off_t begin = 0;
06269 rsbac_pid_t * pid_array;
06270 struct rsbac_ipc_t * ipc_array;
06271 u_long count = 0;
06272 u_int i;
06273 u_int j;
06274 long subcount;
06275 struct rsbac_jail_process_aci_t data;
06276 union rsbac_target_id_t rsbac_target_id;
06277 union rsbac_attribute_value_t rsbac_attribute_value;
06278
06279 if (!rsbac_initialized) return (-ENOSYS);
06280
06281 #ifdef CONFIG_RSBAC_DEBUG
06282 if (rsbac_debug_aef)
06283 {
06284 #ifdef CONFIG_RSBAC_RMSG
06285 rsbac_printk(KERN_DEBUG "jail_proc_info(): calling ADF\n");
06286 #endif
06287 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06288 if (!rsbac_nosyslog)
06289 #endif
06290 printk(KERN_DEBUG "jail_proc_info(): calling ADF\n");
06291 }
06292 #endif
06293 rsbac_target_id.scd = ST_rsbac;
06294 rsbac_attribute_value.dummy = 0;
06295 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06296 current->pid,
06297 T_SCD,
06298 rsbac_target_id,
06299 A_none,
06300 rsbac_attribute_value))
06301 {
06302 return -EPERM;
06303 }
06304
06305 len = sprintf(buffer, "JAILed Processes\n----------------\nPID Jail-ID Flags Max Caps IP\n");
06306 pos = begin + len;
06307 if (pos < offset)
06308 {
06309 len = 0;
06310 begin = pos;
06311 }
06312 if (pos > offset+length)
06313 goto out;
06314
06315 for(j=0; j<CONFIG_RSBAC_JAIL_NR_P_LISTS; j++)
06316 {
06317 subcount = rsbac_list_get_all_desc(process_handles.jail[j], (void **) &pid_array);
06318 if(subcount > 0)
06319 {
06320 for(i=0; i < subcount; i++)
06321 {
06322 if(!rsbac_list_get_data(process_handles.jail[j], &pid_array[i], &data))
06323 {
06324 len += sprintf(buffer + len, "%-5u %-10u %-7u %-10i %u.%u.%u.%u\n",
06325 pid_array[i],
06326 data.id,
06327 data.flags,
06328 data.max_caps,
06329 NIPQUAD(data.ip));
06330 pos = begin + len;
06331 if (pos < offset)
06332 {
06333 len = 0;
06334 begin = pos;
06335 }
06336 if (pos > offset+length)
06337 {
06338 rsbac_vfree(pid_array);
06339 goto out;
06340 }
06341 }
06342 }
06343 count += subcount;
06344 }
06345 rsbac_vfree(pid_array);
06346 }
06347 len += sprintf(buffer + len, "%lu jailed processes\n",
06348 count);
06349 pos = begin + len;
06350 if (pos < offset)
06351 {
06352 len = 0;
06353 begin = pos;
06354 }
06355 if (pos > offset+length)
06356 goto out;
06357
06358 len += sprintf(buffer + len, "\nJAIL IPCs\n---------\nType IPC-ID Jail-ID\n");
06359 pos = begin + len;
06360 if (pos < offset)
06361 {
06362 len = 0;
06363 begin = pos;
06364 }
06365 if (pos > offset+length)
06366 goto out;
06367
06368 count = rsbac_list_get_all_desc(ipc_handles.jail, (void **) &ipc_array);
06369 if(count > 0)
06370 {
06371 __u32 i;
06372 rsbac_jail_id_t data;
06373 char tmp[RSBAC_MAXNAMELEN];
06374
06375 for(i=0; i < count; i++)
06376 {
06377 if(!rsbac_list_get_data(ipc_handles.jail, &ipc_array[i], &data))
06378 {
06379 len += sprintf(buffer + len, "%-5s %-10lu %-10u\n",
06380 get_ipc_target_name(tmp, ipc_array[i].type),
06381 ipc_array[i].id.id_nr,
06382 data);
06383 pos = begin + len;
06384 if (pos < offset)
06385 {
06386 len = 0;
06387 begin = pos;
06388 }
06389 if (pos > offset+length)
06390 {
06391 rsbac_vfree(ipc_array);
06392 goto out;
06393 }
06394 }
06395 }
06396 rsbac_vfree(ipc_array);
06397 }
06398 len += sprintf(buffer + len, "%lu JAIL IPCs\n",
06399 count);
06400 pos = begin + len;
06401 if (pos < offset)
06402 {
06403 len = 0;
06404 begin = pos;
06405 }
06406 if (pos > offset+length)
06407 goto out;
06408 out:
06409 *start = buffer + (offset - begin);
06410 len -= (offset - begin);
06411
06412 if (len > length)
06413 len = length;
06414 return len;
06415 }
06416 #endif
06417
06418 #ifdef CONFIG_RSBAC_PAX
06419 static int
06420 pax_proc_info(char *buffer, char **start, off_t offset, int length)
06421 {
06422 int len = 0;
06423 off_t pos = 0;
06424 off_t begin = 0;
06425
06426 union rsbac_target_id_t rsbac_target_id;
06427 union rsbac_attribute_value_t rsbac_attribute_value;
06428
06429 if (!rsbac_initialized)
06430 return (-ENOSYS);
06431
06432 rsbac_target_id.scd = ST_rsbac;
06433 rsbac_attribute_value.dummy = 0;
06434 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06435 current->pid,
06436 T_SCD,
06437 rsbac_target_id,
06438 A_none,
06439 rsbac_attribute_value))
06440 {
06441 return -EPERM;
06442 }
06443 len += sprintf(buffer, "RSBAC PaX module\n----------------\n");
06444 pos = begin + len;
06445 if (pos < offset)
06446 {
06447 len = 0;
06448 begin = pos;
06449 }
06450 if (pos > offset+length)
06451 goto out;
06452
06453 len += sprintf(buffer + len, "%li user list items.\n",
06454 rsbac_list_count(user_handles.pax));
06455 pos = begin + len;
06456 if (pos < offset)
06457 {
06458 len = 0;
06459 begin = pos;
06460 }
06461 if (pos > offset+length)
06462 goto out;
06463
06464 out:
06465 *start = buffer + (offset - begin);
06466 len -= (offset - begin);
06467
06468 if (len > length)
06469 len = length;
06470 return len;
06471 }
06472 #endif
06473
06474 static int register_all_rsbac_proc(void)
06475 {
06476 struct proc_dir_entry * tmp_entry_p;
06477
06478 proc_rsbac_root_p = create_proc_entry("rsbac-info",
06479 S_IFDIR | S_IRUGO | S_IXUGO,
06480 &proc_root);
06481 if(!proc_rsbac_root_p)
06482 return -RSBAC_ECOULDNOTADDITEM;
06483
06484 proc_rsbac_backup_p = create_proc_entry("backup",
06485 S_IFDIR | S_IRUGO | S_IXUGO,
06486 proc_rsbac_root_p);
06487 if(!proc_rsbac_root_p)
06488 return -RSBAC_ECOULDNOTADDITEM;
06489
06490 tmp_entry_p = create_proc_entry("devices",
06491 S_IFREG | S_IRUGO,
06492 proc_rsbac_root_p);
06493 if(!tmp_entry_p)
06494 return -RSBAC_ECOULDNOTADDITEM;
06495 tmp_entry_p->get_info = devices_proc_info;
06496
06497 tmp_entry_p = create_proc_entry("stats",
06498 S_IFREG | S_IRUGO,
06499 proc_rsbac_root_p);
06500 if(!tmp_entry_p)
06501 return -RSBAC_ECOULDNOTADDITEM;
06502 tmp_entry_p->get_info = stats_proc_info;
06503
06504 tmp_entry_p = create_proc_entry("active",
06505 S_IFREG | S_IRUGO,
06506 proc_rsbac_root_p);
06507 if(!tmp_entry_p)
06508 return -RSBAC_ECOULDNOTADDITEM;
06509 tmp_entry_p->get_info = active_proc_info;
06510
06511 #ifdef CONFIG_RSBAC_XSTATS
06512 tmp_entry_p = create_proc_entry("xstats",
06513 S_IFREG | S_IRUGO,
06514 proc_rsbac_root_p);
06515 if(!tmp_entry_p)
06516 return -RSBAC_ECOULDNOTADDITEM;
06517 tmp_entry_p->get_info = xstats_proc_info;
06518 #endif
06519 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
06520 tmp_entry_p = create_proc_entry("auto_write",
06521 S_IFREG | S_IRUGO | S_IWUGO,
06522 proc_rsbac_root_p);
06523 if(!tmp_entry_p)
06524 return -RSBAC_ECOULDNOTADDITEM;
06525 tmp_entry_p->get_info = auto_write_proc_info;
06526 tmp_entry_p->write_proc = auto_write_proc_write;
06527 #endif
06528 tmp_entry_p = create_proc_entry("versions",
06529 S_IFREG | S_IRUGO,
06530 proc_rsbac_root_p);
06531 if(!tmp_entry_p)
06532 return -RSBAC_ECOULDNOTADDITEM;
06533 tmp_entry_p->get_info = versions_proc_info;
06534
06535 #ifdef CONFIG_RSBAC_NET_OBJ
06536 tmp_entry_p = create_proc_entry("net_temp",
06537 S_IFREG | S_IRUGO,
06538 proc_rsbac_root_p);
06539 if(!tmp_entry_p)
06540 return -RSBAC_ECOULDNOTADDITEM;
06541 tmp_entry_p->get_info = net_temp_proc_info;
06542 #endif
06543 #ifdef CONFIG_RSBAC_JAIL
06544 tmp_entry_p = create_proc_entry("jails",
06545 S_IFREG | S_IRUGO,
06546 proc_rsbac_root_p);
06547 if(!tmp_entry_p)
06548 return -RSBAC_ECOULDNOTADDITEM;
06549 tmp_entry_p->get_info = jail_proc_info;
06550 #endif
06551 #ifdef CONFIG_RSBAC_PAX
06552 tmp_entry_p = create_proc_entry("pax",
06553 S_IFREG | S_IRUGO,
06554 proc_rsbac_root_p);
06555 if(!tmp_entry_p)
06556 return -RSBAC_ECOULDNOTADDITEM;
06557 tmp_entry_p->get_info = pax_proc_info;
06558 #endif
06559
06560 return(0);
06561 }
06562
06563
06564
06565
06566
06567
06568
06569
06570
06571
06572
06573
06574
06575
06576
06577
06578
06579
06580
06581
06582
06583
06584
06585 #endif
06586
06587
06588
06589
06590
06591
06592
06593
06594
06595
06596
06597
06598
06599
06600
06601 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
06602 #ifdef CONFIG_RSBAC_INIT_DELAY
06603 int rsbac_init_daz(void);
06604 #else
06605 int __init rsbac_init_daz(void);
06606 #endif
06607 #endif
06608
06609 #ifdef CONFIG_RSBAC_INIT_DELAY
06610 static void registration_error(int err, char * listname)
06611 #else
06612 static void __init registration_error(int err, char * listname)
06613 #endif
06614 {
06615 if(err < 0)
06616 {
06617 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06618
06619 if(tmp)
06620 {
06621 #ifdef CONFIG_RSBAC_RMSG
06622 rsbac_printk(KERN_WARNING
06623 "rsbac_do_init(): Registering %s list failed with error %s\n",
06624 listname,
06625 get_error_name(tmp, err));
06626 #endif
06627 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06628 if (!rsbac_nosyslog)
06629 #endif
06630 printk(KERN_WARNING
06631 "rsbac_do_init(): Registering %s list failed with error %s\n",
06632 listname,
06633 get_error_name(tmp, err));
06634 rsbac_kfree(tmp);
06635 }
06636 }
06637 }
06638
06639 #ifdef CONFIG_RSBAC_INIT_DELAY
06640 static int register_dev_lists(void)
06641 #else
06642 static int __init register_dev_lists(void)
06643 #endif
06644 {
06645 int err = 0;
06646 struct rsbac_list_info_t * list_info_p;
06647
06648 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06649 if(!list_info_p)
06650 {
06651 return -ENOMEM;
06652 }
06653
06654 #ifdef CONFIG_RSBAC_DEBUG
06655 if (rsbac_debug_ds)
06656 {
06657 #ifdef CONFIG_RSBAC_RMSG
06658 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering DEV lists\n");
06659 #endif
06660 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06661 if (!rsbac_nosyslog)
06662 #endif
06663 printk(KERN_DEBUG "rsbac_do_init(): registering DEV lists\n");
06664 }
06665 #endif
06666 {
06667 struct rsbac_gen_dev_aci_t def_aci = DEFAULT_GEN_DEV_ACI;
06668
06669 list_info_p->version = RSBAC_GEN_DEV_ACI_VERSION;
06670 list_info_p->key = RSBAC_GEN_DEV_ACI_KEY;
06671 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
06672 list_info_p->data_size = sizeof(struct rsbac_gen_dev_aci_t);
06673 list_info_p->max_age = 0;
06674 err = rsbac_list_register(RSBAC_LIST_VERSION,
06675 &dev_handles.gen,
06676 list_info_p,
06677 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06678 RSBAC_LIST_BACKUP |
06679 #endif
06680 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06681 dev_compare,
06682 gen_dev_get_conv,
06683 &def_aci,
06684 RSBAC_GEN_ACI_DEV_NAME,
06685 RSBAC_AUTO_DEV);
06686 if(err)
06687 {
06688 registration_error(err, "DEV General");
06689 }
06690 }
06691 #if defined(CONFIG_RSBAC_MAC)
06692 {
06693 struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI;
06694
06695 list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION;
06696 list_info_p->key = RSBAC_MAC_DEV_ACI_KEY;
06697 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
06698 list_info_p->data_size = sizeof(struct rsbac_mac_dev_aci_t);
06699 list_info_p->max_age = 0;
06700 err = rsbac_list_register(RSBAC_LIST_VERSION,
06701 &dev_handles.mac,
06702 list_info_p,
06703 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06704 RSBAC_LIST_BACKUP |
06705 #endif
06706 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06707 dev_compare,
06708 mac_dev_get_conv,
06709 &def_aci,
06710 RSBAC_MAC_ACI_DEV_NAME,
06711 RSBAC_AUTO_DEV);
06712 if(err)
06713 {
06714 registration_error(err, "DEV MAC");
06715 }
06716 }
06717 #endif
06718 #if defined(CONFIG_RSBAC_FC)
06719 {
06720 rsbac_fc_oc_t def_aci = RSBAC_FC_OC_ROOT_DEF;
06721
06722 list_info_p->version = RSBAC_FC_DEV_ACI_VERSION;
06723 list_info_p->key = RSBAC_FC_DEV_ACI_KEY;
06724 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
06725 list_info_p->data_size = sizeof(rsbac_fc_oc_t);
06726 list_info_p->max_age = 0;
06727 err = rsbac_list_register(RSBAC_LIST_VERSION,
06728 &dev_handles.fc,
06729 list_info_p,
06730 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06731 RSBAC_LIST_BACKUP |
06732 #endif
06733 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06734 dev_compare,
06735 fc_dev_get_conv,
06736 &def_aci,
06737 RSBAC_FC_ACI_DEV_NAME,
06738 RSBAC_AUTO_DEV);
06739 if(err)
06740 {
06741 registration_error(err, "DEV FC");
06742 }
06743 }
06744 #endif
06745 #if defined(CONFIG_RSBAC_SIM)
06746 {
06747 rsbac_sim_dt_t def_aci = RSBAC_SIM_DT_ROOT_DEF;
06748
06749 list_info_p->version = RSBAC_SIM_DEV_ACI_VERSION;
06750 list_info_p->key = RSBAC_SIM_DEV_ACI_KEY;
06751 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
06752 list_info_p->data_size = sizeof(rsbac_sim_dt_t);
06753 list_info_p->max_age = 0;
06754 err = rsbac_list_register(RSBAC_LIST_VERSION,
06755 &dev_handles.sim,
06756 list_info_p,
06757 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06758 RSBAC_LIST_BACKUP |
06759 #endif
06760 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06761 dev_compare,
06762 sim_dev_get_conv,
06763 &def_aci,
06764 RSBAC_SIM_ACI_DEV_NAME,
06765 RSBAC_AUTO_DEV);
06766 if(err)
06767 {
06768 registration_error(err, "DEV SIM");
06769 }
06770 }
06771 #endif
06772 #if defined(CONFIG_RSBAC_PM)
06773 {
06774 struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI;
06775
06776 list_info_p->version = RSBAC_PM_DEV_ACI_VERSION;
06777 list_info_p->key = RSBAC_PM_DEV_ACI_KEY;
06778 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
06779 list_info_p->data_size = sizeof(struct rsbac_pm_dev_aci_t);
06780 list_info_p->max_age = 0;
06781 err = rsbac_list_register(RSBAC_LIST_VERSION,
06782 &dev_handles.pm,
06783 list_info_p,
06784 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06785 RSBAC_LIST_BACKUP |
06786 #endif
06787 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06788 dev_compare,
06789 pm_dev_get_conv,
06790 &def_aci,
06791 RSBAC_PM_ACI_DEV_NAME,
06792 RSBAC_AUTO_DEV);
06793 if(err)
06794 {
06795 registration_error(err, "DEV PM");
06796 }
06797 }
06798 #endif
06799 #if defined(CONFIG_RSBAC_RC)
06800 {
06801 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06802
06803 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
06804 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
06805 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
06806 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06807 list_info_p->max_age = 0;
06808 err = rsbac_list_register(RSBAC_LIST_VERSION,
06809 &dev_handles.rc,
06810 list_info_p,
06811 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06812 RSBAC_LIST_BACKUP |
06813 #endif
06814 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06815 dev_compare,
06816 rc_dev_get_conv,
06817 &def_aci,
06818 RSBAC_RC_ACI_DEV_NAME,
06819 RSBAC_AUTO_DEV);
06820 if(err)
06821 {
06822 registration_error(err, "DEV RC");
06823 }
06824 }
06825 #endif
06826
06827 return err;
06828 }
06829
06830 #ifdef CONFIG_RSBAC_INIT_DELAY
06831 static int register_ipc_lists(void)
06832 #else
06833 static int __init register_ipc_lists(void)
06834 #endif
06835 {
06836 int err = 0;
06837 struct rsbac_list_info_t * list_info_p;
06838
06839 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06840 if(!list_info_p)
06841 {
06842 return -ENOMEM;
06843 }
06844
06845 #ifdef CONFIG_RSBAC_DEBUG
06846 if (rsbac_debug_ds)
06847 {
06848 #ifdef CONFIG_RSBAC_RMSG
06849 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering IPC lists\n");
06850 #endif
06851 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06852 if (!rsbac_nosyslog)
06853 #endif
06854 printk(KERN_DEBUG "rsbac_do_init(): registering IPC lists\n");
06855 }
06856 #endif
06857 #if defined(CONFIG_RSBAC_MAC)
06858 {
06859 struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI;
06860
06861 list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION;
06862 list_info_p->key = RSBAC_MAC_IPC_ACI_KEY;
06863 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
06864 list_info_p->data_size = sizeof(struct rsbac_mac_ipc_aci_t);
06865 list_info_p->max_age = 0;
06866 err = rsbac_list_register(RSBAC_LIST_VERSION,
06867 &ipc_handles.mac,
06868 list_info_p,
06869 RSBAC_LIST_DEF_DATA,
06870 ipc_compare,
06871 NULL,
06872 &def_aci,
06873 RSBAC_MAC_ACI_IPC_NAME,
06874 RSBAC_AUTO_DEV);
06875 if(err)
06876 {
06877 registration_error(err, "IPC MAC");
06878 }
06879 }
06880 #endif
06881 #if defined(CONFIG_RSBAC_FC)
06882 {
06883 rsbac_fc_oc_t def_aci = RSBAC_FC_OC_ROOT_DEF;
06884
06885 list_info_p->version = RSBAC_FC_IPC_ACI_VERSION;
06886 list_info_p->key = RSBAC_FC_IPC_ACI_KEY;
06887 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
06888 list_info_p->data_size = sizeof(rsbac_fc_oc_t);
06889 list_info_p->max_age = 0;
06890 err = rsbac_list_register(RSBAC_LIST_VERSION,
06891 &ipc_handles.fc,
06892 list_info_p,
06893 RSBAC_LIST_DEF_DATA,
06894 ipc_compare,
06895 NULL,
06896 &def_aci,
06897 RSBAC_FC_ACI_IPC_NAME,
06898 RSBAC_AUTO_DEV);
06899 if(err)
06900 {
06901 registration_error(err, "IPC FC");
06902 }
06903 }
06904 #endif
06905 #if defined(CONFIG_RSBAC_SIM)
06906 {
06907 rsbac_sim_dt_t def_aci = RSBAC_SIM_DT_ROOT_DEF;
06908
06909 list_info_p->version = RSBAC_SIM_IPC_ACI_VERSION;
06910 list_info_p->key = RSBAC_SIM_IPC_ACI_KEY;
06911 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
06912 list_info_p->data_size = sizeof(rsbac_sim_dt_t);
06913 list_info_p->max_age = 0;
06914 err = rsbac_list_register(RSBAC_LIST_VERSION,
06915 &ipc_handles.sim,
06916 list_info_p,
06917 RSBAC_LIST_DEF_DATA,
06918 ipc_compare,
06919 NULL,
06920 &def_aci,
06921 RSBAC_SIM_ACI_IPC_NAME,
06922 RSBAC_AUTO_DEV);
06923 if(err)
06924 {
06925 registration_error(err, "IPC SIM");
06926 }
06927 }
06928 #endif
06929 #if defined(CONFIG_RSBAC_PM)
06930 {
06931 struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI;
06932
06933 list_info_p->version = RSBAC_PM_IPC_ACI_VERSION;
06934 list_info_p->key = RSBAC_PM_IPC_ACI_KEY;
06935 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
06936 list_info_p->data_size = sizeof(struct rsbac_pm_ipc_aci_t);
06937 list_info_p->max_age = 0;
06938 err = rsbac_list_register(RSBAC_LIST_VERSION,
06939 &ipc_handles.pm,
06940 list_info_p,
06941 RSBAC_LIST_DEF_DATA,
06942 ipc_compare,
06943 NULL,
06944 &def_aci,
06945 RSBAC_PM_ACI_IPC_NAME,
06946 RSBAC_AUTO_DEV);
06947 if(err)
06948 {
06949 registration_error(err, "IPC PM");
06950 }
06951 }
06952 #endif
06953 #if defined(CONFIG_RSBAC_RC)
06954 {
06955 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06956
06957 list_info_p->version = RSBAC_RC_IPC_ACI_VERSION;
06958 list_info_p->key = RSBAC_RC_IPC_ACI_KEY;
06959 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
06960 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06961 list_info_p->max_age = 0;
06962 err = rsbac_list_register(RSBAC_LIST_VERSION,
06963 &ipc_handles.rc,
06964 list_info_p,
06965 RSBAC_LIST_DEF_DATA,
06966 ipc_compare,
06967 NULL,
06968 &def_aci,
06969 RSBAC_RC_ACI_IPC_NAME,
06970 RSBAC_AUTO_DEV);
06971 if(err)
06972 {
06973 registration_error(err, "IPC RC");
06974 }
06975 }
06976 #endif
06977 #if defined(CONFIG_RSBAC_JAIL)
06978 {
06979 rsbac_jail_id_t def_aci = RSBAC_JAIL_DEF_ID;
06980
06981 list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION;
06982 list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY;
06983 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
06984 list_info_p->data_size = sizeof(rsbac_jail_id_t);
06985 list_info_p->max_age = 0;
06986 err = rsbac_list_register(RSBAC_LIST_VERSION,
06987 &ipc_handles.jail,
06988 list_info_p,
06989 RSBAC_LIST_DEF_DATA,
06990 ipc_compare,
06991 NULL,
06992 &def_aci,
06993 RSBAC_JAIL_ACI_IPC_NAME,
06994 RSBAC_AUTO_DEV);
06995 if(err)
06996 {
06997 registration_error(err, "IPC JAIL");
06998 }
06999 }
07000 #endif
07001
07002 return err;
07003 }
07004
07005 #ifdef CONFIG_RSBAC_INIT_DELAY
07006 static int register_user_lists(void)
07007 #else
07008 static int __init register_user_lists(void)
07009 #endif
07010 {
07011 int err = 0;
07012 struct rsbac_list_info_t * list_info_p;
07013
07014 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07015 if(!list_info_p)
07016 {
07017 return -ENOMEM;
07018 }
07019
07020 #ifdef CONFIG_RSBAC_DEBUG
07021 if (rsbac_debug_ds)
07022 {
07023 #ifdef CONFIG_RSBAC_RMSG
07024 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering USER lists\n");
07025 #endif
07026 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07027 if (!rsbac_nosyslog)
07028 #endif
07029 printk(KERN_DEBUG "rsbac_do_init(): registering USER lists\n");
07030 }
07031 #endif
07032
07033 {
07034 struct rsbac_gen_user_aci_t def_aci = DEFAULT_GEN_U_ACI;
07035
07036 list_info_p->version = RSBAC_GEN_USER_ACI_VERSION;
07037 list_info_p->key = RSBAC_GEN_USER_ACI_KEY;
07038 list_info_p->desc_size = sizeof(rsbac_uid_t);
07039 list_info_p->data_size = sizeof(struct rsbac_gen_user_aci_t);
07040 list_info_p->max_age = 0;
07041 err = rsbac_list_register(RSBAC_LIST_VERSION,
07042 &user_handles.gen,
07043 list_info_p,
07044 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07045 RSBAC_LIST_BACKUP |
07046 #endif
07047 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07048 rsbac_list_compare_u32,
07049 NULL,
07050 &def_aci,
07051 RSBAC_GEN_ACI_USER_NAME,
07052 RSBAC_AUTO_DEV);
07053 if(err)
07054 {
07055 registration_error(err, "USER General");
07056 }
07057 }
07058 #if defined(CONFIG_RSBAC_MAC)
07059 {
07060 struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI;
07061
07062 list_info_p->version = RSBAC_MAC_USER_ACI_VERSION;
07063 list_info_p->key = RSBAC_MAC_USER_ACI_KEY;
07064 list_info_p->desc_size = sizeof(rsbac_uid_t);
07065 list_info_p->data_size = sizeof(struct rsbac_mac_user_aci_t);
07066 list_info_p->max_age = 0;
07067 err = rsbac_list_register(RSBAC_LIST_VERSION,
07068 &user_handles.mac,
07069 list_info_p,
07070 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07071 RSBAC_LIST_BACKUP |
07072 #endif
07073 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07074 rsbac_list_compare_u32,
07075 mac_user_get_conv,
07076 &def_aci,
07077 RSBAC_MAC_ACI_USER_NAME,
07078 RSBAC_AUTO_DEV);
07079 if(err)
07080 {
07081 registration_error(err, "USER MAC");
07082 }
07083 else
07084 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.mac))
07085 {
07086 struct rsbac_mac_user_aci_t sysadm_aci = DEFAULT_MAC_U_SYSADM_ACI;
07087 struct rsbac_mac_user_aci_t secoff_aci = DEFAULT_MAC_U_SECOFF_ACI;
07088 struct rsbac_mac_user_aci_t auditor_aci = DEFAULT_MAC_U_AUDITOR_ACI;
07089 rsbac_uid_t user;
07090
07091 #ifdef CONFIG_RSBAC_RMSG
07092 rsbac_printk(KERN_WARNING
07093 "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n");
07094 #endif
07095 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07096 if (!rsbac_nosyslog)
07097 #endif
07098 printk(KERN_WARNING
07099 "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n");
07100 user = RSBAC_SYSADM_UID;
07101 if(rsbac_list_add(user_handles.mac, &user, &sysadm_aci))
07102 printk(KERN_WARNING
07103 "rsbac_do_init(): SYSADM USER MAC entry could not be added!\n");
07104 user = RSBAC_SECOFF_UID;
07105 if(rsbac_list_add(user_handles.mac, &user, &secoff_aci))
07106 printk(KERN_WARNING
07107 "rsbac_do_init(): SECOFF USER MAC entry could not be added!\n");
07108 user = RSBAC_AUDITOR_UID;
07109 if(rsbac_list_add(user_handles.mac, &user, &auditor_aci))
07110 printk(KERN_WARNING
07111 "rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n");
07112 }
07113 }
07114 #endif
07115 #if defined(CONFIG_RSBAC_FC)
07116 {
07117 rsbac_system_role_int_t def_aci = SR_user;
07118
07119 list_info_p->version = RSBAC_FC_USER_ACI_VERSION;
07120 list_info_p->key = RSBAC_FC_USER_ACI_KEY;
07121 list_info_p->desc_size = sizeof(rsbac_uid_t);
07122 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
07123 list_info_p->max_age = 0;
07124 err = rsbac_list_register(RSBAC_LIST_VERSION,
07125 &user_handles.fc,
07126 list_info_p,
07127 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07128 RSBAC_LIST_BACKUP |
07129 #endif
07130 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07131 rsbac_list_compare_u32,
07132 NULL,
07133 &def_aci,
07134 RSBAC_FC_ACI_USER_NAME,
07135 RSBAC_AUTO_DEV);
07136 if(err)
07137 {
07138 registration_error(err, "USER FC");
07139 }
07140 else
07141 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.fc))
07142 {
07143 rsbac_uid_t user;
07144 rsbac_system_role_int_t role;
07145
07146 #ifdef CONFIG_RSBAC_RMSG
07147 rsbac_printk(KERN_WARNING
07148 "rsbac_do_init(): USER FC ACI could not be read - generating standard entries!\n");
07149 #endif
07150 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07151 if (!rsbac_nosyslog)
07152 #endif
07153 printk(KERN_WARNING
07154 "rsbac_do_init(): USER FC ACI could not be read - generating standard entries!\n");
07155 user = RSBAC_SYSADM_UID;
07156 role = SR_administrator;
07157 if(rsbac_list_add(user_handles.fc, &user, &role))
07158 printk(KERN_WARNING
07159 "rsbac_do_init(): SYSADM USER FC entry could not be added!\n");
07160 user = RSBAC_BIN_UID;
07161 role = SR_administrator;
07162 if(rsbac_list_add(user_handles.fc, &user, &role))
07163 printk(KERN_WARNING
07164 "rsbac_do_init(): BIN USER FC entry could not be added!\n");
07165 user = RSBAC_SECOFF_UID;
07166 role = SR_security_officer;
07167 if(rsbac_list_add(user_handles.fc, &user, &role))
07168 printk(KERN_WARNING
07169 "rsbac_do_init(): SECOFF USER FC entry could not be added!\n");
07170 user = RSBAC_AUDITOR_UID;
07171 role = SR_auditor;
07172 if(rsbac_list_add(user_handles.fc, &user, &role))
07173 printk(KERN_WARNING
07174 "rsbac_do_init(): AUDITOR USER FC entry could not be added!\n");
07175 }
07176 }
07177 #endif
07178 #if defined(CONFIG_RSBAC_SIM)
07179 {
07180 rsbac_system_role_int_t def_aci = SR_user;
07181
07182 list_info_p->version = RSBAC_SIM_USER_ACI_VERSION;
07183 list_info_p->key = RSBAC_SIM_USER_ACI_KEY;
07184 list_info_p->desc_size = sizeof(rsbac_uid_t);
07185 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
07186 list_info_p->max_age = 0;
07187 err = rsbac_list_register(RSBAC_LIST_VERSION,
07188 &user_handles.sim,
07189 list_info_p,
07190 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07191 RSBAC_LIST_BACKUP |
07192 #endif
07193 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07194 rsbac_list_compare_u32,
07195 NULL,
07196 &def_aci,
07197 RSBAC_SIM_ACI_USER_NAME,
07198 RSBAC_AUTO_DEV);
07199 if(err)
07200 {
07201 registration_error(err, "USER SIM");
07202 }
07203 else
07204 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.sim))
07205 {
07206 rsbac_uid_t user;
07207 rsbac_system_role_int_t role;
07208
07209 #ifdef CONFIG_RSBAC_RMSG
07210 rsbac_printk(KERN_WARNING
07211 "rsbac_do_init(): USER SIM ACI could not be read - generating standard entries!\n");
07212 #endif
07213 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07214 if (!rsbac_nosyslog)
07215 #endif
07216 printk(KERN_WARNING
07217 "rsbac_do_init(): USER SIM ACI could not be read - generating standard entries!\n");
07218 user = RSBAC_SYSADM_UID;
07219 role = SR_administrator;
07220 if(rsbac_list_add(user_handles.sim, &user, &role))
07221 printk(KERN_WARNING
07222 "rsbac_do_init(): SYSADM USER SIM entry could not be added!\n");
07223 user = RSBAC_SECOFF_UID;
07224 role = SR_security_officer;
07225 if(rsbac_list_add(user_handles.sim, &user, &role))
07226 printk(KERN_WARNING
07227 "rsbac_do_init(): SECOFF USER SIM entry could not be added!\n");
07228 user = RSBAC_AUDITOR_UID;
07229 role = SR_auditor;
07230 if(rsbac_list_add(user_handles.sim, &user, &role))
07231 printk(KERN_WARNING
07232 "rsbac_do_init(): AUDITOR USER SIM entry could not be added!\n");
07233 }
07234 }
07235 #endif
07236 #if defined(CONFIG_RSBAC_PM)
07237 {
07238 struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI;
07239
07240 list_info_p->version = RSBAC_PM_USER_ACI_VERSION;
07241 list_info_p->key = RSBAC_PM_USER_ACI_KEY;
07242 list_info_p->desc_size = sizeof(rsbac_uid_t);
07243 list_info_p->data_size = sizeof(struct rsbac_pm_user_aci_t);
07244 list_info_p->max_age = 0;
07245 err = rsbac_list_register(RSBAC_LIST_VERSION,
07246 &user_handles.pm,
07247 list_info_p,
07248 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07249 RSBAC_LIST_BACKUP |
07250 #endif
07251 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07252 rsbac_list_compare_u32,
07253 NULL,
07254 &def_aci,
07255 RSBAC_PM_ACI_USER_NAME,
07256 RSBAC_AUTO_DEV);
07257 if(err)
07258 {
07259 registration_error(err, "USER PM");
07260 }
07261 else
07262 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pm))
07263 {
07264 struct rsbac_pm_user_aci_t sysadm_aci = DEFAULT_PM_U_SYSADM_ACI;
07265 struct rsbac_pm_user_aci_t secoff_aci = DEFAULT_PM_U_SECOFF_ACI;
07266 struct rsbac_pm_user_aci_t dataprot_aci = DEFAULT_PM_U_DATAPROT_ACI;
07267 struct rsbac_pm_user_aci_t tpman_aci = DEFAULT_PM_U_TPMAN_ACI;
07268 rsbac_uid_t user;
07269
07270 #ifdef CONFIG_RSBAC_RMSG
07271 rsbac_printk(KERN_WARNING
07272 "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n");
07273 #endif
07274 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07275 if (!rsbac_nosyslog)
07276 #endif
07277 printk(KERN_WARNING
07278 "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n");
07279 user = RSBAC_SYSADM_UID;
07280 if(rsbac_list_add(user_handles.pm, &user, &sysadm_aci))
07281 printk(KERN_WARNING
07282 "rsbac_do_init(): SYSADM USER PM entry could not be added!\n");
07283 user = RSBAC_SECOFF_UID;
07284 if(rsbac_list_add(user_handles.pm, &user, &secoff_aci))
07285 printk(KERN_WARNING
07286 "rsbac_do_init(): SECOFF USER PM entry could not be added!\n");
07287 user = RSBAC_DATAPROT_UID;
07288 if(rsbac_list_add(user_handles.pm, &user, &dataprot_aci))
07289 printk(KERN_WARNING
07290 "rsbac_do_init(): DATAPROT USER PM entry could not be added!\n");
07291 user = RSBAC_TPMAN_UID;
07292 if(rsbac_list_add(user_handles.pm, &user, &tpman_aci))
07293 printk(KERN_WARNING
07294 "rsbac_do_init(): TPMAN USER PM entry could not be added!\n");
07295 }
07296 }
07297 #endif
07298 #if defined(CONFIG_RSBAC_DAZ)
07299 {
07300 rsbac_system_role_int_t def_aci = SR_user;
07301
07302 list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION;
07303 list_info_p->key = RSBAC_DAZ_USER_ACI_KEY;
07304 list_info_p->desc_size = sizeof(rsbac_uid_t);
07305 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
07306 list_info_p->max_age = 0;
07307 err = rsbac_list_register(RSBAC_LIST_VERSION,
07308 &user_handles.daz,
07309 list_info_p,
07310 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07311 RSBAC_LIST_BACKUP |
07312 #endif
07313 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07314 rsbac_list_compare_u32,
07315 NULL,
07316 &def_aci,
07317 RSBAC_DAZ_ACI_USER_NAME,
07318 RSBAC_AUTO_DEV);
07319 if(err)
07320 {
07321 registration_error(err, "USER DAZ");
07322 }
07323 else
07324 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.daz))
07325 {
07326 rsbac_uid_t user;
07327 rsbac_system_role_int_t role;
07328
07329 #ifdef CONFIG_RSBAC_RMSG
07330 rsbac_printk(KERN_WARNING
07331 "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n");
07332 #endif
07333 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07334 if (!rsbac_nosyslog)
07335 #endif
07336 printk(KERN_WARNING
07337 "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n");
07338 user = RSBAC_SYSADM_UID;
07339 role = SR_administrator;
07340 if(rsbac_list_add(user_handles.daz, &user, &role))
07341 printk(KERN_WARNING
07342 "rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n");
07343 user = RSBAC_SECOFF_UID;
07344 role = SR_security_officer;
07345 if(rsbac_list_add(user_handles.daz, &user, &role))
07346 printk(KERN_WARNING
07347 "rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n");
07348 }
07349 }
07350 #endif
07351 #if defined(CONFIG_RSBAC_FF)
07352 {
07353 rsbac_system_role_int_t def_aci = SR_user;
07354
07355 list_info_p->version = RSBAC_FF_USER_ACI_VERSION;
07356 list_info_p->key = RSBAC_FF_USER_ACI_KEY;
07357 list_info_p->desc_size = sizeof(rsbac_uid_t);
07358 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
07359 list_info_p->max_age = 0;
07360 err = rsbac_list_register(RSBAC_LIST_VERSION,
07361 &user_handles.ff,
07362 list_info_p,
07363 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07364 RSBAC_LIST_BACKUP |
07365 #endif
07366 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07367 rsbac_list_compare_u32,
07368 NULL,
07369 &def_aci,
07370 RSBAC_FF_ACI_USER_NAME,
07371 RSBAC_AUTO_DEV);
07372 if(err)
07373 {
07374 registration_error(err, "USER FF");
07375 }
07376 else
07377 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.ff))
07378 {
07379 rsbac_uid_t user;
07380 rsbac_system_role_int_t role;
07381
07382 #ifdef CONFIG_RSBAC_RMSG
07383 rsbac_printk(KERN_WARNING
07384 "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n");
07385 #endif
07386 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07387 if (!rsbac_nosyslog)
07388 #endif
07389 printk(KERN_WARNING
07390 "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n");
07391 user = RSBAC_SYSADM_UID;
07392 role = SR_administrator;
07393 if(rsbac_list_add(user_handles.ff, &user, &role))
07394 printk(KERN_WARNING
07395 "rsbac_do_init(): SYSADM USER FF entry could not be added!\n");
07396 user = RSBAC_SECOFF_UID;
07397 role = SR_security_officer;
07398 if(rsbac_list_add(user_handles.ff, &user, &role))
07399 printk(KERN_WARNING
07400 "rsbac_do_init(): SECOFF USER FF entry could not be added!\n");
07401 user = RSBAC_AUDITOR_UID;
07402 role = SR_auditor;
07403 if(rsbac_list_add(user_handles.ff, &user, &role))
07404 printk(KERN_WARNING
07405 "rsbac_do_init(): AUDITOR USER FF entry could not be added!\n");
07406 }
07407 }
07408 #endif
07409 #if defined(CONFIG_RSBAC_RC)
07410 {
07411 struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI;
07412
07413 list_info_p->version = RSBAC_RC_USER_ACI_VERSION;
07414 list_info_p->key = RSBAC_RC_USER_ACI_KEY;
07415 list_info_p->desc_size = sizeof(rsbac_uid_t);
07416 list_info_p->data_size = sizeof(struct rsbac_rc_user_aci_t);
07417 list_info_p->max_age = 0;
07418 err = rsbac_list_register(RSBAC_LIST_VERSION,
07419 &user_handles.rc,
07420 list_info_p,
07421 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07422 RSBAC_LIST_BACKUP |
07423 #endif
07424 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07425 rsbac_list_compare_u32,
07426 rc_user_get_conv,
07427 &def_aci,
07428 RSBAC_RC_ACI_USER_NAME,
07429 RSBAC_AUTO_DEV);
07430 if(err)
07431 {
07432 registration_error(err, "USER RC");
07433 }
07434 else
07435 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.rc))
07436 {
07437 rsbac_uid_t user;
07438 struct rsbac_rc_user_aci_t sysadm_aci = DEFAULT_RC_U_SYSADM_ACI;
07439 struct rsbac_rc_user_aci_t secoff_aci = DEFAULT_RC_U_SECOFF_ACI;
07440 struct rsbac_rc_user_aci_t auditor_aci = DEFAULT_RC_U_AUDITOR_ACI;
07441
07442 #ifdef CONFIG_RSBAC_RMSG
07443 rsbac_printk(KERN_WARNING
07444 "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n");
07445 #endif
07446 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07447 if (!rsbac_nosyslog)
07448 #endif
07449 printk(KERN_WARNING
07450 "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n");
07451 user = RSBAC_SYSADM_UID;
07452 if(rsbac_list_add(user_handles.rc, &user, &sysadm_aci))
07453 printk(KERN_WARNING
07454 "rsbac_do_init(): SYSADM USER RC entry could not be added!\n");
07455 user = RSBAC_SECOFF_UID;
07456 if(rsbac_list_add(user_handles.rc, &user, &secoff_aci))
07457 printk(KERN_WARNING
07458 "rsbac_do_init(): SECOFF USER RC entry could not be added!\n");
07459 user = RSBAC_AUDITOR_UID;
07460 if(rsbac_list_add(user_handles.rc, &user, &auditor_aci))
07461 printk(KERN_WARNING
07462 "rsbac_do_init(): AUDITOR USER RC entry could not be added!\n");
07463 }
07464 }
07465 #endif
07466 #if defined(CONFIG_RSBAC_AUTH)
07467 {
07468 rsbac_system_role_int_t def_aci = SR_user;
07469
07470 list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION;
07471 list_info_p->key = RSBAC_AUTH_USER_ACI_KEY;
07472 list_info_p->desc_size = sizeof(rsbac_uid_t);
07473 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
07474 list_info_p->max_age = 0;
07475 err = rsbac_list_register(RSBAC_LIST_VERSION,
07476 &user_handles.auth,
07477 list_info_p,
07478 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07479 RSBAC_LIST_BACKUP |
07480 #endif
07481 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07482 rsbac_list_compare_u32,
07483 NULL,
07484 &def_aci,
07485 RSBAC_AUTH_ACI_USER_NAME,
07486 RSBAC_AUTO_DEV);
07487 if(err)
07488 {
07489 registration_error(err, "USER AUTH");
07490 }
07491 else
07492 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.auth))
07493 {
07494 rsbac_uid_t user;
07495 rsbac_system_role_int_t role;
07496
07497 #ifdef CONFIG_RSBAC_RMSG
07498 rsbac_printk(KERN_WARNING
07499 "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n");
07500 #endif
07501 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07502 if (!rsbac_nosyslog)
07503 #endif
07504 printk(KERN_WARNING
07505 "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n");
07506 user = RSBAC_SYSADM_UID;
07507 role = SR_administrator;
07508 if(rsbac_list_add(user_handles.auth, &user, &role))
07509 printk(KERN_WARNING
07510 "rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n");
07511 user = RSBAC_SECOFF_UID;
07512 role = SR_security_officer;
07513 if(rsbac_list_add(user_handles.auth, &user, &role))
07514 printk(KERN_WARNING
07515 "rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n");
07516 user = RSBAC_AUDITOR_UID;
07517 role = SR_auditor;
07518 if(rsbac_list_add(user_handles.auth, &user, &role))
07519 printk(KERN_WARNING
07520 "rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n");
07521 }
07522 }
07523 #endif
07524 #if defined(CONFIG_RSBAC_CAP)
07525 {
07526 struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI;
07527
07528 list_info_p->version = RSBAC_CAP_USER_ACI_VERSION;
07529 list_info_p->key = RSBAC_CAP_USER_ACI_KEY;
07530 list_info_p->desc_size = sizeof(rsbac_uid_t);
07531 list_info_p->data_size = sizeof(struct rsbac_cap_user_aci_t);
07532 list_info_p->max_age = 0;
07533 err = rsbac_list_register(RSBAC_LIST_VERSION,
07534 &user_handles.cap,
07535 list_info_p,
07536 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07537 RSBAC_LIST_BACKUP |
07538 #endif
07539 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07540 rsbac_list_compare_u32,
07541 NULL,
07542 &def_aci,
07543 RSBAC_CAP_ACI_USER_NAME,
07544 RSBAC_AUTO_DEV);
07545 if(err)
07546 {
07547 registration_error(err, "USER CAP");
07548 }
07549 else
07550 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.cap))
07551 {
07552 struct rsbac_cap_user_aci_t sysadm_aci = DEFAULT_CAP_U_SYSADM_ACI;
07553 struct rsbac_cap_user_aci_t secoff_aci = DEFAULT_CAP_U_SECOFF_ACI;
07554 struct rsbac_cap_user_aci_t auditor_aci = DEFAULT_CAP_U_AUDITOR_ACI;
07555 rsbac_uid_t user;
07556
07557 #ifdef CONFIG_RSBAC_RMSG
07558 rsbac_printk(KERN_WARNING
07559 "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
07560 #endif
07561 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07562 if (!rsbac_nosyslog)
07563 #endif
07564 printk(KERN_WARNING
07565 "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
07566 user = RSBAC_SYSADM_UID;
07567 if(rsbac_list_add(user_handles.cap, &user, &sysadm_aci))
07568 printk(KERN_WARNING
07569 "rsbac_do_init(): SYSADM USER CAP entry could not be added!\n");
07570 user = RSBAC_SECOFF_UID;
07571 if(rsbac_list_add(user_handles.cap, &user, &secoff_aci))
07572 printk(KERN_WARNING
07573 "rsbac_do_init(): SECOFF USER CAP entry could not be added!\n");
07574 user = RSBAC_AUDITOR_UID;
07575 if(rsbac_list_add(user_handles.cap, &user, &auditor_aci))
07576 printk(KERN_WARNING
07577 "rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n");
07578 }
07579 }
07580 #endif
07581 #if defined(CONFIG_RSBAC_JAIL)
07582 {
07583 rsbac_system_role_int_t def_aci = SR_user;
07584
07585 list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION;
07586 list_info_p->key = RSBAC_JAIL_USER_ACI_KEY;
07587 list_info_p->desc_size = sizeof(rsbac_uid_t);
07588 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
07589 list_info_p->max_age = 0;
07590 err = rsbac_list_register(RSBAC_LIST_VERSION,
07591 &user_handles.jail,
07592 list_info_p,
07593 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07594 RSBAC_LIST_BACKUP |
07595 #endif
07596 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07597 rsbac_list_compare_u32,
07598 NULL,
07599 &def_aci,
07600 RSBAC_JAIL_ACI_USER_NAME,
07601 RSBAC_AUTO_DEV);
07602 if(err)
07603 {
07604 registration_error(err, "USER JAIL");
07605 }
07606 else
07607 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.jail))
07608 {
07609 rsbac_uid_t user;
07610 rsbac_system_role_int_t role;
07611
07612 #ifdef CONFIG_RSBAC_RMSG
07613 rsbac_printk(KERN_WARNING
07614 "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n");
07615 #endif
07616 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07617 if (!rsbac_nosyslog)
07618 #endif
07619 printk(KERN_WARNING
07620 "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n");
07621 user = RSBAC_SYSADM_UID;
07622 role = SR_administrator;
07623 if(rsbac_list_add(user_handles.jail, &user, &role))
07624 printk(KERN_WARNING
07625 "rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n");
07626 user = RSBAC_SECOFF_UID;
07627 role = SR_security_officer;
07628 if(rsbac_list_add(user_handles.jail, &user, &role))
07629 printk(KERN_WARNING
07630 "rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n");
07631 }
07632 }
07633 #endif
07634 #if defined(CONFIG_RSBAC_RES)
07635 {
07636 list_info_p->version = RSBAC_RES_USER_ACI_VERSION;
07637 list_info_p->key = RSBAC_RES_USER_ACI_KEY;
07638 list_info_p->desc_size = sizeof(rsbac_uid_t);
07639 list_info_p->data_size = sizeof(struct rsbac_res_user_aci_t);
07640 list_info_p->max_age = 0;
07641 err = rsbac_list_register(RSBAC_LIST_VERSION,
07642 &user_handles.res,
07643 list_info_p,
07644 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07645 RSBAC_LIST_BACKUP |
07646 #endif
07647 RSBAC_LIST_PERSIST,
07648 rsbac_list_compare_u32,
07649 NULL,
07650 NULL,
07651 RSBAC_RES_ACI_USER_NAME,
07652 RSBAC_AUTO_DEV);
07653 if(err)
07654 {
07655 registration_error(err, "USER RES");
07656 }
07657 else
07658 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.res))
07659 {
07660 struct rsbac_res_user_aci_t sysadm_aci = DEFAULT_RES_U_SYSADM_ACI;
07661 struct rsbac_res_user_aci_t secoff_aci = DEFAULT_RES_U_SECOFF_ACI;
07662 rsbac_uid_t user;
07663
07664 #ifdef CONFIG_RSBAC_RMSG
07665 rsbac_printk(KERN_WARNING
07666 "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
07667 #endif
07668 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07669 if (!rsbac_nosyslog)
07670 #endif
07671 printk(KERN_WARNING
07672 "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
07673 user = RSBAC_SYSADM_UID;
07674 if(rsbac_list_add(user_handles.res, &user, &sysadm_aci))
07675 printk(KERN_WARNING
07676 "rsbac_do_init(): SYSADM USER RES entry could not be added!\n");
07677 user = RSBAC_SECOFF_UID;
07678 if(rsbac_list_add(user_handles.res, &user, &secoff_aci))
07679 printk(KERN_WARNING
07680 "rsbac_do_init(): SECOFF USER RES entry could not be added!\n");
07681 }
07682 }
07683 #endif
07684 #if defined(CONFIG_RSBAC_PAX)
07685 {
07686 rsbac_system_role_int_t def_aci = SR_user;
07687
07688 list_info_p->version = RSBAC_PAX_USER_ACI_VERSION;
07689 list_info_p->key = RSBAC_PAX_USER_ACI_KEY;
07690 list_info_p->desc_size = sizeof(rsbac_uid_t);
07691 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
07692 list_info_p->max_age = 0;
07693 err = rsbac_list_register(RSBAC_LIST_VERSION,
07694 &user_handles.pax,
07695 list_info_p,
07696 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
07697 RSBAC_LIST_BACKUP |
07698 #endif
07699 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
07700 rsbac_list_compare_u32,
07701 NULL,
07702 &def_aci,
07703 RSBAC_PAX_ACI_USER_NAME,
07704 RSBAC_AUTO_DEV);
07705 if(err)
07706 {
07707 registration_error(err, "USER PAX");
07708 }
07709 else
07710 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pax))
07711 {
07712 rsbac_uid_t user;
07713 rsbac_system_role_int_t role;
07714
07715 #ifdef CONFIG_RSBAC_RMSG
07716 rsbac_printk(KERN_WARNING
07717 "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n");
07718 #endif
07719 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07720 if (!rsbac_nosyslog)
07721 #endif
07722 printk(KERN_WARNING
07723 "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n");
07724 user = RSBAC_SYSADM_UID;
07725 role = SR_administrator;
07726 if(rsbac_list_add(user_handles.pax, &user, &role))
07727 printk(KERN_WARNING
07728 "rsbac_do_init(): SYSADM USER PAX entry could not be added!\n");
07729 user = RSBAC_SECOFF_UID;
07730 role = SR_security_officer;
07731 if(rsbac_list_add(user_handles.pax, &user, &role))
07732 printk(KERN_WARNING
07733 "rsbac_do_init(): SECOFF USER PAX entry could not be added!\n");
07734 }
07735 }
07736 #endif
07737
07738 return err;
07739 }
07740
07741 #ifdef CONFIG_RSBAC_INIT_DELAY
07742 static int register_process_lists(void)
07743 #else
07744 static int __init register_process_lists(void)
07745 #endif
07746 {
07747 int err = 0;
07748 struct rsbac_list_info_t * list_info_p;
07749
07750 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07751 if(!list_info_p)
07752 {
07753 return -ENOMEM;
07754 }
07755
07756 #ifdef CONFIG_RSBAC_DEBUG
07757 if (rsbac_debug_ds)
07758 {
07759 #ifdef CONFIG_RSBAC_RMSG
07760 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering PROCESS lists\n");
07761 #endif
07762 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07763 if (!rsbac_nosyslog)
07764 #endif
07765 printk(KERN_DEBUG "rsbac_do_init(): registering PROCESS lists\n");
07766 }
07767 #endif
07768 {
07769 struct rsbac_gen_process_aci_t def_aci = DEFAULT_GEN_P_ACI;
07770
07771 list_info_p->version = RSBAC_GEN_PROCESS_ACI_VERSION;
07772 list_info_p->key = RSBAC_GEN_PROCESS_ACI_KEY;
07773 list_info_p->desc_size = sizeof(rsbac_pid_t);
07774 list_info_p->data_size = sizeof(struct rsbac_gen_process_aci_t);
07775 list_info_p->max_age = 0;
07776 err = rsbac_list_register(RSBAC_LIST_VERSION,
07777 &process_handles.gen,
07778 list_info_p,
07779 RSBAC_LIST_DEF_DATA,
07780 rsbac_list_compare_u32,
07781 NULL,
07782 &def_aci,
07783 RSBAC_GEN_ACI_PROCESS_NAME,
07784 RSBAC_AUTO_DEV);
07785 if(err)
07786 {
07787 registration_error(err, "PROCESS General");
07788 }
07789 }
07790 #if defined(CONFIG_RSBAC_MAC)
07791 {
07792 struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI;
07793 char name[RSBAC_MAXNAMELEN];
07794 int i;
07795
07796 list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION;
07797 list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY;
07798 list_info_p->desc_size = sizeof(rsbac_pid_t);
07799 list_info_p->data_size = sizeof(struct rsbac_mac_process_aci_t);
07800 list_info_p->max_age = 0;
07801 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
07802 {
07803 sprintf(name, "%s%u", RSBAC_MAC_ACI_PROCESS_NAME, i);
07804
07805 err = rsbac_list_register(RSBAC_LIST_VERSION,
07806 &process_handles.mac[i],
07807 list_info_p,
07808 RSBAC_LIST_DEF_DATA,
07809 rsbac_list_compare_u32,
07810 NULL,
07811 &def_aci,
07812 name,
07813 RSBAC_AUTO_DEV);
07814 if(err)
07815 {
07816 registration_error(err, "PROCESS MAC");
07817 }
07818 }
07819 }
07820 #endif
07821 #if defined(CONFIG_RSBAC_PM)
07822 {
07823 struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI;
07824
07825 list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION;
07826 list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY;
07827 list_info_p->desc_size = sizeof(rsbac_pid_t);
07828 list_info_p->data_size = sizeof(struct rsbac_pm_process_aci_t);
07829 list_info_p->max_age = 0;
07830 err = rsbac_list_register(RSBAC_LIST_VERSION,
07831 &process_handles.pm,
07832 list_info_p,
07833 RSBAC_LIST_DEF_DATA,
07834 rsbac_list_compare_u32,
07835 NULL,
07836 &def_aci,
07837 RSBAC_PM_ACI_PROCESS_NAME,
07838 RSBAC_AUTO_DEV);
07839 if(err)
07840 {
07841 registration_error(err, "PROCESS PM");
07842 }
07843 }
07844 #endif
07845 #if defined(CONFIG_RSBAC_DAZ)
07846 {
07847 struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI;
07848
07849 list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION;
07850 list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY;
07851 list_info_p->desc_size = sizeof(rsbac_pid_t);
07852 list_info_p->data_size = sizeof(struct rsbac_daz_process_aci_t);
07853 list_info_p->max_age = 0;
07854 err = rsbac_list_register(RSBAC_LIST_VERSION,
07855 &process_handles.daz,
07856 list_info_p,
07857 RSBAC_LIST_DEF_DATA,
07858 rsbac_list_compare_u32,
07859 NULL,
07860 &def_aci,
07861 RSBAC_DAZ_ACI_PROCESS_NAME,
07862 RSBAC_AUTO_DEV);
07863 if(err)
07864 {
07865 registration_error(err, "PROCESS DAZ");
07866 }
07867 }
07868 #endif
07869 #if defined(CONFIG_RSBAC_RC)
07870 {
07871 struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI;
07872 char name[RSBAC_MAXNAMELEN];
07873 int i;
07874
07875 list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION;
07876 list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY;
07877 list_info_p->desc_size = sizeof(rsbac_pid_t);
07878 list_info_p->data_size = sizeof(struct rsbac_rc_process_aci_t);
07879 list_info_p->max_age = 0;
07880 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
07881 {
07882 sprintf(name, "%s%u", RSBAC_RC_ACI_PROCESS_NAME, i);
07883 err = rsbac_list_register(RSBAC_LIST_VERSION,
07884 &process_handles.rc[i],
07885 list_info_p,
07886 RSBAC_LIST_DEF_DATA,
07887 rsbac_list_compare_u32,
07888 NULL,
07889 &def_aci,
07890 name,
07891 RSBAC_AUTO_DEV);
07892 if(err)
07893 {
07894 registration_error(err, "PROCESS RC");
07895 }
07896 }
07897 }
07898 #endif
07899 #if defined(CONFIG_RSBAC_AUTH)
07900 {
07901 struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI;
07902
07903 list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION;
07904 list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY;
07905 list_info_p->desc_size = sizeof(rsbac_pid_t);
07906 list_info_p->data_size = sizeof(struct rsbac_auth_process_aci_t);
07907 list_info_p->max_age = 0;
07908 err = rsbac_list_register(RSBAC_LIST_VERSION,
07909 &process_handles.auth,
07910 list_info_p,
07911 RSBAC_LIST_DEF_DATA,
07912 rsbac_list_compare_u32,
07913 NULL,
07914 &def_aci,
07915 RSBAC_AUTH_ACI_PROCESS_NAME,
07916 RSBAC_AUTO_DEV);
07917 if(err)
07918 {
07919 registration_error(err, "PROCESS AUTH");
07920 }
07921 }
07922 #endif
07923 #if defined(CONFIG_RSBAC_CAP)
07924 {
07925 struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI;
07926
07927 #if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
07928 if(rsbac_cap_process_hiding)
07929 def_aci.cap_process_hiding = PH_from_other_users;
07930 #endif
07931 list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION;
07932 list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY;
07933 list_info_p->desc_size = sizeof(rsbac_pid_t);
07934 list_info_p->data_size = sizeof(struct rsbac_cap_process_aci_t);
07935 list_info_p->max_age = 0;
07936 err = rsbac_list_register(RSBAC_LIST_VERSION,
07937 &process_handles.cap,
07938 list_info_p,
07939 RSBAC_LIST_DEF_DATA,
07940 rsbac_list_compare_u32,
07941 NULL,
07942 &def_aci,
07943 RSBAC_CAP_ACI_PROCESS_NAME,
07944 RSBAC_AUTO_DEV);
07945 if(err)
07946 {
07947 registration_error(err, "PROCESS CAP");
07948 }
07949 }
07950 #endif
07951 #if defined(CONFIG_RSBAC_JAIL)
07952 {
07953 struct rsbac_jail_process_aci_t def_aci = DEFAULT_JAIL_P_ACI;
07954 char name[RSBAC_MAXNAMELEN];
07955 int i;
07956
07957 list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION;
07958 list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY;
07959 list_info_p->desc_size = sizeof(rsbac_pid_t);
07960 list_info_p->data_size = sizeof(struct rsbac_jail_process_aci_t);
07961 list_info_p->max_age = 0;
07962 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
07963 {
07964 sprintf(name, "%s%u", RSBAC_JAIL_ACI_PROCESS_NAME, i);
07965 err = rsbac_list_register(RSBAC_LIST_VERSION,
07966 &process_handles.jail[i],
07967 list_info_p,
07968 RSBAC_LIST_DEF_DATA,
07969 rsbac_list_compare_u32,
07970 NULL,
07971 &def_aci,
07972 name,
07973 RSBAC_AUTO_DEV);
07974 if(err)
07975 {
07976 registration_error(err, "PROCESS JAIL");
07977 }
07978 }
07979 }
07980 #endif
07981
07982 return err;
07983 }
07984
07985 #ifdef CONFIG_RSBAC_UM
07986 #ifdef CONFIG_RSBAC_INIT_DELAY
07987 static int register_group_lists(void)
07988 #else
07989 static int __init register_group_lists(void)
07990 #endif
07991 {
07992 int err = 0;
07993 struct rsbac_list_info_t * list_info_p;
07994
07995 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07996 if(!list_info_p)
07997 {
07998 return -ENOMEM;
07999 }
08000
08001 #ifdef CONFIG_RSBAC_DEBUG
08002 if (rsbac_debug_ds)
08003 {
08004 #ifdef CONFIG_RSBAC_RMSG
08005 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering GROUP lists\n");
08006 #endif
08007 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08008 if (!rsbac_nosyslog)
08009 #endif
08010 printk(KERN_DEBUG "rsbac_do_init(): registering GROUP lists\n");
08011 }
08012 #endif
08013 #if defined(CONFIG_RSBAC_RC_UM_PROT)
08014 {
08015 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
08016
08017 list_info_p->version = RSBAC_RC_GROUP_ACI_VERSION;
08018 list_info_p->key = RSBAC_RC_GROUP_ACI_KEY;
08019 list_info_p->desc_size = sizeof(rsbac_gid_t);
08020 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
08021 list_info_p->max_age = 0;
08022 err = rsbac_list_register(RSBAC_LIST_VERSION,
08023 &group_handles.rc,
08024 list_info_p,
08025 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
08026 RSBAC_LIST_BACKUP |
08027 #endif
08028 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
08029 NULL,
08030 NULL,
08031 &def_aci,
08032 RSBAC_RC_ACI_GROUP_NAME,
08033 RSBAC_AUTO_DEV);
08034 if(err)
08035 {
08036 registration_error(err, "GROUP RC");
08037 }
08038 }
08039 #endif
08040
08041 return err;
08042 }
08043 #endif
08044
08045 #ifdef CONFIG_RSBAC_NET_DEV
08046 #ifdef CONFIG_RSBAC_INIT_DELAY
08047 static int register_netdev_lists(void)
08048 #else
08049 static int __init register_netdev_lists(void)
08050 #endif
08051 {
08052 int err = 0;
08053 struct rsbac_list_info_t * list_info_p;
08054
08055 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
08056 if(!list_info_p)
08057 {
08058 return -ENOMEM;
08059 }
08060
08061 #ifdef CONFIG_RSBAC_DEBUG
08062 if (rsbac_debug_ds)
08063 {
08064 #ifdef CONFIG_RSBAC_RMSG
08065 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering NETDEV lists\n");
08066 #endif
08067 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08068 if (!rsbac_nosyslog)
08069 #endif
08070 printk(KERN_DEBUG "rsbac_do_init(): registering NETDEV lists\n");
08071 }
08072 #endif
08073 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
08074 {
08075 struct rsbac_gen_netdev_aci_t def_aci = DEFAULT_GEN_NETDEV_ACI;
08076
08077 list_info_p->version = RSBAC_GEN_NETDEV_ACI_VERSION;
08078 list_info_p->key = RSBAC_GEN_NETDEV_ACI_KEY;
08079 list_info_p->desc_size = sizeof(rsbac_netdev_id_t);
08080 list_info_p->data_size = sizeof(struct rsbac_gen_netdev_aci_t);
08081 list_info_p->max_age = 0;
08082 err = rsbac_list_register(RSBAC_LIST_VERSION,
08083 &netdev_handles.gen,
08084 list_info_p,
08085 RSBAC_LIST_BACKUP |
08086 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
08087 netdev_compare,
08088 NULL,
08089 &def_aci,
08090 RSBAC_GEN_ACI_NETDEV_NAME,
08091 RSBAC_AUTO_DEV);
08092 if(err)
08093 {
08094 registration_error(err, "NETDEV General");
08095 }
08096 }
08097 #endif
08098 #if defined(CONFIG_RSBAC_RC)
08099 {
08100 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
08101
08102 list_info_p->version = RSBAC_RC_NETDEV_ACI_VERSION;
08103 list_info_p->key = RSBAC_RC_NETDEV_ACI_KEY;
08104 list_info_p->desc_size = sizeof(rsbac_netdev_id_t);
08105 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
08106 list_info_p->max_age = 0;
08107 err = rsbac_list_register(RSBAC_LIST_VERSION,
08108 &netdev_handles.rc,
08109 list_info_p,
08110 RSBAC_LIST_BACKUP |
08111 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
08112 netdev_compare,
08113 NULL,
08114 &def_aci,
08115 RSBAC_RC_ACI_NETDEV_NAME,
08116 RSBAC_AUTO_DEV);
08117 if(err)
08118 {
08119 registration_error(err, "NETDEV RC");
08120 }
08121 }
08122 #endif
08123
08124 return err;
08125 }
08126 #endif
08127
08128 #ifdef CONFIG_RSBAC_NET_OBJ
08129 #ifdef CONFIG_RSBAC_INIT_DELAY
08130 static int register_nettemp_list(void)
08131 #else
08132 static int __init register_nettemp_list(void)
08133 #endif
08134 {
08135 int err = 0;
08136 struct rsbac_list_info_t * list_info_p;
08137
08138 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
08139 if(!list_info_p)
08140 {
08141 return -ENOMEM;
08142 }
08143
08144 #ifdef CONFIG_RSBAC_DEBUG
08145 if (rsbac_debug_ds)
08146 {
08147 #ifdef CONFIG_RSBAC_RMSG
08148 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering network template list\n");
08149 #endif
08150 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08151 if (!rsbac_nosyslog)
08152 #endif
08153 printk(KERN_DEBUG "rsbac_do_init(): registering network template list\n");
08154 }
08155 #endif
08156 list_info_p->version = RSBAC_NET_TEMP_VERSION;
08157 list_info_p->key = RSBAC_NET_TEMP_KEY;
08158 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
08159 list_info_p->data_size = sizeof(struct rsbac_net_temp_data_t);
08160 list_info_p->max_age = 0;
08161 err = rsbac_list_register(RSBAC_LIST_VERSION,
08162 &net_temp_handle,
08163 list_info_p,
08164 RSBAC_LIST_BACKUP |
08165 RSBAC_LIST_PERSIST,
08166 rsbac_list_compare_u32,
08167 NULL,
08168 NULL,
08169 RSBAC_NET_TEMP_NAME,
08170 RSBAC_AUTO_DEV);
08171 if(err)
08172 {
08173 registration_error(err, "Network Template");
08174 }
08175 else
08176 if(!rsbac_no_defaults && !rsbac_list_count(net_temp_handle))
08177 {
08178 rsbac_net_temp_id_t id;
08179 struct rsbac_net_temp_data_t unix_data = RSBAC_NET_TEMP_UNIX_DATA;
08180 struct rsbac_net_temp_data_t lnet_data = RSBAC_NET_TEMP_LNET_DATA;
08181 struct rsbac_net_temp_data_t lan_data = RSBAC_NET_TEMP_LAN_DATA;
08182 struct rsbac_net_temp_data_t auto_data = RSBAC_NET_TEMP_AUTO_DATA;
08183 struct rsbac_net_temp_data_t inet_data = RSBAC_NET_TEMP_INET_DATA;
08184 struct rsbac_net_temp_data_t all_data = RSBAC_NET_TEMP_ALL_DATA;
08185
08186 #ifdef CONFIG_RSBAC_RMSG
08187 rsbac_printk(KERN_WARNING
08188 "rsbac_do_init(): Network Templates could not be read - generating standard entries!\n");
08189 #endif
08190 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08191 if (!rsbac_nosyslog)
08192 #endif
08193 printk(KERN_WARNING
08194 "rsbac_do_init(): Network Templates could not be read - generating standard entries!\n");
08195 id = RSBAC_NET_TEMP_UNIX_ID;
08196 rsbac_list_add(net_temp_handle, &id, &unix_data);
08197 id = RSBAC_NET_TEMP_LNET_ID;
08198 rsbac_net_str_to_inet(RSBAC_NET_TEMP_LNET_ADDRESS, (__u32 *) lnet_data.address);
08199 rsbac_list_add(net_temp_handle, &id, &lnet_data);
08200 id = RSBAC_NET_TEMP_LAN_ID;
08201 rsbac_net_str_to_inet(RSBAC_NET_TEMP_LAN_ADDRESS, (__u32 *) lan_data.address);
08202 rsbac_list_add(net_temp_handle, &id, &lan_data);
08203 id = RSBAC_NET_TEMP_AUTO_ID;
08204 rsbac_net_str_to_inet(RSBAC_NET_TEMP_AUTO_ADDRESS, (__u32 *) auto_data.address);
08205 rsbac_list_add(net_temp_handle, &id, &auto_data);
08206 id = RSBAC_NET_TEMP_INET_ID;
08207 rsbac_list_add(net_temp_handle, &id, &inet_data);
08208 id = RSBAC_NET_TEMP_ALL_ID;
08209 rsbac_list_add(net_temp_handle, &id, &all_data);
08210 }
08211 return err;
08212 }
08213
08214 #ifdef CONFIG_RSBAC_INIT_DELAY
08215 static int register_nettemp_aci_lists(void)
08216 #else
08217 static int __init register_nettemp_aci_lists(void)
08218 #endif
08219 {
08220 int err = 0;
08221 struct rsbac_list_info_t * list_info_p;
08222
08223 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
08224 if(!list_info_p)
08225 {
08226 return -ENOMEM;
08227 }
08228
08229 #ifdef CONFIG_RSBAC_DEBUG
08230 if (rsbac_debug_ds)
08231 {
08232 #ifdef CONFIG_RSBAC_RMSG
08233 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering NETTEMP lists\n");
08234 #endif
08235 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08236 if (!rsbac_nosyslog)
08237 #endif
08238 printk(KERN_DEBUG "rsbac_do_init(): registering NETTEMP lists\n");
08239 }
08240 #endif
08241
08242 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
08243 {
08244 list_info_p->version = RSBAC_GEN_NETOBJ_ACI_VERSION;
08245 list_info_p->key = RSBAC_GEN_NETOBJ_ACI_KEY;
08246 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
08247 list_info_p->data_size = sizeof(struct rsbac_gen_netobj_aci_t);
08248 list_info_p->max_age = 0;
08249 err = rsbac_list_register(RSBAC_LIST_VERSION,
08250 &nettemp_handles.gen,
08251 list_info_p,
08252 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
08253 rsbac_list_compare_u32,
08254 NULL,
08255 &def_gen_netobj_aci,
08256 RSBAC_GEN_ACI_NETTEMP_NAME,
08257 RSBAC_AUTO_DEV);
08258 if(err)
08259 {
08260 registration_error(err, "NETTEMP GEN");
08261 }
08262 }
08263 #endif
08264 #if defined(CONFIG_RSBAC_MAC)
08265 {
08266 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
08267
08268 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
08269 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
08270 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
08271 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t);
08272 list_info_p->max_age = 0;
08273 err = rsbac_list_register(RSBAC_LIST_VERSION,
08274 &nettemp_handles.mac,
08275 list_info_p,
08276 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
08277 rsbac_list_compare_u32,
08278 NULL,
08279 &def_aci,
08280 RSBAC_MAC_ACI_NETTEMP_NAME,
08281 RSBAC_AUTO_DEV);
08282 if(err)
08283 {
08284 registration_error(err, "NETTEMP MAC");
08285 }
08286 }
08287 #endif
08288 #if defined(CONFIG_RSBAC_FC)
08289 {
08290 rsbac_fc_oc_t def_aci = RSBAC_FC_OC_ROOT_DEF;
08291
08292 list_info_p->version = RSBAC_FC_NETOBJ_ACI_VERSION;
08293 list_info_p->key = RSBAC_FC_NETOBJ_ACI_KEY;
08294 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
08295 list_info_p->data_size = sizeof(rsbac_fc_oc_t);
08296 list_info_p->max_age = 0;
08297 err = rsbac_list_register(RSBAC_LIST_VERSION,
08298 &nettemp_handles.fc,
08299 list_info_p,
08300 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
08301 rsbac_list_compare_u32,
08302 NULL,
08303 &def_aci,
08304 RSBAC_FC_ACI_NETTEMP_NAME,
08305 RSBAC_AUTO_DEV);
08306 if(err)
08307 {
08308 registration_error(err, "NETTEMP FC");
08309 }
08310 }
08311 #endif
08312 #if defined(CONFIG_RSBAC_SIM)
08313 {
08314 rsbac_sim_dt_t def_aci = RSBAC_SIM_DT_ROOT_DEF;
08315
08316 list_info_p->version = RSBAC_SIM_NETOBJ_ACI_VERSION;
08317 list_info_p->key = RSBAC_SIM_NETOBJ_ACI_KEY;
08318 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
08319 list_info_p->data_size = sizeof(rsbac_sim_dt_t);
08320 list_info_p->max_age = 0;
08321 err = rsbac_list_register(RSBAC_LIST_VERSION,
08322 &nettemp_handles.sim,
08323 list_info_p,
08324 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
08325 rsbac_list_compare_u32,
08326 NULL,
08327 &def_aci,
08328 RSBAC_SIM_ACI_NETTEMP_NAME,
08329 RSBAC_AUTO_DEV);
08330 if(err)
08331 {
08332 registration_error(err, "NETTEMP SIM");
08333 }
08334 }
08335 #endif
08336 #if defined(CONFIG_RSBAC_PM)
08337 {
08338 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
08339
08340 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
08341 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
08342 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
08343 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t);
08344 list_info_p->max_age = 0;
08345 err = rsbac_list_register(RSBAC_LIST_VERSION,
08346 &nettemp_handles.pm,
08347 list_info_p,
08348 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
08349 rsbac_list_compare_u32,
08350 NULL,
08351 &def_aci,
08352 RSBAC_PM_ACI_NETTEMP_NAME,
08353 RSBAC_AUTO_DEV);
08354 if(err)
08355 {
08356 registration_error(err, "NETTEMP PM");
08357 }
08358 }
08359 #endif
08360 #if defined(CONFIG_RSBAC_RC)
08361 {
08362 struct rsbac_rc_nettemp_aci_t def_aci = DEFAULT_RC_NETTEMP_ACI;
08363
08364 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
08365 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
08366 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
08367 list_info_p->data_size = sizeof(struct rsbac_rc_nettemp_aci_t);
08368 list_info_p->max_age = 0;
08369 err = rsbac_list_register(RSBAC_LIST_VERSION,
08370 &nettemp_handles.rc,
08371 list_info_p,
08372 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
08373 rsbac_list_compare_u32,
08374 NULL,
08375 &def_aci,
08376 RSBAC_RC_ACI_NETTEMP_NAME,
08377 RSBAC_AUTO_DEV);
08378 if(err)
08379 {
08380 registration_error(err, "NETTEMP RC");
08381 }
08382 }
08383 #endif
08384
08385 return err;
08386 }
08387
08388 #ifdef CONFIG_RSBAC_INIT_DELAY
08389 static int register_netobj_lists(void)
08390 #else
08391 static int __init register_netobj_lists(void)
08392 #endif
08393 {
08394 int err = 0;
08395 struct rsbac_list_info_t * list_info_p;
08396
08397 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
08398 if(!list_info_p)
08399 {
08400 return -ENOMEM;
08401 }
08402
08403 #ifdef CONFIG_RSBAC_DEBUG
08404 if (rsbac_debug_ds)
08405 {
08406 #ifdef CONFIG_RSBAC_RMSG
08407 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering local NETOBJ lists\n");
08408 #endif
08409 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08410 if (!rsbac_nosyslog)
08411 #endif
08412 printk(KERN_DEBUG "rsbac_do_init(): registering local NETOBJ lists\n");
08413 }
08414 #endif
08415 #if defined(CONFIG_RSBAC_MAC)
08416 {
08417 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
08418
08419 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
08420 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
08421 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
08422 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t);
08423 list_info_p->max_age = 0;
08424 err = rsbac_list_register(RSBAC_LIST_VERSION,
08425 &lnetobj_handles.mac,
08426 list_info_p,
08427 0,
08428 rsbac_list_compare_u32,
08429 NULL,
08430 &def_aci,
08431 RSBAC_MAC_ACI_LNETOBJ_NAME,
08432 RSBAC_AUTO_DEV);
08433 if(err)
08434 {
08435 registration_error(err, "LNETOBJ MAC");
08436 }
08437 }
08438 #endif
08439 #if defined(CONFIG_RSBAC_FC)
08440 {
08441 rsbac_fc_oc_t def_aci = RSBAC_FC_OC_ROOT_DEF;
08442
08443 list_info_p->version = RSBAC_FC_NETOBJ_ACI_VERSION;
08444 list_info_p->key = RSBAC_FC_NETOBJ_ACI_KEY;
08445 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
08446 list_info_p->data_size = sizeof(rsbac_fc_oc_t);
08447 list_info_p->max_age = 0;
08448 err = rsbac_list_register(RSBAC_LIST_VERSION,
08449 &lnetobj_handles.fc,
08450 list_info_p,
08451 0,
08452 rsbac_list_compare_u32,
08453 NULL,
08454 &def_aci,
08455 RSBAC_FC_ACI_LNETOBJ_NAME,
08456 RSBAC_AUTO_DEV);
08457 if(err)
08458 {
08459 registration_error(err, "LNETOBJ FC");
08460 }
08461 }
08462 #endif
08463 #if defined(CONFIG_RSBAC_SIM)
08464 {
08465 rsbac_sim_dt_t def_aci = RSBAC_SIM_DT_ROOT_DEF;
08466
08467 list_info_p->version = RSBAC_SIM_NETOBJ_ACI_VERSION;
08468 list_info_p->key = RSBAC_SIM_NETOBJ_ACI_KEY;
08469 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
08470 list_info_p->data_size = sizeof(rsbac_sim_dt_t);
08471 list_info_p->max_age = 0;
08472 err = rsbac_list_register(RSBAC_LIST_VERSION,
08473 &lnetobj_handles.sim,
08474 list_info_p,
08475 0,
08476 rsbac_list_compare_u32,
08477 NULL,
08478 &def_aci,
08479 RSBAC_SIM_ACI_LNETOBJ_NAME,
08480 RSBAC_AUTO_DEV);
08481 if(err)
08482 {
08483 registration_error(err, "LNETOBJ SIM");
08484 }
08485 }
08486 #endif
08487 #if defined(CONFIG_RSBAC_PM)
08488 {
08489 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
08490
08491 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
08492 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
08493 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
08494 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t);
08495 list_info_p->max_age = 0;
08496 err = rsbac_list_register(RSBAC_LIST_VERSION,
08497 &lnetobj_handles.pm,
08498 list_info_p,
08499 0,
08500 rsbac_list_compare_u32,
08501 NULL,
08502 &def_aci,
08503 RSBAC_PM_ACI_LNETOBJ_NAME,
08504 RSBAC_AUTO_DEV);
08505 if(err)
08506 {
08507 registration_error(err, "LNETOBJ PM");
08508 }
08509 }
08510 #endif
08511 #if defined(CONFIG_RSBAC_RC)
08512 {
08513 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
08514
08515 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
08516 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
08517 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
08518 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
08519 list_info_p->max_age = 0;
08520 err = rsbac_list_register(RSBAC_LIST_VERSION,
08521 &lnetobj_handles.rc,
08522 list_info_p,
08523 0,
08524 rsbac_list_compare_u32,
08525 NULL,
08526 &def_aci,
08527 RSBAC_RC_ACI_LNETOBJ_NAME,
08528 RSBAC_AUTO_DEV);
08529 if(err)
08530 {
08531 registration_error(err, "LNETOBJ RC");
08532 }
08533 }
08534 #endif
08535
08536 #ifdef CONFIG_RSBAC_DEBUG
08537 if (rsbac_debug_ds)
08538 {
08539 #ifdef CONFIG_RSBAC_RMSG
08540 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering remote NETOBJ lists\n");
08541 #endif
08542 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08543 if (!rsbac_nosyslog)
08544 #endif
08545 printk(KERN_DEBUG "rsbac_do_init(): registering remote NETOBJ lists\n");
08546 }
08547 #endif
08548 #if defined(CONFIG_RSBAC_MAC)
08549 {
08550 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
08551
08552 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
08553 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
08554 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
08555 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t);
08556 list_info_p->max_age = 0;
08557 err = rsbac_list_register(RSBAC_LIST_VERSION,
08558 &rnetobj_handles.mac,
08559 list_info_p,
08560 0,
08561 rsbac_list_compare_u32,
08562 NULL,
08563 &def_aci,
08564 RSBAC_MAC_ACI_RNETOBJ_NAME,
08565 RSBAC_AUTO_DEV);
08566 if(err)
08567 {
08568 registration_error(err, "RNETOBJ MAC");
08569 }
08570 }
08571 #endif
08572 #if defined(CONFIG_RSBAC_FC)
08573 {
08574 rsbac_fc_oc_t def_aci = RSBAC_FC_OC_ROOT_DEF;
08575
08576 list_info_p->version = RSBAC_FC_NETOBJ_ACI_VERSION;
08577 list_info_p->key = RSBAC_FC_NETOBJ_ACI_KEY;
08578 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
08579 list_info_p->data_size = sizeof(rsbac_fc_oc_t);
08580 list_info_p->max_age = 0;
08581 err = rsbac_list_register(RSBAC_LIST_VERSION,
08582 &rnetobj_handles.fc,
08583 list_info_p,
08584 0,
08585 rsbac_list_compare_u32,
08586 NULL,
08587 &def_aci,
08588 RSBAC_FC_ACI_RNETOBJ_NAME,
08589 RSBAC_AUTO_DEV);
08590 if(err)
08591 {
08592 registration_error(err, "RNETOBJ FC");
08593 }
08594 }
08595 #endif
08596 #if defined(CONFIG_RSBAC_SIM)
08597 {
08598 rsbac_sim_dt_t def_aci = RSBAC_SIM_DT_ROOT_DEF;
08599
08600 list_info_p->version = RSBAC_SIM_NETOBJ_ACI_VERSION;
08601 list_info_p->key = RSBAC_SIM_NETOBJ_ACI_KEY;
08602 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
08603 list_info_p->data_size = sizeof(rsbac_sim_dt_t);
08604 list_info_p->max_age = 0;
08605 err = rsbac_list_register(RSBAC_LIST_VERSION,
08606 &rnetobj_handles.sim,
08607 list_info_p,
08608 0,
08609 rsbac_list_compare_u32,
08610 NULL,
08611 &def_aci,
08612 RSBAC_SIM_ACI_RNETOBJ_NAME,
08613 RSBAC_AUTO_DEV);
08614 if(err)
08615 {
08616 registration_error(err, "RNETOBJ SIM");
08617 }
08618 }
08619 #endif
08620 #if defined(CONFIG_RSBAC_PM)
08621 {
08622 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
08623
08624 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
08625 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
08626 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
08627 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t);
08628 list_info_p->max_age = 0;
08629 err = rsbac_list_register(RSBAC_LIST_VERSION,
08630 &rnetobj_handles.pm,
08631 list_info_p,
08632 0,
08633 rsbac_list_compare_u32,
08634 NULL,
08635 &def_aci,
08636 RSBAC_PM_ACI_RNETOBJ_NAME,
08637 RSBAC_AUTO_DEV);
08638 if(err)
08639 {
08640 registration_error(err, "RNETOBJ PM");
08641 }
08642 }
08643 #endif
08644 #if defined(CONFIG_RSBAC_RC)
08645 {
08646 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
08647
08648 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
08649 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
08650 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
08651 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
08652 list_info_p->max_age = 0;
08653 err = rsbac_list_register(RSBAC_LIST_VERSION,
08654 &rnetobj_handles.rc,
08655 list_info_p,
08656 0,
08657 rsbac_list_compare_u32,
08658 NULL,
08659 &def_aci,
08660 RSBAC_RC_ACI_RNETOBJ_NAME,
08661 RSBAC_AUTO_DEV);
08662 if(err)
08663 {
08664 registration_error(err, "RNETOBJ RC");
08665 }
08666 }
08667 #endif
08668
08669 return err;
08670 }
08671 #endif
08672
08673 #ifdef CONFIG_RSBAC_INIT_DELAY
08674 static int rsbac_do_init(void)
08675 #else
08676 static int __init rsbac_do_init(void)
08677 #endif
08678 {
08679 int err = 0;
08680 struct rsbac_device_list_item_t * device_p;
08681 struct rsbac_device_list_item_t * new_device_p;
08682 u_long flags;
08683 struct rsbac_list_info_t * list_info_p;
08684 struct super_block * sb_p;
08685
08686 #ifdef CONFIG_RSBAC_DEBUG
08687 if(rsbac_debug_stack)
08688 {
08689 unsigned long * n;
08690
08691 n = (unsigned long *) (current+1);
08692 while (!*n)
08693 n++;
08694 #ifdef CONFIG_RSBAC_RMSG
08695 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack: %lu\n",
08696 (unsigned long) n - (unsigned long)(current+1));
08697 #endif
08698 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08699 if (!rsbac_nosyslog)
08700 #endif
08701 printk(KERN_DEBUG "rsbac_do_init: free stack: %lu\n",
08702 (unsigned long) n - (unsigned long)(current+1));
08703 }
08704 #endif
08705 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
08706 if(!list_info_p)
08707 {
08708 return -ENOMEM;
08709 }
08710 compiled_modules[0] = (char) 0;
08711 #ifdef CONFIG_RSBAC_REG
08712 strcat(compiled_modules, " REG");
08713 #endif
08714 #ifdef CONFIG_RSBAC_MAC
08715 #ifdef CONFIG_RSBAC_MAC_LIGHT
08716 strcat(compiled_modules, " MAC-L");
08717 #else
08718 strcat(compiled_modules, " MAC");
08719 #endif
08720 #endif
08721 #ifdef CONFIG_RSBAC_FC
08722 strcat(compiled_modules, " FC");
08723 #endif
08724 #ifdef CONFIG_RSBAC_SIM
08725 strcat(compiled_modules, " SIM");
08726 #endif
08727 #ifdef CONFIG_RSBAC_PM
08728 strcat(compiled_modules, " PM");
08729 #endif
08730 #ifdef CONFIG_RSBAC_DAZ
08731 strcat(compiled_modules, " DAZ");
08732 #endif
08733 #ifdef CONFIG_RSBAC_FF
08734 strcat(compiled_modules, " FF");
08735 #endif
08736 #ifdef CONFIG_RSBAC_RC
08737 strcat(compiled_modules, " RC");
08738 #endif
08739 #ifdef CONFIG_RSBAC_AUTH
08740 strcat(compiled_modules, " AUTH");
08741 #endif
08742 #ifdef CONFIG_RSBAC_ACL
08743 strcat(compiled_modules, " ACL");
08744 #endif
08745 #ifdef CONFIG_RSBAC_CAP
08746 strcat(compiled_modules, " CAP");
08747 #endif
08748 #ifdef CONFIG_RSBAC_JAIL
08749 strcat(compiled_modules, " JAIL");
08750 #endif
08751 #ifdef CONFIG_RSBAC_RES
08752 strcat(compiled_modules, " RES");
08753 #endif
08754 #ifdef CONFIG_RSBAC_PAX
08755 strcat(compiled_modules, " PAX");
08756 #endif
08757 #ifdef CONFIG_RSBAC_MAINT
08758 #ifdef CONFIG_RSBAC_RMSG
08759 rsbac_printk(KERN_INFO
08760 "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
08761 RSBAC_VERSION);
08762 rsbac_printk(KERN_INFO
08763 "rsbac_do_init(): Supported module data structures:%s\n",
08764 compiled_modules);
08765 #endif
08766 printk(KERN_INFO
08767 "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
08768 RSBAC_VERSION);
08769 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08770 if (!rsbac_nosyslog)
08771 #endif
08772 printk(KERN_INFO
08773 "rsbac_do_init(): Supported module data structures:%s\n",
08774 compiled_modules);
08775 #else
08776 #ifdef CONFIG_RSBAC_RMSG
08777 rsbac_printk(KERN_INFO
08778 "rsbac_do_init(): Initializing RSBAC %s\n",
08779 RSBAC_VERSION);
08780 rsbac_printk(KERN_INFO
08781 "rsbac_do_init(): compiled modules:%s\n",
08782 compiled_modules);
08783 #endif
08784 printk(KERN_INFO
08785 "rsbac_do_init(): Initializing RSBAC %s\n",
08786 RSBAC_VERSION);
08787 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08788 if (!rsbac_nosyslog)
08789 #endif
08790 printk(KERN_INFO
08791 "rsbac_do_init(): compiled modules:%s\n",
08792 compiled_modules);
08793 #endif
08794
08795
08796 #ifdef CONFIG_RSBAC_RMSG
08797 rsbac_printk(KERN_INFO
08798 "rsbac_do_init(): Initializing memory slabs\n");
08799 #endif
08800 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08801 if (!rsbac_nosyslog)
08802 #endif
08803 printk(KERN_INFO
08804 "rsbac_do_init(): Initializing memory slabs\n");
08805 rsbac_kmem_cache_sizes_init();
08806
08807
08808 device_list_head.lock = RW_LOCK_UNLOCKED;
08809 device_list_head.head = NULL;
08810 device_list_head.tail = NULL;
08811 device_list_head.curr = NULL;
08812 device_list_head.count = 0;
08813
08814 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
08815 #ifdef CONFIG_RSBAC_DEBUG
08816 if(rsbac_debug_stack)
08817 {
08818 unsigned long * n = (unsigned long *) (current+1);
08819
08820 while (!*n)
08821 n++;
08822 #ifdef CONFIG_RSBAC_RMSG
08823 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering proc dir: %lu\n",
08824 (unsigned long) n - (unsigned long)(current+1));
08825 #endif
08826 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08827 if (!rsbac_nosyslog)
08828 #endif
08829 printk(KERN_DEBUG "rsbac_do_init: free stack before registering proc dir: %lu\n",
08830 (unsigned long) n - (unsigned long)(current+1));
08831 }
08832 #endif
08833 #ifdef CONFIG_RSBAC_RMSG
08834 rsbac_printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n");
08835 #endif
08836 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08837 if (!rsbac_nosyslog)
08838 #endif
08839 printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n");
08840 register_all_rsbac_proc();
08841 #endif
08842
08843 #ifdef CONFIG_RSBAC_DEBUG
08844 if(rsbac_debug_stack)
08845 {
08846 unsigned long * n = (unsigned long *) (current+1);
08847
08848 while (!*n)
08849 n++;
08850 #ifdef CONFIG_RSBAC_RMSG
08851 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before get_super: %lu\n",
08852 (unsigned long) n - (unsigned long)(current+1));
08853 #endif
08854 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08855 if (!rsbac_nosyslog)
08856 #endif
08857 printk(KERN_DEBUG "rsbac_do_init: free stack before get_super: %lu\n",
08858 (unsigned long) n - (unsigned long)(current+1));
08859 }
08860 #endif
08861 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08862 sb_p = user_get_super(rsbac_root_dev);
08863 #else
08864 sb_p = get_super(rsbac_root_dev);
08865 #endif
08866 if(!sb_p)
08867 {
08868 kfree(list_info_p);
08869 return -RSBAC_ENOROOTDEV;
08870 }
08871
08872 #ifdef CONFIG_RSBAC_DEBUG
08873 if (rsbac_debug_ds)
08874 {
08875 #ifdef CONFIG_RSBAC_RMSG
08876 rsbac_printk(KERN_DEBUG
08877 "rsbac_do_init(): reading aci from device number %02u:%02u\n",
08878 RSBAC_MAJOR(rsbac_root_dev),
08879 RSBAC_MINOR(rsbac_root_dev));
08880 #endif
08881 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08882 if (!rsbac_nosyslog)
08883 #endif
08884 printk(KERN_DEBUG
08885 "rsbac_do_init(): reading aci from device number %02u:%02u\n",
08886 RSBAC_MAJOR(rsbac_root_dev),
08887 RSBAC_MINOR(rsbac_root_dev));
08888 }
08889 #endif
08890
08891 new_device_p = create_device_item(sb_p, NULL);
08892 if (!new_device_p)
08893 {
08894 #ifdef CONFIG_RSBAC_RMSG
08895 rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not alloc device item!\n");
08896 #endif
08897 printk(KERN_CRIT "rsbac_do_init(): Could not alloc device item!\n");
08898 err = -RSBAC_ECOULDNOTADDDEVICE;
08899 goto out_free;
08900 }
08901
08902
08903 rsbac_write_lock(&device_list_head.lock, &flags);
08904
08905 device_p = add_device_item(new_device_p);
08906
08907 rsbac_write_unlock(&device_list_head.lock, &flags);
08908 if (!device_p)
08909 {
08910 #ifdef CONFIG_RSBAC_RMSG
08911 rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not add device!\n");
08912 #endif
08913 printk(KERN_CRIT "rsbac_do_init(): Could not add device!\n");
08914 clear_device_item(new_device_p);
08915 err = -RSBAC_ECOULDNOTADDDEVICE;
08916 goto out_free;
08917 }
08918
08919
08920 #ifdef CONFIG_RSBAC_RMSG
08921 rsbac_printk(KERN_INFO
08922 "rsbac_do_init(): Initializing generic lists\n");
08923 #endif
08924 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08925 if (!rsbac_nosyslog)
08926 #endif
08927 printk(KERN_INFO
08928 "rsbac_do_init(): Initializing generic lists\n");
08929 rsbac_list_init();
08930
08931 #ifdef CONFIG_RSBAC_DEBUG
08932 if(rsbac_debug_stack)
08933 {
08934 unsigned long * n = (unsigned long *) (current+1);
08935
08936 while (!*n)
08937 n++;
08938 #ifdef CONFIG_RSBAC_RMSG
08939 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_debug: %lu\n",
08940 (unsigned long) n - (unsigned long)(current+1));
08941 #endif
08942 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08943 if (!rsbac_nosyslog)
08944 #endif
08945 printk(KERN_DEBUG "rsbac_do_init: free stack before init_debug: %lu\n",
08946 (unsigned long) n - (unsigned long)(current+1));
08947 }
08948 #endif
08949 rsbac_init_debug();
08950
08951 #ifdef CONFIG_RSBAC_RMSG
08952 rsbac_printk(KERN_INFO
08953 "rsbac_do_init(): reading FD attributes from root dev\n");
08954 #endif
08955 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08956 if (!rsbac_nosyslog)
08957 #endif
08958 printk(KERN_INFO
08959 "rsbac_do_init(): reading FD attributes from root dev\n");
08960
08961 #ifdef CONFIG_RSBAC_DEBUG
08962 if(rsbac_debug_stack)
08963 {
08964 unsigned long * n = (unsigned long *) (current+1);
08965
08966 while (!*n)
08967 n++;
08968 #ifdef CONFIG_RSBAC_RMSG
08969 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before reading FD lists: %lu\n",
08970 (unsigned long) n - (unsigned long)(current+1));
08971 #endif
08972 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08973 if (!rsbac_nosyslog)
08974 #endif
08975 printk(KERN_DEBUG "rsbac_do_init: free stack before reading FD lists: %lu\n",
08976 (unsigned long) n - (unsigned long)(current+1));
08977 }
08978 #endif
08979
08980 if((err = register_fd_lists(device_p,rsbac_root_dev)))
08981 {
08982 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
08983
08984 if(tmp)
08985 {
08986 #ifdef CONFIG_RSBAC_RMSG
08987 rsbac_printk(KERN_WARNING
08988 "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n",
08989 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err));
08990 #endif
08991 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08992 if (!rsbac_nosyslog)
08993 #endif
08994 printk(KERN_WARNING
08995 "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n",
08996 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err));
08997 rsbac_kfree(tmp);
08998 }
08999 }
09000
09001 #ifdef CONFIG_RSBAC_DEBUG
09002 if(rsbac_debug_stack)
09003 {
09004 unsigned long * n = (unsigned long *) (current+1);
09005
09006 while (!*n)
09007 n++;
09008 #ifdef CONFIG_RSBAC_RMSG
09009 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before DEV lists registration: %lu\n",
09010 (unsigned long) n - (unsigned long)(current+1));
09011 #endif
09012 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09013 if (!rsbac_nosyslog)
09014 #endif
09015 printk(KERN_DEBUG "rsbac_do_init: free stack before DEV lists registration: %lu\n",
09016 (unsigned long) n - (unsigned long)(current+1));
09017 }
09018 #endif
09019 register_dev_lists();
09020
09021 #ifdef CONFIG_RSBAC_DEBUG
09022 if(rsbac_debug_stack)
09023 {
09024 unsigned long * n = (unsigned long *) (current+1);
09025
09026 while (!*n)
09027 n++;
09028 #ifdef CONFIG_RSBAC_RMSG
09029 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering IPC lists: %lu\n",
09030 (unsigned long) n - (unsigned long)(current+1));
09031 #endif
09032 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09033 if (!rsbac_nosyslog)
09034 #endif
09035 printk(KERN_DEBUG "rsbac_do_init: free stack before registering IPC lists: %lu\n",
09036 (unsigned long) n - (unsigned long)(current+1));
09037 }
09038 #endif
09039
09040 register_ipc_lists();
09041
09042 #ifdef CONFIG_RSBAC_DEBUG
09043 if(rsbac_debug_stack)
09044 {
09045 unsigned long * n = (unsigned long *) (current+1);
09046
09047 while (!*n)
09048 n++;
09049 #ifdef CONFIG_RSBAC_RMSG
09050 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering USER lists: %lu\n",
09051 (unsigned long) n - (unsigned long)(current+1));
09052 #endif
09053 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09054 if (!rsbac_nosyslog)
09055 #endif
09056 printk(KERN_DEBUG "rsbac_do_init: free stack before registering USER lists: %lu\n",
09057 (unsigned long) n - (unsigned long)(current+1));
09058 }
09059 #endif
09060 register_user_lists();
09061
09062 #ifdef CONFIG_RSBAC_DEBUG
09063 if(rsbac_debug_stack)
09064 {
09065 unsigned long * n = (unsigned long *) (current+1);
09066
09067 while (!*n)
09068 n++;
09069 #ifdef CONFIG_RSBAC_RMSG
09070 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering PROCESS aci: %lu\n",
09071 (unsigned long) n - (unsigned long)(current+1));
09072 #endif
09073 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09074 if (!rsbac_nosyslog)
09075 #endif
09076 printk(KERN_DEBUG "rsbac_do_init: free stack before registering PROCESS aci: %lu\n",
09077 (unsigned long) n - (unsigned long)(current+1));
09078 }
09079 #endif
09080 register_process_lists();
09081
09082
09083 #ifdef CONFIG_RSBAC_UM
09084 #ifdef CONFIG_RSBAC_DEBUG
09085 if(rsbac_debug_stack)
09086 {
09087 unsigned long * n = (unsigned long *) (current+1);
09088
09089 while (!*n)
09090 n++;
09091 #ifdef CONFIG_RSBAC_RMSG
09092 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before GROUP lists registration: %lu\n",
09093 (unsigned long) n - (unsigned long)(current+1));
09094 #endif
09095 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09096 if (!rsbac_nosyslog)
09097 #endif
09098 printk(KERN_DEBUG "rsbac_do_init: free stack before GROUP lists registration: %lu\n",
09099 (unsigned long) n - (unsigned long)(current+1));
09100 }
09101 #endif
09102 register_group_lists();
09103 #endif
09104
09105 #ifdef CONFIG_RSBAC_NET_DEV
09106 register_netdev_lists();
09107 #endif
09108
09109 #ifdef CONFIG_RSBAC_NET_OBJ
09110 register_nettemp_list();
09111 register_nettemp_aci_lists();
09112 register_netobj_lists();
09113 #endif
09114
09115
09116 #if defined(CONFIG_RSBAC_MAC)
09117 #ifdef CONFIG_RSBAC_DEBUG
09118 if(rsbac_debug_stack)
09119 {
09120 unsigned long * n = (unsigned long *) (current+1);
09121
09122 while (!*n)
09123 n++;
09124 #ifdef CONFIG_RSBAC_RMSG
09125 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_mac: %lu\n",
09126 (unsigned long) n - (unsigned long)(current+1));
09127 #endif
09128 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09129 if (!rsbac_nosyslog)
09130 #endif
09131 printk(KERN_DEBUG "rsbac_do_init: free stack before init_mac: %lu\n",
09132 (unsigned long) n - (unsigned long)(current+1));
09133 }
09134 #endif
09135 rsbac_init_mac();
09136 #endif
09137
09138 #ifdef CONFIG_RSBAC_PM
09139 #ifdef CONFIG_RSBAC_DEBUG
09140 if(rsbac_debug_stack)
09141 {
09142 unsigned long * n = (unsigned long *) (current+1);
09143
09144 while (!*n)
09145 n++;
09146 #ifdef CONFIG_RSBAC_RMSG
09147 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_pm: %lu\n",
09148 (unsigned long) n - (unsigned long)(current+1));
09149 #endif
09150 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09151 if (!rsbac_nosyslog)
09152 #endif
09153 printk(KERN_DEBUG "rsbac_do_init: free stack before init_pm: %lu\n",
09154 (unsigned long) n - (unsigned long)(current+1));
09155 }
09156 #endif
09157 rsbac_init_pm();
09158 #endif
09159
09160 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
09161 #ifdef CONFIG_RSBAC_DEBUG
09162 if(rsbac_debug_stack)
09163 {
09164 unsigned long * n = (unsigned long *) (current+1);
09165
09166 while (!*n)
09167 n++;
09168 #ifdef CONFIG_RSBAC_RMSG
09169 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_daz: %lu\n",
09170 (unsigned long) n - (unsigned long)(current+1));
09171 #endif
09172 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09173 if (!rsbac_nosyslog)
09174 #endif
09175 printk(KERN_DEBUG "rsbac_do_init: free stack before init_daz: %lu\n",
09176 (unsigned long) n - (unsigned long)(current+1));
09177 }
09178 #endif
09179 rsbac_init_daz();
09180 #endif
09181
09182 #if defined(CONFIG_RSBAC_RC)
09183 #ifdef CONFIG_RSBAC_DEBUG
09184 if(rsbac_debug_stack)
09185 {
09186 unsigned long * n = (unsigned long *) (current+1);
09187
09188 while (!*n)
09189 n++;
09190 #ifdef CONFIG_RSBAC_RMSG
09191 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_rc: %lu\n",
09192 (unsigned long) n - (unsigned long)(current+1));
09193 #endif
09194 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09195 if (!rsbac_nosyslog)
09196 #endif
09197 printk(KERN_DEBUG "rsbac_do_init: free stack before init_rc: %lu\n",
09198 (unsigned long) n - (unsigned long)(current+1));
09199 }
09200 #endif
09201 rsbac_init_rc();
09202 #endif
09203
09204 #if defined(CONFIG_RSBAC_AUTH)
09205 #ifdef CONFIG_RSBAC_DEBUG
09206 if(rsbac_debug_stack)
09207 {
09208 unsigned long * n = (unsigned long *) (current+1);
09209
09210 while (!*n)
09211 n++;
09212 #ifdef CONFIG_RSBAC_RMSG
09213 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_auth: %lu\n",
09214 (unsigned long) n - (unsigned long)(current+1));
09215 #endif
09216 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09217 if (!rsbac_nosyslog)
09218 #endif
09219 printk(KERN_DEBUG "rsbac_do_init: free stack before init_auth: %lu\n",
09220 (unsigned long) n - (unsigned long)(current+1));
09221 }
09222 #endif
09223 rsbac_init_auth();
09224 if (rsbac_auth_enable_login)
09225 {
09226 struct dentry * t_dentry;
09227 struct dentry * dir_dentry = NULL;
09228 struct rsbac_auth_fd_aci_t auth_fd_aci = DEFAULT_AUTH_FD_ACI;
09229 int list_no;
09230
09231 #ifdef CONFIG_RSBAC_RMSG
09232 rsbac_printk(KERN_WARNING
09233 "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n",
09234 RSBAC_AUTH_LOGIN_PATH);
09235 #endif
09236 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09237 if (!rsbac_nosyslog)
09238 #endif
09239 printk(KERN_WARNING
09240 "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n",
09241 RSBAC_AUTH_LOGIN_PATH);
09242
09243
09244 if(sb_p)
09245 {
09246 dir_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_DIR,
09247 sb_p->s_root,
09248 strlen(RSBAC_AUTH_LOGIN_PATH_DIR));
09249 }
09250 if (!dir_dentry)
09251 {
09252 err = -RSBAC_ENOTFOUND;
09253 #ifdef CONFIG_RSBAC_RMSG
09254 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
09255 RSBAC_AUTH_LOGIN_PATH_DIR);
09256 #endif
09257 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09258 if (!rsbac_nosyslog)
09259 #endif
09260 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
09261 RSBAC_AUTH_LOGIN_PATH_DIR);
09262 goto auth_out;
09263 }
09264 if (IS_ERR(dir_dentry))
09265 {
09266 err = PTR_ERR(dir_dentry);
09267 #ifdef CONFIG_RSBAC_RMSG
09268 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n",
09269 RSBAC_AUTH_LOGIN_PATH_DIR,
09270 err);
09271 #endif
09272 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09273 if (!rsbac_nosyslog)
09274 #endif
09275 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n",
09276 RSBAC_AUTH_LOGIN_PATH_DIR,
09277 err);
09278 goto auth_out;
09279 }
09280 if (!dir_dentry->d_inode)
09281 {
09282 err = -RSBAC_ENOTFOUND;
09283 #ifdef CONFIG_RSBAC_RMSG
09284 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
09285 RSBAC_AUTH_LOGIN_PATH_DIR);
09286 #endif
09287 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09288 if (!rsbac_nosyslog)
09289 #endif
09290 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
09291 RSBAC_AUTH_LOGIN_PATH_DIR);
09292 dput(dir_dentry);
09293 goto auth_out;
09294 }
09295 t_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_FILE,
09296 dir_dentry,
09297 strlen(RSBAC_AUTH_LOGIN_PATH_FILE));
09298 if (!t_dentry)
09299 {
09300 err = -RSBAC_ENOTFOUND;
09301 #ifdef CONFIG_RSBAC_RMSG
09302 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
09303 RSBAC_AUTH_LOGIN_PATH_DIR,
09304 RSBAC_AUTH_LOGIN_PATH_FILE);
09305 #endif
09306 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09307 if (!rsbac_nosyslog)
09308 #endif
09309 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
09310 RSBAC_AUTH_LOGIN_PATH_DIR,
09311 RSBAC_AUTH_LOGIN_PATH_FILE);
09312 goto auth_out;
09313 }
09314 if (IS_ERR(t_dentry))
09315 {
09316 err = PTR_ERR(t_dentry);
09317 #ifdef CONFIG_RSBAC_RMSG
09318 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n",
09319 RSBAC_AUTH_LOGIN_PATH_DIR,
09320 RSBAC_AUTH_LOGIN_PATH_FILE,
09321 err);
09322 #endif
09323 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09324 if (!rsbac_nosyslog)
09325 #endif
09326 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n",
09327 RSBAC_AUTH_LOGIN_PATH_DIR,
09328 RSBAC_AUTH_LOGIN_PATH_FILE,
09329 err);
09330 goto auth_out;
09331 }
09332 if (!t_dentry->d_inode)
09333 {
09334 err = -RSBAC_ENOTFOUND;
09335 #ifdef CONFIG_RSBAC_RMSG
09336 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
09337 RSBAC_AUTH_LOGIN_PATH_DIR,
09338 RSBAC_AUTH_LOGIN_PATH_FILE);
09339 #endif
09340 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09341 if (!rsbac_nosyslog)
09342 #endif
09343 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
09344 RSBAC_AUTH_LOGIN_PATH_DIR,
09345 RSBAC_AUTH_LOGIN_PATH_FILE);
09346 dput(t_dentry);
09347 goto auth_out;
09348 }
09349
09350 if (!t_dentry->d_inode)
09351 {
09352 #ifdef CONFIG_RSBAC_RMSG
09353 rsbac_printk(KERN_WARNING "rsbac_do_init(): file %s not found\n",
09354 RSBAC_AUTH_LOGIN_PATH);
09355 #endif
09356 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09357 if (!rsbac_nosyslog)
09358 #endif
09359 printk(KERN_WARNING "rsbac_do_init(): file %s not found\n",
09360 RSBAC_AUTH_LOGIN_PATH);
09361 err = -RSBAC_EINVALIDTARGET;
09362 goto auth_out_dput;
09363 }
09364
09365 if (!S_ISREG(t_dentry->d_inode->i_mode))
09366 {
09367 #ifdef CONFIG_RSBAC_RMSG
09368 rsbac_printk(KERN_WARNING "rsbac_do_init(): %s is no file\n", RSBAC_AUTH_LOGIN_PATH);
09369 #endif
09370 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09371 if (!rsbac_nosyslog)
09372 #endif
09373 printk(KERN_WARNING "rsbac_do_init(): %s is no file\n", RSBAC_AUTH_LOGIN_PATH);
09374 err = -RSBAC_EINVALIDTARGET;
09375 goto auth_out_dput;
09376 }
09377 list_no = auth_fd_hash(t_dentry->d_inode->i_ino);
09378 rsbac_list_get_data(device_p->handles.auth[list_no],
09379 &t_dentry->d_inode->i_ino,
09380 &auth_fd_aci);
09381 auth_fd_aci.auth_may_setuid = TRUE;
09382 if(rsbac_list_add(device_p->handles.auth[list_no],
09383 &t_dentry->d_inode->i_ino,
09384 &auth_fd_aci))
09385 {
09386 #ifdef CONFIG_RSBAC_RMSG
09387 rsbac_printk(KERN_WARNING
09388 "rsbac_do_init(): Could not add AUTH file/dir item!\n");
09389 #endif
09390 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09391 if (!rsbac_nosyslog)
09392 #endif
09393 printk(KERN_WARNING
09394 "rsbac_do_init(): Could not add AUTH file/dir item!\n");
09395 err = -RSBAC_ECOULDNOTADDITEM;
09396 }
09397
09398 auth_out_dput:
09399 auth_out:
09400 { }
09401 }
09402 #endif
09403
09404 #if defined(CONFIG_RSBAC_ACL)
09405 #ifdef CONFIG_RSBAC_DEBUG
09406 if(rsbac_debug_stack)
09407 {
09408 unsigned long * n = (unsigned long *) (current+1);
09409
09410 while (!*n)
09411 n++;
09412 #ifdef CONFIG_RSBAC_RMSG
09413 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_acl: %lu\n",
09414 (unsigned long) n - (unsigned long)(current+1));
09415 #endif
09416 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09417 if (!rsbac_nosyslog)
09418 #endif
09419 printk(KERN_DEBUG "rsbac_do_init: free stack before init_acl: %lu\n",
09420 (unsigned long) n - (unsigned long)(current+1));
09421 }
09422 #endif
09423 rsbac_init_acl();
09424 #endif
09425
09426 #if defined(CONFIG_RSBAC_UM)
09427 #ifdef CONFIG_RSBAC_DEBUG
09428 if(rsbac_debug_stack)
09429 {
09430 unsigned long * n = (unsigned long *) (current+1);
09431
09432 while (!*n)
09433 n++;
09434 #ifdef CONFIG_RSBAC_RMSG
09435 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_um: %lu\n",
09436 (unsigned long) n - (unsigned long)(current+1));
09437 #endif
09438 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09439 if (!rsbac_nosyslog)
09440 #endif
09441 printk(KERN_DEBUG "rsbac_do_init: free stack before init_um: %lu\n",
09442 (unsigned long) n - (unsigned long)(current+1));
09443 }
09444 #endif
09445 rsbac_init_um();
09446 #endif
09447
09448
09449 #ifdef CONFIG_RSBAC_DEBUG
09450 if(rsbac_debug_stack)
09451 {
09452 unsigned long * n = (unsigned long *) (current+1);
09453
09454 while (!*n)
09455 n++;
09456 #ifdef CONFIG_RSBAC_RMSG
09457 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_adf: %lu\n",
09458 (unsigned long) n - (unsigned long)(current+1));
09459 #endif
09460 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09461 if (!rsbac_nosyslog)
09462 #endif
09463 printk(KERN_DEBUG "rsbac_do_init: free stack before init_adf: %lu\n",
09464 (unsigned long) n - (unsigned long)(current+1));
09465 }
09466 #endif
09467 rsbac_init_adf();
09468
09469
09470 drop_super(sb_p);
09471
09472 #if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS)
09473 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
09474 pax_set_initial_flags_func = rsbac_pax_set_flags_func;
09475 #else
09476 pax_set_flags_func = rsbac_pax_set_flags_func;
09477 #endif
09478 #endif
09479
09480
09481 rsbac_initialized = TRUE;
09482
09483
09484 #ifdef CONFIG_BLK_DEV_INITRD
09485 if(initrd_start)
09486 {
09487 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09488 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,0));
09489 #else
09490 sb_p = get_super(MKDEV(RAMDISK_MAJOR,0));
09491 #endif
09492 if(sb_p)
09493 {
09494 rsbac_mount(sb_p, NULL);
09495 drop_super(sb_p);
09496 }
09497 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09498 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR));
09499 #else
09500 sb_p = get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR));
09501 #endif
09502 if(sb_p)
09503 {
09504 rsbac_mount(sb_p, NULL);
09505 drop_super(sb_p);
09506 }
09507 }
09508 #endif
09509
09510 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09511
09512 if( sysfs_covered_p
09513 && sysfs_sb_p
09514 )
09515 {
09516 #ifdef CONFIG_RSBAC_RMSG
09517 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n",
09518 MAJOR(sysfs_sb_p->s_dev), MINOR(sysfs_sb_p->s_dev));
09519 #endif
09520 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09521 if (!rsbac_nosyslog)
09522 #endif
09523 printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n",
09524 MAJOR(sysfs_sb_p->s_dev), MINOR(sysfs_sb_p->s_dev));
09525 rsbac_mount(sysfs_sb_p, sysfs_covered_p);
09526 }
09527 #endif
09528
09529
09530 #ifdef CONFIG_DEVFS_MOUNT
09531 if( devfs_covered_p
09532 && devfs_sb_p
09533 )
09534 {
09535 #ifdef CONFIG_RSBAC_RMSG
09536 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n",
09537 MAJOR(devfs_sb_p->s_dev), MINOR(devfs_sb_p->s_dev));
09538 #endif
09539 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09540 if (!rsbac_nosyslog)
09541 #endif
09542 printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n",
09543 MAJOR(devfs_sb_p->s_dev), MINOR(devfs_sb_p->s_dev));
09544 rsbac_mount(devfs_sb_p, devfs_covered_p);
09545 }
09546 #endif
09547
09548
09549 #ifdef CONFIG_RSBAC_INIT_CHECK
09550 #ifdef CONFIG_RSBAC_DEBUG
09551 if(rsbac_debug_stack)
09552 {
09553 unsigned long * n = (unsigned long *) (current+1);
09554
09555 while (!*n)
09556 n++;
09557 #ifdef CONFIG_RSBAC_RMSG
09558 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before rsbac_check: %lu\n",
09559 (unsigned long) n - (unsigned long)(current+1));
09560 #endif
09561 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09562 if (!rsbac_nosyslog)
09563 #endif
09564 printk(KERN_DEBUG "rsbac_do_init: free stack before rsbac_check: %lu\n",
09565 (unsigned long) n - (unsigned long)(current+1));
09566 }
09567 #endif
09568 #ifdef CONFIG_RSBAC_RMSG
09569 rsbac_printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n");
09570 #endif
09571 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09572 if (!rsbac_nosyslog)
09573 #endif
09574 printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n");
09575 rsbac_check_lists(1);
09576 rsbac_check(1,0);
09577
09578 #if defined(CONFIG_RSBAC_AUTH)
09579 rsbac_check_auth(1,0);
09580 #endif
09581 #if defined(CONFIG_RSBAC_ACL)
09582 rsbac_check_acl(1,0);
09583 #endif
09584 #endif
09585
09586 if (!current->fs)
09587 {
09588 #ifdef CONFIG_RSBAC_RMSG
09589 rsbac_printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n");
09590 #endif
09591 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09592 if (!rsbac_nosyslog)
09593 #endif
09594 printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n");
09595 err = -RSBAC_EINVALIDPOINTER;
09596 }
09597 out:
09598
09599 #ifdef CONFIG_RSBAC_RMSG
09600 rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n");
09601 #endif
09602 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09603 if (!rsbac_nosyslog)
09604 #endif
09605 printk(KERN_INFO "rsbac_do_init(): Ready.\n");
09606
09607 kfree(list_info_p);
09608 return(err);
09609
09610 out_free:
09611
09612 drop_super(sb_p);
09613 goto out;
09614 }
09615
09616
09617 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
09618 || defined(CONFIG_RSBAC_INIT_THREAD)
09619
09620 void wakeup_rsbacd(u_long dummy)
09621 {
09622 wake_up(&rsbacd_wait);
09623 }
09624 #endif
09625
09626 #ifdef CONFIG_RSBAC_INIT_THREAD
09627
09628 static int rsbac_initd(void * dummy)
09629 {
09630 printk(KERN_INFO "rsbac_initd(): Initializing.\n");
09631 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09632 daemonize("rsbac_initd");
09633 #else
09634 current->session = 1;
09635 current->pgrp = 1;
09636 strcpy(current->comm, "rsbac_initd");
09637 #endif
09638
09639
09640
09641
09642 #ifdef CONFIG_RSBAC_DEBUG
09643 if(rsbac_debug_stack)
09644 {
09645 unsigned long * n = (unsigned long *) (current+1);
09646
09647 while (!*n)
09648 n++;
09649 printk(KERN_DEBUG "rsbac_initd: free stack before rsbac_do_init(): %lu\n",
09650 (unsigned long) n - (unsigned long)(current+1));
09651 }
09652 #endif
09653
09654 rsbac_do_init();
09655
09656 #ifdef CONFIG_RSBAC_DEBUG
09657 if(rsbac_debug_stack)
09658 {
09659 unsigned long * n = (unsigned long *) (current+1);
09660
09661 while (!*n)
09662 n++;
09663 printk(KERN_DEBUG "rsbac_initd: free stack after rsbac_do_init(): %lu\n",
09664 (unsigned long) n - (unsigned long)(current+1));
09665 }
09666 #endif
09667
09668 wake_up(&rsbacd_wait);
09669
09670 printk(KERN_INFO "rsbac_initd(): Exiting.\n");
09671 do_exit(0);
09672 return 0;
09673 }
09674 #endif
09675
09676 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
09677
09678 static int rsbacd(void * dummy)
09679 {
09680 struct task_struct *tsk = current;
09681 char * name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
09682
09683 #ifdef CONFIG_RSBAC_RMSG
09684 rsbac_printk(KERN_INFO "rsbacd(): Initializing.\n");
09685 #endif
09686 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09687 if (!rsbac_nosyslog)
09688 #endif
09689 printk(KERN_INFO "rsbacd(): Initializing.\n");
09690 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09691 daemonize("rsbacd");
09692 #else
09693 tsk->session = 1;
09694 tsk->pgrp = 1;
09695 strcpy(tsk->comm, "rsbacd");
09696 #endif
09697
09698
09699
09700 sys_close(0);
09701 sys_close(1);
09702 sys_close(2);
09703 #ifdef CONFIG_RSBAC_INIT_DELAY
09704 reparent_to_init();
09705 #endif
09706
09707 #ifdef CONFIG_RSBAC_DEBUG
09708 if(rsbac_debug_auto)
09709 {
09710 #ifdef CONFIG_RSBAC_RMSG
09711 rsbac_printk(KERN_DEBUG "rsbacd(): Setting auto timer.\n");
09712 #endif
09713 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09714 if (!rsbac_nosyslog)
09715 #endif
09716 printk(KERN_DEBUG "rsbacd(): Setting auto timer.\n");
09717 }
09718 #endif
09719
09720 #ifndef CONFIG_RSBAC_INIT_THREAD
09721 init_timer(&rsbac_timer);
09722 rsbac_timer.function = wakeup_rsbacd;
09723 rsbac_timer.data = 0;
09724 rsbac_timer.expires = jiffies + auto_interval;
09725 add_timer(&rsbac_timer);
09726 #endif
09727
09728 #ifdef CONFIG_RSBAC_DEBUG
09729 if(rsbac_debug_stack)
09730 {
09731 unsigned long * n = (unsigned long *) (current+1);
09732
09733 while (!*n)
09734 n++;
09735 #ifdef CONFIG_RSBAC_RMSG
09736 rsbac_printk(KERN_DEBUG "rsbacd: free stack: %lu\n",
09737 (unsigned long) n - (unsigned long)(current+1));
09738 #endif
09739 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09740 if (!rsbac_nosyslog)
09741 #endif
09742 printk(KERN_DEBUG "rsbacd: free stack: %lu\n",
09743 (unsigned long) n - (unsigned long)(current+1));
09744 }
09745 #endif
09746 for(;;)
09747 {
09748
09749 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09750
09751 flush_signals(tsk);
09752 spin_lock_irq(&tsk->sighand->siglock);
09753 flush_signal_handlers(tsk, 1);
09754 sigemptyset(&tsk->blocked);
09755 recalc_sigpending();
09756 spin_unlock_irq(&tsk->sighand->siglock);
09757 #else
09758 spin_lock_irq(&tsk->sigmask_lock);
09759 flush_signals(tsk);
09760 sigfillset(&tsk->blocked);
09761 recalc_sigpending(tsk);
09762 spin_unlock_irq(&tsk->sigmask_lock);
09763 #endif
09764
09765 mod_timer(&rsbac_timer, jiffies + auto_interval);
09766 interruptible_sleep_on(&rsbacd_wait);
09767
09768
09769
09770 #if 0
09771
09772 #if defined(CONFIG_RSBAC_DAZ_CACHE)
09773 if(jiffies >= daz_cleanup_time)
09774 {
09775 daz_cleanup_time = jiffies + HZ * RSBAC_DAZ_CACHE_CLEANUP_INTERVAL;
09776 #ifdef CONFIG_RSBAC_DEBUG
09777 if (rsbac_debug_auto)
09778 {
09779 #ifdef CONFIG_RSBAC_RMSG
09780 rsbac_printk(KERN_DEBUG
09781 "rsbacd(): cleaning up DAZ scanned lists\n");
09782 #endif
09783 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09784 if (!rsbac_nosyslog)
09785 #endif
09786 printk(KERN_DEBUG
09787 "rsbacd(): cleaning up DAZ scanned lists\n");
09788 }
09789 #endif
09790
09791 rsbac_read_lock(&device_list_head.lock, &dflags);
09792
09793 device_p = device_list_head.head;
09794 while (device_p)
09795 {
09796 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
09797 {
09798 rsbac_list_check(device_p->handles.dazs[i], TRUE);
09799 }
09800 device_p = device_p->next;
09801 }
09802 rsbac_read_unlock(&device_list_head.lock, &dflags);
09803 }
09804 #endif
09805 #endif
09806
09807
09808 if(rsbac_initialized && !rsbac_debug_no_write)
09809 {
09810 int err=0;
09811
09812
09813
09814
09815
09816
09817
09818
09819 down(&rsbac_write_sem);
09820 if(!rsbac_debug_no_write)
09821 {
09822 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09823 err = rsbac_write(FALSE);
09824 #else
09825 err = rsbac_write(TRUE);
09826 #endif
09827 }
09828 up(&rsbac_write_sem);
09829 if(err < 0)
09830 {
09831 #ifdef CONFIG_RSBAC_RMSG
09832 if(name)
09833 rsbac_printk(KERN_WARNING
09834 "rsbacd(): rsbac_write returned error %s!\n",
09835 get_error_name(name,err));
09836 else
09837 rsbac_printk(KERN_WARNING
09838 "rsbacd(): rsbac_write returned error %i!\n",
09839 err);
09840 #endif
09841 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09842 if (!rsbac_nosyslog)
09843 #endif
09844 {
09845 if(name)
09846 printk(KERN_WARNING
09847 "rsbacd(): rsbac_write returned error %s!\n",
09848 get_error_name(name,err));
09849 else
09850 printk(KERN_WARNING
09851 "rsbacd(): rsbac_write returned error %i!\n",
09852 err);
09853 }
09854 }
09855 #ifdef CONFIG_RSBAC_DEBUG
09856 else
09857 if (rsbac_debug_auto && (err > 0))
09858 {
09859 #ifdef CONFIG_RSBAC_RMSG
09860 rsbac_printk(KERN_DEBUG
09861 "rsbacd(): rsbac_write() wrote %i lists\n", err);
09862 #endif
09863 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09864 if (!rsbac_nosyslog)
09865 #endif
09866 printk(KERN_DEBUG
09867 "rsbacd(): rsbac_write() wrote %i lists\n", err);
09868 }
09869 #endif
09870 }
09871 }
09872 }
09873 #endif
09874
09875
09876
09877
09878
09879
09880
09881
09882 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09883
09884 extern long sys_kill(int pid, int sig);
09885 #endif
09886
09887 #ifdef CONFIG_RSBAC_INIT_DELAY
09888 int rsbac_init(kdev_t root_dev)
09889 #else
09890 int __init rsbac_init(kdev_t root_dev)
09891 #endif
09892 {
09893 int err = 0;
09894 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
09895 || defined(CONFIG_RSBAC_INIT_THREAD)
09896 rsbac_pid_t rsbacd_pid;
09897 #endif
09898
09899 if (rsbac_initialized)
09900 {
09901 printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n");
09902 return(-RSBAC_EREINIT);
09903 }
09904 if (!current->fs)
09905 {
09906 printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n");
09907 return(-RSBAC_EINVALIDPOINTER);
09908 }
09909
09910 rsbac_root_dev = root_dev;
09911
09912 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
09913 || defined(CONFIG_RSBAC_INIT_THREAD)
09914
09915 init_waitqueue_head(&rsbacd_wait);
09916 #endif
09917
09918 #ifdef CONFIG_RSBAC_INIT_THREAD
09919
09920 #ifdef CONFIG_RSBAC_MAX_INIT_TIME
09921 #endif
09922 printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
09923 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
09924 init_timer(&rsbac_timer);
09925 rsbac_timer.function = wakeup_rsbacd;
09926 rsbac_timer.data = 0;
09927 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
09928 add_timer(&rsbac_timer);
09929
09930
09931 rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0);
09932 printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n",
09933 rsbacd_pid);
09934
09935 if(!rsbac_initialized)
09936 interruptible_sleep_on(&rsbacd_wait);
09937 if(!rsbac_initialized)
09938 {
09939 printk(KERN_ERR
09940 "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
09941 printk(KERN_ERR
09942 "rsbac_init(): *** Killing rsbac_initd! ***\n");
09943 sys_kill(rsbacd_pid, SIGKILL);
09944 rsbac_initialized = FALSE;
09945 }
09946 #else
09947 rsbac_do_init();
09948 #endif
09949
09950 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
09951 if(rsbac_initialized)
09952 {
09953
09954 rsbacd_pid = kernel_thread(rsbacd, NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
09955 if(rsbacd_pid < 0)
09956 {
09957 #ifdef CONFIG_RSBAC_RMSG
09958 rsbac_printk(KERN_ERR
09959 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
09960 rsbacd_pid);
09961 #endif
09962 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09963 if (!rsbac_nosyslog)
09964 #endif
09965 printk(KERN_ERR
09966 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
09967 rsbacd_pid);
09968 }
09969 else
09970 {
09971 #ifdef CONFIG_RSBAC_RMSG
09972 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
09973 rsbacd_pid);
09974 #endif
09975 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
09976 if (!rsbac_nosyslog)
09977 #endif
09978 printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
09979 rsbacd_pid);
09980 }
09981 }
09982 #endif
09983
09984
09985
09986 #ifdef CONFIG_RSBAC_INIT_THREAD
09987 sys_wait4(-1, NULL, WNOHANG, NULL);
09988 #endif
09989
09990
09991 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
09992 {
09993 #ifdef CONFIG_RSBAC_MAC
09994 struct rsbac_mac_user_aci_t mac_u_aci;
09995 #endif
09996 #ifdef CONFIG_RSBAC_RC
09997 struct rsbac_rc_user_aci_t rc_u_aci;
09998 struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
09999 #endif
10000 rsbac_uid_t user = RSBAC_SYSADM_UID;
10001 rsbac_pid_t pid = 1;
10002 struct task_struct * p;
10003
10004 #ifdef CONFIG_RSBAC_RMSG
10005 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
10006 #endif
10007 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10008 if (!rsbac_nosyslog)
10009 #endif
10010 printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
10011
10012 #ifdef CONFIG_RSBAC_MAC
10013 if(!rsbac_list_get_data(user_handles.mac, &user, &mac_u_aci))
10014 {
10015 mac_init_p_aci.owner_sec_level = mac_u_aci.security_level;
10016 mac_init_p_aci.owner_initial_sec_level = mac_u_aci.initial_security_level;
10017 mac_init_p_aci.current_sec_level = mac_u_aci.initial_security_level;
10018 mac_init_p_aci.owner_min_sec_level = mac_u_aci.min_security_level;
10019 mac_init_p_aci.mac_owner_categories = mac_u_aci.mac_categories;
10020 mac_init_p_aci.mac_owner_initial_categories = mac_u_aci.mac_initial_categories;
10021 mac_init_p_aci.mac_curr_categories = mac_u_aci.mac_initial_categories;
10022 mac_init_p_aci.mac_owner_min_categories = mac_u_aci.mac_min_categories;
10023 mac_init_p_aci.min_write_open = mac_u_aci.security_level;
10024 mac_init_p_aci.max_read_open = mac_u_aci.min_security_level;
10025 mac_init_p_aci.min_write_categories = mac_u_aci.mac_categories;
10026 mac_init_p_aci.max_read_categories = mac_u_aci.mac_min_categories;
10027 mac_init_p_aci.mac_process_flags
10028 = (mac_u_aci.mac_user_flags & RSBAC_MAC_P_FLAGS) | RSBAC_MAC_DEF_INIT_P_FLAGS;
10029 }
10030 #endif
10031
10032
10033 #ifdef CONFIG_RSBAC_MAC
10034 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
10035 printk(KERN_WARNING
10036 "rsbac_do_init(): MAC ACI for Init process 1 could not be added!");
10037 #endif
10038 #ifdef CONFIG_RSBAC_RC
10039
10040 if(rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role))
10041 {
10042 if(!rsbac_list_get_data(user_handles.rc, &user, &rc_u_aci))
10043 {
10044 rc_init_p_aci.rc_role = rc_u_aci.rc_role;
10045 }
10046 else
10047 {
10048 rsbac_ds_get_error("rsbac_do_init", A_rc_def_role);
10049 rc_init_p_aci.rc_role = RSBAC_RC_GENERAL_ROLE;
10050 }
10051 }
10052 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
10053 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_init_p_aci))
10054 printk(KERN_WARNING
10055 "rsbac_do_init(): RC ACI for Init process 1 could not be added!");
10056 #endif
10057 read_lock(&tasklist_lock);
10058 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
10059 for_each_task(p)
10060 #else
10061 for_each_process(p)
10062 #endif
10063 {
10064
10065 if(!p->pid || (p->pid == 1))
10066 continue;
10067 pid = p->pid;
10068 #ifdef CONFIG_RSBAC_DEBUG
10069 if (rsbac_debug_ds)
10070 {
10071 #ifdef CONFIG_RSBAC_RMSG
10072 rsbac_printk(KERN_DEBUG "rsbac_do_init(): setting aci for process %u\n",
10073 pid);
10074 #endif
10075 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10076 if (!rsbac_nosyslog)
10077 #endif
10078 printk(KERN_DEBUG "rsbac_do_init(): setting aci for process %u\n",
10079 pid);
10080 }
10081 #endif
10082 #ifdef CONFIG_RSBAC_MAC
10083 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
10084 printk(KERN_WARNING
10085 "rsbac_do_init(): MAC ACI for Init process %u could not be added!",
10086 pid);
10087 #endif
10088 #ifdef CONFIG_RSBAC_RC
10089 if(!p->mm)
10090 {
10091 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
10092 printk(KERN_WARNING
10093 "rsbac_do_init(): RC ACI for Kernel process %u could not be added!",
10094 pid);
10095 }
10096 #endif
10097 }
10098 read_unlock(&tasklist_lock);
10099 }
10100 #endif
10101
10102 printk(KERN_INFO "rsbac_init(): Ready.\n");
10103 return(err);
10104 }
10105
10106
10107
10108 #if defined(CONFIG_RSBAC_REG)
10109 EXPORT_SYMBOL(rsbac_is_initialized);
10110 #endif
10111 rsbac_boolean_t rsbac_is_initialized(void)
10112 {
10113 return rsbac_initialized;
10114 }
10115
10116 int rsbac_kthread_notify(rsbac_pid_t pid)
10117 {
10118 if (!rsbac_initialized)
10119 return 0;
10120
10121 #ifdef CONFIG_RSBAC_MAC
10122 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
10123 printk(KERN_WARNING
10124 "rsbac_do_init(): MAC ACI for kernel process %u could not be added!",
10125 pid);
10126 #endif
10127 #ifdef CONFIG_RSBAC_RC
10128 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
10129 printk(KERN_WARNING
10130 "rsbac_do_init(): RC ACI for kernel process %u could not be added!",
10131 pid);
10132 #endif
10133 return 0;
10134 }
10135
10136
10137
10138 int rsbac_mount(struct super_block * sb_p, struct dentry * d_covers)
10139 {
10140 int err = 0;
10141 struct rsbac_device_list_item_t * device_p;
10142 struct rsbac_device_list_item_t * new_device_p;
10143 u_long flags;
10144 rsbac_boolean_t old_no_write;
10145
10146 if(!sb_p)
10147 {
10148 #ifdef CONFIG_RSBAC_RMSG
10149 rsbac_printk(KERN_WARNING
10150 "rsbac_mount(): called with NULL pointer\n");
10151 #endif
10152 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10153 if (!rsbac_nosyslog)
10154 #endif
10155 printk(KERN_WARNING
10156 "rsbac_mount(): called with NULL pointer\n");
10157 return -RSBAC_EINVALIDPOINTER;
10158 }
10159 if (!rsbac_initialized)
10160 {
10161 #ifdef CONFIG_RSBAC_INIT_DELAY
10162 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
10163 if( !RSBAC_MAJOR(rsbac_delayed_root)
10164 && !RSBAC_MINOR(rsbac_delayed_root)
10165 && rsbac_delayed_root_str[0]
10166 )
10167 {
10168 char * p = rsbac_delayed_root_str;
10169 u_int major = 0;
10170 u_int minor = 0;
10171
10172 major = simple_strtoul(p, NULL, 0);
10173 while((*p != ':') && (*p != '\0'))
10174 p++;
10175 if(*p)
10176 {
10177 p++;
10178 minor = simple_strtoul(p, NULL, 0);
10179 }
10180 rsbac_delayed_root = RSBAC_MKDEV(major,minor);
10181 }
10182 #endif
10183 if( !rsbac_no_delay_init
10184 && ( ( !RSBAC_MAJOR(rsbac_delayed_root)
10185 && !RSBAC_MINOR(rsbac_delayed_root)
10186 && (MAJOR(sb_p->s_dev) > 1)
10187 )
10188 || ( ( RSBAC_MAJOR(rsbac_delayed_root)
10189 || RSBAC_MINOR(rsbac_delayed_root)
10190 )
10191 && ( (MAJOR(sb_p->s_dev) == RSBAC_MAJOR(rsbac_delayed_root))
10192 && ( !RSBAC_MINOR(rsbac_delayed_root)
10193 || (MINOR(sb_p->s_dev) == RSBAC_MINOR(rsbac_delayed_root))
10194 )
10195 )
10196 )
10197 )
10198 )
10199 {
10200 if(RSBAC_MAJOR(rsbac_delayed_root) || RSBAC_MINOR(rsbac_delayed_root))
10201 {
10202 #ifdef CONFIG_RSBAC_RMSG
10203 rsbac_printk(KERN_INFO
10204 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
10205 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
10206 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root));
10207 #endif
10208 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10209 if (!rsbac_nosyslog)
10210 #endif
10211 printk(KERN_INFO
10212 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
10213 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
10214 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root));
10215 }
10216 else
10217 {
10218 #ifdef CONFIG_RSBAC_RMSG
10219 rsbac_printk(KERN_INFO
10220 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
10221 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10222 #endif
10223 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10224 if (!rsbac_nosyslog)
10225 #endif
10226 printk(KERN_INFO
10227 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
10228 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10229 }
10230 rsbac_init(sb_p->s_dev);
10231 return 0;
10232 }
10233 #endif
10234
10235 #ifdef CONFIG_RSBAC_RMSG
10236 rsbac_printk(KERN_WARNING
10237 "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
10238 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10239 #endif
10240 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10241 if (!rsbac_nosyslog)
10242 #endif
10243 printk(KERN_WARNING
10244 "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
10245 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10246
10247 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
10248 if( (sb_p->s_magic == SYSFS_MAGIC)
10249 && !RSBAC_MAJOR(sb_p->s_dev)
10250 )
10251 {
10252 #ifdef CONFIG_RSBAC_RMSG
10253 rsbac_printk(KERN_WARNING
10254 "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
10255 #endif
10256 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10257 if (!rsbac_nosyslog)
10258 #endif
10259 printk(KERN_WARNING
10260 "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
10261 sysfs_sb_p = sb_p;
10262 sysfs_covered_p = d_covers;
10263 }
10264 #endif
10265 #ifdef CONFIG_DEVFS_MOUNT
10266 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
10267 && !RSBAC_MAJOR(sb_p->s_dev)
10268 )
10269 {
10270 #ifdef CONFIG_RSBAC_RMSG
10271 rsbac_printk(KERN_WARNING
10272 "rsbac_mount(): devfs mount detected, keeping values for later use\n");
10273 #endif
10274 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10275 if (!rsbac_nosyslog)
10276 #endif
10277 printk(KERN_WARNING
10278 "rsbac_mount(): devfs mount detected, keeping values for later use\n");
10279 devfs_sb_p = sb_p;
10280 devfs_covered_p = d_covers;
10281 }
10282 #endif
10283 return(-RSBAC_ENOTINITIALIZED);
10284 }
10285 #ifdef CONFIG_RSBAC_DEBUG
10286 if (rsbac_debug_ds)
10287 {
10288 #ifdef CONFIG_RSBAC_RMSG
10289 rsbac_printk(KERN_DEBUG "rsbac_mount(): mounting device %02u:%02u\n",
10290 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10291 #endif
10292 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10293 if (!rsbac_nosyslog)
10294 #endif
10295 printk(KERN_DEBUG "rsbac_mount(): mounting device %02u:%02u\n",
10296 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10297 }
10298 if(rsbac_debug_stack)
10299 {
10300 unsigned long * n = (unsigned long *) (current+1);
10301
10302 while (!*n)
10303 n++;
10304 #ifdef CONFIG_RSBAC_RMSG
10305 rsbac_printk(KERN_DEBUG "rsbac_mount: free stack: %lu\n",
10306 (unsigned long) n - (unsigned long)(current+1));
10307 #endif
10308 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10309 if (!rsbac_nosyslog)
10310 #endif
10311 printk(KERN_DEBUG "rsbac_mount: free stack: %lu\n",
10312 (unsigned long) n - (unsigned long)(current+1));
10313 }
10314 #endif
10315 down(&rsbac_write_sem);
10316 old_no_write = rsbac_debug_no_write;
10317 rsbac_debug_no_write = TRUE;
10318 up(&rsbac_write_sem);
10319
10320 rsbac_read_lock(&device_list_head.lock, &flags);
10321 device_p = lookup_device(sb_p->s_dev);
10322
10323 if(device_p)
10324 {
10325 #ifdef CONFIG_RSBAC_RMSG
10326 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
10327 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10328 #endif
10329 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10330 if (!rsbac_nosyslog)
10331 #endif
10332 printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
10333 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10334 device_p->mount_count++;
10335 if( d_covers
10336 && !device_p->d_covers
10337 && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev))
10338 && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev))
10339 )
10340 {
10341 #ifdef CONFIG_RSBAC_RMSG
10342 rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
10343 d_covers);
10344 #endif
10345 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10346 if (!rsbac_nosyslog)
10347 #endif
10348 printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
10349 d_covers);
10350 device_p->d_covers = d_covers;
10351 }
10352 rsbac_read_unlock(&device_list_head.lock, &flags);
10353 }
10354 else
10355 {
10356 rsbac_read_unlock(&device_list_head.lock, &flags);
10357
10358 new_device_p = create_device_item(sb_p, d_covers);
10359 #ifdef CONFIG_RSBAC_DEBUG
10360 if(rsbac_debug_stack)
10361 {
10362 unsigned long * n = (unsigned long *) (current+1);
10363
10364 while (!*n)
10365 n++;
10366 #ifdef CONFIG_RSBAC_RMSG
10367 rsbac_printk(KERN_DEBUG "rsbac_mount: after creating device item: free stack: %lu\n",
10368 (unsigned long) n - (unsigned long)(current+1));
10369 #endif
10370 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10371 if (!rsbac_nosyslog)
10372 #endif
10373 printk(KERN_DEBUG "rsbac_mount: after creating device item: free stack: %lu\n",
10374 (unsigned long) n - (unsigned long)(current+1));
10375 }
10376 #endif
10377 if(!new_device_p)
10378 {
10379 rsbac_debug_no_write = old_no_write;
10380 return -RSBAC_ECOULDNOTADDDEVICE;
10381 }
10382
10383 rsbac_read_lock(&device_list_head.lock, &flags);
10384
10385 device_p = lookup_device(sb_p->s_dev);
10386 if(device_p)
10387 {
10388 #ifdef CONFIG_RSBAC_RMSG
10389 rsbac_printk(KERN_WARNING
10390 "rsbac_mount(): mount race for device %02u:%02u detected!\n",
10391 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10392 #endif
10393 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10394 if (!rsbac_nosyslog)
10395 #endif
10396 printk(KERN_WARNING
10397 "rsbac_mount(): mount race for device %02u:%02u detected!\n",
10398 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10399 device_p->mount_count++;
10400 rsbac_read_unlock(&device_list_head.lock, &flags);
10401 clear_device_item(new_device_p);
10402 }
10403 else
10404 {
10405 rsbac_read_unlock(&device_list_head.lock, &flags);
10406 rsbac_write_lock(&device_list_head.lock, &flags);
10407 device_p = add_device_item(new_device_p);
10408 rsbac_write_unlock(&device_list_head.lock, &flags);
10409 if(!device_p)
10410 {
10411 #ifdef CONFIG_RSBAC_RMSG
10412 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
10413 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10414 #endif
10415 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10416 if (!rsbac_nosyslog)
10417 #endif
10418 printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
10419 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10420 clear_device_item(new_device_p);
10421 rsbac_debug_no_write = old_no_write;
10422 return -RSBAC_ECOULDNOTADDDEVICE;
10423 }
10424 }
10425
10426
10427 rsbac_list_mount(sb_p->s_dev);
10428
10429
10430 if((err = register_fd_lists(new_device_p, sb_p->s_dev)))
10431 {
10432 char * tmp;
10433
10434 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
10435 if(tmp)
10436 {
10437 #ifdef CONFIG_RSBAC_RMSG
10438 rsbac_printk(KERN_WARNING
10439 "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
10440 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), get_error_name(tmp,err));
10441 #endif
10442 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10443 if (!rsbac_nosyslog)
10444 #endif
10445 printk(KERN_WARNING
10446 "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
10447 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), get_error_name(tmp,err));
10448 rsbac_kfree(tmp);
10449 }
10450 }
10451 #ifdef CONFIG_RSBAC_DEBUG
10452 if(rsbac_debug_stack)
10453 {
10454 unsigned long * n = (unsigned long *) (current+1);
10455
10456 while (!*n)
10457 n++;
10458 #ifdef CONFIG_RSBAC_RMSG
10459 rsbac_printk(KERN_DEBUG "rsbac_mount: after registering fd lists: free stack: %lu\n",
10460 (unsigned long) n - (unsigned long)(current+1));
10461 #endif
10462 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10463 if (!rsbac_nosyslog)
10464 #endif
10465 printk(KERN_DEBUG "rsbac_mount: after registering fd lists: free stack: %lu\n",
10466 (unsigned long) n - (unsigned long)(current+1));
10467 }
10468 #endif
10469 }
10470
10471
10472
10473 #if defined(CONFIG_RSBAC_MAC)
10474 rsbac_mount_mac(sb_p->s_dev);
10475 #ifdef CONFIG_RSBAC_DEBUG
10476 if(rsbac_debug_stack)
10477 {
10478 unsigned long * n = (unsigned long *) (current+1);
10479
10480 while (!*n)
10481 n++;
10482 #ifdef CONFIG_RSBAC_RMSG
10483 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_mac: free stack: %lu\n",
10484 (unsigned long) n - (unsigned long)(current+1));
10485 #endif
10486 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10487 if (!rsbac_nosyslog)
10488 #endif
10489 printk(KERN_DEBUG "rsbac_mount: after mount_mac: free stack: %lu\n",
10490 (unsigned long) n - (unsigned long)(current+1));
10491 }
10492 #endif
10493 #endif
10494
10495 #if defined(CONFIG_RSBAC_AUTH)
10496 rsbac_mount_auth(sb_p->s_dev);
10497 #ifdef CONFIG_RSBAC_DEBUG
10498 if(rsbac_debug_stack)
10499 {
10500 unsigned long * n = (unsigned long *) (current+1);
10501
10502 while (!*n)
10503 n++;
10504 #ifdef CONFIG_RSBAC_RMSG
10505 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_auth: free stack: %lu\n",
10506 (unsigned long) n - (unsigned long)(current+1));
10507 #endif
10508 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10509 if (!rsbac_nosyslog)
10510 #endif
10511 printk(KERN_DEBUG "rsbac_mount: after mount_auth: free stack: %lu\n",
10512 (unsigned long) n - (unsigned long)(current+1));
10513 }
10514 #endif
10515 #endif
10516
10517 #if defined(CONFIG_RSBAC_ACL)
10518 rsbac_mount_acl(sb_p->s_dev);
10519 #ifdef CONFIG_RSBAC_DEBUG
10520 if(rsbac_debug_stack)
10521 {
10522 unsigned long * n = (unsigned long *) (current+1);
10523
10524 while (!*n)
10525 n++;
10526 #ifdef CONFIG_RSBAC_RMSG
10527 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_acl: free stack: %lu\n",
10528 (unsigned long) n - (unsigned long)(current+1));
10529 #endif
10530 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10531 if (!rsbac_nosyslog)
10532 #endif
10533 printk(KERN_DEBUG "rsbac_mount: after mount_acl: free stack: %lu\n",
10534 (unsigned long) n - (unsigned long)(current+1));
10535 }
10536 #endif
10537 #endif
10538
10539 #if defined(CONFIG_RSBAC_REG)
10540 rsbac_mount_reg(sb_p->s_dev);
10541 #ifdef CONFIG_RSBAC_DEBUG
10542 if(rsbac_debug_stack)
10543 {
10544 unsigned long * n = (unsigned long *) (current+1);
10545
10546 while (!*n)
10547 n++;
10548 #ifdef CONFIG_RSBAC_RMSG
10549 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_reg: free stack: %lu\n",
10550 (unsigned long) n - (unsigned long)(current+1));
10551 #endif
10552 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10553 if (!rsbac_nosyslog)
10554 #endif
10555 printk(KERN_DEBUG "rsbac_mount: after mount_reg: free stack: %lu\n",
10556 (unsigned long) n - (unsigned long)(current+1));
10557 }
10558 #endif
10559 #endif
10560
10561 rsbac_debug_no_write = old_no_write;
10562 return(err);
10563 }
10564
10565
10566
10567
10568 int rsbac_umount(struct super_block * sb_p, struct dentry * d_covers)
10569 {
10570 u_long flags;
10571 struct rsbac_device_list_item_t * device_p;
10572 kdev_t kdev;
10573
10574 if(!sb_p)
10575 {
10576 #ifdef CONFIG_RSBAC_RMSG
10577 rsbac_printk(KERN_WARNING
10578 "rsbac_umount(): called with NULL pointer\n");
10579 #endif
10580 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10581 if (!rsbac_nosyslog)
10582 #endif
10583 printk(KERN_WARNING
10584 "rsbac_umount(): called with NULL pointer\n");
10585 return -RSBAC_EINVALIDPOINTER;
10586 }
10587 if (!rsbac_initialized)
10588 {
10589 #ifdef CONFIG_RSBAC_RMSG
10590 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
10591 #endif
10592 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10593 if (!rsbac_nosyslog)
10594 #endif
10595 printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
10596
10597 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
10598 if( (sb_p->s_magic == SYSFS_MAGIC)
10599 && !RSBAC_MAJOR(sb_p->s_dev)
10600 && sysfs_sb_p
10601 && sysfs_covered_p
10602 )
10603 {
10604 #ifdef CONFIG_RSBAC_RMSG
10605 rsbac_printk(KERN_WARNING
10606 "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
10607 #endif
10608 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10609 if (!rsbac_nosyslog)
10610 #endif
10611 printk(KERN_WARNING
10612 "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
10613 sysfs_sb_p = NULL;
10614 sysfs_covered_p = NULL;
10615 }
10616 #endif
10617 #ifdef CONFIG_DEVFS_MOUNT
10618 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
10619 && !RSBAC_MAJOR(sb_p->s_dev)
10620 && devfs_sb_p
10621 && devfs_covered_p
10622 )
10623 {
10624 #ifdef CONFIG_RSBAC_RMSG
10625 rsbac_printk(KERN_WARNING
10626 "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
10627 #endif
10628 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10629 if (!rsbac_nosyslog)
10630 #endif
10631 printk(KERN_WARNING
10632 "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
10633 devfs_sb_p = NULL;
10634 devfs_covered_p = NULL;
10635 }
10636 #endif
10637
10638 return(-RSBAC_ENOTINITIALIZED);
10639 }
10640
10641 #ifdef CONFIG_RSBAC_DEBUG
10642 if (rsbac_debug_ds)
10643 {
10644 #ifdef CONFIG_RSBAC_RMSG
10645 rsbac_printk(KERN_DEBUG "rsbac_umount(): umounting device %02u:%02u\n",
10646 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10647 #endif
10648 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10649 if (!rsbac_nosyslog)
10650 #endif
10651 printk(KERN_DEBUG "rsbac_umount(): umounting device %02u:%02u\n",
10652 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
10653 }
10654 #endif
10655
10656 kdev = sb_p->s_dev;
10657
10658
10659 #if defined(CONFIG_RSBAC_AUTO_WRITE)
10660 if(!rsbac_debug_no_write)
10661 {
10662 down(&rsbac_write_sem);
10663
10664 if(!rsbac_debug_no_write)
10665 {
10666 rsbac_write(TRUE);
10667 }
10668 up(&rsbac_write_sem);
10669 }
10670 #endif
10671
10672
10673 #if defined(CONFIG_RSBAC_MAC)
10674 rsbac_umount_mac(kdev);
10675 #endif
10676
10677 #if defined(CONFIG_RSBAC_AUTH)
10678 rsbac_umount_auth(kdev);
10679 #endif
10680
10681 #if defined(CONFIG_RSBAC_ACL)
10682 rsbac_umount_acl(kdev);
10683 #endif
10684
10685 #if defined(CONFIG_RSBAC_REG)
10686 rsbac_umount_reg(kdev);
10687 #endif
10688
10689
10690 rsbac_write_lock(&device_list_head.lock, &flags);
10691
10692 device_p = lookup_device(kdev);
10693 if(device_p)
10694 {
10695 if(device_p->mount_count == 1)
10696 {
10697
10698 rsbac_list_umount(kdev);
10699 remove_device_item(kdev);
10700 }
10701 else
10702 {
10703 if(device_p->mount_count > 1)
10704 {
10705 device_p->mount_count--;
10706 if(device_p->d_covers == d_covers)
10707 {
10708 #ifdef CONFIG_RSBAC_RMSG
10709 rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
10710 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
10711 #endif
10712 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10713 if (!rsbac_nosyslog)
10714 #endif
10715 printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
10716 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
10717 device_p->d_covers = NULL;
10718 }
10719 }
10720 else
10721 {
10722 #ifdef CONFIG_RSBAC_RMSG
10723 printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
10724 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
10725 #endif
10726 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10727 if (!rsbac_nosyslog)
10728 #endif
10729 printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
10730 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
10731 }
10732 }
10733 }
10734
10735 rsbac_write_unlock(&device_list_head.lock, &flags);
10736
10737 return(0);
10738 }
10739
10740
10741
10742
10743 int rsbac_free_dat_dentries(void)
10744 {
10745 u_long flags;
10746 struct rsbac_device_list_item_t * device_p;
10747
10748 if (!rsbac_initialized)
10749 {
10750 #ifdef CONFIG_RSBAC_RMSG
10751 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
10752 #endif
10753 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10754 if (!rsbac_nosyslog)
10755 #endif
10756 printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
10757 return(-RSBAC_ENOTINITIALIZED);
10758 }
10759
10760 #ifdef CONFIG_RSBAC_RMSG
10761 rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
10762 #endif
10763 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
10764 if (!rsbac_nosyslog)
10765 #endif
10766 printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
10767
10768
10769 rsbac_write_lock_irq(&device_list_head.lock, &flags);
10770
10771 device_p = device_list_head.head;
10772 while(device_p)
10773 {
10774 if(device_p->rsbac_dir_dentry_p)
10775 {
10776 dput(device_p->rsbac_dir_dentry_p);
10777 device_p->rsbac_dir_dentry_p = NULL;
10778 }
10779 device_p = device_p->next;
10780 }
10781
10782 rsbac_write_unlock_irq(&device_list_head.lock, &flags);
10783
10784 return(0);
10785 }
10786
10787
10788
10789
10790 int rsbac_stats(void)
10791 {
10792 struct rsbac_device_list_item_t * device_p;
10793 int i;
10794 u_long fd_count = 0, fd_sum = 0;
10795 u_long dev_sum = 0;
10796 u_long ipc_sum = 0;
10797 u_long user_sum = 0;
10798 u_long process_sum = 0;
10799 #if defined(CONFIG_RSBAC_UM)
10800 u_long group_sum = 0;
10801 #endif
10802 #if defined(CONFIG_RSBAC_NET_OBJ)
10803 u_long nettemp_sum = 0;
10804 u_long lnetobj_sum = 0;
10805 u_long rnetobj_sum = 0;
10806 #endif
10807 u_long total_sum = 0;
10808 long tmp_count;
10809 u_long dflags;
10810
10811 if (!rsbac_initialized)
10812 {
10813 printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
10814 return(-RSBAC_ENOTINITIALIZED);
10815 }
10816
10817 rsbac_read_lock(&device_list_head.lock, &dflags);
10818
10819
10820
10821 device_p = device_list_head.head;
10822 while (device_p)
10823 {
10824 fd_count = 0;
10825 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
10826 {
10827 tmp_count = rsbac_list_count(device_p->handles.gen[i]);
10828 if(tmp_count > 0)
10829 fd_count+=tmp_count;
10830 }
10831 printk(KERN_INFO "Device %02u:%02u fd_items: %lu GEN",
10832 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
10833 fd_sum += fd_count;
10834
10835 #if defined(CONFIG_RSBAC_MAC)
10836 fd_count = 0;
10837 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
10838 {
10839 tmp_count = rsbac_list_count(device_p->handles.mac[i]);
10840 if(tmp_count > 0)
10841 fd_count+=tmp_count;
10842 }
10843 printk(", %lu MAC",
10844 fd_count);
10845 fd_sum += fd_count;
10846 #endif
10847
10848 #if defined(CONFIG_RSBAC_FC)
10849 fd_count = 0;
10850 for (i=0; i < RSBAC_FC_NR_FD_LISTS; i++)
10851 {
10852 tmp_count = rsbac_list_count(device_p->handles.fc[i]);
10853 if(tmp_count > 0)
10854 fd_count+=tmp_count;
10855 }
10856 printk(", %lu FC",
10857 fd_count);
10858 fd_sum += fd_count;
10859 #endif
10860
10861 #if defined(CONFIG_RSBAC_SIM)
10862 fd_count = 0;
10863 for (i=0; i < RSBAC_SIM_NR_FD_LISTS; i++)
10864 {
10865 tmp_count = rsbac_list_count(device_p->handles.sim[i]);
10866 if(tmp_count > 0)
10867 fd_count+=tmp_count;
10868 }
10869 printk(", %lu SIM",
10870 fd_count);
10871 fd_sum += fd_count;
10872 #endif
10873
10874 #if defined(CONFIG_RSBAC_PM)
10875 fd_count = 0;
10876 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
10877 {
10878 tmp_count = rsbac_list_count(device_p->handles.pm[i]);
10879 if(tmp_count > 0)
10880 fd_count+=tmp_count;
10881 }
10882 printk(", %lu PM",
10883 fd_count);
10884 fd_sum += fd_count;
10885 #endif
10886
10887 #if defined(CONFIG_RSBAC_DAZ)
10888 fd_count = 0;
10889 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
10890 {
10891 tmp_count = rsbac_list_count(device_p->handles.daz[i]);
10892 if(tmp_count > 0)
10893 fd_count+=tmp_count;
10894 }
10895 printk(", %lu DAZ",
10896 fd_count);
10897 fd_sum += fd_count;
10898 #if defined(CONFIG_RSBAC_DAZ_CACHE)
10899 fd_count = 0;
10900 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
10901 {
10902 tmp_count = rsbac_list_count(device_p->handles.dazs[i]);
10903 if(tmp_count > 0)
10904 fd_count+=tmp_count;
10905 }
10906 printk(", %lu DAZ_SCANNED",
10907 fd_count);
10908 fd_sum += fd_count;
10909 #endif
10910 #endif
10911
10912 #if defined(CONFIG_RSBAC_FF)
10913 fd_count = 0;
10914 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
10915 {
10916 tmp_count = rsbac_list_count(device_p->handles.ff[i]);
10917 if(tmp_count > 0)
10918 fd_count+=tmp_count;
10919 }
10920 printk(", %lu FF",
10921 fd_count);
10922 fd_sum += fd_count;
10923 #endif
10924
10925 #if defined(CONFIG_RSBAC_RC)
10926 fd_count = 0;
10927 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
10928 {
10929 tmp_count = rsbac_list_count(device_p->handles.rc[i]);
10930 if(tmp_count > 0)
10931 fd_count+=tmp_count;
10932 }
10933 printk(", %lu RC",
10934 fd_count);
10935 fd_sum += fd_count;
10936 #endif
10937
10938 #if defined(CONFIG_RSBAC_AUTH)
10939 fd_count = 0;
10940 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
10941 {
10942 tmp_count = rsbac_list_count(device_p->handles.auth[i]);
10943 if(tmp_count > 0)
10944 fd_count+=tmp_count;
10945 }
10946 printk(", %lu AUTH",
10947 fd_count);
10948 fd_sum += fd_count;
10949 #endif
10950
10951 #if defined(CONFIG_RSBAC_CAP)
10952 fd_count = 0;
10953 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
10954 {
10955 tmp_count = rsbac_list_count(device_p->handles.cap[i]);
10956 if(tmp_count > 0)
10957 fd_count+=tmp_count;
10958 }
10959 printk(", %lu CAP",
10960 fd_count);
10961 fd_sum += fd_count;
10962 #endif
10963 #if defined(CONFIG_RSBAC_RES)
10964 fd_count = 0;
10965 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
10966 {
10967 tmp_count = rsbac_list_count(device_p->handles.res[i]);
10968 if(tmp_count > 0)
10969 fd_count+=tmp_count;
10970 }
10971 printk(", %lu RES",
10972 fd_count);
10973 fd_sum += fd_count;
10974 #endif
10975 #if defined(CONFIG_RSBAC_PAX)
10976 fd_count = 0;
10977 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
10978 {
10979 tmp_count = rsbac_list_count(device_p->handles.pax[i]);
10980 if(tmp_count > 0)
10981 fd_count+=tmp_count;
10982 }
10983 printk(", %lu PAX",
10984 fd_count);
10985 fd_sum += fd_count;
10986 #endif
10987
10988 printk("\n");
10989 device_p = device_p->next;
10990 }
10991 printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
10992 device_list_head.count, fd_sum);
10993
10994 rsbac_read_unlock(&device_list_head.lock, &dflags);
10995 total_sum += fd_sum;
10996
10997
10998 tmp_count = rsbac_list_count(dev_handles.gen);
10999 printk(KERN_INFO "DEV items: %lu GEN",
11000 tmp_count);
11001 dev_sum += tmp_count;
11002 #if defined(CONFIG_RSBAC_MAC)
11003 tmp_count = rsbac_list_count(dev_handles.mac);
11004 printk(", %lu MAC",
11005 tmp_count);
11006 dev_sum += tmp_count;
11007 #endif
11008 #if defined(CONFIG_RSBAC_FC)
11009 tmp_count = rsbac_list_count(dev_handles.fc);
11010 printk(", %lu FC",
11011 tmp_count);
11012 dev_sum += tmp_count;
11013 #endif
11014 #if defined(CONFIG_RSBAC_SIM)
11015 tmp_count = rsbac_list_count(dev_handles.sim);
11016 printk(", %lu SIM",
11017 tmp_count);
11018 dev_sum += tmp_count;
11019 #endif
11020 #if defined(CONFIG_RSBAC_PM)
11021 tmp_count = rsbac_list_count(dev_handles.pm);
11022 printk(", %lu PM",
11023 tmp_count);
11024 dev_sum += tmp_count;
11025 #endif
11026 #if defined(CONFIG_RSBAC_RC)
11027 tmp_count = rsbac_list_count(dev_handles.rc);
11028 printk(", %lu RC",
11029 tmp_count);
11030 dev_sum += tmp_count;
11031 #endif
11032 printk("\n");
11033 printk(KERN_INFO "Sum of %lu DEV items\n",
11034 dev_sum);
11035 total_sum += dev_sum;
11036
11037
11038 printk(KERN_INFO "IPC items:\nno GEN");
11039 #if defined(CONFIG_RSBAC_MAC)
11040 tmp_count = rsbac_list_count(ipc_handles.mac);
11041 printk(", %lu MAC",
11042 tmp_count);
11043 ipc_sum += tmp_count;
11044 #endif
11045 #if defined(CONFIG_RSBAC_FC)
11046 tmp_count = rsbac_list_count(ipc_handles.fc);
11047 printk(", %lu FC",
11048 tmp_count);
11049 ipc_sum += tmp_count;
11050 #endif
11051 #if defined(CONFIG_RSBAC_SIM)
11052 tmp_count = rsbac_list_count(ipc_handles.sim);
11053 printk(", %lu SIM",
11054 tmp_count);
11055 ipc_sum += tmp_count;
11056 #endif
11057 #if defined(CONFIG_RSBAC_PM)
11058 tmp_count = rsbac_list_count(ipc_handles.pm);
11059 printk(", %lu PM",
11060 tmp_count);
11061 ipc_sum += tmp_count;
11062 #endif
11063 #if defined(CONFIG_RSBAC_RC)
11064 tmp_count = rsbac_list_count(ipc_handles.rc);
11065 printk(", %lu RC",
11066 tmp_count);
11067 ipc_sum += tmp_count;
11068 #endif
11069 #if defined(CONFIG_RSBAC_JAIL)
11070 tmp_count = rsbac_list_count(ipc_handles.jail);
11071 printk(", %lu JAIL",
11072 tmp_count);
11073 ipc_sum += tmp_count;
11074 #endif
11075 printk("\n");
11076 printk(KERN_INFO "Sum of %lu IPC items\n",
11077 ipc_sum);
11078 total_sum += ipc_sum;
11079
11080
11081 tmp_count = rsbac_list_count(user_handles.gen);
11082 printk(KERN_INFO "USER items:\n%lu GEN",
11083 tmp_count);
11084 user_sum += tmp_count;
11085 #if defined(CONFIG_RSBAC_MAC)
11086 tmp_count = rsbac_list_count(user_handles.mac);
11087 printk(", %lu MAC",
11088 tmp_count);
11089 user_sum += tmp_count;
11090 #endif
11091 #if defined(CONFIG_RSBAC_FC)
11092 tmp_count = rsbac_list_count(user_handles.fc);
11093 printk(", %lu FC",
11094 tmp_count);
11095 user_sum += tmp_count;
11096 #endif
11097 #if defined(CONFIG_RSBAC_SIM)
11098 tmp_count = rsbac_list_count(user_handles.sim);
11099 printk(", %lu SIM",
11100 tmp_count);
11101 user_sum += tmp_count;
11102 #endif
11103 #if defined(CONFIG_RSBAC_PM)
11104 tmp_count = rsbac_list_count(user_handles.pm);
11105 printk(", %lu PM",
11106 tmp_count);
11107 user_sum += tmp_count;
11108 #endif
11109 #if defined(CONFIG_RSBAC_DAZ)
11110 tmp_count = rsbac_list_count(user_handles.daz);
11111 printk(", %lu DAZ",
11112 tmp_count);
11113 user_sum += tmp_count;
11114 #endif
11115 #if defined(CONFIG_RSBAC_RC)
11116 tmp_count = rsbac_list_count(user_handles.rc);
11117 printk(", %lu RC",
11118 tmp_count);
11119 user_sum += tmp_count;
11120 #endif
11121 #if defined(CONFIG_RSBAC_AUTH)
11122 tmp_count = rsbac_list_count(user_handles.auth);
11123 printk(", %lu AUTH",
11124 tmp_count);
11125 user_sum += tmp_count;
11126 #endif
11127 #if defined(CONFIG_RSBAC_CAP)
11128 tmp_count = rsbac_list_count(user_handles.cap);
11129 printk(", %lu CAP",
11130 tmp_count);
11131 user_sum += tmp_count;
11132 #endif
11133 #if defined(CONFIG_RSBAC_JAIL)
11134 tmp_count = rsbac_list_count(user_handles.jail);
11135 printk(", %lu JAIL",
11136 tmp_count);
11137 user_sum += tmp_count;
11138 #endif
11139 #if defined(CONFIG_RSBAC_RES)
11140 tmp_count = rsbac_list_count(user_handles.res);
11141 printk(", %lu RES",
11142 tmp_count);
11143 user_sum += tmp_count;
11144 #endif
11145 #if defined(CONFIG_RSBAC_PAX)
11146 tmp_count = rsbac_list_count(user_handles.pax);
11147 printk(", %lu PAX",
11148 tmp_count);
11149 user_sum += tmp_count;
11150 #endif
11151 printk("\n");
11152 printk(KERN_INFO "Sum of %lu USER items\n",
11153 user_sum);
11154 total_sum += user_sum;
11155
11156
11157 tmp_count = rsbac_list_count(process_handles.gen);
11158 printk(KERN_INFO "PROCESS items:\n%lu GEN",
11159 tmp_count);
11160 process_sum += tmp_count;
11161 #if defined(CONFIG_RSBAC_MAC)
11162 tmp_count = 0;
11163 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
11164 tmp_count += rsbac_list_count(process_handles.mac[i]);
11165 printk(", %lu MAC",
11166 tmp_count);
11167 process_sum += tmp_count;
11168 #endif
11169 #if defined(CONFIG_RSBAC_PM)
11170 tmp_count = rsbac_list_count(process_handles.pm);
11171 printk(", %lu PM",
11172 tmp_count);
11173 process_sum += tmp_count;
11174 #endif
11175 #if defined(CONFIG_RSBAC_DAZ)
11176 tmp_count = rsbac_list_count(process_handles.daz);
11177 printk(", %lu DAZ",
11178 tmp_count);
11179 process_sum += tmp_count;
11180 #endif
11181 #if defined(CONFIG_RSBAC_RC)
11182 tmp_count = 0;
11183 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
11184 tmp_count += rsbac_list_count(process_handles.rc[i]);
11185 printk(", %lu RC",
11186 tmp_count);
11187 process_sum += tmp_count;
11188 #endif
11189 #if defined(CONFIG_RSBAC_AUTH)
11190 tmp_count = rsbac_list_count(process_handles.auth);
11191 printk(", %lu AUTH",
11192 tmp_count);
11193 process_sum += tmp_count;
11194 #endif
11195 #if defined(CONFIG_RSBAC_CAP)
11196 tmp_count = rsbac_list_count(process_handles.cap);
11197 printk(", %lu CAP",
11198 tmp_count);
11199 process_sum += tmp_count;
11200 #endif
11201 #if defined(CONFIG_RSBAC_JAIL)
11202 tmp_count = 0;
11203 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
11204 tmp_count += rsbac_list_count(process_handles.jail[i]);
11205 printk(", %lu JAIL",
11206 tmp_count);
11207 process_sum += tmp_count;
11208 #endif
11209 printk("\n");
11210 printk(KERN_INFO "Sum of %lu PROCESS items\n",
11211 process_sum);
11212 total_sum += process_sum;
11213
11214 #if defined(CONFIG_RSBAC_UM)
11215
11216 printk(KERN_INFO "GROUP items:\n");
11217 #if defined(CONFIG_RSBAC_RC_UM_PROT)
11218 tmp_count = rsbac_list_count(group_handles.rc);
11219 printk("%lu RC",
11220 tmp_count);
11221 user_sum += tmp_count;
11222 #endif
11223 printk("\n");
11224 printk(KERN_INFO "Sum of %lu GROUP items\n",
11225 group_sum);
11226 total_sum += group_sum;
11227 #endif
11228
11229 #if defined(CONFIG_RSBAC_NET_OBJ)
11230
11231 printk(KERN_INFO "NETTEMP items:\n");
11232 #if defined(CONFIG_RSBAC_MAC)
11233 tmp_count = rsbac_list_count(nettemp_handles.mac);
11234 printk(", %lu MAC",
11235 tmp_count);
11236 nettemp_sum += tmp_count;
11237 #endif
11238 #if defined(CONFIG_RSBAC_FC)
11239 tmp_count = rsbac_list_count(nettemp_handles.fc);
11240 printk(", %lu FC",
11241 tmp_count);
11242 nettemp_sum += tmp_count;
11243 #endif
11244 #if defined(CONFIG_RSBAC_SIM)
11245 tmp_count = rsbac_list_count(nettemp_handles.sim);
11246 printk(", %lu SIM",
11247 tmp_count);
11248 nettemp_sum += tmp_count;
11249 #endif
11250 #if defined(CONFIG_RSBAC_PM)
11251 tmp_count = rsbac_list_count(nettemp_handles.pm);
11252 printk(", %lu PM",
11253 tmp_count);
11254 nettemp_sum += tmp_count;
11255 #endif
11256 #if defined(CONFIG_RSBAC_RC)
11257 tmp_count = rsbac_list_count(nettemp_handles.rc);
11258 printk(", %lu RC",
11259 tmp_count);
11260 nettemp_sum += tmp_count;
11261 #endif
11262 printk("\n");
11263 printk(KERN_INFO "Sum of %lu NETTEMP items\n",
11264 nettemp_sum);
11265 total_sum += nettemp_sum;
11266
11267
11268 printk(KERN_INFO "Local NETOBJ items:\n");
11269 #if defined(CONFIG_RSBAC_MAC)
11270 tmp_count = rsbac_list_count(lnetobj_handles.mac);
11271 printk(", %lu MAC",
11272 tmp_count);
11273 lnetobj_sum += tmp_count;
11274 #endif
11275 #if defined(CONFIG_RSBAC_FC)
11276 tmp_count = rsbac_list_count(lnetobj_handles.fc);
11277 printk(", %lu FC",
11278 tmp_count);
11279 lnetobj_sum += tmp_count;
11280 #endif
11281 #if defined(CONFIG_RSBAC_SIM)
11282 tmp_count = rsbac_list_count(lnetobj_handles.sim);
11283 printk(", %lu SIM",
11284 tmp_count);
11285 lnetobj_sum += tmp_count;
11286 #endif
11287 #if defined(CONFIG_RSBAC_PM)
11288 tmp_count = rsbac_list_count(lnetobj_handles.pm);
11289 printk(", %lu PM",
11290 tmp_count);
11291 lnetobj_sum += tmp_count;
11292 #endif
11293 #if defined(CONFIG_RSBAC_RC)
11294 tmp_count = rsbac_list_count(lnetobj_handles.rc);
11295 printk(", %lu RC",
11296 tmp_count);
11297 lnetobj_sum += tmp_count;
11298 #endif
11299 printk("\n");
11300 printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
11301 lnetobj_sum);
11302 total_sum += lnetobj_sum;
11303
11304
11305 printk(KERN_INFO "Remote NETOBJ items:\n");
11306 #if defined(CONFIG_RSBAC_MAC)
11307 tmp_count = rsbac_list_count(rnetobj_handles.mac);
11308 printk(", %lu MAC",
11309 tmp_count);
11310 rnetobj_sum += tmp_count;
11311 #endif
11312 #if defined(CONFIG_RSBAC_FC)
11313 tmp_count = rsbac_list_count(rnetobj_handles.fc);
11314 printk(", %lu FC",
11315 tmp_count);
11316 rnetobj_sum += tmp_count;
11317 #endif
11318 #if defined(CONFIG_RSBAC_SIM)
11319 tmp_count = rsbac_list_count(rnetobj_handles.sim);
11320 printk(", %lu SIM",
11321 tmp_count);
11322 rnetobj_sum += tmp_count;
11323 #endif
11324 #if defined(CONFIG_RSBAC_PM)
11325 tmp_count = rsbac_list_count(rnetobj_handles.pm);
11326 printk(", %lu PM",
11327 tmp_count);
11328 rnetobj_sum += tmp_count;
11329 #endif
11330 #if defined(CONFIG_RSBAC_RC)
11331 tmp_count = rsbac_list_count(rnetobj_handles.rc);
11332 printk(", %lu RC",
11333 tmp_count);
11334 rnetobj_sum += tmp_count;
11335 #endif
11336 printk("\n");
11337 printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
11338 rnetobj_sum);
11339 total_sum += rnetobj_sum;
11340 #endif
11341
11342 printk(KERN_INFO
11343 "Total of %lu registered rsbac-items\n",
11344 total_sum);
11345
11346 printk(KERN_INFO
11347 "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
11348 rsbac_adf_request_count[T_FILE],
11349 rsbac_adf_request_count[T_DIR],
11350 rsbac_adf_request_count[T_FIFO],
11351 rsbac_adf_request_count[T_SYMLINK],
11352 rsbac_adf_request_count[T_DEV],
11353 rsbac_adf_request_count[T_IPC],
11354 rsbac_adf_request_count[T_SCD],
11355 rsbac_adf_request_count[T_USER],
11356 rsbac_adf_request_count[T_PROCESS],
11357 rsbac_adf_request_count[T_NETDEV],
11358 rsbac_adf_request_count[T_NETTEMP],
11359 rsbac_adf_request_count[T_NETOBJ]);
11360 printk(KERN_INFO
11361 "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
11362 rsbac_adf_set_attr_count[T_FILE],
11363 rsbac_adf_set_attr_count[T_DIR],
11364 rsbac_adf_set_attr_count[T_FIFO],
11365 rsbac_adf_set_attr_count[T_SYMLINK],
11366 rsbac_adf_set_attr_count[T_DEV],
11367 rsbac_adf_set_attr_count[T_IPC],
11368 rsbac_adf_set_attr_count[T_SCD],
11369 rsbac_adf_set_attr_count[T_USER],
11370 rsbac_adf_set_attr_count[T_PROCESS],
11371 rsbac_adf_set_attr_count[T_NETDEV],
11372 rsbac_adf_set_attr_count[T_NETTEMP],
11373 rsbac_adf_set_attr_count[T_NETOBJ]);
11374
11375 #if defined(CONFIG_RSBAC_PM)
11376 rsbac_stats_pm();
11377 #endif
11378 #if defined(CONFIG_RSBAC_RC)
11379 rsbac_stats_rc();
11380 #endif
11381 #if defined(CONFIG_RSBAC_AUTH)
11382 rsbac_stats_auth();
11383 #endif
11384 #if defined(CONFIG_RSBAC_ACL)
11385 rsbac_stats_acl();
11386 #endif
11387 return(0);
11388 }
11389
11390
11391
11392 int rsbac_check_inode(struct super_block * sb_p, rsbac_inode_nr_t inode)
11393 {
11394 struct inode * inode_p;
11395 int err = 0;
11396
11397 if(!sb_p)
11398 return -RSBAC_EINVALIDPOINTER;
11399 if(!inode)
11400 return -RSBAC_EINVALIDVALUE;
11401 if(!MAJOR(sb_p->s_dev))
11402 return 0;
11403
11404 if(sb_p->s_magic != EXT2_SUPER_MAGIC)
11405 return 0;
11406
11407 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
11408 if(sb_p->s_op && sb_p->s_op->read_inode2)
11409 return 0;
11410 #endif
11411 inode_p = iget(sb_p, inode);
11412 if(is_bad_inode(inode_p))
11413 {
11414 return -RSBAC_ENOTFOUND;
11415 }
11416 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
11417
11418 if(sb_p->s_magic == EXT2_SUPER_MAGIC)
11419 {
11420 if(inode_p->u.ext2_i.i_dtime)
11421 {
11422 err = -RSBAC_ENOTFOUND;
11423 }
11424 else
11425 {
11426 if(inode_p->i_nlink <= 0)
11427 {
11428 #ifdef CONFIG_RSBAC_RMSG
11429 rsbac_printk(KERN_WARNING
11430 "rsbac_check_inode(): inode %u with nlink <= 0 on device %02u:%02u detected!\n",
11431 inode, RSBAC_MAJOR(sb_p->s_dev), RSBAC_MINOR(sb_p->s_dev));
11432 #endif
11433 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11434 if (!rsbac_nosyslog)
11435 #endif
11436 printk(KERN_WARNING
11437 "rsbac_check_inode(): inode %u with nlink <= 0 on device %02u:%02u detected!\n",
11438 inode, RSBAC_MAJOR(sb_p->s_dev), RSBAC_MINOR(sb_p->s_dev));
11439 err = -RSBAC_ENOTFOUND;
11440 }
11441 }
11442 }
11443 #endif
11444 iput(inode_p);
11445 return err;
11446 }
11447
11448
11449
11450
11451
11452 int rsbac_check(int correct, int check_inode)
11453 {
11454 struct rsbac_device_list_item_t * device_p;
11455 int i;
11456 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
11457 int list_no;
11458 long desc_count;
11459 u_long fd_count = 0, fd_sum = 0, tmp_count,
11460 b_count, def_count;
11461 u_long dflags;
11462 rsbac_inode_nr_t * fd_desc_p;
11463
11464 if (!rsbac_initialized)
11465 {
11466 #ifdef CONFIG_RSBAC_RMSG
11467 rsbac_printk(KERN_WARNING "rsbac_check(): RSBAC not initialized\n");
11468 #endif
11469 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11470 if (!rsbac_nosyslog)
11471 #endif
11472 printk(KERN_WARNING "rsbac_check(): RSBAC not initialized\n");
11473 return(-RSBAC_ENOTINITIALIZED);
11474 }
11475 if (!tmp)
11476 {
11477 return(-RSBAC_ENOMEM);
11478 }
11479 {
11480
11481 rsbac_read_lock(&device_list_head.lock, &dflags);
11482
11483 device_p = device_list_head.head;
11484 while (device_p)
11485 {
11486 fd_count = 0;
11487 b_count = 0;
11488 def_count = 0;
11489 if(check_inode)
11490 {
11491 if(!device_p->sb_p)
11492 {
11493 #ifdef CONFIG_RSBAC_RMSG
11494 rsbac_printk(KERN_WARNING "rsbac_check(): no super block for device %02u:%02u!\n",
11495 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
11496 #endif
11497 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11498 if (!rsbac_nosyslog)
11499 #endif
11500 printk(KERN_WARNING "rsbac_check(): no super block for device %02u:%02u!\n",
11501 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
11502 }
11503 }
11504
11505
11506 for(list_no = 0; list_no < RSBAC_GEN_NR_FD_LISTS; list_no++)
11507 {
11508
11509
11510 tmp_count = 0;
11511 desc_count = rsbac_list_get_all_desc(device_p->handles.gen[list_no], (void **) &fd_desc_p);
11512 if(desc_count > 0)
11513 {
11514 for(i=0; i<desc_count; i++)
11515 {
11516
11517 if(check_inode && device_p->sb_p)
11518 {
11519 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11520 {
11521 b_count++;
11522 if(correct)
11523 {
11524 #ifdef CONFIG_RSBAC_RMSG
11525 rsbac_printk(KERN_INFO
11526 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11527 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11528 #endif
11529 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11530 if (!rsbac_nosyslog)
11531 #endif
11532 printk(KERN_INFO
11533 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11534 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11535 rsbac_list_remove(device_p->handles.gen[list_no], &fd_desc_p[i]);
11536 continue;
11537 }
11538 else
11539 {
11540 #ifdef CONFIG_RSBAC_RMSG
11541 rsbac_printk(KERN_INFO
11542 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11543 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11544 #endif
11545 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11546 if (!rsbac_nosyslog)
11547 #endif
11548 printk(KERN_INFO
11549 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11550 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11551 }
11552 }
11553 }
11554 }
11555
11556 tmp_count++;
11557 rsbac_vfree(fd_desc_p);
11558 fd_count += desc_count;
11559 }
11560 }
11561
11562 #if defined(CONFIG_RSBAC_MAC)
11563
11564 for(list_no = 0; list_no < RSBAC_MAC_NR_FD_LISTS; list_no++)
11565 {
11566
11567
11568 tmp_count = 0;
11569 desc_count = rsbac_list_get_all_desc(device_p->handles.mac[list_no], (void **) &fd_desc_p);
11570 if(desc_count > 0)
11571 {
11572 for(i=0; i<desc_count; i++)
11573 {
11574
11575 if(check_inode && device_p->sb_p)
11576 {
11577 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11578 {
11579 b_count++;
11580 if(correct)
11581 {
11582 #ifdef CONFIG_RSBAC_RMSG
11583 rsbac_printk(KERN_INFO
11584 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11585 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11586 #endif
11587 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11588 if (!rsbac_nosyslog)
11589 #endif
11590 printk(KERN_INFO
11591 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11592 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11593 rsbac_list_remove(device_p->handles.mac[list_no], &fd_desc_p[i]);
11594 continue;
11595 }
11596 else
11597 {
11598 #ifdef CONFIG_RSBAC_RMSG
11599 rsbac_printk(KERN_INFO
11600 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11601 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11602 #endif
11603 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11604 if (!rsbac_nosyslog)
11605 #endif
11606 printk(KERN_INFO
11607 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11608 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11609 }
11610 }
11611 }
11612 }
11613 tmp_count++;
11614 rsbac_vfree(fd_desc_p);
11615 fd_count += desc_count;
11616 }
11617 }
11618 #endif
11619
11620 #if defined(CONFIG_RSBAC_FC)
11621
11622 for(list_no = 0; list_no < RSBAC_FC_NR_FD_LISTS; list_no++)
11623 {
11624
11625
11626 tmp_count = 0;
11627 desc_count = rsbac_list_get_all_desc(device_p->handles.fc[list_no], (void **) &fd_desc_p);
11628 if(desc_count > 0)
11629 {
11630 for(i=0; i<desc_count; i++)
11631 {
11632
11633 if(check_inode && device_p->sb_p)
11634 {
11635 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11636 {
11637 b_count++;
11638 if(correct)
11639 {
11640 #ifdef CONFIG_RSBAC_RMSG
11641 rsbac_printk(KERN_INFO
11642 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11643 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11644 #endif
11645 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11646 if (!rsbac_nosyslog)
11647 #endif
11648 printk(KERN_INFO
11649 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11650 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11651 rsbac_list_remove(device_p->handles.fc[list_no], &fd_desc_p[i]);
11652 continue;
11653 }
11654 else
11655 {
11656 #ifdef CONFIG_RSBAC_RMSG
11657 rsbac_printk(KERN_INFO
11658 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11659 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11660 #endif
11661 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11662 if (!rsbac_nosyslog)
11663 #endif
11664 printk(KERN_INFO
11665 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11666 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11667 }
11668 }
11669 }
11670 }
11671 tmp_count++;
11672 rsbac_vfree(fd_desc_p);
11673 fd_count += desc_count;
11674 }
11675 }
11676 #endif
11677
11678 #if defined(CONFIG_RSBAC_SIM)
11679
11680 for(list_no = 0; list_no < RSBAC_SIM_NR_FD_LISTS; list_no++)
11681 {
11682
11683
11684 tmp_count = 0;
11685 desc_count = rsbac_list_get_all_desc(device_p->handles.sim[list_no], (void **) &fd_desc_p);
11686 if(desc_count > 0)
11687 {
11688 for(i=0; i<desc_count; i++)
11689 {
11690
11691 if(check_inode && device_p->sb_p)
11692 {
11693 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11694 {
11695 b_count++;
11696 if(correct)
11697 {
11698 #ifdef CONFIG_RSBAC_RMSG
11699 rsbac_printk(KERN_INFO
11700 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11701 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11702 #endif
11703 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11704 if (!rsbac_nosyslog)
11705 #endif
11706 printk(KERN_INFO
11707 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11708 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11709 rsbac_list_remove(device_p->handles.sim[list_no], &fd_desc_p[i]);
11710 continue;
11711 }
11712 else
11713 {
11714 #ifdef CONFIG_RSBAC_RMSG
11715 rsbac_printk(KERN_INFO
11716 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11717 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11718 #endif
11719 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11720 if (!rsbac_nosyslog)
11721 #endif
11722 printk(KERN_INFO
11723 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11724 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11725 }
11726 }
11727 }
11728 }
11729 tmp_count++;
11730 rsbac_vfree(fd_desc_p);
11731 fd_count += desc_count;
11732 }
11733 }
11734 #endif
11735
11736 #if defined(CONFIG_RSBAC_PM)
11737
11738 for(list_no = 0; list_no < RSBAC_PM_NR_FD_LISTS; list_no++)
11739 {
11740
11741
11742 tmp_count = 0;
11743 desc_count = rsbac_list_get_all_desc(device_p->handles.pm[list_no], (void **) &fd_desc_p);
11744 if(desc_count > 0)
11745 {
11746 for(i=0; i<desc_count; i++)
11747 {
11748
11749 if(check_inode && device_p->sb_p)
11750 {
11751 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11752 {
11753 b_count++;
11754 if(correct)
11755 {
11756 #ifdef CONFIG_RSBAC_RMSG
11757 rsbac_printk(KERN_INFO
11758 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11759 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11760 #endif
11761 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11762 if (!rsbac_nosyslog)
11763 #endif
11764 printk(KERN_INFO
11765 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11766 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11767 rsbac_list_remove(device_p->handles.pm[list_no], &fd_desc_p[i]);
11768 continue;
11769 }
11770 else
11771 {
11772 #ifdef CONFIG_RSBAC_RMSG
11773 rsbac_printk(KERN_INFO
11774 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11775 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11776 #endif
11777 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11778 if (!rsbac_nosyslog)
11779 #endif
11780 printk(KERN_INFO
11781 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11782 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11783 }
11784 }
11785 }
11786 }
11787 tmp_count++;
11788 rsbac_vfree(fd_desc_p);
11789 fd_count += desc_count;
11790 }
11791 }
11792 #endif
11793
11794 #if defined(CONFIG_RSBAC_DAZ)
11795
11796 for(list_no = 0; list_no < RSBAC_DAZ_NR_FD_LISTS; list_no++)
11797 {
11798
11799
11800 tmp_count = 0;
11801 desc_count = rsbac_list_get_all_desc(device_p->handles.daz[list_no], (void **) &fd_desc_p);
11802 if(desc_count > 0)
11803 {
11804 for(i=0; i<desc_count; i++)
11805 {
11806
11807 if(check_inode && device_p->sb_p)
11808 {
11809 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11810 {
11811 b_count++;
11812 if(correct)
11813 {
11814 #ifdef CONFIG_RSBAC_RMSG
11815 rsbac_printk(KERN_INFO
11816 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11817 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11818 #endif
11819 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11820 if (!rsbac_nosyslog)
11821 #endif
11822 printk(KERN_INFO
11823 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11824 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11825 rsbac_list_remove(device_p->handles.daz[list_no], &fd_desc_p[i]);
11826 continue;
11827 }
11828 else
11829 {
11830 #ifdef CONFIG_RSBAC_RMSG
11831 rsbac_printk(KERN_INFO
11832 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11833 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11834 #endif
11835 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11836 if (!rsbac_nosyslog)
11837 #endif
11838 printk(KERN_INFO
11839 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11840 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11841 }
11842 }
11843 }
11844 }
11845 tmp_count++;
11846 rsbac_vfree(fd_desc_p);
11847 fd_count += desc_count;
11848 }
11849 }
11850 #if defined(CONFIG_RSBAC_DAZ_CACHE)
11851
11852 for(list_no = 0; list_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; list_no++)
11853 {
11854
11855
11856 tmp_count = 0;
11857 desc_count = rsbac_list_get_all_desc(device_p->handles.dazs[list_no], (void **) &fd_desc_p);
11858 if(desc_count > 0)
11859 {
11860 for(i=0; i<desc_count; i++)
11861 {
11862
11863 if(check_inode && device_p->sb_p)
11864 {
11865 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11866 {
11867 b_count++;
11868 if(correct)
11869 {
11870 #ifdef CONFIG_RSBAC_RMSG
11871 rsbac_printk(KERN_INFO
11872 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11873 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11874 #endif
11875 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11876 if (!rsbac_nosyslog)
11877 #endif
11878 printk(KERN_INFO
11879 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11880 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11881 rsbac_list_remove(device_p->handles.daz[list_no], &fd_desc_p[i]);
11882 continue;
11883 }
11884 else
11885 {
11886 #ifdef CONFIG_RSBAC_RMSG
11887 rsbac_printk(KERN_INFO
11888 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11889 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11890 #endif
11891 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11892 if (!rsbac_nosyslog)
11893 #endif
11894 printk(KERN_INFO
11895 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11896 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11897 }
11898 }
11899 }
11900 }
11901 tmp_count++;
11902 rsbac_vfree(fd_desc_p);
11903 fd_count += desc_count;
11904 }
11905 }
11906 #endif
11907 #endif
11908
11909 #if defined(CONFIG_RSBAC_FF)
11910
11911 for(list_no = 0; list_no < RSBAC_FF_NR_FD_LISTS; list_no++)
11912 {
11913
11914
11915 tmp_count = 0;
11916 desc_count = rsbac_list_get_all_desc(device_p->handles.ff[list_no], (void **) &fd_desc_p);
11917 if(desc_count > 0)
11918 {
11919 for(i=0; i<desc_count; i++)
11920 {
11921
11922 if(check_inode && device_p->sb_p)
11923 {
11924 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11925 {
11926 b_count++;
11927 if(correct)
11928 {
11929 #ifdef CONFIG_RSBAC_RMSG
11930 rsbac_printk(KERN_INFO
11931 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11932 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11933 #endif
11934 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11935 if (!rsbac_nosyslog)
11936 #endif
11937 printk(KERN_INFO
11938 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11939 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11940 rsbac_list_remove(device_p->handles.ff[list_no], &fd_desc_p[i]);
11941 continue;
11942 }
11943 else
11944 {
11945 #ifdef CONFIG_RSBAC_RMSG
11946 rsbac_printk(KERN_INFO
11947 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11948 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11949 #endif
11950 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11951 if (!rsbac_nosyslog)
11952 #endif
11953 printk(KERN_INFO
11954 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
11955 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11956 }
11957 }
11958 }
11959 }
11960 tmp_count++;
11961 rsbac_vfree(fd_desc_p);
11962 fd_count += desc_count;
11963 }
11964 }
11965 #endif
11966
11967 #if defined(CONFIG_RSBAC_RC)
11968
11969 for(list_no = 0; list_no < RSBAC_RC_NR_FD_LISTS; list_no++)
11970 {
11971
11972
11973 tmp_count = 0;
11974 desc_count = rsbac_list_get_all_desc(device_p->handles.rc[list_no], (void **) &fd_desc_p);
11975 if(desc_count > 0)
11976 {
11977 for(i=0; i<desc_count; i++)
11978 {
11979
11980 if(check_inode && device_p->sb_p)
11981 {
11982 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
11983 {
11984 b_count++;
11985 if(correct)
11986 {
11987 #ifdef CONFIG_RSBAC_RMSG
11988 rsbac_printk(KERN_INFO
11989 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11990 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11991 #endif
11992 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
11993 if (!rsbac_nosyslog)
11994 #endif
11995 printk(KERN_INFO
11996 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
11997 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
11998 rsbac_list_remove(device_p->handles.rc[list_no], &fd_desc_p[i]);
11999 continue;
12000 }
12001 else
12002 {
12003 #ifdef CONFIG_RSBAC_RMSG
12004 rsbac_printk(KERN_INFO
12005 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
12006 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12007 #endif
12008 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12009 if (!rsbac_nosyslog)
12010 #endif
12011 printk(KERN_INFO
12012 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
12013 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12014 }
12015 }
12016 }
12017 }
12018 tmp_count++;
12019 rsbac_vfree(fd_desc_p);
12020 fd_count += desc_count;
12021 }
12022 }
12023 #endif
12024
12025 #if defined(CONFIG_RSBAC_AUTH)
12026
12027 for(list_no = 0; list_no < RSBAC_AUTH_NR_FD_LISTS; list_no++)
12028 {
12029
12030
12031 tmp_count = 0;
12032 desc_count = rsbac_list_get_all_desc(device_p->handles.auth[list_no], (void **) &fd_desc_p);
12033 if(desc_count > 0)
12034 {
12035 for(i=0; i<desc_count; i++)
12036 {
12037
12038 if(check_inode && device_p->sb_p)
12039 {
12040 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
12041 {
12042 b_count++;
12043 if(correct)
12044 {
12045 #ifdef CONFIG_RSBAC_RMSG
12046 rsbac_printk(KERN_INFO
12047 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
12048 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12049 #endif
12050 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12051 if (!rsbac_nosyslog)
12052 #endif
12053 printk(KERN_INFO
12054 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
12055 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12056 rsbac_list_remove(device_p->handles.auth[list_no], &fd_desc_p[i]);
12057 continue;
12058 }
12059 else
12060 {
12061 #ifdef CONFIG_RSBAC_RMSG
12062 rsbac_printk(KERN_INFO
12063 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
12064 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12065 #endif
12066 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12067 if (!rsbac_nosyslog)
12068 #endif
12069 printk(KERN_INFO
12070 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
12071 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12072 }
12073 }
12074 }
12075 }
12076 tmp_count++;
12077 rsbac_vfree(fd_desc_p);
12078 fd_count += desc_count;
12079 }
12080 }
12081 #endif
12082
12083 #if defined(CONFIG_RSBAC_CAP)
12084
12085 for(list_no = 0; list_no < RSBAC_CAP_NR_FD_LISTS; list_no++)
12086 {
12087
12088
12089 tmp_count = 0;
12090 desc_count = rsbac_list_get_all_desc(device_p->handles.cap[list_no], (void **) &fd_desc_p);
12091 if(desc_count > 0)
12092 {
12093 for(i=0; i<desc_count; i++)
12094 {
12095
12096 if(check_inode && device_p->sb_p)
12097 {
12098 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
12099 {
12100 b_count++;
12101 if(correct)
12102 {
12103 #ifdef CONFIG_RSBAC_RMSG
12104 rsbac_printk(KERN_INFO
12105 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
12106 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12107 #endif
12108 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12109 if (!rsbac_nosyslog)
12110 #endif
12111 printk(KERN_INFO
12112 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
12113 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12114 rsbac_list_remove(device_p->handles.cap[list_no], &fd_desc_p[i]);
12115 continue;
12116 }
12117 else
12118 {
12119 #ifdef CONFIG_RSBAC_RMSG
12120 rsbac_printk(KERN_INFO
12121 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
12122 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12123 #endif
12124 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12125 if (!rsbac_nosyslog)
12126 #endif
12127 printk(KERN_INFO
12128 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
12129 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12130 }
12131 }
12132 }
12133 }
12134 tmp_count++;
12135 rsbac_vfree(fd_desc_p);
12136 fd_count += desc_count;
12137 }
12138 }
12139 #endif
12140 #if defined(CONFIG_RSBAC_RES)
12141
12142 for(list_no = 0; list_no < RSBAC_RES_NR_FD_LISTS; list_no++)
12143 {
12144
12145
12146 tmp_count = 0;
12147 desc_count = rsbac_list_get_all_desc(device_p->handles.res[list_no], (void **) &fd_desc_p);
12148 if(desc_count > 0)
12149 {
12150 for(i=0; i<desc_count; i++)
12151 {
12152
12153 if(check_inode && device_p->sb_p)
12154 {
12155 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
12156 {
12157 b_count++;
12158 if(correct)
12159 {
12160 #ifdef CONFIG_RSBAC_RMSG
12161 rsbac_printk(KERN_INFO
12162 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
12163 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12164 #endif
12165 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12166 if (!rsbac_nosyslog)
12167 #endif
12168 printk(KERN_INFO
12169 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
12170 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12171 rsbac_list_remove(device_p->handles.res[list_no], &fd_desc_p[i]);
12172 continue;
12173 }
12174 else
12175 {
12176 #ifdef CONFIG_RSBAC_RMSG
12177 rsbac_printk(KERN_INFO
12178 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
12179 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12180 #endif
12181 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12182 if (!rsbac_nosyslog)
12183 #endif
12184 printk(KERN_INFO
12185 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
12186 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12187 }
12188 }
12189 }
12190 }
12191 tmp_count++;
12192 rsbac_vfree(fd_desc_p);
12193 fd_count += desc_count;
12194 }
12195 }
12196 #endif
12197 #if defined(CONFIG_RSBAC_PAX)
12198
12199 for(list_no = 0; list_no < RSBAC_PAX_NR_FD_LISTS; list_no++)
12200 {
12201
12202
12203 tmp_count = 0;
12204 desc_count = rsbac_list_get_all_desc(device_p->handles.pax[list_no], (void **) &fd_desc_p);
12205 if(desc_count > 0)
12206 {
12207 for(i=0; i<desc_count; i++)
12208 {
12209
12210 if(check_inode && device_p->sb_p)
12211 {
12212 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
12213 {
12214 b_count++;
12215 if(correct)
12216 {
12217 #ifdef CONFIG_RSBAC_RMSG
12218 rsbac_printk(KERN_INFO
12219 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
12220 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12221 #endif
12222 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12223 if (!rsbac_nosyslog)
12224 #endif
12225 printk(KERN_INFO
12226 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
12227 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12228 rsbac_list_remove(device_p->handles.pax[list_no], &fd_desc_p[i]);
12229 continue;
12230 }
12231 else
12232 {
12233 #ifdef CONFIG_RSBAC_RMSG
12234 rsbac_printk(KERN_INFO
12235 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
12236 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12237 #endif
12238 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12239 if (!rsbac_nosyslog)
12240 #endif
12241 printk(KERN_INFO
12242 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
12243 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
12244 }
12245 }
12246 }
12247 }
12248 tmp_count++;
12249 rsbac_vfree(fd_desc_p);
12250 fd_count += desc_count;
12251 }
12252 }
12253 #endif
12254
12255 switch(correct)
12256 {
12257 case 2:
12258 #ifdef CONFIG_RSBAC_RMSG
12259 rsbac_printk(KERN_INFO
12260 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
12261 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
12262 b_count);
12263 #endif
12264 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12265 if (!rsbac_nosyslog)
12266 #endif
12267 printk(KERN_INFO
12268 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
12269 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
12270 b_count);
12271 break;
12272 case 1:
12273 #ifdef CONFIG_RSBAC_RMSG
12274 rsbac_printk(KERN_INFO
12275 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
12276 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
12277 b_count);
12278 #endif
12279 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12280 if (!rsbac_nosyslog)
12281 #endif
12282 printk(KERN_INFO
12283 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
12284 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
12285 b_count);
12286 break;
12287 default:
12288 #ifdef CONFIG_RSBAC_RMSG
12289 rsbac_printk(KERN_INFO
12290 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu with bad inodes)\n",
12291 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
12292 b_count);
12293 #endif
12294 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12295 if (!rsbac_nosyslog)
12296 #endif
12297 printk(KERN_INFO
12298 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu with bad inodes)\n",
12299 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
12300 b_count);
12301 }
12302 fd_sum += fd_count;
12303
12304 device_p = device_p->next;
12305 }
12306 #ifdef CONFIG_RSBAC_RMSG
12307 rsbac_printk(KERN_INFO "rsbac_check(): Sum of %u Devices with %lu fd-items\n",
12308 device_list_head.count, fd_sum);
12309 #endif
12310 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12311 if (!rsbac_nosyslog)
12312 #endif
12313 printk(KERN_INFO "rsbac_check(): Sum of %u Devices with %lu fd-items\n",
12314 device_list_head.count, fd_sum);
12315
12316 rsbac_read_unlock(&device_list_head.lock, &dflags);
12317 }
12318 rsbac_kfree(tmp);
12319 return(0);
12320 }
12321
12322
12323
12324
12325
12326
12327 #if defined(CONFIG_RSBAC_AUTO_WRITE)
12328 int rsbac_write(rsbac_boolean_t need_lock)
12329 {
12330 int err=0;
12331 u_int count = 0;
12332 int subcount;
12333
12334 if (!rsbac_initialized)
12335 {
12336 #ifdef CONFIG_RSBAC_RMSG
12337 rsbac_printk(KERN_WARNING "rsbac_write(): RSBAC not initialized\n");
12338 #endif
12339 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12340 if (!rsbac_nosyslog)
12341 #endif
12342 printk(KERN_WARNING "rsbac_write(): RSBAC not initialized\n");
12343 return(-RSBAC_ENOTINITIALIZED);
12344 }
12345 if(rsbac_debug_no_write)
12346 return 0;
12347
12348 subcount = rsbac_write_lists(need_lock);
12349 if(subcount > 0)
12350 {
12351 count += subcount;
12352 }
12353 else
12354 if(subcount < 0)
12355 {
12356 err = subcount;
12357 if(err != -RSBAC_ENOTWRITABLE)
12358 {
12359 #ifdef CONFIG_RSBAC_RMSG
12360 rsbac_printk(KERN_WARNING
12361 "rsbac_write(): rsbac_write_lists() returned error %i\n",
12362 err);
12363 #endif
12364 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12365 if (!rsbac_nosyslog)
12366 #endif
12367 printk(KERN_WARNING
12368 "rsbac_write(): rsbac_write_lists() returned error %i\n",
12369 err);
12370 }
12371 }
12372
12373
12374 #if defined(CONFIG_RSBAC_REG)
12375 subcount = rsbac_write_reg(need_lock);
12376 if(subcount > 0)
12377 {
12378 count += subcount;
12379 }
12380 else
12381 if(subcount < 0)
12382 {
12383 err = subcount;
12384 if(err != -RSBAC_ENOTWRITABLE)
12385 {
12386 #ifdef CONFIG_RSBAC_RMSG
12387 rsbac_printk(KERN_WARNING
12388 "rsbac_write(): rsbac_write_reg() returned error %i\n",
12389 err);
12390 #endif
12391 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12392 if (!rsbac_nosyslog)
12393 #endif
12394 printk(KERN_WARNING
12395 "rsbac_write(): rsbac_write_reg() returned error %i\n",
12396 err);
12397 }
12398 }
12399 #endif
12400
12401 #ifdef CONFIG_RSBAC_DEBUG
12402 if(rsbac_debug_write && count > 0)
12403 {
12404 #ifdef CONFIG_RSBAC_RMSG
12405 rsbac_printk(KERN_DEBUG "rsbac_write(): total of %u lists written\n",
12406 count);
12407 #endif
12408 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12409 if (!rsbac_nosyslog)
12410 #endif
12411 printk(KERN_DEBUG "rsbac_write(): total of %u lists written\n",
12412 count);
12413 }
12414 #endif
12415 return(count);
12416 }
12417 #endif
12418
12419
12420
12421
12422
12423
12424
12425
12426
12427
12428
12429
12430
12431
12432
12433
12434
12435
12436
12437
12438
12439
12440 #if defined(CONFIG_RSBAC_REG)
12441 EXPORT_SYMBOL(rsbac_get_parent);
12442 #endif
12443 int rsbac_get_parent(enum rsbac_target_t target,
12444 union rsbac_target_id_t tid,
12445 enum rsbac_target_t * parent_target_p,
12446 union rsbac_target_id_t * parent_tid_p)
12447 {
12448 if(!parent_target_p || !parent_tid_p)
12449 return -RSBAC_EINVALIDPOINTER;
12450
12451
12452
12453
12454
12455
12456
12457
12458
12459
12460
12461
12462
12463
12464
12465
12466
12467
12468 switch(target)
12469 {
12470 case T_FILE:
12471 case T_DIR:
12472 case T_FIFO:
12473 case T_SYMLINK:
12474 break;
12475 default:
12476 return -RSBAC_EINVALIDTARGET;
12477 }
12478
12479 if(!tid.file.dentry_p)
12480 return -RSBAC_ENOTFOUND;
12481
12482 *parent_target_p = T_DIR;
12483
12484 if( tid.file.dentry_p->d_sb
12485 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
12486 )
12487 {
12488 struct rsbac_device_list_item_t * device_p;
12489 u_long dflags;
12490
12491
12492 rsbac_read_lock(&device_list_head.lock, &dflags);
12493
12494 device_p = lookup_device(tid.file.device);
12495 if( !device_p
12496 || !device_p->d_covers
12497 || !device_p->d_covers->d_parent
12498 || !device_p->d_covers->d_parent->d_inode
12499 )
12500 {
12501
12502 rsbac_read_unlock(&device_list_head.lock, &dflags);
12503 return -RSBAC_ENOTFOUND;
12504 }
12505 parent_tid_p->dir.device = device_p->d_covers->d_parent->d_sb->s_dev;
12506 parent_tid_p->dir.inode = device_p->d_covers->d_parent->d_inode->i_ino;
12507 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
12508
12509 rsbac_read_unlock(&device_list_head.lock, &dflags);
12510 }
12511 else
12512 {
12513 if(!tid.file.dentry_p->d_parent)
12514 {
12515 #ifdef CONFIG_RSBAC_RMSG
12516 rsbac_printk(KERN_WARNING
12517 "rsbac_get_parent(): oops - d_parent is NULL!\n");
12518 #endif
12519 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12520 if (!rsbac_nosyslog)
12521 #endif
12522 printk(KERN_WARNING
12523 "rsbac_get_parent(): oops - d_parent is NULL!\n");
12524 return -RSBAC_ENOTFOUND;
12525 }
12526 if(tid.file.dentry_p == tid.file.dentry_p->d_parent)
12527 {
12528 #ifdef CONFIG_RSBAC_RMSG
12529 rsbac_printk(KERN_WARNING
12530 "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
12531 #endif
12532 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12533 if (!rsbac_nosyslog)
12534 #endif
12535 printk(KERN_WARNING
12536 "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
12537 return -RSBAC_ENOTFOUND;
12538 }
12539 if(!tid.file.dentry_p->d_parent->d_inode)
12540 {
12541 #ifdef CONFIG_RSBAC_RMSG
12542 rsbac_printk(KERN_WARNING
12543 "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
12544 #endif
12545 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12546 if (!rsbac_nosyslog)
12547 #endif
12548 printk(KERN_WARNING
12549 "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
12550 return -RSBAC_ENOTFOUND;
12551 }
12552 parent_tid_p->dir.device = tid.file.device;
12553 parent_tid_p->dir.inode = tid.file.dentry_p->d_parent->d_inode->i_ino;
12554 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
12555 }
12556 return 0;
12557 }
12558
12559 static int get_attr_fd(
12560 rsbac_list_ta_number_t ta_number,
12561 enum rsbac_switch_target_t module,
12562 enum rsbac_target_t target,
12563 union rsbac_target_id_t * tid_p,
12564 enum rsbac_attribute_t attr,
12565 union rsbac_attribute_value_t * value,
12566 rsbac_boolean_t inherit)
12567 {
12568 int err = 0;
12569 struct rsbac_device_list_item_t * device_p;
12570 u_long dflags;
12571 #if defined(CONFIG_RSBAC_FF)
12572 rsbac_ff_flags_t ff_flags = 0;
12573 rsbac_ff_flags_t ff_tmp_flags;
12574 rsbac_ff_flags_t ff_mask = -1;
12575 #endif
12576
12577 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
12578 if( !RSBAC_MAJOR(tid_p->file.device)
12579 && !RSBAC_MINOR(tid_p->file.device)
12580 )
12581 return -RSBAC_EINVALIDDEV;
12582 #endif
12583
12584 for(;;)
12585 {
12586
12587
12588
12589
12590
12591
12592
12593
12594 rsbac_read_lock(&device_list_head.lock, &dflags);
12595
12596
12597
12598
12599
12600
12601
12602
12603
12604
12605 device_p = lookup_device(tid_p->file.device);
12606 if (!device_p)
12607 {
12608 struct super_block * sb_p;
12609
12610 rsbac_read_unlock(&device_list_head.lock, &dflags);
12611 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
12612 sb_p = user_get_super(tid_p->file.device);
12613 #else
12614 sb_p = get_super(tid_p->file.device);
12615 #endif
12616 if(sb_p)
12617 {
12618 #ifdef CONFIG_RSBAC_RMSG
12619 rsbac_printk(KERN_INFO
12620 "rsbac_get_attr(): auto-mounting device %02u:%02u\n",
12621 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
12622 #endif
12623 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12624 if (!rsbac_nosyslog)
12625 #endif
12626 printk(KERN_INFO
12627 "rsbac_get_attr(): auto-mounting device %02u:%02u\n",
12628 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
12629 rsbac_mount(sb_p, NULL);
12630
12631 drop_super(sb_p);
12632 rsbac_read_lock(&device_list_head.lock, &dflags);
12633 device_p = lookup_device(tid_p->file.device);
12634 if (!device_p)
12635 {
12636 #ifdef CONFIG_RSBAC_RMSG
12637 rsbac_printk(KERN_WARNING
12638 "rsbac_get_attr(): unknown device %02u:%02u\n",
12639 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
12640 #endif
12641 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
12642 if (!rsbac_nosyslog)
12643 #endif
12644 printk(KERN_WARNING
12645 "rsbac_get_attr(): unknown device %02u:%02u\n",
12646 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
12647 rsbac_read_unlock(&device_list_head.lock, &dflags);
12648 return -RSBAC_EINVALIDDEV;
12649 }
12650 }
12651 else
12652 return -RSBAC_EINVALIDDEV;
12653 }
12654 switch(module)
12655 {
12656 case GEN:
12657 {
12658 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
12659
12660 if(attr == A_internal)
12661 {
12662 if(!device_p->rsbac_dir_inode || !tid_p->file.inode)
12663 value->internal = FALSE;
12664 else
12665 if(device_p->rsbac_dir_inode == tid_p->file.inode)
12666 value->internal = TRUE;
12667 else
12668 if(inherit)
12669 {
12670 enum rsbac_target_t parent_target;
12671 union rsbac_target_id_t parent_tid;
12672
12673
12674 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
12675 {
12676 if(device_p->rsbac_dir_inode == parent_tid.file.inode)
12677 value->internal = TRUE;
12678 else
12679 value->internal = FALSE;
12680 }
12681 else
12682 {
12683 value->internal = FALSE;
12684 }
12685 }
12686 else
12687 {
12688 value->internal = FALSE;
12689 }
12690
12691
12692 rsbac_read_unlock(&device_list_head.lock, &dflags);
12693 return 0;
12694 }
12695 rsbac_ta_list_get_data_ttl(ta_number,
12696 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
12697 NULL,
12698 &tid_p->file.inode,
12699 &aci);
12700 switch (attr)
12701 {
12702 case A_log_array_low:
12703 value->log_array_low = aci.log_array_low;
12704 break;
12705 case A_log_array_high:
12706 value->log_array_high = aci.log_array_high;
12707 break;
12708 case A_log_program_based:
12709 value->log_program_based = aci.log_program_based;
12710 break;
12711 case A_symlink_add_uid:
12712 value->symlink_add_uid = aci.symlink_add_uid;
12713 break;
12714 case A_symlink_add_mac_level:
12715 value->symlink_add_mac_level = aci.symlink_add_mac_level;
12716 break;
12717 case A_symlink_add_rc_role:
12718 value->symlink_add_rc_role = aci.symlink_add_rc_role;
12719 break;
12720 case A_linux_dac_disable:
12721 value->linux_dac_disable = aci.linux_dac_disable;
12722 if((value->linux_dac_disable == LDD_inherit) && inherit)
12723 {
12724 enum rsbac_target_t parent_target;
12725 union rsbac_target_id_t parent_tid;
12726
12727
12728 rsbac_read_unlock(&device_list_head.lock, &dflags);
12729
12730
12731 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
12732 {
12733 target = parent_target;
12734 *tid_p = parent_tid;
12735 continue;
12736 }
12737 else
12738 {
12739 value->linux_dac_disable
12740 = def_gen_root_dir_aci.linux_dac_disable;
12741 return 0;
12742 }
12743 }
12744 break;
12745 case A_fake_root_uid:
12746 value->fake_root_uid = aci.fake_root_uid;
12747 break;
12748 case A_auid_exempt:
12749 value->auid_exempt = aci.auid_exempt;
12750 break;
12751 default:
12752 err = -RSBAC_EINVALIDATTR;
12753 }
12754 }
12755 break;
12756
12757 #if defined(CONFIG_RSBAC_MAC)
12758 case MAC:
12759 {
12760 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
12761
12762 rsbac_ta_list_get_data_ttl(ta_number,
12763 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
12764 NULL,
12765 &tid_p->file.inode,
12766 &aci);
12767 switch (attr)
12768 {
12769 case A_security_level:
12770 value->security_level = aci.sec_level;
12771 if((value->security_level == SL_inherit) && inherit)
12772 {
12773 enum rsbac_target_t parent_target;
12774 union rsbac_target_id_t parent_tid;
12775
12776
12777 rsbac_read_unlock(&device_list_head.lock, &dflags);
12778
12779
12780 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
12781 {
12782 target = parent_target;
12783 *tid_p = parent_tid;
12784 continue;
12785 }
12786 else
12787 {
12788 value->security_level
12789 = def_mac_root_dir_aci.sec_level;
12790 return 0;
12791 }
12792 }
12793 break;
12794 case A_mac_categories:
12795 value->mac_categories = aci.mac_categories;
12796 if( (value->mac_categories == RSBAC_MAC_INHERIT_CAT_VECTOR)
12797 && inherit
12798 )
12799 {
12800 enum rsbac_target_t parent_target;
12801 union rsbac_target_id_t parent_tid;
12802
12803
12804 rsbac_read_unlock(&device_list_head.lock, &dflags);
12805
12806
12807 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
12808 {
12809 target = parent_target;
12810 *tid_p = parent_tid;
12811 continue;
12812 }
12813 else
12814 {
12815 value->mac_categories
12816 = def_mac_root_dir_aci.mac_categories;
12817 return 0;
12818 }
12819 }
12820 break;
12821 case A_mac_auto:
12822 value->mac_auto = aci.mac_auto;
12823 if( (value->mac_auto == MA_inherit)
12824 && inherit
12825 )
12826 {
12827 enum rsbac_target_t parent_target;
12828 union rsbac_target_id_t parent_tid;
12829
12830
12831 rsbac_read_unlock(&device_list_head.lock, &dflags);
12832
12833
12834 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
12835 {
12836 target = parent_target;
12837 *tid_p = parent_tid;
12838 continue;
12839 }
12840 else
12841 {
12842 value->mac_auto
12843 = def_mac_root_dir_aci.mac_auto;
12844 return 0;
12845 }
12846 }
12847 break;
12848 case A_mac_prop_trusted:
12849 value->mac_prop_trusted = aci.mac_prop_trusted;
12850 break;
12851 case A_mac_file_flags:
12852 value->mac_file_flags = aci.mac_file_flags;
12853 break;
12854
12855 default:
12856 err = -RSBAC_EINVALIDATTR;
12857 }
12858 }
12859 break;
12860 #endif
12861
12862 #if defined(CONFIG_RSBAC_FC)
12863 case FC:
12864 {
12865 switch (attr)
12866 {
12867 case A_object_category:
12868 value->object_category = RSBAC_FC_OC_DEF;
12869 rsbac_ta_list_get_data_ttl(ta_number,
12870 device_p->handles.fc[fc_fd_hash(tid_p->file.inode)],
12871 NULL,
12872 &tid_p->file.inode,
12873 &value->object_category);
12874 if((value->object_category == OC_inherit) && inherit)
12875 {
12876 enum rsbac_target_t parent_target;
12877 union rsbac_target_id_t parent_tid;
12878
12879
12880 rsbac_read_unlock(&device_list_head.lock, &dflags);
12881
12882
12883 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
12884 {
12885 target = parent_target;
12886 *tid_p = parent_tid;
12887 continue;
12888 }
12889 else
12890 {
12891 value->object_category
12892 = RSBAC_FC_OC_ROOT_DEF;
12893 return 0;
12894 }
12895 }
12896 break;
12897
12898 default:
12899 err = -RSBAC_EINVALIDATTR;
12900 }
12901 }
12902 break;
12903 #endif
12904
12905 #if defined(CONFIG_RSBAC_SIM)
12906 case SIM:
12907 {
12908 switch (attr)
12909 {
12910 case A_data_type:
12911 value->data_type = RSBAC_SIM_DT_DEF;
12912 rsbac_ta_list_get_data_ttl(ta_number,
12913 device_p->handles.sim[sim_fd_hash(tid_p->file.inode)],
12914 NULL,
12915 &tid_p->file.inode,
12916 &value->data_type);
12917 if(value->data_type == DT_inherit && inherit)
12918 {
12919 enum rsbac_target_t parent_target;
12920 union rsbac_target_id_t parent_tid;
12921
12922
12923 rsbac_read_unlock(&device_list_head.lock, &dflags);
12924
12925
12926 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
12927 {
12928 target = parent_target;
12929 *tid_p = parent_tid;
12930 continue;
12931 }
12932 else
12933 {
12934 value->data_type
12935 = RSBAC_SIM_DT_ROOT_DEF;
12936 return 0;
12937 }
12938 }
12939 break;
12940
12941 default:
12942 err = -RSBAC_EINVALIDATTR;
12943 }
12944 }
12945 break;
12946 #endif
12947
12948 #if defined(CONFIG_RSBAC_PM)
12949 case PM:
12950 {
12951 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
12952
12953 rsbac_ta_list_get_data_ttl(ta_number,
12954 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
12955 NULL,
12956 &tid_p->file.inode,
12957 &aci);
12958 switch (attr)
12959 {
12960 case A_pm_object_class:
12961 value->pm_object_class = aci.pm_object_class;
12962 break;
12963 case A_pm_tp:
12964 value->pm_tp = aci.pm_tp;
12965 break;
12966 case A_pm_object_type:
12967 value->pm_object_type = aci.pm_object_type;
12968 break;
12969 default:
12970 err = -RSBAC_EINVALIDATTR;
12971 }
12972 }
12973 break;
12974 #endif
12975
12976 #if defined(CONFIG_RSBAC_DAZ)
12977 case DAZ:
12978 {
12979 #if defined(CONFIG_RSBAC_DAZ_CACHE)
12980 if(attr == A_daz_scanned)
12981 {
12982 err = rsbac_ta_list_get_data_ttl(ta_number,
12983 device_p->handles.dazs[daz_scanned_fd_hash(tid_p->file.inode)],
12984 NULL,
12985 &tid_p->file.inode,
12986 &value->daz_scanned);
12987 }
12988 else
12989 #endif
12990 {
12991 struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI;
12992
12993 rsbac_ta_list_get_data_ttl(ta_number,
12994 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
12995 NULL,
12996 &tid_p->file.inode,
12997 &aci);
12998 switch (attr)
12999 {
13000 case A_daz_scanner:
13001 value->daz_scanner = aci.daz_scanner;
13002 break;
13003 default:
13004 err = -RSBAC_EINVALIDATTR;
13005 }
13006 }
13007 }
13008 break;
13009 #endif
13010
13011 #if defined(CONFIG_RSBAC_FF)
13012 case FF:
13013 {
13014 switch (attr)
13015 {
13016 case A_ff_flags:
13017 ff_tmp_flags = RSBAC_FF_DEF;
13018 rsbac_ta_list_get_data_ttl(ta_number,
13019 device_p->handles.ff[ff_fd_hash(tid_p->file.inode)],
13020 NULL,
13021 &tid_p->file.inode,
13022 &ff_tmp_flags);
13023 ff_flags |= ff_tmp_flags & ff_mask;
13024 value->ff_flags = ff_flags;
13025 if((ff_tmp_flags & FF_add_inherited) && inherit)
13026 {
13027
13028 if(!rsbac_get_parent(target, *tid_p, &target, tid_p))
13029 {
13030
13031 rsbac_read_unlock(&device_list_head.lock, &dflags);
13032
13033 ff_mask &= ~(FF_no_delete_or_rename | FF_add_inherited);
13034 ff_flags &= ~(FF_add_inherited);
13035 continue;
13036 }
13037 else
13038 value->ff_flags &= ~(FF_add_inherited);
13039 }
13040 break;
13041
13042 default:
13043 err = -RSBAC_EINVALIDATTR;
13044 }
13045 }
13046 break;
13047 #endif
13048
13049 #if defined(CONFIG_RSBAC_RC)
13050 case RC:
13051 {
13052 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
13053
13054 rsbac_ta_list_get_data_ttl(ta_number,
13055 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
13056 NULL,
13057 &tid_p->file.inode,
13058 &aci);
13059 switch (attr)
13060 {
13061 case A_rc_type_fd:
13062 value->rc_type_fd = aci.rc_type_fd;
13063 if(value->rc_type_fd == RC_type_inherit_parent && inherit)
13064 {
13065 enum rsbac_target_t parent_target;
13066 union rsbac_target_id_t parent_tid;
13067
13068
13069 rsbac_read_unlock(&device_list_head.lock, &dflags);
13070
13071
13072 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
13073 {
13074 target = parent_target;
13075 *tid_p = parent_tid;
13076 continue;
13077 }
13078 else
13079 {
13080 value->rc_type_fd
13081 = def_rc_root_dir_aci.rc_type_fd;
13082 return 0;
13083 }
13084 }
13085 break;
13086 case A_rc_force_role:
13087 value->rc_force_role = aci.rc_force_role;
13088 if(value->rc_force_role == RC_role_inherit_parent && inherit)
13089 {
13090 enum rsbac_target_t parent_target;
13091 union rsbac_target_id_t parent_tid;
13092
13093
13094 rsbac_read_unlock(&device_list_head.lock, &dflags);
13095
13096
13097 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
13098 {
13099 target = parent_target;
13100 *tid_p = parent_tid;
13101 continue;
13102 }
13103 else
13104 {
13105 value->rc_force_role
13106 = def_rc_root_dir_aci.rc_force_role;
13107 return 0;
13108 }
13109 }
13110 break;
13111 case A_rc_initial_role:
13112 value->rc_initial_role = aci.rc_initial_role;
13113 if(value->rc_initial_role == RC_role_inherit_parent && inherit)
13114 {
13115 enum rsbac_target_t parent_target;
13116 union rsbac_target_id_t parent_tid;
13117
13118
13119 rsbac_read_unlock(&device_list_head.lock, &dflags);
13120
13121
13122 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
13123 {
13124 target = parent_target;
13125 *tid_p = parent_tid;
13126 continue;
13127 }
13128 else
13129 {
13130 value->rc_initial_role
13131 = def_rc_root_dir_aci.rc_initial_role;
13132 return 0;
13133 }
13134 }
13135 break;
13136
13137 default:
13138 err = -RSBAC_EINVALIDATTR;
13139 }
13140 }
13141 break;
13142 #endif
13143
13144 #if defined(CONFIG_RSBAC_AUTH)
13145 case AUTH:
13146 {
13147 struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI;
13148
13149 rsbac_ta_list_get_data_ttl(ta_number,
13150 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
13151 NULL,
13152 &tid_p->file.inode,
13153 &aci);
13154 switch (attr)
13155 {
13156 case A_auth_may_setuid:
13157 value->auth_may_setuid = aci.auth_may_setuid;
13158 break;
13159 case A_auth_may_set_cap:
13160 value->auth_may_set_cap = aci.auth_may_set_cap;
13161 break;
13162 case A_auth_learn:
13163 value->auth_learn = aci.auth_learn;
13164 break;
13165 default:
13166 err = -RSBAC_EINVALIDATTR;
13167 }
13168 }
13169 break;
13170 #endif
13171
13172 #if defined(CONFIG_RSBAC_CAP)
13173 case CAP:
13174 {
13175 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
13176
13177 rsbac_ta_list_get_data_ttl(ta_number,
13178 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
13179 NULL,
13180 &tid_p->file.inode,
13181 &aci);
13182 switch (attr)
13183 {
13184 case A_min_caps:
13185 value->min_caps = aci.min_caps;
13186 break;
13187 case A_max_caps:
13188 value->max_caps = aci.max_caps;
13189 break;
13190 default:
13191 err = -RSBAC_EINVALIDATTR;
13192 }
13193 }
13194 break;
13195 #endif
13196
13197 #if defined(CONFIG_RSBAC_RES)
13198 case RES:
13199 {
13200 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
13201
13202 rsbac_ta_list_get_data_ttl(ta_number,
13203 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
13204 NULL,
13205 &tid_p->file.inode,
13206 &aci);
13207 switch (attr)
13208 {
13209 case A_res_min:
13210 memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min));
13211 break;
13212 case A_res_max:
13213 memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max));
13214 break;
13215 default:
13216 err = -RSBAC_EINVALIDATTR;
13217 }
13218 }
13219 break;
13220 #endif
13221
13222 #if defined(CONFIG_RSBAC_PAX)
13223 case PAX:
13224 {
13225 switch (attr)
13226 {
13227 case A_pax_flags:
13228 value->pax_flags = RSBAC_PAX_DEF_FLAGS;
13229 rsbac_ta_list_get_data_ttl(ta_number,
13230 device_p->handles.pax[pax_fd_hash(tid_p->file.inode)],
13231 NULL,
13232 &tid_p->file.inode,
13233 &value->pax_flags);
13234 break;
13235
13236 default:
13237 err = -RSBAC_EINVALIDATTR;
13238 }
13239 }
13240 break;
13241 #endif
13242
13243 default:
13244 err = -RSBAC_EINVALIDMODULE;
13245 }
13246
13247 rsbac_read_unlock(&device_list_head.lock, &dflags);
13248
13249 return err;
13250 }
13251 }
13252
13253 static int get_attr_dev(
13254 rsbac_list_ta_number_t ta_number,
13255 enum rsbac_switch_target_t module,
13256 enum rsbac_target_t target,
13257 union rsbac_target_id_t * tid_p,
13258 enum rsbac_attribute_t attr,
13259 union rsbac_attribute_value_t * value,
13260 rsbac_boolean_t inherit)
13261 {
13262 int err = 0;
13263
13264
13265
13266
13267
13268
13269
13270 switch(module)
13271 {
13272 case GEN:
13273 {
13274 struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI;
13275 struct rsbac_dev_desc_t dev_desc;
13276
13277 dev_desc.type = tid_p->dev.type;
13278 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
13279 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
13280 rsbac_ta_list_get_data_ttl(ta_number,
13281 dev_handles.gen,
13282 NULL,
13283 &dev_desc,
13284 &aci);
13285 switch (attr)
13286 {
13287 case A_log_array_low:
13288 value->log_array_low = aci.log_array_low;
13289 break;
13290 case A_log_array_high:
13291 value->log_array_high = aci.log_array_high;
13292 break;
13293 default:
13294 err = -RSBAC_EINVALIDATTR;
13295 }
13296 }
13297 break;
13298
13299 #if defined(CONFIG_RSBAC_MAC)
13300 case MAC:
13301 {
13302 struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI;
13303 struct rsbac_dev_desc_t dev_desc;
13304
13305 dev_desc.type = tid_p->dev.type;
13306 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
13307 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
13308 rsbac_ta_list_get_data_ttl(ta_number,
13309 dev_handles.mac,
13310 NULL,
13311 &dev_desc,
13312 &aci);
13313 switch (attr)
13314 {
13315 case A_security_level:
13316 value->security_level = aci.sec_level;
13317 break;
13318 case A_mac_categories:
13319 value->mac_categories = aci.mac_categories;
13320 break;
13321 case A_mac_check:
13322 value->mac_check = aci.mac_check;
13323 break;
13324
13325 default:
13326 err = -RSBAC_EINVALIDATTR;
13327 }
13328 }
13329 break;
13330 #endif
13331
13332 #if defined(CONFIG_RSBAC_FC)
13333 case FC:
13334 {
13335 rsbac_fc_oc_t fc_oc = RSBAC_FC_OC_ROOT_DEF;
13336 struct rsbac_dev_desc_t dev_desc;
13337
13338 dev_desc.type = tid_p->dev.type;
13339 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
13340 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
13341 rsbac_ta_list_get_data_ttl(ta_number,
13342 dev_handles.fc,
13343 NULL,
13344 &dev_desc,
13345 &fc_oc);
13346 switch (attr)
13347 {
13348 case A_object_category:
13349 value->object_category = fc_oc;
13350 break;
13351
13352 default:
13353 err = -RSBAC_EINVALIDATTR;
13354 }
13355 }
13356 break;
13357 #endif
13358
13359 #if defined(CONFIG_RSBAC_SIM)
13360 case SIM:
13361 {
13362 rsbac_sim_dt_t sim_dt = RSBAC_SIM_DT_ROOT_DEF;
13363 struct rsbac_dev_desc_t dev_desc;
13364
13365 dev_desc.type = tid_p->dev.type;
13366 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
13367 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
13368 rsbac_ta_list_get_data_ttl(ta_number,
13369 dev_handles.sim,
13370 NULL,
13371 &dev_desc,
13372 &sim_dt);
13373 switch (attr)
13374 {
13375 case A_data_type:
13376 value->data_type = sim_dt;
13377 break;
13378
13379 default:
13380 err = -RSBAC_EINVALIDATTR;
13381 }
13382 }
13383 break;
13384 #endif
13385
13386 #if defined(CONFIG_RSBAC_PM)
13387 case PM:
13388 {
13389 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
13390 struct rsbac_dev_desc_t dev_desc;
13391
13392 dev_desc.type = tid_p->dev.type;
13393 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
13394 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
13395 rsbac_ta_list_get_data_ttl(ta_number,
13396 dev_handles.pm,
13397 NULL,
13398 &dev_desc,
13399 &aci);
13400 switch (attr)
13401 {
13402 case A_pm_object_class:
13403 value->pm_object_class = aci.pm_object_class;
13404 break;
13405 case A_pm_object_type:
13406 value->pm_object_type = aci.pm_object_type;
13407 break;
13408 default:
13409 err = -RSBAC_EINVALIDATTR;
13410 }
13411 }
13412 break;
13413 #endif
13414
13415 #if defined(CONFIG_RSBAC_RC)
13416 case RC:
13417 {
13418 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
13419 struct rsbac_dev_desc_t dev_desc;
13420
13421 dev_desc.type = tid_p->dev.type;
13422 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
13423 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
13424 rsbac_ta_list_get_data_ttl(ta_number,
13425 dev_handles.rc,
13426 NULL,
13427 &dev_desc,
13428 &type);
13429 switch (attr)
13430 {
13431 case A_rc_type:
13432 value->rc_type = type;
13433 break;
13434
13435 default:
13436 err = -RSBAC_EINVALIDATTR;
13437 }
13438 }
13439 break;
13440 #endif
13441
13442 default:
13443 err = -RSBAC_EINVALIDMODULE;
13444 }
13445
13446 return err;
13447 }
13448
13449 static int get_attr_ipc(
13450 rsbac_list_ta_number_t ta_number,
13451 enum rsbac_switch_target_t module,
13452 enum rsbac_target_t target,
13453 union rsbac_target_id_t * tid_p,
13454 enum rsbac_attribute_t attr,
13455 union rsbac_attribute_value_t * value,
13456 rsbac_boolean_t inherit)
13457 {
13458 int err = 0;
13459
13460
13461
13462
13463
13464
13465
13466
13467 switch(module)
13468 {
13469 #if defined(CONFIG_RSBAC_MAC)
13470 case MAC:
13471 {
13472 struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI;
13473
13474 rsbac_ta_list_get_data_ttl(ta_number,
13475 ipc_handles.mac,
13476 NULL,
13477 &tid_p->ipc,
13478 &aci);
13479 switch (attr)
13480 {
13481 case A_security_level:
13482 value->security_level = aci.sec_level;
13483 break;
13484 case A_mac_categories:
13485 value->mac_categories = aci.mac_categories;
13486 break;
13487
13488 default:
13489 err = -RSBAC_EINVALIDATTR;
13490 }
13491 }
13492 break;
13493 #endif
13494
13495 #if defined(CONFIG_RSBAC_FC)
13496 case FC:
13497 {
13498 rsbac_fc_oc_t fc_oc = RSBAC_FC_OC_ROOT_DEF;
13499
13500 rsbac_ta_list_get_data_ttl(ta_number,
13501 ipc_handles.fc,
13502 NULL,
13503 &tid_p->ipc,
13504 &fc_oc);
13505 switch (attr)
13506 {
13507 case A_object_category:
13508 value->object_category = fc_oc;
13509 break;
13510
13511 default:
13512 err = -RSBAC_EINVALIDATTR;
13513 }
13514 }
13515 break;
13516 #endif
13517
13518 #if defined(CONFIG_RSBAC_SIM)
13519 case SIM:
13520 {
13521 rsbac_sim_dt_t sim_dt = RSBAC_SIM_DT_ROOT_DEF;
13522
13523 rsbac_ta_list_get_data_ttl(ta_number,
13524 ipc_handles.sim,
13525 NULL,
13526 &tid_p->ipc,
13527 &sim_dt);
13528 switch (attr)
13529 {
13530 case A_data_type:
13531 value->data_type = sim_dt;
13532 break;
13533
13534 default:
13535 err = -RSBAC_EINVALIDATTR;
13536 }
13537 }
13538 break;
13539 #endif
13540
13541 #if defined(CONFIG_RSBAC_PM)
13542 case PM:
13543 {
13544 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
13545
13546 rsbac_ta_list_get_data_ttl(ta_number,
13547 ipc_handles.pm,
13548 NULL,
13549 &tid_p->ipc,
13550 &aci);
13551 switch (attr)
13552 {
13553 case A_pm_object_class:
13554 value->pm_object_class = aci.pm_object_class;
13555 break;
13556 case A_pm_ipc_purpose:
13557 value->pm_ipc_purpose = aci.pm_ipc_purpose;
13558 break;
13559 case A_pm_object_type:
13560 value->pm_object_type = aci.pm_object_type;
13561 break;
13562 default:
13563 err = -RSBAC_EINVALIDATTR;
13564 }
13565 }
13566 break;
13567 #endif
13568
13569 #if defined(CONFIG_RSBAC_RC)
13570 case RC:
13571 {
13572 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
13573
13574 rsbac_ta_list_get_data_ttl(ta_number,
13575 ipc_handles.rc,
13576 NULL,
13577 &tid_p->ipc,
13578 &type);
13579 switch (attr)
13580 {
13581 case A_rc_type:
13582 value->rc_type = type;
13583 break;
13584
13585 default:
13586 err = -RSBAC_EINVALIDATTR;
13587 }
13588 }
13589 break;
13590 #endif
13591
13592 #if defined(CONFIG_RSBAC_JAIL)
13593 case JAIL:
13594 {
13595 rsbac_jail_id_t id = RSBAC_JAIL_DEF_ID;
13596
13597 rsbac_ta_list_get_data_ttl(ta_number,
13598 ipc_handles.jail,
13599 NULL,
13600 &tid_p->ipc,
13601 &id);
13602 switch (attr)
13603 {
13604 case A_jail_id:
13605 value->jail_id = id;
13606 break;
13607
13608 default:
13609 err = -RSBAC_EINVALIDATTR;
13610 }
13611 }
13612 break;
13613 #endif
13614
13615 default:
13616 err = -RSBAC_EINVALIDMODULE;
13617 }
13618
13619 return err;
13620 }
13621
13622 static int get_attr_user(
13623 rsbac_list_ta_number_t ta_number,
13624 enum rsbac_switch_target_t module,
13625 enum rsbac_target_t target,
13626 union rsbac_target_id_t * tid_p,
13627 enum rsbac_attribute_t attr,
13628 union rsbac_attribute_value_t * value,
13629 rsbac_boolean_t inherit)
13630 {
13631 int err = 0;
13632
13633
13634
13635
13636
13637
13638
13639 switch(module)
13640 {
13641 case GEN:
13642 {
13643 struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI;
13644
13645 rsbac_ta_list_get_data_ttl(ta_number,
13646 user_handles.gen,
13647 NULL,
13648 &tid_p->user,
13649 &aci);
13650 switch (attr)
13651 {
13652 case A_pseudo:
13653 value->pseudo = aci.pseudo;
13654 break;
13655 case A_log_user_based:
13656 value->log_user_based = aci.log_user_based;
13657 break;
13658 default:
13659 err = -RSBAC_EINVALIDATTR;
13660 }
13661 }
13662 break;
13663
13664 #if defined(CONFIG_RSBAC_MAC)
13665 case MAC:
13666 {
13667 struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI;
13668
13669 rsbac_ta_list_get_data_ttl(ta_number,
13670 user_handles.mac,
13671 NULL,
13672 &tid_p->user,
13673 &aci);
13674 switch (attr)
13675 {
13676 case A_security_level:
13677 value->security_level = aci.security_level;
13678 break;
13679 case A_initial_security_level:
13680 value->security_level = aci.initial_security_level;
13681 break;
13682 case A_min_security_level:
13683 value->security_level = aci.min_security_level;
13684 break;
13685 case A_mac_categories:
13686 value->mac_categories = aci.mac_categories;
13687 break;
13688 case A_mac_initial_categories:
13689 value->mac_categories = aci.mac_initial_categories;
13690 break;
13691 case A_mac_min_categories:
13692 value->mac_categories = aci.mac_min_categories;
13693 break;
13694 case A_system_role:
13695 case A_mac_role:
13696 value->system_role = aci.system_role;
13697 break;
13698 case A_mac_user_flags:
13699 value->mac_user_flags = aci.mac_user_flags;
13700 break;
13701
13702 default:
13703 err = -RSBAC_EINVALIDATTR;
13704 }
13705 }
13706 break;
13707 #endif
13708
13709 #if defined(CONFIG_RSBAC_FC)
13710 case FC:
13711 {
13712 rsbac_system_role_int_t role = SR_user;
13713
13714 rsbac_ta_list_get_data_ttl(ta_number,
13715 user_handles.fc,
13716 NULL,
13717 &tid_p->user,
13718 &role);
13719 switch (attr)
13720 {
13721 case A_system_role:
13722 case A_fc_role:
13723 value->system_role = role;
13724 break;
13725
13726 default:
13727 err = -RSBAC_EINVALIDATTR;
13728 }
13729 }
13730 break;
13731 #endif
13732
13733 #if defined(CONFIG_RSBAC_SIM)
13734 case SIM:
13735 {
13736 rsbac_system_role_int_t role = SR_user;
13737
13738 rsbac_ta_list_get_data_ttl(ta_number,
13739 user_handles.sim,
13740 NULL,
13741 &tid_p->user,
13742 &role);
13743 switch (attr)
13744 {
13745 case A_system_role:
13746 case A_sim_role:
13747 value->system_role = role;
13748 break;
13749
13750 default:
13751 err = -RSBAC_EINVALIDATTR;
13752 }
13753 }
13754 break;
13755 #endif
13756
13757 #if defined(CONFIG_RSBAC_PM)
13758 case PM:
13759 {
13760 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
13761
13762 rsbac_ta_list_get_data_ttl(ta_number,
13763 user_handles.pm,
13764 NULL,
13765 &tid_p->user,
13766 &aci);
13767 switch (attr)
13768 {
13769 case A_pm_task_set:
13770 value->pm_task_set = aci.pm_task_set;
13771 break;
13772 case A_pm_role:
13773 value->pm_role = aci.pm_role;
13774 break;
13775 default:
13776 err = -RSBAC_EINVALIDATTR;
13777 }
13778 }
13779 break;
13780 #endif
13781
13782 #if defined(CONFIG_RSBAC_DAZ)
13783 case DAZ:
13784 {
13785 rsbac_system_role_int_t role = SR_user;
13786
13787 rsbac_ta_list_get_data_ttl(ta_number,
13788 user_handles.daz,
13789 NULL,
13790 &tid_p->user,
13791 &role);
13792 switch (attr)
13793 {
13794 case A_system_role:
13795 case A_daz_role:
13796 value->system_role = role;
13797 break;
13798
13799 default:
13800 err = -RSBAC_EINVALIDATTR;
13801 }
13802 }
13803 break;
13804 #endif
13805
13806 #if defined(CONFIG_RSBAC_FF)
13807 case FF:
13808 {
13809 rsbac_system_role_int_t role = SR_user;
13810
13811 rsbac_ta_list_get_data_ttl(ta_number,
13812 user_handles.ff,
13813 NULL,
13814 &tid_p->user,
13815 &role);
13816 switch (attr)
13817 {
13818 case A_system_role:
13819 case A_ff_role:
13820 value->system_role = role;
13821 break;
13822
13823 default:
13824 err = -RSBAC_EINVALIDATTR;
13825 }
13826 }
13827 break;
13828 #endif
13829
13830 #if defined(CONFIG_RSBAC_RC)
13831 case RC:
13832 {
13833 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
13834
13835 rsbac_ta_list_get_data_ttl(ta_number,
13836 user_handles.rc,
13837 NULL,
13838 &tid_p->user,
13839 &aci);
13840 switch (attr)
13841 {
13842 case A_rc_def_role:
13843 value->rc_def_role = aci.rc_role;
13844 break;
13845 case A_rc_type:
13846 value->rc_type = aci.rc_type;
13847 break;
13848 default:
13849 err = -RSBAC_EINVALIDATTR;
13850 }
13851 }
13852 break;
13853 #endif
13854
13855 #if defined(CONFIG_RSBAC_AUTH)
13856 case AUTH:
13857 {
13858 rsbac_system_role_int_t role = SR_user;
13859
13860 rsbac_ta_list_get_data_ttl(ta_number,
13861 user_handles.auth,
13862 NULL,
13863 &tid_p->user,
13864 &role);
13865 switch (attr)
13866 {
13867 case A_system_role:
13868 case A_auth_role:
13869 value->system_role = role;
13870 break;
13871
13872 default:
13873 err = -RSBAC_EINVALIDATTR;
13874 }
13875 }
13876 break;
13877 #endif
13878
13879 #if defined(CONFIG_RSBAC_CAP)
13880 case CAP:
13881 {
13882 struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI;
13883
13884 rsbac_ta_list_get_data_ttl(ta_number,
13885 user_handles.cap,
13886 NULL,
13887 &tid_p->user,
13888 &aci);
13889 switch (attr)
13890 {
13891 case A_system_role:
13892 case A_cap_role:
13893 value->system_role = aci.cap_role;
13894 break;
13895 case A_min_caps:
13896 value->min_caps = aci.min_caps;
13897 break;
13898 case A_max_caps:
13899 value->max_caps = aci.max_caps;
13900 break;
13901 default:
13902 err = -RSBAC_EINVALIDATTR;
13903 }
13904 }
13905 break;
13906 #endif
13907
13908 #if defined(CONFIG_RSBAC_JAIL)
13909 case JAIL:
13910 {
13911 rsbac_system_role_int_t role = SR_user;
13912
13913 rsbac_ta_list_get_data_ttl(ta_number,
13914 user_handles.jail,
13915 NULL,
13916 &tid_p->user,
13917 &role);
13918 switch (attr)
13919 {
13920 case A_system_role:
13921 case A_jail_role:
13922 value->system_role = role;
13923 break;
13924
13925 default:
13926 err = -RSBAC_EINVALIDATTR;
13927 }
13928 }
13929 break;
13930 #endif
13931
13932 #if defined(CONFIG_RSBAC_RES)
13933 case RES:
13934 {
13935 struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI;
13936
13937 if( rsbac_ta_list_get_data_ttl(ta_number,
13938 user_handles.res,
13939 NULL,
13940 &tid_p->user,
13941 &aci)
13942 && (tid_p->user != RSBAC_ALL_USERS)
13943 )
13944 {
13945 tid_p->user = RSBAC_ALL_USERS;
13946 rsbac_ta_list_get_data_ttl(ta_number,
13947 user_handles.res,
13948 NULL,
13949 &tid_p->user,
13950 &aci);
13951 }
13952 switch (attr)
13953 {
13954 case A_system_role:
13955 case A_res_role:
13956 value->system_role = aci.res_role;
13957 break;
13958 case A_res_min:
13959 memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min));
13960 break;
13961 case A_res_max:
13962 memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max));
13963 break;
13964 default:
13965 err = -RSBAC_EINVALIDATTR;
13966 }
13967 }
13968 break;
13969 #endif
13970
13971 #if defined(CONFIG_RSBAC_PAX)
13972 case PAX:
13973 {
13974 rsbac_system_role_int_t role = SR_user;
13975
13976 rsbac_ta_list_get_data_ttl(ta_number,
13977 user_handles.pax,
13978 NULL,
13979 &tid_p->user,
13980 &role);
13981 switch (attr)
13982 {
13983 case A_system_role:
13984 case A_pax_role:
13985 value->system_role = role;
13986 break;
13987
13988 default:
13989 err = -RSBAC_EINVALIDATTR;
13990 }
13991 }
13992 break;
13993 #endif
13994
13995 default:
13996 err = -RSBAC_EINVALIDMODULE;
13997 }
13998
13999 return err;
14000 }
14001
14002 static int get_attr_process(
14003 rsbac_list_ta_number_t ta_number,
14004 enum rsbac_switch_target_t module,
14005 enum rsbac_target_t target,
14006 union rsbac_target_id_t * tid_p,
14007 enum rsbac_attribute_t attr,
14008 union rsbac_attribute_value_t * value,
14009 rsbac_boolean_t inherit)
14010 {
14011 int err = 0;
14012
14013
14014
14015
14016
14017
14018
14019 switch(module)
14020 {
14021 case GEN:
14022 {
14023 struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI;
14024
14025 rsbac_ta_list_get_data_ttl(ta_number,
14026 process_handles.gen,
14027 NULL,
14028 &tid_p->process,
14029 &aci);
14030 switch (attr)
14031 {
14032 case A_log_program_based:
14033 value->log_program_based = aci.log_program_based;
14034 break;
14035 case A_fake_root_uid:
14036 value->fake_root_uid = aci.fake_root_uid;
14037 break;
14038 case A_audit_uid:
14039 value->audit_uid = aci.audit_uid;
14040 break;
14041 case A_auid_exempt:
14042 value->auid_exempt = aci.auid_exempt;
14043 break;
14044 default:
14045 err = -RSBAC_EINVALIDATTR;
14046 }
14047 }
14048 break;
14049
14050 #if defined(CONFIG_RSBAC_MAC)
14051 case MAC:
14052 {
14053 struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI;
14054
14055 rsbac_ta_list_get_data_ttl(ta_number,
14056 process_handles.mac[mac_p_hash(tid_p->process)],
14057 NULL,
14058 &tid_p->process,
14059 &aci);
14060 switch (attr)
14061 {
14062 case A_security_level:
14063 value->security_level = aci.owner_sec_level;
14064 break;
14065 case A_initial_security_level:
14066 value->security_level = aci.owner_initial_sec_level;
14067 break;
14068 case A_min_security_level:
14069 value->security_level = aci.owner_min_sec_level;
14070 break;
14071 case A_mac_categories:
14072 value->mac_categories = aci.mac_owner_categories;
14073 break;
14074 case A_mac_initial_categories:
14075 value->mac_categories = aci.mac_owner_initial_categories;
14076 break;
14077 case A_mac_min_categories:
14078 value->mac_categories = aci.mac_owner_min_categories;
14079 break;
14080 case A_current_sec_level:
14081 value->current_sec_level = aci.current_sec_level;
14082 break;
14083 case A_mac_curr_categories:
14084 value->mac_categories = aci.mac_curr_categories;
14085 break;
14086 case A_min_write_open:
14087 value->min_write_open = aci.min_write_open;
14088 break;
14089 case A_min_write_categories:
14090 value->mac_categories = aci.min_write_categories;
14091 break;
14092 case A_max_read_open:
14093 value->max_read_open = aci.max_read_open;
14094 break;
14095 case A_max_read_categories:
14096 value->mac_categories = aci.max_read_categories;
14097 break;
14098 case A_mac_process_flags:
14099 value->mac_process_flags = aci.mac_process_flags;
14100 break;
14101 case A_mac_auto:
14102 if(aci.mac_process_flags & MAC_auto)
14103 value->mac_auto = TRUE;
14104 else
14105 value->mac_auto = FALSE;
14106 break;
14107
14108 default:
14109 err = -RSBAC_EINVALIDATTR;
14110 }
14111 }
14112 break;
14113 #endif
14114
14115 #if defined(CONFIG_RSBAC_PM)
14116 case PM:
14117 {
14118 struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI;
14119
14120 rsbac_ta_list_get_data_ttl(ta_number,
14121 process_handles.pm,
14122 NULL,
14123 &tid_p->process,
14124 &aci);
14125 switch (attr)
14126 {
14127 case A_pm_tp:
14128 value->pm_tp = aci.pm_tp;
14129 break;
14130 case A_pm_current_task:
14131 value->pm_current_task = aci.pm_current_task;
14132 break;
14133 case A_pm_process_type:
14134 value->pm_process_type = aci.pm_process_type;
14135 break;
14136 default:
14137 err = -RSBAC_EINVALIDATTR;
14138 }
14139 }
14140 break;
14141 #endif
14142
14143 #if defined(CONFIG_RSBAC_DAZ)
14144 case DAZ:
14145 {
14146 struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI;
14147
14148 rsbac_ta_list_get_data_ttl(ta_number,
14149 process_handles.daz,
14150 NULL,
14151 &tid_p->process,
14152 &aci);
14153 switch (attr)
14154 {
14155 case A_daz_scanner:
14156 value->daz_scanner = aci.daz_scanner;
14157 break;
14158 default:
14159 err = -RSBAC_EINVALIDATTR;
14160 }
14161 }
14162 break;
14163 #endif
14164
14165 #if defined(CONFIG_RSBAC_RC)
14166 case RC:
14167 {
14168 struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI;
14169
14170 rsbac_ta_list_get_data_ttl(ta_number,
14171 process_handles.rc[rc_p_hash(tid_p->process)],
14172 NULL,
14173 &tid_p->process,
14174 &aci);
14175 switch (attr)
14176 {
14177 case A_rc_role:
14178 value->rc_role = aci.rc_role;
14179 break;
14180 case A_rc_type:
14181 value->rc_type = aci.rc_type;
14182 break;
14183 case A_rc_force_role:
14184 value->rc_force_role = aci.rc_force_role;
14185 break;
14186 default:
14187 err = -RSBAC_EINVALIDATTR;
14188 }
14189 }
14190 break;
14191 #endif
14192
14193 #if defined(CONFIG_RSBAC_AUTH)
14194 case AUTH:
14195 {
14196 struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI;
14197
14198 rsbac_ta_list_get_data_ttl(ta_number,
14199 process_handles.auth,
14200 NULL,
14201 &tid_p->process,
14202 &aci);
14203 switch (attr)
14204 {
14205 case A_auth_may_setuid:
14206 value->auth_may_setuid = aci.auth_may_setuid;
14207 break;
14208 case A_auth_may_set_cap:
14209 value->auth_may_set_cap = aci.auth_may_set_cap;
14210 break;
14211 #if defined(CONFIG_RSBAC_AUTH_LEARN)
14212 case A_auth_program_file:
14213 value->auth_program_file = aci.auth_program_file;
14214 break;
14215 case A_auth_start_uid:
14216 value->auth_start_uid = aci.auth_start_uid;
14217 break;
14218 case A_auth_learn:
14219 value->auth_learn = aci.auth_learn;
14220 break;
14221 #else
14222 case A_auth_learn:
14223 value->auth_learn = FALSE;
14224 break;
14225 #endif
14226 case A_auth_last_auth:
14227 value->auth_last_auth = aci.auth_last_auth;
14228 break;
14229 default:
14230 err = -RSBAC_EINVALIDATTR;
14231 }
14232 }
14233 break;
14234 #endif
14235
14236 #if defined(CONFIG_RSBAC_CAP)
14237 case CAP:
14238 {
14239 struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI;
14240
14241 rsbac_ta_list_get_data_ttl(ta_number,
14242 process_handles.cap,
14243 NULL,
14244 &tid_p->process,
14245 &aci);
14246 switch (attr)
14247 {
14248 case A_cap_process_hiding:
14249 value->cap_process_hiding = aci.cap_process_hiding;
14250 break;
14251 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
14252 case A_max_caps_user:
14253 value->max_caps_user = aci.max_caps_user;
14254 break;
14255 case A_max_caps_program:
14256 value->max_caps_program = aci.max_caps_program;
14257 break;
14258 #endif
14259 default:
14260 err = -RSBAC_EINVALIDATTR;
14261 }
14262 }
14263 break;
14264 #endif
14265
14266 #if defined(CONFIG_RSBAC_JAIL)
14267 case JAIL:
14268 {
14269 struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI;
14270
14271 rsbac_ta_list_get_data_ttl(ta_number,
14272 process_handles.jail[jail_p_hash(tid_p->process)],
14273 NULL,
14274 &tid_p->process,
14275 &aci);
14276 switch (attr)
14277 {
14278 case A_jail_id:
14279 value->jail_id = aci.id;
14280 break;
14281 case A_jail_ip:
14282 value->jail_ip = aci.ip;
14283 break;
14284 case A_jail_flags:
14285 value->jail_flags = aci.flags;
14286 break;
14287 case A_jail_max_caps:
14288 value->jail_max_caps = aci.max_caps;
14289 break;
14290 default:
14291 err = -RSBAC_EINVALIDATTR;
14292 }
14293 }
14294 break;
14295 #endif
14296
14297 #if defined(CONFIG_RSBAC_PAX)
14298 case PAX:
14299 {
14300 struct task_struct * task_p;
14301
14302 switch (attr)
14303 {
14304 case A_pax_flags:
14305 read_lock(&tasklist_lock);
14306 task_p = find_task_by_pid(tid_p->process);
14307 if(task_p)
14308 value->pax_flags = task_p->flags & RSBAC_PAX_ALL_FLAGS;
14309 else
14310 err = -RSBAC_EINVALIDTARGET;
14311 read_unlock(&tasklist_lock);
14312 break;
14313 default:
14314 err = -RSBAC_EINVALIDATTR;
14315 }
14316 }
14317 break;
14318 #endif
14319
14320 default:
14321 err = -RSBAC_EINVALIDMODULE;
14322 }
14323 return err;
14324 }
14325
14326 #ifdef CONFIG_RSBAC_UM
14327 static int get_attr_group(
14328 rsbac_list_ta_number_t ta_number,
14329 enum rsbac_switch_target_t module,
14330 enum rsbac_target_t target,
14331 union rsbac_target_id_t * tid_p,
14332 enum rsbac_attribute_t attr,
14333 union rsbac_attribute_value_t * value,
14334 rsbac_boolean_t inherit)
14335 {
14336 int err = 0;
14337
14338
14339
14340
14341
14342
14343
14344
14345 switch(module)
14346 {
14347 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14348 case RC:
14349 {
14350 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
14351 rsbac_gid_t group_desc;
14352
14353 group_desc = tid_p->group;
14354 rsbac_ta_list_get_data_ttl(ta_number,
14355 group_handles.rc,
14356 NULL,
14357 &group_desc,
14358 &type);
14359 switch (attr)
14360 {
14361 case A_rc_type:
14362 value->rc_type = type;
14363 break;
14364
14365 default:
14366 err = -RSBAC_EINVALIDATTR;
14367 }
14368 }
14369 break;
14370 #endif
14371
14372 default:
14373 err = -RSBAC_EINVALIDMODULE;
14374 }
14375
14376 return err;
14377 }
14378 #endif
14379
14380 #ifdef CONFIG_RSBAC_NET_DEV
14381 static int get_attr_netdev(
14382 rsbac_list_ta_number_t ta_number,
14383 enum rsbac_switch_target_t module,
14384 enum rsbac_target_t target,
14385 union rsbac_target_id_t * tid_p,
14386 enum rsbac_attribute_t attr,
14387 union rsbac_attribute_value_t * value,
14388 rsbac_boolean_t inherit)
14389 {
14390 int err = 0;
14391
14392
14393
14394
14395
14396
14397
14398
14399 switch(module)
14400 {
14401 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14402 case GEN:
14403 {
14404 struct rsbac_gen_netdev_aci_t aci = DEFAULT_GEN_NETDEV_ACI;
14405
14406 rsbac_ta_list_get_data_ttl(ta_number,
14407 netdev_handles.gen,
14408 NULL,
14409 &tid_p->netdev,
14410 &aci);
14411 switch (attr)
14412 {
14413 case A_log_array_low:
14414 value->log_array_low = aci.log_array_low;
14415 break;
14416 case A_log_array_high:
14417 value->log_array_high = aci.log_array_high;
14418 break;
14419 default:
14420 err = -RSBAC_EINVALIDATTR;
14421 }
14422 }
14423 break;
14424 #endif
14425 #if defined(CONFIG_RSBAC_RC)
14426 case RC:
14427 {
14428 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
14429
14430 rsbac_ta_list_get_data_ttl(ta_number,
14431 netdev_handles.rc,
14432 NULL,
14433 &tid_p->netdev,
14434 &type);
14435 switch (attr)
14436 {
14437 case A_rc_type:
14438 value->rc_type = type;
14439 break;
14440
14441 default:
14442 err = -RSBAC_EINVALIDATTR;
14443 }
14444 }
14445 break;
14446 #endif
14447
14448 default:
14449 err = -RSBAC_EINVALIDMODULE;
14450 }
14451
14452 return err;
14453 }
14454 #endif
14455
14456 #ifdef CONFIG_RSBAC_NET_OBJ
14457 static int get_attr_nettemp(
14458 rsbac_list_ta_number_t ta_number,
14459 enum rsbac_switch_target_t module,
14460 enum rsbac_target_t target,
14461 union rsbac_target_id_t * tid_p,
14462 enum rsbac_attribute_t attr,
14463 union rsbac_attribute_value_t * value,
14464 rsbac_boolean_t inherit)
14465 {
14466 int err = 0;
14467
14468
14469
14470
14471
14472
14473
14474 if( tid_p->nettemp
14475 && !rsbac_list_exist(net_temp_handle, &tid_p->nettemp)
14476 )
14477 return -RSBAC_EINVALIDTARGET;
14478 switch(module)
14479 {
14480 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14481 case GEN:
14482 {
14483 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_NETOBJ_ACI;
14484
14485 if(tid_p->nettemp)
14486 rsbac_ta_list_get_data_ttl(ta_number,
14487 nettemp_handles.gen,
14488 NULL,
14489 &tid_p->nettemp,
14490 &aci);
14491 switch (attr)
14492 {
14493 case A_log_array_low:
14494 value->log_array_low = aci.log_array_low;
14495 break;
14496 case A_log_array_high:
14497 value->log_array_high = aci.log_array_high;
14498 break;
14499 default:
14500 err = -RSBAC_EINVALIDATTR;
14501 }
14502 }
14503 break;
14504 #endif
14505 #if defined(CONFIG_RSBAC_MAC)
14506 case MAC:
14507 {
14508 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
14509
14510 rsbac_ta_list_get_data_ttl(ta_number,
14511 nettemp_handles.mac,
14512 NULL,
14513 &tid_p->nettemp,
14514 &aci);
14515 switch (attr)
14516 {
14517 case A_security_level:
14518 value->security_level = aci.sec_level;
14519 break;
14520 case A_mac_categories:
14521 value->mac_categories = aci.mac_categories;
14522 break;
14523
14524 default:
14525 err = -RSBAC_EINVALIDATTR;
14526 }
14527 }
14528 break;
14529 #endif
14530
14531 #if defined(CONFIG_RSBAC_FC)
14532 case FC:
14533 {
14534 rsbac_fc_oc_t fc_oc = RSBAC_FC_OC_ROOT_DEF;
14535
14536 rsbac_ta_list_get_data_ttl(ta_number,
14537 nettemp_handles.fc,
14538 NULL,
14539 &tid_p->nettemp,
14540 &fc_oc);
14541 switch (attr)
14542 {
14543 case A_object_category:
14544 value->object_category = fc_oc;
14545 break;
14546
14547 default:
14548 err = -RSBAC_EINVALIDATTR;
14549 }
14550 }
14551 break;
14552 #endif
14553
14554 #if defined(CONFIG_RSBAC_SIM)
14555 case SIM:
14556 {
14557 rsbac_sim_dt_t sim_dt = RSBAC_SIM_DT_ROOT_DEF;
14558
14559 rsbac_ta_list_get_data_ttl(ta_number,
14560 nettemp_handles.sim,
14561 NULL,
14562 &tid_p->nettemp,
14563 &sim_dt);
14564 switch (attr)
14565 {
14566 case A_data_type:
14567 value->data_type = sim_dt;
14568 break;
14569
14570 default:
14571 err = -RSBAC_EINVALIDATTR;
14572 }
14573 }
14574 break;
14575 #endif
14576
14577 #if defined(CONFIG_RSBAC_PM)
14578 case PM:
14579 {
14580 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
14581
14582 rsbac_ta_list_get_data_ttl(ta_number,
14583 nettemp_handles.pm,
14584 NULL,
14585 &tid_p->nettemp,
14586 &aci);
14587 switch (attr)
14588 {
14589 case A_pm_object_class:
14590 value->pm_object_class = aci.pm_object_class;
14591 break;
14592 case A_pm_ipc_purpose:
14593 value->pm_ipc_purpose = aci.pm_ipc_purpose;
14594 break;
14595 case A_pm_object_type:
14596 value->pm_object_type = aci.pm_object_type;
14597 break;
14598 default:
14599 err = -RSBAC_EINVALIDATTR;
14600 }
14601 }
14602 break;
14603 #endif
14604
14605 #if defined(CONFIG_RSBAC_RC)
14606 case RC:
14607 {
14608 struct rsbac_rc_nettemp_aci_t aci = DEFAULT_RC_NETTEMP_ACI;
14609
14610 rsbac_ta_list_get_data_ttl(ta_number,
14611 nettemp_handles.rc,
14612 NULL,
14613 &tid_p->nettemp,
14614 &aci);
14615 switch (attr)
14616 {
14617 case A_rc_type:
14618 value->rc_type = aci.netobj_type;
14619 break;
14620
14621 case A_rc_type_nt:
14622 value->rc_type = aci.nettemp_type;
14623 break;
14624
14625 default:
14626 err = -RSBAC_EINVALIDATTR;
14627 }
14628 }
14629 break;
14630 #endif
14631
14632 default:
14633 err = -RSBAC_EINVALIDMODULE;
14634 }
14635 return err;
14636 }
14637
14638 static int get_attr_netobj(
14639 rsbac_list_ta_number_t ta_number,
14640 enum rsbac_switch_target_t module,
14641 enum rsbac_target_t target,
14642 union rsbac_target_id_t * tid_p,
14643 enum rsbac_attribute_t attr,
14644 union rsbac_attribute_value_t * value,
14645 rsbac_boolean_t inherit)
14646 {
14647 int err = 0;
14648
14649
14650
14651
14652
14653
14654
14655 switch(module)
14656 {
14657 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14658 case GEN:
14659 {
14660 struct rsbac_gen_netobj_aci_t aci = DEFAULT_GEN_NETOBJ_ACI;
14661 rsbac_net_temp_id_t temp = 0;
14662
14663 switch (attr)
14664 {
14665 case A_local_log_array_low:
14666 case A_local_log_array_high:
14667 rsbac_ta_net_lookup_templates(ta_number,
14668 &tid_p->netobj,
14669 &temp,
14670 NULL);
14671 break;
14672 case A_remote_log_array_low:
14673 case A_remote_log_array_high:
14674 rsbac_ta_net_lookup_templates(ta_number,
14675 &tid_p->netobj,
14676 NULL,
14677 &temp);
14678 break;
14679
14680 default:
14681 err = -RSBAC_EINVALIDATTR;
14682 }
14683 if(temp)
14684 rsbac_ta_list_get_data_ttl(ta_number,
14685 nettemp_handles.gen,
14686 NULL,
14687 &temp,
14688 &aci);
14689 switch (attr)
14690 {
14691 case A_local_log_array_low:
14692 case A_remote_log_array_low:
14693 value->log_array_low = aci.log_array_low;
14694 break;
14695 case A_local_log_array_high:
14696 case A_remote_log_array_high:
14697 value->log_array_high = aci.log_array_high;
14698 break;
14699
14700 default:
14701 err = -RSBAC_EINVALIDATTR;
14702 }
14703 }
14704 break;
14705 #endif
14706 #if defined(CONFIG_RSBAC_MAC)
14707 case MAC:
14708 {
14709 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
14710
14711 switch(attr)
14712 {
14713 case A_local_sec_level:
14714 case A_local_mac_categories:
14715 if(rsbac_ta_list_get_data_ttl(ta_number,
14716 lnetobj_handles.mac,
14717 NULL,
14718 &tid_p->netobj.sock_p,
14719 &aci))
14720 {
14721 rsbac_net_temp_id_t temp = 0;
14722
14723 rsbac_ta_net_lookup_templates(ta_number,
14724 &tid_p->netobj,
14725 &temp,
14726 NULL);
14727 if(temp)
14728 rsbac_ta_list_get_data_ttl(ta_number,
14729 nettemp_handles.mac,
14730 NULL,
14731 &temp,
14732 &aci);
14733 }
14734 break;
14735
14736 case A_remote_sec_level:
14737 case A_remote_mac_categories:
14738 if(rsbac_ta_list_get_data_ttl(ta_number,
14739 rnetobj_handles.mac,
14740 NULL,
14741 &tid_p->netobj.sock_p,
14742 &aci))
14743 {
14744 rsbac_net_temp_id_t temp = 0;
14745
14746 rsbac_ta_net_lookup_templates(ta_number,
14747 &tid_p->netobj,
14748 NULL,
14749 &temp);
14750 if(temp)
14751 rsbac_ta_list_get_data_ttl(ta_number,
14752 nettemp_handles.mac,
14753 NULL,
14754 &temp,
14755 &aci);
14756 }
14757 break;
14758
14759 default:
14760 err = -RSBAC_EINVALIDATTR;
14761 }
14762 if(err)
14763 break;
14764 switch (attr)
14765 {
14766 case A_local_sec_level:
14767 case A_remote_sec_level:
14768 value->security_level = aci.sec_level;
14769 break;
14770 case A_local_mac_categories:
14771 case A_remote_mac_categories:
14772 value->mac_categories = aci.mac_categories;
14773 break;
14774
14775 default:
14776 err = -RSBAC_EINVALIDATTR;
14777 }
14778 }
14779 break;
14780 #endif
14781
14782 #if defined(CONFIG_RSBAC_FC)
14783 case FC:
14784 {
14785 rsbac_fc_oc_t fc_oc = RSBAC_FC_OC_ROOT_DEF;
14786
14787 switch(attr)
14788 {
14789 case A_local_object_category:
14790 if(rsbac_ta_list_get_data_ttl(ta_number,
14791 lnetobj_handles.fc,
14792 NULL,
14793 &tid_p->netobj.sock_p,
14794 &fc_oc))
14795 {
14796 rsbac_net_temp_id_t temp = 0;
14797
14798 rsbac_ta_net_lookup_templates(ta_number,
14799 &tid_p->netobj,
14800 &temp,
14801 NULL);
14802 if(temp)
14803 rsbac_ta_list_get_data_ttl(ta_number,
14804 nettemp_handles.fc,
14805 NULL,
14806 &temp,
14807 &fc_oc);
14808 }
14809 break;
14810
14811 case A_remote_object_category:
14812 if(rsbac_ta_list_get_data_ttl(ta_number,
14813 rnetobj_handles.fc,
14814 NULL,
14815 &tid_p->netobj.sock_p,
14816 &fc_oc))
14817 {
14818 rsbac_net_temp_id_t temp = 0;
14819
14820 rsbac_ta_net_lookup_templates(ta_number,
14821 &tid_p->netobj,
14822 NULL,
14823 &temp);
14824 if(temp)
14825 rsbac_ta_list_get_data_ttl(ta_number,
14826 nettemp_handles.fc,
14827 NULL,
14828 &temp,
14829 &fc_oc);
14830 }
14831 break;
14832
14833 default:
14834 err = -RSBAC_EINVALIDATTR;
14835 }
14836 if(!err)
14837 value->object_category = fc_oc;
14838 }
14839 break;
14840 #endif
14841
14842 #if defined(CONFIG_RSBAC_SIM)
14843 case SIM:
14844 {
14845 rsbac_sim_dt_t sim_dt = RSBAC_SIM_DT_ROOT_DEF;
14846
14847 switch(attr)
14848 {
14849 case A_local_data_type:
14850 if(rsbac_ta_list_get_data_ttl(ta_number,
14851 lnetobj_handles.sim,
14852 NULL,
14853 &tid_p->netobj.sock_p,
14854 &sim_dt))
14855 {
14856 rsbac_net_temp_id_t temp = 0;
14857
14858 rsbac_ta_net_lookup_templates(ta_number,
14859 &tid_p->netobj,
14860 &temp,
14861 NULL);
14862 if(temp)
14863 rsbac_ta_list_get_data_ttl(ta_number,
14864 nettemp_handles.sim,
14865 NULL,
14866 &temp,
14867 &sim_dt);
14868 }
14869 break;
14870
14871 case A_remote_data_type:
14872 if(rsbac_ta_list_get_data_ttl(ta_number,
14873 rnetobj_handles.sim,
14874 NULL,
14875 &tid_p->netobj.sock_p,
14876 &sim_dt))
14877 {
14878 rsbac_net_temp_id_t temp = 0;
14879
14880 rsbac_ta_net_lookup_templates(ta_number,
14881 &tid_p->netobj,
14882 NULL,
14883 &temp);
14884 if(temp)
14885 rsbac_ta_list_get_data_ttl(ta_number,
14886 nettemp_handles.sim,
14887 NULL,
14888 &temp,
14889 &sim_dt);
14890 }
14891 break;
14892
14893 default:
14894 err = -RSBAC_EINVALIDATTR;
14895 }
14896 if(!err)
14897 value->data_type = sim_dt;
14898 }
14899 break;
14900 #endif
14901
14902 #if defined(CONFIG_RSBAC_PM)
14903 case PM:
14904 {
14905 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
14906
14907 switch(attr)
14908 {
14909 case A_local_pm_object_class:
14910 case A_local_pm_ipc_purpose:
14911 case A_local_pm_object_type:
14912 if(rsbac_ta_list_get_data_ttl(ta_number,
14913 lnetobj_handles.pm,
14914 NULL,
14915 &tid_p->netobj.sock_p,
14916 &aci))
14917 {
14918 rsbac_net_temp_id_t temp = 0;
14919
14920 rsbac_ta_net_lookup_templates(ta_number,
14921 &tid_p->netobj,
14922 &temp,
14923 NULL);
14924 if(temp)
14925 rsbac_ta_list_get_data_ttl(ta_number,
14926 nettemp_handles.pm,
14927 NULL,
14928 &temp,
14929 &aci);
14930 }
14931 break;
14932
14933 case A_remote_pm_object_class:
14934 case A_remote_pm_ipc_purpose:
14935 case A_remote_pm_object_type:
14936 if(rsbac_ta_list_get_data_ttl(ta_number,
14937 rnetobj_handles.pm,
14938 NULL,
14939 &tid_p->netobj.sock_p,
14940 &aci))
14941 {
14942 rsbac_net_temp_id_t temp = 0;
14943
14944 rsbac_ta_net_lookup_templates(ta_number,
14945 &tid_p->netobj,
14946 NULL,
14947 &temp);
14948 if(temp)
14949 rsbac_ta_list_get_data_ttl(ta_number,
14950 nettemp_handles.pm,
14951 NULL,
14952 &temp,
14953 &aci);
14954 }
14955 break;
14956
14957 default:
14958 err = -RSBAC_EINVALIDATTR;
14959 }
14960 if(err)
14961 break;
14962 switch (attr)
14963 {
14964 case A_local_pm_object_class:
14965 case A_remote_pm_object_class:
14966 value->pm_object_class = aci.pm_object_class;
14967 break;
14968 case A_local_pm_ipc_purpose:
14969 case A_remote_pm_ipc_purpose:
14970 value->pm_ipc_purpose = aci.pm_ipc_purpose;
14971 break;
14972 case A_local_pm_object_type:
14973 case A_remote_pm_object_type:
14974 value->pm_object_type = aci.pm_object_type;
14975 break;
14976
14977 default:
14978 err = -RSBAC_EINVALIDATTR;
14979 }
14980 }
14981 break;
14982 #endif
14983
14984 #if defined(CONFIG_RSBAC_RC)
14985 case RC:
14986 {
14987 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
14988
14989 switch(attr)
14990 {
14991 case A_local_rc_type:
14992 if(rsbac_ta_list_get_data_ttl(ta_number,
14993 lnetobj_handles.rc,
14994 NULL,
14995 &tid_p->netobj.sock_p,
14996 &type))
14997 {
14998 rsbac_net_temp_id_t temp = 0;
14999 struct rsbac_rc_nettemp_aci_t aci;
15000
15001 rsbac_ta_net_lookup_templates(ta_number,
15002 &tid_p->netobj,
15003 &temp,
15004 NULL);
15005 if(temp)
15006 {
15007 if(!rsbac_ta_list_get_data_ttl(ta_number,
15008 nettemp_handles.rc,
15009 NULL,
15010 &temp,
15011 &aci))
15012 type = aci.netobj_type;
15013 }
15014 }
15015 break;
15016
15017 case A_remote_rc_type:
15018 if(rsbac_ta_list_get_data_ttl(ta_number,
15019 rnetobj_handles.rc,
15020 NULL,
15021 &tid_p->netobj.sock_p,
15022 &type))
15023 {
15024 rsbac_net_temp_id_t temp = 0;
15025 struct rsbac_rc_nettemp_aci_t aci;
15026
15027 rsbac_ta_net_lookup_templates(ta_number,
15028 &tid_p->netobj,
15029 NULL,
15030 &temp);
15031 if(temp)
15032 {
15033 if(!rsbac_ta_list_get_data_ttl(ta_number,
15034 nettemp_handles.rc,
15035 NULL,
15036 &temp,
15037 &aci))
15038 type = aci.netobj_type;
15039 }
15040 }
15041 break;
15042
15043 default:
15044 err = -RSBAC_EINVALIDATTR;
15045 }
15046 if(!err)
15047 value->rc_type = type;
15048 }
15049 break;
15050 #endif
15051
15052 default:
15053 err = -RSBAC_EINVALIDMODULE;
15054 }
15055 return err;
15056 }
15057 #endif
15058
15059
15060
15061
15062 int rsbac_ta_get_attr(
15063 rsbac_list_ta_number_t ta_number,
15064 enum rsbac_switch_target_t module,
15065 enum rsbac_target_t target,
15066 union rsbac_target_id_t tid,
15067 enum rsbac_attribute_t attr,
15068 union rsbac_attribute_value_t * value,
15069 rsbac_boolean_t inherit)
15070 {
15071 int err = 0;
15072
15073 if (!rsbac_initialized)
15074 {
15075 #ifdef CONFIG_RSBAC_RMSG
15076 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
15077 #endif
15078 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
15079 if (!rsbac_nosyslog)
15080 #endif
15081 printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
15082 return(-RSBAC_ENOTINITIALIZED);
15083 }
15084 if (!value)
15085 return(-RSBAC_EINVALIDPOINTER);
15086 if (in_interrupt())
15087 {
15088 #ifdef CONFIG_RSBAC_RMSG
15089 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
15090 #endif
15091 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
15092 if (!rsbac_nosyslog)
15093 #endif
15094 printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
15095 }
15096 #ifdef CONFIG_RSBAC_XSTATS
15097 get_attr_count[target]++;
15098 #endif
15099 switch (target)
15100 {
15101 case T_FILE:
15102 case T_DIR:
15103 case T_FIFO:
15104 case T_SYMLINK:
15105 return get_attr_fd(ta_number, module, target, &tid,
15106 attr, value, inherit);
15107
15108 case T_DEV:
15109 return get_attr_dev(ta_number, module, target, &tid,
15110 attr, value, inherit);
15111
15112 case T_IPC:
15113 return get_attr_ipc(ta_number, module, target, &tid,
15114 attr, value, inherit);
15115
15116 case T_USER:
15117 return get_attr_user(ta_number, module, target, &tid,
15118 attr, value, inherit);
15119
15120 case T_PROCESS:
15121 return get_attr_process(ta_number, module, target, &tid,
15122 attr, value, inherit);
15123
15124 #ifdef CONFIG_RSBAC_UM
15125 case T_GROUP:
15126 return get_attr_group(ta_number, module, target, &tid,
15127 attr, value, inherit);
15128 #endif
15129
15130 #ifdef CONFIG_RSBAC_NET_DEV
15131 case T_NETDEV:
15132 return get_attr_netdev(ta_number, module, target, &tid,
15133 attr, value, inherit);
15134 #endif
15135
15136 #ifdef CONFIG_RSBAC_NET_OBJ
15137 case T_NETTEMP:
15138 return get_attr_nettemp(ta_number, module, target, &tid,
15139 attr, value, inherit);
15140
15141 case T_NETOBJ:
15142 return get_attr_netobj(ta_number, module, target, &tid,
15143 attr, value, inherit);
15144 #endif
15145
15146
15147 default:
15148 return -RSBAC_EINVALIDTARGET;
15149 }
15150
15151 return err;
15152 }
15153
15154
15155
15156 static int set_attr_fd(
15157 rsbac_list_ta_number_t ta_number,
15158 enum rsbac_switch_target_t module,
15159 enum rsbac_target_t target,
15160 union rsbac_target_id_t * tid_p,
15161 enum rsbac_attribute_t attr,
15162 union rsbac_attribute_value_t * value_p)
15163 {
15164 int err = 0;
15165 struct rsbac_device_list_item_t * device_p;
15166 u_long dflags;
15167
15168
15169
15170
15171
15172
15173
15174
15175
15176 rsbac_read_lock(&device_list_head.lock, &dflags);
15177
15178
15179
15180
15181
15182
15183
15184
15185
15186
15187 device_p = lookup_device(tid_p->file.device);
15188 if (!device_p)
15189 {
15190 struct super_block * sb_p;
15191
15192 rsbac_read_unlock(&device_list_head.lock, &dflags);
15193 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15194 sb_p = user_get_super(tid_p->file.device);
15195 #else
15196 sb_p = get_super(tid_p->file.device);
15197 #endif
15198 if(sb_p)
15199 {
15200 #ifdef CONFIG_RSBAC_RMSG
15201 rsbac_printk(KERN_INFO
15202 "rsbac_set_attr(): auto-mounting device %02u:%02u\n",
15203 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
15204 #endif
15205 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
15206 if (!rsbac_nosyslog)
15207 #endif
15208 printk(KERN_INFO
15209 "rsbac_set_attr(): auto-mounting device %02u:%02u\n",
15210 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
15211 rsbac_mount(sb_p, NULL);
15212
15213 drop_super(sb_p);
15214 rsbac_read_lock(&device_list_head.lock, &dflags);
15215 device_p = lookup_device(tid_p->file.device);
15216 if (!device_p)
15217 {
15218 #ifdef CONFIG_RSBAC_RMSG
15219 rsbac_printk(KERN_WARNING
15220 "rsbac_set_attr(): unknown device %02u:%02u\n",
15221 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
15222 #endif
15223 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
15224 if (!rsbac_nosyslog)
15225 #endif
15226 printk(KERN_WARNING
15227 "rsbac_set_attr(): unknown device %02u:%02u\n",
15228 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
15229 rsbac_read_unlock(&device_list_head.lock, &dflags);
15230 return -RSBAC_EINVALIDDEV;
15231 }
15232 }
15233 else
15234 return -RSBAC_EINVALIDDEV;
15235 }
15236 switch(module)
15237 {
15238 case GEN:
15239 {
15240 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
15241
15242 rsbac_ta_list_get_data_ttl(ta_number,
15243 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
15244 NULL,
15245 &tid_p->file.inode,
15246 &aci);
15247 switch (attr)
15248 {
15249 case A_log_array_low:
15250 aci.log_array_low = value_p->log_array_low;
15251 break;
15252 case A_log_array_high:
15253 aci.log_array_high = value_p->log_array_high;
15254 break;
15255 case A_log_program_based:
15256 aci.log_program_based = value_p->log_program_based;
15257 break;
15258 case A_symlink_add_uid:
15259 aci.symlink_add_uid = value_p->symlink_add_uid;
15260 break;
15261 case A_symlink_add_mac_level:
15262 aci.symlink_add_mac_level = value_p->symlink_add_mac_level;
15263 break;
15264 case A_symlink_add_rc_role:
15265 aci.symlink_add_rc_role = value_p->symlink_add_rc_role;
15266 break;
15267 case A_linux_dac_disable:
15268 aci.linux_dac_disable = value_p->linux_dac_disable;
15269 break;
15270 case A_fake_root_uid:
15271 aci.fake_root_uid = value_p->fake_root_uid;
15272 break;
15273 case A_auid_exempt:
15274 aci.auid_exempt = value_p->auid_exempt;
15275 break;
15276 default:
15277 err = -RSBAC_EINVALIDATTR;
15278 }
15279 if(!err)
15280 {
15281 err = rsbac_ta_list_add_ttl(ta_number,
15282 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
15283 0,
15284 &tid_p->file.inode,
15285 &aci);
15286 }
15287 }
15288 break;
15289
15290 #if defined(CONFIG_RSBAC_MAC)
15291 case MAC:
15292 {
15293 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
15294
15295 rsbac_ta_list_get_data_ttl(ta_number,
15296 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
15297 NULL,
15298 &tid_p->file.inode,
15299 &aci);
15300 switch (attr)
15301 {
15302 case A_security_level:
15303 aci.sec_level = value_p->security_level;
15304 break;
15305 case A_mac_categories:
15306 aci.mac_categories = value_p->mac_categories;
15307 break;
15308 case A_mac_auto:
15309 aci.mac_auto = value_p->mac_auto;
15310 break;
15311 case A_mac_prop_trusted:
15312 aci.mac_prop_trusted = value_p->mac_prop_trusted;
15313 break;
15314 case A_mac_file_flags:
15315 aci.mac_file_flags = value_p->mac_file_flags & RSBAC_MAC_F_FLAGS;
15316 break;
15317
15318 default:
15319 err = -RSBAC_EINVALIDATTR;
15320 }
15321 if(!err)
15322 {
15323 err = rsbac_ta_list_add_ttl(ta_number,
15324 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
15325 0,
15326 &tid_p->file.inode,
15327 &aci);
15328 }
15329 }
15330 break;
15331 #endif
15332
15333 #if defined(CONFIG_RSBAC_FC)
15334 case FC:
15335 {
15336 switch (attr)
15337 {
15338 case A_object_category:
15339 err = rsbac_ta_list_add_ttl(ta_number,
15340 device_p->handles.fc[fc_fd_hash(tid_p->file.inode)],
15341 0,
15342 &tid_p->file.inode,
15343 &value_p->object_category);
15344 break;
15345
15346 default:
15347 err = -RSBAC_EINVALIDATTR;
15348 }
15349 }
15350 break;
15351 #endif
15352
15353 #if defined(CONFIG_RSBAC_SIM)
15354 case SIM:
15355 {
15356 switch (attr)
15357 {
15358 case A_data_type:
15359 err = rsbac_ta_list_add_ttl(ta_number,
15360 device_p->handles.sim[sim_fd_hash(tid_p->file.inode)],
15361 0,
15362 &tid_p->file.inode,
15363 &value_p->data_type);
15364 break;
15365
15366 default:
15367 err = -RSBAC_EINVALIDATTR;
15368 }
15369 }
15370 break;
15371 #endif
15372
15373 #if defined(CONFIG_RSBAC_PM)
15374 case PM:
15375 {
15376 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
15377
15378 rsbac_ta_list_get_data_ttl(ta_number,
15379 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
15380 NULL,
15381 &tid_p->file.inode,
15382 &aci);
15383 switch (attr)
15384 {
15385 case A_pm_object_class:
15386 aci.pm_object_class = value_p->pm_object_class;
15387 break;
15388 case A_pm_tp:
15389 aci.pm_tp = value_p->pm_tp;
15390 break;
15391 case A_pm_object_type:
15392 aci.pm_object_type = value_p->pm_object_type;
15393 break;
15394 default:
15395 err = -RSBAC_EINVALIDATTR;
15396 }
15397 if(!err)
15398 {
15399 err = rsbac_ta_list_add_ttl(ta_number,
15400 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
15401 0,
15402 &tid_p->file.inode,
15403 &aci);
15404 }
15405 }
15406 break;
15407 #endif
15408
15409 #if defined(CONFIG_RSBAC_DAZ)
15410 case DAZ:
15411 {
15412 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15413 if(attr == A_daz_scanned)
15414 {
15415 err = rsbac_list_add_ttl(device_p->handles.dazs[daz_scanned_fd_hash(tid_p->file.inode)],
15416 rsbac_daz_ttl,
15417 &tid_p->file.inode,
15418 &value_p->daz_scanned);
15419 }
15420 else
15421 #endif
15422 {
15423 struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI;
15424
15425 rsbac_ta_list_get_data_ttl(ta_number,
15426 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
15427 NULL,
15428 &tid_p->file.inode,
15429 &aci);
15430 switch (attr)
15431 {
15432 case A_daz_scanner:
15433 aci.daz_scanner = value_p->daz_scanner;
15434 break;
15435 default:
15436 err = -RSBAC_EINVALIDATTR;
15437 }
15438 if(!err)
15439 {
15440 err = rsbac_ta_list_add_ttl(ta_number,
15441 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
15442 0,
15443 &tid_p->file.inode,
15444 &aci);
15445 }
15446 }
15447 }
15448 break;
15449 #endif
15450
15451 #if defined(CONFIG_RSBAC_FF)
15452 case FF:
15453 {
15454 switch (attr)
15455 {
15456 case A_ff_flags:
15457 err = rsbac_ta_list_add_ttl(ta_number,
15458 device_p->handles.ff[ff_fd_hash(tid_p->file.inode)],
15459 0,
15460 &tid_p->file.inode,
15461 &value_p->ff_flags);
15462 break;
15463
15464 default:
15465 err = -RSBAC_EINVALIDATTR;
15466 }
15467 }
15468 break;
15469 #endif
15470
15471 #if defined(CONFIG_RSBAC_RC)
15472 case RC:
15473 {
15474 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
15475
15476 rsbac_ta_list_get_data_ttl(ta_number,
15477 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
15478 NULL,
15479 &tid_p->file.inode,
15480 &aci);
15481 switch (attr)
15482 {
15483 case A_rc_type_fd:
15484 aci.rc_type_fd = value_p->rc_type_fd;
15485 break;
15486 case A_rc_force_role:
15487 aci.rc_force_role = value_p->rc_force_role;
15488 break;
15489 case A_rc_initial_role:
15490 aci.rc_initial_role = value_p->rc_initial_role;
15491 break;
15492
15493 default:
15494 err = -RSBAC_EINVALIDATTR;
15495 }
15496 if(!err)
15497 {
15498 err = rsbac_ta_list_add_ttl(ta_number,
15499 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
15500 0,
15501 &tid_p->file.inode,
15502 &aci);
15503 }
15504 }
15505 break;
15506 #endif
15507
15508 #if defined(CONFIG_RSBAC_AUTH)
15509 case AUTH:
15510 {
15511 struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI;
15512
15513 rsbac_ta_list_get_data_ttl(ta_number,
15514 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
15515 NULL,
15516 &tid_p->file.inode,
15517 &aci);
15518 switch (attr)
15519 {
15520 case A_auth_may_setuid:
15521 aci.auth_may_setuid = value_p->auth_may_setuid;
15522 break;
15523 case A_auth_may_set_cap:
15524 aci.auth_may_set_cap = value_p->auth_may_set_cap;
15525 break;
15526 case A_auth_learn:
15527 aci.auth_learn = value_p->auth_learn;
15528 break;
15529 default:
15530 err = -RSBAC_EINVALIDATTR;
15531 }
15532 if(!err)
15533 {
15534 err = rsbac_ta_list_add_ttl(ta_number,
15535 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
15536 0,
15537 &tid_p->file.inode,
15538 &aci);
15539 }
15540 }
15541 break;
15542 #endif
15543
15544 #if defined(CONFIG_RSBAC_CAP)
15545 case CAP:
15546 {
15547 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
15548
15549 rsbac_ta_list_get_data_ttl(ta_number,
15550 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
15551 NULL,
15552 &tid_p->file.inode,
15553 &aci);
15554 switch (attr)
15555 {
15556 case A_min_caps:
15557 aci.min_caps = value_p->min_caps;
15558 break;
15559 case A_max_caps:
15560 aci.max_caps = value_p->max_caps;
15561 break;
15562 default:
15563 err = -RSBAC_EINVALIDATTR;
15564 }
15565 if(!err)
15566 {
15567 err = rsbac_ta_list_add_ttl(ta_number,
15568 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
15569 0,
15570 &tid_p->file.inode,
15571 &aci);
15572 }
15573 }
15574 break;
15575 #endif
15576
15577 #if defined(CONFIG_RSBAC_RES)
15578 case RES:
15579 {
15580 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
15581
15582 rsbac_ta_list_get_data_ttl(ta_number,
15583 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
15584 NULL,
15585 &tid_p->file.inode,
15586 &aci);
15587 switch (attr)
15588 {
15589 case A_res_min:
15590 memcpy(&aci.res_min, &value_p->res_array, sizeof(aci.res_min));
15591 break;
15592 case A_res_max:
15593 memcpy(&aci.res_max, &value_p->res_array, sizeof(aci.res_max));
15594 break;
15595 default:
15596 err = -RSBAC_EINVALIDATTR;
15597 }
15598 if(!err)
15599 {
15600 struct rsbac_res_fd_aci_t def_aci = DEFAULT_RES_FD_ACI;
15601
15602 if(memcmp(&aci, &def_aci, sizeof(aci)))
15603 err = rsbac_ta_list_add_ttl(ta_number,
15604 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
15605 0,
15606 &tid_p->file.inode,
15607 &aci);
15608 else
15609 err = rsbac_ta_list_remove(ta_number,
15610 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
15611 &tid_p->file.inode);
15612 }
15613 }
15614 break;
15615 #endif
15616
15617 #if defined(CONFIG_RSBAC_PAX)
15618 case PAX:
15619 {
15620 switch (attr)
15621 {
15622 case A_pax_flags:
15623 value_p->pax_flags &= RSBAC_PAX_ALL_FLAGS;
15624 err = rsbac_ta_list_add_ttl(ta_number,
15625 device_p->handles.pax[pax_fd_hash(tid_p->file.inode)],
15626 0,
15627 &tid_p->file.inode,
15628 &value_p->data_type);
15629 break;
15630
15631 default:
15632 err = -RSBAC_EINVALIDATTR;
15633 }
15634 }
15635 break;
15636 #endif
15637
15638 default:
15639 err = -RSBAC_EINVALIDMODULE;
15640 }
15641
15642 rsbac_read_unlock(&device_list_head.lock, &dflags);
15643
15644 return err;
15645 }
15646
15647 static int set_attr_dev(
15648 rsbac_list_ta_number_t ta_number,
15649 enum rsbac_switch_target_t module,
15650 enum rsbac_target_t target,
15651 union rsbac_target_id_t * tid_p,
15652 enum rsbac_attribute_t attr,
15653 union rsbac_attribute_value_t * value_p)
15654 {
15655 int err = 0;
15656
15657
15658
15659
15660
15661
15662
15663
15664 switch(module)
15665 {
15666 case GEN:
15667 {
15668 struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI;
15669 struct rsbac_dev_desc_t dev_desc;
15670
15671 dev_desc.type = tid_p->dev.type;
15672 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
15673 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
15674
15675 rsbac_ta_list_get_data_ttl(ta_number,
15676 dev_handles.gen,
15677 NULL,
15678 &dev_desc,
15679 &aci);
15680 switch (attr)
15681 {
15682 case A_log_array_low:
15683 aci.log_array_low = value_p->log_array_low;
15684 break;
15685 case A_log_array_high:
15686 aci.log_array_high = value_p->log_array_high;
15687 break;
15688 default:
15689 err = -RSBAC_EINVALIDATTR;
15690 }
15691 if(!err)
15692 {
15693 err = rsbac_ta_list_add_ttl(ta_number,
15694 dev_handles.gen,
15695 0,
15696 &dev_desc,
15697 &aci);
15698 }
15699 }
15700 break;
15701
15702 #if defined(CONFIG_RSBAC_MAC)
15703 case MAC:
15704 {
15705 struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI;
15706 struct rsbac_dev_desc_t dev_desc;
15707
15708 dev_desc.type = tid_p->dev.type;
15709 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
15710 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
15711
15712 rsbac_ta_list_get_data_ttl(ta_number,
15713 dev_handles.mac,
15714 NULL,
15715 &dev_desc,
15716 &aci);
15717 switch (attr)
15718 {
15719 case A_security_level:
15720 aci.sec_level = value_p->security_level;
15721 break;
15722 case A_mac_categories:
15723 aci.mac_categories = value_p->mac_categories;
15724 break;
15725 case A_mac_check:
15726 aci.mac_check = value_p->mac_check;
15727 break;
15728 default:
15729 err = -RSBAC_EINVALIDATTR;
15730 }
15731 if(!err)
15732 {
15733 err = rsbac_ta_list_add_ttl(ta_number,
15734 dev_handles.mac,
15735 0,
15736 &dev_desc,
15737 &aci);
15738 }
15739 }
15740 break;
15741 #endif
15742
15743 #if defined(CONFIG_RSBAC_FC)
15744 case FC:
15745 {
15746 rsbac_fc_oc_t fc_oc = value_p->object_category;
15747 struct rsbac_dev_desc_t dev_desc;
15748
15749 dev_desc.type = tid_p->dev.type;
15750 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
15751 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
15752
15753 switch (attr)
15754 {
15755 case A_object_category:
15756 err = rsbac_ta_list_add_ttl(ta_number,
15757 dev_handles.fc,
15758 0,
15759 &dev_desc,
15760 &fc_oc);
15761 break;
15762 default:
15763 err = -RSBAC_EINVALIDATTR;
15764 }
15765 }
15766 break;
15767 #endif
15768
15769 #if defined(CONFIG_RSBAC_SIM)
15770 case SIM:
15771 {
15772 rsbac_sim_dt_t sim_dt = value_p->data_type;
15773 struct rsbac_dev_desc_t dev_desc;
15774
15775 dev_desc.type = tid_p->dev.type;
15776 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
15777 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
15778
15779 switch (attr)
15780 {
15781 case A_data_type:
15782 err = rsbac_ta_list_add_ttl(ta_number,
15783 dev_handles.sim,
15784 0,
15785 &dev_desc,
15786 &sim_dt);
15787 break;
15788 default:
15789 err = -RSBAC_EINVALIDATTR;
15790 }
15791 }
15792 break;
15793 #endif
15794
15795 #if defined(CONFIG_RSBAC_PM)
15796 case PM:
15797 {
15798 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
15799 struct rsbac_dev_desc_t dev_desc;
15800
15801 dev_desc.type = tid_p->dev.type;
15802 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
15803 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
15804
15805 rsbac_ta_list_get_data_ttl(ta_number,
15806 dev_handles.pm,
15807 NULL,
15808 &dev_desc,
15809 &aci);
15810 switch (attr)
15811 {
15812 case A_pm_object_type:
15813 aci.pm_object_type = value_p->pm_object_type;
15814 break;
15815 case A_pm_object_class:
15816 aci.pm_object_class = value_p->pm_object_class;
15817 break;
15818 default:
15819 err = -RSBAC_EINVALIDATTR;
15820 }
15821 if(!err)
15822 {
15823 err = rsbac_ta_list_add_ttl(ta_number,
15824 dev_handles.pm,
15825 0,
15826 &dev_desc,
15827 &aci);
15828 }
15829 }
15830 break;
15831 #endif
15832
15833 #if defined(CONFIG_RSBAC_RC)
15834 case RC:
15835 {
15836 rsbac_rc_type_id_t type = value_p->rc_type;
15837 struct rsbac_dev_desc_t dev_desc;
15838
15839 dev_desc.type = tid_p->dev.type;
15840 dev_desc.major = RSBAC_MAJOR(tid_p->dev.id);
15841 dev_desc.minor = RSBAC_MINOR(tid_p->dev.id);
15842
15843 switch (attr)
15844 {
15845 case A_rc_type:
15846 err = rsbac_ta_list_add_ttl(ta_number,
15847 dev_handles.rc,
15848 0,
15849 &dev_desc,
15850 &type);
15851 break;
15852 default:
15853 err = -RSBAC_EINVALIDATTR;
15854 }
15855 }
15856 break;
15857 #endif
15858
15859 default:
15860 err = -RSBAC_EINVALIDMODULE;
15861 }
15862
15863 return err;
15864 }
15865
15866 static int set_attr_ipc(
15867 rsbac_list_ta_number_t ta_number,
15868 enum rsbac_switch_target_t module,
15869 enum rsbac_target_t target,
15870 union rsbac_target_id_t * tid_p,
15871 enum rsbac_attribute_t attr,
15872 union rsbac_attribute_value_t * value_p)
15873 {
15874 int err = 0;
15875
15876
15877
15878
15879
15880
15881
15882 switch(module)
15883 {
15884 #if defined(CONFIG_RSBAC_MAC)
15885 case MAC:
15886 {
15887 struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI;
15888
15889 rsbac_ta_list_get_data_ttl(ta_number,
15890 ipc_handles.mac,
15891 NULL,
15892 &tid_p->ipc,
15893 &aci);
15894 switch (attr)
15895 {
15896 case A_security_level:
15897 aci.sec_level = value_p->security_level;
15898 break;
15899 case A_mac_categories:
15900 aci.mac_categories = value_p->mac_categories;
15901 break;
15902 default:
15903 err = -RSBAC_EINVALIDATTR;
15904 }
15905 if(!err)
15906 {
15907 err = rsbac_ta_list_add_ttl(ta_number,
15908 ipc_handles.mac,
15909 0,
15910 &tid_p->ipc,
15911 &aci);
15912 }
15913 }
15914 break;
15915 #endif
15916
15917 #if defined(CONFIG_RSBAC_FC)
15918 case FC:
15919 {
15920 rsbac_fc_oc_t fc_oc = value_p->object_category;
15921
15922 switch (attr)
15923 {
15924 case A_object_category:
15925 err = rsbac_ta_list_add_ttl(ta_number,
15926 ipc_handles.fc,
15927 0,
15928 &tid_p->ipc,
15929 &fc_oc);
15930 break;
15931 default:
15932 err = -RSBAC_EINVALIDATTR;
15933 }
15934 }
15935 break;
15936 #endif
15937
15938 #if defined(CONFIG_RSBAC_SIM)
15939 case SIM:
15940 {
15941 rsbac_sim_dt_t sim_dt = value_p->data_type;
15942
15943 switch (attr)
15944 {
15945 case A_data_type:
15946 err = rsbac_ta_list_add_ttl(ta_number,
15947 ipc_handles.sim,
15948 0,
15949 &tid_p->ipc,
15950 &sim_dt);
15951 break;
15952 default:
15953 err = -RSBAC_EINVALIDATTR;
15954 }
15955 }
15956 break;
15957 #endif
15958
15959 #if defined(CONFIG_RSBAC_PM)
15960 case PM:
15961 {
15962 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
15963
15964 rsbac_ta_list_get_data_ttl(ta_number,
15965 ipc_handles.pm,
15966 NULL,
15967 &tid_p->ipc,
15968 &aci);
15969 switch (attr)
15970 {
15971 case A_pm_object_type:
15972 aci.pm_object_type = value_p->pm_object_type;
15973 break;
15974 case A_pm_ipc_purpose:
15975 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
15976 break;
15977 case A_pm_object_class:
15978 aci.pm_object_class = value_p->pm_object_class;
15979 break;
15980 default:
15981 err = -RSBAC_EINVALIDATTR;
15982 }
15983 if(!err)
15984 {
15985 err = rsbac_ta_list_add_ttl(ta_number,
15986 ipc_handles.pm,
15987 0,
15988 &tid_p->ipc,
15989 &aci);
15990 }
15991 }
15992 break;
15993 #endif
15994
15995 #if defined(CONFIG_RSBAC_RC)
15996 case RC:
15997 {
15998 rsbac_rc_type_id_t type = value_p->rc_type;
15999
16000 switch (attr)
16001 {
16002 case A_rc_type:
16003 err = rsbac_ta_list_add_ttl(ta_number,
16004 ipc_handles.rc,
16005 0,
16006 &tid_p->ipc,
16007 &type);
16008 break;
16009 default:
16010 err = -RSBAC_EINVALIDATTR;
16011 }
16012 }
16013 break;
16014 #endif
16015
16016 #if defined(CONFIG_RSBAC_JAIL)
16017 case JAIL:
16018 {
16019 rsbac_jail_id_t id = value_p->jail_id;
16020
16021 switch (attr)
16022 {
16023 case A_jail_id:
16024
16025
16026
16027
16028
16029
16030
16031
16032 err = rsbac_ta_list_add_ttl(ta_number,
16033 ipc_handles.jail,
16034 0,
16035 &tid_p->ipc,
16036 &id);
16037 break;
16038 default:
16039 err = -RSBAC_EINVALIDATTR;
16040 }
16041 }
16042 break;
16043 #endif
16044
16045 default:
16046 err = -RSBAC_EINVALIDMODULE;
16047 }
16048
16049 return err;
16050 }
16051
16052 static int set_attr_user(
16053 rsbac_list_ta_number_t ta_number,
16054 enum rsbac_switch_target_t module,
16055 enum rsbac_target_t target,
16056 union rsbac_target_id_t * tid_p,
16057 enum rsbac_attribute_t attr,
16058 union rsbac_attribute_value_t * value_p)
16059 {
16060 int err = 0;
16061
16062 #ifdef CONFIG_RSBAC_DEBUG
16063
16064
16065
16066
16067
16068
16069 #endif
16070 switch(module)
16071 {
16072 case GEN:
16073 {
16074 struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI;
16075
16076 rsbac_ta_list_get_data_ttl(ta_number,
16077 user_handles.gen,
16078 NULL,
16079 &tid_p->user,
16080 &aci);
16081 switch (attr)
16082 {
16083 case A_pseudo:
16084 aci.pseudo = value_p->pseudo;
16085 break;
16086 case A_log_user_based:
16087 aci.log_user_based = value_p->log_user_based;
16088 break;
16089 default:
16090 err = -RSBAC_EINVALIDATTR;
16091 }
16092 if(!err)
16093 {
16094 err = rsbac_ta_list_add_ttl(ta_number,
16095 user_handles.gen,
16096 0,
16097 &tid_p->user,
16098 &aci);
16099 }
16100 }
16101 break;
16102
16103 #if defined(CONFIG_RSBAC_MAC)
16104 case MAC:
16105 {
16106 struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI;
16107
16108 rsbac_ta_list_get_data_ttl(ta_number,
16109 user_handles.mac,
16110 NULL,
16111 &tid_p->user,
16112 &aci);
16113 switch (attr)
16114 {
16115 case A_security_level:
16116 if(value_p->security_level < aci.min_security_level)
16117 err = -RSBAC_EINVALIDVALUE;
16118 else
16119 aci.security_level = value_p->security_level;
16120 break;
16121 case A_initial_security_level:
16122 if( (value_p->security_level < aci.min_security_level)
16123 || (value_p->security_level > aci.security_level)
16124 )
16125 err = -RSBAC_EINVALIDVALUE;
16126 else
16127 aci.initial_security_level = value_p->security_level;
16128 break;
16129 case A_min_security_level:
16130 if(value_p->security_level > aci.security_level)
16131 err = -RSBAC_EINVALIDVALUE;
16132 else
16133 aci.min_security_level = value_p->security_level;
16134 break;
16135 case A_mac_categories:
16136 if((value_p->mac_categories & aci.mac_min_categories) != aci.mac_min_categories)
16137 err = -RSBAC_EINVALIDVALUE;
16138 else
16139 aci.mac_categories = value_p->mac_categories;
16140 break;
16141 case A_mac_initial_categories:
16142 if( ((value_p->mac_categories & aci.mac_min_categories) != aci.mac_min_categories)
16143 || ((value_p->mac_categories & aci.mac_categories) != value_p->mac_categories)
16144 )
16145 err = -RSBAC_EINVALIDVALUE;
16146 else
16147 aci.mac_initial_categories = value_p->mac_categories;
16148 break;
16149 case A_mac_min_categories:
16150 if((value_p->mac_categories & aci.mac_categories) != value_p->mac_categories)
16151 err = -RSBAC_EINVALIDVALUE;
16152 else
16153 aci.mac_min_categories = value_p->mac_categories;
16154 break;
16155 case A_system_role:
16156 case A_mac_role:
16157 aci.system_role = value_p->system_role;
16158 break;
16159 case A_mac_user_flags:
16160 aci.mac_user_flags = value_p->mac_user_flags & RSBAC_MAC_U_FLAGS;
16161 break;
16162 default:
16163 err = -RSBAC_EINVALIDATTR;
16164 }
16165 if(!err)
16166 {
16167 err = rsbac_ta_list_add_ttl(ta_number,
16168 user_handles.mac,
16169 0,
16170 &tid_p->user,
16171 &aci);
16172 }
16173 }
16174 break;
16175 #endif
16176
16177 #if defined(CONFIG_RSBAC_FC)
16178 case FC:
16179 {
16180 rsbac_system_role_int_t role = value_p->system_role;
16181
16182 switch (attr)
16183 {
16184 case A_system_role:
16185 case A_fc_role:
16186 err = rsbac_ta_list_add_ttl(ta_number,
16187 user_handles.fc,
16188 0,
16189 &tid_p->user,
16190 &role);
16191 break;
16192 default:
16193 err = -RSBAC_EINVALIDATTR;
16194 }
16195 }
16196 break;
16197 #endif
16198
16199 #if defined(CONFIG_RSBAC_SIM)
16200 case SIM:
16201 {
16202 rsbac_system_role_int_t role = value_p->system_role;
16203
16204 switch (attr)
16205 {
16206 case A_system_role:
16207 case A_sim_role:
16208 err = rsbac_ta_list_add_ttl(ta_number,
16209 user_handles.sim,
16210 0,
16211 &tid_p->user,
16212 &role);
16213 break;
16214 default:
16215 err = -RSBAC_EINVALIDATTR;
16216 }
16217 }
16218 break;
16219 #endif
16220
16221 #if defined(CONFIG_RSBAC_PM)
16222 case PM:
16223 {
16224 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
16225
16226 rsbac_ta_list_get_data_ttl(ta_number,
16227 user_handles.pm,
16228 NULL,
16229 &tid_p->user,
16230 &aci);
16231 switch (attr)
16232 {
16233 case A_pm_task_set:
16234 aci.pm_task_set = value_p->pm_task_set;
16235 break;
16236 case A_pm_role:
16237 aci.pm_role = value_p->pm_role;
16238 break;
16239 default:
16240 err = -RSBAC_EINVALIDATTR;
16241 }
16242 if(!err)
16243 {
16244 err = rsbac_ta_list_add_ttl(ta_number,
16245 user_handles.pm,
16246 0,
16247 &tid_p->user,
16248 &aci);
16249 }
16250 }
16251 break;
16252 #endif
16253
16254 #if defined(CONFIG_RSBAC_DAZ)
16255 case DAZ:
16256 {
16257 rsbac_system_role_int_t role = value_p->system_role;
16258
16259 switch (attr)
16260 {
16261 case A_system_role:
16262 case A_daz_role:
16263 err = rsbac_ta_list_add_ttl(ta_number,
16264 user_handles.daz,
16265 0,
16266 &tid_p->user,
16267 &role);
16268 break;
16269 default:
16270 err = -RSBAC_EINVALIDATTR;
16271 }
16272 }
16273 break;
16274 #endif
16275
16276 #if defined(CONFIG_RSBAC_FF)
16277 case FF:
16278 {
16279 rsbac_system_role_int_t role = value_p->system_role;
16280
16281 switch (attr)
16282 {
16283 case A_system_role:
16284 case A_ff_role:
16285 err = rsbac_ta_list_add_ttl(ta_number,
16286 user_handles.ff,
16287 0,
16288 &tid_p->user,
16289 &role);
16290 break;
16291 default:
16292 err = -RSBAC_EINVALIDATTR;
16293 }
16294 }
16295 break;
16296 #endif
16297
16298 #if defined(CONFIG_RSBAC_RC)
16299 case RC:
16300 {
16301 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
16302
16303 rsbac_ta_list_get_data_ttl(ta_number,
16304 user_handles.rc,
16305 NULL,
16306 &tid_p->user,
16307 &aci);
16308 switch (attr)
16309 {
16310 case A_rc_def_role:
16311 aci.rc_role = value_p->rc_def_role;
16312 break;
16313 case A_rc_type:
16314 aci.rc_type = value_p->rc_type;
16315 break;
16316 default:
16317 err = -RSBAC_EINVALIDATTR;
16318 }
16319 if(!err)
16320 {
16321 err = rsbac_ta_list_add_ttl(ta_number,
16322 user_handles.rc,
16323 0,
16324 &tid_p->user,
16325 &aci);
16326 }
16327 }
16328 break;
16329 #endif
16330
16331 #if defined(CONFIG_RSBAC_AUTH)
16332 case AUTH:
16333 {
16334 rsbac_system_role_int_t role = value_p->system_role;
16335
16336 switch (attr)
16337 {
16338 case A_system_role:
16339 case A_auth_role:
16340 err = rsbac_ta_list_add_ttl(ta_number,
16341 user_handles.auth,
16342 0,
16343 &tid_p->user,
16344 &role);
16345 break;
16346 default:
16347 err = -RSBAC_EINVALIDATTR;
16348 }
16349 }
16350 break;
16351 #endif
16352
16353 #if defined(CONFIG_RSBAC_CAP)
16354 case CAP:
16355 {
16356 struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI;
16357
16358 rsbac_ta_list_get_data_ttl(ta_number,
16359 user_handles.cap,
16360 NULL,
16361 &tid_p->user,
16362 &aci);
16363 switch (attr)
16364 {
16365 case A_system_role:
16366 case A_cap_role:
16367 aci.cap_role = value_p->system_role;
16368 break;
16369 case A_min_caps:
16370 aci.min_caps = value_p->min_caps;
16371 break;
16372 case A_max_caps:
16373 aci.max_caps = value_p->max_caps;
16374 break;
16375 default:
16376 err = -RSBAC_EINVALIDATTR;
16377 }
16378 if(!err)
16379 {
16380 err = rsbac_ta_list_add_ttl(ta_number,
16381 user_handles.cap,
16382 0,
16383 &tid_p->user,
16384 &aci);
16385 }
16386 }
16387 break;
16388 #endif
16389
16390 #if defined(CONFIG_RSBAC_JAIL)
16391 case JAIL:
16392 {
16393 rsbac_system_role_int_t role = value_p->system_role;
16394
16395 switch (attr)
16396 {
16397 case A_system_role:
16398 case A_jail_role:
16399 err = rsbac_ta_list_add_ttl(ta_number,
16400 user_handles.jail,
16401 0,
16402 &tid_p->user,
16403 &role);
16404 break;
16405 default:
16406 err = -RSBAC_EINVALIDATTR;
16407 }
16408 }
16409 break;
16410 #endif
16411
16412 #if defined(CONFIG_RSBAC_RES)
16413 case RES:
16414 {
16415 struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI;
16416
16417 rsbac_ta_list_get_data_ttl(ta_number,
16418 user_handles.res,
16419 NULL,
16420 &tid_p->user,
16421 &aci);
16422 switch (attr)
16423 {
16424 case A_system_role:
16425 case A_res_role:
16426 aci.res_role = value_p->system_role;
16427 break;
16428 case A_res_min:
16429 memcpy(&aci.res_min, &value_p->res_array, sizeof(aci.res_min));
16430 break;
16431 case A_res_max:
16432 memcpy(&aci.res_max, &value_p->res_array, sizeof(aci.res_max));
16433 break;
16434 default:
16435 err = -RSBAC_EINVALIDATTR;
16436 }
16437 if(!err)
16438 {
16439 struct rsbac_res_user_aci_t def_aci = DEFAULT_RES_U_ACI;
16440
16441 if(tid_p->user != RSBAC_ALL_USERS)
16442 {
16443 rsbac_uid_t all_users = RSBAC_ALL_USERS;
16444
16445 rsbac_ta_list_get_data_ttl(ta_number,
16446 user_handles.res,
16447 NULL,
16448 &all_users,
16449 &def_aci);
16450 }
16451 if(memcmp(&aci, &def_aci, sizeof(aci)))
16452 err = rsbac_ta_list_add_ttl(ta_number,
16453 user_handles.res,
16454 0,
16455 &tid_p->user,
16456 &aci);
16457 else
16458 err = rsbac_ta_list_remove(ta_number,
16459 user_handles.res,
16460 &tid_p->user);
16461 }
16462 }
16463 break;
16464 #endif
16465
16466 #if defined(CONFIG_RSBAC_PAX)
16467 case PAX:
16468 {
16469 rsbac_system_role_int_t role = value_p->system_role;
16470
16471 switch (attr)
16472 {
16473 case A_system_role:
16474 case A_pax_role:
16475 err = rsbac_ta_list_add_ttl(ta_number,
16476 user_handles.pax,
16477 0,
16478 &tid_p->user,
16479 &role);
16480 break;
16481 default:
16482 err = -RSBAC_EINVALIDATTR;
16483 }
16484 }
16485 break;
16486 #endif
16487
16488 default:
16489 err = -RSBAC_EINVALIDMODULE;
16490 }
16491
16492 return err;
16493 }
16494
16495 static int set_attr_process(
16496 rsbac_list_ta_number_t ta_number,
16497 enum rsbac_switch_target_t module,
16498 enum rsbac_target_t target,
16499 union rsbac_target_id_t * tid_p,
16500 enum rsbac_attribute_t attr,
16501 union rsbac_attribute_value_t * value_p)
16502 {
16503 int err = 0;
16504
16505
16506
16507
16508
16509
16510
16511
16512 if (!tid_p->process)
16513 {
16514 #ifdef CONFIG_RSBAC_RMSG
16515 rsbac_printk(KERN_WARNING
16516 "rsbac_set_attr(): Trying to set attribute for process 0!\n");
16517 #endif
16518 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
16519 if (!rsbac_nosyslog)
16520 #endif
16521 printk(KERN_WARNING
16522 "rsbac_set_attr(): Trying to set attribute for process 0!\n");
16523 return -RSBAC_EINVALIDTARGET;
16524 }
16525 switch(module)
16526 {
16527 case GEN:
16528 {
16529 struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI;
16530
16531 rsbac_ta_list_get_data_ttl(ta_number,
16532 process_handles.gen,
16533 NULL,
16534 &tid_p->process,
16535 &aci);
16536 switch (attr)
16537 {
16538 case A_log_program_based:
16539 aci.log_program_based = value_p->log_program_based;
16540 break;
16541 case A_fake_root_uid:
16542 aci.fake_root_uid = value_p->fake_root_uid;
16543 break;
16544 case A_audit_uid:
16545 aci.audit_uid = value_p->audit_uid;
16546 break;
16547 case A_auid_exempt:
16548 aci.auid_exempt = value_p->auid_exempt;
16549 break;
16550 default:
16551 err = -RSBAC_EINVALIDATTR;
16552 }
16553 if(!err)
16554 {
16555 err = rsbac_ta_list_add_ttl(ta_number,
16556 process_handles.gen,
16557 0,
16558 &tid_p->process,
16559 &aci);
16560 }
16561 }
16562 break;
16563
16564 #if defined(CONFIG_RSBAC_MAC)
16565 case MAC:
16566 {
16567 struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI;
16568
16569 rsbac_ta_list_get_data_ttl(ta_number,
16570 process_handles.mac[mac_p_hash(tid_p->process)],
16571 NULL,
16572 &tid_p->process,
16573 &aci);
16574 switch (attr)
16575 {
16576 case A_security_level:
16577 aci.owner_sec_level = value_p->security_level;
16578 break;
16579 case A_initial_security_level:
16580 aci.owner_initial_sec_level = value_p->security_level;
16581 break;
16582 case A_min_security_level:
16583 aci.owner_min_sec_level = value_p->security_level;
16584 break;
16585 case A_mac_categories:
16586 aci.mac_owner_categories = value_p->mac_categories;
16587 break;
16588 case A_mac_initial_categories:
16589 aci.mac_owner_initial_categories = value_p->mac_categories;
16590 break;
16591 case A_mac_min_categories:
16592 aci.mac_owner_min_categories = value_p->mac_categories;
16593 break;
16594 case A_current_sec_level:
16595 aci.current_sec_level = value_p->current_sec_level;
16596 break;
16597 case A_mac_curr_categories:
16598 aci.mac_curr_categories = value_p->mac_categories;
16599 break;
16600 case A_min_write_open:
16601 aci.min_write_open = value_p->min_write_open;
16602 break;
16603 case A_min_write_categories:
16604 aci.min_write_categories = value_p->mac_categories;
16605 break;
16606 case A_max_read_open:
16607 aci.max_read_open = value_p->max_read_open;
16608 break;
16609 case A_max_read_categories:
16610 aci.max_read_categories = value_p->mac_categories;
16611 break;
16612 case A_mac_process_flags:
16613 aci.mac_process_flags = value_p->mac_process_flags & RSBAC_MAC_P_FLAGS;
16614 break;
16615 case A_mac_auto:
16616 if(value_p->mac_auto)
16617 aci.mac_process_flags |= MAC_auto;
16618 else
16619 aci.mac_process_flags &= ~MAC_auto;
16620 break;
16621 default:
16622 err = -RSBAC_EINVALIDATTR;
16623 }
16624 if(!err)
16625 {
16626 err = rsbac_ta_list_add_ttl(ta_number,
16627 process_handles.mac[mac_p_hash(tid_p->process)],
16628 0,
16629 &tid_p->process,
16630 &aci);
16631 }
16632 }
16633 break;
16634 #endif
16635
16636 #if defined(CONFIG_RSBAC_PM)
16637 case PM:
16638 {
16639 struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI;
16640
16641 rsbac_ta_list_get_data_ttl(ta_number,
16642 process_handles.pm,
16643 NULL,
16644 &tid_p->process,
16645 &aci);
16646 switch (attr)
16647 {
16648 case A_pm_tp:
16649 aci.pm_tp = value_p->pm_tp;
16650 break;
16651 case A_pm_current_task:
16652 aci.pm_current_task = value_p->pm_current_task;
16653 break;
16654 case A_pm_process_type:
16655 aci.pm_process_type = value_p->pm_process_type;
16656 break;
16657 default:
16658 err = -RSBAC_EINVALIDATTR;
16659 }
16660 if(!err)
16661 {
16662 err = rsbac_ta_list_add_ttl(ta_number,
16663 process_handles.pm,
16664 0,
16665 &tid_p->process,
16666 &aci);
16667 }
16668 }
16669 break;
16670 #endif
16671
16672 #if defined(CONFIG_RSBAC_DAZ)
16673 case DAZ:
16674 {
16675 struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI;
16676
16677 rsbac_ta_list_get_data_ttl(ta_number,
16678 process_handles.daz,
16679 NULL,
16680 &tid_p->process,
16681 &aci);
16682 switch (attr)
16683 {
16684 case A_daz_scanner:
16685 aci.daz_scanner = value_p->daz_scanner;
16686 break;
16687 default:
16688 err = -RSBAC_EINVALIDATTR;
16689 }
16690 if(!err)
16691 {
16692 err = rsbac_ta_list_add_ttl(ta_number,
16693 process_handles.daz,
16694 0,
16695 &tid_p->process,
16696 &aci);
16697 }
16698 }
16699 break;
16700 #endif
16701
16702 #if defined(CONFIG_RSBAC_RC)
16703 case RC:
16704 {
16705 struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI;
16706
16707 rsbac_ta_list_get_data_ttl(ta_number,
16708 process_handles.rc[rc_p_hash(tid_p->process)],
16709 NULL,
16710 &tid_p->process,
16711 &aci);
16712 switch (attr)
16713 {
16714 case A_rc_role:
16715 aci.rc_role = value_p->rc_role;
16716 break;
16717 case A_rc_type:
16718 aci.rc_type = value_p->rc_type;
16719 break;
16720 case A_rc_force_role:
16721 aci.rc_force_role = value_p->rc_force_role;
16722 break;
16723 default:
16724 err = -RSBAC_EINVALIDATTR;
16725 }
16726 if(!err)
16727 {
16728 err = rsbac_ta_list_add_ttl(ta_number,
16729 process_handles.rc[rc_p_hash(tid_p->process)],
16730 0,
16731 &tid_p->process,
16732 &aci);
16733 }
16734 }
16735 break;
16736 #endif
16737
16738 #if defined(CONFIG_RSBAC_AUTH)
16739 case AUTH:
16740 {
16741 struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI;
16742
16743 rsbac_ta_list_get_data_ttl(ta_number,
16744 process_handles.auth,
16745 NULL,
16746 &tid_p->process,
16747 &aci);
16748 switch (attr)
16749 {
16750 case A_auth_may_setuid:
16751 aci.auth_may_setuid = value_p->auth_may_setuid;
16752 break;
16753 case A_auth_may_set_cap:
16754 aci.auth_may_set_cap = value_p->auth_may_set_cap;
16755 break;
16756 #if defined(CONFIG_RSBAC_AUTH_LEARN)
16757 case A_auth_program_file:
16758 aci.auth_program_file = value_p->auth_program_file;
16759 break;
16760 case A_auth_start_uid:
16761 aci.auth_start_uid = value_p->auth_start_uid;
16762 break;
16763 case A_auth_learn:
16764 aci.auth_learn = value_p->auth_learn;
16765 break;
16766 #endif
16767 case A_auth_last_auth:
16768 aci.auth_last_auth = value_p->auth_last_auth;
16769 break;
16770 default:
16771 err = -RSBAC_EINVALIDATTR;
16772 }
16773 if(!err)
16774 {
16775 err = rsbac_ta_list_add_ttl(ta_number,
16776 process_handles.auth,
16777 0,
16778 &tid_p->process,
16779 &aci);
16780 }
16781 }
16782 break;
16783 #endif
16784
16785 #if defined(CONFIG_RSBAC_CAP)
16786 case CAP:
16787 {
16788 struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI;
16789
16790 rsbac_ta_list_get_data_ttl(ta_number,
16791 process_handles.cap,
16792 NULL,
16793 &tid_p->process,
16794 &aci);
16795 switch (attr)
16796 {
16797 case A_cap_process_hiding:
16798 aci.cap_process_hiding = value_p->cap_process_hiding;
16799 break;
16800 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
16801 case A_max_caps_user:
16802 aci.max_caps_user = value_p->max_caps_user;
16803 break;
16804 case A_max_caps_program:
16805 aci.max_caps_program = value_p->max_caps_program;
16806 break;
16807 #endif
16808 default:
16809 err = -RSBAC_EINVALIDATTR;
16810 }
16811 if(!err)
16812 {
16813 err = rsbac_ta_list_add_ttl(ta_number,
16814 process_handles.cap,
16815 0,
16816 &tid_p->process,
16817 &aci);
16818 }
16819 }
16820 break;
16821 #endif
16822
16823 #if defined(CONFIG_RSBAC_JAIL)
16824 case JAIL:
16825 {
16826 struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI;
16827
16828 rsbac_ta_list_get_data_ttl(ta_number,
16829 process_handles.jail[jail_p_hash(tid_p->process)],
16830 NULL,
16831 &tid_p->process,
16832 &aci);
16833 switch (attr)
16834 {
16835 case A_jail_id:
16836 aci.id = value_p->jail_id;
16837 break;
16838 case A_jail_ip:
16839 aci.ip = value_p->jail_ip;
16840 break;
16841 case A_jail_flags:
16842 aci.flags = value_p->jail_flags;
16843 break;
16844 case A_jail_max_caps:
16845 aci.max_caps = value_p->jail_max_caps;
16846 break;
16847 default:
16848 err = -RSBAC_EINVALIDATTR;
16849 }
16850 if(!err)
16851 {
16852 err = rsbac_ta_list_add_ttl(ta_number,
16853 process_handles.jail[jail_p_hash(tid_p->process)],
16854 0,
16855 &tid_p->process,
16856 &aci);
16857 }
16858 }
16859 break;
16860 #endif
16861
16862 default:
16863 err = -RSBAC_EINVALIDMODULE;
16864 }
16865
16866 return err;
16867 }
16868
16869 #ifdef CONFIG_RSBAC_UM
16870 static int set_attr_group(
16871 rsbac_list_ta_number_t ta_number,
16872 enum rsbac_switch_target_t module,
16873 enum rsbac_target_t target,
16874 union rsbac_target_id_t * tid_p,
16875 enum rsbac_attribute_t attr,
16876 union rsbac_attribute_value_t * value_p)
16877 {
16878 int err = 0;
16879
16880
16881
16882
16883
16884
16885
16886
16887 switch(module)
16888 {
16889 #if defined(CONFIG_RSBAC_RC_UM_PROT)
16890 case RC:
16891 {
16892 rsbac_rc_type_id_t type = value_p->rc_type;
16893 rsbac_gid_t group_desc;
16894
16895 group_desc = tid_p->group;
16896
16897 switch (attr)
16898 {
16899 case A_rc_type:
16900 err = rsbac_ta_list_add_ttl(ta_number,
16901 group_handles.rc,
16902 0,
16903 &group_desc,
16904 &type);
16905 break;
16906 default:
16907 err = -RSBAC_EINVALIDATTR;
16908 }
16909 }
16910 break;
16911 #endif
16912
16913 default:
16914 err = -RSBAC_EINVALIDMODULE;
16915 }
16916
16917 return err;
16918 }
16919 #endif
16920
16921 #ifdef CONFIG_RSBAC_NET_DEV
16922 static int set_attr_netdev(
16923 rsbac_list_ta_number_t ta_number,
16924 enum rsbac_switch_target_t module,
16925 enum rsbac_target_t target,
16926 union rsbac_target_id_t * tid_p,
16927 enum rsbac_attribute_t attr,
16928 union rsbac_attribute_value_t * value_p)
16929 {
16930 int err = 0;
16931
16932
16933
16934
16935
16936
16937
16938
16939 switch(module)
16940 {
16941 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
16942 case GEN:
16943 {
16944 struct rsbac_gen_netdev_aci_t aci = DEFAULT_GEN_NETDEV_ACI;
16945
16946 rsbac_ta_list_get_data_ttl(ta_number,
16947 netdev_handles.gen,
16948 NULL,
16949 &tid_p->netdev,
16950 &aci);
16951 switch (attr)
16952 {
16953 case A_log_array_low:
16954 aci.log_array_low = value_p->log_array_low;
16955 break;
16956 case A_log_array_high:
16957 aci.log_array_high = value_p->log_array_high;
16958 break;
16959 default:
16960 err = -RSBAC_EINVALIDATTR;
16961 }
16962 if(!err)
16963 {
16964 err = rsbac_ta_list_add_ttl(ta_number,
16965 netdev_handles.gen,
16966 0,
16967 &tid_p->netdev,
16968 &aci);
16969 }
16970 }
16971 break;
16972 #endif
16973 #if defined(CONFIG_RSBAC_RC)
16974 case RC:
16975 {
16976 rsbac_rc_type_id_t type = value_p->rc_type;
16977
16978 switch (attr)
16979 {
16980 case A_rc_type:
16981 err = rsbac_ta_list_add_ttl(ta_number,
16982 netdev_handles.rc,
16983 0,
16984 &tid_p->netdev,
16985 &type);
16986 break;
16987 default:
16988 err = -RSBAC_EINVALIDATTR;
16989 }
16990 }
16991 break;
16992 #endif
16993
16994 default:
16995 err = -RSBAC_EINVALIDMODULE;
16996 }
16997
16998 return err;
16999 }
17000
17001 static int set_attr_nettemp(
17002 rsbac_list_ta_number_t ta_number,
17003 enum rsbac_switch_target_t module,
17004 enum rsbac_target_t target,
17005 union rsbac_target_id_t * tid_p,
17006 enum rsbac_attribute_t attr,
17007 union rsbac_attribute_value_t * value_p)
17008 {
17009 int err = 0;
17010
17011
17012
17013
17014
17015
17016
17017 if(!rsbac_list_exist(net_temp_handle, &tid_p->nettemp))
17018 return -RSBAC_EINVALIDTARGET;
17019 switch(module)
17020 {
17021 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
17022 case GEN:
17023 {
17024 struct rsbac_gen_netobj_aci_t aci = DEFAULT_GEN_NETOBJ_ACI;
17025
17026 rsbac_ta_list_get_data_ttl(ta_number,
17027 nettemp_handles.gen,
17028 NULL,
17029 &tid_p->nettemp,
17030 &aci);
17031 switch (attr)
17032 {
17033 case A_log_array_low:
17034 aci.log_array_low = value_p->log_array_low;
17035 break;
17036 case A_log_array_high:
17037 aci.log_array_high = value_p->log_array_high;
17038 break;
17039
17040 default:
17041 err = -RSBAC_EINVALIDATTR;
17042 }
17043 if(!err)
17044 {
17045 err = rsbac_ta_list_add_ttl(ta_number,
17046 nettemp_handles.gen,
17047 0,
17048 &tid_p->nettemp,
17049 &aci);
17050 }
17051 }
17052 break;
17053 #endif
17054 #if defined(CONFIG_RSBAC_MAC)
17055 case MAC:
17056 {
17057 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
17058
17059 rsbac_ta_list_get_data_ttl(ta_number,
17060 nettemp_handles.mac,
17061 NULL,
17062 &tid_p->nettemp,
17063 &aci);
17064 switch (attr)
17065 {
17066 case A_security_level:
17067 aci.sec_level = value_p->security_level;
17068 break;
17069 case A_mac_categories:
17070 aci.mac_categories = value_p->mac_categories;
17071 break;
17072
17073 default:
17074 err = -RSBAC_EINVALIDATTR;
17075 }
17076 if(!err)
17077 {
17078 err = rsbac_ta_list_add_ttl(ta_number,
17079 nettemp_handles.mac,
17080 0,
17081 &tid_p->nettemp,
17082 &aci);
17083 }
17084 }
17085 break;
17086 #endif
17087
17088 #if defined(CONFIG_RSBAC_FC)
17089 case FC:
17090 {
17091 rsbac_fc_oc_t fc_oc = value_p->object_category;
17092
17093 err = rsbac_ta_list_add_ttl(ta_number,
17094 nettemp_handles.fc,
17095 0,
17096 &tid_p->nettemp,
17097 &fc_oc);
17098 }
17099 break;
17100 #endif
17101
17102 #if defined(CONFIG_RSBAC_SIM)
17103 case SIM:
17104 {
17105 rsbac_sim_dt_t sim_dt = value_p->data_type;
17106
17107 err = rsbac_ta_list_add_ttl(ta_number,
17108 nettemp_handles.sim,
17109 0,
17110 &tid_p->nettemp,
17111 &sim_dt);
17112 }
17113 break;
17114 #endif
17115
17116 #if defined(CONFIG_RSBAC_PM)
17117 case PM:
17118 {
17119 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
17120
17121 rsbac_ta_list_get_data_ttl(ta_number,
17122 nettemp_handles.pm,
17123 NULL,
17124 &tid_p->nettemp,
17125 &aci);
17126 switch (attr)
17127 {
17128 case A_pm_object_class:
17129 aci.pm_object_class = value_p->pm_object_class;
17130 break;
17131 case A_pm_ipc_purpose:
17132 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
17133 break;
17134 case A_pm_object_type:
17135 aci.pm_object_type = value_p->pm_object_type;
17136 break;
17137 default:
17138 err = -RSBAC_EINVALIDATTR;
17139 }
17140 if(!err)
17141 {
17142 err = rsbac_ta_list_add_ttl(ta_number,
17143 nettemp_handles.pm,
17144 0,
17145 &tid_p->nettemp,
17146 &aci);
17147 }
17148 }
17149 break;
17150 #endif
17151
17152 #if defined(CONFIG_RSBAC_RC)
17153 case RC:
17154 {
17155 struct rsbac_rc_nettemp_aci_t aci = DEFAULT_RC_NETTEMP_ACI;
17156
17157 rsbac_ta_list_get_data_ttl(ta_number,
17158 nettemp_handles.rc,
17159 NULL,
17160 &tid_p->nettemp,
17161 &aci);
17162 switch (attr)
17163 {
17164 case A_rc_type:
17165 aci.netobj_type = value_p->rc_type;
17166 break;
17167 case A_rc_type_nt:
17168 aci.nettemp_type = value_p->rc_type;
17169 break;
17170
17171 default:
17172 err = -RSBAC_EINVALIDATTR;
17173 }
17174 if(!err)
17175 {
17176 err = rsbac_ta_list_add_ttl(ta_number,
17177 nettemp_handles.rc,
17178 0,
17179 &tid_p->nettemp,
17180 &aci);
17181 }
17182 }
17183 break;
17184 #endif
17185
17186 default:
17187 err = -RSBAC_EINVALIDMODULE;
17188 }
17189
17190 return err;
17191 }
17192
17193 static int set_attr_netobj(
17194 rsbac_list_ta_number_t ta_number,
17195 enum rsbac_switch_target_t module,
17196 enum rsbac_target_t target,
17197 union rsbac_target_id_t * tid_p,
17198 enum rsbac_attribute_t attr,
17199 union rsbac_attribute_value_t * value_p)
17200 {
17201 int err = 0;
17202
17203
17204
17205
17206
17207
17208
17209 switch(module)
17210 {
17211 #if defined(CONFIG_RSBAC_MAC)
17212 case MAC:
17213 {
17214 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
17215
17216 switch(attr)
17217 {
17218 case A_local_sec_level:
17219 case A_local_mac_categories:
17220 if(rsbac_ta_list_get_data_ttl(ta_number,
17221 lnetobj_handles.mac,
17222 NULL,
17223 &tid_p->netobj.sock_p,
17224 &aci))
17225 {
17226 rsbac_net_temp_id_t temp = 0;
17227
17228 rsbac_ta_net_lookup_templates(ta_number,
17229 &tid_p->netobj,
17230 &temp,
17231 NULL);
17232 if(temp)
17233 rsbac_ta_list_get_data_ttl(ta_number,
17234 nettemp_handles.mac,
17235 NULL,
17236 &temp,
17237 &aci);
17238 }
17239 break;
17240
17241 case A_remote_sec_level:
17242 case A_remote_mac_categories:
17243 if(rsbac_ta_list_get_data_ttl(ta_number,
17244 rnetobj_handles.mac,
17245 NULL,
17246 &tid_p->netobj.sock_p,
17247 &aci))
17248 {
17249 rsbac_net_temp_id_t temp = 0;
17250
17251 rsbac_ta_net_lookup_templates(ta_number,
17252 &tid_p->netobj,
17253 NULL,
17254 &temp);
17255 if(temp)
17256 rsbac_ta_list_get_data_ttl(ta_number,
17257 nettemp_handles.mac,
17258 NULL,
17259 &temp,
17260 &aci);
17261 }
17262 break;
17263
17264 default:
17265 err = -RSBAC_EINVALIDATTR;
17266 }
17267 if(err)
17268 break;
17269 {
17270 switch (attr)
17271 {
17272 case A_local_sec_level:
17273 aci.sec_level = value_p->security_level;
17274 err = rsbac_ta_list_add_ttl(ta_number,
17275 lnetobj_handles.mac,
17276 0,
17277 &tid_p->netobj.sock_p,
17278 &aci);
17279 break;
17280 case A_remote_sec_level:
17281 aci.sec_level = value_p->security_level;
17282 err = rsbac_ta_list_add_ttl(ta_number,
17283 rnetobj_handles.mac,
17284 0,
17285 &tid_p->netobj.sock_p,
17286 &aci);
17287 break;
17288 case A_local_mac_categories:
17289 aci.mac_categories = value_p->mac_categories;
17290 err = rsbac_ta_list_add_ttl(ta_number,
17291 lnetobj_handles.mac,
17292 0,
17293 &tid_p->netobj.sock_p,
17294 &aci);
17295 break;
17296 case A_remote_mac_categories:
17297 aci.mac_categories = value_p->mac_categories;
17298 err = rsbac_ta_list_add_ttl(ta_number,
17299 rnetobj_handles.mac,
17300 0,
17301 &tid_p->netobj.sock_p,
17302 &aci);
17303 break;
17304
17305 default:
17306 err = -RSBAC_EINVALIDATTR;
17307 }
17308 }
17309 }
17310 break;
17311 #endif
17312
17313 #if defined(CONFIG_RSBAC_FC)
17314 case FC:
17315 {
17316 rsbac_fc_oc_t fc_oc = value_p->object_category;
17317
17318 switch(attr)
17319 {
17320 case A_local_object_category:
17321 err = rsbac_ta_list_add_ttl(ta_number,
17322 lnetobj_handles.fc,
17323 0,
17324 &tid_p->netobj.sock_p,
17325 &fc_oc);
17326 break;
17327
17328 case A_remote_object_category:
17329 err = rsbac_ta_list_add_ttl(ta_number,
17330 rnetobj_handles.fc,
17331 0,
17332 &tid_p->netobj.sock_p,
17333 &fc_oc);
17334 break;
17335
17336 default:
17337 err = -RSBAC_EINVALIDATTR;
17338 }
17339 }
17340 break;
17341 #endif
17342
17343 #if defined(CONFIG_RSBAC_SIM)
17344 case SIM:
17345 {
17346 rsbac_sim_dt_t sim_dt = value_p->data_type;
17347
17348 switch(attr)
17349 {
17350 case A_local_data_type:
17351 err = rsbac_ta_list_add_ttl(ta_number,
17352 lnetobj_handles.sim,
17353 0,
17354 &tid_p->netobj.sock_p,
17355 &sim_dt);
17356 break;
17357
17358 case A_remote_data_type:
17359 err = rsbac_ta_list_add_ttl(ta_number,
17360 rnetobj_handles.sim,
17361 0,
17362 &tid_p->netobj.sock_p,
17363 &sim_dt);
17364 break;
17365
17366 default:
17367 err = -RSBAC_EINVALIDATTR;
17368 }
17369 }
17370 break;
17371 #endif
17372
17373 #if defined(CONFIG_RSBAC_PM)
17374 case PM:
17375 {
17376 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
17377
17378 switch(attr)
17379 {
17380 case A_local_pm_object_class:
17381 case A_local_pm_ipc_purpose:
17382 case A_local_pm_object_type:
17383 if(rsbac_ta_list_get_data_ttl(ta_number,
17384 lnetobj_handles.pm,
17385 NULL,
17386 &tid_p->netobj.sock_p,
17387 &aci))
17388 {
17389 rsbac_net_temp_id_t temp = 0;
17390
17391 rsbac_ta_net_lookup_templates(ta_number,
17392 &tid_p->netobj,
17393 &temp,
17394 NULL);
17395 if(temp)
17396 rsbac_ta_list_get_data_ttl(ta_number,
17397 nettemp_handles.pm,
17398 NULL,
17399 &temp,
17400 &aci);
17401 }
17402 break;
17403
17404 case A_remote_pm_object_class:
17405 case A_remote_pm_ipc_purpose:
17406 case A_remote_pm_object_type:
17407 if(rsbac_ta_list_get_data_ttl(ta_number,
17408 rnetobj_handles.pm,
17409 NULL,
17410 &tid_p->netobj.sock_p,
17411 &aci))
17412 {
17413 rsbac_net_temp_id_t temp = 0;
17414
17415 rsbac_ta_net_lookup_templates(ta_number,
17416 &tid_p->netobj,
17417 NULL,
17418 &temp);
17419 if(temp)
17420 rsbac_ta_list_get_data_ttl(ta_number,
17421 nettemp_handles.pm,
17422 NULL,
17423 &temp,
17424 &aci);
17425 }
17426 break;
17427
17428 default:
17429 err = -RSBAC_EINVALIDATTR;
17430 }
17431 if(err)
17432 break;
17433 {
17434 switch (attr)
17435 {
17436 case A_local_pm_object_class:
17437 aci.pm_object_class = value_p->pm_object_class;
17438 err = rsbac_ta_list_add_ttl(ta_number,
17439 lnetobj_handles.pm,
17440 0,
17441 &tid_p->netobj.sock_p,
17442 &aci);
17443 break;
17444 case A_remote_pm_object_class:
17445 aci.pm_object_class = value_p->pm_object_class;
17446 err = rsbac_ta_list_add_ttl(ta_number,
17447 rnetobj_handles.pm,
17448 0,
17449 &tid_p->netobj.sock_p,
17450 &aci);
17451 break;
17452 case A_local_pm_ipc_purpose:
17453 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
17454 err = rsbac_ta_list_add_ttl(ta_number,
17455 lnetobj_handles.pm,
17456 0,
17457 &tid_p->netobj.sock_p,
17458 &aci);
17459 break;
17460 case A_remote_pm_ipc_purpose:
17461 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
17462 err = rsbac_ta_list_add_ttl(ta_number,
17463 rnetobj_handles.pm,
17464 0,
17465 &tid_p->netobj.sock_p,
17466 &aci);
17467 break;
17468 case A_local_pm_object_type:
17469 aci.pm_object_type = value_p->pm_object_type;
17470 err = rsbac_ta_list_add_ttl(ta_number,
17471 lnetobj_handles.pm,
17472 0,
17473 &tid_p->netobj.sock_p,
17474 &aci);
17475 break;
17476 case A_remote_pm_object_type:
17477 aci.pm_object_type = value_p->pm_object_type;
17478 err = rsbac_ta_list_add_ttl(ta_number,
17479 rnetobj_handles.pm,
17480 0,
17481 &tid_p->netobj.sock_p,
17482 &aci);
17483 break;
17484
17485 default:
17486 err = -RSBAC_EINVALIDATTR;
17487 }
17488 }
17489 }
17490 break;
17491 #endif
17492
17493 #if defined(CONFIG_RSBAC_RC)
17494 case RC:
17495 {
17496 rsbac_rc_type_id_t type = value_p->rc_type;
17497
17498 switch(attr)
17499 {
17500 case A_local_rc_type:
17501 err = rsbac_ta_list_add_ttl(ta_number,
17502 lnetobj_handles.rc,
17503 0,
17504 &tid_p->netobj.sock_p,
17505 &type);
17506 break;
17507
17508 case A_remote_rc_type:
17509 err = rsbac_ta_list_add_ttl(ta_number,
17510 rnetobj_handles.rc,
17511 0,
17512 &tid_p->netobj.sock_p,
17513 &type);
17514 break;
17515
17516 default:
17517 err = -RSBAC_EINVALIDATTR;
17518 }
17519 }
17520 break;
17521 #endif
17522
17523 default:
17524 err = -RSBAC_EINVALIDMODULE;
17525 }
17526
17527 return err;
17528 }
17529 #endif
17530
17531
17532 int rsbac_ta_set_attr(
17533 rsbac_list_ta_number_t ta_number,
17534 enum rsbac_switch_target_t module,
17535 enum rsbac_target_t target,
17536 union rsbac_target_id_t tid,
17537 enum rsbac_attribute_t attr,
17538 union rsbac_attribute_value_t value)
17539 {
17540 int err = 0;
17541
17542
17543
17544
17545
17546 if (!rsbac_initialized)
17547 {
17548 #ifdef CONFIG_RSBAC_RMSG
17549 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
17550 #endif
17551 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
17552 if (!rsbac_nosyslog)
17553 #endif
17554 printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
17555 return(-RSBAC_ENOTINITIALIZED);
17556 }
17557 if (in_interrupt())
17558 {
17559 printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n");
17560 }
17561 switch (target)
17562 {
17563 case T_FILE:
17564 case T_DIR:
17565 case T_FIFO:
17566 case T_SYMLINK:
17567 err = set_attr_fd(ta_number, module, target, &tid, attr, &value);
17568 break;
17569
17570 case T_DEV:
17571 err = set_attr_dev(ta_number, module, target, &tid, attr, &value);
17572 break;
17573
17574 case T_IPC:
17575 err = set_attr_ipc(ta_number, module, target, &tid, attr, &value);
17576 break;
17577
17578 case T_USER:
17579 err = set_attr_user(ta_number, module, target, &tid, attr, &value);
17580 break;
17581
17582 case T_PROCESS:
17583 err = set_attr_process(ta_number, module, target, &tid, attr, &value);
17584 break;
17585
17586 #ifdef CONFIG_RSBAC_UM
17587 case T_GROUP:
17588 err = set_attr_group(ta_number, module, target, &tid, attr, &value);
17589 break;
17590 #endif
17591
17592 #ifdef CONFIG_RSBAC_NET_DEV
17593 case T_NETDEV:
17594 err = set_attr_netdev(ta_number, module, target, &tid, attr, &value);
17595 break;
17596 #endif
17597
17598 #ifdef CONFIG_RSBAC_NET_OBJ
17599 case T_NETTEMP:
17600 err = set_attr_nettemp(ta_number, module, target, &tid, attr, &value);
17601 break;
17602
17603 case T_NETOBJ:
17604 err = set_attr_netobj(ta_number, module, target, &tid, attr, &value);
17605 break;
17606 #endif
17607
17608
17609 default:
17610 return(-RSBAC_EINVALIDTARGET);
17611 }
17612 #ifdef CONFIG_RSBAC_XSTATS
17613 if(!err)
17614 set_attr_count[target]++;
17615 #endif
17616 return(err);
17617 }
17618
17619
17620
17621 int rsbac_ta_remove_target(
17622 rsbac_list_ta_number_t ta_number,
17623 enum rsbac_target_t target,
17624 union rsbac_target_id_t tid)
17625 {
17626 int error=0;
17627 struct rsbac_device_list_item_t * device_p;
17628 u_long dflags;
17629
17630 if (!rsbac_initialized)
17631 {
17632 #ifdef CONFIG_RSBAC_RMSG
17633 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
17634 #endif
17635 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
17636 if (!rsbac_nosyslog)
17637 #endif
17638 printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
17639 return(-RSBAC_ENOTINITIALIZED);
17640 }
17641 if (in_interrupt())
17642 {
17643 printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n");
17644 }
17645 switch (target)
17646 {
17647 case T_FILE:
17648 case T_DIR:
17649 case T_FIFO:
17650 case T_SYMLINK:
17651
17652
17653
17654
17655
17656
17657
17658 #if defined(CONFIG_RSBAC_MAC)
17659
17660 if( (target == T_FILE)
17661 || (target == T_DIR)
17662 )
17663 error = rsbac_mac_remove_f_trusets(tid.file);
17664 #endif
17665 #if defined(CONFIG_RSBAC_AUTH)
17666
17667 if( (target == T_FILE)
17668 || (target == T_DIR)
17669 )
17670 error = rsbac_auth_remove_f_capsets(tid.file);
17671 #endif
17672 #if defined(CONFIG_RSBAC_ACL)
17673
17674 error = rsbac_acl_remove_acl(ta_number, target, tid);
17675 #endif
17676
17677 rsbac_read_lock(&device_list_head.lock, &dflags);
17678
17679
17680
17681 device_p = lookup_device(tid.file.device);
17682 if (!device_p)
17683 {
17684 struct super_block * sb_p;
17685
17686 rsbac_read_unlock(&device_list_head.lock, &dflags);
17687 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
17688 sb_p = user_get_super(tid.file.device);
17689 #else
17690 sb_p = get_super(tid.file.device);
17691 #endif
17692 if(sb_p)
17693 {
17694 #ifdef CONFIG_RSBAC_RMSG
17695 rsbac_printk(KERN_INFO
17696 "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
17697 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
17698 #endif
17699 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
17700 if (!rsbac_nosyslog)
17701 #endif
17702 printk(KERN_INFO
17703 "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
17704 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
17705 rsbac_mount(sb_p, NULL);
17706
17707 drop_super(sb_p);
17708 rsbac_read_lock(&device_list_head.lock, &dflags);
17709 device_p = lookup_device(tid.file.device);
17710 if (!device_p)
17711 {
17712 #ifdef CONFIG_RSBAC_RMSG
17713 rsbac_printk(KERN_WARNING
17714 "rsbac_remove_target(): unknown device %02u:%02u\n",
17715 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
17716 #endif
17717 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
17718 if (!rsbac_nosyslog)
17719 #endif
17720 printk(KERN_WARNING
17721 "rsbac_remove_target(): unknown device %02u:%02u\n",
17722 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
17723 rsbac_read_unlock(&device_list_head.lock, &dflags);
17724 return -RSBAC_EINVALIDDEV;
17725 }
17726 }
17727 else
17728 return -RSBAC_EINVALIDDEV;
17729 }
17730 rsbac_ta_list_remove(ta_number,
17731 device_p->handles.gen[gen_fd_hash(tid.file.inode)],
17732 &tid.file.inode);
17733 #if defined(CONFIG_RSBAC_MAC)
17734 rsbac_ta_list_remove(ta_number,
17735 device_p->handles.mac[mac_fd_hash(tid.file.inode)],
17736 &tid.file.inode);
17737 #endif
17738 #if defined(CONFIG_RSBAC_FC)
17739 rsbac_ta_list_remove(ta_number,
17740 device_p->handles.fc[fc_fd_hash(tid.file.inode)],
17741 &tid.file.inode);
17742 #endif
17743 #if defined(CONFIG_RSBAC_SIM)
17744 rsbac_ta_list_remove(ta_number,
17745 device_p->handles.sim[sim_fd_hash(tid.file.inode)],
17746 &tid.file.inode);
17747 #endif
17748 #if defined(CONFIG_RSBAC_PM)
17749 rsbac_ta_list_remove(ta_number,
17750 device_p->handles.pm[pm_fd_hash(tid.file.inode)],
17751 &tid.file.inode);
17752 #endif
17753 #if defined(CONFIG_RSBAC_DAZ)
17754 rsbac_ta_list_remove(ta_number,
17755 device_p->handles.daz[daz_fd_hash(tid.file.inode)],
17756 &tid.file.inode);
17757 #if defined(CONFIG_RSBAC_DAZ_CACHE)
17758 rsbac_ta_list_remove(ta_number,
17759 device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)],
17760 &tid.file.inode);
17761 #endif
17762 #endif
17763 #if defined(CONFIG_RSBAC_FF)
17764 rsbac_ta_list_remove(ta_number,
17765 device_p->handles.ff[ff_fd_hash(tid.file.inode)],
17766 &tid.file.inode);
17767 #endif
17768 #if defined(CONFIG_RSBAC_RC)
17769 rsbac_ta_list_remove(ta_number,
17770 device_p->handles.rc[rc_fd_hash(tid.file.inode)],
17771 &tid.file.inode);
17772 #endif
17773 #if defined(CONFIG_RSBAC_AUTH)
17774 rsbac_ta_list_remove(ta_number,
17775 device_p->handles.auth[auth_fd_hash(tid.file.inode)],
17776 &tid.file.inode);
17777 #endif
17778 #if defined(CONFIG_RSBAC_CAP)
17779 rsbac_ta_list_remove(ta_number,
17780 device_p->handles.cap[cap_fd_hash(tid.file.inode)],
17781 &tid.file.inode);
17782 #endif
17783 #if defined(CONFIG_RSBAC_PAX)
17784 rsbac_ta_list_remove(ta_number,
17785 device_p->handles.pax[pax_fd_hash(tid.file.inode)],
17786 &tid.file.inode);
17787 #endif
17788 #if defined(CONFIG_RSBAC_RES)
17789 rsbac_ta_list_remove(ta_number,
17790 device_p->handles.res[res_fd_hash(tid.file.inode)],
17791 &tid.file.inode);
17792 #endif
17793
17794
17795 rsbac_read_unlock(&device_list_head.lock, &dflags);
17796 break;
17797
17798 case T_DEV:
17799 {
17800 struct rsbac_dev_desc_t dev_desc;
17801
17802 dev_desc.type = tid.dev.type;
17803 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
17804 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
17805
17806
17807
17808
17809
17810
17811 rsbac_ta_list_remove(ta_number,
17812 dev_handles.gen,
17813 &dev_desc);
17814 #if defined(CONFIG_RSBAC_MAC)
17815 rsbac_ta_list_remove(ta_number,
17816 dev_handles.mac,
17817 &dev_desc);
17818 #endif
17819 #if defined(CONFIG_RSBAC_FC)
17820 rsbac_ta_list_remove(ta_number,
17821 dev_handles.fc,
17822 &dev_desc);
17823 #endif
17824 #if defined(CONFIG_RSBAC_SIM)
17825 rsbac_ta_list_remove(ta_number,
17826 dev_handles.sim,
17827 &dev_desc);
17828 #endif
17829 #if defined(CONFIG_RSBAC_PM)
17830 rsbac_ta_list_remove(ta_number,
17831 dev_handles.pm,
17832 &dev_desc);
17833 #endif
17834 #if defined(CONFIG_RSBAC_RC)
17835 rsbac_ta_list_remove(ta_number,
17836 dev_handles.rc,
17837 &dev_desc);
17838 #endif
17839 }
17840 break;
17841
17842 case T_IPC:
17843
17844
17845
17846
17847
17848
17849
17850 #if defined(CONFIG_RSBAC_MAC)
17851 rsbac_ta_list_remove(ta_number,
17852 ipc_handles.mac,
17853 &tid.ipc);
17854 #endif
17855 #if defined(CONFIG_RSBAC_FC)
17856 rsbac_ta_list_remove(ta_number,
17857 ipc_handles.fc,
17858 &tid.ipc);
17859 #endif
17860 #if defined(CONFIG_RSBAC_SIM)
17861 rsbac_ta_list_remove(ta_number,
17862 ipc_handles.sim,
17863 &tid.ipc);
17864 #endif
17865 #if defined(CONFIG_RSBAC_PM)
17866 rsbac_ta_list_remove(ta_number,
17867 ipc_handles.pm,
17868 &tid.ipc);
17869 #endif
17870 #if defined(CONFIG_RSBAC_RC)
17871 rsbac_ta_list_remove(ta_number,
17872 ipc_handles.rc,
17873 &tid.ipc);
17874 #endif
17875 #if defined(CONFIG_RSBAC_JAIL)
17876 rsbac_ta_list_remove(ta_number,
17877 ipc_handles.jail,
17878 &tid.ipc);
17879 #endif
17880 break;
17881
17882 case T_USER:
17883
17884
17885
17886
17887
17888
17889 rsbac_ta_list_remove(ta_number,
17890 user_handles.gen,
17891 &tid.user);
17892 #if defined(CONFIG_RSBAC_MAC)
17893 rsbac_ta_list_remove(ta_number,
17894 user_handles.mac,
17895 &tid.user);
17896 #endif
17897 #if defined(CONFIG_RSBAC_FC)
17898 rsbac_ta_list_remove(ta_number,
17899 user_handles.fc,
17900 &tid.user);
17901 #endif
17902 #if defined(CONFIG_RSBAC_SIM)
17903 rsbac_ta_list_remove(ta_number,
17904 user_handles.sim,
17905 &tid.user);
17906 #endif
17907 #if defined(CONFIG_RSBAC_PM)
17908 rsbac_ta_list_remove(ta_number,
17909 user_handles.pm,
17910 &tid.user);
17911 #endif
17912 #if defined(CONFIG_RSBAC_DAZ)
17913 rsbac_ta_list_remove(ta_number,
17914 user_handles.daz,
17915 &tid.user);
17916 #endif
17917 #if defined(CONFIG_RSBAC_FF)
17918 rsbac_ta_list_remove(ta_number,
17919 user_handles.ff,
17920 &tid.user);
17921 #endif
17922 #if defined(CONFIG_RSBAC_RC)
17923 rsbac_ta_list_remove(ta_number,
17924 user_handles.rc,
17925 &tid.user);
17926 #endif
17927 #if defined(CONFIG_RSBAC_AUTH)
17928 rsbac_ta_list_remove(ta_number,
17929 user_handles.auth,
17930 &tid.user);
17931 #endif
17932 #if defined(CONFIG_RSBAC_CAP)
17933 rsbac_ta_list_remove(ta_number,
17934 user_handles.cap,
17935 &tid.user);
17936 #endif
17937 #if defined(CONFIG_RSBAC_JAIL)
17938 rsbac_ta_list_remove(ta_number,
17939 user_handles.jail,
17940 &tid.user);
17941 #endif
17942 #if defined(CONFIG_RSBAC_PAX)
17943 rsbac_ta_list_remove(ta_number,
17944 user_handles.pax,
17945 &tid.user);
17946 #endif
17947 #if defined(CONFIG_RSBAC_RES)
17948 rsbac_ta_list_remove(ta_number,
17949 user_handles.res,
17950 &tid.user);
17951 #endif
17952 break;
17953
17954 case T_PROCESS:
17955
17956
17957
17958
17959
17960
17961
17962 #if defined(CONFIG_RSBAC_ACL)
17963
17964 error = rsbac_acl_remove_acl(ta_number, target, tid);
17965 #endif
17966 rsbac_ta_list_remove(ta_number,
17967 process_handles.gen,
17968 &tid.process);
17969 #if defined(CONFIG_RSBAC_MAC)
17970
17971 error = rsbac_mac_remove_p_trusets(tid.process);
17972 rsbac_ta_list_remove(ta_number,
17973 process_handles.mac[mac_p_hash(tid.process)],
17974 &tid.process);
17975 #endif
17976 #if defined(CONFIG_RSBAC_PM)
17977 rsbac_ta_list_remove(ta_number,
17978 process_handles.pm,
17979 &tid.process);
17980 #endif
17981 #if defined(CONFIG_RSBAC_DAZ)
17982 rsbac_ta_list_remove(ta_number,
17983 process_handles.daz,
17984 &tid.process);
17985 #endif
17986 #if defined(CONFIG_RSBAC_RC)
17987 rsbac_ta_list_remove(ta_number,
17988 process_handles.rc[rc_p_hash(tid.process)],
17989 &tid.process);
17990 #endif
17991 #if defined(CONFIG_RSBAC_AUTH)
17992
17993 error = rsbac_auth_remove_p_capsets(tid.process);
17994 rsbac_ta_list_remove(ta_number,
17995 process_handles.auth,
17996 &tid.process);
17997 #endif
17998 #if defined(CONFIG_RSBAC_CAP)
17999 rsbac_ta_list_remove(ta_number,
18000 process_handles.cap,
18001 &tid.process);
18002 #endif
18003 #if defined(CONFIG_RSBAC_JAIL)
18004 rsbac_ta_list_remove(ta_number,
18005 process_handles.jail[jail_p_hash(tid.process)],
18006 &tid.process);
18007 #endif
18008 break;
18009
18010 #ifdef CONFIG_RSBAC_UM
18011 case T_GROUP:
18012
18013
18014
18015
18016
18017
18018
18019 #if defined(CONFIG_RSBAC_RC_UM_PROT)
18020 rsbac_ta_list_remove(ta_number,
18021 group_handles.rc,
18022 &tid.group);
18023 #endif
18024 break;
18025 #endif
18026
18027 #ifdef CONFIG_RSBAC_NET_DEV
18028 case T_NETDEV:
18029 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
18030 rsbac_ta_list_remove(ta_number,
18031 netdev_handles.gen,
18032 &tid.netdev);
18033 #endif
18034 #if defined(CONFIG_RSBAC_RC)
18035 rsbac_ta_list_remove(ta_number,
18036 netdev_handles.rc,
18037 &tid.netdev);
18038 #endif
18039 break;
18040 #endif
18041
18042 #ifdef CONFIG_RSBAC_NET_OBJ
18043 case T_NETTEMP:
18044
18045
18046
18047
18048
18049
18050
18051 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
18052 rsbac_ta_list_remove(ta_number,
18053 nettemp_handles.gen,
18054 &tid.nettemp);
18055 #endif
18056 #if defined(CONFIG_RSBAC_MAC)
18057 rsbac_ta_list_remove(ta_number,
18058 nettemp_handles.mac,
18059 &tid.nettemp);
18060 #endif
18061 #if defined(CONFIG_RSBAC_FC)
18062 rsbac_ta_list_remove(ta_number,
18063 nettemp_handles.fc,
18064 &tid.nettemp);
18065 #endif
18066 #if defined(CONFIG_RSBAC_SIM)
18067 rsbac_ta_list_remove(ta_number,
18068 nettemp_handles.sim,
18069 &tid.nettemp);
18070 #endif
18071 #if defined(CONFIG_RSBAC_PM)
18072 rsbac_ta_list_remove(ta_number,
18073 nettemp_handles.pm,
18074 &tid.nettemp);
18075 #endif
18076 #if defined(CONFIG_RSBAC_RC)
18077 rsbac_ta_list_remove(ta_number,
18078 nettemp_handles.rc,
18079 &tid.nettemp);
18080 #endif
18081 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
18082 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid);
18083 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid);
18084 #endif
18085 break;
18086
18087 case T_NETOBJ:
18088
18089
18090
18091
18092
18093
18094
18095 #if defined(CONFIG_RSBAC_MAC)
18096 rsbac_ta_list_remove(ta_number,
18097 lnetobj_handles.mac,
18098 &tid.netobj.sock_p);
18099 rsbac_ta_list_remove(ta_number,
18100 rnetobj_handles.mac,
18101 &tid.netobj.sock_p);
18102 #endif
18103 #if defined(CONFIG_RSBAC_FC)
18104 rsbac_ta_list_remove(ta_number,
18105 lnetobj_handles.fc,
18106 &tid.netobj.sock_p);
18107 rsbac_ta_list_remove(ta_number,
18108 rnetobj_handles.fc,
18109 &tid.netobj.sock_p);
18110 #endif
18111 #if defined(CONFIG_RSBAC_SIM)
18112 rsbac_ta_list_remove(ta_number,
18113 lnetobj_handles.sim,
18114 &tid.netobj.sock_p);
18115 rsbac_ta_list_remove(ta_number,
18116 rnetobj_handles.sim,
18117 &tid.netobj.sock_p);
18118 #endif
18119 #if defined(CONFIG_RSBAC_PM)
18120 rsbac_ta_list_remove(ta_number,
18121 lnetobj_handles.pm,
18122 &tid.netobj.sock_p);
18123 rsbac_ta_list_remove(ta_number,
18124 rnetobj_handles.pm,
18125 &tid.netobj.sock_p);
18126 #endif
18127 #if defined(CONFIG_RSBAC_RC)
18128 rsbac_ta_list_remove(ta_number,
18129 lnetobj_handles.rc,
18130 &tid.netobj.sock_p);
18131 rsbac_ta_list_remove(ta_number,
18132 rnetobj_handles.rc,
18133 &tid.netobj.sock_p);
18134 #endif
18135 break;
18136
18137 #endif
18138
18139 default:
18140 return(-RSBAC_EINVALIDTARGET);
18141 }
18142 #ifdef CONFIG_RSBAC_XSTATS
18143 remove_count[target]++;
18144 #endif
18145 return(error);
18146 }
18147
18148 #ifdef CONFIG_RSBAC_NET_DEV
18149 int rsbac_ta_net_list_all_netdev(rsbac_list_ta_number_t ta_number, rsbac_netdev_id_t ** id_pp)
18150 {
18151 int count=0;
18152 int tmp_count;
18153
18154 if(id_pp)
18155 {
18156 rsbac_netdev_id_t * i_id_p = NULL;
18157 char * pos = NULL;
18158 int i_count = 0;
18159 #if defined(CONFIG_RSBAC_RC)
18160 u_int i;
18161 #endif
18162
18163 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
18164 tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.gen);
18165 if(tmp_count > 0)
18166 i_count += tmp_count;
18167 #endif
18168 #if defined(CONFIG_RSBAC_RC)
18169 tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.rc);
18170 if(tmp_count > 0)
18171 i_count += tmp_count;
18172 #endif
18173 if(i_count > 0)
18174 {
18175 i_count += 20;
18176 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
18177 if(!*id_pp)
18178 return -RSBAC_ENOMEM;
18179 pos = (char *) *id_pp;
18180 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
18181 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
18182 netdev_handles.gen,
18183 (void **) &i_id_p);
18184 if(tmp_count > 0)
18185 {
18186 if(tmp_count > i_count)
18187 tmp_count = i_count;
18188 memcpy(pos, i_id_p, tmp_count * sizeof(*i_id_p));
18189 rsbac_vfree(i_id_p);
18190 count = tmp_count;
18191 i_count -= tmp_count;
18192 pos += tmp_count * sizeof(*i_id_p);
18193 }
18194 #endif
18195 #if defined(CONFIG_RSBAC_RC)
18196 if(i_count)
18197 {
18198 tmp_count = rsbac_ta_list_get_all_desc(ta_number, netdev_handles.rc, (void **) &i_id_p);
18199 if(tmp_count > 0)
18200 {
18201 if(tmp_count > i_count)
18202 tmp_count = i_count;
18203 for(i=0; i< tmp_count; i++)
18204 {
18205 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
18206 if(!rsbac_ta_list_exist(ta_number, netdev_handles.gen, &i_id_p[i]))
18207 #endif
18208 {
18209 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
18210 pos += sizeof(*i_id_p);
18211 count++;
18212 }
18213 }
18214 rsbac_vfree(i_id_p);
18215 }
18216 }
18217 #endif
18218 if(!count)
18219 rsbac_vfree(*id_pp);
18220 }
18221 }
18222 else
18223 {
18224 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
18225 tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.gen);
18226 if(tmp_count > 0)
18227 count += tmp_count;
18228 #endif
18229 #if defined(CONFIG_RSBAC_RC)
18230 tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.rc);
18231 if(tmp_count > 0)
18232 count += tmp_count;
18233 #endif
18234 }
18235 return count;
18236 }
18237 #endif
18238
18239 #ifdef CONFIG_RSBAC_NET_OBJ
18240
18241 int rsbac_net_get_id(
18242 rsbac_list_ta_number_t ta_number,
18243 struct rsbac_net_description_t * desc_p,
18244 rsbac_net_temp_id_t * id_p)
18245 {
18246 if(!rsbac_initialized)
18247 return -RSBAC_ENOTINITIALIZED;
18248 if(!id_p || !desc_p)
18249 return -RSBAC_EINVALIDPOINTER;
18250 if(rsbac_ta_list_get_desc(ta_number,
18251 net_temp_handle,
18252 id_p,
18253 desc_p,
18254 rsbac_net_compare_data)
18255 )
18256 *id_p = RSBAC_NET_UNKNOWN;
18257 return 0;
18258 }
18259
18260
18261
18262 int rsbac_ta_net_lookup_templates(
18263 rsbac_list_ta_number_t ta_number,
18264 struct rsbac_net_obj_desc_t * netobj_p,
18265 rsbac_net_temp_id_t * local_temp_p,
18266 rsbac_net_temp_id_t * remote_temp_p)
18267 {
18268 struct rsbac_net_description_t * rsbac_net_desc_p;
18269 int err=0;
18270 struct net_device *dev;
18271
18272 if(!netobj_p || !netobj_p->sock_p || !netobj_p->sock_p->sk || !netobj_p->sock_p->ops)
18273 return -RSBAC_EINVALIDPOINTER;
18274 if(!local_temp_p && !remote_temp_p)
18275 return -RSBAC_EINVALIDVALUE;
18276
18277 rsbac_net_desc_p = rsbac_kmalloc(sizeof(*rsbac_net_desc_p));
18278 if(!rsbac_net_desc_p)
18279 return -RSBAC_ENOMEM;
18280
18281 rsbac_net_desc_p->address_family = netobj_p->sock_p->ops->family;
18282 rsbac_net_desc_p->type = netobj_p->sock_p->type;
18283 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
18284 rsbac_net_desc_p->protocol = netobj_p->sock_p->sk->sk_protocol;
18285 if(netobj_p->sock_p->sk->sk_bound_dev_if)
18286 {
18287 dev = dev_get_by_index(netobj_p->sock_p->sk->sk_bound_dev_if);
18288 #else
18289 rsbac_net_desc_p->protocol = netobj_p->sock_p->sk->protocol;
18290 if(netobj_p->sock_p->sk->bound_dev_if)
18291 {
18292 dev = dev_get_by_index(netobj_p->sock_p->sk->bound_dev_if);
18293 #endif
18294 if(dev)
18295 {
18296 strcpy(rsbac_net_desc_p->netdev, dev->name);
18297 dev_put(dev);
18298 }
18299 else
18300 rsbac_net_desc_p->netdev[0] = RSBAC_NET_UNKNOWN;
18301 }
18302 else
18303 rsbac_net_desc_p->netdev[0] = RSBAC_NET_UNKNOWN;
18304 if(local_temp_p)
18305 {
18306 switch(rsbac_net_desc_p->address_family)
18307 {
18308 case AF_INET:
18309 if(netobj_p->local_addr)
18310 {
18311 struct sockaddr_in * addr = netobj_p->local_addr;
18312
18313 rsbac_net_desc_p->address = &addr->sin_addr.s_addr;
18314 rsbac_net_desc_p->address_len = sizeof(__u32);
18315 rsbac_net_desc_p->port = ntohs(addr->sin_port);
18316 }
18317 else
18318 {
18319 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
18320 rsbac_net_desc_p->address = &inet_sk(netobj_p->sock_p->sk)->rcv_saddr;
18321 rsbac_net_desc_p->address_len = sizeof(__u32);
18322 rsbac_net_desc_p->port = inet_sk(netobj_p->sock_p->sk)->num;
18323 #else
18324 rsbac_net_desc_p->address = &netobj_p->sock_p->sk->rcv_saddr;
18325 rsbac_net_desc_p->address_len = sizeof(__u32);
18326 rsbac_net_desc_p->port = netobj_p->sock_p->sk->num;
18327 #endif
18328 }
18329 dev = ip_dev_find(*(__u32 *)rsbac_net_desc_p->address);
18330 if(dev)
18331 {
18332 strcpy(rsbac_net_desc_p->netdev, dev->name);
18333 dev_put(dev);
18334 }
18335 break;
18336 case AF_UNIX:
18337 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
18338 if( unix_sk(netobj_p->sock_p->sk)->addr
18339 && unix_sk(netobj_p->sock_p->sk)->addr->name
18340 )
18341 {
18342 rsbac_net_desc_p->address = unix_sk(netobj_p->sock_p->sk)->addr->name[0].sun_path;
18343 rsbac_net_desc_p->address_len = unix_sk(netobj_p->sock_p->sk)->addr->len;
18344 }
18345 #else
18346 if(netobj_p->sock_p->sk->protinfo.af_unix.addr)
18347 {
18348 rsbac_net_desc_p->address = netobj_p->sock_p->sk->protinfo.af_unix.addr->name[0].sun_path;
18349 rsbac_net_desc_p->address_len = netobj_p->sock_p->sk->protinfo.af_unix.addr->len;
18350 }
18351 #endif
18352 else
18353 if(netobj_p->local_addr)
18354 {
18355 struct sockaddr_un * addr = netobj_p->local_addr;
18356
18357 if(addr->sun_path)
18358 {
18359 rsbac_net_desc_p->address = addr->sun_path;
18360 rsbac_net_desc_p->address_len = strlen(addr->sun_path);
18361 }
18362 else
18363 {
18364 rsbac_net_desc_p->address = NULL;
18365 rsbac_net_desc_p->address_len = 0;
18366 }
18367 }
18368 else
18369 {
18370 rsbac_net_desc_p->address = NULL;
18371 rsbac_net_desc_p->address_len = 0;
18372 }
18373 break;
18374
18375 default:
18376 rsbac_net_desc_p->address = NULL;
18377 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
18378 }
18379 if((err = rsbac_net_get_id(ta_number, rsbac_net_desc_p, local_temp_p)))
18380 {
18381 *local_temp_p = 0;
18382 #ifdef CONFIG_RSBAC_RMSG
18383 rsbac_printk(KERN_WARNING
18384 "rsbac_net_lookup_templates(): rsbac_net_get_id for local returned error %u\n",
18385 err);
18386 #endif
18387 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
18388 if (!rsbac_nosyslog)
18389 #endif
18390 printk(KERN_WARNING
18391 "rsbac_net_lookup_templates(): rsbac_net_get_id for local returned error %u\n",
18392 err);
18393 }
18394 #ifdef CONFIG_RSBAC_DEBUG
18395 if( rsbac_debug_ds_net
18396 && (rsbac_net_desc_p->address_family == AF_INET)
18397 )
18398 {
18399 #ifdef CONFIG_RSBAC_RMSG
18400 rsbac_printk(KERN_DEBUG
18401 "rsbac_net_lookup_templates(): user %u temp id for local is %u\n",
18402 current->uid, *local_temp_p);
18403 #endif
18404 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
18405 if (!rsbac_nosyslog)
18406 #endif
18407 printk(KERN_DEBUG
18408 "rsbac_net_lookup_templates(): user %u temp id for local is %u\n",
18409 current->uid, *local_temp_p);
18410 }
18411 #endif
18412 }
18413 if(remote_temp_p)
18414 {
18415 switch(rsbac_net_desc_p->address_family)
18416 {
18417 case AF_INET:
18418 if(netobj_p->remote_addr)
18419 {
18420 struct sockaddr_in * addr = netobj_p->remote_addr;
18421
18422 rsbac_net_desc_p->address = &addr->sin_addr.s_addr;
18423 rsbac_net_desc_p->address_len = sizeof(__u32);
18424 rsbac_net_desc_p->port = ntohs(addr->sin_port);
18425 }
18426 else
18427 {
18428 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
18429 rsbac_net_desc_p->address = &inet_sk(netobj_p->sock_p->sk)->daddr;
18430 rsbac_net_desc_p->address_len = sizeof(__u32);
18431 rsbac_net_desc_p->port = ntohs(inet_sk(netobj_p->sock_p->sk)->dport);
18432 #else
18433 rsbac_net_desc_p->address = &netobj_p->sock_p->sk->daddr;
18434 rsbac_net_desc_p->address_len = sizeof(__u32);
18435 rsbac_net_desc_p->port = ntohs(netobj_p->sock_p->sk->dport);
18436 #endif
18437 }
18438 dev = ip_dev_find(*(__u32 *)rsbac_net_desc_p->address);
18439 if(dev)
18440 {
18441 strcpy(rsbac_net_desc_p->netdev, dev->name);
18442 dev_put(dev);
18443 }
18444 break;
18445 case AF_UNIX:
18446 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
18447 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
18448 if( (unix_sk(netobj_p->sock_p->sk)->other)
18449 && (unix_sk(unix_sk(netobj_p->sock_p->sk)->other)->addr)
18450 )
18451 {
18452 rsbac_net_desc_p->address
18453 = unix_sk(unix_sk(netobj_p->sock_p->sk)->other)->addr->name;
18454 rsbac_net_desc_p->address_len
18455 = unix_sk(unix_sk(netobj_p->sock_p->sk)->other)->addr->len;
18456 }
18457 #else
18458 if( (netobj_p->sock_p->sk->protinfo.af_unix.other)
18459 && (netobj_p->sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr)
18460 )
18461 {
18462 rsbac_net_desc_p->address
18463 = netobj_p->sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr->name;
18464 rsbac_net_desc_p->address_len
18465 = netobj_p->sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr->len;
18466 }
18467 #endif
18468 else
18469 if(netobj_p->remote_addr)
18470 {
18471 struct sockaddr_un * addr = netobj_p->remote_addr;
18472
18473 if(addr->sun_path)
18474 {
18475 rsbac_net_desc_p->address = addr->sun_path;
18476 rsbac_net_desc_p->address_len = strlen(addr->sun_path);
18477 }
18478 else
18479 {
18480 rsbac_net_desc_p->address = NULL;
18481 rsbac_net_desc_p->address_len = 0;
18482 }
18483 }
18484 else
18485 {
18486 rsbac_net_desc_p->address = NULL;
18487 rsbac_net_desc_p->address_len = 0;
18488 }
18489 break;
18490
18491 default:
18492 rsbac_net_desc_p->address = NULL;
18493 rsbac_net_desc_p->address_len = 0;
18494 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
18495 }
18496 if((err = rsbac_net_get_id(ta_number, rsbac_net_desc_p, remote_temp_p)))
18497 {
18498 *remote_temp_p = 0;
18499 #ifdef CONFIG_RSBAC_RMSG
18500 rsbac_printk(KERN_WARNING
18501 "rsbac_net_lookup_templates(): rsbac_net_get_id for remote returned error %u\n",
18502 err);
18503 #endif
18504 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
18505 if (!rsbac_nosyslog)
18506 #endif
18507 printk(KERN_WARNING
18508 "rsbac_net_lookup_templates(): rsbac_net_get_id for remote returned error %u\n",
18509 err);
18510 }
18511 #ifdef CONFIG_RSBAC_DEBUG
18512 if( rsbac_debug_ds_net
18513 && (rsbac_net_desc_p->address_family == AF_INET)
18514 )
18515 {
18516 #ifdef CONFIG_RSBAC_RMSG
18517 rsbac_printk(KERN_DEBUG
18518 "rsbac_net_lookup_templates(): user %u temp id for remote is %u\n",
18519 current->uid, *remote_temp_p);
18520 #endif
18521 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
18522 if (!rsbac_nosyslog)
18523 #endif
18524 printk(KERN_DEBUG
18525 "rsbac_net_lookup_templates(): user %u temp id for remote is %u\n",
18526 current->uid, *remote_temp_p);
18527 }
18528 #endif
18529 }
18530 rsbac_kfree(rsbac_net_desc_p);
18531 return 0;
18532 }
18533
18534 void rsbac_net_obj_cleanup(rsbac_net_obj_id_t netobj)
18535 {
18536 union rsbac_target_id_t tid;
18537
18538 tid.netobj.sock_p = netobj;
18539 rsbac_remove_target(T_NETOBJ, tid);
18540 }
18541
18542 int rsbac_ta_net_template(
18543 rsbac_list_ta_number_t ta_number,
18544 enum rsbac_net_temp_syscall_t call,
18545 rsbac_net_temp_id_t id,
18546 union rsbac_net_temp_syscall_data_t * data_p)
18547 {
18548 struct rsbac_net_temp_data_t int_data = RSBAC_NET_TEMP_DEFAULT_DATA;
18549 int err;
18550
18551 switch(call)
18552 {
18553 case NTS_new_template:
18554 case NTS_check_id:
18555 break;
18556 case NTS_copy_template:
18557 err = rsbac_ta_list_get_data_ttl(ta_number,
18558 net_temp_handle,
18559 NULL,
18560 &data_p->id,
18561 &int_data);
18562 if(err)
18563 return err;
18564 break;
18565 default:
18566 err = rsbac_ta_list_get_data_ttl(ta_number,
18567 net_temp_handle,
18568 NULL,
18569 &id,
18570 &int_data);
18571 if(err)
18572 return err;
18573 }
18574
18575 switch(call)
18576 {
18577 case NTS_set_address:
18578 memcpy(&int_data.address, &data_p->address, sizeof(int_data.address));
18579 return rsbac_ta_list_add_ttl(ta_number,
18580 net_temp_handle,
18581 0,
18582 &id,
18583 &int_data);
18584 case NTS_set_address_family:
18585 int_data.address_family = data_p->address_family;
18586 return rsbac_ta_list_add_ttl(ta_number,
18587 net_temp_handle,
18588 0,
18589 &id,
18590 &int_data);
18591 case NTS_set_valid_len:
18592 int_data.valid_len = data_p->valid_len;
18593 return rsbac_ta_list_add_ttl(ta_number,
18594 net_temp_handle,
18595 0,
18596 &id,
18597 &int_data);
18598 case NTS_set_type:
18599 int_data.type = data_p->type;
18600 return rsbac_ta_list_add_ttl(ta_number,
18601 net_temp_handle,
18602 0,
18603 &id,
18604 &int_data);
18605 case NTS_set_protocol:
18606 int_data.protocol = data_p->protocol;
18607 return rsbac_ta_list_add_ttl(ta_number,
18608 net_temp_handle,
18609 0,
18610 &id,
18611 &int_data);
18612 case NTS_set_netdev:
18613 strncpy(int_data.netdev, data_p->netdev, RSBAC_IFNAMSIZ);
18614 int_data.netdev[RSBAC_IFNAMSIZ] = 0;
18615 return rsbac_ta_list_add_ttl(ta_number,
18616 net_temp_handle,
18617 0,
18618 &id,
18619 &int_data);
18620 case NTS_set_min_port:
18621 int_data.min_port = data_p->min_port;
18622 return rsbac_ta_list_add_ttl(ta_number,
18623 net_temp_handle,
18624 0,
18625 &id,
18626 &int_data);
18627 case NTS_set_max_port:
18628 int_data.max_port = data_p->max_port;
18629 return rsbac_ta_list_add_ttl(ta_number,
18630 net_temp_handle,
18631 0,
18632 &id,
18633 &int_data);
18634 case NTS_set_name:
18635 strncpy(int_data.name, data_p->name, RSBAC_NET_TEMP_NAMELEN - 1);
18636 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0;
18637 return rsbac_ta_list_add_ttl(ta_number,
18638 net_temp_handle,
18639 0,
18640 &id,
18641 &int_data);
18642 case NTS_new_template:
18643 if(rsbac_list_exist(net_temp_handle, &id))
18644 return -RSBAC_EEXISTS;
18645 strncpy(int_data.name, data_p->name, RSBAC_NET_TEMP_NAMELEN - 1);
18646 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0;
18647 return rsbac_ta_list_add_ttl(ta_number,
18648 net_temp_handle,
18649 0,
18650 &id,
18651 &int_data);
18652 case NTS_copy_template:
18653 if(rsbac_list_exist(net_temp_handle, &id))
18654 return -RSBAC_EEXISTS;
18655 return rsbac_ta_list_add_ttl(ta_number,
18656 net_temp_handle,
18657 0,
18658 &id,
18659 &int_data);
18660 case NTS_delete_template:
18661 return rsbac_ta_list_remove(ta_number, net_temp_handle, &id);
18662 case NTS_check_id:
18663 if(rsbac_ta_list_exist(ta_number, net_temp_handle, &id))
18664 {
18665 data_p->id = id;
18666 return 0;
18667 }
18668 else
18669 return -RSBAC_ENOTFOUND;
18670 case NTS_get_address:
18671 memcpy(&data_p->address, &int_data.address, sizeof(int_data.address));
18672 return 0;
18673 case NTS_get_address_family:
18674 data_p->address_family = int_data.address_family;
18675 return 0;
18676 case NTS_get_valid_len:
18677 data_p->valid_len = int_data.valid_len;
18678 return 0;
18679 case NTS_get_type:
18680 data_p->type = int_data.type;
18681 return 0;
18682 case NTS_get_protocol:
18683 data_p->protocol = int_data.protocol;
18684 return 0;
18685 case NTS_get_netdev:
18686 strncpy(data_p->netdev, int_data.netdev, RSBAC_IFNAMSIZ);
18687 return 0;
18688 case NTS_get_min_port:
18689 data_p->min_port = int_data.min_port;
18690 return 0;
18691 case NTS_get_max_port:
18692 data_p->max_port = int_data.max_port;
18693 return 0;
18694 case NTS_get_name:
18695 strcpy(data_p->name, int_data.name);
18696 return 0;
18697
18698 default:
18699 return -RSBAC_EINVALIDREQUEST;
18700 }
18701 }
18702
18703 int rsbac_ta_net_list_all_template(rsbac_list_ta_number_t ta_number, rsbac_net_temp_id_t ** id_pp)
18704 {
18705 if(id_pp)
18706 return rsbac_ta_list_get_all_desc(ta_number, net_temp_handle, (void **) id_pp);
18707 else
18708 return rsbac_ta_list_count(ta_number, net_temp_handle);
18709 }
18710
18711 int rsbac_ta_net_template_exist(rsbac_list_ta_number_t ta_number, rsbac_net_temp_id_t temp)
18712 {
18713 return rsbac_ta_list_exist(ta_number, net_temp_handle, &temp);
18714 }
18715
18716 int rsbac_net_remote_request(enum rsbac_adf_request_t request)
18717 {
18718 switch(request)
18719 {
18720 case R_ACCEPT:
18721 case R_CONNECT:
18722 case R_SEND:
18723 case R_RECEIVE:
18724 case R_READ:
18725 case R_WRITE:
18726 return TRUE;
18727
18728 default:
18729 return FALSE;
18730 }
18731 }
18732
18733 #endif
18734
18735 #if defined(CONFIG_RSBAC_DAZ)
18736 EXPORT_SYMBOL(rsbac_daz_get_ttl);
18737
18738 rsbac_time_t rsbac_daz_get_ttl(void)
18739 {
18740 #if defined(CONFIG_RSBAC_DAZ_CACHE)
18741 return rsbac_daz_ttl;
18742 #else
18743 return 0;
18744 #endif
18745 }
18746
18747 EXPORT_SYMBOL(rsbac_daz_set_ttl);
18748 void rsbac_daz_set_ttl(rsbac_time_t ttl)
18749 {
18750 #if defined(CONFIG_RSBAC_DAZ_CACHE)
18751 if(ttl)
18752 {
18753 if(ttl > RSBAC_LIST_MAX_AGE_LIMIT)
18754 ttl = RSBAC_LIST_MAX_AGE_LIMIT;
18755 rsbac_daz_ttl = ttl;
18756 }
18757 #endif
18758 }
18759
18760 EXPORT_SYMBOL(rsbac_daz_flush_cache);
18761 int rsbac_daz_flush_cache(void)
18762 {
18763 #if defined(CONFIG_RSBAC_DAZ_CACHE)
18764 struct rsbac_device_list_item_t * device_p;
18765 long dflags;
18766 u_int i;
18767
18768
18769 rsbac_read_lock(&device_list_head.lock, &dflags);
18770 device_p = device_list_head.head;
18771 while(device_p)
18772 {
18773 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
18774 rsbac_list_remove_all(device_p->handles.dazs[i]);
18775 device_p = device_p->next;
18776 }
18777 rsbac_read_unlock(&device_list_head.lock, &dflags);
18778 #endif
18779 return 0;
18780 }
18781 #endif
18782
18783
