RSBAC: /daten/src/rsbac/linux-2.4.31-rsbac-v1.2.4/rsbac/adf/reg/root

00001 /*
00002  * RSBAC REG decision module kproc_hide.
00003  *
00004  * Originally written for a Linux Journal as LSM sample module.
00005  * Rewriten for RSBAC by Michal Purzynski
00006  *
00007  * Copyright (C) 2002 Greg Kroah-Hartman <greg@kroah.com>
00008  *
00009  * Prevents any programs running with egid == 0 if a specific USB device
00010  * is not present in the system.  Yes, it can be gotten around, but is a
00011  * nice starting point for people to play with, and learn the LSM interface.
00012  *
00013  * See http://www.linuxjournal.com/article.php?sid=6279 for more information about this code.
00014  *
00015  * This program is free software; you can redistribute it and/or 
00016  * modify it under the terms of the GNU General Public License as
00017  * published by the Free Software Foundation, version 2 of the License.
00018  */
00019 
00020 #include <linux/config.h>
00021 #include <linux/module.h>
00022 #include <linux/types.h>
00023 #include <linux/kernel.h>
00024 #include <linux/string.h>
00025 #include <linux/fs.h>
00026 #include <rsbac/types.h>
00027 #include <rsbac/reg.h>
00028 #include <rsbac/adf.h>
00029 #include <rsbac/aci.h>
00030 #include <rsbac/getname.h>
00031 #include <rsbac/error.h>
00032 #include <rsbac/proc_fs.h>
00033 #include <linux/usb.h>
00034 
00035 MODULE_AUTHOR("Michal Purzynski");
00036 MODULE_DESCRIPTION("RSBAC REG root_plug decision module");
00037 MODULE_LICENSE("GPL");
00038 
00039 MODULE_PARM(vendor_id, "h");
00040 MODULE_PARM_DESC(vendor_id, "USB Vendor ID of device to look for");
00041 
00042 MODULE_PARM(product_id, "h");
00043 MODULE_PARM_DESC(product_id, "USB Product ID of device to look for");
00044 
00045 static long handle = 999999;
00046 
00047 #ifdef CONFIG_USB
00048 /* default is a generic type of usb to serial converter */
00049 static int vendor_id = 0x0557;
00050 static int product_id = 0x2008;
00051 #endif
00052 
00053 /**** Decision Functions ****/
00054 
00055 static int request_func (enum  rsbac_adf_request_t      request,
00056                         rsbac_pid_t                     owner_pid,
00057                         enum  rsbac_target_t            target,
00058                         union rsbac_target_id_t         tid,
00059                         enum  rsbac_attribute_t         attr,
00060                         union rsbac_attribute_value_t   attr_val,
00061                         rsbac_uid_t                     owner)
00062 {
00063         struct usb_device *dev = NULL;
00064       
00065 #ifdef CONFIG_USB
00066         dev = usb_find_device(vendor_id, product_id);
00067 #endif
00068 
00069         if (!dev) {
00070 
00071                 switch (request) {
00072                         case R_CHANGE_OWNER:
00073                         case R_CHANGE_GROUP:
00074                         case R_CLONE:
00075                                 switch (target) {
00076                                         case T_PROCESS:
00077                                                 switch (attr) {
00078                                                         case A_owner:
00079                                                                 switch (attr_val.owner) {
00080                                                                         case 0:
00081                                                                                 return NOT_GRANTED;
00082                                                                         default:
00083                                                                                 return DO_NOT_CARE;
00084                                                                 }
00085                                                         default:
00086                                                                 return DO_NOT_CARE;
00087                                                 }
00088                                         default:
00089                                                 return DO_NOT_CARE;
00090                                 }
00091                         default:
00092                                 return DO_NOT_CARE;
00093                 }
00094         }
00095         
00096         return DO_NOT_CARE;
00097 }
00098 
00099 /**** Init ****/
00100 
00101 int init_module(void)
00102 {
00103         struct rsbac_reg_entry_t entry;
00104 
00105         printk(KERN_INFO "RSBAC REG decision module root_plug: Initializing.\n");
00106 
00107         /* clearing registration entries */
00108         memset(&entry, 0, sizeof(entry));
00109 
00110         strcpy(entry.name, "RSBAC REG root_plug ADF module");
00111         printk(KERN_INFO "RSBAC REG decision module root_plug: REG Version: %u, Name: %s, Handle: %li\n", \
00112                                                                 RSBAC_REG_VERSION, entry.name, handle);
00113 
00114         entry.handle = handle;
00115         entry.request_func = request_func;
00116         entry.switch_on = TRUE;
00117 
00118         printk(KERN_INFO "RSBAC REG decision module root_plug: Registering to ADF.\n");
00119 
00120         if(rsbac_reg_register(RSBAC_REG_VERSION, entry) < 0) {
00121                 printk(KERN_WARNING "RSBAC REG decision module sample 1: Registering failed. Unloading.\n");
00122                 return -ENOEXEC;
00123         }
00124 
00125         printk(KERN_INFO "RSBAC REG decision module root_plug: Loaded.\n");
00126 
00127         return 0;
00128 }
00129 
00130 void cleanup_module(void)
00131 {
00132         printk(KERN_INFO "RSBAC REG decision module root_plug: Unregistering.\n");
00133         
00134         if(rsbac_reg_unregister(handle))
00135         {
00136                 printk(KERN_ERR "RSBAC REG decision module root_plug: Unregistering failed \
00137                                                 - beware of possible system failure!\n");
00138         }
00139         
00140         printk(KERN_INFO "RSBAC REG decision module root_plug: Unloaded.\n");
00141 }
00142
root_plug.c
