Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / rsbac / data_structures

rc_data_structures.c

Go to the documentation of this file.
00001 /*************************************************** */
00002 /* Rule Set Based Access Control                     */
00003 /* Implementation of RC data structures              */
00004 /* Author and (C) 1999-2005: Amon Ott <ao@rsbac.org> */
00005 /*                                                   */
00006 /* Last modified: 09/Feb/2005                        */
00007 /*************************************************** */
00008 
00009 #include <linux/string.h>
00010 #include <linux/types.h>
00011 #include <linux/fs.h>
00012 #include <linux/sched.h>
00013 #include <linux/file.h>
00014 #include <linux/mm.h>
00015 #include <linux/init.h>
00016 #include <asm/uaccess.h>
00017 #include <rsbac/aci_data_structures.h>
00018 #include <rsbac/rc_types.h>
00019 #include <rsbac/rc_data_structures.h>
00020 #include <rsbac/error.h>
00021 #include <rsbac/helpers.h>
00022 #include <rsbac/fs.h>
00023 #include <rsbac/adf.h>
00024 #include <rsbac/acl.h>
00025 #include <rsbac/getname.h>
00026 #include <rsbac/rc_getname.h>
00027 #include <rsbac/proc_fs.h>
00028 #include <rsbac/rkmem.h>
00029 #include <rsbac/request_groups.h>
00030 #include <linux/smp_lock.h>
00031 
00032 #ifdef CONFIG_RSBAC_RC_NR_ROLES
00033 #endif
00034 
00035 /************************************************************************** */
00036 /*                          Global Variables                                */
00037 /************************************************************************** */
00038 
00039 /* The following global variables are needed for access to RC data.         */
00040 
00041 static rsbac_list_handle_t role_handle = NULL;
00042 static rsbac_list_handle_t role_rc_handle = NULL;
00043 static rsbac_list_handle_t role_adr_handle = NULL;
00044 static rsbac_list_handle_t role_asr_handle = NULL;
00045 static rsbac_list_handle_t role_dfdc_handle = NULL;
00046 static rsbac_list_handle_t role_tcfd_handle = NULL;
00047 static rsbac_list_handle_t role_tcdv_handle = NULL;
00048 static rsbac_list_handle_t role_tcus_handle = NULL;
00049 static rsbac_list_handle_t role_tcpr_handle = NULL;
00050 static rsbac_list_handle_t role_tcip_handle = NULL;
00051 static rsbac_list_handle_t role_tcsc_handle = NULL;
00052 static rsbac_list_handle_t role_tcgr_handle = NULL;
00053 static rsbac_list_handle_t role_tcnd_handle = NULL;
00054 static rsbac_list_handle_t role_tcnt_handle = NULL;
00055 static rsbac_list_handle_t role_tcno_handle = NULL;
00056 
00057 static rsbac_list_handle_t type_fd_handle = NULL;
00058 static rsbac_list_handle_t type_dev_handle = NULL;
00059 static rsbac_list_handle_t type_ipc_handle = NULL;
00060 static rsbac_list_handle_t type_user_handle = NULL;
00061 static rsbac_list_handle_t type_process_handle = NULL;
00062 static rsbac_list_handle_t type_group_handle = NULL;
00063 static rsbac_list_handle_t type_netdev_handle = NULL;
00064 static rsbac_list_handle_t type_nettemp_handle = NULL;
00065 static rsbac_list_handle_t type_netobj_handle = NULL;
00066 
00067 /**************************************************/
00068 /*       Declarations of external functions       */
00069 /**************************************************/
00070 
00071 /**************************************************/
00072 /*       Declarations of internal functions       */
00073 /**************************************************/
00074 
00075 /* As some function use later defined functions, we declare those here.   */
00076 
00077 /************************************************* */
00078 /*               Internal Help functions           */
00079 /************************************************* */
00080 
00081 #ifdef CONFIG_RSBAC_INIT_DELAY
00082 static int role_conv(
00083 #else
00084 static int __init role_conv(
00085 #endif
00086         void * old_desc,
00087         void * old_data,
00088         void * new_desc,
00089         void * new_data)
00090   {
00091     struct rsbac_rc_role_entry_t * new = new_data;
00092     struct rsbac_rc_old_role_entry_t * old = old_data;
00093 
00094     memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00095     new->admin_type = old->admin_type;
00096     memcpy(new->name, old->name, RSBAC_RC_NAME_LEN);
00097     new->def_fd_create_type = old->def_fd_create_type;
00098     new->def_user_create_type = old->def_user_create_type;
00099     new->def_process_create_type = old->def_process_create_type;
00100     new->def_process_chown_type = old->def_process_chown_type;
00101     new->def_process_execute_type = old->def_process_execute_type;
00102     new->def_ipc_create_type = old->def_ipc_create_type;
00103     new->def_group_create_type = RSBAC_RC_GENERAL_TYPE;
00104     new->boot_role = old->boot_role;
00105     return 0;
00106   }
00107 
00108 #ifdef CONFIG_RSBAC_INIT_DELAY
00109 static int old_role_conv(
00110 #else
00111 static int __init old_role_conv(
00112 #endif
00113         void * old_desc,
00114         void * old_data,
00115         void * new_desc,
00116         void * new_data)
00117   {
00118     struct rsbac_rc_role_entry_t * new = new_data;
00119     struct rsbac_rc_old_role_entry_t * old = old_data;
00120 
00121     memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00122     new->admin_type = old->admin_type;
00123     memcpy(new->name, old->name, RSBAC_RC_NAME_LEN);
00124     new->def_fd_create_type = old->def_fd_create_type;
00125     new->def_user_create_type = RSBAC_RC_GENERAL_TYPE;
00126     new->def_process_create_type = old->def_process_create_type;
00127     new->def_process_chown_type = old->def_process_chown_type;
00128     new->def_process_execute_type = old->def_process_execute_type;
00129     new->def_ipc_create_type = old->def_ipc_create_type;
00130     new->def_group_create_type = RSBAC_RC_GENERAL_TYPE;
00131     new->boot_role = FALSE;
00132     return 0;
00133   }
00134 
00135 #ifdef CONFIG_RSBAC_INIT_DELAY
00136 static rsbac_list_conv_function_t * role_get_conv(rsbac_version_t old_version)
00137 #else
00138 static rsbac_list_conv_function_t * __init role_get_conv(rsbac_version_t old_version)
00139 #endif
00140   {
00141     switch(old_version)
00142       {
00143         case RSBAC_RC_ROLE_OLD_LIST_VERSION:
00144           return role_conv;
00145         case RSBAC_RC_ROLE_OLD_OLD_LIST_VERSION:
00146           return old_role_conv;
00147         default:
00148           return NULL;
00149       }
00150   }
00151 
00152 #ifdef CONFIG_RSBAC_INIT_DELAY
00153 static int tc_subconv(
00154 #else
00155 static int __init tc_subconv(
00156 #endif
00157         void * old_desc,
00158         void * old_data,
00159         void * new_desc,
00160         void * new_data)
00161   {
00162     rsbac_rc_rights_vector_t * new = new_data;
00163     rsbac_rc_rights_vector_t * old = old_data;
00164 
00165     memcpy(new_desc, old_desc, sizeof(rsbac_rc_type_id_t));
00166     *new =   (*old & RSBAC_ALL_REQUEST_VECTOR)
00167            | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_RC_SPECIAL_RIGHT_BASE - RSBAC_RC_OLD_SPECIAL_RIGHT_BASE));
00168     return 0;
00169   }
00170 
00171 #ifdef CONFIG_RSBAC_INIT_DELAY
00172 static rsbac_list_conv_function_t * tcfd_get_subconv(rsbac_version_t old_version)
00173 #else
00174 static rsbac_list_conv_function_t * __init tcfd_get_subconv(rsbac_version_t old_version)
00175 #endif
00176   {
00177     switch(old_version)
00178       {
00179         case RSBAC_RC_ROLE_TCFD_OLD_LIST_VERSION:
00180           return tc_subconv;
00181         default:
00182           return NULL;
00183       }
00184   }
00185 
00186 #ifdef CONFIG_RSBAC_INIT_DELAY
00187 static int tc_conv(
00188 #else
00189 static int __init tc_conv(
00190 #endif
00191         void * old_desc,
00192         void * old_data,
00193         void * new_desc,
00194         void * new_data)
00195   {
00196     memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00197     return 0;
00198   }
00199 
00200 #ifdef CONFIG_RSBAC_INIT_DELAY
00201 static rsbac_list_conv_function_t * tcfd_get_conv(rsbac_version_t old_version)
00202 #else
00203 static rsbac_list_conv_function_t * __init tcfd_get_conv(rsbac_version_t old_version)
00204 #endif
00205   {
00206     switch(old_version)
00207       {
00208         case RSBAC_RC_ROLE_TCFD_OLD_LIST_VERSION:
00209           return tc_conv;
00210         default:
00211           return NULL;
00212       }
00213   }
00214 
00215 #ifdef CONFIG_RSBAC_INIT_DELAY
00216 static int rsbac_rc_role_compare_data(void * data1, void * data2)
00217 #else
00218 static int __init rsbac_rc_role_compare_data(void * data1, void * data2)
00219 #endif
00220   {
00221     struct rsbac_rc_role_entry_t * role = data1;
00222 
00223     if(!data1)
00224       return 1;
00225     if(role->boot_role)
00226       return 0;
00227     else
00228       return 1;
00229   }
00230 
00231 /************************************************* */
00232 /*               proc functions                    */
00233 /************************************************* */
00234 
00235 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00236 static int
00237 stats_rc_proc_info(char *buffer, char **start, off_t offset, int length)
00238 {
00239     union rsbac_target_id_t rsbac_target_id;
00240     union rsbac_attribute_value_t rsbac_attribute_value;
00241 
00242     u_int len = 0;
00243     off_t pos   = 0;
00244     off_t begin = 0;
00245 
00246     if (!rsbac_is_initialized())
00247       {
00248         printk(KERN_WARNING "stats_rc_proc_info(): RSBAC not initialized\n");
00249         return(-RSBAC_ENOTINITIALIZED);
00250       }
00251 #ifdef CONFIG_RSBAC_DEBUG
00252     if (rsbac_debug_aef_rc)
00253       {
00254 #ifdef CONFIG_RSBAC_RMSG
00255         rsbac_printk(KERN_DEBUG "stats_rc_proc_info(): calling ADF\n");
00256 #endif
00257 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00258         if (!rsbac_nosyslog)
00259 #endif
00260         printk(KERN_DEBUG "stats_rc_proc_info(): calling ADF\n");
00261       }
00262 #endif
00263     rsbac_target_id.scd = ST_rsbac;
00264     rsbac_attribute_value.dummy = 0;
00265     if (!rsbac_adf_request(R_GET_STATUS_DATA,
00266                            current->pid,
00267                            T_SCD,
00268                            rsbac_target_id,
00269                            A_none,
00270                            rsbac_attribute_value))
00271       {
00272         return -EPERM;
00273       }
00274 
00275     len += sprintf(buffer, "RC Status\n---------\n");
00276     pos = begin + len;
00277     if (pos < offset)
00278       {
00279         len = 0;
00280         begin = pos;
00281       }
00282     if (pos > offset+length)
00283       goto out;
00284 
00285     len += sprintf(buffer + len, "Role entry size is %u, %lu entries used\n",
00286            sizeof(struct rsbac_rc_role_entry_t),
00287            rsbac_list_count(role_handle));
00288     pos = begin + len;
00289     if (pos < offset)
00290       {
00291         len = 0;
00292         begin = pos;
00293       }
00294     if (pos > offset+length)
00295       goto out;
00296 
00297     len += sprintf(buffer + len, "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, group: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
00298                    rsbac_list_count(type_fd_handle),
00299                    rsbac_list_count(type_dev_handle),
00300                    rsbac_list_count(type_ipc_handle),
00301                    rsbac_list_count(type_user_handle),
00302                    rsbac_list_count(type_process_handle),
00303                    rsbac_list_count(type_group_handle),
00304                    rsbac_list_count(type_netdev_handle),
00305                    rsbac_list_count(type_nettemp_handle),
00306                    rsbac_list_count(type_netobj_handle));
00307     pos = begin + len;
00308     if (pos < offset)
00309       {
00310         len = 0;
00311         begin = pos;
00312       }
00313 
00314 out:
00315   *start = buffer + (offset - begin);
00316   len -= (offset - begin);
00317   
00318   if (len > length)
00319     len = length;
00320   return len;
00321 }
00322 
00323 #endif /* CONFIG_PROC_FS && CONFIG_RSBAC_PROC */
00324 
00325 /************************************************* */
00326 /*               Init functions                    */
00327 /************************************************* */
00328 
00329 /* All functions return 0, if no error occurred, and a negative error code  */
00330 /* otherwise. The error codes are defined in rsbac/error.h.                 */
00331 
00332 /************************************************************************** */
00333 /* Initialization of all RC data structures. After this call, all RC data   */
00334 /* is kept in memory for performance reasons, but is written to disk on     */
00335 /* every change.    */
00336 
00337 /* There can be no access to aci data structures before init.               */
00338 
00339 #ifdef CONFIG_RSBAC_INIT_DELAY
00340 static void registration_error(int err, char * listname)
00341 #else
00342 static void __init registration_error(int err, char * listname)
00343 #endif
00344   {
00345     if(err)
00346       {
00347         char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00348 
00349         if(tmp)
00350           {
00351 #ifdef CONFIG_RSBAC_RMSG
00352             rsbac_printk(KERN_WARNING
00353                    "rsbac_init_rc(): Registering RC %s list failed with error %s\n",
00354                    listname,
00355                    get_error_name(tmp, err));
00356 #endif
00357 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00358             if (!rsbac_nosyslog)
00359 #endif
00360             printk(KERN_WARNING
00361                    "rsbac_init_rc(): Registering RC %s list failed with error %s\n",
00362                    listname,
00363                    get_error_name(tmp, err));
00364             rsbac_kfree(tmp);
00365           }
00366       }
00367   }
00368 
00369 #ifdef CONFIG_RSBAC_INIT_DELAY
00370 int rsbac_init_rc(void)
00371 #else
00372 int __init rsbac_init_rc(void)
00373 #endif
00374   {
00375     int  err = 0;
00376     struct proc_dir_entry * tmp_entry_p;
00377     struct rsbac_list_lol_info_t lol_info;
00378     struct rsbac_list_info_t     list_info;
00379     rsbac_rc_rights_vector_t     def_tc = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
00380 
00381     if (rsbac_is_initialized())
00382       {
00383 #ifdef CONFIG_RSBAC_RMSG
00384         rsbac_printk(KERN_WARNING "rsbac_init_rc(): RSBAC already initialized\n");
00385 #endif
00386 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00387         if (!rsbac_nosyslog)
00388 #endif
00389         printk(KERN_WARNING "rsbac_init_rc(): RSBAC already initialized\n");
00390         return(-RSBAC_EREINIT);
00391       }
00392 
00393     /* init data structures */
00394 #ifdef CONFIG_RSBAC_RMSG
00395     rsbac_printk(KERN_INFO "rsbac_init_rc(): Initializing RSBAC: RC subsystem\n");
00396 #endif
00397 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00398     if (!rsbac_nosyslog)
00399 #endif
00400     printk(KERN_INFO "rsbac_init_rc(): Initializing RSBAC: RC subsystem\n");
00401 #ifdef CONFIG_RSBAC_DEBUG
00402     if(rsbac_debug_stack)
00403       {
00404         unsigned long * n = (unsigned long *) (current+1);
00405 
00406         while (!*n)
00407           n++;
00408 #ifdef CONFIG_RSBAC_RMSG
00409         rsbac_printk(KERN_DEBUG "rsbac_init_rc: free stack: %lu\n",
00410                (unsigned long) n - (unsigned long)(current+1));
00411 #endif
00412 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00413         if (!rsbac_nosyslog)
00414 #endif
00415         printk(KERN_DEBUG "rsbac_init_rc: free stack: %lu\n",
00416                (unsigned long) n - (unsigned long)(current+1));
00417       }
00418 #endif
00419 
00420     list_info.version = RSBAC_RC_ROLE_LIST_VERSION;
00421     list_info.key = RSBAC_RC_LIST_KEY;
00422     list_info.desc_size = sizeof(rsbac_rc_role_id_t);
00423     list_info.data_size = sizeof(struct rsbac_rc_role_entry_t);
00424     list_info.max_age = 0;
00425     err = rsbac_list_register(RSBAC_LIST_VERSION,
00426                               &role_handle,
00427                               &list_info,
00428                               #if defined(CONFIG_RSBAC_RC_BACKUP)
00429                               RSBAC_LIST_BACKUP |
00430                               #endif
00431                               RSBAC_LIST_PERSIST,
00432                               rsbac_list_compare_u32,
00433                               role_get_conv,
00434                               NULL,
00435                               RSBAC_RC_ROLE_FILENAME,
00436                               RSBAC_AUTO_DEV);
00437     if(err)
00438       {
00439         registration_error(err, "role");
00440       }
00441 
00442     lol_info.version = RSBAC_RC_ROLE_RC_LIST_VERSION;
00443     lol_info.key = RSBAC_RC_LIST_KEY;
00444     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00445     lol_info.data_size = 0;
00446     lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t);
00447     lol_info.subdata_size = 0;
00448     lol_info.max_age = 0;
00449     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00450                                   &role_rc_handle,
00451                                   &lol_info,
00452                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00453                                   RSBAC_LIST_BACKUP |
00454                                   #endif
00455                                   RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
00456                                   rsbac_list_compare_u32,
00457                                   rsbac_list_compare_u32,
00458                                   NULL,
00459                                   NULL,
00460                                   NULL,
00461                                   NULL,
00462                                   RSBAC_RC_ROLE_RC_FILENAME,
00463                                   RSBAC_AUTO_DEV);
00464     if(err)
00465       {
00466         registration_error(err, "role compatibilities");
00467       }
00468     lol_info.version = RSBAC_RC_ROLE_ADR_LIST_VERSION;
00469     lol_info.key = RSBAC_RC_LIST_KEY;
00470     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00471     lol_info.data_size = 0;
00472     lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t);
00473     lol_info.subdata_size = 0;
00474     lol_info.max_age = 0;
00475     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00476                                   &role_adr_handle,
00477                                   &lol_info,
00478                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00479                                   RSBAC_LIST_BACKUP |
00480                                   #endif
00481                                   RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
00482                                   rsbac_list_compare_u32,
00483                                   rsbac_list_compare_u32,
00484                                   NULL,
00485                                   NULL,
00486                                   NULL,
00487                                   NULL,
00488                                   RSBAC_RC_ROLE_ADR_FILENAME,
00489                                   RSBAC_AUTO_DEV);
00490     if(err)
00491       {
00492         registration_error(err, "admin roles");
00493       }
00494     lol_info.version = RSBAC_RC_ROLE_ASR_LIST_VERSION;
00495     lol_info.key = RSBAC_RC_LIST_KEY;
00496     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00497     lol_info.data_size = 0;
00498     lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t);
00499     lol_info.subdata_size = 0;
00500     lol_info.max_age = 0;
00501     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00502                                   &role_asr_handle,
00503                                   &lol_info,
00504                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00505                                   RSBAC_LIST_BACKUP |
00506                                   #endif
00507                                   RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
00508                                   rsbac_list_compare_u32,
00509                                   rsbac_list_compare_u32,
00510                                   NULL,
00511                                   NULL,
00512                                   NULL,
00513                                   NULL,
00514                                   RSBAC_RC_ROLE_ASR_FILENAME,
00515                                   RSBAC_AUTO_DEV);
00516     if(err)
00517       {
00518         registration_error(err, "assign roles");
00519       }
00520     lol_info.version = RSBAC_RC_ROLE_DFDC_LIST_VERSION;
00521     lol_info.key = RSBAC_RC_LIST_KEY;
00522     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00523     lol_info.data_size = 0;
00524     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00525     lol_info.subdata_size = sizeof(rsbac_rc_type_id_t);
00526     lol_info.max_age = 0;
00527     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00528                                   &role_dfdc_handle,
00529                                   &lol_info,
00530                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00531                                   RSBAC_LIST_BACKUP |
00532                                   #endif
00533                                   RSBAC_LIST_PERSIST |
00534                                   RSBAC_LIST_DEF_DATA,
00535                                   rsbac_list_compare_u32,
00536                                   rsbac_list_compare_u32,
00537                                   NULL,
00538                                   NULL,
00539                                   NULL,
00540                                   NULL,
00541                                   RSBAC_RC_ROLE_DFDC_FILENAME,
00542                                   RSBAC_AUTO_DEV);
00543     if(err)
00544       {
00545         registration_error(err, "Role default FD create types");
00546       }
00547     lol_info.version = RSBAC_RC_ROLE_TCFD_LIST_VERSION;
00548     lol_info.key = RSBAC_RC_LIST_KEY;
00549     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00550     lol_info.data_size = 0;
00551     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00552     lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00553     lol_info.max_age = 0;
00554     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00555                                   &role_tcfd_handle,
00556                                   &lol_info,
00557                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00558                                   RSBAC_LIST_BACKUP |
00559                                   #endif
00560                                   RSBAC_LIST_PERSIST |
00561                                   RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00562                                   rsbac_list_compare_u32,
00563                                   rsbac_list_compare_u32,
00564                                   tcfd_get_conv,
00565                                   tcfd_get_subconv,
00566                                   NULL,
00567                                   &def_tc,
00568                                   RSBAC_RC_ROLE_TCFD_FILENAME,
00569                                   RSBAC_AUTO_DEV);
00570     if(err)
00571       {
00572         registration_error(err, "Role FD type compatibilities");
00573       }
00574     lol_info.version = RSBAC_RC_ROLE_TCDV_LIST_VERSION;
00575     lol_info.key = RSBAC_RC_LIST_KEY;
00576     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00577     lol_info.data_size = 0;
00578     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00579     lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00580     lol_info.max_age = 0;
00581     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00582                                   &role_tcdv_handle,
00583                                   &lol_info,
00584                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00585                                   RSBAC_LIST_BACKUP |
00586                                   #endif
00587                                   RSBAC_LIST_PERSIST |
00588                                   RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00589                                   rsbac_list_compare_u32,
00590                                   rsbac_list_compare_u32,
00591                                   tcfd_get_conv,
00592                                   tcfd_get_subconv,
00593                                   NULL,
00594                                   &def_tc,
00595                                   RSBAC_RC_ROLE_TCDV_FILENAME,
00596                                   RSBAC_AUTO_DEV);
00597     if(err)
00598       {
00599         registration_error(err, "Role DEV type compatibilities");
00600       }
00601     lol_info.version = RSBAC_RC_ROLE_TCUS_LIST_VERSION;
00602     lol_info.key = RSBAC_RC_LIST_KEY;
00603     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00604     lol_info.data_size = 0;
00605     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00606     lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00607     lol_info.max_age = 0;
00608     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00609                                   &role_tcus_handle,
00610                                   &lol_info,
00611                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00612                                   RSBAC_LIST_BACKUP |
00613                                   #endif
00614                                   RSBAC_LIST_PERSIST |
00615                                   RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00616                                   rsbac_list_compare_u32,
00617                                   rsbac_list_compare_u32,
00618                                   tcfd_get_conv,
00619                                   tcfd_get_subconv,
00620                                   NULL,
00621                                   &def_tc,
00622                                   RSBAC_RC_ROLE_TCUS_FILENAME,
00623                                   RSBAC_AUTO_DEV);
00624     if(err)
00625       {
00626         registration_error(err, "Role User type compatibilities");
00627       }
00628     lol_info.version = RSBAC_RC_ROLE_TCPR_LIST_VERSION;
00629     lol_info.key = RSBAC_RC_LIST_KEY;
00630     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00631     lol_info.data_size = 0;
00632     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00633     lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00634     lol_info.max_age = 0;
00635     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00636                                   &role_tcpr_handle,
00637                                   &lol_info,
00638                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00639                                   RSBAC_LIST_BACKUP |
00640                                   #endif
00641                                   RSBAC_LIST_PERSIST |
00642                                   RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00643                                   rsbac_list_compare_u32,
00644                                   rsbac_list_compare_u32,
00645                                   tcfd_get_conv,
00646                                   tcfd_get_subconv,
00647                                   NULL,
00648                                   &def_tc,
00649                                   RSBAC_RC_ROLE_TCPR_FILENAME,
00650                                   RSBAC_AUTO_DEV);
00651     if(err)
00652       {
00653         registration_error(err, "Role Process type compatibilities");
00654       }
00655     lol_info.version = RSBAC_RC_ROLE_TCIP_LIST_VERSION;
00656     lol_info.key = RSBAC_RC_LIST_KEY;
00657     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00658     lol_info.data_size = 0;
00659     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00660     lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00661     lol_info.max_age = 0;
00662     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00663                                   &role_tcip_handle,
00664                                   &lol_info,
00665                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00666                                   RSBAC_LIST_BACKUP |
00667                                   #endif
00668                                   RSBAC_LIST_PERSIST |
00669                                   RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00670                                   rsbac_list_compare_u32,
00671                                   rsbac_list_compare_u32,
00672                                   tcfd_get_conv,
00673                                   tcfd_get_subconv,
00674                                   NULL,
00675                                   &def_tc,
00676                                   RSBAC_RC_ROLE_TCIP_FILENAME,
00677                                   RSBAC_AUTO_DEV);
00678     if(err)
00679       {
00680         registration_error(err, "Role IPC type compatibilities");
00681       }
00682     lol_info.version = RSBAC_RC_ROLE_TCSC_LIST_VERSION;
00683     lol_info.key = RSBAC_RC_LIST_KEY;
00684     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00685     lol_info.data_size = 0;
00686     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00687     lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00688     lol_info.max_age = 0;
00689     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00690                                   &role_tcsc_handle,
00691                                   &lol_info,
00692                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00693                                   RSBAC_LIST_BACKUP |
00694                                   #endif
00695                                   RSBAC_LIST_PERSIST |
00696                                   RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00697                                   rsbac_list_compare_u32,
00698                                   rsbac_list_compare_u32,
00699                                   tcfd_get_conv,
00700                                   tcfd_get_subconv,
00701                                   NULL,
00702                                   &def_tc,
00703                                   RSBAC_RC_ROLE_TCSC_FILENAME,
00704                                   RSBAC_AUTO_DEV);
00705     if(err)
00706       {
00707         registration_error(err, "Role SCD type compatibilities");
00708       }
00709     lol_info.version = RSBAC_RC_ROLE_TCGR_LIST_VERSION;
00710     lol_info.key = RSBAC_RC_LIST_KEY;
00711     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00712     lol_info.data_size = 0;
00713     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00714     lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00715     lol_info.max_age = 0;
00716     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00717                                   &role_tcgr_handle,
00718                                   &lol_info,
00719                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00720                                   RSBAC_LIST_BACKUP |
00721                                   #endif
00722                                   RSBAC_LIST_PERSIST |
00723                                   RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00724                                   rsbac_list_compare_u32,
00725                                   rsbac_list_compare_u32,
00726                                   tcfd_get_conv,
00727                                   tcfd_get_subconv,
00728                                   NULL,
00729                                   &def_tc,
00730                                   RSBAC_RC_ROLE_TCGR_FILENAME,
00731                                   RSBAC_AUTO_DEV);
00732     if(err)
00733       {
00734         registration_error(err, "Role Group type compatibilities");
00735       }
00736     lol_info.version = RSBAC_RC_ROLE_TCND_LIST_VERSION;
00737     lol_info.key = RSBAC_RC_LIST_KEY;
00738     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00739     lol_info.data_size = 0;
00740     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00741     lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00742     lol_info.max_age = 0;
00743     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00744                                   &role_tcnd_handle,
00745                                   &lol_info,
00746                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00747                                   RSBAC_LIST_BACKUP |
00748                                   #endif
00749                                   RSBAC_LIST_PERSIST |
00750                                   RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00751                                   rsbac_list_compare_u32,
00752                                   rsbac_list_compare_u32,
00753                                   tcfd_get_conv,
00754                                   tcfd_get_subconv,
00755                                   NULL,
00756                                   &def_tc,
00757                                   RSBAC_RC_ROLE_TCND_FILENAME,
00758                                   RSBAC_AUTO_DEV);
00759     if(err)
00760       {
00761         registration_error(err, "Role NETDEV type compatibilities");
00762       }
00763     lol_info.version = RSBAC_RC_ROLE_TCNT_LIST_VERSION;
00764     lol_info.key = RSBAC_RC_LIST_KEY;
00765     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00766     lol_info.data_size = 0;
00767     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00768     lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00769     lol_info.max_age = 0;
00770     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00771                                   &role_tcnt_handle,
00772                                   &lol_info,
00773                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00774                                   RSBAC_LIST_BACKUP |
00775                                   #endif
00776                                   RSBAC_LIST_PERSIST |
00777                                   RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00778                                   rsbac_list_compare_u32,
00779                                   rsbac_list_compare_u32,
00780                                   tcfd_get_conv,
00781                                   tcfd_get_subconv,
00782                                   NULL,
00783                                   &def_tc,
00784                                   RSBAC_RC_ROLE_TCNT_FILENAME,
00785                                   RSBAC_AUTO_DEV);
00786     if(err)
00787       {
00788         registration_error(err, "Role NETTEMP type compatibilities");
00789       }
00790     lol_info.version = RSBAC_RC_ROLE_TCNO_LIST_VERSION;
00791     lol_info.key = RSBAC_RC_LIST_KEY;
00792     lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00793     lol_info.data_size = 0;
00794     lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00795     lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00796     lol_info.max_age = 0;
00797     err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00798                                   &role_tcno_handle,
00799                                   &lol_info,
00800                                   #if defined(CONFIG_RSBAC_RC_BACKUP)
00801                                   RSBAC_LIST_BACKUP |
00802                                   #endif
00803                                   RSBAC_LIST_PERSIST |
00804                                   RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00805                                   rsbac_list_compare_u32,
00806                                   rsbac_list_compare_u32,
00807                                   tcfd_get_conv,
00808                                   tcfd_get_subconv,
00809                                   NULL,
00810                                   &def_tc,
00811                                   RSBAC_RC_ROLE_TCNO_FILENAME,
00812                                   RSBAC_AUTO_DEV);
00813     if(err)
00814       {
00815         registration_error(err, "Role NETOBJ type compatibilities");
00816       }
00817 
00818     /* Create default role settings, if none there */
00819     if(!rsbac_no_defaults && !rsbac_list_count(role_handle))
00820       {
00821         rsbac_rc_role_id_t role;
00822         rsbac_rc_type_id_t type;
00823         rsbac_rc_rights_vector_t rights;
00824         struct rsbac_rc_role_entry_t gen_entry = RSBAC_RC_GENERAL_ROLE_ENTRY;
00825         struct rsbac_rc_role_entry_t ra_entry = RSBAC_RC_ROLE_ADMIN_ROLE_ENTRY;
00826         struct rsbac_rc_role_entry_t sa_entry = RSBAC_RC_SYSTEM_ADMIN_ROLE_ENTRY;
00827         struct rsbac_rc_role_entry_t au_entry = RSBAC_RC_AUDITOR_ROLE_ENTRY;
00828         struct rsbac_rc_role_entry_t bo_entry = RSBAC_RC_BOOT_ROLE_ENTRY;
00829         char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00830 
00831         if(tmp)
00832           {
00833 #ifdef CONFIG_RSBAC_RMSG
00834             rsbac_printk(KERN_WARNING
00835                    "rsbac_init_rc(): no RC roles read, generating default role entries!\n");
00836 #endif
00837 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00838             if (!rsbac_nosyslog)
00839 #endif
00840             printk(KERN_WARNING
00841                    "rsbac_init_rc(): no RC roles read, generating default role entries!\n");
00842             rsbac_kfree(tmp);
00843           }
00844 
00845         role = RSBAC_RC_GENERAL_ROLE;
00846         if(!rsbac_list_add(role_handle, &role, &gen_entry))
00847           {
00848             if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL))
00849               {
00850                 type = RSBAC_RC_GENERAL_TYPE;
00851                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_EXECUTE_REQUEST_VECTOR)
00852                           & RSBAC_FD_REQUEST_VECTOR;
00853                 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
00854               }
00855             if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL))
00856               {
00857                 type = RSBAC_RC_GENERAL_TYPE;
00858                 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_DEV_REQUEST_VECTOR;
00859                 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
00860               }
00861             if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL))
00862               {
00863                 type = RSBAC_RC_GENERAL_TYPE;
00864                 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
00865                 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
00866               }
00867             if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL))
00868               {
00869                 type = RSBAC_RC_GENERAL_TYPE;
00870                 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_PROCESS_REQUEST_VECTOR;
00871                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
00872                 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
00873                 rights = RSBAC_READ_REQUEST_VECTOR & RSBAC_PROCESS_REQUEST_VECTOR;
00874                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
00875               }
00876             if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL))
00877               {
00878                 type = RSBAC_RC_GENERAL_TYPE;
00879                 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_IPC_REQUEST_VECTOR;
00880                 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
00881               }
00882             if(!rsbac_list_lol_add(role_tcgr_handle, &role, NULL))
00883               {
00884                 type = RSBAC_RC_GENERAL_TYPE;
00885                 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
00886                 rsbac_list_lol_subadd(role_tcgr_handle, &role, &type, &rights);
00887               }
00888             if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL))
00889               {
00890                 type = RSBAC_RC_GENERAL_TYPE;
00891                 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETDEV_REQUEST_VECTOR;
00892                 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
00893               }
00894             if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL))
00895               {
00896                 type = RSBAC_RC_GENERAL_TYPE;
00897                 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETOBJ_REQUEST_VECTOR;
00898                 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights);
00899               }
00900             if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL))
00901               {
00902                 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00903                 type = ST_ioports;
00904                 rights = RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA);
00905                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00906                 #endif
00907                 type = ST_rlimit;
00908                 rights =   RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
00909                          | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA);
00910                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00911                 type = ST_other;
00912                 rights = RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC);
00913                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00914                 type = ST_network;
00915                 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA);
00916                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00917               }
00918           }
00919         role = RSBAC_RC_ROLE_ADMIN_ROLE;
00920         if(!rsbac_list_add(role_handle, &role, &ra_entry))
00921           {
00922             if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL))
00923               {
00924                 type = RSBAC_RC_GENERAL_TYPE;
00925                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR
00926                           | RSBAC_EXECUTE_REQUEST_VECTOR
00927                           | RSBAC_SECURITY_REQUEST_VECTOR)
00928                          & RSBAC_FD_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00929                 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
00930                 type = RSBAC_RC_SEC_TYPE;
00931                 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
00932                 type = RSBAC_RC_SYS_TYPE;
00933                 rights = (RSBAC_READ_REQUEST_VECTOR & RSBAC_FD_REQUEST_VECTOR)
00934                           | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00935                 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
00936               }
00937             if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL))
00938               {
00939                 type = RSBAC_RC_GENERAL_TYPE;
00940                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00941                  & RSBAC_DEV_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00942                 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
00943                 type = RSBAC_RC_SEC_TYPE;
00944                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00945                  & RSBAC_DEV_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00946                 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
00947               }
00948             if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL))
00949               {
00950                 type = RSBAC_RC_GENERAL_TYPE;
00951                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00952                  & RSBAC_USER_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00953                 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
00954                 type = RSBAC_RC_SYS_TYPE;
00955                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00956                  & RSBAC_USER_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00957                 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
00958                 type = RSBAC_RC_SEC_TYPE;
00959                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00960                  & RSBAC_USER_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00961                 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
00962               }
00963             if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL))
00964               {
00965                 type = RSBAC_RC_GENERAL_TYPE;
00966                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00967                  & RSBAC_PROCESS_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00968                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
00969                 type = RSBAC_RC_SEC_TYPE;
00970                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00971                  & RSBAC_PROCESS_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00972                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
00973                 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
00974                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00975                  & RSBAC_PROCESS_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00976                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
00977               }
00978             if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL))
00979               {
00980                 type = RSBAC_RC_GENERAL_TYPE;
00981                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00982                  & RSBAC_IPC_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00983                 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
00984                 type = RSBAC_RC_SEC_TYPE;
00985                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00986                  & RSBAC_IPC_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00987                 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
00988               }
00989             if(!rsbac_list_lol_add(role_tcgr_handle, &role, NULL))
00990               {
00991                 type = RSBAC_RC_GENERAL_TYPE;
00992                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00993                  & RSBAC_GROUP_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00994                 rsbac_list_lol_subadd(role_tcgr_handle, &role, &type, &rights);
00995               }
00996             if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL))
00997               {
00998                 type = RSBAC_RC_GENERAL_TYPE;
00999                 rights = ((RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA) | RSBAC_SECURITY_REQUEST_VECTOR)
01000                  & RSBAC_NETDEV_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01001                 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
01002                 type = RSBAC_RC_SEC_TYPE;
01003                 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
01004                 type = RSBAC_RC_SYS_TYPE;
01005                 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
01006               }
01007             if(!rsbac_list_lol_add(role_tcnt_handle, &role, NULL))
01008               {
01009                 type = RSBAC_RC_GENERAL_TYPE;
01010                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
01011                  & RSBAC_NETTEMP_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01012                 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights);
01013                 type = RSBAC_RC_SEC_TYPE;
01014                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
01015                  & RSBAC_NETTEMP_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01016                 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights);
01017               }
01018             if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL))
01019               {
01020                 type = RSBAC_RC_GENERAL_TYPE;
01021                 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
01022                  & RSBAC_NETOBJ_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01023                 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights);
01024               }
01025             if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL))
01026               {
01027                 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
01028                 type = ST_ioports;
01029                 rights = RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA)
01030                  | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01031                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01032                 #endif
01033                 type = ST_rlimit;
01034                 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01035                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01036                 type = ST_rsbac;
01037                 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01038                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01039                 type = ST_rsbaclog;
01040                 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01041                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01042                 type = ST_other;
01043                 rights =  RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC)
01044                         | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA)
01045                         | RSBAC_RC_RIGHTS_VECTOR(R_SWITCH_LOG)
01046                         | RSBAC_RC_RIGHTS_VECTOR(R_SWITCH_MODULE)
01047                         | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01048                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01049                 type = ST_network;
01050                 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
01051                           | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01052                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01053                 type = ST_firewall;
01054                 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
01055                           | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01056                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01057                 type = RST_auth_administration;
01058                 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01059                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01060                 type = ST_sysfs;
01061                 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
01062                           | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01063                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01064               }
01065           }
01066         role = RSBAC_RC_SYSTEM_ADMIN_ROLE;
01067         if(!rsbac_list_add(role_handle, &role, &sa_entry))
01068           {
01069             if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL))
01070               {
01071                 type = RSBAC_RC_GENERAL_TYPE;
01072                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR
01073                           | RSBAC_EXECUTE_REQUEST_VECTOR
01074                           | RSBAC_SYSTEM_REQUEST_VECTOR)
01075                          & RSBAC_FD_REQUEST_VECTOR;
01076                 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
01077                 type = RSBAC_RC_SYS_TYPE;
01078                 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
01079               }
01080             if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL))
01081               {
01082                 type = RSBAC_RC_GENERAL_TYPE;
01083                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR;
01084                 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
01085                 type = RSBAC_RC_SYS_TYPE;
01086                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR;
01087                 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
01088               }
01089             if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL))
01090               {
01091                 type = RSBAC_RC_GENERAL_TYPE;
01092                 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
01093                 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
01094                 type = RSBAC_RC_SYS_TYPE;
01095                 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
01096                 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
01097               }
01098             if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL))
01099               {
01100                 type = RSBAC_RC_GENERAL_TYPE;
01101                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01102                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01103                 type = RSBAC_RC_SYS_TYPE;
01104                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01105                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01106                 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
01107                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01108                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01109               }
01110             if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL))
01111               {
01112                 type = RSBAC_RC_GENERAL_TYPE;
01113                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR;
01114                 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
01115                 type = RSBAC_RC_SYS_TYPE;
01116                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR;
01117                 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
01118               }
01119             if(!rsbac_list_lol_add(role_tcgr_handle, &role, NULL))
01120               {
01121                 type = RSBAC_RC_GENERAL_TYPE;
01122                 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
01123                 rsbac_list_lol_subadd(role_tcgr_handle, &role, &type, &rights);
01124               }
01125             if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL))
01126               {
01127                 type = RSBAC_RC_GENERAL_TYPE;
01128                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETDEV_REQUEST_VECTOR;
01129                 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
01130               }
01131             if(!rsbac_list_lol_add(role_tcnt_handle, &role, NULL))
01132               {
01133                 type = RSBAC_RC_GENERAL_TYPE;
01134                 rights = (RSBAC_READ_REQUEST_VECTOR) & RSBAC_NETTEMP_REQUEST_VECTOR;
01135                 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights);
01136               }
01137             if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL))
01138               {
01139                 type = RSBAC_RC_GENERAL_TYPE;
01140                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETOBJ_REQUEST_VECTOR;
01141                 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights);
01142               }
01143             if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL))
01144               {
01145                 rights = RSBAC_SCD_REQUEST_VECTOR
01146                          & (RSBAC_SYSTEM_REQUEST_VECTOR | RSBAC_READ_WRITE_REQUEST_VECTOR );
01147                 for(type = ST_time_strucs; type <= ST_rsbac; type++)
01148                   {
01149                     rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01150                   }
01151                 for(type = ST_network; type < ST_none; type++)
01152                   {
01153                     rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01154                   }
01155                 type = ST_other;
01156                 rights =   RSBAC_RC_RIGHTS_VECTOR(R_ADD_TO_KERNEL)
01157                          | RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC)
01158                          | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA)
01159                          | RSBAC_RC_RIGHTS_VECTOR(R_MOUNT)
01160                          | RSBAC_RC_RIGHTS_VECTOR(R_REMOVE_FROM_KERNEL)
01161                          | RSBAC_RC_RIGHTS_VECTOR(R_UMOUNT)
01162                          | RSBAC_RC_RIGHTS_VECTOR(R_SHUTDOWN);
01163                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01164               }
01165           }
01166         role = RSBAC_RC_AUDITOR_ROLE;
01167         if(!rsbac_list_add(role_handle, &role, &au_entry))
01168           {
01169             if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL))
01170               {
01171                 type = RSBAC_RC_GENERAL_TYPE;
01172                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_EXECUTE_REQUEST_VECTOR)
01173                           & RSBAC_FD_REQUEST_VECTOR;
01174                 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
01175               }
01176             if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL))
01177               {
01178                 type = RSBAC_RC_GENERAL_TYPE;
01179                 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_DEV_REQUEST_VECTOR;
01180                 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
01181               }
01182             if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL))
01183               {
01184                 type = RSBAC_RC_GENERAL_TYPE;
01185                 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
01186                 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
01187               }
01188             if(!rsbac_list_lol_add(role_tcgr_handle, &role, NULL))
01189               {
01190                 type = RSBAC_RC_GENERAL_TYPE;
01191                 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
01192                 rsbac_list_lol_subadd(role_tcgr_handle, &role, &type, &rights);
01193               }
01194             if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL))
01195               {
01196                 type = RSBAC_RC_GENERAL_TYPE;
01197                 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_PROCESS_REQUEST_VECTOR;
01198                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01199               }
01200             if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL))
01201               {
01202                 type = RSBAC_RC_GENERAL_TYPE;
01203                 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_IPC_REQUEST_VECTOR;
01204                 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
01205               }
01206             if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL))
01207               {
01208                 type = RSBAC_RC_GENERAL_TYPE;
01209                 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETDEV_REQUEST_VECTOR;
01210                 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
01211               }
01212             if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL))
01213               {
01214                 type = RSBAC_RC_GENERAL_TYPE;
01215                 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETOBJ_REQUEST_VECTOR;
01216                 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights);
01217               }
01218             if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL))
01219               {
01220                 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
01221                 type = ST_ioports;
01222                 rights = RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA);
01223                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01224                 #endif
01225                 type = ST_rlimit;
01226                 rights =   RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
01227                          | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA);
01228                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01229                 type = ST_rsbaclog;
01230                 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
01231                           | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA);
01232                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01233                 type = ST_other;
01234                 rights = RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC);
01235                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01236                 type = ST_network;
01237                 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA);
01238                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01239               }
01240           }
01241         role = RSBAC_RC_BOOT_ROLE;
01242         if(!rsbac_list_add(role_handle, &role, &bo_entry))
01243           {
01244             if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL))
01245               {
01246                 type = RSBAC_RC_GENERAL_TYPE;
01247                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR
01248                           | RSBAC_EXECUTE_REQUEST_VECTOR
01249                           | RSBAC_SYSTEM_REQUEST_VECTOR)
01250                          & RSBAC_FD_REQUEST_VECTOR;
01251                 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
01252                 type = RSBAC_RC_SYS_TYPE;
01253                 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
01254               }
01255             if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL))
01256               {
01257                 type = RSBAC_RC_GENERAL_TYPE;
01258                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR;
01259                 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
01260                 type = RSBAC_RC_SYS_TYPE;
01261                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR;
01262                 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
01263               }
01264             if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL))
01265               {
01266                 type = RSBAC_RC_GENERAL_TYPE;
01267                 rights = (RSBAC_READ_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_USER_REQUEST_VECTOR;
01268                 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
01269                 type = RSBAC_RC_SYS_TYPE;
01270                 rights = (RSBAC_READ_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_USER_REQUEST_VECTOR;
01271                 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
01272               }
01273             if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL))
01274               {
01275                 type = RSBAC_RC_GENERAL_TYPE;
01276                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01277                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01278                 type = RSBAC_RC_SYS_TYPE;
01279                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01280                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01281                 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
01282                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01283                 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01284               }
01285             if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL))
01286               {
01287                 type = RSBAC_RC_GENERAL_TYPE;
01288                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR;
01289                 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
01290                 type = RSBAC_RC_SYS_TYPE;
01291                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR;
01292                 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
01293               }
01294             if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL))
01295               {
01296                 type = RSBAC_RC_GENERAL_TYPE;
01297                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETDEV_REQUEST_VECTOR;
01298                 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
01299               }
01300             if(!rsbac_list_lol_add(role_tcnt_handle, &role, NULL))
01301               {
01302                 type = RSBAC_RC_GENERAL_TYPE;
01303                 rights = (RSBAC_READ_REQUEST_VECTOR) & RSBAC_NETTEMP_REQUEST_VECTOR;
01304                 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights);
01305               }
01306             if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL))
01307               {
01308                 type = RSBAC_RC_GENERAL_TYPE;
01309                 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETOBJ_REQUEST_VECTOR;
01310                 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights);
01311               }
01312             if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL))
01313               {
01314                 rights = RSBAC_SCD_REQUEST_VECTOR
01315                          & (RSBAC_SYSTEM_REQUEST_VECTOR | RSBAC_READ_WRITE_REQUEST_VECTOR );
01316                 for(type = ST_time_strucs; type <= ST_rsbac; type++)
01317                   {
01318                     rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01319                   }
01320                 for(type = ST_network; type < ST_none; type++)
01321                   {
01322                     rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01323                   }
01324                 type = ST_other;
01325                 rights =   RSBAC_RC_RIGHTS_VECTOR(R_ADD_TO_KERNEL)
01326                          | RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC)
01327                          | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA)
01328                          | RSBAC_RC_RIGHTS_VECTOR(R_MOUNT)
01329                          | RSBAC_RC_RIGHTS_VECTOR(R_REMOVE_FROM_KERNEL)
01330                          | RSBAC_RC_RIGHTS_VECTOR(R_UMOUNT)
01331                          | RSBAC_RC_RIGHTS_VECTOR(R_SHUTDOWN);
01332                 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01333               }
01334           }
01335       }
01336 
01337     list_info.version = RSBAC_RC_TYPE_FD_LIST_VERSION;
01338     list_info.key = RSBAC_RC_LIST_KEY;
01339     list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01340     list_info.data_size = sizeof(struct rsbac_rc_type_fd_entry_t);
01341     list_info.max_age = 0;
01342     err = rsbac_list_register(RSBAC_LIST_VERSION,
01343                               &type_fd_handle,
01344                               &list_info,
01345                               #if defined(CONFIG_RSBAC_RC_BACKUP)
01346                               RSBAC_LIST_BACKUP |
01347                               #endif
01348                               RSBAC_LIST_PERSIST,
01349                               rsbac_list_compare_u32,
01350                               NULL,
01351                               NULL,
01352                               RSBAC_RC_TYPE_FD_FILENAME,
01353                               RSBAC_AUTO_DEV);
01354     if(err)
01355       {
01356         registration_error(err, "type FD");
01357       }
01358     if(!rsbac_no_defaults && !rsbac_list_count(type_fd_handle))
01359       {
01360         rsbac_rc_type_id_t type;
01361         struct rsbac_rc_type_fd_entry_t entry;
01362 
01363         type = RSBAC_RC_GENERAL_TYPE;
01364         strcpy(entry.name, "General FD");
01365         entry.need_secdel = 0;
01366         rsbac_list_add(type_fd_handle, &type, &entry);
01367         type = RSBAC_RC_SEC_TYPE;
01368         strcpy(entry.name, "Security FD");
01369         entry.need_secdel = 0;
01370         rsbac_list_add(type_fd_handle, &type, &entry);
01371         type = RSBAC_RC_SYS_TYPE;
01372         strcpy(entry.name, "System FD");
01373         entry.need_secdel = 0;
01374         rsbac_list_add(type_fd_handle, &type, &entry);
01375       }
01376     list_info.version = RSBAC_RC_TYPE_DEV_LIST_VERSION;
01377     list_info.key = RSBAC_RC_LIST_KEY;
01378     list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01379     list_info.data_size = RSBAC_RC_NAME_LEN;
01380     list_info.max_age = 0;
01381     err = rsbac_list_register(RSBAC_LIST_VERSION,
01382                               &type_dev_handle,
01383                               &list_info,
01384                               #if defined(CONFIG_RSBAC_RC_BACKUP)
01385                               RSBAC_LIST_BACKUP |
01386                               #endif
01387                               RSBAC_LIST_PERSIST,
01388                               rsbac_list_compare_u32,
01389                               NULL,
01390                               NULL,
01391                               RSBAC_RC_TYPE_DEV_FILENAME,
01392                               RSBAC_AUTO_DEV);
01393     if(err)
01394       {
01395         registration_error(err, "type DEV");
01396       }
01397     if(!rsbac_no_defaults && !rsbac_list_count(type_dev_handle))
01398       {
01399         rsbac_rc_type_id_t type;
01400         char name[RSBAC_RC_NAME_LEN];
01401 
01402         type = RSBAC_RC_GENERAL_TYPE;
01403         strcpy(name, "General Device");
01404         rsbac_list_add(type_dev_handle, &type, name);
01405         type = RSBAC_RC_SEC_TYPE;
01406         strcpy(name, "Security Device");
01407         rsbac_list_add(type_dev_handle, &type, name);
01408         type = RSBAC_RC_SYS_TYPE;
01409         strcpy(name, "System Device");
01410         rsbac_list_add(type_dev_handle, &type, &name);
01411       }
01412     list_info.version = RSBAC_RC_TYPE_IPC_LIST_VERSION;
01413     list_info.key = RSBAC_RC_LIST_KEY;
01414     list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01415     list_info.data_size = RSBAC_RC_NAME_LEN;
01416     list_info.max_age = 0;
01417     err = rsbac_list_register(RSBAC_LIST_VERSION,
01418                               &type_ipc_handle,
01419                               &list_info,
01420                               #if defined(CONFIG_RSBAC_RC_BACKUP)
01421                               RSBAC_LIST_BACKUP |
01422                               #endif
01423                               RSBAC_LIST_PERSIST,
01424                               rsbac_list_compare_u32,
01425                               NULL,
01426                               NULL,
01427                               RSBAC_RC_TYPE_IPC_FILENAME,
01428                               RSBAC_AUTO_DEV);
01429     if(err)
01430       {
01431         registration_error(err, "type IPC");
01432       }
01433     if(!rsbac_no_defaults && !rsbac_list_count(type_ipc_handle))
01434       {
01435         rsbac_rc_type_id_t type;
01436         char name[RSBAC_RC_NAME_LEN];
01437 
01438         type = RSBAC_RC_GENERAL_TYPE;
01439         strcpy(name, "General IPC");
01440         rsbac_list_add(type_ipc_handle, &type, name);
01441         type = RSBAC_RC_SEC_TYPE;
01442         strcpy(name, "Security IPC");
01443         rsbac_list_add(type_ipc_handle, &type, name);
01444         type = RSBAC_RC_SYS_TYPE;
01445         strcpy(name, "System IPC");
01446         rsbac_list_add(type_ipc_handle, &type, &name);
01447       }
01448     list_info.version = RSBAC_RC_TYPE_USER_LIST_VERSION;
01449     list_info.key = RSBAC_RC_LIST_KEY;
01450     list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01451     list_info.data_size = RSBAC_RC_NAME_LEN;
01452     list_info.max_age = 0;
01453     err = rsbac_list_register(RSBAC_LIST_VERSION,
01454                               &type_user_handle,
01455                               &list_info,
01456                               #if defined(CONFIG_RSBAC_RC_BACKUP)
01457                               RSBAC_LIST_BACKUP |
01458                               #endif
01459                               RSBAC_LIST_PERSIST,
01460                               rsbac_list_compare_u32,
01461                               NULL,
01462                               NULL,
01463                               RSBAC_RC_TYPE_USER_FILENAME,
01464                               RSBAC_AUTO_DEV);
01465     if(err)
01466       {
01467         registration_error(err, "type USER");
01468       }
01469     if(!rsbac_no_defaults && !rsbac_list_count(type_user_handle))
01470       {
01471         rsbac_rc_type_id_t type;
01472         char name[RSBAC_RC_NAME_LEN];
01473 
01474         type = RSBAC_RC_GENERAL_TYPE;
01475         strcpy(name, "General User");
01476         rsbac_list_add(type_user_handle, &type, name);
01477         type = RSBAC_RC_SEC_TYPE;
01478         strcpy(name, "Security User");
01479         rsbac_list_add(type_user_handle, &type, name);
01480         type = RSBAC_RC_SYS_TYPE;
01481         strcpy(name, "System User");
01482         rsbac_list_add(type_user_handle, &type, &name);
01483       }
01484     list_info.version = RSBAC_RC_TYPE_PROCESS_LIST_VERSION;
01485     list_info.key = RSBAC_RC_LIST_KEY;
01486     list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01487     list_info.data_size = RSBAC_RC_NAME_LEN;
01488     list_info.max_age = 0;
01489     err = rsbac_list_register(RSBAC_LIST_VERSION,
01490                               &type_process_handle,
01491                               &list_info,
01492                               #if defined(CONFIG_RSBAC_RC_BACKUP)
01493                               RSBAC_LIST_BACKUP |
01494                               #endif
01495                               RSBAC_LIST_PERSIST,
01496                               rsbac_list_compare_u32,
01497                               NULL,
01498                               NULL,
01499                               RSBAC_RC_TYPE_PROCESS_FILENAME,
01500                               RSBAC_AUTO_DEV);
01501     if(err)
01502       {
01503         registration_error(err, "type PROCESS");
01504       }
01505     if(!rsbac_no_defaults && !rsbac_list_count(type_process_handle))
01506       {
01507         rsbac_rc_type_id_t type;
01508         char name[RSBAC_RC_NAME_LEN];
01509 
01510         type = RSBAC_RC_GENERAL_TYPE;
01511         strcpy(name, "General Process");
01512         rsbac_list_add(type_process_handle, &type, name);
01513         type = RSBAC_RC_SEC_TYPE;
01514         strcpy(name, "Security Proc");
01515         rsbac_list_add(type_process_handle, &type, name);
01516         type = RSBAC_RC_SYS_TYPE;
01517         strcpy(name, "System Process");
01518         rsbac_list_add(type_process_handle, &type, &name);
01519       }
01520     if(!rsbac_no_defaults)
01521       {
01522         rsbac_rc_type_id_t type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
01523 
01524         if(!rsbac_list_exist(type_process_handle, &type))
01525           {
01526             char name[RSBAC_RC_NAME_LEN];
01527             rsbac_rc_role_id_t * role_array;
01528             u_long count;
01529             rsbac_rc_rights_vector_t rights;
01530 
01531             strcpy(name, "Kernel Process");
01532             rsbac_list_add(type_process_handle, &type, &name);
01533 
01534             /* Set type compatibilities for the new type for all roles */
01535             rights =   RSBAC_READ_WRITE_REQUEST_VECTOR
01536                      & RSBAC_PROCESS_REQUEST_VECTOR;
01537 
01538             count = rsbac_list_lol_get_all_desc(role_tcpr_handle, (void **) &role_array);
01539             if(count > 0)
01540               {
01541                 u_int i;
01542 
01543                 for(i=0; i < count; i++)
01544                   {
01545                     if(!rsbac_list_lol_subexist(role_tcpr_handle, &role_array[i], &type))
01546                       rsbac_list_lol_subadd(role_tcpr_handle, &role_array[i], &type, &rights);
01547                   }
01548                 rsbac_vfree(role_array);
01549               }
01550           }
01551       }
01552     list_info.version = RSBAC_RC_TYPE_GROUP_LIST_VERSION;
01553     list_info.key = RSBAC_RC_LIST_KEY;
01554     list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01555     list_info.data_size = RSBAC_RC_NAME_LEN;
01556     list_info.max_age = 0;
01557     err = rsbac_list_register(RSBAC_LIST_VERSION,
01558                               &type_group_handle,
01559                               &list_info,
01560                               #if defined(CONFIG_RSBAC_RC_BACKUP)
01561                               RSBAC_LIST_BACKUP |
01562                               #endif
01563                               RSBAC_LIST_PERSIST,
01564                               rsbac_list_compare_u32,
01565                               NULL,
01566                               NULL,
01567                               RSBAC_RC_TYPE_GROUP_FILENAME,
01568                               RSBAC_AUTO_DEV);
01569     if(err)
01570       {
01571         registration_error(err, "type GROUP");
01572       }
01573     if(!rsbac_no_defaults && !rsbac_list_count(type_group_handle))
01574       {
01575         rsbac_rc_type_id_t type;
01576         char name[RSBAC_RC_NAME_LEN];
01577 
01578         type = RSBAC_RC_GENERAL_TYPE;
01579         strcpy(name, "General Group");
01580         rsbac_list_add(type_group_handle, &type, name);
01581       }
01582     list_info.version = RSBAC_RC_TYPE_NETDEV_LIST_VERSION;
01583     list_info.key = RSBAC_RC_LIST_KEY;
01584     list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01585     list_info.data_size = RSBAC_RC_NAME_LEN;
01586     list_info.max_age = 0;
01587     err = rsbac_list_register(RSBAC_LIST_VERSION,
01588                               &type_netdev_handle,
01589                               &list_info,
01590                               #if defined(CONFIG_RSBAC_RC_BACKUP)
01591                               RSBAC_LIST_BACKUP |
01592                               #endif
01593                               RSBAC_LIST_PERSIST,
01594                               rsbac_list_compare_u32,
01595                               NULL,
01596                               NULL,
01597                               RSBAC_RC_TYPE_NETDEV_FILENAME,
01598                               RSBAC_AUTO_DEV);
01599     if(err)
01600       {
01601         registration_error(err, "type NETDEV");
01602       }
01603     if(!rsbac_no_defaults && !rsbac_list_count(type_netdev_handle))
01604       {
01605         rsbac_rc_type_id_t type;
01606         char name[RSBAC_RC_NAME_LEN];
01607 
01608         type = RSBAC_RC_GENERAL_TYPE;
01609         strcpy(name, "General NETDEV");
01610         rsbac_list_add(type_netdev_handle, &type, name);
01611         type = RSBAC_RC_SEC_TYPE;
01612         strcpy(name, "Security NETDEV");
01613         rsbac_list_add(type_netdev_handle, &type, name);
01614         type = RSBAC_RC_SYS_TYPE;
01615         strcpy(name, "System NETDEV");
01616         rsbac_list_add(type_netdev_handle, &type, &name);
01617       }
01618     list_info.version = RSBAC_RC_TYPE_NETTEMP_LIST_VERSION;
01619     list_info.key = RSBAC_RC_LIST_KEY;
01620     list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01621     list_info.data_size = RSBAC_RC_NAME_LEN;
01622     list_info.max_age = 0;
01623     err = rsbac_list_register(RSBAC_LIST_VERSION,
01624                               &type_nettemp_handle,
01625                               &list_info,
01626                               #if defined(CONFIG_RSBAC_RC_BACKUP)
01627                               RSBAC_LIST_BACKUP |
01628                               #endif
01629                               RSBAC_LIST_PERSIST,
01630                               rsbac_list_compare_u32,
01631                               NULL,
01632                               NULL,
01633                               RSBAC_RC_TYPE_NETTEMP_FILENAME,
01634                               RSBAC_AUTO_DEV);
01635     if(err)
01636       {
01637         registration_error(err, "type NETTEMP");
01638       }
01639     if(!rsbac_no_defaults && !rsbac_list_count(type_nettemp_handle))
01640       {
01641         rsbac_rc_type_id_t type;
01642         char name[RSBAC_RC_NAME_LEN];
01643 
01644         type = RSBAC_RC_GENERAL_TYPE;
01645         strcpy(name, "General NETTEMP");
01646         rsbac_list_add(type_nettemp_handle, &type, name);
01647         type = RSBAC_RC_SEC_TYPE;
01648         strcpy(name, "Securit NETTEMP");
01649         rsbac_list_add(type_nettemp_handle, &type, name);
01650         type = RSBAC_RC_SYS_TYPE;
01651         strcpy(name, "System NETTEMP");
01652         rsbac_list_add(type_nettemp_handle, &type, &name);
01653       }
01654     list_info.version = RSBAC_RC_TYPE_NETOBJ_LIST_VERSION;
01655     list_info.key = RSBAC_RC_LIST_KEY;
01656     list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01657     list_info.data_size = RSBAC_RC_NAME_LEN;
01658     list_info.max_age = 0;
01659     err = rsbac_list_register(RSBAC_LIST_VERSION,
01660                               &type_netobj_handle,
01661                               &list_info,
01662                               #if defined(CONFIG_RSBAC_RC_BACKUP)
01663                               RSBAC_LIST_BACKUP |
01664                               #endif
01665                               RSBAC_LIST_PERSIST,
01666                               rsbac_list_compare_u32,
01667                               NULL,
01668                               NULL,
01669                               RSBAC_RC_TYPE_NETOBJ_FILENAME,
01670                               RSBAC_AUTO_DEV);
01671     if(err)
01672       {
01673         registration_error(err, "type NETOBJ");
01674       }
01675     if(!rsbac_no_defaults && !rsbac_list_count(type_netobj_handle))
01676       {
01677         rsbac_rc_type_id_t type;
01678         char name[RSBAC_RC_NAME_LEN];
01679 
01680         type = RSBAC_RC_GENERAL_TYPE;
01681         strcpy(name, "General NETOBJ");
01682         rsbac_list_add(type_netobj_handle, &type, name);
01683         type = RSBAC_RC_SEC_TYPE;
01684         strcpy(name, "Security NETOBJ");
01685         rsbac_list_add(type_netobj_handle, &type, name);
01686         type = RSBAC_RC_SYS_TYPE;
01687         strcpy(name, "System NETOBJ");
01688         rsbac_list_add(type_netobj_handle, &type, &name);
01689       }
01690 
01691 #ifdef CONFIG_RSBAC_DEBUG
01692     if(rsbac_debug_stack)
01693       {
01694         unsigned long * n = (unsigned long *) (current+1);
01695 
01696         while (!*n)
01697           n++;
01698 #ifdef CONFIG_RSBAC_RMSG
01699         rsbac_printk(KERN_DEBUG "rsbac_init_rc: free stack before adding proc entry: %lu\n",
01700                (unsigned long) n - (unsigned long)(current+1));
01701 #endif
01702 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01703         if (!rsbac_nosyslog)
01704 #endif
01705         printk(KERN_DEBUG "rsbac_init_rc: free stack before adding proc entry: %lu\n",
01706                (unsigned long) n - (unsigned long)(current+1));
01707       }
01708 #endif
01709     #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
01710     tmp_entry_p = create_proc_entry("stats_rc",
01711                                     S_IFREG | S_IRUGO,
01712                                     proc_rsbac_root_p);
01713     if(tmp_entry_p)
01714       {
01715         tmp_entry_p->get_info = stats_rc_proc_info;
01716       }
01717 
01718     #endif
01719 
01720 #ifdef CONFIG_RSBAC_DEBUG
01721     if(rsbac_debug_stack)
01722       {
01723         unsigned long * n = (unsigned long *) (current+1);
01724 
01725         while (!*n)
01726           n++;
01727 #ifdef CONFIG_RSBAC_RMSG
01728         rsbac_printk(KERN_DEBUG "rsbac_init_rc: final free stack: %lu\n",
01729                (unsigned long) n - (unsigned long)(current+1));
01730 #endif
01731 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01732         if (!rsbac_nosyslog)
01733 #endif
01734         printk(KERN_DEBUG "rsbac_init_rc: final free stack: %lu\n",
01735                (unsigned long) n - (unsigned long)(current+1));
01736       }
01737     if (rsbac_debug_ds_rc)
01738       {
01739 #ifdef CONFIG_RSBAC_RMSG
01740         rsbac_printk(KERN_DEBUG "rsbac_init_rc(): Ready.\n");
01741 #endif
01742 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01743         if (!rsbac_nosyslog)
01744 #endif
01745         printk(KERN_DEBUG "rsbac_init_rc(): Ready.\n");
01746       }
01747 #endif
01748     return(err);
01749   };
01750 
01751 /***************************************************/
01752 /* We also need some status information...         */
01753 
01754 int rsbac_stats_rc(void)
01755   {
01756     if (!rsbac_is_initialized())
01757       {
01758         printk(KERN_WARNING "rsbac_stats_rc(): RSBAC not initialized\n");
01759         return(-RSBAC_ENOTINITIALIZED);
01760       }
01761 
01762 #ifdef CONFIG_RSBAC_RMSG
01763     rsbac_printk(KERN_INFO "Role entry size is %u, %lu entries used\n",
01764            sizeof(struct rsbac_rc_role_entry_t),
01765            rsbac_list_count(role_handle));
01766 
01767     rsbac_printk(KERN_INFO "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, group: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
01768            rsbac_list_count(type_fd_handle),
01769            rsbac_list_count(type_dev_handle),
01770            rsbac_list_count(type_ipc_handle),
01771            rsbac_list_count(type_user_handle),
01772            rsbac_list_count(type_process_handle),
01773            rsbac_list_count(type_group_handle),
01774            rsbac_list_count(type_netdev_handle),
01775            rsbac_list_count(type_nettemp_handle),
01776            rsbac_list_count(type_netobj_handle));
01777 #endif
01778 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01779     if (!rsbac_nosyslog)
01780 #endif
01781       {
01782         printk(KERN_INFO "Role entry size is %u, %lu entries used\n",
01783                sizeof(struct rsbac_rc_role_entry_t),
01784                rsbac_list_count(role_handle));
01785 
01786         printk(KERN_INFO "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, group: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
01787                rsbac_list_count(type_fd_handle),
01788                rsbac_list_count(type_dev_handle),
01789                rsbac_list_count(type_ipc_handle),
01790                rsbac_list_count(type_user_handle),
01791                rsbac_list_count(type_process_handle),
01792                rsbac_list_count(type_group_handle),
01793                rsbac_list_count(type_netdev_handle),
01794                rsbac_list_count(type_nettemp_handle),
01795                rsbac_list_count(type_netobj_handle));
01796       }
01797     return(0);
01798   };
01799 
01800 /************************************************* */
01801 /*               Access functions                  */
01802 /************************************************* */
01803 
01804 /* Find the boot role */
01805 #ifdef CONFIG_RSBAC_INIT_DELAY
01806 int rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p)
01807 #else
01808 int __init rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p)
01809 #endif
01810   {
01811     /* Try to find role marked as boot role */
01812     if(rsbac_list_get_desc(role_handle,
01813                            role_p,
01814                            role_p,
01815                            rsbac_rc_role_compare_data)
01816       )
01817       { /* none found */
01818         return -RSBAC_ENOTFOUND;
01819       }
01820     return 0;
01821   }
01822 
01823 /* Checking whether role exists */
01824 rsbac_boolean_t rsbac_rc_role_exists(
01825   rsbac_list_ta_number_t ta_number,
01826   rsbac_rc_role_id_t role)
01827   {
01828     return rsbac_ta_list_exist(ta_number, role_handle, &role);
01829   }
01830 
01831 rsbac_boolean_t rsbac_rc_type_exists(
01832        rsbac_list_ta_number_t ta_number,
01833   enum rsbac_target_t     target,
01834        rsbac_rc_type_id_t type)
01835   {
01836     switch(target)
01837       {
01838         case T_FILE:
01839         case T_DIR:
01840         case T_FIFO:
01841         case T_SYMLINK:
01842         case T_FD:
01843           return rsbac_ta_list_exist(ta_number, type_fd_handle, &type);
01844         case T_DEV:
01845           return rsbac_ta_list_exist(ta_number, type_dev_handle, &type);
01846         case T_IPC:
01847           return rsbac_ta_list_exist(ta_number, type_ipc_handle, &type);
01848         case T_USER:
01849           return rsbac_ta_list_exist(ta_number, type_user_handle, &type);
01850         case T_PROCESS:
01851           return rsbac_ta_list_exist(ta_number, type_process_handle, &type);
01852         case T_NETDEV:
01853           return rsbac_ta_list_exist(ta_number, type_netdev_handle, &type);
01854         case T_NETTEMP:
01855           return rsbac_ta_list_exist(ta_number, type_nettemp_handle, &type);
01856         case T_NETOBJ:
01857           return rsbac_ta_list_exist(ta_number, type_netobj_handle, &type);
01858         case T_SCD:
01859           if(type < ST_none)
01860             return TRUE;
01861           else
01862             return FALSE;
01863         default:
01864           return FALSE;
01865       }
01866   }
01867 
01868 /* Invalid parameter combinations return an error. */
01869 
01870 int rsbac_rc_copy_role(
01871   rsbac_list_ta_number_t ta_number,
01872   rsbac_rc_role_id_t from_role,
01873   rsbac_rc_role_id_t to_role)
01874   {
01875     struct rsbac_rc_role_entry_t entry;
01876     rsbac_rc_role_id_t * role_array;
01877     char * item_array;
01878     long count;
01879     u_long i;
01880     int err;
01881 
01882     if (!rsbac_is_initialized())
01883       {
01884         printk(KERN_WARNING "rsbac_rc_copy_role(): RSBAC not initialized\n");
01885         return(-RSBAC_ENOTINITIALIZED);
01886       }
01887     if(   (from_role > RC_role_max_value)
01888        || (to_role > RC_role_max_value)
01889        || (to_role == from_role)
01890       )
01891       return(-RSBAC_EINVALIDTARGET);
01892     
01893     /* copy */
01894     err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &from_role, &entry);
01895     if(err)
01896       return err;
01897     err = rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &to_role, &entry);
01898     if(err)
01899       return err;
01900 
01901     rsbac_ta_list_lol_remove(ta_number, role_rc_handle, &to_role);
01902     count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, role_rc_handle,
01903                                                   &from_role, (void **) &role_array, NULL);
01904     if(count > 0)
01905       {
01906         for(i=0; i<count ; i++)
01907           rsbac_ta_list_lol_subadd_ttl(ta_number, role_rc_handle, 0, &to_role, &role_array[i], 0);
01908         rsbac_vfree(role_array);
01909       }
01910     rsbac_ta_list_lol_remove(ta_number, role_adr_handle, &to_role);
01911     count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, role_adr_handle, &from_role, (void **) &role_array, NULL);
01912     if(count > 0)
01913       {
01914         for(i=0; i<count ; i++)
01915           rsbac_ta_list_lol_subadd_ttl(ta_number, role_adr_handle, 0, &to_role, &role_array[i], 0);
01916         rsbac_vfree(role_array);
01917       }
01918     rsbac_ta_list_lol_remove(ta_number, role_asr_handle, &to_role);
01919     count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, role_asr_handle, &from_role, (void **) &role_array, NULL);
01920     if(count > 0)
01921       {
01922         for(i=0; i<count ; i++)
01923           rsbac_ta_list_lol_subadd_ttl(ta_number, role_asr_handle, 0, &to_role, &role_array[i], 0);
01924         rsbac_vfree(role_array);
01925       }
01926     rsbac_ta_list_lol_remove(ta_number, role_dfdc_handle, &to_role);
01927     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_dfdc_handle, &from_role, (void **) &item_array, NULL);
01928     if(count > 0)
01929       {
01930         char * tmp = item_array;
01931         int size = rsbac_list_lol_get_subitem_size(role_dfdc_handle);
01932 
01933         for(i=0; i<count ; i++)
01934           {
01935             rsbac_ta_list_lol_subadd_ttl(ta_number, role_dfdc_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01936             tmp += size;
01937           }
01938         rsbac_vfree(item_array);
01939       }
01940     rsbac_ta_list_lol_remove(ta_number, role_tcfd_handle, &to_role);
01941     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcfd_handle, &from_role, (void **) &item_array, NULL);
01942     if(count > 0)
01943       {
01944         char * tmp = item_array;
01945         int size = rsbac_list_lol_get_subitem_size(role_tcfd_handle);
01946 
01947         for(i=0; i<count ; i++)
01948           {
01949             rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcfd_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01950             tmp += size;
01951           }
01952         rsbac_vfree(item_array);
01953       }
01954     rsbac_ta_list_lol_remove(ta_number, role_tcdv_handle, &to_role);
01955     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcdv_handle, &from_role, (void **) &item_array, NULL);
01956     if(count > 0)
01957       {
01958         char * tmp = item_array;
01959         int size = rsbac_list_lol_get_subitem_size(role_tcdv_handle);
01960 
01961         for(i=0; i<count ; i++)
01962           {
01963             rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcdv_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01964             tmp += size;
01965           }
01966         rsbac_vfree(item_array);
01967       }
01968     rsbac_ta_list_lol_remove(ta_number, role_tcus_handle, &to_role);
01969     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcus_handle, &from_role, (void **) &item_array, NULL);
01970     if(count > 0)
01971       {
01972         char * tmp = item_array;
01973         int size = rsbac_list_lol_get_subitem_size(role_tcus_handle);
01974 
01975         for(i=0; i<count ; i++)
01976           {
01977             rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcus_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01978             tmp += size;
01979           }
01980         rsbac_vfree(item_array);
01981       }
01982     rsbac_ta_list_lol_remove(ta_number,role_tcpr_handle, &to_role);
01983     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcpr_handle, &from_role, (void **) &item_array, NULL);
01984     if(count > 0)
01985       {
01986         char * tmp = item_array;
01987         int size = rsbac_list_lol_get_subitem_size(role_tcpr_handle);
01988 
01989         for(i=0; i<count ; i++)
01990           {
01991             rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcpr_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01992             tmp += size;
01993           }
01994         rsbac_vfree(item_array);
01995       }
01996     rsbac_ta_list_lol_remove(ta_number, role_tcip_handle, &to_role);
01997     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcip_handle, &from_role, (void **) &item_array, NULL);
01998     if(count > 0)
01999       {
02000         char * tmp = item_array;
02001         int size = rsbac_list_lol_get_subitem_size(role_tcip_handle);
02002 
02003         for(i=0; i<count ; i++)
02004           {
02005             rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcip_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
02006             tmp += size;
02007           }
02008         rsbac_vfree(item_array);
02009       }
02010     rsbac_ta_list_lol_remove(ta_number, role_tcsc_handle, &to_role);
02011     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcsc_handle, &from_role, (void **) &item_array, NULL);
02012     if(count > 0)
02013       {
02014         char * tmp = item_array;
02015         int size = rsbac_list_lol_get_subitem_size(role_tcsc_handle);
02016 
02017         for(i=0; i<count ; i++)
02018           {
02019             rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcsc_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
02020             tmp += size;
02021           }
02022         rsbac_vfree(item_array);
02023       }
02024     rsbac_ta_list_lol_remove(ta_number, role_tcgr_handle, &to_role);
02025     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcgr_handle, &from_role, (void **) &item_array, NULL);
02026     if(count > 0)
02027       {
02028         char * tmp = item_array;
02029         int size = rsbac_list_lol_get_subitem_size(role_tcgr_handle);
02030 
02031         for(i=0; i<count ; i++)
02032           {
02033             rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcgr_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
02034             tmp += size;
02035           }
02036         rsbac_vfree(item_array);
02037       }
02038     rsbac_ta_list_lol_remove(ta_number, role_tcnd_handle, &to_role);
02039     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcnd_handle, &from_role, (void **) &item_array, NULL);
02040     if(count > 0)
02041       {
02042         char * tmp = item_array;
02043         int size = rsbac_list_lol_get_subitem_size(role_tcnd_handle);
02044 
02045         for(i=0; i<count ; i++)
02046           {
02047             rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcnd_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
02048             tmp += size;
02049           }
02050         rsbac_vfree(item_array);
02051       }
02052     rsbac_ta_list_lol_remove(ta_number, role_tcnt_handle, &to_role);
02053     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcnt_handle, &from_role, (void **) &item_array, NULL);
02054     if(count > 0)
02055       {
02056         char * tmp = item_array;
02057         int size = rsbac_list_lol_get_subitem_size(role_tcnt_handle);
02058 
02059         for(i=0; i<count ; i++)
02060           {
02061             rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcnt_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
02062             tmp += size;
02063           }
02064         rsbac_vfree(item_array);
02065       }
02066     rsbac_ta_list_lol_remove(ta_number, role_tcno_handle, &to_role);
02067     count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcno_handle, &from_role, (void **) &item_array, NULL);
02068     if(count > 0)
02069       {
02070         char * tmp = item_array;
02071         int size = rsbac_list_lol_get_subitem_size(role_tcno_handle);
02072 
02073         for(i=0; i<count ; i++)
02074           {
02075             rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcno_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
02076             tmp += size;
02077           }
02078         rsbac_vfree(item_array);
02079       }
02080     return(0);
02081   }
02082 
02083 int rsbac_rc_copy_type(
02084        rsbac_list_ta_number_t ta_number,
02085   enum rsbac_rc_target_t      target,
02086        rsbac_rc_type_id_t     from_type,
02087        rsbac_rc_type_id_t     to_type)
02088   {
02089     rsbac_rc_role_id_t * role_array;
02090     rsbac_list_handle_t i_type_handle = NULL;
02091     rsbac_list_handle_t i_comp_handle = NULL;
02092     struct rsbac_rc_type_fd_entry_t type_fd_entry;
02093     char type_name[RSBAC_RC_NAME_LEN];
02094     long count;
02095     rsbac_time_t ttl;
02096     u_long i;
02097     int err;
02098 
02099     if (!rsbac_is_initialized())
02100       {
02101         printk(KERN_WARNING "rsbac_rc_copy_type(): RSBAC not initialized\n");
02102         return(-RSBAC_ENOTINITIALIZED);
02103       }
02104     if(   (from_type > RC_type_max_value)
02105        || (to_type > RC_type_max_value)
02106        || (to_type == from_type)
02107       )
02108       return(-RSBAC_EINVALIDTARGET);
02109 
02110     switch(target)
02111       {
02112         case T_FILE:
02113         case T_DIR:
02114         case T_FIFO:
02115         case T_SYMLINK:
02116         case T_FD:
02117           i_type_handle = type_fd_handle;
02118           i_comp_handle = role_tcfd_handle;
02119           break;
02120         case T_DEV:
02121           i_type_handle = type_dev_handle;
02122           i_comp_handle = role_tcdv_handle;
02123           break;
02124         case T_USER:
02125           i_type_handle = type_user_handle;
02126           i_comp_handle = role_tcus_handle;
02127           break;
02128         case T_PROCESS:
02129           i_type_handle = type_process_handle;
02130           i_comp_handle = role_tcpr_handle;
02131           break;
02132         case T_IPC:
02133           i_type_handle = type_ipc_handle;
02134           i_comp_handle = role_tcip_handle;
02135           break;
02136         case T_GROUP:
02137           i_type_handle = type_group_handle;
02138           i_comp_handle = role_tcgr_handle;
02139           break;
02140         case T_NETDEV:
02141           i_type_handle = type_netdev_handle;
02142           i_comp_handle = role_tcnd_handle;
02143           break;
02144         case T_NETTEMP:
02145           i_type_handle = type_nettemp_handle;
02146           i_comp_handle = role_tcnt_handle;
02147           break;
02148         case T_NETOBJ:
02149           i_type_handle = type_netobj_handle;
02150           i_comp_handle = role_tcno_handle;
02151           break;
02152 
02153         default:
02154           return -RSBAC_EINVALIDTARGET;
02155       }
02156 
02157     /* copy */
02158     if(i_type_handle == type_fd_handle)
02159       {
02160         err = rsbac_ta_list_get_data_ttl(ta_number, i_type_handle, &ttl, &from_type, &type_fd_entry);
02161         if(err)
02162           return err;
02163         err = rsbac_ta_list_add_ttl(ta_number, i_type_handle, ttl, &to_type, &type_fd_entry);
02164         if(err)
02165           return err;
02166       }
02167     else
02168       {
02169         err = rsbac_ta_list_get_data_ttl(ta_number, i_type_handle, NULL, &from_type, &type_name);
02170         if(err)
02171           return err;
02172         err = rsbac_ta_list_add_ttl(ta_number, i_type_handle, 0, &to_type, &type_name);
02173         if(err)
02174           return err;
02175       }
02176 
02177     err = rsbac_ta_list_lol_subremove_from_all(ta_number, i_comp_handle, &to_type);
02178     if(err)
02179       return err;
02180 
02181     count = rsbac_ta_list_get_all_desc(ta_number, role_handle,
02182                                        (void **) &role_array);
02183     if(count > 0)
02184       {
02185         rsbac_rc_rights_vector_t rights;
02186 
02187         for(i=0; i<count ; i++)
02188           {
02189             err = rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02190                                                     i_comp_handle,
02191                                                     &ttl,
02192                                                     &role_array[i],
02193                                                     &from_type,
02194                                                     &rights);
02195             if(!err)
02196               err = rsbac_ta_list_lol_subadd_ttl(ta_number,
02197                                                  i_comp_handle,
02198                                                  ttl,
02199                                                  &role_array[i],
02200                                                  &to_type,
02201                                                  &rights);
02202           }
02203         rsbac_vfree(role_array);
02204       }
02205     return(0);
02206   }
02207 
02208 
02209 /* Getting values */
02210 int rsbac_rc_get_item(
02211         rsbac_list_ta_number_t ta_number,
02212   enum  rsbac_rc_target_t       target,
02213   union rsbac_rc_target_id_t    tid,
02214   union rsbac_rc_target_id_t    subtid,
02215   enum  rsbac_rc_item_t         item,
02216   union rsbac_rc_item_value_t * value_p,
02217         rsbac_time_t          * ttl_p)
02218   {
02219     int err=0;
02220     struct rsbac_rc_role_entry_t role_entry;
02221     struct rsbac_rc_type_fd_entry_t type_fd_entry;
02222 
02223     if (!rsbac_is_initialized())
02224       {
02225         printk(KERN_WARNING "rsbac_rc_get_item(): RSBAC not initialized\n");
02226         return(-RSBAC_ENOTINITIALIZED);
02227       }
02228     if (in_interrupt())
02229       {
02230 #ifdef CONFIG_RSBAC_RMSG
02231         rsbac_printk(KERN_WARNING "rsbac_rc_get_item(): called from interrupt!\n");
02232 #endif
02233 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02234         if (!rsbac_nosyslog)
02235 #endif
02236         printk(KERN_WARNING "rsbac_rc_get_item(): called from interrupt!\n");
02237       }
02238     if(ttl_p)
02239       *ttl_p = 0;
02240     switch(target)
02241       {
02242         case RT_ROLE:
02243           if(tid.role > RC_role_max_value)
02244             return(-RSBAC_EINVALIDTARGET);
02245 /*
02246 #ifdef CONFIG_RSBAC_DEBUG
02247           if (rsbac_debug_ds_rc)
02248             {
02249 #ifdef CONFIG_RSBAC_RMSG
02250               rsbac_printk(KERN_DEBUG
02251                      "rsbac_rc_get_item(): getting role item value\n");
02252 #endif
02253 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02254               if (!rsbac_nosyslog)
02255 #endif
02256               printk(KERN_DEBUG
02257                      "rsbac_rc_get_item(): getting role item value\n");
02258             }
02259 #endif
02260 */
02261           switch (item)
02262             {
02263               case RI_role_comp:
02264                 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02265                                                    role_rc_handle,
02266                                                    ttl_p,
02267                                                    &tid.role,
02268                                                    &subtid.role,
02269                                                    NULL))
02270                   value_p->comp = TRUE;
02271                 else
02272                   value_p->comp = FALSE;
02273                 return 0;
02274               case RI_admin_roles:
02275                 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02276                                                    role_adr_handle,
02277                                                    ttl_p,
02278                                                    &tid.role,
02279                                                    &subtid.role,
02280                                                    NULL))
02281                   value_p->comp = TRUE;
02282                 else
02283                   value_p->comp = FALSE;
02284                 return 0;
02285               case RI_assign_roles:
02286                 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02287                                                    role_asr_handle,
02288                                                    ttl_p,
02289                                                    &tid.role,
02290                                                    &subtid.role,
02291                                                    NULL))
02292                   value_p->comp = TRUE;
02293                 else
02294                   value_p->comp = FALSE;
02295                 return 0;
02296               case RI_type_comp_fd:
02297                 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02298                                                   role_tcfd_handle,
02299                                                   ttl_p,
02300                                                   &tid.role,
02301                                                   &subtid.type,
02302                                                   &value_p->rights))
02303                   {
02304                     value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02305                     if(ttl_p)
02306                       *ttl_p = 0;
02307                   }
02308                 return 0;
02309               case RI_type_comp_dev:
02310                 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02311                                                   role_tcdv_handle,
02312                                                   ttl_p,
02313                                                   &tid.role,
02314                                                   &subtid.type,
02315                                                   &value_p->rights))
02316                   {
02317                     value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02318                     if(ttl_p)
02319                       *ttl_p = 0;
02320                   }
02321                 return 0;
02322               case RI_type_comp_user:
02323                 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02324                                                   role_tcus_handle,
02325                                                   ttl_p,
02326                                                   &tid.role,
02327                                                   &subtid.type,
02328                                                   &value_p->rights))
02329                   {
02330                     value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02331                     if(ttl_p)
02332                       *ttl_p = 0;
02333                   }
02334                 return 0;
02335               case RI_type_comp_process:
02336                 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02337                                                   role_tcpr_handle,
02338                                                   ttl_p,
02339                                                   &tid.role,
02340                                                   &subtid.type,
02341                                                   &value_p->rights))
02342                   {
02343                     value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02344                     if(ttl_p)
02345                       *ttl_p = 0;
02346                   }
02347                 return 0;
02348               case RI_type_comp_ipc:
02349                 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02350                                                   role_tcip_handle,
02351                                                   ttl_p,
02352                                                   &tid.role,
02353                                                   &subtid.type,
02354                                                   &value_p->rights))
02355                   {
02356                     value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02357                     if(ttl_p)
02358                       *ttl_p = 0;
02359                   }
02360                 return 0;
02361               case RI_type_comp_scd:
02362                 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02363                                                   role_tcsc_handle,
02364                                                   ttl_p,
02365                                                   &tid.role,
02366                                                   &subtid.type,
02367                                                   &value_p->rights))
02368                   {
02369                     value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02370                     if(ttl_p)
02371                       *ttl_p = 0;
02372                   }
02373                 return 0;
02374               case RI_type_comp_group:
02375                 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02376                                                   role_tcgr_handle,
02377                                                   ttl_p,
02378                                                   &tid.role,
02379                                                   &subtid.type,
02380                                                   &value_p->rights))
02381                   {
02382                     value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02383                     if(ttl_p)
02384                       *ttl_p = 0;
02385                   }
02386                 return 0;
02387               case RI_type_comp_netdev:
02388                 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02389                                                   role_tcnd_handle,
02390                                                   ttl_p,
02391                                                   &tid.role,
02392                                                   &subtid.type,
02393                                                   &value_p->rights))
02394                   {
02395                     value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02396                     if(ttl_p)
02397                       *ttl_p = 0;
02398                   }
02399                 return 0;
02400               case RI_type_comp_nettemp:
02401                 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02402                                                   role_tcnt_handle,
02403                                                   ttl_p,
02404                                                   &tid.role,
02405                                                   &subtid.type,
02406                                                   &value_p->rights))
02407                   {
02408                     value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02409                     if(ttl_p)
02410                       *ttl_p = 0;
02411                   }
02412                 return 0;
02413               case RI_type_comp_netobj:
02414                 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02415                                                   role_tcno_handle,
02416                                                   ttl_p,
02417                                                   &tid.role,
02418                                                   &subtid.type,
02419                                                   &value_p->rights))
02420                   {
02421                     value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02422                     if(ttl_p)
02423                       *ttl_p = 0;
02424                   }
02425                 return 0;
02426               case RI_admin_type:
02427                 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02428                   value_p->admin_type = role_entry.admin_type;
02429                 return err;
02430               case RI_name:
02431                 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02432                   {
02433                     strncpy(value_p->name, role_entry.name, RSBAC_RC_NAME_LEN - 1);
02434                     value_p->name[RSBAC_RC_NAME_LEN - 1] = (char) 0;
02435                   }
02436                 return err;
02437               case RI_def_fd_create_type:
02438                 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02439                   value_p->type_id = role_entry.def_fd_create_type;
02440                 return err;
02441               case RI_def_fd_ind_create_type:
02442                 return rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02443                                                       role_dfdc_handle,
02444                                                       ttl_p,
02445                                                       &tid.role,
02446                                                       &subtid.type,
02447                                                       &value_p->type_id);
02448               case RI_def_user_create_type:
02449                 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02450                   value_p->type_id = role_entry.def_user_create_type;
02451                 return err;
02452               case RI_def_process_create_type:
02453                 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02454                   value_p->type_id = role_entry.def_process_create_type;
02455                 return err;
02456               case RI_def_process_chown_type:
02457                 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02458                   value_p->type_id = role_entry.def_process_chown_type;
02459                 return err;
02460               case RI_def_process_execute_type:
02461                 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02462                   value_p->type_id = role_entry.def_process_execute_type;
02463                 return err;
02464               case RI_def_ipc_create_type:
02465                 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02466                   value_p->type_id = role_entry.def_ipc_create_type;
02467                 return err;
02468               case RI_def_group_create_type:
02469                 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02470                   value_p->type_id = role_entry.def_group_create_type;
02471                 return err;
02472               case RI_boot_role:
02473                 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02474                   value_p->boot_role = role_entry.boot_role;
02475                 return err;
02476               default:
02477                 return -RSBAC_EINVALIDATTR;
02478             }
02479           /* return */
02480           return(err);
02481           break;
02482 
02483         case RT_TYPE:
02484           if(tid.type > RC_type_max_value)
02485             return(-RSBAC_EINVALIDTARGET);
02486 /*
02487 #ifdef CONFIG_RSBAC_DEBUG
02488           if (rsbac_debug_ds_rc)
02489             printk(KERN_DEBUG
02490                      "rsbac_rc_get_item(): getting type item value\n");
02491 #endif
02492 */
02493             switch (item)
02494               {
02495                 case RI_type_fd_name:
02496                   if(!(err = rsbac_ta_list_get_data_ttl(ta_number, type_fd_handle, NULL, &tid.type, &type_fd_entry)))
02497                     {
02498                       strncpy(value_p->name, type_fd_entry.name, RSBAC_RC_NAME_LEN - 1);
02499                       value_p->name[RSBAC_RC_NAME_LEN - 1] = (char) 0;
02500                     }
02501                   return err;
02502                 case RI_type_fd_need_secdel:
02503                   if(!(err = rsbac_ta_list_get_data_ttl(ta_number, type_fd_handle, NULL, &tid.type, &type_fd_entry)))
02504                     {
02505                       value_p->need_secdel = type_fd_entry.need_secdel;
02506                     }
02507                   return err;
02508                 case RI_type_dev_name:
02509                   return rsbac_ta_list_get_data_ttl(ta_number, type_dev_handle, NULL, &tid.type, value_p->name);
02510                 case RI_type_ipc_name:
02511                   return rsbac_ta_list_get_data_ttl(ta_number, type_ipc_handle, NULL, &tid.type, value_p->name);
02512                 case RI_type_user_name:
02513                   return rsbac_ta_list_get_data_ttl(ta_number, type_user_handle, NULL, &tid.type, value_p->name);
02514                 case RI_type_process_name:
02515                   return rsbac_ta_list_get_data_ttl(ta_number, type_process_handle, NULL, &tid.type, value_p->name);
02516                 case RI_type_group_name:
02517                   return rsbac_ta_list_get_data_ttl(ta_number, type_group_handle, NULL, &tid.type, value_p->name);
02518                 case RI_type_netdev_name:
02519                   return rsbac_ta_list_get_data_ttl(ta_number, type_netdev_handle, NULL, &tid.type, value_p->name);
02520                 case RI_type_nettemp_name:
02521                   return rsbac_ta_list_get_data_ttl(ta_number, type_nettemp_handle, NULL, &tid.type, value_p->name);
02522                 case RI_type_netobj_name:
02523                   return rsbac_ta_list_get_data_ttl(ta_number, type_netobj_handle, NULL, &tid.type, value_p->name);
02524                 case RI_type_scd_name:
02525                   {
02526                     char * tmp;
02527 
02528                     tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02529                     if(!tmp)
02530                       err = -RSBAC_ENOMEM;
02531                     else
02532                       {
02533                         get_rc_scd_type_name(tmp,tid.type);
02534                         strncpy(value_p->name, tmp, RSBAC_RC_NAME_LEN - 1);
02535                         value_p->name[RSBAC_RC_NAME_LEN - 1] = (char) 0;
02536                         rsbac_kfree(tmp);
02537                       }
02538                     break;
02539                   }
02540                 default:
02541                   err = -RSBAC_EINVALIDATTR;
02542               }
02543             /* and return */
02544             return(err);
02545             break;
02546 
02547         /* switch target: no valid target */
02548         default:  
02549           err = -RSBAC_EINVALIDTARGET;
02550       }
02551     return err;
02552   }      /* end of rsbac_rc_get_item() */
02553 
02554 /* Checking role's compatibility */
02555 rsbac_boolean_t rsbac_rc_check_comp (rsbac_rc_role_id_t              role,
02556                              union rsbac_rc_target_id_t      subtid,
02557                              enum  rsbac_rc_item_t           item,
02558                              enum  rsbac_rc_special_rights_t right)
02559   {
02560     rsbac_rc_rights_vector_t rights_vector;
02561 
02562     if (!rsbac_is_initialized())
02563       {
02564         printk(KERN_WARNING "rsbac_rc_check_comp(): RSBAC not initialized\n");
02565         return(-RSBAC_ENOTINITIALIZED);
02566       }
02567     if (in_interrupt())
02568       {
02569 #ifdef CONFIG_RSBAC_RMSG
02570         rsbac_printk(KERN_WARNING "rsbac_rc_check_comp(): called from interrupt!\n");
02571 #endif
02572 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02573         if (!rsbac_nosyslog)
02574 #endif
02575         printk(KERN_WARNING "rsbac_rc_check_comp(): called from interrupt!\n");
02576       }
02577     if(role > RC_role_max_value)
02578       return FALSE;
02579 /*
02580 #ifdef CONFIG_RSBAC_DEBUG
02581     if (rsbac_debug_ds_rc)
02582       printk(KERN_DEBUG
02583              "rsbac_rc_check_comp(): checking role compatibility\n");
02584 #endif
02585 */
02586     switch (item)
02587       {
02588         case RI_role_comp:
02589           return rsbac_list_lol_subexist(role_rc_handle, &role, &subtid.role);
02590         case RI_admin_roles:
02591           return rsbac_list_lol_subexist(role_adr_handle, &role, &subtid.role);
02592         case RI_assign_roles:
02593           return rsbac_list_lol_subexist(role_asr_handle, &role, &subtid.role);
02594         case RI_type_comp_fd:
02595           if(   !rsbac_list_lol_get_subdata(role_tcfd_handle, &role, &subtid.type, &rights_vector)
02596              && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02597             )
02598             return TRUE;
02599           else
02600             return FALSE;
02601         case RI_type_comp_dev:
02602           if(   !rsbac_list_lol_get_subdata(role_tcdv_handle, &role, &subtid.type, &rights_vector)
02603              && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02604             )
02605             return TRUE;
02606           else
02607             return FALSE;
02608         case RI_type_comp_user:
02609           if(   !rsbac_list_lol_get_subdata(role_tcus_handle, &role, &subtid.type, &rights_vector)
02610              && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02611             )
02612             return TRUE;
02613           else
02614             return FALSE;
02615         case RI_type_comp_process:
02616           if(   !rsbac_list_lol_get_subdata(role_tcpr_handle, &role, &subtid.type, &rights_vector)
02617              && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02618             )
02619             return TRUE;
02620           else
02621             return FALSE;
02622         case RI_type_comp_ipc:
02623           if(   !rsbac_list_lol_get_subdata(role_tcip_handle, &role, &subtid.type, &rights_vector)
02624              && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02625             )
02626             return TRUE;
02627           else
02628             return FALSE;
02629         case RI_type_comp_scd:
02630           if(   !rsbac_list_lol_get_subdata(role_tcsc_handle, &role, &subtid.type, &rights_vector)
02631              && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02632             )
02633             return TRUE;
02634           else
02635             return FALSE;
02636         case RI_type_comp_group:
02637           if(   !rsbac_list_lol_get_subdata(role_tcgr_handle, &role, &subtid.type, &rights_vector)
02638              && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02639             )
02640             return TRUE;
02641           else
02642             return FALSE;
02643         case RI_type_comp_netdev:
02644           if(   !rsbac_list_lol_get_subdata(role_tcnd_handle, &role, &subtid.type, &rights_vector)
02645              && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02646             )
02647             return TRUE;
02648           else
02649             return FALSE;
02650         case RI_type_comp_nettemp:
02651           if(   !rsbac_list_lol_get_subdata(role_tcnt_handle, &role, &subtid.type, &rights_vector)
02652              && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02653             )
02654             return TRUE;
02655           else
02656             return FALSE;
02657         case RI_type_comp_netobj:
02658           if(   !rsbac_list_lol_get_subdata(role_tcno_handle, &role, &subtid.type, &rights_vector)
02659              && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02660             )
02661             return TRUE;
02662           else
02663             return FALSE;
02664 
02665         default:
02666 #ifdef CONFIG_RSBAC_RMSG
02667           rsbac_printk(KERN_WARNING
02668                  "rsbac_rc_check_comp(): called for invalid item %u\n",
02669                  item);
02670 #endif
02671 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02672           if (!rsbac_nosyslog)
02673 #endif
02674           printk(KERN_WARNING
02675                  "rsbac_rc_check_comp(): called for invalid item %u\n",
02676                  item);
02677           return FALSE;
02678       }
02679   }      /* end of rsbac_rc_check_comp() */
02680 
02681 /* Get list of defined items. Returns number or negative error.
02682  * item is to distinguish type targets, use RI_type_xx_name */
02683 int rsbac_rc_get_list(
02684         rsbac_list_ta_number_t ta_number,
02685   enum  rsbac_rc_target_t       target,
02686   union rsbac_rc_target_id_t    tid,
02687   enum  rsbac_rc_item_t         item,
02688         __u32  ** array_pp,
02689         rsbac_time_t ** ttl_array_pp)
02690   {
02691     int res;
02692 
02693     if (!rsbac_is_initialized())
02694       {
02695         printk(KERN_WARNING "rsbac_rc_get_list(): RSBAC not initialized\n");
02696         return(-RSBAC_ENOTINITIALIZED);
02697       }
02698     if (in_interrupt())
02699       {
02700 #ifdef CONFIG_RSBAC_RMSG
02701         rsbac_printk(KERN_WARNING "rsbac_rc_get_list(): called from interrupt!\n");
02702 #endif
02703 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02704         if (!rsbac_nosyslog)
02705 #endif
02706         printk(KERN_WARNING "rsbac_rc_get_list(): called from interrupt!\n");
02707       }
02708     if(ttl_array_pp)
02709       *ttl_array_pp = NULL;
02710     switch (target)
02711       {
02712         case RT_ROLE:
02713 /*
02714 #ifdef CONFIG_RSBAC_DEBUG
02715           if (rsbac_debug_ds_rc)
02716             printk(KERN_DEBUG
02717                      "rsbac_rc_get_list(): getting role list\n");
02718 #endif
02719 */
02720           switch (item)
02721             {
02722               case RI_name:
02723                 if(array_pp)
02724                   return rsbac_ta_list_get_all_desc(ta_number, role_handle, (void **) array_pp);
02725                 else
02726                   return rsbac_ta_list_count(ta_number, role_handle);
02727               case RI_role_comp:
02728                 if(array_pp)
02729                   res = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02730                                                            role_rc_handle,
02731                                                            &tid.role,
02732                                                            (void **) array_pp,
02733                                                            ttl_array_pp);
02734                 else
02735                   res = rsbac_ta_list_lol_subcount(ta_number, role_rc_handle, &tid.role);
02736                 if(res == -RSBAC_ENOTFOUND)
02737                   return 0;
02738                 else
02739                   return res;
02740               case RI_admin_roles:
02741                 if(array_pp)
02742                   res = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02743                                                            role_adr_handle,
02744                                                            &tid.role,
02745                                                            (void **) array_pp,
02746                                                            ttl_array_pp);
02747                 else
02748                   res = rsbac_ta_list_lol_subcount(ta_number, role_adr_handle, &tid.role);
02749                 if(res == -RSBAC_ENOTFOUND)
02750                   return 0;
02751                 else
02752                   return res;
02753               case RI_assign_roles:
02754                 if(array_pp)
02755                   res = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02756                                                            role_asr_handle,
02757                                                            &tid.role,
02758                                                            (void **) array_pp,
02759                                                            ttl_array_pp);
02760                 else
02761                   res = rsbac_ta_list_lol_subcount(ta_number, role_asr_handle, &tid.role);
02762                 if(res == -RSBAC_ENOTFOUND)
02763                   return 0;
02764                 else
02765                   return res;
02766               case RI_def_fd_ind_create_type:
02767                 if(array_pp)
02768                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02769                                                             role_dfdc_handle,
02770                                                             &tid.role,
02771                                                             (void **) array_pp,
02772                                                             ttl_array_pp);
02773                 else
02774                   return rsbac_ta_list_lol_subcount(ta_number, role_dfdc_handle, &tid.role);
02775               case RI_type_comp_fd:
02776                 if(array_pp)
02777                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02778                                                             role_tcfd_handle,
02779                                                             &tid.role,
02780                                                             (void **) array_pp,
02781                                                             ttl_array_pp);
02782                 else
02783                   return rsbac_ta_list_lol_subcount(ta_number, role_tcfd_handle, &tid.role);
02784               case RI_type_comp_dev:
02785                 if(array_pp)
02786                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02787                                                             role_tcdv_handle,
02788                                                             &tid.role,
02789                                                             (void **) array_pp,
02790                                                             ttl_array_pp);
02791                 else
02792                   return rsbac_ta_list_lol_subcount(ta_number, role_tcdv_handle, &tid.role);
02793               case RI_type_comp_user:
02794                 if(array_pp)
02795                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02796                                                             role_tcus_handle,
02797                                                             &tid.role,
02798                                                             (void **) array_pp,
02799                                                             ttl_array_pp);
02800                 else
02801                   return rsbac_ta_list_lol_subcount(ta_number, role_tcus_handle, &tid.role);
02802               case RI_type_comp_process:
02803                 if(array_pp)
02804                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02805                                                             role_tcpr_handle,
02806                                                             &tid.role,
02807                                                             (void **) array_pp,
02808                                                             ttl_array_pp);
02809                 else
02810                   return rsbac_ta_list_lol_subcount(ta_number, role_tcpr_handle, &tid.role);
02811               case RI_type_comp_ipc:
02812                 if(array_pp)
02813                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02814                                                             role_tcip_handle,
02815                                                             &tid.role,
02816                                                             (void **) array_pp,
02817                                                             ttl_array_pp);
02818                 else
02819                   return rsbac_ta_list_lol_subcount(ta_number, role_tcip_handle, &tid.role);
02820               case RI_type_comp_scd:
02821                 if(array_pp)
02822                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02823                                                             role_tcsc_handle,
02824                                                             &tid.role,
02825                                                             (void **) array_pp,
02826                                                             ttl_array_pp);
02827                 else
02828                   return rsbac_ta_list_lol_subcount(ta_number, role_tcsc_handle, &tid.role);
02829               case RI_type_comp_group:
02830                 if(array_pp)
02831                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02832                                                             role_tcgr_handle,
02833                                                             &tid.role,
02834                                                             (void **) array_pp,
02835                                                             ttl_array_pp);
02836                 else
02837                   return rsbac_ta_list_lol_subcount(ta_number, role_tcgr_handle, &tid.role);
02838               case RI_type_comp_netdev:
02839                 if(array_pp)
02840                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02841                                                             role_tcnd_handle,
02842                                                             &tid.role,
02843                                                             (void **) array_pp,
02844                                                             ttl_array_pp);
02845                 else
02846                   return rsbac_ta_list_lol_subcount(ta_number, role_tcnd_handle, &tid.role);
02847               case RI_type_comp_nettemp:
02848                 if(array_pp)
02849                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02850                                                             role_tcnt_handle,
02851                                                             &tid.role,
02852                                                             (void **) array_pp,
02853                                                             ttl_array_pp);
02854                 else
02855                   return rsbac_ta_list_lol_subcount(ta_number, role_tcnt_handle, &tid.role);
02856               case RI_type_comp_netobj:
02857                 if(array_pp)
02858                   return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02859                                                             role_tcno_handle,
02860                                                             &tid.role,
02861                                                             (void **) array_pp,
02862                                                             ttl_array_pp);
02863                 else
02864                   return rsbac_ta_list_lol_subcount(ta_number, role_tcno_handle, &tid.role);
02865 
02866               default:
02867                 return -RSBAC_EINVALIDATTR;
02868             }
02869 
02870         case RT_TYPE:
02871 /*
02872 #ifdef CONFIG_RSBAC_DEBUG
02873           if (rsbac_debug_ds_rc)
02874             printk(KERN_DEBUG
02875                      "rsbac_rc_get_item(): getting type item value\n");
02876 #endif
02877 */
02878           switch (item)
02879             {
02880               case RI_type_fd_name:
02881               case RI_type_fd_need_secdel:
02882                 if(array_pp)
02883                   return rsbac_ta_list_get_all_desc(ta_number, type_fd_handle, (void **) array_pp);
02884                 else
02885                   return rsbac_ta_list_count(ta_number, type_fd_handle);
02886               case RI_type_dev_name:
02887                 if(array_pp)
02888                   return rsbac_ta_list_get_all_desc(ta_number, type_dev_handle, (void **) array_pp);
02889                 else
02890                   return rsbac_ta_list_count(ta_number, type_dev_handle);
02891               case RI_type_ipc_name:
02892                 if(array_pp)
02893                   return rsbac_ta_list_get_all_desc(ta_number, type_ipc_handle, (void **) array_pp);
02894                 else
02895                   return rsbac_ta_list_count(ta_number, type_ipc_handle);
02896               case RI_type_user_name:
02897                 if(array_pp)
02898                   return rsbac_ta_list_get_all_desc(ta_number, type_user_handle, (void **) array_pp);
02899                 else
02900                   return rsbac_ta_list_count(ta_number, type_user_handle);
02901               case RI_type_process_name:
02902                 if(array_pp)
02903                   return rsbac_ta_list_get_all_desc(ta_number, type_process_handle, (void **) array_pp);
02904                 else
02905                   return rsbac_ta_list_count(ta_number, type_process_handle);
02906               case RI_type_group_name:
02907                 if(array_pp)
02908                   return rsbac_ta_list_get_all_desc(ta_number, type_group_handle, (void **) array_pp);
02909                 else
02910                   return rsbac_ta_list_count(ta_number, type_group_handle);
02911               case RI_type_netdev_name:
02912                 if(array_pp)
02913                   return rsbac_ta_list_get_all_desc(ta_number, type_netdev_handle, (void **) array_pp);
02914                 else
02915                   return rsbac_ta_list_count(ta_number, type_netdev_handle);
02916               case RI_type_nettemp_name:
02917                 if(array_pp)
02918                   return rsbac_ta_list_get_all_desc(ta_number, type_nettemp_handle, (void **) array_pp);
02919                 else
02920                   return rsbac_ta_list_count(ta_number, type_nettemp_handle);
02921               case RI_type_netobj_name:
02922                 if(array_pp)
02923                   return rsbac_ta_list_get_all_desc(ta_number, type_netobj_handle, (void **) array_pp);
02924                 else
02925                   return rsbac_ta_list_count(ta_number, type_netobj_handle);
02926 
02927               default:
02928                 return -RSBAC_EINVALIDATTR;
02929             }
02930 
02931         default:
02932           return -RSBAC_EINVALIDTARGET;
02933       }
02934   }      /* end of rsbac_rc_get_list() */
02935 
02936 
02937 /* Setting values */
02938 int rsbac_rc_set_item(
02939         rsbac_list_ta_number_t ta_number,
02940   enum  rsbac_rc_target_t       target,
02941   union rsbac_rc_target_id_t    tid,
02942   union rsbac_rc_target_id_t    subtid,
02943   enum  rsbac_rc_item_t         item,
02944   union rsbac_rc_item_value_t   value,
02945         rsbac_time_t            ttl)
02946   {
02947     int err=0;
02948 
02949     if (!rsbac_is_initialized())
02950       {
02951         printk(KERN_WARNING "rsbac_rc_set_item(): RSBAC not initialized\n");
02952         return(-RSBAC_ENOTINITIALIZED);
02953       }
02954     if (in_interrupt())
02955       {
02956 #ifdef CONFIG_RSBAC_RMSG
02957         rsbac_printk(KERN_WARNING "rsbac_rc_set_item(): called from interrupt!\n");
02958 #endif
02959 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02960         if (!rsbac_nosyslog)
02961 #endif
02962         printk(KERN_WARNING "rsbac_rc_set_item(): called from interrupt!\n");
02963       }
02964     switch (target)
02965       {
02966         case RT_ROLE:
02967           if(tid.role > RC_role_max_value)
02968             return(-RSBAC_EINVALIDTARGET);
02969           if(   (item != RI_name)
02970              && !rsbac_ta_list_exist(ta_number, role_handle, &tid.role)
02971             )
02972             return(-RSBAC_EINVALIDTARGET);
02973 #ifdef CONFIG_RSBAC_DEBUG
02974           if (rsbac_debug_ds_rc)
02975             {
02976 #ifdef CONFIG_RSBAC_RMSG
02977               rsbac_printk(KERN_DEBUG
02978                      "rsbac_rc_set_item(): Setting role item value\n");
02979 #endif
02980 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02981               if (!rsbac_nosyslog)
02982 #endif
02983               printk(KERN_DEBUG
02984                      "rsbac_rc_set_item(): Setting role item value\n");
02985             }
02986 #endif
02987             switch (item)
02988               {
02989                 case RI_role_comp:
02990                   if(value.comp)
02991                     {
02992                       return rsbac_ta_list_lol_subadd_ttl(ta_number,
02993                                                        role_rc_handle,
02994                                                        ttl,
02995                                                        &tid.role,
02996                                                        &subtid.role,
02997                                                        NULL);
02998                     }
02999                   else
03000                     {
03001                       rsbac_ta_list_lol_subremove(ta_number, role_rc_handle, &tid.role, &subtid.role);
03002                       return 0;
03003                     }
03004                 case RI_admin_roles:
03005                   if(value.comp)
03006                     {
03007                       return rsbac_ta_list_lol_subadd_ttl(ta_number,
03008                                                        role_adr_handle,
03009                                                        ttl,
03010                                                        &tid.role,
03011                                                        &subtid.role,
03012                                                        NULL);
03013                     }
03014                   else
03015                     {
03016                       rsbac_ta_list_lol_subremove(ta_number, role_adr_handle, &tid.role, &subtid.role);
03017                       return 0;
03018                     }
03019                 case RI_assign_roles:
03020                   if(value.comp)
03021                     {
03022                       return rsbac_ta_list_lol_subadd_ttl(ta_number,
03023                                                        role_asr_handle,
03024                                                        ttl,
03025                                                        &tid.role,
03026                                                        &subtid.role,
03027                                                        NULL);
03028                     }
03029                   else
03030                     {
03031                       rsbac_ta_list_lol_subremove(ta_number, role_asr_handle, &tid.role, &subtid.role);
03032                       return 0;
03033                     }
03034                 case RI_type_comp_fd:
03035                   if(!rsbac_ta_list_exist(ta_number, type_fd_handle, &subtid.type))
03036                       return -RSBAC_EINVALIDVALUE;
03037                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03038                                                    role_tcfd_handle,
03039                                                    ttl,
03040                                                    &tid.role,
03041                                                    &subtid.type,
03042                                                    &value.rights);
03043                 case RI_type_comp_dev:
03044                   if(!rsbac_ta_list_exist(ta_number, type_dev_handle, &subtid.type))
03045                       return -RSBAC_EINVALIDVALUE;
03046                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03047                                                    role_tcdv_handle,
03048                                                    ttl,
03049                                                    &tid.role,
03050                                                    &subtid.type,
03051                                                    &value.rights);
03052                 case RI_type_comp_user:
03053                   if(!rsbac_ta_list_exist(ta_number, type_user_handle, &subtid.type))
03054                       return -RSBAC_EINVALIDVALUE;
03055                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03056                                                    role_tcus_handle,
03057                                                    ttl,
03058                                                    &tid.role,
03059                                                    &subtid.type,
03060                                                    &value.rights);
03061                 case RI_type_comp_process:
03062                   if(!rsbac_ta_list_exist(ta_number, type_process_handle, &subtid.type))
03063                       return -RSBAC_EINVALIDVALUE;
03064                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03065                                                    role_tcpr_handle,
03066                                                    ttl,
03067                                                    &tid.role,
03068                                                    &subtid.type,
03069                                                    &value.rights);
03070                 case RI_type_comp_ipc:
03071                   if(!rsbac_ta_list_exist(ta_number, type_ipc_handle, &subtid.type))
03072                       return -RSBAC_EINVALIDVALUE;
03073                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03074                                                    role_tcip_handle,
03075                                                    ttl,
03076                                                    &tid.role,
03077                                                    &subtid.type,
03078                                                    &value.rights);
03079                 case RI_type_comp_scd:
03080                   if(   (subtid.type >= ST_none)
03081                      && (subtid.type < RST_min)
03082                     )
03083                     return -RSBAC_EINVALIDVALUE;
03084                   if(subtid.type >= RST_none)
03085                       return -RSBAC_EINVALIDVALUE;
03086                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03087                                                    role_tcsc_handle,
03088                                                    ttl,
03089                                                    &tid.role,
03090                                                    &subtid.type,
03091                                                    &value.rights);
03092                 case RI_type_comp_group:
03093                   if(!rsbac_ta_list_exist(ta_number, type_group_handle, &subtid.type))
03094                       return -RSBAC_EINVALIDVALUE;
03095                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03096                                                    role_tcgr_handle,
03097                                                    ttl,
03098                                                    &tid.role,
03099                                                    &subtid.type,
03100                                                    &value.rights);
03101                 case RI_type_comp_netdev:
03102                   if(!rsbac_ta_list_exist(ta_number, type_netdev_handle, &subtid.type))
03103                       return -RSBAC_EINVALIDVALUE;
03104                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03105                                                    role_tcnd_handle,
03106                                                    ttl,
03107                                                    &tid.role,
03108                                                    &subtid.type,
03109                                                    &value.rights);
03110                 case RI_type_comp_nettemp:
03111                   if(!rsbac_ta_list_exist(ta_number, type_nettemp_handle, &subtid.type))
03112                       return -RSBAC_EINVALIDVALUE;
03113                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03114                                                    role_tcnt_handle,
03115                                                    ttl,
03116                                                    &tid.role,
03117                                                    &subtid.type,
03118                                                    &value.rights);
03119                 case RI_type_comp_netobj:
03120                   if(!rsbac_ta_list_exist(ta_number, type_netobj_handle, &subtid.type))
03121                       return -RSBAC_EINVALIDVALUE;
03122                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03123                                                    role_tcno_handle,
03124                                                    ttl,
03125                                                    &tid.role,
03126                                                    &subtid.type,
03127                                                    &value.rights);
03128                 case RI_admin_type:
03129                   {
03130                     struct rsbac_rc_role_entry_t entry;
03131 
03132                     err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03133                     if(err)
03134                       return err;
03135                     entry.admin_type = value.admin_type;
03136                     return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03137                   }
03138                 case RI_name:
03139                   {
03140                     struct rsbac_rc_role_entry_t entry;
03141 
03142                     /* no empty names */
03143                     if(!value.name[0])
03144                       return -RSBAC_EINVALIDVALUE;
03145                     /* create, if necessary, and set name */
03146                     memset(&entry, 0, sizeof(struct rsbac_rc_role_entry_t));
03147                     rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03148                     strncpy(entry.name, value.name, RSBAC_RC_NAME_LEN - 1);
03149                     entry.name[RSBAC_RC_NAME_LEN-1] = 0;
03150                     return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03151                   }
03152                 case RI_remove_role:
03153                   if(!tid.role)
03154                     return -RSBAC_EINVALIDVALUE;
03155                   /* remove role compat. */
03156                   rsbac_ta_list_lol_remove(ta_number, role_rc_handle, &tid.role);
03157                   /* remove from other roles' role compat */
03158                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_rc_handle, &tid.role);
03159 
03160                   /* remove admin roles */
03161                   rsbac_ta_list_lol_remove(ta_number, role_adr_handle, &tid.role);
03162                   /* remove from other roles' admin roles */
03163                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_adr_handle, &tid.role);
03164 
03165                   /* remove assign roles */
03166                   rsbac_ta_list_lol_remove(ta_number, role_asr_handle, &tid.role);
03167                   /* remove from other roles' assign roles */
03168                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_asr_handle, &tid.role);
03169 
03170                   /* remove def_fd_ind_create_type */
03171                   rsbac_ta_list_lol_remove(ta_number, role_dfdc_handle, &tid.role);
03172 
03173                   /* remove type compatibilities */
03174                   rsbac_ta_list_lol_remove(ta_number, role_tcfd_handle, &tid.role);
03175                   rsbac_ta_list_lol_remove(ta_number, role_tcdv_handle, &tid.role);
03176                   rsbac_ta_list_lol_remove(ta_number, role_tcus_handle, &tid.role);
03177                   rsbac_ta_list_lol_remove(ta_number, role_tcpr_handle, &tid.role);
03178                   rsbac_ta_list_lol_remove(ta_number, role_tcip_handle, &tid.role);
03179                   rsbac_ta_list_lol_remove(ta_number, role_tcsc_handle, &tid.role);
03180                   rsbac_ta_list_lol_remove(ta_number, role_tcgr_handle, &tid.role);
03181                   rsbac_ta_list_lol_remove(ta_number, role_tcnd_handle, &tid.role);
03182                   rsbac_ta_list_lol_remove(ta_number, role_tcnt_handle, &tid.role);
03183                   rsbac_ta_list_lol_remove(ta_number, role_tcno_handle, &tid.role);
03184 
03185 #ifdef CONFIG_RSBAC_ACL
03186                   /* remove ACL entries */
03187                   {
03188                     struct rsbac_acl_entry_desc_t desc;
03189 
03190                     desc.subj_type = ACLS_ROLE;
03191                     desc.subj_id = tid.role;
03192                     rsbac_acl_remove_subject(ta_number, desc);
03193                   }
03194 #endif
03195 
03196                   return rsbac_ta_list_remove(ta_number, role_handle, &tid.role);
03197 
03198                 case RI_def_fd_create_type:
03199                   {
03200                     struct rsbac_rc_role_entry_t entry;
03201 
03202                     if(   (value.type_id <= RC_type_max_value)
03203                        && !rsbac_ta_list_exist(ta_number, type_fd_handle, &value.type_id)
03204                       )
03205                       return -RSBAC_EINVALIDVALUE;
03206                     if(   (value.type_id > RC_type_max_value)
03207                        && (value.type_id < RC_type_min_special)
03208                       )
03209                       return -RSBAC_EINVALIDVALUE;
03210                     err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03211                     if(err)
03212                       return err;
03213                     entry.def_fd_create_type = value.type_id;
03214                     return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03215                   }
03216                 case RI_def_fd_ind_create_type:
03217                   if(   (value.type_id <= RC_type_max_value)
03218                      && !rsbac_ta_list_exist(ta_number, type_fd_handle, &value.type_id)
03219                     )
03220                     return -RSBAC_EINVALIDVALUE;
03221                   if(   (value.type_id > RC_type_max_value)
03222                      && (value.type_id < RC_type_min_special)
03223                     )
03224                     return -RSBAC_EINVALIDVALUE;
03225                   return rsbac_ta_list_lol_subadd_ttl(ta_number,
03226                                                    role_dfdc_handle,
03227                                                    ttl,
03228                                                    &tid.role,
03229                                                    &subtid.type,
03230                                                    &value.type_id);
03231                 case RI_def_fd_ind_create_type_remove:
03232                   return rsbac_ta_list_lol_subremove(ta_number, role_dfdc_handle, &tid.role, &subtid.type);
03233 
03234                 case RI_def_user_create_type:
03235                   {
03236                     struct rsbac_rc_role_entry_t entry;
03237 
03238                     if(   (value.type_id <= RC_type_max_value)
03239                        && !rsbac_ta_list_exist(ta_number, type_user_handle, &value.type_id)
03240                       )
03241                       return -RSBAC_EINVALIDVALUE;
03242                     if(   (value.type_id > RC_type_max_value)
03243                        && (value.type_id < RC_type_min_special)
03244                       )
03245                       return -RSBAC_EINVALIDVALUE;
03246                     err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03247                     if(err)
03248                       return err;
03249                     entry.def_user_create_type = value.type_id;
03250                     return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03251                   }
03252                 case RI_def_process_create_type:
03253                   {
03254                     struct rsbac_rc_role_entry_t entry;
03255 
03256                     if(   (value.type_id <= RC_type_max_value)
03257                        && !rsbac_ta_list_exist(ta_number, type_process_handle, &value.type_id)
03258                       )
03259                       return -RSBAC_EINVALIDVALUE;
03260                     if(   (value.type_id > RC_type_max_value)
03261                        && (value.type_id < RC_type_min_special)
03262                       )
03263                       return -RSBAC_EINVALIDVALUE;
03264                     err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03265                     if(err)
03266                       return err;
03267                     entry.def_process_create_type = value.type_id;
03268                     return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03269                   }
03270                 case RI_def_process_chown_type:
03271                   {
03272                     struct rsbac_rc_role_entry_t entry;
03273 
03274                     if(   (value.type_id <= RC_type_max_value)
03275                        && !rsbac_ta_list_exist(ta_number, type_process_handle, &value.type_id)
03276                       )
03277                       return -RSBAC_EINVALIDVALUE;
03278                     if(   (value.type_id > RC_type_max_value)
03279                        && (value.type_id < RC_type_min_special)
03280                       )
03281                       return -RSBAC_EINVALIDVALUE;
03282                     err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03283                     if(err)
03284                       return err;
03285                     entry.def_process_chown_type = value.type_id;
03286                     return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03287                   }
03288                 case RI_def_process_execute_type:
03289                   {
03290                     struct rsbac_rc_role_entry_t entry;
03291 
03292                     if(   (value.type_id <= RC_type_max_value)
03293                        && !rsbac_ta_list_exist(ta_number, type_process_handle, &value.type_id)
03294                       )
03295                       return -RSBAC_EINVALIDVALUE;
03296                     if(   (value.type_id > RC_type_max_value)
03297                        && (value.type_id < RC_type_min_special)
03298                       )
03299                       return -RSBAC_EINVALIDVALUE;
03300                     err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03301                     if(err)
03302                       return err;
03303                     entry.def_process_execute_type = value.type_id;
03304                     return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03305                   }
03306                 case RI_def_ipc_create_type:
03307                   {
03308                     struct rsbac_rc_role_entry_t entry;
03309 
03310                     if(   (value.type_id <= RC_type_max_value)
03311                        && !rsbac_ta_list_exist(ta_number, type_ipc_handle, &value.type_id)
03312                       )
03313                       return -RSBAC_EINVALIDVALUE;
03314                     if(   (value.type_id > RC_type_max_value)
03315                        && (value.type_id < RC_type_min_special)
03316                       )
03317                       return -RSBAC_EINVALIDVALUE;
03318                     err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03319                     if(err)
03320                       return err;
03321                     entry.def_ipc_create_type = value.type_id;
03322                     return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03323                   }
03324                 case RI_def_group_create_type:
03325                   {
03326                     struct rsbac_rc_role_entry_t entry;
03327 
03328                     if(   (value.type_id <= RC_type_max_value)
03329                        && !rsbac_ta_list_exist(ta_number, type_group_handle, &value.type_id)
03330                       )
03331                       return -RSBAC_EINVALIDVALUE;
03332                     if(   (value.type_id > RC_type_max_value)
03333                        && (value.type_id < RC_type_min_special)
03334                       )
03335                       return -RSBAC_EINVALIDVALUE;
03336                     err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03337                     if(err)
03338                       return err;
03339                     entry.def_group_create_type = value.type_id;
03340                     return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03341                   }
03342                 case RI_boot_role:
03343                   {
03344                     struct rsbac_rc_role_entry_t entry;
03345 
03346                     err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03347                     if(err)
03348                       return err;
03349                     entry.boot_role = value.boot_role;
03350                     return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03351                   }
03352 
03353                 default:
03354                   return -RSBAC_EINVALIDATTR;
03355               }
03356 
03357         case RT_TYPE:
03358           if(tid.type > RC_type_max_value)
03359             return(-RSBAC_EINVALIDTARGET);
03360 #ifdef CONFIG_RSBAC_DEBUG
03361           if (rsbac_debug_ds_rc)
03362             {
03363 #ifdef CONFIG_RSBAC_RMSG
03364               rsbac_printk(KERN_DEBUG
03365                      "rsbac_rc_set_item(): Setting type item value\n");
03366 #endif
03367 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03368               if (!rsbac_nosyslog)
03369 #endif
03370               printk(KERN_DEBUG
03371                      "rsbac_rc_set_item(): Setting type item value\n");
03372             }
03373 #endif
03374             switch (item)
03375               {
03376                 case RI_type_fd_name:
03377                   {
03378                     struct rsbac_rc_type_fd_entry_t entry;
03379 
03380                     /* no empty names */
03381                     if(!value.name[0])
03382                       return -RSBAC_EINVALIDVALUE;
03383                     /* create, if necessary, and set name */
03384                     memset(&entry, 0, sizeof(struct rsbac_rc_type_fd_entry_t));
03385                     rsbac_ta_list_get_data_ttl(ta_number, type_fd_handle, NULL, &tid.type, &entry);
03386                     strncpy(entry.name, value.name, RSBAC_RC_NAME_LEN - 1);
03387                     entry.name[RSBAC_RC_NAME_LEN-1] = 0;
03388                     return rsbac_ta_list_add_ttl(ta_number, type_fd_handle, 0, &tid.type, &entry);
03389                   }
03390                 case RI_type_fd_need_secdel:
03391                   {
03392                     struct rsbac_rc_type_fd_entry_t entry;
03393 
03394                     err = rsbac_ta_list_get_data_ttl(ta_number, type_fd_handle, NULL, &tid.type, &entry);
03395                     if(err)
03396                       return err;
03397                     entry.need_secdel = value.need_secdel;
03398                     return rsbac_ta_list_add_ttl(ta_number, type_fd_handle, 0, &tid.type, &entry);
03399                   }
03400                 case RI_type_dev_name:
03401                   /* no empty names */
03402                   if(!value.name[0])
03403                     return -RSBAC_EINVALIDVALUE;
03404                   /* create, if necessary, and set name */
03405                   value.name[RSBAC_RC_NAME_LEN-1] = 0;
03406                   return rsbac_ta_list_add_ttl(ta_number, type_dev_handle, 0, &tid.type, &value.name);
03407                 case RI_type_ipc_name:
03408                   /* no empty names */
03409                   if(!value.name[0])
03410                     return -RSBAC_EINVALIDVALUE;
03411                   /* create, if necessary, and set name */
03412                   value.name[RSBAC_RC_NAME_LEN-1] = 0;
03413                   return rsbac_ta_list_add_ttl(ta_number, type_ipc_handle, 0, &tid.type, &value.name);
03414                 case RI_type_user_name:
03415                   /* no empty names */
03416                   if(!value.name[0])
03417                     return -RSBAC_EINVALIDVALUE;
03418                   /* create, if necessary, and set name */
03419                   value.name[RSBAC_RC_NAME_LEN-1] = 0;
03420                   return rsbac_ta_list_add_ttl(ta_number, type_user_handle, 0, &tid.type, &value.name);
03421                 case RI_type_process_name:
03422                   /* no empty names */
03423                   if(!value.name[0])
03424                     return -RSBAC_EINVALIDVALUE;
03425                   /* create, if necessary, and set name */
03426                   value.name[RSBAC_RC_NAME_LEN-1] = 0;
03427                   return rsbac_ta_list_add_ttl(ta_number, type_process_handle, 0, &tid.type, &value.name);
03428                 case RI_type_group_name:
03429                   /* no empty names */
03430                   if(!value.name[0])
03431                     return -RSBAC_EINVALIDVALUE;
03432                   /* create, if necessary, and set name */
03433                   value.name[RSBAC_RC_NAME_LEN-1] = 0;
03434                   return rsbac_ta_list_add_ttl(ta_number, type_group_handle, 0, &tid.type, &value.name);
03435                 case RI_type_netdev_name:
03436                   /* no empty names */
03437                   if(!value.name[0])
03438                     return -RSBAC_EINVALIDVALUE;
03439                   /* create, if necessary, and set name */
03440                   value.name[RSBAC_RC_NAME_LEN-1] = 0;
03441                   return rsbac_ta_list_add_ttl(ta_number, type_netdev_handle, 0, &tid.type, &value.name);
03442                 case RI_type_nettemp_name:
03443                   /* no empty names */
03444                   if(!value.name[0])
03445                     return -RSBAC_EINVALIDVALUE;
03446                   /* create, if necessary, and set name */
03447                   value.name[RSBAC_RC_NAME_LEN-1] = 0;
03448                   return rsbac_ta_list_add_ttl(ta_number, type_nettemp_handle, 0, &tid.type, &value.name);
03449                 case RI_type_netobj_name:
03450                   /* no empty names */
03451                   if(!value.name[0])
03452                     return -RSBAC_EINVALIDVALUE;
03453                   /* create, if necessary, and set name */
03454                   value.name[RSBAC_RC_NAME_LEN-1] = 0;
03455                   return rsbac_ta_list_add_ttl(ta_number, type_netobj_handle, 0, &tid.type, &value.name);
03456 
03457                 case RI_type_fd_remove:
03458                   if(!tid.type)
03459                     return -RSBAC_EINVALIDVALUE;
03460                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcfd_handle, &tid.type);
03461                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_dfdc_handle, &tid.type);
03462                   return rsbac_ta_list_remove(ta_number, type_fd_handle, &tid.type);
03463                 case RI_type_dev_remove:
03464                   if(!tid.type)
03465                     return -RSBAC_EINVALIDVALUE;
03466                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcdv_handle, &tid.type);
03467                   return rsbac_ta_list_remove(ta_number, type_dev_handle, &tid.type);
03468                 case RI_type_user_remove:
03469                   if(!tid.type)
03470                     return -RSBAC_EINVALIDVALUE;
03471                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcus_handle, &tid.type);
03472                   return rsbac_ta_list_remove(ta_number, type_user_handle, &tid.type);
03473                 case RI_type_process_remove:
03474                   if(!tid.type)
03475                     return -RSBAC_EINVALIDVALUE;
03476                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcpr_handle, &tid.type);
03477                   return rsbac_ta_list_remove(ta_number, type_process_handle, &tid.type);
03478                 case RI_type_ipc_remove:
03479                   if(!tid.type)
03480                     return -RSBAC_EINVALIDVALUE;
03481                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcip_handle, &tid.type);
03482                   return rsbac_ta_list_remove(ta_number, type_ipc_handle, &tid.type);
03483                 case RI_type_group_remove:
03484                   if(!tid.type)
03485                     return -RSBAC_EINVALIDVALUE;
03486                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcgr_handle, &tid.type);
03487                   return rsbac_ta_list_remove(ta_number, type_group_handle, &tid.type);
03488                 case RI_type_netdev_remove:
03489                   if(!tid.type)
03490                     return -RSBAC_EINVALIDVALUE;
03491                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcnd_handle, &tid.type);
03492                   return rsbac_ta_list_remove(ta_number, type_netdev_handle, &tid.type);
03493                 case RI_type_nettemp_remove:
03494                   if(!tid.type)
03495                     return -RSBAC_EINVALIDVALUE;
03496                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcnt_handle, &tid.type);
03497                   return rsbac_ta_list_remove(ta_number, type_nettemp_handle, &tid.type);
03498                 case RI_type_netobj_remove:
03499                   if(!tid.type)
03500                     return -RSBAC_EINVALIDVALUE;
03501                   rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcno_handle, &tid.type);
03502                   return rsbac_ta_list_remove(ta_number,type_netobj_handle, &tid.type);
03503 
03504                 default:
03505                   return -RSBAC_EINVALIDATTR;
03506               }
03507 
03508         /* switch target: no valid target */
03509         default:  
03510           return -RSBAC_EINVALIDTARGET;
03511       }
03512   }      /* end of rsbac_rc_set_item() */
03513 
03514 /* end of rc_data_structures.c */
Generated on Fri Jun 17 09:45:25 2005 for RSBAC by  doxygen 1.4.2