Index: linux-2.4.29-rsbac-v1.2.4/kernel/sysctl.c =================================================================== --- linux-2.4.29-rsbac-v1.2.4/kernel/sysctl.c (Revision 182) +++ linux-2.4.29-rsbac-v1.2.4/kernel/sysctl.c (Arbeitskopie) @@ -378,6 +378,13 @@ { struct list_head *tmp; + /* RSBAC */ + #ifdef CONFIG_RSBAC + enum rsbac_adf_request_t rsbac_request; + union rsbac_target_id_t rsbac_target_id; + union rsbac_attribute_value_t rsbac_attribute_value; + #endif + if (nlen <= 0 || nlen >= CTL_MAXNAME) return -ENOTDIR; if (oldval) { @@ -388,6 +395,45 @@ if ((ssize_t)old_len < 0) return -EINVAL; } + /* RSBAC */ + #ifdef CONFIG_RSBAC + if(newval) + rsbac_request = R_MODIFY_SYSTEM_DATA; + else + rsbac_request = R_GET_STATUS_DATA; + + if((nlen > 1) && (name[0] == CTL_KERN)) + { + switch(name[1]) + { + case KERN_NODENAME: + rsbac_target_id.scd = ST_host_id; + break; + case KERN_DOMAINNAME: + rsbac_target_id.scd = ST_net_id; + break; + default: + rsbac_target_id.scd = ST_other; + } + } + else + rsbac_target_id.scd = ST_other; + rsbac_attribute_value.dummy = 0; +#ifdef CONFIG_RSBAC_DEBUG + if (rsbac_debug_aef) + printk(KERN_DEBUG "do_sysctl() [sys_sysctl()]: calling ADF\n"); +#endif + if(!rsbac_adf_request(rsbac_request, + current->pid, + T_SCD, + rsbac_target_id, + A_none, + rsbac_attribute_value)) + { + return -EPERM; + } + #endif + tmp = &root_table_header.ctl_entry; do { struct ctl_table_header *head = @@ -793,6 +839,7 @@ /* RSBAC */ #ifdef CONFIG_RSBAC + enum rsbac_adf_request_t rsbac_request; union rsbac_target_id_t rsbac_target_id; union rsbac_attribute_value_t rsbac_attribute_value; #endif @@ -803,37 +850,41 @@ return 0; } - if (write) { - /* RSBAC */ - #ifdef CONFIG_RSBAC - switch(table->ctl_name) - { - case KERN_NODENAME: - rsbac_target_id.scd = ST_host_id; - break; - case KERN_DOMAINNAME: - rsbac_target_id.scd = ST_net_id; - break; - default: - rsbac_target_id.scd = ST_other; - } - /* Call adf only, if controlled param */ - rsbac_attribute_value.dummy = 0; + /* RSBAC */ + #ifdef CONFIG_RSBAC + if(write) + rsbac_request = R_MODIFY_SYSTEM_DATA; + else + rsbac_request = R_GET_STATUS_DATA; + switch(table->ctl_name) + { + case KERN_NODENAME: + rsbac_target_id.scd = ST_host_id; + break; + case KERN_DOMAINNAME: + rsbac_target_id.scd = ST_net_id; + break; + default: + rsbac_target_id.scd = ST_other; + } + /* Call adf only, if controlled param */ + rsbac_attribute_value.dummy = 0; #ifdef CONFIG_RSBAC_DEBUG - if (rsbac_debug_aef) - printk(KERN_DEBUG "proc_dostring() [... proc_writesys()]: calling ADF\n"); + if (rsbac_debug_aef) + printk(KERN_DEBUG "proc_dostring() [... proc_writesys()]: calling ADF\n"); #endif - if(!rsbac_adf_request(R_MODIFY_SYSTEM_DATA, - current->pid, - T_SCD, - rsbac_target_id, - A_none, - rsbac_attribute_value)) - { - return -EPERM; - } - #endif + if(!rsbac_adf_request(rsbac_request, + current->pid, + T_SCD, + rsbac_target_id, + A_none, + rsbac_attribute_value)) + { + return -EPERM; + } + #endif + if (write) { len = 0; p = buffer; while (len < *lenp) { @@ -908,6 +959,7 @@ /* RSBAC */ #ifdef CONFIG_RSBAC + enum rsbac_adf_request_t rsbac_request; union rsbac_target_id_t rsbac_target_id; union rsbac_attribute_value_t rsbac_attribute_value; #endif @@ -923,26 +975,30 @@ left = *lenp; for (; left && vleft--; i++, first=0) { - if (write) { - /* RSBAC */ - #ifdef CONFIG_RSBAC - rsbac_target_id.scd = ST_other; - rsbac_attribute_value.dummy = 0; + /* RSBAC */ + #ifdef CONFIG_RSBAC + if(write) + rsbac_request = R_MODIFY_SYSTEM_DATA; + else + rsbac_request = R_GET_STATUS_DATA; + rsbac_target_id.scd = ST_other; + rsbac_attribute_value.dummy = 0; #ifdef CONFIG_RSBAC_DEBUG - if (rsbac_debug_aef) - printk(KERN_DEBUG "do_proc_dointvec() [... proc_writesys()]: calling ADF\n"); + if (rsbac_debug_aef) + printk(KERN_DEBUG "do_proc_dointvec() [... proc_writesys()]: calling ADF\n"); #endif - if(!rsbac_adf_request(R_MODIFY_SYSTEM_DATA, - current->pid, - T_SCD, - rsbac_target_id, - A_none, - rsbac_attribute_value)) - { - return -EPERM; - } - #endif + if(!rsbac_adf_request(rsbac_request, + current->pid, + T_SCD, + rsbac_target_id, + A_none, + rsbac_attribute_value)) + { + return -EPERM; + } + #endif + if (write) { while (left) { char c; if (get_user(c, (char *) buffer)) Index: linux-2.4.29-rsbac-v1.2.4/include/rsbac/acl_data_structures.h =================================================================== --- linux-2.4.29-rsbac-v1.2.4/include/rsbac/acl_data_structures.h (Revision 182) +++ linux-2.4.29-rsbac-v1.2.4/include/rsbac/acl_data_structures.h (Arbeitskopie) @@ -3,7 +3,7 @@ /* Author and (c) 1999-2005: */ /* Amon Ott */ /* Data structures / ACL */ -/* Last modified: 26/Jan/2005 */ +/* Last modified: 23/Feb/2005 */ /**************************************/ #ifndef __RSBAC_ACL_DATA_STRUC_H @@ -116,6 +116,7 @@ ( \ ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ | ((rsbac_request_vector_t) 1 << R_MODIFY_ATTRIBUTE) \ + | ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \ | ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \ | ((rsbac_request_vector_t) 1 << R_READ_ATTRIBUTE) \ | ((rsbac_request_vector_t) 1 << R_SWITCH_LOG) \ @@ -146,6 +147,7 @@ ((rsbac_request_vector_t) 1 << R_ADD_TO_KERNEL) \ | ((rsbac_request_vector_t) 1 << R_CHANGE_GROUP) \ | ((rsbac_request_vector_t) 1 << R_CHANGE_OWNER) \ + | ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \ | ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ | ((rsbac_request_vector_t) 1 << R_MOUNT) \ | ((rsbac_request_vector_t) 1 << R_REMOVE_FROM_KERNEL) \ Index: linux-2.4.29-rsbac-v1.2.4/include/rsbac/request_groups.h =================================================================== --- linux-2.4.29-rsbac-v1.2.4/include/rsbac/request_groups.h (Revision 182) +++ linux-2.4.29-rsbac-v1.2.4/include/rsbac/request_groups.h (Arbeitskopie) @@ -1,9 +1,9 @@ /************************************ */ /* Rule Set Based Access Control */ -/* Author and (c) 1999-2004: Amon Ott */ +/* Author and (c) 1999-2005: Amon Ott */ /* Groups of ADF request for */ /* administration */ -/* Last modified: 16/Apr/2004 */ +/* Last modified: 23/Feb/2005 */ /************************************ */ #ifndef __RSBAC_REQUEST_GROUPS_H @@ -258,6 +258,7 @@ #define RSBAC_NONE_REQUEST_VECTOR (\ ((rsbac_request_vector_t) 1 << R_ADD_TO_KERNEL) | \ ((rsbac_request_vector_t) 1 << R_MODIFY_ATTRIBUTE) | \ + ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | \ ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) | \ ((rsbac_request_vector_t) 1 << R_READ_ATTRIBUTE) | \ ((rsbac_request_vector_t) 1 << R_REMOVE_FROM_KERNEL) | \ Index: linux-2.4.29-rsbac-v1.2.4/include/rsbac/rc_types.h =================================================================== --- linux-2.4.29-rsbac-v1.2.4/include/rsbac/rc_types.h (Revision 182) +++ linux-2.4.29-rsbac-v1.2.4/include/rsbac/rc_types.h (Arbeitskopie) @@ -1,9 +1,9 @@ /************************************ */ /* Rule Set Based Access Control */ -/* Author and (c) 1999-2004: Amon Ott */ +/* Author and (c) 1999-2005: Amon Ott */ /* API: Data types for */ /* Role Compatibility Module */ -/* Last modified: 14/Jun/2004 */ +/* Last modified: 23/Feb/2005 */ /************************************ */ #ifndef __RSBAC_RC_TYPES_H @@ -141,6 +141,7 @@ /* ST_rsbac_log */ RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \ /* ST_other */ ( \ ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ + | ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \ | ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \ | ((rsbac_request_vector_t) 1 << R_SWITCH_LOG) \ | ((rsbac_request_vector_t) 1 << R_SWITCH_MODULE) \ @@ -183,6 +184,7 @@ /* ST_rsbac_log */ 0, \ /* ST_other */ ( \ ((rsbac_request_vector_t) 1 << R_ADD_TO_KERNEL) \ + | ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \ | ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ | ((rsbac_request_vector_t) 1 << R_MOUNT) \ | ((rsbac_request_vector_t) 1 << R_REMOVE_FROM_KERNEL) \