#!/bin/bash
# 
# This script is used for Administration of RSBAC general file/dir attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

# not used
ATTRIBUTES="security_level mac_categories object_category data_type \
            pm_object_class pm_tp pm_object_type mac_trusted_for_user \
            ms_scanned ms_trusted ms_sock_trusted_tcp ms_sock_trusted_udp \
            ff_flags rc_type_fd rc_force_role auth_may_setuid \
            auth_may_set_cap \
            log_array_low log_array_high log_program_based"

# This must be a unique temporary filename
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi
TMPFILE=$TMPDIR/rsbac_dialog.$$

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='.'

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC Administration Tools v1.0.9b" ; fi
TITLE="`whoami`: RSBAC File/Dir Administration"
ERRTITLE="RSBAC File/Dir Administration - ERROR"

# set this to your kernel's current Malware Scan accept level
MSL=4

## no changes below this line!

NO_USER=4294967293
ALL_USERS=4294967292
GETMODE=real
GETSWITCH=

RCTYPEINHPROC=64
RCTYPEINHPAR=65
RCUSERINHERIT=64
RCPROCINHERIT=65
RCPARINHERIT=66
RCMIXINHERIT=67

get_attributes () {
  if test "$FILE" != "" 
    then
         if test -d "$FILE"
           then TYPE=DIR
                LASTDIR=`( cd "$FILE" && pwd ) || echo "$FILE"`
                FILE=$LASTDIR
         elif test -f "$FILE" -o -b "$FILE" -o -c "$FILE" ; then TYPE=FILE
         else TYPE=NONE
              SECLEVEL=""
              MACCAT=""
              MACTRUSER=""
              NEWMTUSER=""
              OBJCAT=""
              DATATYPE=""
              PMCLASS=""
              PMTP=""
              PMOBJTYPE=""
              MSTRUSTED=""
              MSSCANNED=""
              MSSOCKTCP=""
              MSSOCKUDP=""
              FFFLAGS=""
              RCTYPEFD=""
              RCFORRO=""
              AUTHSUID=""
              AUTHSCAP=""
              LOGLOW=""
              LOGHIGH=""
              LOGPROG=""
              return
         fi
         SECLEVEL=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" security_level`
         MACCAT=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" mac_categories`
         MACTRUSER=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" mac_trusted_for_user`
         if test -z "$NEWMTUSER"
           then if test "$MACTRUSER" = "$NO_USER" -o "$MACTRUSER" = "$ALL_USERS"
                  then NEWMTUSER='N/A'
                else NEWMTUSER=$MACTRUSER
                fi
         fi
         OBJCAT=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" object_category`
         DATATYPE=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" data_type`
         PMCLASS=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" pm_object_class`
         PMTP=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" pm_tp`
         PMOBJTYPE=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" pm_object_type`
         MSSCANNED=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" ms_scanned`
         MSTRUSTED=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" ms_trusted`
         MSSOCKTCP=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" ms_sock_trusted_tcp`
         MSSOCKUDP=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" ms_sock_trusted_udp`
         FFFLAGS=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" ff_flags`
         RCTYPEFD=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" rc_type_fd`
         RCFORRO=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" rc_force_role`
         AUTHSUID=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" auth_may_setuid`
         AUTHSCAP=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" auth_may_set_cap`
         LOGLOW=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" log_array_low`
         LOGHIGH=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" log_array_high`
         LOGPROG=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" log_program_based`
         if test $MSSCANNED -gt $MSL
         then
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --yesno "Returned MS Scan Level $MSSCANNED is higher than menu default $MSL, adjust menu default?" 6 $BC
             2>/dev/null
          then MSL=$MSSCANNED
          fi
         fi
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

list_item () {
   if test -d $1
   then echo $1 DIR
   elif test -f $1
   then echo $1 FILE
   else echo $1 NONE
   fi
}

get_vname () {
  if test "$TYPE" = "NONE"
    then echo " "
         return
  fi
  if test -z "$2"
    then echo "N/A"
         return
  fi

  case $1 in
    onoff)
      case $2 in
        1) echo On
          ;;
        *) echo Off
          ;;
      esac 
      ;;
    seclevel)
      case $2 in
        0) echo unclassified
          ;;
        1) echo confidential
          ;;
        2) echo secret
          ;;
        3) echo top secret
          ;;
        252) echo max. level
          ;;
        253) echo rsbac-internal
          ;;
        254) echo inherit
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    objcat)
      case $2 in
        0) echo General
          ;;
        1) echo Security
          ;;
        2) echo System
          ;;
        3) echo inherit
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    datatype)
      case $2 in
        0) echo None
          ;;
        1) echo CDI
          ;;
        2) echo CDIIC
          ;;
        3) echo SI
          ;;
        4) echo inherit
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    pmobjtype)
      case $2 in
        0) echo None
          ;;
        1) echo TP
          ;;
        2) echo Personal Data
          ;;
        3) echo Non-Personal Data
          ;;
        4) echo IPC
          ;;
        5) echo Directory
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mactruser)
      case $2 in
        $NO_USER) echo NONE
          ;;
        $ALL_USERS) echo ALL
          ;;
        Error*) echo N/A
          ;;
        Use*) echo N/A
          ;;
        *) echo "`get_name $2` / `full_name $2`"
          ;;
      esac 
      ;;
    mactruserrev)
      case $2 in
        NONE) echo $NO_USER
          ;;
        $NO_USER) echo $NO_USER
          ;;
        ALL) echo $ALL_USERS
          ;;
        $ALL_USERS) echo $ALL_USERS
          ;;
        Error*) echo N/A
          ;;
        Use*) echo N/A
          ;;
        *) echo `get_uid $2`
          ;;
      esac 
      ;;
    msscanned)
      case $2 in
        0) echo Unscanned
          ;;
        1) echo Rejected
          ;;
        Error*) echo N/A
          ;;
        *) if test $2 -lt 2 -o $2 -gt 10000
           then echo N/A
           else echo Accepted - Level $2
           fi
          ;;
      esac 
      ;;
    mstrusted)
      case $2 in
        0) echo Not trusted
          ;;
        1) echo Read trusted
          ;;
        2) echo Full trusted
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mssock)
      case $2 in
        0) echo Not Trusted
          ;;
        1) echo Active
          ;;
        2) echo Full
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    rctypefd)
      case $2 in
        $RCTYPEINHPAR) echo inherit parent dir
          ;;
        Error*) echo N/A
          ;;
        Use*) echo N/A
          ;;
        *) if ! $RSBACPATH""rc_get_item TYPE $2 type_fd_name
           then echo $2
           fi
          ;;
      esac 
      ;;
    rcforro)
      case $2 in
        $RCUSERINHERIT) echo "always inherit from user"
          ;;
        $RCPROCINHERIT) echo "inherit from process (keep always)"
          ;;
        $RCPARINHERIT) echo "inherit from parent (keep always)"
          ;;
        $RCMIXINHERIT) echo "inh. from user on chown only (def.)"
          ;;
        Error*) echo N/A
          ;;
        Use*) echo N/A
          ;;
        *) if ! $RSBACPATH""rc_get_item ROLE $2 name
           then echo $2
           fi
          ;;
      esac 
      ;;
    loglevel)
      case $2 in
        0) echo None
          ;;
        1) echo Denied
          ;;
        2) echo Full
          ;;
        3) echo Request
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    *) echo ERROR!
      ;;
  esac
}

full_name () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 full_name`
  fi
}

get_uid () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_nr`
  fi
}

get_name () {
  if test "$1" = ""
  then echo " "
  else echo `$RSBACPATH""attr_get_user $1 user_name`
  fi
}

gen_cap_rem_user () {
  if test "$1" != ""
  then for i in $* ; do echo $i `$RSBACPATH""attr_get_user $i user_name` ; done
  fi
}

get_caps () {
  if test "$TYPE" = "FILE"
    then $RSBACPATH""auth_set_cap FILE get "$FILE"
    else echo " "
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_file_dir $TYPE "$FILE" mac_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

choose_user () {
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --menu "Username/ID" $BL $BC `gl 15` \
                         "Enter" "Name(s) / Uid(s)" \
                         `${RSBACPATH}attr_get_user -bl` \
           2>$TMPFILE
        then TMP2=`cat $TMPFILE`
             if test "$TMP2" == "Enter"
             then
               if dialog --title "$TITLE" \
                         --backtitle "$BACKTITLE" \
                         --inputbox "Username/number, two with space for range" $BL $BC "" \
                 2>$TMPFILE
               then
                 NEWMTUSER="`cat $TMPFILE`"
               else
                 NEWMTUSER=""
               fi
               return
             else
               if $RSBACPATH""attr_get_user $TMP2 user_nr >$TMPFILE
               then NEWMTUSER=`cat $TMPFILE`
               else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "User: Unknown user $TMP2!" 5 $BC
                   NEWMTUSER=""
               fi
             fi
        else
          NEWMTUSER=""
        fi
}

gen_log_menu_items() {
  if test -e ${TMPFILE}.2
    then rm ${TMPFILE}.2
  fi
  for i in $REQUESTS
  do TMP=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" log_level $i`
     echo $i `get_vname loglevel $TMP`>>${TMPFILE}.2
  done
}

gen_flags_menu_items() {
    declare -i TMPVAL=$FFFLAGS
    if test $TMPVAL -ge 128 ; then TMPVAL=$TMPVAL-128 ; echo 128 add_inherited on
    else echo 128 add_inherited off
    fi
    if test $TMPVAL -ge 64 ; then TMPVAL=$TMPVAL-64 # ; echo 64 unknown on
    # else echo 64 unknown off
    fi
    if test $TMPVAL -ge 32 ; then TMPVAL=$TMPVAL-32 ; echo 32 no_execute on
    else echo 32 no_execute off
    fi
    if test $TMPVAL -ge 16 ; then TMPVAL=$TMPVAL-16 ; echo 16 secure_delete on
    else echo 16 secure_delete off
    fi
    if test $TMPVAL -ge 8 ; then TMPVAL=$TMPVAL-8 ; echo 8 write_only on
    else echo 8 write_only off
    fi
    if test $TMPVAL -ge 4 ; then TMPVAL=$TMPVAL-4 ; echo 4 search_only on
    else echo 4 search_only off
    fi
    if test $TMPVAL -ge 2 ; then TMPVAL=$TMPVAL-2 ; echo 2 execute_only on
    else echo 2 execute_only off
    fi
    if test $TMPVAL -ge 1 ; then echo 1 read_only on
    else echo 1 read_only off
    fi
}

flags_menu () {
  if test -z "$FLAGTYPES"
    then FLAGTYPES="read_only execute_only search_only write_only no_execute add_inherited"
  fi
  if ! \
  dialog --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --checklist "$FILE: FF Flags" $BL $BC `gl 10` \
              `gen_flags_menu_items` \
       2>$TMPFILE
   then return
  fi
  FLAGS_ON=`cat $TMPFILE`
  declare -i VAL=0
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
  for i in $FLAGS_ON ; do \
    if test $i == '"128"' ; then VAL=$VAL+128 ; fi
    if test $i == '"64"' ; then VAL=$VAL+64 ; fi
    if test $i == '"32"' ; then VAL=$VAL+32 ; fi
    if test $i == '"16"' ; then VAL=$VAL+16 ; fi
    if test $i == '"8"' ; then VAL=$VAL+8 ; fi
    if test $i == '"4"' ; then VAL=$VAL+4 ; fi
    if test $i == '"2"' ; then VAL=$VAL+2 ; fi
    if test $i == '"1"' ; then VAL=$VAL+1 ; fi
  done
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
#  sleep 2
  if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" ff_flags $VAL &>$TMPFILE
    then FFFLAGS=$VAL
    else \
      dialog --title "$ERRTITLE" \
             --backtitle "$BACKTITLE" \
             --msgbox "`head -n 1 $TMPFILE`" $BL $BC
    fi
  return
}

log_menu () {
  if test -z "$REQUESTS"
    then REQUESTS=`$RSBACPATH""attr_get_file_dir -n`
  fi
  gen_log_menu_items
  while true ; do \
    if ! \
    dialog --title "$TITLE" \
           --backtitle "$BACKTITLE" \
           --menu "$FILE: Log Levels for Requests" $BL $BC `gl 37` \
                `cat ${TMPFILE}.2` \
                "Ende" "" \
         2>$TMPFILE
     then rm ${TMPFILE}.2
          LOGLOW=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" log_array_low`
          LOGHIGH=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" log_array_high`
          return
    fi
    REQ=`cat $TMPFILE`
    if test "$REQ" == "Ende"
    then rm ${TMPFILE}.2
         LOGLOW=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" log_array_low`
         LOGHIGH=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" log_array_high`
         return
    fi
    VAL=`grep "^$REQ " ${TMPFILE}.2|cut -f 2 -d ' '`
    if dialog --title "$TITLE" \
              --backtitle "$BACKTITLE" \
              --radiolist "Choose Log Level for $FILE / $REQ" $BL $BC 4 \
                          0 `get_vname loglevel 0` `onoff None $VAL` \
                          1 `get_vname loglevel 1` `onoff Denied $VAL` \
                          2 `get_vname loglevel 2` `onoff Full $VAL` \
                          3 `get_vname loglevel 3` `onoff Request $VAL` \
       2>$TMPFILE
    then TMP=`cat $TMPFILE`
         if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" log_level $REQ $TMP &>$TMPFILE
         then gen_log_menu_items
         else \
           dialog --title "$ERRTITLE" \
                  --backtitle "$BACKTITLE" \
                  --msgbox "`head -n 1 $TMPFILE`" $BL $BC
         fi
    fi
done
}

gen_request_list () {
    if test -z "$REQUESTS"
      then REQUESTS=`$RSBACPATH""attr_get_file_dir -n`
    fi
    SETREQUESTS=`$RSBACPATH""attr_get_file_dir $GETSWITCH -p $TYPE "$FILE" log_program_based`
    for i in $REQUESTS
    do
      if echo $SETREQUESTS | grep -q $i
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "(too long)"
  fi
}

#declare -i MAXCATLEN=$BC-45
#declare -i CATLENRES=64-$MAXCATLEN
#comp_print () {
#  if test $MAXCATLEN -ge 64
#  then echo $1
#  else echo -n '*';echo $1|cut -c$CATLENRES-65
##  else echo "(too long)"
#  fi
#}

declare -i MAXNAMELEN=$BC-44
name_print () {
  echo "$1" | cut -c1-$MAXNAMELEN
}

###################### Menu #################

if test "$1" != ""
then FILE=$1
else FILE=$LASTDIR
fi
get_attributes "$FILE"

while true ; do \
  if ! \
  dialog --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --menu "Main Menu" $BL $BC `gl 31` \
                "File/Dir List:" "Choose from listing of last dir" \
                "File/Dir:" "`name_print \"$FILE\"` / $TYPE" \
                "Attribute Get Mode:" "$GETMODE" \
                "-------------------" " " \
                "MAC Security Level:" "$SECLEVEL / `get_vname seclevel $SECLEVEL`" \
                "MAC Categories:" "`cat_print $MACCAT`" \
                "MAC Trusted for User:" "$MACTRUSER / `get_vname mactruser $MACTRUSER`" \
                "FC Object Category:" "$OBJCAT / `get_vname objcat $OBJCAT`" \
                "SIM Data Type:" "$DATATYPE / `get_vname datatype $DATATYPE`" \
                "PM Object Class:" "$PMCLASS" \
                "PM TP:" "$PMTP" \
                "PM Object Type:" "$PMOBJTYPE / `get_vname pmobjtype $PMOBJTYPE`" \
                "MS Scanned:" "$MSSCANNED / `get_vname msscanned $MSSCANNED`" \
                "MS Trusted:" "$MSTRUSTED / `get_vname mstrusted $MSTRUSTED`" \
                "MS Sock Trusted TCP:" "$MSSOCKTCP / `get_vname mssock $MSSOCKTCP`" \
                "MS Sock Trusted UDP:" "$MSSOCKUDP / `get_vname mssock $MSSOCKUDP`" \
                "FF Flags:" "$FFFLAGS" \
                "RC Type FD:" "$RCTYPEFD / `get_vname rctypefd $RCTYPEFD`" \
                "RC Force Role:" "$RCFORRO / `get_vname rcforro $RCFORRO`" \
                "AUTH May Setuid:" "$AUTHSUID / `get_vname onoff $AUTHSUID`" \
                "AUTH May Set Cap:" "$AUTHSCAP / `get_vname onoff $AUTHSCAP`" \
                "AUTH Capabilities:" "`get_caps`" \
                "Log Array Low:" "$LOGLOW" \
                "Log Array High:" "$LOGHIGH" \
                "Log Program Based:" "$LOGPROG" \
                "----------------" " " \
                "Dev Attributes:" "Go to block/char dev attribute menu" \
                "ACL Menu:" "Go to ACL menu" \
                "----------------" " " \
                "Reset Attributes:" "Reset all values to default values" \
                "Quit" "" \
         2>$TMPFILE
   then rm $TMPFILE ; exit
  fi

  case `cat $TMPFILE` in
    'File/Dir List:')
        if test ! -d $LASTDIR
        then $LASTDIR='/'
        fi
        TMP=`ls -1Fad $LASTDIR/* $LASTDIR/.*|tr '*' ' '`
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --menu "File/Dir Name" $BL $BC $MAXLINES \
                         `for i in $TMP ; do list_item $i ; done` \
           2>$TMPFILE
        then FILE=`cat $TMPFILE`
             get_attributes
        fi
      ;;

    "File/Dir:")
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Filename/Dirname" $BL $BC $FILE \
           2>$TMPFILE
        then FILE=`cat $TMPFILE`
             get_attributes
        fi
      ;;

    'Attribute Get Mode:')
        if test $GETMODE = "real"
        then GETMODE="effective" ; GETSWITCH="-e"
        else GETMODE="real" ; GETSWITCH=""
        fi
        get_attributes
      ;;


    'MAC Security Level:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Security Level for $FILE" $BL $BC 7 \
                                0 "`get_vname seclevel 0`" `onoff 0 $SECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $SECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $SECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $SECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $SECLEVEL` \
                                253 "`get_vname seclevel 253`" `onoff 253 $SECLEVEL` \
                                254 "`get_vname seclevel 254`" `onoff 254 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" security_level $TMP &>$TMPFILE
               then SECLEVEL=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Security Level: No file/dir specified!" 5 $BC
        fi
      ;;

    'MAC Categories:')
        if test "$TYPE" != "NONE"
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title "MAC Categories for $TYPE $FILE (all 0 = inherit)" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_file_dir $TYPE "$FILE" mac_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_file_dir $TYPE "$FILE" mac_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" mac_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Categories: No file/dir specified!" 5 $BC
        fi
      ;;

    'MAC Trusted for User:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose User to execute file as MAC Trusted for $FILE" $BL $BC 5 \
                                NONE "$NO_USER (-2)" `onoff $NO_USER $MACTRUSER` \
                                ALL "$ALL_USERS (-3)" `onoff $ALL_USERS $MACTRUSER` \
                                $MACTRUSER "Individual user: `get_vname mactruser $MACTRUSER`" `onoff $NEWMTUSER $MACTRUSER` \
                                "IND"  "Choose individual user" off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if test "$TMP" = "IND"
                 then choose_user
                      TMP=$NEWMTUSER
               fi
               if test -n "$TMP"
               then
                 TMP=`get_vname mactruserrev $TMP`
                 if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" mac_trusted_for_user $TMP &>$TMPFILE
                 then MACTRUSER=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Trusted for User: No file/dir specified!" 5 $BC
        fi
      ;;

    'FC Object Category:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Object Category for $FILE" $BL $BC 4 \
                                0 "`get_vname objcat 0`" `onoff 0 $OBJCAT` \
                                1 "`get_vname objcat 1`" `onoff 1 $OBJCAT` \
                                2 "`get_vname objcat 2`" `onoff 2 $OBJCAT` \
                                3 "`get_vname objcat 3`" `onoff 3 $OBJCAT` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" object_category $TMP &>$TMPFILE
               then OBJCAT=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Object Category: No file/dir specified!" 5 $BC
        fi
      ;;

    'SIM Data Type:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Data Type for $FILE" $BL $BC 5 \
                                0 "`get_vname datatype 0`" `onoff 0 $DATATYPE` \
                                1 "`get_vname datatype 1`" `onoff 1 $DATATYPE` \
                                2 "`get_vname datatype 2`" `onoff 2 $DATATYPE` \
                                3 "`get_vname datatype 3`" `onoff 3 $DATATYPE` \
                                4 "`get_vname datatype 4`" `onoff 4 $DATATYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" data_type $TMP &>$TMPFILE
               then DATATYPE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Data Type: No file/dir specified!" 5 $BC
        fi
      ;;

    'PM Object Class:')
        if test "$TYPE" != "NONE"
        then \
           if dialog --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM Object Class (long integer) for $FILE" \
                                $BL $BC "$PMCLASS" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" pm_object_class $TMP &>$TMPFILE
               then PMCLASS=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Object Class: No file/dir specified!" 5 $BC
        fi
      ;;

    'PM TP:')
        if test "$TYPE" != "NONE"
        then \
           if dialog --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM TP (long integer) for $FILE" \
                                $BL $BC "$PMTP" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" pm_tp $TMP &>$TMPFILE
               then PMTP=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM TP: No file/dir specified!" 5 $BC
        fi
      ;;

    'PM Object Type:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose PM Object Type for $FILE" $BL $BC 6 \
                                0 "`get_vname pmobjtype 0`" `onoff 0 $PMOBJTYPE` \
                                1 "`get_vname pmobjtype 1`" `onoff 1 $PMOBJTYPE` \
                                2 "`get_vname pmobjtype 2`" `onoff 2 $PMOBJTYPE` \
                                3 "`get_vname pmobjtype 3`" `onoff 3 $PMOBJTYPE` \
                                4 "`get_vname pmobjtype 4`" `onoff 4 $PMOBJTYPE` \
                                5 "`get_vname pmobjtype 5`" `onoff 5 $PMOBJTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" pm_object_type $TMP &>$TMPFILE
               then PMOBJTYPE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Object Type: No file/dir specified!" 5 $BC
        fi
      ;;

    'MS Scanned:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Scanned Status for $FILE" $BL $BC 5 \
                                0 "`get_vname msscanned 0`" `onoff 0 $MSSCANNED` \
                                1 "`get_vname msscanned 1`" `onoff 1 $MSSCANNED` \
                                $MSL "`get_vname msscanned $MSL`" `onoff $MSL $MSSCANNED` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" ms_scanned $TMP &>$TMPFILE
               then MSSCANNED=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Scanned: No file/dir specified!" 5 $BC
        fi
      ;;

    'MS Trusted:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Trusted $FILE" $BL $BC 6 \
                                0 "`get_vname mstrusted 0`" `onoff 0 $MSTRUSTED` \
                                1 "`get_vname mstrusted 1`" `onoff 1 $MSTRUSTED` \
                                2 "`get_vname mstrusted 2`" `onoff 2 $MSTRUSTED` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" ms_trusted $TMP &>$TMPFILE
               then MSTRUSTED=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Trusted: No file/dir specified!" 5 $BC
        fi
      ;;

    'MS Sock Trusted TCP:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Sock Trusted TCP for $FILE" $BL $BC 6 \
                                0 "`get_vname mssock 0`" `onoff 0 $MSSOCKTCP` \
                                1 "`get_vname mssock 1`" `onoff 1 $MSSOCKTCP` \
                                2 "`get_vname mssock 2`" `onoff 2 $MSSOCKTCP` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" ms_sock_trusted_tcp $TMP &>$TMPFILE
               then MSSOCKTCP=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Sock Trusted TCP: No file/dir specified!" 5 $BC
        fi
      ;;

    'MS Sock Trusted UDP:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Sock Trusted UDP for $FILE" $BL $BC 6 \
                                0 "`get_vname mssock 0`" `onoff 0 $MSSOCKUDP` \
                                1 "`get_vname mssock 1`" `onoff 1 $MSSOCKUDP` \
                                2 "`get_vname mssock 2`" `onoff 2 $MSSOCKUDP` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" ms_sock_trusted_udp $TMP &>$TMPFILE
               then MSSOCKUDP=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Sock Trusted UDP: No file/dir specified!" 5 $BC
        fi
      ;;

    'FF Flags:')
        if test "$TYPE" != "NONE"
        then \
          flags_menu
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "FF Flags: No file/dir specified!" 5 $BC
        fi
      ;;

    'RC Type FD:')
        if test "$TYPE" != "NONE"
        then \
          if $RSBACPATH""rc_get_item list_used_fd_types >$TMPFILE
          then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --menu "Choose RC Type FD for $FILE" $BL $BC $MAXLINES \
                      $RCTYPEINHPAR "Inherit from parent dir" \
                      `cat $TMPFILE` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" rc_type_fd $TMP &>$TMPFILE
                 then RCTYPEFD=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          else \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Type FD (integer) for $FILE ($RCTYPEINHPAR = inherit)" \
                                 $BL $BC "$RCTYPEFD" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" rc_type_fd $TMP &>$TMPFILE
                 then RCTYPEFD=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Type FD: No file/dir specified!" 5 $BC
        fi
      ;;

    'RC Force Role:')
        if test "$TYPE" != "NONE"
        then \
          if $RSBACPATH""rc_get_item list_used_roles >$TMPFILE
          then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --menu "Choose RC Forced Role for $FILE" $BL $BC $MAXLINES \
                      $RCUSERINHERIT "always inherit from user" \
                      $RCPROCINHERIT "inherit from process (keep role)" \
                      $RCMIXINHERIT "mixed inherit from proc/user (default)" \
                      `cat $TMPFILE` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" rc_force_role $TMP &>$TMPFILE
                 then RCFORRO=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          else \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Force Role (integer) for $FILE ($RCUSERINHERIT = always inherit from user, $RCPROCINHERIT = inherit from process (keep role), $RCMIXINHERIT = mixed inherit (default))" \
                                 $BL $BC "$RCFORRO" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" rc_force_role $TMP &>$TMPFILE
                 then RCFORRO=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Force Role: No file/dir specified!" 5 $BC
        fi
      ;;

    'AUTH May Setuid:')
        if test "$TYPE" != "NONE"
        then \
           if test $AUTHSUID = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" auth_may_setuid $TMP &>$TMPFILE
           then AUTHSUID=$TMP
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Setuid: No file/dir specified!" 5 $BC
        fi
      ;;

    'AUTH May Set Cap:')
        if test "$TYPE" != "NONE"
        then \
           if test $AUTHSCAP = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" auth_may_set_cap $TMP &>$TMPFILE
           then AUTHSCAP=$TMP
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Set Cap: No file/dir specified!" 5 $BC
        fi
      ;;

    'AUTH Capabilities:')
        if test "$TYPE" = "FILE"
        then \
          while true ; do
            if \
            dialog --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --menu "$FILE: Caps: `get_caps`" $BL $BC `gl 3` \
                          "Add" "Capability" \
                          "Remove" "Capability" \
                          "Quit" "" \
               2>$TMPFILE
            then
              TMP=`cat $TMPFILE`
              case $TMP in
                Quit)
                  break
                  ;;
                Add)
                  choose_user
                  if test -n "$NEWMTUSER"
                  then
                    if ! $RSBACPATH""auth_set_cap FILE add "$FILE" $NEWMTUSER &>$TMPFILE
                    then \
                      dialog --title "$ERRTITLE" \
                             --backtitle "$BACKTITLE" \
                             --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                    fi
                  fi
                  ;;
                Remove)
                  TMP=`get_caps`
                  if dialog --title "$TITLE" \
                            --backtitle "$BACKTITLE" \
                            --menu "Username/ID to be removed from $FILE file caps" $BL $BC $MAXLINES \
                              `gen_cap_rem_user $TMP` \
                    2>$TMPFILE
                  then TMP=`cat $TMPFILE|tr ':' ' '`
                    if ! $RSBACPATH""auth_set_cap FILE remove "$FILE" $TMP &>$TMPFILE
                    then \
                      dialog --title "$ERRTITLE" \
                             --backtitle "$BACKTITLE" \
                             --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                    fi
                  fi
                  ;;
              esac
            else
              break
            fi
          done
        else
          dialog --title "$ERRTITLE" \
                 --backtitle "$BACKTITLE" \
                 --msgbox "AUTH Capabilities: No file specified!" 5 $BC
        fi
      ;;

    'Log Array Low:')
        if test "$TYPE" != "NONE"
        then \
          log_menu
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log Array Low: No file/dir specified!" 5 $BC
        fi
      ;;

    'Log Array High:')
        if test "$TYPE" != "NONE"
        then \
          log_menu
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log Array High: No file/dir specified!" 5 $BC
        fi
      ;;

    'Log Program Based:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "log_program_based for $TYPE $FILE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $LOGPROG" $BL $BC $MAXLINES \
              `gen_request_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_file_dir $TYPE "$FILE" log_program_based $TMP &>$TMPFILE
            then \
              LOGPROG=`$RSBACPATH""attr_get_file_dir $GETSWITCH $TYPE "$FILE" log_program_based`
            else \
              dialog --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log Program Based: No file/dir specified!" 5 $BC
        fi
      ;;

    'Dev Attributes:')
        $RSBACPATH""rsbac_dev_menu "$FILE"
      ;;

    'ACL Menu:')
        $RSBACPATH""rsbac_acl_menu FD "$FILE"
      ;;

    'Reset Attributes:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --yesno "Reset all attributes to default values?" 5 $BC \
             2>/dev/null
          then
            if $RSBACPATH""attr_rm_file_dir $TYPE "$FILE" &>/dev/null
            then get_attributes
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Reset Attributes: No file/dir specified!" 5 $BC
        fi
      ;;

    Quit)
        rm $TMPFILE ; exit
      ;;

    *)
        dialog --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC
  esac
# sleep 2
done
