#!/bin/bash
# 
# This script is used for Administration of RSBAC general process attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "    bash" 1>&2; exit 1; }
#
# We also need the proc fs mounted.
[ ! -f /proc/stat ] && { echo "       proc" 1>&2; exit 1; }
#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

ATTRIBUTES="owner_security_level mac_categories current_sec_level \
            mac_curr_categories min_write_open min_write_categories\
            max_read_open max_read_categories mac_auto mac_trusted pm_tp \
            pm_current_task pm_process_type \
            ms_trusted ms_sock_trusted_tcp ms_sock_trusted_udp \
            rc_role rc_type rc_force_role auth_may_setuid auth_may_set_cap \
            log_program_based"

# This must be a unique temporary filename
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi
TMPFILE=$TMPDIR/rsbac_dialog.$$

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC   v1.0.9b" ; fi
TITLE="`whoami`: RSBAC  "
ERRTITLE="RSBAC   - ERROR"

RCUSERINHERIT=64
RCPROCINHERIT=65
RCPARINHERIT=66
RCMIXINHERIT=67

get_attributes () {
  if test "$1" != "" 
    then \
#         OWNER=`$RSBACPATH""attr_get_process $1 owner`
#         if test -z "$OWNER"
#         then OWNER=`ps axu|cut -c 1-14|grep ' '$1'$'|cut -f 1 -d ' '`
#         fi
         OWNER=`ps axu|cut -c 1-14|grep ' '$1'$'|cut -f 1 -d ' '`
         if $RSBACPATH""attr_get_user $OWNER user_nr >$TMPFILE
         then OWNER=`cat $TMPFILE`
              OWNERNAME=`$RSBACPATH""attr_get_user $OWNER user_name`
         fi
         SECLEVEL=`$RSBACPATH""attr_get_process $1 security_level`
         MACCAT=`$RSBACPATH""attr_get_process $1 mac_categories`
         CURRSECL=`$RSBACPATH""attr_get_process $1 current_sec_level`
         CURRCAT=`$RSBACPATH""attr_get_process $1 mac_curr_categories`
         MINWRITE=`$RSBACPATH""attr_get_process $1 min_write_open`
         MINWCAT=`$RSBACPATH""attr_get_process $1 min_write_categories`
         MAXREAD=`$RSBACPATH""attr_get_process $1 max_read_open`
         MAXRCAT=`$RSBACPATH""attr_get_process $1 max_read_categories`
         MACAUTO=`$RSBACPATH""attr_get_process $1 mac_auto`
         MACTRUST=`$RSBACPATH""attr_get_process $1 mac_trusted`
         PMTP=`$RSBACPATH""attr_get_process $1 pm_tp`
         PMCTASK=`$RSBACPATH""attr_get_process $1 pm_current_task`
         PMPROCTYPE=`$RSBACPATH""attr_get_process $1 pm_process_type`
         MSTRUSTED=`$RSBACPATH""attr_get_process $1 ms_trusted`
         MSSOCKTCP=`$RSBACPATH""attr_get_process $1 ms_sock_trusted_tcp`
         MSSOCKUDP=`$RSBACPATH""attr_get_process $1 ms_sock_trusted_udp`
         RCROLE=`$RSBACPATH""attr_get_process $1 rc_role`
         RCTYPE=`$RSBACPATH""attr_get_process $1 rc_type`
         RCFROLE=`$RSBACPATH""attr_get_process $1 rc_force_role`
         AUTHSUID=`$RSBACPATH""attr_get_process $1 auth_may_setuid`
         AUTHSCAP=`$RSBACPATH""attr_get_process $1 auth_may_set_cap`
         LOGPROG=`$RSBACPATH""attr_get_process $1 log_program_based`
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}
onoffb_ru () {
   if test "$1" = "1"
     then echo 
   else echo 
   fi
}

list_item () {
   TMP2=""
   if test -f /proc/$1/cmdline
   then TMP2=`cat /proc/$1/stat|cut -f 2 -d ' '`
   fi
   if test "$TMP2" = ""
   then echo "_"
   else echo $TMP2
   fi
}

role_name () {
  if test -z "$PROCESS" -o -z "$1"
  then echo " "
  else \
      case $1 in
        $RCUSERINHERIT) echo " .  ."
          ;;
        $RCPROCINHERIT) echo ".   (.)"
          ;;
        $RCPARINHERIT) echo ".   (.)"
          ;;
        $RCMIXINHERIT) echo ".  .    ."
          ;;
        Error*) echo N/A
          ;;
        Use*) echo N/A
          ;;
        *) if ! $RSBACPATH""rc_get_item ROLE $1 name
           then echo $1
           fi
          ;;
      esac 
  fi
}

type_name () {
  if test -z "$PROCESS" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item TYPE $1 type_process_name
       then echo "()"
       fi
  fi
}

get_vname () {
  case $1 in
    seclevel)
      case $2 in
        0) echo 
          ;;
        1) echo 
          ;;
        2) echo 
          ;;
        3) echo  
          ;;
        252) echo . 
          ;;
        253) echo .  RSBAC
          ;;
        254) echo 
          ;;
      esac 
      ;;
    pmproctype)
      case $2 in
        0) echo 
          ;;
        1) echo TP
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mssock)
      case $2 in
        0) echo  
          ;;
        1) echo 
          ;;
        2) echo 
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mstrusted)
      case $2 in
        0) echo  
          ;;
        1) echo   
          ;;
        2) echo  
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    onoff)
      case $2 in
        0) echo .
          ;;
        1) echo .
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
  esac
}

full_name () {
  if test "$1" = ""
  then echo "**"
  else
    if $RSBACPATH""attr_get_user "$1" full_name >$TMPFILE
    then cat $TMPFILE
    else echo "**"
    fi
  fi
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "( )"
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_categories $i`
      echo $i `onoffb_ru $TMP` `onoffb $TMP`
    done
}

gen_curr_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_curr_categories $i`
      echo $i `onoffb_ru $TMP` `onoffb $TMP`
    done
}

gen_max_read_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS max_read_categories $i`
      echo $i `onoffb_ru $TMP` `onoffb $TMP`
    done
}

gen_min_write_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS min_write_categories $i`
      echo $i `onoffb_ru $TMP` `onoffb $TMP`
    done
}

gen_request_list () {
    if test -z "$REQUESTS"
      then REQUESTS=`$RSBACPATH""attr_get_process -n`
    fi
    SETREQUESTS=`$RSBACPATH""attr_get_process -p $PROCESS log_program_based`
    for i in $REQUESTS
    do
      if echo $SETREQUESTS | grep -q $i
      then
        echo $i  on
      else
        echo $i  off
      fi
    done
}

if test "$1" != ""
then PROCESS=$1
else PROCESS=$$
fi
get_attributes $PROCESS

while true ; do \
  if ! \
  dialog --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --menu " " $BL $BC `gl 31` \
                ". :" "  "\
                "---------------" " "\
                ".:" "$PROCESS / `list_item $PROCESS`" \
                ".:" "$OWNER / $OWNERNAME / `full_name $OWNER`" \
                ". :" "  " \
                ".  :" "$SECLEVEL / `get_vname seclevel $SECLEVEL`" \
                ".MAC  :" "`cat_print $MACCAT`" \
                ".  :" "$CURRSECL / `get_vname seclevel $CURRSECL`" \
                ". MAC :" "`cat_print $CURRCAT`" \
                "Min Write Open:" "$MINWRITE / `get_vname seclevel $MINWRITE`" \
                "Min Write Categories:" "`cat_print $MINWCAT`" \
                "Max Read Open:" "$MAXREAD / `get_vname seclevel $MAXREAD`" \
                "Max Read Categories:" "`cat_print $MAXRCAT`" \
                "Mac Auto:" "$MACAUTO / `get_vname onoff $MACAUTO`" \
                "Mac Trusted:" "$MACTRUST / `get_vname onoff $MACTRUST`" \
                "PM TP:" "$PMTP" \
                "PM  :" "$PMCTASK" \
                "PM  " "$PMPROCTYPE / `get_vname pmproctype $PMPROCTYPE`" \
                "MS Trusted:" "$MSTRUSTED / `get_vname mstrusted $MSTRUSTED`" \
                "MS Sock Trusted TCP:" "$MSSOCKTCP / `get_vname mssock $MSSOCKTCP`" \
                "MS Sock Trusted UDP:" "$MSSOCKUDP / `get_vname mssock $MSSOCKUDP`" \
                ".  RC:" "$RCROLE / `role_name $RCROLE`" \
                ". RC:" "$RCTYPE / `type_name $RCTYPE`" \
                ".  RC:" "$RCFROLE / `role_name $RCFROLE`" \
                "AUTH May Setuid:" "$AUTHSUID / `get_vname onoff $AUTHSUID`" \
                "AUTH May Set Cap:" "$AUTHSCAP / `get_vname onoff $AUTHSCAP`" \
                ".  :" "$LOGPROG" \
                "---------------" " "\
                ". IPC:" "    IPC" \
                ".   ACL:" " ACL" \
                "." "" \
         2>$TMPFILE
   then rm $TMPFILE ; exit
  fi

  case `cat $TMPFILE` in
    ".:")
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "ID " $BL $BC $PROCESS \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if test -d /proc/$TMP
             then PROCESS=$TMP
                  get_attributes $PROCESS
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ":   $TMP!" 5 $BC
             fi
        fi
      ;;

    '. :')
        TMP=`ps axh|cut -c 1-5|sort -n`
#        echo `for i in $TMP ; do echo $i "\`list_item $i\`" ; done`
#        sleep 2
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --menu "" $BL $BC $MAXLINES \
                         `for i in $TMP ; do echo $i "\`list_item $i\`" ; done` \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if test -d /proc/$TMP
             then PROCESS=$TMP
                  get_attributes $PROCESS
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox ":   $TMP!" 5 $BC
             fi
        fi
      ;;

    .:)
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Username/ID of Process Owner" $BL $BC $OWNER \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_nr &>$TMPFILE
             then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS owner $TMP &>$TMPFILE
               then OWNER=$TMP
                    OWNERNAME=`$RSBACPATH""attr_get_user $OWNER user_name`
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner: Unknown user $TMP!" 5 $BC
             fi
        fi
      ;;

    ". :")
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --menu "/ID  " $BL $BC $MAXLINES \
                         `${RSBACPATH}attr_get_user -bl` \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_nr &>$TMPFILE
             then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS owner $TMP &>$TMPFILE
               then OWNER=$TMP
                    OWNERNAME=`$RSBACPATH""attr_get_user $OWNER user_name`
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox " :   $TMP!" 5 $BC
             fi
        fi
      ;;

    '.  :')
        if test "$PROCESS" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "     $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $SECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $SECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $SECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $SECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS security_level $TMP &>$TMPFILE
               then SECLEVEL=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox " :   " 5 $BC
        fi
      ;;

    '.MAC  :')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title "MAC     $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist ": $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_process $PROCESS mac_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC  :   !" 5 $BC
        fi
      ;;

    '.  :')
        if test "$PROCESS" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "      $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $CURRSECL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $CURRSECL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $CURRSECL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $CURRSECL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $CURRSECL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS current_sec_level $TMP &>$TMPFILE
               then CURRSECL=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "  :   !" 5 $BC
        fi
      ;;

    '. MAC :')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title " MAC    $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist ": $CURRCAT" $BL $BC $MAXLINES \
                    `gen_curr_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               CURRCAT=`$RSBACPATH""attr_get_process $PROCESS mac_curr_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox " MAC :   !" 5 $BC
        fi
      ;;

    'Min Write Open:')
        if test "$PROCESS" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist " Min Write Open  $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MINWRITE` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MINWRITE` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MINWRITE` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MINWRITE` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MINWRITE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS min_write_open $TMP &>$TMPFILE
               then MINWRITE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Min Write Open:   !" 5 $BC
        fi
      ;;

    'Min Write Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title "Min Write    $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist ": $MINWCAT" $BL $BC $MAXLINES \
                    `gen_min_write_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MINWCAT=`$RSBACPATH""attr_get_process $PROCESS min_write_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Min Write Categories:   !" 5 $BC
        fi
      ;;

    'Max Read Open:')
        if test "$PROCESS" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist " Max Read Open  $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MAXREAD` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MAXREAD` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MAXREAD` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MAXREAD` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MAXREAD` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS max_read_open $TMP &>$TMPFILE
               then MAXREAD=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Max Read Open:   !" 5 $BC
        fi
      ;;

    'Max Read Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title "Max Read    $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist ": $MAXRCAT" $BL $BC $MAXLINES \
                    `gen_max_read_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MAXRCAT=`$RSBACPATH""attr_get_process $PROCESS max_read_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Max Read Categories:   !" 5 $BC
        fi
      ;;

    'Mac Auto:')
        if test "$PROCESS" != ""
        then \
           if test $MACAUTO = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS mac_auto $TMP &>$TMPFILE
           then MACAUTO=$TMP
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Mac Auto:   !" 5 $BC
        fi
      ;;

    'Mac Trusted:')
        if test "$PROCESS" != ""
        then \
           if test $MACTRUST = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS mac_auto $TMP &>$TMPFILE
           then MACTRUST=$TMP
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Mac Trusted:   !" 5 $BC
        fi
      ;;

    'PM TP:')
        if test "$PROCESS" != ""
        then \
           if dialog --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM TP id  $PROCESS" $BL $BC "$PMTP" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_tp $TMP &>$TMPFILE
               then PMTP=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM TP:   !" 5 $BC
        fi
      ;;

    'PM  :')
        if test "$PROCESS" != ""
        then \
           if dialog --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "ID   PM   $PROCESS" $BL $BC "$PMCTASK" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_current_task $TMP &>$TMPFILE
               then PMCTASK=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM  :   !" 5 $BC
        fi
      ;;

    'PM  ')
        if test "$PROCESS" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "     $PROCESS" $BL $BC 4 \
                                0 `get_vname proctype 0` `onoff 0 $PMPROCTYPE` \
                                1 `get_vname proctype 1` `onoff 1 $PMPROCTYPE` \
                                2 `get_vname proctype 2` `onoff 2 $PMPROCTYPE` \
                                3 `get_vname proctype 3` `onoff 3 $PMPROCTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_process_type $TMP &>$TMPFILE
               then PMPROCTYPE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM  :   !" 5 $BC
        fi
      ;;

    'MS Trusted:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist " MS Trusted TCP  $PROCESS" $BL $BC 6 \
                                0 "`get_vname mstrusted 0`" `onoff 0 $MSTRUSTED` \
                                1 "`get_vname mstrusted 1`" `onoff 1 $MSTRUSTED` \
                                2 "`get_vname mstrusted 2`" `onoff 2 $MSTRUSTED` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_trusted $TMP &>$TMPFILE
               then MSTRUSTED=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Trusted:   !" 5 $BC
        fi
      ;;

    'MS Sock Trusted TCP:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist " MS Sock Trusted TCP  $PROCESS" $BL $BC 6 \
                                0 "`get_vname mssock 0`" `onoff 0 $MSSOCKTCP` \
                                1 "`get_vname mssock 1`" `onoff 1 $MSSOCKTCP` \
                                2 "`get_vname mssock 2`" `onoff 2 $MSSOCKTCP` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_sock_trusted_tcp $TMP &>$TMPFILE
               then MSSOCKTCP=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Sock Trusted TCP:   !" 5 $BC
        fi
      ;;

    'MS Sock Trusted UDP:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist " MS Sock Trusted UDP  $PROCESS" $BL $BC 6 \
                                0 "`get_vname mssock 0`" `onoff 0 $MSSOCKUDP` \
                                1 "`get_vname mssock 1`" `onoff 1 $MSSOCKUDP` \
                                2 "`get_vname mssock 2`" `onoff 2 $MSSOCKUDP` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_sock_trusted_udp $TMP &>$TMPFILE
               then MSSOCKUDP=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Sock Trusted UDP:   !" 5 $BC
        fi
      ;;

    '.  RC:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_roles >$TMPFILE
          then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --menu "   RC  $PROCESS" $BL $BC $MAXLINES \
                      `cat $TMPFILE` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_role $TMP &>$TMPFILE
                 then RCROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          else \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "  RC  $PROCESS" $BL $BC "$RCROLE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_role $TMP &>$TMPFILE
                 then RCROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "  RC:  !" 5 $BC
        fi
      ;;

    '. RC:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_process_types >$TMPFILE
          then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --menu "  RC   $PROCESS" $BL $BC $MAXLINES \
                      `cat $TMPFILE` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_type $TMP &>$TMPFILE
                 then RCTYPE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          else \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox " RC   $PROCESS" $BL $BC "$RCTYPE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_type $TMP &>$TMPFILE
                 then RCTYPE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox " RC:  !" 5 $BC
        fi
      ;;

    '.  RC:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_roles >$TMPFILE
          then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --menu "   RC   $PROCESS" $BL $BC $MAXLINES \
                      $RCUSERINHERIT "   " \
                      $RCPROCINHERIT "   (. )" \
                      $RCMIXINHERIT "  / (-)" \
                      `cat $TMPFILE` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP &>$TMPFILE
                 then RCFROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          else \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "  RC  $PROCESS ($RCUSERINHERIT = inherit from user (default), $RCPROCINHERIT = inherit from process (keep role))" \
                        $BL $BC "$RCROLE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP &>$TMPFILE
                 then RCFROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "  RC:   !" 5 $BC
        fi
      ;;

    'AUTH May Setuid:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHSUID = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_may_setuid $TMP &>$TMPFILE
           then AUTHSUID=$TMP
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Setuid:   !" 5 $BC
        fi
      ;;

    'AUTH May Set Cap:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHSCAP = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_may_set_cap $TMP &>$TMPFILE
           then AUTHSCAP=$TMP
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Set Cap:   !" 5 $BC
        fi
      ;;

    '.  :')
        if test "$PROCESS" != ""
        then \
          if dialog --title "-   $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist ": $LOGPROG" $BL $BC $MAXLINES \
              `gen_request_list` \
              '--------------' '-----------------' off \
              UA ' ' off \
              A  ' ' off \
              R  '   .' off \
              RW '   ./.' off \
              W  '   .' off \
              SY '  ' off \
              SE ' security ' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_process $PROCESS log_program_based $TMP &>$TMPFILE
            then \
              LOGPROG=`$RSBACPATH""attr_get_process $PROCESS log_program_based`
            else \
              dialog --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "  :   !" 5 $BC
        fi
      ;;

    '. IPC:')
        $RSBACPATH""rsbac_ipc_menu_ru $PROCESS
      ;;

    '.   ACL:')
        $RSBACPATH""rsbac_acl_menu_ru PROCESS
      ;;

    .)
        rm $TMPFILE ; exit
      ;;

    *)
        dialog --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox " :  !" 5 $BC

  esac
# sleep 2
done
