#!/bin/bash
# 
# This script is used for Administration of RSBAC general process attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }
#
# We also need the proc fs mounted.
[ ! -f /proc/stat ] && { echo "This menu requires proc fs mounted" 1>&2; exit 1; }
#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

ATTRIBUTES="owner_security_level mac_categories current_sec_level \
            mac_curr_categories min_write_open min_write_categories\
            max_read_open max_read_categories mac_auto mac_trusted pm_tp \
            pm_current_task pm_process_type \
            ms_trusted ms_sock_trusted_tcp ms_sock_trusted_udp \
            rc_role rc_type rc_force_role auth_may_setuid auth_may_set_cap \
            log_program_based"

# This must be a unique temporary filename
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi
TMPFILE=$TMPDIR/rsbac_dialog.$$

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC Administration Tools v1.1.0" ; fi
TITLE="`whoami`: RSBAC Process Administration"
ERRTITLE="RSBAC Process Administration - ERROR"

RCUSERINHERIT=64
RCPROCINHERIT=65
RCPARINHERIT=66
RCMIXINHERIT=67

get_attributes () {
  if test "$1" != "" 
    then \
#         OWNER=`$RSBACPATH""attr_get_process $1 owner`
#         if test -z "$OWNER"
#         then OWNER=`ps axu|cut -c 1-14|grep ' '$1'$'|cut -f 1 -d ' '`
#         fi
         OWNER=`ps axu|cut -c 1-14|grep ' '$1'$'|cut -f 1 -d ' '`
         if $RSBACPATH""attr_get_user $OWNER user_nr >$TMPFILE
         then OWNER=`cat $TMPFILE`
              OWNERNAME=`$RSBACPATH""attr_get_user $OWNER user_name`
         fi
         SECLEVEL=`$RSBACPATH""attr_get_process $1 security_level`
         MACCAT=`$RSBACPATH""attr_get_process $1 mac_categories`
         CURRSECL=`$RSBACPATH""attr_get_process $1 current_sec_level`
         CURRCAT=`$RSBACPATH""attr_get_process $1 mac_curr_categories`
         MINWRITE=`$RSBACPATH""attr_get_process $1 min_write_open`
         MINWCAT=`$RSBACPATH""attr_get_process $1 min_write_categories`
         MAXREAD=`$RSBACPATH""attr_get_process $1 max_read_open`
         MAXRCAT=`$RSBACPATH""attr_get_process $1 max_read_categories`
         MACAUTO=`$RSBACPATH""attr_get_process $1 mac_auto`
         MACTRUST=`$RSBACPATH""attr_get_process $1 mac_trusted`
         PMTP=`$RSBACPATH""attr_get_process $1 pm_tp`
         PMCTASK=`$RSBACPATH""attr_get_process $1 pm_current_task`
         PMPROCTYPE=`$RSBACPATH""attr_get_process $1 pm_process_type`
         MSTRUSTED=`$RSBACPATH""attr_get_process $1 ms_trusted`
         MSSOCKTCP=`$RSBACPATH""attr_get_process $1 ms_sock_trusted_tcp`
         MSSOCKUDP=`$RSBACPATH""attr_get_process $1 ms_sock_trusted_udp`
         RCROLE=`$RSBACPATH""attr_get_process $1 rc_role`
         RCTYPE=`$RSBACPATH""attr_get_process $1 rc_type`
         RCFROLE=`$RSBACPATH""attr_get_process $1 rc_force_role`
         AUTHSUID=`$RSBACPATH""attr_get_process $1 auth_may_setuid`
         AUTHSCAP=`$RSBACPATH""attr_get_process $1 auth_may_set_cap`
         LOGPROG=`$RSBACPATH""attr_get_process $1 log_program_based`
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

list_item () {
   TMP2=""
   if test -f /proc/$1/cmdline
   then TMP2=`cat /proc/$1/stat|cut -f 2 -d ' '`
   fi
   if test "$TMP2" = ""
   then echo "not_available"
   else echo $TMP2
   fi
}

role_name () {
  if test -z "$PROCESS" -o -z "$1"
  then echo " "
  else \
      case $1 in
        $RCUSERINHERIT) echo "always inherit from user"
          ;;
        $RCPROCINHERIT) echo "inherit from process (keep)"
          ;;
        $RCPARINHERIT) echo "inherit from parent (keep)"
          ;;
        $RCMIXINHERIT) echo "inh. from user on chown only"
          ;;
        Error*) echo N/A
          ;;
        Use*) echo N/A
          ;;
        *) if ! $RSBACPATH""rc_get_item ROLE $1 name
           then echo $1
           fi
          ;;
      esac 
  fi
}

type_name () {
  if test -z "$PROCESS" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item TYPE $1 type_process_name
       then echo "(unknown)"
       fi
  fi
}

get_vname () {
  case $1 in
    seclevel)
      case $2 in
        0) echo unclassified
          ;;
        1) echo confidential
          ;;
        2) echo secret
          ;;
        3) echo top secret
          ;;
        252) echo max. level
          ;;
        253) echo rsbac-internal
          ;;
        254) echo inherit
          ;;
      esac 
      ;;
    pmproctype)
      case $2 in
        0) echo None
          ;;
        1) echo TP
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mssock)
      case $2 in
        0) echo Not Trusted
          ;;
        1) echo Active
          ;;
        2) echo Full
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mstrusted)
      case $2 in
        0) echo Not trusted
          ;;
        1) echo Read trusted
          ;;
        2) echo Full trusted
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    onoff)
      case $2 in
        0) echo Off
          ;;
        1) echo On
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
  esac
}

full_name () {
  if test "$1" = ""
  then echo "*unknown*"
  else
    if $RSBACPATH""attr_get_user "$1" full_name >$TMPFILE
    then cat $TMPFILE
    else echo "*unknown*"
    fi
  fi
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "(too long)"
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_curr_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_curr_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_max_read_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS max_read_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_min_write_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS min_write_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_request_list () {
    if test -z "$REQUESTS"
      then REQUESTS=`$RSBACPATH""attr_get_process -n`
    fi
    SETREQUESTS=`$RSBACPATH""attr_get_process -p $PROCESS log_program_based`
    for i in $REQUESTS
    do
      if echo $SETREQUESTS | grep -q $i
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

if test "$1" != ""
then PROCESS=$1
else PROCESS=$$
fi
get_attributes $PROCESS

while true ; do \
  if ! \
  dialog --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --menu "Main Menu" $BL $BC `gl 31` \
                "Process List:" "Choose process from list" \
                "---------------" " "\
                "Process:" "$PROCESS / `list_item $PROCESS`" \
                "Owner:" "$OWNER / $OWNERNAME / `full_name $OWNER`" \
                "Ownerlist:" "Choose Owner from List" \
                "Owner Security Level:" "$SECLEVEL / `get_vname seclevel $SECLEVEL`" \
                "Owner MAC Categories:" "`cat_print $MACCAT`" \
                "Current Security Level:" "$CURRSECL / `get_vname seclevel $CURRSECL`" \
                "Current MAC Categories:" "`cat_print $CURRCAT`" \
                "Min Write Open:" "$MINWRITE / `get_vname seclevel $MINWRITE`" \
                "Min Write Categories:" "`cat_print $MINWCAT`" \
                "Max Read Open:" "$MAXREAD / `get_vname seclevel $MAXREAD`" \
                "Max Read Categories:" "`cat_print $MAXRCAT`" \
                "Mac Auto:" "$MACAUTO / `get_vname onoff $MACAUTO`" \
                "Mac Trusted:" "$MACTRUST / `get_vname onoff $MACTRUST`" \
                "PM TP:" "$PMTP" \
                "PM Current Task:" "$PMCTASK" \
                "PM Process Type:" "$PMPROCTYPE / `get_vname pmproctype $PMPROCTYPE`" \
                "MS Trusted:" "$MSTRUSTED / `get_vname mstrusted $MSTRUSTED`" \
                "MS Sock Trusted TCP:" "$MSSOCKTCP / `get_vname mssock $MSSOCKTCP`" \
                "MS Sock Trusted UDP:" "$MSSOCKUDP / `get_vname mssock $MSSOCKUDP`" \
                "RC Current Role:" "$RCROLE / `role_name $RCROLE`" \
                "RC Type:" "$RCTYPE / `type_name $RCTYPE`" \
                "RC Force Role:" "$RCFROLE / `role_name $RCFROLE`" \
                "AUTH May Setuid:" "$AUTHSUID / `get_vname onoff $AUTHSUID`" \
                "AUTH May Set Cap:" "$AUTHSCAP / `get_vname onoff $AUTHSCAP`" \
                "Log Program Based:" "$LOGPROG" \
                "---------------" " "\
                "IPC Attributes:" "Go to IPC attribute menu" \
                "ACL Menu:" "Go to ACL menu" \
                "Quit" "" \
         2>$TMPFILE
   then rm $TMPFILE ; exit
  fi

  case `cat $TMPFILE` in
    Process:)
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Process ID" $BL $BC $PROCESS \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if test -d /proc/$TMP
             then PROCESS=$TMP
                  get_attributes $PROCESS
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Process: Unknown process $TMP!" 5 $BC
             fi
        fi
      ;;

    'Process List:')
        TMP=`ps axh|cut -c 1-5|sort -n`
#        echo `for i in $TMP ; do echo $i "\`list_item $i\`" ; done`
#        sleep 2
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --menu "Process" $BL $BC $MAXLINES \
                         `for i in $TMP ; do echo $i "\`list_item $i\`" ; done` \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if test -d /proc/$TMP
             then PROCESS=$TMP
                  get_attributes $PROCESS
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Process: Unknown process $TMP!" 5 $BC
             fi
        fi
      ;;

    Owner:)
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Username/ID of Process Owner" $BL $BC $OWNER \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_nr &>$TMPFILE
             then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS owner $TMP &>$TMPFILE
               then OWNER=$TMP
                    OWNERNAME=`$RSBACPATH""attr_get_user $OWNER user_name`
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner: Unknown user $TMP!" 5 $BC
             fi
        fi
      ;;

    Ownerlist:)
        if dialog --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --menu "Username/ID of Process Owner" $BL $BC $MAXLINES \
                         `${RSBACPATH}attr_get_user -bl` \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_get_user $TMP user_nr &>$TMPFILE
             then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS owner $TMP &>$TMPFILE
               then OWNER=$TMP
                    OWNERNAME=`$RSBACPATH""attr_get_user $OWNER user_name`
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
             else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Ownerlist: Unknown user $TMP!" 5 $BC
             fi
        fi
      ;;

    'Owner Security Level:')
        if test "$PROCESS" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Owner Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $SECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $SECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $SECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $SECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS security_level $TMP &>$TMPFILE
               then SECLEVEL=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Owner MAC Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title "Owner MAC Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_process $PROCESS mac_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner MAC Categories: No process specified!" 5 $BC
        fi
      ;;

    'Current Security Level:')
        if test "$PROCESS" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Current Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $CURRSECL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $CURRSECL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $CURRSECL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $CURRSECL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $CURRSECL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS current_sec_level $TMP &>$TMPFILE
               then CURRSECL=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Current Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Current MAC Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title "Current MAC Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $CURRCAT" $BL $BC $MAXLINES \
                    `gen_curr_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               CURRCAT=`$RSBACPATH""attr_get_process $PROCESS mac_curr_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Current MAC Categories: No process specified!" 5 $BC
        fi
      ;;

    'Min Write Open:')
        if test "$PROCESS" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Min Write Open for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MINWRITE` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MINWRITE` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MINWRITE` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MINWRITE` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MINWRITE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS min_write_open $TMP &>$TMPFILE
               then MINWRITE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Min Write Open: No process specified!" 5 $BC
        fi
      ;;

    'Min Write Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title "Min Write Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MINWCAT" $BL $BC $MAXLINES \
                    `gen_min_write_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MINWCAT=`$RSBACPATH""attr_get_process $PROCESS min_write_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Min Write Categories: No process specified!" 5 $BC
        fi
      ;;

    'Max Read Open:')
        if test "$PROCESS" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Max Read Open for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MAXREAD` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MAXREAD` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MAXREAD` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MAXREAD` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MAXREAD` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS max_read_open $TMP &>$TMPFILE
               then MAXREAD=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Max Read Open: No process specified!" 5 $BC
        fi
      ;;

    'Max Read Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if dialog --title "Max Read Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MAXRCAT" $BL $BC $MAXLINES \
                    `gen_max_read_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 0 &>$TMPFILE
                 then \ 
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 1 &>$TMPFILE
                 then \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MAXRCAT=`$RSBACPATH""attr_get_process $PROCESS max_read_categories`
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Max Read Categories: No process specified!" 5 $BC
        fi
      ;;

    'Mac Auto:')
        if test "$PROCESS" != ""
        then \
           if test $MACAUTO = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS mac_auto $TMP &>$TMPFILE
           then MACAUTO=$TMP
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Mac Auto: No process specified!" 5 $BC
        fi
      ;;

    'Mac Trusted:')
        if test "$PROCESS" != ""
        then \
           if test $MACTRUST = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS mac_auto $TMP &>$TMPFILE
           then MACTRUST=$TMP
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Mac Trusted: No process specified!" 5 $BC
        fi
      ;;

    'PM TP:')
        if test "$PROCESS" != ""
        then \
           if dialog --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM TP id for $PROCESS" $BL $BC "$PMTP" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_tp $TMP &>$TMPFILE
               then PMTP=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM TP: No process specified!" 5 $BC
        fi
      ;;

    'PM Current Task:')
        if test "$PROCESS" != ""
        then \
           if dialog --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM Current Task id for $PROCESS" $BL $BC "$PMCTASK" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_current_task $TMP &>$TMPFILE
               then PMCTASK=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Current Task: No process specified!" 5 $BC
        fi
      ;;

    'PM Process Type:')
        if test "$PROCESS" != ""
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose PM Process Type for $PROCESS" $BL $BC 4 \
                                0 `get_vname proctype 0` `onoff 0 $PMPROCTYPE` \
                                1 `get_vname proctype 1` `onoff 1 $PMPROCTYPE` \
                                2 `get_vname proctype 2` `onoff 2 $PMPROCTYPE` \
                                3 `get_vname proctype 3` `onoff 3 $PMPROCTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_process_type $TMP &>$TMPFILE
               then PMPROCTYPE=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Process Type: No process specified!" 5 $BC
        fi
      ;;

    'MS Trusted:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Trusted TCP for $PROCESS" $BL $BC 6 \
                                0 "`get_vname mstrusted 0`" `onoff 0 $MSTRUSTED` \
                                1 "`get_vname mstrusted 1`" `onoff 1 $MSTRUSTED` \
                                2 "`get_vname mstrusted 2`" `onoff 2 $MSTRUSTED` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_trusted $TMP &>$TMPFILE
               then MSTRUSTED=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Trusted: No process specified!" 5 $BC
        fi
      ;;

    'MS Sock Trusted TCP:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Sock Trusted TCP for $PROCESS" $BL $BC 6 \
                                0 "`get_vname mssock 0`" `onoff 0 $MSSOCKTCP` \
                                1 "`get_vname mssock 1`" `onoff 1 $MSSOCKTCP` \
                                2 "`get_vname mssock 2`" `onoff 2 $MSSOCKTCP` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_sock_trusted_tcp $TMP &>$TMPFILE
               then MSSOCKTCP=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Sock Trusted TCP: No process specified!" 5 $BC
        fi
      ;;

    'MS Sock Trusted UDP:')
        if test "$TYPE" != "NONE"
        then \
          if dialog --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Sock Trusted UDP for $PROCESS" $BL $BC 6 \
                                0 "`get_vname mssock 0`" `onoff 0 $MSSOCKUDP` \
                                1 "`get_vname mssock 1`" `onoff 1 $MSSOCKUDP` \
                                2 "`get_vname mssock 2`" `onoff 2 $MSSOCKUDP` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_sock_trusted_udp $TMP &>$TMPFILE
               then MSSOCKUDP=$TMP
               else \
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Sock Trusted UDP: No process specified!" 5 $BC
        fi
      ;;

    'RC Current Role:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_roles >$TMPFILE
          then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --menu "Choose RC Current Role for $PROCESS" $BL $BC $MAXLINES \
                      `cat $TMPFILE` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_role $TMP &>$TMPFILE
                 then RCROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          else \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Current Role for $PROCESS" $BL $BC "$RCROLE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_role $TMP &>$TMPFILE
                 then RCROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Current Role: No process specified!" 5 $BC
        fi
      ;;

    'RC Type:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_process_types >$TMPFILE
          then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --menu "Choose RC Type for $PROCESS" $BL $BC $MAXLINES \
                      `cat $TMPFILE` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_type $TMP &>$TMPFILE
                 then RCTYPE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          else \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Type for $PROCESS" $BL $BC "$RCTYPE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_type $TMP &>$TMPFILE
                 then RCTYPE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Type: No process specified!" 5 $BC
        fi
      ;;

    'RC Force Role:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_roles >$TMPFILE
          then \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --menu "Choose RC Force Role for Process $PROCESS" $BL $BC $MAXLINES \
                      $RCUSERINHERIT "always inherit from user" \
                      $RCPROCINHERIT "inherit from process (keep role)" \
                      $RCMIXINHERIT "mixed inherit from proc/user (default)" \
                      `cat $TMPFILE` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP &>$TMPFILE
                 then RCFROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          else \
            if dialog --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Force Role for $PROCESS ($RCUSERINHERIT = inherit from user (default), $RCPROCINHERIT = inherit from process (keep role))" \
                        $BL $BC "$RCROLE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP &>$TMPFILE
                 then RCFROLE=$TMP
                 else \
                   dialog --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Force Role: No process specified!" 5 $BC
        fi
      ;;

    'AUTH May Setuid:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHSUID = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_may_setuid $TMP &>$TMPFILE
           then AUTHSUID=$TMP
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Setuid: No process specified!" 5 $BC
        fi
      ;;

    'AUTH May Set Cap:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHSCAP = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_may_set_cap $TMP &>$TMPFILE
           then AUTHSCAP=$TMP
           else \
             dialog --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Set Cap: No process specified!" 5 $BC
        fi
      ;;

    'Log Program Based:')
        if test "$PROCESS" != ""
        then \
          if dialog --title "log_program_based for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $LOGPROG" $BL $BC $MAXLINES \
              `gen_request_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_process $PROCESS log_program_based $TMP &>$TMPFILE
            then \
              LOGPROG=`$RSBACPATH""attr_get_process $PROCESS log_program_based`
            else \
              dialog --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 dialog --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log Program Based: No process specified!" 5 $BC
        fi
      ;;

    'IPC Attributes:')
        $RSBACPATH""rsbac_ipc_menu $PROCESS
      ;;

    'ACL Menu:')
        $RSBACPATH""rsbac_acl_menu PROCESS
      ;;

    Quit)
        rm $TMPFILE ; exit
      ;;

    *)
        dialog --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
