#!/bin/bash
# 
# This script is used for Administration of RSBAC general process attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }
#
# We also need the proc fs mounted.
[ ! -f /proc/stat ] && { echo "This menu requires proc fs mounted" 1>&2; exit 1; }
#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

ATTRIBUTES="owner_security_level mac_categories current_sec_level \
            mac_curr_categories min_write_open min_write_categories\
            max_read_open max_read_categories mac_auto mac_trusted pm_tp \
            pm_current_task pm_process_type \
            ms_trusted ms_sock_trusted_tcp ms_sock_trusted_udp \
            rc_role rc_type rc_force_role auth_may_setuid auth_may_set_cap \
            log_program_based"

# Set conf filename
RSBACCONF=/etc/rsbac.conf
# Read settings
if test -f $RSBACCONF
then . $RSBACCONF
fi
if test -f ~/.rsbacrc
then . ~/.rsbacrc
fi
if test -z "$RSBACMOD"
then RSBACMOD='GEN MAC FC SIM PM MS FF RC AUTH ACL CAP'
fi
for i in $RSBACMOD
do
  export SHOW_${i}=yes
done

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# which dialog tool to use - dialog or kdialog
if test -z $DIALOG
then DIALOG=${RSBACPATH}rsbac_dialog
fi

if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC Administration Tools v1.2.0" ; fi
TITLE="`whoami`@`hostname`: RSBAC Process Administration"
HELPTITLE="`whoami`@`hostname`: RSBAC Process Administration Help"
ERRTITLE="RSBAC Process Administration - ERROR"

#RCUSERINHERIT=64
#RCPROCINHERIT=65
#RCPARINHERIT=66
#RCMIXINHERIT=67
RCTYPEINHPROC=4294967295
RCTYPEINHPAR=4294967294
RCUSERINHERIT=4294967295
RCPROCINHERIT=4294967294
RCPARINHERIT=4294967293
RCMIXINHERIT=4294967292
RCUSEFR=4294967291

show_help () {
 {
  echo "$1"
  echo ""
  case "$1" in
    'Process List:')
        echo "Choose new process object from list."
      ;;

    "Process:")
        echo "Enter new process ID."
      ;;

    'Owner Security Level:')
        echo "MAC model security level of the process owner at the time of process"
        echo "creation (fork). Also used as maximum possible level."
        echo ""
        $RSBACPATH""attr_get_process -A security_level
      ;;

    'Owner MAC Categories:')
        echo "MAC model category set of the process owner at the time of process"
        echo "creation (fork). Also used as maximum possible category set."
        echo ""
        $RSBACPATH""attr_get_process -A mac_categories
      ;;

    'Current Security Level:')
        echo "Current MAC model security level of the process. Must always be less"
        echo "than or equal to Owner Security Level and Min Write Open (except when"
        echo "process is MAC trusted) and at least Max Read Open."
        echo ""
        $RSBACPATH""attr_get_process -A current_sec_level
      ;;

    'Current MAC Categories:')
        echo "Current MAC model category set of the process. Must always be subset"
        echo "of Owner MAC Categories and Min Write Categories (except when process"
        echo "is MAC trusted) and superset of Max Read Categories."
        echo ""
        $RSBACPATH""attr_get_process -A mac_curr_categories
      ;;

    'Min Write Open:')
        echo "Minimum MAC security level of all objects this process has ever opened"
        echo "for writing since the last EXECUTE. Used as upper boundary for Current"
        echo "Security Level (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A min_write_open
      ;;

    'Min Write Categories:')
        echo "Maximum MAC category subset of all objects this process has ever opened"
        echo "for writing since the last EXECUTE. Used as upper boundary for Current"
        echo "MAC Categories (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A min_write_categories
      ;;

    'Max Read Open:')
        echo "Maximum MAC security level of all objects this process has ever opened"
        echo "for reading since the last EXECUTE. Used as lower boundary for Current"
        echo "Security Level (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A max_read_open
      ;;

    'Max Read Categories:')
        echo "Minimum MAC category superset of all objects this process has ever opened"
        echo "for reading since the last EXECUTE. Used as lower boundary for Current"
        echo "MAC categories (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A max_read_categories
      ;;

    'Mac Auto:')
        echo "Toggle, whether the MAC module should try to automatically adjust the"
        echo "Current Security Level and Current MAC Categories as necessary."
        echo ""
        echo "This switch is on by default. It is turned off when the process"
        echo "explicitely sets one of the above values for the first time."
        echo ""
        $RSBACPATH""attr_get_process -A mac_auto
      ;;

    'Mac Trusted:')
        echo "Toggle, whether the MAC Min-Write and Max-Read boundaries should be"
        echo "applied. This value is derived from the program file setting of"
        echo "MAC Trusted for User."
        echo ""
        $RSBACPATH""attr_get_process -A mac_trusted
      ;;

    'PM TP:')
        echo "The PM model transaction procedure ID."
        echo ""
        $RSBACPATH""attr_get_process -A pm_tp
      ;;

    'PM Current Task:')
        echo "The PM model current task of this process."
        echo ""
        $RSBACPATH""attr_get_process -A pm_current_task
      ;;

    'PM Process Type:')
        echo "Set process type for PM model."
        echo ""
        $RSBACPATH""attr_get_process -A pm_process_type
      ;;

    'MS Trusted:')
        echo "Toggle, whether this process is an MS trusted process. Only trusted"
        echo "processes may open infected files."
        echo ""
        $RSBACPATH""attr_get_process -A ms_trusted
      ;;

    'MS Sock Trusted TCP:')
        echo "Toggle, whether this process file is an MS trusted process for TCP"
        echo "sockets. Only processes, which are TCP trusted, can read from a TCP"
        echo "socket, which has been marked as infected."
        echo ""
        $RSBACPATH""attr_get_process -A ms_sock_trusted_tcp
      ;;

    'MS Sock Trusted UDP:')
        echo "Toggle, whether this process file is an MS trusted process for UDP"
        echo "sockets. Only processes, which are UDP trusted, can read from a UDP"
        echo "socket, which has been marked as infected."
        echo ""
        $RSBACPATH""attr_get_process -A ms_sock_trusted_udp
      ;;

    'RC Current Role:')
        echo "Select the RC model current role."
        echo ""
        $RSBACPATH""attr_get_process -A rc_role
      ;;

    'RC Type:')
        echo "Select the RC model process object type."
        echo ""
        $RSBACPATH""attr_get_process -A rc_type
      ;;

    'RC Force Role:')
        echo "Select an RC role, which is kept for this process as long as the same"
        echo "program runs. User default roles are ignored even on a CHANGE_OWNER"
        echo "(setuid)."
        echo ""
        $RSBACPATH""attr_get_process -A rc_force_role
      ;;

    'AUTH May Setuid:')
        echo "Toggle, whether this process is allowed to CHANGE_OWNER (setuid) to"
        echo "any user ID by AUTH model."
        echo ""
        $RSBACPATH""attr_get_process -A auth_may_setuid
      ;;

    'AUTH May Set Cap:')
        echo "Toggle, whether this process may set AUTH setuid capabilities for any"
        echo "process (but not for files)."
        echo "This flag is useful e.g. for authentication daemons. See AUTH"
        echo "description for details."
        echo ""
        $RSBACPATH""attr_get_process -A auth_may_set_cap
      ;;

    'Log Program Based:')
        echo "Specify the request types, which should always be logged, when"
        echo "issued by this process."
        echo ""
        $RSBACPATH""attr_get_process -A log_program_based
      ;;

    'IPC Attributes:')
        echo "Go to IPC attribute menu."
      ;;

    'ACL Menu:')
        echo "Go to ACL menu."
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

get_attributes () {
  if test "$1" != "" 
    then \
#         OWNER=`$RSBACPATH""attr_get_process $1 owner`
#         if test -z "$OWNER"
#         then OWNER=`ps axu|cut -c 1-14|grep ' '$1'$'|cut -f 1 -d ' '`
#         fi
         OWNER=`ps axu|cut -c 1-14|grep ' '$1'$'|cut -f 1 -d ' '`
         if $RSBACPATH""attr_get_user $OWNER user_nr >$TMPFILE
         then OWNER=`cat $TMPFILE`
              OWNERNAME=`$RSBACPATH""attr_get_user $OWNER user_name`
         fi
         if test "$SHOW_MAC" == "yes"
         then
           SECLEVEL=`$RSBACPATH""attr_get_process $1 security_level`
           MACCAT=`$RSBACPATH""attr_get_process $1 mac_categories`
           CURRSECL=`$RSBACPATH""attr_get_process $1 current_sec_level`
           CURRCAT=`$RSBACPATH""attr_get_process $1 mac_curr_categories`
           MINWRITE=`$RSBACPATH""attr_get_process $1 min_write_open`
           MINWCAT=`$RSBACPATH""attr_get_process $1 min_write_categories`
           MAXREAD=`$RSBACPATH""attr_get_process $1 max_read_open`
           MAXRCAT=`$RSBACPATH""attr_get_process $1 max_read_categories`
           MACAUTO=`$RSBACPATH""attr_get_process $1 mac_auto`
           MACTRUST=`$RSBACPATH""attr_get_process $1 mac_trusted`
         fi
         if test "$SHOW_PM" == "yes"
         then
           PMTP=`$RSBACPATH""attr_get_process $1 pm_tp`
           PMCTASK=`$RSBACPATH""attr_get_process $1 pm_current_task`
           PMPROCTYPE=`$RSBACPATH""attr_get_process $1 pm_process_type`
         fi
         if test "$SHOW_MS" == "yes"
         then
           MSTRUSTED=`$RSBACPATH""attr_get_process $1 ms_trusted`
           MSSOCKTCP=`$RSBACPATH""attr_get_process $1 ms_sock_trusted_tcp`
           MSSOCKUDP=`$RSBACPATH""attr_get_process $1 ms_sock_trusted_udp`
         fi
         if test "$SHOW_RC" == "yes"
         then
           RCROLE=`$RSBACPATH""attr_get_process $1 rc_role`
           RCTYPE=`$RSBACPATH""attr_get_process $1 rc_type`
           RCFROLE=`$RSBACPATH""attr_get_process $1 rc_force_role`
         fi
         if test "$SHOW_AUTH" == "yes"
         then
           AUTHSUID=`$RSBACPATH""attr_get_process $1 auth_may_setuid`
           AUTHSCAP=`$RSBACPATH""attr_get_process $1 auth_may_set_cap`
         fi
         if test "$SHOW_GEN" == "yes"
         then
           LOGPROG=`$RSBACPATH""attr_get_process $1 log_program_based`
         fi
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

list_item () {
   TMP2=""
   if test -f /proc/$1/cmdline
   then TMP2=`cat /proc/$1/stat|cut -f 2 -d ' '`
   fi
   if test "$TMP2" = ""
   then echo "not_available"
   else echo $TMP2
   fi
}

role_name () {
  if test -z "$PROCESS" -o -z "$1"
  then echo " "
  else \
      case $1 in
        $RCUSERINHERIT) echo "always inherit from user"
          ;;
        $RCPROCINHERIT) echo "inherit from process (keep)"
          ;;
        $RCPARINHERIT) echo "inherit from parent (keep)"
          ;;
        $RCMIXINHERIT) echo "inh. from user on chown only"
          ;;
        Error*) echo N/A
          ;;
        Use*) echo N/A
          ;;
        *) if ! $RSBACPATH""rc_get_item ROLE $1 name 2>/dev/null
           then echo $1
           fi
          ;;
      esac 
  fi
}

type_name () {
  if test -z "$PROCESS" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item TYPE $1 type_process_name 2>/dev/null
       then echo "(unknown)"
       fi
  fi
}

get_vname () {
  case $1 in
    seclevel)
      case $2 in
        0) echo unclassified
          ;;
        1) echo confidential
          ;;
        2) echo secret
          ;;
        3) echo top secret
          ;;
        252) echo max. level
          ;;
        253) echo rsbac-internal
          ;;
        254) echo inherit
          ;;
      esac 
      ;;
    pmproctype)
      case $2 in
        0) echo None
          ;;
        1) echo TP
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mssock)
      case $2 in
        0) echo Not Trusted
          ;;
        1) echo Active
          ;;
        2) echo Full
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mstrusted)
      case $2 in
        0) echo Not trusted
          ;;
        1) echo Read trusted
          ;;
        2) echo Full trusted
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    onoff)
      case $2 in
        0) echo Off
          ;;
        1) echo On
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
  esac
}

full_name () {
  if test "$1" = ""
  then echo "*unknown*"
  else
    if ! $RSBACPATH""attr_get_user "$1" full_name 2>/dev/null
    then echo "*unknown*"
    fi
  fi
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "(too long)"
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_curr_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_curr_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_max_read_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS max_read_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_min_write_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS min_write_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_request_list () {
    if test -z "$REQUESTS"
      then REQUESTS=`$RSBACPATH""attr_get_process -n`
    fi
    SETREQUESTS=`$RSBACPATH""attr_get_process -p $PROCESS log_program_based`
    for i in $REQUESTS
    do
      if echo $SETREQUESTS | grep -q $i
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

if test "$1" != ""
then PROCESS=$1
else PROCESS=$$
fi
get_attributes $PROCESS

  {
    echo 'process_menu ()'
    echo '  {'    
    echo "    $DIALOG --title \"$TITLE\" \\"
    echo '       --backtitle "$BACKTITLE" \'
    echo '       --help-button --default-item "$CHOICE" \'
    echo '       --menu "Main Process Menu" $BL $BC `gl 33` \'
    echo '            "Process List:" "Choose process from list" \'
    echo '            "-------------------" " " \'
    echo '            "Process:" "$PROCESS / `list_item $PROCESS`" \'
    echo '            "Owner:" "$OWNER / $OWNERNAME / `full_name $OWNER`" \'
    if test "$SHOW_MAC" == "yes"
    then
      echo '            "Owner Security Level:" "$SECLEVEL / `get_vname seclevel $SECLEVEL`" \'
      echo '            "Owner MAC Categories:" "`cat_print $MACCAT`" \'
      echo '            "Current Security Level:" "$CURRSECL / `get_vname seclevel $CURRSECL`" \'
      echo '            "Current MAC Categories:" "`cat_print $CURRCAT`" \'
      echo '            "Min Write Open:" "$MINWRITE / `get_vname seclevel $MINWRITE`" \'
      echo '            "Min Write Categories:" "`cat_print $MINWCAT`" \'
      echo '            "Max Read Open:" "$MAXREAD / `get_vname seclevel $MAXREAD`" \'
      echo '            "Max Read Categories:" "`cat_print $MAXRCAT`" \'
      echo '            "Mac Auto:" "$MACAUTO / `get_vname onoff $MACAUTO`" \'
      echo '            "Mac Trusted:" "$MACTRUST / `get_vname onoff $MACTRUST`" \'
    fi
    if test "$SHOW_PM" == "yes"
    then
      echo '            "PM TP:" "$PMTP" \'
      echo '            "PM Current Task:" "$PMCTASK" \'
      echo '            "PM Process Type:" "$PMPROCTYPE / `get_vname pmproctype $PMPROCTYPE`" \'
    fi
    if test "$SHOW_MS" == "yes"
    then
      echo '            "MS Trusted:" "$MSTRUSTED / `get_vname mstrusted $MSTRUSTED`" \'
      echo '            "MS Sock Trusted TCP:" "$MSSOCKTCP / `get_vname mssock $MSSOCKTCP`" \'
      echo '            "MS Sock Trusted UDP:" "$MSSOCKUDP / `get_vname mssock $MSSOCKUDP`" \'
    fi
    if test "$SHOW_RC" == "yes"
    then
      echo '            "RC Current Role:" "$RCROLE / `role_name $RCROLE`" \'
      echo '            "RC Type:" "$RCTYPE / `type_name $RCTYPE`" \'
      echo '            "RC Force Role:" "$RCFROLE / `role_name $RCFROLE`" \'
    fi
    if test "$SHOW_AUTH" == "yes"
    then
      echo '            "AUTH May Setuid:" "$AUTHSUID / `get_vname onoff $AUTHSUID`" \'
      echo '            "AUTH May Set Cap:" "$AUTHSCAP / `get_vname onoff $AUTHSCAP`" \'
    fi
    if test "$SHOW_GEN" == "yes"
    then
      echo '            "Log Program Based:" "$LOGPROG" \'
    fi
    echo '            "----------------" " " \'
    echo '            "IPC Attributes:" "Go to IPC attribute menu" \'
    echo '            "ACL Menu:" "Go to ACL menu" \'
    echo '            "----------------" " " \'
    echo '            "Quit" ""'
    echo '  }'
  } > $TMPFILE

. $TMPFILE

#cp $TMPFILE /tmp/menu

while true
  do
    if ! process_menu 2>$TMPFILE
     then rm $TMPFILE ; exit
    fi


  CHOICE=`cat $TMPFILE`
  case "$CHOICE" in
    HELP*)
        show_help "${CHOICE:5}"
        CHOICE="${CHOICE:5}"
      ;;
    Process:)
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Process ID" $BL $BC $PROCESS \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if test -d /proc/$TMP
             then PROCESS=$TMP
                  get_attributes $PROCESS
             else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Process: Unknown process $TMP!" 5 $BC
             fi
        fi
      ;;

    'Process List:')
        TMP=`ps axh|cut -c 1-5|sort -n`
#        echo `for i in $TMP ; do echo $i "\`list_item $i\`" ; done`
#        sleep 2
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --default-item "$PROCESS" \
                   --menu "Process" $BL $BC $MAXLINES \
                         `for i in $TMP ; do echo $i "\`list_item $i\`" ; done` \
           2>$TMPFILE
        then TMP2=`cat $TMPFILE`
          if test -d /proc/$TMP
          then PROCESS=$TMP2
               get_attributes $PROCESS
               break
          else \
              $DIALOG --title "$ERRTITLE" \
                      --backtitle "$BACKTITLE" \
                      --msgbox "Process: Unknown process $TMP2!" 5 $BC
          fi
        fi
      ;;

    'Owner Security Level:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Owner Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $SECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $SECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $SECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $SECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS security_level $TMP &>$TMPFILE
               then SECLEVEL=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Owner MAC Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Owner MAC Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_categories $i 0 &>$TMPFILE
                 then \ 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_categories $i 1 &>$TMPFILE
                 then \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_process $PROCESS mac_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner MAC Categories: No process specified!" 5 $BC
        fi
      ;;

    'Current Security Level:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Current Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $CURRSECL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $CURRSECL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $CURRSECL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $CURRSECL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $CURRSECL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS current_sec_level $TMP &>$TMPFILE
               then CURRSECL=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Current Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Current MAC Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Current MAC Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $CURRCAT" $BL $BC $MAXLINES \
                    `gen_curr_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 0 &>$TMPFILE
                 then \ 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 1 &>$TMPFILE
                 then \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               CURRCAT=`$RSBACPATH""attr_get_process $PROCESS mac_curr_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Current MAC Categories: No process specified!" 5 $BC
        fi
      ;;

    'Min Write Open:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Min Write Open for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MINWRITE` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MINWRITE` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MINWRITE` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MINWRITE` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MINWRITE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS min_write_open $TMP &>$TMPFILE
               then MINWRITE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Min Write Open: No process specified!" 5 $BC
        fi
      ;;

    'Min Write Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Min Write Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MINWCAT" $BL $BC $MAXLINES \
                    `gen_min_write_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 0 &>$TMPFILE
                 then \ 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 1 &>$TMPFILE
                 then \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MINWCAT=`$RSBACPATH""attr_get_process $PROCESS min_write_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Min Write Categories: No process specified!" 5 $BC
        fi
      ;;

    'Max Read Open:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Max Read Open for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MAXREAD` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MAXREAD` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MAXREAD` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MAXREAD` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MAXREAD` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS max_read_open $TMP &>$TMPFILE
               then MAXREAD=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Max Read Open: No process specified!" 5 $BC
        fi
      ;;

    'Max Read Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Max Read Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MAXRCAT" $BL $BC $MAXLINES \
                    `gen_max_read_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 0 &>$TMPFILE
                 then \ 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if ! $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 1 &>$TMPFILE
                 then \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MAXRCAT=`$RSBACPATH""attr_get_process $PROCESS max_read_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Max Read Categories: No process specified!" 5 $BC
        fi
      ;;

    'Mac Auto:')
        if test "$PROCESS" != ""
        then \
           if test $MACAUTO = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS mac_auto $TMP &>$TMPFILE
           then MACAUTO=$TMP
           else \
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Mac Auto: No process specified!" 5 $BC
        fi
      ;;

    'Mac Trusted:')
        if test "$PROCESS" != ""
        then \
           if test $MACTRUST = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS mac_auto $TMP &>$TMPFILE
           then MACTRUST=$TMP
           else \
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Mac Trusted: No process specified!" 5 $BC
        fi
      ;;

    'PM TP:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM TP ID for process $PROCESS" $BL $BC "$PMTP" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_tp $TMP &>$TMPFILE
               then PMTP=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM TP: No process specified!" 5 $BC
        fi
      ;;

    'PM Current Task:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM Current Task ID for process $PROCESS" $BL $BC "$PMCTASK" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_current_task $TMP &>$TMPFILE
               then PMCTASK=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Current Task: No process specified!" 5 $BC
        fi
      ;;

    'PM Process Type:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose PM Process Type for $PROCESS" $BL $BC 4 \
                                0 `get_vname proctype 0` `onoff 0 $PMPROCTYPE` \
                                1 `get_vname proctype 1` `onoff 1 $PMPROCTYPE` \
                                2 `get_vname proctype 2` `onoff 2 $PMPROCTYPE` \
                                3 `get_vname proctype 3` `onoff 3 $PMPROCTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_process_type $TMP &>$TMPFILE
               then PMPROCTYPE=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Process Type: No process specified!" 5 $BC
        fi
      ;;

    'MS Trusted:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Trusted TCP for $PROCESS" $BL $BC 6 \
                                0 "`get_vname mstrusted 0`" `onoff 0 $MSTRUSTED` \
                                1 "`get_vname mstrusted 1`" `onoff 1 $MSTRUSTED` \
                                2 "`get_vname mstrusted 2`" `onoff 2 $MSTRUSTED` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_trusted $TMP &>$TMPFILE
               then MSTRUSTED=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Trusted: No process specified!" 5 $BC
        fi
      ;;

    'MS Sock Trusted TCP:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Sock Trusted TCP for $PROCESS" $BL $BC 6 \
                                0 "`get_vname mssock 0`" `onoff 0 $MSSOCKTCP` \
                                1 "`get_vname mssock 1`" `onoff 1 $MSSOCKTCP` \
                                2 "`get_vname mssock 2`" `onoff 2 $MSSOCKTCP` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_sock_trusted_tcp $TMP &>$TMPFILE
               then MSSOCKTCP=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Sock Trusted TCP: No process specified!" 5 $BC
        fi
      ;;

    'MS Sock Trusted UDP:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Sock Trusted UDP for $PROCESS" $BL $BC 6 \
                                0 "`get_vname mssock 0`" `onoff 0 $MSSOCKUDP` \
                                1 "`get_vname mssock 1`" `onoff 1 $MSSOCKUDP` \
                                2 "`get_vname mssock 2`" `onoff 2 $MSSOCKUDP` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_sock_trusted_udp $TMP &>$TMPFILE
               then MSSOCKUDP=$TMP
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Sock Trusted UDP: No process specified!" 5 $BC
        fi
      ;;

    'RC Current Role:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_roles >$TMPFILE
          then \
            TMP="$RCROLE"
            ROLELIST=`cat $TMPFILE`
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --default-item "$TMP" \
                       --menu "Choose RC Current Role for $PROCESS" $BL $BC $MAXLINES \
                       $ROLELIST \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
              if $RSBACPATH""attr_set_process $PROCESS rc_role $TMP &>$TMPFILE
              then RCROLE=$TMP
                break
              else \
                $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
            fi
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Current Role for process $PROCESS" $BL $BC "$RCROLE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_role $TMP &>$TMPFILE
                 then RCROLE=$TMP
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Current Role: No process specified!" 5 $BC
        fi
      ;;

    'RC Type:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_process_types >$TMPFILE
          then \
            TMP=$RCTYPE
            TYPELIST=`cat $TMPFILE`
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --default-item "$TMP" \
                       --menu "Choose RC Type for $PROCESS" $BL $BC $MAXLINES \
                      $TYPELIST \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
              if $RSBACPATH""attr_set_process $PROCESS rc_type $TMP &>$TMPFILE
              then RCTYPE=$TMP
                break
              else \
                $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
            fi
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Type for process $PROCESS" $BL $BC "$RCTYPE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_type $TMP &>$TMPFILE
                 then RCTYPE=$TMP
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Type: No process specified!" 5 $BC
        fi
      ;;

    'RC Force Role:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_roles >$TMPFILE
          then \
            TMP="$RCROLE"
            ROLELIST=`cat $TMPFILE`
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --help-button --default-item "$TMP" \
                      --menu "Choose RC Force Role for Process $PROCESS" $BL $BC $MAXLINES \
                      $RCUSERINHERIT "always inherit from user" \
                      $RCPROCINHERIT "inherit from process (keep role)" \
                      $RCMIXINHERIT "mixed inherit from proc/user (default)" \
                      $ROLELIST \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
              case "$TMP" in
                HELP*)
                  show_help "${TMP:5}"
                  TMP="${TMP:5}"
                  ;;
                *)
                  if $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP &>$TMPFILE
                  then RCFROLE=$TMP
                    break
                  else \
                    $DIALOG --title "$ERRTITLE" \
                            --backtitle "$BACKTITLE" \
                            --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                  fi
              esac
            fi
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Force Role for process $PROCESS ($RCUSERINHERIT = inherit from user (default), $RCPROCINHERIT = inherit from process (keep role))" \
                        $BL $BC "$RCROLE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP &>$TMPFILE
                 then RCFROLE=$TMP
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Force Role: No process specified!" 5 $BC
        fi
      ;;

    'AUTH May Setuid:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHSUID = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_may_setuid $TMP &>$TMPFILE
           then AUTHSUID=$TMP
           else \
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Setuid: No process specified!" 5 $BC
        fi
      ;;

    'AUTH May Set Cap:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHSCAP = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_may_set_cap $TMP &>$TMPFILE
           then AUTHSCAP=$TMP
           else \
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Set Cap: No process specified!" 5 $BC
        fi
      ;;

    'Log Program Based:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "log_program_based for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $LOGPROG" $BL $BC $MAXLINES \
              `gen_request_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_process $PROCESS log_program_based $TMP &>$TMPFILE
            then \
              LOGPROG=`$RSBACPATH""attr_get_process $PROCESS log_program_based`
            else \
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log Program Based: No process specified!" 5 $BC
        fi
      ;;

    'IPC Attributes:')
        $RSBACPATH""rsbac_ipc_menu $PROCESS
      ;;

    'ACL Menu:')
        $RSBACPATH""rsbac_acl_menu PROCESS
      ;;

    Quit)
        rm $TMPFILE ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
