/* * RSBAC REG decision module sample 1 * * Author and (c) 1999-2001 Amon Ott <ao@rsbac.org> */ #include <linux/config.h> #include <linux/module.h> #include <linux/types.h> #include <linux/kernel.h> #include <linux/string.h> #include <linux/fs.h> #include <rsbac/types.h> #include <rsbac/reg.h> #include <rsbac/adf.h> #include <rsbac/aci.h> #include <rsbac/getname.h> #include <rsbac/error.h> #include <rsbac/proc_fs.h> static u_long nr_request_calls = 0; static u_long nr_set_attr_calls = 0; static u_long nr_need_overwrite_calls = 0; static u_long nr_system_calls = 0; static void * system_call_arg = NULL; MODULE_AUTHOR("Amon Ott"); MODULE_DESCRIPTION("RSBAC REG sample decision module 1"); MODULE_PARM(name, "s"); static char * name = NULL; static char dummy_buf[70]="To protect against wrong insmod params"; MODULE_PARM(syscall_name, "s"); static char * syscall_name = NULL; static char dummy_buf2[70]="To protect against wrong insmod params"; MODULE_PARM(handle, "l"); static long handle = 123456; MODULE_PARM(syscall_registration_handle, "l"); static long syscall_registration_handle = 654321; MODULE_PARM(syscall_dispatcher_handle, "l"); static long syscall_dispatcher_handle = 1; /* PROC functions */ #if defined(CONFIG_RSBAC_PROC) #define PROC_NAME "reg_sample1" static struct proc_dir_entry * proc_reg_sample_p; #if LINUX_VERSION_CODE < KERNEL_VERSION(2,3,0) static int adf_sample_proc_info(char *buffer, char **start, off_t offset, int length, int dummy) #else static int adf_sample_proc_info(char *buffer, char **start, off_t offset, int length) #endif { int len = 0; off_t pos = 0; off_t begin = 0; union rsbac_target_id_t rsbac_target_id; union rsbac_attribute_value_t rsbac_attribute_value; if (!rsbac_is_initialized()) return (-ENOSYS); rsbac_target_id.scd = ST_rsbac; rsbac_attribute_value.dummy = 0; if (!rsbac_adf_request(R_GET_STATUS_DATA, current->pid, T_SCD, rsbac_target_id, A_none, rsbac_attribute_value)) { return -EPERM; } len += sprintf(buffer, "RSBAC REG decision module sample 1\n----------------------------------\n"); pos = begin + len; if (pos < offset) { len = 0; begin = pos; } if (pos > offset+length) goto out; len += sprintf(buffer + len, "%lu calls to request function.\n", nr_request_calls); pos = begin + len; if (pos < offset) { len = 0; begin = pos; } if (pos > offset+length) goto out; len += sprintf(buffer + len, "%lu calls to set_attr function.\n", nr_set_attr_calls); pos = begin + len; if (pos < offset) { len = 0; begin = pos; } if (pos > offset+length) goto out; len += sprintf(buffer + len, "%lu calls to need_overwrite function.\n", nr_need_overwrite_calls); pos = begin + len; if (pos < offset) { len = 0; begin = pos; } if (pos > offset+length) goto out; len += sprintf(buffer + len, "%lu calls to system_call function %lu, last arg was %p.\n", nr_system_calls, syscall_dispatcher_handle, system_call_arg); pos = begin + len; if (pos < offset) { len = 0; begin = pos; } if (pos > offset+length) goto out; out: *start = buffer + (offset - begin); len -= (offset - begin); if (len > length) len = length; return len; } #endif /* CONFIG_RSBAC_PROC */ /**** Decision Functions ****/ static int request_func ( enum rsbac_adf_request_t request, rsbac_pid_t owner_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) { /* count call, but not for SEARCH request */ if(request != R_SEARCH) nr_request_calls++; return GRANTED; } static int set_attr_func ( enum rsbac_adf_request_t request, rsbac_pid_t owner_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t new_target, union rsbac_target_id_t new_tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) { /* count call, but not for SEARCH request */ if(request != R_SEARCH) nr_set_attr_calls++; return 0; } static boolean need_overwrite_func (struct dentry * dentry_p) { nr_need_overwrite_calls++; return FALSE; } static int syscall_func (void * arg) { nr_system_calls++; system_call_arg = arg; return nr_system_calls; } /**** Init ****/ int init_module(void) { struct rsbac_reg_entry_t entry; struct rsbac_reg_syscall_entry_t syscall_entry; if(!handle) handle = 123456; if(!syscall_registration_handle) syscall_registration_handle = 654321; if(!syscall_dispatcher_handle) syscall_dispatcher_handle = 1; printk(KERN_INFO "RSBAC REG decision module sample 1: Initializing.\n"); /* clearing registration entries */ memset(&entry, 0, sizeof(entry)); memset(&syscall_entry, 0, sizeof(syscall_entry)); if((dummy_buf[0] != 'T') || (dummy_buf2[0] != 'T')) { printk(KERN_WARNING "RSBAC REG decision module sample 1: Not loaded due to invalid param string.\n"); return -ENOEXEC; } if(name) { strncpy(entry.name, name, RSBAC_REG_NAME_LEN); entry.name[RSBAC_REG_NAME_LEN] = 0; } else strcpy(entry.name, "RSBAC REG sample 1 ADF module"); printk(KERN_INFO "RSBAC REG decision module sample 1: REG Version: %u, Name: %s, Handle: %li\n", RSBAC_REG_VERSION, entry.name, handle); entry.handle = handle; entry.request_func = request_func; entry.set_attr_func = set_attr_func; entry.need_overwrite_func = need_overwrite_func; entry.switch_on = TRUE; printk(KERN_INFO "RSBAC REG decision module sample 1: Registering to ADF.\n"); if(rsbac_reg_register(RSBAC_REG_VERSION, entry) < 0) { printk(KERN_WARNING "RSBAC REG decision module sample 1: Registering failed. Unloading.\n"); return -ENOEXEC; } if(syscall_name) { strncpy(syscall_entry.name, syscall_name, RSBAC_REG_NAME_LEN); syscall_entry.name[RSBAC_REG_NAME_LEN] = 0; } else strcpy(syscall_entry.name, "RSBAC REG sample 1 syscall"); printk(KERN_INFO "RSBAC REG decision module sample 1: REG Version: %u, Name: %s, Dispatcher Handle: %li\n", RSBAC_REG_VERSION, syscall_entry.name, syscall_dispatcher_handle); syscall_entry.registration_handle = syscall_registration_handle; syscall_entry.dispatcher_handle = syscall_dispatcher_handle; syscall_entry.syscall_func = syscall_func; printk(KERN_INFO "RSBAC REG decision module sample 1: Registering syscall.\n"); syscall_registration_handle = rsbac_reg_register_syscall(RSBAC_REG_VERSION, syscall_entry); if(syscall_registration_handle < 0) { printk(KERN_WARNING "RSBAC REG decision module sample 1: Registering syscall failed. Unloading.\n"); if(rsbac_reg_unregister(handle)) { printk(KERN_ERR "RSBAC REG decision module sample 1: Unregistering failed - beware of possible system failure!\n"); } return -ENOEXEC; } #if defined(CONFIG_RSBAC_PROC) proc_reg_sample_p = create_proc_entry(PROC_NAME, S_IFREG | S_IRUGO, proc_rsbac_root_p); if(!proc_reg_sample_p) { printk(KERN_WARNING "%s: Not loaded due to failed proc entry registering.\n", name); if(rsbac_reg_unregister(handle)) { printk(KERN_ERR "RSBAC REG decision module sample 1: Unregistering failed - beware of possible system failure!\n"); } if(rsbac_reg_unregister_syscall(syscall_registration_handle)) { printk(KERN_ERR "RSBAC REG decision module sample 1: Unregistering syscall failed - beware of possible system failure!\n"); } return -ENOEXEC; } proc_reg_sample_p->get_info = adf_sample_proc_info; #endif printk(KERN_INFO "RSBAC REG decision module sample 1: Loaded.\n"); return 0; } void cleanup_module(void) { printk(KERN_INFO "RSBAC REG decision module sample 1: Unregistering.\n"); #if defined(CONFIG_RSBAC_PROC) remove_proc_entry(PROC_NAME, proc_rsbac_root_p); #endif if(rsbac_reg_unregister_syscall(syscall_registration_handle)) { printk(KERN_ERR "RSBAC REG decision module sample 1: Unregistering syscall failed - beware of possible system failure!\n"); } if(rsbac_reg_unregister(handle)) { printk(KERN_ERR "RSBAC REG decision module sample 1: Unregistering failed - beware of possible system failure!\n"); } printk(KERN_INFO "RSBAC REG decision module sample 1: Unloaded.\n"); }