/*
* RSBAC REG decision module sample 1
*
* Author and (c) 1999-2001 Amon Ott <ao@rsbac.org>
*/
#include <linux/config.h>
#include <linux/module.h>
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/string.h>
#include <linux/fs.h>
#include <rsbac/types.h>
#include <rsbac/reg.h>
#include <rsbac/adf.h>
#include <rsbac/aci.h>
#include <rsbac/getname.h>
#include <rsbac/error.h>
#include <rsbac/proc_fs.h>
static u_long nr_request_calls = 0;
static u_long nr_set_attr_calls = 0;
static u_long nr_need_overwrite_calls = 0;
static u_long nr_system_calls = 0;
static void * system_call_arg = NULL;
MODULE_AUTHOR("Amon Ott");
MODULE_DESCRIPTION("RSBAC REG sample decision module 1");
MODULE_PARM(name, "s");
static char * name = NULL;
static char dummy_buf[70]="To protect against wrong insmod params";
MODULE_PARM(syscall_name, "s");
static char * syscall_name = NULL;
static char dummy_buf2[70]="To protect against wrong insmod params";
MODULE_PARM(handle, "l");
static long handle = 123456;
MODULE_PARM(syscall_registration_handle, "l");
static long syscall_registration_handle = 654321;
MODULE_PARM(syscall_dispatcher_handle, "l");
static long syscall_dispatcher_handle = 1;
/* PROC functions */
#if defined(CONFIG_RSBAC_PROC)
#define PROC_NAME "reg_sample1"
static struct proc_dir_entry * proc_reg_sample_p;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,3,0)
static int
adf_sample_proc_info(char *buffer, char **start, off_t offset, int length, int dummy)
#else
static int
adf_sample_proc_info(char *buffer, char **start, off_t offset, int length)
#endif
{
int len = 0;
off_t pos = 0;
off_t begin = 0;
union rsbac_target_id_t rsbac_target_id;
union rsbac_attribute_value_t rsbac_attribute_value;
if (!rsbac_is_initialized())
return (-ENOSYS);
rsbac_target_id.scd = ST_rsbac;
rsbac_attribute_value.dummy = 0;
if (!rsbac_adf_request(R_GET_STATUS_DATA,
current->pid,
T_SCD,
rsbac_target_id,
A_none,
rsbac_attribute_value))
{
return -EPERM;
}
len += sprintf(buffer, "RSBAC REG decision module sample 1\n----------------------------------\n");
pos = begin + len;
if (pos < offset)
{
len = 0;
begin = pos;
}
if (pos > offset+length)
goto out;
len += sprintf(buffer + len, "%lu calls to request function.\n",
nr_request_calls);
pos = begin + len;
if (pos < offset)
{
len = 0;
begin = pos;
}
if (pos > offset+length)
goto out;
len += sprintf(buffer + len, "%lu calls to set_attr function.\n",
nr_set_attr_calls);
pos = begin + len;
if (pos < offset)
{
len = 0;
begin = pos;
}
if (pos > offset+length)
goto out;
len += sprintf(buffer + len, "%lu calls to need_overwrite function.\n",
nr_need_overwrite_calls);
pos = begin + len;
if (pos < offset)
{
len = 0;
begin = pos;
}
if (pos > offset+length)
goto out;
len += sprintf(buffer + len, "%lu calls to system_call function %lu, last arg was %p.\n",
nr_system_calls,
syscall_dispatcher_handle,
system_call_arg);
pos = begin + len;
if (pos < offset)
{
len = 0;
begin = pos;
}
if (pos > offset+length)
goto out;
out:
*start = buffer + (offset - begin);
len -= (offset - begin);
if (len > length)
len = length;
return len;
}
#endif /* CONFIG_RSBAC_PROC */
/**** Decision Functions ****/
static int request_func ( enum rsbac_adf_request_t request,
rsbac_pid_t owner_pid,
enum rsbac_target_t target,
union rsbac_target_id_t tid,
enum rsbac_attribute_t attr,
union rsbac_attribute_value_t attr_val,
rsbac_uid_t owner)
{
/* count call, but not for SEARCH request */
if(request != R_SEARCH)
nr_request_calls++;
return GRANTED;
}
static int set_attr_func ( enum rsbac_adf_request_t request,
rsbac_pid_t owner_pid,
enum rsbac_target_t target,
union rsbac_target_id_t tid,
enum rsbac_target_t new_target,
union rsbac_target_id_t new_tid,
enum rsbac_attribute_t attr,
union rsbac_attribute_value_t attr_val,
rsbac_uid_t owner)
{
/* count call, but not for SEARCH request */
if(request != R_SEARCH)
nr_set_attr_calls++;
return 0;
}
static boolean need_overwrite_func (struct dentry * dentry_p)
{
nr_need_overwrite_calls++;
return FALSE;
}
static int syscall_func (void * arg)
{
nr_system_calls++;
system_call_arg = arg;
return nr_system_calls;
}
/**** Init ****/
int init_module(void)
{
struct rsbac_reg_entry_t entry;
struct rsbac_reg_syscall_entry_t syscall_entry;
if(!handle)
handle = 123456;
if(!syscall_registration_handle)
syscall_registration_handle = 654321;
if(!syscall_dispatcher_handle)
syscall_dispatcher_handle = 1;
printk(KERN_INFO "RSBAC REG decision module sample 1: Initializing.\n");
/* clearing registration entries */
memset(&entry, 0, sizeof(entry));
memset(&syscall_entry, 0, sizeof(syscall_entry));
if((dummy_buf[0] != 'T') || (dummy_buf2[0] != 'T'))
{
printk(KERN_WARNING "RSBAC REG decision module sample 1: Not loaded due to invalid param string.\n");
return -ENOEXEC;
}
if(name)
{
strncpy(entry.name, name, RSBAC_REG_NAME_LEN);
entry.name[RSBAC_REG_NAME_LEN] = 0;
}
else
strcpy(entry.name, "RSBAC REG sample 1 ADF module");
printk(KERN_INFO "RSBAC REG decision module sample 1: REG Version: %u, Name: %s, Handle: %li\n",
RSBAC_REG_VERSION, entry.name, handle);
entry.handle = handle;
entry.request_func = request_func;
entry.set_attr_func = set_attr_func;
entry.need_overwrite_func = need_overwrite_func;
entry.switch_on = TRUE;
printk(KERN_INFO "RSBAC REG decision module sample 1: Registering to ADF.\n");
if(rsbac_reg_register(RSBAC_REG_VERSION, entry) < 0)
{
printk(KERN_WARNING "RSBAC REG decision module sample 1: Registering failed. Unloading.\n");
return -ENOEXEC;
}
if(syscall_name)
{
strncpy(syscall_entry.name, syscall_name, RSBAC_REG_NAME_LEN);
syscall_entry.name[RSBAC_REG_NAME_LEN] = 0;
}
else
strcpy(syscall_entry.name, "RSBAC REG sample 1 syscall");
printk(KERN_INFO "RSBAC REG decision module sample 1: REG Version: %u, Name: %s, Dispatcher Handle: %li\n",
RSBAC_REG_VERSION, syscall_entry.name, syscall_dispatcher_handle);
syscall_entry.registration_handle = syscall_registration_handle;
syscall_entry.dispatcher_handle = syscall_dispatcher_handle;
syscall_entry.syscall_func = syscall_func;
printk(KERN_INFO "RSBAC REG decision module sample 1: Registering syscall.\n");
syscall_registration_handle = rsbac_reg_register_syscall(RSBAC_REG_VERSION, syscall_entry);
if(syscall_registration_handle < 0)
{
printk(KERN_WARNING "RSBAC REG decision module sample 1: Registering syscall failed. Unloading.\n");
if(rsbac_reg_unregister(handle))
{
printk(KERN_ERR "RSBAC REG decision module sample 1: Unregistering failed - beware of possible system failure!\n");
}
return -ENOEXEC;
}
#if defined(CONFIG_RSBAC_PROC)
proc_reg_sample_p = create_proc_entry(PROC_NAME,
S_IFREG | S_IRUGO,
proc_rsbac_root_p);
if(!proc_reg_sample_p)
{
printk(KERN_WARNING "%s: Not loaded due to failed proc entry registering.\n", name);
if(rsbac_reg_unregister(handle))
{
printk(KERN_ERR "RSBAC REG decision module sample 1: Unregistering failed - beware of possible system failure!\n");
}
if(rsbac_reg_unregister_syscall(syscall_registration_handle))
{
printk(KERN_ERR "RSBAC REG decision module sample 1: Unregistering syscall failed - beware of possible system failure!\n");
}
return -ENOEXEC;
}
proc_reg_sample_p->get_info = adf_sample_proc_info;
#endif
printk(KERN_INFO "RSBAC REG decision module sample 1: Loaded.\n");
return 0;
}
void cleanup_module(void)
{
printk(KERN_INFO "RSBAC REG decision module sample 1: Unregistering.\n");
#if defined(CONFIG_RSBAC_PROC)
remove_proc_entry(PROC_NAME, proc_rsbac_root_p);
#endif
if(rsbac_reg_unregister_syscall(syscall_registration_handle))
{
printk(KERN_ERR "RSBAC REG decision module sample 1: Unregistering syscall failed - beware of possible system failure!\n");
}
if(rsbac_reg_unregister(handle))
{
printk(KERN_ERR "RSBAC REG decision module sample 1: Unregistering failed - beware of possible system failure!\n");
}
printk(KERN_INFO "RSBAC REG decision module sample 1: Unloaded.\n");
}
