inc_mount.h File Reference

Detailed Description

Defines the interface for the incomplete mount permissions module.

Author:

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA

Definition in file inc_mount.h.

#include "sechecker.h"
#include <apol/policy.h>
#include <apol/avrule-query.h>

Go to the source code of this file.


Defines
#define	SECHK_MOUNT_ONLY_MOUNT 0x01
#define	SECHK_MOUNT_ONLY_MOUNTON 0x02
Functions
int	inc_mount_register (sechk_lib_t *lib)
int	inc_mount_init (sechk_module_t mod, apol_policy_t policy, void *arg)
int	inc_mount_run (sechk_module_t mod, apol_policy_t policy, void *arg)
int	inc_mount_print (sechk_module_t mod, apol_policy_t policy, void *arg)

Define Documentation

#define SECHK_MOUNT_ONLY_MOUNT 0x01

Definition at line 38 of file inc_mount.h.

#define SECHK_MOUNT_ONLY_MOUNTON 0x02

Definition at line 39 of file inc_mount.h.

Function Documentation

int inc_mount_register

(

sechk_lib_t *

lib

)

Definition at line 39 of file inc_mount.c.

00040 {
00041         sechk_module_t *mod = NULL;
00042         sechk_fn_t *fn_struct = NULL;
00043 
00044         if (!lib) {
00045                 ERR(NULL, "%s", "no library");
00046                 errno = EINVAL;
00047                 return -1;
00048         }
00049 
00050         /* Modules are declared by the config file and their name and options
00051          * are stored in the module array.  The name is looked up to determine
00052          * where to store the function structures */
00053         mod = sechk_lib_get_module(mod_name, lib);
00054         if (!mod) {
00055                 ERR(NULL, "%s", "Module unknown");
00056                 errno = EINVAL;
00057                 return -1;
00058         }
00059         mod->parent_lib = lib;
00060 
00061         /* assign the descriptions */
00062         mod->brief_description = "domains with partial mount permissions";
00063         mod->detailed_description =
00064                 "--------------------------------------------------------------------------------\n"
00065                 "This module finds domains that have incomplete mount permissions.\n"
00066                 "In order for a mount operation to be allowed by the policy the following rules\n"
00067                 "must be present: \n"
00068                 "\n"
00069                 "   1) allow somedomain_d sometype_t : filesystem  { mount };\n"
00070                 "   2) allow somedomain_d sometype_t : dir { mounton };\n"
00071                 "\n" "This module finds domains that have only one of the rules listed above.\n";
00072         mod->opt_description =
00073                 "Module requirements:\n" "   none\n" "Module dependencies:\n" "   none\n" "Module options:\n" "   none\n";
00074         mod->severity = SECHK_SEV_MED;
00075         /* register functions */
00076         fn_struct = sechk_fn_new();
00077         if (!fn_struct) {
00078                 ERR(NULL, "%s", strerror(ENOMEM));
00079                 errno = ENOMEM;
00080                 return -1;
00081         }
00082         fn_struct->name = strdup(SECHK_MOD_FN_INIT);
00083         if (!fn_struct->name) {
00084                 ERR(NULL, "%s", strerror(ENOMEM));
00085                 errno = ENOMEM;
00086                 return -1;
00087         }
00088         fn_struct->fn = inc_mount_init;
00089         if (apol_vector_append(mod->functions, (void *)fn_struct) < 0) {
00090                 ERR(NULL, "%s", strerror(ENOMEM));
00091                 errno = ENOMEM;
00092                 return -1;
00093         }
00094 
00095         fn_struct = sechk_fn_new();
00096         if (!fn_struct) {
00097                 ERR(NULL, "%s", strerror(ENOMEM));
00098                 errno = ENOMEM;
00099                 return -1;
00100         }
00101         fn_struct->name = strdup(SECHK_MOD_FN_RUN);
00102         if (!fn_struct->name) {
00103                 ERR(NULL, "%s", strerror(ENOMEM));
00104                 errno = ENOMEM;
00105                 return -1;
00106         }
00107         fn_struct->fn = inc_mount_run;
00108         if (apol_vector_append(mod->functions, (void *)fn_struct) < 0) {
00109                 ERR(NULL, "%s", strerror(ENOMEM));
00110                 errno = ENOMEM;
00111                 return -1;
00112         }
00113 
00114         mod->data_free = NULL;
00115 
00116         fn_struct = sechk_fn_new();
00117         if (!fn_struct) {
00118                 ERR(NULL, "%s", strerror(ENOMEM));
00119                 errno = ENOMEM;
00120                 return -1;
00121         }
00122         fn_struct->name = strdup(SECHK_MOD_FN_PRINT);
00123         if (!fn_struct->name) {
00124                 ERR(NULL, "%s", strerror(ENOMEM));
00125                 errno = ENOMEM;
00126                 return -1;
00127         }
00128         fn_struct->fn = inc_mount_print;
00129         if (apol_vector_append(mod->functions, (void *)fn_struct) < 0) {
00130                 ERR(NULL, "%s", strerror(ENOMEM));
00131                 errno = ENOMEM;
00132                 return -1;
00133         }
00134 
00135         return 0;
00136 }

int inc_mount_init	(	sechk_module_t *	mod,
		apol_policy_t *	policy,
		void *	arg
	)

int inc_mount_run	(	sechk_module_t *	mod,
		apol_policy_t *	policy,
		void *	arg
	)

int inc_mount_print	(	sechk_module_t *	mod,
		apol_policy_t *	policy,
		void *	arg
	)

inc_mount.h File Reference

Detailed Description

Defines

Functions

Define Documentation

Function Documentation