#!/bin/bash
# 
# This script is used for Administration of RSBAC general file/dir attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }

#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

# not used
ATTRIBUTES="security_level object_category data_type mac_check \
            pm_object_type pm_object_class rc_type \
            log_array_low log_array_high"

# Set conf filename
RSBACCONF=/etc/rsbac.conf
# Read settings
if test -f $RSBACCONF
then . $RSBACCONF
fi
if test -f ~/.rsbacrc
then . ~/.rsbacrc
fi
if test -z "$RSBACMOD"
then RSBACMOD='GEN MAC FC SIM PM MS FF RC AUTH ACL CAP'
fi
for i in $RSBACMOD
do
  export SHOW_${i}=yes
done

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# set this to initial dir on script startup
LASTDIR='/dev'

# which dialog tool to use - dialog or kdialog or xdialog...
if test -z $DIALOG
then DIALOG=${RSBACPATH}dialog
fi
if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi
if ! $DIALOG --help 2>&1 | grep -q "help-button"
then
  echo "Newer dialog menu version >= 0.9a-20020309a with '--help-button' option" >&2
  echo "required, please use dialog from admin tools contrib dir or set" >&2
  echo "\$DIALOG to another dialog program, e.g. with rsbac_settings_menu!" >&2
  exit
fi

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC Administration Tools v1.2.2" ; fi
TITLE="`whoami`@`hostname`: RSBAC Device Administration"
HELPTITLE="`whoami`@`hostname`: RSBAC Device Administration Help"
ERRTITLE="RSBAC Device Administration - ERROR"

## no changes below this line!

show_help () {
  case "$RSBACLANG" in
    DE)
      show_help_german "$1"
      ;;
    RU)
      show_help_russian "$1"
      ;;
    *)
      show_help_english "$1"
      ;;
  esac
}

show_help_english () {
 {
  echo "$1"
  echo ""
  case "$1" in
    Quit)
        echo "Quit this menu."
      ;;

    'File/Dir List:')
        echo "Choose new device object from list."
      ;;

    "Dev special file:")
        echo "Enter new device object special file name."
      ;;

    "Follow")
        echo "Follow this symbolic link."
      ;;

    'MAC Security Level:')
        echo "Set the MAC model security level."
        echo ""
        $RSBACPATH""attr_get_file_dir -A security_level
      ;;

    'MAC Categories:')
        echo "Set the MAC model categories."
        echo ""
        $RSBACPATH""attr_get_file_dir -A mac_categories
      ;;

    'FC Object Category:')
        echo "Set the FC model object categories."
        echo ""
        $RSBACPATH""attr_get_file_dir -A object_category
      ;;

    'SIM Data Type:')
        echo "Set the SIM model data type."
        echo ""
        $RSBACPATH""attr_get_file_dir -A data_type
      ;;

    'MAC Check:')
        echo "Toggle, whether access to this device should be controlled by MAC model."
        echo ""
        $RSBACPATH""attr_get_file_dir -A mac_check
      ;;

    'PM Object Type:')
        echo "Set object type for PM model."
        echo ""
        $RSBACPATH""attr_get_file_dir -A pm_object_type
      ;;

    'PM Object Class:')
        echo "Select the PM model object class."
        echo ""
        $RSBACPATH""attr_get_file_dir -A pm_object_class
      ;;

    'RC Type:')
        echo "Select the RC model device type."
        echo ""
        $RSBACPATH""attr_get_file_dir -A rc_type
      ;;

    'Log Array Low:' | 'Log Array High:')
        echo "Choose object based logging levels for this object."
        echo ""
        $RSBACPATH""attr_get_file_dir -A log_array_low
      ;;

    'File/Dir Attributes:')
        echo "Go to File/Dir/Fifo/Symlink attribute menu."
      ;;

    'ACL Menu:')
        echo "Go to ACL menu."
      ;;

    'Reset Attributes:')
        echo "Call attr_rm_fd to get the attribute object for this device object"
        echo "removed. As result, all attribute values will be reset to their"
        echo "default values. Use with care!"
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

show_help_german () {
 {
  echo "$1"
  echo ""
  case "$1" in
    Quit)
        echo "Beende diese Men."
      ;;

    'File/Dir List:')
        echo "Whle neues Device-Objekt aus einer list."
      ;;

    "Dev special file:")
        echo "Spezial-Dateiname eines neuen Device-Objektes eingeben."
      ;;

    "Follow")
        echo "Folge diesem symbolischen Link."
      ;;

    'MAC Security Level:')
        echo "Setze den Sicherheitslevel fr das MAC-Modells."
        echo ""
        $RSBACPATH""attr_get_file_dir -A security_level
      ;;

    'MAC Categories:')
        echo "Setze die Kategorien fr das MAC-Modell."
        echo ""
        $RSBACPATH""attr_get_file_dir -A mac_categories
      ;;

    'FC Object Category:')
        echo "Setze die Objekt-Kategorien fr das FC-Modell."
        echo ""
        $RSBACPATH""attr_get_file_dir -A object_category
      ;;

    'SIM Data Type:')
        echo "Setze den Datentyp fr das SIM-Modell."
        echo ""
        $RSBACPATH""attr_get_file_dir -A data_type
      ;;

    'MAC Check:')
        echo "Umschalten, ob der Zugriff auf dieses Gert vom MAC-Modell"
        echo "geprft wird."
        echo ""
        $RSBACPATH""attr_get_file_dir -A mac_check
      ;;

    'PM Object Type:')
        echo "Setze Objekt-Typ fr das PM-Modell."
        echo ""
        $RSBACPATH""attr_get_file_dir -A pm_object_type
      ;;

    'PM Object Class:')
        echo "Setze die Objekt-Klasse fr das PM-Modell."
        echo ""
        $RSBACPATH""attr_get_file_dir -A pm_object_class
      ;;

    'RC Type:')
        echo "Setze den Gerte-Typen fr das RC-Modell."
        echo ""
        $RSBACPATH""attr_get_file_dir -A rc_type
      ;;

    'Log Array Low:' | 'Log Array High:')
        echo "Whle objektabhngige Logging-Stufen fr dieses Objekt."
        echo ""
        $RSBACPATH""attr_get_file_dir -A log_array_low
      ;;

    'File/Dir Attributes:')
        echo "Gehe zum File/Dir/Fifo/Symlink-Attributmen."
      ;;

    'ACL Menu:')
        echo "Gehe zum ACL-Men."
      ;;

    'Reset Attributes:')
        echo "Rufe attr_rm_fd auf, um die Attribut-Objekte fr dieses Gert"
        echo "zu entfernen. Als Ergebnis werden alle Attribute auf ihre"
        echo "Standardwerte zurckgesetzt. Mit Vorsicht verwenden!"
      ;;

    *)
        echo "Keine Hilfe fr $1 verfgbar!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

show_help_russian () {
 {
  echo "$1"
  echo ""
  case "$1" in
    Quit)
        echo "Quit this menu."
      ;;

    'File/Dir List:')
        echo "Choose new device object from list."
      ;;

    "Dev special file:")
        echo "Enter new device object special file name."
      ;;

    "Follow")
        echo "Follow this symbolic link."
      ;;

    'MAC Security Level:')
        echo "Set the MAC model security level."
        echo ""
        $RSBACPATH""attr_get_file_dir -A security_level
      ;;

    'MAC Categories:')
        echo "Set the MAC model categories."
        echo ""
        $RSBACPATH""attr_get_file_dir -A mac_categories
      ;;

    'FC Object Category:')
        echo "Set the FC model object categories."
        echo ""
        $RSBACPATH""attr_get_file_dir -A object_category
      ;;

    'SIM Data Type:')
        echo "Set the SIM model data type."
        echo ""
        $RSBACPATH""attr_get_file_dir -A data_type
      ;;

    'MAC Check:')
        echo "Toggle, whether access to this device should be controlled by MAC model."
        echo ""
        $RSBACPATH""attr_get_file_dir -A mac_check
      ;;

    'PM Object Type:')
        echo "Set object type for PM model."
        echo ""
        $RSBACPATH""attr_get_file_dir -A pm_object_type
      ;;

    'PM Object Class:')
        echo "Select the PM model object class."
        echo ""
        $RSBACPATH""attr_get_file_dir -A pm_object_class
      ;;

    'RC Type:')
        echo "Select the RC model device type."
        echo ""
        $RSBACPATH""attr_get_file_dir -A rc_type
      ;;

    'Log Array Low:' | 'Log Array High:')
        echo "Choose object based logging levels for this object."
        echo ""
        $RSBACPATH""attr_get_file_dir -A log_array_low
      ;;

    'File/Dir Attributes:')
        echo "Go to File/Dir/Fifo/Symlink attribute menu."
      ;;

    'ACL Menu:')
        echo "Go to ACL menu."
      ;;

    'Reset Attributes:')
        echo "Call attr_rm_fd to get the attribute object for this device object"
        echo "removed. As result, all attribute values will be reset to their"
        echo "default values. Use with care!"
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

get_attributes () {
  if test "$FILE" != "" 
    then
         if test -L "$FILE"
           then TYPE=SYMLINK
                SYMLINK="`ls -l \"$FILE\"|cut -d '>' -f 2|cut -c 2-`"
         elif test -b "$FILE"
           then TYPE=BLOCK
         elif test -c "$FILE"
           then TYPE=CHAR
         elif test -d "$FILE"
           then TYPE=DIR
                LASTDIR=`(cd "$FILE" ; pwd)`
                if test -n "$RSBACLOGFILE"
                then
                  echo "cd `pwd`" >>"$RSBACLOGFILE"
                fi
         else TYPE=NONE
         fi
         if test "$TYPE" != "BLOCK" -a "$TYPE" != "CHAR"
         then
              SECLEVEL=""
              MACCAT=""
              OBJCAT=""
              DATATYPE=""
              MACCHECK=""
              PMOBJTYPE=""
              PMCLASS=""
              RCTYPE=""
              LOGLOW=""
              LOGHIGH=""
              return
         fi
         if test "$SHOW_MAC" = "yes"
         then
           SECLEVEL=`$RSBACPATH""attr_get_file_dir DEV $FILE security_level`
           MACCAT=`$RSBACPATH""attr_get_file_dir DEV $FILE mac_categories`
           MACCHECK=`$RSBACPATH""attr_get_file_dir DEV $FILE mac_check`
         fi
         if test "$SHOW_FC" = "yes"
         then
           OBJCAT=`$RSBACPATH""attr_get_file_dir DEV $FILE object_category`
         fi
         if test "$SHOW_SIM" = "yes"
         then
           DATATYPE=`$RSBACPATH""attr_get_file_dir DEV $FILE data_type`
         fi
         if test "$SHOW_PM" = "yes"
         then
           PMOBJTYPE=`$RSBACPATH""attr_get_file_dir DEV $FILE pm_object_type`
           PMCLASS=`$RSBACPATH""attr_get_file_dir DEV $FILE pm_object_class`
         fi
         if test "$SHOW_RC" = "yes"
         then
           RCTYPE=`$RSBACPATH""attr_get_file_dir DEV $FILE rc_type`
         fi
         if test "$SHOW_GEN" = "yes"
         then
           LOGLOW=`$RSBACPATH""attr_get_file_dir DEV $FILE log_array_low`
           LOGHIGH=`$RSBACPATH""attr_get_file_dir DEV $FILE log_array_high`
         fi
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

list_item () {
   if test -L "$1"
   then echo $1 "SYMLINK->`ls -l \"$1\"|cut -d '>' -f 2|cut -c 2-`"
   elif test -b "$1"
   then echo $1 BLOCK
   elif test -c "$1"
   then echo $1 CHAR
   elif test -d "$1"
   then echo $1 DIR
   else echo $1 NONE
   fi
}

type_name () {
  if test "$TYPE" = "NONE" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item TYPE $1 type_dev_name
       then echo "(unknown)"
       fi
  fi
}

get_vname () {
  if test "$TYPE" = "NONE"
    then echo " "
         return
  fi
  if test -z "$2"
    then echo "N/A"
         return
  fi

  case $1 in
    seclevel)
      case $2 in
        0) echo unclassified
          ;;
        1) echo confidential
          ;;
        2) echo secret
          ;;
        3) echo top secret
          ;;
        252) echo max. level
          ;;
        254) echo inherit
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    objcat)
      case $2 in
        0) echo General
          ;;
        1) echo Security
          ;;
        2) echo System
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    datatype)
      case $2 in
        0) echo None
          ;;
        1) echo SI
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    maccheck)
      case $2 in
        0) echo Off
          ;;
        1) echo On
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    pmobjtype)
      case $2 in
        0) echo None
          ;;
        1) echo TP
          ;;
        2) echo Personal Data
          ;;
        3) echo Non-Personal Data
          ;;
        4) echo IPC
          ;;
        5) echo Directory
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    rctype)
      case $2 in
        Error*) echo N/A
          ;;
        Use*) echo N/A
          ;;
        *) if ! $RSBACPATH""rc_get_item TYPE $2 type_dev_name
           then echo $2
           fi
          ;;
      esac 
      ;;
    loglevel)
      case $2 in
        0) echo None
          ;;
        1) echo Denied
          ;;
        2) echo Full
          ;;
        3) echo Request
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    *) echo ERROR!
      ;;
  esac
}

gen_log_menu_items() {
  if test -e ${TMPFILE}.2
    then rm ${TMPFILE}.2
  fi
  for i in $REQUESTS
  do TMP=`$RSBACPATH""attr_get_file_dir DEV $FILE log_level $i`
     echo $i `get_vname loglevel $TMP`>>${TMPFILE}.2
  done
}

log_menu () {
  if test -z "$REQUESTS"
    then REQUESTS=`$RSBACPATH""attr_get_file_dir DEV $FILE log_level NONE 2>/dev/null|grep -v types`
  fi
  gen_log_menu_items
  while true ; do \
    if ! \
    $DIALOG --title "$TITLE" \
           --backtitle "$BACKTITLE" \
           --default-item "$REQ" \
           --menu "$FILE: Log Levels for Requests" $BL $BC `gl 37` \
                `cat ${TMPFILE}.2` \
                "Quit" "" \
         2>$TMPFILE
     then rm ${TMPFILE}.2
          LOGLOW=`$RSBACPATH""attr_get_file_dir DEV $FILE log_array_low`
          LOGHIGH=`$RSBACPATH""attr_get_file_dir DEV $FILE log_array_high`
          return
    fi
    REQ=`cat $TMPFILE`
    case "$REQ" in
      Quit)
        rm ${TMPFILE}.2
        LOGLOW=`$RSBACPATH""attr_get_file_dir DEV $FILE log_array_low`
        LOGHIGH=`$RSBACPATH""attr_get_file_dir DEV $FILE log_array_high`
        return
        ;;
      *)
        VAL=`grep "^$REQ " ${TMPFILE}.2|cut -f 2 -d ' '`
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --radiolist "Choose Log Level for $FILE / $REQ" $BL $BC 5 \
                          0 `get_vname loglevel 0` `onoff None $VAL` \
                          1 `get_vname loglevel 1` `onoff Denied $VAL` \
                          2 `get_vname loglevel 2` `onoff Full $VAL` \
                          3 `get_vname loglevel 3` `onoff Request $VAL` \
          2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if $RSBACPATH""attr_set_file_dir DEV "$FILE" log_level $REQ $TMP &>$TMPFILE
             then
               gen_log_menu_items
               if test -n "$RSBACLOGFILE"
               then
                 echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" log_level $REQ $TMP >>"$RSBACLOGFILE"
               fi
             else \
               $DIALOG --title "$ERRTITLE" \
                       --backtitle "$BACKTITLE" \
                       --msgbox "`head -n 1 $TMPFILE`" $BL $BC
             fi
        fi
    esac
done
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "(too long)"
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_file_dir DEV $FILE mac_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

declare -i MAXNAMELEN=$BC-34
name_print () {
  if test ${#1} -gt $MAXNAMELEN
  then
    declare -i START=${#1}-$MAXNAMELEN
    echo "$1" | cut -c$START-${#1}
  else
    echo "$1"
  fi
}

gen_follow_symlink () {
    case $1 in
      1)
        if test "$TYPE" = "SYMLINK"
        then
          echo 'Follow'
        fi
        ;;
      2)
        if test "$TYPE" = "SYMLINK"
        then
          echo "`name_print \"$SYMLINK\"`"
        fi
        ;;
    esac
}

###################### Menu #################

if test "$1" != ""
then FILE=$1
else FILE=$LASTDIR
fi
get_attributes $FILE

if test -n "$RSBACLOGFILE"
then
  {
    echo ""
    echo "# $0 start `date`"
    echo "cd `pwd`"
  } >>"$RSBACLOGFILE"
fi

  {
    echo 'dev_menu ()'
    echo '  {'    
    echo "    $DIALOG --title \"$TITLE\" \\"
    echo '       --backtitle "$BACKTITLE" \'
    echo '       --help-button --default-item "$CHOICE" \'
    echo '       --menu "Main DEV Menu" $BL $BC `gl 24` \'
    echo '         "File/Dir List:" "Choose from listing of last dir" \'
    echo '              "-------------------" " " \'
    echo '            "Dev special file:" "$FILE / $TYPE" \'
    echo '            `gen_follow_symlink 1` `gen_follow_symlink 2` \'
    echo '            "----------------" " " \'
    if test "$SHOW_MAC" = "yes"
    then
      echo '            "MAC Security Level:" "$SECLEVEL / `get_vname seclevel $SECLEVEL`" \'
      echo '            "MAC Categories:" "`cat_print $MACCAT`" \'
      echo '            "MAC Check:" "$MACCHECK / `get_vname maccheck $MACCHECK`" \'
    fi
    if test "$SHOW_FC" = "yes"
    then
      echo '              "FC Object Category:" "$OBJCAT / `get_vname objcat $OBJCAT`" \'
    fi
    if test "$SHOW_SIM" = "yes"
    then
      echo '              "SIM Data Type:" "$DATATYPE / `get_vname datatype $DATATYPE`" \'
    fi
    if test "$SHOW_PM" = "yes"
    then
      echo '              "PM Object Class:" "$PMCLASS" \'
      echo '              "PM Object Type:" "$PMOBJTYPE / `get_vname pmobjtype $PMOBJTYPE`" \'
    fi
    if test "$SHOW_RC" = "yes"
    then
      echo '              "RC Type:" "$RCTYPE / `get_vname rctype $RCTYPE`" \'
    fi
    if test "$SHOW_GEN" = "yes"
    then
      echo '              "Log Array Low:" "$LOGLOW" \'
      echo '              "Log Array High:" "$LOGHIGH" \'
    fi
    echo '            "----------------" " " \'
    echo '            "File/Dir Attributes:" "Go to File/Dir attribute menu" \'
    echo '            "ACL Menu:" "Go to ACL menu" \'
    echo '            "Reset Attributes:" "Reset all values to default values" \'
    echo '            "Quit" ""'
    echo '  }'
  } > $TMPFILE

. $TMPFILE

#cp $TMPFILE /tmp/menu

while true
  do
    if ! dev_menu 2>$TMPFILE
     then rm $TMPFILE ; exit
    fi


  CHOICE=`cat $TMPFILE`
  case "$CHOICE" in
    HELP*)
        show_help "${CHOICE:5}"
        CHOICE="${CHOICE:5}"
      ;;
    'File/Dir List:')
        FILETMP="$FILE"
        if test ! -d $LASTDIR
        then $LASTDIR='/'
        fi
        TMP=`ls -1ad "$LASTDIR"/* "$LASTDIR"/.*`
        while $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --default-item "$FILETMP" \
                  --menu "Device Name (choose cancel for $FILE)" $BL $BC $MAXLINES \
                         `for i in $TMP ; do list_item "$i" ; done` \
           2>$TMPFILE
        do FILETMP=`cat $TMPFILE`
          case "$FILETMP" in
            *)
              FILE="$FILETMP"
              get_attributes
              TMP=`ls -1ad "$LASTDIR"/* "$LASTDIR"/.*`
              if test -L "$FILE" -o ! -d "$FILE"
              then break
              fi
          esac
        done
      ;;

    "Dev special file:")
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Filename" $BL $BC $FILE \
           2>$TMPFILE
        then FILE=`cat $TMPFILE`
             get_attributes
        fi
      ;;

    "Follow")
        case "$SYMLINK" in
          /*)
            FILE="$SYMLINK"
            ;;
          *)
            FILE="`dirname $FILE`/$SYMLINK"
            ;;
        esac
        get_attributes
      ;;

    'MAC Security Level:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Security Level for $FILE (old value: $SECLEVEL)" $BL $BC 7 \
                                "Enter" "Numeric Value" off \
                                0 "`get_vname seclevel 0`" `onoff 0 $SECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $SECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $SECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $SECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $SECLEVEL` \
                                254 "`get_vname seclevel 254`" `onoff 254 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if test "$TMP" = "Enter"
               then
                 if $DIALOG --title "$TITLE" \
                           --backtitle "$BACKTITLE" \
                           --inputbox "MAC security level" $BL $BC "$SECLEVEL" \
                   2>$TMPFILE
                 then
                   TMP="`cat $TMPFILE`"
                   if test $TMP -gt 254
                   then
                     $DIALOG --title "$ERRTITLE" \
                            --backtitle "$BACKTITLE" \
                            --msgbox "Invalid security level value $TMP!" $BL $BC
                     TMP=""
                   fi
                 else
                   TMP=""
                 fi
               fi
               if test -n "$TMP"
               then
                 if $RSBACPATH""attr_set_file_dir DEV $FILE security_level $TMP &>$TMPFILE
                 then
                   SECLEVEL=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" security_level $TMP >>"$RSBACLOGFILE"
                   fi
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Security Level: No dev special file specified!" 5 $BC
        fi
      ;;

    'MAC Categories:')
        if test "$TYPE" != "NONE"
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "MAC Categories for device $FILE" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_file_dir DEV $FILE mac_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" mac_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_file_dir DEV $FILE mac_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" mac_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_file_dir DEV $FILE mac_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MAC Categories: No user specified!" 5 $BC
        fi
      ;;

    'FC Object Category:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Object Category for $FILE" $BL $BC 3 \
                                0 "`get_vname objcat 0`" `onoff 0 $OBJCAT` \
                                1 "`get_vname objcat 1`" `onoff 1 $OBJCAT` \
                                2 "`get_vname objcat 2`" `onoff 2 $OBJCAT` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir DEV $FILE object_category $TMP &>$TMPFILE
               then
                 OBJCAT=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" object_category $TMP >>"$RSBACLOGFILE"
                 fi
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Object Category: No dev special file specified!" 5 $BC
        fi
      ;;

    'SIM Data Type:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Data Type for $FILE" $BL $BC 2 \
                                0 "`get_vname datatype 0`" `onoff 0 $DATATYPE` \
                                1 "`get_vname datatype 1`" `onoff 1 $DATATYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir DEV $FILE data_type $TMP &>$TMPFILE
               then
                 DATATYPE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" data_type $TMP >>"$RSBACLOGFILE"
                 fi
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Data Type: No dev special file specified!" 5 $BC
        fi
      ;;

    'MAC Check:')
        if test "$TYPE" != ""
        then \
           if test $MACCHECK = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_file_dir DEV $FILE mac_check $TMP &>$TMPFILE
           then
             MACCHECK=$TMP
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" mac_check $TMP >>"$RSBACLOGFILE"
             fi
           else \
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Mac Check: No dev special file specified!" 5 $BC
        fi
      ;;


    'PM Object Type:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose PM Object Type for $FILE" $BL $BC 6 \
                                0 "`get_vname pmobjtype 0`" `onoff 0 $PMOBJTYPE` \
                                1 "`get_vname pmobjtype 1`" `onoff 1 $PMOBJTYPE` \
                                2 "`get_vname pmobjtype 2`" `onoff 2 $PMOBJTYPE` \
                                3 "`get_vname pmobjtype 3`" `onoff 3 $PMOBJTYPE` \
                                4 "`get_vname pmobjtype 4`" `onoff 4 $PMOBJTYPE` \
                                5 "`get_vname pmobjtype 5`" `onoff 5 $PMOBJTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir DEV $FILE pm_object_type $TMP &>$TMPFILE
               then
                 PMOBJTYPE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" pm_object_type $TMP >>"$RSBACLOGFILE"
                 fi
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Object Type: No dev special file specified!" 5 $BC
        fi
      ;;

    'PM Object Class:')
        if test "$TYPE" != "NONE"
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM Object Class (long integer) for $FILE" \
                                $BL $BC "$PMCLASS" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_file_dir DEV $FILE pm_object_class $TMP &>$TMPFILE
               then
                 PMCLASS=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" pm_object_class $TMP >>"$RSBACLOGFILE"
                 fi
               else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Object Class: No dev special file specified!" 5 $BC
        fi
      ;;

    'RC Type:')
        if test "$TYPE" != "NONE"
        then \
          if $RSBACPATH""rc_get_item list_dev_types >$TMPFILE
          then \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --default-item "$RCTYPE" \
                      --menu "Choose RC Type for $FILE" $BL $BC $MAXLINES \
                      `cat $TMPFILE` \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
              if $RSBACPATH""attr_set_file_dir DEV $FILE rc_type $TMP &>$TMPFILE
              then
                RCTYPE=$TMP
                if test -n "$RSBACLOGFILE"
                then
                  echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" rc_type $TMP >>"$RSBACLOGFILE"
                fi
              else \
                $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
            fi
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Type (integer) for $FILE" \
                                 $BL $BC "$RCTYPE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_file_dir DEV $FILE rc_type $TMP &>$TMPFILE
                 then
                   RCTYPE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_file_dir DEV \"$FILE\" rc_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else \
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Type: No dev special file specified!" 5 $BC
        fi
      ;;

    'Log Array Low:')
        if test "$TYPE" != "NONE"
        then \
          log_menu
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log Array Low: No dev special file specified!" 5 $BC
        fi
      ;;

    'Log Array High:')
        if test "$TYPE" != "NONE"
        then \
          log_menu
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log Array High: No dev special file specified!" 5 $BC
        fi
      ;;

    'File/Dir Attributes:')
        $RSBACPATH""rsbac_fd_menu "$FILE"
      ;;

    'ACL Menu:')
        $RSBACPATH""rsbac_acl_menu DEV "$FILE"
      ;;

    'Reset Attributes:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --yesno "Reset all attributes to default values?" 5 $BC \
             2>/dev/null
          then
            if $RSBACPATH""attr_rm_file_dir DEV "$FILE" &>$TMPFILE
            then get_attributes
            else \
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Reset Attributes: No file/dir specified!" 5 $BC
        fi
      ;;

    Quit)
        rm $TMPFILE ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC
  esac
# sleep 2
done
