#!/bin/bash
# 
# This script is used for Administration of RSBAC general process attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }
#
# We also need the proc fs mounted.
[ ! -f /proc/stat ] && { echo "This menu requires proc fs mounted" 1>&2; exit 1; }
#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

# Set conf filename
RSBACCONF=/etc/rsbac.conf
# Read settings
if test -f $RSBACCONF
then . $RSBACCONF
fi
if test -f ~/.rsbacrc
then . ~/.rsbacrc
fi
if test -z "$RSBACMOD"
then RSBACMOD='GEN MAC FC SIM PM MS FF RC AUTH ACL CAP JAIL RES'
fi
for i in $RSBACMOD
do
  export SHOW_${i}=yes
done

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# which dialog tool to use - dialog or kdialog or xdialog...
if test -z $DIALOG
then DIALOG=${RSBACPATH}dialog
fi
if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi
if ! $DIALOG --help 2>&1 | grep -q "help-button"
then
  echo "Newer dialog menu version >= 0.9a-20020309a with '--help-button' option" >&2
  echo "required, please use dialog from admin tools contrib dir or set" >&2
  echo "\$DIALOG to another dialog program, e.g. with rsbac_settings_menu!" >&2
  exit
fi

# test for LINES and COLUMNS (should be exported e.g. in /etc/profile)
if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10
gl () {
  if test $1 -gt $MAXLINES
  then echo $MAXLINES
  else echo $1
  fi
}

if test -z "$BACKTITLE"
  then BACKTITLE="RSBAC Administration Tools v1.2.2" ; fi
TITLE="`whoami`@`hostname`: RSBAC Process Administration"
HELPTITLE="`whoami`@`hostname`: RSBAC Process Administration Help"
ERRTITLE="RSBAC Process Administration - ERROR"

#RCUSERINHERIT=64
#RCPROCINHERIT=65
#RCPARINHERIT=66
#RCMIXINHERIT=67
RCTYPEINHPROC=4294967295
RCTYPEINHPAR=4294967294
RCUSERINHERIT=4294967295
RCPROCINHERIT=4294967294
RCPARINHERIT=4294967293
RCMIXINHERIT=4294967292
RCUSEFR=4294967291

show_help () {
  case "$RSBACLANG" in
    *)
      show_help_english "$1"
      ;;
  esac
}

show_help_english () {
 {
  echo "$1"
  echo ""
  case "$1" in
    'Process List:')
        echo "Choose new process object from list."
      ;;

    "Process:")
        echo "Enter new process ID."
      ;;

    'Owner Security Level:')
        echo "MAC model maximum security level of the process owner at the time of process"
        echo "creation (fork). Also used as maximum possible level."
        echo ""
        $RSBACPATH""attr_get_process -A security_level
      ;;

    'Owner Initial Security Level:')
        echo "MAC model initial security level of the process owner at the time of process"
        echo "creation (fork) or execution."
        echo ""
        $RSBACPATH""attr_get_process -A initial_security_level
      ;;

    'Owner Min Security Level:')
        echo "MAC model minimum security level of the process owner at the time of process"
        echo "creation (fork). Also used as minimum possible level."
        echo ""
        $RSBACPATH""attr_get_process -A min_security_level
      ;;

    'Owner MAC Categories:')
        echo "MAC model maximum category set of the process owner at the time of process"
        echo "creation (fork). Also used as maximum possible category set."
        echo ""
        $RSBACPATH""attr_get_process -A mac_categories
      ;;

    'Owner MAC Initial Categories:')
        echo "MAC model initial category set of the process owner at the time of process"
        echo "creation (fork) or execute."
        echo ""
        $RSBACPATH""attr_get_process -A mac_initial_categories
      ;;

    'Owner MAC Min Categories:')
        echo "MAC model minimum category set of the process owner at the time of process"
        echo "creation (fork). Also used as minimum possible category set."
        echo ""
        $RSBACPATH""attr_get_process -A mac_min_categories
      ;;

    'Current Security Level:')
        echo "Current MAC model security level of the process. Must always be less"
        echo "than or equal to Owner Security Level and Min Write Open (except when"
        echo "process is MAC trusted) and at least Max Read Open."
        echo ""
        $RSBACPATH""attr_get_process -A current_sec_level
      ;;

    'Current MAC Categories:')
        echo "Current MAC model category set of the process. Must always be subset"
        echo "of Owner MAC Categories and Min Write Categories (except when process"
        echo "is MAC trusted) and superset of Max Read Categories."
        echo ""
        $RSBACPATH""attr_get_process -A mac_curr_categories
      ;;

    'Min Write Open:')
        echo "Minimum MAC security level of all objects this process has ever opened"
        echo "for writing since the last EXECUTE. Used as upper boundary for Current"
        echo "Security Level (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A min_write_open
      ;;

    'Min Write Categories:')
        echo "Maximum MAC category subset of all objects this process has ever opened"
        echo "for writing since the last EXECUTE. Used as upper boundary for Current"
        echo "MAC Categories (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A min_write_categories
      ;;

    'Max Read Open:')
        echo "Maximum MAC security level of all objects this process has ever opened"
        echo "for reading since the last EXECUTE. Used as lower boundary for Current"
        echo "Security Level (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A max_read_open
      ;;

    'Max Read Categories:')
        echo "Minimum MAC category superset of all objects this process has ever opened"
        echo "for reading since the last EXECUTE. Used as lower boundary for Current"
        echo "MAC categories (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A max_read_categories
      ;;

    'Mac Process Flags:')
        echo "The MAC Process flags allow to give a user some special MAC rights."
        echo ""
        $RSBACPATH""attr_get_process -A mac_process_flags
      ;;

    'PM TP:')
        echo "The PM model transaction procedure ID."
        echo ""
        $RSBACPATH""attr_get_process -A pm_tp
      ;;

    'PM Current Task:')
        echo "The PM model current task of this process."
        echo ""
        $RSBACPATH""attr_get_process -A pm_current_task
      ;;

    'PM Process Type:')
        echo "Set process type for PM model."
        echo ""
        $RSBACPATH""attr_get_process -A pm_process_type
      ;;

    'MS Trusted:')
        echo "Toggle, whether this process is an MS trusted process. Only trusted"
        echo "processes may open infected files."
        echo ""
        $RSBACPATH""attr_get_process -A ms_trusted
      ;;

    'MS Sock Trusted TCP:')
        echo "Toggle, whether this process file is an MS trusted process for TCP"
        echo "sockets. Only processes, which are TCP trusted, can read from a TCP"
        echo "socket, which has been marked as infected."
        echo ""
        $RSBACPATH""attr_get_process -A ms_sock_trusted_tcp
      ;;

    'MS Sock Trusted UDP:')
        echo "Toggle, whether this process file is an MS trusted process for UDP"
        echo "sockets. Only processes, which are UDP trusted, can read from a UDP"
        echo "socket, which has been marked as infected."
        echo ""
        $RSBACPATH""attr_get_process -A ms_sock_trusted_udp
      ;;

    'RC Current Role:')
        echo "Select the RC model current role."
        echo ""
        $RSBACPATH""attr_get_process -A rc_role
      ;;

    'RC Type:')
        echo "Select the RC model process object type."
        echo ""
        $RSBACPATH""attr_get_process -A rc_type
      ;;

    'RC Force Role:')
        echo "Select an RC role, which is kept for this process as long as the same"
        echo "program runs. User default roles are ignored even on a CHANGE_OWNER"
        echo "(setuid)."
        echo ""
        $RSBACPATH""attr_get_process -A rc_force_role
      ;;

    'AUTH May Setuid:')
        echo "Toggle, whether this process is allowed to CHANGE_OWNER (setuid) to"
        echo "any user ID by AUTH model."
        echo ""
        $RSBACPATH""attr_get_process -A auth_may_setuid
      ;;

    'AUTH May Set Cap:')
        echo "Toggle, whether this process may set AUTH setuid capabilities for any"
        echo "process (but not for files)."
        echo "This flag is useful e.g. for authentication daemons. See AUTH"
        echo "description for details."
        echo ""
        $RSBACPATH""attr_get_process -A auth_may_set_cap
      ;;

    'JAIL ID:')
        echo "Specify the JAIL ID. If you set this to 0, the process becomes"
        echo "unjailed."
        echo ""
        $RSBACPATH""attr_get_process -A jail_id
      ;;

    'JAIL IP:')
        echo "Specify the IP address for this jailed process."
        echo "If you set this to 0.0.0.0, the process may use any address."
        echo ""
        $RSBACPATH""attr_get_process -A jail_ip
      ;;

    'JAIL Flags:')
        echo "Specify the JAIL Flags."
        echo ""
        $RSBACPATH""attr_get_process -A jail_flags
      ;;

    'Log Program Based:')
        echo "Specify the request types, which should always be logged, when"
        echo "issued by this process."
        echo ""
        $RSBACPATH""attr_get_process -A log_program_based
      ;;

    'CAP Process Hiding:')
        echo "Let process properties be hidden from noone, other users or every user."
        echo "Note: CAP Security Officers and Admins may always read the properties."
        echo ""
        $RSBACPATH""attr_get_process -A cap_process_hiding
      ;;

    'IPC Attributes:')
        echo "Go to IPC attribute menu."
      ;;

    'ACL Menu:')
        echo "Go to ACL menu."
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

get_attributes () {
  if test "$1" != "" 
    then \
#         OWNER=`$RSBACPATH""attr_get_process $1 owner`
#         if test -z "$OWNER"
#         then OWNER=`ps axu|cut -c 1-14|grep ' '$1'$'|cut -f 1 -d ' '`
#         fi
         OWNER=`ps axu|cut -c 1-14|grep ' '$1'$'|cut -f 1 -d ' '`
         if $RSBACPATH""attr_get_user $OWNER user_nr >$TMPFILE
         then OWNER=`cat $TMPFILE`
              OWNERNAME=`$RSBACPATH""attr_get_user $OWNER user_name`
         fi
         if test "$SHOW_MAC" = "yes"
         then
           SECLEVEL=`$RSBACPATH""attr_get_process $1 security_level`
           ISECLEVEL=`$RSBACPATH""attr_get_process $1 initial_security_level`
           MSECLEVEL=`$RSBACPATH""attr_get_process $1 min_security_level`
           MACCAT=`$RSBACPATH""attr_get_process $1 mac_categories`
           MACICAT=`$RSBACPATH""attr_get_process $1 mac_initial_categories`
           MACMCAT=`$RSBACPATH""attr_get_process $1 mac_min_categories`
           CURRSECL=`$RSBACPATH""attr_get_process $1 current_sec_level`
           CURRCAT=`$RSBACPATH""attr_get_process $1 mac_curr_categories`
           MINWRITE=`$RSBACPATH""attr_get_process $1 min_write_open`
           MINWCAT=`$RSBACPATH""attr_get_process $1 min_write_categories`
           MAXREAD=`$RSBACPATH""attr_get_process $1 max_read_open`
           MAXRCAT=`$RSBACPATH""attr_get_process $1 max_read_categories`
           MACFLAGS=`$RSBACPATH""attr_get_process $1 mac_process_flags`
         fi
         if test "$SHOW_PM" = "yes"
         then
           PMTP=`$RSBACPATH""attr_get_process $1 pm_tp`
           PMCTASK=`$RSBACPATH""attr_get_process $1 pm_current_task`
           PMPROCTYPE=`$RSBACPATH""attr_get_process $1 pm_process_type`
         fi
         if test "$SHOW_MS" = "yes"
         then
           MSTRUSTED=`$RSBACPATH""attr_get_process $1 ms_trusted`
           MSSOCKTCP=`$RSBACPATH""attr_get_process $1 ms_sock_trusted_tcp`
           MSSOCKUDP=`$RSBACPATH""attr_get_process $1 ms_sock_trusted_udp`
         fi
         if test "$SHOW_RC" = "yes"
         then
           RCROLE=`$RSBACPATH""attr_get_process $1 rc_role`
           RCTYPE=`$RSBACPATH""attr_get_process $1 rc_type`
           RCFROLE=`$RSBACPATH""attr_get_process $1 rc_force_role`
         fi
         if test "$SHOW_AUTH" = "yes"
         then
           AUTHSUID=`$RSBACPATH""attr_get_process $1 auth_may_setuid`
           AUTHSCAP=`$RSBACPATH""attr_get_process $1 auth_may_set_cap`
         fi
         if test "$SHOW_CAP" = "yes"
         then
           PROCHIDE=`$RSBACPATH""attr_get_process $1 cap_process_hiding`
         fi
         if test "$SHOW_JAIL" = "yes"
         then
           JAILID=`$RSBACPATH""attr_get_process $1 jail_id`
           JAILIP=`$RSBACPATH""attr_get_process $1 jail_ip`
           JAILFLAGS=`$RSBACPATH""attr_get_process $1 jail_flags`
         fi
         if test "$SHOW_GEN" = "yes"
         then
           LOGPROG=`$RSBACPATH""attr_get_process $1 log_program_based`
         fi
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

list_item () {
   TMP2=""
   if test -f /proc/$1/cmdline
   then TMP2=`cat /proc/$1/stat|cut -f 2 -d ' '`
   fi
   if test "$TMP2" = ""
   then echo "not_available"
   else echo $TMP2
   fi
}

role_name () {
  if test -z "$PROCESS" -o -z "$1"
  then echo " "
  else \
      case $1 in
        $RCUSERINHERIT) echo "always inherit from user"
          ;;
        $RCPROCINHERIT) echo "inherit from process (keep)"
          ;;
        $RCPARINHERIT) echo "inherit from parent (keep)"
          ;;
        $RCMIXINHERIT) echo "inh. from user on chown only"
          ;;
        Error*) echo N/A
          ;;
        Use*) echo N/A
          ;;
        *) if ! $RSBACPATH""rc_get_item ROLE $1 name 2>/dev/null
           then echo $1
           fi
          ;;
      esac 
  fi
}

type_name () {
  if test -z "$PROCESS" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item TYPE $1 type_process_name 2>/dev/null
       then echo "(unknown)"
       fi
  fi
}

get_vname () {
  case $1 in
    seclevel)
      case $2 in
        0) echo unclassified
          ;;
        1) echo confidential
          ;;
        2) echo secret
          ;;
        3) echo top secret
          ;;
        252) echo max. level
          ;;
        253) echo rsbac-internal
          ;;
        254) echo inherit
          ;;
      esac 
      ;;
    pmproctype)
      case $2 in
        0) echo None
          ;;
        1) echo TP
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mssock)
      case $2 in
        0) echo Not Trusted
          ;;
        1) echo Active
          ;;
        2) echo Full
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mstrusted)
      case $2 in
        0) echo Not trusted
          ;;
        1) echo Read trusted
          ;;
        2) echo Full trusted
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    prochiding)
      case $2 in
        0) echo Off
          ;;
        1) echo From other users
          ;;
        2) echo Full
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    onoff)
      case $2 in
        0) echo Off
          ;;
        1) echo On
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
  esac
}

full_name () {
  if test "$1" = ""
  then echo "*unknown*"
  else
    if ! $RSBACPATH""attr_get_user "$1" full_name 2>/dev/null
    then echo "*unknown*"
    fi
  fi
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "(too long)"
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_initial_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_initial_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_min_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_min_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_curr_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_curr_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_max_read_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS max_read_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_min_write_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS min_write_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_request_list () {
    if test -z "$REQUESTS"
      then REQUESTS=`$RSBACPATH""attr_get_process -n`
    fi
    SETREQUESTS=`$RSBACPATH""attr_get_process -p $PROCESS log_program_based`
    for i in $REQUESTS
    do
      if echo $SETREQUESTS | grep -q $i
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

gen_mac_flags_menu_items() {
    if (($MACFLAGS & 1)) ; then echo 1 override on
    else echo 1 override off
    fi
    if (($MACFLAGS & 2)) ; then echo 2 auto on
    else echo 2 auto off
    fi
    if (($MACFLAGS & 4)) ; then echo 4 trusted on
    else echo 4 trusted off
    fi
    if (($MACFLAGS & 8)) ; then echo 8 write_up on
    else echo 8 write_up off
    fi
    if (($MACFLAGS & 16)) ; then echo 16 read_up on
    else echo 16 read_up off
    fi
    if (($MACFLAGS & 32)) ; then echo 32 write_down on
    else echo 32 write_down off
    fi
    if (($MACFLAGS & 128)) ; then echo 128 prop_trusted on
    else echo 128 prop_trusted off
    fi
    if (($MACFLAGS & 256)) ; then echo 256 program_auto on
    else echo 256 program_auto off
    fi
}

mac_flags_menu () {
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --separate-output \
         --checklist "Process $PROCESS: MAC Process Flags" $BL $BC `gl 8` \
              `gen_mac_flags_menu_items` \
       2>$TMPFILE
   then return
  fi
  FLAGS_ON=`cat $TMPFILE`
  declare -i VAL=0
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
  for i in $FLAGS_ON ; do \
    VAL=$VAL+$i
  done
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
#  sleep 2
  if $RSBACPATH""attr_set_process $PROCESS mac_process_flags $VAL &>$TMPFILE
    then MACFLAGS=$VAL
      if test -n "$RSBACLOGFILE"
      then
        echo $RSBACPATH""attr_set_process $PROCESS mac_process_flags $VAL >>"$RSBACLOGFILE"
      fi
    else \
      $DIALOG --title "$ERRTITLE" \
             --backtitle "$BACKTITLE" \
             --msgbox "`head -n 1 $TMPFILE`" $BL $BC
    fi
  return
}


gen_jail_flags_menu_items() {
    if (($JAILFLAGS & 1)) ; then echo 1 allow_external_ipc on
    else echo 1 allow_external_ipc off
    fi
    if (($JAILFLAGS & 2)) ; then echo 2 allow_all_net_family on
    else echo 2 allow_all_net_family off
    fi
    if (($JAILFLAGS & 4)) ; then echo 4 allow_rlimit on
    else echo 4 allow_rlimit off
    fi
    if (($JAILFLAGS & 8)) ; then echo 8 allow_inet_raw on
    else echo 8 allow_inet_raw off
    fi
    if (($JAILFLAGS & 16)) ; then echo 16 auto_adjust_inet_any on
    else echo 16 auto_adjust_inet_any off
    fi
}

jail_flags_menu () {
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --separate-output \
         --checklist "Process $PROCESS: JAIL Flags" $BL $BC `gl 5` \
              `gen_jail_flags_menu_items` \
       2>$TMPFILE
   then return
  fi
  FLAGS_ON=`cat $TMPFILE`
  declare -i VAL=0
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
  for i in $FLAGS_ON ; do \
    VAL=$VAL+$i
  done
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
#  sleep 2
  if $RSBACPATH""attr_set_process $PROCESS jail_flags $VAL &>$TMPFILE
  then
    JAILFLAGS=$VAL
    if test -n "$RSBACLOGFILE"
    then
      echo $RSBACPATH""attr_set_process $PROCESS jail_flags $VAL >>"$RSBACLOGFILE"
    fi
  else
    $DIALOG --title "$ERRTITLE" \
            --backtitle "$BACKTITLE" \
            --msgbox "`head -n 1 $TMPFILE`" $BL $BC
  fi
  return
}

if test "$1" != ""
then PROCESS=$1
else PROCESS=$$
fi
if test -n "$RSBACLOGFILE"
then
  {
    echo ""
    echo "# $0 start `date`"
  } >>"$RSBACLOGFILE"
fi
get_attributes $PROCESS

  {
    echo 'process_menu ()'
    echo '  {'    
    echo "    $DIALOG --title \"$TITLE\" \\"
    echo '       --backtitle "$BACKTITLE" \'
    echo '       --help-button --default-item "$CHOICE" \'
    echo '       --menu "Main Process Menu" $BL $BC `gl 40` \'
    echo '            "Process List:" "Choose process from list" \'
    echo '            "-------------------" " " \'
    echo '            "Process:" "$PROCESS / `list_item $PROCESS`" \'
    echo '            "Owner:" "$OWNER / $OWNERNAME / `full_name $OWNER`" \'
    if test "$SHOW_MAC" = "yes"
    then
      echo '            "Owner Security Level:" "$SECLEVEL / `get_vname seclevel $SECLEVEL`" \'
      echo '            "Owner Initial Security Level:" "$ISECLEVEL / `get_vname seclevel $ISECLEVEL`" \'
      echo '            "Owner Min Security Level:" "$MSECLEVEL / `get_vname seclevel $MSECLEVEL`" \'
      echo '            "Owner MAC Categories:" "`cat_print $MACCAT`" \'
      echo '            "Owner MAC Initial Categories:" "`cat_print $MACICAT`" \'
      echo '            "Owner MAC Min Categories:" "`cat_print $MACMCAT`" \'
      echo '            "Current Security Level:" "$CURRSECL / `get_vname seclevel $CURRSECL`" \'
      echo '            "Current MAC Categories:" "`cat_print $CURRCAT`" \'
      echo '            "Min Write Open:" "$MINWRITE / `get_vname seclevel $MINWRITE`" \'
      echo '            "Min Write Categories:" "`cat_print $MINWCAT`" \'
      echo '            "Max Read Open:" "$MAXREAD / `get_vname seclevel $MAXREAD`" \'
      echo '            "Max Read Categories:" "`cat_print $MAXRCAT`" \'
      echo '            "Mac Process Flags:" "$MACFLAGS" \'
    fi
    if test "$SHOW_PM" = "yes"
    then
      echo '            "PM TP:" "$PMTP" \'
      echo '            "PM Current Task:" "$PMCTASK" \'
      echo '            "PM Process Type:" "$PMPROCTYPE / `get_vname pmproctype $PMPROCTYPE`" \'
    fi
    if test "$SHOW_MS" = "yes"
    then
      echo '            "MS Trusted:" "$MSTRUSTED / `get_vname mstrusted $MSTRUSTED`" \'
      echo '            "MS Sock Trusted TCP:" "$MSSOCKTCP / `get_vname mssock $MSSOCKTCP`" \'
      echo '            "MS Sock Trusted UDP:" "$MSSOCKUDP / `get_vname mssock $MSSOCKUDP`" \'
    fi
    if test "$SHOW_RC" = "yes"
    then
      echo '            "RC Current Role:" "$RCROLE / `role_name $RCROLE`" \'
      echo '            "RC Type:" "$RCTYPE / `type_name $RCTYPE`" \'
      echo '            "RC Force Role:" "$RCFROLE / `role_name $RCFROLE`" \'
    fi
    if test "$SHOW_AUTH" = "yes"
    then
      echo '            "AUTH May Setuid:" "$AUTHSUID / `get_vname onoff $AUTHSUID`" \'
      echo '            "AUTH May Set Cap:" "$AUTHSCAP / `get_vname onoff $AUTHSCAP`" \'
    fi
    if test "$SHOW_CAP" = "yes"
    then
      echo '            "CAP Process Hiding:" "$PROCHIDE / `get_vname prochiding $PROCHIDE`" \'
    fi
    if test "$SHOW_JAIL" = "yes"
    then
      echo '            "JAIL ID:" "$JAILID" \'
      echo '            "JAIL IP:" "$JAILIP" \'
      echo '            "JAIL Flags:" "$JAILFLAGS" \'
    fi
    if test "$SHOW_GEN" = "yes"
    then
      echo '            "Log Program Based:" "$LOGPROG" \'
    fi
    echo '            "----------------" " " \'
    echo '            "IPC Attributes:" "Go to IPC attribute menu" \'
    echo '            "ACL Menu:" "Go to ACL menu" \'
    echo '            "----------------" " " \'
    echo '            "Quit" ""'
    echo '  }'
  } > $TMPFILE

. $TMPFILE

#cp $TMPFILE /tmp/menu

while true
  do
    if ! process_menu 2>$TMPFILE
     then rm $TMPFILE ; exit
    fi


  CHOICE=`cat $TMPFILE`
  case "$CHOICE" in
    HELP*)
        show_help "${CHOICE:5}"
        CHOICE="${CHOICE:5}"
      ;;
    Process:)
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Process ID" $BL $BC $PROCESS \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if test -d /proc/$TMP
             then PROCESS=$TMP
                  get_attributes $PROCESS
             else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Process: Unknown process $TMP!" 5 $BC
             fi
        fi
      ;;

    'Process List:')
        TMP=`ps axh|cut -c 1-5|sort -n`
#        echo `for i in $TMP ; do echo $i "\`list_item $i\`" ; done`
#        sleep 2
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --default-item "$PROCESS" \
                   --menu "Process" $BL $BC $MAXLINES \
                         `for i in $TMP ; do echo $i "\`list_item $i\`" ; done` \
           2>$TMPFILE
        then TMP2=`cat $TMPFILE`
          if test -d /proc/$TMP
          then PROCESS=$TMP2
               get_attributes $PROCESS
               break
          else \
              $DIALOG --title "$ERRTITLE" \
                      --backtitle "$BACKTITLE" \
                      --msgbox "Process: Unknown process $TMP2!" 5 $BC
          fi
        fi
      ;;

    'Owner Security Level:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Owner Maximum Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $SECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $SECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $SECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $SECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS security_level $TMP &>$TMPFILE
               then
                 SECLEVEL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS security_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Owner Initial Security Level:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Owner Initial Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $ISECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $ISECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $ISECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $ISECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $ISECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS initial_security_level $TMP &>$TMPFILE
               then
                 ISECLEVEL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS initial_security_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner Initial Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Owner Min Security Level:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Owner Minimum Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MSECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MSECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MSECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MSECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MSECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS min_security_level $TMP &>$TMPFILE
               then
                 MSECLEVEL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS min_security_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner Min Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Owner MAC Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Owner MAC Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_process $PROCESS mac_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner MAC Categories: No process specified!" 5 $BC
        fi
      ;;

    'Owner MAC Initial Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Owner MAC Initial Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACICAT" $BL $BC $MAXLINES \
                    `gen_initial_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_initial_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_initial_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_initial_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_initial_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACICAT=`$RSBACPATH""attr_get_process $PROCESS mac_initial_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner MAC Min Categories: No process specified!" 5 $BC
        fi
      ;;

    'Owner MAC Min Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Owner MAC Min Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACMCAT" $BL $BC $MAXLINES \
                    `gen_min_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_min_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_min_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_min_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_min_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACMCAT=`$RSBACPATH""attr_get_process $PROCESS mac_min_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner MAC Min Categories: No process specified!" 5 $BC
        fi
      ;;

    'Current Security Level:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Current Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $CURRSECL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $CURRSECL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $CURRSECL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $CURRSECL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $CURRSECL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS current_sec_level $TMP &>$TMPFILE
               then
                 CURRSECL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS current_sec_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Current Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Current MAC Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Current MAC Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $CURRCAT" $BL $BC $MAXLINES \
                    `gen_curr_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               CURRCAT=`$RSBACPATH""attr_get_process $PROCESS mac_curr_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Current MAC Categories: No process specified!" 5 $BC
        fi
      ;;

    'Min Write Open:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Min Write Open for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MINWRITE` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MINWRITE` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MINWRITE` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MINWRITE` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MINWRITE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS min_write_open $TMP &>$TMPFILE
               then
                 MINWRITE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS min_write_open $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Min Write Open: No process specified!" 5 $BC
        fi
      ;;

    'Min Write Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Min Write Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MINWCAT" $BL $BC $MAXLINES \
                    `gen_min_write_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MINWCAT=`$RSBACPATH""attr_get_process $PROCESS min_write_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Min Write Categories: No process specified!" 5 $BC
        fi
      ;;

    'Max Read Open:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Max Read Open for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MAXREAD` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MAXREAD` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MAXREAD` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MAXREAD` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MAXREAD` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS max_read_open $TMP &>$TMPFILE
               then
                 MAXREAD=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS max_read_open $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Max Read Open: No process specified!" 5 $BC
        fi
      ;;

    'Max Read Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Max Read Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MAXRCAT" $BL $BC $MAXLINES \
                    `gen_max_read_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MAXRCAT=`$RSBACPATH""attr_get_process $PROCESS max_read_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Max Read Categories: No process specified!" 5 $BC
        fi
      ;;

    'Mac Process Flags:')
        if test "$PROCESS" != ""
        then
          mac_flags_menu
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Mac Process Flags: No process specified!" 5 $BC
        fi
      ;;

    'PM TP:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM TP ID for process $PROCESS" $BL $BC "$PMTP" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_tp $TMP &>$TMPFILE
               then
                 PMTP=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS pm_tp $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM TP: No process specified!" 5 $BC
        fi
      ;;

    'PM Current Task:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM Current Task ID for process $PROCESS" $BL $BC "$PMCTASK" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_current_task $TMP &>$TMPFILE
               then
                 PMCTASK=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS pm_current_task $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Current Task: No process specified!" 5 $BC
        fi
      ;;

    'PM Process Type:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose PM Process Type for $PROCESS" $BL $BC 4 \
                                0 `get_vname proctype 0` `onoff 0 $PMPROCTYPE` \
                                1 `get_vname proctype 1` `onoff 1 $PMPROCTYPE` \
                                2 `get_vname proctype 2` `onoff 2 $PMPROCTYPE` \
                                3 `get_vname proctype 3` `onoff 3 $PMPROCTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_process_type $TMP &>$TMPFILE
               then
                 PMPROCTYPE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS pm_process_type $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Process Type: No process specified!" 5 $BC
        fi
      ;;

    'MS Trusted:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Trusted for $PROCESS" $BL $BC 6 \
                                0 "`get_vname mstrusted 0`" `onoff 0 $MSTRUSTED` \
                                1 "`get_vname mstrusted 1`" `onoff 1 $MSTRUSTED` \
                                2 "`get_vname mstrusted 2`" `onoff 2 $MSTRUSTED` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_trusted $TMP &>$TMPFILE
               then
                 MSTRUSTED=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS ms_trusted $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Trusted: No process specified!" 5 $BC
        fi
      ;;

    'MS Sock Trusted TCP:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Sock Trusted TCP for $PROCESS" $BL $BC 6 \
                                0 "`get_vname mssock 0`" `onoff 0 $MSSOCKTCP` \
                                1 "`get_vname mssock 1`" `onoff 1 $MSSOCKTCP` \
                                2 "`get_vname mssock 2`" `onoff 2 $MSSOCKTCP` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_sock_trusted_tcp $TMP &>$TMPFILE
               then
                 MSSOCKTCP=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS ms_sock_trusted_tcp $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Sock Trusted TCP: No process specified!" 5 $BC
        fi
      ;;

    'MS Sock Trusted UDP:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose MS Sock Trusted UDP for $PROCESS" $BL $BC 6 \
                                0 "`get_vname mssock 0`" `onoff 0 $MSSOCKUDP` \
                                1 "`get_vname mssock 1`" `onoff 1 $MSSOCKUDP` \
                                2 "`get_vname mssock 2`" `onoff 2 $MSSOCKUDP` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS ms_sock_trusted_udp $TMP &>$TMPFILE
               then
                 MSSOCKUDP=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS ms_sock_trusted_udp $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "MS Sock Trusted UDP: No process specified!" 5 $BC
        fi
      ;;

    'RC Current Role:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_roles >$TMPFILE
          then \
            TMP="$RCROLE"
            ROLELIST=`cat $TMPFILE`
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --default-item "$TMP" \
                       --menu "Choose RC Current Role for $PROCESS" $BL $BC $MAXLINES \
                       $ROLELIST \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
              if $RSBACPATH""attr_set_process $PROCESS rc_role $TMP &>$TMPFILE
              then
                RCROLE=$TMP
                if test -n "$RSBACLOGFILE"
                then
                  echo $RSBACPATH""attr_set_process $PROCESS rc_role $TMP >>"$RSBACLOGFILE"
                fi
              else \
                $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
            fi
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Current Role for process $PROCESS" $BL $BC "$RCROLE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_role $TMP &>$TMPFILE
                 then
                   RCROLE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS rc_role $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Current Role: No process specified!" 5 $BC
        fi
      ;;

    'RC Type:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_process_types >$TMPFILE
          then \
            TMP=$RCTYPE
            TYPELIST=`cat $TMPFILE`
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --default-item "$TMP" \
                       --menu "Choose RC Type for $PROCESS" $BL $BC $MAXLINES \
                      $TYPELIST \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
              if $RSBACPATH""attr_set_process $PROCESS rc_type $TMP &>$TMPFILE
              then
                RCTYPE=$TMP
                if test -n "$RSBACLOGFILE"
                then
                  echo $RSBACPATH""attr_set_process $PROCESS rc_type $TMP >>"$RSBACLOGFILE"
                fi
              else
                $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
            fi
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Type for process $PROCESS" $BL $BC "$RCTYPE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_type $TMP &>$TMPFILE
                 then
                   RCTYPE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS rc_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Type: No process specified!" 5 $BC
        fi
      ;;

    'RC Force Role:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_roles >$TMPFILE
          then \
            TMP="$RCROLE"
            ROLELIST=`cat $TMPFILE`
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --help-button --default-item "$TMP" \
                      --menu "Choose RC Force Role for Process $PROCESS" $BL $BC $MAXLINES \
                      $RCUSERINHERIT "always inherit from user" \
                      $RCPROCINHERIT "inherit from process (keep role)" \
                      $RCMIXINHERIT "mixed inherit from proc/user (default)" \
                      $ROLELIST \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
              case "$TMP" in
                HELP*)
                  show_help "${TMP:5}"
                  TMP="${TMP:5}"
                  ;;
                *)
                  if $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP &>$TMPFILE
                  then
                    RCFROLE=$TMP
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP >>"$RSBACLOGFILE"
                    fi
                    break
                  else \
                    $DIALOG --title "$ERRTITLE" \
                            --backtitle "$BACKTITLE" \
                            --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                  fi
              esac
            fi
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Force Role for process $PROCESS ($RCUSERINHERIT = inherit from user (default), $RCPROCINHERIT = inherit from process (keep role))" \
                        $BL $BC "$RCROLE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP &>$TMPFILE
                 then
                   RCFROLE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Force Role: No process specified!" 5 $BC
        fi
      ;;

    'AUTH May Setuid:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHSUID = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_may_setuid $TMP &>$TMPFILE
           then
             AUTHSUID=$TMP
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""attr_set_process $PROCESS auth_may_setuid $TMP >>"$RSBACLOGFILE"
             fi
           else
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Setuid: No process specified!" 5 $BC
        fi
      ;;

    'AUTH May Set Cap:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHSCAP = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_may_set_cap $TMP &>$TMPFILE
           then
             AUTHSCAP=$TMP
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""attr_set_process $PROCESS auth_may_set_cap $TMP >>"$RSBACLOGFILE"
             fi
           else
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Set Cap: No process specified!" 5 $BC
        fi
      ;;

    'JAIL ID:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "JAIL ID for process $PROCESS" $BL $BC "$JAILID" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS jail_id $TMP &>$TMPFILE
               then
                 JAILID=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS jail_id $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "JAIL ID: No process specified!" 5 $BC
        fi
      ;;

    'JAIL IP:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "JAIL IP for process $PROCESS" $BL $BC "$JAILIP" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS jail_ip $TMP &>$TMPFILE
               then
                 JAILIP=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS jail_ip $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "JAIL IP: No process specified!" 5 $BC
        fi
      ;;

    'JAIL Flags:')
        if test "$PROCESS" != ""
        then \
          jail_flags_menu
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "JAIL Flags: No process specified!" 5 $BC
        fi
      ;;

    'Log Program Based:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "log_program_based for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $LOGPROG" $BL $BC $MAXLINES \
              `gen_request_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_process $PROCESS log_program_based $TMP &>$TMPFILE
            then
              LOGPROG=`$RSBACPATH""attr_get_process $PROCESS log_program_based`
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""attr_set_process $PROCESS log_program_based $TMP >>"$RSBACLOGFILE"
              fi
            else
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log Program Based: No process specified!" 5 $BC
        fi
      ;;

    'CAP Process Hiding:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose CAP Process Hiding for process $PROCESS" $BL $BC 6 \
                                0 "`get_vname prochiding 0`" `onoff 0 $PROCHIDE` \
                                1 "`get_vname prochiding 1`" `onoff 1 $PROCHIDE` \
                                2 "`get_vname prochiding 2`" `onoff 2 $PROCHIDE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS cap_process_hiding $TMP &>$TMPFILE
               then
                 PROCHIDE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS cap_process_hiding $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "CAP Process Hiding: No process specified!" 5 $BC
        fi
      ;;

    'IPC Attributes:')
        $RSBACPATH""rsbac_ipc_menu $PROCESS
      ;;

    'ACL Menu:')
        $RSBACPATH""rsbac_acl_menu PROCESS
      ;;

    Quit)
        rm $TMPFILE ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
