#!/bin/bash
# 
# This script is used for Administration of RSBAC general process attributes
#
#
# Make sure we're really running bash.
#
[ -z "$BASH" ] && { echo "This menu requires bash" 1>&2; exit 1; }
#
# We also need the proc fs mounted.
[ ! -f /proc/stat ] && { echo "This menu requires proc fs mounted" 1>&2; exit 1; }
#
# Cache function definitions, turn off posix compliance
#
set -h +o posix

# Set conf filename
RSBACCONF=/etc/rsbac.conf
# Read settings
if test -f $RSBACCONF
then . $RSBACCONF
fi
if test -f ~/.rsbacrc
then . ~/.rsbacrc
fi
if test -z "$RSBACMOD"
then RSBACMOD='GEN MAC PM DAZ FF RC AUTH ACL CAP JAIL RES PAX'
fi
for i in $RSBACMOD
do
  export SHOW_${i}=yes
done

# The dir for tmp files
if test -z "$TMPDIR" ; then TMPDIR=/tmp ; fi

# This must be a unique temporary filename
if ! TMPFILE=`mktemp -q $TMPDIR/rsbac_dialog.XXXXXX`
then
  TMPFILE=$TMPDIR/rsbac_dialog.$$
  if test -e $TMPFILE
  then rm $TMPFILE
  fi
fi

# set this to rsbac bin dir, if not in path (trailing / is mandatory!)
#
#if test -z "$RSBACPATH" ; then RSBACPATH=./ ; fi

# which dialog tool to use - dialog or kdialog or xdialog...
if test -z $DIALOG
then DIALOG=${RSBACPATH}dialog
fi
if ! $DIALOG --clear
then
  echo $DIALOG menu program required! >&2
  exit
fi
if ! $DIALOG --help 2>&1 | grep -q "help-button"
then
  echo "Newer dialog menu version >= 0.9a-20020309a with '--help-button' option" >&2
  echo "required, please use dialog from admin tools contrib dir or set" >&2
  echo "\$DIALOG to another dialog program, e.g. with rsbac_settings_menu!" >&2
  exit
fi

set_geometry ()
{
        BL=${1:-24}
        BC=${2:-80}
        [ $BL = 0 ] && BL=24
        [ $BC = 0 ] && BC=80
        export LINES=$BL
        export COLUMNS=$BC
        BL=$((BL-4))
        BC=$((BC-5))
        MAXLINES=$((LINES-10))
}

set_geometry `stty size 2>/dev/null`

gl ()
{
        if test $1 -gt $MAXLINES
        then echo $MAXLINES
        else echo $1
        fi
}

if test -z "$LINES" ; then LINES=25 ; fi
if test -z "$COLUMNS" ; then COLUMNS=80 ; fi
export LINES
export COLUMNS
declare -i BL=$LINES-4
declare -i BC=$COLUMNS-4
declare -i MAXLINES=$LINES-10

if test -z "$BACKTITLE"
then BACKTITLE="RSBAC Administration Tools 1.3.6"
fi
TITLE="`whoami`@`hostname`: RSBAC Process Administration"
HELPTITLE="`whoami`@`hostname`: RSBAC Process Administration Help"
ERRTITLE="RSBAC Process Administration - ERROR"

#RCUSERINHERIT=64
#RCPROCINHERIT=65
#RCPARINHERIT=66
#RCMIXINHERIT=67
RCTYPEINHPROC=4294967295
RCTYPEINHPAR=4294967294
RCUSERINHERIT=4294967295
RCPROCINHERIT=4294967294
RCPARINHERIT=4294967293
RCMIXINHERIT=4294967292
RCUSEFR=4294967291

show_help () {
  case "$RSBACLANG" in
    *)
      show_help_english "$1"
      ;;
  esac
}

show_help_english () {
 {
  echo "$1"
  echo ""
  case "$1" in
    'Process List:')
        echo "Choose new process object from list."
      ;;

    "Process:")
        echo "Enter new process ID."
      ;;

    'Owner Security Level:')
        echo "MAC model maximum security level of the process owner at the time of process"
        echo "creation (fork). Also used as maximum possible level."
        echo ""
        $RSBACPATH""attr_get_process -A security_level
      ;;

    'Owner Initial Security Level:')
        echo "MAC model initial security level of the process owner at the time of process"
        echo "creation (fork) or execution."
        echo ""
        $RSBACPATH""attr_get_process -A initial_security_level
      ;;

    'Owner Min Security Level:')
        echo "MAC model minimum security level of the process owner at the time of process"
        echo "creation (fork). Also used as minimum possible level."
        echo ""
        $RSBACPATH""attr_get_process -A min_security_level
      ;;

    'Owner MAC Categories:')
        echo "MAC model maximum category set of the process owner at the time of process"
        echo "creation (fork). Also used as maximum possible category set."
        echo ""
        $RSBACPATH""attr_get_process -A mac_categories
      ;;

    'Owner MAC Initial Categories:')
        echo "MAC model initial category set of the process owner at the time of process"
        echo "creation (fork) or execute."
        echo ""
        $RSBACPATH""attr_get_process -A mac_initial_categories
      ;;

    'Owner MAC Min Categories:')
        echo "MAC model minimum category set of the process owner at the time of process"
        echo "creation (fork). Also used as minimum possible category set."
        echo ""
        $RSBACPATH""attr_get_process -A mac_min_categories
      ;;

    'Current Security Level:')
        echo "Current MAC model security level of the process. Must always be less"
        echo "than or equal to Owner Security Level and Min Write Open (except when"
        echo "process is MAC trusted) and at least Max Read Open."
        echo ""
        $RSBACPATH""attr_get_process -A current_sec_level
      ;;

    'Current MAC Categories:')
        echo "Current MAC model category set of the process. Must always be subset"
        echo "of Owner MAC Categories and Min Write Categories (except when process"
        echo "is MAC trusted) and superset of Max Read Categories."
        echo ""
        $RSBACPATH""attr_get_process -A mac_curr_categories
      ;;

    'Min Write Open:')
        echo "Minimum MAC security level of all objects this process has ever opened"
        echo "for writing since the last EXECUTE. Used as upper boundary for Current"
        echo "Security Level (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A min_write_open
      ;;

    'Min Write Categories:')
        echo "Maximum MAC category subset of all objects this process has ever opened"
        echo "for writing since the last EXECUTE. Used as upper boundary for Current"
        echo "MAC Categories (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A min_write_categories
      ;;

    'Max Read Open:')
        echo "Maximum MAC security level of all objects this process has ever opened"
        echo "for reading since the last EXECUTE. Used as lower boundary for Current"
        echo "Security Level (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A max_read_open
      ;;

    'Max Read Categories:')
        echo "Minimum MAC category superset of all objects this process has ever opened"
        echo "for reading since the last EXECUTE. Used as lower boundary for Current"
        echo "MAC categories (*-property)."
        echo ""
        $RSBACPATH""attr_get_process -A max_read_categories
      ;;

    'Mac Process Flags:')
        echo "The MAC Process flags allow to give a user some special MAC rights."
        echo ""
        $RSBACPATH""attr_get_process -A mac_process_flags
      ;;

    'PM TP:')
        echo "The PM model transaction procedure ID."
        echo ""
        $RSBACPATH""attr_get_process -A pm_tp
      ;;

    'PM Current Task:')
        echo "The PM model current task of this process."
        echo ""
        $RSBACPATH""attr_get_process -A pm_current_task
      ;;

    'PM Process Type:')
        echo "Set process type for PM model."
        echo ""
        $RSBACPATH""attr_get_process -A pm_process_type
      ;;

    'DAZ Scanner:')
        echo "Toggle, whether this process is a DAZ scanner. Only scanners"
        echo "may attach to the Dazuko interface."
        echo ""
        $RSBACPATH""attr_get_process -A daz_scanner
      ;;

    'RC Current Role:')
        echo "Select the RC model current role."
        echo ""
        $RSBACPATH""attr_get_process -A rc_role
      ;;

    'RC Type:')
        echo "Select the RC model process object type."
        echo ""
        $RSBACPATH""attr_get_process -A rc_type
      ;;

    'RC Force Role:')
        echo "Select an RC role, which is kept for this process as long as the same"
        echo "program runs. User default roles are ignored even on a CHANGE_OWNER"
        echo "(setuid)."
        echo ""
        $RSBACPATH""attr_get_process -A rc_force_role
      ;;

    'AUTH May Setuid:')
        echo "Toggle, whether this process is allowed to CHANGE_OWNER (setuid) to"
        echo "any user ID by AUTH model."
        echo ""
        $RSBACPATH""attr_get_process -A auth_may_setuid
      ;;

    'AUTH May Set Cap:')
        echo "Toggle, whether this process may set AUTH setuid capabilities for any"
        echo "process (but not for files)."
        echo "This flag is useful e.g. for authentication daemons. See AUTH"
        echo "description for details."
        echo ""
        $RSBACPATH""attr_get_process -A auth_may_set_cap
      ;;

    'AUTH Learn:')
        echo "Toggle, whether this process runs in AUTH learning mode to get missing"
        echo "AUTH caps added automatically."
        echo "Learning mode must be enabled in RSBAC kernel config."
        echo ""
        $RSBACPATH""attr_get_process -A auth_learn
      ;;

    'JAIL ID:')
        echo "Specify the JAIL ID. If you set this to 0, the process becomes"
        echo "unjailed."
        echo ""
        $RSBACPATH""attr_get_process -A jail_id
      ;;

    'JAIL Parent:')
        echo "Specify the JAIL Parent. If you set this to 0, the process has"
        echo "no parent jail."
        echo ""
        $RSBACPATH""attr_get_process -A jail_parent
      ;;

    'JAIL IP:')
        echo "Specify the IP address for this jailed process."
        echo "If you set this to 0.0.0.0, the process may use any address."
        echo ""
        $RSBACPATH""attr_get_process -A jail_ip
      ;;

    'JAIL Flags:')
        echo "Specify the JAIL Flags."
        echo ""
        $RSBACPATH""attr_get_process -A jail_flags
      ;;

    'Log Program Based:')
        echo "Specify the request types, which should always be logged, when"
        echo "issued by this process."
        echo ""
        $RSBACPATH""attr_get_process -A log_program_based
      ;;

    'Fake Root UID:')
        echo "Fake result of getuid() and/or geteuid() for this process."
        echo ""
        $RSBACPATH""attr_get_file_dir -A fake_root_uid
      ;;

    'Audit UID:')
        echo "The first non-0 real uid is saved as audit_uid when a"
        echo "process setuids away from it. The audit_uid shows up"
        echo "in all request logs to find the original user e.g. when"
        echo "working with su."
        echo ""
        $RSBACPATH""attr_get_file_dir -A audit_uid
      ;;

    'Audit UID Exempt:')
        echo "Usually, the first non-0 real uid is saved as audit_uid when"
        echo "a process setuids away from it."
        echo "If an auid_exempt value is set, this exempt uid works like 0:"
        echo "setting another uid away from this uid does _not_ lead to an"
        echo "audit_uid being set. The auid_exempt is e.g. needed for sshd"
        echo "with privilege separation, which uses an intermediate uid"
        echo "for network operations."
        echo ""
        $RSBACPATH""attr_get_file_dir -A auid_exempt
      ;;

    'CAP Process Hiding:')
        echo "Let process properties be hidden from noone, other users or every user."
        echo "Note: CAP Security Officers and Admins may always read the properties."
        echo ""
        $RSBACPATH""attr_get_process -A cap_process_hiding
      ;;

    'PAX Flags:')
        echo "Show the effective PAX flags."
        echo ""
        $RSBACPATH""attr_get_process -A pax_flags
      ;;

    'IPC Attributes:')
        echo "Go to IPC attribute menu."
      ;;

    'ACL Menu:')
        echo "Go to ACL menu."
      ;;

    Quit)
        echo "Quit this menu."
      ;;

    *)
        echo "No help for $1 available!"
  esac
 } > $TMPFILE
  $DIALOG --title "$HELPTITLE" \
          --backtitle "$BACKTITLE" \
          --textbox $TMPFILE $BL $BC
#  sleep 1
}

get_attributes () {
  if test "$1" != "" 
    then \
#         OWNER=`$RSBACPATH""attr_get_process $1 owner`
#         if test -z "$OWNER"
#         then OWNER=`ps axu|cut -c 1-14|grep ' '$1'$'|cut -f 1 -d ' '`
#         fi
         OWNER=`ps axu|cut -c 1-14|grep ' '$1'$'|cut -f 1 -d ' '`
         if $RSBACPATH""attr_get_user $OWNER user_nr >$TMPFILE
         then OWNER=`cat $TMPFILE`
              OWNERNAME=`$RSBACPATH""attr_get_user $OWNER user_name`
         fi
         if test "$SHOW_MAC" = "yes"
         then
           SECLEVEL=`$RSBACPATH""attr_get_process $1 security_level`
           ISECLEVEL=`$RSBACPATH""attr_get_process $1 initial_security_level`
           MSECLEVEL=`$RSBACPATH""attr_get_process $1 min_security_level`
           MACCAT=`$RSBACPATH""attr_get_process $1 mac_categories`
           MACICAT=`$RSBACPATH""attr_get_process $1 mac_initial_categories`
           MACMCAT=`$RSBACPATH""attr_get_process $1 mac_min_categories`
           CURRSECL=`$RSBACPATH""attr_get_process $1 current_sec_level`
           CURRCAT=`$RSBACPATH""attr_get_process $1 mac_curr_categories`
           MINWRITE=`$RSBACPATH""attr_get_process $1 min_write_open`
           MINWCAT=`$RSBACPATH""attr_get_process $1 min_write_categories`
           MAXREAD=`$RSBACPATH""attr_get_process $1 max_read_open`
           MAXRCAT=`$RSBACPATH""attr_get_process $1 max_read_categories`
           MACFLAGS=`$RSBACPATH""attr_get_process $1 mac_process_flags`
         fi
         if test "$SHOW_PM" = "yes"
         then
           PMTP=`$RSBACPATH""attr_get_process $1 pm_tp`
           PMCTASK=`$RSBACPATH""attr_get_process $1 pm_current_task`
           PMPROCTYPE=`$RSBACPATH""attr_get_process $1 pm_process_type`
         fi
         if test "$SHOW_DAZ" = "yes"
         then
           DAZSCANNER=`$RSBACPATH""attr_get_process $1 daz_scanner`
         fi
         if test "$SHOW_RC" = "yes"
         then
           RCROLE=`$RSBACPATH""attr_get_process $1 rc_role`
           RCTYPE=`$RSBACPATH""attr_get_process $1 rc_type`
           RCFROLE=`$RSBACPATH""attr_get_process $1 rc_force_role`
         fi
         if test "$SHOW_AUTH" = "yes"
         then
           AUTHSUID=`$RSBACPATH""attr_get_process $1 auth_may_setuid`
           AUTHSCAP=`$RSBACPATH""attr_get_process $1 auth_may_set_cap`
           AUTHLEARN=`$RSBACPATH""attr_get_process $1 auth_learn`
         fi
         if test "$SHOW_CAP" = "yes"
         then
           PROCHIDE=`$RSBACPATH""attr_get_process $1 cap_process_hiding`
         fi
         if test "$SHOW_JAIL" = "yes"
         then
           JAILID=`$RSBACPATH""attr_get_process $1 jail_id`
           JAILPARENT=`$RSBACPATH""attr_get_process $1 jail_parent`
           JAILIP=`$RSBACPATH""attr_get_process $1 jail_ip`
           JAILFLAGS=`$RSBACPATH""attr_get_process $1 jail_flags`
         fi
         if test "$SHOW_PAX" = "yes"
         then
           PAXFLAGS=`$RSBACPATH""attr_get_process $1 pax_flags`
         fi
         if test "$SHOW_GEN" = "yes"
         then
           LOGPROG=`$RSBACPATH""attr_get_process $1 log_program_based`
           FAKERUID=`$RSBACPATH""attr_get_process $1 fake_root_uid`
           AUDITUID=`$RSBACPATH""attr_get_process $1 audit_uid`
           AUIDEXEM=`$RSBACPATH""attr_get_process $1 auid_exempt`
         fi
  fi
}

onoff () {
   if test "$1" = "$2"
     then echo on
   else echo off
   fi
}

onoffb () {
   if test "$1" = "1"
     then echo on
   else echo off
   fi
}

list_item () {
   TMP2=""
   if test -f /proc/$1/cmdline
   then TMP2=`cat /proc/$1/stat|cut -f 2 -d ' '`
   fi
   if test "$TMP2" = ""
   then echo "not_available"
   else echo $TMP2
   fi
}

role_name () {
  if test -z "$PROCESS" -o -z "$1"
  then echo " "
  else \
      case $1 in
        $RCUSERINHERIT) echo "always inherit from user"
          ;;
        $RCPROCINHERIT) echo "inherit from process (keep)"
          ;;
        $RCPARINHERIT) echo "inherit from parent (keep)"
          ;;
        $RCMIXINHERIT) echo "inh. from user on chown only"
          ;;
        Error*) echo N/A
          ;;
        Use*) echo N/A
          ;;
        *) if ! $RSBACPATH""rc_get_item ROLE $1 name 2>/dev/null
           then echo $1
           fi
          ;;
      esac 
  fi
}

type_name () {
  if test -z "$PROCESS" -o -z "$1"
  then echo " "
  else if ! $RSBACPATH""rc_get_item TYPE $1 type_process_name 2>/dev/null
       then echo "(unknown)"
       fi
  fi
}

get_vname () {
  case $1 in
    seclevel)
      case $2 in
        0) echo unclassified
          ;;
        1) echo confidential
          ;;
        2) echo secret
          ;;
        3) echo top secret
          ;;
        252) echo max. level
          ;;
        253) echo rsbac-internal
          ;;
        254) echo inherit
          ;;
      esac 
      ;;
    pmproctype)
      case $2 in
        0) echo None
          ;;
        1) echo TP
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mssock)
      case $2 in
        0) echo Not Trusted
          ;;
        1) echo Active
          ;;
        2) echo Full
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    mstrusted)
      case $2 in
        0) echo Not trusted
          ;;
        1) echo Read trusted
          ;;
        2) echo Full trusted
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    fakeruid)
      case $2 in
        0) echo off
          ;;
        1) echo uid only
          ;;
        2) echo euid only
          ;;
        3) echo both
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    prochiding)
      case $2 in
        0) echo Off
          ;;
        1) echo From other users
          ;;
        2) echo Full
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
    onoff)
      case $2 in
        0) echo Off
          ;;
        1) echo On
          ;;
        *) echo N/A
          ;;
      esac 
      ;;
  esac
}

full_name () {
  if test "$1" = ""
  then echo "*unknown*"
  else
    if ! $RSBACPATH""attr_get_user "$1" full_name 2>/dev/null
    then echo "*unknown*"
    fi
  fi
}

declare -i MAXCATLEN=$BC-38
cat_print () {
  if test $MAXCATLEN -ge 64
  then echo $1
  else echo "(too long)"
  fi
}

gen_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_initial_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_initial_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_min_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_min_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_curr_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS mac_curr_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_max_read_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS max_read_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_min_write_cat_list () {
    for i in $*
    do
      TMP=`$RSBACPATH""attr_get_process $PROCESS min_write_categories $i`
      echo $i `onoffb $TMP` `onoffb $TMP`
    done
}

gen_request_list () {
    if test -z "$REQUESTS"
      then REQUESTS=`$RSBACPATH""attr_get_process -n`
    fi
    SETREQUESTS=`$RSBACPATH""attr_get_process -p $PROCESS log_program_based`
    for i in $REQUESTS
    do
      if echo $SETREQUESTS | grep -q "\\<$i\\>"
      then
        echo $i on on
      else
        echo $i off off
      fi
    done
}

gen_mac_flags_menu_items() {
    if (($MACFLAGS & 1)) ; then echo 1 override on
    else echo 1 override off
    fi
    if (($MACFLAGS & 2)) ; then echo 2 auto on
    else echo 2 auto off
    fi
    if (($MACFLAGS & 4)) ; then echo 4 trusted on
    else echo 4 trusted off
    fi
    if (($MACFLAGS & 8)) ; then echo 8 write_up on
    else echo 8 write_up off
    fi
    if (($MACFLAGS & 16)) ; then echo 16 read_up on
    else echo 16 read_up off
    fi
    if (($MACFLAGS & 32)) ; then echo 32 write_down on
    else echo 32 write_down off
    fi
    if (($MACFLAGS & 128)) ; then echo 128 prop_trusted on
    else echo 128 prop_trusted off
    fi
    if (($MACFLAGS & 256)) ; then echo 256 program_auto on
    else echo 256 program_auto off
    fi
}

mac_flags_menu () {
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --separate-output \
         --checklist "Process $PROCESS: MAC Process Flags" $BL $BC `gl 8` \
              `gen_mac_flags_menu_items` \
       2>$TMPFILE
   then return
  fi
  FLAGS_ON=`cat $TMPFILE`
  declare -i VAL=0
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
  for i in $FLAGS_ON ; do \
    VAL=$VAL+$i
  done
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
#  sleep 2
  if $RSBACPATH""attr_set_process $PROCESS mac_process_flags $VAL &>$TMPFILE
    then MACFLAGS=$VAL
      if test -n "$RSBACLOGFILE"
      then
        echo $RSBACPATH""attr_set_process $PROCESS mac_process_flags $VAL >>"$RSBACLOGFILE"
      fi
    else \
      $DIALOG --title "$ERRTITLE" \
             --backtitle "$BACKTITLE" \
             --msgbox "`head -n 1 $TMPFILE`" $BL $BC
    fi
  return
}


gen_jail_flags_menu_items() {
    if (($JAILFLAGS & 1)) ; then echo 1 allow_external_ipc on
    else echo 1 allow_external_ipc off
    fi
    if (($JAILFLAGS & 2)) ; then echo 2 allow_all_net_family on
    else echo 2 allow_all_net_family off
    fi
    if (($JAILFLAGS & 4)) ; then echo 4 allow_rlimit on
    else echo 4 allow_rlimit off
    fi
    if (($JAILFLAGS & 8)) ; then echo 8 allow_inet_raw on
    else echo 8 allow_inet_raw off
    fi
    if (($JAILFLAGS & 16)) ; then echo 16 auto_adjust_inet_any on
    else echo 16 auto_adjust_inet_any off
    fi
}

jail_flags_menu () {
  if ! \
  $DIALOG --title "$TITLE" \
         --backtitle "$BACKTITLE" \
         --separate-output \
         --checklist "Process $PROCESS: JAIL Flags" $BL $BC `gl 5` \
              `gen_jail_flags_menu_items` \
       2>$TMPFILE
   then return
  fi
  FLAGS_ON=`cat $TMPFILE`
  declare -i VAL=0
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
  for i in $FLAGS_ON ; do \
    VAL=$VAL+$i
  done
#  echo FLAGS_ON is $FLAGS_ON, VAL is $VAL
#  sleep 2
  if $RSBACPATH""attr_set_process $PROCESS jail_flags $VAL &>$TMPFILE
  then
    JAILFLAGS=$VAL
    if test -n "$RSBACLOGFILE"
    then
      echo $RSBACPATH""attr_set_process $PROCESS jail_flags $VAL >>"$RSBACLOGFILE"
    fi
  else
    $DIALOG --title "$ERRTITLE" \
            --backtitle "$BACKTITLE" \
            --msgbox "`head -n 1 $TMPFILE`" $BL $BC
  fi
  return
}

if test "$1" != ""
then PROCESS=$1
else PROCESS=$$
fi
if test -n "$RSBACLOGFILE"
then
  {
    echo ""
    echo "# $0 start `date`"
  } >>"$RSBACLOGFILE"
fi
get_attributes $PROCESS

  {
    echo 'process_menu ()'
    echo '  {'    
    echo "    $DIALOG --title \"$TITLE\" \\"
    echo '       --backtitle "$BACKTITLE" \'
    echo '       --help-button --default-item "$CHOICE" \'
    echo '       --menu "Main Process Menu" $BL $BC `gl 44` \'
    echo '            "Process List:" "Choose process from list" \'
    echo '            "-------------------" " " \'
    echo '            "Process:" "$PROCESS / `list_item $PROCESS`" \'
    echo '            "Owner:" "$OWNER / $OWNERNAME / `full_name $OWNER`" \'
    if test "$SHOW_MAC" = "yes"
    then
      echo '            "Owner Security Level:" "$SECLEVEL / `get_vname seclevel $SECLEVEL`" \'
      echo '            "Owner Initial Security Level:" "$ISECLEVEL / `get_vname seclevel $ISECLEVEL`" \'
      echo '            "Owner Min Security Level:" "$MSECLEVEL / `get_vname seclevel $MSECLEVEL`" \'
      echo '            "Owner MAC Categories:" "`cat_print $MACCAT`" \'
      echo '            "Owner MAC Initial Categories:" "`cat_print $MACICAT`" \'
      echo '            "Owner MAC Min Categories:" "`cat_print $MACMCAT`" \'
      echo '            "Current Security Level:" "$CURRSECL / `get_vname seclevel $CURRSECL`" \'
      echo '            "Current MAC Categories:" "`cat_print $CURRCAT`" \'
      echo '            "Min Write Open:" "$MINWRITE / `get_vname seclevel $MINWRITE`" \'
      echo '            "Min Write Categories:" "`cat_print $MINWCAT`" \'
      echo '            "Max Read Open:" "$MAXREAD / `get_vname seclevel $MAXREAD`" \'
      echo '            "Max Read Categories:" "`cat_print $MAXRCAT`" \'
      echo '            "Mac Process Flags:" "$MACFLAGS" \'
    fi
    if test "$SHOW_PM" = "yes"
    then
      echo '            "PM TP:" "$PMTP" \'
      echo '            "PM Current Task:" "$PMCTASK" \'
      echo '            "PM Process Type:" "$PMPROCTYPE / `get_vname pmproctype $PMPROCTYPE`" \'
    fi
    if test "$SHOW_DAZ" = "yes"
    then
      echo '            "DAZ Scanner:" "$DAZSCANNER / `get_vname onoff $DAZSCANNER`" \'
    fi
    if test "$SHOW_RC" = "yes"
    then
      echo '            "RC Current Role:" "$RCROLE / `role_name $RCROLE`" \'
      echo '            "RC Type:" "$RCTYPE / `type_name $RCTYPE`" \'
      echo '            "RC Force Role:" "$RCFROLE / `role_name $RCFROLE`" \'
    fi
    if test "$SHOW_AUTH" = "yes"
    then
      echo '            "AUTH May Setuid:" "$AUTHSUID / `get_vname onoff $AUTHSUID`" \'
      echo '            "AUTH May Set Cap:" "$AUTHSCAP / `get_vname onoff $AUTHSCAP`" \'
      echo '            "AUTH Learn:" "$AUTHLEARN / `get_vname onoff $AUTHLEARN`" \'
    fi
    if test "$SHOW_CAP" = "yes"
    then
      echo '            "CAP Process Hiding:" "$PROCHIDE / `get_vname prochiding $PROCHIDE`" \'
    fi
    if test "$SHOW_JAIL" = "yes"
    then
      echo '            "JAIL ID:" "$JAILID" \'
      echo '            "JAIL Parent:" "$JAILPARENT" \'
      echo '            "JAIL IP:" "$JAILIP" \'
      echo '            "JAIL Flags:" "$JAILFLAGS" \'
    fi
    if test "$SHOW_PAX" = "yes"
    then
      echo '            "PAX Flags:" "$PAXFLAGS (read only)" \'
    fi
    if test "$SHOW_GEN" = "yes"
    then
      echo '            "Log Program Based:" "$LOGPROG" \'
      echo '            "Fake Root UID:" "$FAKERUID / `get_vname fakeruid $FAKERUID`" \'
      echo '            "Audit UID:" "$AUDITUID" \'
      echo '            "Audit UID Exempt:" "$AUIDEXEM" \'
    fi
    echo '            "----------------" " " \'
    echo '            "IPC Attributes:" "Go to IPC attribute menu" \'
    if test "$SHOW_ACL" = "yes"
    then
      echo '            "ACL Menu:" "Go to ACL menu" \'
    fi
    echo '            "----------------" " " \'
    echo '            "Quit" ""'
    echo '  }'
  } > $TMPFILE

. $TMPFILE

#cp $TMPFILE /tmp/menu

while true
  do
    if ! process_menu 2>$TMPFILE
     then rm $TMPFILE ; exit
    fi


  CHOICE=`cat $TMPFILE`
  case "$CHOICE" in
    HELP*)
        show_help "${CHOICE:5}"
        CHOICE="${CHOICE:5}"
      ;;
    Process:)
        if $DIALOG --title "$TITLE" \
                  --backtitle "$BACKTITLE" \
                  --inputbox "Process ID" $BL $BC $PROCESS \
           2>$TMPFILE
        then TMP=`cat $TMPFILE`
             if test -d /proc/$TMP
             then PROCESS=$TMP
                  get_attributes $PROCESS
             else \
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Process: Unknown process $TMP!" 5 $BC
             fi
        fi
      ;;

    'Process List:')
        TMP=`ps axh|cut -c 1-5|sort -n`
#        echo `for i in $TMP ; do echo $i "\`list_item $i\`" ; done`
#        sleep 2
        if $DIALOG --title "$TITLE" \
                   --backtitle "$BACKTITLE" \
                   --default-item "$PROCESS" \
                   --menu "Process" $BL $BC $MAXLINES \
                         `for i in $TMP ; do echo $i "\`list_item $i\`" ; done` \
           2>$TMPFILE
        then TMP2=`cat $TMPFILE`
          if test -d /proc/$TMP2
          then PROCESS=$TMP2
               get_attributes $PROCESS
          else \
              $DIALOG --title "$ERRTITLE" \
                      --backtitle "$BACKTITLE" \
                      --msgbox "Process: Unknown process $TMP2!" 5 $BC
          fi
        fi
      ;;

    'Owner Security Level:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Owner Maximum Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $SECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $SECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $SECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $SECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $SECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS security_level $TMP &>$TMPFILE
               then
                 SECLEVEL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS security_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Owner Initial Security Level:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Owner Initial Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $ISECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $ISECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $ISECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $ISECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $ISECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS initial_security_level $TMP &>$TMPFILE
               then
                 ISECLEVEL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS initial_security_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner Initial Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Owner Min Security Level:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Owner Minimum Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MSECLEVEL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MSECLEVEL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MSECLEVEL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MSECLEVEL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MSECLEVEL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS min_security_level $TMP &>$TMPFILE
               then
                 MSECLEVEL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS min_security_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner Min Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Owner MAC Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Owner MAC Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACCAT" $BL $BC $MAXLINES \
                    `gen_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACCAT=`$RSBACPATH""attr_get_process $PROCESS mac_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner MAC Categories: No process specified!" 5 $BC
        fi
      ;;

    'Owner MAC Initial Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Owner MAC Initial Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACICAT" $BL $BC $MAXLINES \
                    `gen_initial_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_initial_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_initial_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_initial_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_initial_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACICAT=`$RSBACPATH""attr_get_process $PROCESS mac_initial_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner MAC Min Categories: No process specified!" 5 $BC
        fi
      ;;

    'Owner MAC Min Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Owner MAC Min Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MACMCAT" $BL $BC $MAXLINES \
                    `gen_min_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_min_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_min_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_min_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_min_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MACMCAT=`$RSBACPATH""attr_get_process $PROCESS mac_min_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Owner MAC Min Categories: No process specified!" 5 $BC
        fi
      ;;

    'Current Security Level:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Current Security Level for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $CURRSECL` \
                                1 "`get_vname seclevel 1`" `onoff 1 $CURRSECL` \
                                2 "`get_vname seclevel 2`" `onoff 2 $CURRSECL` \
                                3 "`get_vname seclevel 3`" `onoff 3 $CURRSECL` \
                                252 "`get_vname seclevel 252`" `onoff 252 $CURRSECL` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS current_sec_level $TMP &>$TMPFILE
               then
                 CURRSECL=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS current_sec_level $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Current Security Level: No process specified!" 5 $BC
        fi
      ;;

    'Current MAC Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Current MAC Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $CURRCAT" $BL $BC $MAXLINES \
                    `gen_curr_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS mac_curr_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               CURRCAT=`$RSBACPATH""attr_get_process $PROCESS mac_curr_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Current MAC Categories: No process specified!" 5 $BC
        fi
      ;;

    'Min Write Open:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Min Write Open for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MINWRITE` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MINWRITE` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MINWRITE` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MINWRITE` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MINWRITE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS min_write_open $TMP &>$TMPFILE
               then
                 MINWRITE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS min_write_open $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Min Write Open: No process specified!" 5 $BC
        fi
      ;;

    'Min Write Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Min Write Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MINWCAT" $BL $BC $MAXLINES \
                    `gen_min_write_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS min_write_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MINWCAT=`$RSBACPATH""attr_get_process $PROCESS min_write_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Min Write Categories: No process specified!" 5 $BC
        fi
      ;;

    'Max Read Open:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose Max Read Open for $PROCESS" $BL $BC 5 \
                                0 "`get_vname seclevel 0`" `onoff 0 $MAXREAD` \
                                1 "`get_vname seclevel 1`" `onoff 1 $MAXREAD` \
                                2 "`get_vname seclevel 2`" `onoff 2 $MAXREAD` \
                                3 "`get_vname seclevel 3`" `onoff 3 $MAXREAD` \
                                252 "`get_vname seclevel 252`" `onoff 252 $MAXREAD` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS max_read_open $TMP &>$TMPFILE
               then
                 MAXREAD=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS max_read_open $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Max Read Open: No process specified!" 5 $BC
        fi
      ;;

    'Max Read Categories:')
        if test "$PROCESS" != ""
        then \
          ALLCATNR=`$RSBACPATH""attr_get_file_dir list_category_nr`
          if $DIALOG --title "Max Read Categories for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $MAXRCAT" $BL $BC $MAXLINES \
                    `gen_max_read_cat_list $ALLCATNR` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
               for i in $ALLCATNR
               do
                 if $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 0 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 0 >>"$RSBACLOGFILE"
                   fi
                 else 
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               for i in $TMP
               do
                 if $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 1 &>$TMPFILE
                 then
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS max_read_categories $i 1 >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                   continue
                 fi
               done
               MAXRCAT=`$RSBACPATH""attr_get_process $PROCESS max_read_categories`
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Max Read Categories: No process specified!" 5 $BC
        fi
      ;;

    'Mac Process Flags:')
        if test "$PROCESS" != ""
        then
          mac_flags_menu
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Mac Process Flags: No process specified!" 5 $BC
        fi
      ;;

    'PM TP:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM TP ID for process $PROCESS" $BL $BC "$PMTP" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_tp $TMP &>$TMPFILE
               then
                 PMTP=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS pm_tp $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM TP: No process specified!" 5 $BC
        fi
      ;;

    'PM Current Task:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "PM Current Task ID for process $PROCESS" $BL $BC "$PMCTASK" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_current_task $TMP &>$TMPFILE
               then
                 PMCTASK=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS pm_current_task $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Current Task: No process specified!" 5 $BC
        fi
      ;;

    'PM Process Type:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose PM Process Type for $PROCESS" $BL $BC 4 \
                                0 `get_vname proctype 0` `onoff 0 $PMPROCTYPE` \
                                1 `get_vname proctype 1` `onoff 1 $PMPROCTYPE` \
                                2 `get_vname proctype 2` `onoff 2 $PMPROCTYPE` \
                                3 `get_vname proctype 3` `onoff 3 $PMPROCTYPE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS pm_process_type $TMP &>$TMPFILE
               then
                 PMPROCTYPE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS pm_process_type $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PM Process Type: No process specified!" 5 $BC
        fi
      ;;

    'DAZ Scanner:')
        if test "$PROCESS" != ""
        then \
           if test $DAZSCANNER = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS daz_scanner $TMP &>$TMPFILE
           then
             DAZSCANNER=$TMP
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""attr_set_process $PROCESS daz_scanner $TMP >>"$RSBACLOGFILE"
             fi
           else
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "DAZ Scanner: No process specified!" 5 $BC
        fi
      ;;

    'RC Current Role:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_roles >$TMPFILE
          then \
            TMP="$RCROLE"
            ROLELIST=`cat $TMPFILE`
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --default-item "$TMP" \
                       --menu "Choose RC Current Role for $PROCESS" $BL $BC $MAXLINES \
                       $ROLELIST \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
              if $RSBACPATH""attr_set_process $PROCESS rc_role $TMP &>$TMPFILE
              then
                RCROLE=$TMP
                if test -n "$RSBACLOGFILE"
                then
                  echo $RSBACPATH""attr_set_process $PROCESS rc_role $TMP >>"$RSBACLOGFILE"
                fi
              else \
                $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
            fi
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Current Role for process $PROCESS" $BL $BC "$RCROLE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_role $TMP &>$TMPFILE
                 then
                   RCROLE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS rc_role $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Current Role: No process specified!" 5 $BC
        fi
      ;;

    'RC Type:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_process_types >$TMPFILE
          then \
            TMP=$RCTYPE
            TYPELIST=`cat $TMPFILE`
            if $DIALOG --title "$TITLE" \
                       --backtitle "$BACKTITLE" \
                       --default-item "$TMP" \
                       --menu "Choose RC Type for $PROCESS" $BL $BC $MAXLINES \
                      $TYPELIST \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
              if $RSBACPATH""attr_set_process $PROCESS rc_type $TMP &>$TMPFILE
              then
                RCTYPE=$TMP
                if test -n "$RSBACLOGFILE"
                then
                  echo $RSBACPATH""attr_set_process $PROCESS rc_type $TMP >>"$RSBACLOGFILE"
                fi
              else
                $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
              fi
            fi
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Type for process $PROCESS" $BL $BC "$RCTYPE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_type $TMP &>$TMPFILE
                 then
                   RCTYPE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS rc_type $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Type: No process specified!" 5 $BC
        fi
      ;;

    'RC Force Role:')
        if test "$PROCESS" != ""
        then \
          if $RSBACPATH""rc_get_item list_used_roles >$TMPFILE
          then \
            TMP="$RCROLE"
            ROLELIST=`cat $TMPFILE`
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --help-button --default-item "$TMP" \
                      --menu "Choose RC Force Role for Process $PROCESS" $BL $BC $MAXLINES \
                      $RCUSERINHERIT "always inherit from user" \
                      $RCPROCINHERIT "inherit from process (keep role)" \
                      $RCMIXINHERIT "mixed inherit from proc/user (default)" \
                      $ROLELIST \
               2>$TMPFILE
            then TMP=`cat $TMPFILE`
              case "$TMP" in
                HELP*)
                  show_help "${TMP:5}"
                  TMP="${TMP:5}"
                  ;;
                *)
                  if $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP &>$TMPFILE
                  then
                    RCFROLE=$TMP
                    if test -n "$RSBACLOGFILE"
                    then
                      echo $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP >>"$RSBACLOGFILE"
                    fi
                    break
                  else \
                    $DIALOG --title "$ERRTITLE" \
                            --backtitle "$BACKTITLE" \
                            --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                  fi
              esac
            fi
          else \
            if $DIALOG --title "$TITLE" \
                      --backtitle "$BACKTITLE" \
                      --inputbox "RC Force Role for process $PROCESS ($RCUSERINHERIT = inherit from user (default), $RCPROCINHERIT = inherit from process (keep role))" \
                        $BL $BC "$RCROLE" \
                2>$TMPFILE
            then TMP=`cat $TMPFILE`
                 if $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP &>$TMPFILE
                 then
                   RCFROLE=$TMP
                   if test -n "$RSBACLOGFILE"
                   then
                     echo $RSBACPATH""attr_set_process $PROCESS rc_force_role $TMP >>"$RSBACLOGFILE"
                   fi
                 else
                   $DIALOG --title "$ERRTITLE" \
                          --backtitle "$BACKTITLE" \
                          --msgbox "`head -n 1 $TMPFILE`" $BL $BC
                 fi
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "RC Force Role: No process specified!" 5 $BC
        fi
      ;;

    'AUTH May Setuid:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHSUID = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_may_setuid $TMP &>$TMPFILE
           then
             AUTHSUID=$TMP
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""attr_set_process $PROCESS auth_may_setuid $TMP >>"$RSBACLOGFILE"
             fi
           else
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Setuid: No process specified!" 5 $BC
        fi
      ;;

    'AUTH May Set Cap:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHSCAP = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_may_set_cap $TMP &>$TMPFILE
           then
             AUTHSCAP=$TMP
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""attr_set_process $PROCESS auth_may_set_cap $TMP >>"$RSBACLOGFILE"
             fi
           else
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH May Set Cap: No process specified!" 5 $BC
        fi
      ;;

    'AUTH Learn:')
        if test "$PROCESS" != ""
        then \
           if test $AUTHLEARN = "0"
           then TMP="1"
           else TMP="0"
           fi
           if $RSBACPATH""attr_set_process $PROCESS auth_learn $TMP &>$TMPFILE
           then
             AUTHLEARN=$TMP
             if test -n "$RSBACLOGFILE"
             then
               echo $RSBACPATH""attr_set_process $PROCESS auth_learn $TMP >>"$RSBACLOGFILE"
             fi
           else
             $DIALOG --title "$ERRTITLE" \
                    --backtitle "$BACKTITLE" \
                    --msgbox "`head -n 1 $TMPFILE`" $BL $BC
           fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "AUTH Learn: No process specified!" 5 $BC
        fi
      ;;

    'JAIL ID:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "JAIL ID for process $PROCESS" $BL $BC "$JAILID" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS jail_id $TMP &>$TMPFILE
               then
                 JAILID=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS jail_id $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "JAIL ID: No process specified!" 5 $BC
        fi
      ;;

    'JAIL Parent:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "JAIL Parent for process $PROCESS" $BL $BC "$JAILPARENT" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS jail_parent $TMP &>$TMPFILE
               then
                 JAILPARENT=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS jail_parent $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "JAIL Parent: No process specified!" 5 $BC
        fi
      ;;

    'JAIL IP:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "JAIL IP for process $PROCESS" $BL $BC "$JAILIP" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS jail_ip $TMP &>$TMPFILE
               then
                 JAILIP=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS jail_ip $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "JAIL IP: No process specified!" 5 $BC
        fi
      ;;

    'JAIL Flags:')
        if test "$PROCESS" != ""
        then \
          jail_flags_menu
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "JAIL Flags: No process specified!" 5 $BC
        fi
      ;;

    'PAX Flags:')
                 $DIALOG --title "$TITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "PAX Flags are read only!" 5 $BC
      ;;

    'Log Program Based:')
        if test "$PROCESS" != ""
        then \
          if $DIALOG --title "log_program_based for process $PROCESS" \
                    --backtitle "$BACKTITLE" \
                    --checklist "Bits: $LOGPROG" $BL $BC $MAXLINES \
              `gen_request_list` \
              '--------------' '-----------------' off \
              UA 'Unset ALL' off \
              A  'Set ALL' off \
              R  'Set Read Requests' off \
              RW 'Set Read-Write R.' off \
              W  'Set Write Requests' off \
              SY 'Set System R.' off \
              SE 'Set Security R.' off \
             2>$TMPFILE
          then TMP=`cat $TMPFILE|tr -d '"'`
            if $RSBACPATH""attr_set_process $PROCESS log_program_based $TMP &>$TMPFILE
            then
              LOGPROG=`$RSBACPATH""attr_get_process $PROCESS log_program_based`
              if test -n "$RSBACLOGFILE"
              then
                echo $RSBACPATH""attr_set_process $PROCESS log_program_based $TMP >>"$RSBACLOGFILE"
              fi
            else
              $DIALOG --title "$ERRTITLE" \
                     --backtitle "$BACKTITLE" \
                     --msgbox "`head -n 1 $TMPFILE`" $BL $BC
            fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Log Program Based: No process specified!" 5 $BC
        fi
      ;;

    'CAP Process Hiding:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Choose CAP Process Hiding for process $PROCESS" $BL $BC 6 \
                                0 "`get_vname prochiding 0`" `onoff 0 $PROCHIDE` \
                                1 "`get_vname prochiding 1`" `onoff 1 $PROCHIDE` \
                                2 "`get_vname prochiding 2`" `onoff 2 $PROCHIDE` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS cap_process_hiding $TMP &>$TMPFILE
               then
                 PROCHIDE=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS cap_process_hiding $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "CAP Process Hiding: No process specified!" 5 $BC
        fi
      ;;

    'Fake Root UID:')
        if test "$TYPE" != "NONE"
        then \
          if $DIALOG --title "$TITLE" \
                    --backtitle "$BACKTITLE" \
                    --radiolist "Fake root uid for $PROCESS" $BL $BC 6 \
                                0 "`get_vname fakeruid 0`" `onoff 0 $FAKERUID` \
                                1 "`get_vname fakeruid 1`" `onoff 1 $FAKERUID` \
                                2 "`get_vname fakeruid 2`" `onoff 2 $FAKERUID` \
                                3 "`get_vname fakeruid 3`" `onoff 3 $FAKERUID` \
             2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS fake_root_uid $TMP &>$TMPFILE
               then
                 FAKERUID=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS fake_root_uid $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Fake Root UID: No process specified!" 5 $BC
        fi
      ;;

    'Audit UID:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "Audit UID for process $PROCESS (4294967293 = -3 for unset)" $BL $BC "$AUDITUID" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS audit_uid $TMP &>$TMPFILE
               then
                 AUDITUID=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS audit_uid $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Audit UID: No process specified!" 5 $BC
        fi
      ;;

    'Audit UID Exempt:')
        if test "$PROCESS" != ""
        then \
           if $DIALOG --title "$TITLE" \
                     --backtitle "$BACKTITLE" \
                     --inputbox "Audit UID Exception for process $PROCESS (4294967293 = -3 for unset)" $BL $BC "$AUIDEXEM" \
              2>$TMPFILE
          then TMP=`cat $TMPFILE`
               if $RSBACPATH""attr_set_process $PROCESS auid_exempt $TMP &>$TMPFILE
               then
                 AUIDEXEM=$TMP
                 if test -n "$RSBACLOGFILE"
                 then
                   echo $RSBACPATH""attr_set_process $PROCESS auid_exempt $TMP >>"$RSBACLOGFILE"
                 fi
               else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "`head -n 1 $TMPFILE`" $BL $BC
               fi
          fi
        else
                 $DIALOG --title "$ERRTITLE" \
                        --backtitle "$BACKTITLE" \
                        --msgbox "Audit UID Exempt: No process specified!" 5 $BC
        fi
      ;;

    'IPC Attributes:')
        $RSBACPATH""rsbac_ipc_menu $PROCESS
      ;;

    'ACL Menu:')
        $RSBACPATH""rsbac_acl_menu PROCESS
      ;;

    Quit)
        rm $TMPFILE ; exit
      ;;

    *)
        $DIALOG --title "$ERRTITLE" \
               --backtitle "$BACKTITLE" \
               --msgbox "Main Menu: Selection Error!" 5 $BC

  esac
# sleep 2
done
