Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
linux-2.6.16-rsbac-1.2.6 / rsbac / adf

adf_check.c

Go to the documentation of this file.
00001 /*************************************************** */
00002 /* Rule Set Based Access Control                     */
00003 /* Implementation of the Access Control Decision     */
00004 /* Facility (ADF) - check for well defined requests  */
00005 /* File: rsbac/adf/check.c                           */
00006 /*                                                   */
00007 /* Author and (c) 1999-2005: Amon Ott <ao@rsbac.org> */
00008 /*                                                   */
00009 /* Last modified: 17/Jun/2005                        */
00010 /*************************************************** */
00011 
00012 #include <linux/string.h>
00013 #include <rsbac/types.h>
00014 #include <rsbac/aci.h>
00015 #include <rsbac/adf_main.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/helpers.h>
00018 #include <rsbac/getname.h>
00019 
00020 /************************************************* */
00021 /*           Global Variables                      */
00022 /************************************************* */
00023 
00024 /************************************************* */
00025 /*          Externally visible functions           */
00026 /************************************************* */
00027 
00028 enum rsbac_adf_req_ret_t
00029    rsbac_adf_request_check (enum  rsbac_adf_request_t     request,
00030                                   rsbac_pid_t             caller_pid,
00031                             enum  rsbac_target_t          target,
00032                             union rsbac_target_id_t     * tid_p,
00033                             enum  rsbac_attribute_t       attr,
00034                             union rsbac_attribute_value_t * attr_val_p,
00035                                   rsbac_uid_t             owner)
00036   {
00037     switch (request)
00038       {
00039         case R_ADD_TO_KERNEL:
00040             switch(target)
00041               {
00042                 case T_FILE:
00043                 case T_DEV:
00044                 case T_NONE:
00045                   return(DO_NOT_CARE);
00046                 default: return(UNDEFINED);
00047               }
00048 
00049         case R_ALTER:
00050             /* only for IPC */
00051             if (target == T_IPC)
00052               return(DO_NOT_CARE);
00053             else
00054             /* all other targets are undefined */
00055               return (UNDEFINED);
00056             break;
00057 
00058         case R_APPEND_OPEN:
00059             switch(target)
00060               {
00061                 case T_FILE:
00062                 case T_FIFO:
00063                 case T_IPC:
00064                 case T_DEV:
00065                   return(DO_NOT_CARE);
00066                 /* all other cases are undefined */
00067                 default: return(UNDEFINED);
00068               }
00069 
00070         case R_CHANGE_GROUP:
00071             switch(target)
00072               {
00073                 case T_FILE:
00074                 case T_DIR:
00075                 case T_FIFO:
00076                 case T_SYMLINK:
00077                 case T_IPC:
00078                 case T_PROCESS:
00079                 case T_NONE:
00080 #if defined(CONFIG_RSBAC_UM)
00081                 case T_USER:
00082 #endif
00083                   return(DO_NOT_CARE);
00084                 /* all other cases are undefined */
00085                 default: return(UNDEFINED);
00086               }
00087 
00088 #ifdef CONFIG_RSBAC_DAC_GROUP
00089         case R_CHANGE_DAC_EFF_GROUP:
00090         case R_CHANGE_DAC_FS_GROUP:
00091             switch(target)
00092               {
00093                 case T_PROCESS:
00094                   /* there must be a new group specified */
00095                   if(attr == A_group)
00096                     return(DO_NOT_CARE);
00097                   /* fall through */
00098                 /* all other cases are undefined */
00099                 default:
00100                   return(UNDEFINED);
00101               }
00102 #endif
00103 
00104         case R_CHANGE_OWNER:
00105             switch(target)
00106               {
00107                 case T_FILE:
00108                 case T_DIR:
00109                 case T_FIFO:
00110                 case T_SYMLINK:
00111                 case T_IPC:
00112                   return(DO_NOT_CARE);
00113                 case T_PROCESS:
00114                   /* there must be a new owner specified */
00115                   if(attr == A_owner)
00116                     return(DO_NOT_CARE);
00117                   /* fall through */
00118                 /* all other cases are undefined */
00119                 default:
00120                   return(UNDEFINED);
00121               }
00122 
00123 #ifdef CONFIG_RSBAC_DAC_OWNER
00124         case R_CHANGE_DAC_EFF_OWNER:
00125         case R_CHANGE_DAC_FS_OWNER:
00126             switch(target)
00127               {
00128                 case T_PROCESS:
00129                   /* there must be a new owner specified */
00130                   if(attr == A_owner)
00131                     return(DO_NOT_CARE);
00132                   /* fall through */
00133                 /* all other cases are undefined */
00134                 default:
00135                   return(UNDEFINED);
00136               }
00137 #endif
00138 
00139         case R_CHDIR:
00140             switch(target)
00141               {
00142                 case T_DIR:
00143                   return(DO_NOT_CARE);
00144                 /* all other cases are undefined */
00145                 default: return(UNDEFINED);
00146               }
00147 
00148         case R_CLONE:
00149             if (target == T_PROCESS)
00150               return(DO_NOT_CARE);
00151             else
00152               return(UNDEFINED);
00153 
00154         case R_CLOSE: /* only notifying for clean-up of opened-tables */
00155             switch(target)
00156               {
00157                 case T_FILE:
00158                 case T_DIR:
00159                 case T_FIFO:
00160                 case T_DEV:
00161                 case T_IPC:
00162 #if defined(CONFIG_RSBAC_NET_OBJ)
00163                 case T_NETOBJ:
00164 #endif
00165                   return(DO_NOT_CARE);
00166                 default:
00167                   return(UNDEFINED);
00168                };
00169 
00170         case R_CREATE:
00171             switch(target)
00172               {
00173                 /* Creating dir or (pseudo) file IN target dir! */
00174                 case T_DIR: 
00175                 case T_IPC:
00176 #if defined(CONFIG_RSBAC_NET_OBJ)
00177                 case T_NETTEMP:
00178                 case T_NETOBJ:
00179 #endif
00180 #if defined(CONFIG_RSBAC_UM)
00181                 case T_USER:
00182                 case T_GROUP:
00183 #endif
00184                   return(DO_NOT_CARE);
00185                 /* all other cases are undefined */
00186                 default: return(UNDEFINED);
00187               }
00188 
00189         case R_DELETE:
00190             switch(target)
00191               {
00192                 case T_FILE:
00193                 case T_DIR:
00194                 case T_FIFO:
00195                 case T_SYMLINK:
00196                 case T_IPC:
00197 #if defined(CONFIG_RSBAC_UM)
00198                 case T_USER:
00199                 case T_GROUP:
00200 #endif
00201 #if defined(CONFIG_RSBAC_NET_OBJ)
00202                 case T_NETTEMP:
00203                 case T_NETOBJ:
00204 #endif
00205                   return(DO_NOT_CARE);
00206                 default: return(UNDEFINED);
00207               }
00208 
00209         case R_EXECUTE:
00210             switch(target)
00211               {
00212                 case T_FILE:
00213                   return(DO_NOT_CARE);
00214                 /* all other cases are undefined */
00215                 default:
00216                   return(UNDEFINED);
00217               }
00218 
00219         case R_GET_PERMISSIONS_DATA:
00220             switch(target)
00221               {
00222                 case T_FILE:
00223                 case T_DIR:
00224                 case T_FIFO:
00225                 case T_SYMLINK:
00226                 case T_IPC:
00227                 case T_SCD:
00228                 case T_DEV:
00229                 case T_NETOBJ:
00230 #if defined(CONFIG_RSBAC_UM)
00231                 case T_USER:
00232                 case T_GROUP:
00233 #endif
00234                   return(DO_NOT_CARE);
00235                 default:
00236                   return(UNDEFINED);
00237                };
00238 
00239         case R_GET_STATUS_DATA:
00240             switch(target)
00241               {
00242                 case T_FILE:
00243                 case T_DIR:
00244                 case T_FIFO:
00245                 case T_SYMLINK:
00246                 case T_DEV:
00247                 case T_IPC:
00248                 case T_SCD:
00249                 case T_PROCESS:
00250                 case T_NETDEV:
00251                 case T_NETOBJ:
00252 #if defined(CONFIG_RSBAC_UM)
00253                 case T_USER:
00254                 case T_GROUP:
00255 #endif
00256                   return(DO_NOT_CARE);
00257                 default:
00258                   return(UNDEFINED);
00259                };
00260 
00261         case R_LINK_HARD:
00262             switch(target)
00263               {
00264                 case T_FILE:
00265                 case T_FIFO:
00266                 case T_SYMLINK:
00267                   return(DO_NOT_CARE);
00268                 /* all other cases are undefined */
00269                 default: return(UNDEFINED);
00270               }
00271 
00272         case R_MODIFY_ACCESS_DATA:
00273             switch(target)
00274               {
00275                 case T_FILE:
00276                 case T_DIR:
00277                 case T_FIFO:
00278                 case T_SYMLINK:
00279                   return(DO_NOT_CARE);
00280                 /* all other cases are undefined */
00281                 default: return(UNDEFINED);
00282               }
00283 
00284         case R_MODIFY_ATTRIBUTE:
00285           return(DO_NOT_CARE);
00286 
00287         case R_MODIFY_PERMISSIONS_DATA:
00288             switch(target)
00289               {
00290                 case T_FILE:
00291                 case T_DIR:
00292                 case T_FIFO:
00293                 case T_SYMLINK:
00294                 case T_IPC:
00295                 case T_SCD:
00296                 case T_DEV:
00297                 case T_NETOBJ:
00298 #if defined(CONFIG_RSBAC_UM)
00299                 case T_USER:
00300                 case T_GROUP:
00301 #endif
00302 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
00303                 case T_NONE:
00304 #endif
00305                   return(DO_NOT_CARE);
00306                 /* all other cases are undefined */
00307                 default: return(UNDEFINED);
00308               }
00309 
00310         case R_MODIFY_SYSTEM_DATA:
00311             switch(target)
00312               {
00313                 case T_SCD:
00314                 case T_DEV:
00315                 case T_NETDEV:
00316                 case T_PROCESS:
00317 #if defined(CONFIG_RSBAC_NET_OBJ)
00318                 case T_NETOBJ:
00319 #endif
00320                   return(DO_NOT_CARE);
00321                 /* all other cases are undefined */
00322                 default: return(UNDEFINED);
00323               }
00324 
00325         case R_MOUNT:
00326             switch(target)
00327               {
00328                 case T_FILE:
00329                 case T_DIR:
00330                 case T_DEV:
00331                   return(DO_NOT_CARE);
00332                 /* all other cases are undefined */
00333                 default: return(UNDEFINED);
00334               }
00335 
00336         case R_READ:
00337             switch(target)
00338               {
00339                 case T_DIR:
00340 #ifdef CONFIG_RSBAC_RW
00341                 case T_FILE:
00342                 case T_FIFO:
00343                 case T_DEV:
00344                 case T_IPC:
00345 #endif
00346 #if defined(CONFIG_RSBAC_NET_OBJ)
00347                 case T_NETTEMP:
00348 #endif
00349 #if defined(CONFIG_RSBAC_NET_OBJ_RW)
00350                 case T_NETOBJ:
00351 #endif
00352 #if defined(CONFIG_RSBAC_UM)
00353                 case T_USER:
00354                 case T_GROUP:
00355 #endif
00356                   return(DO_NOT_CARE);
00357                 /* all other cases are undefined */
00358                 default: return(UNDEFINED);              }
00359 
00360         case R_READ_ATTRIBUTE:
00361           return(DO_NOT_CARE);
00362 
00363         case R_READ_OPEN:
00364             switch(target)
00365               {
00366                 case T_FILE:
00367                 case T_FIFO:
00368                 case T_IPC:
00369                 case T_DEV:
00370                   return(DO_NOT_CARE);
00371                 /* all other cases are undefined */
00372                 default: return(UNDEFINED);
00373               }
00374 
00375         case R_READ_WRITE_OPEN:
00376             switch(target)
00377               {
00378                 case T_FILE:
00379                 case T_FIFO:
00380                 case T_IPC:
00381                 case T_DEV:
00382                   return(DO_NOT_CARE);
00383                 /* all other cases are undefined */
00384                 default: return(UNDEFINED);
00385               }
00386 
00387         case R_REMOVE_FROM_KERNEL:
00388             switch(target)
00389               {
00390                 case T_FILE:
00391                 case T_DEV:
00392                 case T_NONE:
00393                   return(DO_NOT_CARE);
00394                 /* all other cases are undefined */
00395                 default: return(UNDEFINED);
00396               }
00397 
00398         case R_RENAME:
00399             switch(target)
00400               {
00401                 case T_FILE:
00402                 case T_DIR:
00403                 case T_FIFO:
00404                 case T_SYMLINK:
00405 #if defined(CONFIG_RSBAC_UM)
00406                 case T_USER:
00407                 case T_GROUP:
00408 #endif
00409                   return(DO_NOT_CARE);
00410                 /* all other cases are undefined */
00411                 default: return(UNDEFINED);
00412               }
00413 
00414 
00415         case R_SEARCH:
00416             switch(target)
00417               {
00418                 case T_DIR:
00419                 case T_SYMLINK:
00420 #if defined(CONFIG_RSBAC_UM)
00421                 case T_USER:
00422                 case T_GROUP:
00423 #endif
00424                   return(DO_NOT_CARE);
00425                 /* all other cases are undefined */
00426                 default: return(UNDEFINED);
00427               }
00428 
00429         case R_SEND_SIGNAL:
00430             switch(target)
00431               {
00432                 case T_PROCESS:
00433                   return(DO_NOT_CARE);
00434                 /* all other cases are undefined */
00435                 default:
00436                   return(UNDEFINED);
00437               }
00438 
00439         case R_SHUTDOWN:
00440             switch(target)
00441               {
00442                 case T_NONE:
00443                   return(DO_NOT_CARE);
00444                 /* all other cases are undefined */
00445                 default: return(UNDEFINED);
00446               }
00447 
00448 
00449         case R_SWITCH_LOG:
00450             switch(target)
00451               {
00452                 case T_NONE:
00453                   return(DO_NOT_CARE);
00454                 /* all other cases are undefined */
00455                 default: return(UNDEFINED);
00456               }
00457               
00458         case R_SWITCH_MODULE:
00459             switch(target)
00460               {
00461                 case T_NONE:
00462                   /* there must be a switch target specified */
00463                   if(attr == A_switch_target)
00464                     return(DO_NOT_CARE);
00465                   /* fall through */
00466                 /* all other cases are undefined */
00467                 default: return(UNDEFINED);
00468               }
00469               
00470         /* notify only, handled by adf-dispatcher */
00471         case R_TERMINATE:
00472             if (target == T_PROCESS)
00473               return(DO_NOT_CARE);
00474             else
00475               return(UNDEFINED);
00476 
00477         case R_TRACE:
00478             switch(target)
00479               {
00480                 case T_PROCESS:
00481                   return(DO_NOT_CARE);
00482                 /* all other cases are undefined */
00483                 default:
00484                   return(UNDEFINED);
00485               }
00486 
00487         case R_TRUNCATE:
00488             switch(target)
00489               {
00490                 case T_FILE:
00491                   return(DO_NOT_CARE);
00492                 /* all other cases are undefined */
00493                 default: return(UNDEFINED);
00494               }
00495 
00496         case R_UMOUNT:
00497             switch(target)
00498               {
00499                 case T_FILE:
00500                 case T_DIR:
00501                 case T_DEV:
00502                   return(DO_NOT_CARE);
00503                 /* all other cases are undefined */
00504                 default: return(UNDEFINED);
00505               }
00506 
00507         case R_WRITE:
00508             switch(target)
00509               {
00510                 case T_DIR: 
00511                 case T_SCD:
00512                 case T_IPC:
00513 #ifdef CONFIG_RSBAC_RW
00514                 case T_FILE:
00515                 case T_FIFO:
00516                 case T_DEV:
00517 #endif
00518 #if defined(CONFIG_RSBAC_NET_OBJ)
00519                 case T_NETTEMP:
00520 #endif
00521 #if defined(CONFIG_RSBAC_NET_OBJ_RW)
00522                 case T_NETOBJ:
00523 #endif
00524 #if defined(CONFIG_RSBAC_UM)
00525                 case T_USER:
00526                 case T_GROUP:
00527 #endif
00528                   return(DO_NOT_CARE);
00529                 /* all other cases are undefined */
00530                 default: return(UNDEFINED);
00531               }
00532 
00533         case R_WRITE_OPEN:
00534             switch(target)
00535               {
00536                 case T_FILE:
00537                 case T_FIFO:
00538                 case T_DEV:
00539                 case T_IPC:
00540                   return(DO_NOT_CARE);
00541                 /* all other cases are undefined */
00542                 default: return(UNDEFINED);
00543               }
00544 
00545         case R_MAP_EXEC:
00546             switch(target)
00547               {
00548                 case T_FILE:
00549                 case T_NONE:
00550                   return(DO_NOT_CARE);
00551                 /* all other cases are undefined */
00552                 default:
00553                   return(UNDEFINED);
00554               }
00555 
00556 
00557 #if defined(CONFIG_RSBAC_NET)
00558         case R_BIND:
00559             switch(target)
00560               {
00561 #if defined(CONFIG_RSBAC_NET_DEV)
00562                 case T_NETDEV:
00563                   return(DO_NOT_CARE);
00564 #endif
00565 #if defined(CONFIG_RSBAC_NET_OBJ)
00566                 case T_NETOBJ:
00567                   return(DO_NOT_CARE);
00568 #endif
00569                 /* all other cases are undefined */
00570                 default: return(UNDEFINED);
00571               }
00572 #endif
00573 
00574         case R_SEND:
00575             switch(target)
00576               {
00577                 case T_DEV:
00578 #if defined(CONFIG_RSBAC_NET_OBJ)
00579                 case T_NETOBJ:
00580 #endif
00581                   return(DO_NOT_CARE);
00582                 /* all other cases are undefined */
00583                 default: return(UNDEFINED);
00584               }
00585 
00586 #if defined(CONFIG_RSBAC_NET_OBJ)
00587         case R_LISTEN:
00588         case R_ACCEPT:
00589         case R_CONNECT:
00590         case R_RECEIVE:
00591         case R_NET_SHUTDOWN:
00592             switch(target)
00593               {
00594                 case T_NETOBJ:
00595                   return(DO_NOT_CARE);
00596                 /* all other cases are undefined */
00597                 default: return(UNDEFINED);
00598               }
00599 #endif
00600 
00601         case R_IOCTL:
00602             switch(target)
00603               {
00604                 case T_DEV:
00605 #if defined(CONFIG_RSBAC_NET_OBJ)
00606                 case T_NETOBJ:
00607 #endif
00608                   return(DO_NOT_CARE);
00609                 /* all other cases are undefined */
00610                 default: return(UNDEFINED);
00611               }
00612 
00613         case R_LOCK:
00614             switch(target)
00615               {
00616                 case T_FILE:
00617                 case T_DIR:
00618                 case T_FIFO:
00619                 case T_SYMLINK:
00620                   return(DO_NOT_CARE);
00621                 /* all other cases are undefined */
00622                 default: return(UNDEFINED);
00623               }
00624 
00625 /*********************/
00626         default: return UNDEFINED;
00627       }
00628 
00629     return(UNDEFINED);
00630   } /* end of rsbac_adf_request_check() */
00631 
00632 
00633 /*****************************************************************************/
00634 /* If the request returned granted and the operation is performed,           */
00635 /* the following function can be called by the AEF to get all aci set        */
00636 /* correctly. For write accesses that are performed fully within the kernel, */
00637 /* this is usually not done to prevent extra calls, including R_CLOSE for    */
00638 /* cleaning up. Because of this, the write boundary is not adjusted - there  */
00639 /* is no user-level writing anyway...                                        */
00640 /* The second instance of target specification is the new target, if one has */
00641 /* been created, otherwise its values are ignored.                           */
00642 /* On success, 0 is returned, and an error from rsbac/error.h otherwise.     */
00643 
00644 int  rsbac_adf_set_attr_check(
00645                       enum  rsbac_adf_request_t     request,
00646                             rsbac_pid_t             caller_pid,
00647                       enum  rsbac_target_t          target,
00648                       union rsbac_target_id_t       tid,
00649                       enum  rsbac_target_t          new_target,
00650                       union rsbac_target_id_t       new_tid,
00651                       enum  rsbac_attribute_t       attr,
00652                       union rsbac_attribute_value_t attr_val,
00653                             rsbac_uid_t             owner)
00654   {
00655     switch (request)
00656       {
00657         case R_APPEND_OPEN:
00658             switch(target)
00659               {
00660                 case T_FILE:
00661                 case T_FIFO:
00662                 case T_IPC:
00663                 case T_DEV:
00664                   return(0);
00665                 /* all other cases are undefined */
00666                 default: return(-RSBAC_EINVALIDTARGET);
00667               }
00668 
00669         case R_CHANGE_OWNER:
00670             switch(target)
00671               {
00672                 /*  Changing process owner affects access decisions, */
00673                 /*  so attributes have to be adjusted.               */
00674                 case T_PROCESS:
00675                   /* there must be a new owner specified */
00676                   if(attr != A_owner)
00677                     return(-RSBAC_EINVALIDATTR);
00678                   /* fall through */
00679                 case T_FILE:
00680                 case T_DIR:
00681                 case T_FIFO:
00682                 case T_SYMLINK:
00683                 case T_IPC:
00684                 case T_NONE:
00685                   return(0);
00686                 /* all other cases are undefined */
00687                 default:
00688                   return(-RSBAC_EINVALIDTARGET);
00689               }
00690 
00691 #ifdef CONFIG_RSBAC_DAC_OWNER
00692         case R_CHANGE_DAC_EFF_OWNER:
00693         case R_CHANGE_DAC_FS_OWNER:
00694             switch(target)
00695               {
00696                 /*  Changing process owner affects access decisions, */
00697                 /*  so attributes have to be adjusted.               */
00698                 case T_PROCESS:
00699                   /* there must be a new owner specified */
00700                   if(attr != A_owner)
00701                     return(-RSBAC_EINVALIDATTR);
00702                   return(0);
00703                 /* all other cases are undefined */
00704                 default:
00705                   return(-RSBAC_EINVALIDTARGET);
00706               }
00707 #endif
00708 
00709         case R_CHDIR:
00710             switch(target)
00711               {
00712                 case T_DIR:
00713                   return(0);
00714                 default:
00715                   return(-RSBAC_EINVALIDTARGET);
00716                };
00717 
00718         case R_CLONE:
00719             if (target == T_PROCESS)
00720               return(0);
00721             else
00722               return(-RSBAC_EINVALIDTARGET);
00723 
00724         case R_CLOSE: /* only notifying for clean-up of opened-tables */
00725             switch(target)
00726               {
00727                 case T_FILE:
00728                 case T_DIR:
00729                 case T_FIFO:
00730                 case T_DEV:
00731                 case T_IPC:
00732 #if defined(CONFIG_RSBAC_NET_OBJ)
00733                 case T_NETOBJ:
00734 #endif
00735                   return(0);
00736                 default:
00737                   return(-RSBAC_EINVALIDTARGET);
00738                };
00739 
00740         case R_CREATE:
00741             switch(target)
00742               {
00743                 /* Creating dir or (pseudo) file IN target dir! */
00744                 case T_DIR:
00745                 case T_IPC: 
00746 #if defined(CONFIG_RSBAC_NET_OBJ)
00747                 case T_NETOBJ:
00748 #endif
00749 #if defined(CONFIG_RSBAC_UM)
00750                 case T_USER:
00751                 case T_GROUP:
00752 #endif
00753                   return(0);
00754                 /* all other cases are undefined */
00755                 default:
00756                   return(-RSBAC_EINVALIDTARGET);
00757               }
00758 
00759         /* removal of targets is done in main adf dispatcher! */
00760         case R_DELETE:
00761             switch(target)
00762               {
00763                 case T_FILE:
00764                 case T_DIR:
00765                 case T_FIFO:
00766                 case T_SYMLINK:
00767                 case T_IPC:
00768 #if defined(CONFIG_RSBAC_UM)
00769                 case T_USER:
00770                 case T_GROUP:
00771 #endif
00772                   return(0);
00773                 /* all other cases are undefined */
00774                 default:
00775                   return(-RSBAC_EINVALIDTARGET);
00776               }
00777 
00778         case R_EXECUTE:
00779             switch(target)
00780               {
00781                 case T_FILE:
00782                   return(0);
00783                 /* all other cases are undefined */
00784                 default:
00785                   return(-RSBAC_EINVALIDTARGET);
00786               }
00787 
00788         case R_MOUNT:
00789             switch(target)
00790               {
00791                 case T_DIR:
00792                   return(0);
00793                 /* all other cases are undefined */
00794                 default:
00795                   return(-RSBAC_EINVALIDTARGET);
00796               }
00797 
00798         case R_READ:
00799             switch(target)
00800               {
00801                 case T_DIR:
00802 #ifdef CONFIG_RSBAC_RW
00803                 case T_FILE:
00804                 case T_FIFO:
00805                 case T_DEV:
00806                 case T_IPC:
00807 #endif
00808 #if defined(CONFIG_RSBAC_NET_OBJ_RW) || defined(CONFIG_RSBAC_MS_SOCK)
00809                 case T_NETOBJ:
00810 #endif
00811                   return(0);
00812                 /* all other cases are undefined */
00813                 default:
00814                   return(-RSBAC_EINVALIDTARGET);
00815               }
00816 
00817         case R_READ_OPEN:
00818             switch(target)
00819               {
00820                 case T_FILE:
00821                 case T_DIR:
00822                 case T_FIFO:
00823                 case T_IPC:
00824                 case T_DEV:
00825                   return(0);
00826                 /* all other cases are undefined */
00827                 default:
00828                   return(-RSBAC_EINVALIDTARGET);
00829               }
00830 
00831         case R_READ_WRITE_OPEN:
00832             switch(target)
00833               {
00834                 case T_FILE:
00835                 case T_FIFO:
00836                 case T_IPC:
00837                 case T_DEV:
00838                   return(0);
00839                 /* all other cases are undefined */
00840                 default:
00841                   return(-RSBAC_EINVALIDTARGET);
00842               }
00843 
00844         case R_SEARCH:
00845             switch(target)
00846               {
00847                 case T_DIR:
00848                   return(0);
00849                 /* all other cases are undefined */
00850                 default:
00851                   return(-RSBAC_EINVALIDTARGET);
00852               }
00853 
00854 #if defined(CONFIG_RSBAC_NET_OBJ)
00855         case R_SHUTDOWN:
00856             switch(target)
00857               {
00858                 case T_NETOBJ:
00859                   return 0;
00860                 /* all other cases are undefined */
00861                 default:
00862                   return(-RSBAC_EINVALIDTARGET);
00863               }
00864 #endif
00865 
00866         case R_TRACE:
00867             switch(target)
00868               {
00869                 case T_PROCESS:
00870                   return(0);
00871                 /* all other cases are undefined */
00872                 default:
00873                   return(-RSBAC_EINVALIDTARGET);
00874               }
00875 
00876         case R_TRUNCATE:
00877             switch(target)
00878               {
00879                 case T_FILE:
00880                   return(0);
00881                 /* all other cases are undefined */
00882                 default:
00883                   return(-RSBAC_EINVALIDTARGET);
00884               }
00885 
00886 #ifdef CONFIG_RSBAC_RW
00887         case R_WRITE:
00888             switch(target)
00889               {
00890                 case T_FILE:
00891                 case T_FIFO:
00892                 case T_DEV:
00893 #ifdef CONFIG_RSBAC_RW
00894                 case T_IPC:
00895 #endif
00896 #if defined(CONFIG_RSBAC_NET_OBJ_RW)
00897                 case T_NETOBJ:
00898 #endif
00899                   return(0);
00900                 /* all other cases are undefined */
00901                 default:
00902                   return(-RSBAC_EINVALIDTARGET);
00903               }
00904 #endif
00905 
00906         case R_WRITE_OPEN:
00907             switch(target)
00908               {
00909                 case T_FILE:
00910                 case T_FIFO:
00911                 case T_DEV:
00912                 case T_IPC:
00913                   return(0);
00914                 /* all other cases are undefined */
00915                 default:
00916                   return(-RSBAC_EINVALIDTARGET);
00917               }
00918 
00919         case R_MAP_EXEC:
00920             switch(target)
00921               {
00922                 case T_FILE:
00923                 case T_NONE:
00924                   return(0);
00925                 /* all other cases are undefined */
00926                 default:
00927                   return(-RSBAC_EINVALIDTARGET);
00928               }
00929 
00930 
00931 #if defined(CONFIG_RSBAC_NET_OBJ)
00932         case R_BIND:
00933         case R_LISTEN:
00934         case R_ACCEPT:
00935         case R_CONNECT:
00936         case R_SEND:
00937         case R_RECEIVE:
00938         case R_NET_SHUTDOWN:
00939             switch(target)
00940               {
00941                 case T_NETOBJ:
00942                   return 0;
00943                 /* all other cases are undefined */
00944                 default:
00945                   return(-RSBAC_EINVALIDTARGET);
00946               }
00947 #endif
00948 
00949 /*********************/
00950         default:
00951           return(-RSBAC_EINVALIDTARGET);
00952       }
00953 
00954     return(-RSBAC_EINVALIDTARGET);
00955   }; /* end of rsbac_adf_set_attr_check() */
00956 
00957 /* end of rsbac/adf/check.c */
Generated on Sun May 21 14:30:49 2006 for RSBAC by  doxygen 1.4.2