#include <linux/string.h>#include <rsbac/types.h>#include <rsbac/aci.h>#include <rsbac/adf_main.h>#include <rsbac/error.h>#include <rsbac/helpers.h>#include <rsbac/getname.h>Go to the source code of this file.
Functions | |
| enum rsbac_adf_req_ret_t | rsbac_adf_request_check (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *attr_val_p, rsbac_uid_t owner) |
| int | rsbac_adf_set_attr_check (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t new_target, union rsbac_target_id_t new_tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
|
||||||||||||||||||||||||||||||||
|
Definition at line 29 of file adf_check.c. References DO_NOT_CARE, R_ACCEPT, R_ADD_TO_KERNEL, R_ALTER, R_APPEND_OPEN, R_BIND, R_CHANGE_DAC_EFF_GROUP, R_CHANGE_DAC_EFF_OWNER, R_CHANGE_DAC_FS_GROUP, R_CHANGE_DAC_FS_OWNER, R_CHANGE_GROUP, R_CHANGE_OWNER, R_CHDIR, R_CLONE, R_CLOSE, R_CONNECT, R_CREATE, R_DELETE, R_EXECUTE, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_IOCTL, R_LINK_HARD, R_LISTEN, R_LOCK, R_MAP_EXEC, R_MODIFY_ACCESS_DATA, R_MODIFY_ATTRIBUTE, R_MODIFY_PERMISSIONS_DATA, R_MODIFY_SYSTEM_DATA, R_MOUNT, R_NET_SHUTDOWN, R_READ, R_READ_ATTRIBUTE, R_READ_OPEN, R_READ_WRITE_OPEN, R_RECEIVE, R_REMOVE_FROM_KERNEL, R_RENAME, R_SEARCH, R_SEND, R_SEND_SIGNAL, R_SHUTDOWN, R_SWITCH_LOG, R_SWITCH_MODULE, R_TERMINATE, R_TRACE, R_TRUNCATE, R_UMOUNT, R_WRITE, R_WRITE_OPEN, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NONE, T_PROCESS, T_SCD, T_SYMLINK, T_USER, and UNDEFINED. Referenced by rsbac_adf_request_int(). 00036 {
00037 switch (request)
00038 {
00039 case R_ADD_TO_KERNEL:
00040 switch(target)
00041 {
00042 case T_FILE:
00043 case T_DEV:
00044 case T_NONE:
00045 return(DO_NOT_CARE);
00046 default: return(UNDEFINED);
00047 }
00048
00049 case R_ALTER:
00050 /* only for IPC */
00051 if (target == T_IPC)
00052 return(DO_NOT_CARE);
00053 else
00054 /* all other targets are undefined */
00055 return (UNDEFINED);
00056 break;
00057
00058 case R_APPEND_OPEN:
00059 switch(target)
00060 {
00061 case T_FILE:
00062 case T_FIFO:
00063 case T_IPC:
00064 case T_DEV:
00065 return(DO_NOT_CARE);
00066 /* all other cases are undefined */
00067 default: return(UNDEFINED);
00068 }
00069
00070 case R_CHANGE_GROUP:
00071 switch(target)
00072 {
00073 case T_FILE:
00074 case T_DIR:
00075 case T_FIFO:
00076 case T_SYMLINK:
00077 case T_IPC:
00078 case T_PROCESS:
00079 case T_NONE:
00080 #if defined(CONFIG_RSBAC_UM)
00081 case T_USER:
00082 #endif
00083 return(DO_NOT_CARE);
00084 /* all other cases are undefined */
00085 default: return(UNDEFINED);
00086 }
00087
00088 #ifdef CONFIG_RSBAC_DAC_GROUP
00089 case R_CHANGE_DAC_EFF_GROUP:
00090 case R_CHANGE_DAC_FS_GROUP:
00091 switch(target)
00092 {
00093 case T_PROCESS:
00094 /* there must be a new group specified */
00095 if(attr == A_group)
00096 return(DO_NOT_CARE);
00097 /* fall through */
00098 /* all other cases are undefined */
00099 default:
00100 return(UNDEFINED);
00101 }
00102 #endif
00103
00104 case R_CHANGE_OWNER:
00105 switch(target)
00106 {
00107 case T_FILE:
00108 case T_DIR:
00109 case T_FIFO:
00110 case T_SYMLINK:
00111 case T_IPC:
00112 return(DO_NOT_CARE);
00113 case T_PROCESS:
00114 /* there must be a new owner specified */
00115 if(attr == A_owner)
00116 return(DO_NOT_CARE);
00117 /* fall through */
00118 /* all other cases are undefined */
00119 default:
00120 return(UNDEFINED);
00121 }
00122
00123 #ifdef CONFIG_RSBAC_DAC_OWNER
00124 case R_CHANGE_DAC_EFF_OWNER:
00125 case R_CHANGE_DAC_FS_OWNER:
00126 switch(target)
00127 {
00128 case T_PROCESS:
00129 /* there must be a new owner specified */
00130 if(attr == A_owner)
00131 return(DO_NOT_CARE);
00132 /* fall through */
00133 /* all other cases are undefined */
00134 default:
00135 return(UNDEFINED);
00136 }
00137 #endif
00138
00139 case R_CHDIR:
00140 switch(target)
00141 {
00142 case T_DIR:
00143 return(DO_NOT_CARE);
00144 /* all other cases are undefined */
00145 default: return(UNDEFINED);
00146 }
00147
00148 case R_CLONE:
00149 if (target == T_PROCESS)
00150 return(DO_NOT_CARE);
00151 else
00152 return(UNDEFINED);
00153
00154 case R_CLOSE: /* only notifying for clean-up of opened-tables */
00155 switch(target)
00156 {
00157 case T_FILE:
00158 case T_DIR:
00159 case T_FIFO:
00160 case T_DEV:
00161 case T_IPC:
00162 #if defined(CONFIG_RSBAC_NET_OBJ)
00163 case T_NETOBJ:
00164 #endif
00165 return(DO_NOT_CARE);
00166 default:
00167 return(UNDEFINED);
00168 };
00169
00170 case R_CREATE:
00171 switch(target)
00172 {
00173 /* Creating dir or (pseudo) file IN target dir! */
00174 case T_DIR:
00175 case T_IPC:
00176 #if defined(CONFIG_RSBAC_NET_OBJ)
00177 case T_NETTEMP:
00178 case T_NETOBJ:
00179 #endif
00180 #if defined(CONFIG_RSBAC_UM)
00181 case T_USER:
00182 case T_GROUP:
00183 #endif
00184 return(DO_NOT_CARE);
00185 /* all other cases are undefined */
00186 default: return(UNDEFINED);
00187 }
00188
00189 case R_DELETE:
00190 switch(target)
00191 {
00192 case T_FILE:
00193 case T_DIR:
00194 case T_FIFO:
00195 case T_SYMLINK:
00196 case T_IPC:
00197 #if defined(CONFIG_RSBAC_UM)
00198 case T_USER:
00199 case T_GROUP:
00200 #endif
00201 #if defined(CONFIG_RSBAC_NET_OBJ)
00202 case T_NETTEMP:
00203 case T_NETOBJ:
00204 #endif
00205 return(DO_NOT_CARE);
00206 default: return(UNDEFINED);
00207 }
00208
00209 case R_EXECUTE:
00210 switch(target)
00211 {
00212 case T_FILE:
00213 return(DO_NOT_CARE);
00214 /* all other cases are undefined */
00215 default:
00216 return(UNDEFINED);
00217 }
00218
00219 case R_GET_PERMISSIONS_DATA:
00220 switch(target)
00221 {
00222 case T_FILE:
00223 case T_DIR:
00224 case T_FIFO:
00225 case T_SYMLINK:
00226 case T_IPC:
00227 case T_SCD:
00228 case T_DEV:
00229 case T_NETOBJ:
00230 #if defined(CONFIG_RSBAC_UM)
00231 case T_USER:
00232 case T_GROUP:
00233 #endif
00234 return(DO_NOT_CARE);
00235 default:
00236 return(UNDEFINED);
00237 };
00238
00239 case R_GET_STATUS_DATA:
00240 switch(target)
00241 {
00242 case T_FILE:
00243 case T_DIR:
00244 case T_FIFO:
00245 case T_SYMLINK:
00246 case T_DEV:
00247 case T_IPC:
00248 case T_SCD:
00249 case T_PROCESS:
00250 case T_NETDEV:
00251 case T_NETOBJ:
00252 #if defined(CONFIG_RSBAC_UM)
00253 case T_USER:
00254 case T_GROUP:
00255 #endif
00256 return(DO_NOT_CARE);
00257 default:
00258 return(UNDEFINED);
00259 };
00260
00261 case R_LINK_HARD:
00262 switch(target)
00263 {
00264 case T_FILE:
00265 case T_FIFO:
00266 case T_SYMLINK:
00267 return(DO_NOT_CARE);
00268 /* all other cases are undefined */
00269 default: return(UNDEFINED);
00270 }
00271
00272 case R_MODIFY_ACCESS_DATA:
00273 switch(target)
00274 {
00275 case T_FILE:
00276 case T_DIR:
00277 case T_FIFO:
00278 case T_SYMLINK:
00279 return(DO_NOT_CARE);
00280 /* all other cases are undefined */
00281 default: return(UNDEFINED);
00282 }
00283
00284 case R_MODIFY_ATTRIBUTE:
00285 return(DO_NOT_CARE);
00286
00287 case R_MODIFY_PERMISSIONS_DATA:
00288 switch(target)
00289 {
00290 case T_FILE:
00291 case T_DIR:
00292 case T_FIFO:
00293 case T_SYMLINK:
00294 case T_IPC:
00295 case T_SCD:
00296 case T_DEV:
00297 case T_NETOBJ:
00298 #if defined(CONFIG_RSBAC_UM)
00299 case T_USER:
00300 case T_GROUP:
00301 #endif
00302 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
00303 case T_NONE:
00304 #endif
00305 return(DO_NOT_CARE);
00306 /* all other cases are undefined */
00307 default: return(UNDEFINED);
00308 }
00309
00310 case R_MODIFY_SYSTEM_DATA:
00311 switch(target)
00312 {
00313 case T_SCD:
00314 case T_DEV:
00315 case T_NETDEV:
00316 case T_PROCESS:
00317 #if defined(CONFIG_RSBAC_NET_OBJ)
00318 case T_NETOBJ:
00319 #endif
00320 return(DO_NOT_CARE);
00321 /* all other cases are undefined */
00322 default: return(UNDEFINED);
00323 }
00324
00325 case R_MOUNT:
00326 switch(target)
00327 {
00328 case T_FILE:
00329 case T_DIR:
00330 case T_DEV:
00331 return(DO_NOT_CARE);
00332 /* all other cases are undefined */
00333 default: return(UNDEFINED);
00334 }
00335
00336 case R_READ:
00337 switch(target)
00338 {
00339 case T_DIR:
00340 #ifdef CONFIG_RSBAC_RW
00341 case T_FILE:
00342 case T_FIFO:
00343 case T_DEV:
00344 case T_IPC:
00345 #endif
00346 #if defined(CONFIG_RSBAC_NET_OBJ)
00347 case T_NETTEMP:
00348 #endif
00349 #if defined(CONFIG_RSBAC_NET_OBJ_RW)
00350 case T_NETOBJ:
00351 #endif
00352 #if defined(CONFIG_RSBAC_UM)
00353 case T_USER:
00354 case T_GROUP:
00355 #endif
00356 return(DO_NOT_CARE);
00357 /* all other cases are undefined */
00358 default: return(UNDEFINED); }
00359
00360 case R_READ_ATTRIBUTE:
00361 return(DO_NOT_CARE);
00362
00363 case R_READ_OPEN:
00364 switch(target)
00365 {
00366 case T_FILE:
00367 case T_FIFO:
00368 case T_IPC:
00369 case T_DEV:
00370 return(DO_NOT_CARE);
00371 /* all other cases are undefined */
00372 default: return(UNDEFINED);
00373 }
00374
00375 case R_READ_WRITE_OPEN:
00376 switch(target)
00377 {
00378 case T_FILE:
00379 case T_FIFO:
00380 case T_IPC:
00381 case T_DEV:
00382 return(DO_NOT_CARE);
00383 /* all other cases are undefined */
00384 default: return(UNDEFINED);
00385 }
00386
00387 case R_REMOVE_FROM_KERNEL:
00388 switch(target)
00389 {
00390 case T_FILE:
00391 case T_DEV:
00392 case T_NONE:
00393 return(DO_NOT_CARE);
00394 /* all other cases are undefined */
00395 default: return(UNDEFINED);
00396 }
00397
00398 case R_RENAME:
00399 switch(target)
00400 {
00401 case T_FILE:
00402 case T_DIR:
00403 case T_FIFO:
00404 case T_SYMLINK:
00405 #if defined(CONFIG_RSBAC_UM)
00406 case T_USER:
00407 case T_GROUP:
00408 #endif
00409 return(DO_NOT_CARE);
00410 /* all other cases are undefined */
00411 default: return(UNDEFINED);
00412 }
00413
00414
00415 case R_SEARCH:
00416 switch(target)
00417 {
00418 case T_DIR:
00419 case T_SYMLINK:
00420 #if defined(CONFIG_RSBAC_UM)
00421 case T_USER:
00422 case T_GROUP:
00423 #endif
00424 return(DO_NOT_CARE);
00425 /* all other cases are undefined */
00426 default: return(UNDEFINED);
00427 }
00428
00429 case R_SEND_SIGNAL:
00430 switch(target)
00431 {
00432 case T_PROCESS:
00433 return(DO_NOT_CARE);
00434 /* all other cases are undefined */
00435 default:
00436 return(UNDEFINED);
00437 }
00438
00439 case R_SHUTDOWN:
00440 switch(target)
00441 {
00442 case T_NONE:
00443 return(DO_NOT_CARE);
00444 /* all other cases are undefined */
00445 default: return(UNDEFINED);
00446 }
00447
00448
00449 case R_SWITCH_LOG:
00450 switch(target)
00451 {
00452 case T_NONE:
00453 return(DO_NOT_CARE);
00454 /* all other cases are undefined */
00455 default: return(UNDEFINED);
00456 }
00457
00458 case R_SWITCH_MODULE:
00459 switch(target)
00460 {
00461 case T_NONE:
00462 /* there must be a switch target specified */
00463 if(attr == A_switch_target)
00464 return(DO_NOT_CARE);
00465 /* fall through */
00466 /* all other cases are undefined */
00467 default: return(UNDEFINED);
00468 }
00469
00470 /* notify only, handled by adf-dispatcher */
00471 case R_TERMINATE:
00472 if (target == T_PROCESS)
00473 return(DO_NOT_CARE);
00474 else
00475 return(UNDEFINED);
00476
00477 case R_TRACE:
00478 switch(target)
00479 {
00480 case T_PROCESS:
00481 return(DO_NOT_CARE);
00482 /* all other cases are undefined */
00483 default:
00484 return(UNDEFINED);
00485 }
00486
00487 case R_TRUNCATE:
00488 switch(target)
00489 {
00490 case T_FILE:
00491 return(DO_NOT_CARE);
00492 /* all other cases are undefined */
00493 default: return(UNDEFINED);
00494 }
00495
00496 case R_UMOUNT:
00497 switch(target)
00498 {
00499 case T_FILE:
00500 case T_DIR:
00501 case T_DEV:
00502 return(DO_NOT_CARE);
00503 /* all other cases are undefined */
00504 default: return(UNDEFINED);
00505 }
00506
00507 case R_WRITE:
00508 switch(target)
00509 {
00510 case T_DIR:
00511 case T_SCD:
00512 case T_IPC:
00513 #ifdef CONFIG_RSBAC_RW
00514 case T_FILE:
00515 case T_FIFO:
00516 case T_DEV:
00517 #endif
00518 #if defined(CONFIG_RSBAC_NET_OBJ)
00519 case T_NETTEMP:
00520 #endif
00521 #if defined(CONFIG_RSBAC_NET_OBJ_RW)
00522 case T_NETOBJ:
00523 #endif
00524 #if defined(CONFIG_RSBAC_UM)
00525 case T_USER:
00526 case T_GROUP:
00527 #endif
00528 return(DO_NOT_CARE);
00529 /* all other cases are undefined */
00530 default: return(UNDEFINED);
00531 }
00532
00533 case R_WRITE_OPEN:
00534 switch(target)
00535 {
00536 case T_FILE:
00537 case T_FIFO:
00538 case T_DEV:
00539 case T_IPC:
00540 return(DO_NOT_CARE);
00541 /* all other cases are undefined */
00542 default: return(UNDEFINED);
00543 }
00544
00545 case R_MAP_EXEC:
00546 switch(target)
00547 {
00548 case T_FILE:
00549 case T_NONE:
00550 return(DO_NOT_CARE);
00551 /* all other cases are undefined */
00552 default:
00553 return(UNDEFINED);
00554 }
00555
00556
00557 #if defined(CONFIG_RSBAC_NET)
00558 case R_BIND:
00559 switch(target)
00560 {
00561 #if defined(CONFIG_RSBAC_NET_DEV)
00562 case T_NETDEV:
00563 return(DO_NOT_CARE);
00564 #endif
00565 #if defined(CONFIG_RSBAC_NET_OBJ)
00566 case T_NETOBJ:
00567 return(DO_NOT_CARE);
00568 #endif
00569 /* all other cases are undefined */
00570 default: return(UNDEFINED);
00571 }
00572 #endif
00573
00574 case R_SEND:
00575 switch(target)
00576 {
00577 case T_DEV:
00578 #if defined(CONFIG_RSBAC_NET_OBJ)
00579 case T_NETOBJ:
00580 #endif
00581 return(DO_NOT_CARE);
00582 /* all other cases are undefined */
00583 default: return(UNDEFINED);
00584 }
00585
00586 #if defined(CONFIG_RSBAC_NET_OBJ)
00587 case R_LISTEN:
00588 case R_ACCEPT:
00589 case R_CONNECT:
00590 case R_RECEIVE:
00591 case R_NET_SHUTDOWN:
00592 switch(target)
00593 {
00594 case T_NETOBJ:
00595 return(DO_NOT_CARE);
00596 /* all other cases are undefined */
00597 default: return(UNDEFINED);
00598 }
00599 #endif
00600
00601 case R_IOCTL:
00602 switch(target)
00603 {
00604 case T_DEV:
00605 #if defined(CONFIG_RSBAC_NET_OBJ)
00606 case T_NETOBJ:
00607 #endif
00608 return(DO_NOT_CARE);
00609 /* all other cases are undefined */
00610 default: return(UNDEFINED);
00611 }
00612
00613 case R_LOCK:
00614 switch(target)
00615 {
00616 case T_FILE:
00617 case T_DIR:
00618 case T_FIFO:
00619 case T_SYMLINK:
00620 return(DO_NOT_CARE);
00621 /* all other cases are undefined */
00622 default: return(UNDEFINED);
00623 }
00624
00625 /*********************/
00626 default: return UNDEFINED;
00627 }
00628
00629 return(UNDEFINED);
00630 } /* end of rsbac_adf_request_check() */
|
|
||||||||||||||||||||||||||||||||||||||||
|
Definition at line 644 of file adf_check.c. References R_ACCEPT, R_APPEND_OPEN, R_BIND, R_CHANGE_DAC_EFF_OWNER, R_CHANGE_DAC_FS_OWNER, R_CHANGE_OWNER, R_CHDIR, R_CLONE, R_CLOSE, R_CONNECT, R_CREATE, R_DELETE, R_EXECUTE, R_LISTEN, R_MAP_EXEC, R_MOUNT, R_NET_SHUTDOWN, R_READ, R_READ_OPEN, R_READ_WRITE_OPEN, R_RECEIVE, R_SEARCH, R_SEND, R_SHUTDOWN, R_TRACE, R_TRUNCATE, R_WRITE, R_WRITE_OPEN, RSBAC_EINVALIDATTR, RSBAC_EINVALIDTARGET, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETOBJ, T_NONE, T_PROCESS, T_SYMLINK, and T_USER. Referenced by rsbac_adf_set_attr(). 00654 {
00655 switch (request)
00656 {
00657 case R_APPEND_OPEN:
00658 switch(target)
00659 {
00660 case T_FILE:
00661 case T_FIFO:
00662 case T_IPC:
00663 case T_DEV:
00664 return(0);
00665 /* all other cases are undefined */
00666 default: return(-RSBAC_EINVALIDTARGET);
00667 }
00668
00669 case R_CHANGE_OWNER:
00670 switch(target)
00671 {
00672 /* Changing process owner affects access decisions, */
00673 /* so attributes have to be adjusted. */
00674 case T_PROCESS:
00675 /* there must be a new owner specified */
00676 if(attr != A_owner)
00677 return(-RSBAC_EINVALIDATTR);
00678 /* fall through */
00679 case T_FILE:
00680 case T_DIR:
00681 case T_FIFO:
00682 case T_SYMLINK:
00683 case T_IPC:
00684 case T_NONE:
00685 return(0);
00686 /* all other cases are undefined */
00687 default:
00688 return(-RSBAC_EINVALIDTARGET);
00689 }
00690
00691 #ifdef CONFIG_RSBAC_DAC_OWNER
00692 case R_CHANGE_DAC_EFF_OWNER:
00693 case R_CHANGE_DAC_FS_OWNER:
00694 switch(target)
00695 {
00696 /* Changing process owner affects access decisions, */
00697 /* so attributes have to be adjusted. */
00698 case T_PROCESS:
00699 /* there must be a new owner specified */
00700 if(attr != A_owner)
00701 return(-RSBAC_EINVALIDATTR);
00702 return(0);
00703 /* all other cases are undefined */
00704 default:
00705 return(-RSBAC_EINVALIDTARGET);
00706 }
00707 #endif
00708
00709 case R_CHDIR:
00710 switch(target)
00711 {
00712 case T_DIR:
00713 return(0);
00714 default:
00715 return(-RSBAC_EINVALIDTARGET);
00716 };
00717
00718 case R_CLONE:
00719 if (target == T_PROCESS)
00720 return(0);
00721 else
00722 return(-RSBAC_EINVALIDTARGET);
00723
00724 case R_CLOSE: /* only notifying for clean-up of opened-tables */
00725 switch(target)
00726 {
00727 case T_FILE:
00728 case T_DIR:
00729 case T_FIFO:
00730 case T_DEV:
00731 case T_IPC:
00732 #if defined(CONFIG_RSBAC_NET_OBJ)
00733 case T_NETOBJ:
00734 #endif
00735 return(0);
00736 default:
00737 return(-RSBAC_EINVALIDTARGET);
00738 };
00739
00740 case R_CREATE:
00741 switch(target)
00742 {
00743 /* Creating dir or (pseudo) file IN target dir! */
00744 case T_DIR:
00745 case T_IPC:
00746 #if defined(CONFIG_RSBAC_NET_OBJ)
00747 case T_NETOBJ:
00748 #endif
00749 #if defined(CONFIG_RSBAC_UM)
00750 case T_USER:
00751 case T_GROUP:
00752 #endif
00753 return(0);
00754 /* all other cases are undefined */
00755 default:
00756 return(-RSBAC_EINVALIDTARGET);
00757 }
00758
00759 /* removal of targets is done in main adf dispatcher! */
00760 case R_DELETE:
00761 switch(target)
00762 {
00763 case T_FILE:
00764 case T_DIR:
00765 case T_FIFO:
00766 case T_SYMLINK:
00767 case T_IPC:
00768 #if defined(CONFIG_RSBAC_UM)
00769 case T_USER:
00770 case T_GROUP:
00771 #endif
00772 return(0);
00773 /* all other cases are undefined */
00774 default:
00775 return(-RSBAC_EINVALIDTARGET);
00776 }
00777
00778 case R_EXECUTE:
00779 switch(target)
00780 {
00781 case T_FILE:
00782 return(0);
00783 /* all other cases are undefined */
00784 default:
00785 return(-RSBAC_EINVALIDTARGET);
00786 }
00787
00788 case R_MOUNT:
00789 switch(target)
00790 {
00791 case T_DIR:
00792 return(0);
00793 /* all other cases are undefined */
00794 default:
00795 return(-RSBAC_EINVALIDTARGET);
00796 }
00797
00798 case R_READ:
00799 switch(target)
00800 {
00801 case T_DIR:
00802 #ifdef CONFIG_RSBAC_RW
00803 case T_FILE:
00804 case T_FIFO:
00805 case T_DEV:
00806 case T_IPC:
00807 #endif
00808 #if defined(CONFIG_RSBAC_NET_OBJ_RW) || defined(CONFIG_RSBAC_MS_SOCK)
00809 case T_NETOBJ:
00810 #endif
00811 return(0);
00812 /* all other cases are undefined */
00813 default:
00814 return(-RSBAC_EINVALIDTARGET);
00815 }
00816
00817 case R_READ_OPEN:
00818 switch(target)
00819 {
00820 case T_FILE:
00821 case T_DIR:
00822 case T_FIFO:
00823 case T_IPC:
00824 case T_DEV:
00825 return(0);
00826 /* all other cases are undefined */
00827 default:
00828 return(-RSBAC_EINVALIDTARGET);
00829 }
00830
00831 case R_READ_WRITE_OPEN:
00832 switch(target)
00833 {
00834 case T_FILE:
00835 case T_FIFO:
00836 case T_IPC:
00837 case T_DEV:
00838 return(0);
00839 /* all other cases are undefined */
00840 default:
00841 return(-RSBAC_EINVALIDTARGET);
00842 }
00843
00844 case R_SEARCH:
00845 switch(target)
00846 {
00847 case T_DIR:
00848 return(0);
00849 /* all other cases are undefined */
00850 default:
00851 return(-RSBAC_EINVALIDTARGET);
00852 }
00853
00854 #if defined(CONFIG_RSBAC_NET_OBJ)
00855 case R_SHUTDOWN:
00856 switch(target)
00857 {
00858 case T_NETOBJ:
00859 return 0;
00860 /* all other cases are undefined */
00861 default:
00862 return(-RSBAC_EINVALIDTARGET);
00863 }
00864 #endif
00865
00866 case R_TRACE:
00867 switch(target)
00868 {
00869 case T_PROCESS:
00870 return(0);
00871 /* all other cases are undefined */
00872 default:
00873 return(-RSBAC_EINVALIDTARGET);
00874 }
00875
00876 case R_TRUNCATE:
00877 switch(target)
00878 {
00879 case T_FILE:
00880 return(0);
00881 /* all other cases are undefined */
00882 default:
00883 return(-RSBAC_EINVALIDTARGET);
00884 }
00885
00886 #ifdef CONFIG_RSBAC_RW
00887 case R_WRITE:
00888 switch(target)
00889 {
00890 case T_FILE:
00891 case T_FIFO:
00892 case T_DEV:
00893 #ifdef CONFIG_RSBAC_RW
00894 case T_IPC:
00895 #endif
00896 #if defined(CONFIG_RSBAC_NET_OBJ_RW)
00897 case T_NETOBJ:
00898 #endif
00899 return(0);
00900 /* all other cases are undefined */
00901 default:
00902 return(-RSBAC_EINVALIDTARGET);
00903 }
00904 #endif
00905
00906 case R_WRITE_OPEN:
00907 switch(target)
00908 {
00909 case T_FILE:
00910 case T_FIFO:
00911 case T_DEV:
00912 case T_IPC:
00913 return(0);
00914 /* all other cases are undefined */
00915 default:
00916 return(-RSBAC_EINVALIDTARGET);
00917 }
00918
00919 case R_MAP_EXEC:
00920 switch(target)
00921 {
00922 case T_FILE:
00923 case T_NONE:
00924 return(0);
00925 /* all other cases are undefined */
00926 default:
00927 return(-RSBAC_EINVALIDTARGET);
00928 }
00929
00930
00931 #if defined(CONFIG_RSBAC_NET_OBJ)
00932 case R_BIND:
00933 case R_LISTEN:
00934 case R_ACCEPT:
00935 case R_CONNECT:
00936 case R_SEND:
00937 case R_RECEIVE:
00938 case R_NET_SHUTDOWN:
00939 switch(target)
00940 {
00941 case T_NETOBJ:
00942 return 0;
00943 /* all other cases are undefined */
00944 default:
00945 return(-RSBAC_EINVALIDTARGET);
00946 }
00947 #endif
00948
00949 /*********************/
00950 default:
00951 return(-RSBAC_EINVALIDTARGET);
00952 }
00953
00954 return(-RSBAC_EINVALIDTARGET);
00955 }; /* end of rsbac_adf_set_attr_check() */
|
1.4.2