#include <linux/string.h>#include <rsbac/types.h>#include <rsbac/aci.h>#include <rsbac/adf_main.h>#include <rsbac/error.h>#include <rsbac/helpers.h>#include <rsbac/getname.h>#include <rsbac/debug.h>Go to the source code of this file.
Functions | |
| enum rsbac_adf_req_ret_t | rsbac_adf_request_cap (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
| int | rsbac_adf_set_attr_cap (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t new_target, union rsbac_target_id_t new_tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
|
||||||||||||||||||||||||||||||||
|
Definition at line 34 of file cap_main.c. References A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_process_hiding, A_cap_role, A_max_caps, A_max_caps_program, A_max_caps_user, A_min_caps, A_none, A_system_role, AUTH, CAP, rsbac_attribute_value_t::cap_process_hiding, DO_NOT_CARE, FREEZE, GRANTED, NOT_GRANTED, PH_from_other_users, PH_full, rsbac_target_id_t::process, R_CHANGE_GROUP, R_GET_STATUS_DATA, R_MODIFY_ATTRIBUTE, R_MODIFY_SYSTEM_DATA, R_READ_ATTRIBUTE, R_SEND_SIGNAL, R_SWITCH_LOG, R_SWITCH_MODULE, R_TRACE, rsbac_get_attr, SOFTMODE, SR_administrator, SR_security_officer, rsbac_attribute_value_t::system_role, T_NONE, T_PROCESS, T_USER, TRUE, UNDEFINED, and rsbac_target_id_t::user. Referenced by rsbac_adf_request_int(). 00041 {
00042 union rsbac_target_id_t i_tid;
00043 union rsbac_attribute_value_t i_attr_val1;
00044
00045 switch (request)
00046 {
00047 case R_MODIFY_ATTRIBUTE:
00048 switch(attr)
00049 {
00050 case A_system_role:
00051 case A_cap_role:
00052 case A_min_caps:
00053 case A_max_caps:
00054 case A_max_caps_user:
00055 case A_max_caps_program:
00056 case A_cap_process_hiding:
00057 #ifdef CONFIG_RSBAC_CAP_AUTH_PROT
00058 case A_auth_may_setuid:
00059 case A_auth_may_set_cap:
00060 case A_auth_start_uid:
00061 case A_auth_start_euid:
00062 case A_auth_start_gid:
00063 case A_auth_start_egid:
00064 case A_auth_program_file:
00065 case A_auth_learn:
00066 case A_auth_add_f_cap:
00067 case A_auth_remove_f_cap:
00068 #endif
00069 /* All attributes (remove target!) */
00070 case A_none:
00071 /* Security Officer? */
00072 i_tid.user = owner;
00073 if (rsbac_get_attr(CAP,
00074 T_USER,
00075 i_tid,
00076 A_cap_role,
00077 &i_attr_val1,
00078 TRUE))
00079 {
00080 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00081 return(NOT_GRANTED);
00082 }
00083 /* if sec_officer, then grant */
00084 if (i_attr_val1.system_role == SR_security_officer)
00085 return(GRANTED);
00086 else
00087 return(NOT_GRANTED);
00088
00089 default:
00090 return(DO_NOT_CARE);
00091 }
00092
00093 case R_READ_ATTRIBUTE:
00094 switch(attr)
00095 {
00096 case A_system_role:
00097 case A_cap_role:
00098 case A_min_caps:
00099 case A_max_caps:
00100 case A_max_caps_user:
00101 case A_max_caps_program:
00102 case A_cap_process_hiding:
00103 /* All attributes (remove target!) */
00104 case A_none:
00105 /* Security Officer or Admin? */
00106 i_tid.user = owner;
00107 if (rsbac_get_attr(CAP,
00108 T_USER,
00109 i_tid,
00110 A_cap_role,
00111 &i_attr_val1,
00112 TRUE))
00113 {
00114 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00115 return(NOT_GRANTED);
00116 }
00117 /* if sec_officer, then grant */
00118 if( (i_attr_val1.system_role == SR_security_officer)
00119 || (i_attr_val1.system_role == SR_administrator)
00120 )
00121 return(GRANTED);
00122 else
00123 return(NOT_GRANTED);
00124
00125 default:
00126 return(DO_NOT_CARE);
00127 }
00128
00129 case R_SWITCH_LOG:
00130 switch(target)
00131 {
00132 case T_NONE:
00133 /* test owner's cap_role */
00134 i_tid.user = owner;
00135 if (rsbac_get_attr(CAP,
00136 T_USER,
00137 i_tid,
00138 A_cap_role,
00139 &i_attr_val1,
00140 TRUE))
00141 {
00142 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00143 return(NOT_GRANTED);
00144 }
00145 /* security officer? -> grant */
00146 if (i_attr_val1.system_role == SR_security_officer)
00147 return(GRANTED);
00148 else
00149 return(NOT_GRANTED);
00150
00151 /* all other cases are unknown */
00152 default: return(DO_NOT_CARE);
00153 }
00154
00155 case R_SWITCH_MODULE:
00156 switch(target)
00157 {
00158 case T_NONE:
00159 /* we need the switch_target */
00160 if(attr != A_switch_target)
00161 return(UNDEFINED);
00162 /* do not care for other modules */
00163 if( (attr_val.switch_target != CAP)
00164 #ifdef CONFIG_RSBAC_CAP_AUTH_PROT
00165 && (attr_val.switch_target != AUTH)
00166 #endif
00167 #ifdef CONFIG_RSBAC_SOFTMODE
00168 && (attr_val.switch_target != SOFTMODE)
00169 #endif
00170 #ifdef CONFIG_RSBAC_FREEZE
00171 && (attr_val.switch_target != FREEZE)
00172 #endif
00173 )
00174 return(DO_NOT_CARE);
00175 /* test owner's cap_role */
00176 i_tid.user = owner;
00177 if (rsbac_get_attr(CAP,
00178 T_USER,
00179 i_tid,
00180 A_cap_role,
00181 &i_attr_val1,
00182 TRUE))
00183 {
00184 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00185 return(NOT_GRANTED);
00186 }
00187 /* security officer? -> grant */
00188 if (i_attr_val1.system_role == SR_security_officer)
00189 return(GRANTED);
00190 else
00191 return(NOT_GRANTED);
00192
00193 /* all other cases are unknown */
00194 default: return(DO_NOT_CARE);
00195 }
00196
00197 #ifdef CONFIG_RSBAC_CAP_PROC_HIDE
00198 case R_CHANGE_GROUP:
00199 case R_GET_STATUS_DATA:
00200 case R_MODIFY_SYSTEM_DATA:
00201 case R_SEND_SIGNAL:
00202 case R_TRACE:
00203 switch(target)
00204 {
00205 case T_PROCESS:
00206 if(caller_pid == tid.process)
00207 return GRANTED;
00208 if (rsbac_get_attr(CAP,
00209 target,
00210 tid,
00211 A_cap_process_hiding,
00212 &i_attr_val1,
00213 TRUE))
00214 {
00215 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_process_hiding);
00216 return(NOT_GRANTED); /* something weird happened */
00217 }
00218 switch(i_attr_val1.cap_process_hiding)
00219 {
00220 case PH_full:
00221 /* Security Officer or Admin? */
00222 i_tid.user = owner;
00223 if (rsbac_get_attr(CAP,
00224 T_USER,
00225 i_tid,
00226 A_cap_role,
00227 &i_attr_val1,
00228 TRUE))
00229 {
00230 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00231 return(NOT_GRANTED);
00232 }
00233 /* if sec_officer, then grant */
00234 if(i_attr_val1.system_role == SR_security_officer)
00235 return(GRANTED);
00236 else
00237 return(NOT_GRANTED);
00238 case PH_from_other_users:
00239 {
00240 struct task_struct * task_p;
00241 enum rsbac_adf_req_ret_t result;
00242
00243 read_lock(&tasklist_lock);
00244 task_p = find_task_by_pid(tid.process);
00245 if( task_p
00246 && (task_p->uid != owner)
00247 )
00248 result = NOT_GRANTED;
00249 else
00250 result = GRANTED;
00251 read_unlock(&tasklist_lock);
00252 if(result == GRANTED)
00253 return GRANTED;
00254 /* Security Officer or Admin? */
00255 i_tid.user = owner;
00256 if (rsbac_get_attr(CAP,
00257 T_USER,
00258 i_tid,
00259 A_cap_role,
00260 &i_attr_val1,
00261 TRUE))
00262 {
00263 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00264 return(NOT_GRANTED);
00265 }
00266 /* if sec_officer or admin, then grant */
00267 if( (i_attr_val1.system_role == SR_security_officer)
00268 || (i_attr_val1.system_role == SR_administrator)
00269 )
00270 return(GRANTED);
00271 else
00272 return(NOT_GRANTED);
00273 }
00274 default:
00275 return DO_NOT_CARE;
00276 }
00277
00278 default:
00279 return DO_NOT_CARE;
00280 }
00281 #endif
00282
00283 /*********************/
00284 default: return DO_NOT_CARE;
00285 }
00286
00287 return(DO_NOT_CARE);
00288 } /* end of rsbac_adf_request_cap() */
|
|
||||||||||||||||||||||||||||||||||||||||
|
Definition at line 301 of file cap_main.c. References A_cap_process_hiding, A_max_caps, A_max_caps_program, A_max_caps_user, A_min_caps, CAP, rsbac_attribute_value_t::cap_process_hiding, FALSE, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::max_caps_program, rsbac_attribute_value_t::max_caps_user, rsbac_attribute_value_t::min_caps, rsbac_attribute_value_t::owner, rsbac_target_id_t::process, R_CHANGE_OWNER, R_CLONE, R_EXECUTE, RSBAC_CAP_DEFAULT_MAX, RSBAC_EINVALIDATTR, rsbac_get_attr, rsbac_printk(), rsbac_set_attr, T_FILE, T_PROCESS, T_USER, and rsbac_target_id_t::user. Referenced by rsbac_adf_set_attr(). 00311 {
00312 union rsbac_target_id_t i_tid;
00313 union rsbac_attribute_value_t i_attr_val1;
00314
00315 switch (request)
00316 {
00317 case R_CHANGE_OWNER:
00318 switch(target)
00319 {
00320 case T_PROCESS:
00321 if(attr != A_owner)
00322 return(-RSBAC_EINVALIDATTR);
00323 /* Adjust Linux caps */
00324 i_tid.user = attr_val.owner;
00325 if (rsbac_get_attr(CAP,
00326 T_USER,
00327 i_tid,
00328 A_max_caps,
00329 &i_attr_val1,
00330 FALSE))
00331 {
00332 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_max_caps);
00333 }
00334 else
00335 {
00336 #ifdef CONFIG_RSBAC_SOFTMODE
00337 if( rsbac_softmode
00338 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00339 || rsbac_ind_softmode[CAP]
00340 #endif
00341 )
00342 { /* Warn */
00343 if(i_attr_val1.max_caps != RSBAC_CAP_DEFAULT_MAX)
00344 {
00345 rsbac_printk(KERN_NOTICE
00346 "rsbac_adf_set_attr_cap(): running in softmode, max_caps of user %u not applied to process %u(%.15s)!\n",
00347 owner,
00348 caller_pid,
00349 current->comm);
00350 }
00351 }
00352 else
00353 #endif
00354 {
00355 extern spinlock_t task_capability_lock;
00356
00357 /* set caps for process */
00358 spin_lock(&task_capability_lock);
00359 current->cap_permitted &= i_attr_val1.max_caps;
00360 current->cap_effective &= i_attr_val1.max_caps;
00361 current->cap_inheritable &= i_attr_val1.max_caps;
00362 spin_unlock(&task_capability_lock);
00363
00364 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00365 /* set max_caps_user for process */
00366 if (rsbac_set_attr(CAP,
00367 target,
00368 tid,
00369 A_max_caps_user,
00370 i_attr_val1))
00371 {
00372 rsbac_ds_set_error("rsbac_adf_set_attr_cap()", A_max_caps_user);
00373 }
00374 #endif
00375 }
00376 }
00377 if (rsbac_get_attr(CAP,
00378 T_USER,
00379 i_tid,
00380 A_min_caps,
00381 &i_attr_val1,
00382 FALSE))
00383 {
00384 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_min_caps);
00385 }
00386 else
00387 {
00388 extern spinlock_t task_capability_lock;
00389
00390 /* set caps for process */
00391 spin_lock(&task_capability_lock);
00392 current->cap_permitted |= i_attr_val1.min_caps;
00393 current->cap_effective |= i_attr_val1.min_caps;
00394 current->cap_inheritable |= i_attr_val1.min_caps;
00395 spin_unlock(&task_capability_lock);
00396 }
00397 return 0;
00398
00399 /* all other cases are unknown */
00400 default:
00401 return(0);
00402 }
00403 break;
00404
00405 #if defined (CONFIG_RSBAC_CAP_PROC_HIDE) || defined(CONFIG_RSBAC_CAP_LOG_MISSING)
00406 case R_CLONE:
00407 switch(target)
00408 {
00409 case T_PROCESS:
00410 #ifdef CONFIG_RSBAC_CAP_PROC_HIDE
00411 /* get process hiding from old process */
00412 if (rsbac_get_attr(CAP,
00413 target,
00414 tid,
00415 A_cap_process_hiding,
00416 &i_attr_val1,
00417 FALSE))
00418 {
00419 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_cap_process_hiding);
00420 }
00421 else
00422 { /* only set, of not default value 0 */
00423 if(i_attr_val1.cap_process_hiding)
00424 {
00425 /* set program based log for new process */
00426 if (rsbac_set_attr(CAP,
00427 new_target,
00428 new_tid,
00429 A_cap_process_hiding,
00430 i_attr_val1))
00431 {
00432 rsbac_ds_set_error("rsbac_adf_set_attr_cap()", A_cap_process_hiding);
00433 }
00434 }
00435 }
00436 #endif
00437 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00438 /* get max_caps_user from old process */
00439 if (rsbac_get_attr(CAP,
00440 target,
00441 tid,
00442 A_max_caps_user,
00443 &i_attr_val1,
00444 FALSE))
00445 {
00446 rsbac_ds_get_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_user);
00447 }
00448 else
00449 { /* only set, of not default value */
00450 if(i_attr_val1.max_caps_user != RSBAC_CAP_DEFAULT_MAX)
00451 {
00452 if (rsbac_set_attr(CAP,
00453 new_target,
00454 new_tid,
00455 A_max_caps_user,
00456 i_attr_val1))
00457 {
00458 rsbac_ds_set_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_user);
00459 }
00460 }
00461 }
00462 /* get max_caps_program from old process */
00463 if (rsbac_get_attr(CAP,
00464 target,
00465 tid,
00466 A_max_caps_program,
00467 &i_attr_val1,
00468 FALSE))
00469 {
00470 rsbac_ds_get_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_program);
00471 }
00472 else
00473 { /* only set, of not default value */
00474 if(i_attr_val1.max_caps_program != RSBAC_CAP_DEFAULT_MAX)
00475 {
00476 if (rsbac_set_attr(CAP,
00477 new_target,
00478 new_tid,
00479 A_max_caps_program,
00480 i_attr_val1))
00481 {
00482 rsbac_ds_set_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_program);
00483 }
00484 }
00485 }
00486 #endif
00487 return 0;
00488
00489 /* all other cases are unknown */
00490 default:
00491 return(0);
00492 }
00493 #endif /* PROC_HIDE || LOG_MISSING */
00494
00495 case R_EXECUTE:
00496 switch(target)
00497 {
00498 case T_FILE:
00499 /* Adjust Linux caps - first user, then program based */
00500 /* User must be redone, because caps are cleared by Linux kernel */
00501 i_tid.user = owner;
00502 if (rsbac_get_attr(CAP,
00503 T_USER,
00504 i_tid,
00505 A_max_caps,
00506 &i_attr_val1,
00507 FALSE))
00508 {
00509 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_max_caps);
00510 }
00511 else
00512 {
00513 #ifdef CONFIG_RSBAC_SOFTMODE
00514 if( rsbac_softmode
00515 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00516 || rsbac_ind_softmode[CAP]
00517 #endif
00518 )
00519 { /* Warn */
00520 if(i_attr_val1.max_caps != RSBAC_CAP_DEFAULT_MAX)
00521 {
00522 rsbac_printk(KERN_NOTICE
00523 "rsbac_adf_set_attr_cap(): running in softmode, max_caps of user %u not applied to process %u(%.15s)!\n",
00524 owner,
00525 caller_pid,
00526 current->comm);
00527 }
00528 }
00529 else
00530 #endif
00531 {
00532 extern spinlock_t task_capability_lock;
00533
00534 /* set caps for process */
00535 spin_lock(&task_capability_lock);
00536 current->cap_permitted &= i_attr_val1.max_caps;
00537 current->cap_effective &= i_attr_val1.max_caps;
00538 current->cap_inheritable &= i_attr_val1.max_caps;
00539 spin_unlock(&task_capability_lock);
00540 }
00541 }
00542 if (rsbac_get_attr(CAP,
00543 T_USER,
00544 i_tid,
00545 A_min_caps,
00546 &i_attr_val1,
00547 FALSE))
00548 {
00549 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_min_caps);
00550 }
00551 else
00552 {
00553 extern spinlock_t task_capability_lock;
00554
00555 /* set caps for process */
00556 spin_lock(&task_capability_lock);
00557 current->cap_permitted |= i_attr_val1.min_caps;
00558 current->cap_effective |= i_attr_val1.min_caps;
00559 current->cap_inheritable |= i_attr_val1.min_caps;
00560 spin_unlock(&task_capability_lock);
00561 }
00562 if (rsbac_get_attr(CAP,
00563 target,
00564 tid,
00565 A_max_caps,
00566 &i_attr_val1,
00567 FALSE))
00568 {
00569 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_max_caps);
00570 }
00571 else
00572 {
00573 #ifdef CONFIG_RSBAC_SOFTMODE
00574 if( rsbac_softmode
00575 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00576 || rsbac_ind_softmode[CAP]
00577 #endif
00578 )
00579 { /* Warn */
00580 if(i_attr_val1.max_caps != RSBAC_CAP_DEFAULT_MAX)
00581 {
00582 rsbac_printk(KERN_NOTICE
00583 "rsbac_adf_set_attr_cap(): running in softmode, max_caps of program not applied to process %u(%.15s)!\n",
00584 caller_pid,
00585 current->comm);
00586 }
00587 }
00588 else
00589 #endif
00590 {
00591 extern spinlock_t task_capability_lock;
00592
00593 /* set caps for process */
00594 spin_lock(&task_capability_lock);
00595 current->cap_permitted &= i_attr_val1.max_caps;
00596 current->cap_effective &= i_attr_val1.max_caps;
00597 current->cap_inheritable &= i_attr_val1.max_caps;
00598 spin_unlock(&task_capability_lock);
00599
00600 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00601 i_tid.process = caller_pid;
00602 /* set max_caps_program for process */
00603 if (rsbac_set_attr(CAP,
00604 T_PROCESS,
00605 i_tid,
00606 A_max_caps_program,
00607 i_attr_val1))
00608 {
00609 rsbac_ds_set_error("rsbac_adf_set_attr_cap():EXECUTE", A_max_caps_program);
00610 }
00611 #endif
00612 }
00613 }
00614 if (rsbac_get_attr(CAP,
00615 target,
00616 tid,
00617 A_min_caps,
00618 &i_attr_val1,
00619 FALSE))
00620 {
00621 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_min_caps);
00622 }
00623 else
00624 {
00625 extern spinlock_t task_capability_lock;
00626
00627 /* set caps for process */
00628 spin_lock(&task_capability_lock);
00629 current->cap_permitted |= i_attr_val1.min_caps;
00630 current->cap_effective |= i_attr_val1.min_caps;
00631 current->cap_inheritable |= i_attr_val1.min_caps;
00632 spin_unlock(&task_capability_lock);
00633 }
00634 return 0;
00635
00636 /* all other cases are unknown */
00637 default:
00638 return 0;
00639 }
00640 break;
00641
00642 /*********************/
00643 default: return 0;
00644 }
00645
00646 return 0;
00647 } /* end of rsbac_adf_set_attr_cap() */
|
1.4.2