00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012 #include <linux/string.h>
00013 #include <rsbac/types.h>
00014 #include <rsbac/aci.h>
00015 #include <rsbac/adf_main.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/helpers.h>
00018 #include <rsbac/getname.h>
00019 #include <rsbac/network.h>
00020 #include <rsbac/debug.h>
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030 static rsbac_boolean_t jail_dev_tty(struct rsbac_dev_desc_t dev)
00031 {
00032 if(dev.type != D_char)
00033 return FALSE;
00034 if( ( (dev.major >= 2)
00035 && (dev.major <= 4)
00036 )
00037 ||( (dev.major >= 128)
00038 && (dev.major <= 143)
00039 )
00040 )
00041 return TRUE;
00042 else
00043 return FALSE;
00044 }
00045
00046 static rsbac_jail_id_t
00047 jail_get_id(enum rsbac_target_t target,
00048 union rsbac_target_id_t tid)
00049 {
00050 int err;
00051 union rsbac_attribute_value_t i_attr_val1;
00052
00053 if ((err=rsbac_get_attr(JAIL,
00054 target,
00055 tid,
00056 A_jail_id,
00057 &i_attr_val1,
00058 TRUE)))
00059 {
00060 rsbac_ds_get_error("jail_get_id()", A_jail_id);
00061 return 0;
00062 }
00063 else
00064 return i_attr_val1.jail_id;
00065 }
00066
00067 static rsbac_jail_id_t
00068 jail_get_id_process(rsbac_pid_t pid)
00069 {
00070 int err;
00071 union rsbac_target_id_t i_tid;
00072 union rsbac_attribute_value_t i_attr_val1;
00073
00074 i_tid.process = pid;
00075 if ((err=rsbac_get_attr(JAIL,
00076 T_PROCESS,
00077 i_tid,
00078 A_jail_id,
00079 &i_attr_val1,
00080 TRUE)))
00081 {
00082 rsbac_ds_get_error("jail_get_id_process()", A_jail_id);
00083 return 0;
00084 }
00085 else
00086 return i_attr_val1.jail_id;
00087 }
00088
00089 #if defined(CONFIG_RSBAC_NET_OBJ)
00090 static rsbac_jail_ip_t
00091 jail_get_ip_process(rsbac_pid_t pid)
00092 {
00093 int err;
00094 union rsbac_target_id_t i_tid;
00095 union rsbac_attribute_value_t i_attr_val1;
00096
00097 i_tid.process = pid;
00098 if ((err=rsbac_get_attr(JAIL,
00099 T_PROCESS,
00100 i_tid,
00101 A_jail_ip,
00102 &i_attr_val1,
00103 TRUE)))
00104 {
00105 rsbac_ds_get_error("jail_get_ip_process()", A_jail_ip);
00106 return 0;
00107 }
00108 else
00109 return i_attr_val1.jail_ip;
00110 }
00111 #endif
00112
00113 static rsbac_jail_flags_t
00114 jail_get_flags_process(rsbac_pid_t pid)
00115 {
00116 int err;
00117 union rsbac_target_id_t i_tid;
00118 union rsbac_attribute_value_t i_attr_val1;
00119
00120 i_tid.process = pid;
00121 if ((err=rsbac_get_attr(JAIL,
00122 T_PROCESS,
00123 i_tid,
00124 A_jail_flags,
00125 &i_attr_val1,
00126 TRUE)))
00127 {
00128 rsbac_ds_get_error("jail_get_flags_process()", A_jail_flags);
00129 return 0;
00130 }
00131 else
00132 return i_attr_val1.jail_flags;
00133 }
00134
00135 static rsbac_jail_scd_vector_t
00136 jail_get_scd_get_process(rsbac_pid_t pid)
00137 {
00138 int err;
00139 union rsbac_target_id_t i_tid;
00140 union rsbac_attribute_value_t i_attr_val1;
00141
00142 i_tid.process = pid;
00143 if ((err=rsbac_get_attr(JAIL,
00144 T_PROCESS,
00145 i_tid,
00146 A_jail_scd_get,
00147 &i_attr_val1,
00148 TRUE)))
00149 {
00150 rsbac_ds_get_error("jail_get_flags_process()", A_jail_scd_get);
00151 return 0;
00152 }
00153 else
00154 return i_attr_val1.jail_scd_get;
00155 }
00156
00157 static rsbac_jail_scd_vector_t
00158 jail_get_scd_modify_process(rsbac_pid_t pid)
00159 {
00160 int err;
00161 union rsbac_target_id_t i_tid;
00162 union rsbac_attribute_value_t i_attr_val1;
00163
00164 i_tid.process = pid;
00165 if ((err=rsbac_get_attr(JAIL,
00166 T_PROCESS,
00167 i_tid,
00168 A_jail_scd_modify,
00169 &i_attr_val1,
00170 TRUE)))
00171 {
00172 rsbac_ds_get_error("jail_get_flags_process()", A_jail_scd_modify);
00173 return 0;
00174 }
00175 else
00176 return i_attr_val1.jail_scd_modify;
00177 }
00178
00179 static enum rsbac_adf_req_ret_t
00180 jail_check_sysrole(rsbac_uid_t owner, enum rsbac_system_role_t role)
00181 {
00182 union rsbac_target_id_t i_tid;
00183 union rsbac_attribute_value_t i_attr_val1;
00184
00185 i_tid.user = owner;
00186 if (rsbac_get_attr(JAIL,
00187 T_USER,
00188 i_tid,
00189 A_jail_role,
00190 &i_attr_val1,
00191 TRUE))
00192 {
00193 rsbac_ds_get_error("jail_check_sysrole()", A_jail_role);
00194 return(NOT_GRANTED);
00195 }
00196
00197 if (i_attr_val1.system_role == role)
00198 return(GRANTED);
00199 else
00200 return(NOT_GRANTED);
00201 }
00202
00203 #if defined(CONFIG_RSBAC_NET_OBJ)
00204 enum rsbac_adf_req_ret_t
00205 jail_check_ip(rsbac_pid_t pid, union rsbac_target_id_t tid)
00206 {
00207 rsbac_jail_ip_t jail_ip;
00208 rsbac_jail_flags_t jail_flags;
00209
00210 if(!tid.netobj.sock_p)
00211 {
00212 rsbac_printk(KERN_WARNING
00213 "jail_check_ip(): NULL sock_p!\n");
00214 return NOT_GRANTED;
00215 }
00216 if(!tid.netobj.sock_p->ops)
00217 {
00218 return DO_NOT_CARE;
00219 }
00220 switch(tid.netobj.sock_p->ops->family)
00221 {
00222 case AF_UNIX:
00223 return(GRANTED);
00224
00225 case AF_INET:
00226 switch(tid.netobj.sock_p->type)
00227 {
00228 case SOCK_STREAM:
00229 case SOCK_DGRAM:
00230 case SOCK_RDM:
00231 jail_ip = jail_get_ip_process(pid);
00232 if(jail_ip == INADDR_ANY)
00233 return GRANTED;
00234 jail_flags = jail_get_flags_process(pid);
00235 if(tid.netobj.local_addr)
00236 {
00237 struct sockaddr_in * addr = tid.netobj.local_addr;
00238
00239 if( (jail_ip == addr->sin_addr.s_addr)
00240 || ( (jail_flags & JAIL_allow_inet_localhost)
00241 && (addr->sin_addr.s_addr == RSBAC_JAIL_LOCALHOST)
00242 )
00243 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST)
00244 || ( (jail_flags & JAIL_auto_adjust_inet_any)
00245 && (addr->sin_addr.s_addr == INADDR_ANY)
00246 )
00247 #endif
00248 )
00249 return GRANTED;
00250 else
00251 {
00252 #ifdef CONFIG_RSBAC_DEBUG
00253 if(rsbac_debug_adf_jail)
00254 {
00255 rsbac_printk(KERN_DEBUG
00256 "jail_check_ip(): local_addr does not match jail_ip -> NOT_GRANTED!\n");
00257 }
00258 #endif
00259 return NOT_GRANTED;
00260 }
00261 }
00262 else
00263 if( (tid.netobj.remote_addr)
00264 && (jail_flags & JAIL_allow_inet_localhost)
00265 && ( ((struct sockaddr_in *) tid.netobj.remote_addr)->sin_addr.s_addr
00266 == RSBAC_JAIL_LOCALHOST)
00267 )
00268 return GRANTED;
00269 else
00270 {
00271 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00272 if( ( (jail_ip == inet_sk(tid.netobj.sock_p->sk)->rcv_saddr)
00273 && (jail_ip == inet_sk(tid.netobj.sock_p->sk)->saddr)
00274 )
00275 || ( (jail_flags & JAIL_allow_inet_localhost)
00276 && ( (inet_sk(tid.netobj.sock_p->sk)->saddr == RSBAC_JAIL_LOCALHOST)
00277 || (inet_sk(tid.netobj.sock_p->sk)->daddr == RSBAC_JAIL_LOCALHOST)
00278 )
00279 )
00280 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST)
00281 || ( (jail_flags & JAIL_auto_adjust_inet_any)
00282 && (inet_sk(tid.netobj.sock_p->sk)->rcv_saddr == INADDR_ANY)
00283 && (inet_sk(tid.netobj.sock_p->sk)->saddr == INADDR_ANY)
00284 )
00285 #endif
00286 )
00287 #else
00288 if( ( (jail_ip == tid.netobj.sock_p->sk->rcv_saddr)
00289 && (jail_ip == tid.netobj.sock_p->sk->saddr)
00290 )
00291 || ( (jail_flags & JAIL_allow_inet_localhost)
00292 && ( (tid.netobj.sock_p->sk->saddr == RSBAC_JAIL_LOCALHOST)
00293 || (tid.netobj.sock_p->sk->daddr == RSBAC_JAIL_LOCALHOST)
00294 )
00295 )
00296 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST)
00297 || ( (jail_flags & JAIL_auto_adjust_inet_any)
00298 && (tid.netobj.sock_p->sk->rcv_saddr == INADDR_ANY)
00299 && (tid.netobj.sock_p->sk->saddr == INADDR_ANY)
00300 )
00301 #endif
00302 )
00303 #endif
00304 return GRANTED;
00305 else
00306 {
00307 #ifdef CONFIG_RSBAC_DEBUG
00308 if(rsbac_debug_adf_jail)
00309 {
00310 rsbac_printk(KERN_DEBUG
00311 "jail_check_ip(): sk->rcv_saddr or sk->saddr does not match jail_ip -> NOT_GRANTED!\n");
00312 }
00313 #endif
00314 return NOT_GRANTED;
00315 }
00316 }
00317
00318 case SOCK_RAW:
00319 if(jail_get_flags_process(pid) & JAIL_allow_inet_raw)
00320 return(GRANTED);
00321 else
00322 {
00323 #ifdef CONFIG_RSBAC_DEBUG
00324 if(rsbac_debug_adf_jail)
00325 {
00326 rsbac_printk(KERN_DEBUG
00327 "jail_check_ip(): network type is raw and allow_inet_raw is not set -> NOT_GRANTED!\n");
00328 }
00329 #endif
00330 return(NOT_GRANTED);
00331 }
00332
00333 default:
00334 #ifdef CONFIG_RSBAC_DEBUG
00335 if(rsbac_debug_adf_jail)
00336 {
00337 rsbac_printk(KERN_DEBUG
00338 "jail_check_ip(): network type not STREAM, DGRAM, RDM or RAW -> NOT_GRANTED!\n");
00339 }
00340 #endif
00341 return(NOT_GRANTED);
00342 }
00343
00344 default:
00345 if(jail_get_flags_process(pid) & JAIL_allow_all_net_family)
00346 return(GRANTED);
00347 else
00348 {
00349 #ifdef CONFIG_RSBAC_DEBUG
00350 if(rsbac_debug_adf_jail)
00351 {
00352 rsbac_printk(KERN_DEBUG
00353 "jail_check_ip(): network family not UNIX or INET and allow_all_net_family not set -> NOT_GRANTED!\n");
00354 }
00355 #endif
00356 return NOT_GRANTED;
00357 }
00358 }
00359 }
00360 #endif
00361
00362
00363
00364
00365
00366 enum rsbac_adf_req_ret_t
00367 rsbac_adf_request_jail (enum rsbac_adf_request_t request,
00368 rsbac_pid_t caller_pid,
00369 enum rsbac_target_t target,
00370 union rsbac_target_id_t tid,
00371 enum rsbac_attribute_t attr,
00372 union rsbac_attribute_value_t attr_val,
00373 rsbac_uid_t owner)
00374 {
00375 rsbac_jail_id_t jail_id;
00376 rsbac_jail_flags_t jail_flags;
00377
00378 switch (request)
00379 {
00380 case R_ADD_TO_KERNEL:
00381 case R_REMOVE_FROM_KERNEL:
00382 switch(target)
00383 {
00384 case T_FILE:
00385 case T_DEV:
00386 case T_NONE:
00387 if(jail_get_id_process(caller_pid))
00388 return NOT_GRANTED;
00389 else
00390 return GRANTED;
00391
00392
00393 default:
00394 return(DO_NOT_CARE);
00395 }
00396 case R_SHUTDOWN:
00397 switch(target)
00398 {
00399 case T_NONE:
00400 if(jail_get_id_process(caller_pid))
00401 return NOT_GRANTED;
00402 else
00403 return GRANTED;
00404
00405
00406 default:
00407 return(DO_NOT_CARE);
00408 }
00409 case R_ALTER:
00410 switch(target)
00411 {
00412 case T_IPC:
00413 jail_id = jail_get_id_process(caller_pid);
00414 if( !jail_id
00415 || (jail_id == jail_get_id(target,tid))
00416 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00417 )
00418 return GRANTED;
00419 else
00420 return NOT_GRANTED;
00421
00422
00423 default: return(DO_NOT_CARE);
00424 }
00425
00426 case R_APPEND_OPEN:
00427 case R_WRITE_OPEN:
00428 switch(target)
00429 {
00430 case T_DEV:
00431 if(jail_get_id_process(caller_pid))
00432 {
00433 jail_flags = jail_get_flags_process(caller_pid);
00434 if(!(jail_flags & JAIL_allow_dev_write))
00435 return NOT_GRANTED;
00436 else
00437 if( jail_dev_tty(tid.dev)
00438 && !(jail_flags & JAIL_allow_tty_open)
00439 )
00440 return NOT_GRANTED;
00441 else
00442 return GRANTED;
00443 }
00444 else
00445 return GRANTED;
00446
00447 case T_IPC:
00448 jail_id = jail_get_id_process(caller_pid);
00449 if( !jail_id
00450 || (jail_id == jail_get_id(target,tid))
00451 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00452 )
00453 return GRANTED;
00454 else
00455 return NOT_GRANTED;
00456
00457
00458 default: return(DO_NOT_CARE);
00459 }
00460
00461 case R_MOUNT:
00462 case R_UMOUNT:
00463 switch(target)
00464 {
00465 case T_FILE:
00466 case T_DIR:
00467 case T_DEV:
00468 if(jail_get_id_process(caller_pid))
00469 return NOT_GRANTED;
00470 else
00471 return GRANTED;
00472
00473
00474 default:
00475 return(DO_NOT_CARE);
00476 }
00477 case R_READ_OPEN:
00478 switch(target)
00479 {
00480 case T_DEV:
00481 if(jail_get_id_process(caller_pid))
00482 {
00483 jail_flags = jail_get_flags_process(caller_pid);
00484 if(!(jail_flags & JAIL_allow_dev_read))
00485 return NOT_GRANTED;
00486 else
00487 if( jail_dev_tty(tid.dev)
00488 && !(jail_flags & JAIL_allow_tty_open)
00489 )
00490 return NOT_GRANTED;
00491 else
00492 return GRANTED;
00493 }
00494 else
00495 return GRANTED;
00496
00497 case T_IPC:
00498 jail_id = jail_get_id_process(caller_pid);
00499 if( !jail_id
00500 || (jail_id == jail_get_id(target,tid))
00501 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00502 )
00503 return GRANTED;
00504 else
00505 return NOT_GRANTED;
00506
00507
00508 default: return(DO_NOT_CARE);
00509 }
00510
00511 case R_READ_WRITE_OPEN:
00512 switch(target)
00513 {
00514 case T_DEV:
00515 if(jail_get_id_process(caller_pid))
00516 {
00517 jail_flags = jail_get_flags_process(caller_pid);
00518 if( !(jail_flags & JAIL_allow_dev_read)
00519 || !(jail_flags & JAIL_allow_dev_write)
00520 )
00521 return NOT_GRANTED;
00522 else
00523 if( jail_dev_tty(tid.dev)
00524 && !(jail_flags & JAIL_allow_tty_open)
00525 )
00526 return NOT_GRANTED;
00527 else
00528 return GRANTED;
00529 }
00530 else
00531 return GRANTED;
00532
00533 case T_IPC:
00534 jail_id = jail_get_id_process(caller_pid);
00535 if( !jail_id
00536 || (jail_id == jail_get_id(target,tid))
00537 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00538 )
00539 return GRANTED;
00540 else
00541 return NOT_GRANTED;
00542
00543
00544 default: return(DO_NOT_CARE);
00545 }
00546
00547 case R_CREATE:
00548 switch(target)
00549 {
00550 case T_DIR:
00551 if(!jail_get_id_process(caller_pid))
00552 return GRANTED;
00553
00554 if( (attr == A_create_data)
00555 && ( S_ISCHR(attr_val.create_data.mode)
00556 || S_ISBLK(attr_val.create_data.mode)
00557 || (attr_val.create_data.mode & (S_ISUID | S_ISGID))
00558 )
00559 )
00560 return NOT_GRANTED;
00561 else
00562 return GRANTED;
00563
00564 case T_IPC:
00565 return GRANTED;
00566
00567 #ifdef CONFIG_RSBAC_NET_OBJ
00568 case T_NETTEMP:
00569 if(!jail_get_id_process(caller_pid))
00570 return GRANTED;
00571 else
00572 return NOT_GRANTED;
00573
00574 case T_NETOBJ:
00575 if(!jail_get_id_process(caller_pid))
00576 return GRANTED;
00577 if(!tid.netobj.sock_p)
00578 {
00579 rsbac_printk(KERN_WARNING
00580 "rsbac_adf_request_jail(): NULL sock_p on CREATE!\n");
00581 return NOT_GRANTED;
00582 }
00583 if(!tid.netobj.sock_p->ops)
00584 {
00585 return DO_NOT_CARE;
00586 }
00587 switch(tid.netobj.sock_p->ops->family)
00588 {
00589 case AF_UNIX:
00590 return(GRANTED);
00591
00592 case AF_INET:
00593 switch(tid.netobj.sock_p->type)
00594 {
00595 case SOCK_STREAM:
00596 case SOCK_DGRAM:
00597 case SOCK_RDM:
00598 if( tid.netobj.sock_p->sk
00599 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00600 && (tid.netobj.sock_p->sk->sk_protocol == IPPROTO_RAW)
00601 #else
00602 && (tid.netobj.sock_p->sk->protocol == IPPROTO_RAW)
00603 #endif
00604 )
00605 {
00606 jail_flags = jail_get_flags_process(caller_pid);
00607 if(jail_flags & JAIL_allow_inet_raw)
00608 return(GRANTED);
00609 else
00610 return NOT_GRANTED;
00611 }
00612 else
00613 return GRANTED;
00614
00615 case SOCK_RAW:
00616 jail_flags = jail_get_flags_process(caller_pid);
00617 if(jail_flags & JAIL_allow_inet_raw)
00618 return(GRANTED);
00619 else
00620 return NOT_GRANTED;
00621
00622 default:
00623 return(NOT_GRANTED);
00624 }
00625
00626 default:
00627 jail_flags = jail_get_flags_process(caller_pid);
00628 if(jail_flags & JAIL_allow_all_net_family)
00629 return(GRANTED);
00630 else
00631 return(NOT_GRANTED);
00632 }
00633 #endif
00634
00635
00636 default: return(DO_NOT_CARE);
00637 }
00638
00639 case R_DELETE:
00640 switch(target)
00641 {
00642 case T_IPC:
00643 jail_id = jail_get_id_process(caller_pid);
00644 if( !jail_id
00645 || (jail_id == jail_get_id(target,tid))
00646 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00647 )
00648 return GRANTED;
00649 else
00650 return NOT_GRANTED;
00651
00652 #ifdef CONFIG_RSBAC_NET_OBJ
00653 case T_NETTEMP:
00654 if(!jail_get_id_process(caller_pid))
00655 return GRANTED;
00656 else
00657 return NOT_GRANTED;
00658 #endif
00659
00660 default: return(DO_NOT_CARE);
00661 }
00662
00663 case R_MODIFY_ATTRIBUTE:
00664 switch(attr)
00665 {
00666 case A_system_role:
00667 case A_jail_role:
00668 case A_jail_id:
00669 case A_jail_ip:
00670 case A_jail_flags:
00671 case A_jail_max_caps:
00672
00673 case A_none:
00674 if(jail_get_id_process(caller_pid))
00675 return NOT_GRANTED;
00676
00677
00678 return jail_check_sysrole(owner, SR_security_officer);
00679
00680 default:
00681 return(DO_NOT_CARE);
00682 }
00683
00684 case R_READ_ATTRIBUTE:
00685 switch(attr)
00686 {
00687 case A_system_role:
00688 case A_jail_role:
00689 case A_jail_id:
00690 case A_jail_ip:
00691 case A_jail_flags:
00692 case A_jail_max_caps:
00693
00694 case A_none:
00695 if(jail_get_id_process(caller_pid))
00696 return NOT_GRANTED;
00697
00698
00699 if(jail_check_sysrole(owner, SR_administrator) == NOT_GRANTED)
00700 return jail_check_sysrole(owner, SR_security_officer);
00701 else
00702 return GRANTED;
00703
00704 default:
00705 return(DO_NOT_CARE);
00706 }
00707
00708 case R_SEND_SIGNAL:
00709 case R_TRACE:
00710 if (target == T_PROCESS)
00711 {
00712 jail_id = jail_get_id_process(caller_pid);
00713 if( !jail_id
00714 || (jail_id == jail_get_id(target,tid))
00715 )
00716 return GRANTED;
00717 else
00718 return NOT_GRANTED;
00719 }
00720 else
00721 return(DO_NOT_CARE);
00722
00723 #if defined(CONFIG_RSBAC_NET_OBJ)
00724 case R_GET_PERMISSIONS_DATA:
00725 switch(target)
00726 {
00727 case T_NETOBJ:
00728 if(!jail_get_id_process(caller_pid))
00729 return GRANTED;
00730 return(jail_check_ip(caller_pid, tid));
00731
00732
00733 default: return(DO_NOT_CARE);
00734 }
00735 #endif
00736
00737 case R_MODIFY_PERMISSIONS_DATA:
00738 switch(target)
00739 {
00740
00741 case T_FILE:
00742 case T_DIR:
00743 case T_FIFO:
00744 case T_SYMLINK:
00745 if( jail_get_id_process(caller_pid)
00746 && (attr == A_mode)
00747 && (attr_val.mode & (S_ISUID | S_ISGID))
00748 )
00749 return NOT_GRANTED;
00750 else
00751 return GRANTED;
00752
00753 case T_IPC:
00754 jail_id = jail_get_id_process(caller_pid);
00755 if( !jail_id
00756 || (jail_id == jail_get_id(target,tid))
00757 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00758 )
00759 return GRANTED;
00760 else
00761 return NOT_GRANTED;
00762
00763 case T_SCD:
00764 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
00765
00766 case T_NONE:
00767 #endif
00768 if(jail_get_id_process(caller_pid))
00769 return NOT_GRANTED;
00770 else
00771 return GRANTED;
00772
00773 #if defined(CONFIG_RSBAC_NET_OBJ)
00774 case T_NETOBJ:
00775 if(!jail_get_id_process(caller_pid))
00776 return GRANTED;
00777 return(jail_check_ip(caller_pid, tid));
00778 #endif
00779
00780
00781 default: return(DO_NOT_CARE);
00782 }
00783
00784 case R_GET_STATUS_DATA:
00785 switch(target)
00786 {
00787 case T_PROCESS:
00788 jail_id = jail_get_id_process(caller_pid);
00789 if( !jail_id
00790 || (jail_id == jail_get_id(target,tid))
00791 )
00792 return GRANTED;
00793 else
00794 return NOT_GRANTED;
00795
00796 case T_IPC:
00797 jail_id = jail_get_id_process(caller_pid);
00798 if( !jail_id
00799 || (jail_id == jail_get_id(target,tid))
00800 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00801 )
00802 return GRANTED;
00803 else
00804 return NOT_GRANTED;
00805
00806 case T_SCD:
00807 if(jail_get_id_process(caller_pid))
00808 {
00809 if(jail_get_scd_get_process(caller_pid) & RSBAC_SCD_VECTOR(tid.scd))
00810 return GRANTED;
00811 else
00812 return NOT_GRANTED;
00813 }
00814 else
00815 return GRANTED;
00816
00817 case T_DEV:
00818 if( jail_get_id_process(caller_pid)
00819 && !(jail_get_flags_process(caller_pid) & JAIL_allow_dev_get_status)
00820 )
00821 return NOT_GRANTED;
00822 else
00823 return GRANTED;
00824
00825 #if defined(CONFIG_RSBAC_NET_OBJ)
00826 case T_NETOBJ:
00827 if(!jail_get_id_process(caller_pid))
00828 return GRANTED;
00829 return(jail_check_ip(caller_pid, tid));
00830 #endif
00831
00832
00833 default: return(DO_NOT_CARE);
00834 }
00835
00836 case R_MODIFY_SYSTEM_DATA:
00837 switch(target)
00838 {
00839 case T_SCD:
00840 if(jail_get_id_process(caller_pid))
00841 {
00842 if(jail_get_scd_modify_process(caller_pid) & RSBAC_SCD_VECTOR(tid.scd))
00843 return(GRANTED);
00844 else
00845 return NOT_GRANTED;
00846 }
00847 else
00848 return GRANTED;
00849
00850 case T_PROCESS:
00851 jail_id = jail_get_id_process(caller_pid);
00852 if(!jail_id)
00853 return GRANTED;
00854 if( attr == A_kernel_thread
00855 && (attr_val.kernel_thread)
00856 )
00857 return NOT_GRANTED;
00858 if(jail_id != jail_get_id(target,tid))
00859 return NOT_GRANTED;
00860 return GRANTED;
00861
00862 case T_DEV:
00863 if( jail_get_id_process(caller_pid)
00864 && !(jail_get_flags_process(caller_pid) & JAIL_allow_dev_mod_system)
00865 )
00866 return NOT_GRANTED;
00867 else
00868 return GRANTED;
00869
00870 #ifdef CONFIG_RSBAC_JAIL_NET_DEV_PROT
00871 case T_NETDEV:
00872 if(jail_get_id_process(caller_pid))
00873 return NOT_GRANTED;
00874 else
00875 return GRANTED;
00876 #endif
00877
00878
00879 default: return(DO_NOT_CARE);
00880 }
00881
00882 case R_READ:
00883 switch(target)
00884 {
00885 #ifdef CONFIG_RSBAC_RW
00886 case T_IPC:
00887 jail_id = jail_get_id_process(caller_pid);
00888 if( !jail_id
00889 || (jail_id == jail_get_id(target,tid))
00890 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00891 )
00892 return GRANTED;
00893 else
00894 return NOT_GRANTED;
00895 #endif
00896 case T_DEV:
00897 if( jail_get_id_process(caller_pid)
00898 && !(jail_get_flags_process(caller_pid) & JAIL_allow_dev_read)
00899 )
00900 return NOT_GRANTED;
00901 else
00902 return GRANTED;
00903 #if defined(CONFIG_RSBAC_NET_OBJ)
00904 case T_NETTEMP:
00905 if(jail_get_id_process(caller_pid))
00906 return NOT_GRANTED;
00907 if(jail_check_sysrole(owner, SR_security_officer) == GRANTED)
00908 return GRANTED;
00909 return jail_check_sysrole(owner, SR_administrator);
00910
00911 case T_NETOBJ:
00912 if(!jail_get_id_process(caller_pid))
00913 return GRANTED;
00914 return(jail_check_ip(caller_pid, tid));
00915 #endif
00916
00917
00918 default: return(DO_NOT_CARE);
00919 }
00920
00921 case R_SWITCH_LOG:
00922 switch(target)
00923 {
00924 case T_NONE:
00925 if(jail_get_id_process(caller_pid))
00926 return NOT_GRANTED;
00927
00928 return jail_check_sysrole(owner, SR_security_officer);
00929
00930
00931 default: return(DO_NOT_CARE);
00932 }
00933
00934 case R_SWITCH_MODULE:
00935 switch(target)
00936 {
00937 case T_NONE:
00938
00939 if(attr != A_switch_target)
00940 return(UNDEFINED);
00941
00942 if( (attr_val.switch_target != JAIL)
00943 #ifdef CONFIG_RSBAC_SOFTMODE
00944 && (attr_val.switch_target != SOFTMODE)
00945 #endif
00946 #ifdef CONFIG_RSBAC_FREEZE
00947 && (attr_val.switch_target != FREEZE)
00948 #endif
00949 )
00950 return(DO_NOT_CARE);
00951 if(jail_get_id_process(caller_pid))
00952 return NOT_GRANTED;
00953
00954 return jail_check_sysrole(owner, SR_security_officer);
00955
00956
00957 default: return(DO_NOT_CARE);
00958 }
00959
00960 case R_WRITE:
00961 switch(target)
00962 {
00963 #ifdef CONFIG_RSBAC_RW
00964 case T_IPC:
00965 jail_id = jail_get_id_process(caller_pid);
00966 if( !jail_id
00967 || (jail_id == jail_get_id(target,tid))
00968 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00969 )
00970 return GRANTED;
00971 else
00972 return NOT_GRANTED;
00973 #endif
00974 case T_DEV:
00975 if( jail_get_id_process(caller_pid)
00976 && !(jail_get_flags_process(caller_pid) & JAIL_allow_dev_write)
00977 )
00978 return NOT_GRANTED;
00979 else
00980 return GRANTED;
00981 #if defined(CONFIG_RSBAC_NET_OBJ)
00982 case T_NETTEMP:
00983 if(jail_get_id_process(caller_pid))
00984 return NOT_GRANTED;
00985 return DO_NOT_CARE;
00986
00987 case T_NETOBJ:
00988 if(!jail_get_id_process(caller_pid))
00989 return GRANTED;
00990 return(jail_check_ip(caller_pid, tid));
00991 #endif
00992
00993
00994 default: return(DO_NOT_CARE);
00995 }
00996
00997 #ifdef CONFIG_RSBAC_NET
00998 case R_BIND:
00999 switch(target)
01000 {
01001 #ifdef CONFIG_RSBAC_JAIL_NET_DEV_PROT
01002 case T_NETDEV:
01003 if(jail_get_id_process(caller_pid))
01004 return NOT_GRANTED;
01005 else
01006 return GRANTED;
01007 #endif
01008 #ifdef CONFIG_RSBAC_NET_OBJ
01009 case T_NETOBJ:
01010 if(!jail_get_id_process(caller_pid))
01011 return GRANTED;
01012 return(jail_check_ip(caller_pid, tid));
01013 #endif
01014
01015 default:
01016 return(DO_NOT_CARE);
01017 }
01018 #endif
01019
01020 case R_SEND:
01021 switch(target)
01022 {
01023 case T_DEV:
01024 if(jail_get_id_process(caller_pid))
01025 return NOT_GRANTED;
01026 else
01027 return GRANTED;
01028
01029 #ifdef CONFIG_RSBAC_NET_OBJ
01030 case T_NETOBJ:
01031 if(!jail_get_id_process(caller_pid))
01032 return GRANTED;
01033 #if defined(CONFIG_RSBAC_NET_OBJ_UNIX)
01034 if( tid.netobj.sock_p
01035 && tid.netobj.sock_p->ops
01036 && (tid.netobj.sock_p->ops->family == AF_UNIX)
01037 && tid.netobj.sock_p->sk
01038 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01039 && tid.netobj.sock_p->sk->sk_peercred.pid
01040 #else
01041 && tid.netobj.sock_p->sk->peercred.pid
01042 #endif
01043 )
01044 {
01045 union rsbac_target_id_t i_tid;
01046
01047 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01048 i_tid.process = tid.netobj.sock_p->sk->sk_peercred.pid;
01049 #else
01050 i_tid.process = tid.netobj.sock_p->sk->peercred.pid;
01051 #endif
01052 jail_id = jail_get_id_process(caller_pid);
01053 if( !jail_id
01054 || (jail_id == jail_get_id(T_PROCESS,i_tid))
01055 )
01056 return GRANTED;
01057 else
01058 if(jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
01059 return GRANTED;
01060 else
01061 return NOT_GRANTED;
01062 }
01063 else
01064 #endif
01065 return(jail_check_ip(caller_pid, tid));
01066 #endif
01067
01068
01069 default:
01070 return(DO_NOT_CARE);
01071 }
01072
01073 #ifdef CONFIG_RSBAC_NET_OBJ
01074 case R_CONNECT:
01075 case R_LISTEN:
01076 case R_ACCEPT:
01077 case R_RECEIVE:
01078 switch(target)
01079 {
01080 case T_NETOBJ:
01081 if(!jail_get_id_process(caller_pid))
01082 return GRANTED;
01083 #if defined(CONFIG_RSBAC_NET_OBJ_UNIX)
01084 if( tid.netobj.sock_p
01085 && tid.netobj.sock_p->ops
01086 && (tid.netobj.sock_p->ops->family == AF_UNIX)
01087 && tid.netobj.sock_p->sk
01088 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01089 && tid.netobj.sock_p->sk->sk_peercred.pid
01090 #else
01091 && tid.netobj.sock_p->sk->peercred.pid
01092 #endif
01093 )
01094 {
01095 union rsbac_target_id_t i_tid;
01096
01097 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01098 i_tid.process = tid.netobj.sock_p->sk->sk_peercred.pid;
01099 #else
01100 i_tid.process = tid.netobj.sock_p->sk->peercred.pid;
01101 #endif
01102 jail_id = jail_get_id_process(caller_pid);
01103 if( !jail_id
01104 || (jail_id == jail_get_id(T_PROCESS,i_tid))
01105 )
01106 return GRANTED;
01107 else
01108 if(jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
01109 return GRANTED;
01110 else
01111 return NOT_GRANTED;
01112 }
01113 else
01114 #endif
01115 return(jail_check_ip(caller_pid, tid));
01116
01117
01118 default:
01119 return(DO_NOT_CARE);
01120 }
01121 #endif
01122
01123 case R_CLOSE:
01124 return DO_NOT_CARE;
01125
01126 default:
01127
01128 switch(target)
01129 {
01130 case T_IPC:
01131 jail_id = jail_get_id_process(caller_pid);
01132 if( !jail_id
01133 || (jail_id == jail_get_id(target,tid))
01134 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
01135 )
01136 return GRANTED;
01137 else
01138 return NOT_GRANTED;
01139
01140
01141 default: return(DO_NOT_CARE);
01142 }
01143 }
01144 }
01145
01146
01147
01148
01149
01150
01151
01152
01153
01154
01155
01156
01157 int rsbac_adf_set_attr_jail(
01158 enum rsbac_adf_request_t request,
01159 rsbac_pid_t caller_pid,
01160 enum rsbac_target_t target,
01161 union rsbac_target_id_t tid,
01162 enum rsbac_target_t new_target,
01163 union rsbac_target_id_t new_tid,
01164 enum rsbac_attribute_t attr,
01165 union rsbac_attribute_value_t attr_val,
01166 rsbac_uid_t owner)
01167 {
01168 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST
01169 int err;
01170 #endif
01171 union rsbac_target_id_t i_tid;
01172 union rsbac_attribute_value_t i_attr_val1;
01173 union rsbac_attribute_value_t i_attr_val2;
01174
01175 switch (request)
01176 {
01177 case R_CHANGE_OWNER:
01178 switch(target)
01179 {
01180 case T_PROCESS:
01181 if(attr != A_owner)
01182 return(-RSBAC_EINVALIDATTR);
01183
01184 i_tid.process = caller_pid;
01185 #ifdef CONFIG_RSBAC_SOFTMODE
01186 if(!rsbac_softmode)
01187 #endif
01188 {
01189 if (rsbac_get_attr(JAIL,
01190 T_PROCESS,
01191 i_tid,
01192 A_jail_max_caps,
01193 &i_attr_val1,
01194 FALSE))
01195 {
01196 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_max_caps);
01197 }
01198 else
01199 {
01200 extern spinlock_t task_capability_lock;
01201
01202
01203 spin_lock(&task_capability_lock);
01204 current->cap_permitted &= i_attr_val1.jail_max_caps;
01205 current->cap_effective &= i_attr_val1.jail_max_caps;
01206 current->cap_inheritable &= i_attr_val1.jail_max_caps;
01207 spin_unlock(&task_capability_lock);
01208 }
01209 }
01210 return 0;
01211
01212
01213 default:
01214 return(0);
01215 }
01216
01217 case R_CLONE:
01218 if (target == T_PROCESS)
01219 {
01220 union rsbac_attribute_value_t i_attr_val3;
01221 union rsbac_attribute_value_t i_attr_val4;
01222 union rsbac_attribute_value_t i_attr_val5;
01223 union rsbac_attribute_value_t i_attr_val6;
01224
01225
01226 if (rsbac_get_attr(JAIL,
01227 T_PROCESS,
01228 tid,
01229 A_jail_id,
01230 &i_attr_val1,
01231 FALSE))
01232 {
01233 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_id);
01234 return(-RSBAC_EREADFAILED);
01235 }
01236
01237 if (rsbac_get_attr(JAIL,
01238 T_PROCESS,
01239 tid,
01240 A_jail_ip,
01241 &i_attr_val2,
01242 FALSE))
01243 {
01244 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_ip);
01245 return(-RSBAC_EREADFAILED);
01246 }
01247
01248 if (rsbac_get_attr(JAIL,
01249 T_PROCESS,
01250 tid,
01251 A_jail_flags,
01252 &i_attr_val3,
01253 FALSE))
01254 {
01255 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_flags);
01256 return(-RSBAC_EREADFAILED);
01257 }
01258
01259 if (rsbac_get_attr(JAIL,
01260 T_PROCESS,
01261 tid,
01262 A_jail_max_caps,
01263 &i_attr_val4,
01264 FALSE))
01265 {
01266 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_max_caps);
01267 return(-RSBAC_EREADFAILED);
01268 }
01269
01270 if (rsbac_get_attr(JAIL,
01271 T_PROCESS,
01272 tid,
01273 A_jail_scd_get,
01274 &i_attr_val5,
01275 FALSE))
01276 {
01277 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_scd_get);
01278 return(-RSBAC_EREADFAILED);
01279 }
01280
01281 if (rsbac_get_attr(JAIL,
01282 T_PROCESS,
01283 tid,
01284 A_jail_scd_modify,
01285 &i_attr_val6,
01286 FALSE))
01287 {
01288 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_scd_modify);
01289 return(-RSBAC_EREADFAILED);
01290 }
01291
01292 if (rsbac_set_attr(JAIL,
01293 T_PROCESS,
01294 new_tid,
01295 A_jail_id,
01296 i_attr_val1))
01297 {
01298 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_id);
01299 return(-RSBAC_EWRITEFAILED);
01300 }
01301
01302 if (rsbac_set_attr(JAIL,
01303 T_PROCESS,
01304 new_tid,
01305 A_jail_ip,
01306 i_attr_val2))
01307 {
01308 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_ip);
01309 return(-RSBAC_EWRITEFAILED);
01310 }
01311
01312 if (rsbac_set_attr(JAIL,
01313 T_PROCESS,
01314 new_tid,
01315 A_jail_flags,
01316 i_attr_val3))
01317 {
01318 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_flags);
01319 return(-RSBAC_EWRITEFAILED);
01320 }
01321
01322 if (rsbac_set_attr(JAIL,
01323 T_PROCESS,
01324 new_tid,
01325 A_jail_max_caps,
01326 i_attr_val4))
01327 {
01328 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_max_caps);
01329 return(-RSBAC_EWRITEFAILED);
01330 }
01331
01332 if (rsbac_set_attr(JAIL,
01333 T_PROCESS,
01334 new_tid,
01335 A_jail_scd_get,
01336 i_attr_val5))
01337 {
01338 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_scd_get);
01339 return(-RSBAC_EWRITEFAILED);
01340 }
01341
01342 if (rsbac_set_attr(JAIL,
01343 T_PROCESS,
01344 new_tid,
01345 A_jail_scd_modify,
01346 i_attr_val6))
01347 {
01348 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_scd_modify);
01349 return(-RSBAC_EWRITEFAILED);
01350 }
01351 return(0);
01352 }
01353 else
01354 return(0);
01355
01356 case R_EXECUTE:
01357 switch(target)
01358 {
01359 case T_FILE:
01360
01361 i_tid.process = caller_pid;
01362 #ifdef CONFIG_RSBAC_SOFTMODE
01363 if(!rsbac_softmode)
01364 #endif
01365 {
01366 if (rsbac_get_attr(JAIL,
01367 T_PROCESS,
01368 i_tid,
01369 A_jail_max_caps,
01370 &i_attr_val1,
01371 FALSE))
01372 {
01373 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_max_caps);
01374 }
01375 else
01376 {
01377 extern spinlock_t task_capability_lock;
01378
01379
01380 spin_lock(&task_capability_lock);
01381 current->cap_permitted &= i_attr_val1.jail_max_caps;
01382 current->cap_effective &= i_attr_val1.jail_max_caps;
01383 current->cap_inheritable &= i_attr_val1.jail_max_caps;
01384 spin_unlock(&task_capability_lock);
01385 }
01386 }
01387 return 0;
01388
01389
01390 default:
01391 return(0);
01392 }
01393
01394 case R_CREATE:
01395 if (target == T_IPC)
01396 {
01397
01398 i_tid.process = caller_pid;
01399 if (rsbac_get_attr(JAIL,
01400 T_PROCESS,
01401 i_tid,
01402 A_jail_id,
01403 &i_attr_val1,
01404 FALSE))
01405 {
01406 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_id);
01407 return(-RSBAC_EREADFAILED);
01408 }
01409
01410 if (rsbac_set_attr(JAIL,
01411 T_IPC,
01412 tid,
01413 A_jail_id,
01414 i_attr_val1))
01415 {
01416 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_id);
01417 return(-RSBAC_EWRITEFAILED);
01418 }
01419 return(0);
01420 }
01421
01422
01423 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST
01424 case R_BIND:
01425 if(target != T_NETOBJ)
01426 return 0;
01427 if(!tid.netobj.sock_p)
01428 {
01429 rsbac_printk(KERN_WARNING
01430 "rsbac_adf_set_attr_jail(): NULL sock_p!\n");
01431 return 0;
01432 }
01433 if(!tid.netobj.sock_p->ops)
01434 {
01435 return 0;
01436 }
01437 switch(tid.netobj.sock_p->ops->family)
01438 {
01439 case AF_INET:
01440 i_tid.process = caller_pid;
01441 if ((err=rsbac_get_attr(JAIL,
01442 T_PROCESS,
01443 i_tid,
01444 A_jail_ip,
01445 &i_attr_val1,
01446 TRUE)))
01447 {
01448 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_ip);
01449 return -RSBAC_EREADFAILED;
01450 }
01451 if(i_attr_val1.jail_ip == INADDR_ANY)
01452 return 0;
01453 if ((err=rsbac_get_attr(JAIL,
01454 T_PROCESS,
01455 i_tid,
01456 A_jail_flags,
01457 &i_attr_val2,
01458 TRUE)))
01459 {
01460 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_flags);
01461 return -RSBAC_EREADFAILED;
01462 }
01463 if(i_attr_val2.jail_flags & JAIL_auto_adjust_inet_any)
01464 {
01465 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01466 inet_sk(tid.netobj.sock_p->sk)->rcv_saddr = i_attr_val1.jail_ip;
01467 inet_sk(tid.netobj.sock_p->sk)->saddr = i_attr_val1.jail_ip;
01468 #else
01469 tid.netobj.sock_p->sk->rcv_saddr = i_attr_val1.jail_ip;
01470 tid.netobj.sock_p->sk->saddr = i_attr_val1.jail_ip;
01471 #endif
01472 }
01473 return 0;
01474
01475 default:
01476 break;
01477 }
01478 #endif
01479 return 0;
01480
01481
01482 default: return 0;
01483 }
01484
01485 return 0;
01486 }
01487
01488
