#include <linux/string.h>#include <linux/sched.h>#include <linux/errno.h>#include <rsbac/types.h>#include <rsbac/aci.h>#include <rsbac/error.h>#include <rsbac/auth.h>#include <rsbac/debug.h>#include <rsbac/helpers.h>#include <rsbac/adf_main.h>Go to the source code of this file.
Functions | |
| int | rsbac_auth_add_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl) |
| int | rsbac_auth_remove_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range) |
| int | rsbac_auth_add_f_cap (rsbac_list_ta_number_t ta_number, rsbac_auth_file_t file, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl) |
| int | rsbac_auth_remove_f_cap (rsbac_list_ta_number_t ta_number, rsbac_auth_file_t file, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range) |
|
||||||||||||||||||||||||
|
Definition at line 146 of file auth_syscalls.c. References rsbac_auth_add_to_f_capset(), RSBAC_EWRITEFAILED, and rsbac_printk(). Referenced by sys_rsbac_auth_add_f_cap(). 00152 {
00153 /* check has been done in help/syscalls.c: sys_rsbac_auth_add_f_cap */
00154 if(rsbac_auth_add_to_f_capset(ta_number, file, cap_type, cap_range, ttl))
00155 {
00156 rsbac_printk(KERN_WARNING
00157 "rsbac_auth_add_f_cap(): rsbac_auth_add_to_f_capset() returned error!\n");
00158 return(-RSBAC_EWRITEFAILED);
00159 }
00160 return 0;
00161 }
|
|
||||||||||||||||||||||||
|
Definition at line 35 of file auth_syscalls.c. References A_auth_may_set_cap, AUTH, rsbac_attribute_value_t::auth_may_set_cap, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_target_id_t::process, rsbac_auth_add_to_p_capset(), RSBAC_EREADFAILED, RSBAC_EWRITEFAILED, rsbac_get_attr, rsbac_printk(), and T_PROCESS. Referenced by sys_rsbac_auth_add_p_cap(). 00041 {
00042 /* check only in non-maint mode */
00043 #if !defined(CONFIG_RSBAC_MAINT)
00044 #ifdef CONFIG_RSBAC_SWITCH_AUTH
00045 if(rsbac_switch_auth)
00046 #endif
00047 {
00048 union rsbac_target_id_t i_tid;
00049 union rsbac_attribute_value_t i_attr_val1;
00050
00051 /* check auth_may_set_cap of calling process */
00052 i_tid.process = current->pid;
00053 if (rsbac_get_attr(AUTH,
00054 T_PROCESS,
00055 i_tid,
00056 A_auth_may_set_cap,
00057 &i_attr_val1,
00058 FALSE))
00059 {
00060 rsbac_ds_get_error("rsbac_auth_add_p_cap()", A_auth_may_set_cap);
00061 return(-RSBAC_EREADFAILED);
00062 }
00063 /* if auth_may_set_cap is not set, then reject */
00064 if (!i_attr_val1.auth_may_set_cap)
00065 {
00066 rsbac_printk(KERN_INFO
00067 "rsbac_auth_add_p_cap(): adding AUTH cap %u:%u to process %u denied for process %u!\n",
00068 cap_range.first,
00069 cap_range.last,
00070 pid,
00071 current->pid);
00072 #ifdef CONFIG_RSBAC_SOFTMODE
00073 if( !rsbac_softmode
00074 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00075 && !rsbac_ind_softmode[AUTH]
00076 #endif
00077 )
00078 #endif
00079 return(-EPERM);
00080 }
00081 }
00082 #endif
00083
00084 /* OK, check passed. Add the capability. */
00085 if(rsbac_auth_add_to_p_capset(ta_number, pid, cap_type, cap_range, ttl))
00086 {
00087 rsbac_printk(KERN_WARNING
00088 "rsbac_auth_add_p_cap(): rsbac_auth_add_to_p_capset() returned error!\n");
00089 return(-RSBAC_EWRITEFAILED);
00090 }
00091 return 0;
00092 }
|
|
||||||||||||||||||||
|
Definition at line 163 of file auth_syscalls.c. References rsbac_auth_remove_from_f_capset(). Referenced by sys_rsbac_auth_remove_f_cap(). 00168 {
00169 /* check has been done in help/syscalls.c: sys_rsbac_auth_remove_f_cap */
00170 return(rsbac_auth_remove_from_f_capset(ta_number, file, cap_type, cap_range));
00171 }
|
|
||||||||||||||||||||
|
Definition at line 94 of file auth_syscalls.c. References A_auth_may_set_cap, AUTH, rsbac_attribute_value_t::auth_may_set_cap, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_target_id_t::process, rsbac_auth_remove_from_p_capset(), RSBAC_EREADFAILED, rsbac_get_attr, rsbac_printk(), and T_PROCESS. Referenced by sys_rsbac_auth_remove_p_cap(). 00099 {
00100 /* check only in non-maint mode */
00101 #if !defined(CONFIG_RSBAC_MAINT)
00102 #ifdef CONFIG_RSBAC_SWITCH_AUTH
00103 if(rsbac_switch_auth)
00104 #endif
00105 {
00106 union rsbac_target_id_t i_tid;
00107 union rsbac_attribute_value_t i_attr_val1;
00108
00109 /* check auth_may_set_cap of calling process */
00110 i_tid.process = current->pid;
00111 if (rsbac_get_attr(AUTH,
00112 T_PROCESS,
00113 i_tid,
00114 A_auth_may_set_cap,
00115 &i_attr_val1,
00116 FALSE))
00117 {
00118 rsbac_ds_get_error("rsbac_auth_remove_p_cap()", A_auth_may_set_cap);
00119 return(-RSBAC_EREADFAILED);
00120 }
00121 /* if auth_may_set_cap is not set, then reject */
00122 if (!i_attr_val1.auth_may_set_cap)
00123 {
00124 rsbac_printk(KERN_INFO
00125 "rsbac_auth_remove_p_cap(): removing AUTH cap %u:%u from process %u denied for process %u!\n",
00126 cap_range.first,
00127 cap_range.last,
00128 pid,
00129 current->pid);
00130 #ifdef CONFIG_RSBAC_SOFTMODE
00131 if( !rsbac_softmode
00132 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00133 && !rsbac_ind_softmode[AUTH]
00134 #endif
00135 )
00136 #endif
00137 return(-EPERM);
00138 }
00139 }
00140 #endif
00141
00142 /* OK, check passed. Try to remove the capability. */
00143 return(rsbac_auth_remove_from_p_capset(ta_number, pid, cap_type, cap_range));
00144 }
|
1.4.2