#include <linux/types.h>#include <linux/version.h>#include <linux/security.h>#include <linux/ptrace.h>#include <linux/fs.h>#include <linux/mount.h>#include <linux/namei.h>#include <net/sock.h>#include <rsbac/types.h>#include <rsbac/adf.h>#include <rsbac/aci.h>Go to the source code of this file.
Functions | |
| static int | rsbac_aef_ptrace (struct task_struct *parent, struct task_struct *child) |
| static int | rsbac_aef_statfs (struct super_block *sb) |
| static int | rsbac_aef_inode_follow_link (struct dentry *dentry, struct nameidata *nd) |
| static int | rsbac_aef_inode_create (struct inode *dir, struct dentry *dentry, int mode) |
| static void | rsbac_aef_inode_post_create (struct inode *dir, struct dentry *dentry, int mode) |
| static int | rsbac_aef_inode_mknod (struct inode *dir, struct dentry *dentry, int mode, dev_t dev) |
| static void | rsbac_aef_inode_post_mknod (struct inode *dir, struct dentry *dentry, int mode, dev_t dev) |
| static int | rsbac_aef_inode_mkdir (struct inode *dir, struct dentry *dentry, int mode) |
| static void | rsbac_aef_inode_post_mkdir (struct inode *dir, struct dentry *dentry, int mode) |
| static int | rsbac_aef_inode_symlink (struct inode *dir, struct dentry *dentry, const char *old_name) |
| static void | rsbac_aef_inode_post_symlink (struct inode *dir, struct dentry *dentry, const char *old_name) |
| static int | rsbac_aef_inode_link (struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) |
| static int | rsbac_aef_inode_rename (struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry) |
| static int | rsbac_aef_sb_umount (struct vfsmount *mnt, int flags) |
| static void | rsbac_aef_sb_umount_busy (struct vfsmount *mnt) |
| static void | rsbac_aef_sb_post_addmount (struct vfsmount *mnt, struct nameidata *mountpoint_nd) |
| static int | rsbac_aef_sb_mount (char *dev_name, struct nameidata *nd, char *type, unsigned long flags, void *data) |
| static int | rsbac_aef_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd) |
| static int | rsbac_aef_inode_getattr (struct vfsmount *mnt, struct dentry *dentry) |
| static int | rsbac_aef_inode_readlink (struct dentry *dentry) |
| static int | rsbac_aef_file_permission (struct file *file, int mask) |
| static int | rsbac_aef_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags) |
| static int | rsbac_aef_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) |
| static int | rsbac_aef_task_setgroups (int gidsetsize, gid_t *grouplist) |
| static int | rsbac_aef_task_setrlimit (unsigned int resource, struct rlimit *new_rlim) |
| static int | rsbac_aef_task_kill (struct task_struct *p, struct siginfo *info, int sig) |
| static int | rsbac_aef_sysctl (ctl_table *table, int op) |
| static int | rsbac_aef_msg_queue_alloc_security (struct msg_queue *msq) |
| static void | rsbac_aef_shm_free_security (struct shmid_kernel *shp) |
| static int | rsbac_aef_shm_alloc_security (struct shmid_kernel *shp) |
| static int | rsbac_aef_shm_shmat (struct shmid_kernel *shp, char *shmaddr, int shmflg) |
| int | rsbac_lsm_register (void) |
Variables | |
| static struct security_operations | rsbac_sec_ops |
|
||||||||||||
|
Definition at line 642 of file lsm.c. References A_none, D_block, D_char, rsbac_target_id_t::dev, rsbac_attribute_value_t::dummy, rsbac_net_obj_desc_t::local_addr, rsbac_net_obj_desc_t::local_len, rsbac_target_id_t::netobj, NULL, R_READ, R_WRITE, rsbac_net_obj_desc_t::remote_addr, rsbac_net_obj_desc_t::remote_len, rsbac_adf_request(), rsbac_net_obj_desc_t::sock_p, T_DEV, T_DIR, T_FIFO, T_FILE, T_NETOBJ, T_NONE, and rsbac_dev_desc_t::type. 00643 {
00644 enum rsbac_adf_request_t rsbac_request;
00645 enum rsbac_target_t rsbac_target = T_NONE;
00646 union rsbac_target_id_t rsbac_target_id;
00647 union rsbac_attribute_value_t rsbac_attribute_value;
00648
00649 #ifdef CONFIG_RSBAC_DEBUG
00650 if (rsbac_debug_aef)
00651 printk(KERN_DEBUG "rsbac_aef_file_permission(): calling ADF\n");
00652 #endif
00653 if(mask & MAY_WRITE)
00654 rsbac_request = R_WRITE;
00655 else
00656 rsbac_request = R_READ;
00657 #ifdef CONFIG_RSBAC_NET_OBJ_RW
00658 if(S_ISSOCK(file->f_dentry->d_inode->i_mode))
00659 {
00660 #if !defined(CONFIG_RSBAC_NET_OBJ_UNIX)
00661 if( file->f_dentry->d_inode->u.socket_i.ops
00662 && (file->f_dentry->d_inode->u.socket_i.ops->family != AF_UNIX)
00663 )
00664 #endif
00665 {
00666 rsbac_target = T_NETOBJ;
00667 rsbac_target_id.netobj.sock_p
00668 = SOCKET_I(file->f_dentry->d_inode);
00669 rsbac_target_id.netobj.local_addr = NULL;
00670 rsbac_target_id.netobj.local_len = 0;
00671 rsbac_target_id.netobj.remote_addr = NULL;
00672 rsbac_target_id.netobj.remote_len = 0;
00673 }
00674 }
00675 else
00676 #endif
00677 #ifdef CONFIG_RSBAC_RW
00678 if( S_ISFIFO(file->f_dentry->d_inode->i_mode)
00679 /* named FIFO only */
00680 && (file->f_dentry->d_sb->s_magic != PIPEFS_MAGIC)
00681 )
00682 {
00683 rsbac_target = T_FIFO;
00684 rsbac_target_id.file.device = file->f_dentry->d_sb->s_dev;
00685 rsbac_target_id.fifo.inode = file->f_dentry->d_inode->i_ino;
00686 rsbac_target_id.fifo.dentry_p = file->f_dentry;
00687 }
00688 else
00689 if(S_ISREG(file->f_dentry->d_inode->i_mode))
00690 {
00691 rsbac_target = T_FILE;
00692 rsbac_target_id.file.device = file->f_dentry->d_sb->s_dev;
00693 rsbac_target_id.file.inode = file->f_dentry->d_inode->i_ino;
00694 rsbac_target_id.file.dentry_p = file->f_dentry;
00695 }
00696 else
00697 if(S_ISBLK(file->f_dentry->d_inode->i_mode))
00698 {
00699 rsbac_target = T_DEV;
00700 rsbac_target_id.dev.type = D_block;
00701 rsbac_target_id.dev.id = file->f_dentry->d_inode->i_rdev;
00702 }
00703 else
00704 if(S_ISCHR(file->f_dentry->d_inode->i_mode))
00705 {
00706 rsbac_target = T_DEV;
00707 rsbac_target_id.dev.type = D_char;
00708 rsbac_target_id.dev.id = file->f_dentry->d_inode->i_rdev;
00709 }
00710 else
00711 #endif
00712 if(S_ISDIR(file->f_dentry->d_inode->i_mode))
00713 {
00714 rsbac_target = T_DIR;
00715 rsbac_target_id.dir.device = file->f_dentry->d_sb->s_dev;
00716 rsbac_target_id.dir.inode = file->f_dentry->d_inode->i_ino;
00717 rsbac_target_id.dir.dentry_p = file->f_dentry;
00718 }
00719 rsbac_attribute_value.dummy = 0;
00720 if ( (rsbac_target != T_NONE)
00721 && !rsbac_adf_request(rsbac_request,
00722 current->pid,
00723 rsbac_target,
00724 rsbac_target_id,
00725 A_none,
00726 rsbac_attribute_value))
00727 return -EPERM;
00728 else
00729 return 0;
00730 }
|
|
||||||||||||||||
|
Definition at line 90 of file lsm.c. References R_CREATE, rsbac_adf_request(), T_DIR, and T_FILE. 00093 {
00094 union rsbac_target_id_t rsbac_target_id;
00095 union rsbac_attribute_value_t rsbac_attribute_value;
00096
00097 #ifdef CONFIG_RSBAC_DEBUG
00098 if (rsbac_debug_aef)
00099 printk(KERN_DEBUG "rsbac_aef_inode_create(): calling ADF\n");
00100 #endif
00101 rsbac_target_id.dir.device = dir->i_sb->s_dev;
00102 rsbac_target_id.dir.inode = dir->i_ino;
00103 rsbac_target_id.dir.dentry_p = dentry->d_parent;
00104 rsbac_attribute_value.create_data.target = T_FILE;
00105 rsbac_attribute_value.create_data.dentry_p = dentry;
00106 rsbac_attribute_value.create_data.mode = mode;
00107 rsbac_attribute_value.create_data.device = RSBAC_ZERO_DEV;
00108 if (!rsbac_adf_request(R_CREATE,
00109 current->pid,
00110 T_DIR,
00111 rsbac_target_id,
00112 A_create_data,
00113 rsbac_attribute_value))
00114 return -EPERM;
00115 else
00116 return 0;
00117 }
|
|
||||||||||||
|
Definition at line 66 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, R_SEARCH, rsbac_adf_request(), and T_SYMLINK. 00067 {
00068 union rsbac_target_id_t rsbac_target_id;
00069 union rsbac_attribute_value_t rsbac_attribute_value;
00070
00071 #ifdef CONFIG_RSBAC_DEBUG
00072 if (rsbac_debug_aef)
00073 printk(KERN_DEBUG "rsbac_aef_inode_follow_link(): calling ADF\n");
00074 #endif
00075 rsbac_target_id.symlink.device = dentry->d_sb->s_dev;
00076 rsbac_target_id.symlink.inode = dentry->d_inode->i_ino;
00077 rsbac_target_id.symlink.dentry_p = dentry;
00078 rsbac_attribute_value.dummy = 0;
00079 if (!rsbac_adf_request(R_SEARCH,
00080 current->pid,
00081 T_SYMLINK,
00082 rsbac_target_id,
00083 A_none,
00084 rsbac_attribute_value))
00085 return -EPERM;
00086 else
00087 return 0;
00088 }
|
|
||||||||||||
|
Definition at line 586 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), T_DIR, T_FIFO, T_FILE, and T_SYMLINK. 00587 {
00588 enum rsbac_target_t rsbac_target;
00589 union rsbac_target_id_t rsbac_target_id;
00590 union rsbac_attribute_value_t rsbac_attribute_value;
00591
00592 #ifdef CONFIG_RSBAC_DEBUG
00593 if (rsbac_debug_aef)
00594 printk(KERN_DEBUG "rsbac_aef_inode_getattr(): calling ADF\n");
00595 #endif
00596 rsbac_target = T_FILE;
00597 if (S_ISDIR (dentry->d_inode->i_mode))
00598 rsbac_target = T_DIR;
00599 else if (S_ISFIFO (dentry->d_inode->i_mode))
00600 rsbac_target = T_FIFO;
00601 else if (S_ISLNK (dentry->d_inode->i_mode))
00602 rsbac_target = T_SYMLINK;
00603 rsbac_target_id.dir.device = dentry->d_sb->s_dev;
00604 rsbac_target_id.dir.inode = dentry->d_inode->i_ino;
00605 rsbac_target_id.dir.dentry_p = dentry;
00606 rsbac_attribute_value.dummy = 0;
00607 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00608 current->pid,
00609 rsbac_target,
00610 rsbac_target_id,
00611 A_none,
00612 rsbac_attribute_value))
00613 return -EPERM;
00614 else
00615 return 0;
00616 }
|
|
||||||||||||||||
|
Definition at line 348 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, R_LINK_HARD, rsbac_adf_request(), T_DIR, T_FIFO, T_FILE, and T_SYMLINK. 00351 {
00352 enum rsbac_target_t rsbac_target;
00353 union rsbac_target_id_t rsbac_target_id;
00354 union rsbac_attribute_value_t rsbac_attribute_value;
00355
00356 #ifdef CONFIG_RSBAC_DEBUG
00357 if (rsbac_debug_aef)
00358 printk(KERN_DEBUG "rsbac_aef_inode_link(): calling ADF\n");
00359 #endif
00360 rsbac_target = T_FILE;
00361 if (S_ISDIR (old_dentry->d_inode->i_mode))
00362 rsbac_target = T_DIR;
00363 else if (S_ISFIFO (old_dentry->d_inode->i_mode))
00364 rsbac_target = T_FIFO;
00365 else if (S_ISLNK (old_dentry->d_inode->i_mode))
00366 rsbac_target = T_SYMLINK;
00367 rsbac_target_id.dir.device = old_dentry->d_sb->s_dev;
00368 rsbac_target_id.dir.inode = old_dentry->d_inode->i_ino;
00369 rsbac_target_id.dir.dentry_p = old_dentry;
00370 rsbac_attribute_value.dummy = 0;
00371 if (!rsbac_adf_request(R_LINK_HARD,
00372 current->pid,
00373 rsbac_target,
00374 rsbac_target_id,
00375 A_none,
00376 rsbac_attribute_value))
00377 return -EPERM;
00378 else
00379 return 0;
00380 }
|
|
||||||||||||||||
|
Definition at line 218 of file lsm.c. References R_CREATE, rsbac_adf_request(), T_DIR, and T_FILE. 00221 {
00222 union rsbac_target_id_t rsbac_target_id;
00223 union rsbac_attribute_value_t rsbac_attribute_value;
00224
00225 #ifdef CONFIG_RSBAC_DEBUG
00226 if (rsbac_debug_aef)
00227 printk(KERN_DEBUG "rsbac_aef_inode_mkdir(): calling ADF\n");
00228 #endif
00229 rsbac_target_id.dir.device = dir->i_sb->s_dev;
00230 rsbac_target_id.dir.inode = dir->i_ino;
00231 rsbac_target_id.dir.dentry_p = dentry->d_parent;
00232 rsbac_attribute_value.create_data.target = T_FILE;
00233 rsbac_attribute_value.create_data.dentry_p = dentry;
00234 rsbac_attribute_value.create_data.mode = mode;
00235 rsbac_attribute_value.create_data.device = RSBAC_ZERO_DEV;
00236 if (!rsbac_adf_request(R_CREATE,
00237 current->pid,
00238 T_DIR,
00239 rsbac_target_id,
00240 A_create_data,
00241 rsbac_attribute_value))
00242 return -EPERM;
00243 else
00244 return 0;
00245 }
|
|
||||||||||||||||||||
|
Definition at line 155 of file lsm.c. References R_CREATE, rsbac_adf_request(), T_DIR, and T_FILE. 00157 {
00158 union rsbac_target_id_t rsbac_target_id;
00159 union rsbac_attribute_value_t rsbac_attribute_value;
00160
00161 #ifdef CONFIG_RSBAC_DEBUG
00162 if (rsbac_debug_aef)
00163 printk(KERN_DEBUG "rsbac_aef_inode_mknod(): calling ADF\n");
00164 #endif
00165 rsbac_target_id.dir.device = dir->i_sb->s_dev;
00166 rsbac_target_id.dir.inode = dir->i_ino;
00167 rsbac_target_id.dir.dentry_p = dentry->d_parent;
00168 rsbac_attribute_value.create_data.target = T_FILE;
00169 rsbac_attribute_value.create_data.dentry_p = dentry;
00170 rsbac_attribute_value.create_data.mode = mode;
00171 rsbac_attribute_value.create_data.device = dev;
00172 if (!rsbac_adf_request(R_CREATE,
00173 current->pid,
00174 T_DIR,
00175 rsbac_target_id,
00176 A_create_data,
00177 rsbac_attribute_value))
00178 return -EPERM;
00179 else
00180 return 0;
00181 }
|
|
||||||||||||||||
|
Definition at line 119 of file lsm.c. References R_CREATE, rsbac_adf_set_attr(), T_DIR, and T_FILE. 00122 {
00123 union rsbac_target_id_t rsbac_target_id;
00124 union rsbac_target_id_t rsbac_new_target_id;
00125 union rsbac_attribute_value_t rsbac_attribute_value;
00126
00127 #ifdef CONFIG_RSBAC_DEBUG
00128 if (rsbac_debug_aef)
00129 printk(KERN_DEBUG "rsbac_aef_inode_post_create(): notifying ADF\n");
00130 #endif
00131 rsbac_target_id.dir.device = dir->i_sb->s_dev;
00132 rsbac_target_id.dir.inode = dir->i_ino;
00133 rsbac_target_id.dir.dentry_p = dentry->d_parent;
00134 rsbac_attribute_value.create_data.target = T_FILE;
00135 rsbac_attribute_value.create_data.dentry_p = dentry;
00136 rsbac_attribute_value.create_data.mode = mode;
00137 rsbac_attribute_value.create_data.device = RSBAC_ZERO_DEV;
00138 rsbac_new_target_id.file.device = dentry->d_sb->s_dev;
00139 rsbac_new_target_id.file.inode = dentry->d_inode->i_ino;
00140 rsbac_new_target_id.file.dentry_p = dentry;
00141 if (rsbac_adf_set_attr(R_CREATE,
00142 current->pid,
00143 T_DIR,
00144 rsbac_target_id,
00145 T_FILE,
00146 rsbac_new_target_id,
00147 A_create_data,
00148 rsbac_attribute_value))
00149 {
00150 printk(KERN_WARNING
00151 "rsbac_aef_inode_post_create() [vfs_create() [open_namei() [filp_open() [do_open() [sys_open()]]]]]: rsbac_adf_set_attr() returned error");
00152 }
00153 }
|
|
||||||||||||||||
|
Definition at line 247 of file lsm.c. References R_CREATE, rsbac_adf_set_attr(), T_DIR, and T_FILE. 00250 {
00251 union rsbac_target_id_t rsbac_target_id;
00252 union rsbac_target_id_t rsbac_new_target_id;
00253 union rsbac_attribute_value_t rsbac_attribute_value;
00254
00255 #ifdef CONFIG_RSBAC_DEBUG
00256 if (rsbac_debug_aef)
00257 printk(KERN_DEBUG "rsbac_aef_inode_post_mkdir(): notifying ADF\n");
00258 #endif
00259 rsbac_target_id.dir.device = dir->i_sb->s_dev;
00260 rsbac_target_id.dir.inode = dir->i_ino;
00261 rsbac_target_id.dir.dentry_p = dentry->d_parent;
00262 rsbac_attribute_value.create_data.target = T_FILE;
00263 rsbac_attribute_value.create_data.dentry_p = dentry;
00264 rsbac_attribute_value.create_data.mode = mode;
00265 rsbac_attribute_value.create_data.device = RSBAC_ZERO_DEV;
00266 rsbac_new_target_id.file.device = dentry->d_sb->s_dev;
00267 rsbac_new_target_id.file.inode = dentry->d_inode->i_ino;
00268 rsbac_new_target_id.file.dentry_p = dentry;
00269 if (rsbac_adf_set_attr(R_CREATE,
00270 current->pid,
00271 T_DIR,
00272 rsbac_target_id,
00273 T_FILE,
00274 rsbac_new_target_id,
00275 A_create_data,
00276 rsbac_attribute_value))
00277 {
00278 printk(KERN_WARNING
00279 "rsbac_aef_inode_post_mkdir() [vfs_mkdir() [open_namei() [filp_open() [do_open() [sys_open()]]]]]: rsbac_adf_set_attr() returned error");
00280 }
00281 }
|
|
||||||||||||||||||||
|
Definition at line 183 of file lsm.c. References R_CREATE, rsbac_adf_set_attr(), T_DIR, and T_FILE. 00185 {
00186 union rsbac_target_id_t rsbac_target_id;
00187 union rsbac_target_id_t rsbac_new_target_id;
00188 union rsbac_attribute_value_t rsbac_attribute_value;
00189
00190 #ifdef CONFIG_RSBAC_DEBUG
00191 if (rsbac_debug_aef)
00192 printk(KERN_DEBUG "rsbac_aef_inode_post_mknod(): notifying ADF\n");
00193 #endif
00194 rsbac_target_id.dir.device = dir->i_sb->s_dev;
00195 rsbac_target_id.dir.inode = dir->i_ino;
00196 rsbac_target_id.dir.dentry_p = dentry->d_parent;
00197 rsbac_attribute_value.create_data.target = T_FILE;
00198 rsbac_attribute_value.create_data.dentry_p = dentry;
00199 rsbac_attribute_value.create_data.mode = mode;
00200 rsbac_attribute_value.create_data.device = dev;
00201 rsbac_new_target_id.file.device = dentry->d_sb->s_dev;
00202 rsbac_new_target_id.file.inode = dentry->d_inode->i_ino;
00203 rsbac_new_target_id.file.dentry_p = dentry;
00204 if (rsbac_adf_set_attr(R_CREATE,
00205 current->pid,
00206 T_DIR,
00207 rsbac_target_id,
00208 T_FILE,
00209 rsbac_new_target_id,
00210 A_create_data,
00211 rsbac_attribute_value))
00212 {
00213 printk(KERN_WARNING
00214 "rsbac_aef_inode_post_mknod() [vfs_mknod() [sys_mknod()]: rsbac_adf_set_attr() returned error");
00215 }
00216 }
|
|
||||||||||||||||
|
Definition at line 312 of file lsm.c. References R_CREATE, rsbac_adf_set_attr(), T_DIR, T_FILE, and T_SYMLINK. 00315 {
00316 union rsbac_target_id_t rsbac_target_id;
00317 union rsbac_target_id_t rsbac_new_target_id;
00318 union rsbac_attribute_value_t rsbac_attribute_value;
00319
00320 #ifdef CONFIG_RSBAC_DEBUG
00321 if (rsbac_debug_aef)
00322 printk(KERN_DEBUG "rsbac_aef_inode_post_symlink(): notifying ADF\n");
00323 #endif
00324 rsbac_target_id.dir.device = dir->i_sb->s_dev;
00325 rsbac_target_id.dir.inode = dir->i_ino;
00326 rsbac_target_id.dir.dentry_p = dentry->d_parent;
00327 rsbac_attribute_value.create_data.target = T_FILE;
00328 rsbac_attribute_value.create_data.dentry_p = dentry;
00329 rsbac_attribute_value.create_data.mode = 0;
00330 rsbac_attribute_value.create_data.device = RSBAC_ZERO_DEV;
00331 rsbac_new_target_id.file.device = dentry->d_sb->s_dev;
00332 rsbac_new_target_id.file.inode = dentry->d_inode->i_ino;
00333 rsbac_new_target_id.file.dentry_p = dentry;
00334 if (rsbac_adf_set_attr(R_CREATE,
00335 current->pid,
00336 T_DIR,
00337 rsbac_target_id,
00338 T_SYMLINK,
00339 rsbac_new_target_id,
00340 A_create_data,
00341 rsbac_attribute_value))
00342 {
00343 printk(KERN_WARNING
00344 "rsbac_aef_inode_post_symlink() [vfs_symlink() [open_namei() [filp_open() [do_open() [sys_open()]]]]]: rsbac_adf_set_attr() returned error");
00345 }
00346 }
|
|
|
Definition at line 618 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), and T_SYMLINK. 00619 {
00620 union rsbac_target_id_t rsbac_target_id;
00621 union rsbac_attribute_value_t rsbac_attribute_value;
00622
00623 #ifdef CONFIG_RSBAC_DEBUG
00624 if (rsbac_debug_aef)
00625 printk(KERN_DEBUG "rsbac_aef_inode_readlink(): calling ADF\n");
00626 #endif
00627 rsbac_target_id.dir.device = dentry->d_sb->s_dev;
00628 rsbac_target_id.dir.inode = dentry->d_inode->i_ino;
00629 rsbac_target_id.dir.dentry_p = dentry;
00630 rsbac_attribute_value.dummy = 0;
00631 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00632 current->pid,
00633 T_SYMLINK,
00634 rsbac_target_id,
00635 A_none,
00636 rsbac_attribute_value))
00637 return -EPERM;
00638 else
00639 return 0;
00640 }
|
|
||||||||||||||||||||
|
Definition at line 382 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, R_RENAME, R_WRITE, rsbac_adf_request(), T_DIR, T_FIFO, T_FILE, and T_SYMLINK. 00384 {
00385 enum rsbac_target_t rsbac_target;
00386 union rsbac_target_id_t rsbac_target_id;
00387 union rsbac_attribute_value_t rsbac_attribute_value;
00388
00389 #ifdef CONFIG_RSBAC_DEBUG
00390 if (rsbac_debug_aef)
00391 printk(KERN_DEBUG "rsbac_aef_inode_rename(): calling ADF\n");
00392 #endif
00393 rsbac_target = T_FILE;
00394 if (S_ISDIR(old_dentry->d_inode->i_mode))
00395 rsbac_target = T_DIR;
00396 else if (S_ISFIFO (old_dentry->d_inode->i_mode))
00397 rsbac_target = T_FIFO;
00398 else if (S_ISLNK (old_dentry->d_inode->i_mode))
00399 rsbac_target = T_SYMLINK;
00400 rsbac_target_id.file.device = old_dentry->d_sb->s_dev;
00401 rsbac_target_id.file.inode = old_dentry->d_inode->i_ino;
00402 rsbac_target_id.file.dentry_p = old_dentry;
00403 rsbac_attribute_value.new_dir_dentry_p = new_dentry->d_parent;
00404 if (!rsbac_adf_request(R_RENAME,
00405 current->pid,
00406 rsbac_target,
00407 rsbac_target_id,
00408 A_new_dir_dentry_p,
00409 rsbac_attribute_value))
00410 return -EPERM;
00411
00412 #ifdef CONFIG_RSBAC_DEBUG
00413 if (rsbac_debug_aef)
00414 printk(KERN_DEBUG "rsbac_aef_inode_rename(): calling ADF for WRITE on new dir\n");
00415 #endif
00416 rsbac_target_id.dir.device = new_dir->i_sb->s_dev;
00417 rsbac_target_id.dir.inode = new_dir->i_ino;
00418 rsbac_target_id.dir.dentry_p = new_dentry->d_parent;
00419 rsbac_attribute_value.dummy = 0;
00420 if (!rsbac_adf_request(R_WRITE,
00421 current->pid,
00422 T_DIR,
00423 rsbac_target_id,
00424 A_none,
00425 rsbac_attribute_value))
00426 return -EPERM;
00427
00428 return 0;
00429 }
|
|
||||||||||||||||
|
Definition at line 283 of file lsm.c. References R_CREATE, rsbac_adf_request(), T_DIR, and T_SYMLINK. 00286 {
00287 union rsbac_target_id_t rsbac_target_id;
00288 union rsbac_attribute_value_t rsbac_attribute_value;
00289
00290 #ifdef CONFIG_RSBAC_DEBUG
00291 if (rsbac_debug_aef)
00292 printk(KERN_DEBUG "rsbac_aef_inode_symlink(): calling ADF\n");
00293 #endif
00294 rsbac_target_id.dir.device = dir->i_sb->s_dev;
00295 rsbac_target_id.dir.inode = dir->i_ino;
00296 rsbac_target_id.dir.dentry_p = dentry->d_parent;
00297 rsbac_attribute_value.create_data.target = T_SYMLINK;
00298 rsbac_attribute_value.create_data.dentry_p = dentry;
00299 rsbac_attribute_value.create_data.mode = 0;
00300 rsbac_attribute_value.create_data.device = RSBAC_ZERO_DEV;
00301 if (!rsbac_adf_request(R_CREATE,
00302 current->pid,
00303 T_DIR,
00304 rsbac_target_id,
00305 A_create_data,
00306 rsbac_attribute_value))
00307 return -EPERM;
00308 else
00309 return 0;
00310 }
|
|
|
Definition at line 1041 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, I_msg, rsbac_ipc_t::id, rsbac_ipc_id_t::id_nr, rsbac_target_id_t::ipc, R_CREATE, rsbac_adf_request(), T_IPC, and rsbac_ipc_t::type. 01042 {
01043 union rsbac_target_id_t rsbac_target_id;
01044 union rsbac_attribute_value_t rsbac_attribute_value;
01045
01046 #ifdef CONFIG_RSBAC_DEBUG
01047 if (rsbac_debug_aef)
01048 printk(KERN_DEBUG "rsbac_aef_msg_queue_alloc_security(): calling ADF\n");
01049 #endif
01050 rsbac_target_id.ipc.type = I_msg;
01051 rsbac_target_id.ipc.id.id_nr = 0;
01052 rsbac_attribute_value.dummy = 0;
01053 if (!rsbac_adf_request(R_CREATE,
01054 current->pid,
01055 T_IPC,
01056 rsbac_target_id,
01057 A_none,
01058 rsbac_attribute_value))
01059 return -EPERM;
01060 else
01061 return 0;
01062 }
|
|
||||||||||||
|
Definition at line 21 of file lsm.c. References rsbac_target_id_t::process, R_TRACE, rsbac_adf_request(), and T_PROCESS. 00022 {
00023 union rsbac_target_id_t rsbac_target_id;
00024 union rsbac_attribute_value_t rsbac_attribute_value;
00025
00026 #ifdef CONFIG_RSBAC_DEBUG
00027 if (rsbac_debug_aef)
00028 printk(KERN_DEBUG "rsbac_aef_ptrace(): calling ADF\n");
00029 #endif
00030 rsbac_target_id.process = child->pid;
00031 rsbac_attribute_value.trace_request = PTRACE_TRACEME;
00032 if (!rsbac_adf_request(R_TRACE,
00033 parent->pid,
00034 T_PROCESS,
00035 rsbac_target_id,
00036 A_trace_request,
00037 rsbac_attribute_value))
00038 return -EPERM;
00039 else
00040 return 0;
00041 }
|
|
||||||||||||||||||||||||
|
Definition at line 505 of file lsm.c. References A_none, D_block, rsbac_target_id_t::dev, rsbac_attribute_value_t::dummy, R_MOUNT, rsbac_adf_request(), T_DEV, T_DIR, and rsbac_dev_desc_t::type. 00507 {
00508 struct super_block * sb = nd->mnt->mnt_sb;
00509 union rsbac_target_id_t rsbac_target_id;
00510 union rsbac_attribute_value_t rsbac_attribute_value;
00511
00512 #ifdef CONFIG_RSBAC_DEBUG
00513 if (rsbac_debug_aef)
00514 printk(KERN_DEBUG "rsbac_aef_sb_mount(): calling ADF for DIR\n");
00515 #endif
00516 rsbac_target_id.dir.device = sb->s_dev;
00517 rsbac_target_id.dir.inode = sb->s_root->d_inode->i_ino;
00518 rsbac_target_id.dir.dentry_p = sb->s_root;
00519 rsbac_attribute_value.dummy = 0;
00520 if (!rsbac_adf_request(R_MOUNT,
00521 current->pid,
00522 T_DIR,
00523 rsbac_target_id,
00524 A_none,
00525 rsbac_attribute_value))
00526 return -EPERM;
00527
00528 #ifdef CONFIG_RSBAC_DEBUG
00529 if (rsbac_debug_aef)
00530 printk(KERN_DEBUG "rsbac_aef_sb_mount(): calling ADF for DEV\n");
00531 #endif
00532 rsbac_target_id.dev.type = D_block;
00533 rsbac_target_id.dev.id = sb->s_dev;
00534 rsbac_attribute_value.dummy = 0;
00535 if (!rsbac_adf_request(R_MOUNT,
00536 current->pid,
00537 T_DEV,
00538 rsbac_target_id,
00539 A_none,
00540 rsbac_attribute_value))
00541 return -EPERM;
00542 return 0;
00543 }
|
|
||||||||||||
|
Definition at line 545 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, R_MOUNT, rsbac_adf_request(), and T_DIR. 00547 {
00548 union rsbac_target_id_t rsbac_target_id;
00549 union rsbac_attribute_value_t rsbac_attribute_value;
00550
00551 #ifdef CONFIG_RSBAC_DEBUG
00552 if (rsbac_debug_aef)
00553 printk(KERN_DEBUG "rsbac_aef_sb_pivotroot(): calling ADF for MOUNT on put_old\n");
00554 #endif
00555 rsbac_target_id.dir.device = old_nd->dentry->d_sb->s_dev;
00556 rsbac_target_id.dir.inode = old_nd->dentry->d_inode->i_ino;
00557 rsbac_target_id.dir.dentry_p = old_nd->dentry;
00558 rsbac_attribute_value.dummy = 0;
00559 if (!rsbac_adf_request(R_MOUNT,
00560 current->pid,
00561 T_DIR,
00562 rsbac_target_id,
00563 A_none,
00564 rsbac_attribute_value))
00565 return -EPERM;
00566
00567 #ifdef CONFIG_RSBAC_DEBUG
00568 if (rsbac_debug_aef)
00569 printk(KERN_DEBUG "rsbac_aef_sb_pivotroot(): calling ADF for MOUNT on root DIR\n");
00570 #endif
00571 rsbac_target_id.dir.device = current->fs->rootmnt->mnt_sb->s_dev;
00572 rsbac_target_id.dir.inode = current->fs->root->d_inode->i_ino;
00573 rsbac_target_id.dir.dentry_p = current->fs->root;
00574 rsbac_attribute_value.dummy = 0;
00575 if (!rsbac_adf_request(R_MOUNT,
00576 current->pid,
00577 T_DIR,
00578 rsbac_target_id,
00579 A_none,
00580 rsbac_attribute_value))
00581 return -EPERM;
00582
00583 return 0;
00584 }
|
|
||||||||||||
|
Definition at line 492 of file lsm.c. References rsbac_mount(). 00494 {
00495 /* RSBAC: initialising data structures for this fs (not root fs) */
00496 #ifdef CONFIG_RSBAC_DEBUG
00497 if (rsbac_debug_ds)
00498 printk(KERN_DEBUG
00499 "rsbac_aef_sb_post_addmount: calling rsbac_mount for Device %02u:%02u\n",
00500 MAJOR(mnt->mnt_sb->s_dev), MINOR(mnt->mnt_sb->s_dev));
00501 #endif
00502 rsbac_mount(mnt->mnt_sb, mnt->mnt_mountpoint);
00503 }
|
|
||||||||||||
|
Definition at line 431 of file lsm.c. References A_none, D_block, rsbac_target_id_t::dev, rsbac_attribute_value_t::dummy, R_UMOUNT, rsbac_adf_request(), rsbac_umount(), T_DEV, T_DIR, and rsbac_dev_desc_t::type. 00432 {
00433 struct super_block * sb = mnt->mnt_sb;
00434 union rsbac_target_id_t rsbac_target_id;
00435 union rsbac_attribute_value_t rsbac_attribute_value;
00436
00437 #ifdef CONFIG_RSBAC_DEBUG
00438 if (rsbac_debug_aef)
00439 printk(KERN_DEBUG "rsbac_aef_sb_umount(): calling ADF for DIR\n");
00440 #endif
00441 rsbac_target_id.dir.device = sb->s_dev;
00442 rsbac_target_id.dir.inode = sb->s_root->d_inode->i_ino;
00443 rsbac_target_id.dir.dentry_p = sb->s_root;
00444 rsbac_attribute_value.dummy = 0;
00445 if (!rsbac_adf_request(R_UMOUNT,
00446 current->pid,
00447 T_DIR,
00448 rsbac_target_id,
00449 A_none,
00450 rsbac_attribute_value))
00451 return -EPERM;
00452
00453 #ifdef CONFIG_RSBAC_DEBUG
00454 if (rsbac_debug_aef)
00455 printk(KERN_DEBUG "rsbac_aef_sb_umount(): calling ADF for DEV\n");
00456 #endif
00457 rsbac_target_id.dev.type = D_block;
00458 rsbac_target_id.dev.id = sb->s_dev;
00459 rsbac_attribute_value.dummy = 0;
00460 if (!rsbac_adf_request(R_UMOUNT,
00461 current->pid,
00462 T_DEV,
00463 rsbac_target_id,
00464 A_none,
00465 rsbac_attribute_value))
00466 return -EPERM;
00467
00468 if (! (mnt == current->fs->rootmnt && !(flags & MNT_DETACH)) )
00469 {
00470 #ifdef CONFIG_RSBAC_DEBUG
00471 if (rsbac_debug_ds)
00472 printk(KERN_DEBUG "rsbac_aef_sb_umount(): calling rsbac_umount for Device %02u:%02u\n",
00473 MAJOR(sb->s_dev), MINOR(sb->s_dev));
00474 #endif
00475 rsbac_umount(sb, mnt->mnt_mountpoint);
00476 }
00477 return 0;
00478 }
|
|
|
Definition at line 480 of file lsm.c. References rsbac_mount(). 00481 {
00482 /* RSBAC: reinitialising data structures for this fs (not root fs) */
00483 #ifdef CONFIG_RSBAC_DEBUG
00484 if (rsbac_debug_ds)
00485 printk(KERN_DEBUG
00486 "rsbac_aef_sb_umount_busy: umount failed, calling rsbac_mount for Device %02u:%02u\n",
00487 MAJOR(mnt->mnt_sb->s_dev), MINOR(mnt->mnt_sb->s_dev));
00488 #endif
00489 rsbac_mount(mnt->mnt_sb, mnt->mnt_mountpoint);
00490 }
|
|
|
Definition at line 1077 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, I_shm, rsbac_ipc_t::id, rsbac_ipc_id_t::id_nr, rsbac_target_id_t::ipc, R_CREATE, rsbac_adf_request(), T_IPC, and rsbac_ipc_t::type. 01078 {
01079 union rsbac_target_id_t rsbac_target_id;
01080 union rsbac_attribute_value_t rsbac_attribute_value;
01081
01082 #ifdef CONFIG_RSBAC_DEBUG
01083 if (rsbac_debug_aef)
01084 printk(KERN_DEBUG "rsbac_aef_shm_alloc_security(): calling ADF\n");
01085 #endif
01086 rsbac_target_id.ipc.type = I_shm;
01087 rsbac_target_id.ipc.id.id_nr = 0;
01088 rsbac_attribute_value.dummy = 0;
01089 if (!rsbac_adf_request(R_CREATE,
01090 current->pid,
01091 T_IPC,
01092 rsbac_target_id,
01093 A_none,
01094 rsbac_attribute_value))
01095 return -EPERM;
01096 else
01097 return 0;
01098 }
|
|
|
Definition at line 1064 of file lsm.c. References I_shm, rsbac_ipc_t::id, rsbac_ipc_id_t::id_nr, rsbac_target_id_t::ipc, rsbac_remove_target, T_IPC, and rsbac_ipc_t::type. 01065 {
01066 union rsbac_target_id_t rsbac_target_id;
01067
01068 #ifdef CONFIG_RSBAC_DEBUG
01069 if (rsbac_debug_aef)
01070 printk(KERN_DEBUG "rsbac_aef_shm_free_security: calling ACI remove_target()\n");
01071 #endif
01072 rsbac_target_id.ipc.type = I_shm;
01073 rsbac_target_id.ipc.id.id_nr = shp->id;
01074 rsbac_remove_target(T_IPC, rsbac_target_id);
01075 }
|
|
||||||||||||||||
|
Definition at line 1100 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, I_shm, rsbac_ipc_t::id, rsbac_ipc_id_t::id_nr, rsbac_target_id_t::ipc, R_READ_OPEN, R_READ_WRITE_OPEN, rsbac_adf_request(), T_IPC, and rsbac_ipc_t::type. 01102 {
01103 enum rsbac_adf_request_t rsbac_request;
01104 union rsbac_target_id_t rsbac_target_id;
01105 union rsbac_attribute_value_t rsbac_attribute_value;
01106
01107 #ifdef CONFIG_RSBAC_DEBUG
01108 if (rsbac_debug_aef)
01109 printk(KERN_DEBUG "rsbac_aef_shm_shmat(): calling ADF\n");
01110 #endif
01111 if ((shmflg & SHM_RDONLY))
01112 rsbac_request = R_READ_OPEN;
01113 else
01114 rsbac_request = R_READ_WRITE_OPEN;
01115 rsbac_target_id.ipc.type = I_shm;
01116 rsbac_target_id.ipc.id.id_nr = shp->id;
01117 rsbac_attribute_value.dummy = 0;
01118 if (!rsbac_adf_request(rsbac_request,
01119 current->pid,
01120 T_IPC,
01121 rsbac_target_id,
01122 A_none,
01123 rsbac_attribute_value))
01124 return -EPERM;
01125 else
01126 return 0;
01127 }
|
|
|
Definition at line 43 of file lsm.c. References A_none, D_block, rsbac_target_id_t::dev, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), T_DEV, and rsbac_dev_desc_t::type. 00044 {
00045 union rsbac_target_id_t rsbac_target_id;
00046 union rsbac_attribute_value_t rsbac_attribute_value;
00047
00048 #ifdef CONFIG_RSBAC_DEBUG
00049 if (rsbac_debug_aef)
00050 printk(KERN_DEBUG "rsbac_aef_statfs(): calling ADF\n");
00051 #endif
00052 rsbac_target_id.dev.type = D_block;
00053 rsbac_target_id.dev.id = sb->s_dev;
00054 rsbac_attribute_value.dummy = 0;
00055 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00056 current->pid,
00057 T_DEV,
00058 rsbac_target_id,
00059 A_none,
00060 rsbac_attribute_value))
00061 return -EPERM;
00062 else
00063 return 0;
00064 }
|
|
||||||||||||
|
Definition at line 1007 of file lsm.c. References rsbac_attribute_value_t::dummy, R_MODIFY_SYSTEM_DATA, rsbac_adf_request(), rsbac_target_id_t::scd, ST_host_id, ST_net_id, ST_other, and T_SCD. 01008 {
01009 union rsbac_target_id_t rsbac_target_id;
01010 union rsbac_attribute_value_t rsbac_attribute_value;
01011
01012 #ifdef CONFIG_RSBAC_DEBUG
01013 if (rsbac_debug_aef)
01014 printk(KERN_DEBUG "rsbac_aef_sysctl(): calling ADF\n");
01015 #endif
01016 if(!(op & S_IWUGO))
01017 return 0;
01018 switch(table->ctl_name)
01019 {
01020 case KERN_NODENAME:
01021 rsbac_target_id.scd = ST_host_id;
01022 break;
01023 case KERN_DOMAINNAME:
01024 rsbac_target_id.scd = ST_net_id;
01025 break;
01026 default:
01027 rsbac_target_id.scd = ST_other;
01028 }
01029 rsbac_attribute_value.dummy = 0;
01030 if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
01031 current->pid,
01032 T_SCD,
01033 rsbac_target_id,
01034 A_signal,
01035 rsbac_attribute_value))
01036 return -EPERM;
01037 else
01038 return 0;
01039 }
|
|
||||||||||||||||
|
Definition at line 932 of file lsm.c. References rsbac_target_id_t::process, R_SEND_SIGNAL, rsbac_adf_request(), and T_PROCESS. 00934 {
00935 union rsbac_target_id_t rsbac_target_id;
00936 union rsbac_attribute_value_t rsbac_attribute_value;
00937
00938 #if 0
00939 if( (!info || ((unsigned long)info != 1 &&
00940 (unsigned long)info != 2 && SI_FROMUSER(info)))
00941 && ((sig != SIGCONT) || (current->session != p->session))
00942 )
00943 #endif
00944 {
00945 if(in_interrupt())
00946 printk(KERN_DEBUG "signal in interrupt, caller_pid %u, target pid %u, signal %u\n",
00947 current->pid, p->pid, sig);
00948 #ifdef CONFIG_RSBAC_DEBUG
00949 if (rsbac_debug_aef)
00950 printk(KERN_DEBUG "rsbac_aef_task_kill(): calling ADF\n");
00951 #endif
00952 rsbac_target_id.process = p->pid;
00953 rsbac_attribute_value.signal = sig;
00954 if (!rsbac_adf_request(R_SEND_SIGNAL,
00955 current->pid,
00956 T_PROCESS,
00957 rsbac_target_id,
00958 A_signal,
00959 rsbac_attribute_value))
00960 return -EPERM;
00961 }
00962 return 0;
00963 }
|
|
||||||||||||||||||||
|
Definition at line 732 of file lsm.c. References rsbac_target_id_t::process, R_CHANGE_GROUP, rsbac_adf_request(), and T_PROCESS. 00733 {
00734 union rsbac_target_id_t rsbac_target_id;
00735 union rsbac_attribute_value_t rsbac_attribute_value;
00736
00737 #ifdef CONFIG_RSBAC_DEBUG
00738 if (rsbac_debug_aef)
00739 printk(KERN_DEBUG "rsbac_aef_task_setgid(): calling ADF\n");
00740 #endif
00741 rsbac_target_id.process = current->pid;
00742 switch(flags)
00743 {
00744 case LSM_SETID_RE:
00745 case LSM_SETID_ID:
00746 case LSM_SETID_RES:
00747 if(id0 != (gid_t) -1)
00748 {
00749 rsbac_attribute_value.group = id0;
00750 if (!rsbac_adf_request(R_CHANGE_GROUP,
00751 current->pid,
00752 T_PROCESS,
00753 rsbac_target_id,
00754 A_group,
00755 rsbac_attribute_value))
00756 return -EPERM;
00757 }
00758 break;
00759 case LSM_SETID_FS:
00760 break;
00761
00762 default:
00763 printk(KERN_WARNING "rsbac_aef_task_setgid(): called with unknown flags value!\n");
00764 break;
00765 }
00766 return 0;
00767 }
|
|
||||||||||||
|
Definition at line 888 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::process, R_CHANGE_GROUP, rsbac_adf_request(), and T_PROCESS. 00889 {
00890 union rsbac_target_id_t rsbac_target_id;
00891 union rsbac_attribute_value_t rsbac_attribute_value;
00892
00893 #ifdef CONFIG_RSBAC_DEBUG
00894 if (rsbac_debug_aef)
00895 printk(KERN_DEBUG "rsbac_aef_task_setgroups(): calling ADF\n");
00896 #endif
00897 rsbac_target_id.process = current->pid;
00898 rsbac_attribute_value.dummy = 0;
00899 if (!rsbac_adf_request(R_CHANGE_GROUP,
00900 current->pid,
00901 T_PROCESS,
00902 rsbac_target_id,
00903 A_none,
00904 rsbac_attribute_value))
00905 return -EPERM;
00906 else
00907 return 0;
00908 }
|
|
||||||||||||
|
Definition at line 910 of file lsm.c. References A_none, rsbac_attribute_value_t::dummy, R_MODIFY_SYSTEM_DATA, rsbac_adf_request(), rsbac_target_id_t::scd, ST_rlimit, and T_SCD. 00911 {
00912 union rsbac_target_id_t rsbac_target_id;
00913 union rsbac_attribute_value_t rsbac_attribute_value;
00914
00915 #ifdef CONFIG_RSBAC_DEBUG
00916 if (rsbac_debug_aef)
00917 printk(KERN_DEBUG "rsbac_aef_task_setrlimit(): calling ADF\n");
00918 #endif
00919 rsbac_target_id.scd = ST_rlimit;
00920 rsbac_attribute_value.dummy = 0;
00921 if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
00922 current->pid,
00923 T_SCD,
00924 rsbac_target_id,
00925 A_none,
00926 rsbac_attribute_value))
00927 return -EPERM;
00928 else
00929 return 0;
00930 }
|
|
||||||||||||||||||||
|
Definition at line 769 of file lsm.c. References rsbac_attribute_value_t::owner, rsbac_target_id_t::process, R_CHANGE_DAC_EFF_OWNER, R_CHANGE_DAC_FS_OWNER, R_CHANGE_OWNER, R_GET_STATUS_DATA, rsbac_adf_request(), and T_PROCESS. 00770 {
00771 union rsbac_target_id_t rsbac_target_id;
00772 union rsbac_attribute_value_t rsbac_attribute_value;
00773
00774 #ifdef CONFIG_RSBAC_DEBUG
00775 if (rsbac_debug_aef)
00776 printk(KERN_DEBUG "rsbac_aef_task_setuid(): calling ADF\n");
00777 #endif
00778 rsbac_target_id.process = current->pid;
00779 switch(flags)
00780 {
00781 case LSM_SETID_RE:
00782 if(id0 != (uid_t) -1)
00783 {
00784 rsbac_attribute_value.owner = id0;
00785 if (!rsbac_adf_request(R_CHANGE_OWNER,
00786 current->pid,
00787 T_PROCESS,
00788 rsbac_target_id,
00789 A_owner,
00790 rsbac_attribute_value))
00791 return -EPERM;
00792 }
00793 #ifdef CONFIG_RSBAC_DAC_OWNER
00794 if(id1 != (uid_t) -1)
00795 {
00796 rsbac_attribute_value.owner = id1;
00797 if (!rsbac_adf_request(R_CHANGE_DAC_EFF_OWNER,
00798 current->pid,
00799 T_PROCESS,
00800 rsbac_target_id,
00801 A_owner,
00802 rsbac_attribute_value))
00803 return -EPERM;
00804 }
00805 #endif
00806 break;
00807 case LSM_SETID_ID:
00808 rsbac_attribute_value.owner = id0;
00809 if (!rsbac_adf_request(R_CHANGE_OWNER,
00810 current->pid,
00811 T_PROCESS,
00812 rsbac_target_id,
00813 A_owner,
00814 rsbac_attribute_value))
00815 return -EPERM;
00816 #ifdef CONFIG_RSBAC_DAC_OWNER
00817 if (!rsbac_adf_request(R_CHANGE_DAC_EFF_OWNER,
00818 current->pid,
00819 T_PROCESS,
00820 rsbac_target_id,
00821 A_owner,
00822 rsbac_attribute_value))
00823 return -EPERM;
00824 if (!rsbac_adf_request(R_CHANGE_DAC_FS_OWNER,
00825 current->pid,
00826 T_PROCESS,
00827 rsbac_target_id,
00828 A_owner,
00829 rsbac_attribute_value))
00830 return -EPERM;
00831 #endif
00832 break;
00833 case LSM_SETID_RES:
00834 if(id0 != (uid_t) -1)
00835 {
00836 rsbac_attribute_value.group = id0;
00837 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00838 current->pid,
00839 T_PROCESS,
00840 rsbac_target_id,
00841 A_group,
00842 rsbac_attribute_value))
00843 return -EPERM;
00844 }
00845 #ifdef CONFIG_RSBAC_DAC_OWNER
00846 if(id1 != (uid_t) -1)
00847 {
00848 rsbac_attribute_value.owner = id1;
00849 if (!rsbac_adf_request(R_CHANGE_DAC_EFF_OWNER,
00850 current->pid,
00851 T_PROCESS,
00852 rsbac_target_id,
00853 A_owner,
00854 rsbac_attribute_value))
00855 return -EPERM;
00856 }
00857 else
00858 rsbac_attribute_value.owner = current->euid;
00859 if (!rsbac_adf_request(R_CHANGE_DAC_FS_OWNER,
00860 current->pid,
00861 T_PROCESS,
00862 rsbac_target_id,
00863 A_owner,
00864 rsbac_attribute_value))
00865 return -EPERM;
00866 #endif
00867 break;
00868 case LSM_SETID_FS:
00869 #ifdef CONFIG_RSBAC_DAC_OWNER
00870 rsbac_attribute_value.owner = id0;
00871 if (!rsbac_adf_request(R_CHANGE_DAC_FS_OWNER,
00872 current->pid,
00873 T_PROCESS,
00874 rsbac_target_id,
00875 A_owner,
00876 rsbac_attribute_value))
00877 return -EPERM;
00878 #endif
00879 break;
00880
00881 default:
00882 printk(KERN_WARNING "rsbac_aef_task_setuid(): called with unknown flags value!\n");
00883 break;
00884 }
00885 return 0;
00886 }
|
|
|
Definition at line 1276 of file lsm.c. 01277 {
01278 if (register_security (&rsbac_sec_ops))
01279 {
01280 printk (KERN_INFO
01281 "Failure registering RSBAC with LSM, trying to stack on primary module\n");
01282 /* try registering with primary module */
01283 if (mod_reg_security ("RSBAC", &rsbac_sec_ops))
01284 {
01285 printk (KERN_ERR "Failure registering RSBAC "
01286 "with primary LSM security module, interceptions missing!\n");
01287 return -EINVAL;
01288 }
01289 }
01290 return 0;
01291 }
|
|
|
|
1.4.2