#include <linux/string.h>#include <linux/binfmts.h>#include <linux/mm.h>#include <rsbac/types.h>#include <rsbac/aci.h>#include <rsbac/adf_main.h>#include <rsbac/error.h>#include <rsbac/helpers.h>#include <rsbac/getname.h>#include <rsbac/pax_getname.h>#include <rsbac/debug.h>Go to the source code of this file.
Functions | |
| enum rsbac_adf_req_ret_t | rsbac_adf_request_pax (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
| int | rsbac_adf_set_attr_pax (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t new_target, union rsbac_target_id_t new_tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
|
||||||||||||||||||||||||||||||||
|
Definition at line 103 of file pax_main.c. References A_none, A_pax_flags, A_pax_role, A_system_role, DO_NOT_CARE, FREEZE, GRANTED, NOT_GRANTED, PAX, R_MODIFY_ATTRIBUTE, R_READ_ATTRIBUTE, R_SWITCH_LOG, R_SWITCH_MODULE, rsbac_get_attr, SOFTMODE, SR_administrator, SR_security_officer, rsbac_attribute_value_t::system_role, T_NONE, T_USER, TRUE, UNDEFINED, and rsbac_target_id_t::user. Referenced by rsbac_adf_request_int(). 00110 {
00111 union rsbac_target_id_t i_tid;
00112 union rsbac_attribute_value_t i_attr_val1;
00113
00114 switch (request)
00115 {
00116 case R_MODIFY_ATTRIBUTE:
00117 switch(attr)
00118 {
00119 case A_system_role:
00120 case A_pax_role:
00121 case A_pax_flags:
00122 /* All attributes (remove target!) */
00123 case A_none:
00124 /* Security Officer? */
00125 i_tid.user = owner;
00126 if (rsbac_get_attr(PAX,
00127 T_USER,
00128 i_tid,
00129 A_pax_role,
00130 &i_attr_val1,
00131 TRUE))
00132 {
00133 rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role);
00134 return(NOT_GRANTED);
00135 }
00136 /* if sec_officer, then grant */
00137 if (i_attr_val1.system_role == SR_security_officer)
00138 return(GRANTED);
00139 else
00140 return(NOT_GRANTED);
00141
00142 default:
00143 return(DO_NOT_CARE);
00144 }
00145
00146 case R_READ_ATTRIBUTE:
00147 switch(attr)
00148 {
00149 case A_system_role:
00150 case A_pax_role:
00151 case A_pax_flags:
00152 /* All attributes (remove target!) */
00153 case A_none:
00154 /* Security Officer or Admin? */
00155 i_tid.user = owner;
00156 if (rsbac_get_attr(PAX,
00157 T_USER,
00158 i_tid,
00159 A_pax_role,
00160 &i_attr_val1,
00161 TRUE))
00162 {
00163 rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role);
00164 return(NOT_GRANTED);
00165 }
00166 /* if sec_officer, then grant */
00167 if( (i_attr_val1.system_role == SR_security_officer)
00168 || (i_attr_val1.system_role == SR_administrator)
00169 )
00170 return(GRANTED);
00171 else
00172 return(NOT_GRANTED);
00173
00174 default:
00175 return(DO_NOT_CARE);
00176 }
00177
00178 case R_SWITCH_LOG:
00179 switch(target)
00180 {
00181 case T_NONE:
00182 /* test owner's pax_role */
00183 i_tid.user = owner;
00184 if (rsbac_get_attr(PAX,
00185 T_USER,
00186 i_tid,
00187 A_pax_role,
00188 &i_attr_val1,
00189 TRUE))
00190 {
00191 rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role);
00192 return(NOT_GRANTED);
00193 }
00194 /* security officer? -> grant */
00195 if (i_attr_val1.system_role == SR_security_officer)
00196 return(GRANTED);
00197 else
00198 return(NOT_GRANTED);
00199
00200 /* all other cases are unknown */
00201 default: return(DO_NOT_CARE);
00202 }
00203
00204 case R_SWITCH_MODULE:
00205 switch(target)
00206 {
00207 case T_NONE:
00208 /* we need the switch_target */
00209 if(attr != A_switch_target)
00210 return(UNDEFINED);
00211 /* do not care for other modules */
00212 if( (attr_val.switch_target != PAX)
00213 #ifdef CONFIG_RSBAC_SOFTMODE
00214 && (attr_val.switch_target != SOFTMODE)
00215 #endif
00216 #ifdef CONFIG_RSBAC_FREEZE
00217 && (attr_val.switch_target != FREEZE)
00218 #endif
00219 )
00220 return(DO_NOT_CARE);
00221 /* test owner's pax_role */
00222 i_tid.user = owner;
00223 if (rsbac_get_attr(PAX,
00224 T_USER,
00225 i_tid,
00226 A_pax_role,
00227 &i_attr_val1,
00228 TRUE))
00229 {
00230 rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role);
00231 return(NOT_GRANTED);
00232 }
00233 /* security officer? -> grant */
00234 if (i_attr_val1.system_role == SR_security_officer)
00235 return(GRANTED);
00236 else
00237 return(NOT_GRANTED);
00238
00239 /* all other cases are unknown */
00240 default: return(DO_NOT_CARE);
00241 }
00242
00243 /*********************/
00244 default: return DO_NOT_CARE;
00245 }
00246
00247 return DO_NOT_CARE;
00248 } /* end of rsbac_adf_request_pax() */
|
|
||||||||||||||||||||||||||||||||||||||||
|
Definition at line 261 of file pax_main.c. Referenced by rsbac_adf_set_attr(). 00271 {
00272 return 0;
00273 } /* end of rsbac_adf_set_attr_pax() */
|
1.4.2