#include <linux/string.h>#include <linux/vmalloc.h>#include <rsbac/aci.h>#include <rsbac/acl.h>#include <rsbac/adf_main.h>#include <rsbac/adf_syshelpers.h>#include <rsbac/error.h>#include <rsbac/helpers.h>#include <rsbac/getname.h>#include <rsbac/rkmem.h>#include <rsbac/debug.h>Go to the source code of this file.
Functions | |
| rsbac_boolean_t | rsbac_acl_check_super (enum rsbac_target_t target, union rsbac_target_id_t tid, rsbac_uid_t user) |
| rsbac_boolean_t | rsbac_acl_check_right (enum rsbac_target_t target, union rsbac_target_id_t tid, rsbac_uid_t user, rsbac_pid_t caller_pid, enum rsbac_adf_request_t request) |
| rsbac_boolean_t | rsbac_acl_check_forward (enum rsbac_target_t target, union rsbac_target_id_t tid, rsbac_uid_t user, rsbac_acl_rights_vector_t rights) |
| enum rsbac_adf_req_ret_t | rsbac_adf_request_acl (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
| int | rsbac_adf_set_attr_acl (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t new_target, union rsbac_target_id_t new_tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
|
||||||||||||||||||||
|
Definition at line 300 of file acl_main.c. References ACLR_FORWARD, ACLS_USER, FALSE, get_error_name(), rsbac_acl_sys_get_rights(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SCD, T_SYMLINK, T_USER, and TRUE. Referenced by rsbac_acl_sys_add_to_acl_entry(), and rsbac_acl_sys_set_acl_entry(). 00304 {
00305 rsbac_acl_rights_vector_t i_rights = 0;
00306 rsbac_acl_rights_vector_t i_rvec = ((rsbac_acl_rights_vector_t) 1 << ACLR_FORWARD) | rights;
00307 int err=0;
00308
00309
00310 /* Only check implemented targets */
00311 switch(target)
00312 {
00313 case T_FILE:
00314 case T_DIR:
00315 case T_FIFO:
00316 case T_SYMLINK:
00317 case T_DEV:
00318 case T_IPC:
00319 case T_SCD:
00320 case T_USER:
00321 case T_PROCESS:
00322 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00323 case T_GROUP:
00324 #endif
00325 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00326 case T_NETDEV:
00327 #endif
00328 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00329 case T_NETTEMP_NT:
00330 case T_NETTEMP:
00331 case T_NETOBJ:
00332 #endif
00333 break;
00334 default:
00335 return TRUE;
00336 }
00337 /* get effective rights */
00338 err = rsbac_acl_sys_get_rights(0, target, tid, ACLS_USER, (rsbac_acl_subject_id_t) user, &i_rights, TRUE);
00339 if(err)
00340 {
00341 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00342
00343 if(tmp)
00344 {
00345 rsbac_printk(KERN_WARNING
00346 "rsbac_acl_check_forward(): rsbac_acl_sys_get_rights() returned error %s!\n",
00347 get_error_name(tmp,err));
00348 rsbac_kfree(tmp);
00349 }
00350 return FALSE;
00351 }
00352 if((i_rights & i_rvec) == i_rvec)
00353 return(TRUE);
00354 else
00355 return(FALSE);
00356 }
|
|
||||||||||||||||||||||||
|
Definition at line 37 of file acl_main.c. References A_rc_role, ACLS_GROUP, ACLS_ROLE, ACLS_USER, FALSE, get_error_name(), get_request_name(), get_target_name(), NULL, rsbac_target_id_t::process, R_NONE, RC, rsbac_attribute_value_t::rc_role, rsbac_acl_add_to_acl_entry(), rsbac_acl_check_super(), rsbac_acl_get_single_right(), rsbac_acl_get_user_groups(), RSBAC_ACL_GROUP_EVERYONE, rsbac_get_attr, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), RSBAC_REQUEST_VECTOR, rsbac_vfree, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SCD, T_SYMLINK, T_USER, and TRUE. Referenced by rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_remove_user(), rsbac_acl_sys_set_acl_entry(), rsbac_acl_sys_set_mask(), and rsbac_adf_request_acl(). 00042 {
00043 rsbac_boolean_t result = FALSE;
00044 int err=0, tmperr;
00045 int i;
00046 rsbac_acl_group_id_t * group_p;
00047 #if defined(CONFIG_RSBAC_RC)
00048 union rsbac_target_id_t i_tid;
00049 union rsbac_attribute_value_t i_attr_val1;
00050 #endif
00051
00052 /* Only check implemented targets */
00053 switch(target)
00054 {
00055 case T_FILE:
00056 case T_DIR:
00057 case T_FIFO:
00058 case T_SYMLINK:
00059 case T_DEV:
00060 case T_IPC:
00061 case T_SCD:
00062 case T_USER:
00063 case T_PROCESS:
00064 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00065 case T_GROUP:
00066 #endif
00067 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00068 case T_NETDEV:
00069 #endif
00070 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00071 case T_NETTEMP_NT:
00072 case T_NETTEMP:
00073 case T_NETOBJ:
00074 #endif
00075 break;
00076 default:
00077 return TRUE;
00078 }
00079 /* inherited own rights */
00080 err = rsbac_acl_get_single_right(target,
00081 tid,
00082 ACLS_USER,
00083 (rsbac_acl_subject_id_t) user,
00084 request,
00085 &result);
00086 if(err)
00087 {
00088 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00089
00090 if(tmp)
00091 {
00092 rsbac_printk(KERN_WARNING
00093 "rsbac_acl_check_right(): rsbac_acl_get_single_right() returned error %s!\n",
00094 get_error_name(tmp,err));
00095 rsbac_kfree(tmp);
00096 }
00097 return FALSE;
00098 }
00099 if(result)
00100 return(TRUE);
00101
00102 /* add group and role rights */
00103 /* group everyone */
00104 err = rsbac_acl_get_single_right(target,
00105 tid,
00106 ACLS_GROUP,
00107 RSBAC_ACL_GROUP_EVERYONE,
00108 request,
00109 &result);
00110 if(err)
00111 {
00112 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00113
00114 if(tmp)
00115 {
00116 rsbac_printk(KERN_WARNING
00117 "rsbac_acl_check_right(): rsbac_acl_get_single_right() returned error %s!\n",
00118 get_error_name(tmp,err));
00119 rsbac_kfree(tmp);
00120 }
00121 return FALSE;
00122 }
00123 if(result)
00124 return(TRUE);
00125
00126 #if defined(CONFIG_RSBAC_RC)
00127 /* use process role */
00128 /* first get role */
00129 i_tid.process = caller_pid;
00130 if (rsbac_get_attr(RC,
00131 T_PROCESS,
00132 i_tid,
00133 A_rc_role,
00134 &i_attr_val1,
00135 FALSE))
00136 {
00137 rsbac_printk(KERN_WARNING
00138 "rsbac_acl_check_right(): rsbac_get_attr() for process rc_role returned error!\n");
00139 }
00140 else
00141 {
00142 err = rsbac_acl_get_single_right(target,
00143 tid,
00144 ACLS_ROLE,
00145 i_attr_val1.rc_role,
00146 request,
00147 &result);
00148 if(err)
00149 {
00150 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00151
00152 if(tmp)
00153 {
00154 get_error_name(tmp,err);
00155 rsbac_printk(KERN_WARNING
00156 "rsbac_acl_check_right(): rsbac_acl_get_single_right() returned error %s!\n",
00157 tmp);
00158 rsbac_kfree(tmp);
00159 }
00160 return FALSE;
00161 }
00162 if(result)
00163 return(TRUE);
00164 }
00165 #endif
00166
00167 /* other groups */
00168 /* first get user groups */
00169 group_p = NULL;
00170 err = rsbac_acl_get_user_groups(0, user, &group_p, NULL);
00171 if(err<0)
00172 {
00173 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00174
00175 if(tmp)
00176 {
00177 rsbac_printk(KERN_WARNING
00178 "rsbac_acl_check_right(): rsbac_acl_get_user_groups() returned error %s!\n",
00179 get_error_name(tmp,err));
00180 rsbac_kfree(tmp);
00181 }
00182 return err;
00183 }
00184 for(i=0; i<err; i++)
00185 {
00186 tmperr = rsbac_acl_get_single_right(target,
00187 tid,
00188 ACLS_GROUP,
00189 group_p[i],
00190 request,
00191 &result);
00192 if(tmperr)
00193 {
00194 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00195
00196 if(tmp)
00197 {
00198 rsbac_printk(KERN_WARNING
00199 "rsbac_acl_check_right(): rsbac_acl_get_single_right() returned error %s!\n",
00200 get_error_name(tmp, tmperr));
00201 rsbac_kfree(tmp);
00202 }
00203 if(group_p)
00204 rsbac_vfree(group_p);
00205 return FALSE;
00206 }
00207 if(result)
00208 {
00209 if(group_p)
00210 rsbac_vfree(group_p);
00211 return(TRUE);
00212 }
00213 }
00214 if(group_p)
00215 rsbac_vfree(group_p);
00216
00217 /* SUPERVISOR? */
00218 #ifdef CONFIG_RSBAC_ACL_LEARN
00219 result = rsbac_acl_check_super(target, tid, user);
00220 if( !result
00221 && (request < R_NONE)
00222 )
00223 {
00224 switch(target)
00225 {
00226 case T_FILE:
00227 case T_DIR:
00228 case T_FIFO:
00229 case T_SYMLINK:
00230 if(rsbac_acl_learn_fd)
00231 {
00232 char * tmp;
00233 enum rsbac_acl_subject_type_t subj_type;
00234 rsbac_acl_subject_id_t subj_id;
00235 rsbac_acl_rights_vector_t rights;
00236 rsbac_time_t ttl;
00237
00238 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00239 if(tmp)
00240 {
00241 char * target_type_name;
00242
00243 target_type_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00244 if(target_type_name)
00245 {
00246 char * target_id_name;
00247
00248 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00249 target_id_name
00250 = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + RSBAC_MAXNAMELEN);
00251 /* max. path name len + some extra */
00252 #else
00253 target_id_name = rsbac_kmalloc(2 * RSBAC_MAXNAMELEN);
00254 /* max. file name len + some extra */
00255 #endif
00256 if(target_id_name)
00257 {
00258 get_request_name(tmp,request);
00259 get_target_name(target_type_name, target, target_id_name, tid);
00260 rsbac_printk(KERN_INFO
00261 "rsbac_acl_check_right(): auto_learn_fd: granting right %s for user %u to target_type %s, tid %s!\n",
00262 tmp,
00263 user,
00264 target_type_name,
00265 target_id_name);
00266 rsbac_kfree(target_id_name);
00267 }
00268 rsbac_kfree(target_type_name);
00269 }
00270 }
00271 subj_type = ACLS_USER;
00272 subj_id = user;
00273 rights = RSBAC_REQUEST_VECTOR(request);
00274 ttl = 0;
00275 err = rsbac_acl_add_to_acl_entry(0, target, tid, subj_type, subj_id, rights, ttl);
00276 if(tmp)
00277 {
00278 if(err)
00279 {
00280 rsbac_printk(KERN_WARNING
00281 "rsbac_acl_check_right(): rsbac_acl_add_to_acl_entry() returned error %s!\n",
00282 get_error_name(tmp,err));
00283 }
00284 rsbac_kfree(tmp);
00285 }
00286 result = TRUE;
00287 }
00288 break;
00289
00290 default:
00291 break;
00292 }
00293 }
00294 return result;
00295 #else
00296 return rsbac_acl_check_super(target, tid, user);
00297 #endif
00298 }
|
|
||||||||||||||||
|
Definition at line 40 of file acl_syscalls.c. References A_rc_role, ACLR_SUPERVISOR, ACLS_GROUP, ACLS_ROLE, ACLS_USER, FALSE, get_error_name(), NULL, rsbac_target_id_t::process, RC, rsbac_attribute_value_t::rc_role, rsbac_acl_get_single_right(), rsbac_acl_get_user_groups(), RSBAC_ACL_GROUP_EVERYONE, rsbac_get_attr, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_vfree, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SCD, T_SYMLINK, T_USER, and TRUE. Referenced by rsbac_acl_check_right(), rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_get_rights(), rsbac_acl_sys_remove_acl(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_set_acl_entry(), and rsbac_adf_request_acl(). 00043 {
00044 rsbac_boolean_t i_result = FALSE;
00045 int err=0, tmperr;
00046 int i;
00047 rsbac_acl_group_id_t * group_p;
00048 #if defined(CONFIG_RSBAC_RC)
00049 union rsbac_target_id_t i_tid;
00050 union rsbac_attribute_value_t i_attr_val1;
00051 #endif
00052
00053 /* Only check implemented targets */
00054 switch(target)
00055 {
00056 case T_FILE:
00057 case T_DIR:
00058 case T_FIFO:
00059 case T_SYMLINK:
00060 case T_DEV:
00061 case T_IPC:
00062 case T_SCD:
00063 case T_USER:
00064 case T_PROCESS:
00065 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00066 case T_GROUP:
00067 #endif
00068 case T_NETDEV:
00069 case T_NETTEMP_NT:
00070 case T_NETTEMP:
00071 case T_NETOBJ:
00072 break;
00073 default:
00074 return TRUE;
00075 }
00076 /* own right */
00077 err = rsbac_acl_get_single_right(target,
00078 tid,
00079 ACLS_USER,
00080 (rsbac_acl_subject_id_t) user,
00081 ACLR_SUPERVISOR,
00082 &i_result);
00083 if(err)
00084 {
00085 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00086
00087 if(tmp)
00088 {
00089 rsbac_printk(KERN_WARNING
00090 "rsbac_acl_check_super(): rsbac_acl_get_single_right() returned error %s!\n",
00091 get_error_name(tmp,err));
00092 rsbac_kfree(tmp);
00093 }
00094 return FALSE;
00095 }
00096 if(i_result)
00097 return(TRUE);
00098
00099 /* try SUPERVISOR for group and role */
00100 /* group everyone */
00101 err = rsbac_acl_get_single_right(target,
00102 tid,
00103 ACLS_GROUP,
00104 RSBAC_ACL_GROUP_EVERYONE,
00105 ACLR_SUPERVISOR,
00106 &i_result);
00107 if(err)
00108 {
00109 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00110
00111 if(tmp)
00112 {
00113 rsbac_printk(KERN_WARNING
00114 "rsbac_acl_check_super(): rsbac_acl_get_single_right() returned error %s!\n",
00115 get_error_name(tmp,err));
00116 rsbac_kfree(tmp);
00117 }
00118 return FALSE;
00119 }
00120 if(i_result)
00121 return(TRUE);
00122
00123 #if defined(CONFIG_RSBAC_RC)
00124 /* use process role */
00125 /* first get role */
00126 i_tid.process = current->pid;
00127 if (rsbac_get_attr(RC,
00128 T_PROCESS,
00129 i_tid,
00130 A_rc_role,
00131 &i_attr_val1,
00132 FALSE))
00133 {
00134 rsbac_printk(KERN_WARNING
00135 "rsbac_acl_check_super(): rsbac_get_attr() for process rc_role returned error!\n");
00136 }
00137 else
00138 {
00139 err = rsbac_acl_get_single_right(target,
00140 tid,
00141 ACLS_ROLE,
00142 i_attr_val1.rc_role,
00143 ACLR_SUPERVISOR,
00144 &i_result);
00145 if(err)
00146 {
00147 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00148
00149 if(tmp)
00150 {
00151 get_error_name(tmp,err);
00152 rsbac_printk(KERN_WARNING
00153 "rsbac_acl_check_super(): rsbac_acl_get_single_right() returned error %s!\n",
00154 tmp);
00155 rsbac_kfree(tmp);
00156 }
00157 return FALSE;
00158 }
00159 if(i_result)
00160 return(TRUE);
00161 }
00162 #endif
00163
00164 /* other groups */
00165 /* first get user groups */
00166 group_p = NULL;
00167 err = rsbac_acl_get_user_groups(0, user, &group_p, NULL);
00168 if(err<0)
00169 {
00170 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00171
00172 if(tmp)
00173 {
00174 rsbac_printk(KERN_WARNING
00175 "rsbac_acl_check_super(): rsbac_acl_get_user_groups() returned error %s!\n",
00176 get_error_name(tmp,err));
00177 rsbac_kfree(tmp);
00178 }
00179 return err;
00180 }
00181 for(i=0; i<err; i++)
00182 {
00183 tmperr = rsbac_acl_get_single_right(target,
00184 tid,
00185 ACLS_GROUP,
00186 group_p[i],
00187 ACLR_SUPERVISOR,
00188 &i_result);
00189 if(tmperr)
00190 {
00191 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00192
00193 if(tmp)
00194 {
00195 rsbac_printk(KERN_WARNING
00196 "rsbac_acl_check_super(): rsbac_acl_get_single_right() returned error %s!\n",
00197 get_error_name(tmp,tmperr));
00198 rsbac_kfree(tmp);
00199 }
00200 if(group_p)
00201 rsbac_vfree(group_p);
00202 return FALSE;
00203 }
00204 if(i_result)
00205 {
00206 if(group_p)
00207 rsbac_vfree(group_p);
00208 return(TRUE);
00209 }
00210 }
00211 if(group_p)
00212 rsbac_vfree(group_p);
00213
00214 /* give up */
00215 return FALSE;
00216 };
|
|
||||||||||||||||||||||||||||||||
|
Definition at line 363 of file acl_main.c. References A_audit_uid, A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_fake_root_uid, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_log_user_based, A_none, A_pseudo, A_remote_ip, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, ACL, AST_auth_administration, AUTH, DO_NOT_CARE, FREEZE, GRANTED, NOT_GRANTED, R_MODIFY_ATTRIBUTE, R_READ_ATTRIBUTE, R_SWITCH_MODULE, rsbac_acl_check_right(), rsbac_acl_check_super(), rsbac_target_id_t::scd, SOFTMODE, ST_other, T_NONE, and T_SCD. Referenced by rsbac_adf_request_int(). 00370 {
00371 switch (request)
00372 {
00373 case R_READ_ATTRIBUTE:
00374 case R_MODIFY_ATTRIBUTE:
00375 switch(attr)
00376 { /* owner must be changed by other request to prevent inconsistency */
00377 case A_owner:
00378 if(request == R_READ_ATTRIBUTE)
00379 return(GRANTED);
00380 else
00381 return(NOT_GRANTED);
00382
00383 /* Only protect AUTH, if asked to by configuration */
00384 #ifdef CONFIG_RSBAC_ACL_AUTH_PROT
00385 case A_auth_may_setuid:
00386 case A_auth_may_set_cap:
00387 case A_auth_start_uid:
00388 case A_auth_start_euid:
00389 case A_auth_start_gid:
00390 case A_auth_start_egid:
00391 case A_auth_learn:
00392 case A_auth_program_file:
00393 case A_auth_add_f_cap:
00394 case A_auth_remove_f_cap:
00395 tid.scd = AST_auth_administration;
00396 if (rsbac_acl_check_right(T_SCD, tid, owner, caller_pid, request))
00397 return(GRANTED);
00398 else
00399 return(NOT_GRANTED);
00400 #endif
00401
00402 #ifdef CONFIG_RSBAC_ACL_GEN_PROT
00403 case A_pseudo:
00404 case A_log_array_low:
00405 case A_log_array_high:
00406 case A_log_program_based:
00407 case A_log_user_based:
00408 case A_symlink_add_remote_ip:
00409 case A_symlink_add_uid:
00410 case A_symlink_add_rc_role:
00411 case A_linux_dac_disable:
00412 case A_fake_root_uid:
00413 case A_audit_uid:
00414 case A_auid_exempt:
00415 case A_remote_ip:
00416 if (!rsbac_acl_check_right(target, tid, owner, caller_pid, request))
00417 return(NOT_GRANTED);
00418 else
00419 return(GRANTED);
00420 #endif
00421
00422 #ifdef CONFIG_RSBAC_ACL_LEARN
00423 case A_acl_learn:
00424 /* check supervisor on target */
00425 if(rsbac_acl_check_super(target,
00426 tid,
00427 owner))
00428 return(GRANTED);
00429 else
00430 return(NOT_GRANTED);
00431 #endif
00432
00433 /* All attributes (remove target!) */
00434 case A_none:
00435 if (!rsbac_acl_check_right(target, tid, owner, caller_pid, request))
00436 return(NOT_GRANTED);
00437 #ifdef CONFIG_RSBAC_ACL_AUTH_PROT
00438 tid.scd = AST_auth_administration;
00439 if (!rsbac_acl_check_right(T_SCD, tid, owner, caller_pid, request))
00440 return(NOT_GRANTED);
00441 #endif
00442 return(GRANTED);
00443
00444 default:
00445 return(DO_NOT_CARE);
00446 }
00447
00448 case R_SWITCH_MODULE:
00449 switch(target)
00450 {
00451 case T_NONE:
00452 if( (attr_val.switch_target != ACL)
00453 #ifdef CONFIG_RSBAC_SOFTMODE
00454 && (attr_val.switch_target != SOFTMODE)
00455 #endif
00456 #ifdef CONFIG_RSBAC_FREEZE
00457 && (attr_val.switch_target != FREEZE)
00458 #endif
00459 #ifdef CONFIG_RSBAC_ACL_AUTH_PROT
00460 && (attr_val.switch_target != AUTH)
00461 #endif
00462 )
00463 return(DO_NOT_CARE);
00464
00465 tid.scd = ST_other;
00466 if (rsbac_acl_check_right(T_SCD, tid, owner, caller_pid, request))
00467 return(GRANTED);
00468 else
00469 return(NOT_GRANTED);
00470
00471 /* all other cases are unknown */
00472 default:
00473 return(DO_NOT_CARE);
00474 }
00475
00476 /*********************/
00477 default:
00478 if(target == T_NONE)
00479 {
00480 target = T_SCD;
00481 tid.scd = ST_other;
00482 }
00483 if (rsbac_acl_check_right(target, tid, owner, caller_pid, request))
00484 return(GRANTED);
00485 else
00486 return(NOT_GRANTED);
00487 }
00488 } /* end of rsbac_adf_request_acl() */
|
|
||||||||||||||||||||||||||||||||||||||||
|
Definition at line 501 of file acl_main.c. Referenced by rsbac_adf_set_attr(). 00511 {
00512 /* Nothing to be done here */
00513 return 0;
00514 } /* end of rsbac_adf_set_attr_acl() */
|
1.4.2