Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
linux-2.6.16-rsbac-1.2.6 / rsbac / adf / cap

cap_main.c

Go to the documentation of this file.
00001 /**************************************************** */
00002 /* Rule Set Based Access Control                      */
00003 /* Implementation of the Access Control Decision      */
00004 /* Facility (ADF) - Linux Capabilities (CAP)          */
00005 /* File: rsbac/adf/cap/main.c                         */
00006 /*                                                    */
00007 /* Author and (c) 1999-2005: Amon Ott <ao@rsbac.org>  */
00008 /*                                                    */
00009 /* Last modified: 18/Jul/2005                         */
00010 /**************************************************** */
00011 
00012 #include <linux/string.h>
00013 #include <rsbac/types.h>
00014 #include <rsbac/aci.h>
00015 #include <rsbac/adf_main.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/helpers.h>
00018 #include <rsbac/getname.h>
00019 #include <rsbac/debug.h>
00020 
00021 /************************************************* */
00022 /*           Global Variables                      */
00023 /************************************************* */
00024 
00025 /************************************************* */
00026 /*          Internal Help functions                */
00027 /************************************************* */
00028 
00029 /************************************************* */
00030 /*          Externally visible functions           */
00031 /************************************************* */
00032 
00033 enum rsbac_adf_req_ret_t
00034    rsbac_adf_request_cap (enum  rsbac_adf_request_t     request,
00035                                 rsbac_pid_t             caller_pid,
00036                           enum  rsbac_target_t          target,
00037                           union rsbac_target_id_t       tid,
00038                           enum  rsbac_attribute_t       attr,
00039                           union rsbac_attribute_value_t attr_val,
00040                                 rsbac_uid_t             owner)
00041   {
00042     union rsbac_target_id_t       i_tid;
00043     union rsbac_attribute_value_t i_attr_val1;
00044 
00045     switch (request)
00046       {
00047         case R_MODIFY_ATTRIBUTE:
00048             switch(attr)
00049               {
00050                 case A_system_role:
00051                 case A_cap_role:
00052                 case A_min_caps:
00053                 case A_max_caps:
00054                 case A_max_caps_user:
00055                 case A_max_caps_program:
00056                 case A_cap_process_hiding:
00057                 #ifdef CONFIG_RSBAC_CAP_AUTH_PROT
00058                 case A_auth_may_setuid:
00059                 case A_auth_may_set_cap:
00060                 case A_auth_start_uid:
00061                 case A_auth_start_euid:
00062                 case A_auth_start_gid:
00063                 case A_auth_start_egid:
00064                 case A_auth_program_file:
00065                 case A_auth_learn:
00066                 case A_auth_add_f_cap:
00067                 case A_auth_remove_f_cap:
00068                 #endif
00069                 /* All attributes (remove target!) */
00070                 case A_none:
00071                   /* Security Officer? */
00072                   i_tid.user = owner;
00073                   if (rsbac_get_attr(CAP,
00074                                      T_USER,
00075                                      i_tid,
00076                                      A_cap_role,
00077                                      &i_attr_val1,
00078                                      TRUE))
00079                     {
00080                       rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00081                       return(NOT_GRANTED);
00082                     }
00083                   /* if sec_officer, then grant */
00084                   if (i_attr_val1.system_role == SR_security_officer)
00085                     return(GRANTED);
00086                   else
00087                     return(NOT_GRANTED);
00088 
00089                 default:
00090                   return(DO_NOT_CARE);
00091               }
00092 
00093         case R_READ_ATTRIBUTE:
00094             switch(attr)
00095               {
00096                 case A_system_role:
00097                 case A_cap_role:
00098                 case A_min_caps:
00099                 case A_max_caps:
00100                 case A_max_caps_user:
00101                 case A_max_caps_program:
00102                 case A_cap_process_hiding:
00103                 /* All attributes (remove target!) */
00104                 case A_none:
00105                   /* Security Officer or Admin? */
00106                   i_tid.user = owner;
00107                   if (rsbac_get_attr(CAP,
00108                                      T_USER,
00109                                      i_tid,
00110                                      A_cap_role,
00111                                      &i_attr_val1,
00112                                      TRUE))
00113                     {
00114                       rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00115                       return(NOT_GRANTED);
00116                     }
00117                   /* if sec_officer, then grant */
00118                   if(   (i_attr_val1.system_role == SR_security_officer)
00119                      || (i_attr_val1.system_role == SR_administrator)
00120                     )
00121                     return(GRANTED);
00122                   else
00123                     return(NOT_GRANTED);
00124 
00125                 default:
00126                   return(DO_NOT_CARE);
00127               }
00128 
00129         case R_SWITCH_LOG:
00130             switch(target)
00131               {
00132                 case T_NONE:
00133                   /* test owner's cap_role */
00134                   i_tid.user = owner;
00135                   if (rsbac_get_attr(CAP,
00136                                      T_USER,
00137                                      i_tid,
00138                                      A_cap_role,
00139                                      &i_attr_val1,
00140                                      TRUE))
00141                     {
00142                       rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00143                       return(NOT_GRANTED);
00144                     }
00145                   /* security officer? -> grant  */
00146                   if (i_attr_val1.system_role == SR_security_officer)
00147                     return(GRANTED);
00148                   else
00149                     return(NOT_GRANTED);
00150 
00151                 /* all other cases are unknown */
00152                 default: return(DO_NOT_CARE);
00153               }
00154 
00155         case R_SWITCH_MODULE:
00156             switch(target)
00157               {
00158                 case T_NONE:
00159                   /* we need the switch_target */
00160                   if(attr != A_switch_target)
00161                     return(UNDEFINED);
00162                   /* do not care for other modules */
00163                   if(   (attr_val.switch_target != CAP)
00164                      #ifdef CONFIG_RSBAC_CAP_AUTH_PROT
00165                      && (attr_val.switch_target != AUTH)
00166                      #endif
00167                      #ifdef CONFIG_RSBAC_SOFTMODE
00168                      && (attr_val.switch_target != SOFTMODE)
00169                      #endif
00170                      #ifdef CONFIG_RSBAC_FREEZE
00171                      && (attr_val.switch_target != FREEZE)
00172                      #endif
00173                     )
00174                     return(DO_NOT_CARE);
00175                   /* test owner's cap_role */
00176                   i_tid.user = owner;
00177                   if (rsbac_get_attr(CAP,
00178                                      T_USER,
00179                                      i_tid,
00180                                      A_cap_role,
00181                                      &i_attr_val1,
00182                                      TRUE))
00183                     {
00184                       rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00185                       return(NOT_GRANTED);
00186                     }
00187                   /* security officer? -> grant  */
00188                   if (i_attr_val1.system_role == SR_security_officer)
00189                     return(GRANTED);
00190                   else
00191                     return(NOT_GRANTED);
00192 
00193                 /* all other cases are unknown */
00194                 default: return(DO_NOT_CARE);
00195               }
00196 
00197 #ifdef CONFIG_RSBAC_CAP_PROC_HIDE
00198         case R_CHANGE_GROUP:
00199         case R_GET_STATUS_DATA:
00200         case R_MODIFY_SYSTEM_DATA:
00201         case R_SEND_SIGNAL:
00202         case R_TRACE:
00203           switch(target)
00204             {
00205               case T_PROCESS:
00206                 if(caller_pid == tid.process)
00207                   return GRANTED;
00208                 if (rsbac_get_attr(CAP,
00209                                    target,
00210                                    tid,
00211                                    A_cap_process_hiding,
00212                                    &i_attr_val1,
00213                                    TRUE))
00214                   {
00215                     rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_process_hiding);
00216                     return(NOT_GRANTED);  /* something weird happened */
00217                   }
00218                 switch(i_attr_val1.cap_process_hiding)
00219                   {
00220                     case PH_full:
00221                         /* Security Officer or Admin? */
00222                         i_tid.user = owner;
00223                         if (rsbac_get_attr(CAP,
00224                                            T_USER,
00225                                            i_tid,
00226                                            A_cap_role,
00227                                            &i_attr_val1,
00228                                            TRUE))
00229                           {
00230                             rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00231                             return(NOT_GRANTED);
00232                           }
00233                         /* if sec_officer, then grant */
00234                         if(i_attr_val1.system_role == SR_security_officer)
00235                           return(GRANTED);
00236                         else
00237                           return(NOT_GRANTED);
00238                     case PH_from_other_users:
00239                       {
00240                         struct task_struct * task_p;
00241                         enum rsbac_adf_req_ret_t result;
00242 
00243                         read_lock(&tasklist_lock);
00244                         task_p = find_task_by_pid(tid.process);
00245                         if(   task_p
00246                            && (task_p->uid != owner)
00247                           )
00248                           result = NOT_GRANTED;
00249                         else
00250                           result = GRANTED;
00251                         read_unlock(&tasklist_lock);
00252                         if(result == GRANTED)
00253                           return GRANTED;
00254                         /* Security Officer or Admin? */
00255                         i_tid.user = owner;
00256                         if (rsbac_get_attr(CAP,
00257                                            T_USER,
00258                                            i_tid,
00259                                            A_cap_role,
00260                                            &i_attr_val1,
00261                                            TRUE))
00262                           {
00263                             rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00264                             return(NOT_GRANTED);
00265                           }
00266                         /* if sec_officer or admin, then grant */
00267                         if(   (i_attr_val1.system_role == SR_security_officer)
00268                            || (i_attr_val1.system_role == SR_administrator)
00269                           )
00270                           return(GRANTED);
00271                         else
00272                           return(NOT_GRANTED);
00273                       }
00274                     default:
00275                       return DO_NOT_CARE;
00276                   }
00277 
00278               default:
00279                 return DO_NOT_CARE;
00280             }
00281 #endif
00282 
00283 /*********************/
00284         default: return DO_NOT_CARE;
00285       }
00286 
00287     return(DO_NOT_CARE);
00288   } /* end of rsbac_adf_request_cap() */
00289 
00290 
00291 /*****************************************************************************/
00292 /* If the request returned granted and the operation is performed,           */
00293 /* the following function can be called by the AEF to get all aci set        */
00294 /* correctly. For write accesses that are performed fully within the kernel, */
00295 /* this is usually not done to prevent extra calls, including R_CLOSE for    */
00296 /* cleaning up.                                                              */
00297 /* The second instance of target specification is the new target, if one has */
00298 /* been created, otherwise its values are ignored.                           */
00299 /* On success, 0 is returned, and an error from rsbac/error.h otherwise.     */
00300 
00301 int  rsbac_adf_set_attr_cap(
00302                       enum  rsbac_adf_request_t     request,
00303                             rsbac_pid_t             caller_pid,
00304                       enum  rsbac_target_t          target,
00305                       union rsbac_target_id_t       tid,
00306                       enum  rsbac_target_t          new_target,
00307                       union rsbac_target_id_t       new_tid,
00308                       enum  rsbac_attribute_t       attr,
00309                       union rsbac_attribute_value_t attr_val,
00310                             rsbac_uid_t             owner)
00311   {
00312     union rsbac_target_id_t       i_tid;
00313     union rsbac_attribute_value_t i_attr_val1;
00314 
00315     switch (request)
00316       {
00317         case R_CHANGE_OWNER:
00318             switch(target)
00319               {
00320                 case T_PROCESS:
00321                   if(attr != A_owner)
00322                     return(-RSBAC_EINVALIDATTR);
00323                   /* Adjust Linux caps */
00324                   i_tid.user = attr_val.owner;
00325                   if (rsbac_get_attr(CAP,
00326                                      T_USER,
00327                                      i_tid,
00328                                      A_max_caps,
00329                                      &i_attr_val1,
00330                                      FALSE))
00331                     {
00332                       rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_max_caps);
00333                     }
00334                   else
00335                     {
00336                       #ifdef CONFIG_RSBAC_SOFTMODE
00337                       if(   rsbac_softmode
00338                       #ifdef CONFIG_RSBAC_SOFTMODE_IND
00339                          || rsbac_ind_softmode[CAP]
00340                       #endif
00341                         )
00342                         { /* Warn */
00343                           if(i_attr_val1.max_caps != RSBAC_CAP_DEFAULT_MAX)
00344                             {
00345                               rsbac_printk(KERN_NOTICE
00346                                            "rsbac_adf_set_attr_cap(): running in softmode, max_caps of user %u not applied to process %u(%.15s)!\n",
00347                                            owner,
00348                                            caller_pid,
00349                                            current->comm);
00350                             }
00351                         }
00352                       else
00353                       #endif
00354                         {
00355                           extern spinlock_t task_capability_lock;
00356 
00357                           /* set caps for process */
00358                           spin_lock(&task_capability_lock);
00359                           current->cap_permitted &= i_attr_val1.max_caps;
00360                           current->cap_effective &= i_attr_val1.max_caps;
00361                           current->cap_inheritable &= i_attr_val1.max_caps;
00362                           spin_unlock(&task_capability_lock);
00363 
00364 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00365                           /* set max_caps_user for process */
00366                           if (rsbac_set_attr(CAP,
00367                                              target,
00368                                              tid,
00369                                              A_max_caps_user,
00370                                              i_attr_val1))
00371                             {
00372                               rsbac_ds_set_error("rsbac_adf_set_attr_cap()", A_max_caps_user);
00373                             }
00374 #endif
00375                         }
00376                     }
00377                   if (rsbac_get_attr(CAP,
00378                                      T_USER,
00379                                      i_tid,
00380                                      A_min_caps,
00381                                      &i_attr_val1,
00382                                      FALSE))
00383                     {
00384                       rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_min_caps);
00385                     }
00386                   else
00387                     {
00388                       extern spinlock_t task_capability_lock;
00389 
00390                       /* set caps for process */
00391                       spin_lock(&task_capability_lock);
00392                       current->cap_permitted |= i_attr_val1.min_caps;
00393                       current->cap_effective |= i_attr_val1.min_caps;
00394                       current->cap_inheritable |= i_attr_val1.min_caps;
00395                       spin_unlock(&task_capability_lock);
00396                     }
00397                   return 0;
00398 
00399                 /* all other cases are unknown */
00400                 default:
00401                   return(0);
00402               }
00403             break;
00404 
00405 #if defined (CONFIG_RSBAC_CAP_PROC_HIDE) || defined(CONFIG_RSBAC_CAP_LOG_MISSING)
00406         case R_CLONE:
00407             switch(target)
00408               {
00409                 case T_PROCESS:
00410 #ifdef CONFIG_RSBAC_CAP_PROC_HIDE
00411                   /* get process hiding from old process */
00412                   if (rsbac_get_attr(CAP,
00413                                      target,
00414                                      tid,
00415                                      A_cap_process_hiding,
00416                                      &i_attr_val1,
00417                                      FALSE))
00418                     {
00419                       rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_cap_process_hiding);
00420                     }
00421                   else
00422                     { /* only set, of not default value 0 */
00423                       if(i_attr_val1.cap_process_hiding)
00424                         {
00425                           /* set program based log for new process */
00426                           if (rsbac_set_attr(CAP,
00427                                              new_target,
00428                                              new_tid,
00429                                              A_cap_process_hiding,
00430                                              i_attr_val1))
00431                             {
00432                               rsbac_ds_set_error("rsbac_adf_set_attr_cap()", A_cap_process_hiding);
00433                             }
00434                         }
00435                     }
00436 #endif
00437 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00438                   /* get max_caps_user from old process */
00439                   if (rsbac_get_attr(CAP,
00440                                      target,
00441                                      tid,
00442                                      A_max_caps_user,
00443                                      &i_attr_val1,
00444                                      FALSE))
00445                     {
00446                       rsbac_ds_get_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_user);
00447                     }
00448                   else
00449                     { /* only set, of not default value */
00450                       if(i_attr_val1.max_caps_user != RSBAC_CAP_DEFAULT_MAX)
00451                         {
00452                           if (rsbac_set_attr(CAP,
00453                                              new_target,
00454                                              new_tid,
00455                                              A_max_caps_user,
00456                                              i_attr_val1))
00457                             {
00458                               rsbac_ds_set_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_user);
00459                             }
00460                         }
00461                     }
00462                   /* get max_caps_program from old process */
00463                   if (rsbac_get_attr(CAP,
00464                                      target,
00465                                      tid,
00466                                      A_max_caps_program,
00467                                      &i_attr_val1,
00468                                      FALSE))
00469                     {
00470                       rsbac_ds_get_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_program);
00471                     }
00472                   else
00473                     { /* only set, of not default value */
00474                       if(i_attr_val1.max_caps_program != RSBAC_CAP_DEFAULT_MAX)
00475                         {
00476                           if (rsbac_set_attr(CAP,
00477                                              new_target,
00478                                              new_tid,
00479                                              A_max_caps_program,
00480                                              i_attr_val1))
00481                             {
00482                               rsbac_ds_set_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_program);
00483                             }
00484                         }
00485                     }
00486 #endif
00487                   return 0;
00488 
00489                 /* all other cases are unknown */
00490                 default:
00491                   return(0);
00492               }
00493 #endif /* PROC_HIDE || LOG_MISSING */
00494 
00495         case R_EXECUTE:
00496             switch(target)
00497               {
00498                 case T_FILE:
00499                   /* Adjust Linux caps - first user, then program based */
00500                   /* User must be redone, because caps are cleared by Linux kernel */
00501                   i_tid.user = owner;
00502                   if (rsbac_get_attr(CAP,
00503                                      T_USER,
00504                                      i_tid,
00505                                      A_max_caps,
00506                                      &i_attr_val1,
00507                                      FALSE))
00508                     {
00509                       rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_max_caps);
00510                     }
00511                   else
00512                     {
00513                       #ifdef CONFIG_RSBAC_SOFTMODE
00514                       if(   rsbac_softmode
00515                       #ifdef CONFIG_RSBAC_SOFTMODE_IND
00516                          || rsbac_ind_softmode[CAP]
00517                       #endif
00518                         )
00519                         { /* Warn */
00520                           if(i_attr_val1.max_caps != RSBAC_CAP_DEFAULT_MAX)
00521                             {
00522                               rsbac_printk(KERN_NOTICE
00523                                            "rsbac_adf_set_attr_cap(): running in softmode, max_caps of user %u not applied to process %u(%.15s)!\n",
00524                                            owner,
00525                                            caller_pid,
00526                                            current->comm);
00527                             }
00528                         }
00529                       else
00530                       #endif
00531                         {
00532                           extern spinlock_t task_capability_lock;
00533 
00534                           /* set caps for process */
00535                           spin_lock(&task_capability_lock);
00536                           current->cap_permitted &= i_attr_val1.max_caps;
00537                           current->cap_effective &= i_attr_val1.max_caps;
00538                           current->cap_inheritable &= i_attr_val1.max_caps;
00539                           spin_unlock(&task_capability_lock);
00540                         }
00541                     }
00542                   if (rsbac_get_attr(CAP,
00543                                      T_USER,
00544                                      i_tid,
00545                                      A_min_caps,
00546                                      &i_attr_val1,
00547                                      FALSE))
00548                     {
00549                       rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_min_caps);
00550                     }
00551                   else
00552                     {
00553                       extern spinlock_t task_capability_lock;
00554 
00555                       /* set caps for process */
00556                       spin_lock(&task_capability_lock);
00557                       current->cap_permitted |= i_attr_val1.min_caps;
00558                       current->cap_effective |= i_attr_val1.min_caps;
00559                       current->cap_inheritable |= i_attr_val1.min_caps;
00560                       spin_unlock(&task_capability_lock);
00561                     }
00562                   if (rsbac_get_attr(CAP,
00563                                      target,
00564                                      tid,
00565                                      A_max_caps,
00566                                      &i_attr_val1,
00567                                      FALSE))
00568                     {
00569                       rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_max_caps);
00570                     }
00571                   else
00572                     {
00573                       #ifdef CONFIG_RSBAC_SOFTMODE
00574                       if(   rsbac_softmode
00575                       #ifdef CONFIG_RSBAC_SOFTMODE_IND
00576                          || rsbac_ind_softmode[CAP]
00577                       #endif
00578                         )
00579                         { /* Warn */
00580                           if(i_attr_val1.max_caps != RSBAC_CAP_DEFAULT_MAX)
00581                             {
00582                               rsbac_printk(KERN_NOTICE
00583                                            "rsbac_adf_set_attr_cap(): running in softmode, max_caps of program not applied to process %u(%.15s)!\n",
00584                                            caller_pid,
00585                                            current->comm);
00586                             }
00587                         }
00588                       else
00589                       #endif
00590                         {
00591                           extern spinlock_t task_capability_lock;
00592 
00593                           /* set caps for process */
00594                           spin_lock(&task_capability_lock);
00595                           current->cap_permitted &= i_attr_val1.max_caps;
00596                           current->cap_effective &= i_attr_val1.max_caps;
00597                           current->cap_inheritable &= i_attr_val1.max_caps;
00598                           spin_unlock(&task_capability_lock);
00599 
00600 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00601                           i_tid.process = caller_pid;
00602                           /* set max_caps_program for process */
00603                           if (rsbac_set_attr(CAP,
00604                                              T_PROCESS,
00605                                              i_tid,
00606                                              A_max_caps_program,
00607                                              i_attr_val1))
00608                             {
00609                               rsbac_ds_set_error("rsbac_adf_set_attr_cap():EXECUTE", A_max_caps_program);
00610                             }
00611 #endif
00612                         }
00613                     }
00614                   if (rsbac_get_attr(CAP,
00615                                      target,
00616                                      tid,
00617                                      A_min_caps,
00618                                      &i_attr_val1,
00619                                      FALSE))
00620                     {
00621                       rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_min_caps);
00622                     }
00623                   else
00624                     {
00625                       extern spinlock_t task_capability_lock;
00626 
00627                       /* set caps for process */
00628                       spin_lock(&task_capability_lock);
00629                       current->cap_permitted |= i_attr_val1.min_caps;
00630                       current->cap_effective |= i_attr_val1.min_caps;
00631                       current->cap_inheritable |= i_attr_val1.min_caps;
00632                       spin_unlock(&task_capability_lock);
00633                     }
00634                   return 0;
00635 
00636                 /* all other cases are unknown */
00637                 default:
00638                   return 0;
00639               }
00640             break;
00641 
00642 /*********************/
00643         default: return 0;
00644       }
00645 
00646     return 0;
00647   } /* end of rsbac_adf_set_attr_cap() */
00648 
00649 /* end of rsbac/adf/cap/main.c */
Generated on Sun May 21 14:30:49 2006 for RSBAC by  doxygen 1.4.2