00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
#include <linux/types.h>
00013
#include <linux/string.h>
00014
#include <linux/fs.h>
00015
#include <rsbac/aci.h>
00016
#include <rsbac/adf_main.h>
00017
#include <rsbac/error.h>
00018
#include <rsbac/helpers.h>
00019
#include <rsbac/getname.h>
00020
00021
#include <asm/uaccess.h>
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
enum rsbac_adf_req_ret_t
00033 check_flags_ff(
enum rsbac_target_t target,
00034
union rsbac_target_id_t tid,
00035
rsbac_ff_flags_t flags)
00036 {
00037
union rsbac_attribute_value_t i_attr_val1;
00038
00039
00040
if (
rsbac_get_attr(
FF, target,
00041 tid,
00042
A_ff_flags,
00043 &i_attr_val1,
00044
TRUE))
00045 {
00046 printk(KERN_WARNING
"check_flags_ff(): rsbac_get_attr() returned error!\n");
00047
return(
NOT_GRANTED);
00048 }
00049
00050
00051
if (i_attr_val1.
ff_flags & flags)
00052
return(
NOT_GRANTED);
00053
else
00054
return(
GRANTED);
00055 }
00056
00057
00058
00059
00060
00061
enum rsbac_adf_req_ret_t
00062 rsbac_adf_request_ff (
enum rsbac_adf_request_t request,
00063
rsbac_pid_t caller_pid,
00064
enum rsbac_target_t target,
00065
union rsbac_target_id_t tid,
00066
enum rsbac_attribute_t attr,
00067
union rsbac_attribute_value_t attr_val,
00068
rsbac_uid_t owner)
00069 {
00070
enum rsbac_adf_req_ret_t result =
DO_NOT_CARE;
00071
union rsbac_target_id_t i_tid;
00072
union rsbac_attribute_value_t i_attr_val1;
00073
int err=0;
00074
00075
switch (request)
00076 {
00077
case R_APPEND_OPEN:
00078
switch(target)
00079 {
00080
case T_FILE:
00081
case T_FIFO:
00082
return(
check_flags_ff(target,tid,
00083
FF_read_only |
FF_execute_only));
00084
00085
00086
default:
return(
DO_NOT_CARE);
00087 }
00088
00089
case R_CHANGE_GROUP:
00090
case R_MODIFY_ACCESS_DATA:
00091
case R_MODIFY_PERMISSIONS_DATA:
00092
switch(target)
00093 {
00094
case T_FILE:
00095
case T_FIFO:
00096
case T_SYMLINK:
00097
return(
check_flags_ff(target,tid,
00098
FF_read_only |
FF_execute_only |
FF_append_only));
00099
case T_DIR:
00100
return(
check_flags_ff(target,tid,
00101
FF_read_only |
FF_search_only));
00102
00103
00104
default:
00105
return(
DO_NOT_CARE);
00106 }
00107
00108
case R_CHANGE_OWNER:
00109
switch(target)
00110 {
00111
case T_FILE:
00112
case T_FIFO:
00113
case T_SYMLINK:
00114
return(
check_flags_ff(target,tid,
00115
FF_read_only |
FF_execute_only |
FF_append_only));
00116
case T_DIR:
00117
return(
check_flags_ff(target,tid,
00118
FF_read_only |
FF_search_only));
00119
00120
default:
00121
return(
DO_NOT_CARE);
00122 }
00123
00124
case R_CHDIR:
00125
switch(target)
00126 {
00127
case T_DIR:
00128
return(
check_flags_ff(target,tid,
00129
FF_search_only));
00130
00131
00132
default:
return(
DO_NOT_CARE);
00133 }
00134
00135
00136
case R_CREATE:
00137
switch(target)
00138 {
00139
case T_DIR:
00140
return(
check_flags_ff(target,tid,
00141
FF_read_only |
FF_search_only));
00142
00143
00144
default:
return(
DO_NOT_CARE);
00145 }
00146
00147
case R_DELETE:
00148
case R_RENAME:
00149
switch(target)
00150 {
00151
case T_FILE:
00152
case T_FIFO:
00153
case T_SYMLINK:
00154
return(
check_flags_ff(target,tid,
00155
FF_read_only |
FF_execute_only |
FF_no_delete_or_rename
00156 |
FF_append_only));
00157
case T_DIR:
00158
return(
check_flags_ff(target,tid,
00159
FF_read_only |
FF_search_only |
FF_no_delete_or_rename));
00160
00161
00162
default:
return(
DO_NOT_CARE);
00163 }
00164
00165
case R_EXECUTE:
00166
switch(target)
00167 {
00168
case T_FILE:
00169
return(
check_flags_ff(target,tid,
00170
FF_write_only |
FF_no_execute |
FF_append_only));
00171
00172
00173
default:
return(
DO_NOT_CARE);
00174 }
00175
00176
case R_GET_STATUS_DATA:
00177
switch(target)
00178 {
00179
case T_SCD:
00180
00181
if (tid.
scd !=
ST_rsbaclog)
00182
return(
GRANTED);
00183
00184 i_tid.
user = owner;
00185
if ((err=
rsbac_get_attr(
FF,
T_USER,
00186 i_tid,
00187
A_ff_role,
00188 &i_attr_val1,
00189
TRUE)))
00190 {
00191 printk(KERN_WARNING
00192
"rsbac_adf_request_ff(): rsbac_get_attr() returned error %i!\n",err);
00193
return(
NOT_GRANTED);
00194 }
00195
00196
if ( (i_attr_val1.
system_role ==
SR_security_officer)
00197 || (i_attr_val1.
system_role ==
SR_auditor)
00198 )
00199
return(
GRANTED);
00200
else
00201
return(
NOT_GRANTED);
00202
default:
00203
return(
DO_NOT_CARE);
00204 };
00205
00206
case R_LINK_HARD:
00207
switch(target)
00208 {
00209
case T_FILE:
00210
case T_FIFO:
00211
case T_SYMLINK:
00212
return(
check_flags_ff(target,tid,
00213
FF_read_only |
FF_execute_only));
00214
00215
00216
default:
return(
DO_NOT_CARE);
00217 }
00218
00219
case R_MODIFY_ATTRIBUTE:
00220
switch(attr)
00221 {
00222
case A_ff_flags:
00223
case A_system_role:
00224
case A_ff_role:
00225
#ifdef CONFIG_RSBAC_FF_AUTH_PROT
00226
case A_auth_may_setuid:
00227
case A_auth_may_set_cap:
00228
case A_auth_start_uid:
00229
case A_auth_program_file:
00230
case A_auth_learn:
00231
case A_auth_add_f_cap:
00232
case A_auth_remove_f_cap:
00233
#endif
00234
#ifdef CONFIG_RSBAC_FF_GEN_PROT
00235
case A_log_array_low:
00236
case A_log_array_high:
00237
case A_log_program_based:
00238
case A_log_user_based:
00239
case A_symlink_add_uid:
00240
case A_symlink_add_rc_role:
00241
case A_linux_dac_disable:
00242
case A_pseudo:
00243
case A_fake_root_uid:
00244
#endif
00245
00246
case A_none:
00247
00248 i_tid.
user = owner;
00249
if (
rsbac_get_attr(
FF,
T_USER,
00250 i_tid,
00251
A_ff_role,
00252 &i_attr_val1,
00253
TRUE))
00254 {
00255 printk(KERN_WARNING
00256
"rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n");
00257
return(
NOT_GRANTED);
00258 }
00259
00260
if (i_attr_val1.
system_role ==
SR_security_officer)
00261
return(
GRANTED);
00262
else
00263
return(
NOT_GRANTED);
00264
00265
default:
00266
return(
DO_NOT_CARE);
00267 }
00268
00269
case R_MODIFY_SYSTEM_DATA:
00270
switch(target)
00271 {
00272
case T_SCD:
00273
00274
if (tid.
scd !=
ST_rsbaclog)
00275
return(
GRANTED);
00276
00277 i_tid.
user = owner;
00278
if (
rsbac_get_attr(
FF,
T_USER,
00279 i_tid,
00280
A_ff_role,
00281 &i_attr_val1,
00282
TRUE))
00283 {
00284 printk(KERN_WARNING
00285
"rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n");
00286
return(
NOT_GRANTED);
00287 }
00288
00289
if ( (i_attr_val1.
system_role ==
SR_security_officer)
00290 || (i_attr_val1.
system_role ==
SR_auditor)
00291 )
00292
return(
GRANTED);
00293
else
00294
return(
NOT_GRANTED);
00295
00296
00297
default:
return(
DO_NOT_CARE);
00298 }
00299
00300
case R_MOUNT:
00301
case R_UMOUNT:
00302
switch(target)
00303 {
00304
case T_FILE:
00305
return(
check_flags_ff(target,tid,
00306
FF_read_only |
FF_execute_only
00307 |
FF_write_only |
FF_append_only |
FF_no_mount));
00308
case T_DIR:
00309
return(
check_flags_ff(target,tid,
00310
FF_read_only |
FF_search_only |
FF_no_mount));
00311
00312
00313
default:
return(
DO_NOT_CARE);
00314 }
00315
00316
case R_READ:
00317
switch(target)
00318 {
00319
case T_DIR:
00320
return(
check_flags_ff(target,tid,
00321
FF_search_only));
00322
00323
#ifdef CONFIG_RSBAC_RW
00324
case T_FILE:
00325
case T_FIFO:
00326
return(
check_flags_ff(target,tid,
00327
FF_execute_only |
FF_write_only));
00328
#endif
00329
00330
00331
default:
return(
DO_NOT_CARE);
00332 }
00333
00334
case R_READ_OPEN:
00335
switch(target)
00336 {
00337
case T_FILE:
00338
case T_FIFO:
00339
return(
check_flags_ff(target,tid,
00340
FF_execute_only |
FF_write_only));
00341
case T_DIR:
00342
return(
check_flags_ff(target,tid,
00343
FF_search_only));
00344
00345
00346
default:
return(
DO_NOT_CARE);
00347 }
00348
00349
case R_READ_WRITE_OPEN:
00350
switch(target)
00351 {
00352
case T_FILE:
00353
case T_FIFO:
00354
return(
check_flags_ff(target,tid,
00355
FF_read_only |
FF_execute_only
00356 |
FF_write_only |
FF_append_only));
00357
00358
00359
default:
return(
DO_NOT_CARE);
00360 }
00361
00362
case R_SWITCH_LOG:
00363
switch(target)
00364 {
00365
case T_NONE:
00366
00367 i_tid.
user = owner;
00368
if (
rsbac_get_attr(
FF,
T_USER,
00369 i_tid,
00370
A_ff_role,
00371 &i_attr_val1,
00372
TRUE))
00373 {
00374 printk(KERN_WARNING
"rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n");
00375
return(
NOT_GRANTED);
00376 }
00377
00378
if (i_attr_val1.
system_role ==
SR_security_officer)
00379
return(
GRANTED);
00380
else
00381
return(
NOT_GRANTED);
00382
00383
00384
default:
return(
DO_NOT_CARE);
00385 }
00386
00387
case R_SWITCH_MODULE:
00388
switch(target)
00389 {
00390
case T_NONE:
00391
00392
if(attr != A_switch_target)
00393
return(
UNDEFINED);
00394
00395
if( (attr_val.switch_target !=
FF)
00396
#ifdef CONFIG_RSBAC_SOFTMODE
00397
&& (attr_val.switch_target !=
SOFTMODE)
00398
#endif
00399
)
00400
return(
DO_NOT_CARE);
00401
00402 i_tid.
user = owner;
00403
if (
rsbac_get_attr(
FF,
T_USER,
00404 i_tid,
00405
A_ff_role,
00406 &i_attr_val1,
00407
TRUE))
00408 {
00409 printk(KERN_WARNING
"rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n");
00410
return(
NOT_GRANTED);
00411 }
00412
00413
if (i_attr_val1.
system_role ==
SR_security_officer)
00414
return(
GRANTED);
00415
else
00416
return(
NOT_GRANTED);
00417
00418
00419
default:
return(
DO_NOT_CARE);
00420 }
00421
00422
case R_TRUNCATE:
00423
case R_WRITE_OPEN:
00424
switch(target)
00425 {
00426
case T_FILE:
00427
case T_FIFO:
00428
return(
check_flags_ff(target,tid,
00429
FF_read_only |
FF_execute_only |
FF_append_only));
00430
00431
00432
default:
return(
DO_NOT_CARE);
00433 }
00434
00435
case R_WRITE:
00436
switch(target)
00437 {
00438
case T_DIR:
00439
return(
check_flags_ff(target,tid,
00440
FF_read_only |
FF_search_only));
00441
00442
#ifdef CONFIG_RSBAC_RW
00443
case T_FILE:
00444
case T_FIFO:
00445
return(
check_flags_ff(target,tid,
00446
FF_read_only |
FF_execute_only));
00447
#endif
00448
00449
00450
default:
return(
DO_NOT_CARE);
00451 }
00452
00453
00454
00455
default:
return DO_NOT_CARE;
00456 }
00457
00458
return(result);
00459 };
00460
00461
00462
00463
00464
00465
00466
00467
00468
00469
00470
00471
00472 int rsbac_adf_set_attr_ff(
00473
enum rsbac_adf_request_t request,
00474
rsbac_pid_t caller_pid,
00475
enum rsbac_target_t target,
00476
union rsbac_target_id_t tid,
00477
enum rsbac_target_t new_target,
00478
union rsbac_target_id_t new_tid,
00479
enum rsbac_attribute_t attr,
00480
union rsbac_attribute_value_t attr_val,
00481
rsbac_uid_t owner)
00482 {
00483
00484
00485
00486
00487
00488
00489
00490
00491
00492
00493
return(0);
00494 };
00495
00496
00497
#ifdef CONFIG_RSBAC_SECDEL
00498
boolean rsbac_need_overwrite_ff(
struct dentry * dentry_p)
00499 {
00500
union rsbac_target_id_t i_tid;
00501
union rsbac_attribute_value_t i_attr_val1;
00502
00503
if( !dentry_p
00504 || !dentry_p->d_inode)
00505
return FALSE;
00506
00507 i_tid.file.device = dentry_p->d_sb->s_dev;
00508 i_tid.file.inode = dentry_p->d_inode->i_ino;
00509 i_tid.file.dentry_p = dentry_p;
00510
00511
if (
rsbac_get_attr(FF, T_FILE,
00512 i_tid,
00513 A_ff_flags,
00514 &i_attr_val1,
00515 TRUE))
00516 {
00517 printk(KERN_WARNING
"rsbac_need_overwrite_ff(): rsbac_get_attr() returned error!\n");
00518
return FALSE;
00519 }
00520
00521
00522
if (i_attr_val1.
ff_flags &
FF_secure_delete)
00523
return TRUE;
00524
else
00525
return FALSE;
00526 }
00527
#endif
00528
00529