/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/adf/sim/sim_main.c

Go to the documentation of this file.
00001 /**************************************************** */ 00002 /* Rule Set Based Access Control */ 00003 /* Implementation of the Access Control Decision */ 00004 /* Facility (ADF) - Security Information Modification */ 00005 /* File: rsbac/adf/sim/main.c */ 00006 /* */ 00007 /* Author and (c) 1999-2004: Amon Ott <ao@rsbac.org> */ 00008 /* */ 00009 /* Last modified: 11/Mar/2004 */ 00010 /**************************************************** */ 00011 00012 #include <linux/string.h> 00013 #include <rsbac/types.h> 00014 #include <rsbac/aci.h> 00015 #include <rsbac/adf_main.h> 00016 #include <rsbac/error.h> 00017 #include <rsbac/helpers.h> 00018 #include <rsbac/getname.h> 00019 #include <rsbac/network.h> 00020 00021 /************************************************* */ 00022 /* Global Variables */ 00023 /************************************************* */ 00024 00025 /************************************************* */ 00026 /* Internal Help functions */ 00027 /************************************************* */ 00028 00029 static enum rsbac_adf_req_ret_t 00030 check_role_sim( enum rsbac_target_t target, 00031 union rsbac_target_id_t tid, 00032 rsbac_uid_t owner) 00033 { 00034 union rsbac_target_id_t i_tid; 00035 union rsbac_attribute_value_t i_attr_val1; 00036 union rsbac_attribute_value_t i_attr_val2; 00037 boolean inherit; 00038 00039 /* test target's data_type */ 00040 switch(target) 00041 { 00042 case T_FILE: 00043 case T_DIR: 00044 case T_FIFO: 00045 case T_SYMLINK: 00046 case T_NETOBJ: 00047 inherit = TRUE; 00048 break; 00049 default: 00050 inherit = FALSE; 00051 } 00052 if (rsbac_get_attr(SIM, 00053 target, 00054 tid, 00055 A_data_type, 00056 &i_attr_val1, 00057 inherit)) 00058 { 00059 rsbac_ds_get_error("check_role_sim()", A_data_type); 00060 return(NOT_GRANTED); 00061 } 00062 /* Access to other data_types than SI is always granted */ 00063 if (i_attr_val1.data_type != DT_SI) 00064 return(GRANTED); 00065 00066 /* test owner's sim_role */ 00067 i_tid.user = owner; 00068 if (rsbac_get_attr(SIM, 00069 T_USER, 00070 i_tid, 00071 A_sim_role, 00072 &i_attr_val2, 00073 TRUE)) 00074 { 00075 rsbac_ds_get_error("check_role_sim()", A_sim_role); 00076 return(NOT_GRANTED); 00077 } 00078 00079 /* Access is granted, if owner's sim_role is security_officer */ 00080 00081 if (i_attr_val2.system_role == SR_security_officer) 00082 return(GRANTED); 00083 else 00084 return(NOT_GRANTED); 00085 } 00086 00087 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT 00088 static enum rsbac_adf_req_ret_t 00089 check_role_sim_netobj(enum rsbac_adf_request_t request, 00090 union rsbac_target_id_t tid, 00091 rsbac_uid_t owner) 00092 { 00093 union rsbac_target_id_t i_tid; 00094 enum rsbac_attribute_t i_attr; 00095 union rsbac_attribute_value_t i_attr_val1; 00096 union rsbac_attribute_value_t i_attr_val2; 00097 00098 if(rsbac_net_remote_request(request)) 00099 i_attr = A_remote_data_type; 00100 else 00101 i_attr = A_local_data_type; 00102 /* test target's data_type */ 00103 if (rsbac_get_attr(SIM, 00104 T_NETOBJ, 00105 tid, 00106 i_attr, 00107 &i_attr_val1, 00108 TRUE)) 00109 { 00110 rsbac_ds_get_error("check_role_sim_netobj()", i_attr); 00111 return(NOT_GRANTED); 00112 } 00113 /* Access to other data_types than SI is always granted */ 00114 if (i_attr_val1.data_type != DT_SI) 00115 return(GRANTED); 00116 00117 /* test owner's sim_role */ 00118 i_tid.user = owner; 00119 if (rsbac_get_attr(SIM, 00120 T_USER, 00121 i_tid, 00122 A_sim_role, 00123 &i_attr_val2, 00124 TRUE)) 00125 { 00126 rsbac_ds_get_error("check_role_sim_netobj()", A_sim_role); 00127 return(NOT_GRANTED); 00128 } 00129 00130 /* Access is granted, if owner's sim_role is security_officer */ 00131 00132 if (i_attr_val2.system_role == SR_security_officer) 00133 return(GRANTED); 00134 else 00135 return(NOT_GRANTED); 00136 } 00137 #endif 00138 00139 static enum rsbac_adf_req_ret_t 00140 sim_check_sysrole(rsbac_uid_t owner, enum rsbac_system_role_t role) 00141 { 00142 union rsbac_target_id_t i_tid; 00143 union rsbac_attribute_value_t i_attr_val1; 00144 00145 i_tid.user = owner; 00146 if (rsbac_get_attr(SIM, 00147 T_USER, 00148 i_tid, 00149 A_sim_role, 00150 &i_attr_val1, 00151 TRUE)) 00152 { 00153 rsbac_ds_get_error("sim_check_sysrole()", A_sim_role); 00154 return(NOT_GRANTED); 00155 } 00156 /* if correct role, then grant */ 00157 if (i_attr_val1.system_role == role) 00158 return(GRANTED); 00159 else 00160 return(NOT_GRANTED); 00161 } 00162 00163 /************************************************* */ 00164 /* Externally visible functions */ 00165 /************************************************* */ 00166 00167 enum rsbac_adf_req_ret_t 00168 rsbac_adf_request_sim (enum rsbac_adf_request_t request, 00169 rsbac_pid_t caller_pid, 00170 enum rsbac_target_t target, 00171 union rsbac_target_id_t tid, 00172 enum rsbac_attribute_t attr, 00173 union rsbac_attribute_value_t attr_val, 00174 rsbac_uid_t owner) 00175 { 00176 enum rsbac_adf_req_ret_t result = DO_NOT_CARE; 00177 union rsbac_target_id_t i_tid; 00178 union rsbac_attribute_value_t i_attr_val1; 00179 #ifdef CONFIG_RSBAC_SIM_ROLE_PROT 00180 union rsbac_attribute_value_t i_attr_val2; 00181 #endif 00182 00183 switch (request) 00184 { 00185 case R_ADD_TO_KERNEL: 00186 switch(target) 00187 { 00188 case T_NONE: 00189 return(DO_NOT_CARE); 00190 00191 /* all other cases are unknown */ 00192 default: 00193 return(DO_NOT_CARE); 00194 } 00195 00196 00197 case R_ALTER: 00198 /* only for IPC */ 00199 switch(target) 00200 { 00201 case T_IPC: 00202 return(check_role_sim(target,tid,owner)); 00203 00204 /* all other cases are unknown */ 00205 default: return(DO_NOT_CARE); 00206 } 00207 00208 case R_APPEND_OPEN: 00209 case R_READ_WRITE_OPEN: 00210 switch(target) 00211 { 00212 case T_FILE: 00213 case T_FIFO: 00214 case T_DEV: 00215 case T_IPC: 00216 return(check_role_sim(target,tid,owner)); 00217 00218 /* all other cases are unknown */ 00219 default: return(DO_NOT_CARE); 00220 } 00221 00222 case R_CHANGE_GROUP: 00223 switch(target) 00224 { 00225 case T_FILE: 00226 case T_DIR: 00227 case T_FIFO: 00228 case T_SYMLINK: 00229 case T_IPC: 00230 return(check_role_sim(target,tid,owner)); 00231 00232 /* all other cases */ 00233 default: return(DO_NOT_CARE); 00234 } 00235 00236 case R_CHANGE_OWNER: 00237 switch(target) 00238 { 00239 case T_FILE: 00240 case T_DIR: 00241 case T_FIFO: 00242 case T_SYMLINK: 00243 case T_IPC: 00244 return(check_role_sim(target,tid,owner)); 00245 00246 case T_PROCESS: 00247 #ifdef CONFIG_RSBAC_SIM_ROLE_PROT 00248 if(attr != A_owner) 00249 return(UNDEFINED); 00250 /* Administrator or secoff? */ 00251 i_tid.user = owner; 00252 if (rsbac_get_attr(SIM, 00253 T_USER, 00254 i_tid, 00255 A_sim_role, 00256 &i_attr_val1, 00257 TRUE)) 00258 { 00259 rsbac_ds_get_error("rsbac_adf_request_sim()", A_sim_role); 00260 return(NOT_GRANTED); 00261 } 00262 /* if general user or secoff, then grant */ 00263 if ( (i_attr_val1.system_role == SR_user) 00264 || (i_attr_val1.system_role == SR_security_officer) 00265 ) 00266 return(GRANTED); 00267 /* old owner is sys-admin */ 00268 /* get target user's role */ 00269 i_tid.user = attr_val.owner; 00270 if (rsbac_get_attr(SIM, 00271 T_USER, 00272 i_tid, 00273 A_sim_role, 00274 &i_attr_val2, 00275 TRUE)) 00276 { 00277 rsbac_ds_get_error("rsbac_adf_request_sim()", A_sim_role); 00278 return(NOT_GRANTED); 00279 } 00280 /* if target is security officer -> deny */ 00281 if(i_attr_val2.system_role == SR_security_officer) 00282 return(NOT_GRANTED); 00283 else 00284 return(GRANTED); 00285 #endif /* ROLE_PROT */ 00286 00287 /* fall through */ 00288 case T_NONE: 00289 return(DO_NOT_CARE); 00290 /* all other cases are unknown */ 00291 default: 00292 return(DO_NOT_CARE); 00293 } 00294 00295 /* Creating dir or (pseudo) file IN target dir! */ 00296 case R_CREATE: 00297 switch(target) 00298 { 00299 case T_DIR: 00300 return(check_role_sim(target,tid,owner)); 00301 /* IPC is always granted */ 00302 case T_IPC: 00303 return(GRANTED); 00304 00305 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT 00306 case T_NETTEMP: 00307 return sim_check_sysrole(owner, SR_security_officer); 00308 00309 case T_NETOBJ: 00310 return(check_role_sim_netobj(request,tid,owner)); 00311 #endif 00312 00313 /* all other cases are unknown */ 00314 default: return(DO_NOT_CARE); 00315 } 00316 00317 case R_DELETE: 00318 switch(target) 00319 { 00320 case T_FILE: 00321 case T_DIR: 00322 case T_FIFO: 00323 case T_SYMLINK: 00324 case T_IPC: 00325 return(check_role_sim(target,tid,owner)); 00326 00327 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT 00328 case T_NETTEMP: 00329 return sim_check_sysrole(owner, SR_security_officer); 00330 #endif 00331 00332 /* all other cases */ 00333 default: 00334 return(DO_NOT_CARE); 00335 } 00336 00337 case R_EXECUTE: 00338 switch(target) 00339 { 00340 default: 00341 return(DO_NOT_CARE); 00342 } 00343 00344 case R_GET_STATUS_DATA: 00345 switch(target) 00346 { 00347 case T_SCD: 00348 /* target rsbaclog? only for secoff */ 00349 if (tid.scd != ST_rsbaclog) 00350 return(GRANTED); 00351 /* Secoff? */ 00352 if(sim_check_sysrole(owner, SR_security_officer) == NOT_GRANTED) 00353 return sim_check_sysrole(owner, SR_auditor); 00354 else 00355 return GRANTED; 00356 00357 default: 00358 return(DO_NOT_CARE); 00359 }; 00360 00361 case R_LINK_HARD: 00362 switch(target) 00363 { 00364 case T_FILE: 00365 case T_FIFO: 00366 case T_SYMLINK: 00367 return(check_role_sim(target,tid,owner)); 00368 00369 /* all other cases are unknown */ 00370 default: return(DO_NOT_CARE); 00371 } 00372 00373 case R_MODIFY_ACCESS_DATA: 00374 case R_RENAME: 00375 switch(target) 00376 { 00377 case T_FILE: 00378 case T_DIR: 00379 case T_FIFO: 00380 case T_SYMLINK: 00381 return(check_role_sim(target,tid,owner)); 00382 00383 /* all other cases are unknown */ 00384 default: return(DO_NOT_CARE); 00385 } 00386 00387 case R_MODIFY_ATTRIBUTE: 00388 switch(attr) 00389 { 00390 case A_system_role: 00391 case A_sim_role: 00392 case A_data_type: 00393 case A_local_data_type: 00394 case A_remote_data_type: 00395 #ifdef CONFIG_RSBAC_SIM_GEN_PROT 00396 case A_log_array_low: 00397 case A_log_array_high: 00398 case A_log_program_based: 00399 case A_log_user_based: 00400 case A_symlink_add_uid: 00401 case A_symlink_add_rc_role: 00402 case A_linux_dac_disable: 00403 case A_fake_root_uid: 00404 #endif 00405 #ifdef CONFIG_RSBAC_SIM_AUTH_PROT 00406 case A_auth_may_setuid: 00407 case A_auth_may_set_cap: 00408 case A_auth_start_uid: 00409 case A_auth_program_file: 00410 case A_auth_learn: 00411 case A_auth_add_f_cap: 00412 case A_auth_remove_f_cap: 00413 #endif 00414 /* All attributes (remove target!) */ 00415 case A_none: 00416 /* Security Officer? */ 00417 return sim_check_sysrole(owner, SR_security_officer); 00418 00419 default: 00420 return(DO_NOT_CARE); 00421 } 00422 00423 case R_MODIFY_PERMISSIONS_DATA: 00424 switch(target) 00425 { 00426 case T_FILE: 00427 case T_DIR: 00428 case T_FIFO: 00429 case T_SYMLINK: 00430 case T_IPC: 00431 return(check_role_sim(target,tid,owner)); 00432 00433 case T_SCD: 00434 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM 00435 if(tid.scd == ST_ioports) 00436 return GRANTED; 00437 #endif 00438 /* Security Officer? */ 00439 i_tid.user = owner; 00440 if (rsbac_get_attr(SIM, 00441 T_USER, 00442 i_tid, 00443 A_sim_role, 00444 &i_attr_val1, 00445 TRUE)) 00446 { 00447 rsbac_ds_get_error("rsbac_adf_request_sim()", A_sim_role); 00448 return(NOT_GRANTED); 00449 } 00450 /* if sec_officer, then grant */ 00451 if (i_attr_val1.system_role == SR_security_officer) 00452 return(GRANTED); 00453 /* For booting: if administrator and ioports, then grant */ 00454 if ( (i_attr_val1.system_role == SR_administrator) 00455 && (tid.scd == ST_ioports) ) 00456 return(GRANTED); 00457 else 00458 return(NOT_GRANTED); 00459 00460 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE 00461 /* switching Linux DAC */ 00462 case T_NONE: 00463 /* Security Officer? */ 00464 return sim_check_sysrole(owner, SR_security_officer); 00465 #endif 00466 00467 /* all other cases are unknown */ 00468 default: return(DO_NOT_CARE); 00469 } 00470 00471 case R_MODIFY_SYSTEM_DATA: 00472 switch(target) 00473 { 00474 case T_SCD: 00475 /* target not rsbaclog? no problem -> grant */ 00476 if (tid.scd != ST_rsbaclog) 00477 return(GRANTED); 00478 if(sim_check_sysrole(owner, SR_security_officer) == NOT_GRANTED) 00479 return sim_check_sysrole(owner, SR_auditor); 00480 else 00481 return GRANTED; 00482 00483 /* all other cases are unknown */ 00484 default: return(DO_NOT_CARE); 00485 } 00486 00487 case R_MOUNT: 00488 case R_UMOUNT: 00489 switch(target) 00490 { 00491 case T_FILE: 00492 case T_DIR: 00493 case T_DEV: 00494 return(check_role_sim(target,tid,owner)); 00495 00496 /* all other cases are unknown */ 00497 default: return(DO_NOT_CARE); 00498 } 00499 00500 case R_SWITCH_LOG: 00501 switch(target) 00502 { 00503 case T_NONE: 00504 /* test owner's sim_role */ 00505 return sim_check_sysrole(owner, SR_security_officer); 00506 00507 /* all other cases are unknown */ 00508 default: return(DO_NOT_CARE); 00509 } 00510 00511 case R_SWITCH_MODULE: 00512 switch(target) 00513 { 00514 case T_NONE: 00515 /* we need the switch_target */ 00516 if(attr != A_switch_target) 00517 return(UNDEFINED); 00518 /* do not care for other modules */ 00519 if( (attr_val.switch_target != SIM) 00520 #ifdef CONFIG_RSBAC_SIM_AUTH_PROT 00521 && (attr_val.switch_target != AUTH) 00522 #endif 00523 #ifdef CONFIG_RSBAC_SOFTMODE 00524 && (attr_val.switch_target != SOFTMODE) 00525 #endif 00526 ) 00527 return(DO_NOT_CARE); 00528 /* test owner's sim_role */ 00529 return sim_check_sysrole(owner, SR_security_officer); 00530 00531 /* all other cases are unknown */ 00532 default: return(DO_NOT_CARE); 00533 } 00534 00535 case R_TRUNCATE: 00536 switch(target) 00537 { 00538 case T_FILE: 00539 return(check_role_sim(target,tid,owner)); 00540 00541 /* all other cases are unknown */ 00542 default: return(DO_NOT_CARE); 00543 } 00544 00545 case R_WRITE: 00546 switch(target) 00547 { 00548 case T_DIR: 00549 #ifdef CONFIG_RSBAC_RW 00550 case T_FILE: 00551 case T_FIFO: 00552 case T_DEV: 00553 case T_IPC: 00554 #endif 00555 return(check_role_sim(target,tid,owner)); 00556 00557 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT 00558 case T_NETTEMP: 00559 return sim_check_sysrole(owner, SR_security_officer); 00560 00561 case T_NETOBJ: 00562 return(check_role_sim_netobj(request,tid,owner)); 00563 #endif 00564 00565 /* all other cases are unknown */ 00566 default: return(DO_NOT_CARE); 00567 } 00568 00569 case R_WRITE_OPEN: 00570 switch(target) 00571 { 00572 case T_DEV: 00573 case T_FILE: 00574 case T_FIFO: 00575 case T_IPC: 00576 return(check_role_sim(target,tid,owner)); 00577 00578 /* all other cases are unknown */ 00579 default: return(DO_NOT_CARE); 00580 } 00581 00582 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT 00583 case R_BIND: 00584 case R_LISTEN: 00585 case R_ACCEPT: 00586 case R_CONNECT: 00587 case R_SEND: 00588 case R_RECEIVE: 00589 switch(target) 00590 { 00591 case T_NETOBJ: 00592 return(check_role_sim_netobj(request,tid,owner)); 00593 00594 /* all other cases are unknown */ 00595 default: return(DO_NOT_CARE); 00596 } 00597 #endif 00598 00599 /*********************/ 00600 default: return DO_NOT_CARE; 00601 } 00602 00603 return(result); 00604 }; /* end of rsbac_adf_request_sim() */ 00605 00606 00607 /*****************************************************************************/ 00608 /* If the request returned granted and the operation is performed, */ 00609 /* the following function can be called by the AEF to get all aci set */ 00610 /* correctly. For write accesses that are performed fully within the kernel, */ 00611 /* this is usually not done to prevent extra calls, including R_CLOSE for */ 00612 /* cleaning up. */ 00613 /* The second instance of target specification is the new target, if one has */ 00614 /* been created, otherwise its values are ignored. */ 00615 /* On success, 0 is returned, and an error from rsbac/error.h otherwise. */ 00616 00617 int rsbac_adf_set_attr_sim( 00618 enum rsbac_adf_request_t request, 00619 rsbac_pid_t caller_pid, 00620 enum rsbac_target_t target, 00621 union rsbac_target_id_t tid, 00622 enum rsbac_target_t new_target, 00623 union rsbac_target_id_t new_tid, 00624 enum rsbac_attribute_t attr, 00625 union rsbac_attribute_value_t attr_val, 00626 rsbac_uid_t owner) 00627 { 00628 union rsbac_target_id_t i_tid; 00629 union rsbac_attribute_value_t i_attr_val1; 00630 union rsbac_attribute_value_t i_attr_val2; 00631 00632 switch (request) 00633 { 00634 case R_CREATE: 00635 switch(target) 00636 { 00637 case T_IPC: 00638 /* Get sim_role of process owner... */ 00639 i_tid.user = owner; 00640 if (rsbac_get_attr(SIM, 00641 T_USER, 00642 i_tid, 00643 A_sim_role, 00644 &i_attr_val1, 00645 TRUE)) 00646 { 00647 rsbac_ds_get_error("rsbac_adf_set_attr_sim()", A_sim_role); 00648 return(-RSBAC_EREADFAILED); 00649 } 00650 /* Derive data_type for this ipc item from owner's */ 00651 /* sim_role */ 00652 if (i_attr_val1.system_role == SR_security_officer) 00653 { 00654 i_attr_val2.data_type = DT_SI; 00655 /* set data_type for new IPC item */ 00656 if (rsbac_set_attr(SIM, 00657 T_IPC, 00658 tid, 00659 A_data_type, 00660 i_attr_val2)) 00661 { 00662 rsbac_ds_get_error("rsbac_adf_set_attr_sim()", A_data_type); 00663 return(-RSBAC_EWRITEFAILED); 00664 } 00665 } 00666 return(0); 00667 00668 #ifdef CONFIG_RSBAC_SIM_NET_OBJ_PROT 00669 case T_NETOBJ: 00670 /* Get sim_role of process owner... */ 00671 i_tid.user = owner; 00672 if (rsbac_get_attr(SIM, 00673 T_USER, 00674 i_tid, 00675 A_sim_role, 00676 &i_attr_val1, 00677 TRUE)) 00678 { 00679 rsbac_ds_get_error("rsbac_adf_set_attr_sim()", A_sim_role); 00680 return(-RSBAC_EREADFAILED); 00681 } 00682 /* Derive data_type for this netobj item from owner's */ 00683 /* sim_role */ 00684 if (i_attr_val1.system_role == SR_security_officer) 00685 { 00686 i_attr_val2.data_type = DT_SI; 00687 /* set data_type for new IPC item */ 00688 if (rsbac_set_attr(SIM, 00689 target, 00690 tid, 00691 A_local_data_type, 00692 i_attr_val2)) 00693 { 00694 rsbac_ds_get_error("rsbac_adf_set_attr_sim()", A_local_data_type); 00695 return(-RSBAC_EWRITEFAILED); 00696 } 00697 } 00698 return(0); 00699 #endif 00700 00701 /* all other cases are unknown */ 00702 default: 00703 return(0); 00704 } 00705 00706 /*********************/ 00707 default: return(0); 00708 } 00709 00710 return(0); 00711 }; /* end of rsbac_adf_set_attr_sim() */ 00712 00713 /* end of rsbac/adf/sim/main.c */

Generated on Tue Aug 31 10:05:24 2004 for RSBAC by doxygen 1.3.8