00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
#include <linux/string.h>
00013
#include <linux/sched.h>
00014
#include <linux/errno.h>
00015
#include <rsbac/types.h>
00016
#include <rsbac/aci.h>
00017
#include <rsbac/error.h>
00018
#include <rsbac/auth.h>
00019
#include <rsbac/debug.h>
00020
#include <rsbac/helpers.h>
00021
#include <rsbac/adf_main.h>
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035 int rsbac_auth_add_p_cap(
rsbac_pid_t pid,
00036
enum rsbac_auth_cap_type_t cap_type,
00037
struct rsbac_auth_cap_range_t cap_range,
00038
rsbac_time_t ttl)
00039 {
00040
00041
#if !defined(CONFIG_RSBAC_MAINT)
00042
#ifdef CONFIG_RSBAC_SWITCH
00043
if(rsbac_switch_auth)
00044
#endif
00045
{
00046
union rsbac_target_id_t i_tid;
00047
union rsbac_attribute_value_t i_attr_val1;
00048
00049
00050 i_tid.
process = current->pid;
00051
if (
rsbac_get_attr(
AUTH,
00052
T_PROCESS,
00053 i_tid,
00054
A_auth_may_set_cap,
00055 &i_attr_val1,
00056
FALSE))
00057 {
00058 rsbac_ds_get_error(
"rsbac_auth_add_p_cap()",
A_auth_may_set_cap);
00059
return(-
RSBAC_EREADFAILED);
00060 }
00061
00062
if (!i_attr_val1.
auth_may_set_cap)
00063 {
00064
#ifdef CONFIG_RSBAC_RMSG
00065
rsbac_printk(KERN_INFO
00066
"rsbac_auth_add_p_cap(): adding AUTH cap %u:%u to process %u denied for process %u!\n",
00067 cap_range.
first,
00068 cap_range.
last,
00069 pid,
00070 current->pid);
00071
#endif
00072
#ifndef CONFIG_RSBAC_RMSG_EXCL
00073
printk(KERN_INFO
00074
"rsbac_auth_add_p_cap(): adding AUTH cap %u:%u to process %u denied for process %u!\n",
00075 cap_range.
first,
00076 cap_range.
last,
00077 pid,
00078 current->pid);
00079
#endif
00080
#ifdef CONFIG_RSBAC_SOFTMODE
00081
if( !rsbac_softmode
00082
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00083
&& !rsbac_ind_softmode[
AUTH]
00084
#endif
00085
)
00086
#endif
00087
return(-EPERM);
00088 }
00089 }
00090
#endif
00091
00092
00093
if(
rsbac_auth_add_to_p_capset(pid, cap_type, cap_range, ttl))
00094 {
00095
#ifdef CONFIG_RSBAC_RMSG
00096
rsbac_printk(KERN_WARNING
00097
"rsbac_auth_add_p_cap(): rsbac_auth_add_to_p_capset() returned error!\n");
00098
#endif
00099
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00100
if (!rsbac_nosyslog)
00101
#endif
00102
printk(KERN_WARNING
00103
"rsbac_auth_add_p_cap(): rsbac_auth_add_to_p_capset() returned error!\n");
00104
return(-
RSBAC_EWRITEFAILED);
00105 }
00106
return 0;
00107 }
00108
00109 int rsbac_auth_remove_p_cap(
rsbac_pid_t pid,
00110
enum rsbac_auth_cap_type_t cap_type,
00111
struct rsbac_auth_cap_range_t cap_range)
00112 {
00113
00114
#if !defined(CONFIG_RSBAC_MAINT)
00115
#ifdef CONFIG_RSBAC_SWITCH
00116
if(rsbac_switch_auth)
00117
#endif
00118
{
00119
union rsbac_target_id_t i_tid;
00120
union rsbac_attribute_value_t i_attr_val1;
00121
00122
00123 i_tid.
process = current->pid;
00124
if (
rsbac_get_attr(
AUTH,
00125
T_PROCESS,
00126 i_tid,
00127
A_auth_may_set_cap,
00128 &i_attr_val1,
00129
FALSE))
00130 {
00131 rsbac_ds_get_error(
"rsbac_auth_remove_p_cap()",
A_auth_may_set_cap);
00132
return(-
RSBAC_EREADFAILED);
00133 }
00134
00135
if (!i_attr_val1.
auth_may_set_cap)
00136 {
00137
#ifdef CONFIG_RSBAC_RMSG
00138
rsbac_printk(KERN_INFO
00139
"rsbac_auth_remove_p_cap(): removing AUTH cap %u:%u from process %u denied for process %u!\n",
00140 cap_range.
first,
00141 cap_range.
last,
00142 pid,
00143 current->pid);
00144
#endif
00145
#ifndef CONFIG_RSBAC_RMSG_EXCL
00146
printk(KERN_INFO
00147
"rsbac_auth_remove_p_cap(): removing AUTH cap %u:%u from process %u denied for process %u!\n",
00148 cap_range.
first,
00149 cap_range.
last,
00150 pid,
00151 current->pid);
00152
#endif
00153
#ifdef CONFIG_RSBAC_SOFTMODE
00154
if( !rsbac_softmode
00155
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00156
&& !rsbac_ind_softmode[
AUTH]
00157
#endif
00158
)
00159
#endif
00160
return(-EPERM);
00161 }
00162 }
00163
#endif
00164
00165
00166
return(
rsbac_auth_remove_from_p_capset(pid, cap_type, cap_range));
00167 }
00168
00169 int rsbac_auth_add_f_cap(
rsbac_auth_file_t file,
00170
enum rsbac_auth_cap_type_t cap_type,
00171
struct rsbac_auth_cap_range_t cap_range,
00172
rsbac_time_t ttl)
00173 {
00174
00175
if(
rsbac_auth_add_to_f_capset(file, cap_type, cap_range, ttl))
00176 {
00177
#ifdef CONFIG_RSBAC_RMSG
00178
rsbac_printk(KERN_WARNING
00179
"rsbac_auth_add_f_cap(): rsbac_auth_add_to_f_capset() returned error!\n");
00180
#endif
00181
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00182
if (!rsbac_nosyslog)
00183
#endif
00184
printk(KERN_WARNING
00185
"rsbac_auth_add_f_cap(): rsbac_auth_add_to_f_capset() returned error!\n");
00186
return(-
RSBAC_EWRITEFAILED);
00187 }
00188
return 0;
00189 }
00190
00191 int rsbac_auth_remove_f_cap(
rsbac_auth_file_t file,
00192
enum rsbac_auth_cap_type_t cap_type,
00193
struct rsbac_auth_cap_range_t cap_range)
00194 {
00195
00196
return(
rsbac_auth_remove_from_f_capset(file, cap_type, cap_range));
00197 }
00198
00199