/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/adf/mac/mac_main.c

Go to the documentation of this file.
00001 /*************************************************** */ 00002 /* Rule Set Based Access Control */ 00003 /* Implementation of the Access Control Decision */ 00004 /* Facility (ADF) - Mandatory Access Control */ 00005 /* File: rsbac/adf/mac/main.c */ 00006 /* */ 00007 /* Author and (c) 1999-2004: Amon Ott <ao@rsbac.org> */ 00008 /* MAC_LIGHT Modifications (c) 2000 Stanislav Ievlev */ 00009 /* and (c) 2001 Amon Ott */ 00010 /* */ 00011 /* Last modified: 21/Apr/2004 */ 00012 /*************************************************** */ 00013 00014 #include <linux/string.h> 00015 #include <rsbac/aci.h> 00016 #include <rsbac/mac.h> 00017 #include <rsbac/adf_main.h> 00018 #include <rsbac/error.h> 00019 #include <rsbac/helpers.h> 00020 #include <rsbac/getname.h> 00021 #include <rsbac/debug.h> 00022 #include <rsbac/rkmem.h> 00023 00024 /************************************************* */ 00025 /* Global Variables */ 00026 /************************************************* */ 00027 00028 /************************************************* */ 00029 /* Internal Help functions */ 00030 /************************************************* */ 00031 00032 static enum rsbac_adf_req_ret_t 00033 mac_check_role(rsbac_uid_t owner, enum rsbac_system_role_t role) 00034 { 00035 union rsbac_target_id_t i_tid; 00036 union rsbac_attribute_value_t i_attr_val1; 00037 00038 i_tid.user = owner; 00039 if (rsbac_get_attr(MAC, 00040 T_USER, 00041 i_tid, 00042 A_mac_role, 00043 &i_attr_val1, 00044 TRUE)) 00045 { 00046 rsbac_ds_get_error("mac_check_role", A_mac_role); 00047 return(NOT_GRANTED); 00048 } 00049 /* if correct role, then grant */ 00050 if (i_attr_val1.system_role == role) 00051 return(GRANTED); 00052 else 00053 { 00054 #ifdef CONFIG_RSBAC_DEBUG 00055 if(rsbac_debug_adf_mac) 00056 { 00057 #ifdef CONFIG_RSBAC_RMSG 00058 rsbac_printk(KERN_DEBUG 00059 "mac_check_role(): pid %u/%.15s: wrong mac_role %u -> NOT_GRANTED!\n", 00060 current->pid, current->comm, 00061 i_attr_val1.system_role); 00062 #endif 00063 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00064 if (!rsbac_nosyslog) 00065 #endif 00066 printk(KERN_DEBUG 00067 "mac_check_role(): pid %u/%.15s: wrong mac_role %u -> NOT_GRANTED!\n", 00068 current->pid, current->comm, 00069 i_attr_val1.system_role); 00070 } 00071 #endif 00072 return(NOT_GRANTED); 00073 } 00074 } 00075 00076 /* auto_write() */ 00077 /* This function builds a decision for write-only access based on */ 00078 /* ss-property and *-property. The Subject is given by process-id pid, */ 00079 /* its attributes are taken from the data structures module. */ 00080 /* For the object, only security_level is given to become independent */ 00081 /* from different object/target types. */ 00082 /* If attribute mac_auto is set, the current_security_level is changed */ 00083 /* within min_write and max_read boundaries to allow for more accesses.*/ 00084 /* If set_level is TRUE, the current_security_level and read/write */ 00085 /* boundaries are set to appropiate values, otherwise they are only */ 00086 /* checked. This provides only one function for decision and attribute */ 00087 /* setting. */ 00088 /* Trusted processes (attr. mac_trusted set) are always granted write */ 00089 /* access. */ 00090 00091 static enum rsbac_adf_req_ret_t 00092 auto_write_attr( rsbac_pid_t pid, 00093 enum rsbac_target_t target, 00094 union rsbac_target_id_t tid, 00095 enum rsbac_attribute_t t_level_attr, 00096 enum rsbac_attribute_t t_cat_attr, 00097 boolean set_level) 00098 { 00099 rsbac_security_level_t curr_level; 00100 rsbac_mac_category_vector_t curr_categories; 00101 rsbac_security_level_t target_sec_level; 00102 rsbac_mac_category_vector_t target_categories; 00103 union rsbac_target_id_t i_tid; 00104 union rsbac_attribute_value_t attr_val1; 00105 union rsbac_attribute_value_t attr_val2; 00106 rsbac_mac_process_flags_t flags; 00107 boolean mac_auto_used_level = FALSE; 00108 boolean mac_auto_used_cat = FALSE; 00109 boolean raise_object_level = FALSE; 00110 boolean raise_object_cat = FALSE; 00111 00112 /* first check for mac_override, which allows everything */ 00113 i_tid.process = pid; 00114 if (rsbac_get_attr(MAC, 00115 T_PROCESS, 00116 i_tid, 00117 A_mac_process_flags, 00118 &attr_val1, 00119 FALSE)) 00120 { /* failed! */ 00121 rsbac_ds_get_error("mac_auto_write", A_none); 00122 return(NOT_GRANTED); 00123 } 00124 flags = attr_val1.mac_process_flags; 00125 if(flags & MAC_override) 00126 return GRANTED; 00127 00128 /* Get current security level */ 00129 if (rsbac_get_attr(MAC, 00130 T_PROCESS, 00131 i_tid, 00132 A_current_sec_level, 00133 &attr_val1, 00134 FALSE)) 00135 { /* failed! */ 00136 rsbac_ds_get_error("mac_auto_write", A_none); 00137 return(NOT_GRANTED); 00138 } 00139 curr_level = attr_val1.security_level; 00140 /* Get current categories */ 00141 if (rsbac_get_attr(MAC, 00142 T_PROCESS, 00143 i_tid, 00144 A_mac_curr_categories, 00145 &attr_val1, 00146 FALSE)) 00147 { /* failed! */ 00148 rsbac_ds_get_error("mac_auto_write", A_none); 00149 return(NOT_GRANTED); 00150 } 00151 curr_categories = attr_val1.mac_categories; 00152 /* Get target security level */ 00153 if (rsbac_get_attr(MAC, 00154 target, 00155 tid, 00156 t_level_attr, 00157 &attr_val1, 00158 TRUE)) 00159 { /* failed! */ 00160 rsbac_ds_get_error("mac_auto_write", A_none); 00161 return(NOT_GRANTED); 00162 } 00163 target_sec_level = attr_val1.security_level; 00164 /* Get target categories */ 00165 if (rsbac_get_attr(MAC, 00166 target, 00167 tid, 00168 t_cat_attr, 00169 &attr_val1, 00170 TRUE)) 00171 { /* failed! */ 00172 rsbac_ds_get_error("mac_auto_write", A_none); 00173 return(NOT_GRANTED); 00174 } 00175 target_categories = attr_val1.mac_categories; 00176 00177 if(target_sec_level > curr_level) 00178 { 00179 if (rsbac_get_attr(MAC, 00180 T_PROCESS, 00181 i_tid, 00182 A_security_level, 00183 &attr_val1, 00184 FALSE)) 00185 { /* failed! */ 00186 rsbac_ds_get_error("mac_auto_write", A_none); 00187 return(NOT_GRANTED); 00188 } 00189 if(attr_val1.security_level < target_sec_level) 00190 { 00191 #ifdef CONFIG_RSBAC_DEBUG 00192 if(rsbac_debug_adf_mac) 00193 { 00194 #ifdef CONFIG_RSBAC_RMSG 00195 rsbac_printk(KERN_DEBUG 00196 "mac_auto_write(): pid %u/%.15s: security_level %u under target_sec_level %u, no override -> NOT_GRANTED!\n", 00197 current->pid, current->comm, 00198 attr_val1.security_level, target_sec_level); 00199 #endif 00200 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00201 if (!rsbac_nosyslog) 00202 #endif 00203 printk(KERN_DEBUG 00204 "mac_auto_write(): pid %u/%.15s: security_level %u under target_sec_level %u, no override -> NOT_GRANTED!\n", 00205 current->pid, current->comm, 00206 attr_val1.security_level, target_sec_level); 00207 } 00208 #endif 00209 return(NOT_GRANTED); 00210 } 00211 /* curr_level < target_level <= max_level -> need mac_auto, write_up, trusted (at process) 00212 or shared (at object) */ 00213 if(flags & MAC_auto) 00214 mac_auto_used_level = TRUE; 00215 else 00216 { 00217 if( !(flags & MAC_write_up) 00218 && !(flags & MAC_trusted) 00219 ) 00220 { 00221 /* Try mac_file_flags on the target, if FD object */ 00222 switch(target) 00223 { 00224 case T_FILE: 00225 case T_DIR: 00226 case T_FIFO: 00227 case T_SYMLINK: 00228 if (rsbac_get_attr(MAC, 00229 target, 00230 tid, 00231 A_mac_file_flags, 00232 &attr_val1, 00233 TRUE)) 00234 { /* failed! */ 00235 rsbac_ds_get_error("mac_auto_write", A_none); 00236 return(NOT_GRANTED); 00237 } 00238 if( (attr_val1.mac_file_flags & MAC_write_up) 00239 || (attr_val1.mac_file_flags & MAC_trusted) 00240 ) 00241 { 00242 break; 00243 } 00244 /* fall through */ 00245 00246 default: 00247 #ifdef CONFIG_RSBAC_DEBUG 00248 if(rsbac_debug_adf_mac) 00249 { 00250 #ifdef CONFIG_RSBAC_RMSG 00251 rsbac_printk(KERN_DEBUG 00252 "mac_auto_write(): pid %u/%.15s: current security_level %u under target_sec_level %u, no auto, write_up, trusted -> NOT_GRANTED!\n", 00253 current->pid, current->comm, 00254 curr_level, target_sec_level); 00255 #endif 00256 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00257 if (!rsbac_nosyslog) 00258 #endif 00259 printk(KERN_DEBUG 00260 "mac_auto_write(): pid %u/%.15s: current security_level %u under target_sec_level %u, no auto, write_up, trusted -> NOT_GRANTED!\n", 00261 current->pid, current->comm, 00262 curr_level, target_sec_level); 00263 } 00264 #endif 00265 return(NOT_GRANTED); 00266 } 00267 } 00268 } 00269 } 00270 else 00271 if(target_sec_level < curr_level) 00272 { 00273 if (rsbac_get_attr(MAC, 00274 T_PROCESS, 00275 i_tid, 00276 A_min_security_level, 00277 &attr_val1, 00278 FALSE)) 00279 { /* failed! */ 00280 rsbac_ds_get_error("mac_auto_write", A_none); 00281 return(NOT_GRANTED); 00282 } 00283 if(attr_val1.security_level > target_sec_level) 00284 { 00285 #ifdef CONFIG_RSBAC_DEBUG 00286 if(rsbac_debug_adf_mac) 00287 { 00288 #ifdef CONFIG_RSBAC_RMSG 00289 rsbac_printk(KERN_DEBUG 00290 "mac_auto_write(): pid %u/%.15s: min_security_level %u over target_sec_level %u, no override -> NOT_GRANTED!\n", 00291 current->pid, current->comm, 00292 attr_val1.security_level, target_sec_level); 00293 #endif 00294 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00295 if (!rsbac_nosyslog) 00296 #endif 00297 printk(KERN_DEBUG 00298 "mac_auto_write(): pid %u/%.15s: min_security_level %u over target_sec_level %u, no override -> NOT_GRANTED!\n", 00299 current->pid, current->comm, 00300 attr_val1.security_level, target_sec_level); 00301 } 00302 #endif 00303 return(NOT_GRANTED); 00304 } 00305 /* min_level <= target_level < curr_level -> need mac_auto, write_down or trusted */ 00306 if(flags & MAC_auto) 00307 { 00308 /* check max_read boundary */ 00309 if (rsbac_get_attr(MAC, 00310 T_PROCESS, 00311 i_tid, 00312 A_max_read_open, 00313 &attr_val1, 00314 FALSE)) 00315 { /* failed! */ 00316 rsbac_ds_get_error("mac_auto_write", A_none); 00317 return(NOT_GRANTED); 00318 } 00319 if(attr_val1.security_level > target_sec_level) 00320 { 00321 if( !(flags & MAC_write_down) 00322 && !(flags & MAC_trusted) 00323 ) 00324 { 00325 /* Try mac_file_flags on the target, if FD object */ 00326 switch(target) 00327 { 00328 case T_FILE: 00329 case T_DIR: 00330 case T_FIFO: 00331 case T_SYMLINK: 00332 if (rsbac_get_attr(MAC, 00333 target, 00334 tid, 00335 A_mac_file_flags, 00336 &attr_val1, 00337 TRUE)) 00338 { /* failed! */ 00339 rsbac_ds_get_error("mac_auto_write", A_none); 00340 return(NOT_GRANTED); 00341 } 00342 if( (attr_val1.mac_file_flags & MAC_write_down) 00343 || (attr_val1.mac_file_flags & MAC_trusted) 00344 ) 00345 { 00346 if(attr_val1.mac_file_flags & MAC_auto) 00347 { 00348 raise_object_level = TRUE; 00349 } 00350 break; 00351 } 00352 /* fall through */ 00353 00354 default: 00355 #ifdef CONFIG_RSBAC_DEBUG 00356 if(rsbac_debug_adf_mac) 00357 { 00358 #ifdef CONFIG_RSBAC_RMSG 00359 rsbac_printk(KERN_DEBUG 00360 "mac_auto_write(): pid %u/%.15s: max_read_open %u over target_sec_level %u, no write_down or trusted -> NOT_GRANTED!\n", 00361 current->pid, current->comm, 00362 attr_val1.security_level, target_sec_level); 00363 #endif 00364 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00365 if (!rsbac_nosyslog) 00366 #endif 00367 printk(KERN_DEBUG 00368 "mac_auto_write(): pid %u/%.15s: max_read_open %u over target_sec_level %u, no write_down or trusted -> NOT_GRANTED!\n", 00369 current->pid, current->comm, 00370 attr_val1.security_level, target_sec_level); 00371 } 00372 #endif 00373 return(NOT_GRANTED); 00374 } 00375 } 00376 } 00377 else 00378 mac_auto_used_level = TRUE; 00379 } 00380 else 00381 { 00382 if( !(flags & MAC_write_down) 00383 && !(flags & MAC_trusted) 00384 ) 00385 { 00386 /* Try mac_file_flags on the target, if FD object */ 00387 switch(target) 00388 { 00389 case T_FILE: 00390 case T_DIR: 00391 case T_FIFO: 00392 case T_SYMLINK: 00393 if (rsbac_get_attr(MAC, 00394 target, 00395 tid, 00396 A_mac_file_flags, 00397 &attr_val1, 00398 TRUE)) 00399 { /* failed! */ 00400 rsbac_ds_get_error("mac_auto_write", A_none); 00401 return(NOT_GRANTED); 00402 } 00403 if( (attr_val1.mac_file_flags & MAC_write_down) 00404 || (attr_val1.mac_file_flags & MAC_trusted) 00405 ) 00406 { 00407 if(attr_val1.mac_file_flags & MAC_auto) 00408 { 00409 raise_object_level = TRUE; 00410 } 00411 break; 00412 } 00413 /* fall through */ 00414 00415 default: 00416 #ifdef CONFIG_RSBAC_DEBUG 00417 if(rsbac_debug_adf_mac) 00418 { 00419 #ifdef CONFIG_RSBAC_RMSG 00420 rsbac_printk(KERN_DEBUG 00421 "mac_auto_write(): pid %u/%.15s: current security_level %u over target_sec_level %u, no auto, write_down or trusted -> NOT_GRANTED!\n", 00422 current->pid, current->comm, 00423 curr_level, target_sec_level); 00424 #endif 00425 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00426 if (!rsbac_nosyslog) 00427 #endif 00428 printk(KERN_DEBUG 00429 "mac_auto_write(): pid %u/%.15s: current security_level %u over target_sec_level %u, no auto, write_down or trusted -> NOT_GRANTED!\n", 00430 current->pid, current->comm, 00431 curr_level, target_sec_level); 00432 } 00433 #endif 00434 return(NOT_GRANTED); 00435 } 00436 } 00437 } 00438 } 00439 00440 if((target_categories & curr_categories) != target_categories) 00441 { 00442 if (rsbac_get_attr(MAC, 00443 T_PROCESS, 00444 i_tid, 00445 A_mac_categories, 00446 &attr_val1, 00447 FALSE)) 00448 { /* failed! */ 00449 rsbac_ds_get_error("mac_auto_write", A_none); 00450 return(NOT_GRANTED); 00451 } 00452 if((target_categories & attr_val1.mac_categories) != target_categories) 00453 { 00454 #ifdef CONFIG_RSBAC_DEBUG 00455 if(rsbac_debug_adf_mac) 00456 { 00457 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00458 00459 if(tmp) 00460 { 00461 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00462 00463 if(tmp2) 00464 { 00465 u64tostrmac(tmp, attr_val1.mac_categories); 00466 u64tostrmac(tmp2, target_categories); 00467 #ifdef CONFIG_RSBAC_RMSG 00468 rsbac_printk(KERN_DEBUG 00469 "mac_auto_write(): pid %u/%.15s: max_categories %s under target categories %s, no override -> NOT_GRANTED!\n", 00470 current->pid, current->comm, 00471 tmp, 00472 tmp2); 00473 #endif 00474 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00475 if (!rsbac_nosyslog) 00476 #endif 00477 printk(KERN_DEBUG 00478 "mac_auto_write(): pid %u/%.15s: max_categories %s under target categories %s, no override -> NOT_GRANTED!\n", 00479 current->pid, current->comm, 00480 tmp, 00481 tmp2); 00482 rsbac_kfree(tmp2); 00483 } 00484 rsbac_kfree(tmp); 00485 } 00486 } 00487 #endif 00488 return(NOT_GRANTED); 00489 } 00490 /* curr_categories < target_categories <= max_categories -> need mac_auto, write_up or trusted */ 00491 if(flags & MAC_auto) 00492 mac_auto_used_cat = TRUE; 00493 else 00494 { 00495 if( !(flags & MAC_write_up) 00496 && !(flags & MAC_trusted) 00497 ) 00498 { 00499 /* Try mac_file_flags on the target, if FD object */ 00500 switch(target) 00501 { 00502 case T_FILE: 00503 case T_DIR: 00504 case T_FIFO: 00505 case T_SYMLINK: 00506 if (rsbac_get_attr(MAC, 00507 target, 00508 tid, 00509 A_mac_file_flags, 00510 &attr_val1, 00511 TRUE)) 00512 { /* failed! */ 00513 rsbac_ds_get_error("mac_auto_write", A_none); 00514 return(NOT_GRANTED); 00515 } 00516 if( (attr_val1.mac_file_flags & MAC_write_up) 00517 || (attr_val1.mac_file_flags & MAC_trusted) 00518 ) 00519 break; 00520 /* fall through */ 00521 00522 default: 00523 #ifdef CONFIG_RSBAC_DEBUG 00524 if(rsbac_debug_adf_mac) 00525 { 00526 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00527 00528 if(tmp) 00529 { 00530 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00531 00532 if(tmp2) 00533 { 00534 u64tostrmac(tmp, curr_categories); 00535 u64tostrmac(tmp2, target_categories); 00536 #ifdef CONFIG_RSBAC_RMSG 00537 rsbac_printk(KERN_DEBUG 00538 "mac_auto_write(): pid %u/%.15s: curr_categories %s under target categories %s, no auto, write_up or trusted -> NOT_GRANTED!\n", 00539 current->pid, current->comm, 00540 tmp, 00541 tmp2); 00542 #endif 00543 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00544 if (!rsbac_nosyslog) 00545 #endif 00546 printk(KERN_DEBUG 00547 "mac_auto_write(): pid %u/%.15s: curr_categories %s under target categories %s, no auto, write_up or trusted -> NOT_GRANTED!\n", 00548 current->pid, current->comm, 00549 tmp, 00550 tmp2); 00551 rsbac_kfree(tmp2); 00552 } 00553 rsbac_kfree(tmp); 00554 } 00555 } 00556 #endif 00557 return(NOT_GRANTED); 00558 } 00559 } 00560 } 00561 } 00562 else 00563 if((target_categories & curr_categories) != curr_categories) 00564 { 00565 if (rsbac_get_attr(MAC, 00566 T_PROCESS, 00567 i_tid, 00568 A_mac_min_categories, 00569 &attr_val1, 00570 FALSE)) 00571 { /* failed! */ 00572 rsbac_ds_get_error("mac_auto_write", A_none); 00573 return(NOT_GRANTED); 00574 } 00575 if((target_categories & attr_val1.mac_categories) != attr_val1.mac_categories) 00576 { 00577 #ifdef CONFIG_RSBAC_DEBUG 00578 if(rsbac_debug_adf_mac) 00579 { 00580 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00581 00582 if(tmp) 00583 { 00584 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00585 00586 if(tmp2) 00587 { 00588 u64tostrmac(tmp, attr_val1.mac_categories); 00589 u64tostrmac(tmp2, target_categories); 00590 #ifdef CONFIG_RSBAC_RMSG 00591 rsbac_printk(KERN_DEBUG 00592 "mac_auto_write(): pid %u/%.15s: min_categories %s over target categories %s, no override -> NOT_GRANTED!\n", 00593 current->pid, current->comm, 00594 tmp, 00595 tmp2); 00596 #endif 00597 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00598 if (!rsbac_nosyslog) 00599 #endif 00600 printk(KERN_DEBUG 00601 "mac_auto_write(): pid %u/%.15s: min_categories %s over target categories %s, no override -> NOT_GRANTED!\n", 00602 current->pid, current->comm, 00603 tmp, 00604 tmp2); 00605 rsbac_kfree(tmp2); 00606 } 00607 rsbac_kfree(tmp); 00608 } 00609 } 00610 #endif 00611 return(NOT_GRANTED); 00612 } 00613 /* min_level <= target_level < curr_level -> need mac_auto, write_down or trusted */ 00614 if(flags & MAC_auto) 00615 { 00616 /* check max_read boundary */ 00617 if (rsbac_get_attr(MAC, 00618 T_PROCESS, 00619 i_tid, 00620 A_max_read_categories, 00621 &attr_val1, 00622 FALSE)) 00623 { /* failed! */ 00624 rsbac_ds_get_error("mac_auto_write", A_none); 00625 return(NOT_GRANTED); 00626 } 00627 if((target_categories & attr_val1.mac_categories) != attr_val1.mac_categories) 00628 { 00629 if( !(flags & MAC_write_down) 00630 && !(flags & MAC_trusted) 00631 ) 00632 { 00633 /* Try mac_file_flags on the target, if FD object */ 00634 switch(target) 00635 { 00636 case T_FILE: 00637 case T_DIR: 00638 case T_FIFO: 00639 case T_SYMLINK: 00640 if (rsbac_get_attr(MAC, 00641 target, 00642 tid, 00643 A_mac_file_flags, 00644 &attr_val1, 00645 TRUE)) 00646 { /* failed! */ 00647 rsbac_ds_get_error("mac_auto_write", A_none); 00648 return(NOT_GRANTED); 00649 } 00650 if( (attr_val1.mac_file_flags & MAC_write_down) 00651 || (attr_val1.mac_file_flags & MAC_trusted) 00652 ) 00653 { 00654 if(attr_val1.mac_file_flags & MAC_auto) 00655 { 00656 raise_object_cat = TRUE; 00657 } 00658 break; 00659 } 00660 /* fall through */ 00661 00662 default: 00663 #ifdef CONFIG_RSBAC_DEBUG 00664 if(rsbac_debug_adf_mac) 00665 { 00666 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00667 00668 if(tmp) 00669 { 00670 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00671 00672 if(tmp2) 00673 { 00674 u64tostrmac(tmp, attr_val1.mac_categories); 00675 u64tostrmac(tmp2, target_categories); 00676 #ifdef CONFIG_RSBAC_RMSG 00677 rsbac_printk(KERN_DEBUG 00678 "mac_auto_write(): pid %u/%.15s: max_read_categories %s over target categories %s, no write_down or trusted -> NOT_GRANTED!\n", 00679 current->pid, current->comm, 00680 tmp, 00681 tmp2); 00682 #endif 00683 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00684 if (!rsbac_nosyslog) 00685 #endif 00686 printk(KERN_DEBUG 00687 "mac_auto_write(): pid %u/%.15s: max_read_categories %s over target categories %s, no write_down or trusted -> NOT_GRANTED!\n", 00688 current->pid, current->comm, 00689 tmp, 00690 tmp2); 00691 rsbac_kfree(tmp2); 00692 } 00693 rsbac_kfree(tmp); 00694 } 00695 } 00696 #endif 00697 return(NOT_GRANTED); 00698 } 00699 } 00700 } 00701 else 00702 mac_auto_used_cat = TRUE; 00703 } 00704 else 00705 { 00706 if( !(flags & MAC_write_down) 00707 && !(flags & MAC_trusted) 00708 ) 00709 { 00710 /* Try mac_file_flags on the target, if FD object */ 00711 switch(target) 00712 { 00713 case T_FILE: 00714 case T_DIR: 00715 case T_FIFO: 00716 case T_SYMLINK: 00717 if (rsbac_get_attr(MAC, 00718 target, 00719 tid, 00720 A_mac_file_flags, 00721 &attr_val1, 00722 TRUE)) 00723 { /* failed! */ 00724 rsbac_ds_get_error("mac_auto_write", A_none); 00725 return(NOT_GRANTED); 00726 } 00727 if( (attr_val1.mac_file_flags & MAC_write_down) 00728 || (attr_val1.mac_file_flags & MAC_trusted) 00729 ) 00730 { 00731 if(attr_val1.mac_file_flags & MAC_auto) 00732 { 00733 raise_object_cat = TRUE; 00734 } 00735 break; 00736 } 00737 /* fall through */ 00738 00739 default: 00740 #ifdef CONFIG_RSBAC_DEBUG 00741 if(rsbac_debug_adf_mac) 00742 { 00743 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00744 00745 if(tmp) 00746 { 00747 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00748 00749 if(tmp2) 00750 { 00751 u64tostrmac(tmp, curr_categories); 00752 u64tostrmac(tmp2, target_categories); 00753 #ifdef CONFIG_RSBAC_RMSG 00754 rsbac_printk(KERN_DEBUG 00755 "mac_auto_write(): pid %u/%.15s: curr_categories %s over target categories %s, no auto, write_down or trusted -> NOT_GRANTED!\n", 00756 current->pid, current->comm, 00757 tmp, 00758 tmp2); 00759 #endif 00760 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00761 if (!rsbac_nosyslog) 00762 #endif 00763 printk(KERN_DEBUG 00764 "mac_auto_write(): pid %u/%.15s: curr_categories %s over target categories %s, no auto, write_down or trusted -> NOT_GRANTED!\n", 00765 current->pid, current->comm, 00766 tmp, 00767 tmp2); 00768 rsbac_kfree(tmp2); 00769 } 00770 rsbac_kfree(tmp); 00771 } 00772 } 00773 #endif 00774 return(NOT_GRANTED); 00775 } 00776 } 00777 } 00778 } 00779 00780 /* grant area */ 00781 00782 /* adjust current_sec_level and min_write_level, */ 00783 /* if set_level is true and mac_auto has been used*/ 00784 if( set_level 00785 && ( mac_auto_used_level 00786 || raise_object_level 00787 ) 00788 ) 00789 { 00790 #ifdef CONFIG_RSBAC_MAC_LOG_LEVEL_CHANGE 00791 { 00792 char * target_type_name; 00793 char * target_id_name; 00794 00795 target_type_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00796 if(target_type_name) 00797 { 00798 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 00799 target_id_name 00800 = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + RSBAC_MAXNAMELEN); 00801 /* max. path name len + some extra */ 00802 #else 00803 target_id_name = rsbac_kmalloc(2 * RSBAC_MAXNAMELEN); 00804 /* max. file name len + some extra */ 00805 #endif 00806 if(target_id_name) 00807 { 00808 get_target_name(target_type_name, target, target_id_name, tid); 00809 00810 if(mac_auto_used_level) 00811 { 00812 #ifndef CONFIG_RSBAC_RMSG_EXCL 00813 /* only log to standard syslog, if not disabled by kernel boot parameter */ 00814 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00815 if (!rsbac_nosyslog) 00816 #endif 00817 printk(KERN_INFO 00818 "mac_auto_write(): Changing process %u (%.15s, owner %u) current level from %u to %u for %s %s\n", 00819 pid, 00820 current->comm, 00821 current->uid, 00822 curr_level, 00823 target_sec_level, 00824 target_type_name, 00825 target_id_name); 00826 #endif 00827 #ifdef CONFIG_RSBAC_RMSG 00828 rsbac_printk(KERN_INFO 00829 "mac_auto_write(): Changing process %u (%.15s, owner %u) current level from %u to %u for %s %s\n", 00830 pid, 00831 current->comm, 00832 current->uid, 00833 curr_level, 00834 target_sec_level, 00835 target_type_name, 00836 target_id_name); 00837 #endif 00838 } 00839 else 00840 { 00841 #ifndef CONFIG_RSBAC_RMSG_EXCL 00842 /* only log to standard syslog, if not disabled by kernel boot parameter */ 00843 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00844 if (!rsbac_nosyslog) 00845 #endif 00846 printk(KERN_INFO 00847 "mac_auto_write(): Process %u (%.15s, owner %u): Raising object level from %u to %u for %s %s\n", 00848 pid, 00849 current->comm, 00850 current->uid, 00851 target_sec_level, 00852 curr_level, 00853 target_type_name, 00854 target_id_name); 00855 #endif 00856 #ifdef CONFIG_RSBAC_RMSG 00857 rsbac_printk(KERN_INFO 00858 "mac_auto_write(): Process %u (%.15s, owner %u): Raising object level from %u to %u for %s %s\n", 00859 pid, 00860 current->comm, 00861 current->uid, 00862 target_sec_level, 00863 curr_level, 00864 target_type_name, 00865 target_id_name); 00866 #endif 00867 } 00868 rsbac_kfree(target_id_name); 00869 } 00870 rsbac_kfree(target_type_name); 00871 } 00872 } 00873 #endif 00874 if(mac_auto_used_level) 00875 { 00876 i_tid.process = pid; 00877 attr_val1.current_sec_level = target_sec_level; 00878 if (rsbac_get_attr(MAC, 00879 T_PROCESS, 00880 i_tid, 00881 A_min_write_open, 00882 &attr_val2, 00883 TRUE)) 00884 { /* failed! */ 00885 rsbac_ds_get_error("mac_auto_write", A_none); 00886 return(NOT_GRANTED); 00887 } 00888 if(attr_val1.min_write_open < attr_val2.min_write_open) 00889 { 00890 if (rsbac_set_attr(MAC, 00891 T_PROCESS, 00892 i_tid, 00893 A_min_write_open, 00894 attr_val1)) 00895 { /* failed! */ 00896 rsbac_ds_set_error("mac_auto_write", A_none); 00897 return(NOT_GRANTED); 00898 } 00899 } 00900 if (rsbac_set_attr(MAC, 00901 T_PROCESS, 00902 i_tid, 00903 A_current_sec_level, 00904 attr_val1)) 00905 { /* failed! */ 00906 rsbac_ds_set_error("mac_auto_write", A_none); 00907 return(NOT_GRANTED); 00908 } 00909 } 00910 else 00911 { 00912 attr_val1.security_level = curr_level; 00913 if (rsbac_set_attr(MAC, 00914 target, 00915 tid, 00916 A_security_level, 00917 attr_val1)) 00918 { /* failed! */ 00919 rsbac_ds_set_error("mac_auto_write", A_none); 00920 return(NOT_GRANTED); 00921 } 00922 } 00923 } 00924 /* adjust current_categories and min_write_categories, */ 00925 /* if set_level is true and mac_auto has been used*/ 00926 if( set_level 00927 && ( mac_auto_used_cat 00928 || raise_object_cat 00929 ) 00930 ) 00931 { 00932 #ifdef CONFIG_RSBAC_MAC_LOG_LEVEL_CHANGE 00933 { 00934 char * target_type_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00935 if(target_type_name) 00936 { 00937 char * target_id_name; 00938 00939 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 00940 target_id_name 00941 = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + RSBAC_MAXNAMELEN); 00942 /* max. path name len + some extra */ 00943 #else 00944 target_id_name = rsbac_kmalloc(2 * RSBAC_MAXNAMELEN); 00945 /* max. file name len + some extra */ 00946 #endif 00947 if(target_id_name) 00948 { 00949 char * tmp1 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00950 if(tmp1) 00951 { 00952 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00953 if(tmp2) 00954 { 00955 get_target_name(target_type_name, target, target_id_name, tid); 00956 00957 if(mac_auto_used_cat) 00958 { 00959 #ifndef CONFIG_RSBAC_RMSG_EXCL 00960 /* only log to standard syslog, if not disabled by kernel boot parameter */ 00961 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00962 if (!rsbac_nosyslog) 00963 #endif 00964 printk(KERN_INFO 00965 "mac_auto_write(): Changing process %u (%.15s, owner %u) current categories from %s to %s for %s %s\n", 00966 pid, 00967 current->comm, 00968 current->uid, 00969 u64tostrmac(tmp1, curr_categories), 00970 u64tostrmac(tmp2, target_categories), 00971 target_type_name, 00972 target_id_name); 00973 #endif 00974 #ifdef CONFIG_RSBAC_RMSG 00975 rsbac_printk(KERN_INFO 00976 "mac_auto_write(): Changing process %u (%.15s, owner %u) current categories from %s to %s for %s %s\n", 00977 pid, 00978 current->comm, 00979 current->uid, 00980 u64tostrmac(tmp1, curr_categories), 00981 u64tostrmac(tmp2, target_categories), 00982 target_type_name, 00983 target_id_name); 00984 #endif 00985 } 00986 else 00987 { 00988 #ifndef CONFIG_RSBAC_RMSG_EXCL 00989 /* only log to standard syslog, if not disabled by kernel boot parameter */ 00990 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00991 if (!rsbac_nosyslog) 00992 #endif 00993 printk(KERN_INFO 00994 "mac_auto_write(): Process %u (%.15s, owner %u): raising current categories from %s to %s for %s %s\n", 00995 pid, 00996 current->comm, 00997 current->uid, 00998 u64tostrmac(tmp2, target_categories), 00999 u64tostrmac(tmp1, curr_categories), 01000 target_type_name, 01001 target_id_name); 01002 #endif 01003 #ifdef CONFIG_RSBAC_RMSG 01004 rsbac_printk(KERN_INFO 01005 "mac_auto_write(): Process %u (%.15s, owner %u): raising current categories from %s to %s for %s %s\n", 01006 pid, 01007 current->comm, 01008 current->uid, 01009 u64tostrmac(tmp2, target_categories), 01010 u64tostrmac(tmp1, curr_categories), 01011 target_type_name, 01012 target_id_name); 01013 #endif 01014 } 01015 rsbac_kfree(tmp2); 01016 } 01017 rsbac_kfree(tmp1); 01018 } 01019 rsbac_kfree(target_id_name); 01020 } 01021 rsbac_kfree(target_type_name); 01022 } 01023 } 01024 #endif 01025 if(mac_auto_used_cat) 01026 { 01027 i_tid.process = pid; 01028 attr_val1.mac_categories = target_categories; 01029 if (rsbac_get_attr(MAC, 01030 T_PROCESS, 01031 i_tid, 01032 A_min_write_categories, 01033 &attr_val2, 01034 TRUE)) 01035 { /* failed! */ 01036 rsbac_ds_get_error("mac_auto_write", A_none); 01037 return(NOT_GRANTED); 01038 } 01039 if((attr_val1.mac_categories & attr_val2.mac_categories) 01040 != attr_val2.mac_categories 01041 ) 01042 { 01043 if (rsbac_set_attr(MAC, 01044 T_PROCESS, 01045 i_tid, 01046 A_min_write_categories, 01047 attr_val1)) 01048 { /* failed! */ 01049 rsbac_ds_set_error("mac_auto_write", A_none); 01050 return(NOT_GRANTED); 01051 } 01052 } 01053 if (rsbac_set_attr(MAC, 01054 T_PROCESS, 01055 i_tid, 01056 A_mac_curr_categories, 01057 attr_val1)) 01058 { /* failed! */ 01059 rsbac_ds_set_error("mac_auto_write", A_none); 01060 return(NOT_GRANTED); 01061 } 01062 } 01063 else 01064 { 01065 attr_val1.mac_categories = curr_categories; 01066 if (rsbac_set_attr(MAC, 01067 target, 01068 tid, 01069 A_mac_categories, 01070 attr_val1)) 01071 { /* failed! */ 01072 rsbac_ds_set_error("mac_auto_write", A_none); 01073 return(NOT_GRANTED); 01074 } 01075 } 01076 } 01077 01078 /* Everything done, so return */ 01079 return(GRANTED); 01080 } 01081 01082 static enum rsbac_adf_req_ret_t 01083 auto_write( rsbac_pid_t pid, 01084 enum rsbac_target_t target, 01085 union rsbac_target_id_t tid, 01086 boolean set_level) 01087 { 01088 return auto_write_attr(pid, 01089 target, 01090 tid, 01091 A_security_level, 01092 A_mac_categories, 01093 set_level); 01094 } 01095 01096 /* auto_read() */ 01097 /* This function works similar to auto_write() */ 01098 01099 static enum rsbac_adf_req_ret_t 01100 auto_read_attr ( rsbac_pid_t pid, 01101 enum rsbac_target_t target, 01102 union rsbac_target_id_t tid, 01103 enum rsbac_attribute_t t_level_attr, 01104 enum rsbac_attribute_t t_cat_attr, 01105 boolean set_level) 01106 { 01107 rsbac_security_level_t curr_level; 01108 rsbac_mac_category_vector_t curr_categories; 01109 rsbac_security_level_t target_sec_level; 01110 rsbac_mac_category_vector_t target_categories; 01111 union rsbac_target_id_t i_tid; 01112 union rsbac_attribute_value_t attr_val1; 01113 union rsbac_attribute_value_t attr_val2; 01114 rsbac_mac_process_flags_t flags; 01115 boolean mac_auto_used_level = FALSE; 01116 boolean mac_auto_used_cat = FALSE; 01117 boolean set_level_level = FALSE; 01118 boolean set_level_cat = FALSE; 01119 01120 /* first check for mac_override, which allows everything */ 01121 i_tid.process = pid; 01122 if (rsbac_get_attr(MAC, 01123 T_PROCESS, 01124 i_tid, 01125 A_mac_process_flags, 01126 &attr_val1, 01127 FALSE)) 01128 { /* failed! */ 01129 rsbac_ds_get_error("mac_auto_read", A_none); 01130 return(NOT_GRANTED); 01131 } 01132 flags = attr_val1.mac_process_flags; 01133 if(flags & MAC_override) 01134 return GRANTED; 01135 01136 /* Get current security level */ 01137 if (rsbac_get_attr(MAC, 01138 T_PROCESS, 01139 i_tid, 01140 A_current_sec_level, 01141 &attr_val1, 01142 FALSE)) 01143 { /* failed! */ 01144 rsbac_ds_get_error("mac_auto_read", A_none); 01145 return(NOT_GRANTED); 01146 } 01147 curr_level = attr_val1.security_level; 01148 /* Get current categories */ 01149 if (rsbac_get_attr(MAC, 01150 T_PROCESS, 01151 i_tid, 01152 A_mac_curr_categories, 01153 &attr_val1, 01154 FALSE)) 01155 { /* failed! */ 01156 rsbac_ds_get_error("mac_auto_read", A_none); 01157 return(NOT_GRANTED); 01158 } 01159 curr_categories = attr_val1.mac_categories; 01160 /* Get target security level */ 01161 if (rsbac_get_attr(MAC, 01162 target, 01163 tid, 01164 t_level_attr, 01165 &attr_val1, 01166 TRUE)) 01167 { /* failed! */ 01168 rsbac_ds_get_error("mac_auto_read", A_none); 01169 return(NOT_GRANTED); 01170 } 01171 target_sec_level = attr_val1.security_level; 01172 /* Get target categories */ 01173 if (rsbac_get_attr(MAC, 01174 target, 01175 tid, 01176 t_cat_attr, 01177 &attr_val1, 01178 TRUE)) 01179 { /* failed! */ 01180 rsbac_ds_get_error("mac_auto_read", A_none); 01181 return(NOT_GRANTED); 01182 } 01183 target_categories = attr_val1.mac_categories; 01184 01185 if(target_sec_level > curr_level) 01186 { 01187 if (rsbac_get_attr(MAC, 01188 T_PROCESS, 01189 i_tid, 01190 A_security_level, 01191 &attr_val1, 01192 FALSE)) 01193 { /* failed! */ 01194 rsbac_ds_get_error("mac_auto_read", A_none); 01195 return(NOT_GRANTED); 01196 } 01197 if(attr_val1.security_level < target_sec_level) 01198 { 01199 #ifdef CONFIG_RSBAC_DEBUG 01200 if(rsbac_debug_adf_mac) 01201 { 01202 #ifdef CONFIG_RSBAC_RMSG 01203 rsbac_printk(KERN_DEBUG 01204 "mac_auto_read(): pid %u/%.15s: security_level %u under target_sec_level %u, no override -> NOT_GRANTED!\n", 01205 current->pid, current->comm, 01206 attr_val1.security_level, target_sec_level); 01207 #endif 01208 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01209 if (!rsbac_nosyslog) 01210 #endif 01211 printk(KERN_DEBUG 01212 "mac_auto_read(): pid %u/%.15s: security_level %u under target_sec_level %u, no override -> NOT_GRANTED!\n", 01213 current->pid, current->comm, 01214 attr_val1.security_level, target_sec_level); 01215 } 01216 #endif 01217 return(NOT_GRANTED); 01218 } 01219 /* curr_level < target_level <= max_level -> need mac_auto, read_up or trusted (with read option) */ 01220 if(flags & MAC_auto) 01221 { 01222 /* check min_write boundary */ 01223 if (rsbac_get_attr(MAC, 01224 T_PROCESS, 01225 i_tid, 01226 A_min_write_open, 01227 &attr_val1, 01228 FALSE)) 01229 { /* failed! */ 01230 rsbac_ds_get_error("mac_auto_read", A_none); 01231 return(NOT_GRANTED); 01232 } 01233 if(attr_val1.security_level < target_sec_level) 01234 { 01235 if( !(flags & MAC_read_up) 01236 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 01237 && !(flags & MAC_trusted) 01238 #endif 01239 ) 01240 { 01241 /* Try mac_file_flags on the target, if FD object */ 01242 switch(target) 01243 { 01244 case T_FILE: 01245 case T_DIR: 01246 case T_FIFO: 01247 case T_SYMLINK: 01248 if (rsbac_get_attr(MAC, 01249 target, 01250 tid, 01251 A_mac_file_flags, 01252 &attr_val1, 01253 TRUE)) 01254 { /* failed! */ 01255 rsbac_ds_get_error("mac_auto_read", A_none); 01256 return(NOT_GRANTED); 01257 } 01258 if( (attr_val1.mac_file_flags & MAC_read_up) 01259 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 01260 || (attr_val1.mac_file_flags & MAC_trusted) 01261 #endif 01262 ) 01263 { 01264 break; 01265 } 01266 /* fall through */ 01267 01268 default: 01269 #ifdef CONFIG_RSBAC_DEBUG 01270 if(rsbac_debug_adf_mac) 01271 { 01272 #ifdef CONFIG_RSBAC_RMSG 01273 rsbac_printk(KERN_DEBUG 01274 "mac_auto_read(): pid %u/%.15s: min_write_open %u under target_sec_level %u, no read_up or trusted -> NOT_GRANTED!\n", 01275 current->pid, current->comm, 01276 attr_val1.security_level, target_sec_level); 01277 #endif 01278 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01279 if (!rsbac_nosyslog) 01280 #endif 01281 printk(KERN_DEBUG 01282 "mac_auto_read(): pid %u/%.15s: min_write_open %u under target_sec_level %u, no read_up or trusted -> NOT_GRANTED!\n", 01283 current->pid, current->comm, 01284 attr_val1.security_level, target_sec_level); 01285 } 01286 #endif 01287 return(NOT_GRANTED); 01288 } 01289 } 01290 } 01291 else 01292 { 01293 mac_auto_used_level = TRUE; 01294 set_level_level = TRUE; 01295 } 01296 } 01297 else 01298 { 01299 if( !(flags & MAC_read_up) 01300 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 01301 && !(flags & MAC_trusted) 01302 #endif 01303 ) 01304 { 01305 /* Try mac_file_flags on the target, if FD object */ 01306 switch(target) 01307 { 01308 case T_FILE: 01309 case T_DIR: 01310 case T_FIFO: 01311 case T_SYMLINK: 01312 if (rsbac_get_attr(MAC, 01313 target, 01314 tid, 01315 A_mac_file_flags, 01316 &attr_val1, 01317 TRUE)) 01318 { /* failed! */ 01319 rsbac_ds_get_error("mac_auto_read", A_none); 01320 return(NOT_GRANTED); 01321 } 01322 if( (attr_val1.mac_file_flags & MAC_read_up) 01323 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 01324 || (attr_val1.mac_file_flags & MAC_trusted) 01325 #endif 01326 ) 01327 { 01328 break; 01329 } 01330 /* fall through */ 01331 01332 default: 01333 #ifdef CONFIG_RSBAC_DEBUG 01334 if(rsbac_debug_adf_mac) 01335 { 01336 #ifdef CONFIG_RSBAC_RMSG 01337 rsbac_printk(KERN_DEBUG 01338 "mac_auto_read(): pid %u/%.15s: current level %u under target_sec_level %u, no auto, read_up or trusted -> NOT_GRANTED!\n", 01339 current->pid, current->comm, 01340 curr_level, target_sec_level); 01341 #endif 01342 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01343 if (!rsbac_nosyslog) 01344 #endif 01345 printk(KERN_DEBUG 01346 "mac_auto_read(): pid %u/%.15s: current level %u under target_sec_level %u, no auto, read_up or trusted -> NOT_GRANTED!\n", 01347 current->pid, current->comm, 01348 curr_level, target_sec_level); 01349 } 01350 #endif 01351 return(NOT_GRANTED); 01352 } 01353 } 01354 } 01355 } 01356 else 01357 if(target_sec_level < curr_level) 01358 { 01359 if(flags & MAC_auto) 01360 { 01361 mac_auto_used_level = TRUE; 01362 } 01363 } 01364 if((target_categories & curr_categories) != target_categories) 01365 { 01366 if (rsbac_get_attr(MAC, 01367 T_PROCESS, 01368 i_tid, 01369 A_mac_categories, 01370 &attr_val1, 01371 FALSE)) 01372 { /* failed! */ 01373 rsbac_ds_get_error("mac_auto_read", A_none); 01374 return(NOT_GRANTED); 01375 } 01376 if((target_categories & attr_val1.mac_categories) != target_categories) 01377 { 01378 #ifdef CONFIG_RSBAC_DEBUG 01379 if(rsbac_debug_adf_mac) 01380 { 01381 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01382 01383 if(tmp) 01384 { 01385 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01386 01387 if(tmp2) 01388 { 01389 u64tostrmac(tmp, attr_val1.mac_categories); 01390 u64tostrmac(tmp2, target_categories); 01391 #ifdef CONFIG_RSBAC_RMSG 01392 rsbac_printk(KERN_DEBUG 01393 "mac_auto_write(): pid %u/%.15s: max_categories %s under target categories %s, no override -> NOT_GRANTED!\n", 01394 current->pid, current->comm, 01395 tmp, 01396 tmp2); 01397 #endif 01398 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01399 if (!rsbac_nosyslog) 01400 #endif 01401 printk(KERN_DEBUG 01402 "mac_auto_write(): pid %u/%.15s: max_categories %s under target categories %s, no override -> NOT_GRANTED!\n", 01403 current->pid, current->comm, 01404 tmp, 01405 tmp2); 01406 rsbac_kfree(tmp2); 01407 } 01408 rsbac_kfree(tmp); 01409 } 01410 } 01411 #endif 01412 return(NOT_GRANTED); 01413 } 01414 /* curr_categories < target_categories <= max_categories -> need mac_auto, read_up or trusted */ 01415 if(flags & MAC_auto) 01416 { 01417 /* check min_write boundary */ 01418 if (rsbac_get_attr(MAC, 01419 T_PROCESS, 01420 i_tid, 01421 A_min_write_categories, 01422 &attr_val1, 01423 FALSE)) 01424 { /* failed! */ 01425 rsbac_ds_get_error("mac_auto_read", A_none); 01426 return(NOT_GRANTED); 01427 } 01428 if((target_categories & attr_val1.mac_categories) != target_categories) 01429 { 01430 if( !(flags & MAC_read_up) 01431 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 01432 && !(flags & MAC_trusted) 01433 #endif 01434 ) 01435 { 01436 /* Try mac_file_flags on the target, if FD object */ 01437 switch(target) 01438 { 01439 case T_FILE: 01440 case T_DIR: 01441 case T_FIFO: 01442 case T_SYMLINK: 01443 if (rsbac_get_attr(MAC, 01444 target, 01445 tid, 01446 A_mac_file_flags, 01447 &attr_val1, 01448 TRUE)) 01449 { /* failed! */ 01450 rsbac_ds_get_error("mac_auto_read", A_none); 01451 return(NOT_GRANTED); 01452 } 01453 if( (attr_val1.mac_file_flags & MAC_read_up) 01454 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 01455 || (attr_val1.mac_file_flags & MAC_trusted) 01456 #endif 01457 ) 01458 { 01459 break; 01460 } 01461 /* fall through */ 01462 01463 default: 01464 #ifdef CONFIG_RSBAC_DEBUG 01465 if(rsbac_debug_adf_mac) 01466 { 01467 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01468 01469 if(tmp) 01470 { 01471 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01472 01473 if(tmp2) 01474 { 01475 u64tostrmac(tmp, attr_val1.mac_categories); 01476 u64tostrmac(tmp2, target_categories); 01477 #ifdef CONFIG_RSBAC_RMSG 01478 rsbac_printk(KERN_DEBUG 01479 "mac_auto_write(): pid %u/%.15s: min_write_categories %s under target categories %s, no read_up or trusted with read option -> NOT_GRANTED!\n", 01480 current->pid, current->comm, 01481 tmp, 01482 tmp2); 01483 #endif 01484 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01485 if (!rsbac_nosyslog) 01486 #endif 01487 printk(KERN_DEBUG 01488 "mac_auto_write(): pid %u/%.15s: min_write_categories %s under target categories %s, no read_up or trusted with read option -> NOT_GRANTED!\n", 01489 current->pid, current->comm, 01490 tmp, 01491 tmp2); 01492 rsbac_kfree(tmp2); 01493 } 01494 rsbac_kfree(tmp); 01495 } 01496 } 01497 #endif 01498 return(NOT_GRANTED); 01499 } 01500 } 01501 } 01502 else 01503 { 01504 mac_auto_used_cat = TRUE; 01505 set_level_cat = TRUE; 01506 } 01507 } 01508 else 01509 { 01510 if( !(flags & MAC_read_up) 01511 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 01512 && !(flags & MAC_trusted) 01513 #endif 01514 ) 01515 { 01516 /* Try mac_file_flags on the target, if FD object */ 01517 switch(target) 01518 { 01519 case T_FILE: 01520 case T_DIR: 01521 case T_FIFO: 01522 case T_SYMLINK: 01523 if (rsbac_get_attr(MAC, 01524 target, 01525 tid, 01526 A_mac_file_flags, 01527 &attr_val1, 01528 TRUE)) 01529 { /* failed! */ 01530 rsbac_ds_get_error("mac_auto_read", A_none); 01531 return(NOT_GRANTED); 01532 } 01533 if( (attr_val1.mac_file_flags & MAC_read_up) 01534 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 01535 || (attr_val1.mac_file_flags & MAC_trusted) 01536 #endif 01537 ) 01538 { 01539 break; 01540 } 01541 /* fall through */ 01542 01543 default: 01544 #ifdef CONFIG_RSBAC_DEBUG 01545 if(rsbac_debug_adf_mac) 01546 { 01547 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01548 01549 if(tmp) 01550 { 01551 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01552 01553 if(tmp2) 01554 { 01555 u64tostrmac(tmp, curr_categories); 01556 u64tostrmac(tmp2, target_categories); 01557 #ifdef CONFIG_RSBAC_RMSG 01558 rsbac_printk(KERN_DEBUG 01559 "mac_auto_write(): pid %u/%.15s: curr_categories %s under target categories %s, no auto, read_up or trusted with read option -> NOT_GRANTED!\n", 01560 current->pid, current->comm, 01561 tmp, 01562 tmp2); 01563 #endif 01564 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01565 if (!rsbac_nosyslog) 01566 #endif 01567 printk(KERN_DEBUG 01568 "mac_auto_write(): pid %u/%.15s: curr_categories %s under target categories %s, no auto, read_up or trusted with read option -> NOT_GRANTED!\n", 01569 current->pid, current->comm, 01570 tmp, 01571 tmp2); 01572 rsbac_kfree(tmp2); 01573 } 01574 rsbac_kfree(tmp); 01575 } 01576 } 01577 #endif 01578 return(NOT_GRANTED); 01579 } 01580 } 01581 } 01582 } 01583 else 01584 if((target_categories & curr_categories) != curr_categories) 01585 { 01586 if(flags & MAC_auto) 01587 { 01588 mac_auto_used_level = TRUE; 01589 } 01590 } 01591 01592 /* grant area */ 01593 01594 /* adjust current_sec_level and max_read_level, */ 01595 /* if set_level is true and mac_auto has been used*/ 01596 if(set_level && mac_auto_used_level) 01597 { 01598 i_tid.process = pid; 01599 attr_val1.current_sec_level = target_sec_level; 01600 if(set_level_level) 01601 { 01602 #ifdef CONFIG_RSBAC_MAC_LOG_LEVEL_CHANGE 01603 char * target_type_name; 01604 char * target_id_name; 01605 01606 target_type_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01607 if(target_type_name) 01608 { 01609 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 01610 target_id_name 01611 = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + RSBAC_MAXNAMELEN); 01612 /* max. path name len + some extra */ 01613 #else 01614 target_id_name = rsbac_kmalloc(2 * RSBAC_MAXNAMELEN); 01615 /* max. file name len + some extra */ 01616 #endif 01617 if(target_id_name) 01618 { 01619 get_target_name(target_type_name, target, target_id_name, tid); 01620 01621 #ifndef CONFIG_RSBAC_RMSG_EXCL 01622 /* only log to standard syslog, if not disabled by kernel boot parameter */ 01623 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01624 if (!rsbac_nosyslog) 01625 #endif 01626 printk(KERN_INFO 01627 "mac_auto_read(): Changing process %u (%.15s, owner %u) current level from %u to %u for %s %s\n", 01628 pid, 01629 current->comm, 01630 current->uid, 01631 curr_level, 01632 target_sec_level, 01633 target_type_name, 01634 target_id_name); 01635 #endif 01636 #ifdef CONFIG_RSBAC_RMSG 01637 rsbac_printk(KERN_INFO 01638 "mac_auto_read(): Changing process %u (%.15s, owner %u) current level from %u to %u for %s %s\n", 01639 pid, 01640 current->comm, 01641 current->uid, 01642 curr_level, 01643 target_sec_level, 01644 target_type_name, 01645 target_id_name); 01646 #endif 01647 rsbac_kfree(target_id_name); 01648 } 01649 rsbac_kfree(target_type_name); 01650 } 01651 #endif 01652 if(rsbac_set_attr(MAC, 01653 T_PROCESS, 01654 i_tid, 01655 A_current_sec_level, 01656 attr_val1)) 01657 { /* failed! */ 01658 rsbac_ds_set_error("mac_auto_read", A_none); 01659 return(NOT_GRANTED); 01660 } 01661 } 01662 if (rsbac_get_attr(MAC, 01663 T_PROCESS, 01664 i_tid, 01665 A_max_read_open, 01666 &attr_val2, 01667 TRUE)) 01668 { /* failed! */ 01669 rsbac_ds_get_error("mac_auto_read", A_none); 01670 return(NOT_GRANTED); 01671 } 01672 if(attr_val1.max_read_open > attr_val2.max_read_open) 01673 { 01674 if (rsbac_set_attr(MAC, 01675 T_PROCESS, 01676 i_tid, 01677 A_max_read_open, 01678 attr_val1)) 01679 { /* failed! */ 01680 rsbac_ds_set_error("mac_auto_read", A_none); 01681 return(NOT_GRANTED); 01682 } 01683 } 01684 } 01685 /* adjust current_categories and max_read_categories, */ 01686 /* if set_level is true and mac_auto has been used*/ 01687 if(set_level && mac_auto_used_cat) 01688 { 01689 i_tid.process = pid; 01690 attr_val1.mac_categories = target_categories; 01691 if(set_level_cat) 01692 { 01693 #ifdef CONFIG_RSBAC_MAC_LOG_LEVEL_CHANGE 01694 char * target_type_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01695 if(target_type_name) 01696 { 01697 char * target_id_name; 01698 01699 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 01700 target_id_name 01701 = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + RSBAC_MAXNAMELEN); 01702 /* max. path name len + some extra */ 01703 #else 01704 target_id_name = rsbac_kmalloc(2 * RSBAC_MAXNAMELEN); 01705 /* max. file name len + some extra */ 01706 #endif 01707 if(target_id_name) 01708 { 01709 char * tmp1 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01710 if(tmp1) 01711 { 01712 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01713 if(tmp2) 01714 { 01715 get_target_name(target_type_name, target, target_id_name, tid); 01716 01717 #ifndef CONFIG_RSBAC_RMSG_EXCL 01718 /* only log to standard syslog, if not disabled by kernel boot parameter */ 01719 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01720 if (!rsbac_nosyslog) 01721 #endif 01722 printk(KERN_INFO 01723 "mac_auto_read(): Changing process %u (15%s, owner %u) current categories from %s to %s for %s %s\n", 01724 pid, 01725 current->comm, 01726 current->uid, 01727 u64tostrmac(tmp1, curr_categories), 01728 u64tostrmac(tmp2, target_categories), 01729 target_type_name, 01730 target_id_name); 01731 #endif 01732 #ifdef CONFIG_RSBAC_RMSG 01733 rsbac_printk(KERN_INFO 01734 "mac_auto_read(): Changing process %u (15%s, owner %u) current categories from %s to %s for %s %s\n", 01735 pid, 01736 current->comm, 01737 current->uid, 01738 u64tostrmac(tmp1, curr_categories), 01739 u64tostrmac(tmp2, target_categories), 01740 target_type_name, 01741 target_id_name); 01742 #endif 01743 rsbac_kfree(tmp2); 01744 } 01745 rsbac_kfree(tmp1); 01746 } 01747 rsbac_kfree(target_id_name); 01748 } 01749 rsbac_kfree(target_type_name); 01750 } 01751 #endif 01752 if(rsbac_set_attr(MAC, 01753 T_PROCESS, 01754 i_tid, 01755 A_mac_curr_categories, 01756 attr_val1)) 01757 { /* failed! */ 01758 rsbac_ds_set_error("mac_auto_read", A_none); 01759 return(NOT_GRANTED); 01760 } 01761 } 01762 if (rsbac_get_attr(MAC, 01763 T_PROCESS, 01764 i_tid, 01765 A_max_read_categories, 01766 &attr_val2, 01767 TRUE)) 01768 { /* failed! */ 01769 rsbac_ds_get_error("mac_auto_read", A_none); 01770 return(NOT_GRANTED); 01771 } 01772 if((attr_val1.mac_categories & attr_val2.mac_categories) 01773 != attr_val1.mac_categories 01774 ) 01775 { 01776 if (rsbac_set_attr(MAC, 01777 T_PROCESS, 01778 i_tid, 01779 A_max_read_categories, 01780 attr_val1)) 01781 { /* failed! */ 01782 rsbac_ds_set_error("mac_auto_read", A_none); 01783 return(NOT_GRANTED); 01784 } 01785 } 01786 } 01787 01788 /* Everything done, so return */ 01789 return(GRANTED); 01790 } 01791 01792 static enum rsbac_adf_req_ret_t 01793 auto_read( rsbac_pid_t pid, 01794 enum rsbac_target_t target, 01795 union rsbac_target_id_t tid, 01796 boolean set_level) 01797 { 01798 return auto_read_attr(pid, 01799 target, 01800 tid, 01801 A_security_level, 01802 A_mac_categories, 01803 set_level); 01804 } 01805 01806 01807 /* auto-read-write() */ 01808 /* combines auto-read and auto-write */ 01809 01810 static enum rsbac_adf_req_ret_t 01811 auto_read_write_attr( rsbac_pid_t pid, 01812 enum rsbac_target_t target, 01813 union rsbac_target_id_t tid, 01814 enum rsbac_attribute_t t_level_attr, 01815 enum rsbac_attribute_t t_cat_attr, 01816 boolean set_level) 01817 { 01818 rsbac_security_level_t curr_level; 01819 rsbac_mac_category_vector_t curr_categories; 01820 rsbac_security_level_t target_sec_level; 01821 rsbac_mac_category_vector_t target_categories; 01822 union rsbac_target_id_t i_tid; 01823 union rsbac_attribute_value_t attr_val1; 01824 union rsbac_attribute_value_t attr_val2; 01825 rsbac_mac_process_flags_t flags; 01826 boolean mac_auto_used_level = FALSE; 01827 boolean mac_auto_used_cat = FALSE; 01828 boolean raise_object_level = FALSE; 01829 boolean raise_object_cat = FALSE; 01830 01831 /* first check for mac_override, which allows everything */ 01832 i_tid.process = pid; 01833 if (rsbac_get_attr(MAC, 01834 T_PROCESS, 01835 i_tid, 01836 A_mac_process_flags, 01837 &attr_val1, 01838 FALSE)) 01839 { /* failed! */ 01840 rsbac_ds_get_error("mac_auto_read_write", A_none); 01841 return(NOT_GRANTED); 01842 } 01843 flags = attr_val1.mac_process_flags; 01844 if(flags & MAC_override) 01845 return GRANTED; 01846 01847 /* Get current security level */ 01848 if (rsbac_get_attr(MAC, 01849 T_PROCESS, 01850 i_tid, 01851 A_current_sec_level, 01852 &attr_val1, 01853 FALSE)) 01854 { /* failed! */ 01855 rsbac_ds_get_error("mac_auto_read_write", A_none); 01856 return(NOT_GRANTED); 01857 } 01858 curr_level = attr_val1.security_level; 01859 /* Get current categories */ 01860 if (rsbac_get_attr(MAC, 01861 T_PROCESS, 01862 i_tid, 01863 A_mac_curr_categories, 01864 &attr_val1, 01865 FALSE)) 01866 { /* failed! */ 01867 rsbac_ds_get_error("mac_auto_read_write", A_none); 01868 return(NOT_GRANTED); 01869 } 01870 curr_categories = attr_val1.mac_categories; 01871 /* Get target security level */ 01872 if (rsbac_get_attr(MAC, 01873 target, 01874 tid, 01875 t_level_attr, 01876 &attr_val1, 01877 TRUE)) 01878 { /* failed! */ 01879 rsbac_ds_get_error("mac_auto_read_write", A_none); 01880 return(NOT_GRANTED); 01881 } 01882 target_sec_level = attr_val1.security_level; 01883 /* Get target categories */ 01884 if (rsbac_get_attr(MAC, 01885 target, 01886 tid, 01887 t_cat_attr, 01888 &attr_val1, 01889 TRUE)) 01890 { /* failed! */ 01891 rsbac_ds_get_error("mac_auto_read_write", A_none); 01892 return(NOT_GRANTED); 01893 } 01894 target_categories = attr_val1.mac_categories; 01895 01896 if(target_sec_level > curr_level) 01897 { 01898 if (rsbac_get_attr(MAC, 01899 T_PROCESS, 01900 i_tid, 01901 A_security_level, 01902 &attr_val1, 01903 FALSE)) 01904 { /* failed! */ 01905 rsbac_ds_get_error("mac_auto_read_write", A_none); 01906 return(NOT_GRANTED); 01907 } 01908 if(attr_val1.security_level < target_sec_level) 01909 { 01910 #ifdef CONFIG_RSBAC_DEBUG 01911 if(rsbac_debug_adf_mac) 01912 { 01913 #ifdef CONFIG_RSBAC_RMSG 01914 rsbac_printk(KERN_DEBUG 01915 "mac_auto_read_write(): pid %u/%.15s: security_level %u under target_sec_level %u, no override -> NOT_GRANTED!\n", 01916 current->pid, current->comm, 01917 attr_val1.security_level, target_sec_level); 01918 #endif 01919 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01920 if (!rsbac_nosyslog) 01921 #endif 01922 printk(KERN_DEBUG 01923 "mac_auto_read_write(): pid %u/%.15s: security_level %u under target_sec_level %u, no override -> NOT_GRANTED!\n", 01924 current->pid, current->comm, 01925 attr_val1.security_level, target_sec_level); 01926 } 01927 #endif 01928 return(NOT_GRANTED); 01929 } 01930 /* curr_level < target_level <= max_level */ 01931 /* -> need mac_auto, (write_up && read_up) or trusted (with read option) */ 01932 if(flags & MAC_auto) 01933 { 01934 /* check min_write boundary */ 01935 if (rsbac_get_attr(MAC, 01936 T_PROCESS, 01937 i_tid, 01938 A_min_write_open, 01939 &attr_val1, 01940 FALSE)) 01941 { /* failed! */ 01942 rsbac_ds_get_error("mac_auto_read_write", A_none); 01943 return(NOT_GRANTED); 01944 } 01945 if(attr_val1.security_level < target_sec_level) 01946 { 01947 if( !((flags & MAC_write_up) && (flags & MAC_read_up)) 01948 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 01949 && !(flags & MAC_trusted) 01950 #endif 01951 ) 01952 { 01953 /* Try mac_file_flags on the target, if FD object */ 01954 switch(target) 01955 { 01956 case T_FILE: 01957 case T_DIR: 01958 case T_FIFO: 01959 case T_SYMLINK: 01960 if (rsbac_get_attr(MAC, 01961 target, 01962 tid, 01963 A_mac_file_flags, 01964 &attr_val1, 01965 TRUE)) 01966 { /* failed! */ 01967 rsbac_ds_get_error("mac_auto_read_write", A_none); 01968 return(NOT_GRANTED); 01969 } 01970 if( ( (attr_val1.mac_file_flags & MAC_write_up) 01971 && (attr_val1.mac_file_flags & MAC_read_up) 01972 ) 01973 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 01974 || (flags & MAC_trusted) 01975 #endif 01976 ) 01977 { 01978 break; 01979 } 01980 /* fall through */ 01981 01982 default: 01983 #ifdef CONFIG_RSBAC_DEBUG 01984 if(rsbac_debug_adf_mac) 01985 { 01986 #ifdef CONFIG_RSBAC_RMSG 01987 rsbac_printk(KERN_DEBUG 01988 "mac_auto_read_write(): pid %u/%.15s: min_write_open %u under target_sec_level %u, no read_up or trusted -> NOT_GRANTED!\n", 01989 current->pid, current->comm, 01990 attr_val1.security_level, target_sec_level); 01991 #endif 01992 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01993 if (!rsbac_nosyslog) 01994 #endif 01995 printk(KERN_DEBUG 01996 "mac_auto_read_write(): pid %u/%.15s: min_write_open %u under target_sec_level %u, no read_up or trusted -> NOT_GRANTED!\n", 01997 current->pid, current->comm, 01998 attr_val1.security_level, target_sec_level); 01999 } 02000 #endif 02001 return(NOT_GRANTED); 02002 } 02003 } 02004 } 02005 else 02006 mac_auto_used_level = TRUE; 02007 } 02008 else 02009 { 02010 if( !((flags & MAC_write_up) && (flags & MAC_read_up)) 02011 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 02012 && !(flags & MAC_trusted) 02013 #endif 02014 ) 02015 { 02016 /* Try mac_file_flags on the target, if FD object */ 02017 switch(target) 02018 { 02019 case T_FILE: 02020 case T_DIR: 02021 case T_FIFO: 02022 case T_SYMLINK: 02023 if (rsbac_get_attr(MAC, 02024 target, 02025 tid, 02026 A_mac_file_flags, 02027 &attr_val1, 02028 TRUE)) 02029 { /* failed! */ 02030 rsbac_ds_get_error("mac_auto_read_write", A_none); 02031 return(NOT_GRANTED); 02032 } 02033 if( ( (attr_val1.mac_file_flags & MAC_write_up) 02034 && (attr_val1.mac_file_flags & MAC_read_up) 02035 ) 02036 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 02037 || (flags & MAC_trusted) 02038 #endif 02039 ) 02040 { 02041 break; 02042 } 02043 /* fall through */ 02044 02045 default: 02046 #ifdef CONFIG_RSBAC_DEBUG 02047 if(rsbac_debug_adf_mac) 02048 { 02049 #ifdef CONFIG_RSBAC_RMSG 02050 rsbac_printk(KERN_DEBUG 02051 "mac_auto_read_write(): pid %u/%.15s: current level %u under target_sec_level %u, no auto, (write_up && read_up) or trusted -> NOT_GRANTED!\n", 02052 current->pid, current->comm, 02053 curr_level, target_sec_level); 02054 #endif 02055 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02056 if (!rsbac_nosyslog) 02057 #endif 02058 printk(KERN_DEBUG 02059 "mac_auto_read_write(): pid %u/%.15s: current level %u under target_sec_level %u, no auto, (write_up && read_up) or trusted -> NOT_GRANTED!\n", 02060 current->pid, current->comm, 02061 curr_level, target_sec_level); 02062 } 02063 #endif 02064 return(NOT_GRANTED); 02065 } 02066 } 02067 } 02068 } 02069 else 02070 if(target_sec_level < curr_level) 02071 { 02072 if (rsbac_get_attr(MAC, 02073 T_PROCESS, 02074 i_tid, 02075 A_min_security_level, 02076 &attr_val1, 02077 FALSE)) 02078 { /* failed! */ 02079 rsbac_ds_get_error("mac_auto_read_write", A_none); 02080 return(NOT_GRANTED); 02081 } 02082 if(attr_val1.security_level > target_sec_level) 02083 { 02084 #ifdef CONFIG_RSBAC_DEBUG 02085 if(rsbac_debug_adf_mac) 02086 { 02087 #ifdef CONFIG_RSBAC_RMSG 02088 rsbac_printk(KERN_DEBUG 02089 "mac_auto_read_write(): pid %u/%.15s: min_security_level %u over target_sec_level %u, no override -> NOT_GRANTED!\n", 02090 current->pid, current->comm, 02091 attr_val1.security_level, target_sec_level); 02092 #endif 02093 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02094 if (!rsbac_nosyslog) 02095 #endif 02096 printk(KERN_DEBUG 02097 "mac_auto_read_write(): pid %u/%.15s: min_security_level %u over target_sec_level %u, no override -> NOT_GRANTED!\n", 02098 current->pid, current->comm, 02099 attr_val1.security_level, target_sec_level); 02100 } 02101 #endif 02102 return(NOT_GRANTED); 02103 } 02104 /* min_level <= target_level < curr_level -> need mac_auto, write_down or trusted */ 02105 if(flags & MAC_auto) 02106 { 02107 /* check max_read boundary */ 02108 if (rsbac_get_attr(MAC, 02109 T_PROCESS, 02110 i_tid, 02111 A_max_read_open, 02112 &attr_val1, 02113 FALSE)) 02114 { /* failed! */ 02115 rsbac_ds_get_error("mac_auto_read_write", A_none); 02116 return(NOT_GRANTED); 02117 } 02118 if(attr_val1.security_level > target_sec_level) 02119 { 02120 if( !(flags & MAC_write_down) 02121 && !(flags & MAC_trusted) 02122 ) 02123 { 02124 /* Try mac_file_flags on the target, if FD object */ 02125 switch(target) 02126 { 02127 case T_FILE: 02128 case T_DIR: 02129 case T_FIFO: 02130 case T_SYMLINK: 02131 if (rsbac_get_attr(MAC, 02132 target, 02133 tid, 02134 A_mac_file_flags, 02135 &attr_val1, 02136 TRUE)) 02137 { /* failed! */ 02138 rsbac_ds_get_error("mac_auto_read_write", A_none); 02139 return(NOT_GRANTED); 02140 } 02141 if( (attr_val1.mac_file_flags & MAC_write_down) 02142 || (attr_val1.mac_file_flags & MAC_trusted) 02143 ) 02144 { 02145 if(attr_val1.mac_file_flags & MAC_auto) 02146 { 02147 raise_object_level = TRUE; 02148 } 02149 break; 02150 } 02151 /* fall through */ 02152 02153 default: 02154 #ifdef CONFIG_RSBAC_DEBUG 02155 if(rsbac_debug_adf_mac) 02156 { 02157 #ifdef CONFIG_RSBAC_RMSG 02158 rsbac_printk(KERN_DEBUG 02159 "mac_auto_read_write(): pid %u/%.15s: max_read_open %u over target_sec_level %u, no write_down or trusted -> NOT_GRANTED!\n", 02160 current->pid, current->comm, 02161 attr_val1.security_level, target_sec_level); 02162 #endif 02163 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02164 if (!rsbac_nosyslog) 02165 #endif 02166 printk(KERN_DEBUG 02167 "mac_auto_read_write(): pid %u/%.15s: max_read_open %u over target_sec_level %u, no write_down or trusted -> NOT_GRANTED!\n", 02168 current->pid, current->comm, 02169 attr_val1.security_level, target_sec_level); 02170 } 02171 #endif 02172 return(NOT_GRANTED); 02173 } 02174 } 02175 } 02176 else 02177 mac_auto_used_level = TRUE; 02178 } 02179 else 02180 { 02181 if( !(flags & MAC_write_down) 02182 && !(flags & MAC_trusted) 02183 ) 02184 { 02185 /* Try mac_file_flags on the target, if FD object */ 02186 switch(target) 02187 { 02188 case T_FILE: 02189 case T_DIR: 02190 case T_FIFO: 02191 case T_SYMLINK: 02192 if (rsbac_get_attr(MAC, 02193 target, 02194 tid, 02195 A_mac_file_flags, 02196 &attr_val1, 02197 TRUE)) 02198 { /* failed! */ 02199 rsbac_ds_get_error("mac_auto_read_write", A_none); 02200 return(NOT_GRANTED); 02201 } 02202 if( (attr_val1.mac_file_flags & MAC_write_down) 02203 || (attr_val1.mac_file_flags & MAC_trusted) 02204 ) 02205 { 02206 if(attr_val1.mac_file_flags & MAC_auto) 02207 { 02208 raise_object_level = TRUE; 02209 } 02210 break; 02211 } 02212 /* fall through */ 02213 02214 default: 02215 #ifdef CONFIG_RSBAC_DEBUG 02216 if(rsbac_debug_adf_mac) 02217 { 02218 #ifdef CONFIG_RSBAC_RMSG 02219 rsbac_printk(KERN_DEBUG 02220 "mac_auto_read_write(): pid %u/%.15s: current security_level %u over target_sec_level %u, no auto, write_down or trusted -> NOT_GRANTED!\n", 02221 current->pid, current->comm, 02222 curr_level, target_sec_level); 02223 #endif 02224 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02225 if (!rsbac_nosyslog) 02226 #endif 02227 printk(KERN_DEBUG 02228 "mac_auto_read_write(): pid %u/%.15s: current security_level %u over target_sec_level %u, no auto, write_down or trusted -> NOT_GRANTED!\n", 02229 current->pid, current->comm, 02230 curr_level, target_sec_level); 02231 } 02232 #endif 02233 return(NOT_GRANTED); 02234 } 02235 } 02236 } 02237 } 02238 if((target_categories & curr_categories) != target_categories) 02239 { 02240 if (rsbac_get_attr(MAC, 02241 T_PROCESS, 02242 i_tid, 02243 A_mac_categories, 02244 &attr_val1, 02245 FALSE)) 02246 { /* failed! */ 02247 rsbac_ds_get_error("mac_auto_read_write", A_none); 02248 return(NOT_GRANTED); 02249 } 02250 if((target_categories & attr_val1.mac_categories) != target_categories) 02251 { 02252 #ifdef CONFIG_RSBAC_DEBUG 02253 if(rsbac_debug_adf_mac) 02254 { 02255 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02256 02257 if(tmp) 02258 { 02259 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02260 02261 if(tmp2) 02262 { 02263 u64tostrmac(tmp, attr_val1.mac_categories); 02264 u64tostrmac(tmp2, target_categories); 02265 #ifdef CONFIG_RSBAC_RMSG 02266 rsbac_printk(KERN_DEBUG 02267 "mac_auto_read_write(): pid %u/%.15s: max_categories %s under target categories %s, no override -> NOT_GRANTED!\n", 02268 current->pid, current->comm, 02269 tmp, 02270 tmp2); 02271 #endif 02272 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02273 if (!rsbac_nosyslog) 02274 #endif 02275 printk(KERN_DEBUG 02276 "mac_auto_read_write(): pid %u/%.15s: max_categories %s under target categories %s, no override -> NOT_GRANTED!\n", 02277 current->pid, current->comm, 02278 tmp, 02279 tmp2); 02280 rsbac_kfree(tmp2); 02281 } 02282 rsbac_kfree(tmp); 02283 } 02284 } 02285 #endif 02286 return(NOT_GRANTED); 02287 } 02288 /* curr_categories < target_categories <= max_categories */ 02289 /* -> need mac_auto, (read_up && write_up) or trusted (with read option) */ 02290 if(flags & MAC_auto) 02291 { 02292 /* check min_write boundary */ 02293 if (rsbac_get_attr(MAC, 02294 T_PROCESS, 02295 i_tid, 02296 A_min_write_categories, 02297 &attr_val1, 02298 FALSE)) 02299 { /* failed! */ 02300 rsbac_ds_get_error("mac_auto_read_write", A_none); 02301 return(NOT_GRANTED); 02302 } 02303 if((target_categories & attr_val1.mac_categories) != target_categories) 02304 { 02305 if( !((flags & MAC_write_up) && (flags & MAC_read_up)) 02306 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 02307 && !(flags & MAC_trusted) 02308 #endif 02309 ) 02310 { 02311 /* Try mac_file_flags on the target, if FD object */ 02312 switch(target) 02313 { 02314 case T_FILE: 02315 case T_DIR: 02316 case T_FIFO: 02317 case T_SYMLINK: 02318 if (rsbac_get_attr(MAC, 02319 target, 02320 tid, 02321 A_mac_file_flags, 02322 &attr_val1, 02323 TRUE)) 02324 { /* failed! */ 02325 rsbac_ds_get_error("mac_auto_read_write", A_none); 02326 return(NOT_GRANTED); 02327 } 02328 if( ( (attr_val1.mac_file_flags & MAC_write_up) 02329 && (attr_val1.mac_file_flags & MAC_read_up) 02330 ) 02331 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 02332 || (flags & MAC_trusted) 02333 #endif 02334 ) 02335 { 02336 break; 02337 } 02338 /* fall through */ 02339 02340 default: 02341 #ifdef CONFIG_RSBAC_DEBUG 02342 if(rsbac_debug_adf_mac) 02343 { 02344 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02345 02346 if(tmp) 02347 { 02348 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02349 02350 if(tmp2) 02351 { 02352 u64tostrmac(tmp, attr_val1.mac_categories); 02353 u64tostrmac(tmp2, target_categories); 02354 #ifdef CONFIG_RSBAC_RMSG 02355 rsbac_printk(KERN_DEBUG 02356 "mac_auto_read_write(): pid %u/%.15s: min_write_categories %s under target categories %s, no (read_up and write_up) or trusted with read option -> NOT_GRANTED!\n", 02357 current->pid, current->comm, 02358 tmp, 02359 tmp2); 02360 #endif 02361 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02362 if (!rsbac_nosyslog) 02363 #endif 02364 printk(KERN_DEBUG 02365 "mac_auto_read_write(): pid %u/%.15s: min_write_categories %s under target categories %s, no (read_up and write_up) or trusted with read option -> NOT_GRANTED!\n", 02366 current->pid, current->comm, 02367 tmp, 02368 tmp2); 02369 rsbac_kfree(tmp2); 02370 } 02371 rsbac_kfree(tmp); 02372 } 02373 } 02374 #endif 02375 return(NOT_GRANTED); 02376 } 02377 } 02378 } 02379 else 02380 mac_auto_used_cat = TRUE; 02381 } 02382 else 02383 { 02384 if( !((flags & MAC_write_up) && (flags & MAC_read_up)) 02385 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 02386 && !(flags & MAC_trusted) 02387 #endif 02388 ) 02389 { 02390 /* Try mac_file_flags on the target, if FD object */ 02391 switch(target) 02392 { 02393 case T_FILE: 02394 case T_DIR: 02395 case T_FIFO: 02396 case T_SYMLINK: 02397 if (rsbac_get_attr(MAC, 02398 target, 02399 tid, 02400 A_mac_file_flags, 02401 &attr_val1, 02402 TRUE)) 02403 { /* failed! */ 02404 rsbac_ds_get_error("mac_auto_read_write", A_none); 02405 return(NOT_GRANTED); 02406 } 02407 if( ( (attr_val1.mac_file_flags & MAC_write_up) 02408 && (attr_val1.mac_file_flags & MAC_read_up) 02409 ) 02410 #ifdef CONFIG_RSBAC_MAC_TRUSTED_READ 02411 || (flags & MAC_trusted) 02412 #endif 02413 ) 02414 { 02415 break; 02416 } 02417 /* fall through */ 02418 02419 default: 02420 #ifdef CONFIG_RSBAC_DEBUG 02421 if(rsbac_debug_adf_mac) 02422 { 02423 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02424 02425 if(tmp) 02426 { 02427 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02428 02429 if(tmp2) 02430 { 02431 u64tostrmac(tmp, curr_categories); 02432 u64tostrmac(tmp2, target_categories); 02433 #ifdef CONFIG_RSBAC_RMSG 02434 rsbac_printk(KERN_DEBUG 02435 "mac_auto_read_write(): pid %u/%.15s: curr_categories %s under target categories %s, no auto, (read_up and write_up) or trusted -> NOT_GRANTED!\n", 02436 current->pid, current->comm, 02437 tmp, 02438 tmp2); 02439 #endif 02440 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02441 if (!rsbac_nosyslog) 02442 #endif 02443 printk(KERN_DEBUG 02444 "mac_auto_read_write(): pid %u/%.15s: curr_categories %s under target categories %s, no auto, (read_up and write_up) or trusted -> NOT_GRANTED!\n", 02445 current->pid, current->comm, 02446 tmp, 02447 tmp2); 02448 rsbac_kfree(tmp2); 02449 } 02450 rsbac_kfree(tmp); 02451 } 02452 } 02453 #endif 02454 return(NOT_GRANTED); 02455 } 02456 } 02457 } 02458 } 02459 else 02460 if((target_categories & curr_categories) != curr_categories) 02461 { 02462 if (rsbac_get_attr(MAC, 02463 T_PROCESS, 02464 i_tid, 02465 A_mac_min_categories, 02466 &attr_val1, 02467 FALSE)) 02468 { /* failed! */ 02469 rsbac_ds_get_error("mac_auto_read_write", A_none); 02470 return(NOT_GRANTED); 02471 } 02472 if((target_categories & attr_val1.mac_categories) != attr_val1.mac_categories) 02473 { 02474 #ifdef CONFIG_RSBAC_DEBUG 02475 if(rsbac_debug_adf_mac) 02476 { 02477 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02478 02479 if(tmp) 02480 { 02481 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02482 02483 if(tmp2) 02484 { 02485 u64tostrmac(tmp, attr_val1.mac_categories); 02486 u64tostrmac(tmp2, target_categories); 02487 #ifdef CONFIG_RSBAC_RMSG 02488 rsbac_printk(KERN_DEBUG 02489 "mac_auto_read_write(): pid %u/%.15s: min_categories %s over target categories %s, no override -> NOT_GRANTED!\n", 02490 current->pid, current->comm, 02491 tmp, 02492 tmp2); 02493 #endif 02494 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02495 if (!rsbac_nosyslog) 02496 #endif 02497 printk(KERN_DEBUG 02498 "mac_auto_read_write(): pid %u/%.15s: min_categories %s over target categories %s, no override -> NOT_GRANTED!\n", 02499 current->pid, current->comm, 02500 tmp, 02501 tmp2); 02502 rsbac_kfree(tmp2); 02503 } 02504 rsbac_kfree(tmp); 02505 } 02506 } 02507 #endif 02508 return(NOT_GRANTED); 02509 } 02510 /* min_level <= target_level < curr_level -> need mac_auto, write_down or trusted */ 02511 if(flags & MAC_auto) 02512 { 02513 /* check max_read boundary */ 02514 if (rsbac_get_attr(MAC, 02515 T_PROCESS, 02516 i_tid, 02517 A_max_read_categories, 02518 &attr_val1, 02519 FALSE)) 02520 { /* failed! */ 02521 rsbac_ds_get_error("mac_auto_read_write", A_none); 02522 return(NOT_GRANTED); 02523 } 02524 if((target_categories & attr_val1.mac_categories) != attr_val1.mac_categories) 02525 { 02526 if( !(flags & MAC_write_down) 02527 && !(flags & MAC_trusted) 02528 ) 02529 { 02530 /* Try mac_file_flags on the target, if FD object */ 02531 switch(target) 02532 { 02533 case T_FILE: 02534 case T_DIR: 02535 case T_FIFO: 02536 case T_SYMLINK: 02537 if (rsbac_get_attr(MAC, 02538 target, 02539 tid, 02540 A_mac_file_flags, 02541 &attr_val1, 02542 TRUE)) 02543 { /* failed! */ 02544 rsbac_ds_get_error("mac_auto_read_write", A_none); 02545 return(NOT_GRANTED); 02546 } 02547 if( (attr_val1.mac_file_flags & MAC_write_down) 02548 || (attr_val1.mac_file_flags & MAC_trusted) 02549 ) 02550 { 02551 if(attr_val1.mac_file_flags & MAC_auto) 02552 { 02553 raise_object_cat = TRUE; 02554 } 02555 break; 02556 } 02557 /* fall through */ 02558 02559 default: 02560 #ifdef CONFIG_RSBAC_DEBUG 02561 if(rsbac_debug_adf_mac) 02562 { 02563 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02564 02565 if(tmp) 02566 { 02567 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02568 02569 if(tmp2) 02570 { 02571 u64tostrmac(tmp, attr_val1.mac_categories); 02572 u64tostrmac(tmp2, target_categories); 02573 #ifdef CONFIG_RSBAC_RMSG 02574 rsbac_printk(KERN_DEBUG 02575 "mac_auto_read_write(): pid %u/%.15s: max_read_categories %s over target categories %s, no write_down or trusted -> NOT_GRANTED!\n", 02576 current->pid, current->comm, 02577 tmp, 02578 tmp2); 02579 #endif 02580 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02581 if (!rsbac_nosyslog) 02582 #endif 02583 printk(KERN_DEBUG 02584 "mac_auto_read_write(): pid %u/%.15s: max_read_categories %s over target categories %s, no write_down or trusted -> NOT_GRANTED!\n", 02585 current->pid, current->comm, 02586 tmp, 02587 tmp2); 02588 rsbac_kfree(tmp2); 02589 } 02590 rsbac_kfree(tmp); 02591 } 02592 } 02593 #endif 02594 return(NOT_GRANTED); 02595 } 02596 } 02597 } 02598 else 02599 mac_auto_used_cat = TRUE; 02600 } 02601 else 02602 { 02603 if( !(flags & MAC_write_down) 02604 && !(flags & MAC_trusted) 02605 ) 02606 { 02607 /* Try mac_file_flags on the target, if FD object */ 02608 switch(target) 02609 { 02610 case T_FILE: 02611 case T_DIR: 02612 case T_FIFO: 02613 case T_SYMLINK: 02614 if (rsbac_get_attr(MAC, 02615 target, 02616 tid, 02617 A_mac_file_flags, 02618 &attr_val1, 02619 TRUE)) 02620 { /* failed! */ 02621 rsbac_ds_get_error("mac_auto_read_write", A_none); 02622 return(NOT_GRANTED); 02623 } 02624 if( (attr_val1.mac_file_flags & MAC_write_down) 02625 || (attr_val1.mac_file_flags & MAC_trusted) 02626 ) 02627 { 02628 if(attr_val1.mac_file_flags & MAC_auto) 02629 { 02630 raise_object_cat = TRUE; 02631 } 02632 break; 02633 } 02634 /* fall through */ 02635 02636 default: 02637 #ifdef CONFIG_RSBAC_DEBUG 02638 if(rsbac_debug_adf_mac) 02639 { 02640 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02641 02642 if(tmp) 02643 { 02644 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02645 02646 if(tmp2) 02647 { 02648 u64tostrmac(tmp, curr_categories); 02649 u64tostrmac(tmp2, target_categories); 02650 #ifdef CONFIG_RSBAC_RMSG 02651 rsbac_printk(KERN_DEBUG 02652 "mac_auto_read_write(): pid %u/%.15s: curr_categories %s over target categories %s, no auto, write_down or trusted -> NOT_GRANTED!\n", 02653 current->pid, current->comm, 02654 tmp, 02655 tmp2); 02656 #endif 02657 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02658 if (!rsbac_nosyslog) 02659 #endif 02660 printk(KERN_DEBUG 02661 "mac_auto_read_write(): pid %u/%.15s: curr_categories %s over target categories %s, no auto, write_down or trusted -> NOT_GRANTED!\n", 02662 current->pid, current->comm, 02663 tmp, 02664 tmp2); 02665 rsbac_kfree(tmp2); 02666 } 02667 rsbac_kfree(tmp); 02668 } 02669 } 02670 #endif 02671 return(NOT_GRANTED); 02672 } 02673 } 02674 } 02675 } 02676 02677 /* grant area */ 02678 02679 /* adjust current_sec_level and min_write_level, */ 02680 /* if set_level is true and mac_auto has been used*/ 02681 if( set_level 02682 && ( mac_auto_used_level 02683 || raise_object_level 02684 ) 02685 ) 02686 { 02687 #ifdef CONFIG_RSBAC_MAC_LOG_LEVEL_CHANGE 02688 { 02689 char * target_type_name; 02690 char * target_id_name; 02691 02692 target_type_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02693 if(target_type_name) 02694 { 02695 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 02696 target_id_name 02697 = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + RSBAC_MAXNAMELEN); 02698 /* max. path name len + some extra */ 02699 #else 02700 target_id_name = rsbac_kmalloc(2 * RSBAC_MAXNAMELEN); 02701 /* max. file name len + some extra */ 02702 #endif 02703 if(target_id_name) 02704 { 02705 get_target_name(target_type_name, target, target_id_name, tid); 02706 02707 if(mac_auto_used_level) 02708 { 02709 #ifndef CONFIG_RSBAC_RMSG_EXCL 02710 /* only log to standard syslog, if not disabled by kernel boot parameter */ 02711 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02712 if (!rsbac_nosyslog) 02713 #endif 02714 printk(KERN_INFO 02715 "mac_auto_read_write(): Changing process %u (%.15s, owner %u) current level from %u to %u for %s %s\n", 02716 pid, 02717 current->comm, 02718 current->uid, 02719 curr_level, 02720 target_sec_level, 02721 target_type_name, 02722 target_id_name); 02723 #endif 02724 #ifdef CONFIG_RSBAC_RMSG 02725 rsbac_printk(KERN_INFO 02726 "mac_auto_read_write(): Changing process %u (%.15s, owner %u) current level from %u to %u for %s %s\n", 02727 pid, 02728 current->comm, 02729 current->uid, 02730 curr_level, 02731 target_sec_level, 02732 target_type_name, 02733 target_id_name); 02734 #endif 02735 } 02736 else 02737 { 02738 #ifndef CONFIG_RSBAC_RMSG_EXCL 02739 /* only log to standard syslog, if not disabled by kernel boot parameter */ 02740 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02741 if (!rsbac_nosyslog) 02742 #endif 02743 printk(KERN_INFO 02744 "mac_auto_read_write(): Process %u (%.15s, owner %u): Raising object level from %u to %u for %s %s\n", 02745 pid, 02746 current->comm, 02747 current->uid, 02748 target_sec_level, 02749 curr_level, 02750 target_type_name, 02751 target_id_name); 02752 #endif 02753 #ifdef CONFIG_RSBAC_RMSG 02754 rsbac_printk(KERN_INFO 02755 "mac_auto_read_write(): Process %u (%.15s, owner %u): Raising object level from %u to %u for %s %s\n", 02756 pid, 02757 current->comm, 02758 current->uid, 02759 target_sec_level, 02760 curr_level, 02761 target_type_name, 02762 target_id_name); 02763 #endif 02764 } 02765 rsbac_kfree(target_id_name); 02766 } 02767 rsbac_kfree(target_type_name); 02768 } 02769 } 02770 #endif 02771 if(mac_auto_used_level) 02772 { 02773 i_tid.process = pid; 02774 attr_val1.current_sec_level = target_sec_level; 02775 if (rsbac_get_attr(MAC, 02776 T_PROCESS, 02777 i_tid, 02778 A_min_write_open, 02779 &attr_val2, 02780 TRUE)) 02781 { /* failed! */ 02782 rsbac_ds_get_error("mac_auto_read_write", A_none); 02783 return(NOT_GRANTED); 02784 } 02785 if(attr_val1.min_write_open < attr_val2.min_write_open) 02786 { 02787 if (rsbac_set_attr(MAC, 02788 T_PROCESS, 02789 i_tid, 02790 A_min_write_open, 02791 attr_val1)) 02792 { /* failed! */ 02793 rsbac_ds_set_error("mac_auto_read_write", A_none); 02794 return(NOT_GRANTED); 02795 } 02796 } 02797 if (rsbac_get_attr(MAC, 02798 T_PROCESS, 02799 i_tid, 02800 A_max_read_open, 02801 &attr_val2, 02802 TRUE)) 02803 { /* failed! */ 02804 rsbac_ds_get_error("mac_auto_read_write", A_none); 02805 return(NOT_GRANTED); 02806 } 02807 if(attr_val1.max_read_open > attr_val2.max_read_open) 02808 { 02809 if (rsbac_set_attr(MAC, 02810 T_PROCESS, 02811 i_tid, 02812 A_max_read_open, 02813 attr_val1)) 02814 { /* failed! */ 02815 rsbac_ds_set_error("mac_auto_read_write", A_none); 02816 return(NOT_GRANTED); 02817 } 02818 } 02819 if (rsbac_set_attr(MAC, 02820 T_PROCESS, 02821 i_tid, 02822 A_current_sec_level, 02823 attr_val1)) 02824 { /* failed! */ 02825 rsbac_ds_set_error("mac_auto_read_write", A_none); 02826 return(NOT_GRANTED); 02827 } 02828 } 02829 else 02830 { 02831 attr_val1.security_level = curr_level; 02832 if (rsbac_set_attr(MAC, 02833 target, 02834 tid, 02835 A_security_level, 02836 attr_val1)) 02837 { /* failed! */ 02838 rsbac_ds_set_error("mac_auto_read_write", A_none); 02839 return(NOT_GRANTED); 02840 } 02841 } 02842 } 02843 /* adjust current_categories and min_write_categories, */ 02844 /* if set_level is true and mac_auto has been used*/ 02845 if( set_level 02846 && ( mac_auto_used_cat 02847 || raise_object_cat 02848 ) 02849 ) 02850 { 02851 #ifdef CONFIG_RSBAC_MAC_LOG_LEVEL_CHANGE 02852 { 02853 char * target_type_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02854 if(target_type_name) 02855 { 02856 char * target_id_name; 02857 02858 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 02859 target_id_name 02860 = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + RSBAC_MAXNAMELEN); 02861 /* max. path name len + some extra */ 02862 #else 02863 target_id_name = rsbac_kmalloc(2 * RSBAC_MAXNAMELEN); 02864 /* max. file name len + some extra */ 02865 #endif 02866 if(target_id_name) 02867 { 02868 char * tmp1 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02869 if(tmp1) 02870 { 02871 char * tmp2 = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02872 if(tmp2) 02873 { 02874 get_target_name(target_type_name, target, target_id_name, tid); 02875 02876 if(mac_auto_used_cat) 02877 { 02878 #ifndef CONFIG_RSBAC_RMSG_EXCL 02879 /* only log to standard syslog, if not disabled by kernel boot parameter */ 02880 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02881 if (!rsbac_nosyslog) 02882 #endif 02883 printk(KERN_INFO 02884 "mac_auto_read_write(): Changing process %u (%.15s, owner %u) current categories from %s to %s for %s %s\n", 02885 pid, 02886 current->comm, 02887 current->uid, 02888 u64tostrmac(tmp1, curr_categories), 02889 u64tostrmac(tmp2, target_categories), 02890 target_type_name, 02891 target_id_name); 02892 #endif 02893 #ifdef CONFIG_RSBAC_RMSG 02894 rsbac_printk(KERN_INFO 02895 "mac_auto_read_write(): Changing process %u (%.15s, owner %u) current categories from %s to %s for %s %s\n", 02896 pid, 02897 current->comm, 02898 current->uid, 02899 u64tostrmac(tmp1, curr_categories), 02900 u64tostrmac(tmp2, target_categories), 02901 target_type_name, 02902 target_id_name); 02903 #endif 02904 } 02905 else 02906 { 02907 #ifndef CONFIG_RSBAC_RMSG_EXCL 02908 /* only log to standard syslog, if not disabled by kernel boot parameter */ 02909 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02910 if (!rsbac_nosyslog) 02911 #endif 02912 printk(KERN_INFO 02913 "mac_auto_read_write(): Process %u (%.15s, owner %u): raising current categories from %s to %s for %s %s\n", 02914 pid, 02915 current->comm, 02916 current->uid, 02917 u64tostrmac(tmp2, target_categories), 02918 u64tostrmac(tmp1, curr_categories), 02919 target_type_name, 02920 target_id_name); 02921 #endif 02922 #ifdef CONFIG_RSBAC_RMSG 02923 rsbac_printk(KERN_INFO 02924 "mac_auto_read_write(): Process %u (%.15s, owner %u): raising current categories from %s to %s for %s %s\n", 02925 pid, 02926 current->comm, 02927 current->uid, 02928 u64tostrmac(tmp2, target_categories), 02929 u64tostrmac(tmp1, curr_categories), 02930 target_type_name, 02931 target_id_name); 02932 #endif 02933 } 02934 rsbac_kfree(tmp2); 02935 } 02936 rsbac_kfree(tmp1); 02937 } 02938 rsbac_kfree(target_id_name); 02939 } 02940 rsbac_kfree(target_type_name); 02941 } 02942 } 02943 #endif 02944 if(mac_auto_used_cat) 02945 { 02946 i_tid.process = pid; 02947 attr_val1.mac_categories = target_categories; 02948 if (rsbac_get_attr(MAC, 02949 T_PROCESS, 02950 i_tid, 02951 A_min_write_categories, 02952 &attr_val2, 02953 TRUE)) 02954 { /* failed! */ 02955 rsbac_ds_set_error("mac_auto_read_write", A_none); 02956 return(NOT_GRANTED); 02957 } 02958 if((attr_val1.mac_categories & attr_val2.mac_categories) 02959 != attr_val2.mac_categories 02960 ) 02961 { 02962 if (rsbac_set_attr(MAC, 02963 T_PROCESS, 02964 i_tid, 02965 A_min_write_categories, 02966 attr_val1)) 02967 { /* failed! */ 02968 rsbac_ds_set_error("mac_auto_read_write", A_none); 02969 return(NOT_GRANTED); 02970 } 02971 } 02972 if (rsbac_get_attr(MAC, 02973 T_PROCESS, 02974 i_tid, 02975 A_max_read_categories, 02976 &attr_val2, 02977 TRUE)) 02978 { /* failed! */ 02979 rsbac_ds_get_error("mac_auto_read_write", A_none); 02980 return(NOT_GRANTED); 02981 } 02982 if((attr_val1.mac_categories & attr_val2.mac_categories) 02983 != attr_val1.mac_categories 02984 ) 02985 { 02986 if (rsbac_set_attr(MAC, 02987 T_PROCESS, 02988 i_tid, 02989 A_max_read_categories, 02990 attr_val1)) 02991 { /* failed! */ 02992 rsbac_ds_set_error("mac_auto_read_write", A_none); 02993 return(NOT_GRANTED); 02994 } 02995 } 02996 if (rsbac_set_attr(MAC, 02997 T_PROCESS, 02998 i_tid, 02999 A_mac_curr_categories, 03000 attr_val1)) 03001 { /* failed! */ 03002 rsbac_ds_set_error("mac_auto_read_write", A_none); 03003 return(NOT_GRANTED); 03004 } 03005 } 03006 else 03007 { 03008 attr_val1.mac_categories = curr_categories; 03009 if (rsbac_set_attr(MAC, 03010 target, 03011 tid, 03012 A_mac_categories, 03013 attr_val1)) 03014 { /* failed! */ 03015 rsbac_ds_set_error("mac_auto_read_write", A_none); 03016 return(NOT_GRANTED); 03017 } 03018 } 03019 } 03020 03021 /* Everything done, so return */ 03022 return(GRANTED); 03023 } 03024 03025 static enum rsbac_adf_req_ret_t 03026 auto_read_write( rsbac_pid_t pid, 03027 enum rsbac_target_t target, 03028 union rsbac_target_id_t tid, 03029 boolean set_level) 03030 { 03031 return auto_read_write_attr(pid, 03032 target, 03033 tid, 03034 A_security_level, 03035 A_mac_categories, 03036 set_level); 03037 } 03038 03039 /************************************************* */ 03040 /* Externally visible functions */ 03041 /************************************************* */ 03042 03043 enum rsbac_adf_req_ret_t 03044 rsbac_adf_request_mac (enum rsbac_adf_request_t request, 03045 rsbac_pid_t caller_pid, 03046 enum rsbac_target_t target, 03047 union rsbac_target_id_t tid, 03048 enum rsbac_attribute_t attr, 03049 union rsbac_attribute_value_t attr_val, 03050 rsbac_uid_t owner) 03051 { 03052 enum rsbac_adf_req_ret_t result = DO_NOT_CARE; 03053 union rsbac_target_id_t i_tid; 03054 union rsbac_attribute_value_t i_attr_val1; 03055 #if defined(CONFIG_RSBAC_MAC_NET_OBJ_PROT) 03056 union rsbac_attribute_value_t i_attr_val2; 03057 #endif 03058 03059 switch (request) 03060 { 03061 case R_ADD_TO_KERNEL: 03062 switch(target) 03063 { 03064 case T_NONE: 03065 /* test owner's mac_role */ 03066 return mac_check_role(owner, SR_administrator); 03067 03068 /* all other cases are unknown */ 03069 default: return(DO_NOT_CARE); 03070 } 03071 03072 case R_ALTER: 03073 /* only for IPC */ 03074 if (target == T_IPC) 03075 { 03076 /* and perform auto-write without setting attributes */ 03077 return(auto_write(caller_pid, 03078 target, 03079 tid, 03080 FALSE)); 03081 } 03082 else 03083 /* all other targets are unknown */ 03084 return (DO_NOT_CARE); 03085 break; 03086 03087 case R_APPEND_OPEN: 03088 switch(target) 03089 { 03090 case T_FILE: 03091 case T_FIFO: 03092 /* and perform auto-write without setting attributes */ 03093 return(auto_write(caller_pid, 03094 target, 03095 tid, 03096 FALSE)); 03097 break; 03098 case T_IPC: 03099 /* and perform auto-write without setting attributes */ 03100 return(auto_write(caller_pid, 03101 target, 03102 tid, 03103 FALSE)); 03104 break; 03105 case T_DEV: 03106 /* Only check for devices with mac_check set */ 03107 if (rsbac_get_attr(MAC, 03108 T_DEV, 03109 tid, 03110 A_mac_check, 03111 &i_attr_val1, 03112 FALSE)) 03113 { 03114 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03115 return(NOT_GRANTED); 03116 } 03117 if(!i_attr_val1.mac_check) 03118 return(DO_NOT_CARE); 03119 /* and perform auto-write without setting attributes */ 03120 return(auto_write(caller_pid, 03121 target, 03122 tid, 03123 FALSE)); 03124 break; 03125 /* all other cases are unknown */ 03126 default: return(DO_NOT_CARE); 03127 } 03128 03129 case R_CHANGE_GROUP: 03130 switch(target) 03131 { 03132 case T_FILE: 03133 case T_DIR: 03134 case T_FIFO: 03135 case T_SYMLINK: 03136 /* and perform auto-write without setting attributes */ 03137 return(auto_write(caller_pid, 03138 target, 03139 tid, 03140 FALSE)); 03141 case T_IPC: 03142 /* and perform auto-write without setting attributes */ 03143 return(auto_write(caller_pid, 03144 target, 03145 tid, 03146 FALSE)); 03147 03148 /* We do not care about */ 03149 /* all other cases */ 03150 default: return(DO_NOT_CARE); 03151 } 03152 03153 case R_CHANGE_OWNER: 03154 switch(target) 03155 { 03156 case T_FILE: 03157 case T_DIR: 03158 case T_FIFO: 03159 case T_SYMLINK: 03160 /* and perform auto-write without setting attributes */ 03161 return(auto_write(caller_pid, 03162 target, 03163 tid, 03164 FALSE)); 03165 03166 case T_IPC: 03167 return(auto_write(caller_pid, 03168 target, 03169 tid, 03170 FALSE)); 03171 03172 /* all other cases are unknown */ 03173 default: 03174 return(DO_NOT_CARE); 03175 } 03176 03177 case R_CHDIR: 03178 switch(target) 03179 { 03180 case T_DIR: 03181 /* and perform auto-read without setting attributes */ 03182 return(auto_read(caller_pid, 03183 target, 03184 tid, 03185 FALSE)); 03186 break; 03187 /* all other cases are unknown */ 03188 default: return(DO_NOT_CARE); 03189 } 03190 03191 case R_CLONE: 03192 if (target == T_PROCESS) 03193 return(GRANTED); 03194 else 03195 return(DO_NOT_CARE); 03196 03197 case R_CREATE: 03198 switch(target) 03199 { 03200 /* Creating dir or (pseudo) file IN target dir! */ 03201 case T_DIR: 03202 #ifdef CONFIG_RSBAC_MAC_LIGHT 03203 return GRANTED; 03204 #else 03205 /* Mode of created item is ignored! */ 03206 /* and perform auto-write without setting attributes */ 03207 return(auto_write(caller_pid, 03208 target, 03209 tid, 03210 FALSE)); 03211 #endif 03212 break; 03213 03214 #ifdef CONFIG_RSBAC_MAC_NET_OBJ_PROT 03215 case T_NETTEMP: 03216 return mac_check_role(owner, SR_security_officer); 03217 03218 case T_NETOBJ: 03219 /* and perform auto-write without setting attributes */ 03220 return(auto_write_attr(caller_pid, 03221 target, 03222 tid, 03223 A_local_sec_level, 03224 A_local_mac_categories, 03225 FALSE)); 03226 #endif 03227 03228 /* all other cases are unknown */ 03229 default: return(DO_NOT_CARE); 03230 } 03231 03232 case R_DELETE: 03233 switch(target) 03234 { 03235 case T_FILE: 03236 case T_DIR: 03237 case T_FIFO: 03238 case T_SYMLINK: 03239 /* and perform auto-write without setting attributes */ 03240 return(auto_write(caller_pid, 03241 target, 03242 tid, 03243 FALSE)); 03244 break; 03245 case T_IPC: 03246 /* and perform auto-write without setting attributes */ 03247 return(auto_write(caller_pid, 03248 target, 03249 tid, 03250 FALSE)); 03251 break; 03252 03253 #ifdef CONFIG_RSBAC_MAC_NET_OBJ_PROT 03254 case T_NETTEMP: 03255 return mac_check_role(owner, SR_security_officer); 03256 #endif 03257 03258 /* all other cases are unknown */ 03259 default: return(DO_NOT_CARE); 03260 } 03261 03262 case R_EXECUTE: 03263 switch(target) 03264 { 03265 case T_FILE: 03266 /* and perform auto-read without setting attributes */ 03267 return(auto_read(caller_pid, 03268 target, 03269 tid, 03270 FALSE)); 03271 03272 /* all other cases are unknown */ 03273 default: 03274 return(DO_NOT_CARE); 03275 } 03276 03277 case R_GET_PERMISSIONS_DATA: 03278 switch(target) 03279 { 03280 default: 03281 return(DO_NOT_CARE); 03282 }; 03283 03284 case R_GET_STATUS_DATA: 03285 switch(target) 03286 { 03287 case T_SCD: 03288 /* target rsbaclog? only for secoff */ 03289 if (tid.scd != ST_rsbaclog) 03290 return(GRANTED); 03291 /* Secoff? */ 03292 if(mac_check_role(owner, SR_security_officer) == NOT_GRANTED) 03293 return mac_check_role(owner, SR_auditor); 03294 else 03295 return GRANTED; 03296 03297 case T_PROCESS: 03298 /* perform auto-read without setting attributes */ 03299 return(auto_read_attr(caller_pid, 03300 target, 03301 tid, 03302 A_current_sec_level, 03303 A_mac_curr_categories, 03304 FALSE)); 03305 03306 default: 03307 return(DO_NOT_CARE); 03308 }; 03309 03310 case R_LINK_HARD: 03311 switch(target) 03312 { 03313 case T_FILE: 03314 case T_FIFO: 03315 case T_SYMLINK: 03316 /* and perform auto-write without setting attributes */ 03317 return(auto_write(caller_pid, 03318 target, 03319 tid, 03320 FALSE)); 03321 break; 03322 /* all other cases are unknown */ 03323 default: return(DO_NOT_CARE); 03324 } 03325 03326 case R_MODIFY_ACCESS_DATA: 03327 switch(target) 03328 { 03329 case T_FILE: 03330 case T_DIR: 03331 case T_FIFO: 03332 case T_SYMLINK: 03333 /* and perform auto-write without setting attributes */ 03334 return(auto_write(caller_pid, 03335 target, 03336 tid, 03337 FALSE)); 03338 break; 03339 /* all other cases are unknown */ 03340 default: return(DO_NOT_CARE); 03341 } 03342 03343 case R_MODIFY_ATTRIBUTE: 03344 switch(attr) 03345 { 03346 case A_security_level: 03347 case A_local_sec_level: 03348 case A_remote_sec_level: 03349 case A_min_security_level: 03350 case A_mac_categories: 03351 case A_local_mac_categories: 03352 case A_remote_mac_categories: 03353 case A_mac_min_categories: 03354 case A_pseudo: 03355 case A_system_role: 03356 case A_mac_role: 03357 case A_current_sec_level: 03358 case A_mac_curr_categories: 03359 case A_min_write_open: 03360 case A_max_read_open: 03361 case A_min_write_categories: 03362 case A_max_read_categories: 03363 case A_mac_user_flags: 03364 case A_mac_process_flags: 03365 case A_mac_check: 03366 case A_mac_auto: 03367 case A_mac_prop_trusted: 03368 case A_mac_file_flags: 03369 case A_initial_security_level: 03370 case A_mac_initial_categories: 03371 #ifdef CONFIG_RSBAC_MAC_GEN_PROT 03372 case A_log_array_low: 03373 case A_log_array_high: 03374 case A_log_program_based: 03375 case A_log_user_based: 03376 case A_symlink_add_uid: 03377 case A_symlink_add_rc_role: 03378 case A_linux_dac_disable: 03379 case A_fake_root_uid: 03380 #endif 03381 #ifdef CONFIG_RSBAC_MAC_AUTH_PROT 03382 case A_auth_may_setuid: 03383 case A_auth_may_set_cap: 03384 case A_auth_start_uid: 03385 case A_auth_program_file: 03386 case A_auth_learn: 03387 case A_auth_add_f_cap: 03388 case A_auth_remove_f_cap: 03389 #endif 03390 /* All attributes (remove target!) */ 03391 case A_none: 03392 /* Security Officer? */ 03393 return mac_check_role(owner, SR_security_officer); 03394 03395 default: 03396 return(DO_NOT_CARE); 03397 } 03398 03399 case R_MODIFY_PERMISSIONS_DATA: 03400 switch(target) 03401 { 03402 case T_FILE: 03403 case T_DIR: 03404 case T_FIFO: 03405 case T_SYMLINK: 03406 case T_IPC: 03407 /* and perform auto-write without setting attributes */ 03408 return(auto_write(caller_pid, 03409 target, 03410 tid, 03411 FALSE)); 03412 break; 03413 03414 case T_SCD: 03415 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM 03416 if(tid.scd == ST_ioports) 03417 return GRANTED; 03418 #endif 03419 /* Security Officer? */ 03420 i_tid.user = owner; 03421 if (rsbac_get_attr(MAC, 03422 T_USER, 03423 i_tid, 03424 A_mac_role, 03425 &i_attr_val1, 03426 TRUE)) 03427 { 03428 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03429 return(NOT_GRANTED); 03430 } 03431 /* if sec_officer, then grant */ 03432 if (i_attr_val1.system_role == SR_security_officer) 03433 return(GRANTED); 03434 /* For booting: if administrator and ioports, then grant */ 03435 if ( (i_attr_val1.system_role == SR_administrator) 03436 && (tid.scd == ST_ioports) ) 03437 return(GRANTED); 03438 else 03439 return(NOT_GRANTED); 03440 03441 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE 03442 /* switching Linux DAC */ 03443 case T_NONE: 03444 /* Security Officer? */ 03445 i_tid.user = owner; 03446 if (rsbac_get_attr(MAC, 03447 T_USER, 03448 i_tid, 03449 A_mac_role, 03450 &i_attr_val1, 03451 TRUE)) 03452 { 03453 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03454 return(NOT_GRANTED); 03455 } 03456 /* if sec_officer, then grant */ 03457 if (i_attr_val1.system_role == SR_security_officer) 03458 return(GRANTED); 03459 else 03460 return(NOT_GRANTED); 03461 #endif 03462 03463 /* all other cases are unknown */ 03464 default: return(DO_NOT_CARE); 03465 } 03466 03467 case R_MODIFY_SYSTEM_DATA: 03468 switch(target) 03469 { 03470 case T_SCD: 03471 /* target rlimit? no problem, but needed -> grant */ 03472 if (tid.scd == ST_rlimit) 03473 return(GRANTED); 03474 /* Get role */ 03475 i_tid.user = owner; 03476 if (rsbac_get_attr(MAC, 03477 T_USER, 03478 i_tid, 03479 A_mac_role, 03480 &i_attr_val1, 03481 TRUE)) 03482 { 03483 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03484 return(NOT_GRANTED); 03485 } 03486 /* if rsbaclog: grant only for secoff and auditor */ 03487 if(tid.scd == ST_rsbaclog) 03488 { 03489 if ( (i_attr_val1.system_role == SR_security_officer) 03490 || (i_attr_val1.system_role == SR_auditor) 03491 ) 03492 return(GRANTED); 03493 else 03494 return(NOT_GRANTED); 03495 } 03496 /* if administrator, then grant */ 03497 if (i_attr_val1.system_role == SR_administrator) 03498 return(GRANTED); 03499 else 03500 return(NOT_GRANTED); 03501 03502 #ifdef CONFIG_RSBAC_MAC_NET_DEV_PROT 03503 case T_NETDEV: 03504 return mac_check_role(owner, SR_administrator); 03505 #endif 03506 03507 /* all other cases are unknown */ 03508 default: return(DO_NOT_CARE); 03509 } 03510 03511 case R_MOUNT: 03512 switch(target) 03513 { 03514 case T_FILE: 03515 case T_DIR: 03516 case T_DEV: 03517 /* test owner's mac_role: Administrator? */ 03518 #ifndef CONFIG_RSBAC_MAC_LIGHT 03519 if(mac_check_role(owner, SR_administrator) == NOT_GRANTED) 03520 return(NOT_GRANTED); 03521 #endif 03522 /* test read-write access to mount dir / dev: */ 03523 /* and perform auto-read(-write) without setting of attributes */ 03524 if( (target == T_DEV) 03525 && (attr == A_mode) 03526 && (attr_val.mode & MS_RDONLY)) 03527 return(auto_read(caller_pid, 03528 target, 03529 tid, 03530 FALSE)); 03531 else 03532 return(auto_read_write(caller_pid, 03533 target, 03534 tid, 03535 FALSE)); 03536 03537 /* all other cases are unknown */ 03538 default: return(DO_NOT_CARE); 03539 } 03540 03541 case R_READ: 03542 switch(target) 03543 { 03544 case T_DIR: 03545 #ifdef CONFIG_RSBAC_RW 03546 case T_IPC: 03547 case T_FILE: 03548 case T_FIFO: 03549 #endif 03550 /* and perform auto-read without setting attributes */ 03551 return(auto_read(caller_pid, 03552 target, 03553 tid, 03554 FALSE)); 03555 break; 03556 03557 #ifdef CONFIG_RSBAC_RW 03558 case T_DEV: 03559 /* Only check for devices with mac_check set */ 03560 if (rsbac_get_attr(MAC, 03561 T_DEV, 03562 tid, 03563 A_mac_check, 03564 &i_attr_val1, 03565 FALSE)) 03566 { 03567 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03568 return(NOT_GRANTED); 03569 } 03570 if(!i_attr_val1.mac_check) 03571 return(DO_NOT_CARE); 03572 /* and perform auto-read without setting attributes */ 03573 return(auto_read(caller_pid, 03574 target, 03575 tid, 03576 FALSE)); 03577 break; 03578 #endif 03579 03580 #if defined(CONFIG_RSBAC_MAC_NET_OBJ_PROT) 03581 case T_NETTEMP: 03582 if(mac_check_role(owner, SR_security_officer) == GRANTED) 03583 return GRANTED; 03584 return mac_check_role(owner, SR_administrator); 03585 03586 case T_NETOBJ: 03587 /* and perform auto-read without setting attributes */ 03588 return(auto_read_attr(caller_pid, 03589 target, 03590 tid, 03591 A_remote_sec_level, 03592 A_remote_mac_categories, 03593 FALSE)); 03594 #endif 03595 03596 /* all other cases are unknown */ 03597 default: return(DO_NOT_CARE); 03598 } 03599 03600 03601 case R_READ_ATTRIBUTE: 03602 switch(attr) 03603 { 03604 case A_owner: 03605 case A_security_level: 03606 case A_local_sec_level: 03607 case A_remote_sec_level: 03608 case A_min_security_level: 03609 case A_mac_categories: 03610 case A_local_mac_categories: 03611 case A_remote_mac_categories: 03612 case A_mac_min_categories: 03613 case A_pseudo: 03614 case A_system_role: 03615 case A_mac_role: 03616 case A_current_sec_level: 03617 case A_min_write_open: 03618 case A_max_read_open: 03619 case A_mac_user_flags: 03620 case A_mac_process_flags: 03621 case A_mac_check: 03622 case A_mac_auto: 03623 case A_mac_prop_trusted: 03624 case A_mac_file_flags: 03625 case A_initial_security_level: 03626 case A_mac_initial_categories: 03627 #ifdef CONFIG_RSBAC_MAC_GEN_PROT 03628 case A_log_array_low: 03629 case A_log_array_high: 03630 case A_log_program_based: 03631 case A_log_user_based: 03632 case A_symlink_add_uid: 03633 case A_fake_root_uid: 03634 #endif 03635 #ifdef CONFIG_RSBAC_MAC_AUTH_PROT 03636 case A_auth_may_setuid: 03637 case A_auth_may_set_cap: 03638 case A_auth_start_uid: 03639 case A_auth_program_file: 03640 case A_auth_learn: 03641 #endif 03642 /* Security Officer ot Admin? */ 03643 if(mac_check_role(owner, SR_security_officer) == GRANTED) 03644 return GRANTED; 03645 else 03646 return mac_check_role(owner, SR_administrator); 03647 03648 default: 03649 return(DO_NOT_CARE); 03650 } 03651 03652 case R_READ_OPEN: 03653 switch(target) 03654 { 03655 case T_FILE: 03656 case T_DIR: 03657 case T_FIFO: 03658 case T_IPC: 03659 /* and perform auto-read without setting attributes */ 03660 return(auto_read(caller_pid, 03661 target, 03662 tid, 03663 FALSE)); 03664 break; 03665 case T_DEV: 03666 /* Only check for devices with mac_check set */ 03667 if (rsbac_get_attr(MAC, 03668 T_DEV, 03669 tid, 03670 A_mac_check, 03671 &i_attr_val1, 03672 FALSE)) 03673 { 03674 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03675 return(NOT_GRANTED); 03676 } 03677 if(!i_attr_val1.mac_check) 03678 return(DO_NOT_CARE); 03679 /* and perform auto-read without setting attributes */ 03680 return(auto_read(caller_pid, 03681 target, 03682 tid, 03683 FALSE)); 03684 break; 03685 /* all other cases are unknown */ 03686 default: return(DO_NOT_CARE); 03687 } 03688 03689 case R_READ_WRITE_OPEN: 03690 switch(target) 03691 { 03692 case T_FILE: 03693 case T_FIFO: 03694 case T_IPC: 03695 /* and perform auto-read-write without setting attributes */ 03696 return(auto_read_write(caller_pid, 03697 target, 03698 tid, 03699 FALSE)); 03700 03701 case T_DEV: 03702 /* Only check for devices with mac_check set */ 03703 if (rsbac_get_attr(MAC, 03704 T_DEV, 03705 tid, 03706 A_mac_check, 03707 &i_attr_val1, 03708 FALSE)) 03709 { 03710 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03711 return(NOT_GRANTED); 03712 } 03713 if(!i_attr_val1.mac_check) 03714 return(DO_NOT_CARE); 03715 /* and perform auto-read-write without setting attributes */ 03716 return(auto_read_write(caller_pid, 03717 target, 03718 tid, 03719 FALSE)); 03720 03721 /* all other cases are unknown */ 03722 default: return(DO_NOT_CARE); 03723 } 03724 03725 case R_REMOVE_FROM_KERNEL: 03726 case R_SHUTDOWN: 03727 switch(target) 03728 { 03729 case T_NONE: 03730 /* test owner's mac_role */ 03731 return mac_check_role(owner, SR_administrator); 03732 03733 /* all other cases are unknown */ 03734 default: return(DO_NOT_CARE); 03735 } 03736 03737 case R_RENAME: 03738 switch(target) 03739 { 03740 case T_FILE: 03741 case T_DIR: 03742 case T_FIFO: 03743 case T_SYMLINK: 03744 /* and perform auto-write without setting attributes */ 03745 result = auto_write(caller_pid, 03746 target, 03747 tid, 03748 FALSE); 03749 /* if parent dir might change, convert inherit to explicit level/cat: 03750 get and set effective value */ 03751 if( ( (result == GRANTED) 03752 || (result == DO_NOT_CARE) 03753 ) 03754 && ( (attr != A_new_dir_dentry_p) 03755 || (attr_val.new_dir_dentry_p != tid.file.dentry_p->d_parent) 03756 ) 03757 ) 03758 { 03759 if (rsbac_get_attr(MAC, 03760 target, 03761 tid, 03762 A_security_level, 03763 &i_attr_val1, 03764 TRUE)) 03765 { /* failed! */ 03766 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03767 return(NOT_GRANTED); 03768 } 03769 if(rsbac_set_attr(MAC, 03770 target, 03771 tid, 03772 A_security_level, 03773 i_attr_val1)) 03774 { /* failed! */ 03775 rsbac_ds_set_error("rsbac_adf_request_mac", A_none); 03776 return(NOT_GRANTED); 03777 } 03778 if (rsbac_get_attr(MAC, 03779 target, 03780 tid, 03781 A_mac_categories, 03782 &i_attr_val1, 03783 TRUE)) 03784 { /* failed! */ 03785 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03786 return(NOT_GRANTED); 03787 } 03788 if(rsbac_set_attr(MAC, 03789 target, 03790 tid, 03791 A_mac_categories, 03792 i_attr_val1)) 03793 { /* failed! */ 03794 rsbac_ds_set_error("rsbac_adf_request_mac", A_none); 03795 return(NOT_GRANTED); 03796 } 03797 } 03798 return result; 03799 break; 03800 /* all other cases are unknown */ 03801 default: return(DO_NOT_CARE); 03802 } 03803 03804 03805 case R_SEARCH: 03806 switch(target) 03807 { 03808 case T_DIR: 03809 case T_SYMLINK: 03810 /* and perform auto-read without setting attributes */ 03811 return(auto_read(caller_pid, 03812 target, 03813 tid, 03814 FALSE)); 03815 break; 03816 /* all other cases are unknown */ 03817 default: return(DO_NOT_CARE); 03818 } 03819 03820 case R_SEND_SIGNAL: 03821 switch(target) 03822 { 03823 case T_PROCESS: 03824 /* and perform auto-write without setting attributes */ 03825 return(auto_write_attr(caller_pid, 03826 target, 03827 tid, 03828 A_current_sec_level, 03829 A_mac_curr_categories, 03830 FALSE)); 03831 03832 /* all other cases are unknown */ 03833 default: 03834 return(DO_NOT_CARE); 03835 } 03836 03837 /* case R_SHUTDOWN: see R_REMOVE_FROM_KERNEL */ 03838 03839 case R_SWITCH_LOG: 03840 switch(target) 03841 { 03842 case T_NONE: 03843 /* test owner's mac_role */ 03844 return mac_check_role(owner, SR_security_officer); 03845 03846 /* all other cases are unknown */ 03847 default: return(DO_NOT_CARE); 03848 } 03849 03850 case R_SWITCH_MODULE: 03851 switch(target) 03852 { 03853 case T_NONE: 03854 /* we need the switch_target */ 03855 if(attr != A_switch_target) 03856 return(UNDEFINED); 03857 /* do not care for other modules */ 03858 if( (attr_val.switch_target != MAC) 03859 #ifdef CONFIG_RSBAC_MAC_AUTH_PROT 03860 && (attr_val.switch_target != AUTH) 03861 #endif 03862 #ifdef CONFIG_RSBAC_SOFTMODE 03863 && (attr_val.switch_target != SOFTMODE) 03864 #endif 03865 ) 03866 return(DO_NOT_CARE); 03867 /* test owner's mac_role */ 03868 return mac_check_role(owner, SR_security_officer); 03869 03870 /* all other cases are unknown */ 03871 default: return(DO_NOT_CARE); 03872 } 03873 03874 /* notify only, handled by adf-dispatcher */ 03875 case R_TERMINATE: 03876 if (target == T_PROCESS) 03877 return(DO_NOT_CARE); 03878 else 03879 return(DO_NOT_CARE); 03880 03881 case R_TRACE: 03882 switch(target) 03883 { 03884 case T_PROCESS: 03885 /* and perform auto-read-write without setting attributes */ 03886 return(auto_read_write_attr(caller_pid, 03887 target, 03888 tid, 03889 A_current_sec_level, 03890 A_mac_curr_categories, 03891 FALSE)); 03892 03893 /* all other cases are unknown */ 03894 default: 03895 return(DO_NOT_CARE); 03896 } 03897 03898 case R_TRUNCATE: 03899 switch(target) 03900 { 03901 case T_FILE: 03902 /* and perform auto-write without setting attributes */ 03903 return(auto_write(caller_pid, 03904 target, 03905 tid, 03906 FALSE)); 03907 break; 03908 /* all other cases are unknown */ 03909 default: return(DO_NOT_CARE); 03910 } 03911 03912 case R_UMOUNT: 03913 switch(target) 03914 { 03915 case T_FILE: 03916 case T_DIR: 03917 case T_DEV: 03918 #ifdef CONFIG_RSBAC_MAC_LIGHT 03919 return(GRANTED); 03920 #else 03921 return mac_check_role(owner, SR_administrator); 03922 #endif 03923 /* all other cases are unknown */ 03924 default: return(DO_NOT_CARE); 03925 } 03926 03927 case R_WRITE: 03928 switch(target) 03929 { 03930 case T_DIR: 03931 #ifdef CONFIG_RSBAC_RW 03932 case T_FILE: 03933 case T_FIFO: 03934 #endif 03935 /* Mode of created item is ignored! */ 03936 /* and perform auto-write without setting attributes */ 03937 return(auto_write(caller_pid, 03938 target, 03939 tid, 03940 FALSE)); 03941 03942 03943 #ifdef CONFIG_RSBAC_RW 03944 case T_DEV: 03945 /* Only check for devices with mac_check set */ 03946 if (rsbac_get_attr(MAC, 03947 T_DEV, 03948 tid, 03949 A_mac_check, 03950 &i_attr_val1, 03951 FALSE)) 03952 { 03953 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03954 return(NOT_GRANTED); 03955 } 03956 if(!i_attr_val1.mac_check) 03957 return(DO_NOT_CARE); 03958 /* and perform auto-write without setting attributes */ 03959 return(auto_write(caller_pid, 03960 target, 03961 tid, 03962 FALSE)); 03963 break; 03964 #endif 03965 03966 #if defined(CONFIG_RSBAC_MAC_NET_OBJ_PROT) 03967 case T_NETTEMP: 03968 return mac_check_role(owner, SR_security_officer); 03969 03970 case T_NETOBJ: 03971 /* test write access to target: get its sec_level */ 03972 if (rsbac_get_attr(MAC, 03973 target, 03974 tid, 03975 A_remote_sec_level, 03976 &i_attr_val1, 03977 TRUE)) 03978 { 03979 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03980 return(NOT_GRANTED); 03981 } 03982 if (rsbac_get_attr(MAC, 03983 target, 03984 tid, 03985 A_remote_mac_categories, 03986 &i_attr_val2, 03987 TRUE)) 03988 { 03989 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 03990 return(NOT_GRANTED); 03991 } 03992 /* and perform auto-write without setting attributes */ 03993 return(auto_write_attr(caller_pid, 03994 target, 03995 tid, 03996 A_remote_sec_level, 03997 A_remote_mac_categories, 03998 FALSE)); 03999 #endif 04000 04001 /* all other cases are unknown */ 04002 default: return(DO_NOT_CARE); 04003 } 04004 04005 case R_WRITE_OPEN: 04006 switch(target) 04007 { 04008 case T_FILE: 04009 case T_FIFO: 04010 case T_IPC: 04011 /* and perform auto-write without setting attributes */ 04012 return(auto_write(caller_pid, 04013 target, 04014 tid, 04015 FALSE)); 04016 break; 04017 case T_DEV: 04018 /* Only check for devices with mac_check set */ 04019 if (rsbac_get_attr(MAC, 04020 T_DEV, 04021 tid, 04022 A_mac_check, 04023 &i_attr_val1, 04024 FALSE)) 04025 { 04026 rsbac_ds_get_error("rsbac_adf_request_mac", A_none); 04027 return(NOT_GRANTED); 04028 } 04029 if(!i_attr_val1.mac_check) 04030 return(DO_NOT_CARE); 04031 /* and perform auto-write without setting attributes */ 04032 return(auto_write(caller_pid, 04033 target, 04034 tid, 04035 FALSE)); 04036 break; 04037 /* all other cases are unknown */ 04038 default: return(DO_NOT_CARE); 04039 } 04040 04041 #if defined(CONFIG_RSBAC_MAC_NET_OBJ_PROT) 04042 case R_BIND: 04043 case R_LISTEN: 04044 switch(target) 04045 { 04046 case T_NETOBJ: 04047 /* and perform auto-read-write without setting attributes */ 04048 return(auto_read_write_attr(caller_pid, 04049 target, 04050 tid, 04051 A_local_sec_level, 04052 A_local_mac_categories, 04053 FALSE)); 04054 04055 /* all other cases are unknown */ 04056 default: return(DO_NOT_CARE); 04057 } 04058 04059 case R_ACCEPT: 04060 case R_CONNECT: 04061 case R_SEND: 04062 case R_RECEIVE: 04063 switch(target) 04064 { 04065 case T_NETOBJ: 04066 /* and perform auto-read-write without setting attributes */ 04067 return(auto_read_write_attr(caller_pid, 04068 target, 04069 tid, 04070 A_remote_sec_level, 04071 A_remote_mac_categories, 04072 FALSE)); 04073 04074 /* all other cases are unknown */ 04075 default: return(DO_NOT_CARE); 04076 } 04077 04078 #endif /* NET_OBJ_PROT */ 04079 04080 /*********************/ 04081 default: return DO_NOT_CARE; 04082 } 04083 04084 return(result); 04085 } /* end of rsbac_adf_request_mac() */ 04086 04087 04088 /*****************************************************************************/ 04089 /* If the request returned granted and the operation is performed, */ 04090 /* the following function can be called by the AEF to get all aci set */ 04091 /* correctly. For write accesses that are performed fully within the kernel, */ 04092 /* this is usually not done to prevent extra calls, including R_CLOSE for */ 04093 /* cleaning up. Because of this, the write boundary is not adjusted - there */ 04094 /* is no user-level writing anyway... */ 04095 /* The second instance of target specification is the new target, if one has */ 04096 /* been created, otherwise its values are ignored. */ 04097 /* On success, 0 is returned, and an error from rsbac/error.h otherwise. */ 04098 04099 int rsbac_adf_set_attr_mac( 04100 enum rsbac_adf_request_t request, 04101 rsbac_pid_t caller_pid, 04102 enum rsbac_target_t target, 04103 union rsbac_target_id_t tid, 04104 enum rsbac_target_t new_target, 04105 union rsbac_target_id_t new_tid, 04106 enum rsbac_attribute_t attr, 04107 union rsbac_attribute_value_t attr_val, 04108 rsbac_uid_t owner) 04109 { 04110 enum rsbac_adf_req_ret_t result = DO_NOT_CARE; 04111 union rsbac_target_id_t i_tid; 04112 union rsbac_attribute_value_t i_attr_val1; 04113 union rsbac_attribute_value_t i_attr_val2; 04114 union rsbac_attribute_value_t i_attr_val3; 04115 union rsbac_attribute_value_t i_attr_val4; 04116 union rsbac_attribute_value_t i_attr_val5; 04117 union rsbac_attribute_value_t i_attr_val6; 04118 union rsbac_attribute_value_t i_attr_val7; 04119 union rsbac_attribute_value_t i_attr_val8; 04120 union rsbac_attribute_value_t i_attr_val9; 04121 boolean inherit; 04122 04123 switch (request) 04124 { 04125 case R_APPEND_OPEN: 04126 switch(target) 04127 { 04128 case T_FILE: 04129 case T_FIFO: 04130 case T_IPC: 04131 /* test write access to target: get its sec_level */ 04132 if( (target == T_FILE) 04133 || (target == T_FIFO) 04134 ) 04135 inherit = TRUE; 04136 else 04137 inherit = FALSE; 04138 if (rsbac_get_attr(MAC, 04139 target, 04140 tid, 04141 A_security_level, 04142 &i_attr_val1, 04143 inherit)) 04144 { 04145 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04146 return(-RSBAC_EREADFAILED); 04147 } 04148 if (rsbac_get_attr(MAC, 04149 target, 04150 tid, 04151 A_mac_categories, 04152 &i_attr_val2, 04153 inherit)) 04154 { 04155 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04156 return(-RSBAC_EREADFAILED); 04157 } 04158 /* and perform auto-write with setting attributes */ 04159 result = auto_write(caller_pid, 04160 target, 04161 tid, 04162 TRUE); 04163 if ((result == GRANTED) || (result == DO_NOT_CARE)) 04164 return(0); 04165 else 04166 return(-RSBAC_EDECISIONMISMATCH); 04167 break; 04168 case T_DEV: 04169 /* Only check for devices with mac_check set */ 04170 if (rsbac_get_attr(MAC, 04171 T_DEV, 04172 tid, 04173 A_mac_check, 04174 &i_attr_val1, 04175 FALSE)) 04176 { 04177 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04178 return(-RSBAC_EREADFAILED); 04179 } 04180 if(!i_attr_val1.mac_check) 04181 return(0); 04182 /* and perform auto-write with setting attributes */ 04183 result = auto_write(caller_pid, 04184 target, 04185 tid, 04186 TRUE); 04187 if ((result == GRANTED) || (result == DO_NOT_CARE)) 04188 return(0); 04189 else 04190 return(-RSBAC_EDECISIONMISMATCH); 04191 break; 04192 /* all other cases are unknown */ 04193 default: return(0); 04194 } 04195 04196 case R_CHANGE_OWNER: 04197 switch(target) 04198 { 04199 /* Changing process owner affects access decisions, */ 04200 /* so attributes have to be adjusted. */ 04201 case T_PROCESS: 04202 /* For target process there MUST be a new owner specified */ 04203 if (attr != A_owner) 04204 return(-RSBAC_EINVALIDATTR); 04205 04206 /* Get owner-sec-level and mac_categories for new owner */ 04207 i_tid.user = attr_val.owner; 04208 if (rsbac_get_attr(MAC, 04209 T_USER, 04210 i_tid, 04211 A_security_level, 04212 &i_attr_val2, 04213 TRUE)) 04214 { 04215 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04216 return(-RSBAC_EREADFAILED); 04217 } 04218 if (rsbac_get_attr(MAC, 04219 T_USER, 04220 i_tid, 04221 A_mac_categories, 04222 &i_attr_val3, 04223 TRUE)) 04224 { 04225 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04226 return(-RSBAC_EREADFAILED); 04227 } 04228 /* set owner-sec-level and mac_categories for process to new values */ 04229 if (rsbac_set_attr(MAC, 04230 T_PROCESS, 04231 tid, 04232 A_security_level, 04233 i_attr_val2)) 04234 { 04235 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04236 return(-RSBAC_EWRITEFAILED); 04237 } 04238 if (rsbac_set_attr(MAC, 04239 T_PROCESS, 04240 tid, 04241 A_mac_categories, 04242 i_attr_val3)) 04243 { 04244 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04245 return(-RSBAC_EWRITEFAILED); 04246 } 04247 /* Get min_write_open and min_write_categories of process */ 04248 if (rsbac_get_attr(MAC, 04249 T_PROCESS, 04250 tid, 04251 A_min_write_open, 04252 &i_attr_val4, 04253 TRUE)) 04254 { 04255 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04256 return(-RSBAC_EREADFAILED); 04257 } 04258 if (rsbac_get_attr(MAC, 04259 T_PROCESS, 04260 tid, 04261 A_min_write_categories, 04262 &i_attr_val5, 04263 TRUE)) 04264 { 04265 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04266 return(-RSBAC_EREADFAILED); 04267 } 04268 /* adjust min_write_open and min_write_categories, if too high */ 04269 if(i_attr_val2.security_level < i_attr_val4.min_write_open) 04270 { 04271 i_attr_val4.min_write_open = i_attr_val2.security_level; 04272 if(rsbac_set_attr(MAC, 04273 T_PROCESS, 04274 tid, 04275 A_min_write_open, 04276 i_attr_val4)) 04277 { 04278 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04279 return(-RSBAC_EWRITEFAILED); 04280 } 04281 } 04282 /* does process have categories in min_write that the new owner has not? */ 04283 /* If yes, throw them out. */ 04284 if ((i_attr_val3.mac_categories & i_attr_val5.mac_categories) 04285 != i_attr_val5.mac_categories) 04286 { 04287 i_attr_val5.mac_categories &= i_attr_val3.mac_categories; 04288 if(rsbac_set_attr(MAC, 04289 T_PROCESS, 04290 tid, 04291 A_min_write_categories, 04292 i_attr_val5)) 04293 { 04294 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04295 return(-RSBAC_EWRITEFAILED); 04296 } 04297 } 04298 /* Get owner-initial-sec-level and mac_initial_categories for new owner */ 04299 /* These values will be adjusted by max_read / min_write and then used as */ 04300 /* new current level/categories. */ 04301 i_tid.user = attr_val.owner; 04302 if (rsbac_get_attr(MAC, 04303 T_USER, 04304 i_tid, 04305 A_initial_security_level, 04306 &i_attr_val6, 04307 TRUE)) 04308 { 04309 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04310 return(-RSBAC_EREADFAILED); 04311 } 04312 if (rsbac_set_attr(MAC, 04313 T_PROCESS, 04314 tid, 04315 A_initial_security_level, 04316 i_attr_val6)) 04317 { 04318 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04319 return(-RSBAC_EWRITEFAILED); 04320 } 04321 #if 0 04322 /* restrict current_level to be a maximum of min_write */ 04323 if(i_attr_val6.security_level > i_attr_val4.min_write_open) 04324 i_attr_val6.security_level = i_attr_val4.min_write_open; 04325 #endif 04326 if (rsbac_get_attr(MAC, 04327 T_USER, 04328 i_tid, 04329 A_mac_initial_categories, 04330 &i_attr_val7, 04331 TRUE)) 04332 { 04333 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04334 return(-RSBAC_EREADFAILED); 04335 } 04336 if (rsbac_set_attr(MAC, 04337 T_PROCESS, 04338 tid, 04339 A_mac_initial_categories, 04340 i_attr_val7)) 04341 { 04342 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04343 return(-RSBAC_EWRITEFAILED); 04344 } 04345 #if 0 04346 /* restrict current_categories to be a maximum of min_write */ 04347 if((i_attr_val7.mac_categories & i_attr_val5.mac_categories) != i_attr_val7.mac_categories) 04348 i_attr_val7.mac_categories &= i_attr_val5.mac_categories; 04349 #endif 04350 /* Get owner-min-sec-level and mac_min_categories for new owner */ 04351 i_tid.user = attr_val.owner; 04352 if (rsbac_get_attr(MAC, 04353 T_USER, 04354 i_tid, 04355 A_min_security_level, 04356 &i_attr_val8, 04357 TRUE)) 04358 { 04359 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04360 return(-RSBAC_EREADFAILED); 04361 } 04362 if (rsbac_get_attr(MAC, 04363 T_USER, 04364 i_tid, 04365 A_mac_min_categories, 04366 &i_attr_val9, 04367 TRUE)) 04368 { 04369 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04370 return(-RSBAC_EREADFAILED); 04371 } 04372 /* set owner-sec-level and mac_categories for process to new values */ 04373 /* owner is set by main dispatcher! */ 04374 if (rsbac_set_attr(MAC, 04375 T_PROCESS, 04376 tid, 04377 A_min_security_level, 04378 i_attr_val8)) 04379 { 04380 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04381 return(-RSBAC_EWRITEFAILED); 04382 } 04383 if (rsbac_set_attr(MAC, 04384 T_PROCESS, 04385 tid, 04386 A_mac_min_categories, 04387 i_attr_val9)) 04388 { 04389 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04390 return(-RSBAC_EWRITEFAILED); 04391 } 04392 /* Get max_read_open and max_read_categories of process */ 04393 if (rsbac_get_attr(MAC, 04394 T_PROCESS, 04395 tid, 04396 A_max_read_open, 04397 &i_attr_val4, 04398 TRUE)) 04399 { 04400 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04401 return(-RSBAC_EREADFAILED); 04402 } 04403 if (rsbac_get_attr(MAC, 04404 T_PROCESS, 04405 tid, 04406 A_max_read_categories, 04407 &i_attr_val5, 04408 TRUE)) 04409 { 04410 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04411 return(-RSBAC_EREADFAILED); 04412 } 04413 /* adjust max_read_open and max_read_categories, if too low */ 04414 if (i_attr_val8.security_level > i_attr_val4.max_read_open) 04415 { 04416 i_attr_val4.max_read_open = i_attr_val8.security_level; 04417 if(rsbac_set_attr(MAC, 04418 T_PROCESS, 04419 tid, 04420 A_max_read_open, 04421 i_attr_val4)) 04422 { 04423 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04424 return(-RSBAC_EWRITEFAILED); 04425 } 04426 } 04427 #if 0 04428 /* adjust current sec level to a minimum of max_read */ 04429 if(i_attr_val6.security_level < i_attr_val4.max_read_open) 04430 i_attr_val6.security_level = i_attr_val4.max_read_open; 04431 #endif 04432 /* but never set it over new max_level or under new min_level */ 04433 if(i_attr_val6.security_level > i_attr_val2.security_level) 04434 i_attr_val6.security_level = i_attr_val2.security_level; 04435 else 04436 if(i_attr_val6.security_level < i_attr_val8.security_level) 04437 i_attr_val6.security_level = i_attr_val8.security_level; 04438 if(rsbac_set_attr(MAC, 04439 T_PROCESS, 04440 tid, 04441 A_current_sec_level, 04442 i_attr_val6)) 04443 { 04444 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04445 return(-RSBAC_EWRITEFAILED); 04446 } 04447 04448 /* does new owner have categories in min_categories that the process max_read 04449 has not? */ 04450 /* If yes, add them. */ 04451 if ((i_attr_val9.mac_categories & i_attr_val5.mac_categories) 04452 != i_attr_val9.mac_categories) 04453 { 04454 i_attr_val5.mac_categories |= i_attr_val9.mac_categories; 04455 if(rsbac_set_attr(MAC, 04456 T_PROCESS, 04457 tid, 04458 A_max_read_categories, 04459 i_attr_val5)) 04460 { 04461 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04462 return(-RSBAC_EWRITEFAILED); 04463 } 04464 } 04465 #if 0 04466 /* adjust current categories to include all from max_read (from initial) */ 04467 if((i_attr_val7.mac_categories & i_attr_val5.mac_categories) != i_attr_val5.mac_categories) 04468 i_attr_val7.mac_categories |= i_attr_val5.mac_categories; 04469 #endif 04470 /* but never set it over new max_cats or under new min_cats */ 04471 if((i_attr_val7.mac_categories & i_attr_val3.mac_categories) != i_attr_val7.mac_categories) 04472 i_attr_val7.mac_categories &= i_attr_val3.mac_categories; 04473 else 04474 if((i_attr_val7.mac_categories & i_attr_val9.mac_categories) != i_attr_val9.mac_categories) 04475 i_attr_val7.mac_categories |= i_attr_val9.mac_categories; 04476 if(rsbac_set_attr(MAC, 04477 T_PROCESS, 04478 tid, 04479 A_mac_curr_categories, 04480 i_attr_val7)) 04481 { 04482 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04483 return(-RSBAC_EWRITEFAILED); 04484 } 04485 04486 /* Get mac_user_flags from user */ 04487 i_tid.user = attr_val.owner; 04488 if (rsbac_get_attr(MAC, 04489 T_USER, 04490 i_tid, 04491 A_mac_user_flags, 04492 &i_attr_val3, 04493 TRUE)) 04494 { 04495 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04496 return(-RSBAC_EREADFAILED); 04497 } 04498 i_attr_val1.mac_process_flags = i_attr_val3.mac_user_flags; 04499 /* adjust flags - first get old process flags*/ 04500 if (rsbac_get_attr(MAC, 04501 T_PROCESS, 04502 tid, 04503 A_mac_process_flags, 04504 &i_attr_val2, 04505 TRUE)) 04506 { 04507 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04508 return(-RSBAC_EREADFAILED); 04509 } 04510 if( (i_attr_val2.mac_process_flags & MAC_program_auto) 04511 && (i_attr_val3.mac_user_flags & MAC_allow_auto) 04512 ) 04513 i_attr_val1.mac_process_flags |= MAC_auto; 04514 04515 i_attr_val1.mac_process_flags &= RSBAC_MAC_P_FLAGS; 04516 04517 if(!(i_attr_val1.mac_process_flags & MAC_trusted)) 04518 { 04519 if(rsbac_mac_p_truset_member(caller_pid, attr_val.owner)) 04520 i_attr_val1.mac_process_flags |= MAC_trusted; 04521 } 04522 /* Set mac_process_flags on process */ 04523 if (rsbac_set_attr(MAC, 04524 T_PROCESS, 04525 tid, 04526 A_mac_process_flags, 04527 i_attr_val1)) 04528 { 04529 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04530 return(-RSBAC_EWRITEFAILED); 04531 } 04532 /* OK, we are ready */ 04533 return(0); 04534 04535 /* We do not care about other cases here */ 04536 default: 04537 return(0); 04538 } 04539 04540 case R_CLONE: 04541 if (target == T_PROCESS) 04542 { 04543 /* Get owner from first process (provided on call) */ 04544 i_attr_val1.owner = owner; 04545 /* Get owner-sec-level from first process */ 04546 if (rsbac_get_attr(MAC, 04547 T_PROCESS, 04548 tid, 04549 A_security_level, 04550 &i_attr_val2, 04551 FALSE)) 04552 { 04553 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04554 return(-RSBAC_EREADFAILED); 04555 } 04556 /* Get current-sec-level from first process... */ 04557 if (rsbac_get_attr(MAC, 04558 T_PROCESS, 04559 tid, 04560 A_current_sec_level, 04561 &i_attr_val3, 04562 FALSE)) 04563 { 04564 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04565 return(-RSBAC_EREADFAILED); 04566 } 04567 /* Get min_write_open from first process */ 04568 if (rsbac_get_attr(MAC, 04569 T_PROCESS, 04570 tid, 04571 A_min_write_open, 04572 &i_attr_val4, 04573 FALSE)) 04574 { 04575 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04576 return(-RSBAC_EREADFAILED); 04577 } 04578 /* Get max_read_open from first process */ 04579 if (rsbac_get_attr(MAC, 04580 T_PROCESS, 04581 tid, 04582 A_max_read_open, 04583 &i_attr_val5, 04584 FALSE)) 04585 { 04586 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04587 return(-RSBAC_EREADFAILED); 04588 } 04589 /* Get mac_process_flags from first process */ 04590 if (rsbac_get_attr(MAC, 04591 T_PROCESS, 04592 tid, 04593 A_mac_process_flags, 04594 &i_attr_val7, 04595 FALSE)) 04596 { 04597 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04598 return(-RSBAC_EREADFAILED); 04599 } 04600 04601 #ifdef CONFIG_RSBAC_USE_RSBAC_OWNER 04602 /* Set owner for new process */ 04603 if (rsbac_set_attr(MAC, 04604 T_PROCESS, 04605 new_tid, 04606 A_owner, 04607 i_attr_val1)) 04608 { 04609 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04610 return(-RSBAC_EWRITEFAILED); 04611 } 04612 #endif 04613 /* Set owner_sec_level for new process */ 04614 if (rsbac_set_attr(MAC, 04615 T_PROCESS, 04616 new_tid, 04617 A_security_level, 04618 i_attr_val2)) 04619 { 04620 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04621 return(-RSBAC_EWRITEFAILED); 04622 } 04623 /* Set current_sec_level for new process */ 04624 if (rsbac_set_attr(MAC, 04625 T_PROCESS, 04626 new_tid, 04627 A_current_sec_level, 04628 i_attr_val3)) 04629 { 04630 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04631 return(-RSBAC_EWRITEFAILED); 04632 } 04633 /* Set min_write_open for new process */ 04634 if (rsbac_set_attr(MAC, 04635 T_PROCESS, 04636 new_tid, 04637 A_min_write_open, 04638 i_attr_val4)) 04639 { 04640 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04641 return(-RSBAC_EWRITEFAILED); 04642 } 04643 /* Set max_read_open for new process */ 04644 if (rsbac_set_attr(MAC, 04645 T_PROCESS, 04646 new_tid, 04647 A_max_read_open, 04648 i_attr_val5)) 04649 { 04650 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04651 return(-RSBAC_EWRITEFAILED); 04652 } 04653 /* Set mac_process_flags for new process */ 04654 if (rsbac_set_attr(MAC, 04655 T_PROCESS, 04656 new_tid, 04657 A_mac_process_flags, 04658 i_attr_val7)) 04659 { 04660 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04661 return(-RSBAC_EWRITEFAILED); 04662 } 04663 04664 /* Get mac_categories from first process */ 04665 if (rsbac_get_attr(MAC, 04666 T_PROCESS, 04667 tid, 04668 A_mac_categories, 04669 &i_attr_val2, 04670 FALSE)) 04671 { 04672 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04673 return(-RSBAC_EREADFAILED); 04674 } 04675 /* Get mac_curr_categories from first process... */ 04676 if (rsbac_get_attr(MAC, 04677 T_PROCESS, 04678 tid, 04679 A_mac_curr_categories, 04680 &i_attr_val3, 04681 FALSE)) 04682 { 04683 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04684 return(-RSBAC_EREADFAILED); 04685 } 04686 /* Get min_write_categories from first process */ 04687 if (rsbac_get_attr(MAC, 04688 T_PROCESS, 04689 tid, 04690 A_min_write_categories, 04691 &i_attr_val4, 04692 FALSE)) 04693 { 04694 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04695 return(-RSBAC_EREADFAILED); 04696 } 04697 /* Get max_read_categories from first process */ 04698 if (rsbac_get_attr(MAC, 04699 T_PROCESS, 04700 tid, 04701 A_max_read_categories, 04702 &i_attr_val5, 04703 FALSE)) 04704 { 04705 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04706 return(-RSBAC_EREADFAILED); 04707 } 04708 /* Get initial_sec_level from first process */ 04709 if (rsbac_get_attr(MAC, 04710 T_PROCESS, 04711 tid, 04712 A_initial_security_level, 04713 &i_attr_val6, 04714 FALSE)) 04715 { 04716 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04717 return(-RSBAC_EREADFAILED); 04718 } 04719 /* Get initial_categories from first process */ 04720 if (rsbac_get_attr(MAC, 04721 T_PROCESS, 04722 tid, 04723 A_mac_initial_categories, 04724 &i_attr_val7, 04725 FALSE)) 04726 { 04727 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04728 return(-RSBAC_EREADFAILED); 04729 } 04730 /* Set mac_categories for new process */ 04731 if (rsbac_set_attr(MAC, 04732 T_PROCESS, 04733 new_tid, 04734 A_mac_categories, 04735 i_attr_val2)) 04736 { 04737 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04738 return(-RSBAC_EWRITEFAILED); 04739 } 04740 /* Set mac_curr_categories for new process */ 04741 if (rsbac_set_attr(MAC, 04742 T_PROCESS, 04743 new_tid, 04744 A_mac_curr_categories, 04745 i_attr_val3)) 04746 { 04747 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04748 return(-RSBAC_EWRITEFAILED); 04749 } 04750 /* Set min_write_categories for new process */ 04751 if (rsbac_set_attr(MAC, 04752 T_PROCESS, 04753 new_tid, 04754 A_min_write_categories, 04755 i_attr_val4)) 04756 { 04757 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04758 return(-RSBAC_EWRITEFAILED); 04759 } 04760 /* Set max_read_categories for new process */ 04761 if (rsbac_set_attr(MAC, 04762 T_PROCESS, 04763 new_tid, 04764 A_max_read_categories, 04765 i_attr_val5)) 04766 { 04767 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04768 return(-RSBAC_EWRITEFAILED); 04769 } 04770 /* Set initial_security_level for new process */ 04771 if (rsbac_set_attr(MAC, 04772 T_PROCESS, 04773 new_tid, 04774 A_initial_security_level, 04775 i_attr_val6)) 04776 { 04777 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04778 return(-RSBAC_EWRITEFAILED); 04779 } 04780 /* Set initial_categories for new process */ 04781 if (rsbac_set_attr(MAC, 04782 T_PROCESS, 04783 new_tid, 04784 A_mac_initial_categories, 04785 i_attr_val7)) 04786 { 04787 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04788 return(-RSBAC_EWRITEFAILED); 04789 } 04790 /* Get owner-min_sec-level/cat from first process */ 04791 if (rsbac_get_attr(MAC, 04792 T_PROCESS, 04793 tid, 04794 A_min_security_level, 04795 &i_attr_val2, 04796 FALSE)) 04797 { 04798 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04799 return(-RSBAC_EREADFAILED); 04800 } 04801 if (rsbac_get_attr(MAC, 04802 T_PROCESS, 04803 tid, 04804 A_mac_min_categories, 04805 &i_attr_val3, 04806 FALSE)) 04807 { 04808 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04809 return(-RSBAC_EREADFAILED); 04810 } 04811 /* Set min_security_level for new process */ 04812 if (rsbac_set_attr(MAC, 04813 T_PROCESS, 04814 new_tid, 04815 A_min_security_level, 04816 i_attr_val2)) 04817 { 04818 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04819 return(-RSBAC_EWRITEFAILED); 04820 } 04821 /* Set min_categories for new process */ 04822 if (rsbac_set_attr(MAC, 04823 T_PROCESS, 04824 new_tid, 04825 A_mac_min_categories, 04826 i_attr_val3)) 04827 { 04828 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04829 return(-RSBAC_EWRITEFAILED); 04830 } 04831 if (rsbac_mac_copy_pp_truset(tid.process, new_tid.process)) 04832 { 04833 #ifdef CONFIG_RSBAC_RMSG 04834 rsbac_printk(KERN_WARNING 04835 "rsbac_adf_set_attr_mac(): rsbac_mac_copy_pp_truset() returned error!\n"); 04836 #endif 04837 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 04838 if (!rsbac_nosyslog) 04839 #endif 04840 printk(KERN_WARNING 04841 "rsbac_adf_set_attr_mac(): rsbac_mac_copy_pp_truset() returned error!\n"); 04842 return(-RSBAC_EWRITEFAILED); 04843 } 04844 return(0); 04845 } 04846 else 04847 return(0); 04848 04849 case R_CREATE: 04850 switch(target) 04851 { 04852 /* Creating dir or (pseudo) file IN target dir! */ 04853 case T_DIR: 04854 /* Mode of created item is ignored! */ 04855 /* and perform auto-write without(!) setting of attributes - no need */ 04856 /* -> decision consistency check only */ 04857 /* only check, if not MAC_LIGHT */ 04858 #ifndef CONFIG_RSBAC_MAC_LIGHT 04859 result = auto_write(caller_pid, 04860 target, 04861 tid, 04862 FALSE); 04863 if ((result != GRANTED) && (result != DO_NOT_CARE)) 04864 return(-RSBAC_EDECISIONMISMATCH); 04865 #endif 04866 /* test write access to target: get its sec_level */ 04867 if (rsbac_get_attr(MAC, 04868 T_DIR, 04869 tid, 04870 A_security_level, 04871 &i_attr_val1, 04872 TRUE)) 04873 { 04874 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04875 return(-RSBAC_EREADFAILED); 04876 } 04877 if (rsbac_get_attr(MAC, 04878 T_DIR, 04879 tid, 04880 A_mac_categories, 04881 &i_attr_val2, 04882 TRUE)) 04883 { 04884 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04885 return(-RSBAC_EREADFAILED); 04886 } 04887 /* Get current_sec_level from process (initialized to owner_sec_level)... */ 04888 i_tid.process = caller_pid; 04889 if (rsbac_get_attr(MAC, 04890 T_PROCESS, 04891 i_tid, 04892 A_current_sec_level, 04893 &i_attr_val3, 04894 FALSE)) 04895 { 04896 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04897 return(-RSBAC_EREADFAILED); 04898 } 04899 #ifdef CONFIG_RSBAC_MAC_SMART_INHERIT 04900 /* Only set, if different than inherited value */ 04901 if(i_attr_val3.security_level != i_attr_val1.security_level) 04902 #endif 04903 /* Set security-level for new item */ 04904 if (rsbac_set_attr(MAC, 04905 new_target, 04906 new_tid, 04907 A_security_level, 04908 i_attr_val3)) 04909 { 04910 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04911 return(-RSBAC_EWRITEFAILED); 04912 } 04913 /* Get current_categories from process (initialized to owner_categories)... */ 04914 if (rsbac_get_attr(MAC, 04915 T_PROCESS, 04916 i_tid, 04917 A_mac_curr_categories, 04918 &i_attr_val3, 04919 FALSE)) 04920 { 04921 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04922 return(-RSBAC_EREADFAILED); 04923 } 04924 #ifdef CONFIG_RSBAC_MAC_SMART_INHERIT 04925 /* Only set, if different than inherited value */ 04926 if(i_attr_val3.mac_categories != i_attr_val2.mac_categories) 04927 #endif 04928 /* Set mac_categories for new item */ 04929 if (rsbac_set_attr(MAC, 04930 new_target, 04931 new_tid, 04932 A_mac_categories, 04933 i_attr_val3)) 04934 { 04935 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04936 return(-RSBAC_EWRITEFAILED); 04937 } 04938 return(0); 04939 break; 04940 04941 case T_IPC: 04942 i_tid.process = caller_pid; 04943 /* Get current-sec-level from process... */ 04944 if (rsbac_get_attr(MAC, 04945 T_PROCESS, 04946 i_tid, 04947 A_current_sec_level, 04948 &i_attr_val1, 04949 FALSE)) 04950 { 04951 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04952 return(-RSBAC_EREADFAILED); 04953 } 04954 /* Set security-level for this ipc item */ 04955 if (rsbac_set_attr(MAC, 04956 T_IPC, 04957 tid, 04958 A_security_level, 04959 i_attr_val1)) 04960 { 04961 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04962 return(-RSBAC_EWRITEFAILED); 04963 } 04964 /* Get mac_curr_categories from process... */ 04965 if (rsbac_get_attr(MAC, 04966 T_PROCESS, 04967 i_tid, 04968 A_mac_curr_categories, 04969 &i_attr_val1, 04970 FALSE)) 04971 { 04972 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 04973 return(-RSBAC_EREADFAILED); 04974 } 04975 /* Set curr_categories for new item */ 04976 if (rsbac_set_attr(MAC, 04977 T_IPC, 04978 tid, 04979 A_mac_categories, 04980 i_attr_val1)) 04981 { 04982 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 04983 return(-RSBAC_EWRITEFAILED); 04984 } 04985 return(0); 04986 break; 04987 04988 #ifdef CONFIG_RSBAC_MAC_NET_OBJ_PROT 04989 case T_NETOBJ: 04990 i_tid.process = caller_pid; 04991 /* Get current-sec-level from process... */ 04992 if (rsbac_get_attr(MAC, 04993 T_PROCESS, 04994 i_tid, 04995 A_current_sec_level, 04996 &i_attr_val1, 04997 FALSE)) 04998 { 04999 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05000 return(-RSBAC_EREADFAILED); 05001 } 05002 /* Set local security-level for this netobj item */ 05003 if (rsbac_set_attr(MAC, 05004 target, 05005 tid, 05006 A_local_sec_level, 05007 i_attr_val1)) 05008 { 05009 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 05010 return(-RSBAC_EWRITEFAILED); 05011 } 05012 /* Get mac_curr_categories from process... */ 05013 if (rsbac_get_attr(MAC, 05014 T_PROCESS, 05015 i_tid, 05016 A_mac_curr_categories, 05017 &i_attr_val1, 05018 FALSE)) 05019 { 05020 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05021 return(-RSBAC_EREADFAILED); 05022 } 05023 /* Set local curr_categories for new item */ 05024 if (rsbac_set_attr(MAC, 05025 target, 05026 tid, 05027 A_local_mac_categories, 05028 i_attr_val1)) 05029 { 05030 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 05031 return(-RSBAC_EWRITEFAILED); 05032 } 05033 return(0); 05034 break; 05035 #endif 05036 05037 /* all other cases are unknown */ 05038 default: 05039 return(0); 05040 } 05041 05042 /* removal of targets is done in main adf dispatcher! */ 05043 case R_DELETE: 05044 switch(target) 05045 { 05046 case T_FILE: 05047 case T_DIR: 05048 case T_FIFO: 05049 case T_SYMLINK: 05050 case T_IPC: 05051 /* and perform auto-write without(!) setting of attributes */ 05052 /* - no information flow apart from missing file */ 05053 /* -> decision consistency check only */ 05054 result = auto_write(caller_pid, 05055 target, 05056 tid, 05057 FALSE); 05058 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05059 return(-RSBAC_EDECISIONMISMATCH); 05060 else 05061 return(0); 05062 /* all other cases are unknown */ 05063 default: 05064 return(0); 05065 } 05066 05067 case R_EXECUTE: 05068 switch(target) 05069 { 05070 case T_FILE: 05071 /* copy trusted user list from file to process */ 05072 if (rsbac_mac_copy_fp_truset(tid.file, caller_pid)) 05073 { 05074 #ifdef CONFIG_RSBAC_RMSG 05075 rsbac_printk(KERN_WARNING 05076 "rsbac_adf_set_attr_mac(): rsbac_mac_copy_fp_truset() returned error!\n"); 05077 #endif 05078 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 05079 if (!rsbac_nosyslog) 05080 #endif 05081 printk(KERN_WARNING 05082 "rsbac_adf_set_attr_mac(): rsbac_mac_copy_fp_truset() returned error!\n"); 05083 return(-RSBAC_EWRITEFAILED); 05084 } 05085 /* perform auto-read with setting of attributes */ 05086 result = auto_read(caller_pid, 05087 target, 05088 tid, 05089 TRUE); 05090 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05091 return(-RSBAC_EDECISIONMISMATCH); 05092 05093 /* reset current_sec_level, mac_auto, min_write_open */ 05094 /* and max_read_open for process */ 05095 i_tid.process = caller_pid; 05096 05097 #ifdef CONFIG_RSBAC_MAC_RESET_CURR 05098 /* First, set current_sec_level and min_write_open to process owner's initial and seclevel */ 05099 if (rsbac_get_attr(MAC, 05100 T_PROCESS, 05101 i_tid, 05102 A_initial_security_level, 05103 &i_attr_val1, 05104 TRUE)) 05105 { 05106 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05107 return(-RSBAC_EREADFAILED); 05108 } 05109 if (rsbac_get_attr(MAC, 05110 T_PROCESS, 05111 i_tid, 05112 A_mac_initial_categories, 05113 &i_attr_val2, 05114 TRUE)) 05115 { 05116 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05117 return(-RSBAC_EREADFAILED); 05118 } 05119 if (rsbac_set_attr(MAC, 05120 T_PROCESS, 05121 i_tid, 05122 A_current_sec_level, 05123 i_attr_val1)) 05124 { 05125 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 05126 return(-RSBAC_EWRITEFAILED); 05127 } 05128 if (rsbac_set_attr(MAC, 05129 T_PROCESS, 05130 i_tid, 05131 A_mac_curr_categories, 05132 i_attr_val2)) 05133 { 05134 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 05135 return(-RSBAC_EWRITEFAILED); 05136 } 05137 #endif 05138 #if 0 05139 /* Now, set min_write_open to process owner's seclevel */ 05140 if (rsbac_get_attr(MAC, 05141 T_PROCESS, 05142 i_tid, 05143 A_security_level, 05144 &i_attr_val1, 05145 TRUE)) 05146 { 05147 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05148 return(-RSBAC_EREADFAILED); 05149 } 05150 #endif 05151 i_attr_val1.min_write_open = SL_max; 05152 if (rsbac_set_attr(MAC, 05153 T_PROCESS, 05154 i_tid, 05155 A_min_write_open, 05156 i_attr_val1)) 05157 { 05158 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 05159 return(-RSBAC_EWRITEFAILED); 05160 } 05161 #if 0 05162 /* Next, set min_write_categories to process owner's mac_categories */ 05163 if (rsbac_get_attr(MAC, 05164 T_PROCESS, 05165 i_tid, 05166 A_mac_categories, 05167 &i_attr_val2, 05168 TRUE)) 05169 { 05170 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05171 return(-RSBAC_EREADFAILED); 05172 } 05173 #endif 05174 i_attr_val2.mac_categories = RSBAC_MAC_MAX_CAT_VECTOR; 05175 if (rsbac_set_attr(MAC, 05176 T_PROCESS, 05177 i_tid, 05178 A_min_write_categories, 05179 i_attr_val2)) 05180 { 05181 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 05182 return(-RSBAC_EWRITEFAILED); 05183 } 05184 /* reset max_read boundary */ 05185 #if 0 05186 /* Get owner-min-sec-level and mac_min_categories for owner */ 05187 if (rsbac_get_attr(MAC, 05188 T_PROCESS, 05189 i_tid, 05190 A_min_security_level, 05191 &i_attr_val1, 05192 TRUE)) 05193 { 05194 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05195 return(-RSBAC_EREADFAILED); 05196 } 05197 if (rsbac_get_attr(MAC, 05198 T_PROCESS, 05199 i_tid, 05200 A_mac_min_categories, 05201 &i_attr_val2, 05202 TRUE)) 05203 { 05204 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05205 return(-RSBAC_EREADFAILED); 05206 } 05207 #endif 05208 i_attr_val1.max_read_open = SL_min; 05209 i_attr_val2.mac_categories = RSBAC_MAC_MIN_CAT_VECTOR; 05210 if (rsbac_set_attr(MAC, 05211 T_PROCESS, 05212 i_tid, 05213 A_max_read_open, 05214 i_attr_val1)) 05215 { 05216 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 05217 return(-RSBAC_EWRITEFAILED); 05218 } 05219 /* reset category max_read boundary */ 05220 if (rsbac_set_attr(MAC, 05221 T_PROCESS, 05222 i_tid, 05223 A_max_read_categories, 05224 i_attr_val2)) 05225 { 05226 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 05227 return(-RSBAC_EWRITEFAILED); 05228 } 05229 /* set flags */ 05230 if (rsbac_get_attr(MAC, 05231 T_PROCESS, 05232 i_tid, 05233 A_mac_process_flags, 05234 &i_attr_val1, 05235 TRUE)) 05236 { 05237 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05238 return(-RSBAC_EREADFAILED); 05239 } 05240 if (rsbac_get_attr(MAC, 05241 target, 05242 tid, 05243 A_mac_auto, 05244 &i_attr_val2, 05245 TRUE)) 05246 { 05247 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05248 return(-RSBAC_EREADFAILED); 05249 } 05250 if(i_attr_val2.mac_auto) 05251 { 05252 i_attr_val1.mac_process_flags |= MAC_program_auto; 05253 i_tid.user = owner; 05254 if (rsbac_get_attr(MAC, 05255 T_USER, 05256 i_tid, 05257 A_mac_user_flags, 05258 &i_attr_val2, 05259 TRUE)) 05260 { 05261 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05262 return(-RSBAC_EREADFAILED); 05263 } 05264 if(i_attr_val2.mac_user_flags & MAC_allow_auto) 05265 i_attr_val1.mac_process_flags |= MAC_auto; 05266 else 05267 i_attr_val1.mac_process_flags &= ~MAC_auto; 05268 i_tid.process = caller_pid; 05269 } 05270 else 05271 { 05272 i_attr_val1.mac_process_flags &= ~MAC_program_auto; 05273 i_attr_val1.mac_process_flags &= ~MAC_auto; 05274 } 05275 if (rsbac_get_attr(MAC, 05276 T_FILE, 05277 tid, 05278 A_mac_prop_trusted, 05279 &i_attr_val3, 05280 TRUE)) 05281 { 05282 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05283 return(-RSBAC_EREADFAILED); 05284 } 05285 if( !(i_attr_val3.mac_prop_trusted) 05286 || !(i_attr_val1.mac_process_flags & MAC_trusted) 05287 ) 05288 { 05289 if(rsbac_mac_p_truset_member(caller_pid, owner)) 05290 i_attr_val1.mac_process_flags |= MAC_trusted; 05291 else 05292 { 05293 i_tid.user = owner; 05294 if (rsbac_get_attr(MAC, 05295 T_USER, 05296 i_tid, 05297 A_mac_user_flags, 05298 &i_attr_val2, 05299 TRUE)) 05300 { 05301 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05302 return(-RSBAC_EREADFAILED); 05303 } 05304 if(i_attr_val2.mac_user_flags & MAC_trusted) 05305 i_attr_val1.mac_process_flags |= MAC_trusted; 05306 else 05307 i_attr_val1.mac_process_flags &= ~MAC_trusted; 05308 i_tid.process = caller_pid; 05309 } 05310 } 05311 if (rsbac_set_attr(MAC, 05312 T_PROCESS, 05313 i_tid, 05314 A_mac_process_flags, 05315 i_attr_val1)) 05316 { 05317 rsbac_ds_set_error("rsbac_adf_set_attr_mac", A_none); 05318 return(-RSBAC_EWRITEFAILED); 05319 } 05320 return(0); 05321 05322 /* all other cases */ 05323 default: 05324 return(0); 05325 } 05326 05327 case R_MOUNT: 05328 switch(target) 05329 { 05330 case T_DIR: 05331 case T_DEV: 05332 /* and perform auto-read(-write) with setting of attributes */ 05333 if( (target == T_DEV) 05334 && (attr == A_mode) 05335 && (attr_val.mode & MS_RDONLY)) 05336 result = auto_read(caller_pid, 05337 target, 05338 tid, 05339 TRUE); 05340 else 05341 result = auto_read_write(caller_pid, 05342 target, 05343 tid, 05344 TRUE); 05345 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05346 return(-RSBAC_EDECISIONMISMATCH); 05347 else 05348 return(0); 05349 05350 /* all other cases are unknown */ 05351 default: 05352 return(0); 05353 } 05354 05355 case R_READ: 05356 switch(target) 05357 { 05358 case T_DIR: 05359 #ifdef CONFIG_RSBAC_RW 05360 case T_FILE: 05361 case T_FIFO: 05362 case T_IPC: 05363 #endif 05364 /* and perform auto-read with setting of attributes */ 05365 result = auto_read(caller_pid, 05366 target, 05367 tid, 05368 TRUE); 05369 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05370 return(-RSBAC_EDECISIONMISMATCH); 05371 return(0); 05372 05373 #ifdef CONFIG_RSBAC_RW 05374 case T_DEV: 05375 /* Only check for devices with mac_check set */ 05376 if (rsbac_get_attr(MAC, 05377 T_DEV, 05378 tid, 05379 A_mac_check, 05380 &i_attr_val1, 05381 FALSE)) 05382 { 05383 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05384 return(-RSBAC_EREADFAILED); 05385 } 05386 if(!i_attr_val1.mac_check) 05387 return(0); 05388 /* and perform auto-read with setting of attributes */ 05389 result = auto_read(caller_pid, 05390 target, 05391 tid, 05392 TRUE); 05393 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05394 return(-RSBAC_EDECISIONMISMATCH); 05395 return(0); 05396 #endif 05397 05398 #ifdef CONFIG_RSBAC_MAC_NET_OBJ_PROT 05399 case T_NETOBJ: 05400 /* and perform auto-read with setting of attributes */ 05401 result = auto_read_attr(caller_pid, 05402 target, 05403 tid, 05404 A_remote_sec_level, 05405 A_remote_mac_categories, 05406 TRUE); 05407 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05408 return(-RSBAC_EDECISIONMISMATCH); 05409 return(0); 05410 #endif 05411 05412 /* all other cases are unknown */ 05413 default: 05414 return(0); 05415 } 05416 05417 case R_READ_OPEN: 05418 switch(target) 05419 { 05420 case T_FILE: 05421 case T_DIR: 05422 case T_FIFO: 05423 case T_IPC: 05424 /* and perform auto-read with setting attributes */ 05425 result = auto_read(caller_pid, 05426 target, 05427 tid, 05428 TRUE); 05429 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05430 return(-RSBAC_EDECISIONMISMATCH); 05431 return(0); 05432 05433 case T_DEV: 05434 /* Only check for devices with mac_check set */ 05435 if (rsbac_get_attr(MAC, 05436 T_DEV, 05437 tid, 05438 A_mac_check, 05439 &i_attr_val1, 05440 FALSE)) 05441 { 05442 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05443 return(-RSBAC_EREADFAILED); 05444 } 05445 if(!i_attr_val1.mac_check) 05446 return(0); 05447 /* and perform auto-read with setting attributes */ 05448 result = auto_read(caller_pid, 05449 target, 05450 tid, 05451 TRUE); 05452 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05453 return(-RSBAC_EDECISIONMISMATCH); 05454 return(0); 05455 05456 /* all other cases are unknown */ 05457 default: 05458 return(0); 05459 } 05460 05461 case R_READ_WRITE_OPEN: 05462 switch(target) 05463 { 05464 case T_FILE: 05465 case T_FIFO: 05466 case T_IPC: 05467 /* and perform auto-read-write without setting attributes */ 05468 result = auto_read_write(caller_pid, 05469 target, 05470 tid, 05471 TRUE); 05472 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05473 return(-RSBAC_EDECISIONMISMATCH); 05474 return(0); 05475 05476 case T_DEV: 05477 /* Only check for devices with mac_check set */ 05478 if (rsbac_get_attr(MAC, 05479 T_DEV, 05480 tid, 05481 A_mac_check, 05482 &i_attr_val1, 05483 FALSE)) 05484 { 05485 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05486 return(-RSBAC_EREADFAILED); 05487 } 05488 if(!i_attr_val1.mac_check) 05489 return(0); 05490 /* and perform auto-read-write with setting of attributes */ 05491 result = auto_read_write(caller_pid, 05492 target, 05493 tid, 05494 TRUE); 05495 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05496 return(-RSBAC_EDECISIONMISMATCH); 05497 return(0); 05498 /* all other cases are unknown */ 05499 default: 05500 return(0); 05501 } 05502 05503 case R_SEARCH: 05504 switch(target) 05505 { 05506 case T_DIR: 05507 case T_SYMLINK: 05508 /* and perform auto-read with setting of attributes */ 05509 result = auto_read(caller_pid, 05510 target, 05511 tid, 05512 TRUE); 05513 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05514 return(-RSBAC_EDECISIONMISMATCH); 05515 return(0); 05516 /* all other cases are unknown */ 05517 default: 05518 return(0); 05519 } 05520 05521 case R_TRACE: 05522 switch(target) 05523 { 05524 case T_PROCESS: 05525 /* and perform auto-read-write with setting attributes */ 05526 result = auto_read_write_attr(caller_pid, 05527 target, 05528 tid, 05529 A_current_sec_level, 05530 A_mac_curr_categories, 05531 TRUE); 05532 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05533 return(-RSBAC_EDECISIONMISMATCH); 05534 return(0); 05535 05536 /* all other cases are unknown */ 05537 default: 05538 return(0); 05539 } 05540 05541 case R_WRITE: 05542 case R_WRITE_OPEN: 05543 switch(target) 05544 { 05545 case T_FILE: 05546 case T_FIFO: 05547 case T_IPC: 05548 /* and perform auto-write with setting attributes */ 05549 result = auto_write(caller_pid, 05550 target, 05551 tid, 05552 TRUE); 05553 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05554 return(-RSBAC_EDECISIONMISMATCH); 05555 return(0); 05556 05557 case T_DEV: 05558 /* Only check for devices with mac_check set */ 05559 if (rsbac_get_attr(MAC, 05560 T_DEV, 05561 tid, 05562 A_mac_check, 05563 &i_attr_val1, 05564 FALSE)) 05565 { 05566 rsbac_ds_get_error("rsbac_adf_set_attr_mac", A_none); 05567 return(-RSBAC_EREADFAILED); 05568 } 05569 if(!i_attr_val1.mac_check) 05570 return(0); 05571 /* and perform auto-write with setting attributes */ 05572 result = auto_write(caller_pid, 05573 target, 05574 tid, 05575 TRUE); 05576 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05577 return(-RSBAC_EDECISIONMISMATCH); 05578 return(0); 05579 05580 #ifdef CONFIG_RSBAC_MAC_NET_OBJ_PROT 05581 case T_NETOBJ: 05582 /* and perform auto-write with setting attributes */ 05583 result = auto_write_attr(caller_pid, 05584 target, 05585 tid, 05586 A_remote_sec_level, 05587 A_remote_mac_categories, 05588 TRUE); 05589 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05590 return(-RSBAC_EDECISIONMISMATCH); 05591 return(0); 05592 #endif 05593 05594 /* all other cases are unknown */ 05595 default: 05596 return(0); 05597 } 05598 05599 #ifdef CONFIG_RSBAC_MAC_NET_OBJ_PROT 05600 case R_BIND: 05601 case R_LISTEN: 05602 switch(target) 05603 { 05604 case T_NETOBJ: 05605 /* and perform auto-write with setting attributes */ 05606 result = auto_write_attr(caller_pid, 05607 target, 05608 tid, 05609 A_local_sec_level, 05610 A_local_mac_categories, 05611 TRUE); 05612 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05613 return(-RSBAC_EDECISIONMISMATCH); 05614 return(0); 05615 05616 /* all other cases are unknown */ 05617 default: 05618 return(0); 05619 } 05620 05621 case R_ACCEPT: 05622 case R_CONNECT: 05623 case R_SEND: 05624 case R_RECEIVE: 05625 switch(target) 05626 { 05627 case T_NETOBJ: 05628 /* and perform auto-write with setting attributes */ 05629 result = auto_write_attr(caller_pid, 05630 target, 05631 tid, 05632 A_remote_sec_level, 05633 A_remote_mac_categories, 05634 TRUE); 05635 if ((result != GRANTED) && (result != DO_NOT_CARE)) 05636 return(-RSBAC_EDECISIONMISMATCH); 05637 return(0); 05638 05639 /* all other cases are unknown */ 05640 default: 05641 return(0); 05642 } 05643 #endif 05644 05645 /*********************/ 05646 default: return(0); 05647 } 05648 05649 return(0); 05650 }; /* end of rsbac_adf_set_attr_mac() */ 05651 05652 /* end of rsbac/adf/mac/main.c */

Generated on Tue Aug 31 10:05:23 2004 for RSBAC by doxygen 1.3.8