/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/adf/fc/fc_main.c

Go to the documentation of this file.
00001 /*************************************************** */ 00002 /* Rule Set Based Access Control */ 00003 /* Implementation of the Access Control Decision */ 00004 /* Facility (ADF) - Functional Control */ 00005 /* File: rsbac/adf/fc/main.c */ 00006 /* */ 00007 /* Author and (c) 1999-2004: Amon Ott <ao@rsbac.org> */ 00008 /* */ 00009 /* Last modified: 11/Mar/2004 */ 00010 /*************************************************** */ 00011 00012 #include <linux/string.h> 00013 #include <rsbac/aci.h> 00014 #include <rsbac/adf_main.h> 00015 #include <rsbac/error.h> 00016 #include <rsbac/helpers.h> 00017 #include <rsbac/getname.h> 00018 #include <rsbac/network.h> 00019 00020 /************************************************* */ 00021 /* Global Variables */ 00022 /************************************************* */ 00023 00024 /************************************************* */ 00025 /* Internal Help functions */ 00026 /************************************************* */ 00027 00028 static enum rsbac_adf_req_ret_t 00029 check_role_fc( enum rsbac_target_t target, 00030 union rsbac_target_id_t tid, 00031 rsbac_uid_t owner) 00032 { 00033 int err; 00034 union rsbac_target_id_t i_tid; 00035 union rsbac_attribute_value_t i_attr_val1; 00036 union rsbac_attribute_value_t i_attr_val2; 00037 00038 /* test object's object_category */ 00039 if ((err=rsbac_get_attr(FC, 00040 target, 00041 tid, 00042 A_object_category, 00043 &i_attr_val1, 00044 TRUE))) 00045 { 00046 rsbac_ds_get_error("check_role_fc()", A_object_category); 00047 return(NOT_GRANTED); 00048 } 00049 /* Access to category general is always granted */ 00050 if (i_attr_val1.object_category == OC_general) 00051 return(GRANTED); 00052 00053 /* test owner's fc_role */ 00054 i_tid.user = owner; 00055 if ((err=rsbac_get_attr(FC, 00056 T_USER, 00057 i_tid, 00058 A_fc_role, 00059 &i_attr_val2, 00060 TRUE))) 00061 { 00062 rsbac_ds_get_error("check_role_fc()", A_fc_role); 00063 return(NOT_GRANTED); 00064 } 00065 00066 /* Access is granted, if object_category and fc_role fit */ 00067 00068 if ( ( (i_attr_val1.object_category == OC_system) 00069 && (i_attr_val2.system_role == SR_administrator) 00070 ) 00071 || ( (i_attr_val1.object_category == OC_security) 00072 && (i_attr_val2.system_role == SR_security_officer) 00073 ) 00074 ) 00075 return(GRANTED); 00076 else 00077 { 00078 /* printk(KERN_DEBUG "check_role_fc(): role is %i, obj_cat is %i -> NOT_GRANTED!\n", 00079 i_attr_val2.system_role, i_attr_val1.object_category); */ 00080 return(NOT_GRANTED); 00081 } 00082 } 00083 00084 #ifdef CONFIG_RSBAC_FC_NET_OBJ_PROT 00085 static enum rsbac_adf_req_ret_t 00086 check_role_fc_netobj(enum rsbac_adf_request_t request, 00087 union rsbac_target_id_t tid, 00088 rsbac_uid_t owner) 00089 { 00090 int err; 00091 union rsbac_target_id_t i_tid; 00092 enum rsbac_attribute_t i_attr; 00093 union rsbac_attribute_value_t i_attr_val1; 00094 union rsbac_attribute_value_t i_attr_val2; 00095 00096 if(rsbac_net_remote_request(request)) 00097 i_attr = A_remote_object_category; 00098 else 00099 i_attr = A_local_object_category; 00100 /* test object's object_category */ 00101 if ((err=rsbac_get_attr(FC, 00102 T_NETOBJ, 00103 tid, 00104 i_attr, 00105 &i_attr_val1, 00106 TRUE))) 00107 { 00108 rsbac_ds_get_error("check_role_fc_netobj()", i_attr); 00109 return(NOT_GRANTED); 00110 } 00111 /* Access to category general is always granted */ 00112 if (i_attr_val1.object_category == OC_general) 00113 return(GRANTED); 00114 00115 /* test owner's fc_role */ 00116 i_tid.user = owner; 00117 if ((err=rsbac_get_attr(FC, 00118 T_USER, 00119 i_tid, 00120 A_fc_role, 00121 &i_attr_val2, 00122 TRUE))) 00123 { 00124 rsbac_ds_get_error("check_role_fc_netobj()", A_fc_role); 00125 return(NOT_GRANTED); 00126 } 00127 00128 /* Access is granted, if object_category and fc_role fit */ 00129 00130 if ( ( (i_attr_val1.object_category == OC_system) 00131 && (i_attr_val2.system_role == SR_administrator) 00132 ) 00133 || ( (i_attr_val1.object_category == OC_security) 00134 && (i_attr_val2.system_role == SR_security_officer) 00135 ) 00136 ) 00137 return(GRANTED); 00138 else 00139 { 00140 /* printk(KERN_DEBUG "check_role_fc_netobj(): role is %i, obj_cat is %i -> NOT_GRANTED!\n", 00141 i_attr_val2.system_role, i_attr_val1.object_category); */ 00142 return(NOT_GRANTED); 00143 } 00144 } 00145 #endif 00146 00147 static enum rsbac_adf_req_ret_t 00148 fc_check_sysrole(rsbac_uid_t owner, enum rsbac_system_role_t role) 00149 { 00150 union rsbac_target_id_t i_tid; 00151 union rsbac_attribute_value_t i_attr_val1; 00152 00153 i_tid.user = owner; 00154 if (rsbac_get_attr(FC, 00155 T_USER, 00156 i_tid, 00157 A_fc_role, 00158 &i_attr_val1, 00159 TRUE)) 00160 { 00161 rsbac_ds_get_error("fc_check_sysrole()", A_fc_role); 00162 return(NOT_GRANTED); 00163 } 00164 /* if correct role, then grant */ 00165 if (i_attr_val1.system_role == role) 00166 return(GRANTED); 00167 else 00168 return(NOT_GRANTED); 00169 } 00170 00171 00172 /************************************************* */ 00173 /* Externally visible functions */ 00174 /************************************************* */ 00175 00176 enum rsbac_adf_req_ret_t 00177 rsbac_adf_request_fc (enum rsbac_adf_request_t request, 00178 rsbac_pid_t caller_pid, 00179 enum rsbac_target_t target, 00180 union rsbac_target_id_t tid, 00181 enum rsbac_attribute_t attr, 00182 union rsbac_attribute_value_t attr_val, 00183 rsbac_uid_t owner) 00184 { 00185 int err; 00186 enum rsbac_adf_req_ret_t result = DO_NOT_CARE; 00187 union rsbac_target_id_t i_tid; 00188 union rsbac_attribute_value_t i_attr_val1; 00189 #ifdef CONFIG_RSBAC_FC_ROLE_PROT 00190 union rsbac_attribute_value_t i_attr_val2; 00191 #endif 00192 00193 switch (request) 00194 { 00195 case R_ADD_TO_KERNEL: 00196 switch(target) 00197 { 00198 case T_NONE: 00199 /* test owner's fc_role */ 00200 return fc_check_sysrole(owner, SR_administrator); 00201 00202 /* all other cases are unknown */ 00203 default: 00204 return(DO_NOT_CARE); 00205 } 00206 00207 case R_ALTER: 00208 /* only for IPC */ 00209 switch(target) 00210 { 00211 case T_IPC: 00212 return(check_role_fc(target,tid,owner)); 00213 00214 /* all other cases are unknown */ 00215 default: return(DO_NOT_CARE); 00216 } 00217 00218 case R_APPEND_OPEN: 00219 case R_READ_WRITE_OPEN: 00220 switch(target) 00221 { 00222 case T_FILE: 00223 case T_DEV: 00224 case T_FIFO: 00225 case T_IPC: 00226 return(check_role_fc(target,tid,owner)); 00227 00228 /* all other cases are unknown */ 00229 default: return(DO_NOT_CARE); 00230 } 00231 00232 case R_CHANGE_GROUP: 00233 switch(target) 00234 { 00235 case T_FILE: 00236 case T_DIR: 00237 case T_FIFO: 00238 case T_SYMLINK: 00239 case T_IPC: 00240 return(check_role_fc(target,tid,owner)); 00241 00242 case T_PROCESS: 00243 case T_USER: 00244 return(DO_NOT_CARE); 00245 /* all other cases are unknown */ 00246 default: return(DO_NOT_CARE); 00247 } 00248 00249 case R_CHANGE_OWNER: 00250 switch(target) 00251 { 00252 case T_FILE: 00253 case T_DIR: 00254 case T_FIFO: 00255 case T_SYMLINK: 00256 case T_IPC: 00257 return(check_role_fc(target,tid,owner)); 00258 00259 case T_PROCESS: 00260 #ifdef CONFIG_RSBAC_FC_ROLE_PROT 00261 if(attr != A_owner) 00262 return(UNDEFINED); 00263 /* Administrator or secoff? */ 00264 i_tid.user = owner; 00265 if (rsbac_get_attr(FC, 00266 T_USER, 00267 i_tid, 00268 A_fc_role, 00269 &i_attr_val1, 00270 TRUE)) 00271 { 00272 rsbac_ds_get_error("rsbac_adf_request_fc()", A_fc_role); 00273 return(NOT_GRANTED); 00274 } 00275 /* if general user, then grant */ 00276 if (i_attr_val1.system_role == SR_user) 00277 return(GRANTED); 00278 /* get target user's role */ 00279 i_tid.user = attr_val.owner; 00280 if (rsbac_get_attr(FC, 00281 T_USER, 00282 i_tid, 00283 A_fc_role, 00284 &i_attr_val2, 00285 TRUE)) 00286 { 00287 rsbac_ds_get_error("rsbac_adf_request_fc()", A_fc_role); 00288 return(NOT_GRANTED); 00289 } 00290 /* target is no general user and has different role -> deny */ 00291 if ( (i_attr_val2.system_role != SR_user) 00292 && (i_attr_val1.system_role != i_attr_val2.system_role) 00293 ) 00294 return(NOT_GRANTED); 00295 else 00296 return(GRANTED); 00297 #endif 00298 00299 /* fall through... */ 00300 case T_NONE: 00301 return(DO_NOT_CARE); 00302 /* all other cases are unknown */ 00303 default: 00304 return(DO_NOT_CARE); 00305 } 00306 00307 case R_CHDIR: 00308 switch(target) 00309 { 00310 case T_DIR: 00311 return(check_role_fc(target,tid,owner)); 00312 00313 /* all other cases are unknown */ 00314 default: return(DO_NOT_CARE); 00315 } 00316 00317 case R_CLONE: 00318 case R_TRACE: 00319 case R_SEND_SIGNAL: 00320 case R_TERMINATE: 00321 if (target == T_PROCESS) 00322 return(DO_NOT_CARE); 00323 else 00324 return(DO_NOT_CARE); 00325 00326 /* Creating dir or (pseudo) file IN target dir! */ 00327 case R_CREATE: 00328 switch(target) 00329 { 00330 case T_DIR: 00331 return(check_role_fc(target,tid,owner)); 00332 /* IPC is always granted */ 00333 case T_IPC: 00334 return(GRANTED); 00335 00336 #ifdef CONFIG_RSBAC_FC_NET_OBJ_PROT 00337 case T_NETTEMP: 00338 return fc_check_sysrole(owner, SR_security_officer); 00339 00340 case T_NETOBJ: 00341 return(check_role_fc_netobj(request,tid,owner)); 00342 #endif 00343 00344 /* all other cases are unknown */ 00345 default: return(DO_NOT_CARE); 00346 } 00347 00348 case R_DELETE: 00349 switch(target) 00350 { 00351 case T_FILE: 00352 case T_DIR: 00353 case T_FIFO: 00354 case T_SYMLINK: 00355 case T_IPC: 00356 return(check_role_fc(target,tid,owner)); 00357 00358 #ifdef CONFIG_RSBAC_FC_NET_OBJ_PROT 00359 case T_NETTEMP: 00360 return fc_check_sysrole(owner, SR_security_officer); 00361 #endif 00362 /* all other cases are unknown */ 00363 default: return(DO_NOT_CARE); 00364 } 00365 00366 case R_EXECUTE: 00367 switch(target) 00368 { 00369 case T_FILE: 00370 return(check_role_fc(target,tid,owner)); 00371 00372 /* all other cases are unknown */ 00373 default: 00374 return(DO_NOT_CARE); 00375 } 00376 00377 case R_GET_STATUS_DATA: 00378 switch(target) 00379 { 00380 case T_SCD: 00381 /* target rsbaclog? only for secoff */ 00382 if (tid.scd != ST_rsbaclog) 00383 return(GRANTED); 00384 /* Secoff or auditor? */ 00385 if(fc_check_sysrole(owner, SR_security_officer) == NOT_GRANTED) 00386 return fc_check_sysrole(owner, SR_auditor); 00387 else 00388 return GRANTED; 00389 default: 00390 return(DO_NOT_CARE); 00391 }; 00392 00393 case R_LINK_HARD: 00394 switch(target) 00395 { 00396 case T_FILE: 00397 case T_FIFO: 00398 case T_SYMLINK: 00399 return(check_role_fc(target,tid,owner)); 00400 00401 /* all other cases are unknown */ 00402 default: return(DO_NOT_CARE); 00403 } 00404 00405 case R_MODIFY_ACCESS_DATA: 00406 case R_RENAME: 00407 switch(target) 00408 { 00409 case T_FILE: 00410 case T_DIR: 00411 case T_FIFO: 00412 case T_SYMLINK: 00413 return(check_role_fc(target,tid,owner)); 00414 00415 /* all other cases are unknown */ 00416 default: return(DO_NOT_CARE); 00417 } 00418 00419 case R_MODIFY_ATTRIBUTE: 00420 switch(attr) 00421 { 00422 case A_system_role: 00423 case A_fc_role: 00424 case A_object_category: 00425 case A_local_object_category: 00426 case A_remote_object_category: 00427 #ifdef CONFIG_RSBAC_FC_GEN_PROT 00428 case A_log_array_low: 00429 case A_log_array_high: 00430 case A_log_program_based: 00431 case A_log_user_based: 00432 case A_symlink_add_uid: 00433 case A_symlink_add_rc_role: 00434 case A_linux_dac_disable: 00435 case A_fake_root_uid: 00436 #endif 00437 #ifdef CONFIG_RSBAC_FC_AUTH_PROT 00438 case A_auth_may_setuid: 00439 case A_auth_may_set_cap: 00440 case A_auth_start_uid: 00441 case A_auth_program_file: 00442 case A_auth_learn: 00443 case A_auth_add_f_cap: 00444 case A_auth_remove_f_cap: 00445 #endif 00446 /* All attributes (remove target!) */ 00447 case A_none: 00448 /* Security Officer? */ 00449 return fc_check_sysrole(owner, SR_security_officer); 00450 00451 default: 00452 return(DO_NOT_CARE); 00453 } 00454 00455 case R_MODIFY_PERMISSIONS_DATA: 00456 switch(target) 00457 { 00458 case T_FILE: 00459 case T_DIR: 00460 case T_FIFO: 00461 case T_SYMLINK: 00462 case T_IPC: 00463 return(check_role_fc(target,tid,owner)); 00464 00465 case T_SCD: 00466 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM 00467 if(tid.scd == ST_ioports) 00468 return GRANTED; 00469 #endif 00470 /* Security Officer? */ 00471 i_tid.user = owner; 00472 if ((err=rsbac_get_attr(FC, 00473 T_USER, 00474 i_tid, 00475 A_fc_role, 00476 &i_attr_val1, 00477 TRUE))) 00478 { 00479 rsbac_ds_get_error("rsbac_adf_request_fc()", A_fc_role); 00480 return(NOT_GRANTED); 00481 } 00482 /* if sec_officer, then grant */ 00483 if (i_attr_val1.system_role == SR_security_officer) 00484 return(GRANTED); 00485 /* For booting: if administrator and ioports, then grant */ 00486 if ( (i_attr_val1.system_role == SR_administrator) 00487 && (tid.scd == ST_ioports) ) 00488 return(GRANTED); 00489 else 00490 return(NOT_GRANTED); 00491 00492 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE 00493 /* switching Linux DAC */ 00494 case T_NONE: 00495 /* Security Officer? */ 00496 return fc_check_sysrole(owner, SR_security_officer); 00497 #endif 00498 00499 /* all other cases are unknown */ 00500 default: return(DO_NOT_CARE); 00501 } 00502 00503 case R_MODIFY_SYSTEM_DATA: 00504 switch(target) 00505 { 00506 case T_SCD: 00507 /* target rlimit? no problem, but needed -> grant */ 00508 if (tid.scd == ST_rlimit) 00509 return(GRANTED); 00510 /* Administrator? */ 00511 i_tid.user = owner; 00512 if ((err=rsbac_get_attr(FC, 00513 T_USER, 00514 i_tid, 00515 A_fc_role, 00516 &i_attr_val1, 00517 TRUE))) 00518 { 00519 rsbac_ds_get_error("rsbac_adf_request_fc()", A_fc_role); 00520 return(NOT_GRANTED); 00521 } 00522 /* if rsbaclog: grant only for secoff */ 00523 if(tid.scd == ST_rsbaclog) 00524 { 00525 if ( (i_attr_val1.system_role == SR_security_officer) 00526 || (i_attr_val1.system_role == SR_auditor) 00527 ) 00528 return(GRANTED); 00529 else 00530 return(NOT_GRANTED); 00531 } 00532 /* if administrator, then grant all other types */ 00533 if (i_attr_val1.system_role == SR_administrator) 00534 return(GRANTED); 00535 else 00536 return(NOT_GRANTED); 00537 00538 #ifdef CONFIG_RSBAC_FC_NET_DEV_PROT 00539 case T_NETDEV: 00540 return fc_check_sysrole(owner, SR_administrator); 00541 #endif 00542 00543 /* all other cases are unknown */ 00544 default: return(DO_NOT_CARE); 00545 } 00546 00547 case R_MOUNT: 00548 case R_UMOUNT: 00549 switch(target) 00550 { 00551 case T_FILE: 00552 case T_DIR: 00553 case T_DEV: 00554 /* test owner's fc_role */ 00555 if(fc_check_sysrole(owner, SR_administrator) == NOT_GRANTED) 00556 return NOT_GRANTED; 00557 00558 /* test access to dir */ 00559 return(check_role_fc(target,tid,owner)); 00560 00561 /* all other cases are unknown */ 00562 default: return(DO_NOT_CARE); 00563 } 00564 00565 case R_READ: 00566 switch(target) 00567 { 00568 case T_DIR: 00569 #ifdef CONFIG_RSBAC_RW 00570 case T_FILE: 00571 case T_FIFO: 00572 case T_IPC: 00573 #endif 00574 return(check_role_fc(target,tid,owner)); 00575 00576 #if defined(CONFIG_RSBAC_FC_NET_OBJ_PROT) 00577 case T_NETTEMP: 00578 if(fc_check_sysrole(owner, SR_security_officer) == GRANTED) 00579 return GRANTED; 00580 return fc_check_sysrole(owner, SR_administrator); 00581 00582 case T_NETOBJ: 00583 return(check_role_fc_netobj(request,tid,owner)); 00584 #endif 00585 00586 /* all other cases */ 00587 default: return(DO_NOT_CARE); 00588 } 00589 00590 case R_READ_ATTRIBUTE: 00591 switch(attr) 00592 { 00593 case A_system_role: 00594 case A_fc_role: 00595 case A_object_category: 00596 case A_local_object_category: 00597 case A_remote_object_category: 00598 #ifdef CONFIG_RSBAC_FC_GEN_PROT 00599 case A_log_array_low: 00600 case A_log_array_high: 00601 case A_log_program_based: 00602 case A_log_user_based: 00603 case A_symlink_add_uid: 00604 case A_symlink_add_rc_role: 00605 case A_linux_dac_disable: 00606 case A_fake_root_uid: 00607 #endif 00608 #ifdef CONFIG_RSBAC_FC_AUTH_PROT 00609 case A_auth_may_setuid: 00610 case A_auth_may_set_cap: 00611 case A_auth_start_uid: 00612 case A_auth_program_file: 00613 case A_auth_learn: 00614 #endif 00615 /* Security Officer? */ 00616 return fc_check_sysrole(owner, SR_security_officer); 00617 00618 default: 00619 return(DO_NOT_CARE); 00620 } 00621 00622 case R_READ_OPEN: 00623 switch(target) 00624 { 00625 case T_FILE: 00626 case T_DIR: 00627 case T_FIFO: 00628 case T_DEV: 00629 case T_IPC: 00630 return(check_role_fc(target,tid,owner)); 00631 00632 /* all other cases are unknown */ 00633 default: return(DO_NOT_CARE); 00634 } 00635 00636 case R_REMOVE_FROM_KERNEL: 00637 case R_SHUTDOWN: 00638 switch(target) 00639 { 00640 case T_NONE: 00641 /* test owner's fc_role */ 00642 return fc_check_sysrole(owner, SR_administrator); 00643 00644 /* all other cases are unknown */ 00645 default: return(DO_NOT_CARE); 00646 } 00647 00648 case R_SEARCH: 00649 switch(target) 00650 { 00651 case T_DIR: 00652 case T_SYMLINK: 00653 return(check_role_fc(target,tid,owner)); 00654 00655 /* all other cases are unknown */ 00656 default: return(DO_NOT_CARE); 00657 } 00658 00659 case R_SWITCH_LOG: 00660 switch(target) 00661 { 00662 case T_NONE: 00663 /* test owner's fc_role */ 00664 return fc_check_sysrole(owner, SR_security_officer); 00665 00666 /* all other cases are unknown */ 00667 default: return(DO_NOT_CARE); 00668 } 00669 00670 case R_SWITCH_MODULE: 00671 switch(target) 00672 { 00673 case T_NONE: 00674 /* we need the switch_target */ 00675 if(attr != A_switch_target) 00676 return(UNDEFINED); 00677 /* do not care for other modules */ 00678 if( (attr_val.switch_target != FC) 00679 #ifdef CONFIG_RSBAC_FC_AUTH_PROT 00680 && (attr_val.switch_target != AUTH) 00681 #endif 00682 #ifdef CONFIG_RSBAC_SOFTMODE 00683 && (attr_val.switch_target != SOFTMODE) 00684 #endif 00685 ) 00686 return(DO_NOT_CARE); 00687 /* test owner's fc_role */ 00688 return fc_check_sysrole(owner, SR_security_officer); 00689 00690 /* all other cases are unknown */ 00691 default: return(DO_NOT_CARE); 00692 } 00693 00694 case R_TRUNCATE: 00695 switch(target) 00696 { 00697 case T_FILE: 00698 return(check_role_fc(target,tid,owner)); 00699 00700 /* all other cases are unknown */ 00701 default: return(DO_NOT_CARE); 00702 } 00703 00704 case R_WRITE: 00705 switch(target) 00706 { 00707 case T_DIR: 00708 #ifdef CONFIG_RSBAC_RW 00709 case T_FILE: 00710 case T_FIFO: 00711 case T_DEV: 00712 case T_IPC: 00713 #endif 00714 return(check_role_fc(target,tid,owner)); 00715 00716 #if defined(CONFIG_RSBAC_FC_NET_OBJ_PROT) 00717 case T_NETTEMP: 00718 return fc_check_sysrole(owner, SR_security_officer); 00719 00720 case T_NETOBJ: 00721 return(check_role_fc_netobj(request,tid,owner)); 00722 #endif 00723 00724 /* all other cases are unknown */ 00725 default: return(DO_NOT_CARE); 00726 } 00727 00728 case R_WRITE_OPEN: 00729 switch(target) 00730 { 00731 case T_FILE: 00732 case T_FIFO: 00733 case T_DEV: 00734 case T_IPC: 00735 return(check_role_fc(target,tid,owner)); 00736 00737 /* all other cases are unknown */ 00738 default: return(DO_NOT_CARE); 00739 } 00740 00741 #ifdef CONFIG_RSBAC_FC_NET_OBJ_PROT 00742 case R_BIND: 00743 case R_LISTEN: 00744 case R_ACCEPT: 00745 case R_CONNECT: 00746 case R_SEND: 00747 case R_RECEIVE: 00748 switch(target) 00749 { 00750 case T_NETOBJ: 00751 return(check_role_fc_netobj(request,tid,owner)); 00752 00753 /* all other cases are unknown */ 00754 default: return(DO_NOT_CARE); 00755 } 00756 #endif 00757 00758 /*********************/ 00759 default: return DO_NOT_CARE; 00760 } 00761 00762 return(result); 00763 }; /* end of rsbac_adf_request_fc() */ 00764 00765 00766 /*****************************************************************************/ 00767 /* If the request returned granted and the operation is performed, */ 00768 /* the following function can be called by the AEF to get all aci set */ 00769 /* correctly. For write accesses that are performed fully within the kernel, */ 00770 /* this is usually not done to prevent extra calls, including R_CLOSE for */ 00771 /* cleaning up. Because of this, the write boundary is not adjusted - there */ 00772 /* is no user-level writing anyway... */ 00773 /* The second instance of target specification is the new target, if one has */ 00774 /* been created, otherwise its values are ignored. */ 00775 /* On success, 0 is returned, and an error from rsbac/error.h otherwise. */ 00776 00777 int rsbac_adf_set_attr_fc( 00778 enum rsbac_adf_request_t request, 00779 rsbac_pid_t caller_pid, 00780 enum rsbac_target_t target, 00781 union rsbac_target_id_t tid, 00782 enum rsbac_target_t new_target, 00783 union rsbac_target_id_t new_tid, 00784 enum rsbac_attribute_t attr, 00785 union rsbac_attribute_value_t attr_val, 00786 rsbac_uid_t owner) 00787 { 00788 int err; 00789 union rsbac_target_id_t i_tid; 00790 union rsbac_attribute_value_t i_attr_val1; 00791 union rsbac_attribute_value_t i_attr_val2; 00792 00793 switch (request) 00794 { 00795 case R_CREATE: 00796 switch(target) 00797 { 00798 case T_IPC: 00799 /* Get fc_role of process owner... */ 00800 i_tid.user = owner; 00801 if ((err=rsbac_get_attr(FC, 00802 T_USER, 00803 i_tid, 00804 A_fc_role, 00805 &i_attr_val1, 00806 TRUE))) 00807 { 00808 rsbac_ds_get_error("rsbac_adf_request_fc()", A_fc_role); 00809 return(-RSBAC_EREADFAILED); 00810 } 00811 /* Derive object_category for this ipc item from owner's */ 00812 /* fc_role */ 00813 switch (i_attr_val1.system_role) 00814 { 00815 case SR_user: 00816 return 0; 00817 case SR_security_officer: 00818 i_attr_val2.object_category = OC_security; 00819 break; 00820 case SR_administrator: 00821 i_attr_val2.object_category = OC_system; 00822 break; 00823 default: 00824 #ifdef CONFIG_RSBAC_RMSG 00825 rsbac_printk(KERN_WARNING 00826 "rsbac_adf_set_attr_fc(): invalid fc_role %i!\n", 00827 i_attr_val1.system_role); 00828 #endif 00829 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00830 if (!rsbac_nosyslog) 00831 #endif 00832 printk(KERN_WARNING 00833 "rsbac_adf_set_attr_fc(): invalid fc_role %i!\n", 00834 i_attr_val1.system_role); 00835 return 0; 00836 } 00837 /* set object_category for new IPC item */ 00838 if ((err=rsbac_set_attr(FC, 00839 target, 00840 tid, 00841 A_object_category, 00842 i_attr_val2))) 00843 { 00844 rsbac_ds_set_error("rsbac_adf_request_fc()", A_object_category); 00845 return(-RSBAC_EWRITEFAILED); 00846 } 00847 return(0); 00848 00849 #if defined(CONFIG_RSBAC_FC_NET_OBJ_PROT) 00850 case T_NETOBJ: 00851 /* Get fc_role of process owner... */ 00852 i_tid.user = owner; 00853 if ((err=rsbac_get_attr(FC, 00854 T_USER, 00855 i_tid, 00856 A_fc_role, 00857 &i_attr_val1, 00858 TRUE))) 00859 { 00860 rsbac_ds_get_error("rsbac_adf_request_fc()", A_fc_role); 00861 return(-RSBAC_EREADFAILED); 00862 } 00863 /* Derive local object_category for this ipc item from owner's */ 00864 /* fc_role */ 00865 switch (i_attr_val1.system_role) 00866 { 00867 case SR_user: 00868 return 0; 00869 case SR_security_officer: 00870 i_attr_val2.object_category = OC_security; 00871 break; 00872 case SR_administrator: 00873 i_attr_val2.object_category = OC_system; 00874 break; 00875 default: 00876 #ifdef CONFIG_RSBAC_RMSG 00877 rsbac_printk(KERN_WARNING 00878 "rsbac_adf_set_attr_fc(): invalid fc_role %i!\n", 00879 i_attr_val1.system_role); 00880 #endif 00881 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00882 if (!rsbac_nosyslog) 00883 #endif 00884 printk(KERN_WARNING 00885 "rsbac_adf_set_attr_fc(): invalid fc_role %i!\n", 00886 i_attr_val1.system_role); 00887 return 0; 00888 } 00889 /* set local object_category for new IPC item */ 00890 if ((err=rsbac_set_attr(FC, 00891 target, 00892 tid, 00893 A_local_object_category, 00894 i_attr_val2))) 00895 { 00896 rsbac_ds_set_error("rsbac_adf_request_fc()", A_local_object_category); 00897 return(-RSBAC_EWRITEFAILED); 00898 } 00899 return(0); 00900 #endif 00901 00902 /* all other cases are unknown */ 00903 default: 00904 return(0); 00905 } 00906 00907 00908 /*********************/ 00909 default: return(0); 00910 } 00911 00912 return(0); 00913 }; /* end of rsbac_adf_set_attr_fc() */ 00914 00915 /* end of rsbac/adf/fc/main.c */

Generated on Tue Aug 31 10:05:23 2004 for RSBAC by doxygen 1.3.8