00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
#include <linux/string.h>
00013
#include <rsbac/types.h>
00014
#include <rsbac/aci.h>
00015
#include <rsbac/adf_main.h>
00016
#include <rsbac/error.h>
00017
#include <rsbac/debug.h>
00018
#include <rsbac/helpers.h>
00019
#include <rsbac/getname.h>
00020
#include <rsbac/pm.h>
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
static rsbac_pm_purpose_id_t
00031 get_ipc_purpose(
struct rsbac_ipc_t ipc_id)
00032 {
00033
union rsbac_target_id_t i_tid;
00034
union rsbac_attribute_value_t i_attr_val1;
00035
00036
00037 i_tid.
ipc = ipc_id;
00038
if (
rsbac_get_attr(
PM,
00039
T_IPC,
00040 i_tid,
00041
A_pm_ipc_purpose,
00042 &i_attr_val1,
00043
FALSE))
00044 {
00045 printk(KERN_WARNING
00046
"get_ipc_purpose(): rsbac_get_attr() returned error!\n");
00047
return(0);
00048 }
00049
return(i_attr_val1.
pm_ipc_purpose);
00050 }
00051
00052
static enum rsbac_adf_req_ret_t
00053 tp_check(
rsbac_pid_t caller_pid)
00054 {
00055
union rsbac_target_id_t i_tid;
00056
union rsbac_attribute_value_t i_attr_val1;
00057
00058
00059 i_tid.
process = caller_pid;
00060
if (
rsbac_get_attr(
PM,
00061
T_PROCESS,
00062 i_tid,
00063
A_pm_process_type,
00064 &i_attr_val1,
00065
FALSE))
00066 {
00067 printk(KERN_WARNING
00068
"tp_check(): rsbac_get_attr() returned error!\n");
00069
return(
NOT_GRANTED);
00070 }
00071
if(i_attr_val1.
pm_process_type ==
PP_TP)
00072
return(
NOT_GRANTED);
00073
else
00074
return(
DO_NOT_CARE);
00075 };
00076
00077
00078
00079
00080
00081
static enum rsbac_adf_req_ret_t
00082 na_and_pp_or_cs(
rsbac_pid_t caller_pid,
00083
struct rsbac_fs_file_t file,
00084
rsbac_pm_accesses_t acc)
00085 {
00086
rsbac_pm_task_id_t task;
00087
rsbac_pm_object_class_id_t object_class;
00088
rsbac_pm_tp_id_t tp;
00089
union rsbac_target_id_t i_tid;
00090
union rsbac_attribute_value_t i_attr_val1;
00091
union rsbac_pm_target_id_t i_pm_tid;
00092
union rsbac_pm_data_value_t i_data_val1;
00093
union rsbac_pm_data_value_t i_data_val2;
00094
union rsbac_pm_set_id_t i_pm_set_id;
00095
union rsbac_pm_set_member_t i_pm_set_member;
00096
int error;
00097
00098
00099 i_tid.file = file;
00100
if (
rsbac_get_attr(
PM,
00101
T_FILE,
00102 i_tid,
00103
A_pm_object_class,
00104 &i_attr_val1,
00105
FALSE))
00106 {
00107 printk(KERN_WARNING
00108
"na_and_pp_or_cs(): rsbac_get_attr() returned error!\n");
00109
return(
NOT_GRANTED);
00110 }
00111 object_class = i_attr_val1.
pm_object_class;
00112
00113
00114
00115
if(!object_class)
00116 {
00117
#ifdef CONFIG_RSBAC_DEBUG
00118
if(rsbac_debug_adf_pm)
00119 printk(KERN_WARNING
00120
"na_and_pp_or_cs(): personal_data with NIL class!\n");
00121
#endif
00122
return(
NOT_GRANTED);
00123 }
00124
00125
00126 i_tid.
process = caller_pid;
00127
if (
rsbac_get_attr(
PM,
00128
T_PROCESS,
00129 i_tid,
00130
A_pm_current_task,
00131 &i_attr_val1,
00132
FALSE))
00133 {
00134 printk(KERN_WARNING
00135
"na_and_pp_or_cs(): rsbac_get_attr() returned error!\n");
00136
return(
NOT_GRANTED);
00137 }
00138 task = i_attr_val1.
pm_current_task;
00139
if(!task)
00140 {
00141
#ifdef CONFIG_RSBAC_DEBUG
00142
if(rsbac_debug_adf_pm)
00143 printk(KERN_DEBUG
00144
"na_and_pp_or_cs(): no current_task for calling process trying to access personal_data\n");
00145
#endif
00146
return(
NOT_GRANTED);
00147 }
00148
00149
00150
if (
rsbac_get_attr(
PM,
00151
T_PROCESS,
00152 i_tid,
00153
A_pm_tp,
00154 &i_attr_val1,
00155
FALSE))
00156 {
00157 printk(KERN_WARNING
00158
"na_and_pp_or_cs(): rsbac_get_attr() returned error!\n");
00159
return(
NOT_GRANTED);
00160 }
00161 tp = i_attr_val1.
pm_tp;
00162
if(!tp)
00163 {
00164
#ifdef CONFIG_RSBAC_DEBUG
00165
if(rsbac_debug_adf_pm)
00166 printk(KERN_DEBUG
00167
"na_and_pp_or_cs(): calling process trying to access personal_data has no TP-id\n");
00168
#endif
00169
return(
NOT_GRANTED);
00170 }
00171
00172
00173 i_pm_tid.na.task = task;
00174 i_pm_tid.na.object_class = object_class;
00175 i_pm_tid.na.tp = tp;
00176
if ((error =
rsbac_pm_get_data(PMT_NA,
00177 i_pm_tid,
00178 PD_accesses,
00179 &i_data_val1)))
00180 {
00181
if(error != -
RSBAC_EINVALIDTARGET)
00182 printk(KERN_WARNING
00183
"na_and_pp_or_cs(): rsbac_pm_get_data() returned error %i!\n",
00184 error);
00185
return(
NOT_GRANTED);
00186 }
00187
00188
if((acc & i_data_val1.accesses) != acc)
00189 {
00190
#ifdef CONFIG_RSBAC_DEBUG
00191
if(rsbac_debug_adf_pm)
00192 printk(KERN_DEBUG
00193
"na_and_pp_or_cs(): requested access mode is not necessary\n");
00194
#endif
00195
return(
NOT_GRANTED);
00196 }
00197
00198
00199
00200
00201
00202 i_pm_tid.task = task;
00203
if ((error =
rsbac_pm_get_data(PMT_TASK,
00204 i_pm_tid,
00205 PD_purpose,
00206 &i_data_val1)))
00207 {
00208 printk(KERN_WARNING
00209
"na_and_pp_or_cs(): rsbac_get_data() for current_TASK/purpose returned error %i!\n",
00210 error);
00211
return(
NOT_GRANTED);
00212 }
00213
if(!i_data_val1.purpose)
00214 {
00215 printk(KERN_WARNING
00216
"na_and_pp_or_cs(): task %i has NIL purpose!\n",task);
00217
return(
NOT_GRANTED);
00218 }
00219
00220 i_pm_tid.object_class = object_class;
00221
if ((error =
rsbac_pm_get_data(PMT_CLASS,
00222 i_pm_tid,
00223 PD_pp_set,
00224 &i_data_val2)))
00225 {
00226
if(error != -
RSBAC_EINVALIDTARGET)
00227 printk(KERN_WARNING
00228
"na_and_pp_or_cs(): rsbac_pm_get_data() returned error %i!\n",
00229 error);
00230
return(
NOT_GRANTED);
00231 }
00232
00233 i_pm_set_id.pp_set = i_data_val2.pp_set;
00234 i_pm_set_member.pp = i_data_val1.purpose;
00235
if (!
rsbac_pm_set_member(PS_PP,i_pm_set_id,i_pm_set_member))
00236 {
00237
#ifdef CONFIG_RSBAC_DEBUG
00238
if(rsbac_debug_adf_pm)
00239 printk(KERN_DEBUG
00240
"na_and_pp_or_cs(): purpose of current_task of calling process is NOT in purpose set of class of file -> trying consent\n");
00241
#endif
00242
i_pm_tid.cs.purpose = i_data_val1.purpose;
00243 i_pm_tid.cs.file = file;
00244
if(!
rsbac_pm_exists(PMT_CS,i_pm_tid))
00245 {
00246
#ifdef CONFIG_RSBAC_DEBUG
00247
if(rsbac_debug_adf_pm)
00248 printk(KERN_DEBUG
00249
"na_and_pp_or_cs(): there is no consent for this purpose for file\n");
00250
#endif
00251
return(
NOT_GRANTED);
00252 }
00253 }
00254
00255
00256
00257
00258
00259
00260
if( (acc &
RSBAC_PM_A_READ)
00261 && !
rsbac_pm_pp_superset(i_pm_set_id.pp_set, caller_pid) )
00262 {
00263
#ifdef CONFIG_RSBAC_DEBUG
00264
if(rsbac_debug_adf_pm)
00265 printk(KERN_DEBUG
00266
"na_and_pp_or_cs(): failed information flow check for read access\n");
00267
#endif
00268
return(
NOT_GRANTED);
00269 }
00270
00271
00272
00273
00274
if( (acc &
RSBAC_PM_A_WRITE_TO_FILE)
00275 && !
rsbac_pm_pp_subset(i_pm_set_id.pp_set, caller_pid) )
00276 {
00277
#ifdef CONFIG_RSBAC_DEBUG
00278
if(rsbac_debug_adf_pm)
00279 printk(KERN_DEBUG
00280
"na_and_pp_or_cs(): failed information flow check for write access\n");
00281
#endif
00282
return(
NOT_GRANTED);
00283 }
00284
00285
00286
return(
GRANTED);
00287 }
00288
00289
00290
static enum rsbac_adf_req_ret_t
00291 na_and_pp_ipc(
rsbac_pm_task_id_t task,
00292
rsbac_pid_t caller_pid,
00293
rsbac_pm_accesses_t acc,
00294
struct rsbac_ipc_t ipc_id)
00295 {
00296
rsbac_pm_tp_id_t tp;
00297
union rsbac_target_id_t i_tid;
00298
union rsbac_attribute_value_t i_attr_val1;
00299
union rsbac_pm_target_id_t i_pm_tid;
00300
union rsbac_pm_data_value_t i_data_val1;
00301
union rsbac_pm_set_id_t i_pm_set_id;
00302
union rsbac_pm_set_member_t i_pm_set_member;
00303
int error;
00304
00305
if(!task)
00306
return(
NOT_GRANTED);
00307
00308
00309 i_tid.
process = caller_pid;
00310
if (
rsbac_get_attr(
PM,
00311
T_PROCESS,
00312 i_tid,
00313
A_pm_tp,
00314 &i_attr_val1,
00315
FALSE))
00316 {
00317 printk(KERN_WARNING
00318
"na_and_pp_ipc(): rsbac_get_attr() returned error!\n");
00319
return(
NOT_GRANTED);
00320 }
00321 tp = i_attr_val1.
pm_tp;
00322
if(!tp)
00323 {
00324
#ifdef CONFIG_RSBAC_DEBUG
00325
if(rsbac_debug_adf_pm)
00326 printk(KERN_DEBUG
00327
"na_and_pp_ipc(): calling process trying to access ipc has task, but no TP-id\n");
00328
#endif
00329
return(
NOT_GRANTED);
00330 }
00331
return(
NOT_GRANTED);
00332
00333
00334 i_pm_tid.na.task = task;
00335 i_pm_tid.na.object_class =
RSBAC_PM_IPC_OBJECT_CLASS_ID;
00336 i_pm_tid.na.tp = tp;
00337
if ((error =
rsbac_pm_get_data(PMT_NA,
00338 i_pm_tid,
00339 PD_accesses,
00340 &i_data_val1)))
00341 {
00342
if(error != -
RSBAC_EINVALIDTARGET)
00343 printk(KERN_WARNING
00344
"na_and_pp_ipc(): rsbac_pm_get_data() returned error %i!\n",
00345 error);
00346
return(
NOT_GRANTED);
00347 }
00348
00349
if((acc & i_data_val1.accesses) != acc)
00350 {
00351
#ifdef CONFIG_RSBAC_DEBUG
00352
if(rsbac_debug_adf_pm)
00353 printk(KERN_DEBUG
00354
"na_and_pp_ipc(): requested access mode is not necessary\n");
00355
#endif
00356
return(
NOT_GRANTED);
00357 }
00358
00359
00360
00361 i_pm_tid.task = task;
00362
if ((error =
rsbac_pm_get_data(PMT_TASK,
00363 i_pm_tid,
00364 PD_purpose,
00365 &i_data_val1)))
00366 {
00367 printk(KERN_WARNING
00368
"na_and_pp_ipc(): rsbac_get_data() for current_TASK/purpose returned error %i!\n",
00369 error);
00370
return(
NOT_GRANTED);
00371 }
00372
if(!i_data_val1.purpose)
00373 {
00374 printk(KERN_WARNING
00375
"na_and_pp_ipc(): task %i has NIL purpose!\n",task);
00376
return(
NOT_GRANTED);
00377 }
00378
00379 i_tid.
ipc = ipc_id;
00380
if (
rsbac_get_attr(
PM,
00381
T_IPC,
00382 i_tid,
00383
A_pm_ipc_purpose,
00384 &i_attr_val1,
00385
FALSE))
00386 {
00387 printk(KERN_WARNING
00388
"na_and_pp_ipc(): rsbac_get_attr() returned error!\n");
00389
return(
NOT_GRANTED);
00390 }
00391
00392
00393
00394
if (!( (i_data_val1.purpose == i_attr_val1.
pm_ipc_purpose)
00395 || (!i_data_val1.purpose && !(acc &
RSBAC_PM_A_WRITING) ) ) )
00396 {
00397
#ifdef CONFIG_RSBAC_DEBUG
00398
if(rsbac_debug_adf_pm)
00399 printk(KERN_DEBUG
00400
"na_and_pp_ipc(): purpose of current_task of calling process is NOT ipc_purpose\n");
00401
#endif
00402
return(
NOT_GRANTED);
00403 }
00404
00405
00406
00407
00408
00409
if( (acc &
RSBAC_PM_A_READ)
00410 && i_attr_val1.
pm_ipc_purpose
00411 && !
rsbac_pm_pp_only(i_attr_val1.
pm_ipc_purpose, caller_pid) )
00412 {
00413
#ifdef CONFIG_RSBAC_DEBUG
00414
if(rsbac_debug_adf_pm)
00415 printk(KERN_DEBUG
00416
"na_and_pp_ipc(): failed information flow check for read access\n");
00417
#endif
00418
return(
NOT_GRANTED);
00419 }
00420
00421
00422
00423
00424
if(acc &
RSBAC_PM_A_WRITE_TO_FILE)
00425 {
00426 i_pm_set_id.in_pp_set = caller_pid;
00427 i_pm_set_member.pp = i_attr_val1.
pm_ipc_purpose;
00428
if (!
rsbac_pm_set_member(PS_IN_PP, i_pm_set_id, i_pm_set_member) )
00429 {
00430
#ifdef CONFIG_RSBAC_DEBUG
00431
if(rsbac_debug_adf_pm)
00432 printk(KERN_DEBUG
00433
"na_and_pp_or_cs(): failed information flow check for write access\n");
00434
#endif
00435
return(
NOT_GRANTED);
00436 }
00437 }
00438
00439
return(
GRANTED);
00440 }
00441
00442
00443
static enum rsbac_adf_req_ret_t
00444 na_ipc(
rsbac_pm_task_id_t task,
00445
rsbac_pid_t caller_pid,
00446
rsbac_pm_accesses_t acc)
00447 {
00448
rsbac_pm_tp_id_t tp;
00449
union rsbac_target_id_t i_tid;
00450
union rsbac_attribute_value_t i_attr_val1;
00451
union rsbac_pm_target_id_t i_pm_tid;
00452
union rsbac_pm_data_value_t i_data_val1;
00453
int error;
00454
00455
if(!task)
00456
return(
NOT_GRANTED);
00457
00458
00459 i_tid.
process = caller_pid;
00460
if (
rsbac_get_attr(
PM,
00461
T_PROCESS,
00462 i_tid,
00463
A_pm_tp,
00464 &i_attr_val1,
00465
FALSE))
00466 {
00467 printk(KERN_WARNING
00468
"na_ipc(): rsbac_get_attr() returned error!\n");
00469
return(
NOT_GRANTED);
00470 }
00471 tp = i_attr_val1.
pm_tp;
00472
if(!tp)
00473
return(
NOT_GRANTED);
00474
00475
00476 i_pm_tid.na.task = task;
00477 i_pm_tid.na.object_class =
RSBAC_PM_IPC_OBJECT_CLASS_ID;
00478 i_pm_tid.na.tp = tp;
00479
if ((error =
rsbac_pm_get_data(PMT_NA,
00480 i_pm_tid,
00481 PD_accesses,
00482 &i_data_val1)))
00483 {
00484
if(error != -
RSBAC_EINVALIDTARGET)
00485 printk(KERN_WARNING
00486
"na_ipc(): rsbac_pm_get_data() returned error %i!\n",
00487 error);
00488
return(
NOT_GRANTED);
00489 }
00490
00491
if((acc & i_data_val1.accesses) == acc)
00492
return(
GRANTED);
00493
else
00494
return(
NOT_GRANTED);
00495 }
00496
00497
static enum rsbac_adf_req_ret_t
00498 na_dev(
rsbac_pid_t caller_pid,
00499
rsbac_pm_accesses_t acc,
00500
struct rsbac_dev_t dev)
00501 {
00502
rsbac_pm_tp_id_t tp;
00503
rsbac_pm_task_id_t task;
00504
rsbac_pm_object_class_id_t object_class;
00505
union rsbac_target_id_t i_tid;
00506
union rsbac_attribute_value_t i_attr_val1;
00507
union rsbac_pm_target_id_t i_pm_tid;
00508
union rsbac_pm_data_value_t i_data_val1;
00509
int error;
00510
00511 i_tid.
process = caller_pid;
00512
if (
rsbac_get_attr(
PM,
00513
T_PROCESS,
00514 i_tid,
00515
A_pm_current_task,
00516 &i_attr_val1,
00517
FALSE))
00518 {
00519 printk(KERN_WARNING
00520
"na_dev(): rsbac_get_attr() returned error!\n");
00521
return(
NOT_GRANTED);
00522 }
00523 task = i_attr_val1.
pm_current_task;
00524
00525
if(!task)
00526 {
00527
return(
NOT_GRANTED);
00528 }
00529
00530
00531 i_tid.
process = caller_pid;
00532
if (
rsbac_get_attr(
PM,
00533
T_PROCESS,
00534 i_tid,
00535
A_pm_tp,
00536 &i_attr_val1,
00537
FALSE))
00538 {
00539 printk(KERN_WARNING
00540
"na_dev(): rsbac_get_attr() returned error!\n");
00541
return(
NOT_GRANTED);
00542 }
00543 tp = i_attr_val1.
pm_tp;
00544
if(!tp)
00545
return(
NOT_GRANTED);
00546
00547
00548 i_tid.dev = dev;
00549
if (
rsbac_get_attr(
PM,
00550
T_DEV,
00551 i_tid,
00552
A_pm_object_class,
00553 &i_attr_val1,
00554
FALSE))
00555 {
00556 printk(KERN_WARNING
00557
"na_dev(): rsbac_get_attr() returned error!\n");
00558
return(
NOT_GRANTED);
00559 }
00560 object_class = i_attr_val1.
pm_object_class;
00561
00562
00563 i_pm_tid.na.task = task;
00564 i_pm_tid.na.object_class = object_class;
00565 i_pm_tid.na.tp = tp;
00566
if ((error =
rsbac_pm_get_data(PMT_NA,
00567 i_pm_tid,
00568 PD_accesses,
00569 &i_data_val1)))
00570 {
00571
if(error != -
RSBAC_EINVALIDTARGET)
00572 printk(KERN_WARNING
00573
"na_dev(): rsbac_pm_get_data() returned error %i!\n",
00574 error);
00575
return(
NOT_GRANTED);
00576 }
00577
00578
if((acc & i_data_val1.accesses) == acc)
00579
return(
GRANTED);
00580
else
00581
return(
NOT_GRANTED);
00582 }
00583
00584
00585
00586
00587
static int
00588 adjust_in_out_pp(
rsbac_pid_t caller_pid,
00589
enum rsbac_target_t target,
00590
struct rsbac_fs_file_t file,
00591
rsbac_pm_accesses_t acc)
00592 {
00593
rsbac_pm_object_class_id_t object_class;
00594
union rsbac_target_id_t i_tid;
00595
union rsbac_attribute_value_t i_attr_val1;
00596
union rsbac_pm_target_id_t i_pm_tid;
00597
union rsbac_pm_data_value_t i_data_val1;
00598
int error;
00599
00600
00601 i_tid.file = file;
00602
if (
rsbac_get_attr(
PM,
00603 target,
00604 i_tid,
00605
A_pm_object_type,
00606 &i_attr_val1,
00607
FALSE))
00608 {
00609 printk(KERN_WARNING
00610
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
00611
return(-
RSBAC_EREADFAILED);
00612 }
00613
00614
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
00615
return(0);
00616
00617
00618
00619 i_tid.file = file;
00620
if (
rsbac_get_attr(
PM,
00621 target,
00622 i_tid,
00623
A_pm_object_class,
00624 &i_attr_val1,
00625
FALSE))
00626 {
00627 printk(KERN_WARNING
00628
"adjust_in_out_pp(): rsbac_get_attr() returned error!\n");
00629
return(-
RSBAC_EREADFAILED);
00630 }
00631 object_class = i_attr_val1.
pm_object_class;
00632
00633
00634
00635
if(!object_class)
00636 {
00637
#ifdef CONFIG_RSBAC_DEBUG
00638
if(rsbac_debug_adf_pm)
00639 printk(KERN_WARNING
00640
"adjust_in_out_pp(): personal_data with NIL class!\n");
00641
#endif
00642
return(-
RSBAC_EINVALIDVALUE);
00643 }
00644
00645
00646 i_pm_tid.object_class = object_class;
00647
if ((error =
rsbac_pm_get_data(PMT_CLASS,
00648 i_pm_tid,
00649 PD_pp_set,
00650 &i_data_val1)))
00651 {
00652
if(error != -
RSBAC_EINVALIDTARGET)
00653 printk(KERN_WARNING
00654
"adjust_in_out_pp(): rsbac_pm_get_data() returned error %i!\n",
00655 error);
00656
else
00657 printk(KERN_WARNING
00658
"adjust_in_out_pp(): class %i of file does not exist!\n",
00659 object_class);
00660
return(-
RSBAC_EREADFAILED);
00661 }
00662
00663
00664
00665
00666
00667
00668
if( (acc &
RSBAC_PM_A_READ)
00669 &&
rsbac_pm_pp_intersec(i_data_val1.pp_set, caller_pid) )
00670 {
00671 printk(KERN_WARNING
00672
"adjust_in_out_pp(): call to rsbac_pm_pp_intersec failed\n");
00673 error = -
RSBAC_EWRITEFAILED;
00674 }
00675
00676
00677
00678
00679
if( (acc &
RSBAC_PM_A_WRITE_TO_FILE)
00680 &&
rsbac_pm_pp_union(i_data_val1.pp_set, caller_pid) )
00681 {
00682 printk(KERN_WARNING
00683
"adjust_in_out_pp(): call to rsbac_pm_pp_union failed\n");
00684 error = -
RSBAC_EWRITEFAILED;
00685 }
00686
00687
00688
return(error);
00689 }
00690
00691
00692
00693
00694
static int
00695 adjust_in_out_pp_ipc(
rsbac_pid_t caller_pid,
00696
struct rsbac_ipc_t ipc,
00697
rsbac_pm_accesses_t acc)
00698 {
00699
union rsbac_pm_set_id_t i_pm_set_id;
00700
union rsbac_pm_set_member_t i_pm_set_member;
00701
rsbac_pm_purpose_id_t i_pm_pp;
00702
int error = 0;
00703
00704
00705 i_pm_pp =
get_ipc_purpose(ipc);
00706
00707
00708
if(!i_pm_pp)
00709
return(0);
00710
00711
00712
00713
00714
00715
00716
00717
if(acc &
RSBAC_PM_A_READ)
00718 {
00719 i_pm_set_id.in_pp_set = caller_pid;
00720
00721
if( !
rsbac_pm_set_exist(PS_IN_PP, i_pm_set_id)
00722 &&
rsbac_pm_create_set(PS_IN_PP, i_pm_set_id) )
00723 {
00724 printk(KERN_WARNING
00725
"adjust_in_out_pp_ipc(): call to rsbac_pm_create_set returned error\n");
00726 error = -
RSBAC_EWRITEFAILED;
00727 }
00728
if(
rsbac_pm_clear_set(PS_IN_PP, i_pm_set_id) )
00729 {
00730 printk(KERN_WARNING
00731
"adjust_in_out_pp_ipc(): call to rsbac_pm_clear_set returned error\n");
00732 error = -
RSBAC_EWRITEFAILED;
00733 }
00734 i_pm_set_member.pp = i_pm_pp;
00735
if(
rsbac_pm_add_to_set(PS_IN_PP, i_pm_set_id, i_pm_set_member) )
00736 {
00737 printk(KERN_WARNING
00738
"adjust_in_out_pp_ipc(): call to rsbac_pm_add_to_set returned error\n");
00739 error = -
RSBAC_EWRITEFAILED;
00740 }
00741 }
00742
00743
00744
00745
00746
00747
if(acc &
RSBAC_PM_A_WRITE_TO_FILE)
00748 {
00749 i_pm_set_id.out_pp_set = caller_pid;
00750
00751
if( !
rsbac_pm_set_exist(PS_OUT_PP, i_pm_set_id)
00752 &&
rsbac_pm_create_set(PS_OUT_PP, i_pm_set_id) )
00753 {
00754 printk(KERN_WARNING
00755
"adjust_in_out_pp_ipc(): call to rsbac_pm_create_set returned error\n");
00756 error = -
RSBAC_EWRITEFAILED;
00757 }
00758
00759 i_pm_set_member.pp = i_pm_pp;
00760
if(
rsbac_pm_add_to_set(PS_OUT_PP, i_pm_set_id, i_pm_set_member) )
00761 {
00762 printk(KERN_WARNING
00763
"adjust_in_out_pp_ipc(): call to rsbac_pm_add_to_set returned error\n");
00764 error = -
RSBAC_EWRITEFAILED;
00765 }
00766 }
00767
00768
00769
return(error);
00770 }
00771
00772
00773
00774
00775
00776
00777
enum rsbac_adf_req_ret_t
00778 rsbac_adf_request_pm (
enum rsbac_adf_request_t request,
00779
rsbac_pid_t caller_pid,
00780
enum rsbac_target_t target,
00781
union rsbac_target_id_t tid,
00782
enum rsbac_attribute_t attr,
00783
union rsbac_attribute_value_t attr_val,
00784
rsbac_uid_t owner)
00785 {
00786
enum rsbac_adf_req_ret_t result =
DO_NOT_CARE;
00787
union rsbac_target_id_t i_tid;
00788
union rsbac_attribute_value_t i_attr_val1;
00789
union rsbac_attribute_value_t i_attr_val2;
00790
union rsbac_pm_target_id_t i_pm_tid;
00791
union rsbac_pm_data_value_t i_data_val1;
00792
union rsbac_pm_set_id_t i_pm_set_id;
00793
union rsbac_pm_set_member_t i_pm_set_member;
00794
rsbac_pm_purpose_id_t i_pm_pp;
00795
int error;
00796
00797
switch (request)
00798 {
00799
case R_ADD_TO_KERNEL:
00800
switch(target)
00801 {
00802
case T_NONE:
00803
00804 i_tid.
user = owner;
00805
if (
rsbac_get_attr(
PM,
00806
T_USER,
00807 i_tid,
00808
A_pm_role,
00809 &i_attr_val1,
00810
TRUE))
00811 {
00812 printk(KERN_WARNING
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
00813
return(
NOT_GRANTED);
00814 }
00815
00816
if (i_attr_val1.
pm_role !=
PR_system_admin)
00817
return(
NOT_GRANTED);
00818
else
00819
return(
GRANTED);
00820
00821
00822
default:
00823
return(
DO_NOT_CARE);
00824 }
00825
00826
case R_ALTER:
00827
00828
if (target ==
T_IPC)
00829
return (
DO_NOT_CARE);
00830
else
00831
00832
return (
DO_NOT_CARE);
00833
break;
00834
00835
case R_APPEND_OPEN:
00836
switch(target)
00837 {
00838
case T_FILE:
00839
case T_FIFO:
00840
00841
if (
rsbac_get_attr(
PM,
00842 target,
00843 tid,
00844
A_pm_object_type,
00845 &i_attr_val1,
00846
FALSE))
00847 {
00848 printk(KERN_WARNING
00849
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
00850
return(
NOT_GRANTED);
00851 }
00852
00853
if(i_attr_val1.
pm_object_type ==
PO_TP)
00854
return(
NOT_GRANTED);
00855
00856
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
00857
return(
tp_check(caller_pid));
00858
00859
00860
00861
return(
na_and_pp_or_cs(caller_pid,
00862 tid.file,
00863
RSBAC_PM_A_APPEND));
00864
break;
00865
00866
00867
case T_DEV:
00868
return(
DO_NOT_CARE);
00869
00870
case T_IPC:
00871
00872 i_pm_pp =
get_ipc_purpose(tid.
ipc);
00873
00874
if(!i_pm_pp)
00875 {
00876
00877 i_tid.
process = caller_pid;
00878
if (
rsbac_get_attr(
PM,
00879
T_PROCESS,
00880 i_tid,
00881
A_pm_process_type,
00882 &i_attr_val1,
00883
FALSE))
00884 {
00885 printk(KERN_WARNING
00886
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
00887
return(
NOT_GRANTED);
00888 }
00889
if(i_attr_val1.
pm_process_type ==
PP_TP)
00890
return(
NOT_GRANTED);
00891
else
00892
return(
GRANTED);
00893 }
00894
00895
00896 i_tid.
process = caller_pid;
00897
if (
rsbac_get_attr(
PM,
00898
T_PROCESS,
00899 i_tid,
00900
A_pm_current_task,
00901 &i_attr_val1,
00902
FALSE))
00903 {
00904 printk(KERN_WARNING
00905
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
00906
return(
NOT_GRANTED);
00907 }
00908
00909
if(!i_attr_val1.
pm_current_task)
00910 {
00911
return(
NOT_GRANTED);
00912 }
00913
00914
return(
na_and_pp_ipc(i_attr_val1.
pm_current_task,
00915 caller_pid,
00916
RSBAC_PM_A_APPEND,
00917 tid.
ipc));
00918
break;
00919
00920
00921
default:
return(
DO_NOT_CARE);
00922 }
00923
00924
case R_CHANGE_GROUP:
00925
switch(target)
00926 {
00927
00928
00929
default:
return(
DO_NOT_CARE);
00930 }
00931
00932
case R_CHANGE_OWNER:
00933
switch(target)
00934 {
00935
case T_FILE:
00936
case T_FIFO:
00937
case T_SYMLINK:
00938
00939
if (
rsbac_get_attr(
PM,
00940 target,
00941 tid,
00942
A_pm_object_type,
00943 &i_attr_val1,
00944
FALSE))
00945 {
00946 printk(KERN_WARNING
00947
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
00948
return(
NOT_GRANTED);
00949 }
00950
00951
if( (i_attr_val1.
pm_object_type ==
PO_TP)
00952 || (i_attr_val1.
pm_object_type ==
PO_personal_data))
00953
return(
NOT_GRANTED);
00954
else
00955
return(
GRANTED);
00956
break;
00957
00958
00959
00960
00961
00962
case T_PROCESS:
00963
#ifdef CONFIG_RSBAC_PM_ROLE_PROT
00964
00965
if (attr != A_owner)
00966
return(
UNDEFINED);
00967
00968 i_tid.
user = owner;
00969
if (
rsbac_get_attr(
PM,
00970
T_USER,
00971 i_tid,
00972
A_pm_role,
00973 &i_attr_val1,
00974
TRUE))
00975 {
00976 printk(KERN_WARNING
00977
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
00978
return(
NOT_GRANTED);
00979 }
00980
00981
if (i_attr_val1.
pm_role !=
PR_user)
00982 {
00983
00984 i_tid.
user = attr_val.
owner;
00985
if (
rsbac_get_attr(
PM,
00986
T_USER,
00987 i_tid,
00988
A_pm_role,
00989 &i_attr_val2,
00990
TRUE))
00991 {
00992 printk(KERN_WARNING
00993
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
00994
return(
NOT_GRANTED);
00995 }
00996
00997
00998
if( (i_attr_val2.
pm_role !=
PR_user)
00999 && (i_attr_val1.
pm_role != i_attr_val2.
pm_role)
01000 )
01001
return(
NOT_GRANTED);
01002 }
01003
01004
#endif
01005
01006
01007 i_tid.
process = caller_pid;
01008
if (
rsbac_get_attr(
PM,
01009
T_PROCESS,
01010 i_tid,
01011
A_pm_current_task,
01012 &i_attr_val1,
01013
FALSE))
01014 {
01015 printk(KERN_WARNING
01016
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01017
return(
NOT_GRANTED);
01018 }
01019
01020
if(!i_attr_val1.
pm_current_task)
01021
return(
GRANTED);
01022
01023
01024 i_tid.
user = owner;
01025
if (
rsbac_get_attr(
PM,
01026
T_USER,
01027 i_tid,
01028
A_pm_task_set,
01029 &i_attr_val2,
01030
FALSE))
01031 {
01032 printk(KERN_WARNING
01033
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01034
return(
NOT_GRANTED);
01035 }
01036
01037
if(!i_attr_val2.
pm_task_set)
01038
return(
NOT_GRANTED);
01039
01040
01041 i_pm_set_id.task_set = i_attr_val2.
pm_task_set;
01042 i_pm_set_member.task = i_attr_val1.
pm_current_task;
01043
if (
rsbac_pm_set_member(PS_TASK,i_pm_set_id,i_pm_set_member))
01044
return(
GRANTED);
01045
01046
else
01047
return(
NOT_GRANTED);
01048
01049
01050
case T_DIR:
01051
case T_IPC:
01052
case T_NONE:
01053
return(
DO_NOT_CARE);
01054
01055
default:
01056
return(
DO_NOT_CARE);
01057 }
01058
01059
case R_CLONE:
01060
if (target ==
T_PROCESS)
01061 {
01062
01063 i_tid.
process = caller_pid;
01064
if (
rsbac_get_attr(
PM,
01065
T_PROCESS,
01066 i_tid,
01067
A_pm_process_type,
01068 &i_attr_val1,
01069
FALSE))
01070 {
01071 printk(KERN_WARNING
01072
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01073
return(
NOT_GRANTED);
01074 }
01075
01076
if(i_attr_val1.
pm_process_type ==
PP_none)
01077
return(
GRANTED);
01078
else
01079
return(
NOT_GRANTED);
01080 }
01081
else
01082
return(
DO_NOT_CARE);
01083
01084
case R_CREATE:
01085
switch(target)
01086 {
01087
01088
case T_DIR:
01089
01090 i_tid.
process = caller_pid;
01091
if (
rsbac_get_attr(
PM,
01092
T_PROCESS,
01093 i_tid,
01094
A_pm_process_type,
01095 &i_attr_val1,
01096
FALSE))
01097 {
01098 printk(KERN_WARNING
01099
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01100
return(
NOT_GRANTED);
01101 }
01102
01103
if(i_attr_val1.
pm_process_type !=
PP_TP)
01104
return(
DO_NOT_CARE);
01105
01106
01107 i_tid.
process = caller_pid;
01108
if (
rsbac_get_attr(
PM,
01109
T_PROCESS,
01110 i_tid,
01111
A_pm_current_task,
01112 &i_attr_val1,
01113
FALSE))
01114 {
01115 printk(KERN_WARNING
01116
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01117
return(
NOT_GRANTED);
01118 }
01119
if(!i_attr_val1.
pm_current_task)
01120 {
01121
#ifdef CONFIG_RSBAC_DEBUG
01122
if(rsbac_debug_adf_pm)
01123 printk(KERN_DEBUG
01124
"rsbac_adf_request_pm(): no current_task for calling process trying to access personal_data\n");
01125
#endif
01126
return(
NOT_GRANTED);
01127 }
01128
01129
01130
if (
rsbac_get_attr(
PM,
01131
T_PROCESS,
01132 i_tid,
01133
A_pm_tp,
01134 &i_attr_val2,
01135
FALSE))
01136 {
01137 printk(KERN_WARNING
01138
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01139
return(
NOT_GRANTED);
01140 }
01141
if(!i_attr_val2.
pm_tp)
01142 {
01143
#ifdef CONFIG_RSBAC_DEBUG
01144
if(rsbac_debug_adf_pm)
01145 printk(KERN_DEBUG
01146
"rsbac_adf_request_pm(): calling process trying to access personal_data has no TP-id\n");
01147
#endif
01148
return(
NOT_GRANTED);
01149 }
01150
01151
01152 i_pm_tid.na.task = i_attr_val1.
pm_current_task;
01153 i_pm_tid.na.object_class = 0;
01154 i_pm_tid.na.tp = i_attr_val2.
pm_tp;
01155
if ((error =
rsbac_pm_get_data(PMT_NA,
01156 i_pm_tid,
01157 PD_accesses,
01158 &i_data_val1)))
01159 {
01160
if(error != -
RSBAC_EINVALIDTARGET)
01161 printk(KERN_WARNING
01162
"rsbac_adf_request_pm(): rsbac_pm_get_data() returned error %i!\n",
01163 error);
01164
return(
NOT_GRANTED);
01165 }
01166
01167
if(!(
RSBAC_PM_A_CREATE & i_data_val1.accesses))
01168 {
01169
#ifdef CONFIG_RSBAC_DEBUG
01170
if(rsbac_debug_adf_pm)
01171 printk(KERN_DEBUG
01172
"rsbac_adf_request_pm(): requested access mode CREATE for class NIL is not necessary\n");
01173
#endif
01174
return(
NOT_GRANTED);
01175 }
01176
01177
01178
return(
GRANTED);
01179
break;
01180
01181
case T_IPC:
01182
01183 i_tid.
process = caller_pid;
01184
if (
rsbac_get_attr(
PM,
01185
T_PROCESS,
01186 i_tid,
01187
A_pm_current_task,
01188 &i_attr_val1,
01189
FALSE))
01190 {
01191 printk(KERN_WARNING
01192
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01193
return(
NOT_GRANTED);
01194 }
01195
01196
if(!i_attr_val1.
pm_current_task)
01197
return(
DO_NOT_CARE);
01198
01199
01200
return(
na_ipc(i_attr_val1.
pm_current_task,
01201 caller_pid,
01202
RSBAC_PM_A_CREATE));
01203
break;
01204
01205
01206
default:
return(
DO_NOT_CARE);
01207 }
01208
01209
case R_DELETE:
01210
switch(target)
01211 {
01212
case T_FILE:
01213
case T_FIFO:
01214
case T_SYMLINK:
01215
01216
if (
rsbac_get_attr(
PM,
01217 target,
01218 tid,
01219
A_pm_object_type,
01220 &i_attr_val1,
01221
FALSE))
01222 {
01223 printk(KERN_WARNING
01224
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01225
return(
NOT_GRANTED);
01226 }
01227
01228
if(i_attr_val1.
pm_object_type ==
PO_TP)
01229 {
01230
01231 i_tid.
user = owner;
01232
if (
rsbac_get_attr(
PM,
01233
T_USER,
01234 i_tid,
01235
A_pm_role,
01236 &i_attr_val1,
01237
TRUE))
01238 {
01239 printk(KERN_WARNING
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01240
return(
NOT_GRANTED);
01241 }
01242
if(i_attr_val1.
pm_role ==
PR_tp_manager)
01243
return(
GRANTED);
01244
else
01245
return(
NOT_GRANTED);
01246 }
01247
01248
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
01249
return(
DO_NOT_CARE);
01250
01251
01252
01253
return(
na_and_pp_or_cs(caller_pid,
01254 tid.file,
01255
RSBAC_PM_A_DELETE));
01256
break;
01257
01258
case T_IPC:
01259
01260 i_tid.
process = caller_pid;
01261
if (
rsbac_get_attr(
PM,
01262
T_PROCESS,
01263 i_tid,
01264
A_pm_current_task,
01265 &i_attr_val1,
01266
FALSE))
01267 {
01268 printk(KERN_WARNING
01269
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01270
return(
NOT_GRANTED);
01271 }
01272
01273
if(!i_attr_val1.
pm_current_task)
01274 {
01275
if(!
get_ipc_purpose(tid.
ipc))
01276
return(
GRANTED);
01277
else
01278
return(
NOT_GRANTED);
01279 }
01280
01281
return(
na_and_pp_ipc(i_attr_val1.
pm_current_task,
01282 caller_pid,
01283
RSBAC_PM_A_DELETE,
01284 tid.
ipc));
01285
break;
01286
01287
case T_DIR:
01288
return(
DO_NOT_CARE);
01289
break;
01290
01291
default:
return(
DO_NOT_CARE);
01292 }
01293
01294
case R_EXECUTE:
01295
switch(target)
01296 {
01297
case T_FILE:
01298
01299
if (
rsbac_get_attr(
PM,
01300
T_FILE,
01301 tid,
01302
A_pm_object_type,
01303 &i_attr_val1,
01304
FALSE))
01305 {
01306 printk(KERN_WARNING
01307
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01308
return(
NOT_GRANTED);
01309 }
01310
01311
if(i_attr_val1.
pm_object_type !=
PO_TP)
01312
return(
DO_NOT_CARE);
01313
01314
01315
if (
rsbac_get_attr(
PM,
01316
T_FILE,
01317 tid,
01318
A_pm_tp,
01319 &i_attr_val1,
01320
FALSE))
01321 {
01322 printk(KERN_WARNING
01323
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01324
return(
NOT_GRANTED);
01325 }
01326
01327
if(!i_attr_val1.
pm_tp)
01328 {
01329 printk(KERN_WARNING
01330
"rsbac_adf_request_pm(): file with object_type TP has no tp_id!\n");
01331
return(
NOT_GRANTED);
01332 }
01333
01334 i_tid.
process = caller_pid;
01335
if (
rsbac_get_attr(
PM,
01336
T_PROCESS,
01337 i_tid,
01338
A_pm_current_task,
01339 &i_attr_val2,
01340
FALSE))
01341 {
01342 printk(KERN_WARNING
01343
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01344
return(
NOT_GRANTED);
01345 }
01346
01347
if(!i_attr_val2.
pm_current_task)
01348 {
01349
#ifdef CONFIG_RSBAC_DEBUG
01350
if(rsbac_debug_adf_pm)
01351 printk(KERN_DEBUG
01352
"rsbac_adf_request_pm(): no current_task for process trying to execute TP\n");
01353
#endif
01354
return(
NOT_GRANTED);
01355 }
01356
01357 i_pm_tid.task = i_attr_val2.
pm_current_task;
01358
if ((error =
rsbac_pm_get_data(PMT_TASK,
01359 i_pm_tid,
01360 PD_tp_set,
01361 &i_data_val1)))
01362 {
01363
if(error != -
RSBAC_EINVALIDTARGET)
01364 printk(KERN_WARNING
01365
"rsbac_adf_request_pm(): rsbac_pm_get_data() returned error %i!\n",
01366 error);
01367
return(
NOT_GRANTED);
01368 }
01369
01370
if(!i_data_val1.tp_set)
01371 {
01372
#ifdef CONFIG_RSBAC_DEBUG
01373
if(rsbac_debug_adf_pm)
01374 printk(KERN_DEBUG
01375
"rsbac_adf_request_pm(): no tp_set for current_task of process trying to execute TP\n");
01376
#endif
01377
return(
NOT_GRANTED);
01378 }
01379
01380
01381
01382 i_pm_set_id.tp_set = i_data_val1.tp_set;
01383 i_pm_set_member.tp = i_attr_val1.
pm_tp;
01384
if (
rsbac_pm_set_member(PS_TP,i_pm_set_id,i_pm_set_member))
01385
return(
GRANTED);
01386
01387
else
01388 {
01389
#ifdef CONFIG_RSBAC_DEBUG
01390
if(rsbac_debug_adf_pm)
01391 printk(KERN_DEBUG
01392
"rsbac_adf_request_pm(): tp %i of file is not in tp_set %i of current_task %i of process\n",
01393 i_attr_val1.
pm_tp, i_data_val1.tp_set, i_attr_val2.
pm_current_task);
01394
#endif
01395
return(
NOT_GRANTED);
01396 }
01397
01398
01399
default:
01400
return(
DO_NOT_CARE);
01401 }
01402
01403
case R_GET_STATUS_DATA:
01404
switch(target)
01405 {
01406
case T_SCD:
01407
01408
if (tid.
scd !=
ST_rsbaclog)
01409
return(
GRANTED);
01410
01411 i_tid.
user = owner;
01412
if ((error=
rsbac_get_attr(
PM,
01413
T_USER,
01414 i_tid,
01415
A_pm_role,
01416 &i_attr_val1,
01417
TRUE)))
01418 {
01419 printk(KERN_WARNING
01420
"rsbac_adf_request_pm(): rsbac_get_attr() returned error %i!\n",
01421 error);
01422
return(
NOT_GRANTED);
01423 }
01424
01425
if ( (i_attr_val1.
pm_role ==
PR_security_officer)
01426 || (i_attr_val1.
pm_role ==
PR_data_protection_officer)
01427 )
01428
return(
GRANTED);
01429
else
01430
return(
NOT_GRANTED);
01431
default:
01432
return(
DO_NOT_CARE);
01433 };
01434
01435
case R_LINK_HARD:
01436
switch(target)
01437 {
01438
case T_FILE:
01439
case T_FIFO:
01440
case T_SYMLINK:
01441
01442
if (
rsbac_get_attr(
PM,
01443 target,
01444 tid,
01445
A_pm_object_type,
01446 &i_attr_val1,
01447
FALSE))
01448 {
01449 printk(KERN_WARNING
01450
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01451
return(
NOT_GRANTED);
01452 }
01453
01454
if( (i_attr_val1.
pm_object_type ==
PO_TP)
01455 || (i_attr_val1.
pm_object_type ==
PO_personal_data))
01456
return(
NOT_GRANTED);
01457
else
01458
return(
GRANTED);
01459
break;
01460
01461
default:
return(
DO_NOT_CARE);
01462 }
01463
01464
case R_MODIFY_ACCESS_DATA:
01465
case R_RENAME:
01466
switch(target)
01467 {
01468
case T_FILE:
01469
case T_FIFO:
01470
case T_SYMLINK:
01471
01472
if (
rsbac_get_attr(
PM,
01473 target,
01474 tid,
01475
A_pm_object_type,
01476 &i_attr_val1,
01477
FALSE))
01478 {
01479 printk(KERN_WARNING
01480
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01481
return(
NOT_GRANTED);
01482 }
01483
01484
01485
if(i_attr_val1.
pm_object_type ==
PO_personal_data)
01486
return(
NOT_GRANTED);
01487
01488
01489
01490
01491
01492
01493
if(i_attr_val1.
pm_object_type !=
PO_TP)
01494
return(
DO_NOT_CARE);
01495
01496 i_tid.
user = owner;
01497
if (
rsbac_get_attr(
PM,
01498
T_USER,
01499 i_tid,
01500
A_pm_role,
01501 &i_attr_val1,
01502
TRUE))
01503 {
01504 printk(KERN_WARNING
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01505
return(
NOT_GRANTED);
01506 }
01507
if(i_attr_val1.
pm_role ==
PR_tp_manager)
01508
return(
GRANTED);
01509
else
01510
return(
NOT_GRANTED);
01511
break;
01512
01513
case T_DIR:
01514
return(
DO_NOT_CARE);
01515
break;
01516
01517
default:
return(
DO_NOT_CARE);
01518 }
01519
01520
case R_MODIFY_ATTRIBUTE:
01521
switch(attr)
01522 {
01523
01524
01525
case A_pm_object_type:
01526
case A_pm_tp:
01527
case A_pm_role:
01528
case A_pm_process_type:
01529
case A_pm_current_task:
01530
case A_pm_object_class:
01531
case A_pm_ipc_purpose:
01532
case A_pm_program_type:
01533
case A_pm_task_set:
01534
#ifdef CONFIG_RSBAC_PM_GEN_PROT
01535
case A_owner:
01536
case A_pseudo:
01537
case A_fake_root_uid:
01538
#endif
01539
#ifdef CONFIG_RSBAC_PM_AUTH_PROT
01540
case A_auth_may_setuid:
01541
case A_auth_may_set_cap:
01542
case A_auth_start_uid:
01543
case A_auth_program_file:
01544
#endif
01545
return(
NOT_GRANTED);
01546
01547
case A_none:
01548
#ifdef CONFIG_RSBAC_PM_AUTH_PROT
01549
case A_auth_add_f_cap:
01550
case A_auth_remove_f_cap:
01551
case A_auth_learn:
01552
#endif
01553
switch(target)
01554 {
01555
case T_FILE:
01556
case T_FIFO:
01557
case T_DEV:
01558
01559
if (
rsbac_get_attr(
PM,
01560 target,
01561 tid,
01562
A_pm_object_type,
01563 &i_attr_val1,
01564
FALSE))
01565 {
01566 printk(KERN_WARNING
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01567
return(
NOT_GRANTED);
01568 }
01569
01570
if( (i_attr_val1.
pm_object_type !=
PO_none)
01571 && (i_attr_val1.
pm_object_type !=
PO_non_personal_data))
01572
return(
NOT_GRANTED);
01573
else
01574
return(
GRANTED);
01575
01576
01577
case T_DIR:
01578
case T_SYMLINK:
01579
return(
DO_NOT_CARE);
01580
01581
01582
01583
01584
01585
case T_USER:
01586
return(
NOT_GRANTED);
01587
01588
01589
case T_PROCESS:
01590
return(
NOT_GRANTED);
01591
01592
case T_IPC:
01593
01594
if (
rsbac_get_attr(
PM,
01595
T_IPC,
01596 tid,
01597
A_pm_ipc_purpose,
01598 &i_attr_val1,
01599
FALSE))
01600 {
01601 printk(KERN_WARNING
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01602
return(
NOT_GRANTED);
01603 }
01604
01605
if(i_attr_val1.
pm_ipc_purpose)
01606
return(
NOT_GRANTED);
01607
else
01608
return(
GRANTED);
01609
01610
default:
01611
return(
DO_NOT_CARE);
01612 }
01613
01614
#ifdef CONFIG_RSBAC_PM_GEN_PROT
01615
case A_log_array_low:
01616
case A_log_array_high:
01617
case A_log_program_based:
01618
case A_log_user_based:
01619
case A_symlink_add_uid:
01620
01621 i_tid.
user = owner;
01622
if (
rsbac_get_attr(
PM,
01623
T_USER,
01624 i_tid,
01625
A_pm_role,
01626 &i_attr_val1,
01627
TRUE))
01628 {
01629 printk(KERN_WARNING
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01630
return(
NOT_GRANTED);
01631 }
01632
01633
if (i_attr_val1.
pm_role ==
PR_security_officer)
01634
return(
GRANTED);
01635
else
01636
return(
NOT_GRANTED);
01637
#endif
01638
01639
default:
01640
return(
DO_NOT_CARE);
01641 }
01642
01643
case R_MODIFY_PERMISSIONS_DATA:
01644
switch(target)
01645 {
01646
case T_FILE:
01647
case T_FIFO:
01648
01649
if (
rsbac_get_attr(
PM,
01650 target,
01651 tid,
01652
A_pm_object_type,
01653 &i_attr_val1,
01654
FALSE))
01655 {
01656 printk(KERN_WARNING
01657
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01658
return(
NOT_GRANTED);
01659 }
01660
01661
if(i_attr_val1.
pm_object_type !=
PO_TP)
01662
return(
DO_NOT_CARE);
01663
01664 i_tid.
user = owner;
01665
if (
rsbac_get_attr(
PM,
01666
T_USER,
01667 i_tid,
01668
A_pm_role,
01669 &i_attr_val1,
01670
TRUE))
01671 {
01672 printk(KERN_WARNING
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01673
return(
NOT_GRANTED);
01674 }
01675
if(i_attr_val1.
pm_role ==
PR_tp_manager)
01676
return(
GRANTED);
01677
else
01678
return(
NOT_GRANTED);
01679
break;
01680
01681
01682
default:
return(
DO_NOT_CARE);
01683 }
01684
01685
case R_MODIFY_SYSTEM_DATA:
01686
switch(target)
01687 {
01688
case T_SCD:
01689
01690
if (tid.
scd ==
ST_rlimit)
01691
return(
GRANTED);
01692
01693 i_tid.
user = owner;
01694
if (
rsbac_get_attr(
PM,
01695
T_USER,
01696 i_tid,
01697
A_pm_role,
01698 &i_attr_val1,
01699
TRUE))
01700 {
01701 printk(KERN_WARNING
01702
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01703
return(
NOT_GRANTED);
01704 }
01705
01706
if(tid.
scd ==
ST_rsbaclog)
01707 {
01708
if ( (i_attr_val1.
pm_role ==
PR_security_officer)
01709 || (i_attr_val1.
pm_role ==
PR_data_protection_officer)
01710 )
01711
return(
GRANTED);
01712
else
01713
return(
NOT_GRANTED);
01714 }
01715
01716
if (i_attr_val1.
pm_role ==
PR_system_admin)
01717
return(
GRANTED);
01718
else
01719
return(
NOT_GRANTED);
01720
01721
01722
default:
return(
DO_NOT_CARE);
01723 }
01724
01725
case R_MOUNT:
01726
switch(target)
01727 {
01728
case T_FILE:
01729
case T_DIR:
01730
case T_DEV:
01731
01732 i_tid.
user = owner;
01733
if (
rsbac_get_attr(
PM,
01734
T_USER,
01735 i_tid,
01736
A_pm_role,
01737 &i_attr_val1,
01738
TRUE))
01739 {
01740 printk(KERN_WARNING
01741
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01742
return(
NOT_GRANTED);
01743 }
01744
01745
if (i_attr_val1.
pm_role ==
PR_system_admin)
01746
return(
GRANTED);
01747
else
01748
return(
NOT_GRANTED);
01749
01750
01751
default:
return(
DO_NOT_CARE);
01752 }
01753
01754
case R_READ:
01755
switch(target)
01756 {
01757
#ifdef CONFIG_RSBAC_RW
01758
case T_FILE:
01759
case T_FIFO:
01760
01761
if (
rsbac_get_attr(
PM,
01762 target,
01763 tid,
01764
A_pm_object_type,
01765 &i_attr_val1,
01766
FALSE))
01767 {
01768 printk(KERN_WARNING
01769
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01770
return(
NOT_GRANTED);
01771 }
01772
01773
if(i_attr_val1.
pm_object_type ==
PO_TP)
01774
return(
NOT_GRANTED);
01775
01776
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
01777
return(
DO_NOT_CARE);
01778
01779
01780
return(
na_and_pp_or_cs(caller_pid,
01781 tid.file,
01782
RSBAC_PM_A_READ));
01783
break;
01784
01785
case T_DEV:
01786
01787
if (
rsbac_get_attr(
PM,
01788
T_DEV,
01789 tid,
01790
A_pm_object_type,
01791 &i_attr_val1,
01792
FALSE))
01793 {
01794 printk(KERN_WARNING
01795
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01796
return(
NOT_GRANTED);
01797 }
01798
01799
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
01800
return(
DO_NOT_CARE);
01801
01802
return(
na_dev(caller_pid,
01803
RSBAC_PM_A_READ,
01804 tid.dev));
01805
01806
#ifdef CONFIG_RSBAC_RW_SOCK
01807
case T_IPC:
01808
01809 i_tid.
process = caller_pid;
01810
if (
rsbac_get_attr(
PM,
01811
T_PROCESS,
01812 i_tid,
01813
A_pm_current_task,
01814 &i_attr_val1,
01815
FALSE))
01816 {
01817 printk(KERN_WARNING
01818
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01819
return(
NOT_GRANTED);
01820 }
01821
01822
if(!i_attr_val1.
pm_current_task)
01823 {
01824
if(!
get_ipc_purpose(tid.
ipc))
01825
return(
GRANTED);
01826
else
01827
return(
NOT_GRANTED);
01828 }
01829
01830
return(
na_and_pp_ipc(i_attr_val1.
pm_current_task,
01831 caller_pid,
01832
RSBAC_PM_A_READ,
01833 tid.
ipc));
01834
break;
01835
#endif
01836
#endif
01837
01838
01839
default:
return(
DO_NOT_CARE);
01840 }
01841
01842
case R_READ_ATTRIBUTE:
01843
switch(attr)
01844 {
01845
case A_pm_object_type:
01846
case A_pm_tp:
01847
case A_pm_role:
01848
case A_pm_process_type:
01849
case A_pm_current_task:
01850
case A_pm_object_class:
01851
case A_pm_ipc_purpose:
01852
case A_pm_program_type:
01853
case A_pm_task_set:
01854
#ifdef CONFIG_RSBAC_PM_GEN_PROT
01855
case A_owner:
01856
case A_pseudo:
01857
case A_log_array_low:
01858
case A_log_array_high:
01859
case A_log_program_based:
01860
case A_log_user_based:
01861
case A_symlink_add_uid:
01862
case A_fake_root_uid:
01863
#endif
01864
#ifdef CONFIG_RSBAC_PM_AUTH_PROT
01865
case A_auth_may_setuid:
01866
case A_auth_may_set_cap:
01867
case A_auth_start_uid:
01868
case A_auth_program_file:
01869
case A_auth_learn:
01870
#endif
01871
01872 i_tid.
user = owner;
01873
if (
rsbac_get_attr(
PM,
01874
T_USER,
01875 i_tid,
01876
A_pm_role,
01877 &i_attr_val1,
01878
TRUE))
01879 {
01880 printk(KERN_WARNING
01881
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01882
return(
NOT_GRANTED);
01883 }
01884
01885
if( (i_attr_val1.
pm_role ==
PR_security_officer)
01886 || (i_attr_val1.
pm_role ==
PR_data_protection_officer))
01887
return(
GRANTED);
01888
else
01889
return(
NOT_GRANTED);
01890
01891
default:
01892
return(
DO_NOT_CARE);
01893 }
01894
01895
case R_READ_OPEN:
01896
switch(target)
01897 {
01898
case T_FILE:
01899
case T_FIFO:
01900
01901
if (
rsbac_get_attr(
PM,
01902 target,
01903 tid,
01904
A_pm_object_type,
01905 &i_attr_val1,
01906
FALSE))
01907 {
01908 printk(KERN_WARNING
01909
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01910
return(
NOT_GRANTED);
01911 }
01912
01913
if(i_attr_val1.
pm_object_type ==
PO_TP)
01914
return(
NOT_GRANTED);
01915
01916
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
01917
return(
DO_NOT_CARE);
01918
01919
01920
return(
na_and_pp_or_cs(caller_pid,
01921 tid.file,
01922
RSBAC_PM_A_READ));
01923
break;
01924
01925
case T_DEV:
01926
01927
if (
rsbac_get_attr(
PM,
01928
T_DEV,
01929 tid,
01930
A_pm_object_type,
01931 &i_attr_val1,
01932
FALSE))
01933 {
01934 printk(KERN_WARNING
01935
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01936
return(
NOT_GRANTED);
01937 }
01938
01939
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
01940
return(
DO_NOT_CARE);
01941
01942
return(
na_dev(caller_pid,
01943
RSBAC_PM_A_READ,
01944 tid.dev));
01945
01946
case T_IPC:
01947
01948 i_tid.
process = caller_pid;
01949
if (
rsbac_get_attr(
PM,
01950
T_PROCESS,
01951 i_tid,
01952
A_pm_current_task,
01953 &i_attr_val1,
01954
FALSE))
01955 {
01956 printk(KERN_WARNING
01957
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01958
return(
NOT_GRANTED);
01959 }
01960
01961
if(!i_attr_val1.
pm_current_task)
01962 {
01963
if(!
get_ipc_purpose(tid.
ipc))
01964
return(
GRANTED);
01965
else
01966
return(
NOT_GRANTED);
01967 }
01968
01969
return(
na_and_pp_ipc(i_attr_val1.
pm_current_task,
01970 caller_pid,
01971
RSBAC_PM_A_READ,
01972 tid.
ipc));
01973
break;
01974
01975
case T_DIR:
01976
return(
DO_NOT_CARE);
01977
break;
01978
01979
default:
return(
DO_NOT_CARE);
01980 }
01981
01982
case R_READ_WRITE_OPEN:
01983
switch(target)
01984 {
01985
case T_FILE:
01986
case T_FIFO:
01987
01988
if (
rsbac_get_attr(
PM,
01989 target,
01990 tid,
01991
A_pm_object_type,
01992 &i_attr_val1,
01993
FALSE))
01994 {
01995 printk(KERN_WARNING
01996
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
01997
return(
NOT_GRANTED);
01998 }
01999
02000
if(i_attr_val1.
pm_object_type ==
PO_TP)
02001
return(
NOT_GRANTED);
02002
02003
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
02004
return(
tp_check(caller_pid));
02005
02006
02007
return(
na_and_pp_or_cs(caller_pid,
02008 tid.file,
02009
RSBAC_PM_A_READ |
RSBAC_PM_A_WRITE));
02010
break;
02011
02012
case T_DEV:
02013
02014
if (
rsbac_get_attr(
PM,
02015
T_DEV,
02016 tid,
02017
A_pm_object_type,
02018 &i_attr_val1,
02019
FALSE))
02020 {
02021 printk(KERN_WARNING
02022
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02023
return(
NOT_GRANTED);
02024 }
02025
02026
if( (i_attr_val1.
pm_object_type !=
PO_personal_data)
02027 && (i_attr_val1.
pm_object_type !=
PO_TP) )
02028
return(
DO_NOT_CARE);
02029
02030
return(
na_dev(caller_pid,
02031
RSBAC_PM_A_READ |
RSBAC_PM_A_WRITE,
02032 tid.dev));
02033
02034
case T_IPC:
02035
02036 i_pm_pp =
get_ipc_purpose(tid.
ipc);
02037
02038
if(!i_pm_pp)
02039 {
02040
02041 i_tid.
process = caller_pid;
02042
if (
rsbac_get_attr(
PM,
02043
T_PROCESS,
02044 i_tid,
02045
A_pm_process_type,
02046 &i_attr_val1,
02047
FALSE))
02048 {
02049 printk(KERN_WARNING
02050
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02051
return(
NOT_GRANTED);
02052 }
02053
if(i_attr_val1.
pm_process_type ==
PP_TP)
02054
return(
NOT_GRANTED);
02055
else
02056
return(
GRANTED);
02057 }
02058
02059
02060 i_tid.
process = caller_pid;
02061
if (
rsbac_get_attr(
PM,
02062
T_PROCESS,
02063 i_tid,
02064
A_pm_current_task,
02065 &i_attr_val1,
02066
FALSE))
02067 {
02068 printk(KERN_WARNING
02069
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02070
return(
NOT_GRANTED);
02071 }
02072
02073
if(!i_attr_val1.
pm_current_task)
02074 {
02075
return(
NOT_GRANTED);
02076 }
02077
02078
return(
na_and_pp_ipc(i_attr_val1.
pm_current_task,
02079 caller_pid,
02080
RSBAC_PM_A_READ |
RSBAC_PM_A_WRITE,
02081 tid.
ipc));
02082
break;
02083
02084
02085
default:
return(
DO_NOT_CARE);
02086 }
02087
02088
case R_REMOVE_FROM_KERNEL:
02089
case R_SHUTDOWN:
02090
switch(target)
02091 {
02092
case T_NONE:
02093
02094 i_tid.
user = owner;
02095
if (
rsbac_get_attr(
PM,
02096
T_USER,
02097 i_tid,
02098
A_pm_role,
02099 &i_attr_val1,
02100
TRUE))
02101 {
02102 printk(KERN_WARNING
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02103
return(
NOT_GRANTED);
02104 }
02105
02106
if (i_attr_val1.
pm_role !=
PR_system_admin)
02107
return(
NOT_GRANTED);
02108
02109
return(
GRANTED);
02110
02111
02112
default:
return(
DO_NOT_CARE);
02113 }
02114
02115
02116
02117
case R_SEND_SIGNAL:
02118
switch(target)
02119 {
02120
case T_PROCESS:
02121
02122
02123 i_tid.
process = caller_pid;
02124
if (
rsbac_get_attr(
PM,
02125
T_PROCESS,
02126 i_tid,
02127
A_pm_process_type,
02128 &i_attr_val1,
02129
FALSE))
02130 {
02131 printk(KERN_WARNING
02132
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02133
return(
NOT_GRANTED);
02134 }
02135
02136
if(i_attr_val1.
pm_process_type ==
PP_TP)
02137
return(
NOT_GRANTED);
02138
02139
02140
02141
02142
if (
rsbac_get_attr(
PM,
02143
T_PROCESS,
02144 tid,
02145
A_pm_process_type,
02146 &i_attr_val1,
02147
FALSE))
02148 {
02149 printk(KERN_WARNING
02150
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02151
return(
NOT_GRANTED);
02152 }
02153
02154
if(i_attr_val1.
pm_process_type !=
PP_TP)
02155
return(
DO_NOT_CARE);
02156
02157
02158 i_tid.
user = owner;
02159
if (
rsbac_get_attr(
PM,
02160
T_USER,
02161 i_tid,
02162
A_pm_role,
02163 &i_attr_val1,
02164
TRUE))
02165 {
02166 printk(KERN_WARNING
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02167
return(
NOT_GRANTED);
02168 }
02169
02170
if (i_attr_val1.
pm_role !=
PR_tp_manager)
02171
return(
NOT_GRANTED);
02172
02173
return(
GRANTED);
02174
02175
02176
default:
02177
return(
DO_NOT_CARE);
02178 }
02179
02180
02181
02182
case R_SWITCH_LOG:
02183
switch(target)
02184 {
02185
case T_NONE:
02186
02187 i_tid.
user = owner;
02188
if (
rsbac_get_attr(
PM,
02189
T_USER,
02190 i_tid,
02191
A_pm_role,
02192 &i_attr_val1,
02193
FALSE))
02194 {
02195 printk(KERN_WARNING
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02196
return(
NOT_GRANTED);
02197 }
02198
02199
if (i_attr_val1.
pm_role ==
PR_security_officer)
02200
return(
GRANTED);
02201
else
02202
return(
NOT_GRANTED);
02203
02204
02205
default:
return(
DO_NOT_CARE);
02206 }
02207
02208
case R_SWITCH_MODULE:
02209
switch(target)
02210 {
02211
case T_NONE:
02212
02213
if(attr != A_switch_target)
02214
return(
UNDEFINED);
02215
02216
if( (attr_val.switch_target ==
PM)
02217
#ifdef CONFIG_RSBAC_PM_AUTH_PROT
02218
|| (attr_val.switch_target ==
AUTH)
02219
#endif
02220
#ifdef CONFIG_RSBAC_SOFTMODE
02221
|| (attr_val.switch_target ==
SOFTMODE)
02222
#endif
02223
)
02224
return(
NOT_GRANTED);
02225
else
02226
return(
DO_NOT_CARE);
02227
02228
02229
default:
return(
DO_NOT_CARE);
02230 }
02231
02232
02233
case R_TERMINATE:
02234
if (target ==
T_PROCESS)
02235 {
02236 i_pm_set_id.in_pp_set = tid.
process;
02237
rsbac_pm_remove_set(PS_IN_PP, i_pm_set_id);
02238 i_pm_set_id.out_pp_set = tid.
process;
02239
rsbac_pm_remove_set(PS_OUT_PP, i_pm_set_id);
02240
return(
GRANTED);
02241 }
02242
else
02243
return(
DO_NOT_CARE);
02244
02245
case R_TRACE:
02246
switch(target)
02247 {
02248
case T_PROCESS:
02249
02250 i_tid.
process = caller_pid;
02251
if (
rsbac_get_attr(
PM,
02252
T_PROCESS,
02253 i_tid,
02254
A_pm_process_type,
02255 &i_attr_val1,
02256
FALSE))
02257 {
02258 printk(KERN_WARNING
02259
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02260
return(
NOT_GRANTED);
02261 }
02262
02263
if(i_attr_val1.
pm_process_type ==
PP_TP)
02264
return(
NOT_GRANTED);
02265
02266
02267
if (
rsbac_get_attr(
PM,
02268
T_PROCESS,
02269 tid,
02270
A_pm_process_type,
02271 &i_attr_val1,
02272
FALSE))
02273 {
02274 printk(KERN_WARNING
02275
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02276
return(
NOT_GRANTED);
02277 }
02278
02279
if(i_attr_val1.
pm_process_type ==
PP_TP)
02280
return(
NOT_GRANTED);
02281
02282
02283
return(
GRANTED);
02284
02285
02286
default:
02287
return(
DO_NOT_CARE);
02288 }
02289
02290
case R_TRUNCATE:
02291
switch(target)
02292 {
02293
case T_FILE:
02294
02295
if (
rsbac_get_attr(
PM,
02296
T_FILE,
02297 tid,
02298
A_pm_object_type,
02299 &i_attr_val1,
02300
FALSE))
02301 {
02302 printk(KERN_WARNING
02303
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02304
return(
NOT_GRANTED);
02305 }
02306
02307
if(i_attr_val1.
pm_object_type ==
PO_TP)
02308
return(
NOT_GRANTED);
02309
02310
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
02311
return(
tp_check(caller_pid));
02312
02313
02314
return(
na_and_pp_or_cs(caller_pid,
02315 tid.file,
02316
RSBAC_PM_A_WRITE));
02317
break;
02318
02319
02320
default:
return(
DO_NOT_CARE);
02321 }
02322
02323
case R_UMOUNT:
02324
switch(target)
02325 {
02326
case T_FILE:
02327
case T_DIR:
02328
case T_DEV:
02329
02330 i_tid.
user = owner;
02331
if (
rsbac_get_attr(
PM,
02332
T_USER,
02333 i_tid,
02334
A_pm_role,
02335 &i_attr_val1,
02336
TRUE))
02337 {
02338 printk(KERN_WARNING
02339
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02340
return(
NOT_GRANTED);
02341 }
02342
02343
if (i_attr_val1.
pm_role ==
PR_system_admin)
02344
return(
GRANTED);
02345
else
02346
return(
NOT_GRANTED);
02347
02348
02349
default:
return(
DO_NOT_CARE);
02350 }
02351
02352
case R_WRITE:
02353
switch(target)
02354 {
02355
#ifdef CONFIG_RSBAC_RW
02356
case T_FILE:
02357
case T_FIFO:
02358
02359
if (
rsbac_get_attr(
PM,
02360 target,
02361 tid,
02362
A_pm_object_type,
02363 &i_attr_val1,
02364
FALSE))
02365 {
02366 printk(KERN_WARNING
02367
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02368
return(
NOT_GRANTED);
02369 }
02370
02371
if(i_attr_val1.
pm_object_type ==
PO_TP)
02372
return(
NOT_GRANTED);
02373
02374
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
02375
return(
tp_check(caller_pid));
02376
02377
02378
return(
na_and_pp_or_cs(caller_pid,
02379 tid.file,
02380
RSBAC_PM_A_WRITE));
02381
break;
02382
02383
case T_DEV:
02384
02385
if (
rsbac_get_attr(
PM,
02386
T_DEV,
02387 tid,
02388
A_pm_object_type,
02389 &i_attr_val1,
02390
FALSE))
02391 {
02392 printk(KERN_WARNING
02393
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02394
return(
NOT_GRANTED);
02395 }
02396
02397
if( (i_attr_val1.
pm_object_type !=
PO_personal_data)
02398 && (i_attr_val1.
pm_object_type !=
PO_TP) )
02399
return(
DO_NOT_CARE);
02400
02401
return(
na_dev(caller_pid,
02402
RSBAC_PM_A_WRITE,
02403 tid.dev));
02404
02405
#ifdef CONFIG_RSBAC_RW_SOCK
02406
case T_IPC:
02407
02408 i_pm_pp =
get_ipc_purpose(tid.
ipc);
02409
02410
if(!i_pm_pp)
02411 {
02412
02413 i_tid.
process = caller_pid;
02414
if (
rsbac_get_attr(
PM,
02415
T_PROCESS,
02416 i_tid,
02417
A_pm_process_type,
02418 &i_attr_val1,
02419
FALSE))
02420 {
02421 printk(KERN_WARNING
02422
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02423
return(
NOT_GRANTED);
02424 }
02425
if(i_attr_val1.
pm_process_type ==
PP_TP)
02426
return(
NOT_GRANTED);
02427
else
02428
return(
GRANTED);
02429 }
02430
02431
02432 i_tid.
process = caller_pid;
02433
if (
rsbac_get_attr(
PM,
02434
T_PROCESS,
02435 i_tid,
02436
A_pm_current_task,
02437 &i_attr_val1,
02438
FALSE))
02439 {
02440 printk(KERN_WARNING
02441
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02442
return(
NOT_GRANTED);
02443 }
02444
02445
if(!i_attr_val1.
pm_current_task)
02446 {
02447
return(
NOT_GRANTED);
02448 }
02449
02450
return(
na_and_pp_ipc(i_attr_val1.
pm_current_task,
02451 caller_pid,
02452
RSBAC_PM_A_WRITE,
02453 tid.
ipc));
02454
break;
02455
#endif
02456
#endif
02457
02458
02459
default:
return(
DO_NOT_CARE);
02460 }
02461
02462
case R_WRITE_OPEN:
02463
switch(target)
02464 {
02465
case T_FILE:
02466
case T_FIFO:
02467
02468
if (
rsbac_get_attr(
PM,
02469 target,
02470 tid,
02471
A_pm_object_type,
02472 &i_attr_val1,
02473
FALSE))
02474 {
02475 printk(KERN_WARNING
02476
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02477
return(
NOT_GRANTED);
02478 }
02479
02480
if(i_attr_val1.
pm_object_type ==
PO_TP)
02481
return(
NOT_GRANTED);
02482
02483
if(i_attr_val1.
pm_object_type !=
PO_personal_data)
02484
return(
tp_check(caller_pid));
02485
02486
02487
return(
na_and_pp_or_cs(caller_pid,
02488 tid.file,
02489
RSBAC_PM_A_WRITE));
02490
break;
02491
02492
case T_DEV:
02493
02494
if (
rsbac_get_attr(
PM,
02495
T_DEV,
02496 tid,
02497
A_pm_object_type,
02498 &i_attr_val1,
02499
FALSE))
02500 {
02501 printk(KERN_WARNING
02502
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02503
return(
NOT_GRANTED);
02504 }
02505
02506
if( (i_attr_val1.
pm_object_type !=
PO_personal_data)
02507 && (i_attr_val1.
pm_object_type !=
PO_TP) )
02508
return(
DO_NOT_CARE);
02509
02510
return(
na_dev(caller_pid,
02511
RSBAC_PM_A_WRITE,
02512 tid.dev));
02513
02514
case T_IPC:
02515
02516 i_pm_pp =
get_ipc_purpose(tid.
ipc);
02517
02518
if(!i_pm_pp)
02519 {
02520
02521 i_tid.
process = caller_pid;
02522
if (
rsbac_get_attr(
PM,
02523
T_PROCESS,
02524 i_tid,
02525
A_pm_process_type,
02526 &i_attr_val1,
02527
FALSE))
02528 {
02529 printk(KERN_WARNING
02530
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02531
return(
NOT_GRANTED);
02532 }
02533
if(i_attr_val1.
pm_process_type ==
PP_TP)
02534
return(
NOT_GRANTED);
02535
else
02536
return(
GRANTED);
02537 }
02538
02539
02540 i_tid.
process = caller_pid;
02541
if (
rsbac_get_attr(
PM,
02542
T_PROCESS,
02543 i_tid,
02544
A_pm_current_task,
02545 &i_attr_val1,
02546
FALSE))
02547 {
02548 printk(KERN_WARNING
02549
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02550
return(
NOT_GRANTED);
02551 }
02552
02553
if(!i_attr_val1.
pm_current_task)
02554 {
02555
return(
NOT_GRANTED);
02556 }
02557
02558
return(
na_and_pp_ipc(i_attr_val1.
pm_current_task,
02559 caller_pid,
02560
RSBAC_PM_A_WRITE,
02561 tid.
ipc));
02562
break;
02563
02564
02565
default:
return(
DO_NOT_CARE);
02566 }
02567
02568
02569
02570
default:
return DO_NOT_CARE;
02571 }
02572
02573
return(result);
02574 };
02575
02576
02577
02578
02579
02580
02581
02582
02583
02584
02585
02586
02587 int rsbac_adf_set_attr_pm(
02588
enum rsbac_adf_request_t request,
02589
rsbac_pid_t caller_pid,
02590
enum rsbac_target_t target,
02591
union rsbac_target_id_t tid,
02592
enum rsbac_target_t new_target,
02593
union rsbac_target_id_t new_tid,
02594
enum rsbac_attribute_t attr,
02595
union rsbac_attribute_value_t attr_val,
02596
rsbac_uid_t owner)
02597 {
02598
union rsbac_target_id_t i_tid;
02599
union rsbac_attribute_value_t i_attr_val1;
02600
union rsbac_attribute_value_t i_attr_val2;
02601
union rsbac_attribute_value_t i_attr_val3;
02602
union rsbac_attribute_value_t i_attr_val4;
02603
union rsbac_pm_target_id_t i_pm_tid;
02604
union rsbac_pm_data_value_t i_data_val1;
02605
int error;
02606
02607
switch (request)
02608 {
02609
case R_APPEND_OPEN:
02610
switch(target)
02611 {
02612
case T_FILE:
02613
case T_FIFO:
02614
return(
adjust_in_out_pp(caller_pid,
02615 target,
02616 tid.file,
02617
RSBAC_PM_A_APPEND));
02618
case T_IPC:
02619
return(
adjust_in_out_pp_ipc(caller_pid,
02620 tid.
ipc,
02621
RSBAC_PM_A_APPEND));
02622
case T_DEV:
02623
return(0);
02624
default:
02625
return(0);
02626 }
02627
#ifdef CONFIG_RSBAC_RW
02628
case R_READ:
02629
switch(target)
02630 {
02631
case T_FILE:
02632
case T_FIFO:
02633
return(
adjust_in_out_pp(caller_pid,
02634 target,
02635 tid.file,
02636
RSBAC_PM_A_READ));
02637
#ifdef CONFIG_RSBAC_RW_SOCK
02638
case T_IPC:
02639
return(
adjust_in_out_pp_ipc(caller_pid,
02640 tid.
ipc,
02641
RSBAC_PM_A_READ));
02642
#endif
02643
default:
02644
return(0);
02645 }
02646
#endif
02647
case R_READ_OPEN:
02648
switch(target)
02649 {
02650
case T_FILE:
02651
case T_FIFO:
02652
return(
adjust_in_out_pp(caller_pid,
02653 target,
02654 tid.file,
02655
RSBAC_PM_A_READ));
02656
case T_IPC:
02657
return(
adjust_in_out_pp_ipc(caller_pid,
02658 tid.
ipc,
02659
RSBAC_PM_A_READ));
02660
case T_DIR:
02661
case T_DEV:
02662
return(0);
02663
default:
02664
return(0);
02665 }
02666
case R_READ_WRITE_OPEN:
02667
switch(target)
02668 {
02669
case T_FILE:
02670
case T_FIFO:
02671
return(
adjust_in_out_pp(caller_pid,
02672 target,
02673 tid.file,
02674
RSBAC_PM_A_READ |
RSBAC_PM_A_WRITE));
02675
case T_IPC:
02676
return(
adjust_in_out_pp_ipc(caller_pid,
02677 tid.
ipc,
02678
RSBAC_PM_A_READ |
RSBAC_PM_A_WRITE));
02679
case T_DEV:
02680
return(0);
02681
default:
02682
return(0);
02683 }
02684
02685
#ifdef CONFIG_RSBAC_RW
02686
case R_WRITE:
02687
switch(target)
02688 {
02689
case T_FILE:
02690
case T_FIFO:
02691
return(
adjust_in_out_pp(caller_pid,
02692 target,
02693 tid.file,
02694
RSBAC_PM_A_WRITE));
02695
#ifdef CONFIG_RSBAC_RW_SOCK
02696
case T_IPC:
02697
return(
adjust_in_out_pp_ipc(caller_pid,
02698 tid.
ipc,
02699
RSBAC_PM_A_WRITE));
02700
#endif
02701
default:
02702
return(0);
02703 }
02704
#endif
02705
02706
case R_WRITE_OPEN:
02707
switch(target)
02708 {
02709
case T_FILE:
02710
case T_FIFO:
02711
return(
adjust_in_out_pp(caller_pid,
02712 target,
02713 tid.file,
02714
RSBAC_PM_A_WRITE));
02715
case T_DEV:
02716
return(0);
02717
02718
case T_IPC:
02719
return(
adjust_in_out_pp_ipc(caller_pid,
02720 tid.
ipc,
02721
RSBAC_PM_A_WRITE));
02722
default:
02723
return(0);
02724 }
02725
02726
case R_CLONE:
02727
if (target ==
T_PROCESS)
02728 {
02729
02730 i_attr_val1.
owner = owner;
02731
02732
if (
rsbac_get_attr(
PM,
02733
T_PROCESS,
02734 tid,
02735
A_pm_tp,
02736 &i_attr_val2,
02737
FALSE))
02738 {
02739 printk(KERN_WARNING
02740
"rsbac_adf_set_attr_pm(): rsbac_get_attr() returned error!\n");
02741
return(-
RSBAC_EREADFAILED);
02742 }
02743
02744
if (
rsbac_get_attr(
PM,
02745
T_PROCESS,
02746 tid,
02747
A_pm_current_task,
02748 &i_attr_val3,
02749
FALSE))
02750 {
02751 printk(KERN_WARNING
02752
"rsbac_adf_set_attr_pm(): rsbac_get_attr() returned error!\n");
02753
return(-
RSBAC_EREADFAILED);
02754 }
02755
02756
if (
rsbac_get_attr(
PM,
02757
T_PROCESS,
02758 tid,
02759
A_pm_process_type,
02760 &i_attr_val4,
02761
FALSE))
02762 {
02763 printk(KERN_WARNING
02764
"rsbac_adf_set_attr_pm(): rsbac_get_attr() returned error!\n");
02765
return(-
RSBAC_EREADFAILED);
02766 }
02767
02768
if (
rsbac_set_attr(
PM,
02769
T_PROCESS,
02770 new_tid,
02771
A_pm_tp,
02772 i_attr_val2))
02773 {
02774 printk(KERN_WARNING
"rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n");
02775
return(-
RSBAC_EWRITEFAILED);
02776 }
02777
02778
if (
rsbac_set_attr(
PM,
02779
T_PROCESS,
02780 new_tid,
02781
A_pm_current_task,
02782 i_attr_val3))
02783 {
02784 printk(KERN_WARNING
"rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n");
02785
return(-
RSBAC_EWRITEFAILED);
02786 }
02787
02788
if (
rsbac_set_attr(
PM,
02789
T_PROCESS,
02790 new_tid,
02791
A_pm_process_type,
02792 i_attr_val4))
02793 {
02794 printk(KERN_WARNING
"rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n");
02795
return(-
RSBAC_EWRITEFAILED);
02796 }
02797
return(0);
02798 }
02799
else
02800
return(0);
02801
02802
case R_CREATE:
02803
switch(target)
02804 {
02805
02806
case T_DIR:
02807
02808
02809
02810
02811 i_tid.
process = caller_pid;
02812
if (
rsbac_get_attr(
PM,
02813
T_PROCESS,
02814 i_tid,
02815
A_pm_process_type,
02816 &i_attr_val1,
02817
FALSE))
02818 {
02819 printk(KERN_WARNING
02820
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02821
return(
NOT_GRANTED);
02822 }
02823
02824
if(i_attr_val1.
pm_process_type ==
PP_TP)
02825 {
02826
02827 i_tid.
process = caller_pid;
02828
if (
rsbac_get_attr(
PM,
02829
T_PROCESS,
02830 i_tid,
02831
A_pm_current_task,
02832 &i_attr_val1,
02833
FALSE))
02834 {
02835 printk(KERN_WARNING
02836
"rsbac_adf_set_attr_pm(): rsbac_get_attr() returned error!\n");
02837
return(
RSBAC_EREADFAILED);
02838 }
02839
if(!i_attr_val1.
pm_current_task)
02840 {
02841
#ifdef CONFIG_RSBAC_DEBUG
02842
if(rsbac_debug_adf_pm)
02843 printk(KERN_DEBUG
02844
"rsbac_adf_set_attr_pm(): no current_task for calling process trying to access personal_data\n");
02845
#endif
02846
return(
RSBAC_EREADFAILED);
02847 }
02848
02849 i_pm_tid.task = i_attr_val1.
pm_current_task;
02850
if ((error =
rsbac_pm_get_data(PMT_TASK,
02851 i_pm_tid,
02852 PD_purpose,
02853 &i_data_val1)))
02854 {
02855
if(error != -
RSBAC_EINVALIDTARGET)
02856 printk(KERN_WARNING
02857
"rsbac_adf_set_attr_pm(): rsbac_pm_get_data() returned error %i!\n",
02858 error);
02859
return(error);
02860 }
02861
02862
if(!i_data_val1.purpose)
02863 {
02864
#ifdef CONFIG_RSBAC_DEBUG
02865
if(rsbac_debug_adf_pm)
02866 printk(KERN_DEBUG
02867
"rsbac_adf_set_attr_pm(): no purpose for current_task of process trying to execute TP\n");
02868
#endif
02869
return(
RSBAC_EREADFAILED);
02870 }
02871
02872 i_pm_tid.pp = i_data_val1.purpose;
02873
if ((error =
rsbac_pm_get_data(PMT_PP,
02874 i_pm_tid,
02875 PD_def_class,
02876 &i_data_val1)))
02877 {
02878
if(error != -
RSBAC_EINVALIDTARGET)
02879 printk(KERN_WARNING
02880
"rsbac_adf_set_attr_pm(): rsbac_pm_get_data() returned error %i!\n",
02881 error);
02882
return(error);
02883 }
02884 i_attr_val1.
pm_object_class = i_data_val1.def_class;
02885 }
02886
else
02887
02888 i_attr_val1.
pm_object_class = 0;
02889
02890
if (
rsbac_get_attr(
PM,
02891 new_target,
02892 new_tid,
02893
A_pm_object_class,
02894 &i_attr_val2,
02895
FALSE))
02896 {
02897 printk(KERN_WARNING
02898
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02899
return(-
RSBAC_EREADFAILED);
02900 }
02901
if(i_attr_val1.
pm_object_class != i_attr_val2.
pm_object_class)
02902 {
02903
if (
rsbac_set_attr(
PM,
02904 new_target,
02905 new_tid,
02906
A_pm_object_class,
02907 i_attr_val1))
02908 {
02909 printk(KERN_WARNING
"rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n");
02910
return(-
RSBAC_EWRITEFAILED);
02911 }
02912 }
02913
02914 i_attr_val1.
pm_tp = 0;
02915
if (
rsbac_get_attr(
PM,
02916 new_target,
02917 new_tid,
02918
A_pm_tp,
02919 &i_attr_val2,
02920
FALSE))
02921 {
02922 printk(KERN_WARNING
02923
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02924
return(-
RSBAC_EREADFAILED);
02925 }
02926
if(i_attr_val1.
pm_tp != i_attr_val2.
pm_tp)
02927 {
02928
if (
rsbac_set_attr(
PM,
02929 new_target,
02930 new_tid,
02931
A_pm_tp,
02932 i_attr_val1))
02933 {
02934 printk(KERN_WARNING
"rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n");
02935
return(-
RSBAC_EWRITEFAILED);
02936 }
02937 }
02938
02939
02940 i_tid.
process = caller_pid;
02941
if (
rsbac_get_attr(
PM,
02942
T_PROCESS,
02943 i_tid,
02944
A_pm_process_type,
02945 &i_attr_val1,
02946
FALSE))
02947 {
02948 printk(KERN_WARNING
02949
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02950
return(-
RSBAC_EREADFAILED);
02951 }
02952
02953
if(new_target ==
T_DIR)
02954 i_attr_val1.
pm_object_type =
PO_dir;
02955
else
02956
02957
02958
if(i_attr_val1.
pm_process_type ==
PP_TP)
02959 i_attr_val1.
pm_object_type =
PO_personal_data;
02960
else
02961 i_attr_val1.
pm_object_type =
PO_none;
02962
if (
rsbac_get_attr(
PM,
02963 new_target,
02964 new_tid,
02965
A_pm_object_type,
02966 &i_attr_val2,
02967
FALSE))
02968 {
02969 printk(KERN_WARNING
02970
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
02971
return(-
RSBAC_EREADFAILED);
02972 }
02973
if(i_attr_val1.
pm_object_type != i_attr_val2.
pm_object_type)
02974 {
02975
if (
rsbac_set_attr(
PM,
02976 new_target,
02977 new_tid,
02978
A_pm_object_type,
02979 i_attr_val1))
02980 {
02981 printk(KERN_WARNING
"rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n");
02982
return(-
RSBAC_EWRITEFAILED);
02983 }
02984 }
02985
return(0);
02986
break;
02987
02988
case T_IPC:
02989
02990
02991 i_tid.
process = caller_pid;
02992
if (
rsbac_get_attr(
PM,
02993
T_PROCESS,
02994 i_tid,
02995
A_pm_current_task,
02996 &i_attr_val1,
02997
FALSE))
02998 {
02999 printk(KERN_WARNING
03000
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
03001
return(-
RSBAC_EREADFAILED);
03002 }
03003
03004
if(!i_attr_val1.
pm_current_task)
03005 i_attr_val1.
pm_ipc_purpose = 0;
03006
else
03007 {
03008
03009 i_pm_tid.task = i_attr_val1.
pm_current_task;
03010
if ((error =
rsbac_pm_get_data(PMT_TASK,
03011 i_pm_tid,
03012 PD_purpose,
03013 &i_data_val1)))
03014 {
03015
if(error == -
RSBAC_EINVALIDTARGET)
03016 printk(KERN_WARNING
03017
"rsbac_adf_request_pm(): pm_current_task of calling process is invalid!\n");
03018
else
03019 printk(KERN_WARNING
03020
"rsbac_adf_request_pm(): rsbac_pm_get_data() returned error %i!\n",
03021 error);
03022
return(-
RSBAC_EREADFAILED);
03023 }
03024 i_attr_val1.
pm_ipc_purpose = i_data_val1.purpose;
03025 }
03026
if (
rsbac_get_attr(
PM,
03027 target,
03028 tid,
03029
A_pm_ipc_purpose,
03030 &i_attr_val2,
03031
FALSE))
03032 {
03033 printk(KERN_WARNING
03034
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
03035
return(-
RSBAC_EREADFAILED);
03036 }
03037
if(i_attr_val1.
pm_ipc_purpose != i_attr_val2.
pm_ipc_purpose)
03038 {
03039
if (
rsbac_set_attr(
PM,
03040 target,
03041 tid,
03042
A_pm_ipc_purpose,
03043 i_attr_val1))
03044 {
03045 printk(KERN_WARNING
"rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n");
03046
return(-
RSBAC_EWRITEFAILED);
03047 }
03048 }
03049
return(0);
03050
break;
03051
03052
03053
default:
03054
return(0);
03055 }
03056
03057
case R_EXECUTE:
03058
switch(target)
03059 {
03060
case T_FILE:
03061
03062
if (
rsbac_get_attr(
PM,
03063
T_FILE,
03064 tid,
03065
A_pm_object_type,
03066 &i_attr_val1,
03067
FALSE))
03068 {
03069 printk(KERN_WARNING
03070
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
03071
return(-
RSBAC_EREADFAILED);
03072 }
03073
03074
if(i_attr_val1.
pm_object_type !=
PO_TP)
03075
return(0);
03076
03077
03078
if (
rsbac_get_attr(
PM,
03079
T_FILE,
03080 tid,
03081
A_pm_tp,
03082 &i_attr_val1,
03083
FALSE))
03084 {
03085 printk(KERN_WARNING
03086
"rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n");
03087
return(-
RSBAC_EREADFAILED);
03088 }
03089
03090
if(!i_attr_val1.
pm_tp)
03091 {
03092 printk(KERN_WARNING
03093
"rsbac_adf_request_pm(): file with object_type TP has no tp_id!\n");
03094
return(-
RSBAC_EINVALIDVALUE);
03095 }
03096
03097 i_tid.
process = caller_pid;
03098
if (
rsbac_set_attr(
PM,
03099
T_PROCESS,
03100 i_tid,
03101
A_pm_tp,
03102 i_attr_val1))
03103 {
03104 printk(KERN_WARNING
"rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n");
03105
return(-
RSBAC_EWRITEFAILED);
03106 }
03107
03108 i_attr_val1.
pm_process_type =
PP_TP;
03109
if (
rsbac_set_attr(
PM,
03110
T_PROCESS,
03111 i_tid,
03112
A_pm_process_type,
03113 i_attr_val1))
03114 {
03115 printk(KERN_WARNING
"rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n");
03116
return(-
RSBAC_EWRITEFAILED);
03117 }
03118
return(0);
03119
03120
03121
default:
03122
return(0);
03123 }
03124
03125
03126
03127
default:
return(0);
03128 }
03129
03130
return(0);
03131 };
03132
03133
03134
#ifdef CONFIG_RSBAC_SECDEL
03135
boolean rsbac_need_overwrite_pm(
struct dentry * dentry_p)
03136 {
03137
union rsbac_target_id_t i_tid;
03138
union rsbac_attribute_value_t i_attr_val1;
03139
03140
if( !dentry_p
03141 || !dentry_p->d_inode)
03142
return FALSE;
03143
03144 i_tid.file.device = dentry_p->d_sb->s_dev;
03145 i_tid.file.inode = dentry_p->d_inode->i_ino;
03146 i_tid.file.dentry_p = dentry_p;
03147
03148
if (
rsbac_get_attr(PM,
03149 T_FILE,
03150 i_tid,
03151 A_pm_object_type,
03152 &i_attr_val1,
03153 TRUE))
03154 {
03155 printk(KERN_WARNING
"rsbac_need_overwrite_pm(): rsbac_get_attr() returned error!\n");
03156
return FALSE;
03157 }
03158
03159
03160
if (i_attr_val1.
pm_object_type ==
PO_personal_data)
03161
return TRUE;
03162
else
03163
return FALSE;
03164 }
03165
#endif
03166
03167