/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/adf/pm/pm_main.c

Go to the documentation of this file.
00001 /*************************************************** */ 00002 /* Rule Set Based Access Control */ 00003 /* Implementation of the Access Control Decision */ 00004 /* Facility (ADF) - Privacy Model */ 00005 /* File: rsbac/adf/pm/main.c */ 00006 /* */ 00007 /* Author and (c) 1999-2004: Amon Ott <ao@rsbac.org> */ 00008 /* */ 00009 /* Last modified: 05/Mar/2004 */ 00010 /*************************************************** */ 00011 00012 #include <linux/string.h> 00013 #include <rsbac/types.h> 00014 #include <rsbac/aci.h> 00015 #include <rsbac/adf_main.h> 00016 #include <rsbac/error.h> 00017 #include <rsbac/debug.h> 00018 #include <rsbac/helpers.h> 00019 #include <rsbac/getname.h> 00020 #include <rsbac/pm.h> 00021 00022 /************************************************* */ 00023 /* Global Variables */ 00024 /************************************************* */ 00025 00026 /************************************************* */ 00027 /* Internal Help functions */ 00028 /************************************************* */ 00029 00030 static rsbac_pm_purpose_id_t 00031 get_ipc_purpose(struct rsbac_ipc_t ipc_id) 00032 { 00033 union rsbac_target_id_t i_tid; 00034 union rsbac_attribute_value_t i_attr_val1; 00035 00036 /* get pm_ipc_purpose of given ipc */ 00037 i_tid.ipc = ipc_id; 00038 if (rsbac_get_attr(PM, 00039 T_IPC, 00040 i_tid, 00041 A_pm_ipc_purpose, 00042 &i_attr_val1, 00043 FALSE)) 00044 { 00045 printk(KERN_WARNING 00046 "get_ipc_purpose(): rsbac_get_attr() returned error!\n"); 00047 return(0); 00048 } 00049 return(i_attr_val1.pm_ipc_purpose); 00050 } 00051 00052 static enum rsbac_adf_req_ret_t 00053 tp_check(rsbac_pid_t caller_pid) 00054 { 00055 union rsbac_target_id_t i_tid; 00056 union rsbac_attribute_value_t i_attr_val1; 00057 00058 /* get pm_process_type of caller-process */ 00059 i_tid.process = caller_pid; 00060 if (rsbac_get_attr(PM, 00061 T_PROCESS, 00062 i_tid, 00063 A_pm_process_type, 00064 &i_attr_val1, 00065 FALSE)) 00066 { 00067 printk(KERN_WARNING 00068 "tp_check(): rsbac_get_attr() returned error!\n"); 00069 return(NOT_GRANTED); 00070 } 00071 if(i_attr_val1.pm_process_type == PP_TP) 00072 return(NOT_GRANTED); 00073 else 00074 return(DO_NOT_CARE); 00075 }; 00076 00077 /* This function does the actual checking for */ 00078 /* necessary(access) and (purpose-binding or consent). */ 00079 /* Additionally, information flow checking is done via input and output */ 00080 /* purpose sets. */ 00081 static enum rsbac_adf_req_ret_t 00082 na_and_pp_or_cs( rsbac_pid_t caller_pid, 00083 struct rsbac_fs_file_t file, 00084 rsbac_pm_accesses_t acc) 00085 { 00086 rsbac_pm_task_id_t task; 00087 rsbac_pm_object_class_id_t object_class; 00088 rsbac_pm_tp_id_t tp; 00089 union rsbac_target_id_t i_tid; 00090 union rsbac_attribute_value_t i_attr_val1; 00091 union rsbac_pm_target_id_t i_pm_tid; 00092 union rsbac_pm_data_value_t i_data_val1; 00093 union rsbac_pm_data_value_t i_data_val2; 00094 union rsbac_pm_set_id_t i_pm_set_id; 00095 union rsbac_pm_set_member_t i_pm_set_member; 00096 int error; 00097 00098 /* get object_class of file */ 00099 i_tid.file = file; 00100 if (rsbac_get_attr(PM, 00101 T_FILE, 00102 i_tid, 00103 A_pm_object_class, 00104 &i_attr_val1, 00105 FALSE)) 00106 { 00107 printk(KERN_WARNING 00108 "na_and_pp_or_cs(): rsbac_get_attr() returned error!\n"); 00109 return(NOT_GRANTED); 00110 } 00111 object_class = i_attr_val1.pm_object_class; 00112 /* if there is no class for this file, this is an error! */ 00113 /* (all personal data must have a class assigned, and this */ 00114 /* function must never be called for anything else) */ 00115 if(!object_class) 00116 { 00117 #ifdef CONFIG_RSBAC_DEBUG 00118 if(rsbac_debug_adf_pm) 00119 printk(KERN_WARNING 00120 "na_and_pp_or_cs(): personal_data with NIL class!\n"); 00121 #endif 00122 return(NOT_GRANTED); 00123 } 00124 00125 /* get current_task of caller-process */ 00126 i_tid.process = caller_pid; 00127 if (rsbac_get_attr(PM, 00128 T_PROCESS, 00129 i_tid, 00130 A_pm_current_task, 00131 &i_attr_val1, 00132 FALSE)) 00133 { 00134 printk(KERN_WARNING 00135 "na_and_pp_or_cs(): rsbac_get_attr() returned error!\n"); 00136 return(NOT_GRANTED); 00137 } 00138 task = i_attr_val1.pm_current_task; 00139 if(!task) 00140 { 00141 #ifdef CONFIG_RSBAC_DEBUG 00142 if(rsbac_debug_adf_pm) 00143 printk(KERN_DEBUG 00144 "na_and_pp_or_cs(): no current_task for calling process trying to access personal_data\n"); 00145 #endif 00146 return(NOT_GRANTED); 00147 } 00148 00149 /* get pm_tp of caller-process */ 00150 if (rsbac_get_attr(PM, 00151 T_PROCESS, 00152 i_tid, 00153 A_pm_tp, 00154 &i_attr_val1, 00155 FALSE)) 00156 { 00157 printk(KERN_WARNING 00158 "na_and_pp_or_cs(): rsbac_get_attr() returned error!\n"); 00159 return(NOT_GRANTED); 00160 } 00161 tp = i_attr_val1.pm_tp; 00162 if(!tp) 00163 { 00164 #ifdef CONFIG_RSBAC_DEBUG 00165 if(rsbac_debug_adf_pm) 00166 printk(KERN_DEBUG 00167 "na_and_pp_or_cs(): calling process trying to access personal_data has no TP-id\n"); 00168 #endif 00169 return(NOT_GRANTED); 00170 } 00171 00172 /* get necessary accesses */ 00173 i_pm_tid.na.task = task; 00174 i_pm_tid.na.object_class = object_class; 00175 i_pm_tid.na.tp = tp; 00176 if ((error = rsbac_pm_get_data(PMT_NA, 00177 i_pm_tid, 00178 PD_accesses, 00179 &i_data_val1))) 00180 { 00181 if(error != -RSBAC_EINVALIDTARGET) 00182 printk(KERN_WARNING 00183 "na_and_pp_or_cs(): rsbac_pm_get_data() returned error %i!\n", 00184 error); 00185 return(NOT_GRANTED); 00186 } 00187 /* is requested access mode included in access mask? */ 00188 if((acc & i_data_val1.accesses) != acc) 00189 { 00190 #ifdef CONFIG_RSBAC_DEBUG 00191 if(rsbac_debug_adf_pm) 00192 printk(KERN_DEBUG 00193 "na_and_pp_or_cs(): requested access mode is not necessary\n"); 00194 #endif 00195 return(NOT_GRANTED); 00196 } 00197 00198 /* OK, access is necessary -> check (purpose-bind or consent) */ 00199 /* first try purpose-binding */ 00200 00201 /* get purpose-id of current_task */ 00202 i_pm_tid.task = task; 00203 if ((error = rsbac_pm_get_data(PMT_TASK, 00204 i_pm_tid, 00205 PD_purpose, 00206 &i_data_val1))) 00207 { 00208 printk(KERN_WARNING 00209 "na_and_pp_or_cs(): rsbac_get_data() for current_TASK/purpose returned error %i!\n", 00210 error); 00211 return(NOT_GRANTED); 00212 } 00213 if(!i_data_val1.purpose) 00214 { 00215 printk(KERN_WARNING 00216 "na_and_pp_or_cs(): task %i has NIL purpose!\n",task); 00217 return(NOT_GRANTED); 00218 } 00219 /* get purpose-set-id of class */ 00220 i_pm_tid.object_class = object_class; 00221 if ((error = rsbac_pm_get_data(PMT_CLASS, 00222 i_pm_tid, 00223 PD_pp_set, 00224 &i_data_val2))) 00225 { 00226 if(error != -RSBAC_EINVALIDTARGET) 00227 printk(KERN_WARNING 00228 "na_and_pp_or_cs(): rsbac_pm_get_data() returned error %i!\n", 00229 error); 00230 return(NOT_GRANTED); 00231 } 00232 /* OK, if task's purpose is in class's purpose_set */ 00233 i_pm_set_id.pp_set = i_data_val2.pp_set; 00234 i_pm_set_member.pp = i_data_val1.purpose; 00235 if (!rsbac_pm_set_member(PS_PP,i_pm_set_id,i_pm_set_member)) 00236 { /* purpose binding failed -> try consent */ 00237 #ifdef CONFIG_RSBAC_DEBUG 00238 if(rsbac_debug_adf_pm) 00239 printk(KERN_DEBUG 00240 "na_and_pp_or_cs(): purpose of current_task of calling process is NOT in purpose set of class of file -> trying consent\n"); 00241 #endif 00242 i_pm_tid.cs.purpose = i_data_val1.purpose; 00243 i_pm_tid.cs.file = file; 00244 if(!rsbac_pm_exists(PMT_CS,i_pm_tid)) 00245 { /* neither pp-binding, nor consent -> do not grant */ 00246 #ifdef CONFIG_RSBAC_DEBUG 00247 if(rsbac_debug_adf_pm) 00248 printk(KERN_DEBUG 00249 "na_and_pp_or_cs(): there is no consent for this purpose for file\n"); 00250 #endif 00251 return(NOT_GRANTED); 00252 } 00253 } 00254 00255 /* information flow check */ 00256 00257 /* read access: is purpose set of class of file superset of process */ 00258 /* output purpose set? If not -> do not grant access */ 00259 /* (Output purpose set id is process id) */ 00260 if( (acc & RSBAC_PM_A_READ) 00261 && !rsbac_pm_pp_superset(i_pm_set_id.pp_set, caller_pid) ) 00262 { 00263 #ifdef CONFIG_RSBAC_DEBUG 00264 if(rsbac_debug_adf_pm) 00265 printk(KERN_DEBUG 00266 "na_and_pp_or_cs(): failed information flow check for read access\n"); 00267 #endif 00268 return(NOT_GRANTED); 00269 } 00270 00271 /* write access: is purpose set of class of file subset of process */ 00272 /* input purpose set? If not -> do not grant access */ 00273 /* (Input purpose set id is also process id) */ 00274 if( (acc & RSBAC_PM_A_WRITE_TO_FILE) 00275 && !rsbac_pm_pp_subset(i_pm_set_id.pp_set, caller_pid) ) 00276 { 00277 #ifdef CONFIG_RSBAC_DEBUG 00278 if(rsbac_debug_adf_pm) 00279 printk(KERN_DEBUG 00280 "na_and_pp_or_cs(): failed information flow check for write access\n"); 00281 #endif 00282 return(NOT_GRANTED); 00283 } 00284 00285 /* OK, all checks done. GRANT! */ 00286 return(GRANTED); 00287 } 00288 00289 /* reduced version for IPC objects */ 00290 static enum rsbac_adf_req_ret_t 00291 na_and_pp_ipc( rsbac_pm_task_id_t task, 00292 rsbac_pid_t caller_pid, 00293 rsbac_pm_accesses_t acc, 00294 struct rsbac_ipc_t ipc_id) 00295 { 00296 rsbac_pm_tp_id_t tp; 00297 union rsbac_target_id_t i_tid; 00298 union rsbac_attribute_value_t i_attr_val1; 00299 union rsbac_pm_target_id_t i_pm_tid; 00300 union rsbac_pm_data_value_t i_data_val1; 00301 union rsbac_pm_set_id_t i_pm_set_id; 00302 union rsbac_pm_set_member_t i_pm_set_member; 00303 int error; 00304 00305 if(!task) 00306 return(NOT_GRANTED); 00307 00308 /* get pm_tp of caller-process */ 00309 i_tid.process = caller_pid; 00310 if (rsbac_get_attr(PM, 00311 T_PROCESS, 00312 i_tid, 00313 A_pm_tp, 00314 &i_attr_val1, 00315 FALSE)) 00316 { 00317 printk(KERN_WARNING 00318 "na_and_pp_ipc(): rsbac_get_attr() returned error!\n"); 00319 return(NOT_GRANTED); 00320 } 00321 tp = i_attr_val1.pm_tp; 00322 if(!tp) 00323 { 00324 #ifdef CONFIG_RSBAC_DEBUG 00325 if(rsbac_debug_adf_pm) 00326 printk(KERN_DEBUG 00327 "na_and_pp_ipc(): calling process trying to access ipc has task, but no TP-id\n"); 00328 #endif 00329 return(NOT_GRANTED); 00330 } 00331 return(NOT_GRANTED); 00332 00333 /* get necessary accesses */ 00334 i_pm_tid.na.task = task; 00335 i_pm_tid.na.object_class = RSBAC_PM_IPC_OBJECT_CLASS_ID; 00336 i_pm_tid.na.tp = tp; 00337 if ((error = rsbac_pm_get_data(PMT_NA, 00338 i_pm_tid, 00339 PD_accesses, 00340 &i_data_val1))) 00341 { 00342 if(error != -RSBAC_EINVALIDTARGET) 00343 printk(KERN_WARNING 00344 "na_and_pp_ipc(): rsbac_pm_get_data() returned error %i!\n", 00345 error); 00346 return(NOT_GRANTED); 00347 } 00348 /* is requested access mode included in access mask? */ 00349 if((acc & i_data_val1.accesses) != acc) 00350 { 00351 #ifdef CONFIG_RSBAC_DEBUG 00352 if(rsbac_debug_adf_pm) 00353 printk(KERN_DEBUG 00354 "na_and_pp_ipc(): requested access mode is not necessary\n"); 00355 #endif 00356 return(NOT_GRANTED); 00357 } 00358 00359 /* OK, access is necessary -> check purpose-bind */ 00360 /* get purpose-id of current_task */ 00361 i_pm_tid.task = task; 00362 if ((error = rsbac_pm_get_data(PMT_TASK, 00363 i_pm_tid, 00364 PD_purpose, 00365 &i_data_val1))) 00366 { 00367 printk(KERN_WARNING 00368 "na_and_pp_ipc(): rsbac_get_data() for current_TASK/purpose returned error %i!\n", 00369 error); 00370 return(NOT_GRANTED); 00371 } 00372 if(!i_data_val1.purpose) 00373 { 00374 printk(KERN_WARNING 00375 "na_and_pp_ipc(): task %i has NIL purpose!\n",task); 00376 return(NOT_GRANTED); 00377 } 00378 /* get ipc_purpose of IPC-object */ 00379 i_tid.ipc = ipc_id; 00380 if (rsbac_get_attr(PM, 00381 T_IPC, 00382 i_tid, 00383 A_pm_ipc_purpose, 00384 &i_attr_val1, 00385 FALSE)) 00386 { 00387 printk(KERN_WARNING 00388 "na_and_pp_ipc(): rsbac_get_attr() returned error!\n"); 00389 return(NOT_GRANTED); 00390 } 00391 00392 /* grant, if task's purpose is ipc's ipc_purpose or if */ 00393 /* IPC-pp is NIL and access is read-only */ 00394 if (!( (i_data_val1.purpose == i_attr_val1.pm_ipc_purpose) 00395 || (!i_data_val1.purpose && !(acc & RSBAC_PM_A_WRITING) ) ) ) 00396 { 00397 #ifdef CONFIG_RSBAC_DEBUG 00398 if(rsbac_debug_adf_pm) 00399 printk(KERN_DEBUG 00400 "na_and_pp_ipc(): purpose of current_task of calling process is NOT ipc_purpose\n"); 00401 #endif 00402 return(NOT_GRANTED); 00403 } 00404 /* information flow check */ 00405 00406 /* read access: is purpose of ipc object NIL or no other purpose in */ 00407 /* output purpose set? If not -> do not grant access */ 00408 /* (Output purpose set id is process id) */ 00409 if( (acc & RSBAC_PM_A_READ) 00410 && i_attr_val1.pm_ipc_purpose 00411 && !rsbac_pm_pp_only(i_attr_val1.pm_ipc_purpose, caller_pid) ) 00412 { 00413 #ifdef CONFIG_RSBAC_DEBUG 00414 if(rsbac_debug_adf_pm) 00415 printk(KERN_DEBUG 00416 "na_and_pp_ipc(): failed information flow check for read access\n"); 00417 #endif 00418 return(NOT_GRANTED); 00419 } 00420 00421 /* write access: is purpose of ipc in */ 00422 /* input purpose set? If not -> do not grant access */ 00423 /* (Input purpose set id is also process id) */ 00424 if(acc & RSBAC_PM_A_WRITE_TO_FILE) 00425 { 00426 i_pm_set_id.in_pp_set = caller_pid; 00427 i_pm_set_member.pp = i_attr_val1.pm_ipc_purpose; 00428 if (!rsbac_pm_set_member(PS_IN_PP, i_pm_set_id, i_pm_set_member) ) 00429 { 00430 #ifdef CONFIG_RSBAC_DEBUG 00431 if(rsbac_debug_adf_pm) 00432 printk(KERN_DEBUG 00433 "na_and_pp_or_cs(): failed information flow check for write access\n"); 00434 #endif 00435 return(NOT_GRANTED); 00436 } 00437 } 00438 /* OK, all checks done. GRANT! */ 00439 return(GRANTED); 00440 } 00441 00442 00443 static enum rsbac_adf_req_ret_t 00444 na_ipc(rsbac_pm_task_id_t task, 00445 rsbac_pid_t caller_pid, 00446 rsbac_pm_accesses_t acc) 00447 { 00448 rsbac_pm_tp_id_t tp; 00449 union rsbac_target_id_t i_tid; 00450 union rsbac_attribute_value_t i_attr_val1; 00451 union rsbac_pm_target_id_t i_pm_tid; 00452 union rsbac_pm_data_value_t i_data_val1; 00453 int error; 00454 00455 if(!task) 00456 return(NOT_GRANTED); 00457 00458 /* get pm_tp of caller-process */ 00459 i_tid.process = caller_pid; 00460 if (rsbac_get_attr(PM, 00461 T_PROCESS, 00462 i_tid, 00463 A_pm_tp, 00464 &i_attr_val1, 00465 FALSE)) 00466 { 00467 printk(KERN_WARNING 00468 "na_ipc(): rsbac_get_attr() returned error!\n"); 00469 return(NOT_GRANTED); 00470 } 00471 tp = i_attr_val1.pm_tp; 00472 if(!tp) 00473 return(NOT_GRANTED); 00474 00475 /* get necessary accesses */ 00476 i_pm_tid.na.task = task; 00477 i_pm_tid.na.object_class = RSBAC_PM_IPC_OBJECT_CLASS_ID; 00478 i_pm_tid.na.tp = tp; 00479 if ((error = rsbac_pm_get_data(PMT_NA, 00480 i_pm_tid, 00481 PD_accesses, 00482 &i_data_val1))) 00483 { 00484 if(error != -RSBAC_EINVALIDTARGET) 00485 printk(KERN_WARNING 00486 "na_ipc(): rsbac_pm_get_data() returned error %i!\n", 00487 error); 00488 return(NOT_GRANTED); 00489 } 00490 /* is requested access mode included in access mask? */ 00491 if((acc & i_data_val1.accesses) == acc) 00492 return(GRANTED); 00493 else 00494 return(NOT_GRANTED); 00495 } 00496 00497 static enum rsbac_adf_req_ret_t 00498 na_dev(rsbac_pid_t caller_pid, 00499 rsbac_pm_accesses_t acc, 00500 struct rsbac_dev_t dev) 00501 { 00502 rsbac_pm_tp_id_t tp; 00503 rsbac_pm_task_id_t task; 00504 rsbac_pm_object_class_id_t object_class; 00505 union rsbac_target_id_t i_tid; 00506 union rsbac_attribute_value_t i_attr_val1; 00507 union rsbac_pm_target_id_t i_pm_tid; 00508 union rsbac_pm_data_value_t i_data_val1; 00509 int error; 00510 00511 i_tid.process = caller_pid; 00512 if (rsbac_get_attr(PM, 00513 T_PROCESS, 00514 i_tid, 00515 A_pm_current_task, 00516 &i_attr_val1, 00517 FALSE)) 00518 { 00519 printk(KERN_WARNING 00520 "na_dev(): rsbac_get_attr() returned error!\n"); 00521 return(NOT_GRANTED); 00522 } 00523 task = i_attr_val1.pm_current_task; 00524 /* if current_task = NIL -> do not grant */ 00525 if(!task) 00526 { 00527 return(NOT_GRANTED); 00528 } 00529 00530 /* get pm_tp of caller-process */ 00531 i_tid.process = caller_pid; 00532 if (rsbac_get_attr(PM, 00533 T_PROCESS, 00534 i_tid, 00535 A_pm_tp, 00536 &i_attr_val1, 00537 FALSE)) 00538 { 00539 printk(KERN_WARNING 00540 "na_dev(): rsbac_get_attr() returned error!\n"); 00541 return(NOT_GRANTED); 00542 } 00543 tp = i_attr_val1.pm_tp; 00544 if(!tp) 00545 return(NOT_GRANTED); 00546 00547 /* get pm_object_class of dev target */ 00548 i_tid.dev = dev; 00549 if (rsbac_get_attr(PM, 00550 T_DEV, 00551 i_tid, 00552 A_pm_object_class, 00553 &i_attr_val1, 00554 FALSE)) 00555 { 00556 printk(KERN_WARNING 00557 "na_dev(): rsbac_get_attr() returned error!\n"); 00558 return(NOT_GRANTED); 00559 } 00560 object_class = i_attr_val1.pm_object_class; 00561 00562 /* get necessary accesses */ 00563 i_pm_tid.na.task = task; 00564 i_pm_tid.na.object_class = object_class; 00565 i_pm_tid.na.tp = tp; 00566 if ((error = rsbac_pm_get_data(PMT_NA, 00567 i_pm_tid, 00568 PD_accesses, 00569 &i_data_val1))) 00570 { 00571 if(error != -RSBAC_EINVALIDTARGET) 00572 printk(KERN_WARNING 00573 "na_dev(): rsbac_pm_get_data() returned error %i!\n", 00574 error); 00575 return(NOT_GRANTED); 00576 } 00577 /* is requested access mode included in access mask? */ 00578 if((acc & i_data_val1.accesses) == acc) 00579 return(GRANTED); 00580 else 00581 return(NOT_GRANTED); 00582 } 00583 00584 /* This function does the adjustment of input- and output-purpose-set of */ 00585 /* the calling process according to type of access and purpose set of class */ 00586 /* of file. */ 00587 static int 00588 adjust_in_out_pp( rsbac_pid_t caller_pid, 00589 enum rsbac_target_t target, 00590 struct rsbac_fs_file_t file, 00591 rsbac_pm_accesses_t acc) 00592 { 00593 rsbac_pm_object_class_id_t object_class; 00594 union rsbac_target_id_t i_tid; 00595 union rsbac_attribute_value_t i_attr_val1; 00596 union rsbac_pm_target_id_t i_pm_tid; 00597 union rsbac_pm_data_value_t i_data_val1; 00598 int error; 00599 00600 /* get pm_object_type of file */ 00601 i_tid.file = file; 00602 if (rsbac_get_attr(PM, 00603 target, 00604 i_tid, 00605 A_pm_object_type, 00606 &i_attr_val1, 00607 FALSE)) 00608 { 00609 printk(KERN_WARNING 00610 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 00611 return(-RSBAC_EREADFAILED); 00612 } 00613 /* we only adjust for personal_data */ 00614 if(i_attr_val1.pm_object_type != PO_personal_data) 00615 return(0); 00616 00617 /* only personal_data left -> */ 00618 /* get object_class of file */ 00619 i_tid.file = file; 00620 if (rsbac_get_attr(PM, 00621 target, 00622 i_tid, 00623 A_pm_object_class, 00624 &i_attr_val1, 00625 FALSE)) 00626 { 00627 printk(KERN_WARNING 00628 "adjust_in_out_pp(): rsbac_get_attr() returned error!\n"); 00629 return(-RSBAC_EREADFAILED); 00630 } 00631 object_class = i_attr_val1.pm_object_class; 00632 /* if there is no class for this file, this is an error! */ 00633 /* (all personal data must have a class assigned, and here */ 00634 /* must never be anything else) */ 00635 if(!object_class) 00636 { 00637 #ifdef CONFIG_RSBAC_DEBUG 00638 if(rsbac_debug_adf_pm) 00639 printk(KERN_WARNING 00640 "adjust_in_out_pp(): personal_data with NIL class!\n"); 00641 #endif 00642 return(-RSBAC_EINVALIDVALUE); 00643 } 00644 00645 /* get pp_set-id of class */ 00646 i_pm_tid.object_class = object_class; 00647 if ((error = rsbac_pm_get_data(PMT_CLASS, 00648 i_pm_tid, 00649 PD_pp_set, 00650 &i_data_val1))) 00651 { 00652 if(error != -RSBAC_EINVALIDTARGET) 00653 printk(KERN_WARNING 00654 "adjust_in_out_pp(): rsbac_pm_get_data() returned error %i!\n", 00655 error); 00656 else 00657 printk(KERN_WARNING 00658 "adjust_in_out_pp(): class %i of file does not exist!\n", 00659 object_class); 00660 return(-RSBAC_EREADFAILED); 00661 } 00662 00663 /* adjust information flow check boundaries */ 00664 00665 /* read access: create intersection of input-purpose-set of process and */ 00666 /* purpose-set of class of file in input-purpose-set of process */ 00667 /* (Input purpose set id is process id) */ 00668 if( (acc & RSBAC_PM_A_READ) 00669 && rsbac_pm_pp_intersec(i_data_val1.pp_set, caller_pid) ) 00670 { 00671 printk(KERN_WARNING 00672 "adjust_in_out_pp(): call to rsbac_pm_pp_intersec failed\n"); 00673 error = -RSBAC_EWRITEFAILED; 00674 } 00675 00676 /* write access: create union of output-purpose-set of process and */ 00677 /* purpose-set of class of file in output-purpose-set of process */ 00678 /* (Output purpose set id is process id) */ 00679 if( (acc & RSBAC_PM_A_WRITE_TO_FILE) 00680 && rsbac_pm_pp_union(i_data_val1.pp_set, caller_pid) ) 00681 { 00682 printk(KERN_WARNING 00683 "adjust_in_out_pp(): call to rsbac_pm_pp_union failed\n"); 00684 error = -RSBAC_EWRITEFAILED; 00685 } 00686 00687 /* OK, everything is done. */ 00688 return(error); 00689 } 00690 00691 /* This function does the adjustment of input- and output-purpose-set of */ 00692 /* the calling process according to type of access and ipc-purpose of ipc */ 00693 /* object. */ 00694 static int 00695 adjust_in_out_pp_ipc( rsbac_pid_t caller_pid, 00696 struct rsbac_ipc_t ipc, 00697 rsbac_pm_accesses_t acc) 00698 { 00699 union rsbac_pm_set_id_t i_pm_set_id; 00700 union rsbac_pm_set_member_t i_pm_set_member; 00701 rsbac_pm_purpose_id_t i_pm_pp; 00702 int error = 0; 00703 00704 /* get IPC-purpose */ 00705 i_pm_pp = get_ipc_purpose(ipc); 00706 /* if ipc_purpose is 0, this cannot be a TP -> no access to personal data */ 00707 /* -> no flow control */ 00708 if(!i_pm_pp) 00709 return(0); 00710 00711 /* adjust information flow check boundaries */ 00712 00713 /* read access: create intersection of input-purpose-set of process and */ 00714 /* purpose-set of ipc in input-purpose-set of process -> clear set and */ 00715 /* add ipc-purpose, because ipc-purpose must have been in it at decision */ 00716 /* (Input purpose set id is process id) */ 00717 if(acc & RSBAC_PM_A_READ) 00718 { 00719 i_pm_set_id.in_pp_set = caller_pid; 00720 /* if set does not exist, create it */ 00721 if( !rsbac_pm_set_exist(PS_IN_PP, i_pm_set_id) 00722 && rsbac_pm_create_set(PS_IN_PP, i_pm_set_id) ) 00723 { 00724 printk(KERN_WARNING 00725 "adjust_in_out_pp_ipc(): call to rsbac_pm_create_set returned error\n"); 00726 error = -RSBAC_EWRITEFAILED; 00727 } 00728 if(rsbac_pm_clear_set(PS_IN_PP, i_pm_set_id) ) 00729 { 00730 printk(KERN_WARNING 00731 "adjust_in_out_pp_ipc(): call to rsbac_pm_clear_set returned error\n"); 00732 error = -RSBAC_EWRITEFAILED; 00733 } 00734 i_pm_set_member.pp = i_pm_pp; 00735 if(rsbac_pm_add_to_set(PS_IN_PP, i_pm_set_id, i_pm_set_member) ) 00736 { 00737 printk(KERN_WARNING 00738 "adjust_in_out_pp_ipc(): call to rsbac_pm_add_to_set returned error\n"); 00739 error = -RSBAC_EWRITEFAILED; 00740 } 00741 } 00742 00743 /* write access: create union of output-purpose-set of process and */ 00744 /* purpose-set of ipc in output-purpose-set of process -> */ 00745 /* add ipc-purpose to output-purpose-set */ 00746 /* (Input purpose set id is process id) */ 00747 if(acc & RSBAC_PM_A_WRITE_TO_FILE) 00748 { 00749 i_pm_set_id.out_pp_set = caller_pid; 00750 /* if set does not exist, create it */ 00751 if( !rsbac_pm_set_exist(PS_OUT_PP, i_pm_set_id) 00752 && rsbac_pm_create_set(PS_OUT_PP, i_pm_set_id) ) 00753 { 00754 printk(KERN_WARNING 00755 "adjust_in_out_pp_ipc(): call to rsbac_pm_create_set returned error\n"); 00756 error = -RSBAC_EWRITEFAILED; 00757 } 00758 /* add ipc_purpose to set */ 00759 i_pm_set_member.pp = i_pm_pp; 00760 if(rsbac_pm_add_to_set(PS_OUT_PP, i_pm_set_id, i_pm_set_member) ) 00761 { 00762 printk(KERN_WARNING 00763 "adjust_in_out_pp_ipc(): call to rsbac_pm_add_to_set returned error\n"); 00764 error = -RSBAC_EWRITEFAILED; 00765 } 00766 } 00767 00768 /* OK, everything is done. */ 00769 return(error); 00770 } 00771 00772 00773 /************************************************* */ 00774 /* Externally visible functions */ 00775 /************************************************* */ 00776 00777 enum rsbac_adf_req_ret_t 00778 rsbac_adf_request_pm (enum rsbac_adf_request_t request, 00779 rsbac_pid_t caller_pid, 00780 enum rsbac_target_t target, 00781 union rsbac_target_id_t tid, 00782 enum rsbac_attribute_t attr, 00783 union rsbac_attribute_value_t attr_val, 00784 rsbac_uid_t owner) 00785 { 00786 enum rsbac_adf_req_ret_t result = DO_NOT_CARE; 00787 union rsbac_target_id_t i_tid; 00788 union rsbac_attribute_value_t i_attr_val1; 00789 union rsbac_attribute_value_t i_attr_val2; 00790 union rsbac_pm_target_id_t i_pm_tid; 00791 union rsbac_pm_data_value_t i_data_val1; 00792 union rsbac_pm_set_id_t i_pm_set_id; 00793 union rsbac_pm_set_member_t i_pm_set_member; 00794 rsbac_pm_purpose_id_t i_pm_pp; 00795 int error; 00796 00797 switch (request) 00798 { 00799 case R_ADD_TO_KERNEL: 00800 switch(target) 00801 { 00802 case T_NONE: 00803 /* test owner's pm_role */ 00804 i_tid.user = owner; 00805 if (rsbac_get_attr(PM, 00806 T_USER, 00807 i_tid, 00808 A_pm_role, 00809 &i_attr_val1, 00810 TRUE)) 00811 { 00812 printk(KERN_WARNING "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 00813 return(NOT_GRANTED); 00814 } 00815 /* only administrators are allowed to do this */ 00816 if (i_attr_val1.pm_role != PR_system_admin) 00817 return(NOT_GRANTED); 00818 else 00819 return(GRANTED); 00820 00821 /* all other cases */ 00822 default: 00823 return(DO_NOT_CARE); 00824 } 00825 00826 case R_ALTER: 00827 /* only for IPC */ 00828 if (target == T_IPC) 00829 return (DO_NOT_CARE); 00830 else 00831 /* all other targets are undefined */ 00832 return (DO_NOT_CARE); 00833 break; 00834 00835 case R_APPEND_OPEN: 00836 switch(target) 00837 { 00838 case T_FILE: 00839 case T_FIFO: 00840 /* get pm_object_type of target */ 00841 if (rsbac_get_attr(PM, 00842 target, 00843 tid, 00844 A_pm_object_type, 00845 &i_attr_val1, 00846 FALSE)) 00847 { 00848 printk(KERN_WARNING 00849 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 00850 return(NOT_GRANTED); 00851 } 00852 /* no append_open on TPs */ 00853 if(i_attr_val1.pm_object_type == PO_TP) 00854 return(NOT_GRANTED); 00855 /* TPs must not write on other than personal_data */ 00856 if(i_attr_val1.pm_object_type != PO_personal_data) 00857 return(tp_check(caller_pid)); 00858 00859 /* only personal_data left -> */ 00860 /* check necessary && (purpose_bind || consent) */ 00861 return(na_and_pp_or_cs(caller_pid, 00862 tid.file, 00863 RSBAC_PM_A_APPEND)); 00864 break; 00865 00866 /* Appending to devices is no problem here */ 00867 case T_DEV: 00868 return(DO_NOT_CARE); 00869 00870 case T_IPC: 00871 /* get IPC-purpose */ 00872 i_pm_pp = get_ipc_purpose(tid.ipc); 00873 /* if IPC-pp is NIL -> process type must be NIL */ 00874 if(!i_pm_pp) 00875 { 00876 /* get process-type of caller-process */ 00877 i_tid.process = caller_pid; 00878 if (rsbac_get_attr(PM, 00879 T_PROCESS, 00880 i_tid, 00881 A_pm_process_type, 00882 &i_attr_val1, 00883 FALSE)) 00884 { 00885 printk(KERN_WARNING 00886 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 00887 return(NOT_GRANTED); 00888 } 00889 if(i_attr_val1.pm_process_type == PP_TP) 00890 return(NOT_GRANTED); 00891 else 00892 return(GRANTED); 00893 } 00894 /* OK, we do have an IPC-purpose */ 00895 /* get current_task of caller-process */ 00896 i_tid.process = caller_pid; 00897 if (rsbac_get_attr(PM, 00898 T_PROCESS, 00899 i_tid, 00900 A_pm_current_task, 00901 &i_attr_val1, 00902 FALSE)) 00903 { 00904 printk(KERN_WARNING 00905 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 00906 return(NOT_GRANTED); 00907 } 00908 /* if current_task = NIL -> do not grant */ 00909 if(!i_attr_val1.pm_current_task) 00910 { 00911 return(NOT_GRANTED); 00912 } 00913 /* check necessary && purpose_bind */ 00914 return(na_and_pp_ipc(i_attr_val1.pm_current_task, 00915 caller_pid, 00916 RSBAC_PM_A_APPEND, 00917 tid.ipc)); 00918 break; 00919 00920 /* all other cases are undefined */ 00921 default: return(DO_NOT_CARE); 00922 } 00923 00924 case R_CHANGE_GROUP: 00925 switch(target) 00926 { 00927 /* We do not care about process or user groups */ 00928 /* all other cases */ 00929 default: return(DO_NOT_CARE); 00930 } 00931 00932 case R_CHANGE_OWNER: 00933 switch(target) 00934 { 00935 case T_FILE: 00936 case T_FIFO: 00937 case T_SYMLINK: 00938 /* get pm_object_type of target */ 00939 if (rsbac_get_attr(PM, 00940 target, 00941 tid, 00942 A_pm_object_type, 00943 &i_attr_val1, 00944 FALSE)) 00945 { 00946 printk(KERN_WARNING 00947 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 00948 return(NOT_GRANTED); 00949 } 00950 /* no access on TPs and personal_data*/ 00951 if( (i_attr_val1.pm_object_type == PO_TP) 00952 || (i_attr_val1.pm_object_type == PO_personal_data)) 00953 return(NOT_GRANTED); 00954 else 00955 return(GRANTED); 00956 break; 00957 00958 /* processes may only be given to other user, if */ 00959 /* current_task is authorized for him. */ 00960 /* If CONFIG_RSBAC_PM_ROLE_PROT is set, only changing */ 00961 /* to or from pm_role general_user is allowed. */ 00962 case T_PROCESS: 00963 #ifdef CONFIG_RSBAC_PM_ROLE_PROT 00964 /* For target process there MUST be a new owner specified */ 00965 if (attr != A_owner) 00966 return(UNDEFINED); 00967 /* general user? */ 00968 i_tid.user = owner; 00969 if (rsbac_get_attr(PM, 00970 T_USER, 00971 i_tid, 00972 A_pm_role, 00973 &i_attr_val1, 00974 TRUE)) 00975 { 00976 printk(KERN_WARNING 00977 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 00978 return(NOT_GRANTED); 00979 } 00980 /* only check further, if not general user */ 00981 if (i_attr_val1.pm_role != PR_user) 00982 { 00983 /* get target user's role */ 00984 i_tid.user = attr_val.owner; 00985 if (rsbac_get_attr(PM, 00986 T_USER, 00987 i_tid, 00988 A_pm_role, 00989 &i_attr_val2, 00990 TRUE)) 00991 { 00992 printk(KERN_WARNING 00993 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 00994 return(NOT_GRANTED); 00995 } 00996 /* target is also no general user -> deny, 00997 * if different role */ 00998 if( (i_attr_val2.pm_role != PR_user) 00999 && (i_attr_val1.pm_role != i_attr_val2.pm_role) 01000 ) 01001 return(NOT_GRANTED); 01002 } 01003 /* OK, role check passed */ 01004 #endif 01005 01006 /* get current_task of caller-process */ 01007 i_tid.process = caller_pid; 01008 if (rsbac_get_attr(PM, 01009 T_PROCESS, 01010 i_tid, 01011 A_pm_current_task, 01012 &i_attr_val1, 01013 FALSE)) 01014 { 01015 printk(KERN_WARNING 01016 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01017 return(NOT_GRANTED); 01018 } 01019 /* if task = NIL: no problem, grant */ 01020 if(!i_attr_val1.pm_current_task) 01021 return(GRANTED); 01022 01023 /* get task_set_id of process-owner */ 01024 i_tid.user = owner; 01025 if (rsbac_get_attr(PM, 01026 T_USER, 01027 i_tid, 01028 A_pm_task_set, 01029 &i_attr_val2, 01030 FALSE)) 01031 { 01032 printk(KERN_WARNING 01033 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01034 return(NOT_GRANTED); 01035 } 01036 /* if user has no set of authorized tasks -> do not grant */ 01037 if(!i_attr_val2.pm_task_set) 01038 return(NOT_GRANTED); 01039 01040 /* grant, if task is in owner's authorized task_set */ 01041 i_pm_set_id.task_set = i_attr_val2.pm_task_set; 01042 i_pm_set_member.task = i_attr_val1.pm_current_task; 01043 if (rsbac_pm_set_member(PS_TASK,i_pm_set_id,i_pm_set_member)) 01044 return(GRANTED); 01045 /* else: don't... */ 01046 else 01047 return(NOT_GRANTED); 01048 01049 /* Change-owner without or for other target: do not care */ 01050 case T_DIR: 01051 case T_IPC: 01052 case T_NONE: 01053 return(DO_NOT_CARE); 01054 /* all other cases are undefined */ 01055 default: 01056 return(DO_NOT_CARE); 01057 } 01058 01059 case R_CLONE: 01060 if (target == T_PROCESS) 01061 { 01062 /* get process_type of caller-process */ 01063 i_tid.process = caller_pid; 01064 if (rsbac_get_attr(PM, 01065 T_PROCESS, 01066 i_tid, 01067 A_pm_process_type, 01068 &i_attr_val1, 01069 FALSE)) 01070 { 01071 printk(KERN_WARNING 01072 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01073 return(NOT_GRANTED); 01074 } 01075 /* cloning is only allowed for normal processes */ 01076 if(i_attr_val1.pm_process_type == PP_none) 01077 return(GRANTED); 01078 else 01079 return(NOT_GRANTED); 01080 } 01081 else 01082 return(DO_NOT_CARE); 01083 01084 case R_CREATE: 01085 switch(target) 01086 { 01087 /* Creating dir or (pseudo) file IN target dir! */ 01088 case T_DIR: 01089 /* get process_type of caller-process */ 01090 i_tid.process = caller_pid; 01091 if (rsbac_get_attr(PM, 01092 T_PROCESS, 01093 i_tid, 01094 A_pm_process_type, 01095 &i_attr_val1, 01096 FALSE)) 01097 { 01098 printk(KERN_WARNING 01099 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01100 return(NOT_GRANTED); 01101 } 01102 /* we only care for TPs here */ 01103 if(i_attr_val1.pm_process_type != PP_TP) 01104 return(DO_NOT_CARE); 01105 01106 /* get current_task of caller-process */ 01107 i_tid.process = caller_pid; 01108 if (rsbac_get_attr(PM, 01109 T_PROCESS, 01110 i_tid, 01111 A_pm_current_task, 01112 &i_attr_val1, 01113 FALSE)) 01114 { 01115 printk(KERN_WARNING 01116 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01117 return(NOT_GRANTED); 01118 } 01119 if(!i_attr_val1.pm_current_task) 01120 { 01121 #ifdef CONFIG_RSBAC_DEBUG 01122 if(rsbac_debug_adf_pm) 01123 printk(KERN_DEBUG 01124 "rsbac_adf_request_pm(): no current_task for calling process trying to access personal_data\n"); 01125 #endif 01126 return(NOT_GRANTED); 01127 } 01128 01129 /* get pm_tp of caller-process */ 01130 if (rsbac_get_attr(PM, 01131 T_PROCESS, 01132 i_tid, 01133 A_pm_tp, 01134 &i_attr_val2, 01135 FALSE)) 01136 { 01137 printk(KERN_WARNING 01138 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01139 return(NOT_GRANTED); 01140 } 01141 if(!i_attr_val2.pm_tp) 01142 { 01143 #ifdef CONFIG_RSBAC_DEBUG 01144 if(rsbac_debug_adf_pm) 01145 printk(KERN_DEBUG 01146 "rsbac_adf_request_pm(): calling process trying to access personal_data has no TP-id\n"); 01147 #endif 01148 return(NOT_GRANTED); 01149 } 01150 01151 /* get necessary accesses for NIL class */ 01152 i_pm_tid.na.task = i_attr_val1.pm_current_task; 01153 i_pm_tid.na.object_class = 0; 01154 i_pm_tid.na.tp = i_attr_val2.pm_tp; 01155 if ((error = rsbac_pm_get_data(PMT_NA, 01156 i_pm_tid, 01157 PD_accesses, 01158 &i_data_val1))) 01159 { 01160 if(error != -RSBAC_EINVALIDTARGET) 01161 printk(KERN_WARNING 01162 "rsbac_adf_request_pm(): rsbac_pm_get_data() returned error %i!\n", 01163 error); 01164 return(NOT_GRANTED); 01165 } 01166 /* is requested access mode included in access mask? */ 01167 if(!(RSBAC_PM_A_CREATE & i_data_val1.accesses)) 01168 { 01169 #ifdef CONFIG_RSBAC_DEBUG 01170 if(rsbac_debug_adf_pm) 01171 printk(KERN_DEBUG 01172 "rsbac_adf_request_pm(): requested access mode CREATE for class NIL is not necessary\n"); 01173 #endif 01174 return(NOT_GRANTED); 01175 } 01176 01177 /* OK, create is necessary -> grant */ 01178 return(GRANTED); 01179 break; 01180 01181 case T_IPC: 01182 /* get current_task of caller-process */ 01183 i_tid.process = caller_pid; 01184 if (rsbac_get_attr(PM, 01185 T_PROCESS, 01186 i_tid, 01187 A_pm_current_task, 01188 &i_attr_val1, 01189 FALSE)) 01190 { 01191 printk(KERN_WARNING 01192 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01193 return(NOT_GRANTED); 01194 } 01195 /* if current_task = NIL, do not care */ 01196 if(!i_attr_val1.pm_current_task) 01197 return(DO_NOT_CARE); 01198 01199 /* check necessary */ 01200 return(na_ipc(i_attr_val1.pm_current_task, 01201 caller_pid, 01202 RSBAC_PM_A_CREATE)); 01203 break; 01204 01205 /* all other cases are undefined */ 01206 default: return(DO_NOT_CARE); 01207 } 01208 01209 case R_DELETE: 01210 switch(target) 01211 { 01212 case T_FILE: 01213 case T_FIFO: 01214 case T_SYMLINK: 01215 /* get pm_object_type of target */ 01216 if (rsbac_get_attr(PM, 01217 target, 01218 tid, 01219 A_pm_object_type, 01220 &i_attr_val1, 01221 FALSE)) 01222 { 01223 printk(KERN_WARNING 01224 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01225 return(NOT_GRANTED); 01226 } 01227 /* if TP: only TP_Manager */ 01228 if(i_attr_val1.pm_object_type == PO_TP) 01229 { 01230 /* test owner's pm_role */ 01231 i_tid.user = owner; 01232 if (rsbac_get_attr(PM, 01233 T_USER, 01234 i_tid, 01235 A_pm_role, 01236 &i_attr_val1, 01237 TRUE)) 01238 { 01239 printk(KERN_WARNING "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01240 return(NOT_GRANTED); 01241 } 01242 if(i_attr_val1.pm_role == PR_tp_manager) 01243 return(GRANTED); 01244 else 01245 return(NOT_GRANTED); 01246 } 01247 /* do not care for other than personal_data */ 01248 if(i_attr_val1.pm_object_type != PO_personal_data) 01249 return(DO_NOT_CARE); 01250 01251 /* check necessary && (purpose_bind || consent) */ 01252 /* (in fact, necessary means allowed here) */ 01253 return(na_and_pp_or_cs(caller_pid, 01254 tid.file, 01255 RSBAC_PM_A_DELETE)); 01256 break; 01257 01258 case T_IPC: 01259 /* get current_task of caller-process */ 01260 i_tid.process = caller_pid; 01261 if (rsbac_get_attr(PM, 01262 T_PROCESS, 01263 i_tid, 01264 A_pm_current_task, 01265 &i_attr_val1, 01266 FALSE)) 01267 { 01268 printk(KERN_WARNING 01269 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01270 return(NOT_GRANTED); 01271 } 01272 /* if current_task = NIL, ipc_purpose must be NIL */ 01273 if(!i_attr_val1.pm_current_task) 01274 { 01275 if(!get_ipc_purpose(tid.ipc)) 01276 return(GRANTED); 01277 else 01278 return(NOT_GRANTED); 01279 } 01280 /* check necessary && purpose_bind */ 01281 return(na_and_pp_ipc(i_attr_val1.pm_current_task, 01282 caller_pid, 01283 RSBAC_PM_A_DELETE, 01284 tid.ipc)); 01285 break; 01286 01287 case T_DIR: 01288 return(DO_NOT_CARE); 01289 break; 01290 /* all other cases are undefined */ 01291 default: return(DO_NOT_CARE); 01292 } 01293 01294 case R_EXECUTE: 01295 switch(target) 01296 { 01297 case T_FILE: 01298 /* get pm_object_type of target */ 01299 if (rsbac_get_attr(PM, 01300 T_FILE, 01301 tid, 01302 A_pm_object_type, 01303 &i_attr_val1, 01304 FALSE)) 01305 { 01306 printk(KERN_WARNING 01307 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01308 return(NOT_GRANTED); 01309 } 01310 /* if not TP: do not care */ 01311 if(i_attr_val1.pm_object_type != PO_TP) 01312 return(DO_NOT_CARE); 01313 01314 /* get pm_tp of target */ 01315 if (rsbac_get_attr(PM, 01316 T_FILE, 01317 tid, 01318 A_pm_tp, 01319 &i_attr_val1, 01320 FALSE)) 01321 { 01322 printk(KERN_WARNING 01323 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01324 return(NOT_GRANTED); 01325 } 01326 /* if no tp: error! */ 01327 if(!i_attr_val1.pm_tp) 01328 { 01329 printk(KERN_WARNING 01330 "rsbac_adf_request_pm(): file with object_type TP has no tp_id!\n"); 01331 return(NOT_GRANTED); 01332 } 01333 /* get current_task of caller-process */ 01334 i_tid.process = caller_pid; 01335 if (rsbac_get_attr(PM, 01336 T_PROCESS, 01337 i_tid, 01338 A_pm_current_task, 01339 &i_attr_val2, 01340 FALSE)) 01341 { 01342 printk(KERN_WARNING 01343 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01344 return(NOT_GRANTED); 01345 } 01346 /* if there is no current task, do not grant */ 01347 if(!i_attr_val2.pm_current_task) 01348 { 01349 #ifdef CONFIG_RSBAC_DEBUG 01350 if(rsbac_debug_adf_pm) 01351 printk(KERN_DEBUG 01352 "rsbac_adf_request_pm(): no current_task for process trying to execute TP\n"); 01353 #endif 01354 return(NOT_GRANTED); 01355 } 01356 /* get tp_set_id of current_task */ 01357 i_pm_tid.task = i_attr_val2.pm_current_task; 01358 if ((error = rsbac_pm_get_data(PMT_TASK, 01359 i_pm_tid, 01360 PD_tp_set, 01361 &i_data_val1))) 01362 { 01363 if(error != -RSBAC_EINVALIDTARGET) 01364 printk(KERN_WARNING 01365 "rsbac_adf_request_pm(): rsbac_pm_get_data() returned error %i!\n", 01366 error); 01367 return(NOT_GRANTED); 01368 } 01369 /* if there is no tp set, do not grant */ 01370 if(!i_data_val1.tp_set) 01371 { 01372 #ifdef CONFIG_RSBAC_DEBUG 01373 if(rsbac_debug_adf_pm) 01374 printk(KERN_DEBUG 01375 "rsbac_adf_request_pm(): no tp_set for current_task of process trying to execute TP\n"); 01376 #endif 01377 return(NOT_GRANTED); 01378 } 01379 01380 /* grant, if file's tp is in process-current-task's */ 01381 /* authorized tp_set */ 01382 i_pm_set_id.tp_set = i_data_val1.tp_set; 01383 i_pm_set_member.tp = i_attr_val1.pm_tp; 01384 if (rsbac_pm_set_member(PS_TP,i_pm_set_id,i_pm_set_member)) 01385 return(GRANTED); 01386 /* else: don't... */ 01387 else 01388 { 01389 #ifdef CONFIG_RSBAC_DEBUG 01390 if(rsbac_debug_adf_pm) 01391 printk(KERN_DEBUG 01392 "rsbac_adf_request_pm(): tp %i of file is not in tp_set %i of current_task %i of process\n", 01393 i_attr_val1.pm_tp, i_data_val1.tp_set, i_attr_val2.pm_current_task); 01394 #endif 01395 return(NOT_GRANTED); 01396 } 01397 01398 /* all other cases are undefined */ 01399 default: 01400 return(DO_NOT_CARE); 01401 } 01402 01403 case R_GET_STATUS_DATA: 01404 switch(target) 01405 { 01406 case T_SCD: 01407 /* target rsbaclog? only for secoff and dataprot */ 01408 if (tid.scd != ST_rsbaclog) 01409 return(GRANTED); 01410 /* Secoff or dataprot? */ 01411 i_tid.user = owner; 01412 if ((error=rsbac_get_attr(PM, 01413 T_USER, 01414 i_tid, 01415 A_pm_role, 01416 &i_attr_val1, 01417 TRUE))) 01418 { 01419 printk(KERN_WARNING 01420 "rsbac_adf_request_pm(): rsbac_get_attr() returned error %i!\n", 01421 error); 01422 return(NOT_GRANTED); 01423 } 01424 /* grant only for secoff and dataprot */ 01425 if ( (i_attr_val1.pm_role == PR_security_officer) 01426 || (i_attr_val1.pm_role == PR_data_protection_officer) 01427 ) 01428 return(GRANTED); 01429 else 01430 return(NOT_GRANTED); 01431 default: 01432 return(DO_NOT_CARE); 01433 }; 01434 01435 case R_LINK_HARD: 01436 switch(target) 01437 { 01438 case T_FILE: 01439 case T_FIFO: 01440 case T_SYMLINK: 01441 /* get pm_object_type of target */ 01442 if (rsbac_get_attr(PM, 01443 target, 01444 tid, 01445 A_pm_object_type, 01446 &i_attr_val1, 01447 FALSE)) 01448 { 01449 printk(KERN_WARNING 01450 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01451 return(NOT_GRANTED); 01452 } 01453 /* if OT = TP or OT = personal_data -> do not grant, else do */ 01454 if( (i_attr_val1.pm_object_type == PO_TP) 01455 || (i_attr_val1.pm_object_type == PO_personal_data)) 01456 return(NOT_GRANTED); 01457 else 01458 return(GRANTED); 01459 break; 01460 /* all other cases are undefined */ 01461 default: return(DO_NOT_CARE); 01462 } 01463 01464 case R_MODIFY_ACCESS_DATA: 01465 case R_RENAME: 01466 switch(target) 01467 { 01468 case T_FILE: 01469 case T_FIFO: 01470 case T_SYMLINK: 01471 /* get pm_object_type of target */ 01472 if (rsbac_get_attr(PM, 01473 target, 01474 tid, 01475 A_pm_object_type, 01476 &i_attr_val1, 01477 FALSE)) 01478 { 01479 printk(KERN_WARNING 01480 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01481 return(NOT_GRANTED); 01482 } 01483 01484 /* if personal_data -> do not grant */ 01485 if(i_attr_val1.pm_object_type == PO_personal_data) 01486 return(NOT_GRANTED); 01487 /* alternative: check necessary && (purpose_bind || consent) */ 01488 /* return(na_and_pp_or_cs(caller_pid, 01489 tid.file, 01490 RSBAC_PM_A_WRITE)); */ 01491 01492 /* if TP: only TP_Manager, else: do not care */ 01493 if(i_attr_val1.pm_object_type != PO_TP) 01494 return(DO_NOT_CARE); 01495 /* test owner's pm_role */ 01496 i_tid.user = owner; 01497 if (rsbac_get_attr(PM, 01498 T_USER, 01499 i_tid, 01500 A_pm_role, 01501 &i_attr_val1, 01502 TRUE)) 01503 { 01504 printk(KERN_WARNING "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01505 return(NOT_GRANTED); 01506 } 01507 if(i_attr_val1.pm_role == PR_tp_manager) 01508 return(GRANTED); 01509 else 01510 return(NOT_GRANTED); 01511 break; 01512 01513 case T_DIR: 01514 return(DO_NOT_CARE); 01515 break; 01516 /* all other cases are undefined */ 01517 default: return(DO_NOT_CARE); 01518 } 01519 01520 case R_MODIFY_ATTRIBUTE: 01521 switch(attr) 01522 { 01523 /* all pm relevant attributes are changed via sys_rsbac_pm */ 01524 /* using tickets in most cases -> deny here */ 01525 case A_pm_object_type: 01526 case A_pm_tp: 01527 case A_pm_role: 01528 case A_pm_process_type: 01529 case A_pm_current_task: 01530 case A_pm_object_class: 01531 case A_pm_ipc_purpose: 01532 case A_pm_program_type: 01533 case A_pm_task_set: 01534 #ifdef CONFIG_RSBAC_PM_GEN_PROT 01535 case A_owner: 01536 case A_pseudo: 01537 case A_fake_root_uid: 01538 #endif 01539 #ifdef CONFIG_RSBAC_PM_AUTH_PROT 01540 case A_auth_may_setuid: 01541 case A_auth_may_set_cap: 01542 case A_auth_start_uid: 01543 case A_auth_program_file: 01544 #endif 01545 return(NOT_GRANTED); 01546 /* All attributes (remove target!) */ 01547 case A_none: 01548 #ifdef CONFIG_RSBAC_PM_AUTH_PROT 01549 case A_auth_add_f_cap: 01550 case A_auth_remove_f_cap: 01551 case A_auth_learn: 01552 #endif 01553 switch(target) 01554 { /* special care for pm-relevant files and devs*/ 01555 case T_FILE: 01556 case T_FIFO: 01557 case T_DEV: 01558 /* get object_type */ 01559 if (rsbac_get_attr(PM, 01560 target, 01561 tid, 01562 A_pm_object_type, 01563 &i_attr_val1, 01564 FALSE)) 01565 { 01566 printk(KERN_WARNING "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01567 return(NOT_GRANTED); 01568 } 01569 /* if OT is PM-relevant -> do not grant */ 01570 if( (i_attr_val1.pm_object_type != PO_none) 01571 && (i_attr_val1.pm_object_type != PO_non_personal_data)) 01572 return(NOT_GRANTED); 01573 else 01574 return(GRANTED); 01575 01576 /* we do not care for dirs or symlinks */ 01577 case T_DIR: 01578 case T_SYMLINK: 01579 return(DO_NOT_CARE); 01580 01581 /* we do care for users, and if PM is active, we use */ 01582 /* tickets to delete user attributes, so do not grant.*/ 01583 /* take care: if other models are active, their */ 01584 /* additional restrictions are not met! */ 01585 case T_USER: 01586 return(NOT_GRANTED); 01587 01588 /* no removing of process attributes */ 01589 case T_PROCESS: 01590 return(NOT_GRANTED); 01591 01592 case T_IPC: 01593 /* get ipc_purpose */ 01594 if (rsbac_get_attr(PM, 01595 T_IPC, 01596 tid, 01597 A_pm_ipc_purpose, 01598 &i_attr_val1, 01599 FALSE)) 01600 { 01601 printk(KERN_WARNING "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01602 return(NOT_GRANTED); 01603 } 01604 /* if a purpose is set -> do not grant, else: who cares? */ 01605 if(i_attr_val1.pm_ipc_purpose) 01606 return(NOT_GRANTED); 01607 else 01608 return(GRANTED); 01609 01610 default: 01611 return(DO_NOT_CARE); 01612 } 01613 01614 #ifdef CONFIG_RSBAC_PM_GEN_PROT 01615 case A_log_array_low: 01616 case A_log_array_high: 01617 case A_log_program_based: 01618 case A_log_user_based: 01619 case A_symlink_add_uid: 01620 /* test owner's pm_role */ 01621 i_tid.user = owner; 01622 if (rsbac_get_attr(PM, 01623 T_USER, 01624 i_tid, 01625 A_pm_role, 01626 &i_attr_val1, 01627 TRUE)) 01628 { 01629 printk(KERN_WARNING "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01630 return(NOT_GRANTED); 01631 } 01632 /* security officer? -> grant */ 01633 if (i_attr_val1.pm_role == PR_security_officer) 01634 return(GRANTED); 01635 else 01636 return(NOT_GRANTED); 01637 #endif 01638 01639 default: 01640 return(DO_NOT_CARE); 01641 } 01642 01643 case R_MODIFY_PERMISSIONS_DATA: 01644 switch(target) 01645 { 01646 case T_FILE: 01647 case T_FIFO: 01648 /* get pm_object_type of target */ 01649 if (rsbac_get_attr(PM, 01650 target, 01651 tid, 01652 A_pm_object_type, 01653 &i_attr_val1, 01654 FALSE)) 01655 { 01656 printk(KERN_WARNING 01657 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01658 return(NOT_GRANTED); 01659 } 01660 /* if TP: only TP_Manager, else: do not care */ 01661 if(i_attr_val1.pm_object_type != PO_TP) 01662 return(DO_NOT_CARE); 01663 /* test owner's pm_role */ 01664 i_tid.user = owner; 01665 if (rsbac_get_attr(PM, 01666 T_USER, 01667 i_tid, 01668 A_pm_role, 01669 &i_attr_val1, 01670 TRUE)) 01671 { 01672 printk(KERN_WARNING "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01673 return(NOT_GRANTED); 01674 } 01675 if(i_attr_val1.pm_role == PR_tp_manager) 01676 return(GRANTED); 01677 else 01678 return(NOT_GRANTED); 01679 break; 01680 01681 /* all other cases are undefined */ 01682 default: return(DO_NOT_CARE); 01683 } 01684 01685 case R_MODIFY_SYSTEM_DATA: 01686 switch(target) 01687 { 01688 case T_SCD: 01689 /* target rlimit? no problem, but needed -> grant */ 01690 if (tid.scd == ST_rlimit) 01691 return(GRANTED); 01692 /* Administrator? */ 01693 i_tid.user = owner; 01694 if (rsbac_get_attr(PM, 01695 T_USER, 01696 i_tid, 01697 A_pm_role, 01698 &i_attr_val1, 01699 TRUE)) 01700 { 01701 printk(KERN_WARNING 01702 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01703 return(NOT_GRANTED); 01704 } 01705 /* if rsbaclog: grant only for secoff and dataprot */ 01706 if(tid.scd == ST_rsbaclog) 01707 { 01708 if ( (i_attr_val1.pm_role == PR_security_officer) 01709 || (i_attr_val1.pm_role == PR_data_protection_officer) 01710 ) 01711 return(GRANTED); 01712 else 01713 return(NOT_GRANTED); 01714 } 01715 /* other scds: if administrator, then grant */ 01716 if (i_attr_val1.pm_role == PR_system_admin) 01717 return(GRANTED); 01718 else 01719 return(NOT_GRANTED); 01720 01721 /* all other cases are undefined */ 01722 default: return(DO_NOT_CARE); 01723 } 01724 01725 case R_MOUNT: 01726 switch(target) 01727 { 01728 case T_FILE: 01729 case T_DIR: 01730 case T_DEV: 01731 /* Administrator? */ 01732 i_tid.user = owner; 01733 if (rsbac_get_attr(PM, 01734 T_USER, 01735 i_tid, 01736 A_pm_role, 01737 &i_attr_val1, 01738 TRUE)) 01739 { 01740 printk(KERN_WARNING 01741 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01742 return(NOT_GRANTED); 01743 } 01744 /* if administrator, then grant */ 01745 if (i_attr_val1.pm_role == PR_system_admin) 01746 return(GRANTED); 01747 else 01748 return(NOT_GRANTED); 01749 01750 /* all other cases are undefined */ 01751 default: return(DO_NOT_CARE); 01752 } 01753 01754 case R_READ: 01755 switch(target) 01756 { 01757 #ifdef CONFIG_RSBAC_RW 01758 case T_FILE: 01759 case T_FIFO: 01760 /* get pm_object_type of target */ 01761 if (rsbac_get_attr(PM, 01762 target, 01763 tid, 01764 A_pm_object_type, 01765 &i_attr_val1, 01766 FALSE)) 01767 { 01768 printk(KERN_WARNING 01769 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01770 return(NOT_GRANTED); 01771 } 01772 /* no read_open on TPs */ 01773 if(i_attr_val1.pm_object_type == PO_TP) 01774 return(NOT_GRANTED); 01775 /* do not care for other than personal_data */ 01776 if(i_attr_val1.pm_object_type != PO_personal_data) 01777 return(DO_NOT_CARE); 01778 01779 /* check necessary && (purpose_bind || consent) */ 01780 return(na_and_pp_or_cs(caller_pid, 01781 tid.file, 01782 RSBAC_PM_A_READ)); 01783 break; 01784 01785 case T_DEV: 01786 /* get pm_object_type of target */ 01787 if (rsbac_get_attr(PM, 01788 T_DEV, 01789 tid, 01790 A_pm_object_type, 01791 &i_attr_val1, 01792 FALSE)) 01793 { 01794 printk(KERN_WARNING 01795 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01796 return(NOT_GRANTED); 01797 } 01798 /* check read_open only on devs containing personal_data */ 01799 if(i_attr_val1.pm_object_type != PO_personal_data) 01800 return(DO_NOT_CARE); 01801 /* check necessary && purpose_bind */ 01802 return(na_dev(caller_pid, 01803 RSBAC_PM_A_READ, 01804 tid.dev)); 01805 01806 #ifdef CONFIG_RSBAC_RW_SOCK 01807 case T_IPC: 01808 /* get current_task of caller-process */ 01809 i_tid.process = caller_pid; 01810 if (rsbac_get_attr(PM, 01811 T_PROCESS, 01812 i_tid, 01813 A_pm_current_task, 01814 &i_attr_val1, 01815 FALSE)) 01816 { 01817 printk(KERN_WARNING 01818 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01819 return(NOT_GRANTED); 01820 } 01821 /* if current_task = NIL, ipc_purpose must be NIL */ 01822 if(!i_attr_val1.pm_current_task) 01823 { 01824 if(!get_ipc_purpose(tid.ipc)) 01825 return(GRANTED); 01826 else 01827 return(NOT_GRANTED); 01828 } 01829 /* check necessary && purpose_bind */ 01830 return(na_and_pp_ipc(i_attr_val1.pm_current_task, 01831 caller_pid, 01832 RSBAC_PM_A_READ, 01833 tid.ipc)); 01834 break; 01835 #endif /* RW_SOCK */ 01836 #endif /* RW */ 01837 01838 /* all other cases are undefined */ 01839 default: return(DO_NOT_CARE); 01840 } 01841 01842 case R_READ_ATTRIBUTE: 01843 switch(attr) 01844 { 01845 case A_pm_object_type: 01846 case A_pm_tp: 01847 case A_pm_role: 01848 case A_pm_process_type: 01849 case A_pm_current_task: 01850 case A_pm_object_class: 01851 case A_pm_ipc_purpose: 01852 case A_pm_program_type: 01853 case A_pm_task_set: 01854 #ifdef CONFIG_RSBAC_PM_GEN_PROT 01855 case A_owner: 01856 case A_pseudo: 01857 case A_log_array_low: 01858 case A_log_array_high: 01859 case A_log_program_based: 01860 case A_log_user_based: 01861 case A_symlink_add_uid: 01862 case A_fake_root_uid: 01863 #endif 01864 #ifdef CONFIG_RSBAC_PM_AUTH_PROT 01865 case A_auth_may_setuid: 01866 case A_auth_may_set_cap: 01867 case A_auth_start_uid: 01868 case A_auth_program_file: 01869 case A_auth_learn: 01870 #endif 01871 /* Security Officer or Data Protection Officer? */ 01872 i_tid.user = owner; 01873 if (rsbac_get_attr(PM, 01874 T_USER, 01875 i_tid, 01876 A_pm_role, 01877 &i_attr_val1, 01878 TRUE)) 01879 { 01880 printk(KERN_WARNING 01881 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01882 return(NOT_GRANTED); 01883 } 01884 /* if sec_officer or data_prot_off, then grant */ 01885 if( (i_attr_val1.pm_role == PR_security_officer) 01886 || (i_attr_val1.pm_role == PR_data_protection_officer)) 01887 return(GRANTED); 01888 else 01889 return(NOT_GRANTED); 01890 01891 default: 01892 return(DO_NOT_CARE); 01893 } 01894 01895 case R_READ_OPEN: 01896 switch(target) 01897 { 01898 case T_FILE: 01899 case T_FIFO: 01900 /* get pm_object_type of target */ 01901 if (rsbac_get_attr(PM, 01902 target, 01903 tid, 01904 A_pm_object_type, 01905 &i_attr_val1, 01906 FALSE)) 01907 { 01908 printk(KERN_WARNING 01909 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01910 return(NOT_GRANTED); 01911 } 01912 /* no read_open on TPs */ 01913 if(i_attr_val1.pm_object_type == PO_TP) 01914 return(NOT_GRANTED); 01915 /* do not care for other than personal_data */ 01916 if(i_attr_val1.pm_object_type != PO_personal_data) 01917 return(DO_NOT_CARE); 01918 01919 /* check necessary && (purpose_bind || consent) */ 01920 return(na_and_pp_or_cs(caller_pid, 01921 tid.file, 01922 RSBAC_PM_A_READ)); 01923 break; 01924 01925 case T_DEV: 01926 /* get pm_object_type of target */ 01927 if (rsbac_get_attr(PM, 01928 T_DEV, 01929 tid, 01930 A_pm_object_type, 01931 &i_attr_val1, 01932 FALSE)) 01933 { 01934 printk(KERN_WARNING 01935 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01936 return(NOT_GRANTED); 01937 } 01938 /* check read_open only on devs containing personal_data */ 01939 if(i_attr_val1.pm_object_type != PO_personal_data) 01940 return(DO_NOT_CARE); 01941 /* check necessary && purpose_bind */ 01942 return(na_dev(caller_pid, 01943 RSBAC_PM_A_READ, 01944 tid.dev)); 01945 01946 case T_IPC: 01947 /* get current_task of caller-process */ 01948 i_tid.process = caller_pid; 01949 if (rsbac_get_attr(PM, 01950 T_PROCESS, 01951 i_tid, 01952 A_pm_current_task, 01953 &i_attr_val1, 01954 FALSE)) 01955 { 01956 printk(KERN_WARNING 01957 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01958 return(NOT_GRANTED); 01959 } 01960 /* if current_task = NIL, ipc_purpose must be NIL */ 01961 if(!i_attr_val1.pm_current_task) 01962 { 01963 if(!get_ipc_purpose(tid.ipc)) 01964 return(GRANTED); 01965 else 01966 return(NOT_GRANTED); 01967 } 01968 /* check necessary && purpose_bind */ 01969 return(na_and_pp_ipc(i_attr_val1.pm_current_task, 01970 caller_pid, 01971 RSBAC_PM_A_READ, 01972 tid.ipc)); 01973 break; 01974 01975 case T_DIR: 01976 return(DO_NOT_CARE); 01977 break; 01978 /* all other cases are undefined */ 01979 default: return(DO_NOT_CARE); 01980 } 01981 01982 case R_READ_WRITE_OPEN: 01983 switch(target) 01984 { 01985 case T_FILE: 01986 case T_FIFO: 01987 /* get pm_object_type of target */ 01988 if (rsbac_get_attr(PM, 01989 target, 01990 tid, 01991 A_pm_object_type, 01992 &i_attr_val1, 01993 FALSE)) 01994 { 01995 printk(KERN_WARNING 01996 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 01997 return(NOT_GRANTED); 01998 } 01999 /* no read_write_open on TPs */ 02000 if(i_attr_val1.pm_object_type == PO_TP) 02001 return(NOT_GRANTED); 02002 /* TPs must not write on other than personal_data */ 02003 if(i_attr_val1.pm_object_type != PO_personal_data) 02004 return(tp_check(caller_pid)); 02005 02006 /* check necessary && (purpose_bind || consent) */ 02007 return(na_and_pp_or_cs(caller_pid, 02008 tid.file, 02009 RSBAC_PM_A_READ | RSBAC_PM_A_WRITE)); 02010 break; 02011 02012 case T_DEV: 02013 /* get pm_object_type of target */ 02014 if (rsbac_get_attr(PM, 02015 T_DEV, 02016 tid, 02017 A_pm_object_type, 02018 &i_attr_val1, 02019 FALSE)) 02020 { 02021 printk(KERN_WARNING 02022 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02023 return(NOT_GRANTED); 02024 } 02025 /* check read_write_open only on devs containing personal_data or TPs*/ 02026 if( (i_attr_val1.pm_object_type != PO_personal_data) 02027 && (i_attr_val1.pm_object_type != PO_TP) ) 02028 return(DO_NOT_CARE); 02029 /* check necessary && purpose_bind */ 02030 return(na_dev(caller_pid, 02031 RSBAC_PM_A_READ | RSBAC_PM_A_WRITE, 02032 tid.dev)); 02033 02034 case T_IPC: 02035 /* get IPC-purpose */ 02036 i_pm_pp = get_ipc_purpose(tid.ipc); 02037 /* if IPC-pp is NIL -> process type must be NIL */ 02038 if(!i_pm_pp) 02039 { 02040 /* get process-type of caller-process */ 02041 i_tid.process = caller_pid; 02042 if (rsbac_get_attr(PM, 02043 T_PROCESS, 02044 i_tid, 02045 A_pm_process_type, 02046 &i_attr_val1, 02047 FALSE)) 02048 { 02049 printk(KERN_WARNING 02050 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02051 return(NOT_GRANTED); 02052 } 02053 if(i_attr_val1.pm_process_type == PP_TP) 02054 return(NOT_GRANTED); 02055 else 02056 return(GRANTED); 02057 } 02058 /* OK, we do have an IPC-purpose */ 02059 /* get current_task of caller-process */ 02060 i_tid.process = caller_pid; 02061 if (rsbac_get_attr(PM, 02062 T_PROCESS, 02063 i_tid, 02064 A_pm_current_task, 02065 &i_attr_val1, 02066 FALSE)) 02067 { 02068 printk(KERN_WARNING 02069 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02070 return(NOT_GRANTED); 02071 } 02072 /* if current_task = NIL -> do not grant */ 02073 if(!i_attr_val1.pm_current_task) 02074 { 02075 return(NOT_GRANTED); 02076 } 02077 /* check necessary && purpose_bind */ 02078 return(na_and_pp_ipc(i_attr_val1.pm_current_task, 02079 caller_pid, 02080 RSBAC_PM_A_READ | RSBAC_PM_A_WRITE, 02081 tid.ipc)); 02082 break; 02083 02084 /* all other cases are undefined */ 02085 default: return(DO_NOT_CARE); 02086 } 02087 02088 case R_REMOVE_FROM_KERNEL: 02089 case R_SHUTDOWN: 02090 switch(target) 02091 { 02092 case T_NONE: 02093 /* test owner's pm_role */ 02094 i_tid.user = owner; 02095 if (rsbac_get_attr(PM, 02096 T_USER, 02097 i_tid, 02098 A_pm_role, 02099 &i_attr_val1, 02100 TRUE)) 02101 { 02102 printk(KERN_WARNING "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02103 return(NOT_GRANTED); 02104 } 02105 /* only administrators are allowed to do this */ 02106 if (i_attr_val1.pm_role != PR_system_admin) 02107 return(NOT_GRANTED); 02108 /* That's it */ 02109 return(GRANTED); 02110 02111 /* all other cases are undefined */ 02112 default: return(DO_NOT_CARE); 02113 } 02114 02115 /* case R_RENAME: see R_MODIFY_ACCESS_DATA */ 02116 02117 case R_SEND_SIGNAL: 02118 switch(target) 02119 { 02120 case T_PROCESS: 02121 /* TPs are not allowed to send signals */ 02122 /* get process_type of caller-process */ 02123 i_tid.process = caller_pid; 02124 if (rsbac_get_attr(PM, 02125 T_PROCESS, 02126 i_tid, 02127 A_pm_process_type, 02128 &i_attr_val1, 02129 FALSE)) 02130 { 02131 printk(KERN_WARNING 02132 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02133 return(NOT_GRANTED); 02134 } 02135 /* we do not allow TPs here */ 02136 if(i_attr_val1.pm_process_type == PP_TP) 02137 return(NOT_GRANTED); 02138 02139 /* SIGKILL to TPs is restricted to tp_managers to prevent */ 02140 /* inconsistencies */ 02141 /* get process_type of target-process */ 02142 if (rsbac_get_attr(PM, 02143 T_PROCESS, 02144 tid, 02145 A_pm_process_type, 02146 &i_attr_val1, 02147 FALSE)) 02148 { 02149 printk(KERN_WARNING 02150 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02151 return(NOT_GRANTED); 02152 } 02153 /* we only care for TPs here */ 02154 if(i_attr_val1.pm_process_type != PP_TP) 02155 return(DO_NOT_CARE); 02156 02157 /* test owner's pm_role */ 02158 i_tid.user = owner; 02159 if (rsbac_get_attr(PM, 02160 T_USER, 02161 i_tid, 02162 A_pm_role, 02163 &i_attr_val1, 02164 TRUE)) 02165 { 02166 printk(KERN_WARNING "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02167 return(NOT_GRANTED); 02168 } 02169 /* only tp_managers are allowed to do this */ 02170 if (i_attr_val1.pm_role != PR_tp_manager) 02171 return(NOT_GRANTED); 02172 /* That's it */ 02173 return(GRANTED); 02174 02175 /* all other cases are undefined */ 02176 default: 02177 return(DO_NOT_CARE); 02178 } 02179 02180 /* case R_SHUTDOWN: see R_REMOVE_FROM_KERNEL */ 02181 02182 case R_SWITCH_LOG: 02183 switch(target) 02184 { 02185 case T_NONE: 02186 /* test owner's pm_role */ 02187 i_tid.user = owner; 02188 if (rsbac_get_attr(PM, 02189 T_USER, 02190 i_tid, 02191 A_pm_role, 02192 &i_attr_val1, 02193 FALSE)) 02194 { 02195 printk(KERN_WARNING "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02196 return(NOT_GRANTED); 02197 } 02198 /* security officer? -> grant */ 02199 if (i_attr_val1.pm_role == PR_security_officer) 02200 return(GRANTED); 02201 else 02202 return(NOT_GRANTED); 02203 02204 /* all other cases are undefined */ 02205 default: return(DO_NOT_CARE); 02206 } 02207 02208 case R_SWITCH_MODULE: 02209 switch(target) 02210 { 02211 case T_NONE: 02212 /* we need the switch_target */ 02213 if(attr != A_switch_target) 02214 return(UNDEFINED); 02215 /* deny PM to be switched, do not care for others */ 02216 if( (attr_val.switch_target == PM) 02217 #ifdef CONFIG_RSBAC_PM_AUTH_PROT 02218 || (attr_val.switch_target == AUTH) 02219 #endif 02220 #ifdef CONFIG_RSBAC_SOFTMODE 02221 || (attr_val.switch_target == SOFTMODE) 02222 #endif 02223 ) 02224 return(NOT_GRANTED); 02225 else 02226 return(DO_NOT_CARE); 02227 02228 /* all other cases are undefined */ 02229 default: return(DO_NOT_CARE); 02230 } 02231 02232 /* notify only, handled by adf-dispatcher */ 02233 case R_TERMINATE: 02234 if (target == T_PROCESS) 02235 { /* Remove input and output purpose set of process */ 02236 i_pm_set_id.in_pp_set = tid.process; 02237 rsbac_pm_remove_set(PS_IN_PP, i_pm_set_id); 02238 i_pm_set_id.out_pp_set = tid.process; 02239 rsbac_pm_remove_set(PS_OUT_PP, i_pm_set_id); 02240 return(GRANTED); 02241 } 02242 else 02243 return(DO_NOT_CARE); 02244 02245 case R_TRACE: 02246 switch(target) 02247 { 02248 case T_PROCESS: 02249 /* get process_type of calling process */ 02250 i_tid.process = caller_pid; 02251 if (rsbac_get_attr(PM, 02252 T_PROCESS, 02253 i_tid, 02254 A_pm_process_type, 02255 &i_attr_val1, 02256 FALSE)) 02257 { 02258 printk(KERN_WARNING 02259 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02260 return(NOT_GRANTED); 02261 } 02262 /* do not grant for TPs */ 02263 if(i_attr_val1.pm_process_type == PP_TP) 02264 return(NOT_GRANTED); 02265 02266 /* get process_type of target-process */ 02267 if (rsbac_get_attr(PM, 02268 T_PROCESS, 02269 tid, 02270 A_pm_process_type, 02271 &i_attr_val1, 02272 FALSE)) 02273 { 02274 printk(KERN_WARNING 02275 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02276 return(NOT_GRANTED); 02277 } 02278 /* do not grant for TPs */ 02279 if(i_attr_val1.pm_process_type == PP_TP) 02280 return(NOT_GRANTED); 02281 02282 /* neither P1 nor P2 is TP -> grant */ 02283 return(GRANTED); 02284 02285 /* all other cases are undefined */ 02286 default: 02287 return(DO_NOT_CARE); 02288 } 02289 02290 case R_TRUNCATE: 02291 switch(target) 02292 { 02293 case T_FILE: 02294 /* get pm_object_type of target */ 02295 if (rsbac_get_attr(PM, 02296 T_FILE, 02297 tid, 02298 A_pm_object_type, 02299 &i_attr_val1, 02300 FALSE)) 02301 { 02302 printk(KERN_WARNING 02303 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02304 return(NOT_GRANTED); 02305 } 02306 /* no append_open on TPs */ 02307 if(i_attr_val1.pm_object_type == PO_TP) 02308 return(NOT_GRANTED); 02309 /* TPs must not write on other than personal_data */ 02310 if(i_attr_val1.pm_object_type != PO_personal_data) 02311 return(tp_check(caller_pid)); 02312 02313 /* check necessary && (purpose_bind || consent) */ 02314 return(na_and_pp_or_cs(caller_pid, 02315 tid.file, 02316 RSBAC_PM_A_WRITE)); 02317 break; 02318 02319 /* all other cases are undefined */ 02320 default: return(DO_NOT_CARE); 02321 } 02322 02323 case R_UMOUNT: 02324 switch(target) 02325 { 02326 case T_FILE: 02327 case T_DIR: 02328 case T_DEV: 02329 /* Administrator? */ 02330 i_tid.user = owner; 02331 if (rsbac_get_attr(PM, 02332 T_USER, 02333 i_tid, 02334 A_pm_role, 02335 &i_attr_val1, 02336 TRUE)) 02337 { 02338 printk(KERN_WARNING 02339 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02340 return(NOT_GRANTED); 02341 } 02342 /* if administrator, then grant */ 02343 if (i_attr_val1.pm_role == PR_system_admin) 02344 return(GRANTED); 02345 else 02346 return(NOT_GRANTED); 02347 02348 /* all other cases are undefined */ 02349 default: return(DO_NOT_CARE); 02350 } 02351 02352 case R_WRITE: 02353 switch(target) 02354 { 02355 #ifdef CONFIG_RSBAC_RW 02356 case T_FILE: 02357 case T_FIFO: 02358 /* get pm_object_type of target */ 02359 if (rsbac_get_attr(PM, 02360 target, 02361 tid, 02362 A_pm_object_type, 02363 &i_attr_val1, 02364 FALSE)) 02365 { 02366 printk(KERN_WARNING 02367 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02368 return(NOT_GRANTED); 02369 } 02370 /* no append_open on TPs */ 02371 if(i_attr_val1.pm_object_type == PO_TP) 02372 return(NOT_GRANTED); 02373 /* TPs must not write on other than personal_data */ 02374 if(i_attr_val1.pm_object_type != PO_personal_data) 02375 return(tp_check(caller_pid)); 02376 02377 /* check necessary && (purpose_bind || consent) */ 02378 return(na_and_pp_or_cs(caller_pid, 02379 tid.file, 02380 RSBAC_PM_A_WRITE)); 02381 break; 02382 02383 case T_DEV: 02384 /* get pm_object_type of target */ 02385 if (rsbac_get_attr(PM, 02386 T_DEV, 02387 tid, 02388 A_pm_object_type, 02389 &i_attr_val1, 02390 FALSE)) 02391 { 02392 printk(KERN_WARNING 02393 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02394 return(NOT_GRANTED); 02395 } 02396 /* check write_open only on devs containing personal_data or TPs*/ 02397 if( (i_attr_val1.pm_object_type != PO_personal_data) 02398 && (i_attr_val1.pm_object_type != PO_TP) ) 02399 return(DO_NOT_CARE); 02400 /* check necessary && purpose_bind */ 02401 return(na_dev(caller_pid, 02402 RSBAC_PM_A_WRITE, 02403 tid.dev)); 02404 02405 #ifdef CONFIG_RSBAC_RW_SOCK 02406 case T_IPC: 02407 /* get IPC-purpose */ 02408 i_pm_pp = get_ipc_purpose(tid.ipc); 02409 /* if IPC-pp is NIL -> process type must be NIL */ 02410 if(!i_pm_pp) 02411 { 02412 /* get process-type of caller-process */ 02413 i_tid.process = caller_pid; 02414 if (rsbac_get_attr(PM, 02415 T_PROCESS, 02416 i_tid, 02417 A_pm_process_type, 02418 &i_attr_val1, 02419 FALSE)) 02420 { 02421 printk(KERN_WARNING 02422 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02423 return(NOT_GRANTED); 02424 } 02425 if(i_attr_val1.pm_process_type == PP_TP) 02426 return(NOT_GRANTED); 02427 else 02428 return(GRANTED); 02429 } 02430 /* OK, we do have an IPC-purpose */ 02431 /* get current_task of caller-process */ 02432 i_tid.process = caller_pid; 02433 if (rsbac_get_attr(PM, 02434 T_PROCESS, 02435 i_tid, 02436 A_pm_current_task, 02437 &i_attr_val1, 02438 FALSE)) 02439 { 02440 printk(KERN_WARNING 02441 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02442 return(NOT_GRANTED); 02443 } 02444 /* if current_task = NIL -> do not grant */ 02445 if(!i_attr_val1.pm_current_task) 02446 { 02447 return(NOT_GRANTED); 02448 } 02449 /* check necessary && purpose_bind */ 02450 return(na_and_pp_ipc(i_attr_val1.pm_current_task, 02451 caller_pid, 02452 RSBAC_PM_A_WRITE, 02453 tid.ipc)); 02454 break; 02455 #endif 02456 #endif 02457 02458 /* all other cases are undefined */ 02459 default: return(DO_NOT_CARE); 02460 } 02461 02462 case R_WRITE_OPEN: 02463 switch(target) 02464 { 02465 case T_FILE: 02466 case T_FIFO: 02467 /* get pm_object_type of target */ 02468 if (rsbac_get_attr(PM, 02469 target, 02470 tid, 02471 A_pm_object_type, 02472 &i_attr_val1, 02473 FALSE)) 02474 { 02475 printk(KERN_WARNING 02476 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02477 return(NOT_GRANTED); 02478 } 02479 /* no append_open on TPs */ 02480 if(i_attr_val1.pm_object_type == PO_TP) 02481 return(NOT_GRANTED); 02482 /* TPs must not write on other than personal_data */ 02483 if(i_attr_val1.pm_object_type != PO_personal_data) 02484 return(tp_check(caller_pid)); 02485 02486 /* check necessary && (purpose_bind || consent) */ 02487 return(na_and_pp_or_cs(caller_pid, 02488 tid.file, 02489 RSBAC_PM_A_WRITE)); 02490 break; 02491 02492 case T_DEV: 02493 /* get pm_object_type of target */ 02494 if (rsbac_get_attr(PM, 02495 T_DEV, 02496 tid, 02497 A_pm_object_type, 02498 &i_attr_val1, 02499 FALSE)) 02500 { 02501 printk(KERN_WARNING 02502 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02503 return(NOT_GRANTED); 02504 } 02505 /* check write_open only on devs containing personal_data or TPs*/ 02506 if( (i_attr_val1.pm_object_type != PO_personal_data) 02507 && (i_attr_val1.pm_object_type != PO_TP) ) 02508 return(DO_NOT_CARE); 02509 /* check necessary && purpose_bind */ 02510 return(na_dev(caller_pid, 02511 RSBAC_PM_A_WRITE, 02512 tid.dev)); 02513 02514 case T_IPC: 02515 /* get IPC-purpose */ 02516 i_pm_pp = get_ipc_purpose(tid.ipc); 02517 /* if IPC-pp is NIL -> process type must be NIL */ 02518 if(!i_pm_pp) 02519 { 02520 /* get process-type of caller-process */ 02521 i_tid.process = caller_pid; 02522 if (rsbac_get_attr(PM, 02523 T_PROCESS, 02524 i_tid, 02525 A_pm_process_type, 02526 &i_attr_val1, 02527 FALSE)) 02528 { 02529 printk(KERN_WARNING 02530 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02531 return(NOT_GRANTED); 02532 } 02533 if(i_attr_val1.pm_process_type == PP_TP) 02534 return(NOT_GRANTED); 02535 else 02536 return(GRANTED); 02537 } 02538 /* OK, we do have an IPC-purpose */ 02539 /* get current_task of caller-process */ 02540 i_tid.process = caller_pid; 02541 if (rsbac_get_attr(PM, 02542 T_PROCESS, 02543 i_tid, 02544 A_pm_current_task, 02545 &i_attr_val1, 02546 FALSE)) 02547 { 02548 printk(KERN_WARNING 02549 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02550 return(NOT_GRANTED); 02551 } 02552 /* if current_task = NIL -> do not grant */ 02553 if(!i_attr_val1.pm_current_task) 02554 { 02555 return(NOT_GRANTED); 02556 } 02557 /* check necessary && purpose_bind */ 02558 return(na_and_pp_ipc(i_attr_val1.pm_current_task, 02559 caller_pid, 02560 RSBAC_PM_A_WRITE, 02561 tid.ipc)); 02562 break; 02563 02564 /* all other cases are undefined */ 02565 default: return(DO_NOT_CARE); 02566 } 02567 02568 02569 /*********************/ 02570 default: return DO_NOT_CARE; 02571 } 02572 02573 return(result); 02574 }; /* end of rsbac_adf_request_pm() */ 02575 02576 02577 /*****************************************************************************/ 02578 /* If the request returned granted and the operation is performed, */ 02579 /* the following function can be called by the AEF to get all aci set */ 02580 /* correctly. For write accesses that are performed fully within the kernel, */ 02581 /* this is usually not done to prevent extra calls, including R_CLOSE for */ 02582 /* cleaning up. */ 02583 /* The second instance of target specification is the new target, if one has */ 02584 /* been created, otherwise its values are ignored. */ 02585 /* On success, 0 is returned, and an error from rsbac/error.h otherwise. */ 02586 02587 int rsbac_adf_set_attr_pm( 02588 enum rsbac_adf_request_t request, 02589 rsbac_pid_t caller_pid, 02590 enum rsbac_target_t target, 02591 union rsbac_target_id_t tid, 02592 enum rsbac_target_t new_target, 02593 union rsbac_target_id_t new_tid, 02594 enum rsbac_attribute_t attr, 02595 union rsbac_attribute_value_t attr_val, 02596 rsbac_uid_t owner) 02597 { 02598 union rsbac_target_id_t i_tid; 02599 union rsbac_attribute_value_t i_attr_val1; 02600 union rsbac_attribute_value_t i_attr_val2; 02601 union rsbac_attribute_value_t i_attr_val3; 02602 union rsbac_attribute_value_t i_attr_val4; 02603 union rsbac_pm_target_id_t i_pm_tid; 02604 union rsbac_pm_data_value_t i_data_val1; 02605 int error; 02606 02607 switch (request) 02608 { 02609 case R_APPEND_OPEN: 02610 switch(target) 02611 { 02612 case T_FILE: 02613 case T_FIFO: 02614 return(adjust_in_out_pp(caller_pid, 02615 target, 02616 tid.file, 02617 RSBAC_PM_A_APPEND)); 02618 case T_IPC: 02619 return(adjust_in_out_pp_ipc(caller_pid, 02620 tid.ipc, 02621 RSBAC_PM_A_APPEND)); 02622 case T_DEV: 02623 return(0); 02624 default: 02625 return(0); 02626 } 02627 #ifdef CONFIG_RSBAC_RW 02628 case R_READ: 02629 switch(target) 02630 { 02631 case T_FILE: 02632 case T_FIFO: 02633 return(adjust_in_out_pp(caller_pid, 02634 target, 02635 tid.file, 02636 RSBAC_PM_A_READ)); 02637 #ifdef CONFIG_RSBAC_RW_SOCK 02638 case T_IPC: 02639 return(adjust_in_out_pp_ipc(caller_pid, 02640 tid.ipc, 02641 RSBAC_PM_A_READ)); 02642 #endif 02643 default: 02644 return(0); 02645 } 02646 #endif 02647 case R_READ_OPEN: 02648 switch(target) 02649 { 02650 case T_FILE: 02651 case T_FIFO: 02652 return(adjust_in_out_pp(caller_pid, 02653 target, 02654 tid.file, 02655 RSBAC_PM_A_READ)); 02656 case T_IPC: 02657 return(adjust_in_out_pp_ipc(caller_pid, 02658 tid.ipc, 02659 RSBAC_PM_A_READ)); 02660 case T_DIR: 02661 case T_DEV: 02662 return(0); 02663 default: 02664 return(0); 02665 } 02666 case R_READ_WRITE_OPEN: 02667 switch(target) 02668 { 02669 case T_FILE: 02670 case T_FIFO: 02671 return(adjust_in_out_pp(caller_pid, 02672 target, 02673 tid.file, 02674 RSBAC_PM_A_READ | RSBAC_PM_A_WRITE)); 02675 case T_IPC: 02676 return(adjust_in_out_pp_ipc(caller_pid, 02677 tid.ipc, 02678 RSBAC_PM_A_READ | RSBAC_PM_A_WRITE)); 02679 case T_DEV: 02680 return(0); 02681 default: 02682 return(0); 02683 } 02684 02685 #ifdef CONFIG_RSBAC_RW 02686 case R_WRITE: 02687 switch(target) 02688 { 02689 case T_FILE: 02690 case T_FIFO: 02691 return(adjust_in_out_pp(caller_pid, 02692 target, 02693 tid.file, 02694 RSBAC_PM_A_WRITE)); 02695 #ifdef CONFIG_RSBAC_RW_SOCK 02696 case T_IPC: 02697 return(adjust_in_out_pp_ipc(caller_pid, 02698 tid.ipc, 02699 RSBAC_PM_A_WRITE)); 02700 #endif 02701 default: 02702 return(0); 02703 } 02704 #endif 02705 02706 case R_WRITE_OPEN: 02707 switch(target) 02708 { 02709 case T_FILE: 02710 case T_FIFO: 02711 return(adjust_in_out_pp(caller_pid, 02712 target, 02713 tid.file, 02714 RSBAC_PM_A_WRITE)); 02715 case T_DEV: 02716 return(0); 02717 02718 case T_IPC: 02719 return(adjust_in_out_pp_ipc(caller_pid, 02720 tid.ipc, 02721 RSBAC_PM_A_WRITE)); 02722 default: 02723 return(0); 02724 } 02725 02726 case R_CLONE: 02727 if (target == T_PROCESS) 02728 { 02729 /* Get owner from first process (provided on call) */ 02730 i_attr_val1.owner = owner; 02731 /* Get pm_tp from first process */ 02732 if (rsbac_get_attr(PM, 02733 T_PROCESS, 02734 tid, 02735 A_pm_tp, 02736 &i_attr_val2, 02737 FALSE)) 02738 { 02739 printk(KERN_WARNING 02740 "rsbac_adf_set_attr_pm(): rsbac_get_attr() returned error!\n"); 02741 return(-RSBAC_EREADFAILED); 02742 } 02743 /* Get pm_current_task from first process... */ 02744 if (rsbac_get_attr(PM, 02745 T_PROCESS, 02746 tid, 02747 A_pm_current_task, 02748 &i_attr_val3, 02749 FALSE)) 02750 { 02751 printk(KERN_WARNING 02752 "rsbac_adf_set_attr_pm(): rsbac_get_attr() returned error!\n"); 02753 return(-RSBAC_EREADFAILED); 02754 } 02755 /* Get pm_process_type from first process */ 02756 if (rsbac_get_attr(PM, 02757 T_PROCESS, 02758 tid, 02759 A_pm_process_type, 02760 &i_attr_val4, 02761 FALSE)) 02762 { 02763 printk(KERN_WARNING 02764 "rsbac_adf_set_attr_pm(): rsbac_get_attr() returned error!\n"); 02765 return(-RSBAC_EREADFAILED); 02766 } 02767 /* Set pm_tp for new process */ 02768 if (rsbac_set_attr(PM, 02769 T_PROCESS, 02770 new_tid, 02771 A_pm_tp, 02772 i_attr_val2)) 02773 { 02774 printk(KERN_WARNING "rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n"); 02775 return(-RSBAC_EWRITEFAILED); 02776 } 02777 /* Set pm_current_task for new process */ 02778 if (rsbac_set_attr(PM, 02779 T_PROCESS, 02780 new_tid, 02781 A_pm_current_task, 02782 i_attr_val3)) 02783 { 02784 printk(KERN_WARNING "rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n"); 02785 return(-RSBAC_EWRITEFAILED); 02786 } 02787 /* Set pm_process_type for new process */ 02788 if (rsbac_set_attr(PM, 02789 T_PROCESS, 02790 new_tid, 02791 A_pm_process_type, 02792 i_attr_val4)) 02793 { 02794 printk(KERN_WARNING "rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n"); 02795 return(-RSBAC_EWRITEFAILED); 02796 } 02797 return(0); 02798 } 02799 else 02800 return(0); 02801 02802 case R_CREATE: 02803 switch(target) 02804 { 02805 /* Creating dir or (pseudo) file IN target dir! */ 02806 case T_DIR: 02807 /* Mode of created item is ignored! */ 02808 02809 /* Is calling process a TP? */ 02810 /* get process_type of caller-process */ 02811 i_tid.process = caller_pid; 02812 if (rsbac_get_attr(PM, 02813 T_PROCESS, 02814 i_tid, 02815 A_pm_process_type, 02816 &i_attr_val1, 02817 FALSE)) 02818 { 02819 printk(KERN_WARNING 02820 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02821 return(NOT_GRANTED); 02822 } 02823 /* if TP: Set pm_object_class to purpose default class for new item */ 02824 if(i_attr_val1.pm_process_type == PP_TP) 02825 { 02826 /* get current_task of caller-process */ 02827 i_tid.process = caller_pid; 02828 if (rsbac_get_attr(PM, 02829 T_PROCESS, 02830 i_tid, 02831 A_pm_current_task, 02832 &i_attr_val1, 02833 FALSE)) 02834 { 02835 printk(KERN_WARNING 02836 "rsbac_adf_set_attr_pm(): rsbac_get_attr() returned error!\n"); 02837 return(RSBAC_EREADFAILED); 02838 } 02839 if(!i_attr_val1.pm_current_task) 02840 { 02841 #ifdef CONFIG_RSBAC_DEBUG 02842 if(rsbac_debug_adf_pm) 02843 printk(KERN_DEBUG 02844 "rsbac_adf_set_attr_pm(): no current_task for calling process trying to access personal_data\n"); 02845 #endif 02846 return(RSBAC_EREADFAILED); 02847 } 02848 /* get purpose of current_task */ 02849 i_pm_tid.task = i_attr_val1.pm_current_task; 02850 if ((error = rsbac_pm_get_data(PMT_TASK, 02851 i_pm_tid, 02852 PD_purpose, 02853 &i_data_val1))) 02854 { 02855 if(error != -RSBAC_EINVALIDTARGET) 02856 printk(KERN_WARNING 02857 "rsbac_adf_set_attr_pm(): rsbac_pm_get_data() returned error %i!\n", 02858 error); 02859 return(error); 02860 } 02861 /* if there is no purpose, return error */ 02862 if(!i_data_val1.purpose) 02863 { 02864 #ifdef CONFIG_RSBAC_DEBUG 02865 if(rsbac_debug_adf_pm) 02866 printk(KERN_DEBUG 02867 "rsbac_adf_set_attr_pm(): no purpose for current_task of process trying to execute TP\n"); 02868 #endif 02869 return(RSBAC_EREADFAILED); 02870 } 02871 /* get def_class of purpose of current_task */ 02872 i_pm_tid.pp = i_data_val1.purpose; 02873 if ((error = rsbac_pm_get_data(PMT_PP, 02874 i_pm_tid, 02875 PD_def_class, 02876 &i_data_val1))) 02877 { 02878 if(error != -RSBAC_EINVALIDTARGET) 02879 printk(KERN_WARNING 02880 "rsbac_adf_set_attr_pm(): rsbac_pm_get_data() returned error %i!\n", 02881 error); 02882 return(error); 02883 } 02884 i_attr_val1.pm_object_class = i_data_val1.def_class; 02885 } 02886 else /* calling process is no TP */ 02887 /* set class to NIL */ 02888 i_attr_val1.pm_object_class = 0; 02889 02890 if (rsbac_get_attr(PM, 02891 new_target, 02892 new_tid, 02893 A_pm_object_class, 02894 &i_attr_val2, 02895 FALSE)) 02896 { 02897 printk(KERN_WARNING 02898 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02899 return(-RSBAC_EREADFAILED); 02900 } 02901 if(i_attr_val1.pm_object_class != i_attr_val2.pm_object_class) 02902 { 02903 if (rsbac_set_attr(PM, 02904 new_target, 02905 new_tid, 02906 A_pm_object_class, 02907 i_attr_val1)) 02908 { 02909 printk(KERN_WARNING "rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n"); 02910 return(-RSBAC_EWRITEFAILED); 02911 } 02912 } 02913 /* Set pm_tp for new item */ 02914 i_attr_val1.pm_tp = 0; 02915 if (rsbac_get_attr(PM, 02916 new_target, 02917 new_tid, 02918 A_pm_tp, 02919 &i_attr_val2, 02920 FALSE)) 02921 { 02922 printk(KERN_WARNING 02923 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02924 return(-RSBAC_EREADFAILED); 02925 } 02926 if(i_attr_val1.pm_tp != i_attr_val2.pm_tp) 02927 { 02928 if (rsbac_set_attr(PM, 02929 new_target, 02930 new_tid, 02931 A_pm_tp, 02932 i_attr_val1)) 02933 { 02934 printk(KERN_WARNING "rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n"); 02935 return(-RSBAC_EWRITEFAILED); 02936 } 02937 } 02938 02939 /* get process_type of caller-process */ 02940 i_tid.process = caller_pid; 02941 if (rsbac_get_attr(PM, 02942 T_PROCESS, 02943 i_tid, 02944 A_pm_process_type, 02945 &i_attr_val1, 02946 FALSE)) 02947 { 02948 printk(KERN_WARNING 02949 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02950 return(-RSBAC_EREADFAILED); 02951 } 02952 /* Set pm_object_type for new item */ 02953 if(new_target == T_DIR) 02954 i_attr_val1.pm_object_type = PO_dir; 02955 else 02956 /* files: if process is TP, set to personal_data */ 02957 /* to prevent unrestricted access */ 02958 if(i_attr_val1.pm_process_type == PP_TP) 02959 i_attr_val1.pm_object_type = PO_personal_data; 02960 else 02961 i_attr_val1.pm_object_type = PO_none; 02962 if (rsbac_get_attr(PM, 02963 new_target, 02964 new_tid, 02965 A_pm_object_type, 02966 &i_attr_val2, 02967 FALSE)) 02968 { 02969 printk(KERN_WARNING 02970 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 02971 return(-RSBAC_EREADFAILED); 02972 } 02973 if(i_attr_val1.pm_object_type != i_attr_val2.pm_object_type) 02974 { 02975 if (rsbac_set_attr(PM, 02976 new_target, 02977 new_tid, 02978 A_pm_object_type, 02979 i_attr_val1)) 02980 { 02981 printk(KERN_WARNING "rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n"); 02982 return(-RSBAC_EWRITEFAILED); 02983 } 02984 } 02985 return(0); 02986 break; 02987 02988 case T_IPC: 02989 /* Set pm_ipc_purpose for new item */ 02990 /* get current_task of caller-process */ 02991 i_tid.process = caller_pid; 02992 if (rsbac_get_attr(PM, 02993 T_PROCESS, 02994 i_tid, 02995 A_pm_current_task, 02996 &i_attr_val1, 02997 FALSE)) 02998 { 02999 printk(KERN_WARNING 03000 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 03001 return(-RSBAC_EREADFAILED); 03002 } 03003 /* if current_task = NIL, ipc_purpose must be NIL */ 03004 if(!i_attr_val1.pm_current_task) 03005 i_attr_val1.pm_ipc_purpose = 0; 03006 else 03007 { 03008 /* get purpose of current_task */ 03009 i_pm_tid.task = i_attr_val1.pm_current_task; 03010 if ((error = rsbac_pm_get_data(PMT_TASK, 03011 i_pm_tid, 03012 PD_purpose, 03013 &i_data_val1))) 03014 { 03015 if(error == -RSBAC_EINVALIDTARGET) 03016 printk(KERN_WARNING 03017 "rsbac_adf_request_pm(): pm_current_task of calling process is invalid!\n"); 03018 else 03019 printk(KERN_WARNING 03020 "rsbac_adf_request_pm(): rsbac_pm_get_data() returned error %i!\n", 03021 error); 03022 return(-RSBAC_EREADFAILED); 03023 } 03024 i_attr_val1.pm_ipc_purpose = i_data_val1.purpose; 03025 } 03026 if (rsbac_get_attr(PM, 03027 target, 03028 tid, 03029 A_pm_ipc_purpose, 03030 &i_attr_val2, 03031 FALSE)) 03032 { 03033 printk(KERN_WARNING 03034 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 03035 return(-RSBAC_EREADFAILED); 03036 } 03037 if(i_attr_val1.pm_ipc_purpose != i_attr_val2.pm_ipc_purpose) 03038 { 03039 if (rsbac_set_attr(PM, 03040 target, 03041 tid, 03042 A_pm_ipc_purpose, 03043 i_attr_val1)) 03044 { 03045 printk(KERN_WARNING "rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n"); 03046 return(-RSBAC_EWRITEFAILED); 03047 } 03048 } 03049 return(0); 03050 break; 03051 03052 /* all other cases are undefined */ 03053 default: 03054 return(0); 03055 } 03056 03057 case R_EXECUTE: 03058 switch(target) 03059 { 03060 case T_FILE: 03061 /* get pm_object_type of target */ 03062 if (rsbac_get_attr(PM, 03063 T_FILE, 03064 tid, 03065 A_pm_object_type, 03066 &i_attr_val1, 03067 FALSE)) 03068 { 03069 printk(KERN_WARNING 03070 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 03071 return(-RSBAC_EREADFAILED); 03072 } 03073 /* if not TP: do nothing */ 03074 if(i_attr_val1.pm_object_type != PO_TP) 03075 return(0); 03076 03077 /* get pm_tp of target */ 03078 if (rsbac_get_attr(PM, 03079 T_FILE, 03080 tid, 03081 A_pm_tp, 03082 &i_attr_val1, 03083 FALSE)) 03084 { 03085 printk(KERN_WARNING 03086 "rsbac_adf_request_pm(): rsbac_get_attr() returned error!\n"); 03087 return(-RSBAC_EREADFAILED); 03088 } 03089 /* if no tp: error! */ 03090 if(!i_attr_val1.pm_tp) 03091 { 03092 printk(KERN_WARNING 03093 "rsbac_adf_request_pm(): file with object_type TP has no tp_id!\n"); 03094 return(-RSBAC_EINVALIDVALUE); 03095 } 03096 /* Set pm_tp for this process */ 03097 i_tid.process = caller_pid; 03098 if (rsbac_set_attr(PM, 03099 T_PROCESS, 03100 i_tid, 03101 A_pm_tp, 03102 i_attr_val1)) 03103 { 03104 printk(KERN_WARNING "rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n"); 03105 return(-RSBAC_EWRITEFAILED); 03106 } 03107 /* Set pm_process_type for this process */ 03108 i_attr_val1.pm_process_type = PP_TP; 03109 if (rsbac_set_attr(PM, 03110 T_PROCESS, 03111 i_tid, 03112 A_pm_process_type, 03113 i_attr_val1)) 03114 { 03115 printk(KERN_WARNING "rsbac_adf_set_attr_pm(): rsbac_set_attr() returned error!\n"); 03116 return(-RSBAC_EWRITEFAILED); 03117 } 03118 return(0); 03119 03120 /* all other cases are undefined */ 03121 default: 03122 return(0); 03123 } 03124 03125 /*********************/ 03126 03127 default: return(0); 03128 } 03129 03130 return(0); 03131 }; /* end of rsbac_adf_set_attr_pm() */ 03132 03133 /******************************************/ 03134 #ifdef CONFIG_RSBAC_SECDEL 03135 boolean rsbac_need_overwrite_pm(struct dentry * dentry_p) 03136 { 03137 union rsbac_target_id_t i_tid; 03138 union rsbac_attribute_value_t i_attr_val1; 03139 03140 if( !dentry_p 03141 || !dentry_p->d_inode) 03142 return FALSE; 03143 03144 i_tid.file.device = dentry_p->d_sb->s_dev; 03145 i_tid.file.inode = dentry_p->d_inode->i_ino; 03146 i_tid.file.dentry_p = dentry_p; 03147 /* get target's file flags */ 03148 if (rsbac_get_attr(PM, 03149 T_FILE, 03150 i_tid, 03151 A_pm_object_type, 03152 &i_attr_val1, 03153 TRUE)) 03154 { 03155 printk(KERN_WARNING "rsbac_need_overwrite_pm(): rsbac_get_attr() returned error!\n"); 03156 return FALSE; 03157 } 03158 03159 /* overwrite, if personal data */ 03160 if (i_attr_val1.pm_object_type == PO_personal_data) 03161 return TRUE; 03162 else 03163 return FALSE; 03164 } 03165 #endif 03166 03167 /* end of rsbac/adf/pm/main.c */

Generated on Tue Aug 31 10:05:23 2004 for RSBAC by doxygen 1.3.8