/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/adf/ff/ff_main.c

Go to the documentation of this file.
00001 /*************************************************** */ 00002 /* Rule Set Based Access Control */ 00003 /* Implementation of the Access Control Decision */ 00004 /* Facility (ADF) - File Flags */ 00005 /* File: rsbac/adf/ff/main.c */ 00006 /* */ 00007 /* Author and (c) 1999-2004: Amon Ott <ao@rsbac.org> */ 00008 /* */ 00009 /* Last modified: 05/Mar/2004 */ 00010 /*************************************************** */ 00011 00012 #include <linux/types.h> 00013 #include <linux/string.h> 00014 #include <linux/fs.h> 00015 #include <rsbac/aci.h> 00016 #include <rsbac/adf_main.h> 00017 #include <rsbac/error.h> 00018 #include <rsbac/helpers.h> 00019 #include <rsbac/getname.h> 00020 00021 #include <asm/uaccess.h> 00022 00023 /************************************************* */ 00024 /* Global Variables */ 00025 /************************************************* */ 00026 00027 /************************************************* */ 00028 /* Internal Help functions */ 00029 /************************************************* */ 00030 00031 00032 enum rsbac_adf_req_ret_t 00033 check_flags_ff(enum rsbac_target_t target, 00034 union rsbac_target_id_t tid, 00035 rsbac_ff_flags_t flags) 00036 { 00037 union rsbac_attribute_value_t i_attr_val1; 00038 00039 /* get target's file flags */ 00040 if (rsbac_get_attr(FF, target, 00041 tid, 00042 A_ff_flags, 00043 &i_attr_val1, 00044 TRUE)) 00045 { 00046 printk(KERN_WARNING "check_flags_ff(): rsbac_get_attr() returned error!\n"); 00047 return(NOT_GRANTED); 00048 } 00049 00050 /* Access is granted, if none of the flags in argument flags is set */ 00051 if (i_attr_val1.ff_flags & flags) 00052 return(NOT_GRANTED); 00053 else 00054 return(GRANTED); 00055 } 00056 00057 /************************************************* */ 00058 /* Externally visible functions */ 00059 /************************************************* */ 00060 00061 enum rsbac_adf_req_ret_t 00062 rsbac_adf_request_ff (enum rsbac_adf_request_t request, 00063 rsbac_pid_t caller_pid, 00064 enum rsbac_target_t target, 00065 union rsbac_target_id_t tid, 00066 enum rsbac_attribute_t attr, 00067 union rsbac_attribute_value_t attr_val, 00068 rsbac_uid_t owner) 00069 { 00070 enum rsbac_adf_req_ret_t result = DO_NOT_CARE; 00071 union rsbac_target_id_t i_tid; 00072 union rsbac_attribute_value_t i_attr_val1; 00073 int err=0; 00074 00075 switch (request) 00076 { 00077 case R_APPEND_OPEN: 00078 switch(target) 00079 { 00080 case T_FILE: 00081 case T_FIFO: 00082 return(check_flags_ff(target,tid, 00083 FF_read_only | FF_execute_only)); 00084 00085 /* all other cases are undefined */ 00086 default: return(DO_NOT_CARE); 00087 } 00088 00089 case R_CHANGE_GROUP: 00090 case R_MODIFY_ACCESS_DATA: 00091 case R_MODIFY_PERMISSIONS_DATA: 00092 switch(target) 00093 { 00094 case T_FILE: 00095 case T_FIFO: 00096 case T_SYMLINK: 00097 return(check_flags_ff(target,tid, 00098 FF_read_only | FF_execute_only | FF_append_only)); 00099 case T_DIR: 00100 return(check_flags_ff(target,tid, 00101 FF_read_only | FF_search_only)); 00102 00103 /* all other cases are undefined */ 00104 default: 00105 return(DO_NOT_CARE); 00106 } 00107 00108 case R_CHANGE_OWNER: 00109 switch(target) 00110 { 00111 case T_FILE: 00112 case T_FIFO: 00113 case T_SYMLINK: 00114 return(check_flags_ff(target,tid, 00115 FF_read_only | FF_execute_only | FF_append_only)); 00116 case T_DIR: 00117 return(check_flags_ff(target,tid, 00118 FF_read_only | FF_search_only)); 00119 /* all other cases are undefined */ 00120 default: 00121 return(DO_NOT_CARE); 00122 } 00123 00124 case R_CHDIR: 00125 switch(target) 00126 { 00127 case T_DIR: 00128 return(check_flags_ff(target,tid, 00129 FF_search_only)); 00130 00131 /* all other cases are undefined */ 00132 default: return(DO_NOT_CARE); 00133 } 00134 00135 /* Creating dir or (pseudo) file IN target dir! */ 00136 case R_CREATE: 00137 switch(target) 00138 { 00139 case T_DIR: 00140 return(check_flags_ff(target,tid, 00141 FF_read_only | FF_search_only)); 00142 00143 /* all other cases are undefined */ 00144 default: return(DO_NOT_CARE); 00145 } 00146 00147 case R_DELETE: 00148 case R_RENAME: 00149 switch(target) 00150 { 00151 case T_FILE: 00152 case T_FIFO: 00153 case T_SYMLINK: 00154 return(check_flags_ff(target,tid, 00155 FF_read_only | FF_execute_only | FF_no_delete_or_rename 00156 | FF_append_only)); 00157 case T_DIR: 00158 return(check_flags_ff(target,tid, 00159 FF_read_only | FF_search_only | FF_no_delete_or_rename)); 00160 00161 /* all other cases are undefined */ 00162 default: return(DO_NOT_CARE); 00163 } 00164 00165 case R_EXECUTE: 00166 switch(target) 00167 { 00168 case T_FILE: 00169 return(check_flags_ff(target,tid, 00170 FF_write_only | FF_no_execute | FF_append_only)); 00171 00172 /* all other cases are undefined */ 00173 default: return(DO_NOT_CARE); 00174 } 00175 00176 case R_GET_STATUS_DATA: 00177 switch(target) 00178 { 00179 case T_SCD: 00180 /* target rsbaclog? only for secoff */ 00181 if (tid.scd != ST_rsbaclog) 00182 return(GRANTED); 00183 /* Secoff? */ 00184 i_tid.user = owner; 00185 if ((err=rsbac_get_attr(FF, T_USER, 00186 i_tid, 00187 A_ff_role, 00188 &i_attr_val1, 00189 TRUE))) 00190 { 00191 printk(KERN_WARNING 00192 "rsbac_adf_request_ff(): rsbac_get_attr() returned error %i!\n",err); 00193 return(NOT_GRANTED); 00194 } 00195 /* grant only for secoff */ 00196 if ( (i_attr_val1.system_role == SR_security_officer) 00197 || (i_attr_val1.system_role == SR_auditor) 00198 ) 00199 return(GRANTED); 00200 else 00201 return(NOT_GRANTED); 00202 default: 00203 return(DO_NOT_CARE); 00204 }; 00205 00206 case R_LINK_HARD: 00207 switch(target) 00208 { 00209 case T_FILE: 00210 case T_FIFO: 00211 case T_SYMLINK: 00212 return(check_flags_ff(target,tid, 00213 FF_read_only | FF_execute_only)); 00214 00215 /* all other cases are undefined */ 00216 default: return(DO_NOT_CARE); 00217 } 00218 00219 case R_MODIFY_ATTRIBUTE: 00220 switch(attr) 00221 { 00222 case A_ff_flags: 00223 case A_system_role: 00224 case A_ff_role: 00225 #ifdef CONFIG_RSBAC_FF_AUTH_PROT 00226 case A_auth_may_setuid: 00227 case A_auth_may_set_cap: 00228 case A_auth_start_uid: 00229 case A_auth_program_file: 00230 case A_auth_learn: 00231 case A_auth_add_f_cap: 00232 case A_auth_remove_f_cap: 00233 #endif 00234 #ifdef CONFIG_RSBAC_FF_GEN_PROT 00235 case A_log_array_low: 00236 case A_log_array_high: 00237 case A_log_program_based: 00238 case A_log_user_based: 00239 case A_symlink_add_uid: 00240 case A_symlink_add_rc_role: 00241 case A_linux_dac_disable: 00242 case A_pseudo: 00243 case A_fake_root_uid: 00244 #endif 00245 /* All attributes (remove target!) */ 00246 case A_none: 00247 /* Security Officer? */ 00248 i_tid.user = owner; 00249 if (rsbac_get_attr(FF, T_USER, 00250 i_tid, 00251 A_ff_role, 00252 &i_attr_val1, 00253 TRUE)) 00254 { 00255 printk(KERN_WARNING 00256 "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n"); 00257 return(NOT_GRANTED); 00258 } 00259 /* if sec_officer, then grant */ 00260 if (i_attr_val1.system_role == SR_security_officer) 00261 return(GRANTED); 00262 else 00263 return(NOT_GRANTED); 00264 00265 default: 00266 return(DO_NOT_CARE); 00267 } 00268 00269 case R_MODIFY_SYSTEM_DATA: 00270 switch(target) 00271 { 00272 case T_SCD: 00273 /* target not rsbaclog? no problem -> grant */ 00274 if (tid.scd != ST_rsbaclog) 00275 return(GRANTED); 00276 /* Get role */ 00277 i_tid.user = owner; 00278 if (rsbac_get_attr(FF, T_USER, 00279 i_tid, 00280 A_ff_role, 00281 &i_attr_val1, 00282 TRUE)) 00283 { 00284 printk(KERN_WARNING 00285 "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n"); 00286 return(NOT_GRANTED); 00287 } 00288 /* grant only for secoff */ 00289 if ( (i_attr_val1.system_role == SR_security_officer) 00290 || (i_attr_val1.system_role == SR_auditor) 00291 ) 00292 return(GRANTED); 00293 else 00294 return(NOT_GRANTED); 00295 00296 /* all other cases are undefined */ 00297 default: return(DO_NOT_CARE); 00298 } 00299 00300 case R_MOUNT: 00301 case R_UMOUNT: 00302 switch(target) 00303 { 00304 case T_FILE: 00305 return(check_flags_ff(target,tid, 00306 FF_read_only | FF_execute_only 00307 | FF_write_only | FF_append_only | FF_no_mount)); 00308 case T_DIR: 00309 return(check_flags_ff(target,tid, 00310 FF_read_only | FF_search_only | FF_no_mount)); 00311 00312 /* all other cases are undefined */ 00313 default: return(DO_NOT_CARE); 00314 } 00315 00316 case R_READ: 00317 switch(target) 00318 { 00319 case T_DIR: 00320 return(check_flags_ff(target,tid, 00321 FF_search_only)); 00322 00323 #ifdef CONFIG_RSBAC_RW 00324 case T_FILE: 00325 case T_FIFO: 00326 return(check_flags_ff(target,tid, 00327 FF_execute_only | FF_write_only)); 00328 #endif 00329 00330 /* all other cases are undefined */ 00331 default: return(DO_NOT_CARE); 00332 } 00333 00334 case R_READ_OPEN: 00335 switch(target) 00336 { 00337 case T_FILE: 00338 case T_FIFO: 00339 return(check_flags_ff(target,tid, 00340 FF_execute_only | FF_write_only)); 00341 case T_DIR: 00342 return(check_flags_ff(target,tid, 00343 FF_search_only)); 00344 00345 /* all other cases are undefined */ 00346 default: return(DO_NOT_CARE); 00347 } 00348 00349 case R_READ_WRITE_OPEN: 00350 switch(target) 00351 { 00352 case T_FILE: 00353 case T_FIFO: 00354 return(check_flags_ff(target,tid, 00355 FF_read_only | FF_execute_only 00356 | FF_write_only | FF_append_only)); 00357 00358 /* all other cases are undefined */ 00359 default: return(DO_NOT_CARE); 00360 } 00361 00362 case R_SWITCH_LOG: 00363 switch(target) 00364 { 00365 case T_NONE: 00366 /* test owner's ff_role */ 00367 i_tid.user = owner; 00368 if (rsbac_get_attr(FF, T_USER, 00369 i_tid, 00370 A_ff_role, 00371 &i_attr_val1, 00372 TRUE)) 00373 { 00374 printk(KERN_WARNING "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n"); 00375 return(NOT_GRANTED); 00376 } 00377 /* security officer? -> grant */ 00378 if (i_attr_val1.system_role == SR_security_officer) 00379 return(GRANTED); 00380 else 00381 return(NOT_GRANTED); 00382 00383 /* all other cases are undefined */ 00384 default: return(DO_NOT_CARE); 00385 } 00386 00387 case R_SWITCH_MODULE: 00388 switch(target) 00389 { 00390 case T_NONE: 00391 /* we need the switch_target */ 00392 if(attr != A_switch_target) 00393 return(UNDEFINED); 00394 /* do not care for other modules */ 00395 if( (attr_val.switch_target != FF) 00396 #ifdef CONFIG_RSBAC_SOFTMODE 00397 && (attr_val.switch_target != SOFTMODE) 00398 #endif 00399 ) 00400 return(DO_NOT_CARE); 00401 /* test owner's ff_role */ 00402 i_tid.user = owner; 00403 if (rsbac_get_attr(FF, T_USER, 00404 i_tid, 00405 A_ff_role, 00406 &i_attr_val1, 00407 TRUE)) 00408 { 00409 printk(KERN_WARNING "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n"); 00410 return(NOT_GRANTED); 00411 } 00412 /* security officer? -> grant */ 00413 if (i_attr_val1.system_role == SR_security_officer) 00414 return(GRANTED); 00415 else 00416 return(NOT_GRANTED); 00417 00418 /* all other cases are undefined */ 00419 default: return(DO_NOT_CARE); 00420 } 00421 00422 case R_TRUNCATE: 00423 case R_WRITE_OPEN: 00424 switch(target) 00425 { 00426 case T_FILE: 00427 case T_FIFO: 00428 return(check_flags_ff(target,tid, 00429 FF_read_only | FF_execute_only | FF_append_only)); 00430 00431 /* all other cases are undefined */ 00432 default: return(DO_NOT_CARE); 00433 } 00434 00435 case R_WRITE: 00436 switch(target) 00437 { 00438 case T_DIR: 00439 return(check_flags_ff(target,tid, 00440 FF_read_only | FF_search_only)); 00441 00442 #ifdef CONFIG_RSBAC_RW 00443 case T_FILE: 00444 case T_FIFO: 00445 return(check_flags_ff(target,tid, 00446 FF_read_only | FF_execute_only)); 00447 #endif 00448 00449 /* all other cases are undefined */ 00450 default: return(DO_NOT_CARE); 00451 } 00452 00453 00454 /*********************/ 00455 default: return DO_NOT_CARE; 00456 } 00457 00458 return(result); 00459 }; /* end of rsbac_adf_request_ff() */ 00460 00461 00462 /*****************************************************************************/ 00463 /* If the request returned granted and the operation is performed, */ 00464 /* the following function can be called by the AEF to get all aci set */ 00465 /* correctly. For write accesses that are performed fully within the kernel, */ 00466 /* this is usually not done to prevent extra calls, including R_CLOSE for */ 00467 /* cleaning up. */ 00468 /* The second instance of target specification is the new target, if one has */ 00469 /* been created, otherwise its values are ignored. */ 00470 /* On success, 0 is returned, and an error from rsbac/error.h otherwise. */ 00471 00472 int rsbac_adf_set_attr_ff( 00473 enum rsbac_adf_request_t request, 00474 rsbac_pid_t caller_pid, 00475 enum rsbac_target_t target, 00476 union rsbac_target_id_t tid, 00477 enum rsbac_target_t new_target, 00478 union rsbac_target_id_t new_tid, 00479 enum rsbac_attribute_t attr, 00480 union rsbac_attribute_value_t attr_val, 00481 rsbac_uid_t owner) 00482 { 00483 /* union rsbac_target_id_t i_tid; 00484 union rsbac_attribute_value_t i_attr_val1; 00485 union rsbac_attribute_value_t i_attr_val2; */ 00486 00487 /* 00488 switch (request) 00489 { 00490 default: return(0); 00491 } 00492 */ 00493 return(0); 00494 }; /* end of rsbac_adf_set_attr_ff() */ 00495 00496 /******************************************/ 00497 #ifdef CONFIG_RSBAC_SECDEL 00498 boolean rsbac_need_overwrite_ff(struct dentry * dentry_p) 00499 { 00500 union rsbac_target_id_t i_tid; 00501 union rsbac_attribute_value_t i_attr_val1; 00502 00503 if( !dentry_p 00504 || !dentry_p->d_inode) 00505 return FALSE; 00506 00507 i_tid.file.device = dentry_p->d_sb->s_dev; 00508 i_tid.file.inode = dentry_p->d_inode->i_ino; 00509 i_tid.file.dentry_p = dentry_p; 00510 /* get target's file flags */ 00511 if (rsbac_get_attr(FF, T_FILE, 00512 i_tid, 00513 A_ff_flags, 00514 &i_attr_val1, 00515 TRUE)) 00516 { 00517 printk(KERN_WARNING "rsbac_need_overwrite_ff(): rsbac_get_attr() returned error!\n"); 00518 return FALSE; 00519 } 00520 00521 /* overwrite, if secure_delete is set */ 00522 if (i_attr_val1.ff_flags & FF_secure_delete) 00523 return TRUE; 00524 else 00525 return FALSE; 00526 } 00527 #endif 00528 00529 /* end of rsbac/adf/ff/main.c */

Generated on Tue Aug 31 10:05:23 2004 for RSBAC by doxygen 1.3.8