/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/adf/jail/jail_main.c

Go to the documentation of this file.
00001 /**************************************************** */ 00002 /* Rule Set Based Access Control */ 00003 /* Implementation of the Access Control Decision */ 00004 /* Facility (ADF) - Authorization module */ 00005 /* File: rsbac/adf/jail/jail_main.c */ 00006 /* */ 00007 /* Author and (c) 1999-2004: Amon Ott <ao@rsbac.org> */ 00008 /* */ 00009 /* Last modified: 27/Apr/2004 */ 00010 /**************************************************** */ 00011 00012 #include <linux/string.h> 00013 #include <rsbac/types.h> 00014 #include <rsbac/aci.h> 00015 #include <rsbac/adf_main.h> 00016 #include <rsbac/error.h> 00017 #include <rsbac/helpers.h> 00018 #include <rsbac/getname.h> 00019 #include <rsbac/network.h> 00020 #include <rsbac/debug.h> 00021 00022 /************************************************* */ 00023 /* Global Variables */ 00024 /************************************************* */ 00025 00026 /************************************************* */ 00027 /* Internal Help functions */ 00028 /************************************************* */ 00029 00030 static rsbac_jail_id_t 00031 jail_get_id(enum rsbac_target_t target, 00032 union rsbac_target_id_t tid) 00033 { 00034 int err; 00035 union rsbac_attribute_value_t i_attr_val1; 00036 00037 if ((err=rsbac_get_attr(JAIL, 00038 target, 00039 tid, 00040 A_jail_id, 00041 &i_attr_val1, 00042 TRUE))) 00043 { 00044 rsbac_ds_get_error("jail_get_id()", A_jail_id); 00045 return 0; 00046 } 00047 else 00048 return i_attr_val1.jail_id; 00049 } 00050 00051 static rsbac_jail_id_t 00052 jail_get_id_process(rsbac_pid_t pid) 00053 { 00054 int err; 00055 union rsbac_target_id_t i_tid; 00056 union rsbac_attribute_value_t i_attr_val1; 00057 00058 i_tid.process = pid; 00059 if ((err=rsbac_get_attr(JAIL, 00060 T_PROCESS, 00061 i_tid, 00062 A_jail_id, 00063 &i_attr_val1, 00064 TRUE))) 00065 { 00066 rsbac_ds_get_error("jail_get_id_process()", A_jail_id); 00067 return 0; 00068 } 00069 else 00070 return i_attr_val1.jail_id; 00071 } 00072 00073 #if defined(CONFIG_RSBAC_NET_OBJ) 00074 static rsbac_jail_ip_t 00075 jail_get_ip_process(rsbac_pid_t pid) 00076 { 00077 int err; 00078 union rsbac_target_id_t i_tid; 00079 union rsbac_attribute_value_t i_attr_val1; 00080 00081 i_tid.process = pid; 00082 if ((err=rsbac_get_attr(JAIL, 00083 T_PROCESS, 00084 i_tid, 00085 A_jail_ip, 00086 &i_attr_val1, 00087 TRUE))) 00088 { 00089 rsbac_ds_get_error("jail_get_ip_process()", A_jail_ip); 00090 return 0; 00091 } 00092 else 00093 return i_attr_val1.jail_ip; 00094 } 00095 #endif 00096 00097 static rsbac_jail_flags_t 00098 jail_get_flags_process(rsbac_pid_t pid) 00099 { 00100 int err; 00101 union rsbac_target_id_t i_tid; 00102 union rsbac_attribute_value_t i_attr_val1; 00103 00104 i_tid.process = pid; 00105 if ((err=rsbac_get_attr(JAIL, 00106 T_PROCESS, 00107 i_tid, 00108 A_jail_flags, 00109 &i_attr_val1, 00110 TRUE))) 00111 { 00112 rsbac_ds_get_error("jail_get_flags_process()", A_jail_flags); 00113 return 0; 00114 } 00115 else 00116 return i_attr_val1.jail_flags; 00117 } 00118 00119 static enum rsbac_adf_req_ret_t 00120 jail_check_sysrole(rsbac_uid_t owner, enum rsbac_system_role_t role) 00121 { 00122 union rsbac_target_id_t i_tid; 00123 union rsbac_attribute_value_t i_attr_val1; 00124 00125 i_tid.user = owner; 00126 if (rsbac_get_attr(JAIL, 00127 T_USER, 00128 i_tid, 00129 A_jail_role, 00130 &i_attr_val1, 00131 TRUE)) 00132 { 00133 rsbac_ds_get_error("jail_check_sysrole()", A_jail_role); 00134 return(NOT_GRANTED); 00135 } 00136 /* if correct role, then grant */ 00137 if (i_attr_val1.system_role == role) 00138 return(GRANTED); 00139 else 00140 return(NOT_GRANTED); 00141 } 00142 00143 #if defined(CONFIG_RSBAC_NET_OBJ) 00144 enum rsbac_adf_req_ret_t 00145 jail_check_ip(rsbac_pid_t pid, union rsbac_target_id_t tid) 00146 { 00147 rsbac_jail_ip_t jail_ip; 00148 rsbac_jail_flags_t jail_flags; 00149 00150 if(!tid.netobj.sock_p) 00151 { 00152 #ifdef CONFIG_RSBAC_RMSG 00153 rsbac_printk(KERN_WARNING 00154 "jail_check_ip(): NULL sock_p!\n"); 00155 #endif 00156 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00157 if (!rsbac_nosyslog) 00158 #endif 00159 printk(KERN_WARNING 00160 "jail_check_ip(): NULL sock_p!\n"); 00161 return NOT_GRANTED; 00162 } 00163 switch(tid.netobj.sock_p->ops->family) 00164 { 00165 case AF_UNIX: 00166 return(GRANTED); 00167 00168 case AF_INET: 00169 switch(tid.netobj.sock_p->type) 00170 { 00171 case SOCK_STREAM: 00172 case SOCK_DGRAM: 00173 case SOCK_RDM: 00174 jail_ip = jail_get_ip_process(pid); 00175 if(jail_ip == INADDR_ANY) 00176 return GRANTED; 00177 jail_flags = jail_get_flags_process(pid); 00178 if(tid.netobj.local_addr) 00179 { 00180 struct sockaddr_in * addr = tid.netobj.local_addr; 00181 00182 if( (jail_ip == addr->sin_addr.s_addr) 00183 || ( (jail_flags & JAIL_allow_inet_localhost) 00184 && (addr->sin_addr.s_addr == RSBAC_JAIL_LOCALHOST) 00185 ) 00186 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST) 00187 || ( (jail_flags & JAIL_auto_adjust_inet_any) 00188 && (addr->sin_addr.s_addr == INADDR_ANY) 00189 ) 00190 #endif 00191 ) 00192 return GRANTED; 00193 else 00194 { 00195 #ifdef CONFIG_RSBAC_DEBUG 00196 if(rsbac_debug_adf_jail) 00197 { 00198 #ifdef CONFIG_RSBAC_RMSG 00199 rsbac_printk(KERN_DEBUG 00200 "jail_check_ip(): local_addr does not match jail_ip -> NOT_GRANTED!\n"); 00201 #endif 00202 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00203 if (!rsbac_nosyslog) 00204 #endif 00205 printk(KERN_DEBUG 00206 "jail_check_ip(): local_addr does not match jail_ip -> NOT_GRANTED!\n"); 00207 } 00208 #endif 00209 return NOT_GRANTED; 00210 } 00211 } 00212 else 00213 if( (tid.netobj.remote_addr) 00214 && (jail_flags & JAIL_allow_inet_localhost) 00215 && ( ((struct sockaddr_in *) tid.netobj.remote_addr)->sin_addr.s_addr 00216 == RSBAC_JAIL_LOCALHOST) 00217 ) 00218 return GRANTED; 00219 else 00220 { 00221 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00222 if( ( (jail_ip == inet_sk(tid.netobj.sock_p->sk)->rcv_saddr) 00223 && (jail_ip == inet_sk(tid.netobj.sock_p->sk)->saddr) 00224 ) 00225 || ( (jail_flags & JAIL_allow_inet_localhost) 00226 && ( (inet_sk(tid.netobj.sock_p->sk)->saddr == RSBAC_JAIL_LOCALHOST) 00227 || (inet_sk(tid.netobj.sock_p->sk)->daddr == RSBAC_JAIL_LOCALHOST) 00228 ) 00229 ) 00230 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST) 00231 || ( (jail_flags & JAIL_auto_adjust_inet_any) 00232 && (inet_sk(tid.netobj.sock_p->sk)->rcv_saddr == INADDR_ANY) 00233 && (inet_sk(tid.netobj.sock_p->sk)->saddr == INADDR_ANY) 00234 ) 00235 #endif 00236 ) 00237 #else 00238 if( ( (jail_ip == tid.netobj.sock_p->sk->rcv_saddr) 00239 && (jail_ip == tid.netobj.sock_p->sk->saddr) 00240 ) 00241 || ( (jail_flags & JAIL_allow_inet_localhost) 00242 && ( (tid.netobj.sock_p->sk->saddr == RSBAC_JAIL_LOCALHOST) 00243 || (tid.netobj.sock_p->sk->daddr == RSBAC_JAIL_LOCALHOST) 00244 ) 00245 ) 00246 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST) 00247 || ( (jail_flags & JAIL_auto_adjust_inet_any) 00248 && (tid.netobj.sock_p->sk->rcv_saddr == INADDR_ANY) 00249 && (tid.netobj.sock_p->sk->saddr == INADDR_ANY) 00250 ) 00251 #endif 00252 ) 00253 #endif 00254 return GRANTED; 00255 else 00256 { 00257 #ifdef CONFIG_RSBAC_DEBUG 00258 if(rsbac_debug_adf_jail) 00259 { 00260 #ifdef CONFIG_RSBAC_RMSG 00261 rsbac_printk(KERN_DEBUG 00262 "jail_check_ip(): sk->rcv_saddr or sk->saddr does not match jail_ip -> NOT_GRANTED!\n"); 00263 #endif 00264 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00265 if (!rsbac_nosyslog) 00266 #endif 00267 printk(KERN_DEBUG 00268 "jail_check_ip(): sk->rcv_saddr or sk->saddr does not match jail_ip -> NOT_GRANTED!\n"); 00269 } 00270 #endif 00271 return NOT_GRANTED; 00272 } 00273 } 00274 00275 case SOCK_RAW: 00276 if(jail_get_flags_process(pid) & JAIL_allow_inet_raw) 00277 return(GRANTED); 00278 else 00279 { 00280 #ifdef CONFIG_RSBAC_DEBUG 00281 if(rsbac_debug_adf_jail) 00282 { 00283 #ifdef CONFIG_RSBAC_RMSG 00284 rsbac_printk(KERN_DEBUG 00285 "jail_check_ip(): network type is raw and allow_inet_raw is not set -> NOT_GRANTED!\n"); 00286 #endif 00287 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00288 if (!rsbac_nosyslog) 00289 #endif 00290 printk(KERN_DEBUG 00291 "jail_check_ip(): network type is raw and allow_inet_raw is not set -> NOT_GRANTED!\n"); 00292 } 00293 #endif 00294 return(NOT_GRANTED); 00295 } 00296 00297 default: 00298 #ifdef CONFIG_RSBAC_DEBUG 00299 if(rsbac_debug_adf_jail) 00300 { 00301 #ifdef CONFIG_RSBAC_RMSG 00302 rsbac_printk(KERN_DEBUG 00303 "jail_check_ip(): network type not STREAM, DGRAM, RDM or RAW -> NOT_GRANTED!\n"); 00304 #endif 00305 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00306 if (!rsbac_nosyslog) 00307 #endif 00308 printk(KERN_DEBUG 00309 "jail_check_ip(): network type not STREAM, DGRAM, RDM or RAW -> NOT_GRANTED!\n"); 00310 } 00311 #endif 00312 return(NOT_GRANTED); 00313 } 00314 00315 default: 00316 if(jail_get_flags_process(pid) & JAIL_allow_all_net_family) 00317 return(GRANTED); 00318 else 00319 { 00320 #ifdef CONFIG_RSBAC_DEBUG 00321 if(rsbac_debug_adf_jail) 00322 { 00323 #ifdef CONFIG_RSBAC_RMSG 00324 rsbac_printk(KERN_DEBUG 00325 "jail_check_ip(): network family not UNIX or INET and allow_all_net_family not set -> NOT_GRANTED!\n"); 00326 #endif 00327 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00328 if (!rsbac_nosyslog) 00329 #endif 00330 printk(KERN_DEBUG 00331 "jail_check_ip(): network family not UNIX or INET and allow_all_net_family not set -> NOT_GRANTED!\n"); 00332 } 00333 #endif 00334 return NOT_GRANTED; 00335 } 00336 } 00337 } 00338 #endif /* defined(CONFIG_RSBAC_NET_OBJ) */ 00339 00340 /************************************************* */ 00341 /* Externally visible functions */ 00342 /************************************************* */ 00343 00344 enum rsbac_adf_req_ret_t 00345 rsbac_adf_request_jail (enum rsbac_adf_request_t request, 00346 rsbac_pid_t caller_pid, 00347 enum rsbac_target_t target, 00348 union rsbac_target_id_t tid, 00349 enum rsbac_attribute_t attr, 00350 union rsbac_attribute_value_t attr_val, 00351 rsbac_uid_t owner) 00352 { 00353 rsbac_jail_id_t jail_id; 00354 rsbac_jail_flags_t jail_flags; 00355 00356 switch (request) 00357 { 00358 case R_ADD_TO_KERNEL: 00359 case R_REMOVE_FROM_KERNEL: 00360 case R_SHUTDOWN: 00361 switch(target) 00362 { 00363 case T_NONE: 00364 if(jail_get_id_process(caller_pid)) 00365 return NOT_GRANTED; 00366 else 00367 return GRANTED; 00368 00369 /* all other cases are unknown */ 00370 default: 00371 return(DO_NOT_CARE); 00372 } 00373 case R_MOUNT: 00374 case R_UMOUNT: 00375 switch(target) 00376 { 00377 case T_FILE: 00378 case T_DIR: 00379 case T_DEV: 00380 if(jail_get_id_process(caller_pid)) 00381 return NOT_GRANTED; 00382 else 00383 return GRANTED; 00384 00385 /* all other cases are unknown */ 00386 default: 00387 return(DO_NOT_CARE); 00388 } 00389 case R_CREATE: 00390 switch(target) 00391 { 00392 case T_DIR: 00393 if(!jail_get_id_process(caller_pid)) 00394 return GRANTED; 00395 /* no mknod for devices */ 00396 if( (attr == A_create_data) 00397 && ( S_ISCHR(attr_val.create_data.mode) 00398 || S_ISBLK(attr_val.create_data.mode) 00399 ) 00400 ) 00401 return NOT_GRANTED; 00402 else 00403 return GRANTED; 00404 00405 case T_IPC: 00406 return GRANTED; 00407 00408 #ifdef CONFIG_RSBAC_NET_OBJ 00409 case T_NETTEMP: 00410 if(!jail_get_id_process(caller_pid)) 00411 return GRANTED; 00412 else 00413 return NOT_GRANTED; 00414 00415 case T_NETOBJ: 00416 if(!jail_get_id_process(caller_pid)) 00417 return GRANTED; 00418 if(!tid.netobj.sock_p) 00419 { 00420 #ifdef CONFIG_RSBAC_RMSG 00421 rsbac_printk(KERN_WARNING 00422 "rsbac_adf_request_jail(): NULL sock_p on CREATE!\n"); 00423 #endif 00424 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00425 if (!rsbac_nosyslog) 00426 #endif 00427 printk(KERN_WARNING 00428 "rsbac_adf_request_jail(): NULL sock_p on CREATE!\n"); 00429 return NOT_GRANTED; 00430 } 00431 switch(tid.netobj.sock_p->ops->family) 00432 { 00433 case AF_UNIX: 00434 return(GRANTED); 00435 00436 case AF_INET: 00437 switch(tid.netobj.sock_p->type) 00438 { 00439 case SOCK_STREAM: 00440 case SOCK_DGRAM: 00441 case SOCK_RDM: 00442 if( tid.netobj.sock_p->sk 00443 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00444 && (tid.netobj.sock_p->sk->sk_protocol == IPPROTO_RAW) 00445 #else 00446 && (tid.netobj.sock_p->sk->protocol == IPPROTO_RAW) 00447 #endif 00448 ) 00449 { 00450 jail_flags = jail_get_flags_process(caller_pid); 00451 if(jail_flags & JAIL_allow_inet_raw) 00452 return(GRANTED); 00453 else 00454 return NOT_GRANTED; 00455 } 00456 else 00457 return GRANTED; 00458 00459 case SOCK_RAW: 00460 jail_flags = jail_get_flags_process(caller_pid); 00461 if(jail_flags & JAIL_allow_inet_raw) 00462 return(GRANTED); 00463 else 00464 return NOT_GRANTED; 00465 00466 default: 00467 return(NOT_GRANTED); 00468 } 00469 00470 default: 00471 jail_flags = jail_get_flags_process(caller_pid); 00472 if(jail_flags & JAIL_allow_all_net_family) 00473 return(GRANTED); 00474 else 00475 return(NOT_GRANTED); 00476 } 00477 #endif 00478 00479 /* all other cases are unknown */ 00480 default: return(DO_NOT_CARE); 00481 } 00482 00483 case R_DELETE: 00484 switch(target) 00485 { 00486 case T_IPC: 00487 jail_id = jail_get_id_process(caller_pid); 00488 if( !jail_id 00489 || (jail_id == jail_get_id(target,tid)) 00490 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc) 00491 ) 00492 return GRANTED; 00493 else 00494 return NOT_GRANTED; 00495 00496 #ifdef CONFIG_RSBAC_NET_OBJ 00497 case T_NETTEMP: 00498 if(!jail_get_id_process(caller_pid)) 00499 return GRANTED; 00500 else 00501 return NOT_GRANTED; 00502 #endif 00503 /* all other cases are unknown */ 00504 default: return(DO_NOT_CARE); 00505 } 00506 00507 case R_MODIFY_ATTRIBUTE: 00508 switch(attr) 00509 { 00510 case A_system_role: 00511 case A_jail_role: 00512 case A_jail_id: 00513 case A_jail_ip: 00514 case A_jail_flags: 00515 case A_jail_max_caps: 00516 /* All attributes (remove target!) */ 00517 case A_none: 00518 if(jail_get_id_process(caller_pid)) 00519 return NOT_GRANTED; 00520 00521 /* Security Officer? */ 00522 return jail_check_sysrole(owner, SR_security_officer); 00523 00524 default: 00525 return(DO_NOT_CARE); 00526 } 00527 00528 case R_READ_ATTRIBUTE: 00529 switch(attr) 00530 { 00531 case A_system_role: 00532 case A_jail_role: 00533 case A_jail_id: 00534 case A_jail_ip: 00535 case A_jail_flags: 00536 case A_jail_max_caps: 00537 /* All attributes (remove target!) */ 00538 case A_none: 00539 if(jail_get_id_process(caller_pid)) 00540 return NOT_GRANTED; 00541 00542 /* Security Officer? */ 00543 if(jail_check_sysrole(owner, SR_administrator) == NOT_GRANTED) 00544 return jail_check_sysrole(owner, SR_security_officer); 00545 else 00546 return GRANTED; 00547 00548 default: 00549 return(DO_NOT_CARE); 00550 } 00551 00552 case R_SEND_SIGNAL: 00553 case R_TRACE: 00554 if (target == T_PROCESS) 00555 { 00556 jail_id = jail_get_id_process(caller_pid); 00557 if( !jail_id 00558 || (jail_id == jail_get_id(target,tid)) 00559 ) 00560 return GRANTED; 00561 else 00562 return NOT_GRANTED; 00563 } 00564 else 00565 return(DO_NOT_CARE); 00566 00567 case R_MODIFY_PERMISSIONS_DATA: 00568 switch(target) 00569 { 00570 /* no setting of suid/sgid flags for jailed processes */ 00571 case T_FILE: 00572 case T_DIR: 00573 case T_FIFO: 00574 case T_SYMLINK: 00575 if( jail_get_id_process(caller_pid) 00576 && (attr == A_mode) 00577 && (attr_val.mode & (S_ISUID | S_ISGID)) 00578 ) 00579 return NOT_GRANTED; 00580 else 00581 return GRANTED; 00582 00583 case T_IPC: 00584 jail_id = jail_get_id_process(caller_pid); 00585 if( !jail_id 00586 || (jail_id == jail_get_id(target,tid)) 00587 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc) 00588 ) 00589 return GRANTED; 00590 else 00591 return NOT_GRANTED; 00592 00593 case T_SCD: 00594 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE 00595 /* switching Linux DAC */ 00596 case T_NONE: 00597 #endif 00598 if(jail_get_id_process(caller_pid)) 00599 return NOT_GRANTED; 00600 else 00601 return GRANTED; 00602 00603 /* all other cases are unknown */ 00604 default: return(DO_NOT_CARE); 00605 } 00606 00607 case R_GET_STATUS_DATA: 00608 switch(target) 00609 { 00610 case T_PROCESS: 00611 jail_id = jail_get_id_process(caller_pid); 00612 if( !jail_id 00613 || (jail_id == jail_get_id(target,tid)) 00614 ) 00615 return GRANTED; 00616 else 00617 return NOT_GRANTED; 00618 00619 case T_IPC: 00620 jail_id = jail_get_id_process(caller_pid); 00621 if( !jail_id 00622 || (jail_id == jail_get_id(target,tid)) 00623 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc) 00624 ) 00625 return GRANTED; 00626 else 00627 return NOT_GRANTED; 00628 00629 case T_SCD: 00630 if(jail_get_id_process(caller_pid)) 00631 { 00632 /* target rlimit? grant */ 00633 if (tid.scd == ST_rlimit) 00634 return(GRANTED); 00635 else 00636 return NOT_GRANTED; 00637 } 00638 else 00639 return GRANTED; 00640 00641 /* all other cases are unknown */ 00642 default: return(DO_NOT_CARE); 00643 } 00644 00645 case R_MODIFY_SYSTEM_DATA: 00646 switch(target) 00647 { 00648 case T_SCD: 00649 if(jail_get_id_process(caller_pid)) 00650 { 00651 jail_flags = jail_get_flags_process(caller_pid); 00652 00653 /* target rlimit? grant, if allowed */ 00654 if ( (tid.scd == ST_rlimit) 00655 && (jail_flags & JAIL_allow_rlimit) 00656 ) 00657 return(GRANTED); 00658 else 00659 /* target clock? grant, if allowed */ 00660 if ( (tid.scd == ST_clock) 00661 && (jail_flags & JAIL_allow_clock) 00662 ) 00663 return(GRANTED); 00664 else 00665 return NOT_GRANTED; 00666 } 00667 else 00668 return GRANTED; 00669 00670 case T_PROCESS: 00671 jail_id = jail_get_id_process(caller_pid); 00672 if(!jail_id) 00673 return GRANTED; 00674 if( attr == A_kernel_thread 00675 && (attr_val.kernel_thread) 00676 ) 00677 return NOT_GRANTED; 00678 if(jail_id != jail_get_id(target,tid)) 00679 return NOT_GRANTED; 00680 return GRANTED; 00681 00682 #ifdef CONFIG_RSBAC_JAIL_NET_DEV_PROT 00683 case T_NETDEV: 00684 if(jail_get_id_process(caller_pid)) 00685 return NOT_GRANTED; 00686 else 00687 return GRANTED; 00688 #endif 00689 00690 /* all other cases are unknown */ 00691 default: return(DO_NOT_CARE); 00692 } 00693 00694 case R_READ: 00695 switch(target) 00696 { 00697 #ifdef CONFIG_RSBAC_RW 00698 case T_IPC: 00699 jail_id = jail_get_id_process(caller_pid); 00700 if( !jail_id 00701 || (jail_id == jail_get_id(target,tid)) 00702 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc) 00703 ) 00704 return GRANTED; 00705 else 00706 return NOT_GRANTED; 00707 #endif 00708 #if defined(CONFIG_RSBAC_NET_OBJ) 00709 case T_NETTEMP: 00710 if(jail_get_id_process(caller_pid)) 00711 return NOT_GRANTED; 00712 if(jail_check_sysrole(owner, SR_security_officer) == GRANTED) 00713 return GRANTED; 00714 return jail_check_sysrole(owner, SR_administrator); 00715 00716 case T_NETOBJ: 00717 if(!jail_get_id_process(caller_pid)) 00718 return GRANTED; 00719 return(jail_check_ip(caller_pid, tid)); 00720 #endif 00721 00722 /* all other cases */ 00723 default: return(DO_NOT_CARE); 00724 } 00725 00726 case R_SWITCH_LOG: 00727 switch(target) 00728 { 00729 case T_NONE: 00730 if(jail_get_id_process(caller_pid)) 00731 return NOT_GRANTED; 00732 /* test owner's fc_role */ 00733 return jail_check_sysrole(owner, SR_security_officer); 00734 00735 /* all other cases are unknown */ 00736 default: return(DO_NOT_CARE); 00737 } 00738 00739 case R_SWITCH_MODULE: 00740 switch(target) 00741 { 00742 case T_NONE: 00743 /* we need the switch_target */ 00744 if(attr != A_switch_target) 00745 return(UNDEFINED); 00746 /* do not care for other modules */ 00747 if( (attr_val.switch_target != JAIL) 00748 #ifdef CONFIG_RSBAC_SOFTMODE 00749 && (attr_val.switch_target != SOFTMODE) 00750 #endif 00751 ) 00752 return(DO_NOT_CARE); 00753 if(jail_get_id_process(caller_pid)) 00754 return NOT_GRANTED; 00755 /* test owner's fc_role */ 00756 return jail_check_sysrole(owner, SR_security_officer); 00757 00758 /* all other cases are unknown */ 00759 default: return(DO_NOT_CARE); 00760 } 00761 00762 case R_WRITE: 00763 switch(target) 00764 { 00765 #ifdef CONFIG_RSBAC_RW 00766 case T_IPC: 00767 jail_id = jail_get_id_process(caller_pid); 00768 if( !jail_id 00769 || (jail_id == jail_get_id(target,tid)) 00770 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc) 00771 ) 00772 return GRANTED; 00773 else 00774 return NOT_GRANTED; 00775 #endif 00776 00777 #if defined(CONFIG_RSBAC_NET_OBJ) 00778 case T_NETTEMP: 00779 if(jail_get_id_process(caller_pid)) 00780 return NOT_GRANTED; 00781 return DO_NOT_CARE; 00782 00783 case T_NETOBJ: 00784 if(!jail_get_id_process(caller_pid)) 00785 return GRANTED; 00786 return(jail_check_ip(caller_pid, tid)); 00787 #endif 00788 00789 /* all other cases are unknown */ 00790 default: return(DO_NOT_CARE); 00791 } 00792 00793 #ifdef CONFIG_RSBAC_NET 00794 case R_BIND: 00795 switch(target) 00796 { 00797 #ifdef CONFIG_RSBAC_JAIL_NET_DEV_PROT 00798 case T_NETDEV: 00799 if(jail_get_id_process(caller_pid)) 00800 return NOT_GRANTED; 00801 else 00802 return GRANTED; 00803 #endif 00804 #ifdef CONFIG_RSBAC_NET_OBJ 00805 case T_NETOBJ: 00806 if(!jail_get_id_process(caller_pid)) 00807 return GRANTED; 00808 return(jail_check_ip(caller_pid, tid)); 00809 #endif 00810 /* all other cases are unknown */ 00811 default: 00812 return(DO_NOT_CARE); 00813 } 00814 #endif 00815 #ifdef CONFIG_RSBAC_NET_OBJ 00816 case R_CONNECT: 00817 case R_LISTEN: 00818 case R_ACCEPT: 00819 case R_SEND: 00820 case R_RECEIVE: 00821 switch(target) 00822 { 00823 case T_NETOBJ: 00824 if(!jail_get_id_process(caller_pid)) 00825 return GRANTED; 00826 #if defined(CONFIG_RSBAC_NET_OBJ_UNIX) 00827 if( tid.netobj.sock_p 00828 && tid.netobj.sock_p->ops 00829 && (tid.netobj.sock_p->ops->family == AF_UNIX) 00830 && tid.netobj.sock_p->sk 00831 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00832 && tid.netobj.sock_p->sk->sk_peercred.pid 00833 #else 00834 && tid.netobj.sock_p->sk->peercred.pid 00835 #endif 00836 ) 00837 { 00838 union rsbac_target_id_t i_tid; 00839 00840 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00841 i_tid.process = tid.netobj.sock_p->sk->sk_peercred.pid; 00842 #else 00843 i_tid.process = tid.netobj.sock_p->sk->peercred.pid; 00844 #endif 00845 jail_id = jail_get_id_process(caller_pid); 00846 if( !jail_id 00847 || (jail_id == jail_get_id(T_PROCESS,i_tid)) 00848 ) 00849 return GRANTED; 00850 else 00851 if(jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc) 00852 return GRANTED; 00853 else 00854 return NOT_GRANTED; 00855 } 00856 else 00857 #endif 00858 return(jail_check_ip(caller_pid, tid)); 00859 00860 /* all other cases are unknown */ 00861 default: 00862 return(DO_NOT_CARE); 00863 } 00864 #endif 00865 00866 default: 00867 /* only for IPC */ 00868 switch(target) 00869 { 00870 case T_IPC: 00871 jail_id = jail_get_id_process(caller_pid); 00872 if( !jail_id 00873 || (jail_id == jail_get_id(target,tid)) 00874 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc) 00875 ) 00876 return GRANTED; 00877 else 00878 return NOT_GRANTED; 00879 00880 /* all other cases are unknown */ 00881 default: return(DO_NOT_CARE); 00882 } 00883 } 00884 }; /* end of rsbac_adf_request_jail() */ 00885 00886 00887 /*****************************************************************************/ 00888 /* If the request returned granted and the operation is performed, */ 00889 /* the following function can be called by the AEF to get all aci set */ 00890 /* correctly. For write accesses that are performed fully within the kernel, */ 00891 /* this is usually not done to prevent extra calls, including R_CLOSE for */ 00892 /* cleaning up. */ 00893 /* The second instance of target specification is the new target, if one has */ 00894 /* been created, otherwise its values are ignored. */ 00895 /* On success, 0 is returned, and an error from rsbac/error.h otherwise. */ 00896 00897 int rsbac_adf_set_attr_jail( 00898 enum rsbac_adf_request_t request, 00899 rsbac_pid_t caller_pid, 00900 enum rsbac_target_t target, 00901 union rsbac_target_id_t tid, 00902 enum rsbac_target_t new_target, 00903 union rsbac_target_id_t new_tid, 00904 enum rsbac_attribute_t attr, 00905 union rsbac_attribute_value_t attr_val, 00906 rsbac_uid_t owner) 00907 { 00908 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST 00909 int err; 00910 #endif 00911 union rsbac_target_id_t i_tid; 00912 union rsbac_attribute_value_t i_attr_val1; 00913 union rsbac_attribute_value_t i_attr_val2; 00914 00915 switch (request) 00916 { 00917 case R_CHANGE_OWNER: 00918 switch(target) 00919 { 00920 case T_PROCESS: 00921 if(attr != A_owner) 00922 return(-RSBAC_EINVALIDATTR); 00923 /* Adjust Linux caps */ 00924 i_tid.process = caller_pid; 00925 #ifdef CONFIG_RSBAC_SOFTMODE 00926 if(!rsbac_softmode) 00927 #endif 00928 { 00929 if (rsbac_get_attr(JAIL, 00930 T_PROCESS, 00931 i_tid, 00932 A_jail_max_caps, 00933 &i_attr_val1, 00934 FALSE)) 00935 { 00936 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_max_caps); 00937 } 00938 else 00939 { 00940 extern spinlock_t task_capability_lock; 00941 00942 /* set caps for process */ 00943 spin_lock(&task_capability_lock); 00944 current->cap_permitted &= i_attr_val1.jail_max_caps; 00945 current->cap_effective &= i_attr_val1.jail_max_caps; 00946 current->cap_inheritable &= i_attr_val1.jail_max_caps; 00947 spin_unlock(&task_capability_lock); 00948 } 00949 } 00950 return 0; 00951 00952 /* all other cases are unknown */ 00953 default: 00954 return(0); 00955 } 00956 00957 case R_CLONE: 00958 if (target == T_PROCESS) 00959 { 00960 union rsbac_attribute_value_t i_attr_val3; 00961 union rsbac_attribute_value_t i_attr_val4; 00962 00963 /* Get jail_id from first process */ 00964 if (rsbac_get_attr(JAIL, 00965 T_PROCESS, 00966 tid, 00967 A_jail_id, 00968 &i_attr_val1, 00969 FALSE)) 00970 { 00971 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_id); 00972 return(-RSBAC_EREADFAILED); 00973 } 00974 /* Get jail_ip from first process */ 00975 if (rsbac_get_attr(JAIL, 00976 T_PROCESS, 00977 tid, 00978 A_jail_ip, 00979 &i_attr_val2, 00980 FALSE)) 00981 { 00982 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_ip); 00983 return(-RSBAC_EREADFAILED); 00984 } 00985 /* Get jail_flags from first process */ 00986 if (rsbac_get_attr(JAIL, 00987 T_PROCESS, 00988 tid, 00989 A_jail_flags, 00990 &i_attr_val3, 00991 FALSE)) 00992 { 00993 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_flags); 00994 return(-RSBAC_EREADFAILED); 00995 } 00996 /* Get jail_max_caps from first process */ 00997 if (rsbac_get_attr(JAIL, 00998 T_PROCESS, 00999 tid, 01000 A_jail_max_caps, 01001 &i_attr_val4, 01002 FALSE)) 01003 { 01004 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_max_caps); 01005 return(-RSBAC_EREADFAILED); 01006 } 01007 /* Set jail_id for new process */ 01008 if (rsbac_set_attr(JAIL, 01009 T_PROCESS, 01010 new_tid, 01011 A_jail_id, 01012 i_attr_val1)) 01013 { 01014 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_id); 01015 return(-RSBAC_EWRITEFAILED); 01016 } 01017 /* Set jail_ip for new process */ 01018 if (rsbac_set_attr(JAIL, 01019 T_PROCESS, 01020 new_tid, 01021 A_jail_ip, 01022 i_attr_val2)) 01023 { 01024 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_ip); 01025 return(-RSBAC_EWRITEFAILED); 01026 } 01027 /* Set jail_flags for new process */ 01028 if (rsbac_set_attr(JAIL, 01029 T_PROCESS, 01030 new_tid, 01031 A_jail_flags, 01032 i_attr_val3)) 01033 { 01034 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_flags); 01035 return(-RSBAC_EWRITEFAILED); 01036 } 01037 /* Set jail_flags for new process */ 01038 if (rsbac_set_attr(JAIL, 01039 T_PROCESS, 01040 new_tid, 01041 A_jail_max_caps, 01042 i_attr_val4)) 01043 { 01044 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_max_caps); 01045 return(-RSBAC_EWRITEFAILED); 01046 } 01047 return(0); 01048 } 01049 else 01050 return(0); 01051 01052 case R_EXECUTE: 01053 switch(target) 01054 { 01055 case T_FILE: 01056 /* Adjust Linux caps */ 01057 i_tid.process = caller_pid; 01058 #ifdef CONFIG_RSBAC_SOFTMODE 01059 if(!rsbac_softmode) 01060 #endif 01061 { 01062 if (rsbac_get_attr(JAIL, 01063 T_PROCESS, 01064 i_tid, 01065 A_jail_max_caps, 01066 &i_attr_val1, 01067 FALSE)) 01068 { 01069 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_max_caps); 01070 } 01071 else 01072 { 01073 extern spinlock_t task_capability_lock; 01074 01075 /* set caps for process */ 01076 spin_lock(&task_capability_lock); 01077 current->cap_permitted &= i_attr_val1.jail_max_caps; 01078 current->cap_effective &= i_attr_val1.jail_max_caps; 01079 current->cap_inheritable &= i_attr_val1.jail_max_caps; 01080 spin_unlock(&task_capability_lock); 01081 } 01082 } 01083 return 0; 01084 01085 /* all other cases are unknown */ 01086 default: 01087 return(0); 01088 } 01089 01090 case R_CREATE: 01091 if (target == T_IPC) 01092 { 01093 /* Get jail_id from process */ 01094 i_tid.process = caller_pid; 01095 if (rsbac_get_attr(JAIL, 01096 T_PROCESS, 01097 i_tid, 01098 A_jail_id, 01099 &i_attr_val1, 01100 FALSE)) 01101 { 01102 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_id); 01103 return(-RSBAC_EREADFAILED); 01104 } 01105 /* Set jail_id for new IPC */ 01106 if (rsbac_set_attr(JAIL, 01107 T_IPC, 01108 tid, 01109 A_jail_id, 01110 i_attr_val1)) 01111 { 01112 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_id); 01113 return(-RSBAC_EWRITEFAILED); 01114 } 01115 return(0); 01116 } 01117 /* fall through */ 01118 01119 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST 01120 case R_BIND: 01121 if(target != T_NETOBJ) 01122 return 0; 01123 if(!tid.netobj.sock_p) 01124 { 01125 #ifdef CONFIG_RSBAC_RMSG 01126 rsbac_printk(KERN_WARNING 01127 "rsbac_adf_set_attr_jail(): NULL sock_p!\n"); 01128 return 0; 01129 #endif 01130 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01131 if (!rsbac_nosyslog) 01132 #endif 01133 printk(KERN_WARNING 01134 "rsbac_adf_set_attr_jail(): NULL sock_p!\n"); 01135 return 0; 01136 } 01137 switch(tid.netobj.sock_p->ops->family) 01138 { 01139 case AF_INET: 01140 i_tid.process = caller_pid; 01141 if ((err=rsbac_get_attr(JAIL, 01142 T_PROCESS, 01143 i_tid, 01144 A_jail_ip, 01145 &i_attr_val1, 01146 TRUE))) 01147 { 01148 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_ip); 01149 return -RSBAC_EREADFAILED; 01150 } 01151 if(i_attr_val1.jail_ip == INADDR_ANY) 01152 return 0; 01153 if ((err=rsbac_get_attr(JAIL, 01154 T_PROCESS, 01155 i_tid, 01156 A_jail_flags, 01157 &i_attr_val2, 01158 TRUE))) 01159 { 01160 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_flags); 01161 return -RSBAC_EREADFAILED; 01162 } 01163 if(i_attr_val2.jail_flags & JAIL_auto_adjust_inet_any) 01164 { 01165 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 01166 inet_sk(tid.netobj.sock_p->sk)->rcv_saddr = i_attr_val1.jail_ip; 01167 inet_sk(tid.netobj.sock_p->sk)->saddr = i_attr_val1.jail_ip; 01168 #else 01169 tid.netobj.sock_p->sk->rcv_saddr = i_attr_val1.jail_ip; 01170 tid.netobj.sock_p->sk->saddr = i_attr_val1.jail_ip; 01171 #endif 01172 } 01173 return 0; 01174 01175 default: 01176 break; 01177 } 01178 #endif 01179 return 0; 01180 01181 /*********************/ 01182 default: return(0); 01183 } 01184 01185 return(0); 01186 }; /* end of rsbac_adf_set_attr_jail() */ 01187 01188 /* end of rsbac/adf/jail/main.c */

Generated on Tue Aug 31 10:05:23 2004 for RSBAC by doxygen 1.3.8