00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
#include <linux/string.h>
00013
#include <rsbac/types.h>
00014
#include <rsbac/aci.h>
00015
#include <rsbac/mac.h>
00016
#include <rsbac/adf_main.h>
00017
#include <rsbac/error.h>
00018
#include <rsbac/helpers.h>
00019
#include <rsbac/getname.h>
00020
#include <rsbac/debug.h>
00021
#include <rsbac/rkmem.h>
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
static int
00032 mac_sys_check_role(
enum rsbac_system_role_t role)
00033 {
00034
union rsbac_target_id_t i_tid;
00035
union rsbac_attribute_value_t i_attr_val1;
00036
00037 i_tid.
user = current->uid;
00038
if (
rsbac_get_attr(
MAC,
00039
T_USER,
00040 i_tid,
00041
A_mac_role,
00042 &i_attr_val1,
00043
TRUE))
00044 {
00045 rsbac_ds_get_error(
"mac_sys_check_role",
A_mac_role);
00046
return -EPERM;
00047 }
00048
00049
if (i_attr_val1.
system_role == role)
00050
return 0;
00051
else
00052
return -EPERM;
00053 }
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066 int rsbac_mac_set_curr_level(
rsbac_security_level_t level,
00067
rsbac_mac_category_vector_t categories)
00068 {
00069
union rsbac_target_id_t tid;
00070
union rsbac_attribute_value_t attr_val1;
00071
rsbac_mac_process_flags_t flags;
00072
00073
if( (level >
SL_max)
00074 && (level !=
SL_none)
00075 )
00076
return -
RSBAC_EINVALIDVALUE;
00077
00078 tid.
process = current->pid;
00079
00080
#ifndef CONFIG_RSBAC_MAINT
00081
00082
if (
rsbac_get_attr(
MAC,
00083
T_PROCESS,
00084 tid,
00085
A_mac_process_flags,
00086 &attr_val1,
00087
FALSE))
00088 {
00089 rsbac_ds_get_error(
"rsbac_mac_set_curr_level",
A_none);
00090
return(-
RSBAC_EREADFAILED);
00091 }
00092 flags = attr_val1.
mac_process_flags;
00093
if( !(flags &
MAC_auto)
00094 && !(flags &
MAC_trusted)
00095 && !(flags &
MAC_override)
00096 )
00097 {
00098
#ifdef CONFIG_RSBAC_RMSG
00099
rsbac_printk(KERN_INFO
00100
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: no auto, trusted or override -> not granted \n",
00101 current->uid,
00102 current->pid,
00103 current->comm);
00104
#endif
00105
#ifndef CONFIG_RSBAC_RMSG_EXCL
00106
00107
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00108
if (!rsbac_nosyslog)
00109
#endif
00110
printk(KERN_INFO
00111
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: no auto, trusted or override -> not granted \n",
00112 current->uid,
00113 current->pid,
00114 current->comm);
00115
#endif
00116
#ifdef CONFIG_RSBAC_SOFTMODE
00117
if( !rsbac_softmode
00118
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00119
&& !rsbac_ind_softmode[
MAC]
00120
#endif
00121
)
00122
#endif
00123
return -EPERM;
00124 }
00125
00126
00127
if(!(flags &
MAC_override))
00128 {
00129
if(level !=
SL_none)
00130 {
00131
00132 tid.
process = current->pid;
00133
if (
rsbac_get_attr(
MAC,
00134
T_PROCESS,
00135 tid,
00136
A_security_level,
00137 &attr_val1,
00138
FALSE))
00139 {
00140 rsbac_ds_get_error(
"rsbac_mac_set_curr_level",
A_none);
00141
return(-
RSBAC_EREADFAILED);
00142 }
00143
00144
if (level > attr_val1.
security_level)
00145 {
00146
#ifdef CONFIG_RSBAC_RMSG
00147
rsbac_printk(KERN_INFO
00148
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested level %u over max level %u, no override -> not granted \n",
00149 current->uid,
00150 current->pid,
00151 current->comm,
00152 level,
00153 attr_val1.
security_level);
00154
#endif
00155
#ifndef CONFIG_RSBAC_RMSG_EXCL
00156
00157
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00158
if (!rsbac_nosyslog)
00159
#endif
00160
printk(KERN_INFO
00161
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested level %u over max level %u, no override -> not granted \n",
00162 current->uid,
00163 current->pid,
00164 current->comm,
00165 level,
00166 attr_val1.
security_level);
00167
#endif
00168
#ifdef CONFIG_RSBAC_SOFTMODE
00169
if( !rsbac_softmode
00170
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00171
&& !rsbac_ind_softmode[
MAC]
00172
#endif
00173
)
00174
#endif
00175
return -EPERM;
00176 }
00177
00178 tid.
process = current->pid;
00179
if (
rsbac_get_attr(
MAC,
00180
T_PROCESS,
00181 tid,
00182
A_min_security_level,
00183 &attr_val1,
00184
FALSE))
00185 {
00186 rsbac_ds_get_error(
"rsbac_mac_set_curr_level",
A_none);
00187
return(-
RSBAC_EREADFAILED);
00188 }
00189
00190
if (level < attr_val1.
security_level)
00191 {
00192
#ifdef CONFIG_RSBAC_RMSG
00193
rsbac_printk(KERN_INFO
00194
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested level %u under min level %u, no override -> not granted \n",
00195 current->uid,
00196 current->pid,
00197 current->comm,
00198 level,
00199 attr_val1.
security_level);
00200
#endif
00201
#ifndef CONFIG_RSBAC_RMSG_EXCL
00202
00203
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00204
if (!rsbac_nosyslog)
00205
#endif
00206
printk(KERN_INFO
00207
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested level %u under min level %u, no override -> not granted \n",
00208 current->uid,
00209 current->pid,
00210 current->comm,
00211 level,
00212 attr_val1.
security_level);
00213
#endif
00214
#ifdef CONFIG_RSBAC_SOFTMODE
00215
if( !rsbac_softmode
00216
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00217
&& !rsbac_ind_softmode[
MAC]
00218
#endif
00219
)
00220
#endif
00221
return -EPERM;
00222 }
00223
00224
00225
if(!flags &
MAC_trusted)
00226 {
00227
00228
if (
rsbac_get_attr(
MAC,
00229
T_PROCESS,
00230 tid,
00231
A_min_write_open,
00232 &attr_val1,
00233
FALSE))
00234 {
00235 rsbac_ds_get_error(
"rsbac_mac_set_curr_level",
A_none);
00236
return(-
RSBAC_EREADFAILED);
00237 }
00238
if (level > attr_val1.
min_write_open)
00239 {
00240
#ifdef CONFIG_RSBAC_RMSG
00241
rsbac_printk(KERN_INFO
00242
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested level %u over min_write_open %u, no override or trusted -> not granted \n",
00243 current->uid,
00244 current->pid,
00245 current->comm,
00246 level,
00247 attr_val1.
min_write_open);
00248
#endif
00249
#ifndef CONFIG_RSBAC_RMSG_EXCL
00250
00251
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00252
if (!rsbac_nosyslog)
00253
#endif
00254
printk(KERN_INFO
00255
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested level %u over min_write_open %u, no override or trusted -> not granted \n",
00256 current->uid,
00257 current->pid,
00258 current->comm,
00259 level,
00260 attr_val1.
min_write_open);
00261
#endif
00262
#ifdef CONFIG_RSBAC_SOFTMODE
00263
if( !rsbac_softmode
00264
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00265
&& !rsbac_ind_softmode[
MAC]
00266
#endif
00267
)
00268
#endif
00269
return -EPERM;
00270 }
00271
00272
00273
if (
rsbac_get_attr(
MAC,
00274
T_PROCESS,
00275 tid,
00276
A_max_read_open,
00277 &attr_val1,
00278
FALSE))
00279 {
00280 rsbac_ds_get_error(
"rsbac_mac_set_curr_level",
A_none);
00281
return(-
RSBAC_EREADFAILED);
00282 }
00283
if (level < attr_val1.
max_read_open)
00284
return(-EPERM);
00285 }
00286 }
00287
if(categories !=
RSBAC_MAC_MIN_CAT_VECTOR)
00288 {
00289
00290 tid.
process = current->pid;
00291
if (
rsbac_get_attr(
MAC,
00292
T_PROCESS,
00293 tid,
00294
A_mac_categories,
00295 &attr_val1,
00296
FALSE))
00297 {
00298 rsbac_ds_get_error(
"rsbac_mac_set_curr_level",
A_none);
00299
return(-
RSBAC_EREADFAILED);
00300 }
00301
00302
if ((categories & attr_val1.
mac_categories) != categories)
00303 {
00304
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00305
00306
if(tmp)
00307 {
00308
char * tmp2 =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00309
00310
if(tmp2)
00311 {
00312
#ifdef CONFIG_RSBAC_RMSG
00313
rsbac_printk(KERN_INFO
00314
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested categories %s over max categories %s, no override -> not granted \n",
00315 current->uid,
00316 current->pid,
00317 current->comm,
00318
u64tostrmac(tmp, categories),
00319
u64tostrmac(tmp2, attr_val1.
mac_categories));
00320
#endif
00321
#ifndef CONFIG_RSBAC_RMSG_EXCL
00322
00323
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00324
if (!rsbac_nosyslog)
00325
#endif
00326
printk(KERN_INFO
00327
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested categories %s over max categories %s, no override -> not granted \n",
00328 current->uid,
00329 current->pid,
00330 current->comm,
00331
u64tostrmac(tmp, categories),
00332
u64tostrmac(tmp2, attr_val1.
mac_categories));
00333
#endif
00334
rsbac_kfree(tmp2);
00335 }
00336
rsbac_kfree(tmp);
00337 }
00338
#ifdef CONFIG_RSBAC_SOFTMODE
00339
if( !rsbac_softmode
00340
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00341
&& !rsbac_ind_softmode[
MAC]
00342
#endif
00343
)
00344
#endif
00345
return -EPERM;
00346 }
00347
00348 tid.
process = current->pid;
00349
if (
rsbac_get_attr(
MAC,
00350
T_PROCESS,
00351 tid,
00352
A_mac_min_categories,
00353 &attr_val1,
00354
FALSE))
00355 {
00356 rsbac_ds_get_error(
"rsbac_mac_set_curr_level",
A_none);
00357
return(-
RSBAC_EREADFAILED);
00358 }
00359
00360
if ((categories & attr_val1.
mac_categories) != attr_val1.
mac_categories)
00361 {
00362
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00363
00364
if(tmp)
00365 {
00366
char * tmp2 =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00367
00368
if(tmp2)
00369 {
00370
#ifdef CONFIG_RSBAC_RMSG
00371
rsbac_printk(KERN_INFO
00372
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested categories %s under min categories %s, no override -> not granted \n",
00373 current->uid,
00374 current->pid,
00375 current->comm,
00376
u64tostrmac(tmp, categories),
00377
u64tostrmac(tmp2, attr_val1.
mac_categories));
00378
#endif
00379
#ifndef CONFIG_RSBAC_RMSG_EXCL
00380
00381
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00382
if (!rsbac_nosyslog)
00383
#endif
00384
printk(KERN_INFO
00385
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested categories %s under min categories %s, no override -> not granted \n",
00386 current->uid,
00387 current->pid,
00388 current->comm,
00389
u64tostrmac(tmp, categories),
00390
u64tostrmac(tmp2, attr_val1.
mac_categories));
00391
#endif
00392
rsbac_kfree(tmp2);
00393 }
00394
rsbac_kfree(tmp);
00395 }
00396
#ifdef CONFIG_RSBAC_SOFTMODE
00397
if( !rsbac_softmode
00398
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00399
&& !rsbac_ind_softmode[
MAC]
00400
#endif
00401
)
00402
#endif
00403
return -EPERM;
00404 }
00405
00406
00407
if(!flags &
MAC_trusted)
00408 {
00409
00410
if (
rsbac_get_attr(
MAC,
00411
T_PROCESS,
00412 tid,
00413
A_min_write_categories,
00414 &attr_val1,
00415
FALSE))
00416 {
00417 rsbac_ds_get_error(
"rsbac_mac_set_curr_level",
A_none);
00418
return(-
RSBAC_EREADFAILED);
00419 }
00420
if ((categories & attr_val1.
mac_categories) != categories)
00421 {
00422
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00423
00424
if(tmp)
00425 {
00426
char * tmp2 =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00427
00428
if(tmp2)
00429 {
00430
#ifdef CONFIG_RSBAC_RMSG
00431
rsbac_printk(KERN_INFO
00432
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested categories %s over min_write categories %s, no override or trusted -> not granted \n",
00433 current->uid,
00434 current->pid,
00435 current->comm,
00436
u64tostrmac(tmp, categories),
00437
u64tostrmac(tmp2, attr_val1.
mac_categories));
00438
#endif
00439
#ifndef CONFIG_RSBAC_RMSG_EXCL
00440
00441
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00442
if (!rsbac_nosyslog)
00443
#endif
00444
printk(KERN_INFO
00445
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested categories %s over min_write categories %s, no override or trusted -> not granted \n",
00446 current->uid,
00447 current->pid,
00448 current->comm,
00449
u64tostrmac(tmp, categories),
00450
u64tostrmac(tmp2, attr_val1.
mac_categories));
00451
#endif
00452
rsbac_kfree(tmp2);
00453 }
00454
rsbac_kfree(tmp);
00455 }
00456
#ifdef CONFIG_RSBAC_SOFTMODE
00457
if( !rsbac_softmode
00458
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00459
&& !rsbac_ind_softmode[
MAC]
00460
#endif
00461
)
00462
#endif
00463
return -EPERM;
00464 }
00465
00466
if (
rsbac_get_attr(
MAC,
00467
T_PROCESS,
00468 tid,
00469
A_max_read_categories,
00470 &attr_val1,
00471
FALSE))
00472 {
00473 rsbac_ds_get_error(
"rsbac_mac_set_curr_level",
A_none);
00474
return(-
RSBAC_EREADFAILED);
00475 }
00476
if ((categories & attr_val1.
mac_categories) != attr_val1.
mac_categories)
00477 {
00478
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00479
00480
if(tmp)
00481 {
00482
char * tmp2 =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00483
00484
if(tmp2)
00485 {
00486
#ifdef CONFIG_RSBAC_RMSG
00487
rsbac_printk(KERN_INFO
00488
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested categories %s under max_read categories %s, no override or trusted -> not granted \n",
00489 current->uid,
00490 current->pid,
00491 current->comm,
00492
u64tostrmac(tmp, categories),
00493
u64tostrmac(tmp2, attr_val1.
mac_categories));
00494
#endif
00495
#ifndef CONFIG_RSBAC_RMSG_EXCL
00496
00497
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00498
if (!rsbac_nosyslog)
00499
#endif
00500
printk(KERN_INFO
00501
"rsbac_mac_set_curr_level(): uid %u, pid %u/%.15s: requested categories %s under max_read categories %s, no override or trusted -> not granted \n",
00502 current->uid,
00503 current->pid,
00504 current->comm,
00505
u64tostrmac(tmp, categories),
00506
u64tostrmac(tmp2, attr_val1.
mac_categories));
00507
#endif
00508
rsbac_kfree(tmp2);
00509 }
00510
rsbac_kfree(tmp);
00511 }
00512
#ifdef CONFIG_RSBAC_SOFTMODE
00513
if( !rsbac_softmode
00514
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00515
&& !rsbac_ind_softmode[
MAC]
00516
#endif
00517
)
00518
#endif
00519
return -EPERM;
00520 }
00521 }
00522 }
00523 }
00524
#endif
00525
00526
00527
if(level !=
SL_none)
00528 {
00529 attr_val1.
current_sec_level = level;
00530
if (
rsbac_set_attr(
MAC,
00531
T_PROCESS,
00532 tid,
00533
A_current_sec_level,
00534 attr_val1))
00535 {
00536 rsbac_ds_set_error(
"rsbac_mac_set_curr_level",
A_none);
00537
return(-
RSBAC_EWRITEFAILED);
00538 }
00539 }
00540
if(categories !=
RSBAC_MAC_MIN_CAT_VECTOR)
00541 {
00542 attr_val1.
mac_categories = categories;
00543
if (
rsbac_set_attr(
MAC,
00544
T_PROCESS,
00545 tid,
00546
A_mac_curr_categories,
00547 attr_val1))
00548 {
00549 rsbac_ds_set_error(
"rsbac_mac_set_curr_level",
A_none);
00550
return(-
RSBAC_EWRITEFAILED);
00551 }
00552 }
00553
return(0);
00554 }
00555
00556
00557 int rsbac_mac_get_curr_level(
rsbac_security_level_t * level_p,
00558
rsbac_mac_category_vector_t * categories_p)
00559 {
00560
union rsbac_target_id_t tid;
00561
union rsbac_attribute_value_t attr_val;
00562
00563 tid.
process = current->pid;
00564
if(level_p)
00565 {
00566
if (
rsbac_get_attr(
MAC,
00567
T_PROCESS,
00568 tid,
00569
A_current_sec_level,
00570 &attr_val,
00571
FALSE))
00572 {
00573 rsbac_ds_get_error(
"rsbac_mac_get_curr_level",
A_none);
00574
return(-
RSBAC_EREADFAILED);
00575 }
00576 *level_p = attr_val.
current_sec_level;
00577 }
00578
if(categories_p)
00579 {
00580
if (
rsbac_get_attr(
MAC,
00581
T_PROCESS,
00582 tid,
00583
A_mac_curr_categories,
00584 &attr_val,
00585
FALSE))
00586 {
00587 rsbac_ds_get_error(
"rsbac_mac_get_curr_level",
A_none);
00588
return(-
RSBAC_EREADFAILED);
00589 }
00590 *categories_p = attr_val.
mac_categories;
00591 }
00592
return 0;
00593 }
00594
00595 int rsbac_mac_get_max_level(
rsbac_security_level_t * level_p,
00596
rsbac_mac_category_vector_t * categories_p)
00597 {
00598
union rsbac_target_id_t tid;
00599
union rsbac_attribute_value_t attr_val;
00600
00601 tid.
process = current->pid;
00602
if(level_p)
00603 {
00604
if (
rsbac_get_attr(
MAC,
00605
T_PROCESS,
00606 tid,
00607
A_security_level,
00608 &attr_val,
00609
FALSE))
00610 {
00611 rsbac_ds_get_error(
"rsbac_mac_get_max_level",
A_none);
00612
return(-
RSBAC_EREADFAILED);
00613 }
00614 *level_p = attr_val.
security_level;
00615 }
00616
if(categories_p)
00617 {
00618
if (
rsbac_get_attr(
MAC,
00619
T_PROCESS,
00620 tid,
00621
A_mac_categories,
00622 &attr_val,
00623
FALSE))
00624 {
00625 rsbac_ds_get_error(
"rsbac_mac_get_max_level",
A_none);
00626
return(-
RSBAC_EREADFAILED);
00627 }
00628 *categories_p = attr_val.
mac_categories;
00629 }
00630
return 0;
00631 }
00632
00633
00634 int rsbac_mac_get_min_level(
rsbac_security_level_t * level_p,
00635
rsbac_mac_category_vector_t * categories_p)
00636 {
00637
union rsbac_target_id_t tid;
00638
union rsbac_attribute_value_t attr_val;
00639
00640 tid.
process = current->pid;
00641
if(level_p)
00642 {
00643
if (
rsbac_get_attr(
MAC,
00644
T_PROCESS,
00645 tid,
00646
A_min_security_level,
00647 &attr_val,
00648
FALSE))
00649 {
00650 rsbac_ds_get_error(
"rsbac_mac_get_min_level",
A_none);
00651
return(-
RSBAC_EREADFAILED);
00652 }
00653 *level_p = attr_val.
security_level;
00654 }
00655
if(categories_p)
00656 {
00657
if (
rsbac_get_attr(
MAC,
00658
T_PROCESS,
00659 tid,
00660
A_mac_min_categories,
00661 &attr_val,
00662
FALSE))
00663 {
00664 rsbac_ds_get_error(
"rsbac_mac_get_min_level",
A_none);
00665
return(-
RSBAC_EREADFAILED);
00666 }
00667 *categories_p = attr_val.
mac_categories;
00668 }
00669
return 0;
00670 }
00671
00672 int rsbac_mac_add_p_tru(
rsbac_pid_t pid,
00673
rsbac_uid_t uid,
00674
rsbac_time_t ttl)
00675 {
00676
00677
#if !defined(CONFIG_RSBAC_MAINT)
00678
#ifdef CONFIG_RSBAC_SWITCH
00679
if(rsbac_switch_mac)
00680
#endif
00681
{
00682
if(
mac_sys_check_role(
SR_security_officer))
00683 {
00684
#ifdef CONFIG_RSBAC_RMSG
00685
rsbac_printk(KERN_INFO
00686
"rsbac_mac_add_p_tru(): adding MAC trusted user %u to process %u denied for process %u!\n",
00687 uid,
00688 pid,
00689 current->pid);
00690
#endif
00691
#ifndef CONFIG_RSBAC_RMSG_EXCL
00692
printk(KERN_INFO
00693
"rsbac_mac_add_p_tru(): adding MAC trusted user %u to process %u denied for process %u!\n",
00694 uid,
00695 pid,
00696 current->pid);
00697
#endif
00698
#ifdef CONFIG_RSBAC_SOFTMODE
00699
if( !rsbac_softmode
00700
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00701
&& !rsbac_ind_softmode[
MAC]
00702
#endif
00703
)
00704
#endif
00705
return(-EPERM);
00706 }
00707 }
00708
#endif
00709
00710
00711
if(
rsbac_mac_add_to_p_truset(pid, uid, ttl))
00712 {
00713
#ifdef CONFIG_RSBAC_RMSG
00714
rsbac_printk(KERN_WARNING
00715
"rsbac_mac_add_p_tru(): rsbac_mac_add_to_p_truset() returned error!\n");
00716
#endif
00717
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00718
if (!rsbac_nosyslog)
00719
#endif
00720
printk(KERN_WARNING
00721
"rsbac_mac_add_p_tru(): rsbac_mac_add_to_p_truset() returned error!\n");
00722
return(-
RSBAC_EWRITEFAILED);
00723 }
00724
return 0;
00725 }
00726
00727 int rsbac_mac_remove_p_tru(
rsbac_pid_t pid,
00728
rsbac_uid_t uid)
00729 {
00730
00731
#if !defined(CONFIG_RSBAC_MAINT)
00732
#ifdef CONFIG_RSBAC_SWITCH
00733
if(rsbac_switch_mac)
00734
#endif
00735
{
00736
if(
mac_sys_check_role(
SR_security_officer))
00737 {
00738
#ifdef CONFIG_RSBAC_RMSG
00739
rsbac_printk(KERN_INFO
00740
"rsbac_mac_remove_p_tru(): removing MAC trusted user %u from process %u denied for process %u!\n",
00741 uid,
00742 pid,
00743 current->pid);
00744
#endif
00745
#ifndef CONFIG_RSBAC_RMSG_EXCL
00746
printk(KERN_INFO
00747
"rsbac_mac_remove_p_tru(): removing MAC trusted user %u from process %u denied for process %u!\n",
00748 uid,
00749 pid,
00750 current->pid);
00751
#endif
00752
#ifdef CONFIG_RSBAC_SOFTMODE
00753
if( !rsbac_softmode
00754
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00755
&& !rsbac_ind_softmode[
MAC]
00756
#endif
00757
)
00758
#endif
00759
return(-EPERM);
00760 }
00761 }
00762
#endif
00763
00764
return(
rsbac_mac_remove_from_p_truset(pid, uid));
00765 }
00766
00767 int rsbac_mac_add_f_tru(
rsbac_mac_file_t file,
00768
rsbac_uid_t uid,
00769
rsbac_time_t ttl)
00770 {
00771
00772
#if !defined(CONFIG_RSBAC_MAINT)
00773
#ifdef CONFIG_RSBAC_SWITCH
00774
if(rsbac_switch_mac)
00775
#endif
00776
{
00777
if(
mac_sys_check_role(
SR_security_officer))
00778 {
00779
#ifdef CONFIG_RSBAC_RMSG
00780
rsbac_printk(KERN_INFO
00781
"rsbac_mac_add_f_tru(): adding MAC trusted user %u to file %u on device %02u:%02u denied for process %u!\n",
00782 uid,
00783 file.inode,
00784 MAJOR(file.device),
00785 MINOR(file.device),
00786 current->pid);
00787
#endif
00788
#ifndef CONFIG_RSBAC_RMSG_EXCL
00789
printk(KERN_INFO
00790
"rsbac_mac_add_f_tru(): adding MAC trusted user %u to file %u on device %02u:%02u denied for process %u!\n",
00791 uid,
00792 file.inode,
00793 MAJOR(file.device),
00794 MINOR(file.device),
00795 current->pid);
00796
#endif
00797
#ifdef CONFIG_RSBAC_SOFTMODE
00798
if( !rsbac_softmode
00799
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00800
&& !rsbac_ind_softmode[
MAC]
00801
#endif
00802
)
00803
#endif
00804
return(-EPERM);
00805 }
00806 }
00807
#endif
00808
00809
if(
rsbac_mac_add_to_f_truset(file, uid, ttl))
00810 {
00811
#ifdef CONFIG_RSBAC_RMSG
00812
rsbac_printk(KERN_WARNING
00813
"rsbac_mac_add_f_tru(): rsbac_mac_add_to_f_truset() returned error!\n");
00814
#endif
00815
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00816
if (!rsbac_nosyslog)
00817
#endif
00818
printk(KERN_WARNING
00819
"rsbac_mac_add_f_tru(): rsbac_mac_add_to_f_truset() returned error!\n");
00820
return(-
RSBAC_EWRITEFAILED);
00821 }
00822
return 0;
00823 }
00824
00825 int rsbac_mac_remove_f_tru(
rsbac_mac_file_t file,
00826
rsbac_uid_t uid)
00827 {
00828
00829
#if !defined(CONFIG_RSBAC_MAINT)
00830
#ifdef CONFIG_RSBAC_SWITCH
00831
if(rsbac_switch_mac)
00832
#endif
00833
{
00834
if(
mac_sys_check_role(
SR_security_officer))
00835 {
00836
#ifdef CONFIG_RSBAC_RMSG
00837
rsbac_printk(KERN_INFO
00838
"rsbac_mac_remove_f_tru(): removing MAC trusted user %u from file %u on device %02u:%02u denied for process %u!\n",
00839 uid,
00840 file.inode,
00841 MAJOR(file.device),
00842 MINOR(file.device),
00843 current->pid);
00844
#endif
00845
#ifndef CONFIG_RSBAC_RMSG_EXCL
00846
printk(KERN_INFO
00847
"rsbac_mac_remove_f_tru(): removing MAC trusted user %u from file %u on device %02u:%02u denied for process %u!\n",
00848 uid,
00849 file.inode,
00850 MAJOR(file.device),
00851 MINOR(file.device),
00852 current->pid);
00853
#endif
00854
#ifdef CONFIG_RSBAC_SOFTMODE
00855
if( !rsbac_softmode
00856
#ifdef CONFIG_RSBAC_SOFTMODE_IND
00857
&& !rsbac_ind_softmode[
MAC]
00858
#endif
00859
)
00860
#endif
00861
return(-EPERM);
00862 }
00863 }
00864
#endif
00865
00866
return(
rsbac_mac_remove_from_f_truset(file, uid));
00867 }
00868
00869
00870