00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012 #include <linux/string.h>
00013 #include <rsbac/types.h>
00014 #include <rsbac/aci.h>
00015 #include <rsbac/adf_main.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/helpers.h>
00018 #include <rsbac/getname.h>
00019 #include <rsbac/network.h>
00020 #include <rsbac/debug.h>
00021 #include <rsbac/jail.h>
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031 static inline rsbac_boolean_t jail_dev_tty(struct rsbac_dev_desc_t dev)
00032 {
00033 if (dev.type != D_char)
00034 return FALSE;
00035 if (((dev.major >= 2)
00036 && (dev.major <= 4)
00037 )
00038 || ((dev.major >= 128)
00039 && (dev.major <= 143)
00040 )
00041 )
00042 return TRUE;
00043 else
00044 return FALSE;
00045 }
00046
00047 static rsbac_jail_id_t
00048 jail_get_id(enum rsbac_target_t target, union rsbac_target_id_t tid)
00049 {
00050 int err;
00051 union rsbac_attribute_value_t i_attr_val1;
00052
00053 if ((err = rsbac_get_attr(SW_JAIL,
00054 target,
00055 tid, A_jail_id, &i_attr_val1, TRUE))) {
00056 rsbac_ds_get_error("jail_get_id()", A_jail_id);
00057 return 0;
00058 } else
00059 return i_attr_val1.jail_id;
00060 }
00061
00062 static rsbac_jail_id_t jail_get_id_process(rsbac_pid_t pid)
00063 {
00064 int err;
00065 union rsbac_target_id_t i_tid;
00066 union rsbac_attribute_value_t i_attr_val1;
00067
00068 i_tid.process = pid;
00069 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS,
00070 i_tid, A_jail_id, &i_attr_val1, TRUE))) {
00071 rsbac_ds_get_error("jail_get_id_process()", A_jail_id);
00072 return 0;
00073 } else
00074 return i_attr_val1.jail_id;
00075 }
00076
00077 static inline rsbac_jail_id_t jail_get_parent_process(rsbac_pid_t pid)
00078 {
00079 int err;
00080 union rsbac_target_id_t i_tid;
00081 union rsbac_attribute_value_t i_attr_val1;
00082
00083 i_tid.process = pid;
00084 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS,
00085 i_tid, A_jail_parent, &i_attr_val1, TRUE))) {
00086 rsbac_ds_get_error("jail_get_parent_process()", A_jail_parent);
00087 return 0;
00088 } else
00089 return i_attr_val1.jail_parent;
00090 }
00091
00092 #if defined(CONFIG_RSBAC_NET_OBJ)
00093 static inline rsbac_jail_ip_t jail_get_ip_process(rsbac_pid_t pid)
00094 {
00095 int err;
00096 union rsbac_target_id_t i_tid;
00097 union rsbac_attribute_value_t i_attr_val1;
00098
00099 i_tid.process = pid;
00100 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS,
00101 i_tid, A_jail_ip, &i_attr_val1, TRUE))) {
00102 rsbac_ds_get_error("jail_get_ip_process()", A_jail_ip);
00103 return 0;
00104 } else
00105 return i_attr_val1.jail_ip;
00106 }
00107 #endif
00108
00109 static rsbac_jail_flags_t jail_get_flags_process(rsbac_pid_t pid)
00110 {
00111 int err;
00112 union rsbac_target_id_t i_tid;
00113 union rsbac_attribute_value_t i_attr_val1;
00114
00115 i_tid.process = pid;
00116 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, i_tid,
00117 A_jail_flags, &i_attr_val1, TRUE))) {
00118 rsbac_ds_get_error("jail_get_flags_process()",
00119 A_jail_flags);
00120 return 0;
00121 } else
00122 return i_attr_val1.jail_flags;
00123 }
00124
00125 static inline rsbac_jail_scd_vector_t jail_get_scd_get_process(rsbac_pid_t pid)
00126 {
00127 int err;
00128 union rsbac_target_id_t i_tid;
00129 union rsbac_attribute_value_t i_attr_val1;
00130
00131 i_tid.process = pid;
00132 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, i_tid,
00133 A_jail_scd_get, &i_attr_val1, TRUE))) {
00134 rsbac_ds_get_error("jail_get_scd_get_process()",
00135 A_jail_scd_get);
00136 return 0;
00137 } else
00138 return i_attr_val1.jail_scd_get;
00139 }
00140
00141 static inline rsbac_jail_scd_vector_t jail_get_scd_modify_process(rsbac_pid_t pid)
00142 {
00143 int err;
00144 union rsbac_target_id_t i_tid;
00145 union rsbac_attribute_value_t i_attr_val1;
00146
00147 i_tid.process = pid;
00148 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, i_tid,
00149 A_jail_scd_modify,
00150 &i_attr_val1, TRUE))) {
00151 rsbac_ds_get_error("jail_get_scd_modify_process()",
00152 A_jail_scd_modify);
00153 return 0;
00154 } else
00155 return i_attr_val1.jail_scd_modify;
00156 }
00157
00158 static enum rsbac_adf_req_ret_t
00159 jail_check_sysrole(rsbac_uid_t owner,
00160 enum rsbac_system_role_t role)
00161 {
00162 union rsbac_target_id_t i_tid;
00163 union rsbac_attribute_value_t i_attr_val1;
00164
00165 i_tid.user = owner;
00166 if (rsbac_get_attr(SW_JAIL, T_USER, i_tid,
00167 A_jail_role, &i_attr_val1, TRUE)) {
00168 rsbac_ds_get_error("jail_check_sysrole()", A_jail_role);
00169 return (NOT_GRANTED);
00170 }
00171
00172 if (i_attr_val1.system_role == role)
00173 return (GRANTED);
00174 else
00175 return (NOT_GRANTED);
00176 }
00177
00178 #if defined(CONFIG_RSBAC_NET_OBJ)
00179 enum rsbac_adf_req_ret_t
00180 jail_check_ip(rsbac_pid_t pid, union rsbac_target_id_t tid)
00181 {
00182 rsbac_jail_ip_t jail_ip;
00183 rsbac_jail_flags_t jail_flags;
00184
00185 if (!tid.netobj.sock_p) {
00186 rsbac_printk(KERN_WARNING
00187 "jail_check_ip(): NULL sock_p!\n");
00188 return NOT_GRANTED;
00189 }
00190 if (!tid.netobj.sock_p->ops) {
00191 return DO_NOT_CARE;
00192 }
00193 switch (tid.netobj.sock_p->ops->family) {
00194 case AF_UNIX:
00195 return (DO_NOT_CARE);
00196
00197 case AF_INET:
00198 switch (tid.netobj.sock_p->type) {
00199 case SOCK_STREAM:
00200 case SOCK_DGRAM:
00201 case SOCK_RDM:
00202 jail_ip = jail_get_ip_process(pid);
00203 if (jail_ip == INADDR_ANY)
00204 return GRANTED;
00205 jail_flags = jail_get_flags_process(pid);
00206 if (tid.netobj.local_addr) {
00207 struct sockaddr_in *addr =
00208 tid.netobj.local_addr;
00209
00210 if ((jail_ip == addr->sin_addr.s_addr)
00211 || (
00212 (jail_flags &
00213 JAIL_allow_inet_localhost)
00214 && (addr->sin_addr.s_addr ==
00215 RSBAC_JAIL_LOCALHOST)
00216 )
00217 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST)
00218 || (
00219 (jail_flags &
00220 JAIL_auto_adjust_inet_any)
00221 && (addr->sin_addr.s_addr ==
00222 INADDR_ANY)
00223 )
00224 #endif
00225 )
00226 return GRANTED;
00227 else {
00228 rsbac_pr_debug(adf_jail, "local_addr does not match jail_ip -> NOT_GRANTED!\n");
00229 return NOT_GRANTED;
00230 }
00231 } else if ((tid.netobj.remote_addr)
00232 && (jail_flags &
00233 JAIL_allow_inet_localhost)
00234 &&
00235 (((struct sockaddr_in *) tid.netobj.
00236 remote_addr)->sin_addr.s_addr ==
00237 RSBAC_JAIL_LOCALHOST)
00238 )
00239 return GRANTED;
00240 else {
00241 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00242 if (((jail_ip ==
00243 inet_sk(tid.netobj.sock_p->sk)->
00244 rcv_saddr)
00245 && (jail_ip ==
00246 inet_sk(tid.netobj.sock_p->sk)->
00247 saddr)
00248 )
00249 || (
00250 (jail_flags &
00251 JAIL_allow_inet_localhost)
00252 &&
00253 ((inet_sk(tid.netobj.sock_p->sk)->
00254 saddr == RSBAC_JAIL_LOCALHOST)
00255 || (
00256 inet_sk(tid.netobj.sock_p->sk)->
00257 daddr == RSBAC_JAIL_LOCALHOST)
00258 )
00259 )
00260 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST)
00261 || (
00262 (jail_flags &
00263 JAIL_auto_adjust_inet_any)
00264 && (inet_sk(tid.netobj.sock_p->sk)->
00265 rcv_saddr == INADDR_ANY)
00266 && (inet_sk(tid.netobj.sock_p->sk)->
00267 saddr == INADDR_ANY)
00268 )
00269 #endif
00270 )
00271 #else
00272 if (((jail_ip ==
00273 tid.netobj.sock_p->sk->rcv_saddr)
00274 && (jail_ip ==
00275 tid.netobj.sock_p->sk->saddr)
00276 )
00277 || (
00278 (jail_flags &
00279 JAIL_allow_inet_localhost)
00280 &&
00281 ((tid.netobj.sock_p->sk->saddr ==
00282 RSBAC_JAIL_LOCALHOST)
00283 ||
00284 (tid.netobj.sock_p->sk->daddr ==
00285 RSBAC_JAIL_LOCALHOST)
00286 )
00287 )
00288 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST)
00289 || (
00290 (jail_flags &
00291 JAIL_auto_adjust_inet_any)
00292 && (tid.netobj.sock_p->sk->
00293 rcv_saddr == INADDR_ANY)
00294 && (tid.netobj.sock_p->sk->saddr ==
00295 INADDR_ANY)
00296 )
00297 #endif
00298 )
00299 #endif
00300 return GRANTED;
00301 else {
00302 rsbac_pr_debug(adf_jail, "sk->rcv_saddr or sk->saddr does not match jail_ip -> NOT_GRANTED!\n");
00303 return NOT_GRANTED;
00304 }
00305 }
00306
00307 case SOCK_RAW:
00308 if (jail_get_flags_process(pid) &
00309 JAIL_allow_inet_raw)
00310 return (GRANTED);
00311 else {
00312 rsbac_pr_debug(adf_jail, "network type is raw and allow_inet_raw is not set -> NOT_GRANTED!\n");
00313 return (NOT_GRANTED);
00314 }
00315
00316 default:
00317 rsbac_pr_debug(adf_jail, "network type not STREAM, DGRAM, RDM or RAW -> NOT_GRANTED!\n");
00318 return (NOT_GRANTED);
00319 }
00320
00321 default:
00322 if (jail_get_flags_process(pid) &
00323 JAIL_allow_all_net_family)
00324 return (GRANTED);
00325 else {
00326 rsbac_pr_debug(adf_jail, "network family not UNIX or INET and allow_all_net_family not set -> NOT_GRANTED!\n");
00327 return NOT_GRANTED;
00328 }
00329 }
00330 }
00331 #endif
00332
00333
00334
00335
00336
00337 enum rsbac_adf_req_ret_t
00338 rsbac_adf_request_jail(enum rsbac_adf_request_t request,
00339 rsbac_pid_t caller_pid,
00340 enum rsbac_target_t target,
00341 union rsbac_target_id_t tid,
00342 enum rsbac_attribute_t attr,
00343 union rsbac_attribute_value_t attr_val,
00344 rsbac_uid_t owner)
00345 {
00346 rsbac_jail_id_t jail_id;
00347 rsbac_jail_id_t jail_id_object;
00348 rsbac_jail_flags_t jail_flags;
00349
00350 switch(target) {
00351 case T_DEV:
00352 switch(request) {
00353 case R_SEND:
00354 if (jail_get_id_process(caller_pid))
00355 return NOT_GRANTED;
00356 else
00357 return GRANTED;
00358 case R_APPEND_OPEN:
00359 case R_WRITE_OPEN:
00360 if (jail_get_id_process(caller_pid)) {
00361 jail_flags =
00362 jail_get_flags_process(caller_pid);
00363 if (!(jail_flags & JAIL_allow_dev_write))
00364 return NOT_GRANTED;
00365 else if (jail_dev_tty(tid.dev)
00366 && !(jail_flags &
00367 JAIL_allow_tty_open)
00368 )
00369 return NOT_GRANTED;
00370 else
00371 return GRANTED;
00372 } else
00373 return GRANTED;
00374 case R_READ_OPEN:
00375 if (jail_get_id_process(caller_pid)) {
00376 jail_flags =
00377 jail_get_flags_process(caller_pid);
00378 if (!(jail_flags & JAIL_allow_dev_read))
00379 return NOT_GRANTED;
00380 else if (jail_dev_tty(tid.dev)
00381 && !(jail_flags &
00382 JAIL_allow_tty_open)
00383 )
00384 return NOT_GRANTED;
00385 else
00386 return GRANTED;
00387 } else
00388 return GRANTED;
00389 case R_READ_WRITE_OPEN:
00390 if (jail_get_id_process(caller_pid)) {
00391 jail_flags =
00392 jail_get_flags_process(caller_pid);
00393 if (!(jail_flags & JAIL_allow_dev_read)
00394 || !(jail_flags & JAIL_allow_dev_write)
00395 )
00396 return NOT_GRANTED;
00397 else if (jail_dev_tty(tid.dev)
00398 && !(jail_flags &
00399 JAIL_allow_tty_open)
00400 )
00401 return NOT_GRANTED;
00402 else
00403 return GRANTED;
00404 } else
00405 return GRANTED;
00406 case R_GET_STATUS_DATA:
00407 if (jail_get_id_process(caller_pid)
00408 && !(jail_get_flags_process(caller_pid) &
00409 JAIL_allow_dev_get_status)
00410 )
00411 return NOT_GRANTED;
00412 else
00413 return GRANTED;
00414 case R_MODIFY_SYSTEM_DATA:
00415 if (jail_get_id_process(caller_pid)
00416 && !(jail_get_flags_process(caller_pid) &
00417 JAIL_allow_dev_mod_system)
00418 )
00419 return NOT_GRANTED;
00420 else
00421 return GRANTED;
00422 case R_READ:
00423 if (jail_get_id_process(caller_pid)
00424 && !(jail_get_flags_process(caller_pid) &
00425 JAIL_allow_dev_read)
00426 )
00427 return NOT_GRANTED;
00428 else
00429 return GRANTED;
00430 case R_WRITE:
00431 if (jail_get_id_process(caller_pid)
00432 && !(jail_get_flags_process(caller_pid) &
00433 JAIL_allow_dev_write)
00434 )
00435 return NOT_GRANTED;
00436 else
00437 return GRANTED;
00438 default:
00439 return DO_NOT_CARE;
00440 }
00441 case T_DIR:
00442 switch(request) {
00443 case R_CREATE:
00444 if (!jail_get_id_process(caller_pid))
00445 return GRANTED;
00446
00447 if ((attr == A_create_data)
00448 && (S_ISCHR(attr_val.create_data.mode)
00449 || S_ISBLK(attr_val.create_data.mode)
00450 || ((attr_val.create_data.mode & (S_ISUID | S_ISGID))
00451 && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files)
00452 )
00453 )
00454 )
00455 return NOT_GRANTED;
00456 else
00457 return GRANTED;
00458 case R_MODIFY_PERMISSIONS_DATA:
00459 if (jail_get_id_process(caller_pid)
00460 && (attr == A_mode)
00461 && (attr_val.mode & (S_ISUID | S_ISGID))
00462 && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files)
00463 )
00464 return NOT_GRANTED;
00465 else
00466 return GRANTED;
00467 default:
00468 return DO_NOT_CARE;
00469 }
00470 case T_FILE:
00471 switch(request) {
00472 case R_ADD_TO_KERNEL:
00473 case R_REMOVE_FROM_KERNEL:
00474 if (jail_get_id_process(caller_pid))
00475 return NOT_GRANTED;
00476 else
00477 return GRANTED;
00478 case R_MOUNT:
00479 case R_UMOUNT:
00480 if (!jail_get_id_process(caller_pid)
00481 || (jail_get_flags_process(caller_pid) & JAIL_allow_mount)
00482 )
00483 return GRANTED;
00484 else
00485 return NOT_GRANTED;
00486 case R_MODIFY_PERMISSIONS_DATA:
00487 if (jail_get_id_process(caller_pid)
00488 && (attr == A_mode)
00489 && (attr_val.mode & (S_ISUID | S_ISGID))
00490 && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files)
00491 )
00492 return NOT_GRANTED;
00493 else
00494 return GRANTED;
00495 default:
00496 return DO_NOT_CARE;
00497 }
00498 case T_PROCESS:
00499 switch(request) {
00500 case R_GET_STATUS_DATA:
00501 case R_SEND_SIGNAL:
00502 case R_MODIFY_SYSTEM_DATA:
00503 case R_TRACE:
00504 jail_id = jail_get_id_process(caller_pid);
00505 if (!jail_id
00506 || (jail_id == jail_get_id(target, tid))
00507 )
00508 return GRANTED;
00509 else
00510 return NOT_GRANTED;
00511 case R_MODIFY_ATTRIBUTE:
00512 switch (attr) {
00513 case A_jail_id:
00514 case A_jail_ip:
00515 case A_jail_flags:
00516 case A_jail_max_caps:
00517 case A_jail_parent:
00518 case A_jail_scd_get:
00519 case A_jail_scd_modify:
00520
00521 case A_none:
00522 if (jail_get_id_process(caller_pid))
00523 return NOT_GRANTED;
00524
00525
00526 return jail_check_sysrole(owner,
00527 SR_security_officer);
00528 default:
00529 return DO_NOT_CARE;
00530 }
00531 case R_READ_ATTRIBUTE:
00532 switch (attr) {
00533 case A_jail_id:
00534 case A_jail_ip:
00535 case A_jail_flags:
00536 case A_jail_max_caps:
00537 case A_jail_parent:
00538 case A_jail_scd_get:
00539 case A_jail_scd_modify:
00540
00541 case A_none:
00542 if (jail_get_id_process(caller_pid))
00543 return NOT_GRANTED;
00544
00545
00546 if (jail_check_sysrole(owner, SR_administrator) ==
00547 NOT_GRANTED)
00548 return jail_check_sysrole(owner,
00549 SR_security_officer);
00550 else
00551 return GRANTED;
00552 default:
00553 return (DO_NOT_CARE);
00554 }
00555 default:
00556 return DO_NOT_CARE;
00557 }
00558 case T_UNIXSOCK:
00559 switch(request) {
00560 case R_SEND:
00561 case R_CONNECT:
00562 case R_LISTEN:
00563 case R_ACCEPT:
00564 case R_RECEIVE:
00565 #ifdef CONFIG_RSBAC_RW
00566 case R_READ:
00567 case R_WRITE:
00568 #endif
00569 case R_BIND:
00570 jail_id = jail_get_id_process(caller_pid);
00571 if (!jail_id)
00572 return GRANTED;
00573 if (attr == A_process) {
00574 union rsbac_target_id_t i_tid;
00575 rsbac_jail_id_t jail_id_parent;
00576
00577 i_tid.process = attr_val.process;
00578 jail_id_parent = jail_get_parent_process(caller_pid);
00579 if((jail_id != (jail_id_object = jail_get_id(T_PROCESS, i_tid)))
00580 && !((jail_flags = jail_get_flags_process(caller_pid)) & JAIL_allow_external_ipc)
00581 && (!(jail_flags & JAIL_allow_parent_ipc)
00582 || (jail_id_object != jail_id_parent)
00583 )
00584 && (!(jail_flags & JAIL_allow_ipc_to_syslog)
00585 || (jail_id_object != rsbac_jail_syslog_jail_id)
00586 )
00587 ) {
00588 rsbac_pr_debug(adf_jail,
00589 "process jail %u does not match partner process jail %u, parent jail is %u -> NOT_GRANTED!\n",
00590 jail_id, jail_id_object, jail_id_parent);
00591 return NOT_GRANTED;
00592 }
00593 } else {
00594 if(!(jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)) {
00595 rsbac_pr_debug(adf_jail,
00596 "process jail is %u, no allow_ipc and partner process unknown -> NOT_GRANTED!\n",
00597 jail_id);
00598 return NOT_GRANTED;
00599 }
00600 }
00601 return GRANTED;
00602 default:
00603 return DO_NOT_CARE;
00604 }
00605 #ifdef CONFIG_RSBAC_NET_OBJ
00606 case T_NETOBJ:
00607 switch(request) {
00608 case R_SEND:
00609 case R_RECEIVE:
00610 case R_CONNECT:
00611 case R_LISTEN:
00612 case R_ACCEPT:
00613 case R_GET_PERMISSIONS_DATA:
00614 case R_MODIFY_PERMISSIONS_DATA:
00615 case R_GET_STATUS_DATA:
00616 case R_READ:
00617 case R_WRITE:
00618 case R_BIND:
00619 if (!jail_get_id_process(caller_pid))
00620 return GRANTED;
00621 return (jail_check_ip(caller_pid, tid));
00622 case R_CREATE:
00623 if (!jail_get_id_process(caller_pid))
00624 return GRANTED;
00625 if (!tid.netobj.sock_p) {
00626 rsbac_printk(KERN_WARNING "rsbac_adf_request_jail(): NULL sock_p on CREATE!\n");
00627 return NOT_GRANTED;
00628 }
00629 if (!tid.netobj.sock_p->ops) {
00630 return DO_NOT_CARE;
00631 }
00632 switch (tid.netobj.sock_p->ops->family) {
00633 case AF_UNIX:
00634 return (GRANTED);
00635
00636 case AF_INET:
00637 switch (tid.netobj.sock_p->type) {
00638 case SOCK_STREAM:
00639 case SOCK_DGRAM:
00640 case SOCK_RDM:
00641 if (tid.netobj.sock_p->sk
00642 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00643 && (tid.netobj.sock_p->sk->
00644 sk_protocol == IPPROTO_RAW)
00645 #else
00646 && (tid.netobj.sock_p->sk->
00647 protocol == IPPROTO_RAW)
00648 #endif
00649 ) {
00650 jail_flags =
00651 jail_get_flags_process
00652 (caller_pid);
00653 if (jail_flags &
00654 JAIL_allow_inet_raw)
00655 return (GRANTED);
00656 else
00657 return NOT_GRANTED;
00658 } else
00659 return GRANTED;
00660
00661 case SOCK_RAW:
00662 jail_flags =
00663 jail_get_flags_process
00664 (caller_pid);
00665 if (jail_flags &
00666 JAIL_allow_inet_raw)
00667 return (GRANTED);
00668 else
00669 return NOT_GRANTED;
00670
00671 default:
00672 return (NOT_GRANTED);
00673 }
00674
00675 default:
00676 jail_flags =
00677 jail_get_flags_process(caller_pid);
00678 if (jail_flags & JAIL_allow_all_net_family)
00679 return (GRANTED);
00680 else
00681 return (NOT_GRANTED);
00682 }
00683 default:
00684 return DO_NOT_CARE;
00685 }
00686 #endif
00687 case T_IPC:
00688 switch(request) {
00689 case R_ALTER:
00690 case R_APPEND_OPEN:
00691 case R_WRITE_OPEN:
00692 case R_READ_OPEN:
00693 case R_READ_WRITE_OPEN:
00694 case R_DELETE:
00695 case R_MODIFY_PERMISSIONS_DATA:
00696 case R_GET_STATUS_DATA:
00697 jail_id = jail_get_id_process(caller_pid);
00698 if (!jail_id
00699 || (jail_id == (jail_id_object = jail_get_id(target, tid)))
00700 || ((jail_flags = jail_get_flags_process(caller_pid)) &
00701 JAIL_allow_external_ipc)
00702 || ((jail_flags & JAIL_allow_parent_ipc)
00703 && (jail_get_parent_process(caller_pid) == jail_id_object)
00704 )
00705 || ((jail_flags & JAIL_allow_ipc_to_syslog)
00706 && (rsbac_jail_syslog_jail_id == jail_id_object)
00707 )
00708 )
00709 return GRANTED;
00710 else {
00711 rsbac_pr_debug(adf_jail,
00712 "process jail %u does not match IPC object jail %u -> NOT_GRANTED!\n",
00713 jail_id, jail_id_object);
00714 return NOT_GRANTED;
00715 }
00716 case R_CREATE:
00717 return GRANTED;
00718 case R_MODIFY_ATTRIBUTE:
00719 switch (attr) {
00720 case A_jail_id:
00721
00722 case A_none:
00723 if (jail_get_id_process(caller_pid))
00724 return NOT_GRANTED;
00725
00726
00727 return jail_check_sysrole(owner,
00728 SR_security_officer);
00729 default:
00730 return DO_NOT_CARE;
00731 }
00732 case R_READ_ATTRIBUTE:
00733 switch (attr) {
00734 case A_jail_id:
00735
00736 case A_none:
00737 if (jail_get_id_process(caller_pid))
00738 return NOT_GRANTED;
00739
00740
00741 if (jail_check_sysrole(owner, SR_administrator) ==
00742 NOT_GRANTED)
00743 return jail_check_sysrole(owner,
00744 SR_security_officer);
00745 else
00746 return GRANTED;
00747 default:
00748 return (DO_NOT_CARE);
00749 }
00750 default:
00751 jail_id = jail_get_id_process(caller_pid);
00752 if (!jail_id)
00753 return GRANTED;
00754 if((jail_flags = jail_get_flags_process(caller_pid)) &
00755 JAIL_allow_external_ipc)
00756 return GRANTED;
00757 jail_id_object = jail_get_id(target, tid);
00758 if((jail_flags & JAIL_allow_parent_ipc)
00759 && (jail_get_parent_process(caller_pid) == jail_id_object))
00760 return GRANTED;
00761 if((jail_flags & JAIL_allow_ipc_to_syslog)
00762 && (rsbac_jail_syslog_jail_id == jail_id_object))
00763 return GRANTED;
00764 if(jail_id != jail_id_object) {
00765 rsbac_pr_debug(adf_jail,
00766 "process jail %u does not match IPC object jail %u -> NOT_GRANTED!\n",
00767 jail_id, jail_id_object);
00768 return NOT_GRANTED;
00769 }
00770 if (attr == A_process) {
00771 union rsbac_target_id_t i_tid;
00772 rsbac_jail_id_t jail_id_parent;
00773
00774 i_tid.process = attr_val.process;
00775 jail_id_parent = jail_get_parent_process(caller_pid);
00776 if((jail_id != (jail_id_object = jail_get_id(T_PROCESS, i_tid)))
00777 && !(jail_flags & JAIL_allow_external_ipc)
00778 && (!(jail_flags & JAIL_allow_parent_ipc)
00779 || (jail_id_object != jail_id_parent)
00780 )
00781 ) {
00782 rsbac_pr_debug(adf_jail,
00783 "process jail %u does not match partner process jail %u, parent jail is %u -> NOT_GRANTED!\n",
00784 jail_id, jail_id_object, jail_id_parent);
00785 return NOT_GRANTED;
00786 }
00787 }
00788 return GRANTED;
00789 }
00790 case T_FIFO:
00791 case T_SYMLINK:
00792 switch(request) {
00793 case R_MODIFY_PERMISSIONS_DATA:
00794 if (jail_get_id_process(caller_pid)
00795 && (attr == A_mode)
00796 && (attr_val.mode & (S_ISUID | S_ISGID))
00797 && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files)
00798 )
00799 return NOT_GRANTED;
00800 else
00801 return GRANTED;
00802 default:
00803 return DO_NOT_CARE;
00804 }
00805 case T_SCD:
00806 switch(request) {
00807 case R_MODIFY_PERMISSIONS_DATA:
00808 if (jail_get_id_process(caller_pid))
00809 return NOT_GRANTED;
00810 else
00811 return GRANTED;
00812 case R_GET_STATUS_DATA:
00813 if (jail_get_id_process(caller_pid)) {
00814 if (jail_get_scd_get_process(caller_pid) &
00815 RSBAC_SCD_VECTOR(tid.scd))
00816 return GRANTED;
00817 else
00818 return NOT_GRANTED;
00819 } else
00820 return GRANTED;
00821 case R_MODIFY_SYSTEM_DATA:
00822 if (jail_get_id_process(caller_pid)) {
00823 if (jail_get_scd_modify_process(caller_pid)
00824 & RSBAC_SCD_VECTOR(tid.scd))
00825 return (GRANTED);
00826 else
00827 return NOT_GRANTED;
00828 } else
00829 return GRANTED;
00830 default:
00831 return DO_NOT_CARE;
00832 }
00833 case T_NONE:
00834 switch(request) {
00835 case R_ADD_TO_KERNEL:
00836 case R_REMOVE_FROM_KERNEL:
00837 case R_SHUTDOWN:
00838 if (jail_get_id_process(caller_pid))
00839 return NOT_GRANTED;
00840 else
00841 return GRANTED;
00842 case R_SWITCH_LOG:
00843 if (jail_get_id_process(caller_pid))
00844 return NOT_GRANTED;
00845
00846 return jail_check_sysrole(owner,
00847 SR_security_officer);
00848 case R_SWITCH_MODULE:
00849
00850 if (attr != A_switch_target)
00851 return (UNDEFINED);
00852
00853 if ((attr_val.switch_target != SW_JAIL)
00854 #ifdef CONFIG_RSBAC_SOFTMODE
00855 && (attr_val.switch_target != SW_SOFTMODE)
00856 #endif
00857 #ifdef CONFIG_RSBAC_FREEZE
00858 && (attr_val.switch_target != SW_FREEZE)
00859 #endif
00860 )
00861 return (DO_NOT_CARE);
00862 if (jail_get_id_process(caller_pid))
00863 return NOT_GRANTED;
00864
00865 return jail_check_sysrole(owner,
00866 SR_security_officer);
00867 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
00868
00869 case R_MODIFY_PERMISSIONS_DATA:
00870 if (jail_get_id_process(caller_pid))
00871 return NOT_GRANTED;
00872 else
00873 return GRANTED;
00874 #endif
00875 default:
00876 return DO_NOT_CARE;
00877 }
00878 case T_NETDEV:
00879 switch(request) {
00880 #ifdef CONFIG_RSBAC_JAIL_NET_DEV_PROT
00881 case R_MODIFY_SYSTEM_DATA:
00882 case R_BIND:
00883 if (jail_get_id_process(caller_pid))
00884 return NOT_GRANTED;
00885 else
00886 return GRANTED;
00887 #endif
00888 default:
00889 return DO_NOT_CARE;
00890 }
00891
00892 #if defined(CONFIG_RSBAC_NET_OBJ)
00893 case T_NETTEMP:
00894 switch(request) {
00895 case R_CREATE:
00896 case R_DELETE:
00897 case R_WRITE:
00898 if (jail_get_id_process(caller_pid))
00899 return NOT_GRANTED;
00900 return jail_check_sysrole(owner, SR_security_officer);
00901 case R_READ:
00902 if (jail_get_id_process(caller_pid))
00903 return NOT_GRANTED;
00904 if (jail_check_sysrole(owner, SR_security_officer)
00905 == GRANTED)
00906 return GRANTED;
00907 return jail_check_sysrole(owner, SR_administrator);
00908 default:
00909 return DO_NOT_CARE;
00910 }
00911 #endif
00912
00913 case T_USER:
00914 switch(request) {
00915 case R_MODIFY_ATTRIBUTE:
00916 switch (attr) {
00917 case A_system_role:
00918 case A_jail_role:
00919
00920 case A_none:
00921 if (jail_get_id_process(caller_pid))
00922 return NOT_GRANTED;
00923
00924
00925 return jail_check_sysrole(owner,
00926 SR_security_officer);
00927 default:
00928 return DO_NOT_CARE;
00929 }
00930 case R_READ_ATTRIBUTE:
00931 switch (attr) {
00932 case A_system_role:
00933 case A_jail_role:
00934
00935 case A_none:
00936 if (jail_get_id_process(caller_pid))
00937 return NOT_GRANTED;
00938
00939
00940 if (jail_check_sysrole(owner, SR_administrator) ==
00941 NOT_GRANTED)
00942 return jail_check_sysrole(owner,
00943 SR_security_officer);
00944 else
00945 return GRANTED;
00946 default:
00947 return (DO_NOT_CARE);
00948 }
00949 default:
00950 return DO_NOT_CARE;
00951 }
00952
00953
00954 default:
00955 return DO_NOT_CARE;
00956 }
00957 }
00958
00959
00960
00961
00962
00963
00964
00965
00966
00967
00968
00969 int rsbac_adf_set_attr_jail(enum rsbac_adf_request_t request,
00970 rsbac_pid_t caller_pid,
00971 enum rsbac_target_t target,
00972 union rsbac_target_id_t tid,
00973 enum rsbac_target_t new_target,
00974 union rsbac_target_id_t new_tid,
00975 enum rsbac_attribute_t attr,
00976 union rsbac_attribute_value_t attr_val,
00977 rsbac_uid_t owner)
00978 {
00979 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST
00980 int err;
00981 #endif
00982 union rsbac_target_id_t i_tid;
00983 union rsbac_attribute_value_t i_attr_val1;
00984 union rsbac_attribute_value_t i_attr_val2;
00985
00986 switch (request) {
00987 case R_CHANGE_OWNER:
00988 switch (target) {
00989 case T_PROCESS:
00990
00991 i_tid.process = caller_pid;
00992 #ifdef CONFIG_RSBAC_SOFTMODE
00993 if (!rsbac_softmode)
00994 #endif
00995 {
00996 if (rsbac_get_attr(SW_JAIL,
00997 T_PROCESS,
00998 i_tid,
00999 A_jail_max_caps,
01000 &i_attr_val1, FALSE)) {
01001 rsbac_ds_get_error
01002 ("rsbac_adf_set_attr_jail()",
01003 A_jail_max_caps);
01004 } else {
01005 extern spinlock_t
01006 task_capability_lock;
01007
01008
01009 spin_lock(&task_capability_lock);
01010 current->cap_permitted &=
01011 i_attr_val1.jail_max_caps;
01012 current->cap_effective &=
01013 i_attr_val1.jail_max_caps;
01014 current->cap_inheritable &=
01015 i_attr_val1.jail_max_caps;
01016 spin_unlock(&task_capability_lock);
01017 }
01018 }
01019 return 0;
01020
01021
01022 default:
01023 return 0;
01024 }
01025
01026 case R_CLONE:
01027 if (target == T_PROCESS) {
01028 union rsbac_attribute_value_t i_attr_val3;
01029 union rsbac_attribute_value_t i_attr_val4;
01030 union rsbac_attribute_value_t i_attr_val5;
01031 union rsbac_attribute_value_t i_attr_val6;
01032
01033
01034 if (rsbac_get_attr(SW_JAIL,
01035 T_PROCESS,
01036 tid,
01037 A_jail_id,
01038 &i_attr_val1, FALSE)) {
01039 rsbac_ds_get_error
01040 ("rsbac_adf_set_attr_jail()",
01041 A_jail_id);
01042 return (-RSBAC_EREADFAILED);
01043 }
01044
01045 if(!i_attr_val1.jail_id)
01046 return 0;
01047
01048 if (rsbac_get_attr(SW_JAIL,
01049 T_PROCESS,
01050 tid,
01051 A_jail_ip,
01052 &i_attr_val2, FALSE)) {
01053 rsbac_ds_get_error
01054 ("rsbac_adf_set_attr_jail()",
01055 A_jail_ip);
01056 return (-RSBAC_EREADFAILED);
01057 }
01058
01059 if (rsbac_get_attr(SW_JAIL,
01060 T_PROCESS,
01061 tid,
01062 A_jail_flags,
01063 &i_attr_val3, FALSE)) {
01064 rsbac_ds_get_error
01065 ("rsbac_adf_set_attr_jail()",
01066 A_jail_flags);
01067 return (-RSBAC_EREADFAILED);
01068 }
01069
01070 if (rsbac_get_attr(SW_JAIL,
01071 T_PROCESS,
01072 tid,
01073 A_jail_max_caps,
01074 &i_attr_val4, FALSE)) {
01075 rsbac_ds_get_error
01076 ("rsbac_adf_set_attr_jail()",
01077 A_jail_max_caps);
01078 return (-RSBAC_EREADFAILED);
01079 }
01080
01081 if (rsbac_get_attr(SW_JAIL,
01082 T_PROCESS,
01083 tid,
01084 A_jail_scd_get,
01085 &i_attr_val5, FALSE)) {
01086 rsbac_ds_get_error
01087 ("rsbac_adf_set_attr_jail()",
01088 A_jail_scd_get);
01089 return (-RSBAC_EREADFAILED);
01090 }
01091
01092 if (rsbac_get_attr(SW_JAIL,
01093 T_PROCESS,
01094 tid,
01095 A_jail_scd_modify,
01096 &i_attr_val6, FALSE)) {
01097 rsbac_ds_get_error
01098 ("rsbac_adf_set_attr_jail()",
01099 A_jail_scd_modify);
01100 return (-RSBAC_EREADFAILED);
01101 }
01102
01103 if (rsbac_set_attr(SW_JAIL,
01104 T_PROCESS,
01105 new_tid,
01106 A_jail_id, i_attr_val1)) {
01107 rsbac_ds_set_error
01108 ("rsbac_adf_set_attr_jail()",
01109 A_jail_id);
01110 return (-RSBAC_EWRITEFAILED);
01111 }
01112
01113 if (rsbac_set_attr(SW_JAIL,
01114 T_PROCESS,
01115 new_tid,
01116 A_jail_ip, i_attr_val2)) {
01117 rsbac_ds_set_error
01118 ("rsbac_adf_set_attr_jail()",
01119 A_jail_ip);
01120 return (-RSBAC_EWRITEFAILED);
01121 }
01122
01123 if (rsbac_set_attr(SW_JAIL,
01124 T_PROCESS,
01125 new_tid,
01126 A_jail_flags, i_attr_val3)) {
01127 rsbac_ds_set_error
01128 ("rsbac_adf_set_attr_jail()",
01129 A_jail_flags);
01130 return (-RSBAC_EWRITEFAILED);
01131 }
01132
01133 if (rsbac_set_attr(SW_JAIL,
01134 T_PROCESS,
01135 new_tid,
01136 A_jail_max_caps, i_attr_val4)) {
01137 rsbac_ds_set_error
01138 ("rsbac_adf_set_attr_jail()",
01139 A_jail_max_caps);
01140 return (-RSBAC_EWRITEFAILED);
01141 }
01142
01143 if (rsbac_set_attr(SW_JAIL,
01144 T_PROCESS,
01145 new_tid,
01146 A_jail_scd_get, i_attr_val5)) {
01147 rsbac_ds_set_error
01148 ("rsbac_adf_set_attr_jail()",
01149 A_jail_scd_get);
01150 return (-RSBAC_EWRITEFAILED);
01151 }
01152
01153 if (rsbac_set_attr(SW_JAIL,
01154 T_PROCESS,
01155 new_tid,
01156 A_jail_scd_modify,
01157 i_attr_val6)) {
01158 rsbac_ds_set_error
01159 ("rsbac_adf_set_attr_jail()",
01160 A_jail_scd_modify);
01161 return (-RSBAC_EWRITEFAILED);
01162 }
01163 return 0;
01164 } else
01165 return 0;
01166
01167 case R_EXECUTE:
01168 switch (target) {
01169 case T_FILE:
01170
01171 i_tid.process = caller_pid;
01172 #ifdef CONFIG_RSBAC_SOFTMODE
01173 if (!rsbac_softmode)
01174 #endif
01175 {
01176 if (rsbac_get_attr(SW_JAIL,
01177 T_PROCESS,
01178 i_tid,
01179 A_jail_max_caps,
01180 &i_attr_val1, FALSE)) {
01181 rsbac_ds_get_error
01182 ("rsbac_adf_set_attr_jail()",
01183 A_jail_max_caps);
01184 } else {
01185 extern spinlock_t
01186 task_capability_lock;
01187
01188
01189 spin_lock(&task_capability_lock);
01190 current->cap_permitted &=
01191 i_attr_val1.jail_max_caps;
01192 current->cap_effective &=
01193 i_attr_val1.jail_max_caps;
01194 current->cap_inheritable &=
01195 i_attr_val1.jail_max_caps;
01196 spin_unlock(&task_capability_lock);
01197 }
01198 }
01199 return 0;
01200
01201
01202 default:
01203 return 0;
01204 }
01205
01206 case R_CREATE:
01207 if (target == T_IPC) {
01208
01209 i_tid.process = caller_pid;
01210 if (rsbac_get_attr(SW_JAIL,
01211 T_PROCESS,
01212 i_tid,
01213 A_jail_id,
01214 &i_attr_val1, FALSE)) {
01215 rsbac_ds_get_error
01216 ("rsbac_adf_set_attr_jail()",
01217 A_jail_id);
01218 return (-RSBAC_EREADFAILED);
01219 }
01220
01221 if (rsbac_set_attr(SW_JAIL,
01222 T_IPC,
01223 tid, A_jail_id, i_attr_val1)) {
01224 rsbac_ds_set_error
01225 ("rsbac_adf_set_attr_jail()",
01226 A_jail_id);
01227 return (-RSBAC_EWRITEFAILED);
01228 }
01229 return 0;
01230 }
01231
01232
01233 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST
01234 case R_BIND:
01235 if (target != T_NETOBJ)
01236 return 0;
01237 if (!tid.netobj.sock_p) {
01238 rsbac_printk(KERN_WARNING
01239 "rsbac_adf_set_attr_jail(): NULL sock_p!\n");
01240 return 0;
01241 }
01242 if (!tid.netobj.sock_p->ops) {
01243 return 0;
01244 }
01245 switch (tid.netobj.sock_p->ops->family) {
01246 case AF_INET:
01247 i_tid.process = caller_pid;
01248 if ((err = rsbac_get_attr(SW_JAIL,
01249 T_PROCESS,
01250 i_tid,
01251 A_jail_ip,
01252 &i_attr_val1, TRUE))) {
01253 rsbac_ds_get_error
01254 ("rsbac_adf_set_attr_jail()",
01255 A_jail_ip);
01256 return -RSBAC_EREADFAILED;
01257 }
01258 if (i_attr_val1.jail_ip == INADDR_ANY)
01259 return 0;
01260 if ((err = rsbac_get_attr(SW_JAIL,
01261 T_PROCESS,
01262 i_tid,
01263 A_jail_flags,
01264 &i_attr_val2, TRUE))) {
01265 rsbac_ds_get_error
01266 ("rsbac_adf_set_attr_jail()",
01267 A_jail_flags);
01268 return -RSBAC_EREADFAILED;
01269 }
01270 if (i_attr_val2.
01271 jail_flags & JAIL_auto_adjust_inet_any) {
01272 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01273 inet_sk(tid.netobj.sock_p->sk)->rcv_saddr =
01274 i_attr_val1.jail_ip;
01275 inet_sk(tid.netobj.sock_p->sk)->saddr =
01276 i_attr_val1.jail_ip;
01277 #else
01278 tid.netobj.sock_p->sk->rcv_saddr =
01279 i_attr_val1.jail_ip;
01280 tid.netobj.sock_p->sk->saddr =
01281 i_attr_val1.jail_ip;
01282 #endif
01283 }
01284 return 0;
01285
01286 default:
01287 break;
01288 }
01289 #endif
01290 return 0;
01291 default:
01292 return 0;
01293 }
01294
01295 return 0;
01296 }