00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012 #include <linux/string.h>
00013 #include <rsbac/types.h>
00014 #include <rsbac/aci.h>
00015 #include <rsbac/adf_main.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/helpers.h>
00018 #include <rsbac/getname.h>
00019 #include <rsbac/debug.h>
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033 inline enum rsbac_adf_req_ret_t
00034 rsbac_adf_request_cap (enum rsbac_adf_request_t request,
00035 rsbac_pid_t caller_pid,
00036 enum rsbac_target_t target,
00037 union rsbac_target_id_t tid,
00038 enum rsbac_attribute_t attr,
00039 union rsbac_attribute_value_t attr_val,
00040 rsbac_uid_t owner)
00041 {
00042 union rsbac_target_id_t i_tid;
00043 union rsbac_attribute_value_t i_attr_val1;
00044
00045 switch (request)
00046 {
00047 case R_MODIFY_ATTRIBUTE:
00048 switch(attr)
00049 {
00050 case A_system_role:
00051 case A_cap_role:
00052 case A_min_caps:
00053 case A_max_caps:
00054 case A_max_caps_user:
00055 case A_max_caps_program:
00056 case A_cap_process_hiding:
00057 #ifdef CONFIG_RSBAC_CAP_AUTH_PROT
00058 case A_auth_may_setuid:
00059 case A_auth_may_set_cap:
00060 case A_auth_start_uid:
00061 case A_auth_start_euid:
00062 case A_auth_start_gid:
00063 case A_auth_start_egid:
00064 case A_auth_program_file:
00065 case A_auth_learn:
00066 case A_auth_add_f_cap:
00067 case A_auth_remove_f_cap:
00068 #endif
00069
00070 case A_none:
00071
00072 i_tid.user = owner;
00073 if (rsbac_get_attr(SW_CAP,
00074 T_USER,
00075 i_tid,
00076 A_cap_role,
00077 &i_attr_val1,
00078 TRUE))
00079 {
00080 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00081 return(NOT_GRANTED);
00082 }
00083
00084 if (i_attr_val1.system_role == SR_security_officer)
00085 return(GRANTED);
00086 else
00087 return(NOT_GRANTED);
00088
00089 default:
00090 return(DO_NOT_CARE);
00091 }
00092
00093 case R_READ_ATTRIBUTE:
00094 switch(attr)
00095 {
00096 case A_system_role:
00097 case A_cap_role:
00098 case A_min_caps:
00099 case A_max_caps:
00100 case A_max_caps_user:
00101 case A_max_caps_program:
00102 case A_cap_process_hiding:
00103
00104 case A_none:
00105
00106 i_tid.user = owner;
00107 if (rsbac_get_attr(SW_CAP,
00108 T_USER,
00109 i_tid,
00110 A_cap_role,
00111 &i_attr_val1,
00112 TRUE))
00113 {
00114 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00115 return(NOT_GRANTED);
00116 }
00117
00118 if( (i_attr_val1.system_role == SR_security_officer)
00119 || (i_attr_val1.system_role == SR_administrator)
00120 )
00121 return(GRANTED);
00122 else
00123 return(NOT_GRANTED);
00124
00125 default:
00126 return(DO_NOT_CARE);
00127 }
00128
00129 case R_SWITCH_LOG:
00130 switch(target)
00131 {
00132 case T_NONE:
00133
00134 i_tid.user = owner;
00135 if (rsbac_get_attr(SW_CAP,
00136 T_USER,
00137 i_tid,
00138 A_cap_role,
00139 &i_attr_val1,
00140 TRUE))
00141 {
00142 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00143 return(NOT_GRANTED);
00144 }
00145
00146 if (i_attr_val1.system_role == SR_security_officer)
00147 return(GRANTED);
00148 else
00149 return(NOT_GRANTED);
00150
00151
00152 default: return(DO_NOT_CARE);
00153 }
00154
00155 case R_SWITCH_MODULE:
00156 switch(target)
00157 {
00158 case T_NONE:
00159
00160 if(attr != A_switch_target)
00161 return(UNDEFINED);
00162
00163 if( (attr_val.switch_target != SW_CAP)
00164 #ifdef CONFIG_RSBAC_CAP_AUTH_PROT
00165 && (attr_val.switch_target != SW_AUTH)
00166 #endif
00167 #ifdef CONFIG_RSBAC_SOFTMODE
00168 && (attr_val.switch_target != SW_SOFTMODE)
00169 #endif
00170 #ifdef CONFIG_RSBAC_FREEZE
00171 && (attr_val.switch_target != SW_FREEZE)
00172 #endif
00173 )
00174 return(DO_NOT_CARE);
00175
00176 i_tid.user = owner;
00177 if (rsbac_get_attr(SW_CAP,
00178 T_USER,
00179 i_tid,
00180 A_cap_role,
00181 &i_attr_val1,
00182 TRUE))
00183 {
00184 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00185 return(NOT_GRANTED);
00186 }
00187
00188 if (i_attr_val1.system_role == SR_security_officer)
00189 return(GRANTED);
00190 else
00191 return(NOT_GRANTED);
00192
00193
00194 default: return(DO_NOT_CARE);
00195 }
00196
00197 #ifdef CONFIG_RSBAC_CAP_PROC_HIDE
00198 case R_CHANGE_GROUP:
00199 case R_GET_STATUS_DATA:
00200 case R_MODIFY_SYSTEM_DATA:
00201 case R_SEND_SIGNAL:
00202 case R_TRACE:
00203 switch(target)
00204 {
00205 case T_PROCESS:
00206 if(caller_pid == tid.process)
00207 return GRANTED;
00208 if (rsbac_get_attr(SW_CAP,
00209 target,
00210 tid,
00211 A_cap_process_hiding,
00212 &i_attr_val1,
00213 TRUE))
00214 {
00215 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_process_hiding);
00216 return(NOT_GRANTED);
00217 }
00218 switch(i_attr_val1.cap_process_hiding)
00219 {
00220 case PH_full:
00221
00222 i_tid.user = owner;
00223 if (rsbac_get_attr(SW_CAP,
00224 T_USER,
00225 i_tid,
00226 A_cap_role,
00227 &i_attr_val1,
00228 TRUE))
00229 {
00230 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00231 return(NOT_GRANTED);
00232 }
00233
00234 if(i_attr_val1.system_role == SR_security_officer)
00235 return(GRANTED);
00236 else
00237 return(NOT_GRANTED);
00238 case PH_from_other_users:
00239 {
00240 struct task_struct * task_p;
00241 enum rsbac_adf_req_ret_t result;
00242
00243 read_lock(&tasklist_lock);
00244 task_p = find_task_by_pid(tid.process);
00245 if( task_p
00246 && (task_p->uid != owner)
00247 )
00248 result = NOT_GRANTED;
00249 else
00250 result = GRANTED;
00251 read_unlock(&tasklist_lock);
00252 if(result == GRANTED)
00253 return GRANTED;
00254
00255 i_tid.user = owner;
00256 if (rsbac_get_attr(SW_CAP,
00257 T_USER,
00258 i_tid,
00259 A_cap_role,
00260 &i_attr_val1,
00261 TRUE))
00262 {
00263 rsbac_ds_get_error("rsbac_adf_request_cap()", A_cap_role);
00264 return(NOT_GRANTED);
00265 }
00266
00267 if( (i_attr_val1.system_role == SR_security_officer)
00268 || (i_attr_val1.system_role == SR_administrator)
00269 )
00270 return(GRANTED);
00271 else
00272 return(NOT_GRANTED);
00273 }
00274 default:
00275 return DO_NOT_CARE;
00276 }
00277
00278 default:
00279 return DO_NOT_CARE;
00280 }
00281 #endif
00282
00283
00284 default: return DO_NOT_CARE;
00285 }
00286
00287 return(DO_NOT_CARE);
00288 }
00289
00290
00291
00292
00293
00294
00295
00296
00297
00298
00299
00300
00301 inline int rsbac_adf_set_attr_cap(
00302 enum rsbac_adf_request_t request,
00303 rsbac_pid_t caller_pid,
00304 enum rsbac_target_t target,
00305 union rsbac_target_id_t tid,
00306 enum rsbac_target_t new_target,
00307 union rsbac_target_id_t new_tid,
00308 enum rsbac_attribute_t attr,
00309 union rsbac_attribute_value_t attr_val,
00310 rsbac_uid_t owner)
00311 {
00312 union rsbac_target_id_t i_tid;
00313 union rsbac_attribute_value_t i_attr_val1;
00314
00315 switch (request)
00316 {
00317 case R_CHANGE_OWNER:
00318 switch(target)
00319 {
00320 case T_PROCESS:
00321 if(attr != A_owner)
00322 return(-RSBAC_EINVALIDATTR);
00323 i_tid.user = attr_val.owner;
00324 if (rsbac_get_attr(SW_CAP,
00325 T_USER,
00326 i_tid,
00327 A_cap_ld_env,
00328 &i_attr_val1, FALSE)) {
00329 rsbac_ds_get_error
00330 ("rsbac_adf_set_attr_cap()",
00331 A_max_caps);
00332 } else {
00333 if (i_attr_val1.cap_ld_env == LD_keep) {
00334 i_tid.process = caller_pid;
00335 if (rsbac_get_attr(SW_CAP,
00336 T_PROCESS,
00337 i_tid,
00338 A_cap_ld_env,
00339 &i_attr_val1, FALSE)) {
00340 rsbac_ds_set_error
00341 ("rsbac_adf_set_attr_cap()",
00342 A_cap_ld_env);
00343 } else {
00344 if (rsbac_set_attr(SW_CAP,
00345 T_PROCESS,
00346 tid,
00347 A_cap_ld_env,
00348 i_attr_val1)) {
00349 rsbac_ds_set_error
00350 ("rsbac_adf_set_attr_cap()",
00351 A_cap_ld_env);
00352 }
00353 }
00354 }
00355 }
00356
00357 i_tid.user = attr_val.owner;
00358 if (rsbac_get_attr(SW_CAP,
00359 T_USER,
00360 i_tid,
00361 A_max_caps,
00362 &i_attr_val1,
00363 FALSE))
00364 {
00365 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_max_caps);
00366 }
00367 else
00368 {
00369 #ifdef CONFIG_RSBAC_SOFTMODE
00370 if( rsbac_softmode
00371 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00372 || rsbac_ind_softmode[SW_CAP]
00373 #endif
00374 )
00375 {
00376 if(i_attr_val1.max_caps != RSBAC_CAP_DEFAULT_MAX)
00377 {
00378 rsbac_printk(KERN_NOTICE
00379 "rsbac_adf_set_attr_cap(): running in softmode, max_caps of user %u not applied to process %u(%.15s)!\n",
00380 owner,
00381 caller_pid,
00382 current->comm);
00383 }
00384 }
00385 else
00386 #endif
00387 {
00388 extern spinlock_t task_capability_lock;
00389
00390
00391 spin_lock(&task_capability_lock);
00392 current->cap_permitted &= i_attr_val1.max_caps;
00393 current->cap_effective &= i_attr_val1.max_caps;
00394 current->cap_inheritable &= i_attr_val1.max_caps;
00395 spin_unlock(&task_capability_lock);
00396
00397 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00398
00399 if (rsbac_set_attr(SW_CAP,
00400 target,
00401 tid,
00402 A_max_caps_user,
00403 i_attr_val1))
00404 {
00405 rsbac_ds_set_error("rsbac_adf_set_attr_cap()", A_max_caps_user);
00406 }
00407 #endif
00408 }
00409 }
00410 if (rsbac_get_attr(SW_CAP,
00411 T_USER,
00412 i_tid,
00413 A_min_caps,
00414 &i_attr_val1,
00415 FALSE))
00416 {
00417 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_min_caps);
00418 }
00419 else
00420 {
00421 extern spinlock_t task_capability_lock;
00422
00423
00424 spin_lock(&task_capability_lock);
00425 current->cap_permitted |= i_attr_val1.min_caps;
00426 current->cap_effective |= i_attr_val1.min_caps;
00427 current->cap_inheritable |= i_attr_val1.min_caps;
00428 spin_unlock(&task_capability_lock);
00429 }
00430 return 0;
00431
00432
00433 default:
00434 return(0);
00435 }
00436 break;
00437
00438 #if defined (CONFIG_RSBAC_CAP_PROC_HIDE) || defined(CONFIG_RSBAC_CAP_LOG_MISSING)
00439 case R_CLONE:
00440 switch(target)
00441 {
00442 case T_PROCESS:
00443 i_tid.process = caller_pid;
00444 if (rsbac_get_attr(SW_CAP,
00445 target,
00446 i_tid,
00447 A_cap_ld_env,
00448 &i_attr_val1, FALSE)) {
00449 rsbac_ds_get_error
00450 ("rsbac_adf_set_attr_cap()",
00451 A_cap_ld_env);
00452 } else {
00453 if (rsbac_set_attr(SW_CAP,
00454 new_target,
00455 new_tid,
00456 A_cap_ld_env,
00457 i_attr_val1)) {
00458 rsbac_ds_get_error
00459 ("rsbac_adf_set_attr_cap()",
00460 A_cap_ld_env);
00461 }
00462 }
00463 #ifdef CONFIG_RSBAC_CAP_PROC_HIDE
00464
00465 if (rsbac_get_attr(SW_CAP,
00466 target,
00467 tid,
00468 A_cap_process_hiding,
00469 &i_attr_val1,
00470 FALSE))
00471 {
00472 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_cap_process_hiding);
00473 }
00474 else
00475 {
00476 if(i_attr_val1.cap_process_hiding)
00477 {
00478
00479 if (rsbac_set_attr(SW_CAP,
00480 new_target,
00481 new_tid,
00482 A_cap_process_hiding,
00483 i_attr_val1))
00484 {
00485 rsbac_ds_set_error("rsbac_adf_set_attr_cap()", A_cap_process_hiding);
00486 }
00487 }
00488 }
00489 #endif
00490 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00491
00492 if (rsbac_get_attr(SW_CAP,
00493 target,
00494 tid,
00495 A_max_caps_user,
00496 &i_attr_val1,
00497 FALSE))
00498 {
00499 rsbac_ds_get_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_user);
00500 }
00501 else
00502 {
00503 if(i_attr_val1.max_caps_user != RSBAC_CAP_DEFAULT_MAX)
00504 {
00505 if (rsbac_set_attr(SW_CAP,
00506 new_target,
00507 new_tid,
00508 A_max_caps_user,
00509 i_attr_val1))
00510 {
00511 rsbac_ds_set_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_user);
00512 }
00513 }
00514 }
00515
00516 if (rsbac_get_attr(SW_CAP,
00517 target,
00518 tid,
00519 A_max_caps_program,
00520 &i_attr_val1,
00521 FALSE))
00522 {
00523 rsbac_ds_get_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_program);
00524 }
00525 else
00526 {
00527 if(i_attr_val1.max_caps_program != RSBAC_CAP_DEFAULT_MAX)
00528 {
00529 if (rsbac_set_attr(SW_CAP,
00530 new_target,
00531 new_tid,
00532 A_max_caps_program,
00533 i_attr_val1))
00534 {
00535 rsbac_ds_set_error("rsbac_adf_set_attr_cap():CLONE", A_max_caps_program);
00536 }
00537 }
00538 }
00539 #endif
00540 return 0;
00541
00542
00543 default:
00544 return(0);
00545 }
00546 #endif
00547
00548 case R_EXECUTE:
00549 switch(target)
00550 {
00551 case T_FILE:
00552 i_tid.user = owner;
00553 if (rsbac_get_attr(SW_CAP,
00554 T_USER,
00555 i_tid,
00556 A_cap_ld_env,
00557 &i_attr_val1, FALSE)) {
00558 rsbac_ds_get_error("rsbac_adf_set_attr_cap()",A_cap_ld_env);
00559 } else {
00560 if (i_attr_val1.cap_ld_env == LD_keep) {
00561 i_tid.process = caller_pid;
00562 if (rsbac_get_attr(SW_CAP,
00563 T_PROCESS,
00564 i_tid,
00565 A_cap_ld_env,
00566 &i_attr_val1, FALSE)) {
00567 rsbac_ds_get_error("rsbac_adf_set_attr_cap()",
00568 A_cap_ld_env);
00569 }
00570 i_tid.process = caller_pid;
00571 if (rsbac_set_attr(SW_CAP,
00572 T_PROCESS,
00573 i_tid,
00574 A_cap_ld_env,
00575 i_attr_val1)) {
00576 rsbac_ds_get_error("rsbac_adf_set_attr_cap()",
00577 A_cap_ld_env);
00578 }
00579 }
00580 }
00581
00582
00583 if (rsbac_get_attr(SW_CAP,
00584 T_USER,
00585 i_tid,
00586 A_max_caps,
00587 &i_attr_val1,
00588 FALSE))
00589 {
00590 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_max_caps);
00591 }
00592 else
00593 {
00594 #ifdef CONFIG_RSBAC_SOFTMODE
00595 if( rsbac_softmode
00596 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00597 || rsbac_ind_softmode[SW_CAP]
00598 #endif
00599 )
00600 {
00601 if(i_attr_val1.max_caps != RSBAC_CAP_DEFAULT_MAX)
00602 {
00603 rsbac_printk(KERN_NOTICE
00604 "rsbac_adf_set_attr_cap(): running in softmode, max_caps of user %u not applied to process %u(%.15s)!\n",
00605 owner,
00606 caller_pid,
00607 current->comm);
00608 }
00609 }
00610 else
00611 #endif
00612 {
00613 extern spinlock_t task_capability_lock;
00614
00615
00616 spin_lock(&task_capability_lock);
00617 current->cap_permitted &= i_attr_val1.max_caps;
00618 current->cap_effective &= i_attr_val1.max_caps;
00619 current->cap_inheritable &= i_attr_val1.max_caps;
00620 spin_unlock(&task_capability_lock);
00621 }
00622 }
00623 if (rsbac_get_attr(SW_CAP,
00624 T_USER,
00625 i_tid,
00626 A_min_caps,
00627 &i_attr_val1,
00628 FALSE))
00629 {
00630 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_min_caps);
00631 }
00632 else
00633 {
00634 extern spinlock_t task_capability_lock;
00635
00636
00637 spin_lock(&task_capability_lock);
00638 current->cap_permitted |= i_attr_val1.min_caps;
00639 current->cap_effective |= i_attr_val1.min_caps;
00640 current->cap_inheritable |= i_attr_val1.min_caps;
00641 spin_unlock(&task_capability_lock);
00642 }
00643 if (rsbac_get_attr(SW_CAP,
00644 target,
00645 tid,
00646 A_max_caps,
00647 &i_attr_val1,
00648 FALSE))
00649 {
00650 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_max_caps);
00651 }
00652 else
00653 {
00654 #ifdef CONFIG_RSBAC_SOFTMODE
00655 if( rsbac_softmode
00656 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00657 || rsbac_ind_softmode[SW_CAP]
00658 #endif
00659 )
00660 {
00661 if(i_attr_val1.max_caps != RSBAC_CAP_DEFAULT_MAX)
00662 {
00663 rsbac_printk(KERN_NOTICE
00664 "rsbac_adf_set_attr_cap(): running in softmode, max_caps of program not applied to process %u(%.15s)!\n",
00665 caller_pid,
00666 current->comm);
00667 }
00668 }
00669 else
00670 #endif
00671 {
00672 extern spinlock_t task_capability_lock;
00673
00674
00675 spin_lock(&task_capability_lock);
00676 current->cap_permitted &= i_attr_val1.max_caps;
00677 current->cap_effective &= i_attr_val1.max_caps;
00678 current->cap_inheritable &= i_attr_val1.max_caps;
00679 spin_unlock(&task_capability_lock);
00680
00681 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00682 i_tid.process = caller_pid;
00683
00684 if (rsbac_set_attr(SW_CAP,
00685 T_PROCESS,
00686 i_tid,
00687 A_max_caps_program,
00688 i_attr_val1))
00689 {
00690 rsbac_ds_set_error("rsbac_adf_set_attr_cap():EXECUTE", A_max_caps_program);
00691 }
00692 #endif
00693 }
00694 }
00695 if (rsbac_get_attr(SW_CAP,
00696 target,
00697 tid,
00698 A_min_caps,
00699 &i_attr_val1,
00700 FALSE))
00701 {
00702 rsbac_ds_get_error("rsbac_adf_set_attr_cap()", A_min_caps);
00703 }
00704 else
00705 {
00706 extern spinlock_t task_capability_lock;
00707
00708
00709 spin_lock(&task_capability_lock);
00710 current->cap_permitted |= i_attr_val1.min_caps;
00711 current->cap_effective |= i_attr_val1.min_caps;
00712 current->cap_inheritable |= i_attr_val1.min_caps;
00713 spin_unlock(&task_capability_lock);
00714 }
00715 return 0;
00716
00717
00718 default:
00719 return 0;
00720 }
00721 break;
00722
00723
00724 default: return 0;
00725 }
00726
00727 return 0;
00728 }
00729
00730