/linux-2.6.21.1-rsbac-1.3.4/rsbac/adf/acl/acl_main.c File Reference

#include <linux/string.h>
#include <linux/vmalloc.h>
#include <rsbac/aci.h>
#include <rsbac/acl.h>
#include <rsbac/adf_main.h>
#include <rsbac/adf_syshelpers.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/getname.h>
#include <rsbac/rkmem.h>
#include <rsbac/debug.h>

Go to the source code of this file.

Functions

rsbac_boolean_t rsbac_acl_check_super (enum rsbac_target_t target, union rsbac_target_id_t tid, rsbac_uid_t user)
rsbac_boolean_t rsbac_acl_check_right (enum rsbac_target_t target, union rsbac_target_id_t tid, rsbac_uid_t user, rsbac_pid_t caller_pid, enum rsbac_adf_request_t request)
rsbac_boolean_t rsbac_acl_check_forward (enum rsbac_target_t target, union rsbac_target_id_t tid, rsbac_uid_t user, rsbac_acl_rights_vector_t rights)
enum rsbac_adf_req_ret_t rsbac_adf_request_acl (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner)


Function Documentation

rsbac_boolean_t rsbac_acl_check_forward ( enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
rsbac_uid_t  user,
rsbac_acl_rights_vector_t  rights 
)

Definition at line 302 of file acl_main.c.

References ACLR_FORWARD, ACLS_USER, FALSE, get_error_name(), rsbac_acl_sys_get_rights(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SCD, T_SYMLINK, T_UNIXSOCK, T_USER, and TRUE.

Referenced by rsbac_acl_sys_add_to_acl_entry(), and rsbac_acl_sys_set_acl_entry().

00306   {
00307     rsbac_acl_rights_vector_t i_rights = 0;
00308     rsbac_acl_rights_vector_t i_rvec = ((rsbac_acl_rights_vector_t) 1 << ACLR_FORWARD) | rights;
00309     int                       err=0;
00310 
00311 
00312     /* Only check implemented targets */
00313     switch(target)
00314       {
00315         case T_FILE:
00316         case T_DIR:
00317         case T_FIFO:
00318         case T_SYMLINK:
00319         case T_UNIXSOCK:
00320         case T_DEV:
00321         case T_IPC:
00322         case T_SCD:
00323         case T_USER:
00324         case T_PROCESS:
00325 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00326         case T_GROUP:
00327 #endif
00328 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00329         case T_NETDEV:
00330 #endif
00331 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00332         case T_NETTEMP_NT:
00333         case T_NETTEMP:
00334         case T_NETOBJ:
00335 #endif
00336           break;
00337         default:
00338           return TRUE;
00339       }
00340     /* get effective rights */
00341     err = rsbac_acl_sys_get_rights(0, target, tid, ACLS_USER, (rsbac_acl_subject_id_t) user, &i_rights, TRUE);
00342     if(err)
00343       {
00344         char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00345 
00346         if(tmp)
00347           {
00348             rsbac_printk(KERN_WARNING
00349                    "rsbac_acl_check_forward(): rsbac_acl_sys_get_rights() returned error %s!\n",
00350                    get_error_name(tmp,err));
00351             rsbac_kfree(tmp);
00352           }
00353         return FALSE;
00354       }
00355     if((i_rights & i_rvec) == i_rvec)
00356       return(TRUE);
00357     else
00358       return(FALSE);
00359   }

rsbac_boolean_t rsbac_acl_check_right ( enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
rsbac_uid_t  user,
rsbac_pid_t  caller_pid,
enum rsbac_adf_request_t  request 
)

Definition at line 37 of file acl_main.c.

References A_rc_role, ACLS_GROUP, ACLS_ROLE, ACLS_USER, FALSE, get_error_name(), get_request_name(), get_target_name(), NULL, rsbac_target_id_t::process, R_NONE, rsbac_attribute_value_t::rc_role, rsbac_acl_add_to_acl_entry(), rsbac_acl_check_super(), rsbac_acl_get_single_right(), rsbac_acl_get_user_groups(), RSBAC_ACL_GROUP_EVERYONE, rsbac_get_attr, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), RSBAC_REQUEST_VECTOR, rsbac_vfree, SW_RC, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SCD, T_SYMLINK, T_UNIXSOCK, T_USER, and TRUE.

Referenced by rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_remove_user(), rsbac_acl_sys_set_acl_entry(), rsbac_acl_sys_set_mask(), and rsbac_adf_request_acl().

00042   {
00043     rsbac_boolean_t                   result = FALSE;
00044     int                       err=0, tmperr;
00045     int                       i;
00046     rsbac_acl_group_id_t    * group_p;
00047     #if defined(CONFIG_RSBAC_RC)
00048     union rsbac_target_id_t       i_tid;
00049     union rsbac_attribute_value_t i_attr_val1;
00050     #endif
00051 
00052     /* Only check implemented targets */
00053     switch(target)
00054       {
00055         case T_FILE:
00056         case T_DIR:
00057         case T_FIFO:
00058         case T_SYMLINK:
00059         case T_UNIXSOCK:
00060         case T_DEV:
00061         case T_IPC:
00062         case T_SCD:
00063         case T_USER:
00064         case T_PROCESS:
00065 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00066         case T_GROUP:
00067 #endif
00068 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00069         case T_NETDEV:
00070 #endif
00071 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00072         case T_NETTEMP_NT:
00073         case T_NETTEMP:
00074         case T_NETOBJ:
00075 #endif
00076           break;
00077         default:
00078           return TRUE;
00079       }
00080     /* inherited own rights */
00081     err = rsbac_acl_get_single_right(target,
00082                                      tid,
00083                                      ACLS_USER,
00084                                      (rsbac_acl_subject_id_t) user,
00085                                      request,
00086                                      &result);
00087     if(err)
00088       {
00089         char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00090 
00091         if(tmp)
00092           {
00093             rsbac_printk(KERN_WARNING
00094                    "rsbac_acl_check_right(): rsbac_acl_get_single_right() returned error %s!\n",
00095                    get_error_name(tmp,err));
00096             rsbac_kfree(tmp);
00097           }
00098         return FALSE;
00099       }
00100     if(result)
00101       return(TRUE);
00102 
00103     /* add group and role rights */
00104     /* group everyone */
00105     err = rsbac_acl_get_single_right(target,
00106                                      tid,
00107                                      ACLS_GROUP,
00108                                      RSBAC_ACL_GROUP_EVERYONE,
00109                                      request,
00110                                      &result);
00111     if(err)
00112       {
00113         char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00114 
00115         if(tmp)
00116           {
00117             rsbac_printk(KERN_WARNING
00118                    "rsbac_acl_check_right(): rsbac_acl_get_single_right() returned error %s!\n",
00119                    get_error_name(tmp,err));
00120             rsbac_kfree(tmp);
00121           }
00122         return FALSE;
00123       }
00124     if(result)
00125       return(TRUE);
00126 
00127     #if defined(CONFIG_RSBAC_RC)
00128     /* use process role */
00129     /* first get role */
00130     i_tid.process = caller_pid;
00131     if (rsbac_get_attr(SW_RC,
00132                        T_PROCESS,
00133                        i_tid,
00134                        A_rc_role,
00135                        &i_attr_val1,
00136                        FALSE))
00137       {
00138         rsbac_printk(KERN_WARNING
00139                "rsbac_acl_check_right(): rsbac_get_attr() for process rc_role returned error!\n");
00140       }
00141     else
00142       {
00143         err = rsbac_acl_get_single_right(target,
00144                                          tid,
00145                                          ACLS_ROLE,
00146                                          i_attr_val1.rc_role,
00147                                          request,
00148                                          &result);
00149         if(err)
00150           {
00151             char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00152 
00153             if(tmp)
00154               {
00155                 get_error_name(tmp,err);
00156                 rsbac_printk(KERN_WARNING
00157                        "rsbac_acl_check_right(): rsbac_acl_get_single_right() returned error %s!\n",
00158                        tmp);
00159                 rsbac_kfree(tmp);
00160               }
00161             return FALSE;
00162           }
00163         if(result)
00164           return(TRUE);
00165       }
00166     #endif
00167 
00168     /* other groups */
00169     /* first get user groups */
00170     group_p = NULL;
00171     err = rsbac_acl_get_user_groups(0, user, &group_p, NULL);
00172     if(err<0)
00173       {
00174         char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00175 
00176         if(tmp)
00177           {
00178             rsbac_printk(KERN_WARNING
00179                    "rsbac_acl_check_right(): rsbac_acl_get_user_groups() returned error %s!\n",
00180                    get_error_name(tmp,err));
00181             rsbac_kfree(tmp);
00182           }
00183         return err;
00184       }
00185     for(i=0; i<err; i++)
00186       {
00187         tmperr = rsbac_acl_get_single_right(target,
00188                                             tid,
00189                                             ACLS_GROUP,
00190                                             group_p[i],
00191                                             request,
00192                                             &result);
00193         if(tmperr)
00194           {
00195             char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00196 
00197             if(tmp)
00198               {
00199                 rsbac_printk(KERN_WARNING
00200                        "rsbac_acl_check_right(): rsbac_acl_get_single_right() returned error %s!\n",
00201                        get_error_name(tmp, tmperr));
00202                 rsbac_kfree(tmp);
00203               }
00204             if(group_p)
00205               rsbac_vfree(group_p);
00206             return FALSE;
00207           }
00208         if(result)
00209           {
00210             if(group_p)
00211               rsbac_vfree(group_p);
00212             return(TRUE);
00213           }
00214       }
00215     if(group_p)
00216       rsbac_vfree(group_p);
00217 
00218     /* SUPERVISOR? */
00219 #ifdef CONFIG_RSBAC_ACL_LEARN
00220     result = rsbac_acl_check_super(target, tid, user);
00221     if(   !result
00222        && (request < R_NONE)
00223       )
00224       {
00225         switch(target)
00226           {
00227             case T_FILE:
00228             case T_DIR:
00229             case T_FIFO:
00230             case T_SYMLINK:
00231             case T_UNIXSOCK:
00232               if(rsbac_acl_learn_fd)
00233                 {
00234                   char * tmp;
00235                   enum rsbac_acl_subject_type_t  subj_type;
00236                        rsbac_acl_subject_id_t    subj_id;
00237                        rsbac_acl_rights_vector_t rights;
00238                        rsbac_time_t              ttl;
00239 
00240                   tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00241                   if(tmp)
00242                     {
00243                       char * target_type_name;
00244 
00245                       target_type_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00246                       if(target_type_name)
00247                         {
00248                           char * target_id_name;
00249 
00250                           #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00251                           target_id_name
00252                            = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + RSBAC_MAXNAMELEN);
00253                           /* max. path name len + some extra */
00254                           #else
00255                           target_id_name = rsbac_kmalloc(2 * RSBAC_MAXNAMELEN);
00256                           /* max. file name len + some extra */
00257                           #endif
00258                           if(target_id_name)
00259                             {
00260                               get_request_name(tmp,request);
00261                               get_target_name(target_type_name, target, target_id_name, tid);
00262                               rsbac_printk(KERN_INFO
00263                                            "rsbac_acl_check_right(): auto_learn_fd: granting right %s for user %u to target_type %s, tid %s!\n",
00264                                            tmp,
00265                                            user,
00266                                            target_type_name,
00267                                            target_id_name);
00268                               rsbac_kfree(target_id_name);
00269                             }
00270                           rsbac_kfree(target_type_name);
00271                         }
00272                     }
00273                   subj_type = ACLS_USER;
00274                   subj_id = user;
00275                   rights = RSBAC_REQUEST_VECTOR(request);
00276                   ttl = 0;
00277                   err = rsbac_acl_add_to_acl_entry(0, target, tid, subj_type, subj_id, rights, ttl);
00278                   if(tmp)
00279                     {
00280                       if(err)
00281                         {
00282                           rsbac_printk(KERN_WARNING
00283                                        "rsbac_acl_check_right(): rsbac_acl_add_to_acl_entry() returned error %s!\n",
00284                                        get_error_name(tmp,err));
00285                         }
00286                       rsbac_kfree(tmp);
00287                     }
00288                   result = TRUE;
00289                 }
00290               break;
00291 
00292             default:
00293               break;
00294           }
00295       }
00296     return result;
00297 #else
00298     return rsbac_acl_check_super(target, tid, user);
00299 #endif
00300   }

rsbac_boolean_t rsbac_acl_check_super ( enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
rsbac_uid_t  user 
)

Definition at line 40 of file acl_syscalls.c.

References A_rc_role, ACLR_SUPERVISOR, ACLS_GROUP, ACLS_ROLE, ACLS_USER, FALSE, get_error_name(), NULL, rsbac_target_id_t::process, rsbac_attribute_value_t::rc_role, rsbac_acl_get_single_right(), rsbac_acl_get_user_groups(), RSBAC_ACL_GROUP_EVERYONE, rsbac_get_attr, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_vfree, SW_RC, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SCD, T_SYMLINK, T_USER, and TRUE.

Referenced by rsbac_acl_check_right(), rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_get_rights(), rsbac_acl_sys_remove_acl(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_set_acl_entry(), and rsbac_adf_request_acl().

00043   {
00044     rsbac_boolean_t                   i_result = FALSE;
00045     int                       err=0, tmperr;
00046     int                       i;
00047     rsbac_acl_group_id_t    * group_p;
00048     #if defined(CONFIG_RSBAC_RC)
00049     union rsbac_target_id_t       i_tid;
00050     union rsbac_attribute_value_t i_attr_val1;
00051     #endif
00052 
00053     /* Only check implemented targets */
00054     switch(target)
00055       {
00056         case T_FILE:
00057         case T_DIR:
00058         case T_FIFO:
00059         case T_SYMLINK:
00060         case T_DEV:
00061         case T_IPC:
00062         case T_SCD:
00063         case T_USER:
00064         case T_PROCESS:
00065 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00066         case T_GROUP:
00067 #endif
00068         case T_NETDEV:
00069         case T_NETTEMP_NT:
00070         case T_NETTEMP:
00071         case T_NETOBJ:
00072           break;
00073         default:
00074           return TRUE;
00075       }
00076     /* own right */
00077     err = rsbac_acl_get_single_right(target,
00078                                      tid,
00079                                      ACLS_USER,
00080                                      (rsbac_acl_subject_id_t) user,
00081                                      ACLR_SUPERVISOR,
00082                                      &i_result);
00083     if(err)
00084       {
00085         char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00086 
00087         if(tmp)
00088           {
00089             rsbac_printk(KERN_WARNING
00090                    "rsbac_acl_check_super(): rsbac_acl_get_single_right() returned error %s!\n",
00091                    get_error_name(tmp,err));
00092             rsbac_kfree(tmp);
00093           }
00094         return FALSE;
00095       }
00096     if(i_result)
00097       return(TRUE);
00098 
00099     /* try SUPERVISOR for group and role */
00100     /* group everyone */
00101     err = rsbac_acl_get_single_right(target,
00102                                      tid,
00103                                      ACLS_GROUP,
00104                                      RSBAC_ACL_GROUP_EVERYONE,
00105                                      ACLR_SUPERVISOR,
00106                                      &i_result);
00107     if(err)
00108       {
00109         char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00110 
00111         if(tmp)
00112           {
00113             rsbac_printk(KERN_WARNING
00114                    "rsbac_acl_check_super(): rsbac_acl_get_single_right() returned error %s!\n",
00115                    get_error_name(tmp,err));
00116             rsbac_kfree(tmp);
00117           }
00118         return FALSE;
00119       }
00120     if(i_result)
00121       return(TRUE);
00122 
00123     #if defined(CONFIG_RSBAC_RC)
00124     /* use process role */
00125     /* first get role */
00126     i_tid.process = current->pid;
00127     if (rsbac_get_attr(SW_RC,
00128                        T_PROCESS,
00129                        i_tid,
00130                        A_rc_role,
00131                        &i_attr_val1,
00132                        FALSE))
00133       {
00134         rsbac_printk(KERN_WARNING
00135                "rsbac_acl_check_super(): rsbac_get_attr() for process rc_role returned error!\n");
00136       }
00137     else
00138       {
00139         err = rsbac_acl_get_single_right(target,
00140                                          tid,
00141                                          ACLS_ROLE,
00142                                          i_attr_val1.rc_role,
00143                                          ACLR_SUPERVISOR,
00144                                          &i_result);
00145         if(err)
00146           {
00147             char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00148 
00149             if(tmp)
00150               {
00151                 get_error_name(tmp,err);
00152                 rsbac_printk(KERN_WARNING
00153                        "rsbac_acl_check_super(): rsbac_acl_get_single_right() returned error %s!\n",
00154                        tmp);
00155                 rsbac_kfree(tmp);
00156               }
00157             return FALSE;
00158           }
00159         if(i_result)
00160           return(TRUE);
00161       }
00162     #endif
00163 
00164     /* other groups */
00165     /* first get user groups */
00166     group_p = NULL;
00167     err = rsbac_acl_get_user_groups(0, user, &group_p, NULL);
00168     if(err<0)
00169       {
00170         char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00171 
00172         if(tmp)
00173           {
00174             rsbac_printk(KERN_WARNING
00175                    "rsbac_acl_check_super(): rsbac_acl_get_user_groups() returned error %s!\n",
00176                    get_error_name(tmp,err));
00177             rsbac_kfree(tmp);
00178           }
00179         return err;
00180       }
00181     for(i=0; i<err; i++)
00182       {
00183         tmperr = rsbac_acl_get_single_right(target,
00184                                             tid,
00185                                             ACLS_GROUP,
00186                                             group_p[i],
00187                                             ACLR_SUPERVISOR,
00188                                             &i_result);
00189         if(tmperr)
00190           {
00191             char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00192 
00193             if(tmp)
00194               {
00195                 rsbac_printk(KERN_WARNING
00196                        "rsbac_acl_check_super(): rsbac_acl_get_single_right() returned error %s!\n",
00197                        get_error_name(tmp,tmperr));
00198                 rsbac_kfree(tmp);
00199               }
00200             if(group_p)
00201               rsbac_vfree(group_p);
00202             return FALSE;
00203           }
00204         if(i_result)
00205           {
00206             if(group_p)
00207               rsbac_vfree(group_p);
00208             return(TRUE);
00209           }
00210       }
00211     if(group_p)
00212       rsbac_vfree(group_p);
00213 
00214     /* give up */
00215     return FALSE;
00216   };

enum rsbac_adf_req_ret_t rsbac_adf_request_acl ( enum rsbac_adf_request_t  request,
rsbac_pid_t  caller_pid,
enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t  attr_val,
rsbac_uid_t  owner 
) [inline]

Definition at line 366 of file acl_main.c.

References A_audit_uid, A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_fake_root_uid, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_log_user_based, A_none, A_pseudo, A_remote_ip, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, AST_auth_administration, DO_NOT_CARE, GRANTED, NOT_GRANTED, R_MODIFY_ATTRIBUTE, R_READ_ATTRIBUTE, R_SWITCH_MODULE, rsbac_acl_check_right(), rsbac_acl_check_super(), rsbac_target_id_t::scd, ST_other, SW_ACL, SW_AUTH, SW_FREEZE, SW_SOFTMODE, T_NONE, and T_SCD.

Referenced by rsbac_adf_request_int().

00373   {
00374     switch (request)
00375       {
00376         case R_READ_ATTRIBUTE:
00377         case R_MODIFY_ATTRIBUTE:
00378             switch(attr)
00379               { /* owner must be changed by other request to prevent inconsistency */
00380                 case A_owner:
00381                   if(request == R_READ_ATTRIBUTE)
00382                     return(GRANTED);
00383                   else
00384                     return(NOT_GRANTED);
00385 
00386                 /* Only protect AUTH, if asked to by configuration */
00387                 #ifdef CONFIG_RSBAC_ACL_AUTH_PROT
00388                 case A_auth_may_setuid:
00389                 case A_auth_may_set_cap:
00390                 case A_auth_start_uid:
00391                 case A_auth_start_euid:
00392                 case A_auth_start_gid:
00393                 case A_auth_start_egid:
00394                 case A_auth_learn:
00395                 case A_auth_program_file:
00396                 case A_auth_add_f_cap:
00397                 case A_auth_remove_f_cap:
00398                   tid.scd = AST_auth_administration;
00399                   if (rsbac_acl_check_right(T_SCD, tid, owner, caller_pid, request))
00400                     return(GRANTED);
00401                   else
00402                     return(NOT_GRANTED);
00403                 #endif
00404 
00405                 #ifdef CONFIG_RSBAC_ACL_GEN_PROT
00406                 case A_pseudo:
00407                 case A_log_array_low:
00408                 case A_log_array_high:
00409                 case A_log_program_based:
00410                 case A_log_user_based:
00411                 case A_symlink_add_remote_ip:
00412                 case A_symlink_add_uid:
00413                 case A_symlink_add_rc_role:
00414                 case A_linux_dac_disable:
00415                 case A_fake_root_uid:
00416                 case A_audit_uid:
00417                 case A_auid_exempt:
00418                 case A_remote_ip:
00419                   if (!rsbac_acl_check_right(target, tid, owner, caller_pid, request))
00420                     return(NOT_GRANTED);
00421                   else
00422                     return(GRANTED);
00423                 #endif
00424 
00425                 #ifdef CONFIG_RSBAC_ACL_LEARN
00426                 case A_acl_learn:
00427                   /* check supervisor on target */
00428                   if(rsbac_acl_check_super(target,
00429                                            tid,
00430                                            owner))
00431                     return(GRANTED);
00432                   else
00433                     return(NOT_GRANTED);
00434                 #endif
00435 
00436                 /* All attributes (remove target!) */
00437                 case A_none:
00438                   if (!rsbac_acl_check_right(target, tid, owner, caller_pid, request))
00439                     return(NOT_GRANTED);
00440                   #ifdef CONFIG_RSBAC_ACL_AUTH_PROT
00441                   tid.scd = AST_auth_administration;
00442                   if (!rsbac_acl_check_right(T_SCD, tid, owner, caller_pid, request))
00443                     return(NOT_GRANTED);
00444                   #endif
00445                   return(GRANTED);
00446 
00447                 default:
00448                   return(DO_NOT_CARE);
00449               }
00450 
00451         case R_SWITCH_MODULE:
00452             switch(target)
00453               {
00454                 case T_NONE:
00455                     if(   (attr_val.switch_target != SW_ACL)
00456                        #ifdef CONFIG_RSBAC_SOFTMODE
00457                        && (attr_val.switch_target != SW_SOFTMODE)
00458                        #endif
00459                        #ifdef CONFIG_RSBAC_FREEZE
00460                        && (attr_val.switch_target != SW_FREEZE)
00461                        #endif
00462                        #ifdef CONFIG_RSBAC_ACL_AUTH_PROT
00463                        && (attr_val.switch_target != SW_AUTH)
00464                        #endif
00465                       )
00466                       return(DO_NOT_CARE);
00467 
00468                     tid.scd = ST_other;
00469                     if (rsbac_acl_check_right(T_SCD, tid, owner, caller_pid, request))
00470                       return(GRANTED);
00471                     else
00472                       return(NOT_GRANTED);
00473 
00474                 /* all other cases are unknown */
00475                 default:
00476                   return(DO_NOT_CARE);
00477               }
00478 
00479 /*********************/
00480         default:
00481           if(target == T_NONE)
00482             {
00483               target = T_SCD;
00484               tid.scd = ST_other;
00485             }
00486           if (rsbac_acl_check_right(target, tid, owner, caller_pid, request))
00487             return(GRANTED);
00488           else
00489             return(NOT_GRANTED);
00490       }
00491   } /* end of rsbac_adf_request_acl() */


Generated on Wed May 16 11:54:05 2007 for RSBAC by  doxygen 1.5.1