00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012 #include <linux/string.h>
00013 #include <linux/sched.h>
00014 #include <linux/errno.h>
00015 #include <rsbac/types.h>
00016 #include <rsbac/aci.h>
00017 #include <rsbac/error.h>
00018 #include <rsbac/auth.h>
00019 #include <rsbac/debug.h>
00020 #include <rsbac/helpers.h>
00021 #include <rsbac/adf_main.h>
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035 int rsbac_auth_add_p_cap(
00036 rsbac_list_ta_number_t ta_number,
00037 rsbac_pid_t pid,
00038 enum rsbac_auth_cap_type_t cap_type,
00039 struct rsbac_auth_cap_range_t cap_range,
00040 rsbac_time_t ttl)
00041 {
00042
00043 #if !defined(CONFIG_RSBAC_MAINT)
00044 #ifdef CONFIG_RSBAC_SWITCH_AUTH
00045 if(rsbac_switch_auth)
00046 #endif
00047 {
00048 union rsbac_target_id_t i_tid;
00049 union rsbac_attribute_value_t i_attr_val1;
00050
00051
00052 i_tid.process = current->pid;
00053 if (rsbac_get_attr(SW_AUTH,
00054 T_PROCESS,
00055 i_tid,
00056 A_auth_may_set_cap,
00057 &i_attr_val1,
00058 FALSE))
00059 {
00060 rsbac_pr_get_error(A_auth_may_set_cap);
00061 return -RSBAC_EREADFAILED;
00062 }
00063
00064 if (!i_attr_val1.auth_may_set_cap)
00065 {
00066 rsbac_printk(KERN_INFO
00067 "rsbac_auth_add_p_cap(): adding AUTH cap %u:%u to process %u denied for process %u!\n",
00068 cap_range.first,
00069 cap_range.last,
00070 pid,
00071 current->pid);
00072 #ifdef CONFIG_RSBAC_SOFTMODE
00073 if( !rsbac_softmode
00074 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00075 && !rsbac_ind_softmode[SW_AUTH]
00076 #endif
00077 )
00078 #endif
00079 return(-EPERM);
00080 }
00081 }
00082 #endif
00083
00084
00085 return rsbac_auth_add_to_p_capset(ta_number, pid, cap_type, cap_range, ttl);
00086 }
00087
00088 int rsbac_auth_remove_p_cap(
00089 rsbac_list_ta_number_t ta_number,
00090 rsbac_pid_t pid,
00091 enum rsbac_auth_cap_type_t cap_type,
00092 struct rsbac_auth_cap_range_t cap_range)
00093 {
00094
00095 #if !defined(CONFIG_RSBAC_MAINT)
00096 #ifdef CONFIG_RSBAC_SWITCH_AUTH
00097 if(rsbac_switch_auth)
00098 #endif
00099 {
00100 union rsbac_target_id_t i_tid;
00101 union rsbac_attribute_value_t i_attr_val1;
00102
00103
00104 i_tid.process = current->pid;
00105 if (rsbac_get_attr(SW_AUTH,
00106 T_PROCESS,
00107 i_tid,
00108 A_auth_may_set_cap,
00109 &i_attr_val1,
00110 FALSE))
00111 {
00112 rsbac_pr_get_error(A_auth_may_set_cap);
00113 return -RSBAC_EREADFAILED;
00114 }
00115
00116 if (!i_attr_val1.auth_may_set_cap)
00117 {
00118 rsbac_printk(KERN_INFO
00119 "rsbac_auth_remove_p_cap(): removing AUTH cap %u:%u from process %u denied for process %u!\n",
00120 cap_range.first,
00121 cap_range.last,
00122 pid,
00123 current->pid);
00124 #ifdef CONFIG_RSBAC_SOFTMODE
00125 if( !rsbac_softmode
00126 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00127 && !rsbac_ind_softmode[SW_AUTH]
00128 #endif
00129 )
00130 #endif
00131 return(-EPERM);
00132 }
00133 }
00134 #endif
00135
00136
00137 return rsbac_auth_remove_from_p_capset(ta_number, pid, cap_type, cap_range);
00138 }
00139
00140 int rsbac_auth_add_f_cap(
00141 rsbac_list_ta_number_t ta_number,
00142 rsbac_auth_file_t file,
00143 enum rsbac_auth_cap_type_t cap_type,
00144 struct rsbac_auth_cap_range_t cap_range,
00145 rsbac_time_t ttl)
00146 {
00147
00148 return rsbac_auth_add_to_f_capset(ta_number, file, cap_type, cap_range, ttl);
00149 }
00150
00151 int rsbac_auth_remove_f_cap(
00152 rsbac_list_ta_number_t ta_number,
00153 rsbac_auth_file_t file,
00154 enum rsbac_auth_cap_type_t cap_type,
00155 struct rsbac_auth_cap_range_t cap_range)
00156 {
00157
00158 return rsbac_auth_remove_from_f_capset(ta_number, file, cap_type, cap_range);
00159 }
00160
00161