#include <linux/string.h>
#include <linux/sched.h>
#include <linux/errno.h>
#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/error.h>
#include <rsbac/auth.h>
#include <rsbac/debug.h>
#include <rsbac/helpers.h>
#include <rsbac/adf_main.h>
Go to the source code of this file.
Functions | |
int | rsbac_auth_add_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl) |
int | rsbac_auth_remove_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range) |
int | rsbac_auth_add_f_cap (rsbac_list_ta_number_t ta_number, rsbac_auth_file_t file, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl) |
int | rsbac_auth_remove_f_cap (rsbac_list_ta_number_t ta_number, rsbac_auth_file_t file, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range) |
int rsbac_auth_add_f_cap | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_auth_file_t | file, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 140 of file auth_syscalls.c.
References rsbac_auth_add_to_f_capset().
Referenced by sys_rsbac_auth_add_f_cap().
00146 { 00147 /* check has been done in help/syscalls.c: sys_rsbac_auth_add_f_cap */ 00148 return rsbac_auth_add_to_f_capset(ta_number, file, cap_type, cap_range, ttl); 00149 }
int rsbac_auth_add_p_cap | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 35 of file auth_syscalls.c.
References A_auth_may_set_cap, rsbac_attribute_value_t::auth_may_set_cap, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_target_id_t::process, rsbac_auth_add_to_p_capset(), RSBAC_EREADFAILED, rsbac_get_attr, rsbac_pr_get_error, rsbac_printk(), SW_AUTH, and T_PROCESS.
Referenced by sys_rsbac_auth_add_p_cap().
00041 { 00042 /* check only in non-maint mode */ 00043 #if !defined(CONFIG_RSBAC_MAINT) 00044 #ifdef CONFIG_RSBAC_SWITCH_AUTH 00045 if(rsbac_switch_auth) 00046 #endif 00047 { 00048 union rsbac_target_id_t i_tid; 00049 union rsbac_attribute_value_t i_attr_val1; 00050 00051 /* check auth_may_set_cap of calling process */ 00052 i_tid.process = current->pid; 00053 if (rsbac_get_attr(SW_AUTH, 00054 T_PROCESS, 00055 i_tid, 00056 A_auth_may_set_cap, 00057 &i_attr_val1, 00058 FALSE)) 00059 { 00060 rsbac_pr_get_error(A_auth_may_set_cap); 00061 return -RSBAC_EREADFAILED; 00062 } 00063 /* if auth_may_set_cap is not set, then reject */ 00064 if (!i_attr_val1.auth_may_set_cap) 00065 { 00066 rsbac_printk(KERN_INFO 00067 "rsbac_auth_add_p_cap(): adding AUTH cap %u:%u to process %u denied for process %u!\n", 00068 cap_range.first, 00069 cap_range.last, 00070 pid, 00071 current->pid); 00072 #ifdef CONFIG_RSBAC_SOFTMODE 00073 if( !rsbac_softmode 00074 #ifdef CONFIG_RSBAC_SOFTMODE_IND 00075 && !rsbac_ind_softmode[SW_AUTH] 00076 #endif 00077 ) 00078 #endif 00079 return(-EPERM); 00080 } 00081 } 00082 #endif 00083 00084 /* OK, check passed. Add the capability. */ 00085 return rsbac_auth_add_to_p_capset(ta_number, pid, cap_type, cap_range, ttl); 00086 }
int rsbac_auth_remove_f_cap | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_auth_file_t | file, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range | |||
) |
Definition at line 151 of file auth_syscalls.c.
References rsbac_auth_remove_from_f_capset().
Referenced by sys_rsbac_auth_remove_f_cap().
00156 { 00157 /* check has been done in help/syscalls.c: sys_rsbac_auth_remove_f_cap */ 00158 return rsbac_auth_remove_from_f_capset(ta_number, file, cap_type, cap_range); 00159 }
int rsbac_auth_remove_p_cap | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range | |||
) |
Definition at line 88 of file auth_syscalls.c.
References A_auth_may_set_cap, rsbac_attribute_value_t::auth_may_set_cap, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_target_id_t::process, rsbac_auth_remove_from_p_capset(), RSBAC_EREADFAILED, rsbac_get_attr, rsbac_pr_get_error, rsbac_printk(), SW_AUTH, and T_PROCESS.
Referenced by sys_rsbac_auth_remove_p_cap().
00093 { 00094 /* check only in non-maint mode */ 00095 #if !defined(CONFIG_RSBAC_MAINT) 00096 #ifdef CONFIG_RSBAC_SWITCH_AUTH 00097 if(rsbac_switch_auth) 00098 #endif 00099 { 00100 union rsbac_target_id_t i_tid; 00101 union rsbac_attribute_value_t i_attr_val1; 00102 00103 /* check auth_may_set_cap of calling process */ 00104 i_tid.process = current->pid; 00105 if (rsbac_get_attr(SW_AUTH, 00106 T_PROCESS, 00107 i_tid, 00108 A_auth_may_set_cap, 00109 &i_attr_val1, 00110 FALSE)) 00111 { 00112 rsbac_pr_get_error(A_auth_may_set_cap); 00113 return -RSBAC_EREADFAILED; 00114 } 00115 /* if auth_may_set_cap is not set, then reject */ 00116 if (!i_attr_val1.auth_may_set_cap) 00117 { 00118 rsbac_printk(KERN_INFO 00119 "rsbac_auth_remove_p_cap(): removing AUTH cap %u:%u from process %u denied for process %u!\n", 00120 cap_range.first, 00121 cap_range.last, 00122 pid, 00123 current->pid); 00124 #ifdef CONFIG_RSBAC_SOFTMODE 00125 if( !rsbac_softmode 00126 #ifdef CONFIG_RSBAC_SOFTMODE_IND 00127 && !rsbac_ind_softmode[SW_AUTH] 00128 #endif 00129 ) 00130 #endif 00131 return(-EPERM); 00132 } 00133 } 00134 #endif 00135 00136 /* OK, check passed. Try to remove the capability. */ 00137 return rsbac_auth_remove_from_p_capset(ta_number, pid, cap_type, cap_range); 00138 }