#include <linux/types.h>
#include <linux/string.h>
#include <linux/fs.h>
#include <rsbac/aci.h>
#include <rsbac/adf_main.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/getname.h>
#include <rsbac/debug.h>
#include <asm/uaccess.h>
Go to the source code of this file.
Functions | |
static enum rsbac_adf_req_ret_t | check_flags_ff (enum rsbac_target_t target, union rsbac_target_id_t tid, rsbac_ff_flags_t flags) |
enum rsbac_adf_req_ret_t | rsbac_adf_request_ff (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
static enum rsbac_adf_req_ret_t check_flags_ff | ( | enum rsbac_target_t | target, | |
union rsbac_target_id_t | tid, | |||
rsbac_ff_flags_t | flags | |||
) | [static] |
Definition at line 34 of file ff_main.c.
References A_ff_flags, rsbac_attribute_value_t::ff_flags, GRANTED, NOT_GRANTED, rsbac_get_attr, rsbac_printk(), SW_FF, and TRUE.
Referenced by rsbac_adf_request_ff().
00037 { 00038 union rsbac_attribute_value_t i_attr_val1; 00039 00040 /* get target's file flags */ 00041 if (rsbac_get_attr(SW_FF, target, 00042 tid, 00043 A_ff_flags, 00044 &i_attr_val1, 00045 TRUE)) 00046 { 00047 rsbac_printk(KERN_WARNING "check_flags_ff(): rsbac_get_attr() returned error!\n"); 00048 return(NOT_GRANTED); 00049 } 00050 00051 /* Access is granted, if none of the flags in argument flags is set */ 00052 if (i_attr_val1.ff_flags & flags) 00053 return(NOT_GRANTED); 00054 else 00055 return(GRANTED); 00056 }
enum rsbac_adf_req_ret_t rsbac_adf_request_ff | ( | enum rsbac_adf_request_t | request, | |
rsbac_pid_t | caller_pid, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t | attr_val, | |||
rsbac_uid_t | owner | |||
) | [inline] |
Definition at line 63 of file ff_main.c.
References A_audit_uid, A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_fake_root_uid, A_ff_flags, A_ff_role, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_log_user_based, A_none, A_pseudo, A_remote_ip, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, A_system_role, check_flags_ff(), DO_NOT_CARE, FF_append_only, FF_execute_only, FF_no_delete_or_rename, FF_no_execute, FF_no_mount, FF_no_search, FF_read_only, FF_search_only, FF_write_only, GRANTED, NOT_GRANTED, R_APPEND_OPEN, R_CHANGE_GROUP, R_CHANGE_OWNER, R_CHDIR, R_CREATE, R_DELETE, R_EXECUTE, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_LINK_HARD, R_MAP_EXEC, R_MODIFY_ACCESS_DATA, R_MODIFY_ATTRIBUTE, R_MODIFY_PERMISSIONS_DATA, R_MODIFY_SYSTEM_DATA, R_MOUNT, R_READ, R_READ_OPEN, R_READ_WRITE_OPEN, R_RENAME, R_SEARCH, R_SWITCH_LOG, R_SWITCH_MODULE, R_TRUNCATE, R_UMOUNT, R_WRITE, R_WRITE_OPEN, rsbac_get_attr, rsbac_printk(), rsbac_target_id_t::scd, SR_auditor, SR_security_officer, ST_kmem, ST_rsbac_log, ST_rsbac_remote_log, SW_AUTH, SW_FF, SW_FREEZE, SW_SOFTMODE, rsbac_attribute_value_t::system_role, T_DIR, T_FIFO, T_FILE, T_GROUP, T_NONE, T_SCD, T_SYMLINK, T_UNIXSOCK, T_USER, TRUE, UNDEFINED, and rsbac_target_id_t::user.
Referenced by rsbac_adf_request_int().
00070 { 00071 enum rsbac_adf_req_ret_t result = DO_NOT_CARE; 00072 union rsbac_target_id_t i_tid; 00073 union rsbac_attribute_value_t i_attr_val1; 00074 int err=0; 00075 00076 switch (request) 00077 { 00078 case R_GET_STATUS_DATA: 00079 switch(target) 00080 { 00081 case T_SCD: 00082 switch(tid.scd) 00083 { 00084 case ST_rsbac_log: 00085 case ST_rsbac_remote_log: 00086 break; 00087 default: 00088 return GRANTED; 00089 } 00090 i_tid.user = owner; 00091 if ((err=rsbac_get_attr(SW_FF, T_USER, 00092 i_tid, 00093 A_ff_role, 00094 &i_attr_val1, 00095 TRUE))) 00096 { 00097 rsbac_printk(KERN_WARNING 00098 "rsbac_adf_request_ff(): rsbac_get_attr() returned error %i!\n",err); 00099 return(NOT_GRANTED); 00100 } 00101 if ( (i_attr_val1.system_role == SR_security_officer) 00102 || (i_attr_val1.system_role == SR_auditor) 00103 ) 00104 return(GRANTED); 00105 else 00106 return(NOT_GRANTED); 00107 default: 00108 return(DO_NOT_CARE); 00109 } 00110 00111 #if defined(CONFIG_RSBAC_FF_UM_PROT) 00112 case R_GET_PERMISSIONS_DATA: 00113 switch(target) 00114 { 00115 case T_USER: 00116 case T_GROUP: 00117 /* Security Officer? */ 00118 i_tid.user = owner; 00119 if (rsbac_get_attr(SW_FF, 00120 T_USER, 00121 i_tid, 00122 A_ff_role, 00123 &i_attr_val1, 00124 TRUE)) 00125 { 00126 rsbac_ds_get_error("rsbac_adf_request_ff()", A_ff_role); 00127 return(NOT_GRANTED); 00128 } 00129 /* if sec_officer, then grant */ 00130 if (i_attr_val1.system_role == SR_security_officer) 00131 return(GRANTED); 00132 else 00133 return(NOT_GRANTED); 00134 00135 /* We do not care about */ 00136 /* all other cases */ 00137 default: return(DO_NOT_CARE); 00138 } 00139 #endif 00140 00141 case R_READ: 00142 switch(target) 00143 { 00144 case T_DIR: 00145 return(check_flags_ff(target,tid, 00146 FF_search_only)); 00147 00148 #ifdef CONFIG_RSBAC_RW 00149 case T_FILE: 00150 case T_FIFO: 00151 case T_UNIXSOCK: 00152 return(check_flags_ff(target,tid, 00153 FF_write_only)); 00154 #endif 00155 00156 /* all other cases are undefined */ 00157 default: return(DO_NOT_CARE); 00158 } 00159 00160 case R_READ_OPEN: 00161 switch(target) 00162 { 00163 case T_FILE: 00164 case T_FIFO: 00165 case T_UNIXSOCK: 00166 return(check_flags_ff(target,tid, 00167 FF_execute_only | FF_write_only)); 00168 case T_DIR: 00169 return(check_flags_ff(target,tid, 00170 FF_search_only)); 00171 00172 /* all other cases are undefined */ 00173 default: return(DO_NOT_CARE); 00174 } 00175 00176 case R_MAP_EXEC: 00177 case R_EXECUTE: 00178 switch(target) 00179 { 00180 case T_FILE: 00181 return(check_flags_ff(target,tid, 00182 FF_write_only | FF_no_execute | FF_append_only)); 00183 00184 /* all other cases are undefined */ 00185 default: return(DO_NOT_CARE); 00186 } 00187 00188 case R_APPEND_OPEN: 00189 switch(target) 00190 { 00191 case T_FILE: 00192 case T_FIFO: 00193 case T_UNIXSOCK: 00194 return(check_flags_ff(target,tid, 00195 FF_read_only | FF_execute_only)); 00196 00197 /* all other cases are undefined */ 00198 default: return(DO_NOT_CARE); 00199 } 00200 00201 case R_READ_WRITE_OPEN: 00202 switch(target) 00203 { 00204 case T_FILE: 00205 case T_FIFO: 00206 case T_UNIXSOCK: 00207 return(check_flags_ff(target,tid, 00208 FF_read_only | FF_execute_only 00209 | FF_write_only | FF_append_only)); 00210 00211 /* all other cases are undefined */ 00212 default: return(DO_NOT_CARE); 00213 } 00214 00215 case R_CHDIR: 00216 switch(target) 00217 { 00218 case T_DIR: 00219 return(check_flags_ff(target,tid, 00220 FF_search_only)); 00221 00222 /* all other cases are undefined */ 00223 default: return(DO_NOT_CARE); 00224 } 00225 00226 /* Creating dir or (pseudo) file IN target dir! */ 00227 case R_CREATE: 00228 switch(target) 00229 { 00230 case T_DIR: 00231 return(check_flags_ff(target,tid, 00232 FF_read_only | FF_search_only)); 00233 00234 #if defined(CONFIG_RSBAC_FF_UM_PROT) 00235 case T_USER: 00236 case T_GROUP: 00237 /* Security Officer? */ 00238 i_tid.user = owner; 00239 if (rsbac_get_attr(SW_FF, 00240 T_USER, 00241 i_tid, 00242 A_ff_role, 00243 &i_attr_val1, 00244 TRUE)) 00245 { 00246 rsbac_ds_get_error("rsbac_adf_request_ff()", A_ff_role); 00247 return(NOT_GRANTED); 00248 } 00249 /* if sec_officer, then grant */ 00250 if (i_attr_val1.system_role == SR_security_officer) 00251 return(GRANTED); 00252 else 00253 return(NOT_GRANTED); 00254 #endif 00255 00256 /* all other cases are undefined */ 00257 default: return(DO_NOT_CARE); 00258 } 00259 00260 case R_DELETE: 00261 case R_RENAME: 00262 switch(target) 00263 { 00264 case T_FILE: 00265 case T_FIFO: 00266 case T_SYMLINK: 00267 case T_UNIXSOCK: 00268 return(check_flags_ff(target,tid, 00269 FF_read_only | FF_execute_only | FF_no_delete_or_rename 00270 | FF_append_only)); 00271 case T_DIR: 00272 return(check_flags_ff(target,tid, 00273 FF_read_only | FF_search_only | FF_no_delete_or_rename)); 00274 00275 #if defined(CONFIG_RSBAC_FF_UM_PROT) 00276 case T_USER: 00277 case T_GROUP: 00278 /* Security Officer? */ 00279 i_tid.user = owner; 00280 if (rsbac_get_attr(SW_FF, 00281 T_USER, 00282 i_tid, 00283 A_ff_role, 00284 &i_attr_val1, 00285 TRUE)) 00286 { 00287 rsbac_ds_get_error("rsbac_adf_request_ff()", A_ff_role); 00288 return(NOT_GRANTED); 00289 } 00290 /* if sec_officer, then grant */ 00291 if (i_attr_val1.system_role == SR_security_officer) 00292 return(GRANTED); 00293 else 00294 return(NOT_GRANTED); 00295 #endif 00296 00297 /* all other cases are undefined */ 00298 default: return(DO_NOT_CARE); 00299 } 00300 00301 case R_CHANGE_GROUP: 00302 case R_MODIFY_PERMISSIONS_DATA: 00303 switch(target) 00304 { 00305 case T_FILE: 00306 case T_FIFO: 00307 case T_SYMLINK: 00308 case T_UNIXSOCK: 00309 return(check_flags_ff(target,tid, 00310 FF_read_only | FF_execute_only | FF_append_only)); 00311 case T_DIR: 00312 return(check_flags_ff(target,tid, 00313 FF_read_only | FF_search_only)); 00314 00315 #if defined(CONFIG_RSBAC_FF_UM_PROT) 00316 case T_USER: 00317 case T_GROUP: 00318 /* Security Officer? */ 00319 i_tid.user = owner; 00320 if (rsbac_get_attr(SW_FF, 00321 T_USER, 00322 i_tid, 00323 A_ff_role, 00324 &i_attr_val1, 00325 TRUE)) 00326 { 00327 rsbac_ds_get_error("rsbac_adf_request_ff()", A_ff_role); 00328 return(NOT_GRANTED); 00329 } 00330 /* if sec_officer, then grant */ 00331 if (i_attr_val1.system_role == SR_security_officer) 00332 return(GRANTED); 00333 else 00334 return(NOT_GRANTED); 00335 #endif 00336 00337 /* all other cases are undefined */ 00338 default: 00339 return(DO_NOT_CARE); 00340 } 00341 00342 case R_CHANGE_OWNER: 00343 switch(target) 00344 { 00345 case T_FILE: 00346 case T_FIFO: 00347 case T_SYMLINK: 00348 case T_UNIXSOCK: 00349 return(check_flags_ff(target,tid, 00350 FF_read_only | FF_execute_only | FF_append_only)); 00351 case T_DIR: 00352 return(check_flags_ff(target,tid, 00353 FF_read_only | FF_search_only)); 00354 /* all other cases are undefined */ 00355 default: 00356 return(DO_NOT_CARE); 00357 } 00358 00359 case R_SEARCH: 00360 switch(target) 00361 { 00362 case T_FILE: 00363 case T_DIR: 00364 case T_SYMLINK: 00365 case T_FIFO: 00366 case T_UNIXSOCK: 00367 i_tid.user = owner; 00368 if ((err = rsbac_get_attr(SW_FF, T_USER, 00369 i_tid, 00370 A_ff_role, 00371 &i_attr_val1, TRUE))) { 00372 rsbac_printk(KERN_WARNING "rsbac_adf_request_ff(): rsbac_get_attr() returned error %i!\n",err); 00373 return (NOT_GRANTED); 00374 } 00375 if (i_attr_val1.system_role == (SR_security_officer || SR_auditor)) 00376 return (GRANTED); 00377 else 00378 return(check_flags_ff(target,tid, 00379 FF_no_search)); 00380 default: 00381 return(DO_NOT_CARE); 00382 } 00383 00384 case R_LINK_HARD: 00385 switch(target) 00386 { 00387 case T_FILE: 00388 case T_FIFO: 00389 case T_SYMLINK: 00390 return(check_flags_ff(target,tid, 00391 FF_read_only | FF_execute_only)); 00392 00393 /* all other cases are undefined */ 00394 default: return(DO_NOT_CARE); 00395 } 00396 00397 case R_MODIFY_ACCESS_DATA: 00398 switch(target) 00399 { 00400 case T_FILE: 00401 case T_FIFO: 00402 case T_SYMLINK: 00403 case T_UNIXSOCK: 00404 return(check_flags_ff(target,tid, 00405 FF_read_only | FF_execute_only | FF_append_only)); 00406 case T_DIR: 00407 return(check_flags_ff(target,tid, 00408 FF_read_only | FF_search_only)); 00409 00410 /* all other cases are undefined */ 00411 default: 00412 return(DO_NOT_CARE); 00413 } 00414 00415 case R_MODIFY_ATTRIBUTE: 00416 switch(attr) 00417 { 00418 case A_ff_flags: 00419 case A_system_role: 00420 case A_ff_role: 00421 #ifdef CONFIG_RSBAC_FF_AUTH_PROT 00422 case A_auth_may_setuid: 00423 case A_auth_may_set_cap: 00424 case A_auth_start_uid: 00425 case A_auth_start_euid: 00426 case A_auth_start_gid: 00427 case A_auth_start_egid: 00428 case A_auth_program_file: 00429 case A_auth_learn: 00430 case A_auth_add_f_cap: 00431 case A_auth_remove_f_cap: 00432 #endif 00433 #ifdef CONFIG_RSBAC_FF_GEN_PROT 00434 case A_log_array_low: 00435 case A_log_array_high: 00436 case A_log_program_based: 00437 case A_log_user_based: 00438 case A_symlink_add_remote_ip: 00439 case A_symlink_add_uid: 00440 case A_symlink_add_rc_role: 00441 case A_linux_dac_disable: 00442 case A_pseudo: 00443 case A_fake_root_uid: 00444 case A_audit_uid: 00445 case A_auid_exempt: 00446 case A_remote_ip: 00447 #endif 00448 /* All attributes (remove target!) */ 00449 case A_none: 00450 /* Security Officer? */ 00451 i_tid.user = owner; 00452 if (rsbac_get_attr(SW_FF, T_USER, 00453 i_tid, 00454 A_ff_role, 00455 &i_attr_val1, 00456 TRUE)) 00457 { 00458 rsbac_printk(KERN_WARNING 00459 "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n"); 00460 return(NOT_GRANTED); 00461 } 00462 /* if sec_officer, then grant */ 00463 if (i_attr_val1.system_role == SR_security_officer) 00464 return(GRANTED); 00465 else 00466 return(NOT_GRANTED); 00467 00468 default: 00469 return(DO_NOT_CARE); 00470 } 00471 00472 case R_MODIFY_SYSTEM_DATA: 00473 switch(target) 00474 { 00475 case T_SCD: 00476 switch(tid.scd) 00477 { 00478 case ST_rsbac_log: 00479 case ST_rsbac_remote_log: 00480 break; 00481 case ST_kmem: 00482 return NOT_GRANTED; 00483 default: 00484 return GRANTED; 00485 } 00486 /* Get role */ 00487 i_tid.user = owner; 00488 if (rsbac_get_attr(SW_FF, T_USER, 00489 i_tid, 00490 A_ff_role, 00491 &i_attr_val1, 00492 TRUE)) 00493 { 00494 rsbac_printk(KERN_WARNING 00495 "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n"); 00496 return(NOT_GRANTED); 00497 } 00498 /* grant only for secoff */ 00499 if ( (i_attr_val1.system_role == SR_security_officer) 00500 || (i_attr_val1.system_role == SR_auditor) 00501 ) 00502 return(GRANTED); 00503 else 00504 return(NOT_GRANTED); 00505 00506 /* all other cases are undefined */ 00507 default: return(DO_NOT_CARE); 00508 } 00509 00510 case R_MOUNT: 00511 case R_UMOUNT: 00512 switch(target) 00513 { 00514 case T_FILE: 00515 return(check_flags_ff(target,tid, 00516 FF_read_only | FF_execute_only 00517 | FF_write_only | FF_append_only | FF_no_mount)); 00518 case T_DIR: 00519 return(check_flags_ff(target,tid, 00520 FF_read_only | FF_search_only | FF_no_mount)); 00521 00522 /* all other cases are undefined */ 00523 default: return(DO_NOT_CARE); 00524 } 00525 00526 case R_SWITCH_LOG: 00527 switch(target) 00528 { 00529 case T_NONE: 00530 /* test owner's ff_role */ 00531 i_tid.user = owner; 00532 if (rsbac_get_attr(SW_FF, T_USER, 00533 i_tid, 00534 A_ff_role, 00535 &i_attr_val1, 00536 TRUE)) 00537 { 00538 rsbac_printk(KERN_WARNING "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n"); 00539 return(NOT_GRANTED); 00540 } 00541 /* security officer? -> grant */ 00542 if (i_attr_val1.system_role == SR_security_officer) 00543 return(GRANTED); 00544 else 00545 return(NOT_GRANTED); 00546 00547 /* all other cases are undefined */ 00548 default: return(DO_NOT_CARE); 00549 } 00550 00551 case R_SWITCH_MODULE: 00552 switch(target) 00553 { 00554 case T_NONE: 00555 /* we need the switch_target */ 00556 if(attr != A_switch_target) 00557 return(UNDEFINED); 00558 /* do not care for other modules */ 00559 if( (attr_val.switch_target != SW_FF) 00560 #ifdef CONFIG_RSBAC_SOFTMODE 00561 && (attr_val.switch_target != SW_SOFTMODE) 00562 #endif 00563 #ifdef CONFIG_RSBAC_FREEZE 00564 && (attr_val.switch_target != SW_FREEZE) 00565 #endif 00566 #ifdef CONFIG_RSBAC_FF_AUTH_PROT 00567 && (attr_val.switch_target != SW_AUTH) 00568 #endif 00569 ) 00570 return(DO_NOT_CARE); 00571 /* test owner's ff_role */ 00572 i_tid.user = owner; 00573 if (rsbac_get_attr(SW_FF, T_USER, 00574 i_tid, 00575 A_ff_role, 00576 &i_attr_val1, 00577 TRUE)) 00578 { 00579 rsbac_printk(KERN_WARNING "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n"); 00580 return(NOT_GRANTED); 00581 } 00582 /* security officer? -> grant */ 00583 if (i_attr_val1.system_role == SR_security_officer) 00584 return(GRANTED); 00585 else 00586 return(NOT_GRANTED); 00587 00588 /* all other cases are undefined */ 00589 default: return(DO_NOT_CARE); 00590 } 00591 00592 case R_TRUNCATE: 00593 switch(target) 00594 { 00595 case T_FILE: 00596 case T_FIFO: 00597 return(check_flags_ff(target,tid, 00598 FF_read_only | FF_execute_only | FF_append_only)); 00599 00600 /* all other cases are undefined */ 00601 default: return(DO_NOT_CARE); 00602 } 00603 00604 case R_WRITE_OPEN: 00605 switch(target) 00606 { 00607 case T_FILE: 00608 case T_FIFO: 00609 case T_UNIXSOCK: 00610 return(check_flags_ff(target,tid, 00611 FF_read_only | FF_execute_only | FF_append_only)); 00612 00613 /* all other cases are undefined */ 00614 default: return(DO_NOT_CARE); 00615 } 00616 00617 case R_WRITE: 00618 switch(target) 00619 { 00620 case T_DIR: 00621 return(check_flags_ff(target,tid, 00622 FF_read_only | FF_search_only)); 00623 00624 #ifdef CONFIG_RSBAC_RW 00625 case T_FILE: 00626 case T_FIFO: 00627 case T_UNIXSOCK: 00628 return(check_flags_ff(target,tid, 00629 FF_read_only | FF_execute_only)); 00630 #endif 00631 #if defined(CONFIG_RSBAC_FF_UM_PROT) 00632 case T_USER: 00633 case T_GROUP: 00634 /* Security Officer? */ 00635 i_tid.user = owner; 00636 if (rsbac_get_attr(SW_FF, 00637 T_USER, 00638 i_tid, 00639 A_ff_role, 00640 &i_attr_val1, 00641 TRUE)) 00642 { 00643 rsbac_ds_get_error("rsbac_adf_request_ff()", A_ff_role); 00644 return(NOT_GRANTED); 00645 } 00646 /* if sec_officer, then grant */ 00647 if (i_attr_val1.system_role == SR_security_officer) 00648 return(GRANTED); 00649 else 00650 return(NOT_GRANTED); 00651 #endif 00652 00653 /* all other cases are undefined */ 00654 default: return(DO_NOT_CARE); 00655 } 00656 00657 00658 /*********************/ 00659 default: return DO_NOT_CARE; 00660 } 00661 00662 return result; 00663 } /* end of rsbac_adf_request_ff() */