00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012 #include <linux/types.h>
00013 #include <linux/string.h>
00014 #include <linux/fs.h>
00015 #include <rsbac/aci.h>
00016 #include <rsbac/adf_main.h>
00017 #include <rsbac/error.h>
00018 #include <rsbac/helpers.h>
00019 #include <rsbac/getname.h>
00020 #include <rsbac/debug.h>
00021
00022 #include <asm/uaccess.h>
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033 static enum rsbac_adf_req_ret_t
00034 check_flags_ff(enum rsbac_target_t target,
00035 union rsbac_target_id_t tid,
00036 rsbac_ff_flags_t flags)
00037 {
00038 union rsbac_attribute_value_t i_attr_val1;
00039
00040
00041 if (rsbac_get_attr(SW_FF, target,
00042 tid,
00043 A_ff_flags,
00044 &i_attr_val1,
00045 TRUE))
00046 {
00047 rsbac_printk(KERN_WARNING "check_flags_ff(): rsbac_get_attr() returned error!\n");
00048 return(NOT_GRANTED);
00049 }
00050
00051
00052 if (i_attr_val1.ff_flags & flags)
00053 return(NOT_GRANTED);
00054 else
00055 return(GRANTED);
00056 }
00057
00058
00059
00060
00061
00062 inline enum rsbac_adf_req_ret_t
00063 rsbac_adf_request_ff (enum rsbac_adf_request_t request,
00064 rsbac_pid_t caller_pid,
00065 enum rsbac_target_t target,
00066 union rsbac_target_id_t tid,
00067 enum rsbac_attribute_t attr,
00068 union rsbac_attribute_value_t attr_val,
00069 rsbac_uid_t owner)
00070 {
00071 enum rsbac_adf_req_ret_t result = DO_NOT_CARE;
00072 union rsbac_target_id_t i_tid;
00073 union rsbac_attribute_value_t i_attr_val1;
00074 int err=0;
00075
00076 switch (request)
00077 {
00078 case R_GET_STATUS_DATA:
00079 switch(target)
00080 {
00081 case T_SCD:
00082 switch(tid.scd)
00083 {
00084 case ST_rsbac_log:
00085 case ST_rsbac_remote_log:
00086 break;
00087 default:
00088 return GRANTED;
00089 }
00090 i_tid.user = owner;
00091 if ((err=rsbac_get_attr(SW_FF, T_USER,
00092 i_tid,
00093 A_ff_role,
00094 &i_attr_val1,
00095 TRUE)))
00096 {
00097 rsbac_printk(KERN_WARNING
00098 "rsbac_adf_request_ff(): rsbac_get_attr() returned error %i!\n",err);
00099 return(NOT_GRANTED);
00100 }
00101 if ( (i_attr_val1.system_role == SR_security_officer)
00102 || (i_attr_val1.system_role == SR_auditor)
00103 )
00104 return(GRANTED);
00105 else
00106 return(NOT_GRANTED);
00107 default:
00108 return(DO_NOT_CARE);
00109 }
00110
00111 #if defined(CONFIG_RSBAC_FF_UM_PROT)
00112 case R_GET_PERMISSIONS_DATA:
00113 switch(target)
00114 {
00115 case T_USER:
00116 case T_GROUP:
00117
00118 i_tid.user = owner;
00119 if (rsbac_get_attr(SW_FF,
00120 T_USER,
00121 i_tid,
00122 A_ff_role,
00123 &i_attr_val1,
00124 TRUE))
00125 {
00126 rsbac_ds_get_error("rsbac_adf_request_ff()", A_ff_role);
00127 return(NOT_GRANTED);
00128 }
00129
00130 if (i_attr_val1.system_role == SR_security_officer)
00131 return(GRANTED);
00132 else
00133 return(NOT_GRANTED);
00134
00135
00136
00137 default: return(DO_NOT_CARE);
00138 }
00139 #endif
00140
00141 case R_READ:
00142 switch(target)
00143 {
00144 case T_DIR:
00145 return(check_flags_ff(target,tid,
00146 FF_search_only));
00147
00148 #ifdef CONFIG_RSBAC_RW
00149 case T_FILE:
00150 case T_FIFO:
00151 case T_UNIXSOCK:
00152 return(check_flags_ff(target,tid,
00153 FF_write_only));
00154 #endif
00155
00156
00157 default: return(DO_NOT_CARE);
00158 }
00159
00160 case R_READ_OPEN:
00161 switch(target)
00162 {
00163 case T_FILE:
00164 case T_FIFO:
00165 case T_UNIXSOCK:
00166 return(check_flags_ff(target,tid,
00167 FF_execute_only | FF_write_only));
00168 case T_DIR:
00169 return(check_flags_ff(target,tid,
00170 FF_search_only));
00171
00172
00173 default: return(DO_NOT_CARE);
00174 }
00175
00176 case R_MAP_EXEC:
00177 case R_EXECUTE:
00178 switch(target)
00179 {
00180 case T_FILE:
00181 return(check_flags_ff(target,tid,
00182 FF_write_only | FF_no_execute | FF_append_only));
00183
00184
00185 default: return(DO_NOT_CARE);
00186 }
00187
00188 case R_APPEND_OPEN:
00189 switch(target)
00190 {
00191 case T_FILE:
00192 case T_FIFO:
00193 case T_UNIXSOCK:
00194 return(check_flags_ff(target,tid,
00195 FF_read_only | FF_execute_only));
00196
00197
00198 default: return(DO_NOT_CARE);
00199 }
00200
00201 case R_READ_WRITE_OPEN:
00202 switch(target)
00203 {
00204 case T_FILE:
00205 case T_FIFO:
00206 case T_UNIXSOCK:
00207 return(check_flags_ff(target,tid,
00208 FF_read_only | FF_execute_only
00209 | FF_write_only | FF_append_only));
00210
00211
00212 default: return(DO_NOT_CARE);
00213 }
00214
00215 case R_CHDIR:
00216 switch(target)
00217 {
00218 case T_DIR:
00219 return(check_flags_ff(target,tid,
00220 FF_search_only));
00221
00222
00223 default: return(DO_NOT_CARE);
00224 }
00225
00226
00227 case R_CREATE:
00228 switch(target)
00229 {
00230 case T_DIR:
00231 return(check_flags_ff(target,tid,
00232 FF_read_only | FF_search_only));
00233
00234 #if defined(CONFIG_RSBAC_FF_UM_PROT)
00235 case T_USER:
00236 case T_GROUP:
00237
00238 i_tid.user = owner;
00239 if (rsbac_get_attr(SW_FF,
00240 T_USER,
00241 i_tid,
00242 A_ff_role,
00243 &i_attr_val1,
00244 TRUE))
00245 {
00246 rsbac_ds_get_error("rsbac_adf_request_ff()", A_ff_role);
00247 return(NOT_GRANTED);
00248 }
00249
00250 if (i_attr_val1.system_role == SR_security_officer)
00251 return(GRANTED);
00252 else
00253 return(NOT_GRANTED);
00254 #endif
00255
00256
00257 default: return(DO_NOT_CARE);
00258 }
00259
00260 case R_DELETE:
00261 case R_RENAME:
00262 switch(target)
00263 {
00264 case T_FILE:
00265 case T_FIFO:
00266 case T_SYMLINK:
00267 case T_UNIXSOCK:
00268 return(check_flags_ff(target,tid,
00269 FF_read_only | FF_execute_only | FF_no_delete_or_rename
00270 | FF_append_only));
00271 case T_DIR:
00272 return(check_flags_ff(target,tid,
00273 FF_read_only | FF_search_only | FF_no_delete_or_rename));
00274
00275 #if defined(CONFIG_RSBAC_FF_UM_PROT)
00276 case T_USER:
00277 case T_GROUP:
00278
00279 i_tid.user = owner;
00280 if (rsbac_get_attr(SW_FF,
00281 T_USER,
00282 i_tid,
00283 A_ff_role,
00284 &i_attr_val1,
00285 TRUE))
00286 {
00287 rsbac_ds_get_error("rsbac_adf_request_ff()", A_ff_role);
00288 return(NOT_GRANTED);
00289 }
00290
00291 if (i_attr_val1.system_role == SR_security_officer)
00292 return(GRANTED);
00293 else
00294 return(NOT_GRANTED);
00295 #endif
00296
00297
00298 default: return(DO_NOT_CARE);
00299 }
00300
00301 case R_CHANGE_GROUP:
00302 case R_MODIFY_PERMISSIONS_DATA:
00303 switch(target)
00304 {
00305 case T_FILE:
00306 case T_FIFO:
00307 case T_SYMLINK:
00308 case T_UNIXSOCK:
00309 return(check_flags_ff(target,tid,
00310 FF_read_only | FF_execute_only | FF_append_only));
00311 case T_DIR:
00312 return(check_flags_ff(target,tid,
00313 FF_read_only | FF_search_only));
00314
00315 #if defined(CONFIG_RSBAC_FF_UM_PROT)
00316 case T_USER:
00317 case T_GROUP:
00318
00319 i_tid.user = owner;
00320 if (rsbac_get_attr(SW_FF,
00321 T_USER,
00322 i_tid,
00323 A_ff_role,
00324 &i_attr_val1,
00325 TRUE))
00326 {
00327 rsbac_ds_get_error("rsbac_adf_request_ff()", A_ff_role);
00328 return(NOT_GRANTED);
00329 }
00330
00331 if (i_attr_val1.system_role == SR_security_officer)
00332 return(GRANTED);
00333 else
00334 return(NOT_GRANTED);
00335 #endif
00336
00337
00338 default:
00339 return(DO_NOT_CARE);
00340 }
00341
00342 case R_CHANGE_OWNER:
00343 switch(target)
00344 {
00345 case T_FILE:
00346 case T_FIFO:
00347 case T_SYMLINK:
00348 case T_UNIXSOCK:
00349 return(check_flags_ff(target,tid,
00350 FF_read_only | FF_execute_only | FF_append_only));
00351 case T_DIR:
00352 return(check_flags_ff(target,tid,
00353 FF_read_only | FF_search_only));
00354
00355 default:
00356 return(DO_NOT_CARE);
00357 }
00358
00359 case R_SEARCH:
00360 switch(target)
00361 {
00362 case T_FILE:
00363 case T_DIR:
00364 case T_SYMLINK:
00365 case T_FIFO:
00366 case T_UNIXSOCK:
00367 i_tid.user = owner;
00368 if ((err = rsbac_get_attr(SW_FF, T_USER,
00369 i_tid,
00370 A_ff_role,
00371 &i_attr_val1, TRUE))) {
00372 rsbac_printk(KERN_WARNING "rsbac_adf_request_ff(): rsbac_get_attr() returned error %i!\n",err);
00373 return (NOT_GRANTED);
00374 }
00375 if (i_attr_val1.system_role == (SR_security_officer || SR_auditor))
00376 return (GRANTED);
00377 else
00378 return(check_flags_ff(target,tid,
00379 FF_no_search));
00380 default:
00381 return(DO_NOT_CARE);
00382 }
00383
00384 case R_LINK_HARD:
00385 switch(target)
00386 {
00387 case T_FILE:
00388 case T_FIFO:
00389 case T_SYMLINK:
00390 return(check_flags_ff(target,tid,
00391 FF_read_only | FF_execute_only));
00392
00393
00394 default: return(DO_NOT_CARE);
00395 }
00396
00397 case R_MODIFY_ACCESS_DATA:
00398 switch(target)
00399 {
00400 case T_FILE:
00401 case T_FIFO:
00402 case T_SYMLINK:
00403 case T_UNIXSOCK:
00404 return(check_flags_ff(target,tid,
00405 FF_read_only | FF_execute_only | FF_append_only));
00406 case T_DIR:
00407 return(check_flags_ff(target,tid,
00408 FF_read_only | FF_search_only));
00409
00410
00411 default:
00412 return(DO_NOT_CARE);
00413 }
00414
00415 case R_MODIFY_ATTRIBUTE:
00416 switch(attr)
00417 {
00418 case A_ff_flags:
00419 case A_system_role:
00420 case A_ff_role:
00421 #ifdef CONFIG_RSBAC_FF_AUTH_PROT
00422 case A_auth_may_setuid:
00423 case A_auth_may_set_cap:
00424 case A_auth_start_uid:
00425 case A_auth_start_euid:
00426 case A_auth_start_gid:
00427 case A_auth_start_egid:
00428 case A_auth_program_file:
00429 case A_auth_learn:
00430 case A_auth_add_f_cap:
00431 case A_auth_remove_f_cap:
00432 #endif
00433 #ifdef CONFIG_RSBAC_FF_GEN_PROT
00434 case A_log_array_low:
00435 case A_log_array_high:
00436 case A_log_program_based:
00437 case A_log_user_based:
00438 case A_symlink_add_remote_ip:
00439 case A_symlink_add_uid:
00440 case A_symlink_add_rc_role:
00441 case A_linux_dac_disable:
00442 case A_pseudo:
00443 case A_fake_root_uid:
00444 case A_audit_uid:
00445 case A_auid_exempt:
00446 case A_remote_ip:
00447 #endif
00448
00449 case A_none:
00450
00451 i_tid.user = owner;
00452 if (rsbac_get_attr(SW_FF, T_USER,
00453 i_tid,
00454 A_ff_role,
00455 &i_attr_val1,
00456 TRUE))
00457 {
00458 rsbac_printk(KERN_WARNING
00459 "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n");
00460 return(NOT_GRANTED);
00461 }
00462
00463 if (i_attr_val1.system_role == SR_security_officer)
00464 return(GRANTED);
00465 else
00466 return(NOT_GRANTED);
00467
00468 default:
00469 return(DO_NOT_CARE);
00470 }
00471
00472 case R_MODIFY_SYSTEM_DATA:
00473 switch(target)
00474 {
00475 case T_SCD:
00476 switch(tid.scd)
00477 {
00478 case ST_rsbac_log:
00479 case ST_rsbac_remote_log:
00480 break;
00481 case ST_kmem:
00482 return NOT_GRANTED;
00483 default:
00484 return GRANTED;
00485 }
00486
00487 i_tid.user = owner;
00488 if (rsbac_get_attr(SW_FF, T_USER,
00489 i_tid,
00490 A_ff_role,
00491 &i_attr_val1,
00492 TRUE))
00493 {
00494 rsbac_printk(KERN_WARNING
00495 "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n");
00496 return(NOT_GRANTED);
00497 }
00498
00499 if ( (i_attr_val1.system_role == SR_security_officer)
00500 || (i_attr_val1.system_role == SR_auditor)
00501 )
00502 return(GRANTED);
00503 else
00504 return(NOT_GRANTED);
00505
00506
00507 default: return(DO_NOT_CARE);
00508 }
00509
00510 case R_MOUNT:
00511 case R_UMOUNT:
00512 switch(target)
00513 {
00514 case T_FILE:
00515 return(check_flags_ff(target,tid,
00516 FF_read_only | FF_execute_only
00517 | FF_write_only | FF_append_only | FF_no_mount));
00518 case T_DIR:
00519 return(check_flags_ff(target,tid,
00520 FF_read_only | FF_search_only | FF_no_mount));
00521
00522
00523 default: return(DO_NOT_CARE);
00524 }
00525
00526 case R_SWITCH_LOG:
00527 switch(target)
00528 {
00529 case T_NONE:
00530
00531 i_tid.user = owner;
00532 if (rsbac_get_attr(SW_FF, T_USER,
00533 i_tid,
00534 A_ff_role,
00535 &i_attr_val1,
00536 TRUE))
00537 {
00538 rsbac_printk(KERN_WARNING "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n");
00539 return(NOT_GRANTED);
00540 }
00541
00542 if (i_attr_val1.system_role == SR_security_officer)
00543 return(GRANTED);
00544 else
00545 return(NOT_GRANTED);
00546
00547
00548 default: return(DO_NOT_CARE);
00549 }
00550
00551 case R_SWITCH_MODULE:
00552 switch(target)
00553 {
00554 case T_NONE:
00555
00556 if(attr != A_switch_target)
00557 return(UNDEFINED);
00558
00559 if( (attr_val.switch_target != SW_FF)
00560 #ifdef CONFIG_RSBAC_SOFTMODE
00561 && (attr_val.switch_target != SW_SOFTMODE)
00562 #endif
00563 #ifdef CONFIG_RSBAC_FREEZE
00564 && (attr_val.switch_target != SW_FREEZE)
00565 #endif
00566 #ifdef CONFIG_RSBAC_FF_AUTH_PROT
00567 && (attr_val.switch_target != SW_AUTH)
00568 #endif
00569 )
00570 return(DO_NOT_CARE);
00571
00572 i_tid.user = owner;
00573 if (rsbac_get_attr(SW_FF, T_USER,
00574 i_tid,
00575 A_ff_role,
00576 &i_attr_val1,
00577 TRUE))
00578 {
00579 rsbac_printk(KERN_WARNING "rsbac_adf_request_ff(): rsbac_get_attr() returned error!\n");
00580 return(NOT_GRANTED);
00581 }
00582
00583 if (i_attr_val1.system_role == SR_security_officer)
00584 return(GRANTED);
00585 else
00586 return(NOT_GRANTED);
00587
00588
00589 default: return(DO_NOT_CARE);
00590 }
00591
00592 case R_TRUNCATE:
00593 switch(target)
00594 {
00595 case T_FILE:
00596 case T_FIFO:
00597 return(check_flags_ff(target,tid,
00598 FF_read_only | FF_execute_only | FF_append_only));
00599
00600
00601 default: return(DO_NOT_CARE);
00602 }
00603
00604 case R_WRITE_OPEN:
00605 switch(target)
00606 {
00607 case T_FILE:
00608 case T_FIFO:
00609 case T_UNIXSOCK:
00610 return(check_flags_ff(target,tid,
00611 FF_read_only | FF_execute_only | FF_append_only));
00612
00613
00614 default: return(DO_NOT_CARE);
00615 }
00616
00617 case R_WRITE:
00618 switch(target)
00619 {
00620 case T_DIR:
00621 return(check_flags_ff(target,tid,
00622 FF_read_only | FF_search_only));
00623
00624 #ifdef CONFIG_RSBAC_RW
00625 case T_FILE:
00626 case T_FIFO:
00627 case T_UNIXSOCK:
00628 return(check_flags_ff(target,tid,
00629 FF_read_only | FF_execute_only));
00630 #endif
00631 #if defined(CONFIG_RSBAC_FF_UM_PROT)
00632 case T_USER:
00633 case T_GROUP:
00634
00635 i_tid.user = owner;
00636 if (rsbac_get_attr(SW_FF,
00637 T_USER,
00638 i_tid,
00639 A_ff_role,
00640 &i_attr_val1,
00641 TRUE))
00642 {
00643 rsbac_ds_get_error("rsbac_adf_request_ff()", A_ff_role);
00644 return(NOT_GRANTED);
00645 }
00646
00647 if (i_attr_val1.system_role == SR_security_officer)
00648 return(GRANTED);
00649 else
00650 return(NOT_GRANTED);
00651 #endif
00652
00653
00654 default: return(DO_NOT_CARE);
00655 }
00656
00657
00658
00659 default: return DO_NOT_CARE;
00660 }
00661
00662 return result;
00663 }
00664
00665
00666
00667 #ifdef CONFIG_RSBAC_SECDEL
00668 inline rsbac_boolean_t rsbac_need_overwrite_ff(struct dentry * dentry_p)
00669 {
00670 union rsbac_target_id_t i_tid;
00671 union rsbac_attribute_value_t i_attr_val1;
00672
00673 if( !dentry_p
00674 || !dentry_p->d_inode)
00675 return FALSE;
00676
00677 i_tid.file.device = dentry_p->d_sb->s_dev;
00678 i_tid.file.inode = dentry_p->d_inode->i_ino;
00679 i_tid.file.dentry_p = dentry_p;
00680
00681 if (rsbac_get_attr(SW_FF, T_FILE,
00682 i_tid,
00683 A_ff_flags,
00684 &i_attr_val1,
00685 TRUE))
00686 {
00687 rsbac_printk(KERN_WARNING "rsbac_need_overwrite_ff(): rsbac_get_attr() returned error!\n");
00688 return FALSE;
00689 }
00690
00691
00692 if (i_attr_val1.ff_flags & FF_secure_delete)
00693 return TRUE;
00694 else
00695 return FALSE;
00696 }
00697 #endif
00698
00699