/linux-2.6.21.1-rsbac-1.3.4/rsbac/adf/pax/pax_main.c File Reference

#include <linux/string.h>
#include <linux/binfmts.h>
#include <linux/mm.h>
#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/adf_main.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/getname.h>
#include <rsbac/pax_getname.h>
#include <rsbac/debug.h>

Go to the source code of this file.

Functions

enum rsbac_adf_req_ret_t rsbac_adf_request_pax (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner)


Function Documentation

enum rsbac_adf_req_ret_t rsbac_adf_request_pax ( enum rsbac_adf_request_t  request,
rsbac_pid_t  caller_pid,
enum rsbac_target_t  target,
union rsbac_target_id_t  tid,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t  attr_val,
rsbac_uid_t  owner 
) [inline]

Definition at line 99 of file pax_main.c.

References A_none, A_pax_flags, A_pax_role, A_system_role, DO_NOT_CARE, GRANTED, NOT_GRANTED, R_MODIFY_ATTRIBUTE, R_READ_ATTRIBUTE, R_SWITCH_LOG, R_SWITCH_MODULE, rsbac_get_attr, SR_administrator, SR_security_officer, SW_FREEZE, SW_PAX, SW_SOFTMODE, rsbac_attribute_value_t::system_role, T_NONE, T_USER, TRUE, UNDEFINED, and rsbac_target_id_t::user.

Referenced by rsbac_adf_request_int().

00106   {
00107     union rsbac_target_id_t       i_tid;
00108     union rsbac_attribute_value_t i_attr_val1;
00109 
00110     switch (request)
00111       {
00112         case R_MODIFY_ATTRIBUTE:
00113             switch(attr)
00114               {
00115                 case A_system_role:
00116                 case A_pax_role:
00117                 case A_pax_flags:
00118                 /* All attributes (remove target!) */
00119                 case A_none:
00120                   /* Security Officer? */
00121                   i_tid.user = owner;
00122                   if (rsbac_get_attr(SW_PAX,
00123                                      T_USER,
00124                                      i_tid,
00125                                      A_pax_role,
00126                                      &i_attr_val1,
00127                                      TRUE))
00128                     {
00129                       rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role);
00130                       return(NOT_GRANTED);
00131                     }
00132                   /* if sec_officer, then grant */
00133                   if (i_attr_val1.system_role == SR_security_officer)
00134                     return(GRANTED);
00135                   else
00136                     return(NOT_GRANTED);
00137 
00138                 default:
00139                   return(DO_NOT_CARE);
00140               }
00141 
00142         case R_READ_ATTRIBUTE:
00143             switch(attr)
00144               {
00145                 case A_system_role:
00146                 case A_pax_role:
00147                 case A_pax_flags:
00148                 /* All attributes (remove target!) */
00149                 case A_none:
00150                   /* Security Officer or Admin? */
00151                   i_tid.user = owner;
00152                   if (rsbac_get_attr(SW_PAX,
00153                                      T_USER,
00154                                      i_tid,
00155                                      A_pax_role,
00156                                      &i_attr_val1,
00157                                      TRUE))
00158                     {
00159                       rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role);
00160                       return(NOT_GRANTED);
00161                     }
00162                   /* if sec_officer, then grant */
00163                   if(   (i_attr_val1.system_role == SR_security_officer)
00164                      || (i_attr_val1.system_role == SR_administrator)
00165                     )
00166                     return(GRANTED);
00167                   else
00168                     return(NOT_GRANTED);
00169 
00170                 default:
00171                   return(DO_NOT_CARE);
00172               }
00173 
00174         case R_SWITCH_LOG:
00175             switch(target)
00176               {
00177                 case T_NONE:
00178                   /* test owner's pax_role */
00179                   i_tid.user = owner;
00180                   if (rsbac_get_attr(SW_PAX,
00181                                      T_USER,
00182                                      i_tid,
00183                                      A_pax_role,
00184                                      &i_attr_val1,
00185                                      TRUE))
00186                     {
00187                       rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role);
00188                       return(NOT_GRANTED);
00189                     }
00190                   /* security officer? -> grant  */
00191                   if (i_attr_val1.system_role == SR_security_officer)
00192                     return(GRANTED);
00193                   else
00194                     return(NOT_GRANTED);
00195 
00196                 /* all other cases are unknown */
00197                 default: return(DO_NOT_CARE);
00198               }
00199 
00200         case R_SWITCH_MODULE:
00201             switch(target)
00202               {
00203                 case T_NONE:
00204                   /* we need the switch_target */
00205                   if(attr != A_switch_target)
00206                     return(UNDEFINED);
00207                   /* do not care for other modules */
00208                   if(   (attr_val.switch_target != SW_PAX)
00209                      #ifdef CONFIG_RSBAC_SOFTMODE
00210                      && (attr_val.switch_target != SW_SOFTMODE)
00211                      #endif
00212                      #ifdef CONFIG_RSBAC_FREEZE
00213                      && (attr_val.switch_target != SW_FREEZE)
00214                      #endif
00215                     )
00216                     return(DO_NOT_CARE);
00217                   /* test owner's pax_role */
00218                   i_tid.user = owner;
00219                   if (rsbac_get_attr(SW_PAX,
00220                                      T_USER,
00221                                      i_tid,
00222                                      A_pax_role,
00223                                      &i_attr_val1,
00224                                      TRUE))
00225                     {
00226                       rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role);
00227                       return(NOT_GRANTED);
00228                     }
00229                   /* security officer? -> grant  */
00230                   if (i_attr_val1.system_role == SR_security_officer)
00231                     return(GRANTED);
00232                   else
00233                     return(NOT_GRANTED);
00234 
00235                 /* all other cases are unknown */
00236                 default: return(DO_NOT_CARE);
00237               }
00238 
00239 /*********************/
00240         default: return DO_NOT_CARE;
00241       }
00242 
00243     return DO_NOT_CARE;
00244   } /* end of rsbac_adf_request_pax() */


Generated on Wed May 16 11:54:14 2007 for RSBAC by  doxygen 1.5.1