#include <linux/string.h>
#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/adf_main.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/getname.h>
#include <rsbac/network.h>
#include <rsbac/debug.h>
#include <rsbac/jail.h>
Go to the source code of this file.
static enum rsbac_adf_req_ret_t jail_check_sysrole | ( | rsbac_uid_t | owner, | |
enum rsbac_system_role_t | role | |||
) | [static] |
Definition at line 159 of file jail_main.c.
References A_jail_role, GRANTED, NOT_GRANTED, rsbac_get_attr, SW_JAIL, rsbac_attribute_value_t::system_role, T_USER, TRUE, and rsbac_target_id_t::user.
Referenced by rsbac_adf_request_jail().
00161 { 00162 union rsbac_target_id_t i_tid; 00163 union rsbac_attribute_value_t i_attr_val1; 00164 00165 i_tid.user = owner; 00166 if (rsbac_get_attr(SW_JAIL, T_USER, i_tid, 00167 A_jail_role, &i_attr_val1, TRUE)) { 00168 rsbac_ds_get_error("jail_check_sysrole()", A_jail_role); 00169 return (NOT_GRANTED); 00170 } 00171 /* if correct role, then grant */ 00172 if (i_attr_val1.system_role == role) 00173 return (GRANTED); 00174 else 00175 return (NOT_GRANTED); 00176 }
static rsbac_boolean_t jail_dev_tty | ( | struct rsbac_dev_desc_t | dev | ) | [inline, static] |
Definition at line 31 of file jail_main.c.
References D_char, FALSE, rsbac_dev_desc_t::major, TRUE, and rsbac_dev_desc_t::type.
Referenced by rsbac_adf_request_jail().
00032 { 00033 if (dev.type != D_char) 00034 return FALSE; 00035 if (((dev.major >= 2) 00036 && (dev.major <= 4) 00037 ) 00038 || ((dev.major >= 128) 00039 && (dev.major <= 143) 00040 ) 00041 ) 00042 return TRUE; 00043 else 00044 return FALSE; 00045 }
static rsbac_jail_flags_t jail_get_flags_process | ( | rsbac_pid_t | pid | ) | [static] |
Definition at line 109 of file jail_main.c.
References A_jail_flags, rsbac_attribute_value_t::jail_flags, rsbac_target_id_t::process, rsbac_get_attr, SW_JAIL, T_PROCESS, and TRUE.
Referenced by rsbac_adf_request_jail().
00110 { 00111 int err; 00112 union rsbac_target_id_t i_tid; 00113 union rsbac_attribute_value_t i_attr_val1; 00114 00115 i_tid.process = pid; 00116 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, i_tid, 00117 A_jail_flags, &i_attr_val1, TRUE))) { 00118 rsbac_ds_get_error("jail_get_flags_process()", 00119 A_jail_flags); 00120 return 0; 00121 } else 00122 return i_attr_val1.jail_flags; 00123 }
static rsbac_jail_id_t jail_get_id | ( | enum rsbac_target_t | target, | |
union rsbac_target_id_t | tid | |||
) | [static] |
Definition at line 48 of file jail_main.c.
References A_jail_id, rsbac_attribute_value_t::jail_id, rsbac_get_attr, SW_JAIL, and TRUE.
Referenced by rsbac_adf_request_jail().
00049 { 00050 int err; 00051 union rsbac_attribute_value_t i_attr_val1; 00052 00053 if ((err = rsbac_get_attr(SW_JAIL, 00054 target, 00055 tid, A_jail_id, &i_attr_val1, TRUE))) { 00056 rsbac_ds_get_error("jail_get_id()", A_jail_id); 00057 return 0; 00058 } else 00059 return i_attr_val1.jail_id; 00060 }
static rsbac_jail_id_t jail_get_id_process | ( | rsbac_pid_t | pid | ) | [static] |
Definition at line 62 of file jail_main.c.
References A_jail_id, rsbac_attribute_value_t::jail_id, rsbac_target_id_t::process, rsbac_get_attr, SW_JAIL, T_PROCESS, and TRUE.
Referenced by rsbac_adf_request_jail().
00063 { 00064 int err; 00065 union rsbac_target_id_t i_tid; 00066 union rsbac_attribute_value_t i_attr_val1; 00067 00068 i_tid.process = pid; 00069 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, 00070 i_tid, A_jail_id, &i_attr_val1, TRUE))) { 00071 rsbac_ds_get_error("jail_get_id_process()", A_jail_id); 00072 return 0; 00073 } else 00074 return i_attr_val1.jail_id; 00075 }
static rsbac_jail_id_t jail_get_parent_process | ( | rsbac_pid_t | pid | ) | [inline, static] |
Definition at line 77 of file jail_main.c.
References A_jail_parent, rsbac_attribute_value_t::jail_parent, rsbac_target_id_t::process, rsbac_get_attr, SW_JAIL, T_PROCESS, and TRUE.
Referenced by rsbac_adf_request_jail().
00078 { 00079 int err; 00080 union rsbac_target_id_t i_tid; 00081 union rsbac_attribute_value_t i_attr_val1; 00082 00083 i_tid.process = pid; 00084 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, 00085 i_tid, A_jail_parent, &i_attr_val1, TRUE))) { 00086 rsbac_ds_get_error("jail_get_parent_process()", A_jail_parent); 00087 return 0; 00088 } else 00089 return i_attr_val1.jail_parent; 00090 }
static rsbac_jail_scd_vector_t jail_get_scd_get_process | ( | rsbac_pid_t | pid | ) | [inline, static] |
Definition at line 125 of file jail_main.c.
References A_jail_scd_get, rsbac_attribute_value_t::jail_scd_get, rsbac_target_id_t::process, rsbac_get_attr, SW_JAIL, T_PROCESS, and TRUE.
Referenced by rsbac_adf_request_jail().
00126 { 00127 int err; 00128 union rsbac_target_id_t i_tid; 00129 union rsbac_attribute_value_t i_attr_val1; 00130 00131 i_tid.process = pid; 00132 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, i_tid, 00133 A_jail_scd_get, &i_attr_val1, TRUE))) { 00134 rsbac_ds_get_error("jail_get_scd_get_process()", 00135 A_jail_scd_get); 00136 return 0; 00137 } else 00138 return i_attr_val1.jail_scd_get; 00139 }
static rsbac_jail_scd_vector_t jail_get_scd_modify_process | ( | rsbac_pid_t | pid | ) | [inline, static] |
Definition at line 141 of file jail_main.c.
References A_jail_scd_modify, rsbac_attribute_value_t::jail_scd_modify, rsbac_target_id_t::process, rsbac_get_attr, SW_JAIL, T_PROCESS, and TRUE.
Referenced by rsbac_adf_request_jail().
00142 { 00143 int err; 00144 union rsbac_target_id_t i_tid; 00145 union rsbac_attribute_value_t i_attr_val1; 00146 00147 i_tid.process = pid; 00148 if ((err = rsbac_get_attr(SW_JAIL, T_PROCESS, i_tid, 00149 A_jail_scd_modify, 00150 &i_attr_val1, TRUE))) { 00151 rsbac_ds_get_error("jail_get_scd_modify_process()", 00152 A_jail_scd_modify); 00153 return 0; 00154 } else 00155 return i_attr_val1.jail_scd_modify; 00156 }
enum rsbac_adf_req_ret_t rsbac_adf_request_jail | ( | enum rsbac_adf_request_t | request, | |
rsbac_pid_t | caller_pid, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t | attr_val, | |||
rsbac_uid_t | owner | |||
) |
Definition at line 338 of file jail_main.c.
References A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_parent, A_jail_role, A_jail_scd_get, A_jail_scd_modify, A_none, A_system_role, rsbac_target_id_t::dev, DO_NOT_CARE, JAIL_allow_all_net_family, JAIL_allow_dev_get_status, JAIL_allow_dev_mod_system, JAIL_allow_dev_read, JAIL_allow_dev_write, JAIL_allow_external_ipc, JAIL_allow_ipc_to_syslog, JAIL_allow_mount, JAIL_allow_parent_ipc, JAIL_allow_suid_files, JAIL_allow_tty_open, jail_check_sysrole(), jail_dev_tty(), jail_get_flags_process(), jail_get_id(), jail_get_id_process(), jail_get_parent_process(), jail_get_scd_get_process(), jail_get_scd_modify_process(), KERNEL_VERSION, rsbac_target_id_t::netobj, NOT_GRANTED, rsbac_target_id_t::process, R_ACCEPT, R_ADD_TO_KERNEL, R_ALTER, R_APPEND_OPEN, R_BIND, R_CONNECT, R_CREATE, R_DELETE, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_LISTEN, R_MODIFY_ATTRIBUTE, R_MODIFY_PERMISSIONS_DATA, R_MODIFY_SYSTEM_DATA, R_MOUNT, R_READ, R_READ_ATTRIBUTE, R_READ_OPEN, R_READ_WRITE_OPEN, R_RECEIVE, R_REMOVE_FROM_KERNEL, R_SEND, R_SEND_SIGNAL, R_SHUTDOWN, R_SWITCH_LOG, R_SWITCH_MODULE, R_TRACE, R_UMOUNT, R_WRITE, R_WRITE_OPEN, rsbac_jail_syslog_jail_id, rsbac_pr_debug, rsbac_printk(), RSBAC_SCD_VECTOR, rsbac_target_id_t::scd, rsbac_net_obj_desc_t::sock_p, SR_administrator, SR_security_officer, SW_FREEZE, SW_JAIL, SW_SOFTMODE, T_DEV, T_DIR, T_FIFO, T_FILE, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NONE, T_PROCESS, T_SCD, T_SYMLINK, T_UNIXSOCK, T_USER, and UNDEFINED.
Referenced by rsbac_adf_request_int().
00345 { 00346 rsbac_jail_id_t jail_id; 00347 rsbac_jail_id_t jail_id_object; 00348 rsbac_jail_flags_t jail_flags; 00349 00350 switch(target) { 00351 case T_DEV: 00352 switch(request) { 00353 case R_SEND: 00354 if (jail_get_id_process(caller_pid)) 00355 return NOT_GRANTED; 00356 else 00357 return GRANTED; 00358 case R_APPEND_OPEN: 00359 case R_WRITE_OPEN: 00360 if (jail_get_id_process(caller_pid)) { 00361 jail_flags = 00362 jail_get_flags_process(caller_pid); 00363 if (!(jail_flags & JAIL_allow_dev_write)) 00364 return NOT_GRANTED; 00365 else if (jail_dev_tty(tid.dev) 00366 && !(jail_flags & 00367 JAIL_allow_tty_open) 00368 ) 00369 return NOT_GRANTED; 00370 else 00371 return GRANTED; 00372 } else 00373 return GRANTED; 00374 case R_READ_OPEN: 00375 if (jail_get_id_process(caller_pid)) { 00376 jail_flags = 00377 jail_get_flags_process(caller_pid); 00378 if (!(jail_flags & JAIL_allow_dev_read)) 00379 return NOT_GRANTED; 00380 else if (jail_dev_tty(tid.dev) 00381 && !(jail_flags & 00382 JAIL_allow_tty_open) 00383 ) 00384 return NOT_GRANTED; 00385 else 00386 return GRANTED; 00387 } else 00388 return GRANTED; 00389 case R_READ_WRITE_OPEN: 00390 if (jail_get_id_process(caller_pid)) { 00391 jail_flags = 00392 jail_get_flags_process(caller_pid); 00393 if (!(jail_flags & JAIL_allow_dev_read) 00394 || !(jail_flags & JAIL_allow_dev_write) 00395 ) 00396 return NOT_GRANTED; 00397 else if (jail_dev_tty(tid.dev) 00398 && !(jail_flags & 00399 JAIL_allow_tty_open) 00400 ) 00401 return NOT_GRANTED; 00402 else 00403 return GRANTED; 00404 } else 00405 return GRANTED; 00406 case R_GET_STATUS_DATA: 00407 if (jail_get_id_process(caller_pid) 00408 && !(jail_get_flags_process(caller_pid) & 00409 JAIL_allow_dev_get_status) 00410 ) 00411 return NOT_GRANTED; 00412 else 00413 return GRANTED; 00414 case R_MODIFY_SYSTEM_DATA: 00415 if (jail_get_id_process(caller_pid) 00416 && !(jail_get_flags_process(caller_pid) & 00417 JAIL_allow_dev_mod_system) 00418 ) 00419 return NOT_GRANTED; 00420 else 00421 return GRANTED; 00422 case R_READ: 00423 if (jail_get_id_process(caller_pid) 00424 && !(jail_get_flags_process(caller_pid) & 00425 JAIL_allow_dev_read) 00426 ) 00427 return NOT_GRANTED; 00428 else 00429 return GRANTED; 00430 case R_WRITE: 00431 if (jail_get_id_process(caller_pid) 00432 && !(jail_get_flags_process(caller_pid) & 00433 JAIL_allow_dev_write) 00434 ) 00435 return NOT_GRANTED; 00436 else 00437 return GRANTED; 00438 default: 00439 return DO_NOT_CARE; 00440 } 00441 case T_DIR: 00442 switch(request) { 00443 case R_CREATE: 00444 if (!jail_get_id_process(caller_pid)) 00445 return GRANTED; 00446 /* no mknod for devices or suid/sgid */ 00447 if ((attr == A_create_data) 00448 && (S_ISCHR(attr_val.create_data.mode) 00449 || S_ISBLK(attr_val.create_data.mode) 00450 || ((attr_val.create_data.mode & (S_ISUID | S_ISGID)) 00451 && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files) 00452 ) 00453 ) 00454 ) 00455 return NOT_GRANTED; 00456 else 00457 return GRANTED; 00458 case R_MODIFY_PERMISSIONS_DATA: 00459 if (jail_get_id_process(caller_pid) 00460 && (attr == A_mode) 00461 && (attr_val.mode & (S_ISUID | S_ISGID)) 00462 && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files) 00463 ) 00464 return NOT_GRANTED; 00465 else 00466 return GRANTED; 00467 default: 00468 return DO_NOT_CARE; 00469 } 00470 case T_FILE: 00471 switch(request) { 00472 case R_ADD_TO_KERNEL: 00473 case R_REMOVE_FROM_KERNEL: 00474 if (jail_get_id_process(caller_pid)) 00475 return NOT_GRANTED; 00476 else 00477 return GRANTED; 00478 case R_MOUNT: 00479 case R_UMOUNT: 00480 if (!jail_get_id_process(caller_pid) 00481 || (jail_get_flags_process(caller_pid) & JAIL_allow_mount) 00482 ) 00483 return GRANTED; 00484 else 00485 return NOT_GRANTED; 00486 case R_MODIFY_PERMISSIONS_DATA: 00487 if (jail_get_id_process(caller_pid) 00488 && (attr == A_mode) 00489 && (attr_val.mode & (S_ISUID | S_ISGID)) 00490 && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files) 00491 ) 00492 return NOT_GRANTED; 00493 else 00494 return GRANTED; 00495 default: 00496 return DO_NOT_CARE; 00497 } 00498 case T_PROCESS: 00499 switch(request) { 00500 case R_GET_STATUS_DATA: 00501 case R_SEND_SIGNAL: 00502 case R_MODIFY_SYSTEM_DATA: 00503 case R_TRACE: 00504 jail_id = jail_get_id_process(caller_pid); 00505 if (!jail_id 00506 || (jail_id == jail_get_id(target, tid)) 00507 ) 00508 return GRANTED; 00509 else 00510 return NOT_GRANTED; 00511 case R_MODIFY_ATTRIBUTE: 00512 switch (attr) { 00513 case A_jail_id: 00514 case A_jail_ip: 00515 case A_jail_flags: 00516 case A_jail_max_caps: 00517 case A_jail_parent: 00518 case A_jail_scd_get: 00519 case A_jail_scd_modify: 00520 /* All attributes (remove target!) */ 00521 case A_none: 00522 if (jail_get_id_process(caller_pid)) 00523 return NOT_GRANTED; 00524 00525 /* Security Officer? */ 00526 return jail_check_sysrole(owner, 00527 SR_security_officer); 00528 default: 00529 return DO_NOT_CARE; 00530 } 00531 case R_READ_ATTRIBUTE: 00532 switch (attr) { 00533 case A_jail_id: 00534 case A_jail_ip: 00535 case A_jail_flags: 00536 case A_jail_max_caps: 00537 case A_jail_parent: 00538 case A_jail_scd_get: 00539 case A_jail_scd_modify: 00540 /* All attributes (remove target!) */ 00541 case A_none: 00542 if (jail_get_id_process(caller_pid)) 00543 return NOT_GRANTED; 00544 00545 /* Security Officer? */ 00546 if (jail_check_sysrole(owner, SR_administrator) == 00547 NOT_GRANTED) 00548 return jail_check_sysrole(owner, 00549 SR_security_officer); 00550 else 00551 return GRANTED; 00552 default: 00553 return (DO_NOT_CARE); 00554 } 00555 default: 00556 return DO_NOT_CARE; 00557 } 00558 case T_UNIXSOCK: 00559 switch(request) { 00560 case R_SEND: 00561 case R_CONNECT: 00562 case R_LISTEN: 00563 case R_ACCEPT: 00564 case R_RECEIVE: 00565 #ifdef CONFIG_RSBAC_RW 00566 case R_READ: 00567 case R_WRITE: 00568 #endif 00569 case R_BIND: 00570 jail_id = jail_get_id_process(caller_pid); 00571 if (!jail_id) 00572 return GRANTED; 00573 if (attr == A_process) { 00574 union rsbac_target_id_t i_tid; 00575 rsbac_jail_id_t jail_id_parent; 00576 00577 i_tid.process = attr_val.process; 00578 jail_id_parent = jail_get_parent_process(caller_pid); 00579 if((jail_id != (jail_id_object = jail_get_id(T_PROCESS, i_tid))) 00580 && !((jail_flags = jail_get_flags_process(caller_pid)) & JAIL_allow_external_ipc) 00581 && (!(jail_flags & JAIL_allow_parent_ipc) 00582 || (jail_id_object != jail_id_parent) 00583 ) 00584 && (!(jail_flags & JAIL_allow_ipc_to_syslog) 00585 || (jail_id_object != rsbac_jail_syslog_jail_id) 00586 ) 00587 ) { 00588 rsbac_pr_debug(adf_jail, 00589 "process jail %u does not match partner process jail %u, parent jail is %u -> NOT_GRANTED!\n", 00590 jail_id, jail_id_object, jail_id_parent); 00591 return NOT_GRANTED; 00592 } 00593 } else { 00594 if(!(jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)) { 00595 rsbac_pr_debug(adf_jail, 00596 "process jail is %u, no allow_ipc and partner process unknown -> NOT_GRANTED!\n", 00597 jail_id); 00598 return NOT_GRANTED; 00599 } 00600 } 00601 return GRANTED; 00602 default: 00603 return DO_NOT_CARE; 00604 } 00605 #ifdef CONFIG_RSBAC_NET_OBJ 00606 case T_NETOBJ: 00607 switch(request) { 00608 case R_SEND: 00609 case R_RECEIVE: 00610 case R_CONNECT: 00611 case R_LISTEN: 00612 case R_ACCEPT: 00613 case R_GET_PERMISSIONS_DATA: 00614 case R_MODIFY_PERMISSIONS_DATA: 00615 case R_GET_STATUS_DATA: 00616 case R_READ: 00617 case R_WRITE: 00618 case R_BIND: 00619 if (!jail_get_id_process(caller_pid)) 00620 return GRANTED; 00621 return (jail_check_ip(caller_pid, tid)); 00622 case R_CREATE: 00623 if (!jail_get_id_process(caller_pid)) 00624 return GRANTED; 00625 if (!tid.netobj.sock_p) { 00626 rsbac_printk(KERN_WARNING "rsbac_adf_request_jail(): NULL sock_p on CREATE!\n"); 00627 return NOT_GRANTED; 00628 } 00629 if (!tid.netobj.sock_p->ops) { 00630 return DO_NOT_CARE; 00631 } 00632 switch (tid.netobj.sock_p->ops->family) { 00633 case AF_UNIX: 00634 return (GRANTED); 00635 00636 case AF_INET: 00637 switch (tid.netobj.sock_p->type) { 00638 case SOCK_STREAM: 00639 case SOCK_DGRAM: 00640 case SOCK_RDM: 00641 if (tid.netobj.sock_p->sk 00642 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00643 && (tid.netobj.sock_p->sk-> 00644 sk_protocol == IPPROTO_RAW) 00645 #else 00646 && (tid.netobj.sock_p->sk-> 00647 protocol == IPPROTO_RAW) 00648 #endif 00649 ) { 00650 jail_flags = 00651 jail_get_flags_process 00652 (caller_pid); 00653 if (jail_flags & 00654 JAIL_allow_inet_raw) 00655 return (GRANTED); 00656 else 00657 return NOT_GRANTED; 00658 } else 00659 return GRANTED; 00660 00661 case SOCK_RAW: 00662 jail_flags = 00663 jail_get_flags_process 00664 (caller_pid); 00665 if (jail_flags & 00666 JAIL_allow_inet_raw) 00667 return (GRANTED); 00668 else 00669 return NOT_GRANTED; 00670 00671 default: 00672 return (NOT_GRANTED); 00673 } 00674 00675 default: 00676 jail_flags = 00677 jail_get_flags_process(caller_pid); 00678 if (jail_flags & JAIL_allow_all_net_family) 00679 return (GRANTED); 00680 else 00681 return (NOT_GRANTED); 00682 } 00683 default: 00684 return DO_NOT_CARE; 00685 } 00686 #endif /* NET_OBJ */ 00687 case T_IPC: 00688 switch(request) { 00689 case R_ALTER: 00690 case R_APPEND_OPEN: 00691 case R_WRITE_OPEN: 00692 case R_READ_OPEN: 00693 case R_READ_WRITE_OPEN: 00694 case R_DELETE: 00695 case R_MODIFY_PERMISSIONS_DATA: 00696 case R_GET_STATUS_DATA: 00697 jail_id = jail_get_id_process(caller_pid); 00698 if (!jail_id 00699 || (jail_id == (jail_id_object = jail_get_id(target, tid))) 00700 || ((jail_flags = jail_get_flags_process(caller_pid)) & 00701 JAIL_allow_external_ipc) 00702 || ((jail_flags & JAIL_allow_parent_ipc) 00703 && (jail_get_parent_process(caller_pid) == jail_id_object) 00704 ) 00705 || ((jail_flags & JAIL_allow_ipc_to_syslog) 00706 && (rsbac_jail_syslog_jail_id == jail_id_object) 00707 ) 00708 ) 00709 return GRANTED; 00710 else { 00711 rsbac_pr_debug(adf_jail, 00712 "process jail %u does not match IPC object jail %u -> NOT_GRANTED!\n", 00713 jail_id, jail_id_object); 00714 return NOT_GRANTED; 00715 } 00716 case R_CREATE: 00717 return GRANTED; 00718 case R_MODIFY_ATTRIBUTE: 00719 switch (attr) { 00720 case A_jail_id: 00721 /* All attributes (remove target!) */ 00722 case A_none: 00723 if (jail_get_id_process(caller_pid)) 00724 return NOT_GRANTED; 00725 00726 /* Security Officer? */ 00727 return jail_check_sysrole(owner, 00728 SR_security_officer); 00729 default: 00730 return DO_NOT_CARE; 00731 } 00732 case R_READ_ATTRIBUTE: 00733 switch (attr) { 00734 case A_jail_id: 00735 /* All attributes (remove target!) */ 00736 case A_none: 00737 if (jail_get_id_process(caller_pid)) 00738 return NOT_GRANTED; 00739 00740 /* Security Officer? */ 00741 if (jail_check_sysrole(owner, SR_administrator) == 00742 NOT_GRANTED) 00743 return jail_check_sysrole(owner, 00744 SR_security_officer); 00745 else 00746 return GRANTED; 00747 default: 00748 return (DO_NOT_CARE); 00749 } 00750 default: 00751 jail_id = jail_get_id_process(caller_pid); 00752 if (!jail_id) 00753 return GRANTED; 00754 if((jail_flags = jail_get_flags_process(caller_pid)) & 00755 JAIL_allow_external_ipc) 00756 return GRANTED; 00757 jail_id_object = jail_get_id(target, tid); 00758 if((jail_flags & JAIL_allow_parent_ipc) 00759 && (jail_get_parent_process(caller_pid) == jail_id_object)) 00760 return GRANTED; 00761 if((jail_flags & JAIL_allow_ipc_to_syslog) 00762 && (rsbac_jail_syslog_jail_id == jail_id_object)) 00763 return GRANTED; 00764 if(jail_id != jail_id_object) { 00765 rsbac_pr_debug(adf_jail, 00766 "process jail %u does not match IPC object jail %u -> NOT_GRANTED!\n", 00767 jail_id, jail_id_object); 00768 return NOT_GRANTED; 00769 } 00770 if (attr == A_process) { 00771 union rsbac_target_id_t i_tid; 00772 rsbac_jail_id_t jail_id_parent; 00773 00774 i_tid.process = attr_val.process; 00775 jail_id_parent = jail_get_parent_process(caller_pid); 00776 if((jail_id != (jail_id_object = jail_get_id(T_PROCESS, i_tid))) 00777 && !(jail_flags & JAIL_allow_external_ipc) 00778 && (!(jail_flags & JAIL_allow_parent_ipc) 00779 || (jail_id_object != jail_id_parent) 00780 ) 00781 ) { 00782 rsbac_pr_debug(adf_jail, 00783 "process jail %u does not match partner process jail %u, parent jail is %u -> NOT_GRANTED!\n", 00784 jail_id, jail_id_object, jail_id_parent); 00785 return NOT_GRANTED; 00786 } 00787 } 00788 return GRANTED; 00789 } 00790 case T_FIFO: 00791 case T_SYMLINK: 00792 switch(request) { 00793 case R_MODIFY_PERMISSIONS_DATA: 00794 if (jail_get_id_process(caller_pid) 00795 && (attr == A_mode) 00796 && (attr_val.mode & (S_ISUID | S_ISGID)) 00797 && !(jail_get_flags_process(caller_pid) & JAIL_allow_suid_files) 00798 ) 00799 return NOT_GRANTED; 00800 else 00801 return GRANTED; 00802 default: 00803 return DO_NOT_CARE; 00804 } 00805 case T_SCD: 00806 switch(request) { 00807 case R_MODIFY_PERMISSIONS_DATA: 00808 if (jail_get_id_process(caller_pid)) 00809 return NOT_GRANTED; 00810 else 00811 return GRANTED; 00812 case R_GET_STATUS_DATA: 00813 if (jail_get_id_process(caller_pid)) { 00814 if (jail_get_scd_get_process(caller_pid) & 00815 RSBAC_SCD_VECTOR(tid.scd)) 00816 return GRANTED; 00817 else 00818 return NOT_GRANTED; 00819 } else 00820 return GRANTED; 00821 case R_MODIFY_SYSTEM_DATA: 00822 if (jail_get_id_process(caller_pid)) { 00823 if (jail_get_scd_modify_process(caller_pid) 00824 & RSBAC_SCD_VECTOR(tid.scd)) 00825 return (GRANTED); 00826 else 00827 return NOT_GRANTED; 00828 } else 00829 return GRANTED; 00830 default: 00831 return DO_NOT_CARE; 00832 } 00833 case T_NONE: 00834 switch(request) { 00835 case R_ADD_TO_KERNEL: 00836 case R_REMOVE_FROM_KERNEL: 00837 case R_SHUTDOWN: 00838 if (jail_get_id_process(caller_pid)) 00839 return NOT_GRANTED; 00840 else 00841 return GRANTED; 00842 case R_SWITCH_LOG: 00843 if (jail_get_id_process(caller_pid)) 00844 return NOT_GRANTED; 00845 /* test owner's fc_role */ 00846 return jail_check_sysrole(owner, 00847 SR_security_officer); 00848 case R_SWITCH_MODULE: 00849 /* we need the switch_target */ 00850 if (attr != A_switch_target) 00851 return (UNDEFINED); 00852 /* do not care for other modules */ 00853 if ((attr_val.switch_target != SW_JAIL) 00854 #ifdef CONFIG_RSBAC_SOFTMODE 00855 && (attr_val.switch_target != SW_SOFTMODE) 00856 #endif 00857 #ifdef CONFIG_RSBAC_FREEZE 00858 && (attr_val.switch_target != SW_FREEZE) 00859 #endif 00860 ) 00861 return (DO_NOT_CARE); 00862 if (jail_get_id_process(caller_pid)) 00863 return NOT_GRANTED; 00864 /* test owner's fc_role */ 00865 return jail_check_sysrole(owner, 00866 SR_security_officer); 00867 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE 00868 /* switching Linux DAC */ 00869 case R_MODIFY_PERMISSIONS_DATA: 00870 if (jail_get_id_process(caller_pid)) 00871 return NOT_GRANTED; 00872 else 00873 return GRANTED; 00874 #endif 00875 default: 00876 return DO_NOT_CARE; 00877 } 00878 case T_NETDEV: 00879 switch(request) { 00880 #ifdef CONFIG_RSBAC_JAIL_NET_DEV_PROT 00881 case R_MODIFY_SYSTEM_DATA: 00882 case R_BIND: 00883 if (jail_get_id_process(caller_pid)) 00884 return NOT_GRANTED; 00885 else 00886 return GRANTED; 00887 #endif 00888 default: 00889 return DO_NOT_CARE; 00890 } 00891 00892 #if defined(CONFIG_RSBAC_NET_OBJ) 00893 case T_NETTEMP: 00894 switch(request) { 00895 case R_CREATE: 00896 case R_DELETE: 00897 case R_WRITE: 00898 if (jail_get_id_process(caller_pid)) 00899 return NOT_GRANTED; 00900 return jail_check_sysrole(owner, SR_security_officer); 00901 case R_READ: 00902 if (jail_get_id_process(caller_pid)) 00903 return NOT_GRANTED; 00904 if (jail_check_sysrole(owner, SR_security_officer) 00905 == GRANTED) 00906 return GRANTED; 00907 return jail_check_sysrole(owner, SR_administrator); 00908 default: 00909 return DO_NOT_CARE; 00910 } 00911 #endif 00912 00913 case T_USER: 00914 switch(request) { 00915 case R_MODIFY_ATTRIBUTE: 00916 switch (attr) { 00917 case A_system_role: 00918 case A_jail_role: 00919 /* All attributes (remove target!) */ 00920 case A_none: 00921 if (jail_get_id_process(caller_pid)) 00922 return NOT_GRANTED; 00923 00924 /* Security Officer? */ 00925 return jail_check_sysrole(owner, 00926 SR_security_officer); 00927 default: 00928 return DO_NOT_CARE; 00929 } 00930 case R_READ_ATTRIBUTE: 00931 switch (attr) { 00932 case A_system_role: 00933 case A_jail_role: 00934 /* All attributes (remove target!) */ 00935 case A_none: 00936 if (jail_get_id_process(caller_pid)) 00937 return NOT_GRANTED; 00938 00939 /* Security Officer? */ 00940 if (jail_check_sysrole(owner, SR_administrator) == 00941 NOT_GRANTED) 00942 return jail_check_sysrole(owner, 00943 SR_security_officer); 00944 else 00945 return GRANTED; 00946 default: 00947 return (DO_NOT_CARE); 00948 } 00949 default: 00950 return DO_NOT_CARE; 00951 } 00952 00953 /* all other cases are unknown */ 00954 default: 00955 return DO_NOT_CARE; 00956 } 00957 }
int rsbac_adf_set_attr_jail | ( | enum rsbac_adf_request_t | request, | |
rsbac_pid_t | caller_pid, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid, | |||
enum rsbac_target_t | new_target, | |||
union rsbac_target_id_t | new_tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t | attr_val, | |||
rsbac_uid_t | owner | |||
) |
Definition at line 969 of file jail_main.c.
References A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_scd_get, A_jail_scd_modify, FALSE, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::jail_ip, rsbac_attribute_value_t::jail_max_caps, rsbac_target_id_t::netobj, rsbac_target_id_t::process, R_BIND, R_CHANGE_OWNER, R_CLONE, R_CREATE, R_EXECUTE, RSBAC_EREADFAILED, RSBAC_EWRITEFAILED, rsbac_get_attr, rsbac_printk(), rsbac_set_attr, rsbac_net_obj_desc_t::sock_p, SW_JAIL, T_FILE, T_IPC, T_NETOBJ, T_PROCESS, and TRUE.
Referenced by rsbac_adf_set_attr().
00978 { 00979 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST 00980 int err; 00981 #endif 00982 union rsbac_target_id_t i_tid; 00983 union rsbac_attribute_value_t i_attr_val1; 00984 union rsbac_attribute_value_t i_attr_val2; 00985 00986 switch (request) { 00987 case R_CHANGE_OWNER: 00988 switch (target) { 00989 case T_PROCESS: 00990 /* Adjust Linux caps */ 00991 i_tid.process = caller_pid; 00992 #ifdef CONFIG_RSBAC_SOFTMODE 00993 if (!rsbac_softmode) 00994 #endif 00995 { 00996 if (rsbac_get_attr(SW_JAIL, 00997 T_PROCESS, 00998 i_tid, 00999 A_jail_max_caps, 01000 &i_attr_val1, FALSE)) { 01001 rsbac_ds_get_error 01002 ("rsbac_adf_set_attr_jail()", 01003 A_jail_max_caps); 01004 } else { 01005 extern spinlock_t 01006 task_capability_lock; 01007 01008 /* set caps for process */ 01009 spin_lock(&task_capability_lock); 01010 current->cap_permitted &= 01011 i_attr_val1.jail_max_caps; 01012 current->cap_effective &= 01013 i_attr_val1.jail_max_caps; 01014 current->cap_inheritable &= 01015 i_attr_val1.jail_max_caps; 01016 spin_unlock(&task_capability_lock); 01017 } 01018 } 01019 return 0; 01020 01021 /* all other cases are unknown */ 01022 default: 01023 return 0; 01024 } 01025 01026 case R_CLONE: 01027 if (target == T_PROCESS) { 01028 union rsbac_attribute_value_t i_attr_val3; 01029 union rsbac_attribute_value_t i_attr_val4; 01030 union rsbac_attribute_value_t i_attr_val5; 01031 union rsbac_attribute_value_t i_attr_val6; 01032 01033 /* Get jail_id from first process */ 01034 if (rsbac_get_attr(SW_JAIL, 01035 T_PROCESS, 01036 tid, 01037 A_jail_id, 01038 &i_attr_val1, FALSE)) { 01039 rsbac_ds_get_error 01040 ("rsbac_adf_set_attr_jail()", 01041 A_jail_id); 01042 return (-RSBAC_EREADFAILED); 01043 } 01044 /* Do not copy anything, if not jailed - defaults are fine */ 01045 if(!i_attr_val1.jail_id) 01046 return 0; 01047 /* Get jail_ip from first process */ 01048 if (rsbac_get_attr(SW_JAIL, 01049 T_PROCESS, 01050 tid, 01051 A_jail_ip, 01052 &i_attr_val2, FALSE)) { 01053 rsbac_ds_get_error 01054 ("rsbac_adf_set_attr_jail()", 01055 A_jail_ip); 01056 return (-RSBAC_EREADFAILED); 01057 } 01058 /* Get jail_flags from first process */ 01059 if (rsbac_get_attr(SW_JAIL, 01060 T_PROCESS, 01061 tid, 01062 A_jail_flags, 01063 &i_attr_val3, FALSE)) { 01064 rsbac_ds_get_error 01065 ("rsbac_adf_set_attr_jail()", 01066 A_jail_flags); 01067 return (-RSBAC_EREADFAILED); 01068 } 01069 /* Get jail_max_caps from first process */ 01070 if (rsbac_get_attr(SW_JAIL, 01071 T_PROCESS, 01072 tid, 01073 A_jail_max_caps, 01074 &i_attr_val4, FALSE)) { 01075 rsbac_ds_get_error 01076 ("rsbac_adf_set_attr_jail()", 01077 A_jail_max_caps); 01078 return (-RSBAC_EREADFAILED); 01079 } 01080 /* Get jail_scd_get from first process */ 01081 if (rsbac_get_attr(SW_JAIL, 01082 T_PROCESS, 01083 tid, 01084 A_jail_scd_get, 01085 &i_attr_val5, FALSE)) { 01086 rsbac_ds_get_error 01087 ("rsbac_adf_set_attr_jail()", 01088 A_jail_scd_get); 01089 return (-RSBAC_EREADFAILED); 01090 } 01091 /* Get jail_scd_modify from first process */ 01092 if (rsbac_get_attr(SW_JAIL, 01093 T_PROCESS, 01094 tid, 01095 A_jail_scd_modify, 01096 &i_attr_val6, FALSE)) { 01097 rsbac_ds_get_error 01098 ("rsbac_adf_set_attr_jail()", 01099 A_jail_scd_modify); 01100 return (-RSBAC_EREADFAILED); 01101 } 01102 /* Set jail_id for new process */ 01103 if (rsbac_set_attr(SW_JAIL, 01104 T_PROCESS, 01105 new_tid, 01106 A_jail_id, i_attr_val1)) { 01107 rsbac_ds_set_error 01108 ("rsbac_adf_set_attr_jail()", 01109 A_jail_id); 01110 return (-RSBAC_EWRITEFAILED); 01111 } 01112 /* Set jail_ip for new process */ 01113 if (rsbac_set_attr(SW_JAIL, 01114 T_PROCESS, 01115 new_tid, 01116 A_jail_ip, i_attr_val2)) { 01117 rsbac_ds_set_error 01118 ("rsbac_adf_set_attr_jail()", 01119 A_jail_ip); 01120 return (-RSBAC_EWRITEFAILED); 01121 } 01122 /* Set jail_flags for new process */ 01123 if (rsbac_set_attr(SW_JAIL, 01124 T_PROCESS, 01125 new_tid, 01126 A_jail_flags, i_attr_val3)) { 01127 rsbac_ds_set_error 01128 ("rsbac_adf_set_attr_jail()", 01129 A_jail_flags); 01130 return (-RSBAC_EWRITEFAILED); 01131 } 01132 /* Set jail_max_caps for new process */ 01133 if (rsbac_set_attr(SW_JAIL, 01134 T_PROCESS, 01135 new_tid, 01136 A_jail_max_caps, i_attr_val4)) { 01137 rsbac_ds_set_error 01138 ("rsbac_adf_set_attr_jail()", 01139 A_jail_max_caps); 01140 return (-RSBAC_EWRITEFAILED); 01141 } 01142 /* Set jail_scd_get for new process */ 01143 if (rsbac_set_attr(SW_JAIL, 01144 T_PROCESS, 01145 new_tid, 01146 A_jail_scd_get, i_attr_val5)) { 01147 rsbac_ds_set_error 01148 ("rsbac_adf_set_attr_jail()", 01149 A_jail_scd_get); 01150 return (-RSBAC_EWRITEFAILED); 01151 } 01152 /* Set jail_scd_modify for new process */ 01153 if (rsbac_set_attr(SW_JAIL, 01154 T_PROCESS, 01155 new_tid, 01156 A_jail_scd_modify, 01157 i_attr_val6)) { 01158 rsbac_ds_set_error 01159 ("rsbac_adf_set_attr_jail()", 01160 A_jail_scd_modify); 01161 return (-RSBAC_EWRITEFAILED); 01162 } 01163 return 0; 01164 } else 01165 return 0; 01166 01167 case R_EXECUTE: 01168 switch (target) { 01169 case T_FILE: 01170 /* Adjust Linux caps */ 01171 i_tid.process = caller_pid; 01172 #ifdef CONFIG_RSBAC_SOFTMODE 01173 if (!rsbac_softmode) 01174 #endif 01175 { 01176 if (rsbac_get_attr(SW_JAIL, 01177 T_PROCESS, 01178 i_tid, 01179 A_jail_max_caps, 01180 &i_attr_val1, FALSE)) { 01181 rsbac_ds_get_error 01182 ("rsbac_adf_set_attr_jail()", 01183 A_jail_max_caps); 01184 } else { 01185 extern spinlock_t 01186 task_capability_lock; 01187 01188 /* set caps for process */ 01189 spin_lock(&task_capability_lock); 01190 current->cap_permitted &= 01191 i_attr_val1.jail_max_caps; 01192 current->cap_effective &= 01193 i_attr_val1.jail_max_caps; 01194 current->cap_inheritable &= 01195 i_attr_val1.jail_max_caps; 01196 spin_unlock(&task_capability_lock); 01197 } 01198 } 01199 return 0; 01200 01201 /* all other cases are unknown */ 01202 default: 01203 return 0; 01204 } 01205 01206 case R_CREATE: 01207 if (target == T_IPC) { 01208 /* Get jail_id from process */ 01209 i_tid.process = caller_pid; 01210 if (rsbac_get_attr(SW_JAIL, 01211 T_PROCESS, 01212 i_tid, 01213 A_jail_id, 01214 &i_attr_val1, FALSE)) { 01215 rsbac_ds_get_error 01216 ("rsbac_adf_set_attr_jail()", 01217 A_jail_id); 01218 return (-RSBAC_EREADFAILED); 01219 } 01220 /* Set jail_id for new IPC */ 01221 if (rsbac_set_attr(SW_JAIL, 01222 T_IPC, 01223 tid, A_jail_id, i_attr_val1)) { 01224 rsbac_ds_set_error 01225 ("rsbac_adf_set_attr_jail()", 01226 A_jail_id); 01227 return (-RSBAC_EWRITEFAILED); 01228 } 01229 return 0; 01230 } 01231 /* fall through */ 01232 01233 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST 01234 case R_BIND: 01235 if (target != T_NETOBJ) 01236 return 0; 01237 if (!tid.netobj.sock_p) { 01238 rsbac_printk(KERN_WARNING 01239 "rsbac_adf_set_attr_jail(): NULL sock_p!\n"); 01240 return 0; 01241 } 01242 if (!tid.netobj.sock_p->ops) { 01243 return 0; 01244 } 01245 switch (tid.netobj.sock_p->ops->family) { 01246 case AF_INET: 01247 i_tid.process = caller_pid; 01248 if ((err = rsbac_get_attr(SW_JAIL, 01249 T_PROCESS, 01250 i_tid, 01251 A_jail_ip, 01252 &i_attr_val1, TRUE))) { 01253 rsbac_ds_get_error 01254 ("rsbac_adf_set_attr_jail()", 01255 A_jail_ip); 01256 return -RSBAC_EREADFAILED; 01257 } 01258 if (i_attr_val1.jail_ip == INADDR_ANY) 01259 return 0; 01260 if ((err = rsbac_get_attr(SW_JAIL, 01261 T_PROCESS, 01262 i_tid, 01263 A_jail_flags, 01264 &i_attr_val2, TRUE))) { 01265 rsbac_ds_get_error 01266 ("rsbac_adf_set_attr_jail()", 01267 A_jail_flags); 01268 return -RSBAC_EREADFAILED; 01269 } 01270 if (i_attr_val2. 01271 jail_flags & JAIL_auto_adjust_inet_any) { 01272 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 01273 inet_sk(tid.netobj.sock_p->sk)->rcv_saddr = 01274 i_attr_val1.jail_ip; 01275 inet_sk(tid.netobj.sock_p->sk)->saddr = 01276 i_attr_val1.jail_ip; 01277 #else 01278 tid.netobj.sock_p->sk->rcv_saddr = 01279 i_attr_val1.jail_ip; 01280 tid.netobj.sock_p->sk->saddr = 01281 i_attr_val1.jail_ip; 01282 #endif 01283 } 01284 return 0; 01285 01286 default: 01287 break; 01288 } 01289 #endif 01290 return 0; 01291 default: 01292 return 0; 01293 } 01294 01295 return 0; 01296 }