#include <linux/string.h>
#include <linux/binfmts.h>
#include <linux/mm.h>
#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/adf_main.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/getname.h>
#include <rsbac/pax_getname.h>
#include <rsbac/debug.h>
Go to the source code of this file.
Functions | |
enum rsbac_adf_req_ret_t | rsbac_adf_request_pax (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
enum rsbac_adf_req_ret_t rsbac_adf_request_pax | ( | enum rsbac_adf_request_t | request, | |
rsbac_pid_t | caller_pid, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t | attr_val, | |||
rsbac_uid_t | owner | |||
) | [inline] |
Definition at line 99 of file pax_main.c.
References A_none, A_pax_flags, A_pax_role, A_system_role, DO_NOT_CARE, GRANTED, NOT_GRANTED, R_MODIFY_ATTRIBUTE, R_READ_ATTRIBUTE, R_SWITCH_LOG, R_SWITCH_MODULE, rsbac_get_attr, SR_administrator, SR_security_officer, SW_FREEZE, SW_PAX, SW_SOFTMODE, rsbac_attribute_value_t::system_role, T_NONE, T_USER, TRUE, UNDEFINED, and rsbac_target_id_t::user.
Referenced by rsbac_adf_request_int().
00106 { 00107 union rsbac_target_id_t i_tid; 00108 union rsbac_attribute_value_t i_attr_val1; 00109 00110 switch (request) 00111 { 00112 case R_MODIFY_ATTRIBUTE: 00113 switch(attr) 00114 { 00115 case A_system_role: 00116 case A_pax_role: 00117 case A_pax_flags: 00118 /* All attributes (remove target!) */ 00119 case A_none: 00120 /* Security Officer? */ 00121 i_tid.user = owner; 00122 if (rsbac_get_attr(SW_PAX, 00123 T_USER, 00124 i_tid, 00125 A_pax_role, 00126 &i_attr_val1, 00127 TRUE)) 00128 { 00129 rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role); 00130 return(NOT_GRANTED); 00131 } 00132 /* if sec_officer, then grant */ 00133 if (i_attr_val1.system_role == SR_security_officer) 00134 return(GRANTED); 00135 else 00136 return(NOT_GRANTED); 00137 00138 default: 00139 return(DO_NOT_CARE); 00140 } 00141 00142 case R_READ_ATTRIBUTE: 00143 switch(attr) 00144 { 00145 case A_system_role: 00146 case A_pax_role: 00147 case A_pax_flags: 00148 /* All attributes (remove target!) */ 00149 case A_none: 00150 /* Security Officer or Admin? */ 00151 i_tid.user = owner; 00152 if (rsbac_get_attr(SW_PAX, 00153 T_USER, 00154 i_tid, 00155 A_pax_role, 00156 &i_attr_val1, 00157 TRUE)) 00158 { 00159 rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role); 00160 return(NOT_GRANTED); 00161 } 00162 /* if sec_officer, then grant */ 00163 if( (i_attr_val1.system_role == SR_security_officer) 00164 || (i_attr_val1.system_role == SR_administrator) 00165 ) 00166 return(GRANTED); 00167 else 00168 return(NOT_GRANTED); 00169 00170 default: 00171 return(DO_NOT_CARE); 00172 } 00173 00174 case R_SWITCH_LOG: 00175 switch(target) 00176 { 00177 case T_NONE: 00178 /* test owner's pax_role */ 00179 i_tid.user = owner; 00180 if (rsbac_get_attr(SW_PAX, 00181 T_USER, 00182 i_tid, 00183 A_pax_role, 00184 &i_attr_val1, 00185 TRUE)) 00186 { 00187 rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role); 00188 return(NOT_GRANTED); 00189 } 00190 /* security officer? -> grant */ 00191 if (i_attr_val1.system_role == SR_security_officer) 00192 return(GRANTED); 00193 else 00194 return(NOT_GRANTED); 00195 00196 /* all other cases are unknown */ 00197 default: return(DO_NOT_CARE); 00198 } 00199 00200 case R_SWITCH_MODULE: 00201 switch(target) 00202 { 00203 case T_NONE: 00204 /* we need the switch_target */ 00205 if(attr != A_switch_target) 00206 return(UNDEFINED); 00207 /* do not care for other modules */ 00208 if( (attr_val.switch_target != SW_PAX) 00209 #ifdef CONFIG_RSBAC_SOFTMODE 00210 && (attr_val.switch_target != SW_SOFTMODE) 00211 #endif 00212 #ifdef CONFIG_RSBAC_FREEZE 00213 && (attr_val.switch_target != SW_FREEZE) 00214 #endif 00215 ) 00216 return(DO_NOT_CARE); 00217 /* test owner's pax_role */ 00218 i_tid.user = owner; 00219 if (rsbac_get_attr(SW_PAX, 00220 T_USER, 00221 i_tid, 00222 A_pax_role, 00223 &i_attr_val1, 00224 TRUE)) 00225 { 00226 rsbac_ds_get_error("rsbac_adf_request_pax()", A_pax_role); 00227 return(NOT_GRANTED); 00228 } 00229 /* security officer? -> grant */ 00230 if (i_attr_val1.system_role == SR_security_officer) 00231 return(GRANTED); 00232 else 00233 return(NOT_GRANTED); 00234 00235 /* all other cases are unknown */ 00236 default: return(DO_NOT_CARE); 00237 } 00238 00239 /*********************/ 00240 default: return DO_NOT_CARE; 00241 } 00242 00243 return DO_NOT_CARE; 00244 } /* end of rsbac_adf_request_pax() */