===== Targets and Requests ===== RSBAC restricts access by subjects to objects. The subjects are always processes, acting on the behalf of a user with certain attributes, like system_role etc. ==== Targets ==== Objects in RSBAC are called (Access) Targets. They are grouped in Target Types. The following types are defined: ^Type ^Description ^ | FILE |Files, including device special files. Identified by device and inode number.| | DIR |Directories, identified by device and inode number.| | FIFO |FIFO special files| | DEV |Devices, identified by type (char or block), major and minor number| | IPC |InterProcess Communication: Semaphores (sem), Messages (msg), Shared Memory (shm), Sockets (sock)| | UNIXSOCK |Unix sockets| | SCD |System Control Data: Objects affecting the whole system. This target type is the only one with a fixed number of objects, identified by number (see below).| | USER |Users as objects, mostly for access control information (ACI).| | PROCESS |Processes as objects.| | NETDEV |Network Device, identified by name.| | NETTEMP |Network Template, identified by index number. Access control: access to template itself, RC Administration: access to values/settings for both template and NETOBJ, ACL administration: Default ACLs for NETOBJ| | NETOBJ |Network Object, identified by internal pointer to struct socket. Attribute values mostly inherited from NETTEMP settings.| | NETTEMP_NT |ACL administration only, ACL entries for NETTEMP objects themselves.| | NONE |No object associated with this request. In some models (RC, ACL) this is internally changed into SCD target "other".| | FD |(Only in tools for convenience, not a real Target): Let the command line tool decide between types FILE and DIR| System Control Data (SCD) targets are these: ^Name ^Description ^ | time_strucs |System timer| | clock |System time and date| | host_id |Host name| | net_id |Domain name| | ioports |Access Control for direct hardware access| | rlimit |Setting process ressource limits| | swap | Control of swapping| | syslog |System log| | rsbac |RSBAC data in /proc| | rsbaclog |RSBAC own log| | kmem |Direct access to kernel memory via proc or device| | other |Any other SCD not specified separately, otherwise only internal in RC and ACL: Substitute for target NONE (sysctl administration)| | network |General networking, like routing, arp etc. (Devices are protected as NETDEV targets!)| | firewall |Firewall settings, packet filter etc.| | priority |Set scheduler priority (nice value)| | sysfs |Administrate through sysf| | rsbac_remote_log |Settings for RSBAC remote logging| | quota |Quota administration| | sysctl |Administrate through sysctl| | nfsd |Kernel NFS server administration| | ksyms |Kernel symbols| | mlock |Memory locking| | capability |Change Linux capabilities| | auth_administration |(only in RC and ACL): AUTH model administration| ==== Requests ==== Before access to a target is granted, a request call to the Access Control Decision facility (ADF) is performed. Based on the request type and the target, access can be granted or denied. RSBAC requests and the system calls they are issued from are listed in the following table. Please note that some requests are only issued under certain conditions, e.g. ''EXECUTE'' from mmap() only, if mapping request is for EXEC mode. Also, some calls depend on the kernel configuration settings, e.g. RSBAC net support. Some calls are done from common helper functions, e.g. do_fork(). Those functions that also perform the rsbac_adf_set_attr() notification call for the request are marked with an *. Additionally, some requests provide extra data with kernel internal attribute types.\\ These attributes are: ''A_group'', ''A_sockaddr_p'', ''A_signal'', ''A_mode'', ''A_nlink'', ''A_switch_target'', ''A_mod_name'', ''A_request'', ''A_ms_segment'', ''A_trace_request'', ''A_auth_add_f_cap'', ''A_auth_remove_f_cap'', ''A_auth_get_caplist'', ''A_prot_bits''. Please have a look into include/rsbac/types.h for the respective data types. ^Request ^Description ^Valid Target Types ^System calls and functions ^ | ADD_TO_KERNEL |Add a kernel module |DEV\\ FILE\\ NONE |swapon(DEV,FILE)\\ create_module(NONE)\\ init_module(NONE)| | ALTER |Change IPC control information |IPC |msgctl(IPC)\\ shmctl(IPC)| | APPEND_OPEN |Open to append |FILE\\ DEV\\ IPC\\ FIFO\\ UNIXSOCK |open(FILE,DEV)*\\ msgsnd(IPC)*\ sendto(IPC)*\\ sendmsg(IPC)*| | CHANGE_GROUP |Change active group |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ IPC\\ PROCESS\\ USER\\ NONE |setgid(PROC)\\ setregid(PROC)\\ setresgid(PROC)\\ setgroups(PROC)\\ setfsgid(NONE) (for DAC only)\\ shmctl(IPC)\\ msgctl(IPC)| | CHANGE_OWNER |Change owner |FILE\\ DIR\\ FIFO\\ IPC\\ PROCESS\\ SYMLINK\\ NONE|chown(FILE, DIR, FIFO)\\ lchown(FILE, DIR, FIFO)\\ fchown(FILE, DIR, FIFO)\\ setuid(PROC)*\\ setreuid(PROC)*\\ setresuid(PROC)*\\ setfsuid(NONE) (for DAC only)\\ shmctl(IPC)\\ msgctl(IPC)| | CHANGE_DAC_EFF_OWNER |Change effective owner |PROCESS |sys_setreuid(PROCESS)\\ sys_setuid(PROCESS)\\ sys_setresuid(PROCESS)| | CHANGE_DAC_FS_OWNER |Change file system userid |PROCESS |sys_setreuid(PROCESS)\\ sys_setuid(PROCESS)\\ sys_setresuid(PROCESS)\\ sys_setfsuid(PROCESS)| | CHDIR |Change working directory |DIR |chdir(DIR)\\ fchdir(DIR)\\ chroot(DIR)| | CLONE |Fork/clone a process |PROCESS |fork(PROC)*\\ vfork(PROC)*\\ clone(PROC)*| | CLOSE |Close opened file etc. Should always be granted.|FILE\\ DIR\\ FIFO\\ DEV\\ IPC\\ UNIXSOCK\\ NETOBJ(local)|close(FILE, DIR, FIFO, DEV, IPC, NETOBJ)*\\ shmdt(IPC)*\\ msgrcv(IPC)*\\ msgsnd(IPC)*\\ send(IPC)*\\ sendto(IPC)*\\ sendmsg(IPC)*\\ recv(IPC)*\\ recvfrom(IPC)*\\ recvmsg(IPC)*| | CREATE |Create object |DIR (where)\\ IPC\\ USER\\ GROUP\\ NETOBJ(local)|create(DIR, IPC)*\\ open(DIR, IPC)*\\ mknod(DIR)*\\ mkdir(DIR)*\\ symlink(DIR)*\\ shmget(IPC)*\\ msgget(IPC)*\\ socket(IPC)*\\ accept(IPC)*\\ rsbac_um_add_user(USER)\\ rsbac_um_add_group(GROUP)\\ rsbac_net_temp(NETTEMP)\\ socket(NETOBJ)| | DELETE |Delete object |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ IPC\\ USER\\ GROUP\\ NETTEMP\\ NETOBJ|unlink(FILE, DIR, FIFO)*\\ rmdir(DIR)*\\ msgctl(IPC)*\\ shmctl(IPC)*\\ shutdown(IPC)*. close(IPC)*\\ rsbac_um_remove_user(USER)\\ rsbac_um_remove_group(GROUP)\\ rsbac_net_temp(NETTEMP)| | EXECUTE |Execute a file |FILE |exec()*| | GET_PERMISSIONS_DATA |Read Unix permissions (mode) or password, ioctl on ttys |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ IPC\\ SCD\\ DEV\\ USER\\ GROUP\\ NETOBJ|access(FILE, DIR, FIFO)\\ ioctl (DEV:tty)\\ rsbac_um_get_user_item(USER)\\ rsbac_um_get_group_item(GROUP)| | GET_STATUS_DATA |Get status (stat() etc.) |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ DEV\\ IPC\\ SCD\\ NETDEV\\ NETOBJ(local)\\ PROCESS\\ USER\\ GROUP|open_port(SCD) (/dev/kmem etc.)\\ open_kcore(SCD) (/proc/kcore)\\ stat(FILE, DIR, FIFO, IPC)\\ newstat(FILE, DIR, FIFO, IPC)\\ lstat(FILE, DIR, FIFO, IPC)\\ newlstat(FILE, DIR, FIFO, IPC)\\ fstat(FILE, DIR, FIFO, IPC)\\ newfstat(FILE, DIR, FIFO, IPC)\\ stat64(FILE, DIR, FIFO, IPC)\\ lstat64(FILE, DIR, FIFO, IPC)\\ fstat64(FILE, DIR, FIFO, IPC)\\ statfs(FILE, DIR, FIFO)\\ fstatfs(FILE, DIR, FIFO)\\ rsbac_stats(SCD)\\ rsbac_check(SCD)\\ rsbac_stats_pm(SCD)\\ rsbac_stats_rc(SCD)\\ rsbac_stats_acl(SCD)\\ rsbac_log(SCD)\\ (access to RSBAC proc-files(SCD))\\ dev_ioctl(NETDEV)\\ arp_ioctl(NETDEV)\\ ip_mroute_setsockopt(SCD network)\\ firewalling code (SCD firewall)\\ quotactl(SCD quota)\\ ioctl (DEV: ide, scsi, etc.)\\ sys_getpgid(PROCESS)\\ sys_getsid(PROCESS)\\ sys_capget(PROCESS)| | LINK_HARD |Hard link |FILE\\ DIR\\ FIFO\\ SYMLINK|link(FILE, DIR, FIFO)| | MODIFY_ACCESS_DATA |Change access information, e.g. time, date|FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK|utimes(FILE, DIR, FIFO)| | MODIFY_ATTRIBUTE |Change an RSBAC attribute value |All target types (specific request needed for various security models)|| | MODIFY_PERMISSIONS_DATA |Change Unix permissions or password|FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ IPC\\ DEV\\ SCD\\ USER\\ GROUP\\ NETOBJ\\ NONE|ioperm(SCD)\\ iopl(SCD)\\ chmod(FILE, DIR, FIFO)\\ fchmod(FILE, DIR, FIFO)\\ ioctl (DEV:tty)| | MODIFY_SYSTEM_DATA |Change system settings |UNIXSOCK\\ IPC\\ SCD\\ DEV\\ NETDEV\\ PROCESS\\ NETOBJ(local)|stime(SCD)\\ settimeofday(SCD)\\ adjtimex(SCD)\\ sethostname(SCD)\\ setdomainname(SCD)\\ setrlimit(SCD)\\ syslog(SCD)\\ sysctl(SCD)\\ swapon(SCD)\\ swapoff(SCD)\\ rsbac_log(SCD)\\ dev_ioctl(NETDEV)\\ arp_ioctl(NETDEV)\\ ip_mroute_setsockopt(SCD network)\\ firewalling code (SCD firewall)\\ quotactl(SCD quota)\\ ioctl (ide, scsi, etc.)\\ sched_setscheduler(PROCESS)\\ sched_setaffinity(PROCESS)\\ sys_setpriority(PROCESS)\\ sys_setpgid(PROCESS)\\ sys_setsockopt(NETOBJ)| | MOUNT |Mount a filesystem |FILE\\ DIR\\ DEV|mount(DIR, DEV) (separate mount notification for data structures)| | READ |Read from DIR or NETTEMP. Optional: read from other|DIR\\ FILE\\ FIFO\\ UNIXSOCK\\ DEV\\ IPC\\ USER\\ GROUP\\ NETTEMP|read(FILE, FIFO, DEV, IPC, NETOBJ)*\\ readv(FILE, FIFO, DEV, IPC)*\\ pread(FILE, DEV, IPC)*\\ readdir(DIR)\\ open(DIR)\\ rsbac_net_temp(NETTEMP)| | READ_ATTRIBUTE |Read RSBAC attribute value |All target types (specific request needed for various security models)|| | READ_OPEN |Open for read |FILE\\ DIR\\ FIFO\\ IPC\\ DEV\\ UNIXSOCK|open(FILE, FIFO, DEV, IPC)*\\ shmat(IPC)*\\ msgrcv(IPC)*\\ recv(IPC)*\\ recvfrom(IPC)*\\ recvmsg(IPC)| | READ_WRITE_OPEN |Open for read and write |FILE\\ FIFO\\ DEV\\ IPC\\ UNIXSOCK|open(FILE, FIFO, DEV, IPC)*\\ shmat(IPC)*\\ bind(IPC)*\\ connect(IPC)*\\ listen(IPC)*| | REMOVE_FROM_KERNEL |Remove kernel module |DEV\\ FILE\\ NONE|swapoff(DEV,FILE)\\ delete_module(NONE)| | RENAME |Rename |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ USER\\ GROUP|rename(FILE, DIR, FIFO) (RSBAC identification not changed by rename!)| | SEARCH |Lookup in dir or symlink from inside kernel for access with full path, map name to id |DIR\\ FILE\\ SYMLINK\\ FIFO\\ UNIXSOCK\\ DEV\\ NETOBJ\\ USER\\ GROUP| (internal functions lookup_dentry(DIR) / path_walk(DIR) / lookup_hash(DIR) / follow_symlink(SYMLINK))| | SEND_SIGNAL |Send a signal |PROCESS|kill(PROC)| | SHUTDOWN |Shutdown/reboot system |NONE|reboot(NONE)| | SWITCH_LOG |Change RSBAC log settings |NONE|rsbac_adf_log_switch(NONE)| | SWITCH_MODULE |Switch decision module on/off |NONE|rsbac_switch(NONE)| | TERMINATE |End of calling process, for attribute cleanup. Should always be granted.|PROCESS|exit(PROC)| | TRACE |Trace a process |PROCESS|ptrace(PROC) (architecture dependent)| | TRUNCATE |Truncate |FILE|open(FILE)*\\ truncate(FILE)*\\ ftruncate(FILE)*\\ truncate64(FILE)*\\ ftruncate64(FILE)*| | UMOUNT |Umount a filesystem |FILE\\ DIR\\ DEV|umount(DIR, DEV) (separate umount notification for data structures)| | WRITE |Write to a DIR, SCD or NETTEMP. Object moving to target dir. Optional: write to file etc. | FILE\\ FIFO\\ DEV\\ UNIXSOCK\\ IPC\\ NETOBJ\\ DIR\\ SCD\\ USER\\ GROUP| write(FILE, FIFO, IPC, DEV, NETTEMP)*\\ writev(FILE, FIFO, IPC, DEV)*\\ pwrite(FILE, IPC, DEV)*\\ rename(DIR)\\ rsbac_write(SCD)\\ rsbac_net_temp(NETTEMP)| | WRITE_OPEN |Open for write |FILE\\ FIFO\\ DEV\\ IPC|open(FILE, FIFO, DEV, IPC)*| | MAP_EXEC |Map a library from a file (target FILE) or other code (target NONE) for execution.|FILE\\ NONE|mmap(FILE) (EXEC mode)\\ mprotect(FILE, NONE) (EXEC mode)\\ uselib(FILE)| | BIND |Bind network address and port (if applicable) to local socket, bind to network device|NETDEV\\ NETOBJ(local)|dev_ioctl(NETDEV), bind()*| | LISTEN |Listen on a local socket |UNIXSOCK\\ IPC\\ NETOBJ(local)|listen()*| | ACCEPT |Accept a connection from a remote network endpoint|NETOBJ(remote)|accept()*| | CONNECT |Connect to remote network endpoint|UNIXSOCK\\ IPC\\ NETOBJ(remote)|connect()*| | SEND |Fake tty input, send to remote network endpoint|UNIXSOCK\\ IPC\\ DEV\\ NETOBJ(remote)|ioctl(DEV:TIOCSTI)\\ send()*\\ sendmsg()*\\ sendto()*| | RECEIVE |Receive from remote network endpoint|UNIXSOCK\\ IPC\\ NETOBJ (remote)|recv()*\\ recvmsg()*\\ recvfrom()*| | NET_SHUTDOWN |Shutdown channel of local socket |UNIXSOCK\\ IPC\\ NETOBJ(local)|shutdown()| | IOCTL |Sets various parameters to devices|UNIXSOCK\\ IPC\\ DEV\\ NETOBJ(local)|sys_ioctl()\\ sock_ioctl()| | LOCK |Lock filesystem objects |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ IPC|sys_fcntl(), sys_lock| \\ ---- **Table of Contents:** [[documentation:rsbac_handbook|RSBAC Handbook]]\\