Before access to a target (i.e. an object) is granted, a request call to the Access Control Decision facility (ADF) is performed. Based on the request type and the target, the access will be granted or denied.
So, what is a request ? Well, each time a process (i.e. a subject) wants to get access to a target (i.e. an object), to change it, modify it, delete it, run it, or do anything else with it, it issues a call to the system. There are many of these system calls (called syscalls) for many different operations that your operating system needs. Every access goes through it.
To simplify it, RSBAC groups syscalls into request names. Every time a system call is made by a process, RSBAC sends the associated request and target (as well as the subject) to the ADF.
The different requests, associated targets and their descriptions are listed below.
Note: some requests are only issued under certain conditions, e.g. EXECUTE
from mmap() only, if mapping request is for EXEC mode. Also, some calls depend on the kernel configuration settings, e.g. RSBAC net support.
Note: some calls are done from common helper functions, e.g. do_fork(). Functions that also perform the rsbac_adf_set_attr() notification call for the request are marked with an *.
Request | Description | Valid Target Types | System calls and functions |
---|---|---|---|
ADD_TO_KERNEL | Add a kernel module | DEV FILE NONE | swapon(DEV,FILE) create_module(NONE) init_module(NONE) |
ALTER | Change IPC control information | IPC | msgctl(IPC) shmctl(IPC) |
APPEND_OPEN | Open to append | FILE DEV IPC | open(FILE,DEV)* msgsnd(IPC)*\ sendto(IPC)* sendmsg(IPC)* |
CHANGE_GROUP | Change active group | IPC PROCESS NONE | setgid(PROC) setregid(PROC) setresgid(PROC) setgroups(PROC) setfsgid(NONE) (for DAC only) shmctl(IPC) msgctl(IPC) |
CHANGE_OWNER | Change owner | FILE DIR FIFO IPC PROCESS NONE | chown(FILE, DIR, FIFO) lchown(FILE, DIR, FIFO) fchown(FILE, DIR, FIFO) setuid(PROC)* setreuid(PROC)* setresuid(PROC)* setfsuid(NONE) (for DAC only) shmctl(IPC) msgctl(IPC) |
CHANGE_DAC_EFF_OWNER | Change effective owner | PROCESS | sys_setreuid(PROCESS) sys_setuid(PROCESS) sys_setresuid(PROCESS) |
CHANGE_DAC_FS_OWNER | Change file system userid | PROCESS | sys_setreuid(PROCESS) sys_setuid(PROCESS) sys_setresuid(PROCESS) sys_setfsuid(PROCESS) |
CHDIR | Change working directory | DIR | chdir(DIR) fchdir(DIR) chroot(DIR) |
CLONE | Fork/clone a process | PROCESS | fork(PROC)* vfork(PROC)* clone(PROC)* |
CLOSE | Close opened file etc. Should always be granted. | FILE DIR FIFO DEV IPC, NETOBJ(local) | close(FILE, DIR, FIFO, DEV, IPC, NETOBJ)* shmdt(IPC)* msgrcv(IPC)* msgsnd(IPC)* send(IPC)* sendto(IPC)* sendmsg(IPC)* recv(IPC)* recvfrom(IPC)* recvmsg(IPC)* |
CREATE | Create object | DIR (where) IPC USER GROUP NETTEMP NETOBJ(local) | creat(DIR, IPC)* open(DIR, IPC)* mknod(DIR)* mkdir(DIR)* symlink(DIR)* shmget(IPC)* msgget(IPC)* socket(IPC)* accept(IPC)* rsbac_um_add_user(USER) rsbac_um_add_group(GROUP) rsbac_net_temp(NETTEMP) socket(NETOBJ) |
DELETE | Delete object | FILE DIR FIFO IPC USER NETTEMP | unlink(FILE, DIR, FIFO)* rmdir(DIR)* msgctl(IPC)* shmctl(IPC)* shutdown(IPC)*. close(IPC)* rsbac_um_remove_user(USER) rsbac_um_remove_group(GROUP) rsbac_net_temp(NETTEMP) |
EXECUTE | Execute a file | FILE | exec()* |
GET_PERMISSIONS_DATA | Read Unix permissions (mode) or password, ioctl on ttys | FILE DIR FIFO DEV USER GROUP | access(FILE, DIR, FIFO) ioctl (DEV:tty) rsbac_um_get_user_item(USER) rsbac_um_get_group_item(GROUP) |
GET_STATUS_DATA | Get status (stat() etc.) | FILE DIR FIFO DEV IPC SCD NETDEV NETOBJ(local) PROCESS | open_port(SCD) (/dev/kmem etc.) open_kcore(SCD) (/proc/kcore) stat(FILE, DIR, FIFO, IPC) newstat(FILE, DIR, FIFO, IPC) lstat(FILE, DIR, FIFO, IPC) newlstat(FILE, DIR, FIFO, IPC) fstat(FILE, DIR, FIFO, IPC) newfstat(FILE, DIR, FIFO, IPC) stat64(FILE, DIR, FIFO, IPC) lstat64(FILE, DIR, FIFO, IPC) fstat64(FILE, DIR, FIFO, IPC) statfs(FILE, DIR, FIFO) fstatfs(FILE, DIR, FIFO) rsbac_stats(SCD) rsbac_check(SCD) rsbac_stats_pm(SCD) rsbac_stats_rc(SCD) rsbac_stats_acl(SCD) rsbac_log(SCD) (access to RSBAC proc-files(SCD)) dev_ioctl(NETDEV) arp_ioctl(NETDEV) ip_mroute_setsockopt(SCD network) firewalling code (SCD firewall) quotactl(SCD quota) ioctl (DEV: ide, scsi, etc.) sys_getpgid(PROCESS) sys_getsid(PROCESS) sys_capget(PROCESS) |
LINK_HARD | Hard link | FILE DIR FIFO | link(FILE, DIR, FIFO) |
MODIFY_ACCESS_DATA | Change access information, e.g. time, date | FILE DIR FIFO | utimes(FILE, DIR, FIFO) |
MODIFY_ATTRIBUTE | Change an RSBAC attribute value | All target types (specific request needed for various security models) | |
MODIFY_PERMISSIONS_DATA | Change Unix permissions or password | FILE DIR FIFO DEV SCD USER GROUP | ioperm(SCD) iopl(SCD) chmod(FILE, DIR, FIFO) fchmod(FILE, DIR, FIFO) ioctl (DEV:tty) |
MODIFY_SYSTEM_DATA | Change system settings | SCD DEV NETDEV PROCESS NETOBJ(local) | stime(SCD) settimeofday(SCD) adjtimex(SCD) sethostname(SCD) setdomainname(SCD) setrlimit(SCD) syslog(SCD) sysctl(SCD) swapon(SCD) swapoff(SCD) rsbac_log(SCD) dev_ioctl(NETDEV) arp_ioctl(NETDEV) ip_mroute_setsockopt(SCD network) firewalling code (SCD firewall) quotactl(SCD quota) ioctl (ide, scsi, etc.) sched_setscheduler(PROCESS) sched_setaffinity(PROCESS) sys_setpriority(PROCESS) sys_setpgid(PROCESS) sys_setsockopt(NETOBJ) kexec_load(SCD) |
MOUNT | Mount a filesystem | DIR DEV | mount(DIR, DEV) (separate mount notification for data structures) |
READ | Read from DIR or NETTEMP. Optional: read from other | DIR USER GROUP NETTEMP (optional: FILE FIFO DEV IPC NETOBJ(remote)) | read(FILE, FIFO, DEV, IPC, NETOBJ)* readv(FILE, FIFO, DEV, IPC)* pread(FILE, DEV, IPC)* readdir(DIR) open(DIR) rsbac_net_temp(NETTEMP) |
READ_ATTRIBUTE | Read RSBAC attribute value | All target types (specific request needed for various security models) | |
READ_OPEN | Open for read | FILE FIFO DEV IPC | open(FILE, FIFO, DEV, IPC)* shmat(IPC)* msgrcv(IPC)* recv(IPC)* recvfrom(IPC)* recvmsg(IPC) |
READ_WRITE_OPEN | Open for read and write | FILE FIFO DEV IPC | open(FILE, FIFO, DEV, IPC)* shmat(IPC)* bind(IPC)* connect(IPC)* listen(IPC)* |
REMOVE_FROM_KERNEL | Remove kernel module | DEV FILE NONE | swapoff(DEV,FILE) delete_module(NONE) |
RENAME | Rename | FILE DIR FIFO | rename(FILE, DIR, FIFO) (RSBAC identification not changed by rename!) |
SEARCH | Lookup in dir or symlink from inside kernel for access with full path, map name to id | DIR SYMLINK USER GROUP | (internal functions lookup_dentry(DIR) path_walk(DIR) lookup_hash(DIR) follow_symlink(SYMLINK)) |
SEND_SIGNAL | Send a signal | PROCESS | kill(PROC) |
SHUTDOWN | Shutdown/reboot system | NONE | reboot(NONE) |
SWITCH_LOG | Change RSBAC log settings | NONE | rsbac_adf_log_switch(NONE) |
SWITCH_MODULE | Switch decision module on/off | NONE | rsbac_switch(NONE) |
TERMINATE | End of calling process, for attribute cleanup. Should always be granted. | PROCESS | exit(PROC) |
TRACE | Trace a process | PROCESS | ptrace(PROC) (architecture dependent) |
TRUNCATE | Truncate | FILE | open(FILE)* truncate(FILE)* ftruncate(FILE)* truncate64(FILE)* ftruncate64(FILE)* |
UMOUNT | Umount a filesystem | DIR, DEV | umount(DIR, DEV) (separate umount notification for data structures) |
WRITE | Write to a DIR, SCD or NETTEMP. Object moving to target dir. Optional: write to file etc. | DIR SCD USER GROUP (optional: FILE, FIFO, DEV, IPC-sock, NETOBJ(remote)) | write(FILE, FIFO, IPC, DEV, NETTEMP)* writev(FILE, FIFO, IPC, DEV)* pwrite(FILE, IPC, DEV)* rename(DIR) rsbac_write(SCD) rsbac_net_temp(NETTEMP) |
WRITE_OPEN | Open for write | FILE FIFO DEV IPC | open(FILE, FIFO, DEV, IPC)* |
MAP_EXEC | Map a library from a file (target FILE) or other code (target NONE) for execution. | FILE NONE | mmap(FILE) (EXEC mode) mprotect(FILE, NONE) (EXEC mode) uselib(FILE) |
BIND | Bind network address and port (if applicable) to local socket, bind to network device | NETDEV, NETOBJ(local) | dev_ioctl(NETDEV), bind()* |
LISTEN | Listen on a local socket | NETOBJ(local) | listen()* |
ACCEPT | Accept a connection from a remote network endpoint | NETOBJ(remote) | accept()* |
CONNECT | Connect to remote network endpoint | NETOBJ(remote) | connect()* |
SEND | Fake tty input, send to remote network endpoint | DEV NETOBJ(remote) | ioctl(DEV:TIOCSTI) send()* sendmsg()* sendto()* |
RECEIVE | Receive from remote network endpoint | NETOBJ (remote) | recv()* recvmsg()* recvfrom()* |
NET_SHUTDOWN | Shutdown channel of local socket | NETOBJ(local) | shutdown() |
IOCTL | Sets various parameters to devices | DEV, NETOBJ(local) | sys_ioctl() sock_ioctl() |
LOCK | Lock filesystem objects | FILE, DIR, FIFO, SYMLINK | sys_fcntl(), sys_lock |
AUTHENTICATE | Check a user password | USER | sys_rsbac_um_auth_name, sys_rsbac_um_auth_uid |
Note: some models (RC, ACL) internally change NONE
targets to SCD
target other
for access control.
Table of Contents: RSBAC Handbook
Previous: Subjects and Objects
Next: Framework Components