Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / rsbac / adf

adf_check.c

Go to the documentation of this file.
00001 /*************************************************** */
00002 /* Rule Set Based Access Control                     */
00003 /* Implementation of the Access Control Decision     */
00004 /* Facility (ADF) - check for well defined requests  */
00005 /* File: rsbac/adf/check.c                           */
00006 /*                                                   */
00007 /* Author and (c) 1999-2004: Amon Ott <ao@rsbac.org> */
00008 /*                                                   */
00009 /* Last modified: 19/Aug/2004                        */
00010 /*************************************************** */
00011 
00012 #include <linux/string.h>
00013 #include <rsbac/types.h>
00014 #include <rsbac/aci.h>
00015 #include <rsbac/adf_main.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/helpers.h>
00018 #include <rsbac/getname.h>
00019 
00020 /************************************************* */
00021 /*           Global Variables                      */
00022 /************************************************* */
00023 
00024 /************************************************* */
00025 /*          Externally visible functions           */
00026 /************************************************* */
00027 
00028 enum rsbac_adf_req_ret_t
00029    rsbac_adf_request_check (enum  rsbac_adf_request_t     request,
00030                                   rsbac_pid_t             caller_pid,
00031                             enum  rsbac_target_t          target,
00032                             union rsbac_target_id_t     * tid_p,
00033                             enum  rsbac_attribute_t       attr,
00034                             union rsbac_attribute_value_t * attr_val_p,
00035                                   rsbac_uid_t             owner)
00036   {
00037     switch (request)
00038       {
00039         case R_ADD_TO_KERNEL:
00040             switch(target)
00041               {
00042                 case T_NONE:
00043                   return(DO_NOT_CARE);
00044                 default: return(UNDEFINED);
00045               }
00046 
00047         case R_ALTER:
00048             /* only for IPC */
00049             if (target == T_IPC)
00050               return(DO_NOT_CARE);
00051             else
00052             /* all other targets are undefined */
00053               return (UNDEFINED);
00054             break;
00055 
00056         case R_APPEND_OPEN:
00057             switch(target)
00058               {
00059                 case T_FILE:
00060                 case T_FIFO:
00061                 case T_IPC:
00062                 case T_DEV:
00063                   return(DO_NOT_CARE);
00064                 /* all other cases are undefined */
00065                 default: return(UNDEFINED);
00066               }
00067 
00068         case R_CHANGE_GROUP:
00069             switch(target)
00070               {
00071                 case T_FILE:
00072                 case T_DIR:
00073                 case T_FIFO:
00074                 case T_SYMLINK:
00075                 case T_IPC:
00076                 case T_PROCESS:
00077                 case T_NONE:
00078 #if defined(CONFIG_RSBAC_UM)
00079                 case T_USER:
00080 #endif
00081                   return(DO_NOT_CARE);
00082                 /* all other cases are undefined */
00083                 default: return(UNDEFINED);
00084               }
00085 
00086 #ifdef CONFIG_RSBAC_DAC_OWNER
00087         case R_CHANGE_DAC_EFF_GROUP:
00088         case R_CHANGE_DAC_FS_GROUP:
00089             switch(target)
00090               {
00091                 case T_PROCESS:
00092                   /* there must be a new group specified */
00093                   if(attr == A_group)
00094                     return(DO_NOT_CARE);
00095                   /* fall through */
00096                 /* all other cases are undefined */
00097                 default:
00098                   return(UNDEFINED);
00099               }
00100 #endif
00101 
00102         case R_CHANGE_OWNER:
00103             switch(target)
00104               {
00105                 case T_FILE:
00106                 case T_DIR:
00107                 case T_FIFO:
00108                 case T_SYMLINK:
00109                 case T_IPC:
00110                   return(DO_NOT_CARE);
00111                 case T_PROCESS:
00112                   /* there must be a new owner specified */
00113                   if(attr == A_owner)
00114                     return(DO_NOT_CARE);
00115                   /* fall through */
00116                 /* all other cases are undefined */
00117                 default:
00118                   return(UNDEFINED);
00119               }
00120 
00121 #ifdef CONFIG_RSBAC_DAC_OWNER
00122         case R_CHANGE_DAC_EFF_OWNER:
00123         case R_CHANGE_DAC_FS_OWNER:
00124             switch(target)
00125               {
00126                 case T_PROCESS:
00127                   /* there must be a new owner specified */
00128                   if(attr == A_owner)
00129                     return(DO_NOT_CARE);
00130                   /* fall through */
00131                 /* all other cases are undefined */
00132                 default:
00133                   return(UNDEFINED);
00134               }
00135 #endif
00136 
00137         case R_CHDIR:
00138             switch(target)
00139               {
00140                 case T_DIR:
00141                   return(DO_NOT_CARE);
00142                 /* all other cases are undefined */
00143                 default: return(UNDEFINED);
00144               }
00145 
00146         case R_CLONE:
00147             if (target == T_PROCESS)
00148               return(DO_NOT_CARE);
00149             else
00150               return(UNDEFINED);
00151 
00152         case R_CLOSE: /* only notifying for clean-up of opened-tables */
00153             switch(target)
00154               {
00155                 case T_FILE:
00156                 case T_DIR:
00157                 case T_FIFO:
00158                 case T_DEV:
00159                 case T_IPC:
00160 #if defined(CONFIG_RSBAC_NET_OBJ)
00161                 case T_NETOBJ:
00162 #endif
00163                   return(DO_NOT_CARE);
00164                 default:
00165                   return(UNDEFINED);
00166                };
00167 
00168         case R_CREATE:
00169             switch(target)
00170               {
00171                 /* Creating dir or (pseudo) file IN target dir! */
00172                 case T_DIR: 
00173                 case T_IPC:
00174 #if defined(CONFIG_RSBAC_NET_OBJ)
00175                 case T_NETTEMP:
00176                 case T_NETOBJ:
00177 #endif
00178 #if defined(CONFIG_RSBAC_UM)
00179                 case T_USER:
00180                 case T_GROUP:
00181 #endif
00182                   return(DO_NOT_CARE);
00183                 /* all other cases are undefined */
00184                 default: return(UNDEFINED);
00185               }
00186 
00187         case R_DELETE:
00188             switch(target)
00189               {
00190                 case T_FILE:
00191                 case T_DIR:
00192                 case T_FIFO:
00193                 case T_SYMLINK:
00194                 case T_IPC:
00195 #if defined(CONFIG_RSBAC_UM)
00196                 case T_USER:
00197                 case T_GROUP:
00198 #endif
00199 #if defined(CONFIG_RSBAC_NET_OBJ)
00200                 case T_NETTEMP:
00201                 case T_NETOBJ:
00202 #endif
00203                   return(DO_NOT_CARE);
00204                 default: return(UNDEFINED);
00205               }
00206 
00207         case R_EXECUTE:
00208             switch(target)
00209               {
00210                 case T_FILE:
00211                   return(DO_NOT_CARE);
00212                 /* all other cases are undefined */
00213                 default:
00214                   return(UNDEFINED);
00215               }
00216 
00217         case R_GET_PERMISSIONS_DATA:
00218             switch(target)
00219               {
00220                 case T_FILE:
00221                 case T_DIR:
00222                 case T_FIFO:
00223                 case T_SYMLINK:
00224                 case T_IPC:
00225                 case T_SCD:
00226 #if defined(CONFIG_RSBAC_UM)
00227                 case T_USER:
00228                 case T_GROUP:
00229 #endif
00230                   return(DO_NOT_CARE);
00231                 default:
00232                   return(UNDEFINED);
00233                };
00234 
00235         case R_GET_STATUS_DATA:
00236             switch(target)
00237               {
00238                 case T_FILE:
00239                 case T_DIR:
00240                 case T_FIFO:
00241                 case T_SYMLINK:
00242                 case T_DEV:
00243                 case T_IPC:
00244                 case T_SCD:
00245                 case T_PROCESS:
00246                 case T_NETDEV:
00247                 case T_NETOBJ:
00248 #if defined(CONFIG_RSBAC_UM)
00249                 case T_USER:
00250                 case T_GROUP:
00251 #endif
00252                   return(DO_NOT_CARE);
00253                 default:
00254                   return(UNDEFINED);
00255                };
00256 
00257         case R_LINK_HARD:
00258             switch(target)
00259               {
00260                 case T_FILE:
00261                 case T_FIFO:
00262                 case T_SYMLINK:
00263                   return(DO_NOT_CARE);
00264                 /* all other cases are undefined */
00265                 default: return(UNDEFINED);
00266               }
00267 
00268         case R_MODIFY_ACCESS_DATA:
00269             switch(target)
00270               {
00271                 case T_FILE:
00272                 case T_DIR:
00273                 case T_FIFO:
00274                 case T_SYMLINK:
00275                   return(DO_NOT_CARE);
00276                 /* all other cases are undefined */
00277                 default: return(UNDEFINED);
00278               }
00279 
00280         case R_MODIFY_ATTRIBUTE:
00281           return(DO_NOT_CARE);
00282 
00283         case R_MODIFY_PERMISSIONS_DATA:
00284             switch(target)
00285               {
00286                 case T_FILE:
00287                 case T_DIR:
00288                 case T_FIFO:
00289                 case T_SYMLINK:
00290                 case T_IPC:
00291                 case T_SCD:
00292 #if defined(CONFIG_RSBAC_UM)
00293                 case T_USER:
00294                 case T_GROUP:
00295 #endif
00296 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
00297                 case T_NONE:
00298 #endif
00299                   return(DO_NOT_CARE);
00300                 /* all other cases are undefined */
00301                 default: return(UNDEFINED);
00302               }
00303 
00304         case R_MODIFY_SYSTEM_DATA:
00305             switch(target)
00306               {
00307                 case T_SCD:
00308                 case T_NETDEV:
00309                 case T_PROCESS:
00310                   return(DO_NOT_CARE);
00311                 /* all other cases are undefined */
00312                 default: return(UNDEFINED);
00313               }
00314 
00315         case R_MOUNT:
00316             switch(target)
00317               {
00318                 case T_FILE:
00319                 case T_DIR:
00320                 case T_DEV:
00321                   return(DO_NOT_CARE);
00322                 /* all other cases are undefined */
00323                 default: return(UNDEFINED);
00324               }
00325 
00326         case R_READ:
00327             switch(target)
00328               {
00329                 case T_DIR:
00330 #ifdef CONFIG_RSBAC_RW
00331                 case T_FILE:
00332                 case T_FIFO:
00333                 case T_DEV:
00334 #endif
00335 #if defined(CONFIG_RSBAC_MS_SOCK)
00336                 case T_IPC:
00337 #endif
00338 #if defined(CONFIG_RSBAC_NET_OBJ)
00339                 case T_NETTEMP:
00340 #endif
00341 #if defined(CONFIG_RSBAC_NET_OBJ_RW) || defined(CONFIG_RSBAC_MS_SOCK)
00342                 case T_NETOBJ:
00343 #endif
00344 #if defined(CONFIG_RSBAC_UM)
00345                 case T_USER:
00346                 case T_GROUP:
00347 #endif
00348                   return(DO_NOT_CARE);
00349                 /* all other cases are undefined */
00350                 default: return(UNDEFINED);              }
00351 
00352         case R_READ_ATTRIBUTE:
00353           return(DO_NOT_CARE);
00354 
00355         case R_READ_OPEN:
00356             switch(target)
00357               {
00358                 case T_FILE:
00359                 case T_FIFO:
00360                 case T_IPC:
00361                 case T_DEV:
00362                   return(DO_NOT_CARE);
00363                 /* all other cases are undefined */
00364                 default: return(UNDEFINED);
00365               }
00366 
00367         case R_READ_WRITE_OPEN:
00368             switch(target)
00369               {
00370                 case T_FILE:
00371                 case T_FIFO:
00372                 case T_IPC:
00373                 case T_DEV:
00374                   return(DO_NOT_CARE);
00375                 /* all other cases are undefined */
00376                 default: return(UNDEFINED);
00377               }
00378 
00379         case R_REMOVE_FROM_KERNEL:
00380             switch(target)
00381               {
00382                 case T_NONE:
00383                   return(DO_NOT_CARE);
00384                 /* all other cases are undefined */
00385                 default: return(UNDEFINED);
00386               }
00387 
00388         case R_RENAME:
00389             switch(target)
00390               {
00391                 case T_FILE:
00392                 case T_DIR:
00393                 case T_FIFO:
00394                 case T_SYMLINK:
00395 #if defined(CONFIG_RSBAC_UM)
00396                 case T_USER:
00397                 case T_GROUP:
00398 #endif
00399                   return(DO_NOT_CARE);
00400                 /* all other cases are undefined */
00401                 default: return(UNDEFINED);
00402               }
00403 
00404 
00405         case R_SEARCH:
00406             switch(target)
00407               {
00408                 case T_DIR:
00409                 case T_SYMLINK:
00410 #if defined(CONFIG_RSBAC_UM)
00411                 case T_USER:
00412                 case T_GROUP:
00413 #endif
00414                   return(DO_NOT_CARE);
00415                 /* all other cases are undefined */
00416                 default: return(UNDEFINED);
00417               }
00418 
00419         case R_SEND_SIGNAL:
00420             switch(target)
00421               {
00422                 case T_PROCESS:
00423                   return(DO_NOT_CARE);
00424                 /* all other cases are undefined */
00425                 default:
00426                   return(UNDEFINED);
00427               }
00428 
00429         case R_SHUTDOWN:
00430             switch(target)
00431               {
00432                 case T_NONE:
00433                   return(DO_NOT_CARE);
00434                 /* all other cases are undefined */
00435                 default: return(UNDEFINED);
00436               }
00437 
00438 
00439         case R_SWITCH_LOG:
00440             switch(target)
00441               {
00442                 case T_NONE:
00443                   return(DO_NOT_CARE);
00444                 /* all other cases are undefined */
00445                 default: return(UNDEFINED);
00446               }
00447               
00448         case R_SWITCH_MODULE:
00449             switch(target)
00450               {
00451                 case T_NONE:
00452                   /* there must be a switch target specified */
00453                   if(attr == A_switch_target)
00454                     return(DO_NOT_CARE);
00455                   /* fall through */
00456                 /* all other cases are undefined */
00457                 default: return(UNDEFINED);
00458               }
00459               
00460         /* notify only, handled by adf-dispatcher */
00461         case R_TERMINATE:
00462             if (target == T_PROCESS)
00463               return(DO_NOT_CARE);
00464             else
00465               return(UNDEFINED);
00466 
00467         case R_TRACE:
00468             switch(target)
00469               {
00470                 case T_PROCESS:
00471                   return(DO_NOT_CARE);
00472                 /* all other cases are undefined */
00473                 default:
00474                   return(UNDEFINED);
00475               }
00476 
00477         case R_TRUNCATE:
00478             switch(target)
00479               {
00480                 case T_FILE:
00481                   return(DO_NOT_CARE);
00482                 /* all other cases are undefined */
00483                 default: return(UNDEFINED);
00484               }
00485 
00486         case R_UMOUNT:
00487             switch(target)
00488               {
00489                 case T_FILE:
00490                 case T_DIR:
00491                 case T_DEV:
00492                   return(DO_NOT_CARE);
00493                 /* all other cases are undefined */
00494                 default: return(UNDEFINED);
00495               }
00496 
00497         /* Moving to other dir only */
00498         case R_WRITE:
00499             switch(target)
00500               {
00501                 case T_DIR: 
00502                 case T_SCD:
00503                 case T_IPC:
00504 #ifdef CONFIG_RSBAC_RW
00505                 case T_FILE:
00506                 case T_FIFO:
00507                 case T_DEV:
00508 #endif
00509 #if defined(CONFIG_RSBAC_NET_OBJ)
00510                 case T_NETTEMP:
00511 #endif
00512 #if defined(CONFIG_RSBAC_NET_OBJ_RW)
00513                 case T_NETOBJ:
00514 #endif
00515 #if defined(CONFIG_RSBAC_UM)
00516                 case T_USER:
00517                 case T_GROUP:
00518 #endif
00519                   return(DO_NOT_CARE);
00520                 /* all other cases are undefined */
00521                 default: return(UNDEFINED);
00522               }
00523 
00524         case R_WRITE_OPEN:
00525             switch(target)
00526               {
00527                 case T_FILE:
00528                 case T_FIFO:
00529                 case T_DEV:
00530                 case T_IPC:
00531                   return(DO_NOT_CARE);
00532                 /* all other cases are undefined */
00533                 default: return(UNDEFINED);
00534               }
00535 
00536         case R_MAP_EXEC:
00537             switch(target)
00538               {
00539                 case T_FILE:
00540                 case T_NONE:
00541                   return(DO_NOT_CARE);
00542                 /* all other cases are undefined */
00543                 default:
00544                   return(UNDEFINED);
00545               }
00546 
00547 
00548 #if defined(CONFIG_RSBAC_NET)
00549         case R_BIND:
00550             switch(target)
00551               {
00552 #if defined(CONFIG_RSBAC_NET_DEV)
00553                 case T_NETDEV:
00554                   return(DO_NOT_CARE);
00555 #endif
00556 #if defined(CONFIG_RSBAC_NET_OBJ)
00557                 case T_NETOBJ:
00558                   return(DO_NOT_CARE);
00559 #endif
00560                 /* all other cases are undefined */
00561                 default: return(UNDEFINED);
00562               }
00563 #endif
00564 
00565 #if defined(CONFIG_RSBAC_NET_OBJ)
00566         case R_LISTEN:
00567         case R_ACCEPT:
00568         case R_CONNECT:
00569         case R_SEND:
00570         case R_RECEIVE:
00571         case R_NET_SHUTDOWN:
00572             switch(target)
00573               {
00574                 case T_NETOBJ:
00575                   return(DO_NOT_CARE);
00576                 /* all other cases are undefined */
00577                 default: return(UNDEFINED);
00578               }
00579 #endif
00580 
00581 /*********************/
00582         default: return UNDEFINED;
00583       }
00584 
00585     return(UNDEFINED);
00586   }; /* end of rsbac_adf_request_check() */
00587 
00588 
00589 /*****************************************************************************/
00590 /* If the request returned granted and the operation is performed,           */
00591 /* the following function can be called by the AEF to get all aci set        */
00592 /* correctly. For write accesses that are performed fully within the kernel, */
00593 /* this is usually not done to prevent extra calls, including R_CLOSE for    */
00594 /* cleaning up. Because of this, the write boundary is not adjusted - there  */
00595 /* is no user-level writing anyway...                                        */
00596 /* The second instance of target specification is the new target, if one has */
00597 /* been created, otherwise its values are ignored.                           */
00598 /* On success, 0 is returned, and an error from rsbac/error.h otherwise.     */
00599 
00600 int  rsbac_adf_set_attr_check(
00601                       enum  rsbac_adf_request_t     request,
00602                             rsbac_pid_t             caller_pid,
00603                       enum  rsbac_target_t          target,
00604                       union rsbac_target_id_t       tid,
00605                       enum  rsbac_target_t          new_target,
00606                       union rsbac_target_id_t       new_tid,
00607                       enum  rsbac_attribute_t       attr,
00608                       union rsbac_attribute_value_t attr_val,
00609                             rsbac_uid_t             owner)
00610   {
00611     switch (request)
00612       {
00613         case R_APPEND_OPEN:
00614             switch(target)
00615               {
00616                 case T_FILE:
00617                 case T_FIFO:
00618                 case T_IPC:
00619                 case T_DEV:
00620                   return(0);
00621                 /* all other cases are undefined */
00622                 default: return(-RSBAC_EINVALIDTARGET);
00623               }
00624 
00625         case R_CHANGE_OWNER:
00626             switch(target)
00627               {
00628                 /*  Changing process owner affects access decisions, */
00629                 /*  so attributes have to be adjusted.               */
00630                 case T_PROCESS:
00631                   /* there must be a new owner specified */
00632                   if(attr != A_owner)
00633                     return(-RSBAC_EINVALIDATTR);
00634                   /* fall through */
00635                 case T_FILE:
00636                 case T_DIR:
00637                 case T_FIFO:
00638                 case T_SYMLINK:
00639                 case T_IPC:
00640                 case T_NONE:
00641                   return(0);
00642                 /* all other cases are undefined */
00643                 default:
00644                   return(-RSBAC_EINVALIDTARGET);
00645               }
00646 
00647 #ifdef CONFIG_RSBAC_DAC_OWNER
00648         case R_CHANGE_DAC_EFF_OWNER:
00649         case R_CHANGE_DAC_FS_OWNER:
00650             switch(target)
00651               {
00652                 /*  Changing process owner affects access decisions, */
00653                 /*  so attributes have to be adjusted.               */
00654                 case T_PROCESS:
00655                   /* there must be a new owner specified */
00656                   if(attr != A_owner)
00657                     return(-RSBAC_EINVALIDATTR);
00658                   return(0);
00659                 /* all other cases are undefined */
00660                 default:
00661                   return(-RSBAC_EINVALIDTARGET);
00662               }
00663 #endif
00664 
00665         case R_CHDIR:
00666             switch(target)
00667               {
00668                 case T_DIR:
00669                   return(0);
00670                 default:
00671                   return(-RSBAC_EINVALIDTARGET);
00672                };
00673 
00674         case R_CLONE:
00675             if (target == T_PROCESS)
00676               return(0);
00677             else
00678               return(-RSBAC_EINVALIDTARGET);
00679 
00680         case R_CLOSE: /* only notifying for clean-up of opened-tables */
00681             switch(target)
00682               {
00683                 case T_FILE:
00684                 case T_DIR:
00685                 case T_FIFO:
00686                 case T_DEV:
00687                 case T_IPC:
00688 #if defined(CONFIG_RSBAC_NET_OBJ)
00689                 case T_NETOBJ:
00690 #endif
00691                   return(0);
00692                 default:
00693                   return(-RSBAC_EINVALIDTARGET);
00694                };
00695 
00696         case R_CREATE:
00697             switch(target)
00698               {
00699                 /* Creating dir or (pseudo) file IN target dir! */
00700                 case T_DIR:
00701                 case T_IPC: 
00702 #if defined(CONFIG_RSBAC_NET_OBJ)
00703                 case T_NETOBJ:
00704 #endif
00705                   return(0);
00706                 /* all other cases are undefined */
00707                 default:
00708                   return(-RSBAC_EINVALIDTARGET);
00709               }
00710 
00711         /* removal of targets is done in main adf dispatcher! */
00712         case R_DELETE:
00713             switch(target)
00714               {
00715                 case T_FILE:
00716                 case T_DIR:
00717                 case T_FIFO:
00718                 case T_SYMLINK:
00719                 case T_IPC:
00720                   return(0);
00721                 /* all other cases are undefined */
00722                 default:
00723                   return(-RSBAC_EINVALIDTARGET);
00724               }
00725 
00726         case R_EXECUTE:
00727             switch(target)
00728               {
00729                 case T_FILE:
00730                   return(0);
00731                 /* all other cases are undefined */
00732                 default:
00733                   return(-RSBAC_EINVALIDTARGET);
00734               }
00735 
00736         case R_MOUNT:
00737             switch(target)
00738               {
00739                 case T_DIR:
00740                   return(0);
00741                 /* all other cases are undefined */
00742                 default:
00743                   return(-RSBAC_EINVALIDTARGET);
00744               }
00745 
00746         case R_READ:
00747             switch(target)
00748               {
00749                 case T_DIR:
00750 #ifdef CONFIG_RSBAC_RW
00751                 case T_FILE:
00752                 case T_FIFO:
00753                 case T_DEV:
00754 #endif
00755 #if defined(CONFIG_RSBAC_NET_OBJ_RW) || defined(CONFIG_RSBAC_MS_SOCK)
00756                 case T_NETOBJ:
00757 #endif
00758                   return(0);
00759                 /* all other cases are undefined */
00760                 default:
00761                   return(-RSBAC_EINVALIDTARGET);
00762               }
00763 
00764         case R_READ_OPEN:
00765             switch(target)
00766               {
00767                 case T_FILE:
00768                 case T_DIR:
00769                 case T_FIFO:
00770                 case T_IPC:
00771                 case T_DEV:
00772                   return(0);
00773                 /* all other cases are undefined */
00774                 default:
00775                   return(-RSBAC_EINVALIDTARGET);
00776               }
00777 
00778         case R_READ_WRITE_OPEN:
00779             switch(target)
00780               {
00781                 case T_FILE:
00782                 case T_FIFO:
00783                 case T_IPC:
00784                 case T_DEV:
00785                   return(0);
00786                 /* all other cases are undefined */
00787                 default:
00788                   return(-RSBAC_EINVALIDTARGET);
00789               }
00790 
00791         case R_SEARCH:
00792             switch(target)
00793               {
00794                 case T_DIR:
00795                   return(0);
00796                 /* all other cases are undefined */
00797                 default:
00798                   return(-RSBAC_EINVALIDTARGET);
00799               }
00800 
00801 #if defined(CONFIG_RSBAC_NET_OBJ)
00802         case R_SHUTDOWN:
00803             switch(target)
00804               {
00805                 case T_NETOBJ:
00806                   return 0;
00807                 /* all other cases are undefined */
00808                 default:
00809                   return(-RSBAC_EINVALIDTARGET);
00810               }
00811 #endif
00812 
00813         case R_TRACE:
00814             switch(target)
00815               {
00816                 case T_PROCESS:
00817                   return(0);
00818                 /* all other cases are undefined */
00819                 default:
00820                   return(-RSBAC_EINVALIDTARGET);
00821               }
00822 
00823         case R_TRUNCATE:
00824             switch(target)
00825               {
00826                 case T_FILE:
00827                   return(0);
00828                 /* all other cases are undefined */
00829                 default:
00830                   return(-RSBAC_EINVALIDTARGET);
00831               }
00832 
00833 #ifdef CONFIG_RSBAC_RW
00834         case R_WRITE:
00835             switch(target)
00836               {
00837                 case T_FILE:
00838                 case T_FIFO:
00839                 case T_DEV:
00840 #if defined(CONFIG_RSBAC_NET_OBJ_RW)
00841                 case T_NETOBJ:
00842 #endif
00843                   return(0);
00844                 /* all other cases are undefined */
00845                 default:
00846                   return(-RSBAC_EINVALIDTARGET);
00847               }
00848 #endif
00849 
00850         case R_WRITE_OPEN:
00851             switch(target)
00852               {
00853                 case T_FILE:
00854                 case T_FIFO:
00855                 case T_DEV:
00856                 case T_IPC:
00857                   return(0);
00858                 /* all other cases are undefined */
00859                 default:
00860                   return(-RSBAC_EINVALIDTARGET);
00861               }
00862 
00863         case R_MAP_EXEC:
00864             switch(target)
00865               {
00866                 case T_FILE:
00867                 case T_NONE:
00868                   return(0);
00869                 /* all other cases are undefined */
00870                 default:
00871                   return(-RSBAC_EINVALIDTARGET);
00872               }
00873 
00874 
00875 #if defined(CONFIG_RSBAC_NET_OBJ)
00876         case R_BIND:
00877         case R_LISTEN:
00878         case R_ACCEPT:
00879         case R_CONNECT:
00880         case R_SEND:
00881         case R_RECEIVE:
00882         case R_NET_SHUTDOWN:
00883             switch(target)
00884               {
00885                 case T_NETOBJ:
00886                   return 0;
00887                 /* all other cases are undefined */
00888                 default:
00889                   return(-RSBAC_EINVALIDTARGET);
00890               }
00891 #endif
00892 
00893 /*********************/
00894         default:
00895           return(-RSBAC_EINVALIDTARGET);
00896       }
00897 
00898     return(-RSBAC_EINVALIDTARGET);
00899   }; /* end of rsbac_adf_set_attr_check() */
00900 
00901 /* end of rsbac/adf/check.c */
Generated on Fri Jun 17 09:45:19 2005 for RSBAC by  doxygen 1.4.2