00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012 #include <linux/string.h>
00013 #include <rsbac/types.h>
00014 #include <rsbac/aci.h>
00015 #include <rsbac/adf_main.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/helpers.h>
00018 #include <rsbac/getname.h>
00019 #include <rsbac/network.h>
00020 #include <rsbac/debug.h>
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030 static rsbac_jail_id_t
00031 jail_get_id(enum rsbac_target_t target,
00032 union rsbac_target_id_t tid)
00033 {
00034 int err;
00035 union rsbac_attribute_value_t i_attr_val1;
00036
00037 if ((err=rsbac_get_attr(JAIL,
00038 target,
00039 tid,
00040 A_jail_id,
00041 &i_attr_val1,
00042 TRUE)))
00043 {
00044 rsbac_ds_get_error("jail_get_id()", A_jail_id);
00045 return 0;
00046 }
00047 else
00048 return i_attr_val1.jail_id;
00049 }
00050
00051 static rsbac_jail_id_t
00052 jail_get_id_process(rsbac_pid_t pid)
00053 {
00054 int err;
00055 union rsbac_target_id_t i_tid;
00056 union rsbac_attribute_value_t i_attr_val1;
00057
00058 i_tid.process = pid;
00059 if ((err=rsbac_get_attr(JAIL,
00060 T_PROCESS,
00061 i_tid,
00062 A_jail_id,
00063 &i_attr_val1,
00064 TRUE)))
00065 {
00066 rsbac_ds_get_error("jail_get_id_process()", A_jail_id);
00067 return 0;
00068 }
00069 else
00070 return i_attr_val1.jail_id;
00071 }
00072
00073 #if defined(CONFIG_RSBAC_NET_OBJ)
00074 static rsbac_jail_ip_t
00075 jail_get_ip_process(rsbac_pid_t pid)
00076 {
00077 int err;
00078 union rsbac_target_id_t i_tid;
00079 union rsbac_attribute_value_t i_attr_val1;
00080
00081 i_tid.process = pid;
00082 if ((err=rsbac_get_attr(JAIL,
00083 T_PROCESS,
00084 i_tid,
00085 A_jail_ip,
00086 &i_attr_val1,
00087 TRUE)))
00088 {
00089 rsbac_ds_get_error("jail_get_ip_process()", A_jail_ip);
00090 return 0;
00091 }
00092 else
00093 return i_attr_val1.jail_ip;
00094 }
00095 #endif
00096
00097 static rsbac_jail_flags_t
00098 jail_get_flags_process(rsbac_pid_t pid)
00099 {
00100 int err;
00101 union rsbac_target_id_t i_tid;
00102 union rsbac_attribute_value_t i_attr_val1;
00103
00104 i_tid.process = pid;
00105 if ((err=rsbac_get_attr(JAIL,
00106 T_PROCESS,
00107 i_tid,
00108 A_jail_flags,
00109 &i_attr_val1,
00110 TRUE)))
00111 {
00112 rsbac_ds_get_error("jail_get_flags_process()", A_jail_flags);
00113 return 0;
00114 }
00115 else
00116 return i_attr_val1.jail_flags;
00117 }
00118
00119 static enum rsbac_adf_req_ret_t
00120 jail_check_sysrole(rsbac_uid_t owner, enum rsbac_system_role_t role)
00121 {
00122 union rsbac_target_id_t i_tid;
00123 union rsbac_attribute_value_t i_attr_val1;
00124
00125 i_tid.user = owner;
00126 if (rsbac_get_attr(JAIL,
00127 T_USER,
00128 i_tid,
00129 A_jail_role,
00130 &i_attr_val1,
00131 TRUE))
00132 {
00133 rsbac_ds_get_error("jail_check_sysrole()", A_jail_role);
00134 return(NOT_GRANTED);
00135 }
00136
00137 if (i_attr_val1.system_role == role)
00138 return(GRANTED);
00139 else
00140 return(NOT_GRANTED);
00141 }
00142
00143 #if defined(CONFIG_RSBAC_NET_OBJ)
00144 enum rsbac_adf_req_ret_t
00145 jail_check_ip(rsbac_pid_t pid, union rsbac_target_id_t tid)
00146 {
00147 rsbac_jail_ip_t jail_ip;
00148 rsbac_jail_flags_t jail_flags;
00149
00150 if(!tid.netobj.sock_p)
00151 {
00152 #ifdef CONFIG_RSBAC_RMSG
00153 rsbac_printk(KERN_WARNING
00154 "jail_check_ip(): NULL sock_p!\n");
00155 #endif
00156 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00157 if (!rsbac_nosyslog)
00158 #endif
00159 printk(KERN_WARNING
00160 "jail_check_ip(): NULL sock_p!\n");
00161 return NOT_GRANTED;
00162 }
00163 switch(tid.netobj.sock_p->ops->family)
00164 {
00165 case AF_UNIX:
00166 return(GRANTED);
00167
00168 case AF_INET:
00169 switch(tid.netobj.sock_p->type)
00170 {
00171 case SOCK_STREAM:
00172 case SOCK_DGRAM:
00173 case SOCK_RDM:
00174 jail_ip = jail_get_ip_process(pid);
00175 if(jail_ip == INADDR_ANY)
00176 return GRANTED;
00177 jail_flags = jail_get_flags_process(pid);
00178 if(tid.netobj.local_addr)
00179 {
00180 struct sockaddr_in * addr = tid.netobj.local_addr;
00181
00182 if( (jail_ip == addr->sin_addr.s_addr)
00183 || ( (jail_flags & JAIL_allow_inet_localhost)
00184 && (addr->sin_addr.s_addr == RSBAC_JAIL_LOCALHOST)
00185 )
00186 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST)
00187 || ( (jail_flags & JAIL_auto_adjust_inet_any)
00188 && (addr->sin_addr.s_addr == INADDR_ANY)
00189 )
00190 #endif
00191 )
00192 return GRANTED;
00193 else
00194 {
00195 #ifdef CONFIG_RSBAC_DEBUG
00196 if(rsbac_debug_adf_jail)
00197 {
00198 #ifdef CONFIG_RSBAC_RMSG
00199 rsbac_printk(KERN_DEBUG
00200 "jail_check_ip(): local_addr does not match jail_ip -> NOT_GRANTED!\n");
00201 #endif
00202 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00203 if (!rsbac_nosyslog)
00204 #endif
00205 printk(KERN_DEBUG
00206 "jail_check_ip(): local_addr does not match jail_ip -> NOT_GRANTED!\n");
00207 }
00208 #endif
00209 return NOT_GRANTED;
00210 }
00211 }
00212 else
00213 if( (tid.netobj.remote_addr)
00214 && (jail_flags & JAIL_allow_inet_localhost)
00215 && ( ((struct sockaddr_in *) tid.netobj.remote_addr)->sin_addr.s_addr
00216 == RSBAC_JAIL_LOCALHOST)
00217 )
00218 return GRANTED;
00219 else
00220 {
00221 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00222 if( ( (jail_ip == inet_sk(tid.netobj.sock_p->sk)->rcv_saddr)
00223 && (jail_ip == inet_sk(tid.netobj.sock_p->sk)->saddr)
00224 )
00225 || ( (jail_flags & JAIL_allow_inet_localhost)
00226 && ( (inet_sk(tid.netobj.sock_p->sk)->saddr == RSBAC_JAIL_LOCALHOST)
00227 || (inet_sk(tid.netobj.sock_p->sk)->daddr == RSBAC_JAIL_LOCALHOST)
00228 )
00229 )
00230 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST)
00231 || ( (jail_flags & JAIL_auto_adjust_inet_any)
00232 && (inet_sk(tid.netobj.sock_p->sk)->rcv_saddr == INADDR_ANY)
00233 && (inet_sk(tid.netobj.sock_p->sk)->saddr == INADDR_ANY)
00234 )
00235 #endif
00236 )
00237 #else
00238 if( ( (jail_ip == tid.netobj.sock_p->sk->rcv_saddr)
00239 && (jail_ip == tid.netobj.sock_p->sk->saddr)
00240 )
00241 || ( (jail_flags & JAIL_allow_inet_localhost)
00242 && ( (tid.netobj.sock_p->sk->saddr == RSBAC_JAIL_LOCALHOST)
00243 || (tid.netobj.sock_p->sk->daddr == RSBAC_JAIL_LOCALHOST)
00244 )
00245 )
00246 #if defined(CONFIG_RSBAC_JAIL_NET_ADJUST)
00247 || ( (jail_flags & JAIL_auto_adjust_inet_any)
00248 && (tid.netobj.sock_p->sk->rcv_saddr == INADDR_ANY)
00249 && (tid.netobj.sock_p->sk->saddr == INADDR_ANY)
00250 )
00251 #endif
00252 )
00253 #endif
00254 return GRANTED;
00255 else
00256 {
00257 #ifdef CONFIG_RSBAC_DEBUG
00258 if(rsbac_debug_adf_jail)
00259 {
00260 #ifdef CONFIG_RSBAC_RMSG
00261 rsbac_printk(KERN_DEBUG
00262 "jail_check_ip(): sk->rcv_saddr or sk->saddr does not match jail_ip -> NOT_GRANTED!\n");
00263 #endif
00264 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00265 if (!rsbac_nosyslog)
00266 #endif
00267 printk(KERN_DEBUG
00268 "jail_check_ip(): sk->rcv_saddr or sk->saddr does not match jail_ip -> NOT_GRANTED!\n");
00269 }
00270 #endif
00271 return NOT_GRANTED;
00272 }
00273 }
00274
00275 case SOCK_RAW:
00276 if(jail_get_flags_process(pid) & JAIL_allow_inet_raw)
00277 return(GRANTED);
00278 else
00279 {
00280 #ifdef CONFIG_RSBAC_DEBUG
00281 if(rsbac_debug_adf_jail)
00282 {
00283 #ifdef CONFIG_RSBAC_RMSG
00284 rsbac_printk(KERN_DEBUG
00285 "jail_check_ip(): network type is raw and allow_inet_raw is not set -> NOT_GRANTED!\n");
00286 #endif
00287 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00288 if (!rsbac_nosyslog)
00289 #endif
00290 printk(KERN_DEBUG
00291 "jail_check_ip(): network type is raw and allow_inet_raw is not set -> NOT_GRANTED!\n");
00292 }
00293 #endif
00294 return(NOT_GRANTED);
00295 }
00296
00297 default:
00298 #ifdef CONFIG_RSBAC_DEBUG
00299 if(rsbac_debug_adf_jail)
00300 {
00301 #ifdef CONFIG_RSBAC_RMSG
00302 rsbac_printk(KERN_DEBUG
00303 "jail_check_ip(): network type not STREAM, DGRAM, RDM or RAW -> NOT_GRANTED!\n");
00304 #endif
00305 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00306 if (!rsbac_nosyslog)
00307 #endif
00308 printk(KERN_DEBUG
00309 "jail_check_ip(): network type not STREAM, DGRAM, RDM or RAW -> NOT_GRANTED!\n");
00310 }
00311 #endif
00312 return(NOT_GRANTED);
00313 }
00314
00315 default:
00316 if(jail_get_flags_process(pid) & JAIL_allow_all_net_family)
00317 return(GRANTED);
00318 else
00319 {
00320 #ifdef CONFIG_RSBAC_DEBUG
00321 if(rsbac_debug_adf_jail)
00322 {
00323 #ifdef CONFIG_RSBAC_RMSG
00324 rsbac_printk(KERN_DEBUG
00325 "jail_check_ip(): network family not UNIX or INET and allow_all_net_family not set -> NOT_GRANTED!\n");
00326 #endif
00327 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00328 if (!rsbac_nosyslog)
00329 #endif
00330 printk(KERN_DEBUG
00331 "jail_check_ip(): network family not UNIX or INET and allow_all_net_family not set -> NOT_GRANTED!\n");
00332 }
00333 #endif
00334 return NOT_GRANTED;
00335 }
00336 }
00337 }
00338 #endif
00339
00340
00341
00342
00343
00344 enum rsbac_adf_req_ret_t
00345 rsbac_adf_request_jail (enum rsbac_adf_request_t request,
00346 rsbac_pid_t caller_pid,
00347 enum rsbac_target_t target,
00348 union rsbac_target_id_t tid,
00349 enum rsbac_attribute_t attr,
00350 union rsbac_attribute_value_t attr_val,
00351 rsbac_uid_t owner)
00352 {
00353 rsbac_jail_id_t jail_id;
00354 rsbac_jail_flags_t jail_flags;
00355
00356 switch (request)
00357 {
00358 case R_ADD_TO_KERNEL:
00359 case R_REMOVE_FROM_KERNEL:
00360 case R_SHUTDOWN:
00361 switch(target)
00362 {
00363 case T_NONE:
00364 if(jail_get_id_process(caller_pid))
00365 return NOT_GRANTED;
00366 else
00367 return GRANTED;
00368
00369
00370 default:
00371 return(DO_NOT_CARE);
00372 }
00373 case R_MOUNT:
00374 case R_UMOUNT:
00375 switch(target)
00376 {
00377 case T_FILE:
00378 case T_DIR:
00379 case T_DEV:
00380 if(jail_get_id_process(caller_pid))
00381 return NOT_GRANTED;
00382 else
00383 return GRANTED;
00384
00385
00386 default:
00387 return(DO_NOT_CARE);
00388 }
00389 case R_CREATE:
00390 switch(target)
00391 {
00392 case T_DIR:
00393 if(!jail_get_id_process(caller_pid))
00394 return GRANTED;
00395
00396 if( (attr == A_create_data)
00397 && ( S_ISCHR(attr_val.create_data.mode)
00398 || S_ISBLK(attr_val.create_data.mode)
00399 || (attr_val.create_data.mode & (S_ISUID | S_ISGID))
00400 )
00401 )
00402 return NOT_GRANTED;
00403 else
00404 return GRANTED;
00405
00406 case T_IPC:
00407 return GRANTED;
00408
00409 #ifdef CONFIG_RSBAC_NET_OBJ
00410 case T_NETTEMP:
00411 if(!jail_get_id_process(caller_pid))
00412 return GRANTED;
00413 else
00414 return NOT_GRANTED;
00415
00416 case T_NETOBJ:
00417 if(!jail_get_id_process(caller_pid))
00418 return GRANTED;
00419 if(!tid.netobj.sock_p)
00420 {
00421 #ifdef CONFIG_RSBAC_RMSG
00422 rsbac_printk(KERN_WARNING
00423 "rsbac_adf_request_jail(): NULL sock_p on CREATE!\n");
00424 #endif
00425 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00426 if (!rsbac_nosyslog)
00427 #endif
00428 printk(KERN_WARNING
00429 "rsbac_adf_request_jail(): NULL sock_p on CREATE!\n");
00430 return NOT_GRANTED;
00431 }
00432 switch(tid.netobj.sock_p->ops->family)
00433 {
00434 case AF_UNIX:
00435 return(GRANTED);
00436
00437 case AF_INET:
00438 switch(tid.netobj.sock_p->type)
00439 {
00440 case SOCK_STREAM:
00441 case SOCK_DGRAM:
00442 case SOCK_RDM:
00443 if( tid.netobj.sock_p->sk
00444 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00445 && (tid.netobj.sock_p->sk->sk_protocol == IPPROTO_RAW)
00446 #else
00447 && (tid.netobj.sock_p->sk->protocol == IPPROTO_RAW)
00448 #endif
00449 )
00450 {
00451 jail_flags = jail_get_flags_process(caller_pid);
00452 if(jail_flags & JAIL_allow_inet_raw)
00453 return(GRANTED);
00454 else
00455 return NOT_GRANTED;
00456 }
00457 else
00458 return GRANTED;
00459
00460 case SOCK_RAW:
00461 jail_flags = jail_get_flags_process(caller_pid);
00462 if(jail_flags & JAIL_allow_inet_raw)
00463 return(GRANTED);
00464 else
00465 return NOT_GRANTED;
00466
00467 default:
00468 return(NOT_GRANTED);
00469 }
00470
00471 default:
00472 jail_flags = jail_get_flags_process(caller_pid);
00473 if(jail_flags & JAIL_allow_all_net_family)
00474 return(GRANTED);
00475 else
00476 return(NOT_GRANTED);
00477 }
00478 #endif
00479
00480
00481 default: return(DO_NOT_CARE);
00482 }
00483
00484 case R_DELETE:
00485 switch(target)
00486 {
00487 case T_IPC:
00488 jail_id = jail_get_id_process(caller_pid);
00489 if( !jail_id
00490 || (jail_id == jail_get_id(target,tid))
00491 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00492 )
00493 return GRANTED;
00494 else
00495 return NOT_GRANTED;
00496
00497 #ifdef CONFIG_RSBAC_NET_OBJ
00498 case T_NETTEMP:
00499 if(!jail_get_id_process(caller_pid))
00500 return GRANTED;
00501 else
00502 return NOT_GRANTED;
00503 #endif
00504
00505 default: return(DO_NOT_CARE);
00506 }
00507
00508 case R_MODIFY_ATTRIBUTE:
00509 switch(attr)
00510 {
00511 case A_system_role:
00512 case A_jail_role:
00513 case A_jail_id:
00514 case A_jail_ip:
00515 case A_jail_flags:
00516 case A_jail_max_caps:
00517
00518 case A_none:
00519 if(jail_get_id_process(caller_pid))
00520 return NOT_GRANTED;
00521
00522
00523 return jail_check_sysrole(owner, SR_security_officer);
00524
00525 default:
00526 return(DO_NOT_CARE);
00527 }
00528
00529 case R_READ_ATTRIBUTE:
00530 switch(attr)
00531 {
00532 case A_system_role:
00533 case A_jail_role:
00534 case A_jail_id:
00535 case A_jail_ip:
00536 case A_jail_flags:
00537 case A_jail_max_caps:
00538
00539 case A_none:
00540 if(jail_get_id_process(caller_pid))
00541 return NOT_GRANTED;
00542
00543
00544 if(jail_check_sysrole(owner, SR_administrator) == NOT_GRANTED)
00545 return jail_check_sysrole(owner, SR_security_officer);
00546 else
00547 return GRANTED;
00548
00549 default:
00550 return(DO_NOT_CARE);
00551 }
00552
00553 case R_SEND_SIGNAL:
00554 case R_TRACE:
00555 if (target == T_PROCESS)
00556 {
00557 jail_id = jail_get_id_process(caller_pid);
00558 if( !jail_id
00559 || (jail_id == jail_get_id(target,tid))
00560 )
00561 return GRANTED;
00562 else
00563 return NOT_GRANTED;
00564 }
00565 else
00566 return(DO_NOT_CARE);
00567
00568 case R_MODIFY_PERMISSIONS_DATA:
00569 switch(target)
00570 {
00571
00572 case T_FILE:
00573 case T_DIR:
00574 case T_FIFO:
00575 case T_SYMLINK:
00576 if( jail_get_id_process(caller_pid)
00577 && (attr == A_mode)
00578 && (attr_val.mode & (S_ISUID | S_ISGID))
00579 )
00580 return NOT_GRANTED;
00581 else
00582 return GRANTED;
00583
00584 case T_IPC:
00585 jail_id = jail_get_id_process(caller_pid);
00586 if( !jail_id
00587 || (jail_id == jail_get_id(target,tid))
00588 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00589 )
00590 return GRANTED;
00591 else
00592 return NOT_GRANTED;
00593
00594 case T_SCD:
00595 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
00596
00597 case T_NONE:
00598 #endif
00599 if(jail_get_id_process(caller_pid))
00600 return NOT_GRANTED;
00601 else
00602 return GRANTED;
00603
00604
00605 default: return(DO_NOT_CARE);
00606 }
00607
00608 case R_GET_STATUS_DATA:
00609 switch(target)
00610 {
00611 case T_PROCESS:
00612 jail_id = jail_get_id_process(caller_pid);
00613 if( !jail_id
00614 || (jail_id == jail_get_id(target,tid))
00615 )
00616 return GRANTED;
00617 else
00618 return NOT_GRANTED;
00619
00620 case T_IPC:
00621 jail_id = jail_get_id_process(caller_pid);
00622 if( !jail_id
00623 || (jail_id == jail_get_id(target,tid))
00624 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00625 )
00626 return GRANTED;
00627 else
00628 return NOT_GRANTED;
00629
00630 case T_SCD:
00631 if(jail_get_id_process(caller_pid))
00632 {
00633
00634 if (tid.scd == ST_rlimit)
00635 return(GRANTED);
00636 else
00637 return NOT_GRANTED;
00638 }
00639 else
00640 return GRANTED;
00641
00642
00643 default: return(DO_NOT_CARE);
00644 }
00645
00646 case R_MODIFY_SYSTEM_DATA:
00647 switch(target)
00648 {
00649 case T_SCD:
00650 if(jail_get_id_process(caller_pid))
00651 {
00652 jail_flags = jail_get_flags_process(caller_pid);
00653
00654
00655 if ( (tid.scd == ST_rlimit)
00656 && (jail_flags & JAIL_allow_rlimit)
00657 )
00658 return(GRANTED);
00659 else
00660
00661 if ( ( (tid.scd == ST_clock)
00662 || (tid.scd == ST_time_strucs)
00663 )
00664 && (jail_flags & JAIL_allow_clock)
00665 )
00666 return(GRANTED);
00667 else
00668 return NOT_GRANTED;
00669 }
00670 else
00671 return GRANTED;
00672
00673 case T_PROCESS:
00674 jail_id = jail_get_id_process(caller_pid);
00675 if(!jail_id)
00676 return GRANTED;
00677 if( attr == A_kernel_thread
00678 && (attr_val.kernel_thread)
00679 )
00680 return NOT_GRANTED;
00681 if(jail_id != jail_get_id(target,tid))
00682 return NOT_GRANTED;
00683 return GRANTED;
00684
00685 #ifdef CONFIG_RSBAC_JAIL_NET_DEV_PROT
00686 case T_NETDEV:
00687 if(jail_get_id_process(caller_pid))
00688 return NOT_GRANTED;
00689 else
00690 return GRANTED;
00691 #endif
00692
00693
00694 default: return(DO_NOT_CARE);
00695 }
00696
00697 case R_READ:
00698 switch(target)
00699 {
00700 #ifdef CONFIG_RSBAC_RW
00701 case T_IPC:
00702 jail_id = jail_get_id_process(caller_pid);
00703 if( !jail_id
00704 || (jail_id == jail_get_id(target,tid))
00705 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00706 )
00707 return GRANTED;
00708 else
00709 return NOT_GRANTED;
00710 #endif
00711 #if defined(CONFIG_RSBAC_NET_OBJ)
00712 case T_NETTEMP:
00713 if(jail_get_id_process(caller_pid))
00714 return NOT_GRANTED;
00715 if(jail_check_sysrole(owner, SR_security_officer) == GRANTED)
00716 return GRANTED;
00717 return jail_check_sysrole(owner, SR_administrator);
00718
00719 case T_NETOBJ:
00720 if(!jail_get_id_process(caller_pid))
00721 return GRANTED;
00722 return(jail_check_ip(caller_pid, tid));
00723 #endif
00724
00725
00726 default: return(DO_NOT_CARE);
00727 }
00728
00729 case R_SWITCH_LOG:
00730 switch(target)
00731 {
00732 case T_NONE:
00733 if(jail_get_id_process(caller_pid))
00734 return NOT_GRANTED;
00735
00736 return jail_check_sysrole(owner, SR_security_officer);
00737
00738
00739 default: return(DO_NOT_CARE);
00740 }
00741
00742 case R_SWITCH_MODULE:
00743 switch(target)
00744 {
00745 case T_NONE:
00746
00747 if(attr != A_switch_target)
00748 return(UNDEFINED);
00749
00750 if( (attr_val.switch_target != JAIL)
00751 #ifdef CONFIG_RSBAC_SOFTMODE
00752 && (attr_val.switch_target != SOFTMODE)
00753 #endif
00754 #ifdef CONFIG_RSBAC_FREEZE
00755 && (attr_val.switch_target != FREEZE)
00756 #endif
00757 )
00758 return(DO_NOT_CARE);
00759 if(jail_get_id_process(caller_pid))
00760 return NOT_GRANTED;
00761
00762 return jail_check_sysrole(owner, SR_security_officer);
00763
00764
00765 default: return(DO_NOT_CARE);
00766 }
00767
00768 case R_WRITE:
00769 switch(target)
00770 {
00771 #ifdef CONFIG_RSBAC_RW
00772 case T_IPC:
00773 jail_id = jail_get_id_process(caller_pid);
00774 if( !jail_id
00775 || (jail_id == jail_get_id(target,tid))
00776 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00777 )
00778 return GRANTED;
00779 else
00780 return NOT_GRANTED;
00781 #endif
00782
00783 #if defined(CONFIG_RSBAC_NET_OBJ)
00784 case T_NETTEMP:
00785 if(jail_get_id_process(caller_pid))
00786 return NOT_GRANTED;
00787 return DO_NOT_CARE;
00788
00789 case T_NETOBJ:
00790 if(!jail_get_id_process(caller_pid))
00791 return GRANTED;
00792 return(jail_check_ip(caller_pid, tid));
00793 #endif
00794
00795
00796 default: return(DO_NOT_CARE);
00797 }
00798
00799 #ifdef CONFIG_RSBAC_NET
00800 case R_BIND:
00801 switch(target)
00802 {
00803 #ifdef CONFIG_RSBAC_JAIL_NET_DEV_PROT
00804 case T_NETDEV:
00805 if(jail_get_id_process(caller_pid))
00806 return NOT_GRANTED;
00807 else
00808 return GRANTED;
00809 #endif
00810 #ifdef CONFIG_RSBAC_NET_OBJ
00811 case T_NETOBJ:
00812 if(!jail_get_id_process(caller_pid))
00813 return GRANTED;
00814 return(jail_check_ip(caller_pid, tid));
00815 #endif
00816
00817 default:
00818 return(DO_NOT_CARE);
00819 }
00820 #endif
00821 #ifdef CONFIG_RSBAC_NET_OBJ
00822 case R_CONNECT:
00823 case R_LISTEN:
00824 case R_ACCEPT:
00825 case R_SEND:
00826 case R_RECEIVE:
00827 switch(target)
00828 {
00829 case T_NETOBJ:
00830 if(!jail_get_id_process(caller_pid))
00831 return GRANTED;
00832 #if defined(CONFIG_RSBAC_NET_OBJ_UNIX)
00833 if( tid.netobj.sock_p
00834 && tid.netobj.sock_p->ops
00835 && (tid.netobj.sock_p->ops->family == AF_UNIX)
00836 && tid.netobj.sock_p->sk
00837 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00838 && tid.netobj.sock_p->sk->sk_peercred.pid
00839 #else
00840 && tid.netobj.sock_p->sk->peercred.pid
00841 #endif
00842 )
00843 {
00844 union rsbac_target_id_t i_tid;
00845
00846 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00847 i_tid.process = tid.netobj.sock_p->sk->sk_peercred.pid;
00848 #else
00849 i_tid.process = tid.netobj.sock_p->sk->peercred.pid;
00850 #endif
00851 jail_id = jail_get_id_process(caller_pid);
00852 if( !jail_id
00853 || (jail_id == jail_get_id(T_PROCESS,i_tid))
00854 )
00855 return GRANTED;
00856 else
00857 if(jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00858 return GRANTED;
00859 else
00860 return NOT_GRANTED;
00861 }
00862 else
00863 #endif
00864 return(jail_check_ip(caller_pid, tid));
00865
00866
00867 default:
00868 return(DO_NOT_CARE);
00869 }
00870 #endif
00871
00872 default:
00873
00874 switch(target)
00875 {
00876 case T_IPC:
00877 jail_id = jail_get_id_process(caller_pid);
00878 if( !jail_id
00879 || (jail_id == jail_get_id(target,tid))
00880 || (jail_get_flags_process(caller_pid) & JAIL_allow_external_ipc)
00881 )
00882 return GRANTED;
00883 else
00884 return NOT_GRANTED;
00885
00886
00887 default: return(DO_NOT_CARE);
00888 }
00889 }
00890 };
00891
00892
00893
00894
00895
00896
00897
00898
00899
00900
00901
00902
00903 int rsbac_adf_set_attr_jail(
00904 enum rsbac_adf_request_t request,
00905 rsbac_pid_t caller_pid,
00906 enum rsbac_target_t target,
00907 union rsbac_target_id_t tid,
00908 enum rsbac_target_t new_target,
00909 union rsbac_target_id_t new_tid,
00910 enum rsbac_attribute_t attr,
00911 union rsbac_attribute_value_t attr_val,
00912 rsbac_uid_t owner)
00913 {
00914 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST
00915 int err;
00916 #endif
00917 union rsbac_target_id_t i_tid;
00918 union rsbac_attribute_value_t i_attr_val1;
00919 union rsbac_attribute_value_t i_attr_val2;
00920
00921 switch (request)
00922 {
00923 case R_CHANGE_OWNER:
00924 switch(target)
00925 {
00926 case T_PROCESS:
00927 if(attr != A_owner)
00928 return(-RSBAC_EINVALIDATTR);
00929
00930 i_tid.process = caller_pid;
00931 #ifdef CONFIG_RSBAC_SOFTMODE
00932 if(!rsbac_softmode)
00933 #endif
00934 {
00935 if (rsbac_get_attr(JAIL,
00936 T_PROCESS,
00937 i_tid,
00938 A_jail_max_caps,
00939 &i_attr_val1,
00940 FALSE))
00941 {
00942 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_max_caps);
00943 }
00944 else
00945 {
00946 extern spinlock_t task_capability_lock;
00947
00948
00949 spin_lock(&task_capability_lock);
00950 current->cap_permitted &= i_attr_val1.jail_max_caps;
00951 current->cap_effective &= i_attr_val1.jail_max_caps;
00952 current->cap_inheritable &= i_attr_val1.jail_max_caps;
00953 spin_unlock(&task_capability_lock);
00954 }
00955 }
00956 return 0;
00957
00958
00959 default:
00960 return(0);
00961 }
00962
00963 case R_CLONE:
00964 if (target == T_PROCESS)
00965 {
00966 union rsbac_attribute_value_t i_attr_val3;
00967 union rsbac_attribute_value_t i_attr_val4;
00968
00969
00970 if (rsbac_get_attr(JAIL,
00971 T_PROCESS,
00972 tid,
00973 A_jail_id,
00974 &i_attr_val1,
00975 FALSE))
00976 {
00977 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_id);
00978 return(-RSBAC_EREADFAILED);
00979 }
00980
00981 if (rsbac_get_attr(JAIL,
00982 T_PROCESS,
00983 tid,
00984 A_jail_ip,
00985 &i_attr_val2,
00986 FALSE))
00987 {
00988 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_ip);
00989 return(-RSBAC_EREADFAILED);
00990 }
00991
00992 if (rsbac_get_attr(JAIL,
00993 T_PROCESS,
00994 tid,
00995 A_jail_flags,
00996 &i_attr_val3,
00997 FALSE))
00998 {
00999 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_flags);
01000 return(-RSBAC_EREADFAILED);
01001 }
01002
01003 if (rsbac_get_attr(JAIL,
01004 T_PROCESS,
01005 tid,
01006 A_jail_max_caps,
01007 &i_attr_val4,
01008 FALSE))
01009 {
01010 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_max_caps);
01011 return(-RSBAC_EREADFAILED);
01012 }
01013
01014 if (rsbac_set_attr(JAIL,
01015 T_PROCESS,
01016 new_tid,
01017 A_jail_id,
01018 i_attr_val1))
01019 {
01020 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_id);
01021 return(-RSBAC_EWRITEFAILED);
01022 }
01023
01024 if (rsbac_set_attr(JAIL,
01025 T_PROCESS,
01026 new_tid,
01027 A_jail_ip,
01028 i_attr_val2))
01029 {
01030 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_ip);
01031 return(-RSBAC_EWRITEFAILED);
01032 }
01033
01034 if (rsbac_set_attr(JAIL,
01035 T_PROCESS,
01036 new_tid,
01037 A_jail_flags,
01038 i_attr_val3))
01039 {
01040 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_flags);
01041 return(-RSBAC_EWRITEFAILED);
01042 }
01043
01044 if (rsbac_set_attr(JAIL,
01045 T_PROCESS,
01046 new_tid,
01047 A_jail_max_caps,
01048 i_attr_val4))
01049 {
01050 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_max_caps);
01051 return(-RSBAC_EWRITEFAILED);
01052 }
01053 return(0);
01054 }
01055 else
01056 return(0);
01057
01058 case R_EXECUTE:
01059 switch(target)
01060 {
01061 case T_FILE:
01062
01063 i_tid.process = caller_pid;
01064 #ifdef CONFIG_RSBAC_SOFTMODE
01065 if(!rsbac_softmode)
01066 #endif
01067 {
01068 if (rsbac_get_attr(JAIL,
01069 T_PROCESS,
01070 i_tid,
01071 A_jail_max_caps,
01072 &i_attr_val1,
01073 FALSE))
01074 {
01075 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_max_caps);
01076 }
01077 else
01078 {
01079 extern spinlock_t task_capability_lock;
01080
01081
01082 spin_lock(&task_capability_lock);
01083 current->cap_permitted &= i_attr_val1.jail_max_caps;
01084 current->cap_effective &= i_attr_val1.jail_max_caps;
01085 current->cap_inheritable &= i_attr_val1.jail_max_caps;
01086 spin_unlock(&task_capability_lock);
01087 }
01088 }
01089 return 0;
01090
01091
01092 default:
01093 return(0);
01094 }
01095
01096 case R_CREATE:
01097 if (target == T_IPC)
01098 {
01099
01100 i_tid.process = caller_pid;
01101 if (rsbac_get_attr(JAIL,
01102 T_PROCESS,
01103 i_tid,
01104 A_jail_id,
01105 &i_attr_val1,
01106 FALSE))
01107 {
01108 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_id);
01109 return(-RSBAC_EREADFAILED);
01110 }
01111
01112 if (rsbac_set_attr(JAIL,
01113 T_IPC,
01114 tid,
01115 A_jail_id,
01116 i_attr_val1))
01117 {
01118 rsbac_ds_set_error("rsbac_adf_set_attr_jail()", A_jail_id);
01119 return(-RSBAC_EWRITEFAILED);
01120 }
01121 return(0);
01122 }
01123
01124
01125 #ifdef CONFIG_RSBAC_JAIL_NET_ADJUST
01126 case R_BIND:
01127 if(target != T_NETOBJ)
01128 return 0;
01129 if(!tid.netobj.sock_p)
01130 {
01131 #ifdef CONFIG_RSBAC_RMSG
01132 rsbac_printk(KERN_WARNING
01133 "rsbac_adf_set_attr_jail(): NULL sock_p!\n");
01134 return 0;
01135 #endif
01136 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01137 if (!rsbac_nosyslog)
01138 #endif
01139 printk(KERN_WARNING
01140 "rsbac_adf_set_attr_jail(): NULL sock_p!\n");
01141 return 0;
01142 }
01143 switch(tid.netobj.sock_p->ops->family)
01144 {
01145 case AF_INET:
01146 i_tid.process = caller_pid;
01147 if ((err=rsbac_get_attr(JAIL,
01148 T_PROCESS,
01149 i_tid,
01150 A_jail_ip,
01151 &i_attr_val1,
01152 TRUE)))
01153 {
01154 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_ip);
01155 return -RSBAC_EREADFAILED;
01156 }
01157 if(i_attr_val1.jail_ip == INADDR_ANY)
01158 return 0;
01159 if ((err=rsbac_get_attr(JAIL,
01160 T_PROCESS,
01161 i_tid,
01162 A_jail_flags,
01163 &i_attr_val2,
01164 TRUE)))
01165 {
01166 rsbac_ds_get_error("rsbac_adf_set_attr_jail()", A_jail_flags);
01167 return -RSBAC_EREADFAILED;
01168 }
01169 if(i_attr_val2.jail_flags & JAIL_auto_adjust_inet_any)
01170 {
01171 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01172 inet_sk(tid.netobj.sock_p->sk)->rcv_saddr = i_attr_val1.jail_ip;
01173 inet_sk(tid.netobj.sock_p->sk)->saddr = i_attr_val1.jail_ip;
01174 #else
01175 tid.netobj.sock_p->sk->rcv_saddr = i_attr_val1.jail_ip;
01176 tid.netobj.sock_p->sk->saddr = i_attr_val1.jail_ip;
01177 #endif
01178 }
01179 return 0;
01180
01181 default:
01182 break;
01183 }
01184 #endif
01185 return 0;
01186
01187
01188 default: return(0);
01189 }
01190
01191 return(0);
01192 };
01193
01194
