Before access to a target is granted, a request call to the Access Control Decision facility (ADF) is performed. Based on the request type and the target, access can be granted or denied.
RSBAC requests and the system calls they are issued from are listed in the following table. Please note that some requests are only issued under certain conditions, e.g. EXECUTE from mmap() only, if mapping request is for EXEC mode. Also, some calls depend on the kernel configuration settings, e.g. RSBAC net support.
Some calls are done from common helper functions, e.g. do_fork(). Those functions that also perform the rsbac_adf_set_attr() notification call for the request are marked with an *.
Additionally, some requests provide extra data with kernel internal attribute types. These attributes are: A_group, A_sockaddr_p, A_signal, A_mode, A_nlink, A_switch_target, A_mod_name, A_request, A_ms_segment, A_trace_request, A_auth_add_f_cap, A_auth_remove_f_cap, A_auth_get_caplist, A_prot_bits. Please have a look into include/rsbac/types.h for the respective data types.
Table 3-3. RSBAC Requests
| Request | Description | Valid Target Types | System calls and funtions |
|---|---|---|---|
| ADD_TO_KERNEL | Add a kernel module | NONE | create_module(NONE), init_module(NONE) |
| ALTER | Change IPC control information | IPC | msgctl(IPC), shmctl(IPC) |
| APPEND_OPEN | Open to append | FILE, DEV, IPC | open(FILE,DEV)*, msgsnd(IPC)*, sendto(IPC)*, sendmsg(IPC)* |
| CHANGE_GROUP | Change active group | IPC,PROCESS,NONE | setgid(PROC), [a] setregid(PROC),setresgid(PROC),setgroups(PROC), setfsgid(NONE) (for DAC only), shmctl(IPC), msgctl(IPC) |
| CHANGE_OWNER | Change owner | FILE, DIR, FIFO, IPC, PROCESS, NONE | chown(FILE, DIR, FIFO), lchown(FILE, DIR, FIFO), fchown(FILE, DIR, FIFO), setuid(PROC)*, setreuid(PROC)*, setresuid(PROC)*, setfsuid(NONE) (for DAC only), shmctl(IPC), msgctl(IPC) |
| CHDIR | Change working directory | DIR | chdir(DIR), fchdir(DIR), chroot(DIR) |
| CLONE | Fork/clone a process | PROCESS | fork(PROC)*, vfork(PROC)*, clone(PROC)* |
| CLOSE | Close opened file etc. Should always be granted. | FILE, DIR, FIFO, DEV, IPC, NETOBJ | close(FILE, DIR, FIFO, DEV, IPC, NETOBJ)*, shmdt(IPC)*, msgrcv(IPC)*, msgsnd(IPC)*, send(IPC)*, sendto(IPC)*, sendmsg(IPC)*, recv(IPC)*, recvfrom(IPC)*, recvmsg(IPC)* |
| CREATE | Create object | DIR(where), IPC, NETTEMP, NETOBJ | creat(DIR, IPC)*, open(DIR, IPC)*, mknod(DIR)*, mkdir(DIR)*, symlink(DIR)*, shmget(IPC)*, msgget(IPC)*, socket(IPC)*, accept(IPC)*, rsbac_net_temp(NETTEMP), socket(NETOBJ) |
| DELETE | Delete object | FILE, DIR, FIFO, IPC | unlink(FILE, DIR, FIFO)*, rmdir(DIR)*, msgctl(IPC)*, shmctl(IPC)*, shutdown(IPC)*, close(IPC)*, rsbac_net_temp(NETTEMP) |
| EXECUTE | Execute a file (until v1.1.2: also map library file/other code executable, see MAP_EXEC) | FILE | exec()* |
| GET_PERMISSIONS_DATA | Read Unix permissions (mode) | FILE, DIR, FIFO | access(FILE, DIR, FIFO) |
| GET_STATUS_DATA | Get status (stat() etc.) | FILE, DIR, FIFO, IPC, SCD, NETDEV | open_port(SCD) (/dev/kmem etc.), open_kcore(SCD) (/proc/kcore), stat(FILE, DIR, FIFO, IPC), newstat(FILE, DIR, FIFO, IPC), lstat(FILE, DIR, FIFO, IPC), newlstat(FILE, DIR, FIFO, IPC), fstat(FILE, DIR, FIFO, IPC), newfstat(FILE, DIR, FIFO, IPC), stat64(FILE, DIR, FIFO, IPC), lstat64(FILE, DIR, FIFO, IPC), fstat64(FILE, DIR, FIFO, IPC), statfs(FILE, DIR, FIFO), fstatfs(FILE, DIR, FIFO), rsbac_stats(SCD), rsbac_check(SCD), rsbac_stats_pm(SCD), rsbac_stats_rc(SCD), rsbac_stats_acl(SCD), rsbac_log(SCD), (access to RSBAC proc-files(SCD)), dev_ioctl(NETDEV), arp_ioctl(NETDEV), ip_mroute_setsockopt(SCD network), firewalling code (SCD firewall) |
| LINK_HARD | Hard link | FILE, DIR, FIFO | link(FILE, DIR, FIFO) |
| MODIFY_ACCESS_DATA | Change access information, e.g. time, date | FILE, DIR, FIFO | utimes(FILE, DIR, FIFO) |
| MODIFY_ATTRIBUTE | Change an RSBAC attribute value | All target types | (specific request needed for various security models) |
| MODIFY_PERMISSIONS_DATA | Change Unix permissions | FILE, DIR, FIFO, SCD | ioperm(SCD), iopl(SCD), chmod(FILE, DIR, FIFO), fchmod(FILE, DIR, FIFO) |
| MODIFY_SYSTEM_DATA | Change system settings | SCD, NETDEV | stime(SCD), settimeofday(SCD), adjtimex(SCD), sethostname(SCD), setdomainname(SCD), setrlimit(SCD), syslog(SCD), sysctl(SCD), swapon(SCD), swapoff(SCD), rsbac_log(SCD), dev_ioctl(NETDEV), arp_ioctl(NETDEV), ip_mroute_setsockopt(SCD network), firewalling code (SCD firewall) |
| MOUNT | Mount a filesystem | DIR, DEV | mount(DIR, DEV) (separate mount notification for data structures) |
| READ | Read from DIR or NETTEMP.Optional: read from other objects | DIR, NETTEMP (optional: FILE, FIFO, DEV, IPC, NETOBJ) | read(FILE, FIFO, DEV, IPC, NETOBJ)*, readv(FILE, FIFO, DEV, IPC)*, pread(FILE, DEV, IPC)*, readdir(DIR), open(DIR), rsbac_net_temp(NETTEMP) |
| READ_ATTRIBUTE | Read RSBAC attribute value | All target types | (specific request needed for various security models) |
| READ_OPEN | Open for read | FILE, FIFO, DEV, IPC | open(FILE, FIFO, DEV, IPC)*, shmat(IPC)*, msgrcv(IPC)*, recv(IPC)*, recvfrom(IPC)*, recvmsg(IPC)* |
| READ_WRITE_OPEN | Open for read and write | FILE, FIFO, DEV, IPC | open(FILE, FIFO, DEV, IPC)*, shmat(IPC)*, bind(IPC)*, connect(IPC)*, listen(IPC)* |
| REMOVE_FROM_KERNEL | Remove kernel module | NONE | delete_module(NONE) |
| RENAME | Rename | FILE, DIR, FIFO | rename(FILE, DIR, FIFO) (RSBAC identification not changed by rename!) |
| SEARCH | Lookup in dir or symlink from inside kernel for access with full path | DIR, SYMLINK | (internal functions: lookup_dentry(DIR), path_walk(DIR), lookup_hash(DIR), follow_symlink(SYMLINK)) |
| SEND_SIGNAL | Send a signal | PROCESS | kill(PROC) |
| SHUTDOWN | Shutdown/reboot system | NONE | reboot(NONE) |
| SWITCH_LOG | Change RSBAC log settings | NONE | rsbac_adf_log_switch(NONE) |
| SWITCH_MODULE | Switch decision module on/off | NONE | rsbac_switch(NONE) |
| TERMINATE | End of calling process, for attribute cleanup. Should always be granted. | PROCESS | exit(PROC) |
| TRACE | Trace a process | PROCESS | ptrace(PROC) (architecture dependent) |
| TRUNCATE | Truncate | FILE | open(FILE)*, truncate(FILE)*,ftruncate(FILE)*, truncate64(FILE)*, ftruncate64(FILE)* |
| UMOUNT | Umount a filesystem | DIR, DEV | umount(DIR, DEV) (separate umount notification for data structures) |
| WRITE | Write to a DIR, SCD or NETTEMP. Used for object moving to target dir. Optional: write to file etc. | DIR, SCD (optional: FILE, FIFO, DEV, IPC-sock) | write(FILE, FIFO, IPC, DEV, NETTEMP)*, writev(FILE, FIFO, IPC, DEV)*, pwrite(FILE, IPC, DEV)*, rename(DIR), rsbac_write(SCD), rsbac_net_temp(NETTEMP) |
| WRITE_OPEN | Open for write | FILE, FIFO, DEV, IPC | open(FILE, FIFO, DEV, IPC)* |
| MAP_EXEC | Map a library from a file (target FILE) or other code (target NONE) for execution. | FILE, NONE | mmap(FILE) (EXEC mode), mprotect(FILE, NONE) (EXEC mode), uselib(FILE) |
| BIND | Bind network address and port (if applicable) to local socket, bind to network device | NETDEV, NETOBJ | dev_ioctl(NETDEV), bind()* |
| LISTEN | Listen on a local socket | NETOBJ | listen()* |
| ACCEPT | Accept a connection from a remote network endpoint | NETOBJ | accept()* |
| CONNECT | Connect to remote network endpoint | NETOBJ | connect()* |
| SEND | Send to remote network endpoint | NETOBJ | send()*, sendmsg()*, sendto()* |
| RECEIVE | Receive from remote network endpoint | NETOBJ | recv()*, recvmsg()*, recvfrom()* |
| NET_SHUTDOWN | Shutdown channel of local socket | NETOBJ | shutdown() |
| Notes: a. PROC means PROCESS | |||
Please remember that some models (RC, ACL) internally change NONE targets to SCD target "other" for access control.