Jason Tang jtang@tresys.com
: David Windsor dwindsor@tresys.com
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Definition in file imp_range_trans.h.
#include "sechecker.h"
#include <apol/policy.h>
#include <apol/role-query.h>
#include <apol/user-query.h>
#include <apol/range_trans-query.h>
#include <apol/rbacrule-query.h>
#include <apol/domain-trans-analysis.h>
#include <apol/policy-query.h>
Go to the source code of this file.
Functions | |
| int | imp_range_trans_register (sechk_lib_t *lib) |
| int | imp_range_trans_init (sechk_module_t *mod, apol_policy_t *policy, void *arg) |
| int | imp_range_trans_run (sechk_module_t *mod, apol_policy_t *policy, void *arg) |
| int | imp_range_trans_print (sechk_module_t *mod, apol_policy_t *policy, void *arg) |
|
|
Definition at line 41 of file imp_range_trans.c. 00042 {
00043 sechk_module_t *mod = NULL;
00044 sechk_fn_t *fn_struct = NULL;
00045
00046 if (!lib) {
00047 ERR(NULL, "%s", "No library");
00048 errno = EINVAL;
00049 return -1;
00050 }
00051
00052 mod = sechk_lib_get_module(mod_name, lib);
00053 if (!mod) {
00054 ERR(NULL, "%s", "Module unknown");
00055 errno = EINVAL;
00056 return -1;
00057 }
00058 mod->parent_lib = lib;
00059
00060 /* assign the descriptions */
00061 mod->brief_description = "finds impossible range transitions";
00062 mod->detailed_description =
00063 "--------------------------------------------------------------------------------\n"
00064 "This module finds impossible range transitions in a policy.\n"
00065 "A range transition is possible if and only if all of the following conditions\n"
00066 "are satisfied:\n"
00067 " 1) there exist TE rules allowing the range transition to occur\n"
00068 " 2) there exist RBAC rules allowing the range transition to occur\n"
00069 " 3) at least one user must be able to transition to the target MLS range\n";
00070 mod->opt_description =
00071 " Module requirements:\n" " MLS policy\n" " Module dependencies:\n" " none\n" " Module options:\n"
00072 " none\n";
00073 mod->severity = SECHK_SEV_MED;
00074
00075 /* assign requirements */
00076 if (apol_vector_append(mod->requirements, sechk_name_value_new(SECHK_REQ_POLICY_CAP, SECHK_REQ_CAP_MLS)) < 0) {
00077 ERR(NULL, "%s", strerror(ENOMEM));
00078 errno = ENOMEM;
00079 return -1;
00080 }
00081 /* register functions */
00082 fn_struct = sechk_fn_new();
00083 if (!fn_struct) {
00084 ERR(NULL, "%s", strerror(ENOMEM));
00085 errno = ENOMEM;
00086 return -1;
00087 }
00088 fn_struct->name = strdup(SECHK_MOD_FN_INIT);
00089 if (!fn_struct->name) {
00090 ERR(NULL, "%s", strerror(ENOMEM));
00091 errno = ENOMEM;
00092 return -1;
00093 }
00094 fn_struct->fn = imp_range_trans_init;
00095 if (apol_vector_append(mod->functions, (void *)fn_struct) < 0) {
00096 ERR(NULL, "%s", strerror(ENOMEM));
00097 errno = ENOMEM;
00098 return -1;
00099 }
00100
00101 fn_struct = sechk_fn_new();
00102 if (!fn_struct) {
00103 ERR(NULL, "%s", strerror(ENOMEM));
00104 errno = ENOMEM;
00105 return -1;
00106 }
00107 fn_struct->name = strdup(SECHK_MOD_FN_RUN);
00108 if (!fn_struct->name) {
00109 ERR(NULL, "%s", strerror(ENOMEM));
00110 errno = ENOMEM;
00111 return -1;
00112 }
00113 fn_struct->fn = imp_range_trans_run;
00114 if (apol_vector_append(mod->functions, (void *)fn_struct) < 0) {
00115 ERR(NULL, "%s", strerror(ENOMEM));
00116 errno = ENOMEM;
00117 return -1;
00118 }
00119
00120 mod->data_free = NULL;
00121
00122 fn_struct = sechk_fn_new();
00123 if (!fn_struct) {
00124 ERR(NULL, "%s", strerror(ENOMEM));
00125 errno = ENOMEM;
00126 return -1;
00127 }
00128 fn_struct->name = strdup(SECHK_MOD_FN_PRINT);
00129 if (!fn_struct->name) {
00130 ERR(NULL, "%s", strerror(ENOMEM));
00131 errno = ENOMEM;
00132 return -1;
00133 }
00134 fn_struct->fn = imp_range_trans_print;
00135 if (apol_vector_append(mod->functions, (void *)fn_struct) < 0) {
00136 ERR(NULL, "%s", strerror(ENOMEM));
00137 errno = ENOMEM;
00138 return -1;
00139 }
00140
00141 return 0;
00142 }
|
|
||||||||||||||||
|
|
|
||||||||||||||||
|
|
|
||||||||||||||||
|
|
