The Data Structures component contains all the Access Control Information (ACI) and all parts of the Access Control Context (ACC) that are not already stored in standard kernel structures.

The General Data Structures provide fixed size attribute structures for objects of all target types and for all implemented decision modules. The attribute objects are kept in generic dynamic lists. Attributes for persistent objects of target types FILE, DIR, FIFO, SYMLINK, SCD, USER, NETDEV and NETTEMP are additionally saved to secondary storage.

In clearer words, this means that every access control related information that weren’t part of the kernel are stored here. Modules also store some of their information there.

Dynamic, module specific data, like roles, user groups, access control lists etc., are handled separately in the Non-General Data Structures.

Also, the data handling related process synchronization is done within this component, so that decision modules do not need to care about it. The data structures are stored inside generic persistent lists. They also provide some additional infrastructure, e.g. for file accesses.

Table of Contents: RSBAC Handbook
Previous: Access Decision Facility (ADF)
Next: Interfaces