00001
00002
00003
00004
00005
00006
00007
00008
00009
00010 #ifndef __RSBAC_TYPES_H
00011 #define __RSBAC_TYPES_H
00012
00013
00014 #ifdef CONFIG_MODULES
00015 #endif
00016
00017 #define RSBAC_VERSION "1.2.6"
00018 #define RSBAC_VERSION_MAJOR 1
00019 #define RSBAC_VERSION_MID 2
00020 #define RSBAC_VERSION_MINOR 6
00021 #define RSBAC_VERSION_NR \
00022 ((RSBAC_VERSION_MAJOR << 16) | (RSBAC_VERSION_MID << 8) | RSBAC_VERSION_MINOR)
00023 #define RSBAC_VERSION_MAKE_NR(x,y,z) \
00024 ((x << 16) & (y << 8) & z)
00025
00026 #include <linux/types.h>
00027
00028 typedef __u32 rsbac_version_t;
00029 typedef __u32 rsbac_uid_t;
00030 typedef __u32 rsbac_gid_t;
00031 typedef __u16 rsbac_old_uid_t;
00032 typedef __u16 rsbac_old_gid_t;
00033 typedef __u32 rsbac_time_t;
00034 typedef __u32 rsbac_cap_vector_t;
00035
00036 typedef __u32 rsbac_list_ta_number_t;
00037
00038 struct rsbac_nanotime_t
00039 {
00040 rsbac_time_t sec;
00041 __u32 nsec;
00042 };
00043
00044 #ifdef __KERNEL__
00045 #include <linux/fs.h>
00046 #include <linux/socket.h>
00047 #include <linux/pipe_fs_i.h>
00048 #include <linux/kdev_t.h>
00049
00050
00051 #ifndef LINUX_VERSION_CODE
00052 #include <linux/version.h>
00053 #endif
00054 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,19)
00055 #error "RSBAC: unsupported kernel version"
00056 #endif
00057
00058 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00059 #define RSBAC_MAJOR MAJOR
00060 #define RSBAC_MINOR MINOR
00061 #define RSBAC_MKDEV(major,minor) MKDEV(major,minor)
00062 static inline rsbac_time_t rsbac_current_time(void)
00063 {
00064 struct timespec ts = CURRENT_TIME;
00065 return ts.tv_sec;
00066 }
00067 static inline void rsbac_get_current_nanotime(struct rsbac_nanotime_t * nanotime)
00068 {
00069 struct timespec ts = CURRENT_TIME;
00070 nanotime->sec = ts.tv_sec;
00071 nanotime->nsec = ts.tv_nsec;
00072 }
00073 #ifndef kdev_t
00074 #define kdev_t dev_t
00075 #endif
00076 #define RSBAC_CURRENT_TIME (rsbac_current_time())
00077 #else
00078 #define RSBAC_MAJOR MAJOR
00079 #define RSBAC_MINOR MINOR
00080 #define RSBAC_MKDEV(major,minor) MKDEV(major,minor)
00081 #define RSBAC_CURRENT_TIME CURRENT_TIME
00082 #include <linux/sched.h>
00083 static inline void rsbac_get_current_nanotime(struct rsbac_nanotime_t * nanotime)
00084 {
00085 nanotime->sec = xtime.tv_sec;
00086 nanotime->nsec = xtime.tv_usec * 1000;
00087 }
00088 #endif
00089
00090 #define RSBAC_ZERO_DEV RSBAC_MKDEV(0,0)
00091 #define RSBAC_AUTO_DEV RSBAC_MKDEV(99,99)
00092 #define RSBAC_IS_ZERO_DEV(kdev) (!RSBAC_MAJOR(kdev) && !RSBAC_MINOR(kdev))
00093 #define RSBAC_IS_AUTO_DEV(kdev) ((RSBAC_MAJOR(kdev) == 99) && (RSBAC_MINOR(kdev) == 99))
00094
00095 #ifdef CONFIG_RSBAC_INIT_DELAY
00096 #define R_INIT
00097 #else
00098 #define R_INIT __init
00099 #endif
00100
00101 #endif
00102
00103
00104
00105 #ifndef NULL
00106 #define NULL ((void *) 0)
00107 #endif
00108
00109 #define rsbac_min(a,b) (((a)<(b))?(a):(b))
00110 #define rsbac_max(a,b) (((a)>(b))?(a):(b))
00111
00112 #define RSBAC_OLD_NO_USER 65533
00113 #define RSBAC_OLD_ALL_USERS 65532
00114 #define RSBAC_NO_USER ((rsbac_uid_t) -3)
00115 #define RSBAC_ALL_USERS ((rsbac_uid_t) -4)
00116 #define RSBAC_NO_GROUP ((rsbac_gid_t) -3)
00117 #define RSBAC_ALL_GROUPS ((rsbac_gid_t) -4)
00118
00119 #ifndef FALSE
00120 #define FALSE 0
00121 #endif
00122 #ifndef TRUE
00123 #define TRUE 1
00124 #endif
00125
00126 typedef u_int rsbac_boolean_t;
00127
00128 typedef __u8 rsbac_boolean_int_t;
00129
00130 #define RSBAC_IFNAMSIZ 16
00131 typedef u_char rsbac_netdev_id_t[RSBAC_IFNAMSIZ + 1];
00132
00133 #define RSBAC_SEC_DEL_CHUNK_SIZE 65536
00134
00135
00136
00137 #define RSBAC_AUTH_LOGIN_PATH "/bin/login"
00138 #define RSBAC_AUTH_LOGIN_PATH_DIR "bin"
00139 #define RSBAC_AUTH_LOGIN_PATH_FILE "login"
00140
00141
00142
00143
00144
00145
00146
00147 #define RSBAC_LIST_TTL_KEEP ((rsbac_time_t) -1)
00148
00149 typedef __u8 rsbac_enum_t;
00150
00151 #define RSBAC_SYSADM_UID 0
00152 #define RSBAC_BIN_UID 1
00153 #ifdef CONFIG_RSBAC_SECOFF_UID
00154 #define RSBAC_SECOFF_UID CONFIG_RSBAC_SECOFF_UID
00155 #else
00156 #define RSBAC_SECOFF_UID 400
00157 #endif
00158 #define RSBAC_DATAPROT_UID (RSBAC_SECOFF_UID+1)
00159 #define RSBAC_TPMAN_UID (RSBAC_SECOFF_UID+2)
00160 #define RSBAC_AUDITOR_UID (RSBAC_SECOFF_UID+4)
00161
00162 typedef __u32 rsbac_pseudo_t;
00163 typedef __u32 rsbac_pid_t;
00164
00165 typedef __u32 rsbac_ta_number_t;
00166
00167 typedef __u8 rsbac_security_level_t;
00168 #define SL_max 252
00169 #define SL_min 0
00170
00171 #define SL_inherit 254
00172 #define SL_none 255
00173 enum rsbac_old_security_level_t {SL_unclassified, SL_confidential, SL_secret,
00174 SL_top_secret, SL_old_rsbac_internal,
00175 SL_old_inherit, SL_old_none};
00176
00177 typedef __u64 rsbac_mac_category_vector_t;
00178 #define RSBAC_MAC_GENERAL_CATEGORY 0
00179 #define RSBAC_MAC_DEF_CAT_VECTOR ((rsbac_mac_category_vector_t) 1)
00180
00181 #define RSBAC_MAC_MAX_CAT_VECTOR ((rsbac_mac_category_vector_t) -1)
00182
00183 #define RSBAC_MAC_MIN_CAT_VECTOR ((rsbac_mac_category_vector_t) 0)
00184
00185 #define RSBAC_MAC_INHERIT_CAT_VECTOR ((rsbac_mac_category_vector_t) 0)
00186
00187 #define RSBAC_MAC_NR_CATS 64
00188 #define RSBAC_MAC_MAX_CAT 63
00189
00190 #define RSBAC_MAC_CAT_VECTOR(x) ((rsbac_mac_category_vector_t) 1 << (x))
00191
00192 typedef u_int rsbac_cwi_relation_id_t;
00193
00194
00195 enum rsbac_system_role_t {SR_user, SR_security_officer, SR_administrator,
00196 SR_auditor, SR_none};
00197 typedef rsbac_enum_t rsbac_system_role_int_t;
00198
00199
00200 enum rsbac_fake_root_uid_t {FR_off, FR_uid_only, FR_euid_only, FR_both,
00201 FR_none};
00202 typedef rsbac_enum_t rsbac_fake_root_uid_int_t;
00203
00204 enum rsbac_scd_type_t {ST_time_strucs, ST_clock, ST_host_id,
00205 ST_net_id, ST_ioports, ST_rlimit,
00206 ST_swap, ST_syslog, ST_rsbac, ST_rsbaclog,
00207 ST_other, ST_kmem, ST_network, ST_firewall,
00208 ST_priority, ST_sysfs, ST_rsbac_remote_log,
00209 ST_quota, ST_sysctl, ST_nfsd, ST_ksyms,
00210 ST_mlock, ST_capability, ST_none};
00211
00212 typedef __u32 rsbac_scd_vector_t;
00213 #define RSBAC_SCD_VECTOR(x) ((rsbac_scd_vector_t) 1 << (x))
00214
00215 enum rsbac_dev_type_t {D_block, D_char, D_block_major, D_char_major, D_none};
00216
00217
00218 enum rsbac_ipc_type_t {I_sem, I_msg, I_shm, I_anonpipe, I_mqueue, I_none};
00219 union rsbac_ipc_id_t
00220 {
00221 u_long id_nr;
00222 };
00223
00224 typedef __u32 rsbac_inode_nr_t;
00225
00226 enum rsbac_linux_dac_disable_t {LDD_false, LDD_true, LDD_inherit, LDD_none};
00227 typedef rsbac_enum_t rsbac_linux_dac_disable_int_t;
00228
00229 #ifdef __KERNEL__
00230
00231
00232 struct rsbac_fs_file_t
00233 {
00234 kdev_t device;
00235 rsbac_inode_nr_t inode;
00236 struct dentry * dentry_p;
00237 };
00238
00239 struct rsbac_dev_t
00240 {
00241 enum rsbac_dev_type_t type;
00242 kdev_t id;
00243 };
00244 #endif
00245
00246
00247 struct rsbac_dev_desc_t
00248 {
00249 __u32 type;
00250 __u32 major;
00251 __u32 minor;
00252 };
00253
00254 static inline struct rsbac_dev_desc_t
00255 rsbac_mkdev_desc(__u32 type, __u32 major, __u32 minor)
00256 {
00257 struct rsbac_dev_desc_t dev_desc;
00258
00259 dev_desc.type = type;
00260 dev_desc.major = major;
00261 dev_desc.minor = minor;
00262 return dev_desc;
00263 }
00264
00265 #define RSBAC_ZERO_DEV_DESC rsbac_mkdev_desc(D_none, 0, 0)
00266 #define RSBAC_AUTO_DEV_DESC rsbac_mkdev_desc(D_none, 99, 99)
00267 #define RSBAC_IS_ZERO_DEV_DESC(dev) ((dev.type == D_none) && !dev.major && !dev.minor)
00268 #define RSBAC_IS_AUTO_DEV_DESC(dev) ((dev.type == D_none) && (dev.major == 99) && (dev.minor == 99))
00269
00270
00271 struct rsbac_ipc_t
00272 {
00273 enum rsbac_ipc_type_t type;
00274 union rsbac_ipc_id_t id;
00275 };
00276
00277
00278 enum rsbac_log_level_t {LL_none, LL_denied, LL_full, LL_request, LL_invalid};
00279 typedef __u64 rsbac_log_array_t;
00280
00281
00282 typedef __u64 rsbac_request_vector_t;
00283 #define RSBAC_REQUEST_VECTOR(x) ((rsbac_request_vector_t) 1 << (x))
00284
00285
00286 #define RSBAC_MAXNAMELEN 256
00287
00288 #define RSBAC_LIST_TA_MAX_PASSLEN 36
00289
00290
00291
00292 typedef __u8 rsbac_mac_user_flags_t;
00293 typedef __u16 rsbac_mac_process_flags_t;
00294 typedef __u8 rsbac_mac_file_flags_t;
00295 typedef struct rsbac_fs_file_t rsbac_mac_file_t;
00296 #define RSBAC_MAC_MAX_MAXNUM 1000000
00297
00298 #define MAC_override 1
00299 #define MAC_auto 2
00300 #define MAC_trusted 4
00301 #define MAC_write_up 8
00302 #define MAC_read_up 16
00303 #define MAC_write_down 32
00304 #define MAC_allow_auto 64
00305 #define MAC_prop_trusted 128
00306 #define MAC_program_auto 256
00307
00308 #define RSBAC_MAC_U_FLAGS (MAC_override | MAC_trusted | MAC_write_up | MAC_read_up | MAC_write_down | MAC_allow_auto)
00309 #define RSBAC_MAC_P_FLAGS (MAC_override | MAC_auto | MAC_trusted | MAC_write_up | MAC_read_up | MAC_write_down | MAC_prop_trusted | MAC_program_auto)
00310 #define RSBAC_MAC_F_FLAGS (MAC_auto | MAC_trusted | MAC_write_up | MAC_read_up | MAC_write_down)
00311
00312 #define RSBAC_MAC_DEF_U_FLAGS 0
00313 #define RSBAC_MAC_DEF_SYSADM_U_FLAGS MAC_allow_auto
00314 #define RSBAC_MAC_DEF_SECOFF_U_FLAGS MAC_override
00315
00316 #define RSBAC_MAC_DEF_P_FLAGS 0
00317 #define RSBAC_MAC_DEF_INIT_P_FLAGS MAC_auto
00318
00319 typedef rsbac_enum_t rsbac_mac_auto_int_t;
00320 enum rsbac_mac_auto_t {MA_no, MA_yes, MA_inherit};
00321
00322
00323
00324 #include <rsbac/pm_types.h>
00325
00326
00327 typedef __u8 rsbac_daz_scanned_t;
00328 #define DAZ_unscanned 0
00329 #define DAZ_infected 1
00330 #define DAZ_clean 2
00331 #define DAZ_max 2
00332 #define DEFAULT_DAZ_FD_SCANNED DAZ_unscanned
00333 typedef __u8 rsbac_daz_scanner_t;
00334
00335
00336
00337 typedef __u16 rsbac_ff_flags_t;
00338 #define FF_read_only 1
00339 #define FF_execute_only 2
00340 #define FF_search_only 4
00341 #define FF_write_only 8
00342 #define FF_secure_delete 16
00343 #define FF_no_execute 32
00344 #define FF_no_delete_or_rename 64
00345 #define FF_append_only 256
00346 #define FF_no_mount 512
00347
00348 #define FF_add_inherited 128
00349
00350 #define RSBAC_FF_DEF FF_add_inherited
00351 #define RSBAC_FF_ROOT_DEF 0
00352
00353
00354
00355 #include <rsbac/rc_types.h>
00356
00357
00358
00359 #define RSBAC_AUTH_MAX_MAXNUM 1000000
00360 #define RSBAC_AUTH_OLD_OWNER_F_CAP (rsbac_old_uid_t) -3
00361 #define RSBAC_AUTH_OWNER_F_CAP ((rsbac_uid_t) -3)
00362 #define RSBAC_AUTH_DAC_OWNER_F_CAP ((rsbac_uid_t) -4)
00363 #define RSBAC_AUTH_MAX_RANGE_UID ((rsbac_uid_t) -10)
00364 #define RSBAC_AUTH_GROUP_F_CAP ((rsbac_gid_t) -3)
00365 #define RSBAC_AUTH_DAC_GROUP_F_CAP ((rsbac_gid_t) -4)
00366 #define RSBAC_AUTH_MAX_RANGE_GID ((rsbac_gid_t) -10)
00367 typedef struct rsbac_fs_file_t rsbac_auth_file_t;
00368 struct rsbac_auth_cap_range_t
00369 {
00370 rsbac_uid_t first;
00371 rsbac_uid_t last;
00372 };
00373 enum rsbac_auth_cap_type_t {ACT_real, ACT_eff, ACT_fs,
00374 ACT_group_real, ACT_group_eff, ACT_group_fs,
00375 ACT_none};
00376 typedef rsbac_enum_t rsbac_auth_cap_type_int_t;
00377
00378 enum rsbac_auth_may_setuid_t {AMS_off, AMS_full, AMS_last_auth_only,
00379 AMS_last_auth_and_gid, AMS_none};
00380
00381 typedef rsbac_enum_t rsbac_auth_may_setuid_int_t;
00382
00383
00384
00385
00386
00387 enum rsbac_cap_process_hiding_t {PH_off, PH_from_other_users, PH_full,
00388 PH_none};
00389 typedef rsbac_enum_t rsbac_cap_process_hiding_int_t;
00390
00391 #define RSBAC_CAP_DEFAULT_MIN ((rsbac_cap_vector_t) 0)
00392 #define RSBAC_CAP_DEFAULT_MAX ((rsbac_cap_vector_t) -1)
00393
00394 #include <linux/capability.h>
00395 #define CAP_NONE 29
00396 #define RSBAC_CAP_MAX CAP_NONE
00397
00398
00399
00400 #define RSBAC_JAIL_VERSION 1
00401
00402 typedef __u32 rsbac_jail_id_t;
00403 #define RSBAC_JAIL_DEF_ID 0
00404 typedef __u32 rsbac_jail_ip_t;
00405 typedef __u32 rsbac_jail_scd_vector_t;
00406
00407 typedef __u32 rsbac_jail_flags_t;
00408 #define JAIL_allow_external_ipc 1
00409 #define JAIL_allow_all_net_family 2
00410 #define JAIL_allow_inet_raw 8
00411 #define JAIL_auto_adjust_inet_any 16
00412 #define JAIL_allow_inet_localhost 32
00413 #define JAIL_allow_dev_get_status 128
00414 #define JAIL_allow_dev_mod_system 256
00415 #define JAIL_allow_dev_read 512
00416 #define JAIL_allow_dev_write 1024
00417 #define JAIL_allow_tty_open 2048
00418
00419 #define RSBAC_JAIL_LOCALHOST ((1 << 24) | 127)
00420
00421
00422
00423 typedef unsigned long rsbac_pax_flags_t;
00424
00425
00426 #ifdef __KERNEL__
00427 #include <linux/elf.h>
00428 #include <linux/random.h>
00429 #endif
00430 #ifndef PF_PAX_PAGEEXEC
00431 #define PF_PAX_PAGEEXEC 0x01000000
00432 #define PF_PAX_EMUTRAMP 0x02000000
00433 #define PF_PAX_MPROTECT 0x04000000
00434 #define PF_PAX_RANDMMAP 0x08000000
00435 #define PF_PAX_RANDEXEC 0x10000000
00436 #define PF_PAX_SEGMEXEC 0x20000000
00437 #endif
00438
00439 #define RSBAC_PAX_DEF_FLAGS (PF_PAX_SEGMEXEC | PF_PAX_PAGEEXEC | PF_PAX_MPROTECT | PF_PAX_RANDMMAP)
00440 #define RSBAC_PAX_ALL_FLAGS ((rsbac_pax_flags_t) 255 << 24)
00441
00442
00443
00444
00445
00446
00447 typedef __u32 rsbac_res_limit_t;
00448 #define RSBAC_RES_UNSET 0
00449
00450 #define RSBAC_RES_MAX 10
00451 #define RSBAC_RES_NONE 11
00452
00453 typedef rsbac_res_limit_t rsbac_res_array_t[RSBAC_RES_MAX + 1];
00454
00455
00456 typedef __s32 rsbac_reg_handle_t;
00457
00458
00459
00460
00461
00462
00463 #include <rsbac/network_types.h>
00464
00465 #ifdef __KERNEL__
00466 typedef struct socket * rsbac_net_obj_id_t;
00467 #else
00468 typedef void * rsbac_net_obj_id_t;
00469 #endif
00470
00471 struct rsbac_net_obj_desc_t
00472 {
00473 rsbac_net_obj_id_t sock_p;
00474 void * local_addr;
00475 u_int local_len;
00476 void * remote_addr;
00477 u_int remote_len;
00478 };
00479
00480 #define RSBAC_ADF_REQUEST_ARRAY_VERSION 2
00481
00482 enum rsbac_adf_request_t {
00483 R_ADD_TO_KERNEL,
00484 R_ALTER,
00485 R_APPEND_OPEN,
00486 R_CHANGE_GROUP,
00487 R_CHANGE_OWNER,
00488 R_CHDIR,
00489 R_CLONE,
00490 R_CLOSE,
00491 R_CREATE,
00492 R_DELETE,
00493 R_EXECUTE,
00494 R_GET_PERMISSIONS_DATA,
00495 R_GET_STATUS_DATA,
00496 R_LINK_HARD,
00497 R_MODIFY_ACCESS_DATA,
00498 R_MODIFY_ATTRIBUTE,
00499 R_MODIFY_PERMISSIONS_DATA,
00500 R_MODIFY_SYSTEM_DATA,
00501 R_MOUNT,
00502 R_READ,
00503 R_READ_ATTRIBUTE,
00504 R_READ_WRITE_OPEN,
00505 R_READ_OPEN,
00506 R_REMOVE_FROM_KERNEL,
00507 R_RENAME,
00508 R_SEARCH,
00509 R_SEND_SIGNAL,
00510 R_SHUTDOWN,
00511 R_SWITCH_LOG,
00512 R_SWITCH_MODULE,
00513 R_TERMINATE,
00514 R_TRACE,
00515 R_TRUNCATE,
00516 R_UMOUNT,
00517 R_WRITE,
00518 R_WRITE_OPEN,
00519 R_MAP_EXEC,
00520 R_BIND,
00521 R_LISTEN,
00522 R_ACCEPT,
00523 R_CONNECT,
00524 R_SEND,
00525 R_RECEIVE,
00526 R_NET_SHUTDOWN,
00527 R_CHANGE_DAC_EFF_OWNER,
00528 R_CHANGE_DAC_FS_OWNER,
00529 R_CHANGE_DAC_EFF_GROUP,
00530 R_CHANGE_DAC_FS_GROUP,
00531 R_IOCTL,
00532 R_LOCK,
00533 R_NONE
00534 };
00535
00536 typedef rsbac_enum_t rsbac_adf_request_int_t;
00537
00538 #include <rsbac/request_groups.h>
00539
00540
00541
00542
00543 enum rsbac_adf_req_ret_t {NOT_GRANTED,GRANTED,DO_NOT_CARE,UNDEFINED};
00544
00545
00546
00547
00548
00549
00550 enum rsbac_switch_target_t {GEN,MAC,PM,DAZ,FF,RC,AUTH,REG,ACL,CAP,JAIL,
00551 RES,PAX,SOFTMODE,DAC_DISABLE,UM,FREEZE,SW_NONE};
00552 #define RSBAC_MAX_MOD (SOFTMODE - 1)
00553 typedef rsbac_enum_t rsbac_switch_target_int_t;
00554
00555
00556
00557
00558
00559
00560
00561 enum rsbac_target_t {T_FILE, T_DIR, T_FIFO, T_SYMLINK, T_DEV, T_IPC, T_SCD, T_USER, T_PROCESS,
00562 T_NETDEV, T_NETTEMP, T_NETOBJ, T_NETTEMP_NT, T_GROUP,
00563 T_FD,
00564 T_NONE};
00565
00566 union rsbac_target_id_t
00567 {
00568 #ifdef __KERNEL__
00569 struct rsbac_fs_file_t file;
00570 struct rsbac_fs_file_t dir;
00571 struct rsbac_fs_file_t fifo;
00572 struct rsbac_fs_file_t symlink;
00573 #endif
00574 struct rsbac_dev_desc_t dev;
00575 struct rsbac_ipc_t ipc;
00576 rsbac_enum_t scd;
00577 rsbac_uid_t user;
00578 rsbac_gid_t group;
00579 rsbac_pid_t process;
00580 rsbac_netdev_id_t netdev;
00581 rsbac_net_temp_id_t nettemp;
00582 struct rsbac_net_obj_desc_t netobj;
00583 int dummy;
00584 };
00585
00586 #ifdef __KERNEL__
00587 typedef rsbac_enum_t rsbac_log_entry_t[T_NONE+1];
00588 typedef rsbac_enum_t rsbac_old_log_entry_t[T_NONE];
00589
00590 struct rsbac_create_data_t
00591 {
00592 enum rsbac_target_t target;
00593 struct dentry * dentry_p;
00594 int mode;
00595 kdev_t device;
00596 };
00597 #endif
00598
00599 enum rsbac_attribute_t
00600 {
00601 A_pseudo,
00602 A_security_level,
00603 A_initial_security_level,
00604 A_local_sec_level,
00605 A_remote_sec_level,
00606 A_min_security_level,
00607 A_mac_categories,
00608 A_mac_initial_categories,
00609 A_local_mac_categories,
00610 A_remote_mac_categories,
00611 A_mac_min_categories,
00612 A_mac_user_flags,
00613 A_mac_process_flags,
00614 A_mac_file_flags,
00615 A_system_role,
00616 A_mac_role,
00617 A_daz_role,
00618 A_ff_role,
00619 A_auth_role,
00620 A_cap_role,
00621 A_jail_role,
00622 A_pax_role,
00623 A_current_sec_level,
00624 A_mac_curr_categories,
00625 A_min_write_open,
00626 A_min_write_categories,
00627 A_max_read_open,
00628 A_max_read_categories,
00629 A_mac_auto,
00630 A_mac_check,
00631 A_mac_prop_trusted,
00632 A_pm_role,
00633 A_pm_process_type,
00634 A_pm_current_task,
00635 A_pm_object_class,
00636 A_local_pm_object_class,
00637 A_remote_pm_object_class,
00638 A_pm_ipc_purpose,
00639 A_local_pm_ipc_purpose,
00640 A_remote_pm_ipc_purpose,
00641 A_pm_object_type,
00642 A_local_pm_object_type,
00643 A_remote_pm_object_type,
00644 A_pm_program_type,
00645 A_pm_tp,
00646 A_pm_task_set,
00647 A_daz_scanned,
00648 A_daz_scanner,
00649 A_ff_flags,
00650 A_rc_type,
00651 A_local_rc_type,
00652 A_remote_rc_type,
00653 A_rc_type_fd,
00654 A_rc_type_nt,
00655 A_rc_force_role,
00656 A_rc_initial_role,
00657 A_rc_role,
00658 A_rc_def_role,
00659 A_auth_may_setuid,
00660 A_auth_may_set_cap,
00661 A_auth_learn,
00662 A_min_caps,
00663 A_max_caps,
00664 A_max_caps_user,
00665 A_max_caps_program,
00666 A_jail_id,
00667 A_jail_ip,
00668 A_jail_flags,
00669 A_jail_max_caps,
00670 A_jail_scd_get,
00671 A_jail_scd_modify,
00672 A_pax_flags,
00673 A_res_role,
00674 A_res_min,
00675 A_res_max,
00676 A_log_array_low,
00677 A_local_log_array_low,
00678 A_remote_log_array_low,
00679 A_log_array_high,
00680 A_local_log_array_high,
00681 A_remote_log_array_high,
00682 A_log_program_based,
00683 A_log_user_based,
00684 A_symlink_add_remote_ip,
00685 A_symlink_add_uid,
00686 A_symlink_add_mac_level,
00687 A_symlink_add_rc_role,
00688 A_linux_dac_disable,
00689 A_cap_process_hiding,
00690 A_fake_root_uid,
00691 A_audit_uid,
00692 A_auid_exempt,
00693 A_auth_last_auth,
00694 A_remote_ip,
00695 #ifdef __KERNEL__
00696
00697 A_owner,
00698 A_group,
00699 A_signal,
00700 A_mode,
00701 A_nlink,
00702 A_switch_target,
00703 A_mod_name,
00704 A_request,
00705 A_trace_request,
00706 A_auth_add_f_cap,
00707 A_auth_remove_f_cap,
00708 A_auth_get_caplist,
00709 A_prot_bits,
00710 A_internal,
00711
00712 A_create_data,
00713 A_new_object,
00714 A_rlimit,
00715 A_new_dir_dentry_p,
00716 A_auth_program_file,
00717 A_auth_start_uid,
00718 A_auth_start_euid,
00719 A_auth_start_gid,
00720 A_auth_start_egid,
00721 A_acl_learn,
00722 A_priority,
00723 A_pgid,
00724 A_kernel_thread,
00725 A_open_flag,
00726 A_reboot_cmd,
00727 A_setsockopt_level,
00728 A_ioctl_cmd,
00729 A_f_mode,
00730 #endif
00731 A_none};
00732
00733 union rsbac_attribute_value_t
00734 {
00735 rsbac_uid_t owner;
00736 rsbac_pseudo_t pseudo;
00737 rsbac_security_level_t security_level;
00738 rsbac_mac_category_vector_t mac_categories;
00739 rsbac_system_role_int_t system_role;
00740 rsbac_security_level_t current_sec_level;
00741 rsbac_security_level_t min_write_open;
00742 rsbac_security_level_t max_read_open;
00743 rsbac_mac_user_flags_t mac_user_flags;
00744 rsbac_mac_process_flags_t mac_process_flags;
00745 rsbac_mac_file_flags_t mac_file_flags;
00746 rsbac_mac_auto_int_t mac_auto;
00747 rsbac_boolean_t mac_check;
00748 rsbac_boolean_t mac_prop_trusted;
00749 rsbac_pm_role_int_t pm_role;
00750 rsbac_pm_process_type_int_t pm_process_type;
00751 rsbac_pm_task_id_t pm_current_task;
00752 rsbac_pm_object_class_id_t pm_object_class;
00753 rsbac_pm_purpose_id_t pm_ipc_purpose;
00754 rsbac_pm_object_type_int_t pm_object_type;
00755 rsbac_pm_program_type_int_t pm_program_type;
00756 rsbac_pm_tp_id_t pm_tp;
00757 rsbac_pm_task_set_id_t pm_task_set;
00758 rsbac_daz_scanned_t daz_scanned;
00759 rsbac_daz_scanner_t daz_scanner;
00760 rsbac_ff_flags_t ff_flags;
00761 rsbac_rc_type_id_t rc_type;
00762 rsbac_rc_type_id_t rc_type_fd;
00763 rsbac_rc_role_id_t rc_force_role;
00764 rsbac_rc_role_id_t rc_initial_role;
00765 rsbac_rc_role_id_t rc_role;
00766 rsbac_rc_role_id_t rc_def_role;
00767 rsbac_auth_may_setuid_int_t auth_may_setuid;
00768 rsbac_boolean_t auth_may_set_cap;
00769 rsbac_pid_t auth_p_capset;
00770 rsbac_inode_nr_t auth_f_capset;
00771 rsbac_boolean_t auth_learn;
00772 rsbac_cap_vector_t min_caps;
00773 rsbac_cap_vector_t max_caps;
00774 rsbac_cap_vector_t max_caps_user;
00775 rsbac_cap_vector_t max_caps_program;
00776 rsbac_jail_id_t jail_id;
00777 rsbac_jail_ip_t jail_ip;
00778 rsbac_jail_flags_t jail_flags;
00779 rsbac_cap_vector_t jail_max_caps;
00780 rsbac_jail_scd_vector_t jail_scd_get;
00781 rsbac_jail_scd_vector_t jail_scd_modify;
00782 rsbac_pax_flags_t pax_flags;
00783 rsbac_res_array_t res_array;
00784 rsbac_log_array_t log_array_low;
00785 rsbac_log_array_t log_array_high;
00786 rsbac_request_vector_t log_program_based;
00787 rsbac_request_vector_t log_user_based;
00788 rsbac_enum_t symlink_add_remote_ip;
00789 rsbac_boolean_t symlink_add_uid;
00790 rsbac_boolean_t symlink_add_mac_level;
00791 rsbac_boolean_t symlink_add_rc_role;
00792 rsbac_linux_dac_disable_int_t linux_dac_disable;
00793
00794 rsbac_cap_process_hiding_int_t cap_process_hiding;
00795 rsbac_fake_root_uid_int_t fake_root_uid;
00796 rsbac_uid_t audit_uid;
00797 rsbac_uid_t auid_exempt;
00798 rsbac_uid_t auth_last_auth;
00799 __u32 remote_ip;
00800 #ifdef __KERNEL__
00801 rsbac_gid_t group;
00802 struct sockaddr * sockaddr_p;
00803 long signal;
00804 int mode;
00805 int nlink;
00806 enum rsbac_switch_target_t switch_target;
00807 char * mod_name;
00808 enum rsbac_adf_request_t request;
00809 long trace_request;
00810 struct rsbac_auth_cap_range_t auth_cap_range;
00811 int prot_bits;
00812 rsbac_boolean_t internal;
00813
00814 struct rsbac_create_data_t create_data;
00815
00816 rsbac_boolean_t new_object;
00817 u_int rlimit;
00818 struct dentry * new_dir_dentry_p;
00819 struct rsbac_fs_file_t auth_program_file;
00820 rsbac_uid_t auth_start_uid;
00821 rsbac_uid_t auth_start_euid;
00822 rsbac_gid_t auth_start_gid;
00823 rsbac_gid_t auth_start_egid;
00824 rsbac_boolean_t acl_learn;
00825 int priority;
00826 rsbac_pid_t pgid;
00827 rsbac_boolean_t kernel_thread;
00828 u_int open_flag;
00829 u_int reboot_cmd;
00830 int setsockopt_level;
00831 u_int ioctl_cmd;
00832 mode_t f_mode;
00833 #endif
00834 u_char u_char_dummy;
00835 u_short u_short_dummy;
00836 int dummy;
00837 u_int u_dummy;
00838 long long_dummy;
00839 u_long u_long_dummy;
00840 };
00841
00842
00843
00844
00845 #include <rsbac/acl_types.h>
00846 #include <rsbac/um_types.h>
00847
00848 #endif
