Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
linux-2.6.16-rsbac-1.2.6 / include / rsbac

adf_syshelpers.h

Go to the documentation of this file.
00001 /************************************ */
00002 /* Rule Set Based Access Control      */
00003 /* Author and (c) 1999-2005:          */
00004 /*   Amon Ott <ao@rsbac.org>          */
00005 /*                                    */
00006 /* Helper Prototypes for model        */
00007 /* specific system calls              */
00008 /* Last modified: 02/Aug/2005         */
00009 /************************************ */
00010 
00011 #ifndef __RSBAC_ADF_SYSHELPERS_H
00012 #define __RSBAC_ADF_SYSHELPERS_H
00013 
00014 /* #include <linux/sched.h> */
00015 #include <rsbac/types.h>
00016 
00017 /***************************************************/
00018 /*              Global Variables                   */
00019 /***************************************************/
00020 
00021 /***************************************************/
00022 /*              General Prototypes                 */
00023 /***************************************************/
00024 
00025 /***************************************************/
00026 /*              Module Prototypes                  */
00027 /***************************************************/
00028 
00029 /******* MAC ********/
00030 
00031 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_MAC_MAINT)
00032 int  rsbac_mac_set_curr_level(rsbac_security_level_t level,
00033                               rsbac_mac_category_vector_t categories);
00034 
00035 int  rsbac_mac_get_curr_level(rsbac_security_level_t * level_p,
00036                               rsbac_mac_category_vector_t * categories_p);
00037 
00038 int  rsbac_mac_get_max_level(rsbac_security_level_t * level_p,
00039                              rsbac_mac_category_vector_t * categories_p);
00040 
00041 int  rsbac_mac_get_min_level(rsbac_security_level_t * level_p,
00042                              rsbac_mac_category_vector_t * categories_p);
00043 
00044 int rsbac_mac_add_p_tru(
00045   rsbac_list_ta_number_t ta_number,
00046   rsbac_pid_t pid,
00047   rsbac_uid_t uid,
00048   rsbac_time_t ttl);
00049 
00050 int rsbac_mac_remove_p_tru(
00051   rsbac_list_ta_number_t ta_number,
00052   rsbac_pid_t pid,
00053   rsbac_uid_t uid);
00054 
00055 int rsbac_mac_add_f_tru(
00056   rsbac_list_ta_number_t ta_number,
00057   rsbac_mac_file_t file,
00058   rsbac_uid_t uid,
00059   rsbac_time_t ttl);
00060 
00061 int rsbac_mac_remove_f_tru(
00062   rsbac_list_ta_number_t ta_number,
00063   rsbac_mac_file_t file,
00064   rsbac_uid_t uid);
00065 
00066 #endif  /* MAC */
00067 
00068 
00069 /******* PM ********/
00070 
00071 #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
00072 /* This function is called via sys_rsbac_pm() system call                    */
00073 /* and serves as a dispatcher for all PM dependant system calls.             */
00074 
00075 int rsbac_pm(
00076         rsbac_list_ta_number_t ta_number,
00077   enum  rsbac_pm_function_type_t,
00078   union rsbac_pm_function_param_t,
00079         rsbac_pm_tkt_id_t);
00080 
00081 int rsbac_pm_change_current_task(rsbac_pm_task_id_t);
00082 
00083 int rsbac_pm_create_file(const char *,                /* filename */
00084                          int,                         /* creation mode */
00085                          rsbac_pm_object_class_id_t); /* class for file */
00086 #endif  /* PM */
00087 
00088 /******* FF ********/
00089 
00090 /******* RC ********/
00091 
00092 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
00093 /* These functions in adf/rc/syscalls.c are called via sys_* system calls    */
00094 /* and check for validity before passing the call to the rc_data_structures. */
00095 
00096 /* All roles are always there, so instead of creation, we supply a copy for */
00097 /* initialization. There is always the well-defined role general to copy    */
00098 extern int rsbac_rc_sys_copy_role (
00099   rsbac_list_ta_number_t ta_number,
00100   rsbac_rc_role_id_t from_role,
00101   rsbac_rc_role_id_t to_role);
00102 
00103 extern int rsbac_rc_sys_copy_type (
00104         rsbac_list_ta_number_t ta_number,
00105   enum  rsbac_rc_target_t      target,
00106         rsbac_rc_type_id_t     from_type,
00107         rsbac_rc_type_id_t     to_type);
00108 
00109 /* Getting item values */
00110 extern int rsbac_rc_sys_get_item (
00111   rsbac_list_ta_number_t ta_number,
00112   enum  rsbac_rc_target_t       target,
00113   union rsbac_rc_target_id_t    tid,
00114   union rsbac_rc_target_id_t    subtid,
00115   enum  rsbac_rc_item_t         item,
00116   union rsbac_rc_item_value_t * value_p,
00117         rsbac_time_t          * ttl_p);
00118 
00119 /* Setting item values */
00120 extern int rsbac_rc_sys_set_item (
00121   rsbac_list_ta_number_t ta_number,
00122   enum  rsbac_rc_target_t       target,
00123   union rsbac_rc_target_id_t    tid,
00124   union rsbac_rc_target_id_t    subtid,
00125   enum  rsbac_rc_item_t         item,
00126   union rsbac_rc_item_value_t   value,
00127         rsbac_time_t            ttl);
00128 
00129 /* Set own role, if allowed ( = in role_comp vector of current role) */
00130 extern int rsbac_rc_sys_change_role (rsbac_rc_role_id_t role);
00131 
00132 /* Getting own effective rights */
00133 int rsbac_rc_sys_get_eff_rights (
00134   rsbac_list_ta_number_t ta_number,
00135   enum  rsbac_target_t       target,
00136   union rsbac_target_id_t    tid,
00137         rsbac_rc_request_vector_t * request_vector,
00138         rsbac_time_t          * ttl_p);
00139 
00140 int rsbac_rc_sys_get_current_role (rsbac_rc_role_id_t * role_p);
00141 
00142 #endif  /* RC || RC_MAINT */
00143 
00144 /****** AUTH *******/
00145 
00146 #if defined(CONFIG_RSBAC_AUTH) || defined(CONFIG_RSBAC_AUTH_MAINT)
00147 /* This function is called via sys_rsbac_auth_add_p_cap() system call */
00148 int rsbac_auth_add_p_cap(
00149          rsbac_list_ta_number_t ta_number,
00150          rsbac_pid_t pid,
00151   enum   rsbac_auth_cap_type_t cap_type,
00152   struct rsbac_auth_cap_range_t cap_range,
00153          rsbac_time_t ttl);
00154 
00155 /* This function is called via sys_rsbac_auth_remove_p_cap() system call */
00156 int rsbac_auth_remove_p_cap(
00157          rsbac_list_ta_number_t ta_number,
00158          rsbac_pid_t pid,
00159   enum   rsbac_auth_cap_type_t cap_type,
00160   struct rsbac_auth_cap_range_t cap_range);
00161 
00162 /* This function is called via sys_rsbac_auth_add_f_cap() system call */
00163 int rsbac_auth_add_f_cap(
00164          rsbac_list_ta_number_t ta_number,
00165          rsbac_auth_file_t file,
00166   enum   rsbac_auth_cap_type_t cap_type,
00167   struct rsbac_auth_cap_range_t cap_range,
00168          rsbac_time_t ttl);
00169 
00170 /* This function is called via sys_rsbac_auth_remove_f_cap() system call */
00171 int rsbac_auth_remove_f_cap(
00172          rsbac_list_ta_number_t ta_number,
00173          rsbac_auth_file_t file,
00174   enum   rsbac_auth_cap_type_t cap_type,
00175   struct rsbac_auth_cap_range_t cap_range);
00176 
00177 #endif  /* AUTH || AUTH_MAINT */
00178 
00179 /****** REG *******/
00180 
00181 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00182 /*
00183  * System call dispatcher
00184  * Returns 0 on success or -EINVALIDTARGET, if handle is invalid.
00185  */
00186 
00187 int rsbac_reg_syscall(rsbac_reg_handle_t handle,
00188                       void * arg);
00189 #endif /* REG || REG_MAINT */
00190 
00191 /****** ACL *******/
00192 
00193 #if defined(CONFIG_RSBAC_ACL) || defined(CONFIG_RSBAC_ACL_MAINT)
00194 int rsbac_acl_sys_set_acl_entry(
00195          rsbac_list_ta_number_t      ta_number,
00196   enum   rsbac_target_t              target,
00197   union  rsbac_target_id_t           tid,
00198   enum   rsbac_acl_subject_type_t    subj_type,
00199          rsbac_acl_subject_id_t      subj_id,
00200          rsbac_acl_rights_vector_t   rights,
00201          rsbac_time_t                ttl);
00202 
00203 int rsbac_acl_sys_remove_acl_entry(
00204          rsbac_list_ta_number_t      ta_number,
00205   enum   rsbac_target_t              target,
00206   union  rsbac_target_id_t           tid,
00207   enum   rsbac_acl_subject_type_t    subj_type,
00208          rsbac_acl_subject_id_t      subj_id);
00209 
00210 int rsbac_acl_sys_remove_acl(
00211          rsbac_list_ta_number_t      ta_number,
00212   enum   rsbac_target_t              target,
00213   union  rsbac_target_id_t           tid);
00214 
00215 int rsbac_acl_sys_add_to_acl_entry(
00216          rsbac_list_ta_number_t      ta_number,
00217   enum   rsbac_target_t              target,
00218   union  rsbac_target_id_t           tid,
00219   enum   rsbac_acl_subject_type_t    subj_type,
00220          rsbac_acl_subject_id_t      subj_id,
00221          rsbac_acl_rights_vector_t   rights,
00222          rsbac_time_t                ttl);
00223 
00224 int rsbac_acl_sys_remove_from_acl_entry(
00225          rsbac_list_ta_number_t      ta_number,
00226   enum   rsbac_target_t              target,
00227   union  rsbac_target_id_t           tid,
00228   enum   rsbac_acl_subject_type_t    subj_type,
00229          rsbac_acl_subject_id_t      subj_id,
00230          rsbac_acl_rights_vector_t   rights);
00231 
00232 int rsbac_acl_sys_set_mask(
00233          rsbac_list_ta_number_t      ta_number,
00234   enum   rsbac_target_t              target,
00235   union  rsbac_target_id_t           tid,
00236          rsbac_acl_rights_vector_t   mask);
00237 
00238 int rsbac_acl_sys_remove_user(
00239   rsbac_list_ta_number_t ta_number,
00240   rsbac_uid_t uid);
00241 
00242 int rsbac_acl_sys_get_mask(
00243          rsbac_list_ta_number_t      ta_number,
00244   enum   rsbac_target_t              target,
00245   union  rsbac_target_id_t           tid,
00246          rsbac_acl_rights_vector_t * mask_p);
00247 
00248 
00249 int rsbac_acl_sys_get_rights(
00250          rsbac_list_ta_number_t      ta_number,
00251   enum   rsbac_target_t              target,
00252   union  rsbac_target_id_t           tid,
00253   enum   rsbac_acl_subject_type_t    subj_type,
00254          rsbac_acl_subject_id_t      subj_id,
00255          rsbac_acl_rights_vector_t * rights_p,
00256          rsbac_boolean_t             inherit);
00257 
00258 int rsbac_acl_sys_get_tlist(
00259          rsbac_list_ta_number_t    ta_number,
00260   enum   rsbac_target_t            target,
00261   union  rsbac_target_id_t         tid,
00262   struct rsbac_acl_entry_t      ** entry_pp,
00263          rsbac_time_t           ** ttl_pp);
00264 
00265 int rsbac_acl_sys_group(
00266         rsbac_list_ta_number_t         ta_number,
00267   enum  rsbac_acl_group_syscall_type_t call,
00268   union rsbac_acl_group_syscall_arg_t  arg);
00269 
00270 #endif  /* ACL || ACL_MAINT */
00271 
00272 /****** JAIL *******/
00273 
00274 #if defined(CONFIG_RSBAC_JAIL)
00275 /* This function is called via sys_rsbac_jail() system call */
00276 int rsbac_jail_sys_jail(rsbac_version_t version,
00277                         char * path,
00278                         rsbac_jail_ip_t ip,
00279                         rsbac_jail_flags_t flags,
00280                         rsbac_cap_vector_t max_caps,
00281                         rsbac_jail_scd_vector_t scd_get,
00282                         rsbac_jail_scd_vector_t scd_modify);
00283 #endif
00284 
00285 #endif /* End of adf_syshelpers.h */
Generated on Sun May 21 14:30:49 2006 for RSBAC by  doxygen 1.4.2