linux-2.6.16-rsbac-1.2.6 / include / rsbac

types.h File Reference

#include <linux/types.h>
#include <rsbac/pm_types.h>
#include <rsbac/rc_types.h>
#include <linux/capability.h>
#include <rsbac/network_types.h>
#include <rsbac/request_groups.h>
#include <rsbac/acl_types.h>
#include <rsbac/um_types.h>

Define Documentation

#define CAP_NONE 29

Definition at line 395 of file types.h.
Referenced by get_cap_name(), get_cap_nr(), strtou32cap(), and u32tostrcap().

#define DAZ_clean 2

Definition at line 330 of file types.h.
Referenced by rsbac_adf_request_daz(), and rsbac_adf_set_attr_daz().

#define DAZ_infected 1

Definition at line 329 of file types.h.
Referenced by rsbac_adf_request_daz().

#define DAZ_max 2

Definition at line 331 of file types.h.

#define DAZ_unscanned 0

Definition at line 328 of file types.h.

#define DEFAULT_DAZ_FD_SCANNED DAZ_unscanned

Definition at line 332 of file types.h.
Referenced by register_fd_lists().

#define FALSE 0

Definition at line 120 of file types.h.
Referenced by adjust_in_out_pp(), auto_read_attr(), auto_read_write_attr(), auto_write_attr(), check_comp_rc(), check_comp_rc_scd(), copy_new_uids(), create_lol_reg(), create_reg(), fill_buffer(), fill_lol_buffer(), get_attr_fd(), get_attr_process(), get_ipc_purpose(), jail_dev_tty(), na_and_pp_ipc(), na_and_pp_or_cs(), na_dev(), na_ipc(), need_overwrite_func(), read_list(), read_lol_list(), rsbac_acl_check_forward(), rsbac_acl_check_right(), rsbac_acl_check_super(), rsbac_acl_get_single_right(), rsbac_acl_sys_get_rights(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_set_mask(), rsbac_adf_request_auth(), rsbac_adf_request_int(), rsbac_adf_request_mac(), rsbac_adf_request_pm(), rsbac_adf_request_rc(), rsbac_adf_set_attr(), rsbac_adf_set_attr_auth(), rsbac_adf_set_attr_cap(), rsbac_adf_set_attr_daz(), rsbac_adf_set_attr_jail(), rsbac_adf_set_attr_mac(), rsbac_adf_set_attr_pm(), rsbac_adf_set_attr_rc(), rsbac_adf_set_attr_res(), rsbac_auth_add_p_cap(), rsbac_auth_p_capset_member(), rsbac_auth_remove_p_cap(), rsbac_get_full_path(), rsbac_init(), rsbac_list_detach(), rsbac_list_lol_detach(), rsbac_list_lol_no_write(), rsbac_list_no_write(), rsbac_mac_get_curr_level(), rsbac_mac_get_max_level(), rsbac_mac_get_min_level(), rsbac_mac_p_truset_member(), rsbac_mac_remove_f_trusets(), rsbac_mac_remove_p_trusets(), rsbac_mac_set_curr_level(), rsbac_pm(), rsbac_pm_change_current_task(), rsbac_pm_create_file(), rsbac_pm_exists(), rsbac_pm_pp_only(), rsbac_pm_pp_subset(), rsbac_pm_pp_superset(), rsbac_pm_set_exist(), rsbac_pm_set_member(), rsbac_rc_check_comp(), rsbac_rc_check_type_comp(), rsbac_rc_get_item(), rsbac_rc_sys_copy_type(), rsbac_rc_sys_get_item(), rsbac_rc_type_exists(), rsbac_read_open(), rsbac_reg_switch(), rsbac_ta_list_exist(), rsbac_ta_list_lol_exist(), rsbac_ta_list_lol_subexist(), rsbac_ta_list_lol_subexist_compare(), rsbac_vkmalloc(), sys_rsbac_acl_get_mask_n(), sys_rsbac_acl_get_rights_n(), sys_rsbac_acl_get_tlist_n(), sys_rsbac_get_attr(), sys_rsbac_get_attr_n(), tp_check(), and writable().

#define FF_add_inherited 128

Definition at line 348 of file types.h.
Referenced by get_attr_fd().

#define FF_append_only 256

Definition at line 345 of file types.h.
Referenced by rsbac_adf_request_ff().

#define FF_execute_only 2

Definition at line 339 of file types.h.
Referenced by rsbac_adf_request_ff().

#define FF_no_delete_or_rename 64

Definition at line 344 of file types.h.
Referenced by get_attr_fd(), and rsbac_adf_request_ff().

#define FF_no_execute 32

Definition at line 343 of file types.h.
Referenced by rsbac_adf_request_ff().

#define FF_no_mount 512

Definition at line 346 of file types.h.
Referenced by rsbac_adf_request_ff().

#define FF_read_only 1

Definition at line 338 of file types.h.
Referenced by rsbac_adf_request_ff().

#define FF_search_only 4

Definition at line 340 of file types.h.
Referenced by rsbac_adf_request_ff().

#define FF_secure_delete 16

Definition at line 342 of file types.h.

#define FF_write_only 8

Definition at line 341 of file types.h.
Referenced by rsbac_adf_request_ff().

#define JAIL_allow_all_net_family 2

Definition at line 409 of file types.h.
Referenced by rsbac_adf_request_jail().

#define JAIL_allow_dev_get_status 128

Definition at line 413 of file types.h.
Referenced by rsbac_adf_request_jail().

#define JAIL_allow_dev_mod_system 256

Definition at line 414 of file types.h.
Referenced by rsbac_adf_request_jail().

#define JAIL_allow_dev_read 512

Definition at line 415 of file types.h.
Referenced by rsbac_adf_request_jail().

#define JAIL_allow_dev_write 1024

Definition at line 416 of file types.h.
Referenced by rsbac_adf_request_jail().

#define JAIL_allow_external_ipc 1

Definition at line 408 of file types.h.
Referenced by rsbac_adf_request_jail().

#define JAIL_allow_inet_localhost 32

Definition at line 412 of file types.h.

#define JAIL_allow_inet_raw 8

Definition at line 410 of file types.h.
Referenced by rsbac_adf_request_jail().

#define JAIL_allow_tty_open 2048

Definition at line 417 of file types.h.
Referenced by rsbac_adf_request_jail().

#define JAIL_auto_adjust_inet_any 16

Definition at line 411 of file types.h.
Referenced by rsbac_adf_set_attr_jail().

#define MAC_allow_auto 64

Definition at line 304 of file types.h.
Referenced by rsbac_adf_set_attr_mac().

#define MAC_auto 2

Definition at line 299 of file types.h.
Referenced by auto_read_attr(), auto_read_write_attr(), auto_write_attr(), get_attr_process(), rsbac_adf_set_attr_mac(), rsbac_mac_set_curr_level(), and set_attr_process().

#define MAC_override 1

Definition at line 298 of file types.h.
Referenced by auto_read_attr(), auto_read_write_attr(), auto_write_attr(), and rsbac_mac_set_curr_level().

#define MAC_program_auto 256

Definition at line 306 of file types.h.
Referenced by rsbac_adf_set_attr_mac().

#define MAC_prop_trusted 128

Definition at line 305 of file types.h.

#define MAC_read_up 16

Definition at line 302 of file types.h.
Referenced by auto_read_attr(), and auto_read_write_attr().

#define MAC_trusted 4

Definition at line 300 of file types.h.
Referenced by auto_read_attr(), auto_read_write_attr(), auto_write_attr(), rsbac_adf_set_attr_mac(), and rsbac_mac_set_curr_level().

#define MAC_write_down 32

Definition at line 303 of file types.h.
Referenced by auto_read_write_attr(), and auto_write_attr().

#define MAC_write_up 8

Definition at line 301 of file types.h.
Referenced by auto_read_write_attr(), and auto_write_attr().

#define NULL ((void *) 0)

Definition at line 106 of file types.h.

#define PF_PAX_EMUTRAMP 0x02000000

Definition at line 432 of file types.h.
Referenced by pax_print_flags(), pax_strtoflags(), and register_fd_lists().

#define PF_PAX_MPROTECT 0x04000000

Definition at line 433 of file types.h.
Referenced by pax_print_flags(), pax_strtoflags(), and register_fd_lists().

#define PF_PAX_PAGEEXEC 0x01000000

Definition at line 431 of file types.h.
Referenced by pax_print_flags(), pax_strtoflags(), and register_fd_lists().

#define PF_PAX_RANDEXEC 0x10000000

Definition at line 435 of file types.h.
Referenced by pax_print_flags(), pax_strtoflags(), and register_fd_lists().

#define PF_PAX_RANDMMAP 0x08000000

Definition at line 434 of file types.h.
Referenced by pax_print_flags(), pax_strtoflags(), and register_fd_lists().

#define PF_PAX_SEGMEXEC 0x20000000

Definition at line 436 of file types.h.
Referenced by pax_print_flags(), pax_strtoflags(), and register_fd_lists().

#define RSBAC_ADF_REQUEST_ARRAY_VERSION 2

Definition at line 480 of file types.h.

#define RSBAC_ALL_GROUPS ((rsbac_gid_t) -4)

Definition at line 117 of file types.h.

#define RSBAC_ALL_USERS ((rsbac_uid_t) -4)

Definition at line 115 of file types.h.
Referenced by get_attr_user(), rsbac_mac_p_truset_member(), set_attr_user(), sys_rsbac_um_get_group_list(), and sys_rsbac_um_get_user_list().

#define RSBAC_AUDITOR_UID (RSBAC_SECOFF_UID+4)

Definition at line 160 of file types.h.
Referenced by register_user_lists().

#define RSBAC_AUTH_DAC_GROUP_F_CAP ((rsbac_gid_t) -4)

Definition at line 365 of file types.h.
Referenced by rsbac_adf_set_attr_auth(), and rsbac_auth_p_capset_member().

#define RSBAC_AUTH_DAC_OWNER_F_CAP ((rsbac_uid_t) -4)

Definition at line 362 of file types.h.
Referenced by rsbac_adf_set_attr_auth(), and rsbac_auth_p_capset_member().

#define RSBAC_AUTH_GROUP_F_CAP ((rsbac_gid_t) -3)

Definition at line 364 of file types.h.
Referenced by rsbac_adf_set_attr_auth(), and rsbac_auth_p_capset_member().

#define RSBAC_AUTH_LOGIN_PATH "/bin/login"

Definition at line 137 of file types.h.
Referenced by rsbac_do_init().

#define RSBAC_AUTH_LOGIN_PATH_DIR "bin"

Definition at line 138 of file types.h.
Referenced by rsbac_do_init().

#define RSBAC_AUTH_LOGIN_PATH_FILE "login"

Definition at line 139 of file types.h.
Referenced by rsbac_do_init().

#define RSBAC_AUTH_MAX_MAXNUM 1000000

Definition at line 359 of file types.h.
Referenced by sys_rsbac_auth_get_f_caplist(), and sys_rsbac_auth_get_p_caplist().

#define RSBAC_AUTH_MAX_RANGE_GID ((rsbac_gid_t) -10)

Definition at line 366 of file types.h.

#define RSBAC_AUTH_MAX_RANGE_UID ((rsbac_uid_t) -10)

Definition at line 363 of file types.h.
Referenced by rsbac_auth_p_capset_member(), and sys_rsbac_auth_add_p_cap().

#define RSBAC_AUTH_OLD_OWNER_F_CAP (rsbac_old_uid_t) -3

Definition at line 360 of file types.h.

#define RSBAC_AUTH_OWNER_F_CAP ((rsbac_uid_t) -3)

Definition at line 361 of file types.h.
Referenced by rsbac_adf_set_attr_auth(), and rsbac_auth_p_capset_member().

#define RSBAC_AUTO_DEV_DESC rsbac_mkdev_desc(D_none, 99, 99)

Definition at line 266 of file types.h.

#define RSBAC_BIN_UID 1

Definition at line 152 of file types.h.

#define RSBAC_CAP_DEFAULT_MAX ((rsbac_cap_vector_t) -1)

Definition at line 392 of file types.h.
Referenced by rsbac_adf_set_attr_cap().

#define RSBAC_CAP_DEFAULT_MIN ((rsbac_cap_vector_t) 0)

Definition at line 391 of file types.h.

#define RSBAC_CAP_MAX CAP_NONE

Definition at line 396 of file types.h.

#define RSBAC_DATAPROT_UID (RSBAC_SECOFF_UID+1)

Definition at line 158 of file types.h.
Referenced by register_user_lists().

#define RSBAC_FF_DEF FF_add_inherited

Definition at line 350 of file types.h.
Referenced by get_attr_fd(), and register_fd_lists().

#define RSBAC_FF_ROOT_DEF 0

Definition at line 351 of file types.h.

#define RSBAC_IFNAMSIZ 16

Definition at line 130 of file types.h.
Referenced by get_target_name().

#define RSBAC_IS_AUTO_DEV_DESC ( dev ) ((dev.type == D_none) && (dev.major == 99) && (dev.minor == 99))

Definition at line 268 of file types.h.

#define RSBAC_IS_ZERO_DEV_DESC ( dev ) ((dev.type == D_none) && !dev.major && !dev.minor)

Definition at line 267 of file types.h.
Referenced by devdesctostr(), rsbac_acl_add_to_acl_entry(), rsbac_acl_get_rights(), rsbac_acl_get_single_right(), rsbac_acl_get_tlist(), rsbac_acl_remove_acl(), rsbac_acl_remove_acl_entry(), rsbac_acl_remove_from_acl_entry(), rsbac_acl_set_acl_entry(), and rsbac_acl_set_mask().

#define RSBAC_JAIL_DEF_ID 0

Definition at line 403 of file types.h.
Referenced by get_attr_ipc(), and register_ipc_lists().

#define RSBAC_JAIL_LOCALHOST ((1 << 24) | 127)

Definition at line 419 of file types.h.

#define RSBAC_JAIL_VERSION 1

Definition at line 400 of file types.h.
Referenced by rsbac_jail_sys_jail().

#define RSBAC_LIST_TA_MAX_PASSLEN 36

Definition at line 288 of file types.h.

#define RSBAC_LIST_TTL_KEEP ((rsbac_time_t) -1)

Definition at line 147 of file types.h.
Referenced by rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_set_acl_entry(), rsbac_list_add(), rsbac_list_lol_add(), rsbac_list_lol_subadd(), rsbac_ta_list_add_ttl(), rsbac_ta_list_lol_add_ttl(), rsbac_ta_list_lol_subadd_ttl(), rsbac_um_mod_group(), and rsbac_um_mod_user().

#define RSBAC_MAC_CAT_VECTOR ( x ) ((rsbac_mac_category_vector_t) 1 << (x))

Definition at line 190 of file types.h.

#define RSBAC_MAC_DEF_CAT_VECTOR ((rsbac_mac_category_vector_t) 1)

Definition at line 179 of file types.h.

#define RSBAC_MAC_DEF_INIT_P_FLAGS MAC_auto

Definition at line 317 of file types.h.
Referenced by rsbac_init().

#define RSBAC_MAC_DEF_P_FLAGS 0

Definition at line 316 of file types.h.

#define RSBAC_MAC_DEF_SECOFF_U_FLAGS MAC_override

Definition at line 314 of file types.h.

#define RSBAC_MAC_DEF_SYSADM_U_FLAGS MAC_allow_auto

Definition at line 313 of file types.h.

#define RSBAC_MAC_DEF_U_FLAGS 0

Definition at line 312 of file types.h.

#define RSBAC_MAC_F_FLAGS (MAC_auto | MAC_trusted | MAC_write_up | MAC_read_up | MAC_write_down)

Definition at line 310 of file types.h.
Referenced by set_attr_fd().

#define RSBAC_MAC_GENERAL_CATEGORY 0

Definition at line 178 of file types.h.

#define RSBAC_MAC_INHERIT_CAT_VECTOR ((rsbac_mac_category_vector_t) 0)

Definition at line 185 of file types.h.
Referenced by get_attr_fd().

#define RSBAC_MAC_MAX_CAT 63

Definition at line 188 of file types.h.
Referenced by strtou64mac(), and u64tostrmac().

#define RSBAC_MAC_MAX_CAT_VECTOR ((rsbac_mac_category_vector_t) -1)

Definition at line 181 of file types.h.
Referenced by rsbac_adf_set_attr_mac().

#define RSBAC_MAC_MAX_MAXNUM 1000000

Definition at line 296 of file types.h.
Referenced by sys_rsbac_mac_get_f_trulist(), and sys_rsbac_mac_get_p_trulist().

#define RSBAC_MAC_MIN_CAT_VECTOR ((rsbac_mac_category_vector_t) 0)

Definition at line 183 of file types.h.
Referenced by rsbac_adf_set_attr_mac(), and rsbac_mac_set_curr_level().

#define RSBAC_MAC_NR_CATS 64

Definition at line 187 of file types.h.
Referenced by strtou64mac(), and u64tostrmac().

#define rsbac_max ( a,
b ) (((a)>(b))?(a):(b))

Definition at line 110 of file types.h.
Referenced by rsbac_um_hash().

#define RSBAC_MAX_MOD (SOFTMODE - 1)

Definition at line 552 of file types.h.

#define RSBAC_MAXNAMELEN 256

Definition at line 286 of file types.h.
Referenced by aci_detach_fd_lists(), acl_detach_fd_lists(), acl_register_fd_lists(), auth_detach_fd_lists(), auth_register_fd_lists(), auto_read_attr(), auto_read_write_attr(), auto_write_attr(), check_comp_rc(), check_comp_rc_scd(), get_attribute_value_name(), get_target_name(), mac_detach_fd_lists(), mac_register_fd_lists(), read_info(), register_fd_lists(), register_process_lists(), registration_error(), rsbac_acl_check_forward(), rsbac_acl_check_right(), rsbac_acl_check_super(), rsbac_acl_remove_acl_entry(), rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_get_mask(), rsbac_acl_sys_get_rights(), rsbac_acl_sys_get_tlist(), rsbac_acl_sys_group(), rsbac_acl_sys_remove_acl(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_remove_user(), rsbac_acl_sys_set_acl_entry(), rsbac_acl_sys_set_mask(), rsbac_adf_request_int(), rsbac_adf_request_rc(), rsbac_adf_set_attr(), rsbac_do_init(), rsbac_get_full_path(), rsbac_init_auth(), rsbac_init_debug(), rsbac_init_mac(), rsbac_init_rc(), rsbac_init_um(), rsbac_jail_sys_jail(), rsbac_list_init(), rsbac_list_lol_register(), rsbac_list_register(), rsbac_mac_set_curr_level(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_rc_check_type_comp(), rsbac_rc_get_item(), rsbac_rc_sys_copy_type(), rsbac_read_open(), rsbac_write_open(), sys_rsbac_adf_log_switch(), sys_rsbac_get_adf_log(), sys_rsbac_switch(), sys_rsbac_um_add_group(), sys_rsbac_um_add_user(), sys_rsbac_um_auth_name(), sys_rsbac_um_auth_uid(), sys_rsbac_um_mod_group(), sys_rsbac_um_mod_user(), sys_rsbac_um_set_group_pass(), sys_rsbac_um_set_pass(), and write_info().

#define rsbac_min ( a,
b ) (((a)<(b))?(a):(b))

Definition at line 109 of file types.h.
Referenced by get_target_name(), rsbac_acl_sys_group(), rsbac_adf_request_int(), rsbac_adf_set_attr_res(), rsbac_list_write_buffers(), rsbac_list_write_lol_buffers(), rsbac_um_get_gm_user_list(), rsbac_um_get_group_list(), and rsbac_um_get_user_list().

#define RSBAC_NO_GROUP ((rsbac_gid_t) -3)

Definition at line 116 of file types.h.
Referenced by rsbac_acl_add_to_acl_entry(), rsbac_acl_get_mask(), rsbac_acl_get_rights(), rsbac_acl_get_single_right(), rsbac_acl_get_tlist(), rsbac_acl_remove_acl(), rsbac_acl_remove_acl_entry(), rsbac_acl_remove_from_acl_entry(), rsbac_acl_set_acl_entry(), and rsbac_acl_set_mask().

#define RSBAC_NO_USER ((rsbac_uid_t) -3)

Definition at line 114 of file types.h.
Referenced by gen_fd_old_conv(), gen_fd_old_old_conv(), rsbac_acl_add_to_acl_entry(), rsbac_acl_get_mask(), rsbac_acl_get_rights(), rsbac_acl_get_single_right(), rsbac_acl_get_tlist(), rsbac_acl_remove_acl(), rsbac_acl_remove_acl_entry(), rsbac_acl_remove_from_acl_entry(), rsbac_acl_set_acl_entry(), rsbac_acl_set_mask(), rsbac_acl_sys_get_rights(), rsbac_acl_sys_group(), rsbac_adf_request_auth(), rsbac_adf_request_int(), rsbac_adf_set_attr(), rsbac_adf_set_attr_auth(), rsbac_set_audit_uid(), rsbac_um_add_group(), rsbac_um_add_user(), and rsbac_um_get_next_user().

#define RSBAC_OLD_ALL_USERS 65532

Definition at line 113 of file types.h.

#define RSBAC_OLD_NO_USER 65533

Definition at line 112 of file types.h.

#define RSBAC_PAX_ALL_FLAGS ((rsbac_pax_flags_t) 255 << 24)

Definition at line 440 of file types.h.
Referenced by get_attr_process(), pax_strtoflags(), and set_attr_fd().

#define RSBAC_PAX_DEF_FLAGS (PF_PAX_SEGMEXEC | PF_PAX_PAGEEXEC | PF_PAX_MPROTECT | PF_PAX_RANDMMAP)

Definition at line 439 of file types.h.
Referenced by get_attr_fd(), and register_fd_lists().

#define RSBAC_REQUEST_VECTOR ( x ) ((rsbac_request_vector_t) 1 << (x))

Definition at line 283 of file types.h.
Referenced by rsbac_acl_check_right(), and rsbac_init_rc().

#define RSBAC_RES_MAX 10

Definition at line 450 of file types.h.
Referenced by get_res_name(), get_res_nr(), and rsbac_adf_set_attr_res().

#define RSBAC_RES_NONE 11

Definition at line 451 of file types.h.
Referenced by get_res_nr().

#define RSBAC_RES_UNSET 0

Definition at line 448 of file types.h.

#define RSBAC_SCD_VECTOR ( x ) ((rsbac_scd_vector_t) 1 << (x))

Definition at line 213 of file types.h.
Referenced by rsbac_adf_request_jail().

#define RSBAC_SEC_DEL_CHUNK_SIZE 65536

Definition at line 133 of file types.h.

#define RSBAC_SECOFF_UID 400

Definition at line 156 of file types.h.
Referenced by register_user_lists().

#define RSBAC_SYSADM_UID 0

Definition at line 151 of file types.h.
Referenced by register_user_lists(), and rsbac_init().

#define RSBAC_TPMAN_UID (RSBAC_SECOFF_UID+2)

Definition at line 159 of file types.h.
Referenced by register_user_lists().

#define RSBAC_VERSION "1.2.6"

Definition at line 17 of file types.h.
Referenced by rsbac_do_init().

#define RSBAC_VERSION_MAJOR 1

Definition at line 18 of file types.h.

#define RSBAC_VERSION_MAKE_NR ( x,
y,
z ) ((x << 16) & (y << 8) & z)

Definition at line 23 of file types.h.

#define RSBAC_VERSION_MID 2

Definition at line 19 of file types.h.

#define RSBAC_VERSION_MINOR 6

Definition at line 20 of file types.h.

#define RSBAC_VERSION_NR ((RSBAC_VERSION_MAJOR << 16) | (RSBAC_VERSION_MID << 8) | RSBAC_VERSION_MINOR)

Definition at line 21 of file types.h.
Referenced by sys_rsbac().

#define RSBAC_ZERO_DEV_DESC rsbac_mkdev_desc(D_none, 0, 0)

Definition at line 265 of file types.h.
Referenced by strtodevdesc(), sys_rsbac_acl_get_mask_n(), sys_rsbac_acl_get_rights_n(), sys_rsbac_acl_get_tlist_n(), and sys_rsbac_acl_n().

#define SL_inherit 254

Definition at line 171 of file types.h.
Referenced by get_attr_fd().

#define SL_max 252

Definition at line 168 of file types.h.
Referenced by rsbac_adf_set_attr_mac(), and rsbac_mac_set_curr_level().

#define SL_min 0

Definition at line 169 of file types.h.
Referenced by rsbac_adf_set_attr_mac().

#define SL_none 255

Definition at line 172 of file types.h.
Referenced by rsbac_mac_set_curr_level().

Typedef Documentation

typedef rsbac_enum_t rsbac_adf_request_int_t

Definition at line 536 of file types.h.

typedef rsbac_enum_t rsbac_auth_cap_type_int_t

Definition at line 376 of file types.h.

typedef struct rsbac_fs_file_t rsbac_auth_file_t

Definition at line 367 of file types.h.

typedef rsbac_enum_t rsbac_auth_may_setuid_int_t

Definition at line 381 of file types.h.

typedef __u8 rsbac_boolean_int_t

Definition at line 128 of file types.h.

typedef u_int rsbac_boolean_t

Definition at line 126 of file types.h.

typedef rsbac_enum_t rsbac_cap_process_hiding_int_t

Definition at line 389 of file types.h.

typedef __u32 rsbac_cap_vector_t

Definition at line 34 of file types.h.

typedef u_int rsbac_cwi_relation_id_t

Definition at line 192 of file types.h.

typedef __u8 rsbac_daz_scanned_t

Definition at line 327 of file types.h.

typedef __u8 rsbac_daz_scanner_t

Definition at line 333 of file types.h.

typedef __u8 rsbac_enum_t

Definition at line 149 of file types.h.

typedef rsbac_enum_t rsbac_fake_root_uid_int_t

Definition at line 202 of file types.h.

typedef __u16 rsbac_ff_flags_t

Definition at line 337 of file types.h.

typedef __u32 rsbac_gid_t

Definition at line 30 of file types.h.

typedef __u32 rsbac_inode_nr_t

Definition at line 224 of file types.h.

typedef __u32 rsbac_jail_flags_t

Definition at line 407 of file types.h.

typedef __u32 rsbac_jail_id_t

Definition at line 402 of file types.h.

typedef __u32 rsbac_jail_ip_t

Definition at line 404 of file types.h.

typedef __u32 rsbac_jail_scd_vector_t

Definition at line 405 of file types.h.

typedef rsbac_enum_t rsbac_linux_dac_disable_int_t

Definition at line 227 of file types.h.

typedef __u32 rsbac_list_ta_number_t

Definition at line 36 of file types.h.

typedef __u64 rsbac_log_array_t

Definition at line 279 of file types.h.

typedef rsbac_enum_t rsbac_mac_auto_int_t

Definition at line 319 of file types.h.

typedef __u64 rsbac_mac_category_vector_t

Definition at line 177 of file types.h.

typedef __u8 rsbac_mac_file_flags_t

Definition at line 294 of file types.h.

typedef struct rsbac_fs_file_t rsbac_mac_file_t

Definition at line 295 of file types.h.

typedef __u16 rsbac_mac_process_flags_t

Definition at line 293 of file types.h.

typedef __u8 rsbac_mac_user_flags_t

Definition at line 292 of file types.h.

typedef void* rsbac_net_obj_id_t

Definition at line 468 of file types.h.

typedef u_char rsbac_netdev_id_t[RSBAC_IFNAMSIZ+1]

Definition at line 131 of file types.h.

typedef __u16 rsbac_old_gid_t

Definition at line 32 of file types.h.

typedef __u16 rsbac_old_uid_t

Definition at line 31 of file types.h.

typedef unsigned long rsbac_pax_flags_t

Definition at line 423 of file types.h.

typedef __u32 rsbac_pid_t

Definition at line 163 of file types.h.

typedef __u32 rsbac_pseudo_t

Definition at line 162 of file types.h.

typedef __s32 rsbac_reg_handle_t

Definition at line 456 of file types.h.

typedef __u64 rsbac_request_vector_t

Definition at line 282 of file types.h.

typedef rsbac_res_limit_t rsbac_res_array_t[RSBAC_RES_MAX+1]

Definition at line 453 of file types.h.

typedef __u32 rsbac_res_limit_t

Definition at line 447 of file types.h.

typedef __u32 rsbac_scd_vector_t

Definition at line 212 of file types.h.

typedef __u8 rsbac_security_level_t

Definition at line 167 of file types.h.

typedef rsbac_enum_t rsbac_switch_target_int_t

Definition at line 553 of file types.h.

typedef rsbac_enum_t rsbac_system_role_int_t

Definition at line 197 of file types.h.

typedef __u32 rsbac_ta_number_t

Definition at line 165 of file types.h.

typedef __u32 rsbac_time_t

Definition at line 33 of file types.h.

typedef __u32 rsbac_uid_t

Definition at line 29 of file types.h.

typedef __u32 rsbac_version_t

Definition at line 28 of file types.h.

Enumeration Type Documentation

enum rsbac_adf_req_ret_t

Enumeration values:

NOT_GRANTED

GRANTED

DO_NOT_CARE

UNDEFINED

Definition at line 543 of file types.h.
00543 {NOT_GRANTED,GRANTED,DO_NOT_CARE,UNDEFINED};

enum rsbac_adf_request_t

Enumeration values:

R_ADD_TO_KERNEL

R_ALTER

R_APPEND_OPEN

R_CHANGE_GROUP

R_CHANGE_OWNER

R_CHDIR

R_CLONE

R_CLOSE

R_CREATE

R_DELETE

R_EXECUTE

R_GET_PERMISSIONS_DATA

R_GET_STATUS_DATA

R_LINK_HARD

R_MODIFY_ACCESS_DATA

R_MODIFY_ATTRIBUTE

R_MODIFY_PERMISSIONS_DATA

R_MODIFY_SYSTEM_DATA

R_MOUNT

R_READ

R_READ_ATTRIBUTE

R_READ_WRITE_OPEN

R_READ_OPEN

R_REMOVE_FROM_KERNEL

R_RENAME

R_SEARCH

R_SEND_SIGNAL

R_SHUTDOWN

R_SWITCH_LOG

R_SWITCH_MODULE

R_TERMINATE

R_TRACE

R_TRUNCATE

R_UMOUNT

R_WRITE

R_WRITE_OPEN

R_MAP_EXEC

R_BIND

R_LISTEN

R_ACCEPT

R_CONNECT

R_SEND

R_RECEIVE

R_NET_SHUTDOWN

R_CHANGE_DAC_EFF_OWNER

R_CHANGE_DAC_FS_OWNER

R_CHANGE_DAC_EFF_GROUP

R_CHANGE_DAC_FS_GROUP

R_IOCTL

R_LOCK

R_NONE

Definition at line 482 of file types.h.
00482 { 00483 R_ADD_TO_KERNEL, 00484 R_ALTER, 00485 R_APPEND_OPEN, 00486 R_CHANGE_GROUP, 00487 R_CHANGE_OWNER, 00488 R_CHDIR, 00489 R_CLONE, 00490 R_CLOSE, 00491 R_CREATE, 00492 R_DELETE, 00493 R_EXECUTE, 00494 R_GET_PERMISSIONS_DATA, 00495 R_GET_STATUS_DATA, 00496 R_LINK_HARD, 00497 R_MODIFY_ACCESS_DATA, 00498 R_MODIFY_ATTRIBUTE, 00499 R_MODIFY_PERMISSIONS_DATA, 00500 R_MODIFY_SYSTEM_DATA, 00501 R_MOUNT, 00502 R_READ, 00503 R_READ_ATTRIBUTE, 00504 R_READ_WRITE_OPEN, 00505 R_READ_OPEN, 00506 R_REMOVE_FROM_KERNEL, 00507 R_RENAME, 00508 R_SEARCH, 00509 R_SEND_SIGNAL, 00510 R_SHUTDOWN, 00511 R_SWITCH_LOG, 00512 R_SWITCH_MODULE, 00513 R_TERMINATE, 00514 R_TRACE, 00515 R_TRUNCATE, 00516 R_UMOUNT, 00517 R_WRITE, 00518 R_WRITE_OPEN, 00519 R_MAP_EXEC, 00520 R_BIND, 00521 R_LISTEN, 00522 R_ACCEPT, 00523 R_CONNECT, 00524 R_SEND, 00525 R_RECEIVE, 00526 R_NET_SHUTDOWN, 00527 R_CHANGE_DAC_EFF_OWNER, 00528 R_CHANGE_DAC_FS_OWNER, 00529 R_CHANGE_DAC_EFF_GROUP, 00530 R_CHANGE_DAC_FS_GROUP, 00531 R_IOCTL, 00532 R_LOCK, 00533 R_NONE 00534 };

enum rsbac_attribute_t

Enumeration values:

A_pseudo

A_security_level

A_initial_security_level

A_local_sec_level

A_remote_sec_level

A_min_security_level

A_mac_categories

A_mac_initial_categories

A_local_mac_categories

A_remote_mac_categories

A_mac_min_categories

A_mac_user_flags

A_mac_process_flags

A_mac_file_flags

A_system_role

A_mac_role

A_daz_role

A_ff_role

A_auth_role

A_cap_role

A_jail_role

A_pax_role

A_current_sec_level

A_mac_curr_categories

A_min_write_open

A_min_write_categories

A_max_read_open

A_max_read_categories

A_mac_auto

A_mac_check

A_mac_prop_trusted

A_pm_role

A_pm_process_type

A_pm_current_task

A_pm_object_class

A_local_pm_object_class

A_remote_pm_object_class

A_pm_ipc_purpose

A_local_pm_ipc_purpose

A_remote_pm_ipc_purpose

A_pm_object_type

A_local_pm_object_type

A_remote_pm_object_type

A_pm_program_type

A_pm_tp

A_pm_task_set

A_daz_scanned

A_daz_scanner

A_ff_flags

A_rc_type

A_local_rc_type

A_remote_rc_type

A_rc_type_fd

A_rc_type_nt

A_rc_force_role

A_rc_initial_role

A_rc_role

A_rc_def_role

A_auth_may_setuid

A_auth_may_set_cap

A_auth_learn

A_min_caps

A_max_caps

A_max_caps_user

A_max_caps_program

A_jail_id

A_jail_ip

A_jail_flags

A_jail_max_caps

A_jail_scd_get

A_jail_scd_modify

A_pax_flags

A_res_role

A_res_min

A_res_max

A_log_array_low

A_local_log_array_low

A_remote_log_array_low

A_log_array_high

A_local_log_array_high

A_remote_log_array_high

A_log_program_based

A_log_user_based

A_symlink_add_remote_ip

A_symlink_add_uid

A_symlink_add_mac_level

A_symlink_add_rc_role

A_linux_dac_disable

A_cap_process_hiding

A_fake_root_uid

A_audit_uid

A_auid_exempt

A_auth_last_auth

A_remote_ip

A_none

Definition at line 599 of file types.h.
00600 { 00601 A_pseudo, 00602 A_security_level, 00603 A_initial_security_level, 00604 A_local_sec_level, 00605 A_remote_sec_level, 00606 A_min_security_level, 00607 A_mac_categories, 00608 A_mac_initial_categories, 00609 A_local_mac_categories, 00610 A_remote_mac_categories, 00611 A_mac_min_categories, 00612 A_mac_user_flags, 00613 A_mac_process_flags, 00614 A_mac_file_flags, 00615 A_system_role, 00616 A_mac_role, 00617 A_daz_role, 00618 A_ff_role, 00619 A_auth_role, 00620 A_cap_role, 00621 A_jail_role, 00622 A_pax_role, 00623 A_current_sec_level, 00624 A_mac_curr_categories, 00625 A_min_write_open, 00626 A_min_write_categories, 00627 A_max_read_open, 00628 A_max_read_categories, 00629 A_mac_auto, 00630 A_mac_check, 00631 A_mac_prop_trusted, 00632 A_pm_role, 00633 A_pm_process_type, 00634 A_pm_current_task, 00635 A_pm_object_class, 00636 A_local_pm_object_class, 00637 A_remote_pm_object_class, 00638 A_pm_ipc_purpose, 00639 A_local_pm_ipc_purpose, 00640 A_remote_pm_ipc_purpose, 00641 A_pm_object_type, 00642 A_local_pm_object_type, 00643 A_remote_pm_object_type, 00644 A_pm_program_type, 00645 A_pm_tp, 00646 A_pm_task_set, 00647 A_daz_scanned, 00648 A_daz_scanner, 00649 A_ff_flags, 00650 A_rc_type, 00651 A_local_rc_type, 00652 A_remote_rc_type, 00653 A_rc_type_fd, 00654 A_rc_type_nt, 00655 A_rc_force_role, 00656 A_rc_initial_role, 00657 A_rc_role, 00658 A_rc_def_role, 00659 A_auth_may_setuid, 00660 A_auth_may_set_cap, 00661 A_auth_learn, 00662 A_min_caps, 00663 A_max_caps, 00664 A_max_caps_user, 00665 A_max_caps_program, 00666 A_jail_id, 00667 A_jail_ip, 00668 A_jail_flags, 00669 A_jail_max_caps, 00670 A_jail_scd_get, 00671 A_jail_scd_modify, 00672 A_pax_flags, 00673 A_res_role, 00674 A_res_min, 00675 A_res_max, 00676 A_log_array_low, 00677 A_local_log_array_low, 00678 A_remote_log_array_low, 00679 A_log_array_high, 00680 A_local_log_array_high, 00681 A_remote_log_array_high, 00682 A_log_program_based, 00683 A_log_user_based, 00684 A_symlink_add_remote_ip, 00685 A_symlink_add_uid, 00686 A_symlink_add_mac_level, 00687 A_symlink_add_rc_role, 00688 A_linux_dac_disable, 00689 A_cap_process_hiding, 00690 A_fake_root_uid, 00691 A_audit_uid, 00692 A_auid_exempt, 00693 A_auth_last_auth, 00694 A_remote_ip, 00695 #ifdef __KERNEL__ 00696 /* adf-request helpers */ 00697 A_owner, 00698 A_group, 00699 A_signal, 00700 A_mode, 00701 A_nlink, 00702 A_switch_target, 00703 A_mod_name, 00704 A_request, 00705 A_trace_request, 00706 A_auth_add_f_cap, 00707 A_auth_remove_f_cap, 00708 A_auth_get_caplist, 00709 A_prot_bits, 00710 A_internal, 00711 /* used with CREATE on DIR */ 00712 A_create_data, 00713 A_new_object, 00714 A_rlimit, 00715 A_new_dir_dentry_p, 00716 A_auth_program_file, 00717 A_auth_start_uid, 00718 A_auth_start_euid, 00719 A_auth_start_gid, 00720 A_auth_start_egid, 00721 A_acl_learn, 00722 A_priority, 00723 A_pgid, 00724 A_kernel_thread, 00725 A_open_flag, 00726 A_reboot_cmd, 00727 A_setsockopt_level, 00728 A_ioctl_cmd, 00729 A_f_mode, 00730 #endif 00731 A_none};

enum rsbac_auth_cap_type_t

Enumeration values:

ACT_real

ACT_eff

ACT_fs

ACT_group_real

ACT_group_eff

ACT_group_fs

ACT_none

Definition at line 373 of file types.h.
00373 {ACT_real, ACT_eff, ACT_fs, 00374 ACT_group_real, ACT_group_eff, ACT_group_fs, 00375 ACT_none};

enum rsbac_auth_may_setuid_t

Enumeration values:

AMS_off

AMS_full

AMS_last_auth_only

AMS_last_auth_and_gid

AMS_none

Definition at line 378 of file types.h.
00378 {AMS_off, AMS_full, AMS_last_auth_only, 00379 AMS_last_auth_and_gid, AMS_none};

enum rsbac_cap_process_hiding_t

Enumeration values:

PH_off

PH_from_other_users

PH_full

PH_none

Definition at line 387 of file types.h.
00387 {PH_off, PH_from_other_users, PH_full, 00388 PH_none};

enum rsbac_dev_type_t

Enumeration values:

D_block

D_char

D_block_major

D_char_major

D_none

Definition at line 215 of file types.h.
00215 {D_block, D_char, D_block_major, D_char_major, D_none};

enum rsbac_fake_root_uid_t

Enumeration values:

FR_off

FR_uid_only

FR_euid_only

FR_both

FR_none

Definition at line 200 of file types.h.
00200 {FR_off, FR_uid_only, FR_euid_only, FR_both, 00201 FR_none};

enum rsbac_ipc_type_t

Enumeration values:

I_sem

I_msg

I_shm

I_anonpipe

I_mqueue

I_none

Definition at line 218 of file types.h.
00218 {I_sem, I_msg, I_shm, I_anonpipe, I_mqueue, I_none};

enum rsbac_linux_dac_disable_t

Enumeration values:

LDD_false

LDD_true

LDD_inherit

LDD_none

Definition at line 226 of file types.h.
00226 {LDD_false, LDD_true, LDD_inherit, LDD_none};

enum rsbac_log_level_t

Enumeration values:

LL_none

LL_denied

LL_full

LL_request

LL_invalid

Definition at line 278 of file types.h.
00278 {LL_none, LL_denied, LL_full, LL_request, LL_invalid};

enum rsbac_mac_auto_t

Enumeration values:

MA_no

MA_yes

MA_inherit

Definition at line 320 of file types.h.
00320 {MA_no, MA_yes, MA_inherit};

enum rsbac_old_security_level_t

Enumeration values:

SL_unclassified

SL_confidential

SL_secret

SL_top_secret

SL_old_rsbac_internal

SL_old_inherit

SL_old_none

Definition at line 173 of file types.h.
00173 {SL_unclassified, SL_confidential, SL_secret, 00174 SL_top_secret, SL_old_rsbac_internal, 00175 SL_old_inherit, SL_old_none};

enum rsbac_scd_type_t

Enumeration values:

ST_time_strucs

ST_clock

ST_host_id

ST_net_id

ST_ioports

ST_rlimit

ST_swap

ST_syslog

ST_rsbac

ST_rsbaclog

ST_other

ST_kmem

ST_network

ST_firewall

ST_priority

ST_sysfs

ST_rsbac_remote_log

ST_quota

ST_sysctl

ST_nfsd

ST_ksyms

ST_mlock

ST_capability

ST_none

Definition at line 204 of file types.h.
00204 {ST_time_strucs, ST_clock, ST_host_id, 00205 ST_net_id, ST_ioports, ST_rlimit, 00206 ST_swap, ST_syslog, ST_rsbac, ST_rsbaclog, 00207 ST_other, ST_kmem, ST_network, ST_firewall, 00208 ST_priority, ST_sysfs, ST_rsbac_remote_log, 00209 ST_quota, ST_sysctl, ST_nfsd, ST_ksyms, 00210 ST_mlock, ST_capability, ST_none};

enum rsbac_switch_target_t

Enumeration values:

GEN

MAC

PM

DAZ

FF

RC

AUTH

REG

ACL

CAP

JAIL

RES

PAX

SOFTMODE

DAC_DISABLE

UM

FREEZE

SW_NONE

Definition at line 550 of file types.h.
00550 {GEN,MAC,PM,DAZ,FF,RC,AUTH,REG,ACL,CAP,JAIL, 00551 RES,PAX,SOFTMODE,DAC_DISABLE,UM,FREEZE,SW_NONE};

enum rsbac_system_role_t

Enumeration values:

SR_user

SR_security_officer

SR_administrator

SR_auditor

SR_none

Definition at line 195 of file types.h.
00195 {SR_user, SR_security_officer, SR_administrator, 00196 SR_auditor, SR_none};

enum rsbac_target_t

Enumeration values:

T_FILE

T_DIR

T_FIFO

T_SYMLINK

T_DEV

T_IPC

T_SCD

T_USER

T_PROCESS

T_NETDEV

T_NETTEMP

T_NETOBJ

T_NETTEMP_NT

T_GROUP

T_FD

T_NONE

Definition at line 561 of file types.h.
00561 {T_FILE, T_DIR, T_FIFO, T_SYMLINK, T_DEV, T_IPC, T_SCD, T_USER, T_PROCESS, 00562 T_NETDEV, T_NETTEMP, T_NETOBJ, T_NETTEMP_NT, T_GROUP, 00563 T_FD, 00564 T_NONE};

Function Documentation

static struct rsbac_dev_desc_t rsbac_mkdev_desc ( __u32 type,

__u32 major,

__u32 minor

) [inline, static]

Definition at line 255 of file types.h.
References rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, and rsbac_dev_desc_t::type.
00256 { 00257 struct rsbac_dev_desc_t dev_desc; 00258 00259 dev_desc.type = type; 00260 dev_desc.major = major; 00261 dev_desc.minor = minor; 00262 return dev_desc; 00263 }

Generated on Sun May 21 14:31:00 2006 for RSBAC by

1.4.2


Defines
#define	RSBAC_VERSION "1.2.6"
#define	RSBAC_VERSION_MAJOR 1
#define	RSBAC_VERSION_MID 2
#define	RSBAC_VERSION_MINOR 6
#define	RSBAC_VERSION_NR ((RSBAC_VERSION_MAJOR << 16) \| (RSBAC_VERSION_MID << 8) \| RSBAC_VERSION_MINOR)
#define	RSBAC_VERSION_MAKE_NR(x, y, z) ((x << 16) & (y << 8) & z)
#define	NULL ((void *) 0)
#define	rsbac_min(a, b) (((a)<(b))?(a):(b))
#define	rsbac_max(a, b) (((a)>(b))?(a):(b))
#define	RSBAC_OLD_NO_USER 65533
#define	RSBAC_OLD_ALL_USERS 65532
#define	RSBAC_NO_USER ((rsbac_uid_t) -3)
#define	RSBAC_ALL_USERS ((rsbac_uid_t) -4)
#define	RSBAC_NO_GROUP ((rsbac_gid_t) -3)
#define	RSBAC_ALL_GROUPS ((rsbac_gid_t) -4)
#define	FALSE 0
#define	TRUE 1
#define	RSBAC_IFNAMSIZ 16
#define	RSBAC_SEC_DEL_CHUNK_SIZE 65536
#define	RSBAC_AUTH_LOGIN_PATH "/bin/login"
#define	RSBAC_AUTH_LOGIN_PATH_DIR "bin"
#define	RSBAC_AUTH_LOGIN_PATH_FILE "login"
#define	RSBAC_LIST_TTL_KEEP ((rsbac_time_t) -1)
#define	RSBAC_SYSADM_UID 0
#define	RSBAC_BIN_UID 1
#define	RSBAC_SECOFF_UID 400
#define	RSBAC_DATAPROT_UID (RSBAC_SECOFF_UID+1)
#define	RSBAC_TPMAN_UID (RSBAC_SECOFF_UID+2)
#define	RSBAC_AUDITOR_UID (RSBAC_SECOFF_UID+4)
#define	SL_max 252
#define	SL_min 0
#define	SL_inherit 254
#define	SL_none 255
#define	RSBAC_MAC_GENERAL_CATEGORY 0
#define	RSBAC_MAC_DEF_CAT_VECTOR ((rsbac_mac_category_vector_t) 1)
#define	RSBAC_MAC_MAX_CAT_VECTOR ((rsbac_mac_category_vector_t) -1)
#define	RSBAC_MAC_MIN_CAT_VECTOR ((rsbac_mac_category_vector_t) 0)
#define	RSBAC_MAC_INHERIT_CAT_VECTOR ((rsbac_mac_category_vector_t) 0)
#define	RSBAC_MAC_NR_CATS 64
#define	RSBAC_MAC_MAX_CAT 63
#define	RSBAC_MAC_CAT_VECTOR(x) ((rsbac_mac_category_vector_t) 1 << (x))
#define	RSBAC_SCD_VECTOR(x) ((rsbac_scd_vector_t) 1 << (x))
#define	RSBAC_ZERO_DEV_DESC rsbac_mkdev_desc(D_none, 0, 0)
#define	RSBAC_AUTO_DEV_DESC rsbac_mkdev_desc(D_none, 99, 99)
#define	RSBAC_IS_ZERO_DEV_DESC(dev) ((dev.type == D_none) && !dev.major && !dev.minor)
#define	RSBAC_IS_AUTO_DEV_DESC(dev) ((dev.type == D_none) && (dev.major == 99) && (dev.minor == 99))
#define	RSBAC_REQUEST_VECTOR(x) ((rsbac_request_vector_t) 1 << (x))
#define	RSBAC_MAXNAMELEN 256
#define	RSBAC_LIST_TA_MAX_PASSLEN 36
#define	RSBAC_MAC_MAX_MAXNUM 1000000
#define	MAC_override 1
#define	MAC_auto 2
#define	MAC_trusted 4
#define	MAC_write_up 8
#define	MAC_read_up 16
#define	MAC_write_down 32
#define	MAC_allow_auto 64
#define	MAC_prop_trusted 128
#define	MAC_program_auto 256
#define	RSBAC_MAC_U_FLAGS (MAC_override \| MAC_trusted \| MAC_write_up \| MAC_read_up \| MAC_write_down \| MAC_allow_auto)
#define	RSBAC_MAC_P_FLAGS (MAC_override \| MAC_auto \| MAC_trusted \| MAC_write_up \| MAC_read_up \| MAC_write_down \| MAC_prop_trusted \| MAC_program_auto)
#define	RSBAC_MAC_F_FLAGS (MAC_auto \| MAC_trusted \| MAC_write_up \| MAC_read_up \| MAC_write_down)
#define	RSBAC_MAC_DEF_U_FLAGS 0
#define	RSBAC_MAC_DEF_SYSADM_U_FLAGS MAC_allow_auto
#define	RSBAC_MAC_DEF_SECOFF_U_FLAGS MAC_override
#define	RSBAC_MAC_DEF_P_FLAGS 0
#define	RSBAC_MAC_DEF_INIT_P_FLAGS MAC_auto
#define	DAZ_unscanned 0
#define	DAZ_infected 1
#define	DAZ_clean 2
#define	DAZ_max 2
#define	DEFAULT_DAZ_FD_SCANNED DAZ_unscanned
#define	FF_read_only 1
#define	FF_execute_only 2
#define	FF_search_only 4
#define	FF_write_only 8
#define	FF_secure_delete 16
#define	FF_no_execute 32
#define	FF_no_delete_or_rename 64
#define	FF_append_only 256
#define	FF_no_mount 512
#define	FF_add_inherited 128
#define	RSBAC_FF_DEF FF_add_inherited
#define	RSBAC_FF_ROOT_DEF 0
#define	RSBAC_AUTH_MAX_MAXNUM 1000000
#define	RSBAC_AUTH_OLD_OWNER_F_CAP (rsbac_old_uid_t) -3
#define	RSBAC_AUTH_OWNER_F_CAP ((rsbac_uid_t) -3)
#define	RSBAC_AUTH_DAC_OWNER_F_CAP ((rsbac_uid_t) -4)
#define	RSBAC_AUTH_MAX_RANGE_UID ((rsbac_uid_t) -10)
#define	RSBAC_AUTH_GROUP_F_CAP ((rsbac_gid_t) -3)
#define	RSBAC_AUTH_DAC_GROUP_F_CAP ((rsbac_gid_t) -4)
#define	RSBAC_AUTH_MAX_RANGE_GID ((rsbac_gid_t) -10)
#define	RSBAC_CAP_DEFAULT_MIN ((rsbac_cap_vector_t) 0)
#define	RSBAC_CAP_DEFAULT_MAX ((rsbac_cap_vector_t) -1)
#define	CAP_NONE 29
#define	RSBAC_CAP_MAX CAP_NONE
#define	RSBAC_JAIL_VERSION 1
#define	RSBAC_JAIL_DEF_ID 0
#define	JAIL_allow_external_ipc 1
#define	JAIL_allow_all_net_family 2
#define	JAIL_allow_inet_raw 8
#define	JAIL_auto_adjust_inet_any 16
#define	JAIL_allow_inet_localhost 32
#define	JAIL_allow_dev_get_status 128
#define	JAIL_allow_dev_mod_system 256
#define	JAIL_allow_dev_read 512
#define	JAIL_allow_dev_write 1024
#define	JAIL_allow_tty_open 2048
#define	RSBAC_JAIL_LOCALHOST ((1 << 24) \| 127)
#define	PF_PAX_PAGEEXEC 0x01000000
#define	PF_PAX_EMUTRAMP 0x02000000
#define	PF_PAX_MPROTECT 0x04000000
#define	PF_PAX_RANDMMAP 0x08000000
#define	PF_PAX_RANDEXEC 0x10000000
#define	PF_PAX_SEGMEXEC 0x20000000
#define	RSBAC_PAX_DEF_FLAGS (PF_PAX_SEGMEXEC \| PF_PAX_PAGEEXEC \| PF_PAX_MPROTECT \| PF_PAX_RANDMMAP)
#define	RSBAC_PAX_ALL_FLAGS ((rsbac_pax_flags_t) 255 << 24)
#define	RSBAC_RES_UNSET 0
#define	RSBAC_RES_MAX 10
#define	RSBAC_RES_NONE 11
#define	RSBAC_ADF_REQUEST_ARRAY_VERSION 2
#define	RSBAC_MAX_MOD (SOFTMODE - 1)
Typedefs
typedef __u32	rsbac_version_t
typedef __u32	rsbac_uid_t
typedef __u32	rsbac_gid_t
typedef __u16	rsbac_old_uid_t
typedef __u16	rsbac_old_gid_t
typedef __u32	rsbac_time_t
typedef __u32	rsbac_cap_vector_t
typedef __u32	rsbac_list_ta_number_t
typedef u_int	rsbac_boolean_t
typedef __u8	rsbac_boolean_int_t
typedef u_char	rsbac_netdev_id_t [RSBAC_IFNAMSIZ+1]
typedef __u8	rsbac_enum_t
typedef __u32	rsbac_pseudo_t
typedef __u32	rsbac_pid_t
typedef __u32	rsbac_ta_number_t
typedef __u8	rsbac_security_level_t
typedef __u64	rsbac_mac_category_vector_t
typedef u_int	rsbac_cwi_relation_id_t
typedef rsbac_enum_t	rsbac_system_role_int_t
typedef rsbac_enum_t	rsbac_fake_root_uid_int_t
typedef __u32	rsbac_scd_vector_t
typedef __u32	rsbac_inode_nr_t
typedef rsbac_enum_t	rsbac_linux_dac_disable_int_t
typedef __u64	rsbac_log_array_t
typedef __u64	rsbac_request_vector_t
typedef __u8	rsbac_mac_user_flags_t
typedef __u16	rsbac_mac_process_flags_t
typedef __u8	rsbac_mac_file_flags_t
typedef rsbac_fs_file_t	rsbac_mac_file_t
typedef rsbac_enum_t	rsbac_mac_auto_int_t
typedef __u8	rsbac_daz_scanned_t
typedef __u8	rsbac_daz_scanner_t
typedef __u16	rsbac_ff_flags_t
typedef rsbac_fs_file_t	rsbac_auth_file_t
typedef rsbac_enum_t	rsbac_auth_cap_type_int_t
typedef rsbac_enum_t	rsbac_auth_may_setuid_int_t
typedef rsbac_enum_t	rsbac_cap_process_hiding_int_t
typedef __u32	rsbac_jail_id_t
typedef __u32	rsbac_jail_ip_t
typedef __u32	rsbac_jail_scd_vector_t
typedef __u32	rsbac_jail_flags_t
typedef unsigned long	rsbac_pax_flags_t
typedef __u32	rsbac_res_limit_t
typedef rsbac_res_limit_t	rsbac_res_array_t [RSBAC_RES_MAX+1]
typedef __s32	rsbac_reg_handle_t
typedef void *	rsbac_net_obj_id_t
typedef rsbac_enum_t	rsbac_adf_request_int_t
typedef rsbac_enum_t	rsbac_switch_target_int_t
Enumerations
enum	rsbac_old_security_level_t { SL_unclassified, SL_confidential, SL_secret, SL_top_secret, SL_old_rsbac_internal, SL_old_inherit, SL_old_none }
enum	rsbac_system_role_t { SR_user, SR_security_officer, SR_administrator, SR_auditor, SR_none }
enum	rsbac_fake_root_uid_t { FR_off, FR_uid_only, FR_euid_only, FR_both, FR_none }
enum	rsbac_scd_type_t { ST_time_strucs, ST_clock, ST_host_id, ST_net_id, ST_ioports, ST_rlimit, ST_swap, ST_syslog, ST_rsbac, ST_rsbaclog, ST_other, ST_kmem, ST_network, ST_firewall, ST_priority, ST_sysfs, ST_rsbac_remote_log, ST_quota, ST_sysctl, ST_nfsd, ST_ksyms, ST_mlock, ST_capability, ST_none }
enum	rsbac_dev_type_t { D_block, D_char, D_block_major, D_char_major, D_none }
enum	rsbac_ipc_type_t { I_sem, I_msg, I_shm, I_anonpipe, I_mqueue, I_none }
enum	rsbac_linux_dac_disable_t { LDD_false, LDD_true, LDD_inherit, LDD_none }
enum	rsbac_log_level_t { LL_none, LL_denied, LL_full, LL_request, LL_invalid }
enum	rsbac_mac_auto_t { MA_no, MA_yes, MA_inherit }
enum	rsbac_auth_cap_type_t { ACT_real, ACT_eff, ACT_fs, ACT_group_real, ACT_group_eff, ACT_group_fs, ACT_none }
enum	rsbac_auth_may_setuid_t { AMS_off, AMS_full, AMS_last_auth_only, AMS_last_auth_and_gid, AMS_none }
enum	rsbac_cap_process_hiding_t { PH_off, PH_from_other_users, PH_full, PH_none }
enum	rsbac_adf_request_t { R_ADD_TO_KERNEL, R_ALTER, R_APPEND_OPEN, R_CHANGE_GROUP, R_CHANGE_OWNER, R_CHDIR, R_CLONE, R_CLOSE, R_CREATE, R_DELETE, R_EXECUTE, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_LINK_HARD, R_MODIFY_ACCESS_DATA, R_MODIFY_ATTRIBUTE, R_MODIFY_PERMISSIONS_DATA, R_MODIFY_SYSTEM_DATA, R_MOUNT, R_READ, R_READ_ATTRIBUTE, R_READ_WRITE_OPEN, R_READ_OPEN, R_REMOVE_FROM_KERNEL, R_RENAME, R_SEARCH, R_SEND_SIGNAL, R_SHUTDOWN, R_SWITCH_LOG, R_SWITCH_MODULE, R_TERMINATE, R_TRACE, R_TRUNCATE, R_UMOUNT, R_WRITE, R_WRITE_OPEN, R_MAP_EXEC, R_BIND, R_LISTEN, R_ACCEPT, R_CONNECT, R_SEND, R_RECEIVE, R_NET_SHUTDOWN, R_CHANGE_DAC_EFF_OWNER, R_CHANGE_DAC_FS_OWNER, R_CHANGE_DAC_EFF_GROUP, R_CHANGE_DAC_FS_GROUP, R_IOCTL, R_LOCK, R_NONE }
enum	rsbac_adf_req_ret_t { NOT_GRANTED, GRANTED, DO_NOT_CARE, UNDEFINED }
enum	rsbac_switch_target_t { GEN, MAC, PM, DAZ, FF, RC, AUTH, REG, ACL, CAP, JAIL, RES, PAX, SOFTMODE, DAC_DISABLE, UM, FREEZE, SW_NONE }
enum	rsbac_target_t { T_FILE, T_DIR, T_FIFO, T_SYMLINK, T_DEV, T_IPC, T_SCD, T_USER, T_PROCESS, T_NETDEV, T_NETTEMP, T_NETOBJ, T_NETTEMP_NT, T_GROUP, T_FD, T_NONE }
enum	rsbac_attribute_t { A_pseudo, A_security_level, A_initial_security_level, A_local_sec_level, A_remote_sec_level, A_min_security_level, A_mac_categories, A_mac_initial_categories, A_local_mac_categories, A_remote_mac_categories, A_mac_min_categories, A_mac_user_flags, A_mac_process_flags, A_mac_file_flags, A_system_role, A_mac_role, A_daz_role, A_ff_role, A_auth_role, A_cap_role, A_jail_role, A_pax_role, A_current_sec_level, A_mac_curr_categories, A_min_write_open, A_min_write_categories, A_max_read_open, A_max_read_categories, A_mac_auto, A_mac_check, A_mac_prop_trusted, A_pm_role, A_pm_process_type, A_pm_current_task, A_pm_object_class, A_local_pm_object_class, A_remote_pm_object_class, A_pm_ipc_purpose, A_local_pm_ipc_purpose, A_remote_pm_ipc_purpose, A_pm_object_type, A_local_pm_object_type, A_remote_pm_object_type, A_pm_program_type, A_pm_tp, A_pm_task_set, A_daz_scanned, A_daz_scanner, A_ff_flags, A_rc_type, A_local_rc_type, A_remote_rc_type, A_rc_type_fd, A_rc_type_nt, A_rc_force_role, A_rc_initial_role, A_rc_role, A_rc_def_role, A_auth_may_setuid, A_auth_may_set_cap, A_auth_learn, A_min_caps, A_max_caps, A_max_caps_user, A_max_caps_program, A_jail_id, A_jail_ip, A_jail_flags, A_jail_max_caps, A_jail_scd_get, A_jail_scd_modify, A_pax_flags, A_res_role, A_res_min, A_res_max, A_log_array_low, A_local_log_array_low, A_remote_log_array_low, A_log_array_high, A_local_log_array_high, A_remote_log_array_high, A_log_program_based, A_log_user_based, A_symlink_add_remote_ip, A_symlink_add_uid, A_symlink_add_mac_level, A_symlink_add_rc_role, A_linux_dac_disable, A_cap_process_hiding, A_fake_root_uid, A_audit_uid, A_auid_exempt, A_auth_last_auth, A_remote_ip, A_none }
Functions
static struct rsbac_dev_desc_t	rsbac_mkdev_desc (__u32 type, __u32 major, __u32 minor)

types.h File Reference

Defines

Typedefs

Enumerations

Functions

Define Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation