/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/mac.h

Go to the documentation of this file.
00001 /************************************ */ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2004: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* API: Data structures */ 00006 /* and functions for Access */ 00007 /* Control Information / MAC */ 00008 /* Last modified: 14/Apr/2004 */ 00009 /************************************ */ 00010 00011 #ifndef __RSBAC_MAC_H 00012 #define __RSBAC_MAC_H 00013 00014 #include <linux/init.h> 00015 #include <rsbac/types.h> 00016 00017 /***************************************************/ 00018 /* General Prototypes */ 00019 /***************************************************/ 00020 00021 /* All functions return 0, if no error occurred, and a negative error code */ 00022 /* otherwise. The error codes are defined in rsbac_error.h. */ 00023 00024 /****************************************************************************/ 00025 /* Initialization, including ACI restoration for all mounted devices from */ 00026 /* disk. After this call, all ACI is kept in memory for performance reasons,*/ 00027 /* but user and file/dir object ACI are written to disk on every change. */ 00028 00029 #ifdef CONFIG_RSBAC_INIT_DELAY 00030 extern int rsbac_init_mac(void); 00031 #else 00032 extern int rsbac_init_mac(void) __init; 00033 #endif 00034 00035 /* mounting and umounting */ 00036 int rsbac_mount_mac(kdev_t kdev); 00037 int rsbac_umount_mac(kdev_t kdev); 00038 00039 /* Some information about the current status is also available */ 00040 extern int rsbac_stats_mac(void); 00041 00042 /* Status checking */ 00043 extern int rsbac_check_mac(int correct, int check_inode); 00044 00045 /* RSBAC attribute saving to disk can be triggered from outside 00046 * param: call lock_kernel() before writing? 00047 */ 00048 #if defined(CONFIG_RSBAC_MAINT) || defined(CONFIG_RSBAC_AUTO_WRITE) 00049 extern int rsbac_write_mac(boolean); 00050 #endif /* CONFIG_RSBAC_AUTO_WRITE */ 00051 00052 /************************************************* */ 00053 /* Access functions */ 00054 /************************************************* */ 00055 00056 /* All these procedures handle the semaphores to protect the targets during */ 00057 /* access. */ 00058 /* Trying to access a never created or removed set returns an error! */ 00059 00060 /* rsbac_mac_add_to_truset */ 00061 /* Add a set member to a set sublist. Set behaviour: also returns success, */ 00062 /* if member was already in set! */ 00063 00064 int rsbac_mac_add_to_p_truset(rsbac_pid_t pid, 00065 rsbac_uid_t member, 00066 rsbac_time_t ttl); 00067 00068 int rsbac_mac_add_to_f_truset(rsbac_mac_file_t file, 00069 rsbac_uid_t member, 00070 rsbac_time_t ttl); 00071 00072 /* rsbac_mac_remove_from_truset */ 00073 /* Remove a set member from a sublist. Set behaviour: Returns no error, if */ 00074 /* member is not in list. */ 00075 00076 int rsbac_mac_remove_from_p_truset(rsbac_pid_t pid, 00077 rsbac_uid_t member); 00078 00079 int rsbac_mac_remove_from_f_truset(rsbac_mac_file_t file, 00080 rsbac_uid_t member); 00081 00082 /* rsbac_mac_clear_truset */ 00083 /* Remove all set members from a sublist. Set behaviour: Returns no error, */ 00084 /* if list is empty. */ 00085 00086 int rsbac_mac_clear_p_truset(rsbac_pid_t pid); 00087 00088 int rsbac_mac_clear_f_truset(rsbac_mac_file_t file); 00089 00090 /* rsbac_mac_truset_member */ 00091 /* Return truth value, whether member is in set */ 00092 00093 boolean rsbac_mac_p_truset_member(rsbac_pid_t pid, 00094 rsbac_uid_t member); 00095 00096 /* rsbac_mac_remove_truset */ 00097 /* Remove a full set. For cleanup, if object is deleted. */ 00098 /* To empty an existing set use rsbac_mac_clear_truset. */ 00099 00100 int rsbac_mac_remove_p_trusets(rsbac_pid_t pid); 00101 00102 int rsbac_mac_remove_f_trusets(rsbac_mac_file_t file); 00103 00104 int rsbac_mac_copy_fp_truset(rsbac_mac_file_t file, 00105 rsbac_pid_t p_tru_set_id); 00106 00107 int rsbac_mac_copy_pp_truset(rsbac_pid_t old_p_set_id, 00108 rsbac_pid_t new_p_set_id); 00109 00110 int rsbac_mac_get_f_trulist(rsbac_mac_file_t file, 00111 rsbac_uid_t **trulist_p, 00112 rsbac_time_t **ttllist_p); 00113 00114 int rsbac_mac_get_p_trulist(rsbac_pid_t pid, 00115 rsbac_uid_t **trulist_p, 00116 rsbac_time_t **ttllist_p); 00117 00118 #endif

Generated on Tue Aug 31 10:05:22 2004 for RSBAC by doxygen 1.3.8