/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/rc_types.h

Go to the documentation of this file.
00001 /************************************ */ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2004: Amon Ott */ 00004 /* API: Data types for */ 00005 /* Role Compatibility Module */ 00006 /* Last modified: 14/Jun/2004 */ 00007 /************************************ */ 00008 00009 #ifndef __RSBAC_RC_TYPES_H 00010 #define __RSBAC_RC_TYPES_H 00011 00012 #include <linux/types.h> 00013 00014 /***** RC *****/ 00015 00016 #define RSBAC_RC_GENERAL_ROLE 0 00017 #define RSBAC_RC_ROLE_ADMIN_ROLE 1 00018 #define RSBAC_RC_SYSTEM_ADMIN_ROLE 2 00019 #define RSBAC_RC_AUDITOR_ROLE 3 00020 #define RSBAC_RC_BOOT_ROLE 999999 00021 #define RSBAC_RC_GENERAL_TYPE 0 00022 #define RSBAC_RC_SEC_TYPE 1 00023 #define RSBAC_RC_SYS_TYPE 2 00024 // #define RSBAC_RC_KERNEL_P_TYPE 999999 00025 00026 #define RSBAC_RC_NAME_LEN 16 00027 #define RSBAC_RC_ALL_REQUESTS ((rsbac_rc_request_vector_t) -1) 00028 00029 #define RSBAC_RC_SPECIAL_RIGHT_BASE 48 00030 00031 enum rsbac_rc_special_rights_t 00032 { RCR_ADMIN = RSBAC_RC_SPECIAL_RIGHT_BASE, 00033 RCR_ASSIGN, 00034 RCR_ACCESS_CONTROL, 00035 RCR_SUPERVISOR, 00036 RCR_MODIFY_AUTH, 00037 RCR_NONE}; 00038 00039 typedef __u64 rsbac_rc_rights_vector_t; 00040 00041 /* backwards compatibility only! */ 00042 typedef __u64 rsbac_rc_role_vector_t; 00043 00044 #define RSBAC_RC_RIGHTS_VECTOR(x) ((rsbac_rc_rights_vector_t) 1 << (x)) 00045 #define RSBAC_RC_ROLE_VECTOR(x) ((rsbac_rc_role_vector_t) 1 << (x)) 00046 #define RSBAC_RC_TYPE_VECTOR(x) ((rsbac_rc_type_vector_t) 1 << (x)) 00047 00048 #define RSBAC_RC_SPECIAL_RIGHTS_VECTOR (\ 00049 RSBAC_RC_RIGHTS_VECTOR(RCR_ADMIN) | \ 00050 RSBAC_RC_RIGHTS_VECTOR(RCR_ASSIGN) | \ 00051 RSBAC_RC_RIGHTS_VECTOR(RCR_ACCESS_CONTROL) | \ 00052 RSBAC_RC_RIGHTS_VECTOR(RCR_SUPERVISOR) | \ 00053 RSBAC_RC_RIGHTS_VECTOR(RCR_MODIFY_AUTH) \ 00054 ) 00055 00056 #define RSBAC_RC_SUPERVISOR_RIGHT_VECTOR (\ 00057 RSBAC_RC_RIGHTS_VECTOR(RCR_SUPERVISOR) | \ 00058 ) 00059 00060 #define RSBAC_RC_ALL_RIGHTS_VECTOR (RSBAC_ALL_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR) 00061 00062 #define RSBAC_RC_DEFAULT_RIGHTS_VECTOR 0 00063 00064 #define RSBAC_RC_GEN_RIGHTS_VECTOR RSBAC_RC_DEFAULT_RIGHTS_VECTOR 00065 00066 typedef __u32 rsbac_rc_role_id_t; 00067 typedef __u32 rsbac_rc_type_id_t; 00068 typedef rsbac_request_vector_t rsbac_rc_request_vector_t; 00069 00070 enum rsbac_rc_admin_type_t {RC_no_admin, RC_role_admin, RC_system_admin, RC_none}; 00071 00072 /* 00073 * System Control Types, including general SCD types 00074 * (start at 32 to allow future SCD types, max is 63) 00075 */ 00076 #define RST_min 32 00077 enum rsbac_rc_scd_type_t {RST_auth_administration = RST_min, 00078 RST_none}; 00079 00080 /* what should always be there to keep system functional */ 00081 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM 00082 #define RSBAC_RC_GENERAL_COMP_SCD { \ 00083 0, \ 00084 0, \ 00085 0, \ 00086 0, \ 00087 /* ST_ioports */ ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA), \ 00088 /* ST_rlimit */ RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \ 00089 /* ST_swap */ 0, \ 00090 /* ST_syslog */ 0, \ 00091 /* ST_rsbac */ 0, \ 00092 /* ST_rsbac_log */ 0, \ 00093 /* ST_other */ ( \ 00094 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ 00095 ), \ 00096 /* ST_kmem */ 0, \ 00097 /* ST_network */ ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \ 00098 /* 13 = ST_none */ 0 \ 00099 } 00100 #else 00101 #define RSBAC_RC_GENERAL_COMP_SCD { \ 00102 0, \ 00103 0, \ 00104 0, \ 00105 0, \ 00106 0, \ 00107 /* ST_rlimit */ RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \ 00108 /* ST_swap */ 0, \ 00109 /* ST_syslog */ 0, \ 00110 /* ST_rsbac */ 0, \ 00111 /* ST_rsbac_log */ 0, \ 00112 /* ST_other */ ( \ 00113 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ 00114 ), \ 00115 /* ST_kmem */ 0, \ 00116 /* ST_network */ ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \ 00117 /* ST_firewall */ 0, \ 00118 /* ST_priority */ 0, \ 00119 /* 15 = ST_none */ 0 \ 00120 } 00121 #endif 00122 00123 #define RSBAC_RC_ROLEADM_COMP_SCD { \ 00124 /* 0 = ST_time_structs */ 0, \ 00125 /* ST_clock */ 0, \ 00126 /* ST_host_id */ 0, \ 00127 /* ST_net_id */ 0, \ 00128 /* ST_ioports */ 0, \ 00129 /* ST_rlimit */ RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \ 00130 /* ST_swap */ 0, \ 00131 /* ST_syslog */ 0, \ 00132 /* ST_rsbac */ RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \ 00133 /* ST_rsbac_log */ RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \ 00134 /* ST_other */ ( \ 00135 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ 00136 | ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \ 00137 | ((rsbac_request_vector_t) 1 << R_SWITCH_LOG) \ 00138 | ((rsbac_request_vector_t) 1 << R_SWITCH_MODULE) \ 00139 ) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \ 00140 /* ST_kmem */ 0, \ 00141 /* ST_network */ ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \ 00142 /* ST_firewall */ ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \ 00143 /* ST_nice */ 0, \ 00144 /* 15 = ST_none */ 0, \ 00145 0, \ 00146 0, \ 00147 0, \ 00148 0, \ 00149 /* 20 */ 0, \ 00150 0, \ 00151 0, \ 00152 0, \ 00153 0, \ 00154 0, \ 00155 0, \ 00156 0, \ 00157 0, \ 00158 0, \ 00159 /* 30 */ 0, \ 00160 0, \ 00161 /* 32 = RST_auth_admin */ RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \ 00162 /* 33 = RST_none */ 0 \ 00163 } 00164 00165 #define RSBAC_RC_SYSADM_COMP_SCD { \ 00166 /* 0 = ST_time_structs */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00167 /* ST_clock */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00168 /* ST_host_id */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00169 /* ST_net_id */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00170 /* ST_ioports */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00171 /* ST_rlimit */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00172 /* ST_swap */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00173 /* ST_syslog */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00174 /* ST_rsbac */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00175 /* ST_rsbac_log */ 0, \ 00176 /* ST_other */ ( \ 00177 ((rsbac_request_vector_t) 1 << R_ADD_TO_KERNEL) \ 00178 | ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ 00179 | ((rsbac_request_vector_t) 1 << R_MOUNT) \ 00180 | ((rsbac_request_vector_t) 1 << R_REMOVE_FROM_KERNEL) \ 00181 | ((rsbac_request_vector_t) 1 << R_UMOUNT) \ 00182 | ((rsbac_request_vector_t) 1 << R_SHUTDOWN) \ 00183 ), \ 00184 /* ST_kmem */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00185 /* ST_network */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00186 /* ST_firewall */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00187 /* ST_priority */ RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \ 00188 /* 15 = ST_none */ 0, \ 00189 0, \ 00190 0, \ 00191 0, \ 00192 0, \ 00193 /* 20 */ 0, \ 00194 0, \ 00195 0, \ 00196 0, \ 00197 0, \ 00198 0, \ 00199 0, \ 00200 0, \ 00201 0, \ 00202 0, \ 00203 /* 30 */ 0, \ 00204 0, \ 00205 /* 32 = RST_auth_admin */ 0, \ 00206 /* 33 = RST_none */ 0 \ 00207 } 00208 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM 00209 #define RSBAC_RC_AUDITOR_COMP_SCD { \ 00210 0, \ 00211 0, \ 00212 0, \ 00213 0, \ 00214 /* ST_ioports */ ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA), \ 00215 /* ST_rlimit */ RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \ 00216 /* ST_swap */ 0, \ 00217 /* ST_syslog */ 0, \ 00218 /* ST_rsbac */ 0, \ 00219 /* ST_rsbac_log */ ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA), \ 00220 /* ST_other */ ( \ 00221 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ 00222 ), \ 00223 /* ST_kmem */ 0, \ 00224 /* ST_network */ ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \ 00225 /* ST_firewall */ 0, \ 00226 /* ST_priority */ 0, \ 00227 /* 15 = ST_none */ 0 \ 00228 } 00229 #else 00230 #define RSBAC_RC_AUDITOR_COMP_SCD { \ 00231 0, \ 00232 0, \ 00233 0, \ 00234 0, \ 00235 0, \ 00236 /* ST_rlimit */ RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \ 00237 /* ST_swap */ 0, \ 00238 /* ST_syslog */ 0, \ 00239 /* ST_rsbac */ 0, \ 00240 /* ST_rsbac_log */ ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA), \ 00241 /* ST_other */ ( \ 00242 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ 00243 ), \ 00244 /* ST_kmem */ 0, \ 00245 /* ST_network */ ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \ 00246 /* ST_firewall */ 0, \ 00247 /* ST_priority */ 0, \ 00248 /* 15 = ST_none */ 0 \ 00249 } 00250 #endif 00251 00252 00253 #define RC_type_inherit_process ((rsbac_rc_type_id_t) -1) 00254 #define RC_type_inherit_parent ((rsbac_rc_type_id_t) -2) 00255 #define RC_type_no_create ((rsbac_rc_type_id_t) -3) 00256 #define RC_type_no_execute ((rsbac_rc_type_id_t) -4) 00257 #define RC_type_use_new_role_def_create ((rsbac_rc_type_id_t) -5) /* for process chown (setuid) */ 00258 #define RC_type_no_chown ((rsbac_rc_type_id_t) -6) 00259 #define RC_type_min_special ((rsbac_rc_type_id_t) -6) 00260 #define RC_type_max_value ((rsbac_rc_type_id_t) -32) 00261 00262 #define RC_role_inherit_user ((rsbac_rc_role_id_t) -1) 00263 #define RC_role_inherit_process ((rsbac_rc_role_id_t) -2) 00264 #define RC_role_inherit_parent ((rsbac_rc_role_id_t) -3) 00265 #define RC_role_inherit_up_mixed ((rsbac_rc_role_id_t) -4) 00266 #define RC_role_use_force_role ((rsbac_rc_role_id_t) -5) 00267 #define RC_role_min_special ((rsbac_rc_role_id_t) -5) 00268 #define RC_role_max_value ((rsbac_rc_role_id_t) -32) 00269 00270 #define RC_default_force_role RC_role_inherit_parent 00271 #define RC_default_root_dir_force_role RC_role_inherit_up_mixed 00272 #define RC_default_init_force_role RC_role_inherit_user 00273 #define RC_default_initial_role RC_role_inherit_parent 00274 #define RC_default_root_dir_initial_role RC_role_use_force_role 00275 00276 /****************************************************************************/ 00277 /* RC ACI types */ 00278 /****************************************************************************/ 00279 00280 enum rsbac_rc_target_t { RT_ROLE, RT_TYPE, RT_NONE }; 00281 00282 union rsbac_rc_target_id_t 00283 { 00284 rsbac_rc_role_id_t role; 00285 rsbac_rc_type_id_t type; 00286 }; 00287 00288 enum rsbac_rc_item_t { RI_role_comp, 00289 RI_admin_roles, /* new in version 3 */ 00290 RI_assign_roles, /* new in version 3 */ 00291 RI_type_comp_fd, 00292 RI_type_comp_dev, 00293 RI_type_comp_user, 00294 RI_type_comp_process, 00295 RI_type_comp_ipc, 00296 RI_type_comp_scd, 00297 RI_type_comp_netdev, 00298 RI_type_comp_nettemp, 00299 RI_type_comp_netobj, 00300 RI_admin_type, 00301 RI_name, 00302 RI_def_fd_create_type, 00303 RI_def_user_create_type, 00304 RI_def_process_create_type, 00305 RI_def_process_chown_type, 00306 RI_def_process_execute_type, 00307 RI_def_ipc_create_type, 00308 RI_boot_role, 00309 RI_type_fd_name, 00310 RI_type_dev_name, 00311 RI_type_ipc_name, 00312 RI_type_user_name, 00313 RI_type_process_name, 00314 RI_type_netdev_name, 00315 RI_type_nettemp_name, 00316 RI_type_netobj_name, 00317 RI_type_fd_need_secdel, 00318 RI_type_scd_name, /* Pseudo, using get_rc_scd_name() */ 00319 RI_remove_role, 00320 RI_type_fd_remove, 00321 RI_type_dev_remove, 00322 RI_type_ipc_remove, 00323 RI_type_user_remove, 00324 RI_type_process_remove, 00325 RI_type_netdev_remove, 00326 RI_type_nettemp_remove, 00327 RI_type_netobj_remove, 00328 #ifdef __KERNEL__ 00329 #endif 00330 RI_none}; 00331 00332 union rsbac_rc_item_value_t 00333 { 00334 rsbac_rc_rights_vector_t rights; 00335 enum rsbac_rc_admin_type_t admin_type; 00336 char name[RSBAC_RC_NAME_LEN]; 00337 rsbac_rc_role_id_t role_id; 00338 rsbac_rc_type_id_t type_id; 00339 boolean need_secdel; 00340 boolean comp; 00341 boolean boot_role; 00342 #ifdef __KERNEL__ 00343 #endif 00344 u_char u_char_dummy; 00345 int dummy; 00346 u_int u_dummy; 00347 long long_dummy; 00348 long long long_long_dummy; 00349 }; 00350 00351 #endif

Generated on Tue Aug 31 10:05:22 2004 for RSBAC by doxygen 1.3.8