/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/reg.h

Go to the documentation of this file.
00001 /************************************ */ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2001: Amon Ott */ 00004 /* API: for REG */ 00005 /* Module Registration */ 00006 /* Last modified: 05/Mar/2001 */ 00007 /************************************ */ 00008 00009 #ifndef __RSBAC_REG_H 00010 #define __RSBAC_REG_H 00011 00012 #include <rsbac/types.h> 00013 #include <rsbac/debug.h> 00014 00015 #define RSBAC_REG_VERSION 1 00016 00017 /***************************************************/ 00018 /* Types */ 00019 /***************************************************/ 00020 00021 #define RSBAC_REG_NAME_LEN 30 00022 00023 /* Decision function */ 00024 typedef \ 00025 int rsbac_reg_request_func_t ( enum rsbac_adf_request_t, 00026 rsbac_pid_t, 00027 enum rsbac_target_t, 00028 union rsbac_target_id_t, 00029 enum rsbac_attribute_t, 00030 union rsbac_attribute_value_t, 00031 rsbac_uid_t); /* process owner */ 00032 00033 /* Attribute setting / notification function */ 00034 typedef \ 00035 int rsbac_reg_set_attr_func_t ( enum rsbac_adf_request_t, 00036 rsbac_pid_t, 00037 enum rsbac_target_t, 00038 union rsbac_target_id_t, 00039 enum rsbac_target_t, 00040 union rsbac_target_id_t, 00041 enum rsbac_attribute_t, 00042 union rsbac_attribute_value_t, 00043 rsbac_uid_t); /* process owner */ 00044 00045 /* Whether module wants this file to be overwritten on delete / truncate */ 00046 typedef boolean rsbac_reg_need_overwrite_func_t(struct dentry * dentry_p); 00047 00048 /* 00049 * rsbac_reg_write_func_t 00050 * 00051 * Called by rsbac_write function to save all dirty lists, must return number 00052 * of files written or negative error. If auto_write is active, this function 00053 * will be called regularly and allows for asynchronous data writing to disk. 00054 * 00055 * If need_lock is TRUE, a lock_kernel() / unlock_kernel() pair must be used 00056 * around the write function. 00057 */ 00058 typedef int rsbac_reg_write_func_t(boolean need_lock); 00059 00060 /* Called on every mount, allows updating of fs based data */ 00061 typedef int rsbac_reg_mount_func_t(kdev_t kdev); 00062 00063 /* Called on every umount, allows updating of fs based data */ 00064 typedef int rsbac_reg_umount_func_t(kdev_t kdev); 00065 00066 /* Called on rsbac_reg syscalls for handle syscall_handle */ 00067 /* Generic Syscall interface - note: data is a user space pointer! */ 00068 typedef int rsbac_reg_syscall_func_t(void * data); 00069 00070 /* Status and data structures integrity checking, called from sys_rsbac_check */ 00071 /* correct: if TRUE, errors are corrected, else just report */ 00072 /* check_inode: for inode number based data, check, if inode still exists */ 00073 typedef int rsbac_reg_check_func_t(int correct, int check_inode); 00074 00075 /*********/ 00076 00077 struct rsbac_reg_entry_t 00078 { 00079 rsbac_reg_handle_t handle; 00080 char name[RSBAC_REG_NAME_LEN+1]; 00081 rsbac_reg_request_func_t * request_func; 00082 rsbac_reg_set_attr_func_t * set_attr_func; 00083 rsbac_reg_need_overwrite_func_t * need_overwrite_func; 00084 rsbac_reg_write_func_t * write_func; 00085 rsbac_reg_mount_func_t * mount_func; 00086 rsbac_reg_umount_func_t * umount_func; 00087 rsbac_reg_check_func_t * check_func; 00088 boolean switch_on; /* turned on initially? */ 00089 }; 00090 00091 struct rsbac_reg_syscall_entry_t 00092 { 00093 rsbac_reg_handle_t registration_handle; 00094 rsbac_reg_handle_t dispatcher_handle; 00095 char name[RSBAC_REG_NAME_LEN+1]; 00096 rsbac_reg_syscall_func_t * syscall_func; 00097 }; 00098 00099 /***************************************************/ 00100 /* Prototypes */ 00101 /***************************************************/ 00102 00103 /* See rsbac/types.h for types */ 00104 00105 /* 00106 * Register an ADF decision module 00107 * Returns given positive handle or negative error code from rsbac/error.h 00108 * Errors: -RSBAC_EINVALIDVALUE (all functions are empty or handle is not positive) 00109 * -RSBAC_EEXISTS (handle exists - choose another one) 00110 * -RSBAC_ECOULDNOTADDITEM (no entry available) 00111 * -RSBAC_EINVALIDVERSION (wrong REG version) 00112 */ 00113 00114 rsbac_reg_handle_t rsbac_reg_register( rsbac_version_t version, 00115 struct rsbac_reg_entry_t entry); 00116 00117 /* 00118 * Switch module on or off - for 'normal' modules this is done by general 00119 * function. This is a dummy, if module switching is disabled. 00120 * Returns 0 on success or -EINVALIDTARGET, if handle is invalid. 00121 */ 00122 00123 int rsbac_reg_switch (rsbac_reg_handle_t handle, boolean value); 00124 00125 /* 00126 * Unregister an ADF decision module 00127 * Returns 0 on success or -EINVALIDTARGET, if handle is invalid. 00128 */ 00129 00130 int rsbac_reg_unregister(rsbac_reg_handle_t handle); 00131 00132 00133 /* 00134 * Register a system call 00135 * Returns given positive handle or negative error code from rsbac/error.h 00136 * Errors: -RSBAC_EINVALIDVALUE (function is empty or handle is not positive) 00137 * -RSBAC_EEXISTS (handle exists - choose another one) 00138 * -RSBAC_ECOULDNOTADDITEM (no entry available) 00139 * -RSBAC_EINVALIDVERSION (wrong REG version) 00140 */ 00141 00142 rsbac_reg_handle_t rsbac_reg_register_syscall( rsbac_version_t version, 00143 struct rsbac_reg_syscall_entry_t entry); 00144 00145 /* 00146 * Unregister a system call 00147 * Returns 0 on success or -EINVALIDTARGET, if handle is invalid. 00148 */ 00149 00150 int rsbac_reg_unregister_syscall(rsbac_reg_handle_t handle); 00151 00152 #endif

Generated on Tue Aug 31 10:05:22 2004 for RSBAC by doxygen 1.3.8