/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/adf_syshelpers.h

Go to the documentation of this file.
00001 /************************************ */ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2004: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* */ 00006 /* Helper Prototypes for model */ 00007 /* specific system calls */ 00008 /* Last modified: 27/Apr/2004 */ 00009 /************************************ */ 00010 00011 #ifndef __RSBAC_ADF_SYSHELPERS_H 00012 #define __RSBAC_ADF_SYSHELPERS_H 00013 00014 /* #include <linux/sched.h> */ 00015 #include <rsbac/types.h> 00016 00017 /***************************************************/ 00018 /* Global Variables */ 00019 /***************************************************/ 00020 00021 /***************************************************/ 00022 /* General Prototypes */ 00023 /***************************************************/ 00024 00025 /***************************************************/ 00026 /* Module Prototypes */ 00027 /***************************************************/ 00028 00029 /******* MAC ********/ 00030 00031 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_MAC_MAINT) 00032 int rsbac_mac_set_curr_level(rsbac_security_level_t level, 00033 rsbac_mac_category_vector_t categories); 00034 00035 int rsbac_mac_get_curr_level(rsbac_security_level_t * level_p, 00036 rsbac_mac_category_vector_t * categories_p); 00037 00038 int rsbac_mac_get_max_level(rsbac_security_level_t * level_p, 00039 rsbac_mac_category_vector_t * categories_p); 00040 00041 int rsbac_mac_get_min_level(rsbac_security_level_t * level_p, 00042 rsbac_mac_category_vector_t * categories_p); 00043 00044 int rsbac_mac_add_p_tru(rsbac_pid_t pid, 00045 rsbac_uid_t uid, 00046 rsbac_time_t ttl); 00047 00048 int rsbac_mac_remove_p_tru(rsbac_pid_t pid, 00049 rsbac_uid_t uid); 00050 00051 int rsbac_mac_add_f_tru(rsbac_mac_file_t file, 00052 rsbac_uid_t uid, 00053 rsbac_time_t ttl); 00054 00055 int rsbac_mac_remove_f_tru(rsbac_mac_file_t file, 00056 rsbac_uid_t uid); 00057 00058 #endif /* MAC */ 00059 00060 00061 /******* FC ********/ 00062 00063 /******* SIM ********/ 00064 00065 /******* PM ********/ 00066 00067 #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT) 00068 /* This function is called via sys_rsbac_pm() system call */ 00069 /* and serves as a dispatcher for all PM dependant system calls. */ 00070 00071 int rsbac_pm(enum rsbac_pm_function_type_t, 00072 union rsbac_pm_function_param_t, 00073 rsbac_pm_tkt_id_t); 00074 00075 int rsbac_pm_change_current_task(rsbac_pm_task_id_t); 00076 00077 int rsbac_pm_create_file(const char *, /* filename */ 00078 int, /* creation mode */ 00079 rsbac_pm_object_class_id_t); /* class for file */ 00080 #endif /* PM */ 00081 00082 /******* FF ********/ 00083 00084 /******* RC ********/ 00085 00086 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT) 00087 /* These functions in adf/rc/syscalls.c are called via sys_* system calls */ 00088 /* and check for validity before passing the call to the rc_data_structures. */ 00089 00090 /* All roles are always there, so instead of creation, we supply a copy for */ 00091 /* initialization. There is always the well-defined role general to copy */ 00092 extern int rsbac_rc_sys_copy_role (rsbac_rc_role_id_t from_role, 00093 rsbac_rc_role_id_t to_role); 00094 00095 /* Getting item values */ 00096 extern int rsbac_rc_sys_get_item (enum rsbac_rc_target_t target, 00097 union rsbac_rc_target_id_t tid, 00098 union rsbac_rc_target_id_t subtid, 00099 enum rsbac_rc_item_t item, 00100 union rsbac_rc_item_value_t * value_p, 00101 rsbac_time_t * ttl_p); 00102 00103 /* Setting item values */ 00104 extern int rsbac_rc_sys_set_item (enum rsbac_rc_target_t target, 00105 union rsbac_rc_target_id_t tid, 00106 union rsbac_rc_target_id_t subtid, 00107 enum rsbac_rc_item_t item, 00108 union rsbac_rc_item_value_t value, 00109 rsbac_time_t ttl); 00110 00111 /* Set own role, if allowed ( = in role_comp vector of current role) */ 00112 extern int rsbac_rc_sys_change_role (rsbac_rc_role_id_t role); 00113 00114 /* Getting own effective rights */ 00115 int rsbac_rc_sys_get_eff_rights (enum rsbac_target_t target, 00116 union rsbac_target_id_t tid, 00117 rsbac_rc_request_vector_t * request_vector, 00118 rsbac_time_t * ttl_p); 00119 00120 int rsbac_rc_sys_get_current_role (rsbac_rc_role_id_t * role_p); 00121 00122 #endif /* RC || RC_MAINT */ 00123 00124 /****** AUTH *******/ 00125 00126 #if defined(CONFIG_RSBAC_AUTH) || defined(CONFIG_RSBAC_AUTH_MAINT) 00127 /* This function is called via sys_rsbac_auth_add_p_cap() system call */ 00128 int rsbac_auth_add_p_cap(rsbac_pid_t pid, 00129 enum rsbac_auth_cap_type_t cap_type, 00130 struct rsbac_auth_cap_range_t cap_range, 00131 rsbac_time_t ttl); 00132 00133 /* This function is called via sys_rsbac_auth_remove_p_cap() system call */ 00134 int rsbac_auth_remove_p_cap(rsbac_pid_t pid, 00135 enum rsbac_auth_cap_type_t cap_type, 00136 struct rsbac_auth_cap_range_t cap_range); 00137 00138 /* This function is called via sys_rsbac_auth_add_f_cap() system call */ 00139 int rsbac_auth_add_f_cap(rsbac_auth_file_t file, 00140 enum rsbac_auth_cap_type_t cap_type, 00141 struct rsbac_auth_cap_range_t cap_range, 00142 rsbac_time_t ttl); 00143 00144 /* This function is called via sys_rsbac_auth_remove_f_cap() system call */ 00145 int rsbac_auth_remove_f_cap(rsbac_auth_file_t file, 00146 enum rsbac_auth_cap_type_t cap_type, 00147 struct rsbac_auth_cap_range_t cap_range); 00148 #endif /* AUTH || AUTH_MAINT */ 00149 00150 /****** REG *******/ 00151 00152 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT) 00153 /* 00154 * System call dispatcher 00155 * Returns 0 on success or -EINVALIDTARGET, if handle is invalid. 00156 */ 00157 00158 int rsbac_reg_syscall(rsbac_reg_handle_t handle, 00159 void * arg); 00160 #endif /* REG || REG_MAINT */ 00161 00162 /****** ACL *******/ 00163 00164 #if defined(CONFIG_RSBAC_ACL) || defined(CONFIG_RSBAC_ACL_MAINT) 00165 int rsbac_acl_sys_set_acl_entry (enum rsbac_target_t target, 00166 union rsbac_target_id_t tid, 00167 enum rsbac_acl_subject_type_t subj_type, 00168 rsbac_acl_subject_id_t subj_id, 00169 rsbac_acl_rights_vector_t rights, 00170 rsbac_time_t ttl); 00171 00172 int rsbac_acl_sys_remove_acl_entry (enum rsbac_target_t target, 00173 union rsbac_target_id_t tid, 00174 enum rsbac_acl_subject_type_t subj_type, 00175 rsbac_acl_subject_id_t subj_id); 00176 00177 int rsbac_acl_sys_remove_acl (enum rsbac_target_t target, 00178 union rsbac_target_id_t tid); 00179 00180 int rsbac_acl_sys_add_to_acl_entry (enum rsbac_target_t target, 00181 union rsbac_target_id_t tid, 00182 enum rsbac_acl_subject_type_t subj_type, 00183 rsbac_acl_subject_id_t subj_id, 00184 rsbac_acl_rights_vector_t rights, 00185 rsbac_time_t ttl); 00186 00187 int rsbac_acl_sys_remove_from_acl_entry(enum rsbac_target_t target, 00188 union rsbac_target_id_t tid, 00189 enum rsbac_acl_subject_type_t subj_type, 00190 rsbac_acl_subject_id_t subj_id, 00191 rsbac_acl_rights_vector_t rights); 00192 00193 int rsbac_acl_sys_set_mask (enum rsbac_target_t target, 00194 union rsbac_target_id_t tid, 00195 rsbac_acl_rights_vector_t mask); 00196 00197 int rsbac_acl_sys_remove_user (rsbac_uid_t uid); 00198 00199 int rsbac_acl_sys_get_mask (enum rsbac_target_t target, 00200 union rsbac_target_id_t tid, 00201 rsbac_acl_rights_vector_t * mask_p); 00202 00203 00204 int rsbac_acl_sys_get_rights (enum rsbac_target_t target, 00205 union rsbac_target_id_t tid, 00206 enum rsbac_acl_subject_type_t subj_type, 00207 rsbac_acl_subject_id_t subj_id, 00208 rsbac_acl_rights_vector_t * rights_p, 00209 boolean inherit); 00210 00211 int rsbac_acl_sys_get_tlist (enum rsbac_target_t target, 00212 union rsbac_target_id_t tid, 00213 struct rsbac_acl_entry_t ** entry_pp, 00214 rsbac_time_t ** ttl_pp); 00215 00216 int rsbac_acl_sys_group(enum rsbac_acl_group_syscall_type_t call, 00217 union rsbac_acl_group_syscall_arg_t arg); 00218 00219 #endif /* ACL || ACL_MAINT */ 00220 00221 /****** JAIL *******/ 00222 00223 #if defined(CONFIG_RSBAC_JAIL) 00224 /* This function is called via sys_rsbac_jail() system call */ 00225 int rsbac_jail_sys_jail(rsbac_version_t version, 00226 char * path, 00227 rsbac_jail_ip_t ip, 00228 rsbac_jail_flags_t flags, 00229 rsbac_cap_vector_t max_caps); 00230 #endif 00231 00232 #endif /* End of adf_syshelpers.h */

Generated on Tue Aug 31 10:05:22 2004 for RSBAC by doxygen 1.3.8