/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/rc_types.h
Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
#ifndef __RSBAC_RC_TYPES_H
00010
#define __RSBAC_RC_TYPES_H
00011
00012
#include <linux/types.h>
00013
00014
00015
00016 #define RSBAC_RC_GENERAL_ROLE 0
00017 #define RSBAC_RC_ROLE_ADMIN_ROLE 1
00018 #define RSBAC_RC_SYSTEM_ADMIN_ROLE 2
00019 #define RSBAC_RC_AUDITOR_ROLE 3
00020 #define RSBAC_RC_BOOT_ROLE 999999
00021 #define RSBAC_RC_GENERAL_TYPE 0
00022 #define RSBAC_RC_SEC_TYPE 1
00023 #define RSBAC_RC_SYS_TYPE 2
00024
00025
00026 #define RSBAC_RC_NAME_LEN 16
00027 #define RSBAC_RC_ALL_REQUESTS ((rsbac_rc_request_vector_t) -1)
00028
00029 #define RSBAC_RC_SPECIAL_RIGHT_BASE 48
00030
00031 enum rsbac_rc_special_rights_t
00032 {
RCR_ADMIN =
RSBAC_RC_SPECIAL_RIGHT_BASE,
00033
RCR_ASSIGN,
00034
RCR_ACCESS_CONTROL,
00035
RCR_SUPERVISOR,
00036
RCR_MODIFY_AUTH,
00037
RCR_NONE};
00038
00039 typedef __u64
rsbac_rc_rights_vector_t;
00040
00041
00042 typedef __u64
rsbac_rc_role_vector_t;
00043
00044 #define RSBAC_RC_RIGHTS_VECTOR(x) ((rsbac_rc_rights_vector_t) 1 << (x))
00045 #define RSBAC_RC_ROLE_VECTOR(x) ((rsbac_rc_role_vector_t) 1 << (x))
00046 #define RSBAC_RC_TYPE_VECTOR(x) ((rsbac_rc_type_vector_t) 1 << (x))
00047
00048 #define RSBAC_RC_SPECIAL_RIGHTS_VECTOR (\
00049
RSBAC_RC_RIGHTS_VECTOR(RCR_ADMIN) | \
00050
RSBAC_RC_RIGHTS_VECTOR(RCR_ASSIGN) | \
00051
RSBAC_RC_RIGHTS_VECTOR(RCR_ACCESS_CONTROL) | \
00052
RSBAC_RC_RIGHTS_VECTOR(RCR_SUPERVISOR) | \
00053
RSBAC_RC_RIGHTS_VECTOR(RCR_MODIFY_AUTH) \
00054
)
00055
00056 #define RSBAC_RC_SUPERVISOR_RIGHT_VECTOR (\
00057
RSBAC_RC_RIGHTS_VECTOR(RCR_SUPERVISOR) | \
00058
)
00059
00060 #define RSBAC_RC_ALL_RIGHTS_VECTOR (RSBAC_ALL_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR)
00061
00062 #define RSBAC_RC_DEFAULT_RIGHTS_VECTOR 0
00063
00064 #define RSBAC_RC_GEN_RIGHTS_VECTOR RSBAC_RC_DEFAULT_RIGHTS_VECTOR
00065
00066 typedef __u32
rsbac_rc_role_id_t;
00067 typedef __u32
rsbac_rc_type_id_t;
00068 typedef rsbac_request_vector_t rsbac_rc_request_vector_t;
00069
00070 enum rsbac_rc_admin_type_t {
RC_no_admin,
RC_role_admin,
RC_system_admin,
RC_none};
00071
00072
00073
00074
00075
00076 #define RST_min 32
00077 enum rsbac_rc_scd_type_t {
RST_auth_administration =
RST_min,
00078
RST_none};
00079
00080
00081
#ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00082
#define RSBAC_RC_GENERAL_COMP_SCD { \
00083
0, \
00084
0, \
00085
0, \
00086
0, \
00087
((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA), \
00088 RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \
00089 0, \
00090 0, \
00091 0, \
00092 0, \
00093 ( \
00094 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00095 ), \
00096 0, \
00097 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \
00098 0 \
00099 }
00100
#else
00101 #define RSBAC_RC_GENERAL_COMP_SCD { \
00102
0, \
00103
0, \
00104
0, \
00105
0, \
00106
0, \
00107
RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \
00108 0, \
00109 0, \
00110 0, \
00111 0, \
00112 ( \
00113 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00114 ), \
00115 0, \
00116 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \
00117 0, \
00118 0, \
00119 0 \
00120 }
00121
#endif
00122
00123 #define RSBAC_RC_ROLEADM_COMP_SCD { \
00124
0, \
00125 0, \
00126 0, \
00127 0, \
00128 0, \
00129 RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00130 0, \
00131 0, \
00132 RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00133 RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00134 ( \
00135 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00136 | ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \
00137 | ((rsbac_request_vector_t) 1 << R_SWITCH_LOG) \
00138 | ((rsbac_request_vector_t) 1 << R_SWITCH_MODULE) \
00139 ) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00140 0, \
00141 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00142 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00143 0, \
00144 0, \
00145 0, \
00146 0, \
00147 0, \
00148 0, \
00149 0, \
00150 0, \
00151 0, \
00152 0, \
00153 0, \
00154 0, \
00155 0, \
00156 0, \
00157 0, \
00158 0, \
00159 0, \
00160 0, \
00161 RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00162 0 \
00163 }
00164
00165 #define RSBAC_RC_SYSADM_COMP_SCD { \
00166
RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00167 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00168 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00169 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00170 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00171 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00172 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00173 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00174 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00175 0, \
00176 ( \
00177 ((rsbac_request_vector_t) 1 << R_ADD_TO_KERNEL) \
00178 | ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00179 | ((rsbac_request_vector_t) 1 << R_MOUNT) \
00180 | ((rsbac_request_vector_t) 1 << R_REMOVE_FROM_KERNEL) \
00181 | ((rsbac_request_vector_t) 1 << R_UMOUNT) \
00182 | ((rsbac_request_vector_t) 1 << R_SHUTDOWN) \
00183 ), \
00184 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00185 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00186 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00187 RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00188 0, \
00189 0, \
00190 0, \
00191 0, \
00192 0, \
00193 0, \
00194 0, \
00195 0, \
00196 0, \
00197 0, \
00198 0, \
00199 0, \
00200 0, \
00201 0, \
00202 0, \
00203 0, \
00204 0, \
00205 0, \
00206 0 \
00207 }
00208
#ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00209
#define RSBAC_RC_AUDITOR_COMP_SCD { \
00210
0, \
00211
0, \
00212
0, \
00213
0, \
00214
((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA), \
00215 RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \
00216 0, \
00217 0, \
00218 0, \
00219 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA), \
00220 ( \
00221 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00222 ), \
00223 0, \
00224 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \
00225 0, \
00226 0, \
00227 0 \
00228 }
00229
#else
00230 #define RSBAC_RC_AUDITOR_COMP_SCD { \
00231
0, \
00232
0, \
00233
0, \
00234
0, \
00235
0, \
00236
RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \
00237 0, \
00238 0, \
00239 0, \
00240 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA), \
00241 ( \
00242 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00243 ), \
00244 0, \
00245 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \
00246 0, \
00247 0, \
00248 0 \
00249 }
00250
#endif
00251
00252
00253 #define RC_type_inherit_process ((rsbac_rc_type_id_t) -1)
00254 #define RC_type_inherit_parent ((rsbac_rc_type_id_t) -2)
00255 #define RC_type_no_create ((rsbac_rc_type_id_t) -3)
00256 #define RC_type_no_execute ((rsbac_rc_type_id_t) -4)
00257 #define RC_type_use_new_role_def_create ((rsbac_rc_type_id_t) -5)
00258 #define RC_type_no_chown ((rsbac_rc_type_id_t) -6)
00259 #define RC_type_min_special ((rsbac_rc_type_id_t) -6)
00260 #define RC_type_max_value ((rsbac_rc_type_id_t) -32)
00261
00262 #define RC_role_inherit_user ((rsbac_rc_role_id_t) -1)
00263 #define RC_role_inherit_process ((rsbac_rc_role_id_t) -2)
00264 #define RC_role_inherit_parent ((rsbac_rc_role_id_t) -3)
00265 #define RC_role_inherit_up_mixed ((rsbac_rc_role_id_t) -4)
00266 #define RC_role_use_force_role ((rsbac_rc_role_id_t) -5)
00267 #define RC_role_min_special ((rsbac_rc_role_id_t) -5)
00268 #define RC_role_max_value ((rsbac_rc_role_id_t) -32)
00269
00270 #define RC_default_force_role RC_role_inherit_parent
00271 #define RC_default_root_dir_force_role RC_role_inherit_up_mixed
00272 #define RC_default_init_force_role RC_role_inherit_user
00273 #define RC_default_initial_role RC_role_inherit_parent
00274 #define RC_default_root_dir_initial_role RC_role_use_force_role
00275
00276
00277
00278
00279
00280 enum rsbac_rc_target_t {
RT_ROLE,
RT_TYPE,
RT_NONE };
00281
00282 union rsbac_rc_target_id_t
00283 {
00284 rsbac_rc_role_id_t role;
00285 rsbac_rc_type_id_t type;
00286 };
00287
00288 enum rsbac_rc_item_t {
RI_role_comp,
00289
RI_admin_roles,
00290
RI_assign_roles,
00291
RI_type_comp_fd,
00292
RI_type_comp_dev,
00293
RI_type_comp_user,
00294
RI_type_comp_process,
00295
RI_type_comp_ipc,
00296
RI_type_comp_scd,
00297
RI_type_comp_netdev,
00298
RI_type_comp_nettemp,
00299
RI_type_comp_netobj,
00300
RI_admin_type,
00301
RI_name,
00302
RI_def_fd_create_type,
00303
RI_def_user_create_type,
00304
RI_def_process_create_type,
00305
RI_def_process_chown_type,
00306
RI_def_process_execute_type,
00307
RI_def_ipc_create_type,
00308
RI_boot_role,
00309
RI_type_fd_name,
00310
RI_type_dev_name,
00311
RI_type_ipc_name,
00312
RI_type_user_name,
00313
RI_type_process_name,
00314
RI_type_netdev_name,
00315
RI_type_nettemp_name,
00316
RI_type_netobj_name,
00317
RI_type_fd_need_secdel,
00318
RI_type_scd_name,
00319
RI_remove_role,
00320
RI_type_fd_remove,
00321
RI_type_dev_remove,
00322
RI_type_ipc_remove,
00323
RI_type_user_remove,
00324
RI_type_process_remove,
00325
RI_type_netdev_remove,
00326
RI_type_nettemp_remove,
00327
RI_type_netobj_remove,
00328
#ifdef __KERNEL__
00329
#endif
00330
RI_none};
00331
00332 union rsbac_rc_item_value_t
00333 {
00334 rsbac_rc_rights_vector_t rights;
00335 enum rsbac_rc_admin_type_t admin_type;
00336 char name[
RSBAC_RC_NAME_LEN];
00337 rsbac_rc_role_id_t role_id;
00338 rsbac_rc_type_id_t type_id;
00339 boolean need_secdel;
00340 boolean comp;
00341 boolean boot_role;
00342
#ifdef __KERNEL__
00343
#endif
00344 u_char
u_char_dummy;
00345 int dummy;
00346 u_int
u_dummy;
00347 long long_dummy;
00348 long long long_long_dummy;
00349 };
00350
00351
#endif
Generated on Tue Aug 31 10:05:22 2004 for RSBAC by
1.3.8