/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/acl_data_structures.h

Go to the documentation of this file.
00001 /**************************************/ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2003: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* Data structures / ACL */ 00006 /* Last modified: 11/Dec/2003 */ 00007 /**************************************/ 00008 00009 #ifndef __RSBAC_ACL_DATA_STRUC_H 00010 #define __RSBAC_ACL_DATA_STRUC_H 00011 00012 #include <linux/types.h> 00013 #include <rsbac/aci.h> 00014 #include <rsbac/types.h> 00015 #include <rsbac/lists.h> 00016 00017 #define RSBAC_ACL_LIST_KEY 0x815affe 00018 00019 #define RSBAC_ACL_GENERAL_FD_ENTRY \ 00020 { ACLS_GROUP, \ 00021 RSBAC_ACL_GROUP_EVERYONE, \ 00022 ( RSBAC_FD_REQUEST_VECTOR & RSBAC_READ_WRITE_REQUEST_VECTOR ) | RSBAC_EXECUTE_REQUEST_VECTOR | RSBAC_ACL_GEN_RIGHTS_VECTOR } 00023 00024 #define RSBAC_ACL_ACMAN_FD_ENTRY \ 00025 { ACLS_USER, \ 00026 RSBAC_SECOFF_UID, \ 00027 ( RSBAC_FD_REQUEST_VECTOR & \ 00028 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_EXECUTE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \ 00029 | RSBAC_ACL_ACMAN_RIGHTS_VECTOR } 00030 00031 #define RSBAC_ACL_SYSADM_FD_ENTRY \ 00032 { ACLS_USER, \ 00033 RSBAC_SYSADM_UID, \ 00034 ( RSBAC_FD_REQUEST_VECTOR & \ 00035 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_EXECUTE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \ 00036 | RSBAC_ACL_SYSADM_RIGHTS_VECTOR } 00037 00038 #define RSBAC_ACL_GENERAL_DEV_ENTRY \ 00039 { ACLS_GROUP, \ 00040 RSBAC_ACL_GROUP_EVERYONE, \ 00041 ( RSBAC_DEV_REQUEST_VECTOR & RSBAC_READ_WRITE_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR } 00042 00043 #define RSBAC_ACL_ACMAN_DEV_ENTRY \ 00044 { ACLS_USER, \ 00045 RSBAC_SECOFF_UID, \ 00046 ( RSBAC_DEV_REQUEST_VECTOR & \ 00047 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \ 00048 | RSBAC_ACL_ACMAN_RIGHTS_VECTOR } 00049 00050 #define RSBAC_ACL_SYSADM_DEV_ENTRY \ 00051 { ACLS_USER, \ 00052 RSBAC_SYSADM_UID, \ 00053 ( RSBAC_DEV_REQUEST_VECTOR & \ 00054 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \ 00055 | RSBAC_ACL_SYSADM_RIGHTS_VECTOR } 00056 00057 #define RSBAC_ACL_GENERAL_IPC_ENTRY \ 00058 { ACLS_GROUP, \ 00059 RSBAC_ACL_GROUP_EVERYONE, \ 00060 ( RSBAC_IPC_REQUEST_VECTOR & RSBAC_READ_WRITE_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR } 00061 00062 #define RSBAC_ACL_ACMAN_IPC_ENTRY \ 00063 { ACLS_USER, \ 00064 RSBAC_SECOFF_UID, \ 00065 ( RSBAC_IPC_REQUEST_VECTOR & \ 00066 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \ 00067 | RSBAC_ACL_ACMAN_RIGHTS_VECTOR } 00068 00069 #define RSBAC_ACL_SYSADM_IPC_ENTRY \ 00070 { ACLS_USER, \ 00071 RSBAC_SYSADM_UID, \ 00072 ( RSBAC_IPC_REQUEST_VECTOR & \ 00073 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \ 00074 | RSBAC_ACL_SYSADM_RIGHTS_VECTOR } 00075 00076 #define RSBAC_ACL_GENERAL_SCD_ENTRY \ 00077 { ACLS_GROUP, \ 00078 RSBAC_ACL_GROUP_EVERYONE, \ 00079 ( RSBAC_SCD_REQUEST_VECTOR & \ 00080 ( RSBAC_READ_WRITE_REQUEST_VECTOR | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA) ) \ 00081 ) \ 00082 | RSBAC_ACL_GEN_RIGHTS_VECTOR \ 00083 } 00084 00085 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM 00086 #define RSBAC_ACL_GENERAL_SCD_IOPORTS_ENTRY \ 00087 { ACLS_GROUP, \ 00088 RSBAC_ACL_GROUP_EVERYONE, \ 00089 ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \ 00090 } 00091 #endif 00092 00093 #define RSBAC_ACL_GENERAL_SCD_OTHER_ENTRY \ 00094 { ACLS_GROUP, \ 00095 RSBAC_ACL_GROUP_EVERYONE, \ 00096 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ 00097 } 00098 00099 #define RSBAC_ACL_GENERAL_SCD_NETWORK_ENTRY \ 00100 { ACLS_GROUP, \ 00101 RSBAC_ACL_GROUP_EVERYONE, \ 00102 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \ 00103 } 00104 00105 #define RSBAC_ACL_ACMAN_SCD_ENTRY \ 00106 { ACLS_USER, \ 00107 RSBAC_SECOFF_UID, \ 00108 ( RSBAC_SCD_REQUEST_VECTOR & \ 00109 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \ 00110 | RSBAC_ACL_ACMAN_RIGHTS_VECTOR } 00111 00112 #define RSBAC_ACL_ACMAN_SCD_OTHER_ENTRY \ 00113 { ACLS_USER, \ 00114 RSBAC_SECOFF_UID, \ 00115 ( RSBAC_NONE_REQUEST_VECTOR & \ 00116 ( \ 00117 ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ 00118 | ((rsbac_request_vector_t) 1 << R_MODIFY_ATTRIBUTE) \ 00119 | ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \ 00120 | ((rsbac_request_vector_t) 1 << R_READ_ATTRIBUTE) \ 00121 | ((rsbac_request_vector_t) 1 << R_SWITCH_LOG) \ 00122 | ((rsbac_request_vector_t) 1 << R_SWITCH_MODULE) \ 00123 ) \ 00124 ) \ 00125 | RSBAC_ACL_ACMAN_RIGHTS_VECTOR } 00126 00127 #define RSBAC_ACL_SYSADM_SCD_ENTRY \ 00128 { ACLS_USER, \ 00129 RSBAC_SYSADM_UID, \ 00130 ( RSBAC_SCD_REQUEST_VECTOR & \ 00131 ( \ 00132 ((rsbac_request_vector_t) 1 << R_GET_PERMISSIONS_DATA) \ 00133 | ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \ 00134 | ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \ 00135 | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA) \ 00136 | ((rsbac_request_vector_t) 1 << R_WRITE) \ 00137 ) \ 00138 ) \ 00139 | RSBAC_ACL_SYSADM_RIGHTS_VECTOR } 00140 00141 #define RSBAC_ACL_SYSADM_SCD_OTHER_ENTRY \ 00142 { ACLS_USER, \ 00143 RSBAC_SYSADM_UID, \ 00144 ( RSBAC_NONE_REQUEST_VECTOR & \ 00145 ( \ 00146 ((rsbac_request_vector_t) 1 << R_ADD_TO_KERNEL) \ 00147 | ((rsbac_request_vector_t) 1 << R_CHANGE_GROUP) \ 00148 | ((rsbac_request_vector_t) 1 << R_CHANGE_OWNER) \ 00149 | ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \ 00150 | ((rsbac_request_vector_t) 1 << R_MOUNT) \ 00151 | ((rsbac_request_vector_t) 1 << R_REMOVE_FROM_KERNEL) \ 00152 | ((rsbac_request_vector_t) 1 << R_UMOUNT) \ 00153 | ((rsbac_request_vector_t) 1 << R_SHUTDOWN) \ 00154 ) \ 00155 ) \ 00156 | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA) \ 00157 | RSBAC_ACL_SYSADM_RIGHTS_VECTOR } 00158 00159 #define RSBAC_ACL_AUDITOR_SCD_RSBACLOG_ENTRY \ 00160 { ACLS_USER, \ 00161 RSBAC_AUDITOR_UID, \ 00162 ( RSBAC_SCD_REQUEST_VECTOR & \ 00163 ( \ 00164 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \ 00165 | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA) \ 00166 ) \ 00167 ) \ 00168 } 00169 00170 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM 00171 #define RSBAC_ACL_SYSADM_SCD_KMEM_ENTRY \ 00172 { ACLS_USER, \ 00173 RSBAC_SYSADM_UID, \ 00174 ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \ 00175 } 00176 #endif 00177 00178 #define RSBAC_ACL_ACMAN_U_ENTRY \ 00179 { ACLS_USER, \ 00180 RSBAC_SECOFF_UID, \ 00181 RSBAC_ACL_USER_RIGHTS_VECTOR \ 00182 | RSBAC_ACL_ACMAN_RIGHTS_VECTOR } 00183 00184 #define RSBAC_ACL_SYSADM_U_ENTRY \ 00185 { ACLS_USER, \ 00186 RSBAC_SYSADM_UID, \ 00187 RSBAC_ACL_RIGHTS_VECTOR(R_READ_ATTRIBUTE) \ 00188 | RSBAC_ACL_SYSADM_RIGHTS_VECTOR } 00189 00190 #define RSBAC_ACL_GENERAL_P_ENTRY \ 00191 { ACLS_GROUP, \ 00192 RSBAC_ACL_GROUP_EVERYONE, \ 00193 ( RSBAC_PROCESS_REQUEST_VECTOR & RSBAC_READ_WRITE_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR } 00194 00195 #define RSBAC_ACL_ACMAN_P_ENTRY \ 00196 { ACLS_USER, \ 00197 RSBAC_SECOFF_UID, \ 00198 ( RSBAC_PROCESS_REQUEST_VECTOR & \ 00199 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \ 00200 | RSBAC_ACL_ACMAN_RIGHTS_VECTOR } 00201 00202 #define RSBAC_ACL_SYSADM_P_ENTRY \ 00203 { ACLS_USER, \ 00204 RSBAC_SYSADM_UID, \ 00205 ( RSBAC_PROCESS_REQUEST_VECTOR & \ 00206 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \ 00207 | RSBAC_ACL_SYSADM_RIGHTS_VECTOR } 00208 00209 #define RSBAC_ACL_GENERAL_NETDEV_ENTRY \ 00210 { ACLS_GROUP, \ 00211 RSBAC_ACL_GROUP_EVERYONE, \ 00212 ( RSBAC_NETDEV_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR } 00213 00214 #define RSBAC_ACL_ACMAN_NETDEV_ENTRY \ 00215 { ACLS_USER, \ 00216 RSBAC_SECOFF_UID, \ 00217 ( RSBAC_NETDEV_REQUEST_VECTOR & \ 00218 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \ 00219 | RSBAC_ACL_ACMAN_RIGHTS_VECTOR } 00220 00221 #define RSBAC_ACL_SYSADM_NETDEV_ENTRY \ 00222 { ACLS_USER, \ 00223 RSBAC_SYSADM_UID, \ 00224 ( RSBAC_NETDEV_REQUEST_VECTOR & \ 00225 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \ 00226 | RSBAC_ACL_SYSADM_RIGHTS_VECTOR } 00227 00228 #define RSBAC_ACL_GENERAL_NETTEMP_NT_ENTRY \ 00229 { ACLS_GROUP, \ 00230 RSBAC_ACL_GROUP_EVERYONE, \ 00231 ( RSBAC_NETTEMP_REQUEST_VECTOR & RSBAC_READ_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR } 00232 00233 #define RSBAC_ACL_ACMAN_NETTEMP_NT_ENTRY \ 00234 { ACLS_USER, \ 00235 RSBAC_SECOFF_UID, \ 00236 ( RSBAC_NETTEMP_REQUEST_VECTOR & \ 00237 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \ 00238 | RSBAC_ACL_ACMAN_RIGHTS_VECTOR } 00239 00240 #define RSBAC_ACL_SYSADM_NETTEMP_NT_ENTRY \ 00241 { ACLS_USER, \ 00242 RSBAC_SYSADM_UID, \ 00243 ( RSBAC_NETTEMP_REQUEST_VECTOR & \ 00244 ( RSBAC_READ_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \ 00245 | RSBAC_ACL_SYSADM_RIGHTS_VECTOR } 00246 00247 #define RSBAC_ACL_GENERAL_NETOBJ_ENTRY \ 00248 { ACLS_GROUP, \ 00249 RSBAC_ACL_GROUP_EVERYONE, \ 00250 ( RSBAC_NETOBJ_REQUEST_VECTOR & RSBAC_READ_WRITE_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR } 00251 00252 #define RSBAC_ACL_ACMAN_NETOBJ_ENTRY \ 00253 { ACLS_USER, \ 00254 RSBAC_SECOFF_UID, \ 00255 ( RSBAC_NETOBJ_REQUEST_VECTOR & \ 00256 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \ 00257 | RSBAC_ACL_ACMAN_RIGHTS_VECTOR } 00258 00259 #define RSBAC_ACL_SYSADM_NETOBJ_ENTRY \ 00260 { ACLS_USER, \ 00261 RSBAC_SYSADM_UID, \ 00262 ( RSBAC_NETOBJ_REQUEST_VECTOR & \ 00263 ( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \ 00264 | RSBAC_ACL_SYSADM_RIGHTS_VECTOR } 00265 00266 00267 /**********************************************/ 00268 /* Lists of ACL / General subitems */ 00269 /**********************************************/ 00270 00271 /* Each list represents sets of ACL entries, using a set-id and a sublist each */ 00272 00273 #define RSBAC_ACL_VERSION 1 00274 00275 /**********************************************/ 00276 /* ACL and device entries for File/Dir ACL */ 00277 /**********************************************/ 00278 00279 #define RSBAC_ACL_FD_FILENAME "aclfd." 00280 #define RSBAC_ACL_DEF_FD_FILENAME "aclfd.df" 00281 #define RSBAC_ACL_NR_FD_LISTS 16 00282 #define RSBAC_ACL_FD_LIST_VERSION 1 00283 #define RSBAC_ACL_DEF_FD_LIST_VERSION 1 00284 00285 /* The list of devices is also a double linked list, so we define list */ 00286 /* items and a list head. */ 00287 00288 struct rsbac_acl_device_list_item_t 00289 { 00290 kdev_t id; 00291 u_int mount_count; 00292 rsbac_list_handle_t handles[RSBAC_ACL_NR_FD_LISTS]; 00293 struct rsbac_acl_device_list_item_t * prev; 00294 struct rsbac_acl_device_list_item_t * next; 00295 }; 00296 00297 /* To provide consistency we use spinlocks for all list accesses. The */ 00298 /* 'curr' entry is used to avoid repeated lookups for the same item. */ 00299 00300 struct rsbac_acl_device_list_head_t 00301 { 00302 struct rsbac_acl_device_list_item_t * head; 00303 struct rsbac_acl_device_list_item_t * tail; 00304 struct rsbac_acl_device_list_item_t * curr; 00305 rwlock_t lock; 00306 u_int count; 00307 }; 00308 00309 00310 /**********************************************/ 00311 /* ACL entries for Device ACL */ 00312 /**********************************************/ 00313 00314 #define RSBAC_ACL_DEV_FILENAME "acldev" 00315 #define RSBAC_ACL_DEV_LIST_VERSION 2 00316 #define RSBAC_ACL_DEV_OLD_LIST_VERSION 1 00317 #define RSBAC_ACL_DEF_DEV_FILENAME "acldev.df" 00318 #define RSBAC_ACL_DEF_DEV_LIST_VERSION 1 00319 00320 /**********************************************/ 00321 /* ACL entries for IPC ACL */ 00322 /**********************************************/ 00323 00324 #define RSBAC_ACL_DEF_IPC_FILENAME "aclipc.df" 00325 #define RSBAC_ACL_DEF_IPC_LIST_VERSION 1 00326 00327 /**********************************************/ 00328 /* ACL entries for SCD ACL */ 00329 /**********************************************/ 00330 00331 #define RSBAC_ACL_SCD_FILENAME "aclscd" 00332 #define RSBAC_ACL_DEF_SCD_FILENAME "aclscd.df" 00333 #define RSBAC_ACL_SCD_LIST_VERSION 1 00334 #define RSBAC_ACL_DEF_SCD_LIST_VERSION 1 00335 00336 /**********************************************/ 00337 /* ACL entries for user ACL */ 00338 /**********************************************/ 00339 00340 #define RSBAC_ACL_DEF_U_FILENAME "acluser.df" 00341 #define RSBAC_ACL_DEF_U_LIST_VERSION 1 00342 00343 /**********************************************/ 00344 /* ACL entries for process ACL */ 00345 /**********************************************/ 00346 00347 #define RSBAC_ACL_DEF_P_FILENAME "aclproc.df" 00348 #define RSBAC_ACL_DEF_P_LIST_VERSION 1 00349 00350 /**********************************************/ 00351 /* ACL entries for Network Device ACL */ 00352 /**********************************************/ 00353 00354 #define RSBAC_ACL_NETDEV_FILENAME "aclndev" 00355 #define RSBAC_ACL_NETDEV_LIST_VERSION 1 00356 #define RSBAC_ACL_DEF_NETDEV_FILENAME "aclndev.df" 00357 #define RSBAC_ACL_DEF_NETDEV_LIST_VERSION 1 00358 00359 /**********************************************/ 00360 /* ACL entries for Network Template NT (template protection) ACL */ 00361 /**********************************************/ 00362 00363 #define RSBAC_ACL_NETTEMP_NT_FILENAME "aclntnt" 00364 #define RSBAC_ACL_NETTEMP_NT_LIST_VERSION 1 00365 #define RSBAC_ACL_DEF_NETTEMP_NT_FILENAME "aclntnt.df" 00366 #define RSBAC_ACL_DEF_NETTEMP_NT_LIST_VERSION 1 00367 00368 /**********************************************/ 00369 /* ACL entries for Network Object ACL */ 00370 /**********************************************/ 00371 00372 #define RSBAC_ACL_NETTEMP_FILENAME "aclnt" 00373 #define RSBAC_ACL_NETTEMP_LIST_VERSION 1 00374 #define RSBAC_ACL_NETOBJ_FILENAME "aclno" 00375 #define RSBAC_ACL_NETOBJ_LIST_VERSION 1 00376 #define RSBAC_ACL_DEF_NETOBJ_FILENAME "aclno.df" 00377 #define RSBAC_ACL_DEF_NETOBJ_LIST_VERSION 1 00378 00379 00380 /**********************************************/ 00381 /* Group Lists */ 00382 /**********************************************/ 00383 00384 #define RSBAC_ACL_GROUP_FILENAME "aclgrp" 00385 #define RSBAC_ACL_GM_FILENAME "aclgm" 00386 00387 /* In acl_types.h: #define RSBAC_ACL_GROUP_VERSION 2 */ 00388 00389 #define RSBAC_ACL_GM_VERSION 1 00390 00391 #endif

Generated on Tue Aug 31 10:05:22 2004 for RSBAC by doxygen 1.3.8