/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/rc_data_structures.h

Go to the documentation of this file.
00001 /*********************************/ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2004: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* Data structures for Role */ 00006 /* Compatibility module */ 00007 /* Last modified: 07/Jun/2004 */ 00008 /*********************************/ 00009 00010 00011 #ifndef __RSBAC_RC_DATA_STRUC_H 00012 #define __RSBAC_RC_DATA_STRUC_H 00013 00014 #ifdef __KERNEL__ /* only include in kernel code */ 00015 #include <linux/types.h> 00016 #include <rsbac/types.h> 00017 #endif /* __KERNEL__ */ 00018 00019 /* First of all we define dirname and filenames for saving the roles to disk. */ 00020 /* The path must be a valid single dir name! Each mounted device gets its */ 00021 /* own file set, residing in 'DEVICE_ROOT/RSBAC_ACI_PATH/'. */ 00022 /* All user access to these files will be denied. */ 00023 /* Backups are kept in FILENAMEb. */ 00024 00025 #ifdef __KERNEL__ 00026 #define RSBAC_RC_LIST_KEY 77788855 00027 00028 /* roles */ 00029 #define RSBAC_RC_ROLE_FILENAME "rc_r" 00030 00031 /* roles we are compatible with ( = we can change to) */ 00032 #define RSBAC_RC_ROLE_RC_FILENAME "rc_rc" 00033 00034 /* roles we may administrate (replaces admin_type) */ 00035 #define RSBAC_RC_ROLE_ADR_FILENAME "rc_adr" 00036 00037 /* roles we may read and assign to users, if they were in one of these before. */ 00038 #define RSBAC_RC_ROLE_ASR_FILENAME "rc_asr" 00039 00040 /* file/dir/fifo/symlink types and requests we are compatible with */ 00041 #define RSBAC_RC_ROLE_TCFD_FILENAME "rc_tcfd" 00042 00043 /* dev types and requests we are compatible with */ 00044 #define RSBAC_RC_ROLE_TCDV_FILENAME "rc_tcdv" 00045 00046 /* user types and requests we are compatible with */ 00047 #define RSBAC_RC_ROLE_TCUS_FILENAME "rc_tcus" 00048 00049 /* process types and requests we are compatible with */ 00050 #define RSBAC_RC_ROLE_TCPR_FILENAME "rc_tcpr" 00051 00052 /* IPC types and requests we are compatible with */ 00053 #define RSBAC_RC_ROLE_TCIP_FILENAME "rc_tcip" 00054 00055 /* SCD types and requests we are compatible with */ 00056 #define RSBAC_RC_ROLE_TCSC_FILENAME "rc_tcsc" 00057 00058 /* NETDEV types and requests we are compatible with */ 00059 #define RSBAC_RC_ROLE_TCND_FILENAME "rc_tcnd" 00060 00061 /* NETTEMP types and requests we are compatible with */ 00062 #define RSBAC_RC_ROLE_TCNT_FILENAME "rc_tcnt" 00063 00064 /* NETOBJ types and requests we are compatible with */ 00065 #define RSBAC_RC_ROLE_TCNO_FILENAME "rc_tcno" 00066 00067 #define RSBAC_RC_ROLE_LIST_VERSION 2 00068 #define RSBAC_RC_ROLE_OLD_LIST_VERSION 1 00069 #define RSBAC_RC_ROLE_RC_LIST_VERSION 1 00070 #define RSBAC_RC_ROLE_ADR_LIST_VERSION 1 00071 #define RSBAC_RC_ROLE_ASR_LIST_VERSION 1 00072 #define RSBAC_RC_ROLE_TCFD_LIST_VERSION 1 00073 #define RSBAC_RC_ROLE_TCDV_LIST_VERSION 1 00074 #define RSBAC_RC_ROLE_TCUS_LIST_VERSION 1 00075 #define RSBAC_RC_ROLE_TCPR_LIST_VERSION 1 00076 #define RSBAC_RC_ROLE_TCIP_LIST_VERSION 1 00077 #define RSBAC_RC_ROLE_TCSC_LIST_VERSION 1 00078 #define RSBAC_RC_ROLE_TCND_LIST_VERSION 1 00079 #define RSBAC_RC_ROLE_TCNT_LIST_VERSION 1 00080 #define RSBAC_RC_ROLE_TCNO_LIST_VERSION 1 00081 00082 #define RSBAC_RC_TYPE_FD_FILENAME "rc_tfd" 00083 #define RSBAC_RC_TYPE_DEV_FILENAME "rc_tdv" 00084 #define RSBAC_RC_TYPE_IPC_FILENAME "rc_tip" 00085 #define RSBAC_RC_TYPE_USER_FILENAME "rc_tus" 00086 #define RSBAC_RC_TYPE_PROCESS_FILENAME "rc_tpr" 00087 #define RSBAC_RC_TYPE_NETDEV_FILENAME "rc_tnd" 00088 #define RSBAC_RC_TYPE_NETTEMP_FILENAME "rc_tnt" 00089 #define RSBAC_RC_TYPE_NETOBJ_FILENAME "rc_tno" 00090 00091 #define RSBAC_RC_TYPE_FD_LIST_VERSION 1 00092 #define RSBAC_RC_TYPE_DEV_LIST_VERSION 1 00093 #define RSBAC_RC_TYPE_IPC_LIST_VERSION 1 00094 #define RSBAC_RC_TYPE_USER_LIST_VERSION 1 00095 #define RSBAC_RC_TYPE_PROCESS_LIST_VERSION 1 00096 #define RSBAC_RC_TYPE_NETDEV_LIST_VERSION 1 00097 #define RSBAC_RC_TYPE_NETTEMP_LIST_VERSION 1 00098 #define RSBAC_RC_TYPE_NETOBJ_LIST_VERSION 1 00099 #endif /* __KERNEL__ */ 00100 00101 /* 00102 * The following structures provide the role model data structures. 00103 * All RSBAC_RC_NR_ROLES roles and RSBAC_RC_NR_TYPES x target-no. types 00104 * and SCD-type definitions are kept in arrays and saved to disk as such. 00105 */ 00106 00107 /*************************************** 00108 * Roles * 00109 ***************************************/ 00110 00111 /* Caution: whenever role struct changes, version and old_version must be increased! */ 00112 00113 struct rsbac_rc_role_entry_t 00114 { 00115 rsbac_enum_t admin_type; /* role admin: none, system or role admin? */ 00116 char name[RSBAC_RC_NAME_LEN]; 00117 rsbac_rc_type_id_t def_fd_create_type; 00118 rsbac_rc_type_id_t def_user_create_type; 00119 rsbac_rc_type_id_t def_process_create_type; 00120 rsbac_rc_type_id_t def_process_chown_type; 00121 rsbac_rc_type_id_t def_process_execute_type; 00122 rsbac_rc_type_id_t def_ipc_create_type; 00123 rsbac_enum_t boot_role; 00124 }; 00125 00126 struct rsbac_rc_old_role_entry_t 00127 { 00128 rsbac_enum_t admin_type; /* role admin: none, system or role admin? */ 00129 char name[RSBAC_RC_NAME_LEN]; 00130 rsbac_rc_type_id_t def_fd_create_type; 00131 rsbac_rc_type_id_t def_process_create_type; 00132 rsbac_rc_type_id_t def_process_chown_type; 00133 rsbac_rc_type_id_t def_process_execute_type; 00134 rsbac_rc_type_id_t def_ipc_create_type; 00135 }; 00136 00137 #define RSBAC_RC_NR_ROLE_ENTRY_ITEMS 21 00138 #define RSBAC_RC_ROLE_ENTRY_ITEM_LIST { \ 00139 RI_role_comp, \ 00140 RI_admin_roles, \ 00141 RI_assign_roles, \ 00142 RI_type_comp_fd, \ 00143 RI_type_comp_dev, \ 00144 RI_type_comp_user, \ 00145 RI_type_comp_process, \ 00146 RI_type_comp_ipc, \ 00147 RI_type_comp_scd, \ 00148 RI_type_comp_netdev, \ 00149 RI_type_comp_nettemp, \ 00150 RI_type_comp_netobj, \ 00151 RI_admin_type, \ 00152 RI_name, \ 00153 RI_def_fd_create_type, \ 00154 RI_def_user_create_type, \ 00155 RI_def_process_create_type, \ 00156 RI_def_process_chown_type, \ 00157 RI_def_process_execute_type, \ 00158 RI_def_ipc_create_type, \ 00159 RI_boot_role \ 00160 } 00161 00162 /*************************************** 00163 * Type names * 00164 ***************************************/ 00165 00166 /* Caution: whenever role struct changes, version and old_version must be increased! */ 00167 00168 /* #define RSBAC_RC_OLD_TYPE_VERSION 1 */ 00169 #define RSBAC_RC_TYPE_VERSION 1 00170 00171 struct rsbac_rc_type_fd_entry_t 00172 { 00173 char name[RSBAC_RC_NAME_LEN]; 00174 __u8 need_secdel; /* boolean */ 00175 }; 00176 00177 #define RSBAC_RC_NR_TYPE_ENTRY_ITEMS 9 00178 #define RSBAC_RC_TYPE_ENTRY_ITEM_LIST { \ 00179 RI_type_fd_name, \ 00180 RI_type_dev_name, \ 00181 RI_type_ipc_name, \ 00182 RI_type_scd_name, \ 00183 RI_type_process_name, \ 00184 RI_type_netdev_name, \ 00185 RI_type_nettemp_name, \ 00186 RI_type_netobj_name, \ 00187 RI_type_fd_need_secdel \ 00188 } 00189 00190 /**********************************************/ 00191 /* Default values */ 00192 /**********************************************/ 00193 00194 #define RSBAC_RC_GENERAL_ROLE_ENTRY \ 00195 { \ 00196 RC_no_admin, /* admin_type */ \ 00197 "General User", /* name */ \ 00198 RC_type_inherit_parent, /* def_fd_create_type */ \ 00199 RSBAC_RC_GENERAL_TYPE, /* def_user_create_type */ \ 00200 RC_type_inherit_parent, /* def_process_create_type */ \ 00201 RC_type_use_new_role_def_create, /* def_process_chown_type */ \ 00202 RC_type_inherit_process, /* def_process_execute_type */ \ 00203 RSBAC_RC_GENERAL_TYPE, /* def_ipc_create_type */ \ 00204 FALSE /* boot_role */ \ 00205 } 00206 00207 #define RSBAC_RC_ROLE_ADMIN_ROLE_ENTRY \ 00208 { \ 00209 RC_role_admin, /* admin_type */ \ 00210 "Role Admin", /* name */ \ 00211 RC_type_inherit_parent, /* def_fd_create_type */ \ 00212 RSBAC_RC_GENERAL_TYPE, /* def_user_create_type */ \ 00213 RC_type_inherit_parent, /* def_process_create_type */ \ 00214 RC_type_use_new_role_def_create, /* def_process_chown_type */ \ 00215 RC_type_inherit_process, /* def_process_execute_type */ \ 00216 RSBAC_RC_GENERAL_TYPE, /* def_ipc_create_type */ \ 00217 FALSE /* boot_role */ \ 00218 } 00219 00220 #define RSBAC_RC_SYSTEM_ADMIN_ROLE_ENTRY \ 00221 { \ 00222 RC_system_admin, /* admin_type */ \ 00223 "System Admin", /* name */ \ 00224 RC_type_inherit_parent, /* def_fd_create_type */ \ 00225 RSBAC_RC_GENERAL_TYPE, /* def_user_create_type */ \ 00226 RC_type_inherit_parent, /* def_process_create_type */ \ 00227 RC_type_use_new_role_def_create, /* def_process_chown_type */ \ 00228 RC_type_inherit_process, /* def_process_execute_type */ \ 00229 RSBAC_RC_GENERAL_TYPE, /* def_ipc_create_type */ \ 00230 FALSE /* boot_role */ \ 00231 } 00232 00233 #define RSBAC_RC_BOOT_ROLE_ENTRY \ 00234 { \ 00235 RC_no_admin, /* admin_type */ \ 00236 "System Boot", /* name */ \ 00237 RC_type_inherit_parent, /* def_fd_create_type */ \ 00238 RSBAC_RC_GENERAL_TYPE, /* def_user_create_type */ \ 00239 RC_type_inherit_parent, /* def_process_create_type */ \ 00240 RC_type_use_new_role_def_create, /* def_process_chown_type */ \ 00241 RC_type_inherit_process, /* def_process_execute_type */ \ 00242 RSBAC_RC_GENERAL_TYPE, /* def_ipc_create_type */ \ 00243 TRUE /* boot_role */ \ 00244 } 00245 00246 #define RSBAC_RC_AUDITOR_ROLE_ENTRY \ 00247 { \ 00248 RC_no_admin, /* admin_type */ \ 00249 "Auditor", /* name */ \ 00250 RC_type_inherit_parent, /* def_fd_create_type */ \ 00251 RSBAC_RC_GENERAL_TYPE, /* def_user_create_type */ \ 00252 RC_type_inherit_parent, /* def_process_create_type */ \ 00253 RC_type_use_new_role_def_create, /* def_process_chown_type */ \ 00254 RC_type_inherit_process, /* def_process_execute_type */ \ 00255 RSBAC_RC_GENERAL_TYPE, /* def_ipc_create_type */ \ 00256 FALSE /* boot_role */ \ 00257 } 00258 00259 /**********************************************/ 00260 /* Declarations */ 00261 /**********************************************/ 00262 00263 #ifdef __KERNEL__ 00264 #endif /* __KERNEL__ */ 00265 00266 #endif /* __RSBAC_RC_DATA_STRUC_H */

Generated on Tue Aug 31 10:05:22 2004 for RSBAC by doxygen 1.3.8