00001 /**************************************/ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2003: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* Data structures / AUTH */ 00006 /* Last modified: 11/Dec/2003 */ 00007 /**************************************/ 00008 00009 #ifndef __RSBAC_AUTH_DATA_STRUC_H 00010 #define __RSBAC_AUTH_DATA_STRUC_H 00011 00012 #include <linux/types.h> 00013 #include <rsbac/aci.h> 00014 #include <rsbac/types.h> 00015 00016 /**********************************************/ 00017 /* Capability lists */ 00018 /**********************************************/ 00019 00020 #define RSBAC_AUTH_LIST_KEY 626281 00021 00022 #define RSBAC_AUTH_P_LIST_VERSION 1 00023 #define RSBAC_AUTH_P_LIST_NAME "authproc" 00024 #define RSBAC_AUTH_P_EFF_LIST_NAME "authproceff" 00025 #define RSBAC_AUTH_P_FS_LIST_NAME "authprocfs" 00026 00027 #define RSBAC_AUTH_FD_FILENAME "authfd." 00028 #define RSBAC_AUTH_FD_EFF_FILENAME "authfde." 00029 #define RSBAC_AUTH_FD_FS_FILENAME "authfdf." 00030 #define RSBAC_AUTH_NR_CAP_FD_LISTS 4 00031 #define RSBAC_AUTH_NR_CAP_EFF_FD_LISTS 2 00032 #define RSBAC_AUTH_NR_CAP_FS_FD_LISTS 2 00033 #define RSBAC_AUTH_FD_LIST_VERSION 1 00034 #define RSBAC_AUTH_FD_EFF_LIST_VERSION 1 00035 #define RSBAC_AUTH_FD_FS_LIST_VERSION 1 00036 00037 /* The list of devices is also a double linked list, so we define list */ 00038 /* items and a list head. */ 00039 00040 struct rsbac_auth_device_list_item_t 00041 { 00042 kdev_t id; /* set to 0 before deletion */ 00043 u_int mount_count; 00044 rsbac_list_handle_t handles[RSBAC_AUTH_NR_CAP_FD_LISTS]; 00045 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 00046 rsbac_list_handle_t eff_handles[RSBAC_AUTH_NR_CAP_EFF_FD_LISTS]; 00047 rsbac_list_handle_t fs_handles[RSBAC_AUTH_NR_CAP_FS_FD_LISTS]; 00048 #endif 00049 struct rsbac_auth_device_list_item_t * prev; 00050 struct rsbac_auth_device_list_item_t * next; 00051 }; 00052 00053 /* To provide consistency we use spinlocks for all list accesses. The */ 00054 /* 'curr' entry is used to avoid repeated lookups for the same item. */ 00055 00056 struct rsbac_auth_device_list_head_t 00057 { 00058 struct rsbac_auth_device_list_item_t * head; 00059 struct rsbac_auth_device_list_item_t * tail; 00060 struct rsbac_auth_device_list_item_t * curr; 00061 rwlock_t lock; 00062 u_int count; 00063 }; 00064 00065 #endif