/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/types.h
Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
#ifndef __RSBAC_TYPES_H
00011
#define __RSBAC_TYPES_H
00012
00013
00014
#ifdef CONFIG_MODULES
00015
#endif
00016
00017 #define RSBAC_VERSION "v1.2.3"
00018 #define RSBAC_VERSION_MAJOR 1
00019 #define RSBAC_VERSION_MID 2
00020 #define RSBAC_VERSION_MINOR 3
00021 #define RSBAC_VERSION_NR \
00022
((RSBAC_VERSION_MAJOR << 16) | (RSBAC_VERSION_MID << 8) | RSBAC_VERSION_MINOR)
00023 #define RSBAC_VERSION_MAKE_NR(x,y,z) \
00024
((x << 16) & (y << 8) & z)
00025
00026
#include <linux/types.h>
00027
00028
#ifdef __KERNEL__
00029
#include <linux/fs.h>
00030
#include <linux/socket.h>
00031
#include <linux/pipe_fs_i.h>
00032
#include <linux/kdev_t.h>
00033
00034
00035
#ifndef LINUX_VERSION_CODE
00036
#include <linux/version.h>
00037
#endif
00038
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,19)
00039
#error "RSBAC: unsupported kernel version"
00040
#endif
00041
00042
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00043
#define RSBAC_MAJOR MAJOR
00044
#define RSBAC_MINOR MINOR
00045
#define RSBAC_MKDEV(major,minor) MKDEV(major,minor)
00046
static inline u_int rsbac_current_time(
void)
00047 {
00048
struct timespec ts = CURRENT_TIME;
00049
return ts.tv_sec;
00050 }
00051
#ifndef kdev_t
00052
#define kdev_t dev_t
00053
#endif
00054
#define RSBAC_CURRENT_TIME (rsbac_current_time())
00055
#else
00056
#define RSBAC_MAJOR MAJOR
00057
#define RSBAC_MINOR MINOR
00058
#define RSBAC_MKDEV(major,minor) MKDEV(major,minor)
00059
#define RSBAC_CURRENT_TIME CURRENT_TIME
00060
#endif
00061
00062
#define RSBAC_ZERO_DEV RSBAC_MKDEV(0,0)
00063
#define RSBAC_AUTO_DEV RSBAC_MKDEV(99,99)
00064
#define RSBAC_IS_ZERO_DEV(kdev) (!RSBAC_MAJOR(kdev) && !RSBAC_MINOR(kdev))
00065
#define RSBAC_IS_AUTO_DEV(kdev) ((RSBAC_MAJOR(kdev) == 99) && (RSBAC_MINOR(kdev) == 99))
00066
00067
#ifdef CONFIG_RSBAC_INIT_DELAY
00068
#define R_INIT
00069
#else
00070
#define R_INIT __init
00071
#endif
00072
00073
#endif
00074
00075
00076
00077
#ifndef NULL
00078 #define NULL ((void *) 0)
00079
#endif
00080
00081 #define rsbac_min(a,b) (((a)<(b))?(a):(b))
00082 #define rsbac_max(a,b) (((a)>(b))?(a):(b))
00083
00084 #define RSBAC_OLD_NO_USER 65533
00085 #define RSBAC_OLD_ALL_USERS 65532
00086 #define RSBAC_NO_USER ((rsbac_uid_t) -3)
00087 #define RSBAC_ALL_USERS ((rsbac_uid_t) -4)
00088
00089
#ifndef __cplusplus
00090
#if defined(FALSE) || defined(TRUE) || defined(boolean)
00091
#ifndef boolean
00092
typedef int boolean;
00093
#endif
00094
#ifndef FALSE
00095
#define FALSE 0
00096
#endif
00097
#ifndef TRUE
00098
#define TRUE 1
00099
#endif
00100
#else
00101 typedef enum {
FALSE,
TRUE}
boolean;
00102
#endif
00103
#else
00104
typedef bool boolean;
00105
#endif
00106
00107 typedef __u8
rsbac_boolean_int_t;
00108
00109 #define RSBAC_IFNAMSIZ 16
00110 typedef u_char
rsbac_netdev_id_t[
RSBAC_IFNAMSIZ + 1];
00111
00112 #define RSBAC_SEC_DEL_CHUNK_SIZE 65536
00113
00114
00115
00116 #define RSBAC_AUTH_LOGIN_PATH "/bin/login"
00117 #define RSBAC_AUTH_LOGIN_PATH_DIR "bin"
00118 #define RSBAC_AUTH_LOGIN_PATH_FILE "login"
00119
00120
00121
00122
00123
00124
00125 typedef __u32
rsbac_version_t;
00126 typedef __u32
rsbac_uid_t;
00127 typedef __u32
rsbac_gid_t;
00128 typedef __u16
rsbac_old_uid_t;
00129 typedef __u16
rsbac_old_gid_t;
00130 typedef __u32
rsbac_time_t;
00131 typedef __u32
rsbac_cap_vector_t;
00132
00133
00134 #define RSBAC_LIST_TTL_KEEP ((rsbac_time_t) -1)
00135
00136 typedef __u8
rsbac_enum_t;
00137
00138 #define RSBAC_SYSADM_UID 0
00139 #define RSBAC_BIN_UID 1
00140
#ifdef CONFIG_RSBAC_SECOFF_UID
00141
#define RSBAC_SECOFF_UID CONFIG_RSBAC_SECOFF_UID
00142
#else
00143 #define RSBAC_SECOFF_UID 400
00144
#endif
00145 #define RSBAC_DATAPROT_UID (RSBAC_SECOFF_UID+1)
00146 #define RSBAC_TPMAN_UID (RSBAC_SECOFF_UID+2)
00147 #define RSBAC_AUDITOR_UID (RSBAC_SECOFF_UID+4)
00148
00149 typedef __u32
rsbac_pseudo_t;
00150 typedef __u32
rsbac_pid_t;
00151
00152
00153 typedef __u8
rsbac_security_level_t;
00154 #define SL_max 252
00155 #define SL_min 0
00156
00157 #define SL_inherit 254
00158 #define SL_none 255
00159 enum rsbac_old_security_level_t {
SL_unclassified,
SL_confidential,
SL_secret,
00160
SL_top_secret,
SL_old_rsbac_internal,
00161
SL_old_inherit,
SL_old_none};
00162
00163 typedef __u64
rsbac_mac_category_vector_t;
00164 #define RSBAC_MAC_GENERAL_CATEGORY 0
00165 #define RSBAC_MAC_DEF_CAT_VECTOR ((rsbac_mac_category_vector_t) 1)
00166
00167 #define RSBAC_MAC_MAX_CAT_VECTOR ((rsbac_mac_category_vector_t) -1)
00168
00169 #define RSBAC_MAC_MIN_CAT_VECTOR ((rsbac_mac_category_vector_t) 0)
00170
00171 #define RSBAC_MAC_INHERIT_CAT_VECTOR ((rsbac_mac_category_vector_t) 0)
00172
00173 #define RSBAC_MAC_NR_CATS 64
00174 #define RSBAC_MAC_MAX_CAT 63
00175
00176 #define RSBAC_MAC_CAT_VECTOR(x) ((rsbac_mac_category_vector_t) 1 << (x))
00177
00178 typedef u_int
rsbac_cwi_relation_id_t;
00179
00180
00181 enum rsbac_system_role_t {
SR_user,
SR_security_officer,
SR_administrator,
00182
SR_auditor,
SR_none};
00183 typedef rsbac_enum_t rsbac_system_role_int_t;
00184
00185
00186 enum rsbac_object_category_t {
OC_general,
OC_security,
OC_system,
00187
OC_inherit,
OC_none};
00188 #define RSBAC_FC_OC_DEF OC_inherit
00189 #define RSBAC_FC_OC_ROOT_DEF OC_general
00190
00191 typedef rsbac_enum_t rsbac_fc_oc_t;
00192
00193
00194 enum rsbac_data_type_t {
DT_none,
DT_SI,
DT_inherit};
00195 #define RSBAC_SIM_DT_DEF DT_inherit
00196 #define RSBAC_SIM_DT_ROOT_DEF DT_none
00197
00198 typedef rsbac_enum_t rsbac_sim_dt_t;
00199
00200
00201 enum rsbac_fake_root_uid_t {
FR_off,
FR_uid_only,
FR_euid_only,
FR_both,
00202
FR_none};
00203 typedef rsbac_enum_t rsbac_fake_root_uid_int_t;
00204
00205 enum rsbac_scd_type_t {
ST_time_strucs,
ST_clock,
ST_host_id,
00206
ST_net_id,
ST_ioports,
ST_rlimit,
00207
ST_swap,
ST_syslog,
ST_rsbac,
ST_rsbaclog,
00208
ST_other,
ST_kmem,
ST_network,
ST_firewall,
00209
ST_priority,
ST_sysfs,
ST_none};
00210
00211 enum rsbac_dev_type_t {
D_block,
D_char,
D_none};
00212
00213
00214 enum rsbac_ipc_type_t {
I_sem,
I_msg,
I_shm,
I_none};
00215 union rsbac_ipc_id_t
00216 {
00217 u_long
id_nr;
00218 };
00219
00220 typedef __u32
rsbac_inode_nr_t;
00221
00222 enum rsbac_linux_dac_disable_t {
LDD_false,
LDD_true,
LDD_inherit,
LDD_none};
00223 typedef rsbac_enum_t rsbac_linux_dac_disable_int_t;
00224
00225
#ifdef __KERNEL__
00226
00227
00228
struct rsbac_fs_file_t
00229 {
00230 kdev_t device;
00231
rsbac_inode_nr_t inode;
00232
struct dentry * dentry_p;
00233 };
00234
00235
00236
struct rsbac_dev_desc_t
00237 {
00238 __u32 type;
00239 __u32 major;
00240 __u32 minor;
00241 };
00242
00243
struct rsbac_dev_t
00244 {
00245
enum rsbac_dev_type_t type;
00246 kdev_t
id;
00247 };
00248
#endif
00249
00250
00251 struct rsbac_ipc_t
00252 {
00253 enum rsbac_ipc_type_t type;
00254 union rsbac_ipc_id_t id;
00255 };
00256
00257
00258 enum rsbac_log_level_t {
LL_none,
LL_denied,
LL_full,
LL_request,
LL_invalid};
00259 typedef __u64
rsbac_log_array_t;
00260
00261
00262 typedef __u64
rsbac_request_vector_t;
00263 #define RSBAC_REQUEST_VECTOR(x) ((rsbac_request_vector_t) 1 << (x))
00264
00265
00266 #define RSBAC_MAXNAMELEN 256
00267
00268
00269
00270 typedef __u8
rsbac_mac_user_flags_t;
00271 typedef __u16
rsbac_mac_process_flags_t;
00272 typedef __u8
rsbac_mac_file_flags_t;
00273 typedef struct rsbac_fs_file_t
rsbac_mac_file_t;
00274 #define RSBAC_MAC_MAX_MAXNUM 1000000
00275
00276 #define MAC_override 1
00277 #define MAC_auto 2
00278 #define MAC_trusted 4
00279 #define MAC_write_up 8
00280 #define MAC_read_up 16
00281 #define MAC_write_down 32
00282 #define MAC_allow_auto 64
00283 #define MAC_prop_trusted 128
00284 #define MAC_program_auto 256
00285
00286 #define RSBAC_MAC_U_FLAGS (MAC_override | MAC_trusted | MAC_write_up | MAC_read_up | MAC_write_down | MAC_allow_auto)
00287 #define RSBAC_MAC_P_FLAGS (MAC_override | MAC_auto | MAC_trusted | MAC_write_up | MAC_read_up | MAC_write_down | MAC_prop_trusted | MAC_program_auto)
00288 #define RSBAC_MAC_F_FLAGS (MAC_auto | MAC_trusted | MAC_write_up | MAC_read_up | MAC_write_down)
00289
00290 #define RSBAC_MAC_DEF_U_FLAGS 0
00291 #define RSBAC_MAC_DEF_SYSADM_U_FLAGS MAC_allow_auto
00292 #define RSBAC_MAC_DEF_SECOFF_U_FLAGS MAC_override
00293
00294 #define RSBAC_MAC_DEF_P_FLAGS 0
00295 #define RSBAC_MAC_DEF_INIT_P_FLAGS MAC_auto
00296
00297 typedef rsbac_enum_t rsbac_mac_auto_int_t;
00298 enum rsbac_mac_auto_t {
MA_no,
MA_yes,
MA_inherit};
00299
00300
00301
00302
#include <rsbac/pm_types.h>
00303
00304
00305 typedef __u8
rsbac_daz_scanned_t;
00306 #define DAZ_unscanned 0
00307 #define DAZ_infected 1
00308 #define DAZ_clean 2
00309 #define DAZ_max 2
00310 #define DEFAULT_DAZ_FD_SCANNED DAZ_unscanned
00311 typedef __u8
rsbac_daz_scanner_t;
00312
00313
00314
00315 typedef __u16
rsbac_ff_flags_t;
00316 #define FF_read_only 1
00317 #define FF_execute_only 2
00318 #define FF_search_only 4
00319 #define FF_write_only 8
00320 #define FF_secure_delete 16
00321 #define FF_no_execute 32
00322 #define FF_no_delete_or_rename 64
00323 #define FF_append_only 256
00324 #define FF_no_mount 512
00325
00326 #define FF_add_inherited 128
00327
00328 #define RSBAC_FF_DEF FF_add_inherited
00329 #define RSBAC_FF_ROOT_DEF 0
00330
00331
00332
00333
#include <rsbac/rc_types.h>
00334
00335
00336
00337 #define RSBAC_AUTH_MAX_MAXNUM 1000000
00338 #define RSBAC_AUTH_OLD_OWNER_F_CAP (rsbac_old_uid_t) -3
00339 #define RSBAC_AUTH_OWNER_F_CAP ((rsbac_uid_t) -3)
00340 #define RSBAC_AUTH_DAC_OWNER_F_CAP ((rsbac_uid_t) -4)
00341 #define RSBAC_AUTH_MAX_RANGE_UID ((rsbac_uid_t) -10)
00342 typedef struct rsbac_fs_file_t
rsbac_auth_file_t;
00343 struct rsbac_auth_cap_range_t
00344 {
00345 rsbac_uid_t first;
00346 rsbac_uid_t last;
00347 };
00348 enum rsbac_auth_cap_type_t {
ACT_real,
ACT_eff,
ACT_fs,
ACT_none};
00349 typedef rsbac_enum_t rsbac_auth_cap_type_int_t;
00350
00351
00352
00353
00354
00355 enum rsbac_cap_process_hiding_t {
PH_off,
PH_from_other_users,
PH_full,
00356
PH_none};
00357 typedef rsbac_enum_t rsbac_cap_process_hiding_int_t;
00358
00359
#include <linux/capability.h>
00360 #define CAP_NONE 29
00361 #define RSBAC_CAP_MAX CAP_NONE
00362
00363
00364
00365 #define RSBAC_JAIL_VERSION 1
00366
00367 typedef __u32
rsbac_jail_id_t;
00368 #define RSBAC_JAIL_DEF_ID 0
00369 typedef __u32
rsbac_jail_ip_t;
00370
00371 typedef __u32
rsbac_jail_flags_t;
00372 #define JAIL_allow_external_ipc 1
00373 #define JAIL_allow_all_net_family 2
00374 #define JAIL_allow_rlimit 4
00375 #define JAIL_allow_inet_raw 8
00376 #define JAIL_auto_adjust_inet_any 16
00377 #define JAIL_allow_inet_localhost 32
00378 #define JAIL_allow_clock 64
00379
00380 #define RSBAC_JAIL_LOCALHOST ((1 << 24) | 127)
00381
00382
00383
00384 typedef unsigned long rsbac_pax_flags_t;
00385
00386
00387
#ifdef __KERNEL__
00388
#include <linux/elf.h>
00389
#include <linux/random.h>
00390
#endif
00391
#ifndef PF_PAX_PAGEEXEC
00392 #define PF_PAX_PAGEEXEC 0x01000000
00393 #define PF_PAX_EMUTRAMP 0x02000000
00394 #define PF_PAX_MPROTECT 0x04000000
00395 #define PF_PAX_RANDMMAP 0x08000000
00396 #define PF_PAX_RANDEXEC 0x10000000
00397 #define PF_PAX_SEGMEXEC 0x20000000
00398
#endif
00399
00400 #define RSBAC_PAX_DEF_FLAGS (PF_PAX_SEGMEXEC | PF_PAX_MPROTECT | PF_PAX_RANDMMAP)
00401 #define RSBAC_PAX_ALL_FLAGS ((rsbac_pax_flags_t) 255 << 24)
00402
00403
00404
00405
00406 typedef __u32
rsbac_res_limit_t;
00407 #define RSBAC_RES_UNSET 0
00408
00409 #define RSBAC_RES_MAX 10
00410 #define RSBAC_RES_NONE 11
00411
00412 typedef rsbac_res_limit_t rsbac_res_array_t[
RSBAC_RES_MAX + 1];
00413
00414
00415 typedef __s32
rsbac_reg_handle_t;
00416
00417
00418
00419
00420
00421
00422
#include <rsbac/network_types.h>
00423
00424
#ifdef __KERNEL__
00425
typedef struct socket *
rsbac_net_obj_id_t;
00426
#else
00427 typedef void *
rsbac_net_obj_id_t;
00428
#endif
00429
00430 struct rsbac_net_obj_desc_t
00431 {
00432 rsbac_net_obj_id_t sock_p;
00433 void *
local_addr;
00434 u_int
local_len;
00435 void *
remote_addr;
00436 u_int
remote_len;
00437 };
00438
00439 #define RSBAC_ADF_REQUEST_ARRAY_VERSION 2
00440
00441 enum rsbac_adf_request_t {
00442
R_ADD_TO_KERNEL,
00443
R_ALTER,
00444
R_APPEND_OPEN,
00445
R_CHANGE_GROUP,
00446
R_CHANGE_OWNER,
00447
R_CHDIR,
00448
R_CLONE,
00449
R_CLOSE,
00450
R_CREATE,
00451
R_DELETE,
00452
R_EXECUTE,
00453
R_GET_PERMISSIONS_DATA,
00454
R_GET_STATUS_DATA,
00455
R_LINK_HARD,
00456
R_MODIFY_ACCESS_DATA,
00457
R_MODIFY_ATTRIBUTE,
00458
R_MODIFY_PERMISSIONS_DATA,
00459
R_MODIFY_SYSTEM_DATA,
00460
R_MOUNT,
00461
R_READ,
00462
R_READ_ATTRIBUTE,
00463
R_READ_WRITE_OPEN,
00464
R_READ_OPEN,
00465
R_REMOVE_FROM_KERNEL,
00466
R_RENAME,
00467
R_SEARCH,
00468
R_SEND_SIGNAL,
00469
R_SHUTDOWN,
00470
R_SWITCH_LOG,
00471
R_SWITCH_MODULE,
00472
R_TERMINATE,
00473
R_TRACE,
00474
R_TRUNCATE,
00475
R_UMOUNT,
00476
R_WRITE,
00477
R_WRITE_OPEN,
00478
R_MAP_EXEC,
00479
R_BIND,
00480
R_LISTEN,
00481
R_ACCEPT,
00482
R_CONNECT,
00483
R_SEND,
00484
R_RECEIVE,
00485
R_NET_SHUTDOWN,
00486
R_CHANGE_DAC_EFF_OWNER,
00487
R_CHANGE_DAC_FS_OWNER,
00488
R_NONE
00489 };
00490
00491 typedef rsbac_enum_t rsbac_adf_request_int_t;
00492
00493
#include <rsbac/request_groups.h>
00494
00495
00496
00497
00498 enum rsbac_adf_req_ret_t {
NOT_GRANTED,
GRANTED,
DO_NOT_CARE,
UNDEFINED};
00499
00500
00501
00502
00503
00504
00505 enum rsbac_switch_target_t {
GEN,
MAC,
FC,
SIM,
PM,
DAZ,
FF,
RC,
AUTH,
REG,
ACL,
CAP,
JAIL,
RES,
PAX,
SOFTMODE,
DAC_DISABLE,
SW_NONE};
00506 #define RSBAC_MAX_MOD (SOFTMODE - 1)
00507 typedef rsbac_enum_t rsbac_switch_target_int_t;
00508
00509
00510
00511
00512
00513
00514
00515 enum rsbac_target_t {
T_FILE,
T_DIR,
T_FIFO,
T_SYMLINK,
T_DEV,
T_IPC,
T_SCD,
T_USER,
T_PROCESS,
00516
T_NETDEV,
T_NETTEMP,
T_NETOBJ,
T_NETTEMP_NT,
00517
T_FD,
00518
T_NONE};
00519
00520 union rsbac_target_id_t
00521 {
00522
#ifdef __KERNEL__
00523
struct rsbac_fs_file_t file;
00524
struct rsbac_fs_file_t dir;
00525
struct rsbac_fs_file_t fifo;
00526
struct rsbac_fs_file_t symlink;
00527
struct rsbac_dev_t dev;
00528
#endif
00529 struct rsbac_ipc_t ipc;
00530 rsbac_enum_t scd;
00531 rsbac_uid_t user;
00532 rsbac_pid_t process;
00533 rsbac_netdev_id_t netdev;
00534 rsbac_net_temp_id_t nettemp;
00535 struct rsbac_net_obj_desc_t netobj;
00536 int dummy;
00537 };
00538
00539
#ifdef __KERNEL__
00540
typedef rsbac_enum_t rsbac_log_entry_t[
T_NONE+1];
00541
00542
struct rsbac_create_data_t
00543 {
00544
enum rsbac_target_t target;
00545
struct dentry * dentry_p;
00546
int mode;
00547 kdev_t device;
00548 };
00549
#endif
00550
00551 enum rsbac_attribute_t
00552 {
00553
A_pseudo,
00554
A_security_level,
00555
A_initial_security_level,
00556
A_local_sec_level,
00557
A_remote_sec_level,
00558
A_min_security_level,
00559
A_mac_categories,
00560
A_mac_initial_categories,
00561
A_local_mac_categories,
00562
A_remote_mac_categories,
00563
A_mac_min_categories,
00564
A_mac_user_flags,
00565
A_mac_process_flags,
00566
A_mac_file_flags,
00567
A_object_category,
00568
A_local_object_category,
00569
A_remote_object_category,
00570
A_data_type,
00571
A_local_data_type,
00572
A_remote_data_type,
00573
A_system_role,
00574
A_mac_role,
00575
A_fc_role,
00576
A_sim_role,
00577
A_daz_role,
00578
A_ff_role,
00579
A_auth_role,
00580
A_cap_role,
00581
A_jail_role,
00582
A_pax_role,
00583
A_current_sec_level,
00584
A_mac_curr_categories,
00585
A_min_write_open,
00586
A_min_write_categories,
00587
A_max_read_open,
00588
A_max_read_categories,
00589
A_mac_auto,
00590
A_mac_check,
00591
A_mac_prop_trusted,
00592
A_pm_role,
00593
A_pm_process_type,
00594
A_pm_current_task,
00595
A_pm_object_class,
00596
A_local_pm_object_class,
00597
A_remote_pm_object_class,
00598
A_pm_ipc_purpose,
00599
A_local_pm_ipc_purpose,
00600
A_remote_pm_ipc_purpose,
00601
A_pm_object_type,
00602
A_local_pm_object_type,
00603
A_remote_pm_object_type,
00604
A_pm_program_type,
00605
A_pm_tp,
00606
A_pm_task_set,
00607
A_daz_scanned,
00608
A_daz_scanner,
00609
A_ff_flags,
00610
A_rc_type,
00611
A_local_rc_type,
00612
A_remote_rc_type,
00613
A_rc_type_fd,
00614
A_rc_type_nt,
00615
A_rc_force_role,
00616
A_rc_initial_role,
00617
A_rc_role,
00618
A_rc_def_role,
00619
A_auth_may_setuid,
00620
A_auth_may_set_cap,
00621
A_auth_learn,
00622
A_min_caps,
00623
A_max_caps,
00624
A_jail_id,
00625
A_jail_ip,
00626
A_jail_flags,
00627
A_jail_max_caps,
00628
A_pax_flags,
00629
A_res_role,
00630
A_res_min,
00631
A_res_max,
00632
A_log_array_low,
00633
A_local_log_array_low,
00634
A_remote_log_array_low,
00635
A_log_array_high,
00636
A_local_log_array_high,
00637
A_remote_log_array_high,
00638
A_log_program_based,
00639
A_log_user_based,
00640
A_symlink_add_uid,
00641
A_symlink_add_mac_level,
00642
A_symlink_add_rc_role,
00643
A_linux_dac_disable,
00644
A_cap_process_hiding,
00645
A_fake_root_uid,
00646
#ifdef __KERNEL__
00647
00648 A_owner,
00649 A_group,
00650 A_signal,
00651 A_mode,
00652 A_nlink,
00653 A_switch_target,
00654 A_mod_name,
00655 A_request,
00656 A_trace_request,
00657 A_auth_add_f_cap,
00658 A_auth_remove_f_cap,
00659 A_auth_get_caplist,
00660 A_prot_bits,
00661 A_internal,
00662
00663 A_create_data,
00664 A_new_object,
00665 A_rlimit,
00666 A_new_dir_dentry_p,
00667 A_auth_program_file,
00668 A_auth_start_uid,
00669 A_acl_learn,
00670 A_priority,
00671 A_pgid,
00672 A_kernel_thread,
00673
#endif
00674
A_none};
00675
00676 union rsbac_attribute_value_t
00677 {
00678 rsbac_uid_t owner;
00679 rsbac_pseudo_t pseudo;
00680 rsbac_security_level_t security_level;
00681 rsbac_mac_category_vector_t mac_categories;
00682 rsbac_fc_oc_t object_category;
00683 rsbac_sim_dt_t data_type;
00684 rsbac_system_role_int_t system_role;
00685 rsbac_security_level_t current_sec_level;
00686 rsbac_security_level_t min_write_open;
00687 rsbac_security_level_t max_read_open;
00688 rsbac_mac_user_flags_t mac_user_flags;
00689 rsbac_mac_process_flags_t mac_process_flags;
00690 rsbac_mac_file_flags_t mac_file_flags;
00691 rsbac_mac_auto_int_t mac_auto;
00692 boolean mac_check;
00693 boolean mac_prop_trusted;
00694 rsbac_pm_role_int_t pm_role;
00695 rsbac_pm_process_type_int_t pm_process_type;
00696 rsbac_pm_task_id_t pm_current_task;
00697 rsbac_pm_object_class_id_t pm_object_class;
00698 rsbac_pm_purpose_id_t pm_ipc_purpose;
00699 rsbac_pm_object_type_int_t pm_object_type;
00700 rsbac_pm_program_type_int_t pm_program_type;
00701 rsbac_pm_tp_id_t pm_tp;
00702 rsbac_pm_task_set_id_t pm_task_set;
00703 rsbac_daz_scanned_t daz_scanned;
00704 rsbac_daz_scanner_t daz_scanner;
00705 rsbac_ff_flags_t ff_flags;
00706 rsbac_rc_type_id_t rc_type;
00707 rsbac_rc_type_id_t rc_type_fd;
00708 rsbac_rc_role_id_t rc_force_role;
00709 rsbac_rc_role_id_t rc_initial_role;
00710 rsbac_rc_role_id_t rc_role;
00711 rsbac_rc_role_id_t rc_def_role;
00712 boolean auth_may_setuid;
00713 boolean auth_may_set_cap;
00714 rsbac_pid_t auth_p_capset;
00715 rsbac_inode_nr_t auth_f_capset;
00716 boolean auth_learn;
00717 rsbac_cap_vector_t min_caps;
00718 rsbac_cap_vector_t max_caps;
00719 rsbac_jail_id_t jail_id;
00720 rsbac_jail_ip_t jail_ip;
00721 rsbac_jail_flags_t jail_flags;
00722 rsbac_cap_vector_t jail_max_caps;
00723 rsbac_pax_flags_t pax_flags;
00724 rsbac_res_array_t res_array;
00725 rsbac_log_array_t log_array_low;
00726 rsbac_log_array_t log_array_high;
00727 rsbac_request_vector_t log_program_based;
00728 rsbac_request_vector_t log_user_based;
00729 boolean symlink_add_uid;
00730 boolean symlink_add_mac_level;
00731 boolean symlink_add_rc_role;
00732 rsbac_linux_dac_disable_int_t linux_dac_disable;
00733
00734 rsbac_cap_process_hiding_int_t cap_process_hiding;
00735 rsbac_fake_root_uid_int_t fake_root_uid;
00736
#ifdef __KERNEL__
00737
rsbac_gid_t group;
00738
struct sockaddr * sockaddr_p;
00739
long signal;
00740
int mode;
00741
int nlink;
00742
enum rsbac_switch_target_t switch_target;
00743
char * mod_name;
00744
enum rsbac_adf_request_t request;
00745
long trace_request;
00746
struct rsbac_auth_cap_range_t auth_cap_range;
00747
int prot_bits;
00748
boolean internal;
00749
00750
struct rsbac_create_data_t create_data;
00751
00752
boolean new_object;
00753 u_int rlimit;
00754
struct dentry * new_dir_dentry_p;
00755
struct rsbac_fs_file_t auth_program_file;
00756
rsbac_uid_t auth_start_uid;
00757
boolean acl_learn;
00758
int priority;
00759
rsbac_pid_t pgid;
00760
boolean kernel_thread;
00761
#endif
00762 u_char
u_char_dummy;
00763 u_short
u_short_dummy;
00764 int dummy;
00765 u_int
u_dummy;
00766 long long_dummy;
00767 u_long
u_long_dummy;
00768 };
00769
00770
00771
00772
00773
#include <rsbac/acl_types.h>
00774
00775
#endif
Generated on Tue Aug 31 10:05:22 2004 for RSBAC by
1.3.8