/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/acl_data_structures.h
Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
#ifndef __RSBAC_ACL_DATA_STRUC_H
00010
#define __RSBAC_ACL_DATA_STRUC_H
00011
00012
#include <linux/types.h>
00013
#include <rsbac/aci.h>
00014
#include <rsbac/types.h>
00015
#include <rsbac/lists.h>
00016
00017 #define RSBAC_ACL_LIST_KEY 0x815affe
00018
00019 #define RSBAC_ACL_GENERAL_FD_ENTRY \
00020
{ ACLS_GROUP, \
00021
RSBAC_ACL_GROUP_EVERYONE, \
00022
( RSBAC_FD_REQUEST_VECTOR & RSBAC_READ_WRITE_REQUEST_VECTOR ) | RSBAC_EXECUTE_REQUEST_VECTOR | RSBAC_ACL_GEN_RIGHTS_VECTOR }
00023
00024 #define RSBAC_ACL_ACMAN_FD_ENTRY \
00025
{ ACLS_USER, \
00026
RSBAC_SECOFF_UID, \
00027
( RSBAC_FD_REQUEST_VECTOR & \
00028
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_EXECUTE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \
00029
| RSBAC_ACL_ACMAN_RIGHTS_VECTOR }
00030
00031 #define RSBAC_ACL_SYSADM_FD_ENTRY \
00032
{ ACLS_USER, \
00033
RSBAC_SYSADM_UID, \
00034
( RSBAC_FD_REQUEST_VECTOR & \
00035
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_EXECUTE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \
00036
| RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
00037
00038 #define RSBAC_ACL_GENERAL_DEV_ENTRY \
00039
{ ACLS_GROUP, \
00040
RSBAC_ACL_GROUP_EVERYONE, \
00041
( RSBAC_DEV_REQUEST_VECTOR & RSBAC_READ_WRITE_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR }
00042
00043 #define RSBAC_ACL_ACMAN_DEV_ENTRY \
00044
{ ACLS_USER, \
00045
RSBAC_SECOFF_UID, \
00046
( RSBAC_DEV_REQUEST_VECTOR & \
00047
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \
00048
| RSBAC_ACL_ACMAN_RIGHTS_VECTOR }
00049
00050 #define RSBAC_ACL_SYSADM_DEV_ENTRY \
00051
{ ACLS_USER, \
00052
RSBAC_SYSADM_UID, \
00053
( RSBAC_DEV_REQUEST_VECTOR & \
00054
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \
00055
| RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
00056
00057 #define RSBAC_ACL_GENERAL_IPC_ENTRY \
00058
{ ACLS_GROUP, \
00059
RSBAC_ACL_GROUP_EVERYONE, \
00060
( RSBAC_IPC_REQUEST_VECTOR & RSBAC_READ_WRITE_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR }
00061
00062 #define RSBAC_ACL_ACMAN_IPC_ENTRY \
00063
{ ACLS_USER, \
00064
RSBAC_SECOFF_UID, \
00065
( RSBAC_IPC_REQUEST_VECTOR & \
00066
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \
00067
| RSBAC_ACL_ACMAN_RIGHTS_VECTOR }
00068
00069 #define RSBAC_ACL_SYSADM_IPC_ENTRY \
00070
{ ACLS_USER, \
00071
RSBAC_SYSADM_UID, \
00072
( RSBAC_IPC_REQUEST_VECTOR & \
00073
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \
00074
| RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
00075
00076 #define RSBAC_ACL_GENERAL_SCD_ENTRY \
00077
{ ACLS_GROUP, \
00078
RSBAC_ACL_GROUP_EVERYONE, \
00079
( RSBAC_SCD_REQUEST_VECTOR & \
00080
( RSBAC_READ_WRITE_REQUEST_VECTOR | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA) ) \
00081
) \
00082
| RSBAC_ACL_GEN_RIGHTS_VECTOR \
00083
}
00084
00085
#ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00086
#define RSBAC_ACL_GENERAL_SCD_IOPORTS_ENTRY \
00087
{ ACLS_GROUP, \
00088
RSBAC_ACL_GROUP_EVERYONE, \
00089
((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \
00090
}
00091
#endif
00092
00093 #define RSBAC_ACL_GENERAL_SCD_OTHER_ENTRY \
00094
{ ACLS_GROUP, \
00095
RSBAC_ACL_GROUP_EVERYONE, \
00096
((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00097
}
00098
00099 #define RSBAC_ACL_GENERAL_SCD_NETWORK_ENTRY \
00100
{ ACLS_GROUP, \
00101
RSBAC_ACL_GROUP_EVERYONE, \
00102
((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \
00103
}
00104
00105 #define RSBAC_ACL_ACMAN_SCD_ENTRY \
00106
{ ACLS_USER, \
00107
RSBAC_SECOFF_UID, \
00108
( RSBAC_SCD_REQUEST_VECTOR & \
00109
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \
00110
| RSBAC_ACL_ACMAN_RIGHTS_VECTOR }
00111
00112 #define RSBAC_ACL_ACMAN_SCD_OTHER_ENTRY \
00113
{ ACLS_USER, \
00114
RSBAC_SECOFF_UID, \
00115
( RSBAC_NONE_REQUEST_VECTOR & \
00116
( \
00117
((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00118
| ((rsbac_request_vector_t) 1 << R_MODIFY_ATTRIBUTE) \
00119
| ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \
00120
| ((rsbac_request_vector_t) 1 << R_READ_ATTRIBUTE) \
00121
| ((rsbac_request_vector_t) 1 << R_SWITCH_LOG) \
00122
| ((rsbac_request_vector_t) 1 << R_SWITCH_MODULE) \
00123
) \
00124
) \
00125
| RSBAC_ACL_ACMAN_RIGHTS_VECTOR }
00126
00127 #define RSBAC_ACL_SYSADM_SCD_ENTRY \
00128
{ ACLS_USER, \
00129
RSBAC_SYSADM_UID, \
00130
( RSBAC_SCD_REQUEST_VECTOR & \
00131
( \
00132
((rsbac_request_vector_t) 1 << R_GET_PERMISSIONS_DATA) \
00133
| ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \
00134
| ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \
00135
| ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA) \
00136
| ((rsbac_request_vector_t) 1 << R_WRITE) \
00137
) \
00138
) \
00139
| RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
00140
00141 #define RSBAC_ACL_SYSADM_SCD_OTHER_ENTRY \
00142
{ ACLS_USER, \
00143
RSBAC_SYSADM_UID, \
00144
( RSBAC_NONE_REQUEST_VECTOR & \
00145
( \
00146
((rsbac_request_vector_t) 1 << R_ADD_TO_KERNEL) \
00147
| ((rsbac_request_vector_t) 1 << R_CHANGE_GROUP) \
00148
| ((rsbac_request_vector_t) 1 << R_CHANGE_OWNER) \
00149
| ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00150
| ((rsbac_request_vector_t) 1 << R_MOUNT) \
00151
| ((rsbac_request_vector_t) 1 << R_REMOVE_FROM_KERNEL) \
00152
| ((rsbac_request_vector_t) 1 << R_UMOUNT) \
00153
| ((rsbac_request_vector_t) 1 << R_SHUTDOWN) \
00154
) \
00155
) \
00156
| ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA) \
00157
| RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
00158
00159 #define RSBAC_ACL_AUDITOR_SCD_RSBACLOG_ENTRY \
00160
{ ACLS_USER, \
00161
RSBAC_AUDITOR_UID, \
00162
( RSBAC_SCD_REQUEST_VECTOR & \
00163
( \
00164
((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \
00165
| ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA) \
00166
) \
00167
) \
00168
}
00169
00170
#ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00171
#define RSBAC_ACL_SYSADM_SCD_KMEM_ENTRY \
00172
{ ACLS_USER, \
00173
RSBAC_SYSADM_UID, \
00174
((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \
00175
}
00176
#endif
00177
00178 #define RSBAC_ACL_ACMAN_U_ENTRY \
00179
{ ACLS_USER, \
00180
RSBAC_SECOFF_UID, \
00181
RSBAC_ACL_USER_RIGHTS_VECTOR \
00182
| RSBAC_ACL_ACMAN_RIGHTS_VECTOR }
00183
00184 #define RSBAC_ACL_SYSADM_U_ENTRY \
00185
{ ACLS_USER, \
00186
RSBAC_SYSADM_UID, \
00187
RSBAC_ACL_RIGHTS_VECTOR(R_READ_ATTRIBUTE) \
00188
| RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
00189
00190 #define RSBAC_ACL_GENERAL_P_ENTRY \
00191
{ ACLS_GROUP, \
00192
RSBAC_ACL_GROUP_EVERYONE, \
00193
( RSBAC_PROCESS_REQUEST_VECTOR & RSBAC_READ_WRITE_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR }
00194
00195 #define RSBAC_ACL_ACMAN_P_ENTRY \
00196
{ ACLS_USER, \
00197
RSBAC_SECOFF_UID, \
00198
( RSBAC_PROCESS_REQUEST_VECTOR & \
00199
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \
00200
| RSBAC_ACL_ACMAN_RIGHTS_VECTOR }
00201
00202 #define RSBAC_ACL_SYSADM_P_ENTRY \
00203
{ ACLS_USER, \
00204
RSBAC_SYSADM_UID, \
00205
( RSBAC_PROCESS_REQUEST_VECTOR & \
00206
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \
00207
| RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
00208
00209 #define RSBAC_ACL_GENERAL_NETDEV_ENTRY \
00210
{ ACLS_GROUP, \
00211
RSBAC_ACL_GROUP_EVERYONE, \
00212
( RSBAC_NETDEV_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR }
00213
00214 #define RSBAC_ACL_ACMAN_NETDEV_ENTRY \
00215
{ ACLS_USER, \
00216
RSBAC_SECOFF_UID, \
00217
( RSBAC_NETDEV_REQUEST_VECTOR & \
00218
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \
00219
| RSBAC_ACL_ACMAN_RIGHTS_VECTOR }
00220
00221 #define RSBAC_ACL_SYSADM_NETDEV_ENTRY \
00222
{ ACLS_USER, \
00223
RSBAC_SYSADM_UID, \
00224
( RSBAC_NETDEV_REQUEST_VECTOR & \
00225
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \
00226
| RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
00227
00228 #define RSBAC_ACL_GENERAL_NETTEMP_NT_ENTRY \
00229
{ ACLS_GROUP, \
00230
RSBAC_ACL_GROUP_EVERYONE, \
00231
( RSBAC_NETTEMP_REQUEST_VECTOR & RSBAC_READ_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR }
00232
00233 #define RSBAC_ACL_ACMAN_NETTEMP_NT_ENTRY \
00234
{ ACLS_USER, \
00235
RSBAC_SECOFF_UID, \
00236
( RSBAC_NETTEMP_REQUEST_VECTOR & \
00237
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \
00238
| RSBAC_ACL_ACMAN_RIGHTS_VECTOR }
00239
00240 #define RSBAC_ACL_SYSADM_NETTEMP_NT_ENTRY \
00241
{ ACLS_USER, \
00242
RSBAC_SYSADM_UID, \
00243
( RSBAC_NETTEMP_REQUEST_VECTOR & \
00244
( RSBAC_READ_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \
00245
| RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
00246
00247 #define RSBAC_ACL_GENERAL_NETOBJ_ENTRY \
00248
{ ACLS_GROUP, \
00249
RSBAC_ACL_GROUP_EVERYONE, \
00250
( RSBAC_NETOBJ_REQUEST_VECTOR & RSBAC_READ_WRITE_REQUEST_VECTOR ) | RSBAC_ACL_GEN_RIGHTS_VECTOR }
00251
00252 #define RSBAC_ACL_ACMAN_NETOBJ_ENTRY \
00253
{ ACLS_USER, \
00254
RSBAC_SECOFF_UID, \
00255
( RSBAC_NETOBJ_REQUEST_VECTOR & \
00256
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR ) ) \
00257
| RSBAC_ACL_ACMAN_RIGHTS_VECTOR }
00258
00259 #define RSBAC_ACL_SYSADM_NETOBJ_ENTRY \
00260
{ ACLS_USER, \
00261
RSBAC_SYSADM_UID, \
00262
( RSBAC_NETOBJ_REQUEST_VECTOR & \
00263
( RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR ) ) \
00264
| RSBAC_ACL_SYSADM_RIGHTS_VECTOR }
00265
00266
00267
00268
00269
00270
00271
00272
00273 #define RSBAC_ACL_VERSION 1
00274
00275
00276
00277
00278
00279 #define RSBAC_ACL_FD_FILENAME "aclfd."
00280 #define RSBAC_ACL_DEF_FD_FILENAME "aclfd.df"
00281 #define RSBAC_ACL_NR_FD_LISTS 16
00282 #define RSBAC_ACL_FD_LIST_VERSION 1
00283 #define RSBAC_ACL_DEF_FD_LIST_VERSION 1
00284
00285
00286
00287
00288 struct rsbac_acl_device_list_item_t
00289 {
00290 kdev_t
id;
00291 u_int
mount_count;
00292 rsbac_list_handle_t handles[
RSBAC_ACL_NR_FD_LISTS];
00293 struct rsbac_acl_device_list_item_t *
prev;
00294 struct rsbac_acl_device_list_item_t *
next;
00295 };
00296
00297
00298
00299
00300 struct rsbac_acl_device_list_head_t
00301 {
00302 struct rsbac_acl_device_list_item_t *
head;
00303 struct rsbac_acl_device_list_item_t *
tail;
00304 struct rsbac_acl_device_list_item_t *
curr;
00305 rwlock_t
lock;
00306 u_int
count;
00307 };
00308
00309
00310
00311
00312
00313
00314 #define RSBAC_ACL_DEV_FILENAME "acldev"
00315 #define RSBAC_ACL_DEV_LIST_VERSION 2
00316 #define RSBAC_ACL_DEV_OLD_LIST_VERSION 1
00317 #define RSBAC_ACL_DEF_DEV_FILENAME "acldev.df"
00318 #define RSBAC_ACL_DEF_DEV_LIST_VERSION 1
00319
00320
00321
00322
00323
00324 #define RSBAC_ACL_DEF_IPC_FILENAME "aclipc.df"
00325 #define RSBAC_ACL_DEF_IPC_LIST_VERSION 1
00326
00327
00328
00329
00330
00331 #define RSBAC_ACL_SCD_FILENAME "aclscd"
00332 #define RSBAC_ACL_DEF_SCD_FILENAME "aclscd.df"
00333 #define RSBAC_ACL_SCD_LIST_VERSION 1
00334 #define RSBAC_ACL_DEF_SCD_LIST_VERSION 1
00335
00336
00337
00338
00339
00340 #define RSBAC_ACL_DEF_U_FILENAME "acluser.df"
00341 #define RSBAC_ACL_DEF_U_LIST_VERSION 1
00342
00343
00344
00345
00346
00347 #define RSBAC_ACL_DEF_P_FILENAME "aclproc.df"
00348 #define RSBAC_ACL_DEF_P_LIST_VERSION 1
00349
00350
00351
00352
00353
00354 #define RSBAC_ACL_NETDEV_FILENAME "aclndev"
00355 #define RSBAC_ACL_NETDEV_LIST_VERSION 1
00356 #define RSBAC_ACL_DEF_NETDEV_FILENAME "aclndev.df"
00357 #define RSBAC_ACL_DEF_NETDEV_LIST_VERSION 1
00358
00359
00360
00361
00362
00363 #define RSBAC_ACL_NETTEMP_NT_FILENAME "aclntnt"
00364 #define RSBAC_ACL_NETTEMP_NT_LIST_VERSION 1
00365 #define RSBAC_ACL_DEF_NETTEMP_NT_FILENAME "aclntnt.df"
00366 #define RSBAC_ACL_DEF_NETTEMP_NT_LIST_VERSION 1
00367
00368
00369
00370
00371
00372 #define RSBAC_ACL_NETTEMP_FILENAME "aclnt"
00373 #define RSBAC_ACL_NETTEMP_LIST_VERSION 1
00374 #define RSBAC_ACL_NETOBJ_FILENAME "aclno"
00375 #define RSBAC_ACL_NETOBJ_LIST_VERSION 1
00376 #define RSBAC_ACL_DEF_NETOBJ_FILENAME "aclno.df"
00377 #define RSBAC_ACL_DEF_NETOBJ_LIST_VERSION 1
00378
00379
00380
00381
00382
00383
00384 #define RSBAC_ACL_GROUP_FILENAME "aclgrp"
00385 #define RSBAC_ACL_GM_FILENAME "aclgm"
00386
00387
00388
00389 #define RSBAC_ACL_GM_VERSION 1
00390
00391
#endif
Generated on Tue Aug 31 10:05:22 2004 for RSBAC by
1.3.8