00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011 #ifndef __RSBAC_RC_DATA_STRUC_H
00012 #define __RSBAC_RC_DATA_STRUC_H
00013
00014 #ifdef __KERNEL__
00015 #include <linux/types.h>
00016 #include <rsbac/types.h>
00017 #endif
00018
00019
00020
00021
00022
00023
00024
00025 #ifdef __KERNEL__
00026 #define RSBAC_RC_LIST_KEY 77788855
00027
00028 #define RSBAC_RC_NR_ROLE_LISTS 4
00029 #define RSBAC_RC_NR_TYPE_LISTS 4
00030
00031
00032 #define RSBAC_RC_ROLE_FILENAME "rc_r"
00033
00034
00035 #define RSBAC_RC_ROLE_RC_FILENAME "rc_rc"
00036
00037
00038 #define RSBAC_RC_ROLE_ADR_FILENAME "rc_adr"
00039
00040
00041 #define RSBAC_RC_ROLE_ASR_FILENAME "rc_asr"
00042
00043
00044
00045 #define RSBAC_RC_ROLE_DFDC_FILENAME "rc_dfdc"
00046
00047
00048 #define RSBAC_RC_ROLE_TCFD_FILENAME "rc_tcfd"
00049
00050
00051 #define RSBAC_RC_ROLE_TCDV_FILENAME "rc_tcdv"
00052
00053
00054 #define RSBAC_RC_ROLE_TCUS_FILENAME "rc_tcus"
00055
00056
00057 #define RSBAC_RC_ROLE_TCPR_FILENAME "rc_tcpr"
00058
00059
00060 #define RSBAC_RC_ROLE_TCIP_FILENAME "rc_tcip"
00061
00062
00063 #define RSBAC_RC_ROLE_TCSC_FILENAME "rc_tcsc"
00064
00065
00066 #define RSBAC_RC_ROLE_TCGR_FILENAME "rc_tcgr"
00067
00068
00069 #define RSBAC_RC_ROLE_TCND_FILENAME "rc_tcnd"
00070
00071
00072 #define RSBAC_RC_ROLE_TCNT_FILENAME "rc_tcnt"
00073
00074
00075 #define RSBAC_RC_ROLE_TCNO_FILENAME "rc_tcno"
00076
00077 #define RSBAC_RC_ROLE_LIST_VERSION 5
00078 #define RSBAC_RC_ROLE_OLD_LIST_VERSION 4
00079 #define RSBAC_RC_ROLE_OLD_OLD_LIST_VERSION 3
00080 #define RSBAC_RC_ROLE_OLD_OLD_OLD_LIST_VERSION 2
00081 #define RSBAC_RC_ROLE_OLD_OLD_OLD_OLD_LIST_VERSION 1
00082 #define RSBAC_RC_ROLE_RC_LIST_VERSION 1
00083 #define RSBAC_RC_ROLE_ADR_LIST_VERSION 1
00084 #define RSBAC_RC_ROLE_ASR_LIST_VERSION 1
00085 #define RSBAC_RC_ROLE_DFDC_LIST_VERSION 1
00086 #define RSBAC_RC_ROLE_TCFD_LIST_VERSION 2
00087 #define RSBAC_RC_ROLE_TCDV_LIST_VERSION 2
00088 #define RSBAC_RC_ROLE_TCUS_LIST_VERSION 2
00089 #define RSBAC_RC_ROLE_TCPR_LIST_VERSION 2
00090 #define RSBAC_RC_ROLE_TCIP_LIST_VERSION 2
00091 #define RSBAC_RC_ROLE_TCSC_LIST_VERSION 2
00092 #define RSBAC_RC_ROLE_TCGR_LIST_VERSION 2
00093 #define RSBAC_RC_ROLE_TCND_LIST_VERSION 2
00094 #define RSBAC_RC_ROLE_TCNT_LIST_VERSION 2
00095 #define RSBAC_RC_ROLE_TCNO_LIST_VERSION 2
00096 #define RSBAC_RC_ROLE_TCFD_OLD_LIST_VERSION 1
00097 #define RSBAC_RC_ROLE_TCDV_OLD_LIST_VERSION 1
00098 #define RSBAC_RC_ROLE_TCUS_OLD_LIST_VERSION 1
00099 #define RSBAC_RC_ROLE_TCPR_OLD_LIST_VERSION 1
00100 #define RSBAC_RC_ROLE_TCIP_OLD_LIST_VERSION 1
00101 #define RSBAC_RC_ROLE_TCSC_OLD_LIST_VERSION 1
00102 #define RSBAC_RC_ROLE_TCGR_OLD_LIST_VERSION 1
00103 #define RSBAC_RC_ROLE_TCND_OLD_LIST_VERSION 1
00104 #define RSBAC_RC_ROLE_TCNT_OLD_LIST_VERSION 1
00105 #define RSBAC_RC_ROLE_TCNO_OLD_LIST_VERSION 1
00106
00107 #define RSBAC_RC_TYPE_FD_FILENAME "rc_tfd"
00108 #define RSBAC_RC_TYPE_DEV_FILENAME "rc_tdv"
00109 #define RSBAC_RC_TYPE_IPC_FILENAME "rc_tip"
00110 #define RSBAC_RC_TYPE_USER_FILENAME "rc_tus"
00111 #define RSBAC_RC_TYPE_PROCESS_FILENAME "rc_tpr"
00112 #define RSBAC_RC_TYPE_GROUP_FILENAME "rc_tgr"
00113 #define RSBAC_RC_TYPE_NETDEV_FILENAME "rc_tnd"
00114 #define RSBAC_RC_TYPE_NETTEMP_FILENAME "rc_tnt"
00115 #define RSBAC_RC_TYPE_NETOBJ_FILENAME "rc_tno"
00116
00117 #define RSBAC_RC_TYPE_FD_LIST_VERSION 1
00118 #define RSBAC_RC_TYPE_DEV_LIST_VERSION 1
00119 #define RSBAC_RC_TYPE_IPC_LIST_VERSION 1
00120 #define RSBAC_RC_TYPE_USER_LIST_VERSION 1
00121 #define RSBAC_RC_TYPE_PROCESS_LIST_VERSION 1
00122 #define RSBAC_RC_TYPE_GROUP_LIST_VERSION 1
00123 #define RSBAC_RC_TYPE_NETDEV_LIST_VERSION 1
00124 #define RSBAC_RC_TYPE_NETTEMP_LIST_VERSION 1
00125 #define RSBAC_RC_TYPE_NETOBJ_LIST_VERSION 1
00126 #endif
00127
00128
00129
00130
00131
00132
00133
00134
00135
00136
00137
00138
00139
00140 struct rsbac_rc_role_entry_t {
00141 rsbac_enum_t admin_type;
00142 char name[RSBAC_RC_NAME_LEN];
00143 rsbac_rc_type_id_t def_fd_create_type;
00144 rsbac_rc_type_id_t def_user_create_type;
00145 rsbac_rc_type_id_t def_process_create_type;
00146 rsbac_rc_type_id_t def_process_chown_type;
00147 rsbac_rc_type_id_t def_process_execute_type;
00148 rsbac_rc_type_id_t def_ipc_create_type;
00149 rsbac_rc_type_id_t def_group_create_type;
00150 rsbac_rc_type_id_t def_unixsock_create_type;
00151 rsbac_enum_t boot_role;
00152 rsbac_enum_t req_reauth;
00153 };
00154
00155 struct rsbac_rc_old_role_entry_t {
00156 rsbac_enum_t admin_type;
00157 char name[RSBAC_RC_NAME_LEN];
00158 rsbac_rc_type_id_t def_fd_create_type;
00159 rsbac_rc_type_id_t def_user_create_type;
00160 rsbac_rc_type_id_t def_process_create_type;
00161 rsbac_rc_type_id_t def_process_chown_type;
00162 rsbac_rc_type_id_t def_process_execute_type;
00163 rsbac_rc_type_id_t def_ipc_create_type;
00164 rsbac_rc_type_id_t def_group_create_type;
00165 rsbac_enum_t boot_role;
00166 rsbac_enum_t req_reauth;
00167 };
00168
00169 struct rsbac_rc_old_old_role_entry_t {
00170 rsbac_enum_t admin_type;
00171 char name[RSBAC_RC_NAME_LEN];
00172 rsbac_rc_type_id_t def_fd_create_type;
00173 rsbac_rc_type_id_t def_user_create_type;
00174 rsbac_rc_type_id_t def_process_create_type;
00175 rsbac_rc_type_id_t def_process_chown_type;
00176 rsbac_rc_type_id_t def_process_execute_type;
00177 rsbac_rc_type_id_t def_ipc_create_type;
00178 rsbac_rc_type_id_t def_group_create_type;
00179 rsbac_enum_t boot_role;
00180 };
00181
00182 struct rsbac_rc_old_old_old_role_entry_t {
00183 rsbac_enum_t admin_type;
00184 char name[RSBAC_RC_NAME_LEN];
00185 rsbac_rc_type_id_t def_fd_create_type;
00186 rsbac_rc_type_id_t def_user_create_type;
00187 rsbac_rc_type_id_t def_process_create_type;
00188 rsbac_rc_type_id_t def_process_chown_type;
00189 rsbac_rc_type_id_t def_process_execute_type;
00190 rsbac_rc_type_id_t def_ipc_create_type;
00191 rsbac_enum_t boot_role;
00192 };
00193
00194 struct rsbac_rc_old_old_old_old_role_entry_t {
00195 rsbac_enum_t admin_type;
00196 char name[RSBAC_RC_NAME_LEN];
00197 rsbac_rc_type_id_t def_fd_create_type;
00198 rsbac_rc_type_id_t def_process_create_type;
00199 rsbac_rc_type_id_t def_process_chown_type;
00200 rsbac_rc_type_id_t def_process_execute_type;
00201 rsbac_rc_type_id_t def_ipc_create_type;
00202 };
00203
00204 #define RSBAC_RC_NR_ROLE_ENTRY_ITEMS 25
00205 #define RSBAC_RC_ROLE_ENTRY_ITEM_LIST { \
00206 RI_role_comp, \
00207 RI_admin_roles, \
00208 RI_assign_roles, \
00209 RI_type_comp_fd, \
00210 RI_type_comp_dev, \
00211 RI_type_comp_user, \
00212 RI_type_comp_process, \
00213 RI_type_comp_ipc, \
00214 RI_type_comp_scd, \
00215 RI_type_comp_group, \
00216 RI_type_comp_netdev, \
00217 RI_type_comp_nettemp, \
00218 RI_type_comp_netobj, \
00219 RI_admin_type, \
00220 RI_name, \
00221 RI_def_fd_create_type, \
00222 RI_def_fd_ind_create_type, \
00223 RI_def_user_create_type, \
00224 RI_def_process_create_type, \
00225 RI_def_process_chown_type, \
00226 RI_def_process_execute_type, \
00227 RI_def_ipc_create_type, \
00228 RI_def_group_create_type, \
00229 RI_boot_role, \
00230 RI_req_reauth \
00231 }
00232
00233
00234
00235
00236
00237
00238
00239
00240 #define RSBAC_RC_TYPE_VERSION 1
00241
00242 struct rsbac_rc_type_fd_entry_t {
00243 char name[RSBAC_RC_NAME_LEN];
00244 __u8 need_secdel;
00245 };
00246
00247 #define RSBAC_RC_NR_TYPE_ENTRY_ITEMS 10
00248 #define RSBAC_RC_TYPE_ENTRY_ITEM_LIST { \
00249 RI_type_fd_name, \
00250 RI_type_dev_name, \
00251 RI_type_ipc_name, \
00252 RI_type_scd_name, \
00253 RI_type_process_name, \
00254 RI_type_group_name, \
00255 RI_type_netdev_name, \
00256 RI_type_nettemp_name, \
00257 RI_type_netobj_name, \
00258 RI_type_fd_need_secdel \
00259 }
00260
00261
00262
00263
00264
00265 #define RSBAC_RC_GENERAL_ROLE_ENTRY \
00266 { \
00267 .admin_type = RC_no_admin, \
00268 .name = "General User", \
00269 .def_fd_create_type = RC_type_inherit_parent, \
00270 .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00271 .def_process_create_type = RC_type_inherit_parent, \
00272 .def_process_chown_type = RC_type_use_new_role_def_create, \
00273 .def_process_execute_type = RC_type_inherit_parent, \
00274 .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00275 .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00276 .def_unixsock_create_type = RC_type_use_fd, \
00277 .boot_role = FALSE, \
00278 .req_reauth = FALSE, \
00279 }
00280
00281 #define RSBAC_RC_ROLE_ADMIN_ROLE_ENTRY \
00282 { \
00283 .admin_type = RC_role_admin, \
00284 .name = "Role Admin", \
00285 .def_fd_create_type = RC_type_inherit_parent, \
00286 .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00287 .def_process_create_type = RC_type_inherit_parent, \
00288 .def_process_chown_type = RC_type_use_new_role_def_create, \
00289 .def_process_execute_type = RC_type_inherit_parent, \
00290 .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00291 .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00292 .def_unixsock_create_type = RC_type_use_fd, \
00293 .boot_role = FALSE, \
00294 .req_reauth = FALSE, \
00295 }
00296
00297 #define RSBAC_RC_SYSTEM_ADMIN_ROLE_ENTRY \
00298 { \
00299 .admin_type = RC_system_admin, \
00300 .name = "System Admin", \
00301 .def_fd_create_type = RC_type_inherit_parent, \
00302 .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00303 .def_process_create_type = RC_type_inherit_parent, \
00304 .def_process_chown_type = RC_type_use_new_role_def_create, \
00305 .def_process_execute_type = RC_type_inherit_parent, \
00306 .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00307 .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00308 .def_unixsock_create_type = RC_type_use_fd, \
00309 .boot_role = FALSE, \
00310 .req_reauth = FALSE, \
00311 }
00312
00313 #define RSBAC_RC_BOOT_ROLE_ENTRY \
00314 { \
00315 .admin_type = RC_no_admin, \
00316 .name = "System Boot", \
00317 .def_fd_create_type = RC_type_inherit_parent, \
00318 .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00319 .def_process_create_type = RC_type_inherit_parent, \
00320 .def_process_chown_type = RC_type_use_new_role_def_create, \
00321 .def_process_execute_type = RC_type_inherit_parent, \
00322 .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00323 .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00324 .def_unixsock_create_type = RC_type_use_fd, \
00325 .boot_role = TRUE, \
00326 .req_reauth = FALSE, \
00327 }
00328
00329 #define RSBAC_RC_AUDITOR_ROLE_ENTRY \
00330 { \
00331 .admin_type = RC_no_admin, \
00332 .name = "Auditor", \
00333 .def_fd_create_type = RC_type_inherit_parent, \
00334 .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00335 .def_process_create_type = RC_type_inherit_parent, \
00336 .def_process_chown_type = RC_type_use_new_role_def_create, \
00337 .def_process_execute_type = RC_type_inherit_parent, \
00338 .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00339 .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00340 .def_unixsock_create_type = RC_type_use_fd, \
00341 .boot_role = FALSE, \
00342 .req_reauth = FALSE, \
00343 }
00344
00345
00346
00347
00348
00349 #ifdef __KERNEL__
00350 #endif
00351
00352 #endif