00001
00002
00003
00004
00005
00006
00007
00008 #ifndef __RSBAC_DATA_STRUC_H
00009 #define __RSBAC_DATA_STRUC_H
00010
00011 #ifdef __KERNEL__
00012 #include <linux/types.h>
00013 #include <linux/fs.h>
00014 #include <linux/wait.h>
00015 #include <linux/interrupt.h>
00016 #include <asm/semaphore.h>
00017 #include <rsbac/types.h>
00018 #include <linux/spinlock.h>
00019 #include <rsbac/pm_types.h>
00020 #include <rsbac/rc_types.h>
00021 #include <rsbac/aci.h>
00022 #include <rsbac/debug.h>
00023 #include <rsbac/lists.h>
00024 #endif
00025
00026
00027
00028
00029
00030
00031
00032
00033 #ifdef __KERNEL__
00034 #define RSBAC_LOG_BUF_LEN (16384)
00035
00036 #define RSBAC_ACI_PATH "rsbac.dat"
00037
00038 #define RSBAC_GEN_FD_NAME "fd_gen"
00039 #define RSBAC_GEN_OLD_FD_NAME "fd_gen."
00040 #define RSBAC_MAC_FD_NAME "fd_mac"
00041 #define RSBAC_MAC_OLD_FD_NAME "fd_mac."
00042 #define RSBAC_PM_FD_NAME "fd_pm"
00043 #define RSBAC_PM_OLD_FD_NAME "fd_pm."
00044 #define RSBAC_DAZ_FD_NAME "fd_dazt"
00045 #define RSBAC_DAZ_OLD_FD_NAME "fd_dazt."
00046 #define RSBAC_DAZ_SCANNED_FD_NAME "fd_dazs"
00047 #define RSBAC_DAZ_SCANNED_OLD_FD_NAME "fd_dazs."
00048 #define RSBAC_FF_FD_NAME "fd_ff"
00049 #define RSBAC_FF_OLD_FD_NAME "fd_ff."
00050 #define RSBAC_RC_FD_NAME "fd_rc"
00051 #define RSBAC_RC_OLD_FD_NAME "fd_rc."
00052 #define RSBAC_AUTH_FD_NAME "fd_auth"
00053 #define RSBAC_AUTH_OLD_FD_NAME "fd_auth."
00054 #define RSBAC_CAP_FD_NAME "fd_cap"
00055 #define RSBAC_CAP_OLD_FD_NAME "fd_cap."
00056 #define RSBAC_PAX_FD_NAME "fd_pax"
00057 #define RSBAC_PAX_OLD_FD_NAME "fd_pax."
00058 #define RSBAC_RES_FD_NAME "fd_res"
00059 #define RSBAC_RES_OLD_FD_NAME "fd_res."
00060
00061 #define RSBAC_ACI_USER_NAME "useraci"
00062
00063 #define RSBAC_ACI_DIR_MODE (S_IFDIR)
00064
00065 #define RSBAC_ACI_FILE_MODE (S_IFREG | S_IRUSR | S_IWUSR)
00066
00067 #define RSBAC_MIN_WRITE_FD_BUF_LEN 32768
00068
00069 #define RSBAC_MAX_WRITE_CHUNK ((1 << 15) - 1)
00070
00071 #define RSBAC_GEN_NR_FD_LISTS 2
00072 #define RSBAC_MAC_NR_FD_LISTS 4
00073 #define RSBAC_PM_NR_FD_LISTS 2
00074 #define RSBAC_DAZ_NR_FD_LISTS 2
00075 #define RSBAC_DAZ_SCANNED_NR_FD_LISTS 4
00076 #define RSBAC_FF_NR_FD_LISTS 4
00077 #define RSBAC_RC_NR_FD_LISTS 4
00078 #define RSBAC_AUTH_NR_FD_LISTS 2
00079 #define RSBAC_CAP_NR_FD_LISTS 2
00080 #define RSBAC_PAX_NR_FD_LISTS 2
00081 #define RSBAC_RES_NR_FD_LISTS 2
00082
00083 #ifdef CONFIG_RSBAC_INIT_THREAD
00084
00085 #if CONFIG_RSBAC_MAX_INIT_TIME >= 5
00086 #define RSBAC_MAX_INIT_TIME CONFIG_RSBAC_MAX_INIT_TIME
00087 #else
00088 #define RSBAC_MAX_INIT_TIME 5
00089 #endif
00090 #endif
00091
00092 #endif
00093
00094
00095
00096
00097
00098
00099
00100
00101
00102
00103
00104
00105
00106
00107
00108
00109
00110
00111
00112 #ifdef CONFIG_RSBAC_FD_CACHE
00113 #define RSBAC_FD_CACHE_NAME "fd_cache."
00114 #define RSBAC_FD_CACHE_VERSION 1
00115 #define RSBAC_FD_CACHE_KEY 3626114
00116
00117 struct rsbac_fd_cache_desc_t {
00118 __u32 device;
00119 rsbac_inode_nr_t inode;
00120 };
00121 #endif
00122
00123 #define RSBAC_GEN_FD_ACI_VERSION 7
00124 #define RSBAC_GEN_FD_ACI_KEY 1001
00125 struct rsbac_gen_fd_aci_t {
00126 rsbac_log_array_t log_array_low;
00127 rsbac_log_array_t log_array_high;
00128 rsbac_request_vector_t log_program_based;
00129 rsbac_enum_t symlink_add_remote_ip;
00130 rsbac_enum_t symlink_add_uid;
00131 rsbac_enum_t symlink_add_mac_level;
00132 rsbac_enum_t symlink_add_rc_role;
00133 rsbac_enum_t linux_dac_disable;
00134 rsbac_fake_root_uid_int_t fake_root_uid;
00135 rsbac_uid_t auid_exempt;
00136 };
00137 #define DEFAULT_GEN_FD_ACI \
00138 { \
00139 .log_array_low = -1, \
00140 .log_array_high = -1, \
00141 .log_program_based = 0, \
00142 .symlink_add_uid = FALSE, \
00143 .symlink_add_mac_level = FALSE, \
00144 .symlink_add_rc_role = FALSE, \
00145 .linux_dac_disable = LDD_inherit, \
00146 .fake_root_uid = FR_off, \
00147 .auid_exempt = RSBAC_NO_USER, \
00148 }
00149
00150 #define DEFAULT_GEN_ROOT_DIR_ACI \
00151 { \
00152 .log_array_low = -1, \
00153 .log_array_high = -1, \
00154 .log_program_based = 0, \
00155 .symlink_add_uid = FALSE, \
00156 .symlink_add_mac_level = FALSE, \
00157 .symlink_add_rc_role = FALSE, \
00158 .linux_dac_disable = LDD_false, \
00159 .fake_root_uid = FR_off, \
00160 .auid_exempt = RSBAC_NO_USER, \
00161 }
00162
00163 #define RSBAC_GEN_FD_OLD_ACI_VERSION 6
00164 struct rsbac_gen_fd_old_aci_t {
00165 rsbac_log_array_t log_array_low;
00166 rsbac_log_array_t log_array_high;
00167 rsbac_request_vector_t log_program_based;
00168 rsbac_enum_t symlink_add_uid;
00169 rsbac_enum_t symlink_add_mac_level;
00170 rsbac_enum_t symlink_add_rc_role;
00171 rsbac_enum_t linux_dac_disable;
00172 rsbac_fake_root_uid_int_t fake_root_uid;
00173 rsbac_uid_t auid_exempt;
00174 };
00175
00176 #define RSBAC_GEN_FD_OLD_OLD_ACI_VERSION 5
00177 struct rsbac_gen_fd_old_old_aci_t {
00178 rsbac_log_array_t log_array_low;
00179 rsbac_log_array_t log_array_high;
00180 rsbac_request_vector_t log_program_based;
00181 rsbac_enum_t symlink_add_uid;
00182 rsbac_enum_t symlink_add_mac_level;
00183 rsbac_enum_t symlink_add_rc_role;
00184 rsbac_enum_t linux_dac_disable;
00185 rsbac_fake_root_uid_int_t fake_root_uid;
00186 };
00187
00188 #define RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION 4
00189 struct rsbac_gen_fd_old_old_old_aci_t {
00190 rsbac_log_array_t log_array_low;
00191 rsbac_log_array_t log_array_high;
00192 rsbac_request_vector_t log_program_based;
00193 rsbac_enum_t symlink_add_uid;
00194 rsbac_enum_t symlink_add_mac_level;
00195 rsbac_enum_t symlink_add_rc_role;
00196 rsbac_enum_t linux_dac_disable;
00197 };
00198
00199 #if defined(CONFIG_RSBAC_MAC)
00200 #define RSBAC_MAC_FD_ACI_VERSION 5
00201 #define RSBAC_MAC_FD_ACI_KEY 1001
00202 struct rsbac_mac_fd_aci_t {
00203 rsbac_security_level_t sec_level;
00204 rsbac_mac_category_vector_t mac_categories;
00205 rsbac_mac_auto_int_t mac_auto;
00206 rsbac_boolean_int_t mac_prop_trusted;
00207 rsbac_mac_file_flags_t mac_file_flags;
00208 };
00209
00210 #define RSBAC_MAC_FD_OLD_ACI_VERSION 4
00211 struct rsbac_mac_fd_old_aci_t {
00212 rsbac_security_level_t sec_level;
00213 rsbac_uid_t mac_trusted_for_user;
00214 rsbac_mac_category_vector_t mac_categories;
00215 rsbac_mac_auto_int_t mac_auto;
00216 rsbac_boolean_int_t mac_prop_trusted;
00217 rsbac_mac_file_flags_t mac_file_flags;
00218 };
00219
00220 #define RSBAC_MAC_FD_OLD_OLD_ACI_VERSION 3
00221 struct rsbac_mac_fd_old_old_aci_t {
00222 rsbac_security_level_t sec_level;
00223 rsbac_uid_t mac_trusted_for_user;
00224 rsbac_mac_category_vector_t mac_categories;
00225 rsbac_mac_auto_int_t mac_auto;
00226 rsbac_boolean_int_t mac_prop_trusted;
00227 rsbac_boolean_int_t mac_shared;
00228 };
00229
00230 #define RSBAC_MAC_FD_OLD_OLD_OLD_ACI_VERSION 2
00231 struct rsbac_mac_fd_old_old_old_aci_t {
00232 rsbac_security_level_t sec_level;
00233 rsbac_uid_t mac_trusted_for_user;
00234 rsbac_mac_category_vector_t mac_categories;
00235 rsbac_mac_auto_int_t mac_auto;
00236 };
00237
00238 #define DEFAULT_MAC_FD_ACI_INH \
00239 { \
00240 .sec_level = SL_inherit, \
00241 .mac_categories = RSBAC_MAC_INHERIT_CAT_VECTOR, \
00242 .mac_auto = MA_inherit, \
00243 .mac_prop_trusted = FALSE, \
00244 .mac_file_flags = 0, \
00245 }
00246 #define DEFAULT_MAC_FD_ACI_NO_INH \
00247 { \
00248 .sec_level = SL_unclassified, \
00249 .mac_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00250 .mac_auto = MA_yes, \
00251 .mac_prop_trusted = FALSE, \
00252 .mac_file_flags = 0, \
00253 }
00254
00255 #ifdef CONFIG_RSBAC_MAC_DEF_INHERIT
00256 #define DEFAULT_MAC_FD_ACI DEFAULT_MAC_FD_ACI_INH
00257 #else
00258 #define DEFAULT_MAC_FD_ACI DEFAULT_MAC_FD_ACI_NO_INH
00259 #endif
00260
00261 #define DEFAULT_MAC_ROOT_DIR_ACI \
00262 { \
00263 .sec_level = SL_unclassified, \
00264 .mac_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00265 .mac_auto = MA_yes, \
00266 .mac_prop_trusted = FALSE, \
00267 .mac_file_flags = 0, \
00268 }
00269 #endif
00270
00271 #if defined(CONFIG_RSBAC_PM)
00272 #define RSBAC_PM_FD_ACI_VERSION 1
00273 #define RSBAC_PM_FD_ACI_KEY 1001
00274 struct rsbac_pm_fd_aci_t {
00275 rsbac_pm_object_class_id_t pm_object_class;
00276 rsbac_pm_tp_id_t pm_tp;
00277 rsbac_pm_object_type_int_t pm_object_type;
00278 };
00279
00280 #define DEFAULT_PM_FD_ACI \
00281 { \
00282 .pm_object_class = 0, \
00283 .pm_tp = 0, \
00284 .pm_object_type = PO_none, \
00285 }
00286 #endif
00287
00288 #if defined(CONFIG_RSBAC_DAZ)
00289 #define RSBAC_DAZ_FD_ACI_VERSION 2
00290 #define RSBAC_DAZ_FD_OLD_ACI_VERSION 1
00291 #define RSBAC_DAZ_FD_ACI_KEY 10535
00292 #define RSBAC_DAZ_CACHE_CLEANUP_INTERVAL 86400
00293 #define RSBAC_DAZ_SCANNED_FD_ACI_VERSION 1
00294 struct rsbac_daz_fd_aci_t
00295 {
00296 rsbac_daz_scanner_t daz_scanner;
00297 rsbac_daz_do_scan_t daz_do_scan;
00298 };
00299
00300 struct rsbac_daz_fd_old_aci_t
00301 {
00302 rsbac_daz_scanner_t daz_scanner;
00303 };
00304
00305 #define DEFAULT_DAZ_FD_ACI \
00306 { \
00307 .daz_scanner = FALSE, \
00308 .daz_do_scan = DEFAULT_DAZ_FD_DO_SCAN \
00309 }
00310
00311 #define DEFAULT_DAZ_ROOT_DIR_ACI \
00312 { \
00313 .daz_scanner = FALSE, \
00314 .daz_do_scan = DEFAULT_DAZ_FD_ROOT_DO_SCAN \
00315 }
00316 #endif
00317
00318 #if defined(CONFIG_RSBAC_FF)
00319 #define RSBAC_FF_FD_ACI_VERSION 1
00320 #define RSBAC_FF_FD_ACI_KEY 1001
00321 #endif
00322
00323 #if defined(CONFIG_RSBAC_RC)
00324 #define RSBAC_RC_FD_ACI_VERSION 1
00325 #define RSBAC_RC_FD_ACI_KEY 1001
00326 struct rsbac_rc_fd_aci_t {
00327 rsbac_rc_type_id_t rc_type_fd;
00328 rsbac_rc_role_id_t rc_force_role;
00329 rsbac_rc_role_id_t rc_initial_role;
00330 };
00331
00332 #define DEFAULT_RC_FD_ACI \
00333 { \
00334 .rc_type_fd = RC_type_inherit_parent, \
00335 .rc_force_role = RC_default_force_role, \
00336 .rc_initial_role = RC_default_initial_role, \
00337 }
00338 #define DEFAULT_RC_ROOT_DIR_ACI \
00339 { \
00340 .rc_type_fd = RSBAC_RC_GENERAL_TYPE, \
00341 .rc_force_role = RC_default_root_dir_force_role, \
00342 .rc_initial_role = RC_default_root_dir_initial_role, \
00343 }
00344 #endif
00345
00346 #if defined(CONFIG_RSBAC_AUTH)
00347 #define RSBAC_AUTH_FD_ACI_VERSION 2
00348 #define RSBAC_AUTH_FD_OLD_ACI_VERSION 1
00349 #define RSBAC_AUTH_FD_ACI_KEY 1001
00350 struct rsbac_auth_fd_aci_t {
00351 __u8 auth_may_setuid;
00352 __u8 auth_may_set_cap;
00353 __u8 auth_learn;
00354 };
00355
00356 struct rsbac_auth_fd_old_aci_t {
00357 __u8 auth_may_setuid;
00358 __u8 auth_may_set_cap;
00359 };
00360
00361 #define DEFAULT_AUTH_FD_ACI \
00362 { \
00363 .auth_may_setuid = FALSE, \
00364 .auth_may_set_cap = FALSE, \
00365 .auth_learn = FALSE, \
00366 }
00367 #endif
00368
00369 #if defined(CONFIG_RSBAC_CAP)
00370 #define RSBAC_CAP_FD_ACI_VERSION 2
00371 #define RSBAC_CAP_FD_OLD_ACI_VERSION 1
00372 #define RSBAC_CAP_FD_ACI_KEY 1001
00373 struct rsbac_cap_fd_aci_t {
00374 rsbac_cap_vector_t min_caps;
00375 rsbac_cap_vector_t max_caps;
00376 rsbac_cap_ld_env_int_t cap_ld_env;
00377 };
00378
00379 struct rsbac_cap_fd_old_aci_t {
00380 rsbac_cap_vector_t min_caps;
00381 rsbac_cap_vector_t max_caps;
00382 };
00383
00384 #define DEFAULT_CAP_FD_ACI \
00385 { \
00386 .min_caps = RSBAC_CAP_DEFAULT_MIN, \
00387 .max_caps = RSBAC_CAP_DEFAULT_MAX, \
00388 .cap_ld_env = LD_keep, \
00389 }
00390 #endif
00391
00392 #if defined(CONFIG_RSBAC_PAX)
00393 #define RSBAC_PAX_FD_ACI_VERSION 1
00394 #define RSBAC_PAX_FD_ACI_KEY 100112
00395 #endif
00396
00397 #if defined(CONFIG_RSBAC_RES)
00398 #define RSBAC_RES_FD_ACI_VERSION 1
00399 #define RSBAC_RES_FD_ACI_KEY 1002
00400 struct rsbac_res_fd_aci_t {
00401 rsbac_res_array_t res_min;
00402 rsbac_res_array_t res_max;
00403 };
00404 #define DEFAULT_RES_FD_ACI \
00405 { \
00406 .res_min = { \
00407 RSBAC_RES_UNSET, \
00408 RSBAC_RES_UNSET, \
00409 RSBAC_RES_UNSET, \
00410 RSBAC_RES_UNSET, \
00411 RSBAC_RES_UNSET, \
00412 RSBAC_RES_UNSET, \
00413 RSBAC_RES_UNSET, \
00414 RSBAC_RES_UNSET, \
00415 RSBAC_RES_UNSET, \
00416 RSBAC_RES_UNSET, \
00417 RSBAC_RES_UNSET \
00418 }, \
00419 .res_max = { \
00420 RSBAC_RES_UNSET, \
00421 RSBAC_RES_UNSET, \
00422 RSBAC_RES_UNSET, \
00423 RSBAC_RES_UNSET, \
00424 RSBAC_RES_UNSET, \
00425 RSBAC_RES_UNSET, \
00426 RSBAC_RES_UNSET, \
00427 RSBAC_RES_UNSET, \
00428 RSBAC_RES_UNSET, \
00429 RSBAC_RES_UNSET, \
00430 RSBAC_RES_UNSET \
00431 } \
00432 }
00433 #endif
00434
00435 #define RSBAC_FD_NR_ATTRIBUTES 33
00436 #define RSBAC_FD_ATTR_LIST { \
00437 A_security_level, \
00438 A_mac_categories, \
00439 A_mac_auto, \
00440 A_mac_prop_trusted, \
00441 A_mac_file_flags, \
00442 A_pm_object_class, \
00443 A_pm_tp, \
00444 A_pm_object_type, \
00445 A_daz_scanner, \
00446 A_ff_flags, \
00447 A_rc_type_fd, \
00448 A_rc_force_role, \
00449 A_rc_initial_role, \
00450 A_auth_may_setuid, \
00451 A_auth_may_set_cap, \
00452 A_auth_learn, \
00453 A_log_array_low, \
00454 A_log_array_high, \
00455 A_log_program_based, \
00456 A_symlink_add_remote_ip, \
00457 A_symlink_add_uid, \
00458 A_symlink_add_mac_level, \
00459 A_symlink_add_rc_role, \
00460 A_linux_dac_disable, \
00461 A_min_caps, \
00462 A_max_caps, \
00463 A_cap_ld_env, \
00464 A_res_min, \
00465 A_res_max, \
00466 A_pax_flags, \
00467 A_fake_root_uid, \
00468 A_auid_exempt, \
00469 A_daz_do_scan \
00470 }
00471
00472 #ifdef __KERNEL__
00473 struct rsbac_fd_list_handles_t {
00474 rsbac_list_handle_t gen;
00475 #if defined(CONFIG_RSBAC_MAC)
00476 rsbac_list_handle_t mac;
00477 #endif
00478 #if defined(CONFIG_RSBAC_PM)
00479 rsbac_list_handle_t pm;
00480 #endif
00481 #if defined(CONFIG_RSBAC_DAZ)
00482 rsbac_list_handle_t daz;
00483 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00484 rsbac_list_handle_t dazs;
00485 #endif
00486 #endif
00487 #if defined(CONFIG_RSBAC_FF)
00488 rsbac_list_handle_t ff;
00489 #endif
00490 #if defined(CONFIG_RSBAC_RC)
00491 rsbac_list_handle_t rc;
00492 #endif
00493 #if defined(CONFIG_RSBAC_AUTH)
00494 rsbac_list_handle_t auth;
00495 #endif
00496 #if defined(CONFIG_RSBAC_CAP)
00497 rsbac_list_handle_t cap;
00498 #endif
00499 #if defined(CONFIG_RSBAC_PAX)
00500 rsbac_list_handle_t pax;
00501 #endif
00502 #if defined(CONFIG_RSBAC_RES)
00503 rsbac_list_handle_t res;
00504 #endif
00505 };
00506
00507
00508
00509
00510
00511
00512 #define RSBAC_NR_DEVICE_LISTS 8
00513
00514 struct rsbac_device_list_item_t {
00515 kdev_t id;
00516 struct dentry *d_covers;
00517 u_int mount_count;
00518 struct rsbac_fd_list_handles_t handles;
00519 struct dentry *rsbac_dir_dentry_p;
00520 struct super_block *sb_p;
00521 rsbac_inode_nr_t rsbac_dir_inode;
00522 struct rsbac_device_list_item_t *prev;
00523 struct rsbac_device_list_item_t *next;
00524 };
00525
00526
00527
00528
00529 struct rsbac_device_list_head_t {
00530 struct rsbac_device_list_item_t *head;
00531 struct rsbac_device_list_item_t *tail;
00532 struct rsbac_device_list_item_t *curr;
00533 u_int count;
00534 };
00535
00536 #endif
00537
00538
00539
00540
00541
00542 #define RSBAC_GEN_ACI_DEV_NAME "dev_gen"
00543 #define RSBAC_MAC_ACI_DEV_NAME "dev_mac"
00544 #define RSBAC_PM_ACI_DEV_NAME "dev_pm"
00545 #define RSBAC_RC_ACI_DEV_MAJOR_NAME "devm_rc"
00546 #define RSBAC_RC_ACI_DEV_NAME "dev_rc"
00547
00548
00549
00550 #define RSBAC_GEN_DEV_ACI_VERSION 2
00551 #define RSBAC_GEN_DEV_OLD_ACI_VERSION 1
00552 #define RSBAC_GEN_DEV_ACI_KEY 1001
00553
00554 struct rsbac_gen_dev_aci_t {
00555 rsbac_log_array_t log_array_low;
00556 rsbac_log_array_t log_array_high;
00557 };
00558 #define DEFAULT_GEN_DEV_ACI \
00559 { \
00560 .log_array_low = -1, \
00561 .log_array_high = -1, \
00562 }
00563
00564 #if defined(CONFIG_RSBAC_MAC)
00565 #define RSBAC_MAC_DEV_ACI_VERSION 2
00566 #define RSBAC_MAC_DEV_OLD_ACI_VERSION 1
00567 #define RSBAC_MAC_DEV_ACI_KEY 1001
00568 struct rsbac_mac_dev_aci_t {
00569 rsbac_security_level_t sec_level;
00570 rsbac_mac_category_vector_t mac_categories;
00571 __u8 mac_check;
00572 };
00573 #define DEFAULT_MAC_DEV_ACI \
00574 { \
00575 .sec_level = SL_unclassified, \
00576 .mac_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00577 .mac_check = FALSE, \
00578 }
00579 #endif
00580
00581 #if defined(CONFIG_RSBAC_PM)
00582 #define RSBAC_PM_DEV_ACI_VERSION 2
00583 #define RSBAC_PM_DEV_OLD_ACI_VERSION 1
00584 #define RSBAC_PM_DEV_ACI_KEY 1001
00585 struct rsbac_pm_dev_aci_t {
00586 rsbac_pm_object_type_int_t pm_object_type;
00587 rsbac_pm_object_class_id_t pm_object_class;
00588 };
00589
00590 #define DEFAULT_PM_DEV_ACI \
00591 { \
00592 .pm_object_type = PO_none, \
00593 .pm_object_class = 0, \
00594 }
00595 #endif
00596
00597 #if defined(CONFIG_RSBAC_RC)
00598 #define RSBAC_RC_DEV_ACI_VERSION 2
00599 #define RSBAC_RC_DEV_OLD_ACI_VERSION 1
00600 #define RSBAC_RC_DEV_ACI_KEY 1001
00601 #endif
00602
00603 #define RSBAC_DEV_NR_ATTRIBUTES 8
00604 #define RSBAC_DEV_ATTR_LIST { \
00605 A_security_level, \
00606 A_mac_categories, \
00607 A_mac_check, \
00608 A_pm_object_type, \
00609 A_pm_object_class, \
00610 A_rc_type, \
00611 A_log_array_low, \
00612 A_log_array_high \
00613 }
00614
00615 #ifdef __KERNEL__
00616 struct rsbac_dev_handles_t {
00617 rsbac_list_handle_t gen;
00618 #if defined(CONFIG_RSBAC_MAC)
00619 rsbac_list_handle_t mac;
00620 #endif
00621 #if defined(CONFIG_RSBAC_PM)
00622 rsbac_list_handle_t pm;
00623 #endif
00624 #if defined(CONFIG_RSBAC_RC)
00625 rsbac_list_handle_t rc;
00626 #endif
00627 };
00628 #endif
00629
00630
00631
00632
00633
00634 #define RSBAC_MAC_ACI_IPC_NAME "ipc_mac"
00635 #define RSBAC_PM_ACI_IPC_NAME "ipc_pm"
00636 #define RSBAC_RC_ACI_IPC_NAME "ipc_rc"
00637 #define RSBAC_JAIL_ACI_IPC_NAME "ipc_jai"
00638
00639 #if defined(CONFIG_RSBAC_MAC)
00640 #define RSBAC_MAC_IPC_ACI_VERSION 1
00641 #define RSBAC_MAC_IPC_ACI_KEY 1001
00642 struct rsbac_mac_ipc_aci_t {
00643 rsbac_security_level_t sec_level;
00644 rsbac_mac_category_vector_t mac_categories;
00645 };
00646 #define DEFAULT_MAC_IPC_ACI \
00647 { \
00648 .sec_level = SL_unclassified, \
00649 .mac_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00650 }
00651 #endif
00652
00653 #if defined(CONFIG_RSBAC_PM)
00654 #define RSBAC_PM_IPC_ACI_VERSION 1
00655 #define RSBAC_PM_IPC_ACI_KEY 1001
00656 struct rsbac_pm_ipc_aci_t {
00657 rsbac_pm_object_class_id_t pm_object_class;
00658 rsbac_pm_purpose_id_t pm_ipc_purpose;
00659 rsbac_pm_object_type_int_t pm_object_type;
00660 };
00661 #define DEFAULT_PM_IPC_ACI \
00662 { \
00663 .pm_object_class = RSBAC_PM_IPC_OBJECT_CLASS_ID, \
00664 .pm_ipc_purpose = 0, \
00665 .pm_object_type = PO_ipc, \
00666 }
00667 #endif
00668
00669 #if defined(CONFIG_RSBAC_RC)
00670 #define RSBAC_RC_IPC_ACI_VERSION 1
00671 #define RSBAC_RC_IPC_ACI_KEY 1001
00672 #endif
00673
00674 #if defined(CONFIG_RSBAC_JAIL)
00675 #define RSBAC_JAIL_IPC_ACI_VERSION 1
00676 #define RSBAC_JAIL_IPC_ACI_KEY 1001
00677 #endif
00678
00679 #define RSBAC_IPC_NR_ATTRIBUTES 7
00680 #define RSBAC_IPC_ATTR_LIST { \
00681 A_security_level, \
00682 A_mac_categories, \
00683 A_pm_object_class, \
00684 A_pm_ipc_purpose, \
00685 A_pm_object_type, \
00686 A_rc_type, \
00687 A_jail_id \
00688 }
00689
00690 #ifdef __KERNEL__
00691 struct rsbac_ipc_handles_t {
00692 #if defined(CONFIG_RSBAC_MAC)
00693 rsbac_list_handle_t mac;
00694 #endif
00695 #if defined(CONFIG_RSBAC_PM)
00696 rsbac_list_handle_t pm;
00697 #endif
00698 #if defined(CONFIG_RSBAC_RC)
00699 rsbac_list_handle_t rc;
00700 #endif
00701 #if defined(CONFIG_RSBAC_JAIL)
00702 rsbac_list_handle_t jail;
00703 #endif
00704 };
00705 #endif
00706
00707
00708
00709
00710 #define RSBAC_GEN_ACI_USER_NAME "u_gen"
00711 #define RSBAC_MAC_ACI_USER_NAME "u_mac"
00712 #define RSBAC_PM_ACI_USER_NAME "u_pm"
00713 #define RSBAC_DAZ_ACI_USER_NAME "u_daz"
00714 #define RSBAC_FF_ACI_USER_NAME "u_ff"
00715 #define RSBAC_RC_ACI_USER_NAME "u_rc"
00716 #define RSBAC_AUTH_ACI_USER_NAME "u_auth"
00717 #define RSBAC_CAP_ACI_USER_NAME "u_cap"
00718 #define RSBAC_JAIL_ACI_USER_NAME "u_jail"
00719 #define RSBAC_PAX_ACI_USER_NAME "u_pax"
00720 #define RSBAC_RES_ACI_USER_NAME "u_res"
00721
00722 #define RSBAC_GEN_USER_ACI_VERSION 1
00723 #define RSBAC_GEN_USER_ACI_KEY 1001
00724 struct rsbac_gen_user_aci_t {
00725 rsbac_pseudo_t pseudo;
00726 rsbac_request_vector_t log_user_based;
00727 };
00728 #define DEFAULT_GEN_U_ACI \
00729 { \
00730 .pseudo = (rsbac_pseudo_t) 0, \
00731 .log_user_based = 0, \
00732 }
00733
00734 #if defined(CONFIG_RSBAC_MAC)
00735 #define RSBAC_MAC_USER_ACI_VERSION 4
00736 #define RSBAC_MAC_USER_OLD_ACI_VERSION 3
00737 #define RSBAC_MAC_USER_OLD_OLD_ACI_VERSION 2
00738 #define RSBAC_MAC_USER_OLD_OLD_OLD_ACI_VERSION 1
00739 #define RSBAC_MAC_USER_ACI_KEY 1001
00740 struct rsbac_mac_user_aci_t {
00741 rsbac_security_level_t security_level;
00742 rsbac_security_level_t initial_security_level;
00743 rsbac_security_level_t min_security_level;
00744 rsbac_mac_category_vector_t mac_categories;
00745 rsbac_mac_category_vector_t mac_initial_categories;
00746 rsbac_mac_category_vector_t mac_min_categories;
00747 rsbac_system_role_int_t system_role;
00748 rsbac_mac_user_flags_t mac_user_flags;
00749 };
00750 struct rsbac_mac_user_old_aci_t {
00751 rsbac_security_level_t access_appr;
00752 rsbac_security_level_t min_access_appr;
00753 rsbac_mac_category_vector_t mac_categories;
00754 rsbac_mac_category_vector_t mac_min_categories;
00755 rsbac_system_role_int_t system_role;
00756 rsbac_boolean_int_t mac_allow_auto;
00757 };
00758 struct rsbac_mac_user_old_old_aci_t {
00759 rsbac_security_level_t access_appr;
00760 rsbac_security_level_t min_access_appr;
00761 rsbac_mac_category_vector_t mac_categories;
00762 rsbac_mac_category_vector_t mac_min_categories;
00763 rsbac_system_role_int_t system_role;
00764 };
00765 struct rsbac_mac_user_old_old_old_aci_t {
00766 rsbac_security_level_t access_appr;
00767 rsbac_mac_category_vector_t mac_categories;
00768 rsbac_system_role_int_t system_role;
00769 };
00770 #define DEFAULT_MAC_U_ACI \
00771 { \
00772 .security_level = SL_unclassified, \
00773 .initial_security_level = SL_unclassified, \
00774 .min_security_level = SL_unclassified, \
00775 .mac_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00776 .mac_initial_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00777 .mac_min_categories = RSBAC_MAC_MIN_CAT_VECTOR, \
00778 .system_role = SR_user, \
00779 .mac_user_flags = RSBAC_MAC_DEF_U_FLAGS, \
00780 }
00781 #define DEFAULT_MAC_U_SYSADM_ACI \
00782 { \
00783 .security_level = SL_unclassified, \
00784 .initial_security_level = SL_unclassified, \
00785 .min_security_level = SL_unclassified, \
00786 .mac_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00787 .mac_initial_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00788 .mac_min_categories = RSBAC_MAC_MIN_CAT_VECTOR, \
00789 .system_role = SR_administrator, \
00790 .mac_user_flags = RSBAC_MAC_DEF_SYSADM_U_FLAGS, \
00791 }
00792 #define DEFAULT_MAC_U_SECOFF_ACI \
00793 { \
00794 .security_level = SL_unclassified, \
00795 .initial_security_level = SL_unclassified, \
00796 .min_security_level = SL_unclassified, \
00797 .mac_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00798 .mac_initial_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00799 .mac_min_categories = RSBAC_MAC_MIN_CAT_VECTOR, \
00800 .system_role = SR_security_officer, \
00801 .mac_user_flags = RSBAC_MAC_DEF_SECOFF_U_FLAGS, \
00802 }
00803 #define DEFAULT_MAC_U_AUDITOR_ACI \
00804 { \
00805 .security_level = SL_unclassified, \
00806 .initial_security_level = SL_unclassified, \
00807 .min_security_level = SL_unclassified, \
00808 .mac_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00809 .mac_initial_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
00810 .mac_min_categories = RSBAC_MAC_MIN_CAT_VECTOR, \
00811 .system_role = SR_auditor, \
00812 .mac_user_flags = RSBAC_MAC_DEF_U_FLAGS, \
00813 }
00814 #endif
00815
00816 #if defined(CONFIG_RSBAC_PM)
00817 #define RSBAC_PM_USER_ACI_VERSION 1
00818 #define RSBAC_PM_USER_ACI_KEY 1001
00819 struct rsbac_pm_user_aci_t {
00820 rsbac_pm_task_set_id_t pm_task_set;
00821 rsbac_pm_role_int_t pm_role;
00822 };
00823 #define DEFAULT_PM_U_ACI \
00824 { \
00825 .pm_task_set = 0, \
00826 .pm_role = PR_user, \
00827 }
00828 #define DEFAULT_PM_U_SYSADM_ACI \
00829 { \
00830 .pm_task_set = 0, \
00831 .pm_role = PR_system_admin, \
00832 }
00833 #define DEFAULT_PM_U_SECOFF_ACI \
00834 { \
00835 .pm_task_set = 0, \
00836 .pm_role = PR_security_officer, \
00837 }
00838 #define DEFAULT_PM_U_DATAPROT_ACI \
00839 { \
00840 .pm_task_set = 0, \
00841 .pm_role = PR_data_protection_officer, \
00842 }
00843 #define DEFAULT_PM_U_TPMAN_ACI \
00844 { \
00845 .pm_task_set = 0, \
00846 .pm_role = PR_tp_manager, \
00847 }
00848 #endif
00849
00850 #if defined(CONFIG_RSBAC_DAZ)
00851 #define RSBAC_DAZ_USER_ACI_VERSION 1
00852 #define RSBAC_DAZ_USER_ACI_KEY 1001
00853 #endif
00854
00855 #if defined(CONFIG_RSBAC_FF)
00856 #define RSBAC_FF_USER_ACI_VERSION 1
00857 #define RSBAC_FF_USER_ACI_KEY 1001
00858 #endif
00859
00860 #if defined(CONFIG_RSBAC_RC)
00861 #define RSBAC_RC_USER_ACI_VERSION 2
00862 #define RSBAC_RC_USER_OLD_ACI_VERSION 1
00863 #define RSBAC_RC_USER_ACI_KEY 1001
00864 struct rsbac_rc_user_aci_t {
00865 rsbac_rc_role_id_t rc_role;
00866 rsbac_rc_type_id_t rc_type;
00867 };
00868 #define DEFAULT_RC_U_ACI \
00869 { \
00870 .rc_role = RSBAC_RC_GENERAL_ROLE, \
00871 .rc_type = RSBAC_RC_GENERAL_TYPE, \
00872 }
00873 #define DEFAULT_RC_U_SYSADM_ACI \
00874 { \
00875 .rc_role = RSBAC_RC_SYSTEM_ADMIN_ROLE, \
00876 .rc_type = RSBAC_RC_SYS_TYPE, \
00877 }
00878 #define DEFAULT_RC_U_SECOFF_ACI \
00879 { \
00880 .rc_role = RSBAC_RC_ROLE_ADMIN_ROLE, \
00881 .rc_type = RSBAC_RC_SEC_TYPE, \
00882 }
00883 #define DEFAULT_RC_U_AUDITOR_ACI \
00884 { \
00885 .rc_role = RSBAC_RC_AUDITOR_ROLE, \
00886 .rc_type = RSBAC_RC_SEC_TYPE, \
00887 }
00888 #endif
00889
00890 #if defined(CONFIG_RSBAC_AUTH)
00891 #define RSBAC_AUTH_USER_ACI_VERSION 1
00892 #define RSBAC_AUTH_USER_ACI_KEY 1001
00893
00894 #endif
00895
00896 #if defined(CONFIG_RSBAC_CAP)
00897 #define RSBAC_CAP_USER_ACI_VERSION 2
00898 #define RSBAC_CAP_USER_OLD_ACI_VERSION 1
00899 #define RSBAC_CAP_USER_ACI_KEY 1001
00900 struct rsbac_cap_user_aci_t {
00901 rsbac_system_role_int_t cap_role;
00902 rsbac_cap_vector_t min_caps;
00903 rsbac_cap_vector_t max_caps;
00904 rsbac_cap_ld_env_int_t cap_ld_env;
00905 };
00906
00907 struct rsbac_cap_user_old_aci_t {
00908 rsbac_system_role_int_t cap_role;
00909 rsbac_cap_vector_t min_caps;
00910 rsbac_cap_vector_t max_caps;
00911 };
00912
00913 #define DEFAULT_CAP_U_ACI \
00914 { \
00915 .cap_role = SR_user, \
00916 .min_caps = RSBAC_CAP_DEFAULT_MIN, \
00917 .max_caps = RSBAC_CAP_DEFAULT_MAX, \
00918 .cap_ld_env = LD_keep, \
00919 }
00920 #define DEFAULT_CAP_U_SYSADM_ACI \
00921 { \
00922 .cap_role = SR_administrator, \
00923 .min_caps = RSBAC_CAP_DEFAULT_MIN, \
00924 .max_caps = RSBAC_CAP_DEFAULT_MAX, \
00925 .cap_ld_env = LD_keep, \
00926 }
00927 #define DEFAULT_CAP_U_SECOFF_ACI \
00928 { \
00929 .cap_role = SR_security_officer, \
00930 .min_caps = RSBAC_CAP_DEFAULT_MIN, \
00931 .max_caps = RSBAC_CAP_DEFAULT_MAX, \
00932 .cap_ld_env = LD_keep, \
00933 }
00934 #define DEFAULT_CAP_U_AUDITOR_ACI \
00935 { \
00936 .cap_role = SR_auditor, \
00937 .min_caps = RSBAC_CAP_DEFAULT_MIN, \
00938 .max_caps = RSBAC_CAP_DEFAULT_MAX, \
00939 .cap_ld_env = LD_keep, \
00940 }
00941 #endif
00942
00943 #if defined(CONFIG_RSBAC_JAIL)
00944 #define RSBAC_JAIL_USER_ACI_VERSION 1
00945 #define RSBAC_JAIL_USER_ACI_KEY 1001
00946 #endif
00947
00948 #if defined(CONFIG_RSBAC_PAX)
00949 #define RSBAC_PAX_USER_ACI_VERSION 1
00950 #define RSBAC_PAX_USER_ACI_KEY 1001221
00951 #endif
00952
00953 #if defined(CONFIG_RSBAC_RES)
00954 #define RSBAC_RES_USER_ACI_VERSION 1
00955 #define RSBAC_RES_USER_ACI_KEY 1002
00956 struct rsbac_res_user_aci_t {
00957 rsbac_system_role_int_t res_role;
00958 rsbac_res_array_t res_min;
00959 rsbac_res_array_t res_max;
00960 };
00961 #define DEFAULT_RES_U_ACI \
00962 { \
00963 .res_role = SR_user, \
00964 .res_min = { \
00965 RSBAC_RES_UNSET, \
00966 RSBAC_RES_UNSET, \
00967 RSBAC_RES_UNSET, \
00968 RSBAC_RES_UNSET, \
00969 RSBAC_RES_UNSET, \
00970 RSBAC_RES_UNSET, \
00971 RSBAC_RES_UNSET, \
00972 RSBAC_RES_UNSET, \
00973 RSBAC_RES_UNSET, \
00974 RSBAC_RES_UNSET, \
00975 RSBAC_RES_UNSET \
00976 }, \
00977 .res_max = { \
00978 RSBAC_RES_UNSET, \
00979 RSBAC_RES_UNSET, \
00980 RSBAC_RES_UNSET, \
00981 RSBAC_RES_UNSET, \
00982 RSBAC_RES_UNSET, \
00983 RSBAC_RES_UNSET, \
00984 RSBAC_RES_UNSET, \
00985 RSBAC_RES_UNSET, \
00986 RSBAC_RES_UNSET, \
00987 RSBAC_RES_UNSET, \
00988 RSBAC_RES_UNSET \
00989 }, \
00990 }
00991 #define DEFAULT_RES_U_SYSADM_ACI \
00992 { \
00993 .res_role = SR_administrator, \
00994 .res_min = { \
00995 RSBAC_RES_UNSET, \
00996 RSBAC_RES_UNSET, \
00997 RSBAC_RES_UNSET, \
00998 RSBAC_RES_UNSET, \
00999 RSBAC_RES_UNSET, \
01000 RSBAC_RES_UNSET, \
01001 RSBAC_RES_UNSET, \
01002 RSBAC_RES_UNSET, \
01003 RSBAC_RES_UNSET, \
01004 RSBAC_RES_UNSET, \
01005 RSBAC_RES_UNSET \
01006 }, \
01007 .res_max = { \
01008 RSBAC_RES_UNSET, \
01009 RSBAC_RES_UNSET, \
01010 RSBAC_RES_UNSET, \
01011 RSBAC_RES_UNSET, \
01012 RSBAC_RES_UNSET, \
01013 RSBAC_RES_UNSET, \
01014 RSBAC_RES_UNSET, \
01015 RSBAC_RES_UNSET, \
01016 RSBAC_RES_UNSET, \
01017 RSBAC_RES_UNSET, \
01018 RSBAC_RES_UNSET \
01019 } \
01020 }
01021 #define DEFAULT_RES_U_SECOFF_ACI \
01022 { \
01023 .res_role = SR_security_officer, \
01024 .res_min = { \
01025 RSBAC_RES_UNSET, \
01026 RSBAC_RES_UNSET, \
01027 RSBAC_RES_UNSET, \
01028 RSBAC_RES_UNSET, \
01029 RSBAC_RES_UNSET, \
01030 RSBAC_RES_UNSET, \
01031 RSBAC_RES_UNSET, \
01032 RSBAC_RES_UNSET, \
01033 RSBAC_RES_UNSET, \
01034 RSBAC_RES_UNSET, \
01035 RSBAC_RES_UNSET \
01036 }, \
01037 .res_max = { \
01038 RSBAC_RES_UNSET, \
01039 RSBAC_RES_UNSET, \
01040 RSBAC_RES_UNSET, \
01041 RSBAC_RES_UNSET, \
01042 RSBAC_RES_UNSET, \
01043 RSBAC_RES_UNSET, \
01044 RSBAC_RES_UNSET, \
01045 RSBAC_RES_UNSET, \
01046 RSBAC_RES_UNSET, \
01047 RSBAC_RES_UNSET, \
01048 RSBAC_RES_UNSET \
01049 } \
01050 }
01051 #define DEFAULT_RES_U_AUDITOR_ACI \
01052 { \
01053 .res_role = SR_auditor, \
01054 .res_min = { \
01055 RSBAC_RES_UNSET, \
01056 RSBAC_RES_UNSET, \
01057 RSBAC_RES_UNSET, \
01058 RSBAC_RES_UNSET, \
01059 RSBAC_RES_UNSET, \
01060 RSBAC_RES_UNSET, \
01061 RSBAC_RES_UNSET, \
01062 RSBAC_RES_UNSET, \
01063 RSBAC_RES_UNSET, \
01064 RSBAC_RES_UNSET, \
01065 RSBAC_RES_UNSET \
01066 }, \
01067 .res_max = { \
01068 RSBAC_RES_UNSET, \
01069 RSBAC_RES_UNSET, \
01070 RSBAC_RES_UNSET, \
01071 RSBAC_RES_UNSET, \
01072 RSBAC_RES_UNSET, \
01073 RSBAC_RES_UNSET, \
01074 RSBAC_RES_UNSET, \
01075 RSBAC_RES_UNSET, \
01076 RSBAC_RES_UNSET, \
01077 RSBAC_RES_UNSET, \
01078 RSBAC_RES_UNSET \
01079 } \
01080 }
01081 #endif
01082
01083 #define RSBAC_USER_NR_ATTRIBUTES 24
01084 #define RSBAC_USER_ATTR_LIST { \
01085 A_pseudo, \
01086 A_log_user_based, \
01087 A_security_level, \
01088 A_initial_security_level, \
01089 A_min_security_level, \
01090 A_mac_categories, \
01091 A_mac_initial_categories, \
01092 A_mac_min_categories, \
01093 A_mac_role, \
01094 A_mac_user_flags, \
01095 A_daz_role, \
01096 A_ff_role, \
01097 A_auth_role, \
01098 A_pm_task_set, \
01099 A_pm_role, \
01100 A_rc_def_role, \
01101 A_rc_type, \
01102 A_min_caps, \
01103 A_max_caps, \
01104 A_cap_role, \
01105 A_cap_ld_env, \
01106 A_jail_role, \
01107 A_res_role, \
01108 A_pax_role \
01109 }
01110
01111 #ifdef __KERNEL__
01112 struct rsbac_user_handles_t {
01113 rsbac_list_handle_t gen;
01114 #if defined(CONFIG_RSBAC_MAC)
01115 rsbac_list_handle_t mac;
01116 #endif
01117 #if defined(CONFIG_RSBAC_PM)
01118 rsbac_list_handle_t pm;
01119 #endif
01120 #if defined(CONFIG_RSBAC_DAZ)
01121 rsbac_list_handle_t daz;
01122 #endif
01123 #if defined(CONFIG_RSBAC_FF)
01124 rsbac_list_handle_t ff;
01125 #endif
01126 #if defined(CONFIG_RSBAC_RC)
01127 rsbac_list_handle_t rc;
01128 #endif
01129 #if defined(CONFIG_RSBAC_AUTH)
01130 rsbac_list_handle_t auth;
01131 #endif
01132 #if defined(CONFIG_RSBAC_CAP)
01133 rsbac_list_handle_t cap;
01134 #endif
01135 #if defined(CONFIG_RSBAC_JAIL)
01136 rsbac_list_handle_t jail;
01137 #endif
01138 #if defined(CONFIG_RSBAC_PAX)
01139 rsbac_list_handle_t pax;
01140 #endif
01141 #if defined(CONFIG_RSBAC_RES)
01142 rsbac_list_handle_t res;
01143 #endif
01144 };
01145 #endif
01146
01147
01148
01149
01150 #define RSBAC_GEN_ACI_PROCESS_NAME "process_gen"
01151 #define RSBAC_MAC_ACI_PROCESS_NAME "process_mac"
01152 #define RSBAC_PM_ACI_PROCESS_NAME "process_pm"
01153 #define RSBAC_DAZ_ACI_PROCESS_NAME "process_daz"
01154 #define RSBAC_RC_ACI_PROCESS_NAME "process_rc"
01155 #define RSBAC_AUTH_ACI_PROCESS_NAME "process_auth"
01156 #define RSBAC_CAP_ACI_PROCESS_NAME "process_cap"
01157 #define RSBAC_JAIL_ACI_PROCESS_NAME "process_jail"
01158
01159 #define RSBAC_GEN_PROCESS_ACI_VERSION 2
01160 #define RSBAC_GEN_PROCESS_ACI_KEY 1001
01161 struct rsbac_gen_process_aci_t {
01162 rsbac_request_vector_t log_program_based;
01163 rsbac_fake_root_uid_int_t fake_root_uid;
01164 rsbac_uid_t audit_uid;
01165 rsbac_uid_t auid_exempt;
01166 __u32 remote_ip;
01167 rsbac_boolean_t kernel_thread;
01168 };
01169 #define DEFAULT_GEN_P_ACI \
01170 { \
01171 .log_program_based = 0, \
01172 .fake_root_uid = FR_off, \
01173 .audit_uid = RSBAC_NO_USER, \
01174 .auid_exempt = RSBAC_NO_USER, \
01175 .remote_ip = 0, \
01176 .kernel_thread = 0, \
01177 }
01178
01179 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_MAC_MAINT)
01180 #define RSBAC_MAC_PROCESS_ACI_VERSION 1
01181 #define RSBAC_MAC_PROCESS_ACI_KEY 1001
01182 struct rsbac_mac_process_aci_t {
01183 rsbac_security_level_t owner_sec_level;
01184 rsbac_security_level_t owner_initial_sec_level;
01185 rsbac_security_level_t owner_min_sec_level;
01186 rsbac_mac_category_vector_t mac_owner_categories;
01187 rsbac_mac_category_vector_t mac_owner_initial_categories;
01188 rsbac_mac_category_vector_t mac_owner_min_categories;
01189 rsbac_security_level_t current_sec_level;
01190 rsbac_mac_category_vector_t mac_curr_categories;
01191 rsbac_security_level_t min_write_open;
01192 rsbac_mac_category_vector_t min_write_categories;
01193 rsbac_security_level_t max_read_open;
01194 rsbac_mac_category_vector_t max_read_categories;
01195 rsbac_mac_process_flags_t mac_process_flags;
01196 };
01197 #define DEFAULT_MAC_P_ACI \
01198 { \
01199 .owner_sec_level = SL_unclassified, \
01200 .owner_initial_sec_level = SL_unclassified, \
01201 .owner_min_sec_level = SL_unclassified, \
01202 .mac_owner_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
01203 .mac_owner_initial_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
01204 .mac_owner_min_categories = RSBAC_MAC_MIN_CAT_VECTOR, \
01205 .current_sec_level = SL_unclassified, \
01206 .mac_curr_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
01207 .min_write_open = SL_max, \
01208 .min_write_categories = RSBAC_MAC_MAX_CAT_VECTOR, \
01209 .max_read_open = SL_unclassified, \
01210 .max_read_categories = RSBAC_MAC_MIN_CAT_VECTOR, \
01211 .mac_process_flags = RSBAC_MAC_DEF_P_FLAGS, \
01212 }
01213 #define DEFAULT_MAC_P_INIT_ACI \
01214 { \
01215 .owner_sec_level = SL_unclassified, \
01216 .owner_initial_sec_level = SL_unclassified, \
01217 .owner_min_sec_level = SL_unclassified, \
01218 .mac_owner_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
01219 .mac_owner_initial_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
01220 .mac_owner_min_categories = RSBAC_MAC_MIN_CAT_VECTOR, \
01221 .current_sec_level = SL_unclassified, \
01222 .mac_curr_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
01223 .min_write_open = SL_max, \
01224 .min_write_categories = RSBAC_MAC_MAX_CAT_VECTOR, \
01225 .max_read_open = SL_unclassified, \
01226 .max_read_categories = RSBAC_MAC_MIN_CAT_VECTOR, \
01227 .mac_process_flags = RSBAC_MAC_DEF_INIT_P_FLAGS, \
01228 }
01229 #endif
01230
01231 #if defined(CONFIG_RSBAC_PM)
01232 #define RSBAC_PM_PROCESS_ACI_VERSION 1
01233 #define RSBAC_PM_PROCESS_ACI_KEY 1001
01234 struct rsbac_pm_process_aci_t {
01235 rsbac_pm_tp_id_t pm_tp;
01236 rsbac_pm_task_id_t pm_current_task;
01237 rsbac_pm_process_type_int_t pm_process_type;
01238 };
01239 #define DEFAULT_PM_P_ACI \
01240 { \
01241 .pm_tp = 0, \
01242 .pm_current_task = 0, \
01243 .pm_process_type = PP_none, \
01244 }
01245 #endif
01246
01247 #if defined(CONFIG_RSBAC_DAZ)
01248 #define RSBAC_DAZ_PROCESS_ACI_VERSION 1
01249 #define RSBAC_DAZ_PROCESS_ACI_KEY 1001
01250 struct rsbac_daz_process_aci_t {
01251 rsbac_boolean_int_t daz_scanner;
01252 };
01253 #define DEFAULT_DAZ_P_ACI \
01254 { \
01255 .daz_scanner = FALSE, \
01256 }
01257 #endif
01258
01259 #if defined(CONFIG_RSBAC_RC)
01260 #define RSBAC_RC_PROCESS_ACI_VERSION 1
01261 #define RSBAC_RC_PROCESS_ACI_KEY 1001
01262 struct rsbac_rc_process_aci_t {
01263 rsbac_rc_role_id_t rc_role;
01264 rsbac_rc_type_id_t rc_type;
01265 rsbac_rc_role_id_t rc_force_role;
01266 rsbac_rc_type_id_t rc_select_type;
01267 };
01268 #define DEFAULT_RC_P_ACI \
01269 { \
01270 .rc_role = RSBAC_RC_GENERAL_ROLE, \
01271 .rc_type = RSBAC_RC_GENERAL_TYPE, \
01272 .rc_force_role = RC_default_force_role, \
01273 .rc_select_type = RC_type_use_fd, \
01274 }
01275 #define DEFAULT_RC_P_INIT_ACI \
01276 { \
01277 .rc_role = RSBAC_RC_SYSTEM_ADMIN_ROLE, \
01278 .rc_type = RSBAC_RC_GENERAL_TYPE, \
01279 .rc_force_role = RC_default_force_role, \
01280 .rc_select_type = RC_type_use_fd, \
01281 }
01282 #define DEFAULT_RC_P_KERNEL_ACI \
01283 { \
01284 .rc_role = RSBAC_RC_SYSTEM_ADMIN_ROLE, \
01285 .rc_type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE, \
01286 .rc_force_role = RC_default_force_role, \
01287 .rc_select_type = RC_type_use_fd, \
01288 }
01289 #endif
01290
01291 #if defined(CONFIG_RSBAC_AUTH)
01292 #define RSBAC_AUTH_PROCESS_ACI_VERSION 1
01293 #define RSBAC_AUTH_PROCESS_ACI_KEY 1001
01294 struct rsbac_auth_process_aci_t {
01295 __u8 auth_may_setuid;
01296 __u8 auth_may_set_cap;
01297 rsbac_uid_t auth_last_auth;
01298 #if defined(CONFIG_RSBAC_AUTH_LEARN) && defined(__KERNEL__)
01299 struct rsbac_fs_file_t auth_program_file;
01300 rsbac_uid_t auth_start_uid;
01301 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
01302 rsbac_uid_t auth_start_euid;
01303 #endif
01304 #ifdef CONFIG_RSBAC_AUTH_GROUP
01305 rsbac_gid_t auth_start_gid;
01306 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
01307 rsbac_gid_t auth_start_egid;
01308 #endif
01309 #endif
01310 __u8 auth_learn;
01311 #endif
01312 };
01313
01314 #if defined(CONFIG_RSBAC_AUTH_LEARN)
01315 #define DEFAULT_AUTH_P_ACI \
01316 { \
01317 .auth_may_setuid = FALSE, \
01318 .auth_may_set_cap = FALSE, \
01319 .auth_last_auth = RSBAC_NO_USER, \
01320 .auth_program_file = { RSBAC_ZERO_DEV, 0, NULL }, \
01321 .auth_start_uid = 0, \
01322 .auth_learn = 0, \
01323 }
01324 #else
01325 #define DEFAULT_AUTH_P_ACI \
01326 { \
01327 .auth_may_setuid = FALSE, \
01328 .auth_may_set_cap = FALSE, \
01329 .auth_last_auth = RSBAC_NO_USER, \
01330 }
01331 #endif
01332 #endif
01333
01334
01335 #if defined(CONFIG_RSBAC_CAP)
01336 #define RSBAC_CAP_PROCESS_ACI_VERSION 2
01337 #define RSBAC_CAP_PROCESS_ACI_KEY 10013283
01338 struct rsbac_cap_process_aci_t {
01339 rsbac_cap_process_hiding_int_t cap_process_hiding;
01340 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
01341 rsbac_cap_vector_t max_caps_user;
01342 rsbac_cap_vector_t max_caps_program;
01343 #endif
01344 rsbac_cap_ld_env_int_t cap_ld_env;
01345 };
01346
01347 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
01348 #define DEFAULT_CAP_P_ACI \
01349 { \
01350 .cap_process_hiding = PH_off, \
01351 .max_caps_user = RSBAC_CAP_DEFAULT_MAX, \
01352 .max_caps_program = RSBAC_CAP_DEFAULT_MAX, \
01353 .cap_ld_env = LD_allow, \
01354 }
01355 #else
01356 #define DEFAULT_CAP_P_ACI \
01357 { \
01358 .cap_process_hiding = PH_off, \
01359 .cap_ld_env = LD_allow, \
01360 }
01361 #endif
01362 #endif
01363
01364 #if defined(CONFIG_RSBAC_JAIL)
01365 #define RSBAC_JAIL_PROCESS_ACI_VERSION 1
01366 #define RSBAC_JAIL_PROCESS_ACI_KEY 1001
01367 struct rsbac_jail_process_aci_t {
01368 rsbac_jail_id_t id;
01369 rsbac_jail_id_t parent;
01370 rsbac_jail_ip_t ip;
01371 rsbac_jail_flags_t flags;
01372 rsbac_cap_vector_t max_caps;
01373 rsbac_jail_scd_vector_t scd_get;
01374 rsbac_jail_scd_vector_t scd_modify;
01375 };
01376 #define DEFAULT_JAIL_P_ACI \
01377 { \
01378 .id = 0, \
01379 .parent = 0, \
01380 .ip = 0, \
01381 .flags = 0, \
01382 .max_caps = -1, \
01383 .scd_get = 0, \
01384 .scd_modify = 0, \
01385 }
01386 #endif
01387
01388 #define RSBAC_PROCESS_NR_ATTRIBUTES 38
01389 #define RSBAC_PROCESS_ATTR_LIST { \
01390 A_security_level, \
01391 A_min_security_level, \
01392 A_mac_categories, \
01393 A_mac_min_categories, \
01394 A_current_sec_level, \
01395 A_mac_curr_categories, \
01396 A_min_write_open, \
01397 A_min_write_categories, \
01398 A_max_read_open, \
01399 A_max_read_categories, \
01400 A_mac_process_flags, \
01401 A_pm_tp, \
01402 A_pm_current_task, \
01403 A_pm_process_type, \
01404 A_daz_scanner, \
01405 A_rc_role, \
01406 A_rc_type, \
01407 A_rc_force_role, \
01408 A_rc_select_type, \
01409 A_auth_may_setuid, \
01410 A_auth_may_set_cap, \
01411 A_auth_learn, \
01412 A_cap_process_hiding, \
01413 A_max_caps_user, \
01414 A_max_caps_program, \
01415 A_cap_ld_env, \
01416 A_jail_id, \
01417 A_jail_ip, \
01418 A_jail_flags, \
01419 A_jail_max_caps, \
01420 A_jail_scd_get, \
01421 A_jail_scd_modify, \
01422 A_log_program_based, \
01423 A_fake_root_uid, \
01424 A_audit_uid, \
01425 A_auid_exempt, \
01426 A_auth_last_auth, \
01427 A_remote_ip \
01428 }
01429
01430 #ifdef __KERNEL__
01431 struct rsbac_process_handles_t {
01432 rsbac_list_handle_t gen;
01433 #if defined(CONFIG_RSBAC_MAC)
01434 rsbac_list_handle_t mac;
01435 #endif
01436 #if defined(CONFIG_RSBAC_PM)
01437 rsbac_list_handle_t pm;
01438 #endif
01439 #if defined(CONFIG_RSBAC_DAZ)
01440 rsbac_list_handle_t daz;
01441 #endif
01442 #if defined(CONFIG_RSBAC_RC)
01443 rsbac_list_handle_t rc;
01444 #endif
01445 #if defined(CONFIG_RSBAC_AUTH)
01446 rsbac_list_handle_t auth;
01447 #endif
01448 #if defined(CONFIG_RSBAC_CAP)
01449 rsbac_list_handle_t cap;
01450 #endif
01451 #if defined(CONFIG_RSBAC_JAIL)
01452 rsbac_list_handle_t jail;
01453 #endif
01454 };
01455 #endif
01456
01457
01458
01459
01460
01461
01462 #define RSBAC_RC_ACI_GROUP_NAME "grouprc"
01463
01464
01465
01466 #if defined(CONFIG_RSBAC_RC_UM_PROT)
01467 #define RSBAC_RC_GROUP_ACI_VERSION 1
01468 #define RSBAC_RC_GROUP_ACI_KEY 13276142
01469 #endif
01470
01471 #define RSBAC_GROUP_NR_ATTRIBUTES 1
01472 #define RSBAC_GROUP_ATTR_LIST { \
01473 A_rc_type \
01474 }
01475
01476 #ifdef __KERNEL__
01477 struct rsbac_group_handles_t {
01478 #if defined(CONFIG_RSBAC_RC_UM_PROT)
01479 rsbac_list_handle_t rc;
01480 #endif
01481 };
01482 #endif
01483
01484
01485
01486
01487 #define RSBAC_GEN_ACI_NETDEV_NAME "nd_gen"
01488 #define RSBAC_RC_ACI_NETDEV_NAME "nd_rc"
01489
01490 #define RSBAC_GEN_NETDEV_ACI_VERSION 1
01491 #define RSBAC_GEN_NETDEV_ACI_KEY 1001
01492 struct rsbac_gen_netdev_aci_t {
01493 rsbac_log_array_t log_array_low;
01494 rsbac_log_array_t log_array_high;
01495 };
01496 #define DEFAULT_GEN_NETDEV_ACI \
01497 { \
01498 .log_array_low = -1, \
01499 .log_array_high = -1, \
01500 }
01501
01502 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
01503 #define RSBAC_RC_NETDEV_ACI_VERSION 1
01504 #define RSBAC_RC_NETDEV_ACI_KEY 1001
01505 #endif
01506
01507 #define RSBAC_NETDEV_NR_ATTRIBUTES 3
01508 #define RSBAC_NETDEV_ATTR_LIST { \
01509 A_rc_type, \
01510 A_log_array_low, \
01511 A_log_array_high \
01512 }
01513
01514 #ifdef __KERNEL__
01515 struct rsbac_netdev_handles_t {
01516 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
01517 rsbac_list_handle_t gen;
01518 #endif
01519 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
01520 rsbac_list_handle_t rc;
01521 #endif
01522 };
01523 #endif
01524
01525
01526
01527
01528 #define RSBAC_GEN_ACI_NETTEMP_NAME "nt_gen"
01529 #define RSBAC_MAC_ACI_NETTEMP_NAME "nt_mac"
01530 #define RSBAC_PM_ACI_NETTEMP_NAME "nt_pm"
01531 #define RSBAC_RC_ACI_NETTEMP_NAME "nt_rc"
01532
01533 #define RSBAC_MAC_ACI_LNETOBJ_NAME "lnetobj_mac"
01534 #define RSBAC_PM_ACI_LNETOBJ_NAME "lnetobj_pm"
01535 #define RSBAC_RC_ACI_LNETOBJ_NAME "lnetobj_rc"
01536 #define RSBAC_MAC_ACI_RNETOBJ_NAME "rnetobj_mac"
01537 #define RSBAC_PM_ACI_RNETOBJ_NAME "rnetobj_pm"
01538 #define RSBAC_RC_ACI_RNETOBJ_NAME "rnetobj_rc"
01539
01540 #define RSBAC_GEN_NETOBJ_ACI_VERSION 1
01541 #define RSBAC_GEN_NETOBJ_ACI_KEY 1001
01542 struct rsbac_gen_netobj_aci_t {
01543 rsbac_log_array_t log_array_low;
01544 rsbac_log_array_t log_array_high;
01545 };
01546 #define DEFAULT_GEN_NETOBJ_ACI \
01547 { \
01548 .log_array_low = -1, \
01549 .log_array_high = -1, \
01550 }
01551
01552 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_MAC_MAINT)
01553 #define RSBAC_MAC_NETOBJ_ACI_VERSION 1
01554 #define RSBAC_MAC_NETOBJ_ACI_KEY 1001
01555 struct rsbac_mac_netobj_aci_t {
01556 rsbac_security_level_t sec_level;
01557 rsbac_mac_category_vector_t mac_categories;
01558 };
01559 #define DEFAULT_MAC_NETOBJ_ACI \
01560 { \
01561 .sec_level = SL_unclassified, \
01562 .mac_categories = RSBAC_MAC_DEF_CAT_VECTOR, \
01563 }
01564 #endif
01565
01566 #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
01567 #define RSBAC_PM_NETOBJ_ACI_VERSION 1
01568 #define RSBAC_PM_NETOBJ_ACI_KEY 1001
01569 struct rsbac_pm_netobj_aci_t {
01570 rsbac_pm_object_class_id_t pm_object_class;
01571 rsbac_pm_purpose_id_t pm_ipc_purpose;
01572 rsbac_pm_object_type_int_t pm_object_type;
01573 };
01574 #define DEFAULT_PM_NETOBJ_ACI \
01575 { \
01576 .pm_object_class = RSBAC_PM_IPC_OBJECT_CLASS_ID, \
01577 .pm_ipc_purpose = 0, \
01578 .pm_object_type = PO_ipc, \
01579 }
01580 #endif
01581
01582 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
01583 #define RSBAC_RC_NETOBJ_ACI_VERSION 1
01584 #define RSBAC_RC_NETOBJ_ACI_KEY 1001
01585 #define RSBAC_RC_NETTEMP_ACI_VERSION 1
01586 #define RSBAC_RC_NETTEMP_ACI_KEY 1002
01587
01588 struct rsbac_rc_nettemp_aci_t {
01589 rsbac_rc_type_id_t netobj_type;
01590 rsbac_rc_type_id_t nettemp_type;
01591 };
01592 #define DEFAULT_RC_NETTEMP_ACI \
01593 { \
01594 .netobj_type = RSBAC_RC_GENERAL_TYPE, \
01595 .nettemp_type = RSBAC_RC_GENERAL_TYPE, \
01596 }
01597 #endif
01598
01599 #define RSBAC_NETTEMP_NR_ATTRIBUTES 9
01600 #define RSBAC_NETTEMP_ATTR_LIST { \
01601 A_security_level, \
01602 A_mac_categories, \
01603 A_pm_object_class, \
01604 A_pm_ipc_purpose, \
01605 A_pm_object_type, \
01606 A_rc_type, \
01607 A_rc_type_nt, \
01608 A_log_array_low, \
01609 A_log_array_high \
01610 }
01611
01612 #define RSBAC_NETOBJ_NR_ATTRIBUTES 16
01613 #define RSBAC_NETOBJ_ATTR_LIST { \
01614 A_local_sec_level, \
01615 A_remote_sec_level, \
01616 A_local_mac_categories, \
01617 A_remote_mac_categories, \
01618 A_local_pm_object_class, \
01619 A_remote_pm_object_class, \
01620 A_local_pm_ipc_purpose, \
01621 A_remote_pm_ipc_purpose, \
01622 A_local_pm_object_type, \
01623 A_remote_pm_object_type, \
01624 A_local_rc_type, \
01625 A_remote_rc_type, \
01626 A_local_log_array_low, \
01627 A_remote_log_array_low, \
01628 A_local_log_array_high, \
01629 A_remote_log_array_high \
01630 }
01631
01632 #ifdef __KERNEL__
01633 struct rsbac_nettemp_handles_t {
01634 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
01635 rsbac_list_handle_t gen;
01636 #endif
01637 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_MAC_MAINT)
01638 rsbac_list_handle_t mac;
01639 #endif
01640 #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
01641 rsbac_list_handle_t pm;
01642 #endif
01643 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
01644 rsbac_list_handle_t rc;
01645 #endif
01646 };
01647
01648 struct rsbac_lnetobj_handles_t {
01649 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_MAC_MAINT)
01650 rsbac_list_handle_t mac;
01651 #endif
01652 #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
01653 rsbac_list_handle_t pm;
01654 #endif
01655 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
01656 rsbac_list_handle_t rc;
01657 #endif
01658 };
01659 struct rsbac_rnetobj_handles_t {
01660 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_MAC_MAINT)
01661 rsbac_list_handle_t mac;
01662 #endif
01663 #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
01664 rsbac_list_handle_t pm;
01665 #endif
01666 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
01667 rsbac_list_handle_t rc;
01668 #endif
01669 };
01670 #endif
01671
01672
01673
01674
01675
01676
01677 #ifdef __KERNEL__
01678 extern kdev_t rsbac_root_dev;
01679
01680 int rsbac_read_open(char *, struct file *,
01681 kdev_t);
01682
01683 int rsbac_write_open(char *, struct file *,
01684 kdev_t);
01685
01686 void rsbac_read_close(struct file *);
01687
01688 void rsbac_write_close(struct file *);
01689
01690 extern struct semaphore rsbac_write_sem;
01691
01692
01693
01694
01695
01696 extern inline void rsbac_read_lock(rwlock_t * lock_p, u_long * flags_p)
01697 {
01698 read_lock(lock_p);
01699 };
01700
01701 extern inline void rsbac_read_unlock(rwlock_t * lock_p, u_long * flags_p)
01702 {
01703 read_unlock(lock_p);
01704 };
01705
01706 extern inline void rsbac_write_lock(rwlock_t * lock_p, u_long * flags_p)
01707 {
01708 write_lock(lock_p);
01709 };
01710
01711 extern inline void rsbac_write_unlock(rwlock_t * lock_p, u_long * flags_p)
01712 {
01713 write_unlock(lock_p);
01714 };
01715
01716 extern inline void rsbac_write_lock_irq(rwlock_t * lock_p,
01717 u_long * flags_p)
01718 {
01719 write_lock_irq(lock_p);
01720 };
01721
01722 extern inline void rsbac_write_unlock_irq(rwlock_t * lock_p,
01723 u_long * flags_p)
01724 {
01725 write_unlock_irq(lock_p);
01726 };
01727
01728 #endif
01729
01730
01731
01732
01733
01734 #ifdef __KERNEL__
01735
01736 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01737 static inline struct dentry *lock_parent(struct dentry *dentry)
01738 {
01739 struct dentry *dir = dget(dentry->d_parent);
01740
01741 mutex_lock(&dir->d_inode->i_mutex);
01742 return dir;
01743 }
01744
01745 static inline void unlock_dir(struct dentry *dir)
01746 {
01747 mutex_unlock(&dir->d_inode->i_mutex);
01748 dput(dir);
01749 }
01750
01751 static inline void double_mutex_lock(struct mutex *m1, struct mutex *m2)
01752 {
01753 if (m1 != m2) {
01754 if ((unsigned long) m1 < (unsigned long) m2) {
01755 struct mutex *tmp = m2;
01756 m2 = m1;
01757 m1 = tmp;
01758 }
01759 mutex_lock(m1);
01760 }
01761 mutex_lock(m2);
01762 }
01763
01764 static inline void double_mutex_unlock(struct mutex *m1, struct mutex *m2)
01765 {
01766 mutex_unlock(m1);
01767 if (m1 != m2)
01768 mutex_unlock(m2);
01769 }
01770
01771 static inline void double_lock(struct dentry *d1, struct dentry *d2)
01772 {
01773 double_mutex_lock(&d1->d_inode->i_mutex, &d2->d_inode->i_mutex);
01774 }
01775
01776 static inline void double_unlock(struct dentry *d1, struct dentry *d2)
01777 {
01778 double_mutex_unlock(&d1->d_inode->i_mutex, &d2->d_inode->i_mutex);
01779 dput(d1);
01780 dput(d2);
01781 }
01782 #else
01783 extern inline struct dentry *lock_parent(struct dentry *dentry);
01784 #endif
01785
01786 #ifdef CONFIG_RSBAC_DEBUG
01787 static inline unsigned long rsbac_stack_free_space(void)
01788 {
01789 unsigned long *n = (unsigned long *)(current + 1);
01790 while (!*n)
01791 n++;
01792 return (unsigned long)n - (unsigned long)(current + 1);
01793 }
01794 #else
01795 #define rsbac_stack_free_space() 0
01796 #endif
01797
01798 #endif
01799
01800 #endif