/linux-2.6.21.1-rsbac-1.3.4/include/rsbac/rc_data_structures.h

Go to the documentation of this file.
00001 /*********************************/
00002 /* Rule Set Based Access Control */
00003 /* Author and (c) 1999-2005:     */
00004 /*   Amon Ott <ao@rsbac.org>     */
00005 /* Data structures for Role      */
00006 /* Compatibility module          */
00007 /* Last modified: 21/Dec/2005    */
00008 /*********************************/
00009 
00010 
00011 #ifndef __RSBAC_RC_DATA_STRUC_H
00012 #define __RSBAC_RC_DATA_STRUC_H
00013 
00014 #ifdef __KERNEL__               /* only include in kernel code */
00015 #include <linux/types.h>
00016 #include <rsbac/types.h>
00017 #endif                          /* __KERNEL__ */
00018 
00019 /* First of all we define dirname and filenames for saving the roles to disk. */
00020 /* The path must be a valid single dir name! Each mounted device gets its    */
00021 /* own file set, residing in 'DEVICE_ROOT/RSBAC_ACI_PATH/'.                  */
00022 /* All user access to these files will be denied.                            */
00023 /* Backups are kept in FILENAMEb.                                            */
00024 
00025 #ifdef __KERNEL__
00026 #define RSBAC_RC_LIST_KEY 77788855
00027 
00028 #define RSBAC_RC_NR_ROLE_LISTS 4
00029 #define RSBAC_RC_NR_TYPE_LISTS 4
00030 
00031 /* roles */
00032 #define RSBAC_RC_ROLE_FILENAME "rc_r"
00033 
00034 /* roles we are compatible with ( = we can change to) */
00035 #define RSBAC_RC_ROLE_RC_FILENAME "rc_rc"
00036 
00037 /* roles we may administrate (replaces admin_type) */
00038 #define RSBAC_RC_ROLE_ADR_FILENAME "rc_adr"
00039 
00040 /* roles we may read and assign to users, if they were in one of these before. */
00041 #define RSBAC_RC_ROLE_ASR_FILENAME "rc_asr"
00042 
00043 /* file/dir/fifo/symlink types for new items, by parent efftype */
00044 /* If not found, use old global value def_fd_create_type */
00045 #define RSBAC_RC_ROLE_DFDC_FILENAME "rc_dfdc"
00046 
00047 /* file/dir/fifo/symlink types and requests we are compatible with */
00048 #define RSBAC_RC_ROLE_TCFD_FILENAME "rc_tcfd"
00049 
00050 /* dev types and requests we are compatible with */
00051 #define RSBAC_RC_ROLE_TCDV_FILENAME "rc_tcdv"
00052 
00053 /* user types and requests we are compatible with */
00054 #define RSBAC_RC_ROLE_TCUS_FILENAME "rc_tcus"
00055 
00056 /* process types and requests we are compatible with */
00057 #define RSBAC_RC_ROLE_TCPR_FILENAME "rc_tcpr"
00058 
00059 /* IPC types and requests we are compatible with */
00060 #define RSBAC_RC_ROLE_TCIP_FILENAME "rc_tcip"
00061 
00062 /* SCD types and requests we are compatible with */
00063 #define RSBAC_RC_ROLE_TCSC_FILENAME "rc_tcsc"
00064 
00065 /* group types and requests we are compatible with */
00066 #define RSBAC_RC_ROLE_TCGR_FILENAME "rc_tcgr"
00067 
00068 /* NETDEV types and requests we are compatible with */
00069 #define RSBAC_RC_ROLE_TCND_FILENAME "rc_tcnd"
00070 
00071 /* NETTEMP types and requests we are compatible with */
00072 #define RSBAC_RC_ROLE_TCNT_FILENAME "rc_tcnt"
00073 
00074 /* NETOBJ types and requests we are compatible with */
00075 #define RSBAC_RC_ROLE_TCNO_FILENAME "rc_tcno"
00076 
00077 #define RSBAC_RC_ROLE_LIST_VERSION 5
00078 #define RSBAC_RC_ROLE_OLD_LIST_VERSION 4
00079 #define RSBAC_RC_ROLE_OLD_OLD_LIST_VERSION 3
00080 #define RSBAC_RC_ROLE_OLD_OLD_OLD_LIST_VERSION 2
00081 #define RSBAC_RC_ROLE_OLD_OLD_OLD_OLD_LIST_VERSION 1
00082 #define RSBAC_RC_ROLE_RC_LIST_VERSION 1
00083 #define RSBAC_RC_ROLE_ADR_LIST_VERSION 1
00084 #define RSBAC_RC_ROLE_ASR_LIST_VERSION 1
00085 #define RSBAC_RC_ROLE_DFDC_LIST_VERSION 1
00086 #define RSBAC_RC_ROLE_TCFD_LIST_VERSION 2
00087 #define RSBAC_RC_ROLE_TCDV_LIST_VERSION 2
00088 #define RSBAC_RC_ROLE_TCUS_LIST_VERSION 2
00089 #define RSBAC_RC_ROLE_TCPR_LIST_VERSION 2
00090 #define RSBAC_RC_ROLE_TCIP_LIST_VERSION 2
00091 #define RSBAC_RC_ROLE_TCSC_LIST_VERSION 2
00092 #define RSBAC_RC_ROLE_TCGR_LIST_VERSION 2
00093 #define RSBAC_RC_ROLE_TCND_LIST_VERSION 2
00094 #define RSBAC_RC_ROLE_TCNT_LIST_VERSION 2
00095 #define RSBAC_RC_ROLE_TCNO_LIST_VERSION 2
00096 #define RSBAC_RC_ROLE_TCFD_OLD_LIST_VERSION 1
00097 #define RSBAC_RC_ROLE_TCDV_OLD_LIST_VERSION 1
00098 #define RSBAC_RC_ROLE_TCUS_OLD_LIST_VERSION 1
00099 #define RSBAC_RC_ROLE_TCPR_OLD_LIST_VERSION 1
00100 #define RSBAC_RC_ROLE_TCIP_OLD_LIST_VERSION 1
00101 #define RSBAC_RC_ROLE_TCSC_OLD_LIST_VERSION 1
00102 #define RSBAC_RC_ROLE_TCGR_OLD_LIST_VERSION 1
00103 #define RSBAC_RC_ROLE_TCND_OLD_LIST_VERSION 1
00104 #define RSBAC_RC_ROLE_TCNT_OLD_LIST_VERSION 1
00105 #define RSBAC_RC_ROLE_TCNO_OLD_LIST_VERSION 1
00106 
00107 #define RSBAC_RC_TYPE_FD_FILENAME "rc_tfd"
00108 #define RSBAC_RC_TYPE_DEV_FILENAME "rc_tdv"
00109 #define RSBAC_RC_TYPE_IPC_FILENAME "rc_tip"
00110 #define RSBAC_RC_TYPE_USER_FILENAME "rc_tus"
00111 #define RSBAC_RC_TYPE_PROCESS_FILENAME "rc_tpr"
00112 #define RSBAC_RC_TYPE_GROUP_FILENAME "rc_tgr"
00113 #define RSBAC_RC_TYPE_NETDEV_FILENAME "rc_tnd"
00114 #define RSBAC_RC_TYPE_NETTEMP_FILENAME "rc_tnt"
00115 #define RSBAC_RC_TYPE_NETOBJ_FILENAME "rc_tno"
00116 
00117 #define RSBAC_RC_TYPE_FD_LIST_VERSION 1
00118 #define RSBAC_RC_TYPE_DEV_LIST_VERSION 1
00119 #define RSBAC_RC_TYPE_IPC_LIST_VERSION 1
00120 #define RSBAC_RC_TYPE_USER_LIST_VERSION 1
00121 #define RSBAC_RC_TYPE_PROCESS_LIST_VERSION 1
00122 #define RSBAC_RC_TYPE_GROUP_LIST_VERSION 1
00123 #define RSBAC_RC_TYPE_NETDEV_LIST_VERSION 1
00124 #define RSBAC_RC_TYPE_NETTEMP_LIST_VERSION 1
00125 #define RSBAC_RC_TYPE_NETOBJ_LIST_VERSION 1
00126 #endif                          /* __KERNEL__ */
00127 
00128 /*
00129  * The following structures provide the role model data structures.
00130  * All RSBAC_RC_NR_ROLES roles and RSBAC_RC_NR_TYPES x target-no. types
00131  * and SCD-type definitions are kept in arrays and saved to disk as such.
00132  */
00133 
00134 /***************************************
00135  *               Roles                 *
00136  ***************************************/
00137 
00138 /* Caution: whenever role struct changes, version and old_version must be increased! */
00139 
00140 struct rsbac_rc_role_entry_t {
00141         rsbac_enum_t admin_type;        /* role admin: none, system or role admin? */
00142         char name[RSBAC_RC_NAME_LEN];
00143         rsbac_rc_type_id_t def_fd_create_type;
00144         rsbac_rc_type_id_t def_user_create_type;
00145         rsbac_rc_type_id_t def_process_create_type;
00146         rsbac_rc_type_id_t def_process_chown_type;
00147         rsbac_rc_type_id_t def_process_execute_type;
00148         rsbac_rc_type_id_t def_ipc_create_type;
00149         rsbac_rc_type_id_t def_group_create_type;
00150         rsbac_rc_type_id_t def_unixsock_create_type;
00151         rsbac_enum_t boot_role;
00152         rsbac_enum_t req_reauth;
00153 };
00154 
00155 struct rsbac_rc_old_role_entry_t {
00156         rsbac_enum_t admin_type;        /* role admin: none, system or role admin? */
00157         char name[RSBAC_RC_NAME_LEN];
00158         rsbac_rc_type_id_t def_fd_create_type;
00159         rsbac_rc_type_id_t def_user_create_type;
00160         rsbac_rc_type_id_t def_process_create_type;
00161         rsbac_rc_type_id_t def_process_chown_type;
00162         rsbac_rc_type_id_t def_process_execute_type;
00163         rsbac_rc_type_id_t def_ipc_create_type;
00164         rsbac_rc_type_id_t def_group_create_type;
00165         rsbac_enum_t boot_role;
00166         rsbac_enum_t req_reauth;
00167 };
00168 
00169 struct rsbac_rc_old_old_role_entry_t {
00170         rsbac_enum_t admin_type;        /* role admin: none, system or role admin? */
00171         char name[RSBAC_RC_NAME_LEN];
00172         rsbac_rc_type_id_t def_fd_create_type;
00173         rsbac_rc_type_id_t def_user_create_type;
00174         rsbac_rc_type_id_t def_process_create_type;
00175         rsbac_rc_type_id_t def_process_chown_type;
00176         rsbac_rc_type_id_t def_process_execute_type;
00177         rsbac_rc_type_id_t def_ipc_create_type;
00178         rsbac_rc_type_id_t def_group_create_type;
00179         rsbac_enum_t boot_role;
00180 };
00181 
00182 struct rsbac_rc_old_old_old_role_entry_t {
00183         rsbac_enum_t admin_type;        /* role admin: none, system or role admin? */
00184         char name[RSBAC_RC_NAME_LEN];
00185         rsbac_rc_type_id_t def_fd_create_type;
00186         rsbac_rc_type_id_t def_user_create_type;
00187         rsbac_rc_type_id_t def_process_create_type;
00188         rsbac_rc_type_id_t def_process_chown_type;
00189         rsbac_rc_type_id_t def_process_execute_type;
00190         rsbac_rc_type_id_t def_ipc_create_type;
00191         rsbac_enum_t boot_role;
00192 };
00193 
00194 struct rsbac_rc_old_old_old_old_role_entry_t {
00195         rsbac_enum_t admin_type;        /* role admin: none, system or role admin? */
00196         char name[RSBAC_RC_NAME_LEN];
00197         rsbac_rc_type_id_t def_fd_create_type;
00198         rsbac_rc_type_id_t def_process_create_type;
00199         rsbac_rc_type_id_t def_process_chown_type;
00200         rsbac_rc_type_id_t def_process_execute_type;
00201         rsbac_rc_type_id_t def_ipc_create_type;
00202 };
00203 
00204 #define RSBAC_RC_NR_ROLE_ENTRY_ITEMS 25
00205 #define RSBAC_RC_ROLE_ENTRY_ITEM_LIST { \
00206       RI_role_comp, \
00207       RI_admin_roles, \
00208       RI_assign_roles, \
00209       RI_type_comp_fd, \
00210       RI_type_comp_dev, \
00211       RI_type_comp_user, \
00212       RI_type_comp_process, \
00213       RI_type_comp_ipc, \
00214       RI_type_comp_scd, \
00215       RI_type_comp_group, \
00216       RI_type_comp_netdev, \
00217       RI_type_comp_nettemp, \
00218       RI_type_comp_netobj, \
00219       RI_admin_type, \
00220       RI_name, \
00221       RI_def_fd_create_type, \
00222       RI_def_fd_ind_create_type, \
00223       RI_def_user_create_type, \
00224       RI_def_process_create_type, \
00225       RI_def_process_chown_type, \
00226       RI_def_process_execute_type, \
00227       RI_def_ipc_create_type, \
00228       RI_def_group_create_type, \
00229       RI_boot_role, \
00230       RI_req_reauth \
00231       }
00232 
00233 /***************************************
00234  *             Type names              *
00235  ***************************************/
00236 
00237 /* Caution: whenever role struct changes, version and old_version must be increased! */
00238 
00239 /* #define RSBAC_RC_OLD_TYPE_VERSION 1 */
00240 #define RSBAC_RC_TYPE_VERSION 1
00241 
00242 struct rsbac_rc_type_fd_entry_t {
00243         char name[RSBAC_RC_NAME_LEN];
00244         __u8 need_secdel;       /* rsbac_boolean_t */
00245 };
00246 
00247 #define RSBAC_RC_NR_TYPE_ENTRY_ITEMS 10
00248 #define RSBAC_RC_TYPE_ENTRY_ITEM_LIST { \
00249       RI_type_fd_name, \
00250       RI_type_dev_name, \
00251       RI_type_ipc_name, \
00252       RI_type_scd_name, \
00253       RI_type_process_name, \
00254       RI_type_group_name, \
00255       RI_type_netdev_name, \
00256       RI_type_nettemp_name, \
00257       RI_type_netobj_name, \
00258       RI_type_fd_need_secdel \
00259       }
00260 
00261 /**********************************************/
00262 /*              Default values                */
00263 /**********************************************/
00264 
00265 #define RSBAC_RC_GENERAL_ROLE_ENTRY \
00266     { \
00267       .admin_type = RC_no_admin, \
00268       .name = "General User", \
00269       .def_fd_create_type = RC_type_inherit_parent, \
00270       .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00271       .def_process_create_type = RC_type_inherit_parent, \
00272       .def_process_chown_type = RC_type_use_new_role_def_create, \
00273       .def_process_execute_type = RC_type_inherit_parent, \
00274       .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00275       .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00276       .def_unixsock_create_type = RC_type_use_fd, \
00277       .boot_role = FALSE, \
00278       .req_reauth = FALSE, \
00279     }
00280 
00281 #define RSBAC_RC_ROLE_ADMIN_ROLE_ENTRY \
00282     { \
00283       .admin_type = RC_role_admin, \
00284       .name = "Role Admin", \
00285       .def_fd_create_type = RC_type_inherit_parent, \
00286       .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00287       .def_process_create_type = RC_type_inherit_parent, \
00288       .def_process_chown_type = RC_type_use_new_role_def_create, \
00289       .def_process_execute_type = RC_type_inherit_parent, \
00290       .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00291       .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00292       .def_unixsock_create_type = RC_type_use_fd, \
00293       .boot_role = FALSE, \
00294       .req_reauth = FALSE, \
00295     }
00296 
00297 #define RSBAC_RC_SYSTEM_ADMIN_ROLE_ENTRY \
00298     { \
00299       .admin_type = RC_system_admin, \
00300       .name = "System Admin", \
00301       .def_fd_create_type = RC_type_inherit_parent, \
00302       .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00303       .def_process_create_type = RC_type_inherit_parent, \
00304       .def_process_chown_type = RC_type_use_new_role_def_create, \
00305       .def_process_execute_type = RC_type_inherit_parent, \
00306       .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00307       .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00308       .def_unixsock_create_type = RC_type_use_fd, \
00309       .boot_role = FALSE, \
00310       .req_reauth = FALSE, \
00311     }
00312 
00313 #define RSBAC_RC_BOOT_ROLE_ENTRY \
00314     { \
00315       .admin_type = RC_no_admin, \
00316       .name = "System Boot", \
00317       .def_fd_create_type = RC_type_inherit_parent, \
00318       .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00319       .def_process_create_type = RC_type_inherit_parent, \
00320       .def_process_chown_type = RC_type_use_new_role_def_create, \
00321       .def_process_execute_type = RC_type_inherit_parent, \
00322       .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00323       .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00324       .def_unixsock_create_type = RC_type_use_fd, \
00325       .boot_role = TRUE, \
00326       .req_reauth = FALSE, \
00327     }
00328 
00329 #define RSBAC_RC_AUDITOR_ROLE_ENTRY \
00330     { \
00331       .admin_type = RC_no_admin, \
00332       .name = "Auditor", \
00333       .def_fd_create_type = RC_type_inherit_parent, \
00334       .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00335       .def_process_create_type = RC_type_inherit_parent, \
00336       .def_process_chown_type = RC_type_use_new_role_def_create, \
00337       .def_process_execute_type = RC_type_inherit_parent, \
00338       .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00339       .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00340       .def_unixsock_create_type = RC_type_use_fd, \
00341       .boot_role = FALSE, \
00342       .req_reauth = FALSE, \
00343     }
00344 
00345 /**********************************************/
00346 /*              Declarations                  */
00347 /**********************************************/
00348 
00349 #ifdef __KERNEL__
00350 #endif                          /* __KERNEL__ */
00351 
00352 #endif                          /* __RSBAC_RC_DATA_STRUC_H */

Generated on Wed May 16 11:53:28 2007 for RSBAC by  doxygen 1.5.1