/linux-2.6.21.1-rsbac-1.3.4/include/rsbac/aci.h

Go to the documentation of this file.
00001 /******************************* */
00002 /* Rule Set Based Access Control */
00003 /* Author and (c) 1999-2007:     */
00004 /*   Amon Ott <ao@rsbac.org>     */
00005 /* API: Data structures          */
00006 /* and functions for Access      */
00007 /* Control Information           */
00008 /* Last modified: 12/Feb/2007    */
00009 /******************************* */
00010 
00011 #ifndef __RSBAC_ACI_H
00012 #define __RSBAC_ACI_H
00013 
00014 #include <rsbac/types.h>
00015 #include <linux/init.h>
00016 
00017 /***************************************************/
00018 /*                   Prototypes                    */
00019 /***************************************************/
00020 
00021 /* All functions return 0, if no error occurred, and a negative error code  */
00022 /* otherwise. The error codes are defined in rsbac_error.h.                 */
00023 
00024 /****************************************************************************/
00025 /* Initialization, including ACI restoration for all mounted devices from   */
00026 /* disk. After this call, all ACI is kept in memory for performance reasons,*/
00027 /* but user and file/dir object ACI are written to disk on every change.    */
00028 
00029 #ifdef CONFIG_RSBAC_INIT_DELAY
00030 extern int rsbac_init(kdev_t root_dev);
00031 #else
00032 extern int rsbac_init(kdev_t root_dev) __init;
00033 #endif
00034 
00035 /* Notify RSBAC of new kernel thread */
00036 int rsbac_kthread_notify(rsbac_pid_t pid);
00037 
00038 /* To turn RSBAC off on umount of root device */
00039 extern void rsbac_off(void);
00040 
00041 /* For other kernel parts to check, whether RSBAC was initialized correctly */
00042 extern rsbac_boolean_t rsbac_initialized;
00043 
00044 static inline rsbac_boolean_t rsbac_is_initialized(void)
00045 {
00046   return rsbac_initialized;
00047 }
00048 
00049 /* When mounting a device, its ACI must be read and added to the ACI lists. */
00050 extern int rsbac_mount(struct super_block * sb_p, struct dentry * d_covers);
00051 /* When umounting a device, its ACI must be removed from the ACI lists. */
00052 extern int rsbac_umount(struct super_block * sb_p, struct dentry * d_covers);
00053 
00054 /* On pivot_root, we must unblock the dentry tree of the old root */
00055 /* by putting all cached rsbac.dat dentries */
00056 int rsbac_free_dat_dentries(void);
00057 
00058 /* Some information about the current status is also available */
00059 extern int rsbac_stats(void);
00060 
00061 /* Trigger internal consistency check (int: if != 0: correct errors) */
00062 extern int rsbac_check(int correct, int check_inode);
00063 
00064 /* RSBAC attribute saving to disk can be triggered from outside
00065  * param: call lock_kernel() before disk access?
00066  */
00067 #if defined(CONFIG_RSBAC_MAINT) || defined(CONFIG_RSBAC_AUTO_WRITE)
00068 extern int rsbac_write(rsbac_boolean_t);
00069 #endif
00070 
00071 /* get the parent of a target
00072  * returns -RSBAC_EINVALIDTARGET for non-fs targets
00073  * and -RSBAC_ENOTFOUND, if no parent available
00074  * In kernels >= 2.4.0, device_p->d_covers is used and the item is properly
00075  * locked for reading, so never call with a write lock held on device_p!
00076  */
00077 int rsbac_get_parent(enum rsbac_target_t target,
00078                      union rsbac_target_id_t tid,
00079                      enum rsbac_target_t * parent_target_p,
00080                      union rsbac_target_id_t * parent_tid_p);
00081 
00082 /* Invalidate cached attribute values for one or all filesystem objects */
00083 
00084 #ifdef CONFIG_RSBAC_FD_CACHE
00085 int rsbac_fd_cache_invalidate(struct rsbac_fs_file_t * file_p);
00086 
00087 int rsbac_fd_cache_invalidate_all(void);
00088 #endif
00089 
00090 /****************************************************************************/
00091 /* For objects, users and processes all manipulation is encapsulated by the */
00092 /* function calls rsbac_set_attr, rsbac_get_attr and rsbac_remove_target.   */
00093                           
00094 int rsbac_ta_get_attr(
00095   rsbac_list_ta_number_t ta_number,
00096   enum rsbac_switch_target_t module,
00097   enum rsbac_target_t target,
00098   union rsbac_target_id_t tid,
00099   enum rsbac_attribute_t attr,
00100   union rsbac_attribute_value_t * value,
00101   rsbac_boolean_t inherit);
00102 
00103 #define rsbac_get_attr(module, target, tid, attr, value, inherit) \
00104   rsbac_ta_get_attr(0, module, target, tid, attr, value, inherit)
00105 
00106 int rsbac_ta_set_attr(
00107   rsbac_list_ta_number_t ta_number,
00108   enum rsbac_switch_target_t module,
00109   enum rsbac_target_t target,
00110   union rsbac_target_id_t tid,
00111   enum rsbac_attribute_t attr,
00112   union rsbac_attribute_value_t value);
00113 
00114 #define rsbac_set_attr(module, target, tid, attr, value) \
00115   rsbac_ta_set_attr(0, module, target, tid, attr, value)
00116 
00117 /* All RSBAC targets should be removed, if no longer needed, to prevent     */
00118 /* memory wasting.                                                          */
00119 
00120 int rsbac_ta_remove_target(
00121   rsbac_list_ta_number_t ta_number,
00122   enum rsbac_target_t target,
00123   union rsbac_target_id_t tid);
00124 
00125 #define rsbac_remove_target(target, tid) \
00126   rsbac_ta_remove_target(0, target, tid)
00127 
00128 int rsbac_ta_list_all_dev(rsbac_list_ta_number_t ta_number,
00129                           struct rsbac_dev_desc_t ** id_pp);
00130 
00131 int rsbac_ta_list_all_user(rsbac_list_ta_number_t ta_number,
00132                            rsbac_uid_t ** id_pp);
00133 
00134 int rsbac_ta_list_all_ipc(rsbac_list_ta_number_t ta_number,
00135                           struct rsbac_ipc_t ** id_pp);
00136         
00137 int rsbac_ta_list_all_group(rsbac_list_ta_number_t ta_number,
00138                             rsbac_gid_t ** id_pp);
00139 
00140 int rsbac_mark_kthread(rsbac_pid_t pid);
00141 int rsbac_kthreads_init(void);
00142 #endif

Generated on Wed May 16 11:53:26 2007 for RSBAC by  doxygen 1.5.1