/linux-2.6.21.1-rsbac-1.3.4/include/rsbac/rc.h

Go to the documentation of this file.
00001 /******************************* */
00002 /* Rule Set Based Access Control */
00003 /* Author and (c) 1999-2005:     */
00004 /*   Amon Ott <ao@rsbac.org>     */
00005 /* API: Data structures          */
00006 /* and functions for Access      */
00007 /* Control Information / RC      */
00008 /* Last modified: 09/Feb/2005    */
00009 /******************************* */
00010 
00011 #ifndef __RSBAC_RC_H
00012 #define __RSBAC_RC_H
00013 
00014 #include <linux/init.h>
00015 #include <rsbac/rc_types.h>
00016 
00017 /***************************************************/
00018 /*               General Prototypes                */
00019 /***************************************************/
00020 
00021 /* All functions return 0, if no error occurred, and a negative error code  */
00022 /* otherwise. The error codes are defined in rsbac_error.h.                 */
00023 
00024 /****************************************************************************/
00025 /* Initialization, including ACI restoration for all mounted devices from   */
00026 /* disk. After this call, all ACI is kept in memory for performance reasons.*/
00027 
00028 #ifdef CONFIG_RSBAC_INIT_DELAY
00029 int rsbac_init_rc(void);
00030 #else
00031 int rsbac_init_rc(void) __init;
00032 #endif
00033 
00034 /* Find the boot role */
00035 #ifdef CONFIG_RSBAC_INIT_DELAY
00036 int rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p);
00037 #else
00038 int rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p) __init;
00039 #endif
00040 
00041 /* Some information about the current status is also available              */
00042 
00043 int rsbac_stats_rc(void);
00044 
00045 /************************************************* */
00046 /*               Access functions                  */
00047 /************************************************* */
00048 
00049 /* All these procedures handle the spinlocks to protect the targets during  */
00050 /* access.                                                                  */
00051 
00052 /* All roles are always there, so instead of creation, we supply a copy for */
00053 /* initialization. There is always the well-defined role general to copy    */
00054 int rsbac_rc_copy_role(rsbac_list_ta_number_t ta_number,
00055                        rsbac_rc_role_id_t from_role,
00056                        rsbac_rc_role_id_t to_role);
00057 
00058 int rsbac_rc_copy_type(rsbac_list_ta_number_t ta_number,
00059                        enum rsbac_rc_target_t target,
00060                        rsbac_rc_type_id_t from_type,
00061                        rsbac_rc_type_id_t to_type);
00062 
00063 /* Getting item values */
00064 int rsbac_rc_get_item(rsbac_list_ta_number_t ta_number,
00065                       enum rsbac_rc_target_t target,
00066                       union rsbac_rc_target_id_t tid,
00067                       union rsbac_rc_target_id_t subtid,
00068                       enum rsbac_rc_item_t item,
00069                       union rsbac_rc_item_value_t *value_p,
00070                       rsbac_time_t * ttl_p);
00071 
00072 /* Setting item values */
00073 int rsbac_rc_set_item(rsbac_list_ta_number_t ta_number,
00074                       enum rsbac_rc_target_t target,
00075                       union rsbac_rc_target_id_t tid,
00076                       union rsbac_rc_target_id_t subtid,
00077                       enum rsbac_rc_item_t item,
00078                       union rsbac_rc_item_value_t value, rsbac_time_t ttl);
00079 
00080 /* Checking role's compatibility */
00081 rsbac_boolean_t rsbac_rc_check_comp(rsbac_rc_role_id_t role,
00082                                     union rsbac_rc_target_id_t subtid,
00083                                     enum rsbac_rc_item_t item,
00084                                     enum rsbac_rc_special_rights_t right);
00085 
00086 /* Checking whether role exists */
00087 rsbac_boolean_t rsbac_rc_role_exists(rsbac_list_ta_number_t ta_number,
00088                                      rsbac_rc_role_id_t role);
00089 
00090 rsbac_boolean_t rsbac_rc_type_exists(rsbac_list_ta_number_t ta_number,
00091                                      enum rsbac_target_t target,
00092                                      rsbac_rc_type_id_t type);
00093 
00094 /* Get list of defined items. Returns number or negative error.
00095  * Allocates array via vmalloc, if number > 0 - vfree after use! */
00096 int rsbac_rc_get_list(rsbac_list_ta_number_t ta_number,
00097                       enum rsbac_rc_target_t target,
00098                       union rsbac_rc_target_id_t tid,
00099                       enum rsbac_rc_item_t item,
00100                       __u32 ** array_pp, rsbac_time_t ** ttl_array_pp);
00101 
00102 int rsbac_rc_select_fd_create_type(rsbac_rc_type_id_t type);
00103 
00104 #endif

Generated on Wed May 16 11:53:28 2007 for RSBAC by  doxygen 1.5.1