/linux-2.6.21.1-rsbac-1.3.4/include/rsbac/adf.h

Go to the documentation of this file.
00001 /******************************* */
00002 /* Rule Set Based Access Control */
00003 /* Author and (c) 1999-2006:     */
00004 /*   Amon Ott <ao@rsbac.org>     */
00005 /* API: for Access Control       */
00006 /* Decision Facility             */
00007 /* Last modified: 09/Jun/2006    */
00008 /******************************* */
00009 
00010 #ifndef __RSBAC_ADF_H
00011 #define __RSBAC_ADF_H
00012 
00013 #include <linux/init.h>
00014 #include <linux/binfmts.h>
00015 #include <rsbac/types.h>
00016 #include <rsbac/debug.h>
00017 #include <rsbac/fs.h>
00018 
00019 /***************************************************/
00020 /*                   Prototypes                    */
00021 /***************************************************/
00022 
00023 /* Init function */
00024 #ifdef CONFIG_RSBAC_INIT_DELAY
00025 extern  void rsbac_init_adf(void);
00026 #else
00027 extern  void rsbac_init_adf(void) __init;
00028 #endif
00029 
00030 /* This function is the internal decision function, called from the next. */
00031 /* It allows to ignore a certain module (last parameter), e.g. for asking */
00032 /* all _other_ modules, but not the calling module, to avoid a circle.    */
00033 
00034 extern enum rsbac_adf_req_ret_t
00035    rsbac_adf_request_int(enum  rsbac_adf_request_t     request,
00036                                rsbac_pid_t             caller_pid,
00037                          enum  rsbac_target_t          target,
00038                          union rsbac_target_id_t     * tid_p,
00039                          enum  rsbac_attribute_t       attr,
00040                          union rsbac_attribute_value_t * attr_val_p,
00041                          enum  rsbac_switch_target_t   ignore_module);
00042 
00043 /*********************************************************************/
00044 /* rsbac_adf_request()                                               */
00045 /* This function is the main decision function, called from the AEF. */
00046 /* It is a simple wrapper to the internal function, setting          */
00047 /* ignore_module to SW_NONE.                                         */
00048 
00049 static inline enum rsbac_adf_req_ret_t
00050    rsbac_adf_request( enum  rsbac_adf_request_t     request,
00051                             rsbac_pid_t             caller_pid,
00052                       enum  rsbac_target_t          target,
00053                       union rsbac_target_id_t       tid,
00054                       enum  rsbac_attribute_t       attr,
00055                       union rsbac_attribute_value_t attr_val)
00056   {
00057     return rsbac_adf_request_int(request,
00058                                  caller_pid,
00059                                  target,
00060                                  &tid,
00061                                  attr,
00062                                  &attr_val,
00063                                  SW_NONE);
00064   }
00065 
00066 
00067 /* If the request returned granted and the operation is performed,           */
00068 /* the following function is called by the AEF to get all aci set correctly. */
00069 /* The second instance of target specification is the new target, if one has */
00070 /* been created, otherwise its values are ignored.                           */
00071 /* It returns 0 on success and an error from error.h otherwise.              */
00072 
00073 extern  int  rsbac_adf_set_attr(     enum  rsbac_adf_request_t,
00074                                            rsbac_pid_t,
00075                                      enum  rsbac_target_t,
00076                                      union rsbac_target_id_t,
00077                                      enum  rsbac_target_t,
00078                                      union rsbac_target_id_t,
00079                                      enum  rsbac_attribute_t,
00080                                      union rsbac_attribute_value_t);
00081 
00082 #include <linux/types.h>
00083 #include <linux/dcache.h>
00084 
00085 int rsbac_sec_del(struct dentry * dentry_p);
00086 
00087 int rsbac_sec_trunc(struct dentry * dentry_p,
00088                     loff_t new_len, loff_t old_len);
00089 
00090 /* This function changes the symlink content by adding a suffix, if
00091  * requested. It returns NULL, if unchanged, or a pointer to a
00092  * kmalloc'd new char * otherwise, which has to be kfree'd after use.
00093  */
00094 char * rsbac_symlink_redirect(
00095   struct dentry * dentry_p,
00096   const char * name,
00097   u_int maxlen);
00098 
00099 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_PART
00100 extern int rsbac_dac_part_disabled(struct dentry * dentry_p);
00101 #endif
00102 
00103 #ifdef CONFIG_RSBAC_FAKE_ROOT_UID
00104 extern rsbac_uid_t rsbac_fake_uid(void);
00105 extern rsbac_uid_t rsbac_fake_euid(void);
00106 extern int rsbac_uid_faked(void);
00107 #endif
00108 
00109 int rsbac_cap_check_envp(struct linux_binprm *bprm);
00110 
00111 extern int rsbac_handle_filldir(const struct file *file, const char *name, const unsigned int namlen, const ino_t ino);
00112 
00113 int rsbac_set_audit_uid(rsbac_uid_t uid);
00114 
00115 #endif

Generated on Wed May 16 11:53:27 2007 for RSBAC by  doxygen 1.5.1