https://www.rsbac.org/ 2026-04-14T08:40:04+00:00 https://www.rsbac.org/ https://www.rsbac.org/lib/tpl/rsbac/images/favicon.ico text/html 2007-01-16T11:58:16+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/architecture_implementation/framework_components/aci?rev=1168948696&do=diff Data Structures Component The Data Structures component contains all the Access Control Information (ACI) and all parts of the Access Control Context (ACC) that are not already stored in standard kernel structures. The General Data Structures provide fixed size attribute structures for objects of all target types and for all implemented decision modules. The attribute objects are kept in generic dynamic lists. Attributes for persistent objects of target types FILE, DIR, FIFO, SYMLINK, SCD, USE… text/html 2007-03-10T21:11:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/architecture_implementation/framework_components/adf?rev=1173561061&do=diff Access Control Decision Facility (ADF) The ADF is split into two parts: * The main part, doing the general work * The modules, called by the first part First part: General work For the main part of the ADF, there are several tasks to accomplish: text/html 2007-03-10T21:06:30+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/architecture_implementation/framework_components/aef?rev=1173560790&do=diff Access Control Enforcement Facility (AEF) The AEF component is the only part of RSBAC, which has not been modularized, as it needs to be hooked into several locations of the existing kernel code. In short, every system call and pseudo file handling function is extended by 2 calls to the ADF text/html 2007-03-10T21:17:48+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/architecture_implementation/framework_components/interfaces?rev=1173561468&do=diff Todo: Please make me understandable by normal human beings Interfaces The diagrams show, that we require both the ADF interface for decision and notification requests and the data structure interface to access attributes. Requests made to the ADF have to include the request type, identification for subject and object, and, for administration requests, the attribute type and value. Also, some requests supply additional information with special attribute types and values, e.g. the new owner for… text/html 2007-03-10T21:23:44+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/architecture_implementation/framework_components/logging_facility?rev=1173561824&do=diff Logging Facility The Access Control Decision Facility (ADF) also provides a powerful logging system. It is possible to log events, depending on the request, target type, user, executable and target object (with individual settings for the files, directories, fifos, links, devices, and network objects). text/html 2008-02-28T16:50:59+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/architecture_implementation/framework_components/runtime_registration?rev=1204217459&do=diff Runtime Registration In the RSBAC framework, a decision module (rule set) can register decisions, notifications and overwrite decision functions of the ADF at runtime. For administration purposes, system calls can be registered to a handle-based dispatcher. Secret registration handles prevents the change of module's registrations.