Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / include / rsbac

rc_types.h

Go to the documentation of this file.
00001 /************************************ */
00002 /* Rule Set Based Access Control      */
00003 /* Author and (c) 1999-2005: Amon Ott */
00004 /* API: Data types for                */
00005 /*    Role Compatibility Module       */
00006 /* Last modified: 23/Feb/2005         */
00007 /************************************ */
00008 
00009 #ifndef __RSBAC_RC_TYPES_H
00010 #define __RSBAC_RC_TYPES_H
00011 
00012 #include <linux/types.h>
00013 
00014 /***** RC *****/
00015 
00016 #define RSBAC_RC_GENERAL_ROLE 0
00017 #define RSBAC_RC_ROLE_ADMIN_ROLE 1
00018 #define RSBAC_RC_SYSTEM_ADMIN_ROLE 2
00019 #define RSBAC_RC_AUDITOR_ROLE 3
00020 #define RSBAC_RC_BOOT_ROLE 999999
00021 #define RSBAC_RC_GENERAL_TYPE 0
00022 #define RSBAC_RC_SEC_TYPE 1
00023 #define RSBAC_RC_SYS_TYPE 2
00024 // #define RSBAC_RC_KERNEL_P_TYPE 999999
00025 
00026 #define RSBAC_RC_NAME_LEN 16
00027 #define RSBAC_RC_ALL_REQUESTS ((rsbac_rc_request_vector_t) -1)
00028 
00029 #define RSBAC_RC_OLD_SPECIAL_RIGHT_BASE 48
00030 #define RSBAC_RC_SPECIAL_RIGHT_BASE 56
00031 
00032 enum rsbac_rc_special_rights_t
00033   { RCR_ADMIN = RSBAC_RC_SPECIAL_RIGHT_BASE,
00034     RCR_ASSIGN,
00035     RCR_ACCESS_CONTROL,
00036     RCR_SUPERVISOR,
00037     RCR_MODIFY_AUTH,
00038     RCR_NONE};
00039 
00040 typedef __u64 rsbac_rc_rights_vector_t;
00041 
00042 /* backwards compatibility only! */
00043 typedef __u64 rsbac_rc_role_vector_t;
00044 
00045 #define RSBAC_RC_RIGHTS_VECTOR(x) ((rsbac_rc_rights_vector_t) 1 << (x))
00046 #define RSBAC_RC_ROLE_VECTOR(x) ((rsbac_rc_role_vector_t) 1 << (x))
00047 #define RSBAC_RC_TYPE_VECTOR(x) ((rsbac_rc_type_vector_t) 1 << (x))
00048 
00049 #define RSBAC_RC_SPECIAL_RIGHTS_VECTOR (\
00050   RSBAC_RC_RIGHTS_VECTOR(RCR_ADMIN) | \
00051   RSBAC_RC_RIGHTS_VECTOR(RCR_ASSIGN) | \
00052   RSBAC_RC_RIGHTS_VECTOR(RCR_ACCESS_CONTROL) | \
00053   RSBAC_RC_RIGHTS_VECTOR(RCR_SUPERVISOR) | \
00054   RSBAC_RC_RIGHTS_VECTOR(RCR_MODIFY_AUTH) \
00055   )
00056 
00057 #define RSBAC_RC_SUPERVISOR_RIGHT_VECTOR (\
00058     RSBAC_RC_RIGHTS_VECTOR(RCR_SUPERVISOR) | \
00059   )
00060 
00061 #define RSBAC_RC_ALL_RIGHTS_VECTOR (RSBAC_ALL_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR)
00062 
00063 #define RSBAC_RC_PROCESS_RIGHTS_VECTOR (RSBAC_PROCESS_REQUEST_VECTOR | \
00064   RSBAC_RC_RIGHTS_VECTOR(R_CONNECT) | \
00065   RSBAC_RC_RIGHTS_VECTOR(R_ACCEPT) | \
00066   RSBAC_RC_RIGHTS_VECTOR(R_SEND) | \
00067   RSBAC_RC_RIGHTS_VECTOR(R_RECEIVE) \
00068 )
00069 
00070 #define RSBAC_RC_DEFAULT_RIGHTS_VECTOR 0
00071 
00072 #define RSBAC_RC_GEN_RIGHTS_VECTOR RSBAC_RC_DEFAULT_RIGHTS_VECTOR
00073 
00074 typedef __u32 rsbac_rc_role_id_t;
00075 typedef __u32 rsbac_rc_type_id_t;
00076 typedef rsbac_request_vector_t rsbac_rc_request_vector_t;
00077 
00078 enum rsbac_rc_admin_type_t {RC_no_admin, RC_role_admin, RC_system_admin, RC_none};
00079 
00080 /*
00081  * System Control Types, including general SCD types
00082  * (start at 32 to allow future SCD types, max is 63)
00083  */
00084 #define RST_min 32
00085 enum rsbac_rc_scd_type_t {RST_auth_administration = RST_min,
00086                           RST_none};
00087 
00088 /* what should always be there to keep system functional */
00089 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00090 #define RSBAC_RC_GENERAL_COMP_SCD { \
00091                           0, \
00092                           0, \
00093                           0, \
00094                           0, \
00095          /* ST_ioports */ ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA), \
00096          /* ST_rlimit */ RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \
00097          /* ST_swap */              0, \
00098          /* ST_syslog */            0, \
00099          /* ST_rsbac */             0, \
00100          /* ST_rsbac_log */         0, \
00101          /* ST_other */             ( \
00102                                        ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00103                                     ), \
00104          /* ST_kmem */              0, \
00105          /* ST_network */           ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \
00106          /* 13 = ST_none */         0 \
00107           }
00108 #else
00109 #define RSBAC_RC_GENERAL_COMP_SCD { \
00110                           0, \
00111                           0, \
00112                           0, \
00113                           0, \
00114                           0, \
00115          /* ST_rlimit */ RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \
00116          /* ST_swap */              0, \
00117          /* ST_syslog */            0, \
00118          /* ST_rsbac */             0, \
00119          /* ST_rsbac_log */         0, \
00120          /* ST_other */             ( \
00121                                        ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00122                                     ), \
00123          /* ST_kmem */              0, \
00124          /* ST_network */           ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \
00125          /* ST_firewall */          0, \
00126          /* ST_priority */          0, \
00127          /* 15 = ST_none */         0 \
00128           }
00129 #endif
00130 
00131 #define RSBAC_RC_ROLEADM_COMP_SCD { \
00132          /* 0 = ST_time_structs */  0, \
00133          /* ST_clock */             0, \
00134          /* ST_host_id */           0, \
00135          /* ST_net_id */            0, \
00136          /* ST_ioports */           0, \
00137          /* ST_rlimit */            RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00138          /* ST_swap */              0, \
00139          /* ST_syslog */            0, \
00140          /* ST_rsbac */             RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00141          /* ST_rsbac_log */         RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00142          /* ST_other */             ( \
00143                                        ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00144                                      | ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \
00145                                      | ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA) \
00146                                      | ((rsbac_request_vector_t) 1 << R_SWITCH_LOG) \
00147                                      | ((rsbac_request_vector_t) 1 << R_SWITCH_MODULE) \
00148                                     ) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00149          /* ST_kmem */              0, \
00150          /* ST_network */           ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00151          /* ST_firewall */          ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00152          /* ST_nice */              0, \
00153          /* 15 = ST_none */         0, \
00154                                     0, \
00155                                     0, \
00156                                     0, \
00157                                     0, \
00158          /* 20 */                   0, \
00159                                     0, \
00160                                     0, \
00161                                     0, \
00162                                     0, \
00163                                     0, \
00164                                     0, \
00165                                     0, \
00166                                     0, \
00167                                     0, \
00168          /* 30 */                   0, \
00169                                     0, \
00170          /* 32 = RST_auth_admin */  RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR, \
00171          /* 33 = RST_none */        0 \
00172           }
00173 
00174 #define RSBAC_RC_SYSADM_COMP_SCD { \
00175          /* 0 = ST_time_structs */  RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00176          /* ST_clock */             RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00177          /* ST_host_id */           RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00178          /* ST_net_id */            RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00179          /* ST_ioports */           RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00180          /* ST_rlimit */            RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00181          /* ST_swap */              RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00182          /* ST_syslog */            RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00183          /* ST_rsbac */             RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00184          /* ST_rsbac_log */         0, \
00185          /* ST_other */             ( \
00186                                        ((rsbac_request_vector_t) 1 << R_ADD_TO_KERNEL) \
00187                                      | ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) \
00188                                      | ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00189                                      | ((rsbac_request_vector_t) 1 << R_MOUNT) \
00190                                      | ((rsbac_request_vector_t) 1 << R_REMOVE_FROM_KERNEL) \
00191                                      | ((rsbac_request_vector_t) 1 << R_UMOUNT) \
00192                                      | ((rsbac_request_vector_t) 1 << R_SHUTDOWN) \
00193                                     ), \
00194          /* ST_kmem */              RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00195          /* ST_network */           RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00196          /* ST_firewall */          RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00197          /* ST_priority */          RSBAC_SCD_REQUEST_VECTOR & RSBAC_SYSTEM_REQUEST_VECTOR, \
00198          /* 15 = ST_none */         0, \
00199                                     0, \
00200                                     0, \
00201                                     0, \
00202                                     0, \
00203          /* 20 */                   0, \
00204                                     0, \
00205                                     0, \
00206                                     0, \
00207                                     0, \
00208                                     0, \
00209                                     0, \
00210                                     0, \
00211                                     0, \
00212                                     0, \
00213          /* 30 */                   0, \
00214                                     0, \
00215          /* 32 = RST_auth_admin */  0, \
00216          /* 33 = RST_none */        0 \
00217           }
00218 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00219 #define RSBAC_RC_AUDITOR_COMP_SCD { \
00220                           0, \
00221                           0, \
00222                           0, \
00223                           0, \
00224          /* ST_ioports */ ((rsbac_request_vector_t) 1 << R_MODIFY_PERMISSIONS_DATA), \
00225          /* ST_rlimit */  RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \
00226          /* ST_swap */              0, \
00227          /* ST_syslog */            0, \
00228          /* ST_rsbac */             0, \
00229          /* ST_rsbac_log */         ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA), \
00230          /* ST_other */             ( \
00231                                        ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00232                                     ), \
00233          /* ST_kmem */              0, \
00234          /* ST_network */           ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \
00235          /* ST_firewall */          0, \
00236          /* ST_priority */          0, \
00237          /* 15 = ST_none */         0 \
00238           }
00239 #else
00240 #define RSBAC_RC_AUDITOR_COMP_SCD { \
00241                           0, \
00242                           0, \
00243                           0, \
00244                           0, \
00245                           0, \
00246          /* ST_rlimit */  RSBAC_REQUEST_VECTOR(GET_STATUS_DATA) | RSBAC_REQUEST_VECTOR(MODIFY_SYSTEM_DATA), \
00247          /* ST_swap */              0, \
00248          /* ST_syslog */            0, \
00249          /* ST_rsbac */             0, \
00250          /* ST_rsbac_log */         ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA) | ((rsbac_request_vector_t) 1 << R_MODIFY_SYSTEM_DATA), \
00251          /* ST_other */             ( \
00252                                        ((rsbac_request_vector_t) 1 << R_MAP_EXEC) \
00253                                     ), \
00254          /* ST_kmem */              0, \
00255          /* ST_network */           ((rsbac_request_vector_t) 1 << R_GET_STATUS_DATA), \
00256          /* ST_firewall */          0, \
00257          /* ST_priority */          0, \
00258          /* 15 = ST_none */         0 \
00259           }
00260 #endif
00261 
00262 
00263 #define RC_type_inherit_process ((rsbac_rc_type_id_t) -1)
00264 #define RC_type_inherit_parent ((rsbac_rc_type_id_t) -2)
00265 #define RC_type_no_create ((rsbac_rc_type_id_t) -3)
00266 #define RC_type_no_execute ((rsbac_rc_type_id_t) -4)
00267 #define RC_type_use_new_role_def_create ((rsbac_rc_type_id_t) -5)  /* for process chown (setuid) */
00268 #define RC_type_no_chown ((rsbac_rc_type_id_t) -6)
00269 #define RC_type_min_special ((rsbac_rc_type_id_t) -6)
00270 #define RC_type_max_value ((rsbac_rc_type_id_t) -32)
00271 
00272 #define RC_role_inherit_user ((rsbac_rc_role_id_t) -1)
00273 #define RC_role_inherit_process ((rsbac_rc_role_id_t) -2)
00274 #define RC_role_inherit_parent ((rsbac_rc_role_id_t) -3)
00275 #define RC_role_inherit_up_mixed ((rsbac_rc_role_id_t) -4)
00276 #define RC_role_use_force_role ((rsbac_rc_role_id_t) -5)
00277 #define RC_role_min_special ((rsbac_rc_role_id_t) -5)
00278 #define RC_role_max_value ((rsbac_rc_role_id_t) -32)
00279 
00280 #define RC_default_force_role RC_role_inherit_parent
00281 #define RC_default_root_dir_force_role RC_role_inherit_up_mixed
00282 #define RC_default_init_force_role RC_role_inherit_user
00283 #define RC_default_initial_role RC_role_inherit_parent
00284 #define RC_default_root_dir_initial_role RC_role_use_force_role
00285 
00286 /****************************************************************************/
00287 /* RC ACI types                                                             */
00288 /****************************************************************************/
00289 
00290 enum   rsbac_rc_target_t { RT_ROLE, RT_TYPE, RT_NONE };
00291 
00292 union  rsbac_rc_target_id_t
00293        {
00294          rsbac_rc_role_id_t role;
00295          rsbac_rc_type_id_t type;
00296        };
00297 
00298 enum   rsbac_rc_item_t { RI_role_comp,
00299                          RI_admin_roles,
00300                          RI_assign_roles,
00301                          RI_type_comp_fd,
00302                          RI_type_comp_dev,
00303                          RI_type_comp_user,
00304                          RI_type_comp_process,
00305                          RI_type_comp_ipc,
00306                          RI_type_comp_scd,
00307                          RI_type_comp_group,
00308                          RI_type_comp_netdev,
00309                          RI_type_comp_nettemp,
00310                          RI_type_comp_netobj,
00311                          RI_admin_type,
00312                          RI_name,
00313                          RI_def_fd_create_type,
00314                          RI_def_fd_ind_create_type,
00315                          RI_def_user_create_type,
00316                          RI_def_process_create_type,
00317                          RI_def_process_chown_type,
00318                          RI_def_process_execute_type,
00319                          RI_def_ipc_create_type,
00320                          RI_def_group_create_type,
00321                          RI_boot_role,
00322                          RI_type_fd_name,
00323                          RI_type_dev_name,
00324                          RI_type_ipc_name,
00325                          RI_type_user_name,
00326                          RI_type_process_name,
00327                          RI_type_group_name,
00328                          RI_type_netdev_name,
00329                          RI_type_nettemp_name,
00330                          RI_type_netobj_name,
00331                          RI_type_fd_need_secdel,
00332                          RI_type_scd_name, /* Pseudo, using get_rc_scd_name() */
00333                          RI_remove_role,
00334                          RI_def_fd_ind_create_type_remove,
00335                          RI_type_fd_remove,
00336                          RI_type_dev_remove,
00337                          RI_type_ipc_remove,
00338                          RI_type_user_remove,
00339                          RI_type_process_remove,
00340                          RI_type_group_remove,
00341                          RI_type_netdev_remove,
00342                          RI_type_nettemp_remove,
00343                          RI_type_netobj_remove,
00344 #ifdef __KERNEL__
00345 #endif
00346                          RI_none};
00347 
00348 union  rsbac_rc_item_value_t
00349        {
00350           rsbac_rc_rights_vector_t      rights;
00351           enum rsbac_rc_admin_type_t    admin_type;
00352           char                          name[RSBAC_RC_NAME_LEN];
00353           rsbac_rc_role_id_t            role_id;
00354           rsbac_rc_type_id_t            type_id;
00355           rsbac_boolean_t               need_secdel;
00356           rsbac_boolean_t               comp;
00357           rsbac_boolean_t               boot_role;
00358 #ifdef __KERNEL__
00359 #endif
00360           u_char                        u_char_dummy;
00361           int                           dummy;
00362           u_int                         u_dummy;
00363           long                          long_dummy;
00364           long long                     long_long_dummy;
00365        };
00366 
00367 #endif
Generated on Fri Jun 17 09:45:18 2005 for RSBAC by  doxygen 1.4.2