Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / include / rsbac

aci.h

Go to the documentation of this file.
00001 /******************************* */
00002 /* Rule Set Based Access Control */
00003 /* Author and (c) 1999-2004:     */
00004 /*   Amon Ott <ao@rsbac.org>     */
00005 /* API: Data structures          */
00006 /* and functions for Access      */
00007 /* Control Information           */
00008 /* Last modified: 06/Dec/2004    */
00009 /******************************* */
00010 
00011 #ifndef __RSBAC_ACI_H
00012 #define __RSBAC_ACI_H
00013 
00014 #include <rsbac/types.h>
00015 #include <linux/init.h>
00016 
00017 /***************************************************/
00018 /*                   Prototypes                    */
00019 /***************************************************/
00020 
00021 /* All functions return 0, if no error occurred, and a negative error code  */
00022 /* otherwise. The error codes are defined in rsbac_error.h.                 */
00023 
00024 /****************************************************************************/
00025 /* Initialization, including ACI restoration for all mounted devices from   */
00026 /* disk. After this call, all ACI is kept in memory for performance reasons,*/
00027 /* but user and file/dir object ACI are written to disk on every change.    */
00028 
00029 #ifdef CONFIG_RSBAC_INIT_DELAY
00030 extern int rsbac_init(kdev_t root_dev);
00031 #else
00032 extern int rsbac_init(kdev_t root_dev) __init;
00033 #endif
00034 
00035 /* Notify RSBAC of new kernel thread */
00036 int rsbac_kthread_notify(rsbac_pid_t pid);
00037 
00038 /* To turn RSBAC off on umount of root device */
00039 extern void rsbac_off(void);
00040 
00041 /* For other kernel parts to check, whether RSBAC was initialized correctly */
00042 extern rsbac_boolean_t rsbac_is_initialized(void);
00043 
00044 /* When mounting a device, its ACI must be read and added to the ACI lists. */
00045 extern int rsbac_mount(struct super_block * sb_p, struct dentry * d_covers);
00046 /* When umounting a device, its ACI must be removed from the ACI lists. */
00047 extern int rsbac_umount(struct super_block * sb_p, struct dentry * d_covers);
00048 
00049 /* On pivot_root, we must unblock the dentry tree of the old root */
00050 /* by putting all cached rsbac.dat dentries */
00051 int rsbac_free_dat_dentries(void);
00052 
00053 /* Some information about the current status is also available */
00054 extern int rsbac_stats(void);
00055 
00056 /* Trigger internal consistency check (int: if != 0: correct errors) */
00057 extern int rsbac_check(int correct, int check_inode);
00058 
00059 /* RSBAC attribute saving to disk can be triggered from outside
00060  * param: call lock_kernel() before disk access?
00061  */
00062 #if defined(CONFIG_RSBAC_MAINT) || defined(CONFIG_RSBAC_AUTO_WRITE)
00063 extern int rsbac_write(rsbac_boolean_t);
00064 #endif
00065 
00066 /* get the parent of a target
00067  * returns -RSBAC_EINVALIDTARGET for non-fs targets
00068  * and -RSBAC_ENOTFOUND, if no parent available
00069  * In kernels >= 2.4.0, device_p->d_covers is used and the item is properly
00070  * locked for reading, so never call with a write lock held on device_p!
00071  */
00072 int rsbac_get_parent(enum rsbac_target_t target,
00073                      union rsbac_target_id_t tid,
00074                      enum rsbac_target_t * parent_target_p,
00075                      union rsbac_target_id_t * parent_tid_p);
00076 
00077 /****************************************************************************/
00078 /* For objects, users and processes all manipulation is encapsulated by the */
00079 /* function calls rsbac_set_attr, rsbac_get_attr and rsbac_remove_target.   */
00080                           
00081 int rsbac_ta_get_attr(
00082   rsbac_list_ta_number_t ta_number,
00083   enum rsbac_switch_target_t module,
00084   enum rsbac_target_t target,
00085   union rsbac_target_id_t tid,
00086   enum rsbac_attribute_t attr,
00087   union rsbac_attribute_value_t * value,
00088   rsbac_boolean_t inherit);
00089 
00090 #define rsbac_get_attr(module, target, tid, attr, value, inherit) \
00091   rsbac_ta_get_attr(0, module, target, tid, attr, value, inherit)
00092 
00093 int rsbac_ta_set_attr(
00094   rsbac_list_ta_number_t ta_number,
00095   enum rsbac_switch_target_t module,
00096   enum rsbac_target_t target,
00097   union rsbac_target_id_t tid,
00098   enum rsbac_attribute_t attr,
00099   union rsbac_attribute_value_t value);
00100 
00101 #define rsbac_set_attr(module, target, tid, attr, value) \
00102   rsbac_ta_set_attr(0, module, target, tid, attr, value)
00103 
00104 /* All RSBAC targets should be removed, if no longer needed, to prevent     */
00105 /* memory wasting.                                                          */
00106 
00107 int rsbac_ta_remove_target(
00108   rsbac_list_ta_number_t ta_number,
00109   enum rsbac_target_t target,
00110   union rsbac_target_id_t tid);
00111 
00112 #define rsbac_remove_target(target, tid) \
00113   rsbac_ta_remove_target(0, target, tid)
00114 
00115 #endif
Generated on Fri Jun 17 09:45:18 2005 for RSBAC by  doxygen 1.4.2