00001 /******************************* */ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2005: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* API: Data structures */ 00006 /* and functions for Access */ 00007 /* Control Information / PM */ 00008 /* Last modified: 09/Feb/2005 */ 00009 /******************************* */ 00010 00011 #ifndef __RSBAC_PM_H 00012 #define __RSBAC_PM_H 00013 00014 #include <linux/init.h> 00015 #include <rsbac/pm_types.h> 00016 00017 /***************************************************/ 00018 /* General Prototypes */ 00019 /***************************************************/ 00020 00021 /* All functions return 0, if no error occurred, and a negative error code */ 00022 /* otherwise. The error codes are defined in rsbac_error.h. */ 00023 00024 /****************************************************************************/ 00025 /* Initialization, including ACI restoration for all mounted devices from */ 00026 /* disk. After this call, all ACI is kept in memory for performance reasons,*/ 00027 /* but user and file/dir object ACI are written to disk on every change. */ 00028 00029 #ifdef CONFIG_RSBAC_INIT_DELAY 00030 extern int rsbac_init_pm(void); 00031 #else 00032 extern int rsbac_init_pm(void) __init; 00033 #endif 00034 00035 /* Some information about the current status is also available */ 00036 00037 extern int rsbac_stats_pm(void); 00038 00039 /* RSBAC attribute saving to disk can be triggered from outside 00040 * param: call lock_kernel() before writing? 00041 */ 00042 00043 #ifdef CONFIG_RSBAC_AUTO_WRITE 00044 extern int rsbac_write_pm(rsbac_boolean_t); 00045 #endif /* CONFIG_RSBAC_AUTO_WRITE */ 00046 00047 /************************************************* */ 00048 /* Access functions */ 00049 /************************************************* */ 00050 00051 /***********************/ 00052 /* Helper lists / sets */ 00053 /***********************/ 00054 00055 /* All these procedures handle the semaphores to protect the targets during */ 00056 /* access. */ 00057 /* Trying to access a never created or removed set returns an error! */ 00058 00059 /* rsbac_pm_add_to_set */ 00060 /* Add a set member to a set sublist. Set behaviour: also returns success, */ 00061 /* if member was already in set! */ 00062 00063 int rsbac_pm_add_to_set( 00064 rsbac_list_ta_number_t, 00065 enum rsbac_pm_set_t, /* set type */ 00066 union rsbac_pm_set_id_t, /* set id */ 00067 union rsbac_pm_set_member_t); /* set member to add */ 00068 00069 00070 /* rsbac_pm_remove_from_set */ 00071 /* Remove a set member from a sublist. Set behaviour: Returns no error, if */ 00072 /* member is not in list. */ 00073 00074 int rsbac_pm_remove_from_set( 00075 rsbac_list_ta_number_t, 00076 enum rsbac_pm_set_t, /* see above */ 00077 union rsbac_pm_set_id_t, 00078 union rsbac_pm_set_member_t); 00079 00080 00081 /* rsbac_pm_clear_set */ 00082 /* Remove all members from a set. Set behaviour: Returns no error, */ 00083 /* if list is empty. */ 00084 00085 int rsbac_pm_clear_set( 00086 rsbac_list_ta_number_t, 00087 enum rsbac_pm_set_t, /* set type */ 00088 union rsbac_pm_set_id_t); /* set id */ 00089 00090 00091 /* rsbac_pm_set_member */ 00092 /* Return truth value, whether member is in set */ 00093 00094 rsbac_boolean_t rsbac_pm_set_member( 00095 rsbac_list_ta_number_t, 00096 enum rsbac_pm_set_t, /* set type */ 00097 union rsbac_pm_set_id_t, /* set id */ 00098 union rsbac_pm_set_member_t); /* member */ 00099 00100 00101 /* rsbac_pm_pp_subset */ 00102 /* Return truth value, whether pp_set is subset of in_pp_set */ 00103 00104 rsbac_boolean_t rsbac_pm_pp_subset( 00105 rsbac_pm_pp_set_id_t, 00106 rsbac_pm_in_pp_set_id_t); 00107 00108 00109 /* rsbac_pm_pp_superset */ 00110 /* Return truth value, whether pp_set is superset of out_pp_set */ 00111 00112 rsbac_boolean_t rsbac_pm_pp_superset( 00113 rsbac_pm_pp_set_id_t, 00114 rsbac_pm_out_pp_set_id_t); 00115 00116 00117 /* rsbac_pm_pp_only */ 00118 /* Return truth value, if there is not other item in out_pp_set than purpose */ 00119 00120 rsbac_boolean_t rsbac_pm_pp_only( 00121 rsbac_pm_purpose_id_t, 00122 rsbac_pm_out_pp_set_id_t); 00123 00124 00125 /* rsbac_pm_pp_intersec */ 00126 /* Create intersection of pp_set and in_pp_set in in_pp_set */ 00127 /* If in_pp_set does not exist, it is created with all members of pp_set */ 00128 /* If pp_set does not exist or one of them is invalid, an error is returned */ 00129 00130 int rsbac_pm_pp_intersec (rsbac_pm_pp_set_id_t, 00131 rsbac_pm_in_pp_set_id_t); 00132 00133 00134 /* rsbac_pm_pp_union */ 00135 /* Create union of pp_set and out_pp_set in out_pp_set */ 00136 /* If out_pp_set does not exist, it is created with all members of pp_set */ 00137 /* If pp_set does not exist or one of them is invalid, an error is returned */ 00138 00139 int rsbac_pm_pp_union (rsbac_pm_pp_set_id_t, 00140 rsbac_pm_out_pp_set_id_t); 00141 00142 00143 /* rsbac_pm_create_set */ 00144 /* Create a new set of given type, using id id. Using any other set */ 00145 /* function for a set id without creating this set returns an error. */ 00146 /* To empty an existing set use rsbac_pm_clear_set. */ 00147 00148 int rsbac_pm_create_set( 00149 rsbac_list_ta_number_t, 00150 enum rsbac_pm_set_t, /* set type */ 00151 union rsbac_pm_set_id_t); /* set id */ 00152 00153 00154 /* rsbac_pm_set_exist */ 00155 /* Return truth value whether set exists, returns FALSE for invalid */ 00156 /* values. */ 00157 00158 rsbac_boolean_t rsbac_pm_set_exist( 00159 rsbac_list_ta_number_t, 00160 enum rsbac_pm_set_t, /* set type */ 00161 union rsbac_pm_set_id_t); /* set id */ 00162 00163 00164 /* rsbac_pm_remove_set */ 00165 /* Remove a full set. After this call the given id can only be used for */ 00166 /* creating a new set, anything else returns an error. */ 00167 /* To empty an existing set use rsbac_pm_clear_set. */ 00168 00169 int rsbac_pm_remove_set( 00170 rsbac_list_ta_number_t, 00171 enum rsbac_pm_set_t, /* set type */ 00172 union rsbac_pm_set_id_t); /* set id */ 00173 00174 00175 /**************/ 00176 /* Main lists */ 00177 /**************/ 00178 00179 /* rsbac_pm_get_data() and rsbac_pm_set_data() change single data values. */ 00180 /* rsbac_pm_add_target() adds a new list item and sets all data values as */ 00181 /* given. rsbac_pm_remove_target() removes an item. */ 00182 00183 /* A rsbac_pm_[sg]et_data() call for a non-existing target will return an */ 00184 /* error.*/ 00185 /* Invalid parameter combinations return an error. */ 00186 00187 /* All these procedures handle the semaphores to protect the targets during */ 00188 /* access. */ 00189 00190 int rsbac_pm_get_data( 00191 rsbac_list_ta_number_t, 00192 enum rsbac_pm_target_t, /* list type */ 00193 union rsbac_pm_target_id_t, /* item id in list */ 00194 enum rsbac_pm_data_t, /* data item */ 00195 union rsbac_pm_data_value_t *); /* for return value */ 00196 00197 00198 int rsbac_pm_get_all_data( 00199 rsbac_list_ta_number_t, 00200 enum rsbac_pm_target_t, /* list type */ 00201 union rsbac_pm_target_id_t, /* item id in list */ 00202 union rsbac_pm_all_data_value_t *); /* for return value */ 00203 00204 00205 rsbac_boolean_t rsbac_pm_exists( 00206 rsbac_list_ta_number_t, 00207 enum rsbac_pm_target_t, /* list type */ 00208 union rsbac_pm_target_id_t); /* item id in list */ 00209 00210 00211 int rsbac_pm_set_data( 00212 rsbac_list_ta_number_t, 00213 enum rsbac_pm_target_t, /* list type */ 00214 union rsbac_pm_target_id_t, /* item id in list */ 00215 enum rsbac_pm_data_t, /* data item */ 00216 union rsbac_pm_data_value_t); /* data value */ 00217 00218 00219 int rsbac_pm_add_target( 00220 rsbac_list_ta_number_t, 00221 enum rsbac_pm_target_t, /* list type */ 00222 union rsbac_pm_all_data_value_t); /* values for all */ 00223 /* data items, */ 00224 /* incl. item id */ 00225 00226 00227 int rsbac_pm_remove_target( 00228 rsbac_list_ta_number_t, 00229 enum rsbac_pm_target_t, /* list type */ 00230 union rsbac_pm_target_id_t); /* item id in list */ 00231 00232 #endif
1.4.2