Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / include / rsbac

mac.h

Go to the documentation of this file.
00001 /************************************ */
00002 /* Rule Set Based Access Control      */
00003 /* Author and (c) 1999-2005:          */
00004 /*   Amon Ott <ao@rsbac.org>          */
00005 /* API: Data structures               */
00006 /* and functions for Access           */
00007 /* Control Information / MAC          */
00008 /* Last modified: 09/Feb/2005         */
00009 /************************************ */
00010 
00011 #ifndef __RSBAC_MAC_H
00012 #define __RSBAC_MAC_H
00013 
00014 #include <linux/init.h>
00015 #include <rsbac/types.h>
00016 
00017 /***************************************************/
00018 /*               General Prototypes                */
00019 /***************************************************/
00020 
00021 /* All functions return 0, if no error occurred, and a negative error code  */
00022 /* otherwise. The error codes are defined in rsbac_error.h.                 */
00023 
00024 /****************************************************************************/
00025 /* Initialization, including ACI restoration for all mounted devices from   */
00026 /* disk. After this call, all ACI is kept in memory for performance reasons,*/
00027 /* but user and file/dir object ACI are written to disk on every change.    */
00028 
00029 #ifdef CONFIG_RSBAC_INIT_DELAY
00030 extern int rsbac_init_mac(void);
00031 #else
00032 extern int rsbac_init_mac(void) __init;
00033 #endif
00034 
00035 /* mounting and umounting */
00036 int rsbac_mount_mac(kdev_t kdev);
00037 int rsbac_umount_mac(kdev_t kdev);
00038 
00039 /* Some information about the current status is also available */
00040 extern int rsbac_stats_mac(void);
00041 
00042 /* Status checking */
00043 extern int rsbac_check_mac(int correct, int check_inode);
00044 
00045 /* RSBAC attribute saving to disk can be triggered from outside
00046  * param: call lock_kernel() before writing?
00047  */
00048 #if defined(CONFIG_RSBAC_MAINT) || defined(CONFIG_RSBAC_AUTO_WRITE)
00049 extern int rsbac_write_mac(rsbac_boolean_t);
00050 #endif /* CONFIG_RSBAC_AUTO_WRITE */
00051 
00052 /************************************************* */
00053 /*               Access functions                  */
00054 /************************************************* */
00055 
00056 /* All these procedures handle the semaphores to protect the targets during */
00057 /* access.                                                                  */
00058 /* Trying to access a never created or removed set returns an error!        */
00059 
00060 /* rsbac_mac_add_to_truset */
00061 /* Add a set member to a set sublist. Set behaviour: also returns success, */
00062 /* if member was already in set! */
00063 
00064 int rsbac_mac_add_to_p_truset(
00065   rsbac_list_ta_number_t ta_number,
00066   rsbac_pid_t pid,
00067   rsbac_uid_t member,
00068   rsbac_time_t ttl);
00069 
00070 int rsbac_mac_add_to_f_truset(
00071   rsbac_list_ta_number_t ta_number,
00072   rsbac_mac_file_t file,
00073   rsbac_uid_t member,
00074   rsbac_time_t ttl);
00075 
00076 /* rsbac_mac_remove_from_truset */
00077 /* Remove a set member from a sublist. Set behaviour: Returns no error, if */
00078 /* member is not in list.                                                  */
00079 
00080 int rsbac_mac_remove_from_p_truset(
00081   rsbac_list_ta_number_t ta_number,
00082   rsbac_pid_t pid,
00083   rsbac_uid_t member);
00084 
00085 int rsbac_mac_remove_from_f_truset(
00086   rsbac_list_ta_number_t ta_number,
00087   rsbac_mac_file_t file,
00088   rsbac_uid_t member);
00089 
00090 /* rsbac_mac_clear_truset */
00091 /* Remove all set members from a sublist. Set behaviour: Returns no error, */
00092 /* if list is empty.                                                       */
00093 
00094 int rsbac_mac_clear_p_truset(
00095   rsbac_list_ta_number_t ta_number,
00096   rsbac_pid_t pid);
00097 
00098 int rsbac_mac_clear_f_truset(
00099   rsbac_list_ta_number_t ta_number,
00100   rsbac_mac_file_t file);
00101 
00102 /* rsbac_mac_truset_member */
00103 /* Return truth value, whether member is in set */
00104 
00105 rsbac_boolean_t  rsbac_mac_p_truset_member(rsbac_pid_t pid,
00106                                    rsbac_uid_t member);
00107 
00108 /* rsbac_mac_remove_truset */
00109 /* Remove a full set. For cleanup, if object is deleted. */
00110 /* To empty an existing set use rsbac_mac_clear_truset. */
00111 
00112 int rsbac_mac_remove_p_trusets(rsbac_pid_t pid);
00113 
00114 int rsbac_mac_remove_f_trusets(rsbac_mac_file_t file);
00115 
00116 int rsbac_mac_copy_fp_truset(rsbac_mac_file_t    file,
00117                               rsbac_pid_t p_tru_set_id);
00118 
00119 int rsbac_mac_copy_pp_truset(rsbac_pid_t old_p_set_id,
00120                               rsbac_pid_t new_p_set_id);
00121 
00122 int rsbac_mac_get_f_trulist(
00123   rsbac_list_ta_number_t ta_number,
00124   rsbac_mac_file_t file,
00125   rsbac_uid_t **trulist_p,
00126   rsbac_time_t **ttllist_p);
00127 
00128 int rsbac_mac_get_p_trulist(
00129   rsbac_list_ta_number_t ta_number,
00130   rsbac_pid_t pid,
00131   rsbac_uid_t **trulist_p,
00132   rsbac_time_t **ttllist_p);
00133 
00134 #endif
Generated on Fri Jun 17 09:45:18 2005 for RSBAC by  doxygen 1.4.2