00001
00002
00003
00004
00005
00006
00007
00008
00009
00010 #ifndef __RSBAC_TYPES_H
00011 #define __RSBAC_TYPES_H
00012
00013
00014 #ifdef CONFIG_MODULES
00015 #endif
00016
00017 #define RSBAC_VERSION "v1.2.4"
00018 #define RSBAC_VERSION_MAJOR 1
00019 #define RSBAC_VERSION_MID 2
00020 #define RSBAC_VERSION_MINOR 4
00021 #define RSBAC_VERSION_NR \
00022 ((RSBAC_VERSION_MAJOR << 16) | (RSBAC_VERSION_MID << 8) | RSBAC_VERSION_MINOR)
00023 #define RSBAC_VERSION_MAKE_NR(x,y,z) \
00024 ((x << 16) & (y << 8) & z)
00025
00026 #include <linux/types.h>
00027
00028 typedef __u32 rsbac_version_t;
00029 typedef __u32 rsbac_uid_t;
00030 typedef __u32 rsbac_gid_t;
00031 typedef __u16 rsbac_old_uid_t;
00032 typedef __u16 rsbac_old_gid_t;
00033 typedef __u32 rsbac_time_t;
00034 typedef __u32 rsbac_cap_vector_t;
00035
00036 typedef __u32 rsbac_list_ta_number_t;
00037
00038 #ifdef __KERNEL__
00039 #include <linux/fs.h>
00040 #include <linux/socket.h>
00041 #include <linux/pipe_fs_i.h>
00042 #include <linux/kdev_t.h>
00043
00044
00045 #ifndef LINUX_VERSION_CODE
00046 #include <linux/version.h>
00047 #endif
00048 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,19)
00049 #error "RSBAC: unsupported kernel version"
00050 #endif
00051
00052 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00053 #define RSBAC_MAJOR MAJOR
00054 #define RSBAC_MINOR MINOR
00055 #define RSBAC_MKDEV(major,minor) MKDEV(major,minor)
00056 static inline rsbac_time_t rsbac_current_time(void)
00057 {
00058 struct timespec ts = CURRENT_TIME;
00059 return ts.tv_sec;
00060 }
00061 #ifndef kdev_t
00062 #define kdev_t dev_t
00063 #endif
00064 #define RSBAC_CURRENT_TIME (rsbac_current_time())
00065 #else
00066 #define RSBAC_MAJOR MAJOR
00067 #define RSBAC_MINOR MINOR
00068 #define RSBAC_MKDEV(major,minor) MKDEV(major,minor)
00069 #define RSBAC_CURRENT_TIME CURRENT_TIME
00070 #endif
00071
00072 #define RSBAC_ZERO_DEV RSBAC_MKDEV(0,0)
00073 #define RSBAC_AUTO_DEV RSBAC_MKDEV(99,99)
00074 #define RSBAC_IS_ZERO_DEV(kdev) (!RSBAC_MAJOR(kdev) && !RSBAC_MINOR(kdev))
00075 #define RSBAC_IS_AUTO_DEV(kdev) ((RSBAC_MAJOR(kdev) == 99) && (RSBAC_MINOR(kdev) == 99))
00076
00077 #ifdef CONFIG_RSBAC_INIT_DELAY
00078 #define R_INIT
00079 #else
00080 #define R_INIT __init
00081 #endif
00082
00083 #endif
00084
00085
00086
00087 #ifndef NULL
00088 #define NULL ((void *) 0)
00089 #endif
00090
00091 #define rsbac_min(a,b) (((a)<(b))?(a):(b))
00092 #define rsbac_max(a,b) (((a)>(b))?(a):(b))
00093
00094 #define RSBAC_OLD_NO_USER 65533
00095 #define RSBAC_OLD_ALL_USERS 65532
00096 #define RSBAC_NO_USER ((rsbac_uid_t) -3)
00097 #define RSBAC_ALL_USERS ((rsbac_uid_t) -4)
00098 #define RSBAC_NO_GROUP ((rsbac_gid_t) -3)
00099 #define RSBAC_ALL_GROUPS ((rsbac_gid_t) -4)
00100
00101 #ifndef FALSE
00102 #define FALSE 0
00103 #endif
00104 #ifndef TRUE
00105 #define TRUE 1
00106 #endif
00107
00108 typedef u_int rsbac_boolean_t;
00109
00110 typedef __u8 rsbac_boolean_int_t;
00111
00112 #define RSBAC_IFNAMSIZ 16
00113 typedef u_char rsbac_netdev_id_t[RSBAC_IFNAMSIZ + 1];
00114
00115 #define RSBAC_SEC_DEL_CHUNK_SIZE 65536
00116
00117
00118
00119 #define RSBAC_AUTH_LOGIN_PATH "/bin/login"
00120 #define RSBAC_AUTH_LOGIN_PATH_DIR "bin"
00121 #define RSBAC_AUTH_LOGIN_PATH_FILE "login"
00122
00123
00124
00125
00126
00127
00128
00129 #define RSBAC_LIST_TTL_KEEP ((rsbac_time_t) -1)
00130
00131 typedef __u8 rsbac_enum_t;
00132
00133 #define RSBAC_SYSADM_UID 0
00134 #define RSBAC_BIN_UID 1
00135 #ifdef CONFIG_RSBAC_SECOFF_UID
00136 #define RSBAC_SECOFF_UID CONFIG_RSBAC_SECOFF_UID
00137 #else
00138 #define RSBAC_SECOFF_UID 400
00139 #endif
00140 #define RSBAC_DATAPROT_UID (RSBAC_SECOFF_UID+1)
00141 #define RSBAC_TPMAN_UID (RSBAC_SECOFF_UID+2)
00142 #define RSBAC_AUDITOR_UID (RSBAC_SECOFF_UID+4)
00143
00144 typedef __u32 rsbac_pseudo_t;
00145 typedef __u32 rsbac_pid_t;
00146
00147 typedef __u32 rsbac_ta_number_t;
00148
00149 typedef __u8 rsbac_security_level_t;
00150 #define SL_max 252
00151 #define SL_min 0
00152
00153 #define SL_inherit 254
00154 #define SL_none 255
00155 enum rsbac_old_security_level_t {SL_unclassified, SL_confidential, SL_secret,
00156 SL_top_secret, SL_old_rsbac_internal,
00157 SL_old_inherit, SL_old_none};
00158
00159 typedef __u64 rsbac_mac_category_vector_t;
00160 #define RSBAC_MAC_GENERAL_CATEGORY 0
00161 #define RSBAC_MAC_DEF_CAT_VECTOR ((rsbac_mac_category_vector_t) 1)
00162
00163 #define RSBAC_MAC_MAX_CAT_VECTOR ((rsbac_mac_category_vector_t) -1)
00164
00165 #define RSBAC_MAC_MIN_CAT_VECTOR ((rsbac_mac_category_vector_t) 0)
00166
00167 #define RSBAC_MAC_INHERIT_CAT_VECTOR ((rsbac_mac_category_vector_t) 0)
00168
00169 #define RSBAC_MAC_NR_CATS 64
00170 #define RSBAC_MAC_MAX_CAT 63
00171
00172 #define RSBAC_MAC_CAT_VECTOR(x) ((rsbac_mac_category_vector_t) 1 << (x))
00173
00174 typedef u_int rsbac_cwi_relation_id_t;
00175
00176
00177 enum rsbac_system_role_t {SR_user, SR_security_officer, SR_administrator,
00178 SR_auditor, SR_none};
00179 typedef rsbac_enum_t rsbac_system_role_int_t;
00180
00181
00182 enum rsbac_object_category_t {OC_general, OC_security, OC_system,
00183 OC_inherit, OC_none};
00184 #define RSBAC_FC_OC_DEF OC_inherit
00185 #define RSBAC_FC_OC_ROOT_DEF OC_general
00186
00187 typedef rsbac_enum_t rsbac_fc_oc_t;
00188
00189
00190 enum rsbac_data_type_t {DT_none, DT_SI, DT_inherit};
00191 #define RSBAC_SIM_DT_DEF DT_inherit
00192 #define RSBAC_SIM_DT_ROOT_DEF DT_none
00193
00194 typedef rsbac_enum_t rsbac_sim_dt_t;
00195
00196
00197 enum rsbac_fake_root_uid_t {FR_off, FR_uid_only, FR_euid_only, FR_both,
00198 FR_none};
00199 typedef rsbac_enum_t rsbac_fake_root_uid_int_t;
00200
00201 enum rsbac_scd_type_t {ST_time_strucs, ST_clock, ST_host_id,
00202 ST_net_id, ST_ioports, ST_rlimit,
00203 ST_swap, ST_syslog, ST_rsbac, ST_rsbaclog,
00204 ST_other, ST_kmem, ST_network, ST_firewall,
00205 ST_priority, ST_sysfs, ST_rsbac_remote_log,
00206 ST_none};
00207
00208 enum rsbac_dev_type_t {D_block, D_char, D_none};
00209
00210
00211 enum rsbac_ipc_type_t {I_sem, I_msg, I_shm, I_none};
00212 union rsbac_ipc_id_t
00213 {
00214 u_long id_nr;
00215 };
00216
00217 typedef __u32 rsbac_inode_nr_t;
00218
00219 enum rsbac_linux_dac_disable_t {LDD_false, LDD_true, LDD_inherit, LDD_none};
00220 typedef rsbac_enum_t rsbac_linux_dac_disable_int_t;
00221
00222 #ifdef __KERNEL__
00223
00224
00225 struct rsbac_fs_file_t
00226 {
00227 kdev_t device;
00228 rsbac_inode_nr_t inode;
00229 struct dentry * dentry_p;
00230 };
00231
00232
00233 struct rsbac_dev_desc_t
00234 {
00235 __u32 type;
00236 __u32 major;
00237 __u32 minor;
00238 };
00239
00240 struct rsbac_dev_t
00241 {
00242 enum rsbac_dev_type_t type;
00243 kdev_t id;
00244 };
00245 #endif
00246
00247
00248 struct rsbac_ipc_t
00249 {
00250 enum rsbac_ipc_type_t type;
00251 union rsbac_ipc_id_t id;
00252 };
00253
00254
00255 enum rsbac_log_level_t {LL_none, LL_denied, LL_full, LL_request, LL_invalid};
00256 typedef __u64 rsbac_log_array_t;
00257
00258
00259 typedef __u64 rsbac_request_vector_t;
00260 #define RSBAC_REQUEST_VECTOR(x) ((rsbac_request_vector_t) 1 << (x))
00261
00262
00263 #define RSBAC_MAXNAMELEN 256
00264
00265 #define RSBAC_LIST_TA_MAX_PASSLEN 36
00266
00267
00268
00269 typedef __u8 rsbac_mac_user_flags_t;
00270 typedef __u16 rsbac_mac_process_flags_t;
00271 typedef __u8 rsbac_mac_file_flags_t;
00272 typedef struct rsbac_fs_file_t rsbac_mac_file_t;
00273 #define RSBAC_MAC_MAX_MAXNUM 1000000
00274
00275 #define MAC_override 1
00276 #define MAC_auto 2
00277 #define MAC_trusted 4
00278 #define MAC_write_up 8
00279 #define MAC_read_up 16
00280 #define MAC_write_down 32
00281 #define MAC_allow_auto 64
00282 #define MAC_prop_trusted 128
00283 #define MAC_program_auto 256
00284
00285 #define RSBAC_MAC_U_FLAGS (MAC_override | MAC_trusted | MAC_write_up | MAC_read_up | MAC_write_down | MAC_allow_auto)
00286 #define RSBAC_MAC_P_FLAGS (MAC_override | MAC_auto | MAC_trusted | MAC_write_up | MAC_read_up | MAC_write_down | MAC_prop_trusted | MAC_program_auto)
00287 #define RSBAC_MAC_F_FLAGS (MAC_auto | MAC_trusted | MAC_write_up | MAC_read_up | MAC_write_down)
00288
00289 #define RSBAC_MAC_DEF_U_FLAGS 0
00290 #define RSBAC_MAC_DEF_SYSADM_U_FLAGS MAC_allow_auto
00291 #define RSBAC_MAC_DEF_SECOFF_U_FLAGS MAC_override
00292
00293 #define RSBAC_MAC_DEF_P_FLAGS 0
00294 #define RSBAC_MAC_DEF_INIT_P_FLAGS MAC_auto
00295
00296 typedef rsbac_enum_t rsbac_mac_auto_int_t;
00297 enum rsbac_mac_auto_t {MA_no, MA_yes, MA_inherit};
00298
00299
00300
00301 #include <rsbac/pm_types.h>
00302
00303
00304 typedef __u8 rsbac_daz_scanned_t;
00305 #define DAZ_unscanned 0
00306 #define DAZ_infected 1
00307 #define DAZ_clean 2
00308 #define DAZ_max 2
00309 #define DEFAULT_DAZ_FD_SCANNED DAZ_unscanned
00310 typedef __u8 rsbac_daz_scanner_t;
00311
00312
00313
00314 typedef __u16 rsbac_ff_flags_t;
00315 #define FF_read_only 1
00316 #define FF_execute_only 2
00317 #define FF_search_only 4
00318 #define FF_write_only 8
00319 #define FF_secure_delete 16
00320 #define FF_no_execute 32
00321 #define FF_no_delete_or_rename 64
00322 #define FF_append_only 256
00323 #define FF_no_mount 512
00324
00325 #define FF_add_inherited 128
00326
00327 #define RSBAC_FF_DEF FF_add_inherited
00328 #define RSBAC_FF_ROOT_DEF 0
00329
00330
00331
00332 #include <rsbac/rc_types.h>
00333
00334
00335
00336 #define RSBAC_AUTH_MAX_MAXNUM 1000000
00337 #define RSBAC_AUTH_OLD_OWNER_F_CAP (rsbac_old_uid_t) -3
00338 #define RSBAC_AUTH_OWNER_F_CAP ((rsbac_uid_t) -3)
00339 #define RSBAC_AUTH_DAC_OWNER_F_CAP ((rsbac_uid_t) -4)
00340 #define RSBAC_AUTH_MAX_RANGE_UID ((rsbac_uid_t) -10)
00341 typedef struct rsbac_fs_file_t rsbac_auth_file_t;
00342 struct rsbac_auth_cap_range_t
00343 {
00344 rsbac_uid_t first;
00345 rsbac_uid_t last;
00346 };
00347 enum rsbac_auth_cap_type_t {ACT_real, ACT_eff, ACT_fs,
00348 ACT_group_real, ACT_group_eff, ACT_group_fs,
00349 ACT_none};
00350 typedef rsbac_enum_t rsbac_auth_cap_type_int_t;
00351
00352 enum rsbac_auth_may_setuid_t {AMS_off, AMS_full, AMS_last_auth_only,
00353 AMS_last_auth_and_gid, AMS_none};
00354
00355 typedef rsbac_enum_t rsbac_auth_may_setuid_int_t;
00356
00357
00358
00359
00360
00361 enum rsbac_cap_process_hiding_t {PH_off, PH_from_other_users, PH_full,
00362 PH_none};
00363 typedef rsbac_enum_t rsbac_cap_process_hiding_int_t;
00364
00365 #define RSBAC_CAP_DEFAULT_MIN ((rsbac_cap_vector_t) 0)
00366 #define RSBAC_CAP_DEFAULT_MAX ((rsbac_cap_vector_t) -1)
00367
00368 #include <linux/capability.h>
00369 #define CAP_NONE 29
00370 #define RSBAC_CAP_MAX CAP_NONE
00371
00372
00373
00374 #define RSBAC_JAIL_VERSION 1
00375
00376 typedef __u32 rsbac_jail_id_t;
00377 #define RSBAC_JAIL_DEF_ID 0
00378 typedef __u32 rsbac_jail_ip_t;
00379
00380 typedef __u32 rsbac_jail_flags_t;
00381 #define JAIL_allow_external_ipc 1
00382 #define JAIL_allow_all_net_family 2
00383 #define JAIL_allow_rlimit 4
00384 #define JAIL_allow_inet_raw 8
00385 #define JAIL_auto_adjust_inet_any 16
00386 #define JAIL_allow_inet_localhost 32
00387 #define JAIL_allow_clock 64
00388
00389 #define RSBAC_JAIL_LOCALHOST ((1 << 24) | 127)
00390
00391
00392
00393 typedef unsigned long rsbac_pax_flags_t;
00394
00395
00396 #ifdef __KERNEL__
00397 #include <linux/elf.h>
00398 #include <linux/random.h>
00399 #endif
00400 #ifndef PF_PAX_PAGEEXEC
00401 #define PF_PAX_PAGEEXEC 0x01000000
00402 #define PF_PAX_EMUTRAMP 0x02000000
00403 #define PF_PAX_MPROTECT 0x04000000
00404 #define PF_PAX_RANDMMAP 0x08000000
00405 #define PF_PAX_RANDEXEC 0x10000000
00406 #define PF_PAX_SEGMEXEC 0x20000000
00407 #endif
00408
00409 #define RSBAC_PAX_DEF_FLAGS (PF_PAX_SEGMEXEC | PF_PAX_PAGEEXEC | PF_PAX_MPROTECT | PF_PAX_RANDMMAP)
00410 #define RSBAC_PAX_ALL_FLAGS ((rsbac_pax_flags_t) 255 << 24)
00411
00412
00413
00414
00415
00416
00417 typedef __u32 rsbac_res_limit_t;
00418 #define RSBAC_RES_UNSET 0
00419
00420 #define RSBAC_RES_MAX 10
00421 #define RSBAC_RES_NONE 11
00422
00423 typedef rsbac_res_limit_t rsbac_res_array_t[RSBAC_RES_MAX + 1];
00424
00425
00426 typedef __s32 rsbac_reg_handle_t;
00427
00428
00429
00430
00431
00432
00433 #include <rsbac/network_types.h>
00434
00435 #ifdef __KERNEL__
00436 typedef struct socket * rsbac_net_obj_id_t;
00437 #else
00438 typedef void * rsbac_net_obj_id_t;
00439 #endif
00440
00441 struct rsbac_net_obj_desc_t
00442 {
00443 rsbac_net_obj_id_t sock_p;
00444 void * local_addr;
00445 u_int local_len;
00446 void * remote_addr;
00447 u_int remote_len;
00448 };
00449
00450 #define RSBAC_ADF_REQUEST_ARRAY_VERSION 2
00451
00452 enum rsbac_adf_request_t {
00453 R_ADD_TO_KERNEL,
00454 R_ALTER,
00455 R_APPEND_OPEN,
00456 R_CHANGE_GROUP,
00457 R_CHANGE_OWNER,
00458 R_CHDIR,
00459 R_CLONE,
00460 R_CLOSE,
00461 R_CREATE,
00462 R_DELETE,
00463 R_EXECUTE,
00464 R_GET_PERMISSIONS_DATA,
00465 R_GET_STATUS_DATA,
00466 R_LINK_HARD,
00467 R_MODIFY_ACCESS_DATA,
00468 R_MODIFY_ATTRIBUTE,
00469 R_MODIFY_PERMISSIONS_DATA,
00470 R_MODIFY_SYSTEM_DATA,
00471 R_MOUNT,
00472 R_READ,
00473 R_READ_ATTRIBUTE,
00474 R_READ_WRITE_OPEN,
00475 R_READ_OPEN,
00476 R_REMOVE_FROM_KERNEL,
00477 R_RENAME,
00478 R_SEARCH,
00479 R_SEND_SIGNAL,
00480 R_SHUTDOWN,
00481 R_SWITCH_LOG,
00482 R_SWITCH_MODULE,
00483 R_TERMINATE,
00484 R_TRACE,
00485 R_TRUNCATE,
00486 R_UMOUNT,
00487 R_WRITE,
00488 R_WRITE_OPEN,
00489 R_MAP_EXEC,
00490 R_BIND,
00491 R_LISTEN,
00492 R_ACCEPT,
00493 R_CONNECT,
00494 R_SEND,
00495 R_RECEIVE,
00496 R_NET_SHUTDOWN,
00497 R_CHANGE_DAC_EFF_OWNER,
00498 R_CHANGE_DAC_FS_OWNER,
00499 R_CHANGE_DAC_EFF_GROUP,
00500 R_CHANGE_DAC_FS_GROUP,
00501 R_NONE
00502 };
00503
00504 typedef rsbac_enum_t rsbac_adf_request_int_t;
00505
00506 #include <rsbac/request_groups.h>
00507
00508
00509
00510
00511 enum rsbac_adf_req_ret_t {NOT_GRANTED,GRANTED,DO_NOT_CARE,UNDEFINED};
00512
00513
00514
00515
00516
00517
00518 enum rsbac_switch_target_t {GEN,MAC,FC,SIM,PM,DAZ,FF,RC,AUTH,REG,ACL,CAP,JAIL,
00519 RES,PAX,SOFTMODE,DAC_DISABLE,UM,FREEZE,SW_NONE};
00520 #define RSBAC_MAX_MOD (SOFTMODE - 1)
00521 typedef rsbac_enum_t rsbac_switch_target_int_t;
00522
00523
00524
00525
00526
00527
00528
00529 enum rsbac_target_t {T_FILE, T_DIR, T_FIFO, T_SYMLINK, T_DEV, T_IPC, T_SCD, T_USER, T_PROCESS,
00530 T_NETDEV, T_NETTEMP, T_NETOBJ, T_NETTEMP_NT, T_GROUP,
00531 T_FD,
00532 T_NONE};
00533
00534 union rsbac_target_id_t
00535 {
00536 #ifdef __KERNEL__
00537 struct rsbac_fs_file_t file;
00538 struct rsbac_fs_file_t dir;
00539 struct rsbac_fs_file_t fifo;
00540 struct rsbac_fs_file_t symlink;
00541 struct rsbac_dev_t dev;
00542 #endif
00543 struct rsbac_ipc_t ipc;
00544 rsbac_enum_t scd;
00545 rsbac_uid_t user;
00546 rsbac_gid_t group;
00547 rsbac_pid_t process;
00548 rsbac_netdev_id_t netdev;
00549 rsbac_net_temp_id_t nettemp;
00550 struct rsbac_net_obj_desc_t netobj;
00551 int dummy;
00552 };
00553
00554 #ifdef __KERNEL__
00555 typedef rsbac_enum_t rsbac_log_entry_t[T_NONE+1];
00556 typedef rsbac_enum_t rsbac_old_log_entry_t[T_NONE];
00557
00558 struct rsbac_create_data_t
00559 {
00560 enum rsbac_target_t target;
00561 struct dentry * dentry_p;
00562 int mode;
00563 kdev_t device;
00564 };
00565 #endif
00566
00567 enum rsbac_attribute_t
00568 {
00569 A_pseudo,
00570 A_security_level,
00571 A_initial_security_level,
00572 A_local_sec_level,
00573 A_remote_sec_level,
00574 A_min_security_level,
00575 A_mac_categories,
00576 A_mac_initial_categories,
00577 A_local_mac_categories,
00578 A_remote_mac_categories,
00579 A_mac_min_categories,
00580 A_mac_user_flags,
00581 A_mac_process_flags,
00582 A_mac_file_flags,
00583 A_object_category,
00584 A_local_object_category,
00585 A_remote_object_category,
00586 A_data_type,
00587 A_local_data_type,
00588 A_remote_data_type,
00589 A_system_role,
00590 A_mac_role,
00591 A_fc_role,
00592 A_sim_role,
00593 A_daz_role,
00594 A_ff_role,
00595 A_auth_role,
00596 A_cap_role,
00597 A_jail_role,
00598 A_pax_role,
00599 A_current_sec_level,
00600 A_mac_curr_categories,
00601 A_min_write_open,
00602 A_min_write_categories,
00603 A_max_read_open,
00604 A_max_read_categories,
00605 A_mac_auto,
00606 A_mac_check,
00607 A_mac_prop_trusted,
00608 A_pm_role,
00609 A_pm_process_type,
00610 A_pm_current_task,
00611 A_pm_object_class,
00612 A_local_pm_object_class,
00613 A_remote_pm_object_class,
00614 A_pm_ipc_purpose,
00615 A_local_pm_ipc_purpose,
00616 A_remote_pm_ipc_purpose,
00617 A_pm_object_type,
00618 A_local_pm_object_type,
00619 A_remote_pm_object_type,
00620 A_pm_program_type,
00621 A_pm_tp,
00622 A_pm_task_set,
00623 A_daz_scanned,
00624 A_daz_scanner,
00625 A_ff_flags,
00626 A_rc_type,
00627 A_local_rc_type,
00628 A_remote_rc_type,
00629 A_rc_type_fd,
00630 A_rc_type_nt,
00631 A_rc_force_role,
00632 A_rc_initial_role,
00633 A_rc_role,
00634 A_rc_def_role,
00635 A_auth_may_setuid,
00636 A_auth_may_set_cap,
00637 A_auth_learn,
00638 A_min_caps,
00639 A_max_caps,
00640 A_max_caps_user,
00641 A_max_caps_program,
00642 A_jail_id,
00643 A_jail_ip,
00644 A_jail_flags,
00645 A_jail_max_caps,
00646 A_pax_flags,
00647 A_res_role,
00648 A_res_min,
00649 A_res_max,
00650 A_log_array_low,
00651 A_local_log_array_low,
00652 A_remote_log_array_low,
00653 A_log_array_high,
00654 A_local_log_array_high,
00655 A_remote_log_array_high,
00656 A_log_program_based,
00657 A_log_user_based,
00658 A_symlink_add_uid,
00659 A_symlink_add_mac_level,
00660 A_symlink_add_rc_role,
00661 A_linux_dac_disable,
00662 A_cap_process_hiding,
00663 A_fake_root_uid,
00664 A_audit_uid,
00665 A_auid_exempt,
00666 A_auth_last_auth,
00667 #ifdef __KERNEL__
00668
00669 A_owner,
00670 A_group,
00671 A_signal,
00672 A_mode,
00673 A_nlink,
00674 A_switch_target,
00675 A_mod_name,
00676 A_request,
00677 A_trace_request,
00678 A_auth_add_f_cap,
00679 A_auth_remove_f_cap,
00680 A_auth_get_caplist,
00681 A_prot_bits,
00682 A_internal,
00683
00684 A_create_data,
00685 A_new_object,
00686 A_rlimit,
00687 A_new_dir_dentry_p,
00688 A_auth_program_file,
00689 A_auth_start_uid,
00690 A_acl_learn,
00691 A_priority,
00692 A_pgid,
00693 A_kernel_thread,
00694 A_open_flag,
00695 #endif
00696 A_none};
00697
00698 union rsbac_attribute_value_t
00699 {
00700 rsbac_uid_t owner;
00701 rsbac_pseudo_t pseudo;
00702 rsbac_security_level_t security_level;
00703 rsbac_mac_category_vector_t mac_categories;
00704 rsbac_fc_oc_t object_category;
00705 rsbac_sim_dt_t data_type;
00706 rsbac_system_role_int_t system_role;
00707 rsbac_security_level_t current_sec_level;
00708 rsbac_security_level_t min_write_open;
00709 rsbac_security_level_t max_read_open;
00710 rsbac_mac_user_flags_t mac_user_flags;
00711 rsbac_mac_process_flags_t mac_process_flags;
00712 rsbac_mac_file_flags_t mac_file_flags;
00713 rsbac_mac_auto_int_t mac_auto;
00714 rsbac_boolean_t mac_check;
00715 rsbac_boolean_t mac_prop_trusted;
00716 rsbac_pm_role_int_t pm_role;
00717 rsbac_pm_process_type_int_t pm_process_type;
00718 rsbac_pm_task_id_t pm_current_task;
00719 rsbac_pm_object_class_id_t pm_object_class;
00720 rsbac_pm_purpose_id_t pm_ipc_purpose;
00721 rsbac_pm_object_type_int_t pm_object_type;
00722 rsbac_pm_program_type_int_t pm_program_type;
00723 rsbac_pm_tp_id_t pm_tp;
00724 rsbac_pm_task_set_id_t pm_task_set;
00725 rsbac_daz_scanned_t daz_scanned;
00726 rsbac_daz_scanner_t daz_scanner;
00727 rsbac_ff_flags_t ff_flags;
00728 rsbac_rc_type_id_t rc_type;
00729 rsbac_rc_type_id_t rc_type_fd;
00730 rsbac_rc_role_id_t rc_force_role;
00731 rsbac_rc_role_id_t rc_initial_role;
00732 rsbac_rc_role_id_t rc_role;
00733 rsbac_rc_role_id_t rc_def_role;
00734 rsbac_auth_may_setuid_int_t auth_may_setuid;
00735 rsbac_boolean_t auth_may_set_cap;
00736 rsbac_pid_t auth_p_capset;
00737 rsbac_inode_nr_t auth_f_capset;
00738 rsbac_boolean_t auth_learn;
00739 rsbac_cap_vector_t min_caps;
00740 rsbac_cap_vector_t max_caps;
00741 rsbac_cap_vector_t max_caps_user;
00742 rsbac_cap_vector_t max_caps_program;
00743 rsbac_jail_id_t jail_id;
00744 rsbac_jail_ip_t jail_ip;
00745 rsbac_jail_flags_t jail_flags;
00746 rsbac_cap_vector_t jail_max_caps;
00747 rsbac_pax_flags_t pax_flags;
00748 rsbac_res_array_t res_array;
00749 rsbac_log_array_t log_array_low;
00750 rsbac_log_array_t log_array_high;
00751 rsbac_request_vector_t log_program_based;
00752 rsbac_request_vector_t log_user_based;
00753 rsbac_boolean_t symlink_add_uid;
00754 rsbac_boolean_t symlink_add_mac_level;
00755 rsbac_boolean_t symlink_add_rc_role;
00756 rsbac_linux_dac_disable_int_t linux_dac_disable;
00757
00758 rsbac_cap_process_hiding_int_t cap_process_hiding;
00759 rsbac_fake_root_uid_int_t fake_root_uid;
00760 rsbac_uid_t audit_uid;
00761 rsbac_uid_t auid_exempt;
00762 rsbac_uid_t auth_last_auth;
00763 #ifdef __KERNEL__
00764 rsbac_gid_t group;
00765 struct sockaddr * sockaddr_p;
00766 long signal;
00767 int mode;
00768 int nlink;
00769 enum rsbac_switch_target_t switch_target;
00770 char * mod_name;
00771 enum rsbac_adf_request_t request;
00772 long trace_request;
00773 struct rsbac_auth_cap_range_t auth_cap_range;
00774 int prot_bits;
00775 rsbac_boolean_t internal;
00776
00777 struct rsbac_create_data_t create_data;
00778
00779 rsbac_boolean_t new_object;
00780 u_int rlimit;
00781 struct dentry * new_dir_dentry_p;
00782 struct rsbac_fs_file_t auth_program_file;
00783 rsbac_uid_t auth_start_uid;
00784 rsbac_boolean_t acl_learn;
00785 int priority;
00786 rsbac_pid_t pgid;
00787 rsbac_boolean_t kernel_thread;
00788 u_int open_flag;
00789 #endif
00790 u_char u_char_dummy;
00791 u_short u_short_dummy;
00792 int dummy;
00793 u_int u_dummy;
00794 long long_dummy;
00795 u_long u_long_dummy;
00796 };
00797
00798
00799
00800
00801 #include <rsbac/acl_types.h>
00802 #include <rsbac/um_types.h>
00803
00804 #endif
