Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / include / rsbac

adf_syshelpers.h

Go to the documentation of this file.
00001 /************************************ */
00002 /* Rule Set Based Access Control      */
00003 /* Author and (c) 1999-2005:          */
00004 /*   Amon Ott <ao@rsbac.org>          */
00005 /*                                    */
00006 /* Helper Prototypes for model        */
00007 /* specific system calls              */
00008 /* Last modified: 09/Feb/2005         */
00009 /************************************ */
00010 
00011 #ifndef __RSBAC_ADF_SYSHELPERS_H
00012 #define __RSBAC_ADF_SYSHELPERS_H
00013 
00014 /* #include <linux/sched.h> */
00015 #include <rsbac/types.h>
00016 
00017 /***************************************************/
00018 /*              Global Variables                   */
00019 /***************************************************/
00020 
00021 /***************************************************/
00022 /*              General Prototypes                 */
00023 /***************************************************/
00024 
00025 /***************************************************/
00026 /*              Module Prototypes                  */
00027 /***************************************************/
00028 
00029 /******* MAC ********/
00030 
00031 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_MAC_MAINT)
00032 int  rsbac_mac_set_curr_level(rsbac_security_level_t level,
00033                               rsbac_mac_category_vector_t categories);
00034 
00035 int  rsbac_mac_get_curr_level(rsbac_security_level_t * level_p,
00036                               rsbac_mac_category_vector_t * categories_p);
00037 
00038 int  rsbac_mac_get_max_level(rsbac_security_level_t * level_p,
00039                              rsbac_mac_category_vector_t * categories_p);
00040 
00041 int  rsbac_mac_get_min_level(rsbac_security_level_t * level_p,
00042                              rsbac_mac_category_vector_t * categories_p);
00043 
00044 int rsbac_mac_add_p_tru(
00045   rsbac_list_ta_number_t ta_number,
00046   rsbac_pid_t pid,
00047   rsbac_uid_t uid,
00048   rsbac_time_t ttl);
00049 
00050 int rsbac_mac_remove_p_tru(
00051   rsbac_list_ta_number_t ta_number,
00052   rsbac_pid_t pid,
00053   rsbac_uid_t uid);
00054 
00055 int rsbac_mac_add_f_tru(
00056   rsbac_list_ta_number_t ta_number,
00057   rsbac_mac_file_t file,
00058   rsbac_uid_t uid,
00059   rsbac_time_t ttl);
00060 
00061 int rsbac_mac_remove_f_tru(
00062   rsbac_list_ta_number_t ta_number,
00063   rsbac_mac_file_t file,
00064   rsbac_uid_t uid);
00065 
00066 #endif  /* MAC */
00067 
00068 
00069 /******* FC ********/
00070 
00071 /******* SIM ********/
00072 
00073 /******* PM ********/
00074 
00075 #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
00076 /* This function is called via sys_rsbac_pm() system call                    */
00077 /* and serves as a dispatcher for all PM dependant system calls.             */
00078 
00079 int rsbac_pm(
00080         rsbac_list_ta_number_t ta_number,
00081   enum  rsbac_pm_function_type_t,
00082   union rsbac_pm_function_param_t,
00083         rsbac_pm_tkt_id_t);
00084 
00085 int rsbac_pm_change_current_task(rsbac_pm_task_id_t);
00086 
00087 int rsbac_pm_create_file(const char *,                /* filename */
00088                          int,                         /* creation mode */
00089                          rsbac_pm_object_class_id_t); /* class for file */
00090 #endif  /* PM */
00091 
00092 /******* FF ********/
00093 
00094 /******* RC ********/
00095 
00096 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
00097 /* These functions in adf/rc/syscalls.c are called via sys_* system calls    */
00098 /* and check for validity before passing the call to the rc_data_structures. */
00099 
00100 /* All roles are always there, so instead of creation, we supply a copy for */
00101 /* initialization. There is always the well-defined role general to copy    */
00102 extern int rsbac_rc_sys_copy_role (
00103   rsbac_list_ta_number_t ta_number,
00104   rsbac_rc_role_id_t from_role,
00105   rsbac_rc_role_id_t to_role);
00106 
00107 extern int rsbac_rc_sys_copy_type (
00108         rsbac_list_ta_number_t ta_number,
00109   enum  rsbac_rc_target_t      target,
00110         rsbac_rc_type_id_t     from_type,
00111         rsbac_rc_type_id_t     to_type);
00112 
00113 /* Getting item values */
00114 extern int rsbac_rc_sys_get_item (
00115   rsbac_list_ta_number_t ta_number,
00116   enum  rsbac_rc_target_t       target,
00117   union rsbac_rc_target_id_t    tid,
00118   union rsbac_rc_target_id_t    subtid,
00119   enum  rsbac_rc_item_t         item,
00120   union rsbac_rc_item_value_t * value_p,
00121         rsbac_time_t          * ttl_p);
00122 
00123 /* Setting item values */
00124 extern int rsbac_rc_sys_set_item (
00125   rsbac_list_ta_number_t ta_number,
00126   enum  rsbac_rc_target_t       target,
00127   union rsbac_rc_target_id_t    tid,
00128   union rsbac_rc_target_id_t    subtid,
00129   enum  rsbac_rc_item_t         item,
00130   union rsbac_rc_item_value_t   value,
00131         rsbac_time_t            ttl);
00132 
00133 /* Set own role, if allowed ( = in role_comp vector of current role) */
00134 extern int rsbac_rc_sys_change_role (rsbac_rc_role_id_t role);
00135 
00136 /* Getting own effective rights */
00137 int rsbac_rc_sys_get_eff_rights (
00138   rsbac_list_ta_number_t ta_number,
00139   enum  rsbac_target_t       target,
00140   union rsbac_target_id_t    tid,
00141         rsbac_rc_request_vector_t * request_vector,
00142         rsbac_time_t          * ttl_p);
00143 
00144 int rsbac_rc_sys_get_current_role (rsbac_rc_role_id_t * role_p);
00145 
00146 #endif  /* RC || RC_MAINT */
00147 
00148 /****** AUTH *******/
00149 
00150 #if defined(CONFIG_RSBAC_AUTH) || defined(CONFIG_RSBAC_AUTH_MAINT)
00151 /* This function is called via sys_rsbac_auth_add_p_cap() system call */
00152 int rsbac_auth_add_p_cap(
00153          rsbac_list_ta_number_t ta_number,
00154          rsbac_pid_t pid,
00155   enum   rsbac_auth_cap_type_t cap_type,
00156   struct rsbac_auth_cap_range_t cap_range,
00157          rsbac_time_t ttl);
00158 
00159 /* This function is called via sys_rsbac_auth_remove_p_cap() system call */
00160 int rsbac_auth_remove_p_cap(
00161          rsbac_list_ta_number_t ta_number,
00162          rsbac_pid_t pid,
00163   enum   rsbac_auth_cap_type_t cap_type,
00164   struct rsbac_auth_cap_range_t cap_range);
00165 
00166 /* This function is called via sys_rsbac_auth_add_f_cap() system call */
00167 int rsbac_auth_add_f_cap(
00168          rsbac_list_ta_number_t ta_number,
00169          rsbac_auth_file_t file,
00170   enum   rsbac_auth_cap_type_t cap_type,
00171   struct rsbac_auth_cap_range_t cap_range,
00172          rsbac_time_t ttl);
00173 
00174 /* This function is called via sys_rsbac_auth_remove_f_cap() system call */
00175 int rsbac_auth_remove_f_cap(
00176          rsbac_list_ta_number_t ta_number,
00177          rsbac_auth_file_t file,
00178   enum   rsbac_auth_cap_type_t cap_type,
00179   struct rsbac_auth_cap_range_t cap_range);
00180 
00181 #endif  /* AUTH || AUTH_MAINT */
00182 
00183 /****** REG *******/
00184 
00185 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00186 /*
00187  * System call dispatcher
00188  * Returns 0 on success or -EINVALIDTARGET, if handle is invalid.
00189  */
00190 
00191 int rsbac_reg_syscall(rsbac_reg_handle_t handle,
00192                       void * arg);
00193 #endif /* REG || REG_MAINT */
00194 
00195 /****** ACL *******/
00196 
00197 #if defined(CONFIG_RSBAC_ACL) || defined(CONFIG_RSBAC_ACL_MAINT)
00198 int rsbac_acl_sys_set_acl_entry(
00199          rsbac_list_ta_number_t      ta_number,
00200   enum   rsbac_target_t              target,
00201   union  rsbac_target_id_t           tid,
00202   enum   rsbac_acl_subject_type_t    subj_type,
00203          rsbac_acl_subject_id_t      subj_id,
00204          rsbac_acl_rights_vector_t   rights,
00205          rsbac_time_t                ttl);
00206 
00207 int rsbac_acl_sys_remove_acl_entry(
00208          rsbac_list_ta_number_t      ta_number,
00209   enum   rsbac_target_t              target,
00210   union  rsbac_target_id_t           tid,
00211   enum   rsbac_acl_subject_type_t    subj_type,
00212          rsbac_acl_subject_id_t      subj_id);
00213 
00214 int rsbac_acl_sys_remove_acl(
00215          rsbac_list_ta_number_t      ta_number,
00216   enum   rsbac_target_t              target,
00217   union  rsbac_target_id_t           tid);
00218 
00219 int rsbac_acl_sys_add_to_acl_entry(
00220          rsbac_list_ta_number_t      ta_number,
00221   enum   rsbac_target_t              target,
00222   union  rsbac_target_id_t           tid,
00223   enum   rsbac_acl_subject_type_t    subj_type,
00224          rsbac_acl_subject_id_t      subj_id,
00225          rsbac_acl_rights_vector_t   rights,
00226          rsbac_time_t                ttl);
00227 
00228 int rsbac_acl_sys_remove_from_acl_entry(
00229          rsbac_list_ta_number_t      ta_number,
00230   enum   rsbac_target_t              target,
00231   union  rsbac_target_id_t           tid,
00232   enum   rsbac_acl_subject_type_t    subj_type,
00233          rsbac_acl_subject_id_t      subj_id,
00234          rsbac_acl_rights_vector_t   rights);
00235 
00236 int rsbac_acl_sys_set_mask(
00237          rsbac_list_ta_number_t      ta_number,
00238   enum   rsbac_target_t              target,
00239   union  rsbac_target_id_t           tid,
00240          rsbac_acl_rights_vector_t   mask);
00241 
00242 int rsbac_acl_sys_remove_user(
00243   rsbac_list_ta_number_t ta_number,
00244   rsbac_uid_t uid);
00245 
00246 int rsbac_acl_sys_get_mask(
00247          rsbac_list_ta_number_t      ta_number,
00248   enum   rsbac_target_t              target,
00249   union  rsbac_target_id_t           tid,
00250          rsbac_acl_rights_vector_t * mask_p);
00251 
00252 
00253 int rsbac_acl_sys_get_rights(
00254          rsbac_list_ta_number_t      ta_number,
00255   enum   rsbac_target_t              target,
00256   union  rsbac_target_id_t           tid,
00257   enum   rsbac_acl_subject_type_t    subj_type,
00258          rsbac_acl_subject_id_t      subj_id,
00259          rsbac_acl_rights_vector_t * rights_p,
00260          rsbac_boolean_t             inherit);
00261 
00262 int rsbac_acl_sys_get_tlist(
00263          rsbac_list_ta_number_t    ta_number,
00264   enum   rsbac_target_t            target,
00265   union  rsbac_target_id_t         tid,
00266   struct rsbac_acl_entry_t      ** entry_pp,
00267          rsbac_time_t           ** ttl_pp);
00268 
00269 int rsbac_acl_sys_group(
00270         rsbac_list_ta_number_t         ta_number,
00271   enum  rsbac_acl_group_syscall_type_t call,
00272   union rsbac_acl_group_syscall_arg_t  arg);
00273 
00274 #endif  /* ACL || ACL_MAINT */
00275 
00276 /****** JAIL *******/
00277 
00278 #if defined(CONFIG_RSBAC_JAIL)
00279 /* This function is called via sys_rsbac_jail() system call */
00280 int rsbac_jail_sys_jail(rsbac_version_t version,
00281                         char * path,
00282                         rsbac_jail_ip_t ip,
00283                         rsbac_jail_flags_t flags,
00284                         rsbac_cap_vector_t max_caps);
00285 #endif
00286 
00287 #endif /* End of adf_syshelpers.h */
Generated on Fri Jun 17 09:45:18 2005 for RSBAC by  doxygen 1.4.2