00001
00002
00003
00004
00005
00006
00007
00008
00009
00010 #ifndef __RSBAC_ADF_MAIN_H
00011 #define __RSBAC_ADF_MAIN_H
00012
00013 #include <linux/sched.h>
00014 #include <rsbac/types.h>
00015
00016 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00017 #include <rsbac/reg.h>
00018 #endif
00019
00020 #ifdef CONFIG_RSBAC_SECDEL
00021 #include <linux/dcache.h>
00022 #endif
00023
00024
00025
00026
00027
00028 extern u_long rsbac_adf_request_count[T_NONE+1];
00029 extern u_long rsbac_adf_set_attr_count[T_NONE+1];
00030 #ifdef CONFIG_RSBAC_XSTATS
00031 extern u_long rsbac_adf_request_xcount[T_NONE+1][R_NONE];
00032 extern u_long rsbac_adf_set_attr_xcount[T_NONE+1][R_NONE];
00033 #endif
00034
00035
00036
00037
00038
00039
00040 extern struct task_struct * find_process_by_pid(pid_t);
00041
00042 #ifdef CONFIG_RSBAC_DEBUG
00043 extern enum rsbac_adf_req_ret_t
00044 rsbac_adf_request_check (enum rsbac_adf_request_t request,
00045 rsbac_pid_t caller_pid,
00046 enum rsbac_target_t target,
00047 union rsbac_target_id_t * tid_p,
00048 enum rsbac_attribute_t attr,
00049 union rsbac_attribute_value_t * attr_val_p,
00050 rsbac_uid_t owner);
00051
00052 extern int rsbac_adf_set_attr_check( enum rsbac_adf_request_t,
00053 rsbac_pid_t,
00054 enum rsbac_target_t,
00055 union rsbac_target_id_t,
00056 enum rsbac_target_t,
00057 union rsbac_target_id_t,
00058 enum rsbac_attribute_t,
00059 union rsbac_attribute_value_t,
00060 rsbac_uid_t);
00061 #endif
00062
00063 extern enum rsbac_adf_req_ret_t
00064 adf_and_plus(enum rsbac_adf_req_ret_t res1,
00065 enum rsbac_adf_req_ret_t res2);
00066
00067
00068
00069
00070
00071 #if !defined(CONFIG_RSBAC_MAINT)
00072
00073
00074
00075 #ifdef CONFIG_RSBAC_MAC
00076 #ifdef CONFIG_RSBAC_SWITCH
00077 extern rsbac_boolean_t rsbac_switch_mac;
00078 #endif
00079
00080 extern enum rsbac_adf_req_ret_t rsbac_adf_request_mac(
00081 enum rsbac_adf_request_t,
00082 rsbac_pid_t,
00083 enum rsbac_target_t,
00084 union rsbac_target_id_t,
00085 enum rsbac_attribute_t,
00086 union rsbac_attribute_value_t,
00087 rsbac_uid_t);
00088
00089 extern int rsbac_adf_set_attr_mac( enum rsbac_adf_request_t,
00090 rsbac_pid_t,
00091 enum rsbac_target_t,
00092 union rsbac_target_id_t,
00093 enum rsbac_target_t,
00094 union rsbac_target_id_t,
00095 enum rsbac_attribute_t,
00096 union rsbac_attribute_value_t,
00097 rsbac_uid_t);
00098
00099 #endif
00100
00101
00102
00103
00104 #ifdef CONFIG_RSBAC_FC
00105 #ifdef CONFIG_RSBAC_SWITCH
00106 extern rsbac_boolean_t rsbac_switch_fc;
00107 #endif
00108
00109 extern enum rsbac_adf_req_ret_t rsbac_adf_request_fc(
00110 enum rsbac_adf_request_t,
00111 rsbac_pid_t,
00112 enum rsbac_target_t,
00113 union rsbac_target_id_t,
00114 enum rsbac_attribute_t,
00115 union rsbac_attribute_value_t,
00116 rsbac_uid_t);
00117
00118 extern int rsbac_adf_set_attr_fc ( enum rsbac_adf_request_t,
00119 rsbac_pid_t,
00120 enum rsbac_target_t,
00121 union rsbac_target_id_t,
00122 enum rsbac_target_t,
00123 union rsbac_target_id_t,
00124 enum rsbac_attribute_t,
00125 union rsbac_attribute_value_t,
00126 rsbac_uid_t);
00127
00128 #endif
00129
00130
00131
00132
00133 #ifdef CONFIG_RSBAC_SIM
00134 #ifdef CONFIG_RSBAC_SWITCH
00135 extern rsbac_boolean_t rsbac_switch_sim;
00136 #endif
00137
00138 extern enum rsbac_adf_req_ret_t rsbac_adf_request_sim(
00139 enum rsbac_adf_request_t,
00140 rsbac_pid_t,
00141 enum rsbac_target_t,
00142 union rsbac_target_id_t,
00143 enum rsbac_attribute_t,
00144 union rsbac_attribute_value_t,
00145 rsbac_uid_t);
00146
00147 extern int rsbac_adf_set_attr_sim( enum rsbac_adf_request_t,
00148 rsbac_pid_t,
00149 enum rsbac_target_t,
00150 union rsbac_target_id_t,
00151 enum rsbac_target_t,
00152 union rsbac_target_id_t,
00153 enum rsbac_attribute_t,
00154 union rsbac_attribute_value_t,
00155 rsbac_uid_t);
00156
00157 #endif
00158
00159
00160
00161
00162 #ifdef CONFIG_RSBAC_PM
00163 #ifdef CONFIG_RSBAC_SWITCH
00164 extern rsbac_boolean_t rsbac_switch_pm;
00165 #endif
00166
00167 extern enum rsbac_adf_req_ret_t rsbac_adf_request_pm(
00168 enum rsbac_adf_request_t,
00169 rsbac_pid_t,
00170 enum rsbac_target_t,
00171 union rsbac_target_id_t,
00172 enum rsbac_attribute_t,
00173 union rsbac_attribute_value_t,
00174 rsbac_uid_t);
00175
00176 extern int rsbac_adf_set_attr_pm ( enum rsbac_adf_request_t,
00177 rsbac_pid_t,
00178 enum rsbac_target_t,
00179 union rsbac_target_id_t,
00180 enum rsbac_target_t,
00181 union rsbac_target_id_t,
00182 enum rsbac_attribute_t,
00183 union rsbac_attribute_value_t,
00184 rsbac_uid_t);
00185
00186 #ifdef CONFIG_RSBAC_SECDEL
00187 extern rsbac_boolean_t rsbac_need_overwrite_pm(struct dentry * dentry_p);
00188 #endif
00189
00190 #endif
00191
00192
00193
00194 #ifdef CONFIG_RSBAC_DAZ
00195 #ifdef CONFIG_RSBAC_SWITCH
00196 extern rsbac_boolean_t rsbac_switch_daz;
00197 #endif
00198
00199 extern enum rsbac_adf_req_ret_t rsbac_adf_request_daz(
00200 enum rsbac_adf_request_t,
00201 rsbac_pid_t,
00202 enum rsbac_target_t,
00203 union rsbac_target_id_t,
00204 enum rsbac_attribute_t,
00205 union rsbac_attribute_value_t,
00206 rsbac_uid_t);
00207
00208 extern int rsbac_adf_set_attr_daz (enum rsbac_adf_request_t,
00209 rsbac_pid_t,
00210 enum rsbac_target_t,
00211 union rsbac_target_id_t,
00212 enum rsbac_target_t,
00213 union rsbac_target_id_t,
00214 enum rsbac_attribute_t,
00215 union rsbac_attribute_value_t,
00216 rsbac_uid_t);
00217
00218 #endif
00219
00220
00221
00222 #ifdef CONFIG_RSBAC_FF
00223 #ifdef CONFIG_RSBAC_SWITCH
00224 extern rsbac_boolean_t rsbac_switch_ff;
00225 #endif
00226
00227 extern enum rsbac_adf_req_ret_t rsbac_adf_request_ff(
00228 enum rsbac_adf_request_t,
00229 rsbac_pid_t,
00230 enum rsbac_target_t,
00231 union rsbac_target_id_t,
00232 enum rsbac_attribute_t,
00233 union rsbac_attribute_value_t,
00234 rsbac_uid_t);
00235
00236 extern int rsbac_adf_set_attr_ff ( enum rsbac_adf_request_t,
00237 rsbac_pid_t,
00238 enum rsbac_target_t,
00239 union rsbac_target_id_t,
00240 enum rsbac_target_t,
00241 union rsbac_target_id_t,
00242 enum rsbac_attribute_t,
00243 union rsbac_attribute_value_t,
00244 rsbac_uid_t);
00245
00246 #ifdef CONFIG_RSBAC_SECDEL
00247 extern rsbac_boolean_t rsbac_need_overwrite_ff(struct dentry * dentry_p);
00248 #endif
00249
00250 #endif
00251
00252
00253
00254 #ifdef CONFIG_RSBAC_RC
00255 #ifdef CONFIG_RSBAC_SWITCH
00256 extern rsbac_boolean_t rsbac_switch_rc;
00257 #endif
00258
00259 extern enum rsbac_adf_req_ret_t rsbac_adf_request_rc(
00260 enum rsbac_adf_request_t,
00261 rsbac_pid_t,
00262 enum rsbac_target_t,
00263 union rsbac_target_id_t,
00264 enum rsbac_attribute_t,
00265 union rsbac_attribute_value_t,
00266 rsbac_uid_t);
00267
00268 extern int rsbac_adf_set_attr_rc ( enum rsbac_adf_request_t,
00269 rsbac_pid_t,
00270 enum rsbac_target_t,
00271 union rsbac_target_id_t,
00272 enum rsbac_target_t,
00273 union rsbac_target_id_t,
00274 enum rsbac_attribute_t,
00275 union rsbac_attribute_value_t,
00276 rsbac_uid_t);
00277
00278
00279 #ifdef CONFIG_RSBAC_SECDEL
00280 extern rsbac_boolean_t rsbac_need_overwrite_rc(struct dentry * dentry_p);
00281 #endif
00282 #endif
00283
00284
00285
00286 #ifdef CONFIG_RSBAC_AUTH
00287 #ifdef CONFIG_RSBAC_SWITCH
00288 extern rsbac_boolean_t rsbac_switch_auth;
00289 #endif
00290
00291 extern enum rsbac_adf_req_ret_t rsbac_adf_request_auth(
00292 enum rsbac_adf_request_t,
00293 rsbac_pid_t,
00294 enum rsbac_target_t,
00295 union rsbac_target_id_t,
00296 enum rsbac_attribute_t,
00297 union rsbac_attribute_value_t,
00298 rsbac_uid_t);
00299
00300 extern int rsbac_adf_set_attr_auth(enum rsbac_adf_request_t,
00301 rsbac_pid_t,
00302 enum rsbac_target_t,
00303 union rsbac_target_id_t,
00304 enum rsbac_target_t,
00305 union rsbac_target_id_t,
00306 enum rsbac_attribute_t,
00307 union rsbac_attribute_value_t,
00308 rsbac_uid_t);
00309
00310 #endif
00311
00312
00313
00314 #ifdef CONFIG_RSBAC_ACL
00315 #ifdef CONFIG_RSBAC_SWITCH
00316 extern rsbac_boolean_t rsbac_switch_acl;
00317 #endif
00318
00319 extern enum rsbac_adf_req_ret_t rsbac_adf_request_acl(
00320 enum rsbac_adf_request_t,
00321 rsbac_pid_t,
00322 enum rsbac_target_t,
00323 union rsbac_target_id_t,
00324 enum rsbac_attribute_t,
00325 union rsbac_attribute_value_t,
00326 rsbac_uid_t);
00327
00328 extern int rsbac_adf_set_attr_acl (enum rsbac_adf_request_t,
00329 rsbac_pid_t,
00330 enum rsbac_target_t,
00331 union rsbac_target_id_t,
00332 enum rsbac_target_t,
00333 union rsbac_target_id_t,
00334 enum rsbac_attribute_t,
00335 union rsbac_attribute_value_t,
00336 rsbac_uid_t);
00337
00338 #endif
00339
00340
00341
00342 #ifdef CONFIG_RSBAC_CAP
00343 #ifdef CONFIG_RSBAC_SWITCH
00344 extern rsbac_boolean_t rsbac_switch_cap;
00345 #endif
00346
00347 extern enum rsbac_adf_req_ret_t rsbac_adf_request_cap(
00348 enum rsbac_adf_request_t,
00349 rsbac_pid_t,
00350 enum rsbac_target_t,
00351 union rsbac_target_id_t,
00352 enum rsbac_attribute_t,
00353 union rsbac_attribute_value_t,
00354 rsbac_uid_t);
00355
00356 extern int rsbac_adf_set_attr_cap (enum rsbac_adf_request_t,
00357 rsbac_pid_t,
00358 enum rsbac_target_t,
00359 union rsbac_target_id_t,
00360 enum rsbac_target_t,
00361 union rsbac_target_id_t,
00362 enum rsbac_attribute_t,
00363 union rsbac_attribute_value_t,
00364 rsbac_uid_t);
00365
00366 #endif
00367
00368
00369
00370 #ifdef CONFIG_RSBAC_JAIL
00371 #ifdef CONFIG_RSBAC_SWITCH
00372 extern rsbac_boolean_t rsbac_switch_jail;
00373 #endif
00374
00375 extern enum rsbac_adf_req_ret_t rsbac_adf_request_jail(
00376 enum rsbac_adf_request_t,
00377 rsbac_pid_t,
00378 enum rsbac_target_t,
00379 union rsbac_target_id_t,
00380 enum rsbac_attribute_t,
00381 union rsbac_attribute_value_t,
00382 rsbac_uid_t);
00383
00384 extern int rsbac_adf_set_attr_jail(enum rsbac_adf_request_t,
00385 rsbac_pid_t,
00386 enum rsbac_target_t,
00387 union rsbac_target_id_t,
00388 enum rsbac_target_t,
00389 union rsbac_target_id_t,
00390 enum rsbac_attribute_t,
00391 union rsbac_attribute_value_t,
00392 rsbac_uid_t);
00393
00394 #endif
00395
00396
00397
00398 #ifdef CONFIG_RSBAC_PAX
00399 #ifdef CONFIG_RSBAC_SWITCH
00400 extern rsbac_boolean_t rsbac_switch_pax;
00401 #endif
00402
00403 extern enum rsbac_adf_req_ret_t rsbac_adf_request_pax(
00404 enum rsbac_adf_request_t,
00405 rsbac_pid_t,
00406 enum rsbac_target_t,
00407 union rsbac_target_id_t,
00408 enum rsbac_attribute_t,
00409 union rsbac_attribute_value_t,
00410 rsbac_uid_t);
00411
00412 extern int rsbac_adf_set_attr_pax( enum rsbac_adf_request_t,
00413 rsbac_pid_t,
00414 enum rsbac_target_t,
00415 union rsbac_target_id_t,
00416 enum rsbac_target_t,
00417 union rsbac_target_id_t,
00418 enum rsbac_attribute_t,
00419 union rsbac_attribute_value_t,
00420 rsbac_uid_t);
00421
00422 #endif
00423
00424
00425
00426
00427 #ifdef CONFIG_RSBAC_RES
00428 #ifdef CONFIG_RSBAC_SWITCH
00429 extern rsbac_boolean_t rsbac_switch_res;
00430 #endif
00431
00432 extern enum rsbac_adf_req_ret_t rsbac_adf_request_res(
00433 enum rsbac_adf_request_t,
00434 rsbac_pid_t,
00435 enum rsbac_target_t,
00436 union rsbac_target_id_t,
00437 enum rsbac_attribute_t,
00438 union rsbac_attribute_value_t,
00439 rsbac_uid_t);
00440
00441 extern int rsbac_adf_set_attr_res (enum rsbac_adf_request_t,
00442 rsbac_pid_t,
00443 enum rsbac_target_t,
00444 union rsbac_target_id_t,
00445 enum rsbac_target_t,
00446 union rsbac_target_id_t,
00447 enum rsbac_attribute_t,
00448 union rsbac_attribute_value_t,
00449 rsbac_uid_t);
00450
00451 #ifdef CONFIG_RSBAC_SECDEL
00452 extern inline rsbac_boolean_t rsbac_need_overwrite_res(struct dentry * dentry_p)
00453 {
00454 return FALSE;
00455 }
00456 #endif
00457 #endif
00458
00459
00460
00461 #if defined(CONFIG_RSBAC_REG)
00462 extern enum rsbac_adf_req_ret_t rsbac_adf_request_reg(
00463 enum rsbac_adf_request_t,
00464 rsbac_pid_t,
00465 enum rsbac_target_t,
00466 union rsbac_target_id_t,
00467 enum rsbac_attribute_t,
00468 union rsbac_attribute_value_t,
00469 rsbac_uid_t);
00470
00471 extern int rsbac_adf_set_attr_reg (enum rsbac_adf_request_t,
00472 rsbac_pid_t,
00473 enum rsbac_target_t,
00474 union rsbac_target_id_t,
00475 enum rsbac_target_t,
00476 union rsbac_target_id_t,
00477 enum rsbac_attribute_t,
00478 union rsbac_attribute_value_t,
00479 rsbac_uid_t);
00480
00481 #ifdef CONFIG_RSBAC_SECDEL
00482 extern inline rsbac_boolean_t rsbac_need_overwrite_reg(struct dentry * dentry_p)
00483 {
00484 return FALSE;
00485 }
00486 #endif
00487 #endif
00488
00489 #endif
00490
00491 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00492
00493 #ifdef CONFIG_RSBAC_INIT_DELAY
00494 void rsbac_reg_init(void);
00495 #else
00496 void rsbac_reg_init(void) __init;
00497 #endif
00498
00499
00500 extern int rsbac_mount_reg(kdev_t kdev);
00501 extern int rsbac_umount_reg(kdev_t kdev);
00502
00503
00504
00505
00506 #if defined(CONFIG_RSBAC_AUTO_WRITE)
00507 extern int rsbac_write_reg(rsbac_boolean_t);
00508 #endif
00509
00510
00511 extern int rsbac_check_reg(int correct, int check_inode);
00512
00513 #endif
00514
00515 #endif
