RSBAC: /daten/src/rsbac/linux-2.4.31-rsbac-v1.2.4/include/rsbac/adf.h Source File

00001 /******************************* */
00002 /* Rule Set Based Access Control */
00003 /* Author and (c) 1999-2004:     */
00004 /*   Amon Ott <ao@rsbac.org>     */
00005 /* API: for Access Control       */
00006 /* Decision Facility             */
00007 /* Last modified: 07/Nov/2004    */
00008 /******************************* */
00009 
00010 #ifndef __RSBAC_ADF_H
00011 #define __RSBAC_ADF_H
00012 
00013 #include <linux/init.h>
00014 #include <rsbac/types.h>
00015 #include <rsbac/debug.h>
00016 #include <rsbac/fs.h>
00017 
00018 /***************************************************/
00019 /*                   Prototypes                    */
00020 /***************************************************/
00021 
00022 /* Init function */
00023 #ifdef CONFIG_RSBAC_INIT_DELAY
00024 extern  void rsbac_init_adf(void);
00025 #else
00026 extern  void rsbac_init_adf(void) __init;
00027 #endif
00028 
00029 /* This function is the internal decision function, called from the next. */
00030 /* It allows to ignore a certain module (last parameter), e.g. for asking */
00031 /* all _other_ modules, but not the calling module, to avoid a circle.    */
00032 
00033 extern enum rsbac_adf_req_ret_t
00034    rsbac_adf_request_int(enum  rsbac_adf_request_t     request,
00035                                rsbac_pid_t             caller_pid,
00036                          enum  rsbac_target_t          target,
00037                          union rsbac_target_id_t     * tid_p,
00038                          enum  rsbac_attribute_t       attr,
00039                          union rsbac_attribute_value_t * attr_val_p,
00040                          enum  rsbac_switch_target_t   ignore_module);
00041 
00042 /* This function is the official main decision function, called from the AEF. */
00043 
00044 extern  enum rsbac_adf_req_ret_t  rsbac_adf_request(
00045                                      enum  rsbac_adf_request_t,
00046                                            rsbac_pid_t,
00047                                      enum  rsbac_target_t,
00048                                      union rsbac_target_id_t,
00049                                      enum  rsbac_attribute_t,
00050                                      union rsbac_attribute_value_t);
00051 
00052 /* If the request returned granted and the operation is performed,           */
00053 /* the following function is called by the AEF to get all aci set correctly. */
00054 /* The second instance of target specification is the new target, if one has */
00055 /* been created, otherwise its values are ignored.                           */
00056 /* It returns 0 on success and an error from error.h otherwise.              */
00057 
00058 extern  int  rsbac_adf_set_attr(     enum  rsbac_adf_request_t,
00059                                            rsbac_pid_t,
00060                                      enum  rsbac_target_t,
00061                                      union rsbac_target_id_t,
00062                                      enum  rsbac_target_t,
00063                                      union rsbac_target_id_t,
00064                                      enum  rsbac_attribute_t,
00065                                      union rsbac_attribute_value_t);
00066 
00067 #include <linux/types.h>
00068 #include <linux/dcache.h>
00069 
00070 extern int rsbac_sec_del(struct dentry * dentry_p);
00071 
00072 extern int rsbac_sec_trunc(struct dentry * dentry_p,
00073                            loff_t new_len, loff_t old_len);
00074 
00075 extern void rsbac_symlink_redirect(struct dentry * dentry_p, char * name);
00076 
00077 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_PART
00078 extern int rsbac_dac_part_disabled(struct dentry * dentry_p);
00079 #endif
00080 
00081 #ifdef CONFIG_RSBAC_FAKE_ROOT_UID
00082 extern rsbac_uid_t rsbac_fake_uid(void);
00083 extern rsbac_uid_t rsbac_fake_euid(void);
00084 extern int rsbac_uid_faked(void);
00085 #endif
00086 
00087 int rsbac_set_audit_uid(rsbac_uid_t uid);
00088 
00089 #endif