Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / include / rsbac

rc_data_structures.h

Go to the documentation of this file.
00001 /*********************************/
00002 /* Rule Set Based Access Control */
00003 /* Author and (c) 1999-2005:     */
00004 /*   Amon Ott <ao@rsbac.org>     */
00005 /* Data structures for Role      */
00006 /* Compatibility module          */
00007 /* Last modified: 09/Feb/2005    */
00008 /*********************************/
00009 
00010 
00011 #ifndef __RSBAC_RC_DATA_STRUC_H
00012 #define __RSBAC_RC_DATA_STRUC_H
00013 
00014 #ifdef __KERNEL__   /* only include in kernel code */
00015 #include <linux/types.h>
00016 #include <rsbac/types.h>
00017 #endif /* __KERNEL__ */
00018 
00019 /* First of all we define dirname and filenames for saving the roles to disk. */
00020 /* The path must be a valid single dir name! Each mounted device gets its    */
00021 /* own file set, residing in 'DEVICE_ROOT/RSBAC_ACI_PATH/'.                  */
00022 /* All user access to these files will be denied.                            */
00023 /* Backups are kept in FILENAMEb.                                            */
00024 
00025 #ifdef __KERNEL__
00026 #define RSBAC_RC_LIST_KEY 77788855
00027 
00028 /* roles */
00029 #define RSBAC_RC_ROLE_FILENAME "rc_r"
00030 
00031 /* roles we are compatible with ( = we can change to) */
00032 #define RSBAC_RC_ROLE_RC_FILENAME "rc_rc"
00033 
00034 /* roles we may administrate (replaces admin_type) */
00035 #define RSBAC_RC_ROLE_ADR_FILENAME "rc_adr"
00036 
00037 /* roles we may read and assign to users, if they were in one of these before. */
00038 #define RSBAC_RC_ROLE_ASR_FILENAME "rc_asr"
00039 
00040 /* file/dir/fifo/symlink types for new items, by parent efftype */
00041 /* If not found, use old global value def_fd_create_type */
00042 #define RSBAC_RC_ROLE_DFDC_FILENAME "rc_dfdc"
00043 
00044 /* file/dir/fifo/symlink types and requests we are compatible with */
00045 #define RSBAC_RC_ROLE_TCFD_FILENAME "rc_tcfd"
00046 
00047 /* dev types and requests we are compatible with */
00048 #define RSBAC_RC_ROLE_TCDV_FILENAME "rc_tcdv"
00049 
00050 /* user types and requests we are compatible with */
00051 #define RSBAC_RC_ROLE_TCUS_FILENAME "rc_tcus"
00052 
00053 /* process types and requests we are compatible with */
00054 #define RSBAC_RC_ROLE_TCPR_FILENAME "rc_tcpr"
00055 
00056 /* IPC types and requests we are compatible with */
00057 #define RSBAC_RC_ROLE_TCIP_FILENAME "rc_tcip"
00058 
00059 /* SCD types and requests we are compatible with */
00060 #define RSBAC_RC_ROLE_TCSC_FILENAME "rc_tcsc"
00061 
00062 /* group types and requests we are compatible with */
00063 #define RSBAC_RC_ROLE_TCGR_FILENAME "rc_tcgr"
00064 
00065 /* NETDEV types and requests we are compatible with */
00066 #define RSBAC_RC_ROLE_TCND_FILENAME "rc_tcnd"
00067 
00068 /* NETTEMP types and requests we are compatible with */
00069 #define RSBAC_RC_ROLE_TCNT_FILENAME "rc_tcnt"
00070 
00071 /* NETOBJ types and requests we are compatible with */
00072 #define RSBAC_RC_ROLE_TCNO_FILENAME "rc_tcno"
00073 
00074 #define RSBAC_RC_ROLE_LIST_VERSION 3
00075 #define RSBAC_RC_ROLE_OLD_LIST_VERSION 2
00076 #define RSBAC_RC_ROLE_OLD_OLD_LIST_VERSION 1
00077 #define RSBAC_RC_ROLE_RC_LIST_VERSION 1
00078 #define RSBAC_RC_ROLE_ADR_LIST_VERSION 1
00079 #define RSBAC_RC_ROLE_ASR_LIST_VERSION 1
00080 #define RSBAC_RC_ROLE_DFDC_LIST_VERSION 1
00081 #define RSBAC_RC_ROLE_TCFD_LIST_VERSION 2
00082 #define RSBAC_RC_ROLE_TCDV_LIST_VERSION 2
00083 #define RSBAC_RC_ROLE_TCUS_LIST_VERSION 2
00084 #define RSBAC_RC_ROLE_TCPR_LIST_VERSION 2
00085 #define RSBAC_RC_ROLE_TCIP_LIST_VERSION 2
00086 #define RSBAC_RC_ROLE_TCSC_LIST_VERSION 2
00087 #define RSBAC_RC_ROLE_TCGR_LIST_VERSION 2
00088 #define RSBAC_RC_ROLE_TCND_LIST_VERSION 2
00089 #define RSBAC_RC_ROLE_TCNT_LIST_VERSION 2
00090 #define RSBAC_RC_ROLE_TCNO_LIST_VERSION 2
00091 #define RSBAC_RC_ROLE_TCFD_OLD_LIST_VERSION 1
00092 #define RSBAC_RC_ROLE_TCDV_OLD_LIST_VERSION 1
00093 #define RSBAC_RC_ROLE_TCUS_OLD_LIST_VERSION 1
00094 #define RSBAC_RC_ROLE_TCPR_OLD_LIST_VERSION 1
00095 #define RSBAC_RC_ROLE_TCIP_OLD_LIST_VERSION 1
00096 #define RSBAC_RC_ROLE_TCSC_OLD_LIST_VERSION 1
00097 #define RSBAC_RC_ROLE_TCGR_OLD_LIST_VERSION 1
00098 #define RSBAC_RC_ROLE_TCND_OLD_LIST_VERSION 1
00099 #define RSBAC_RC_ROLE_TCNT_OLD_LIST_VERSION 1
00100 #define RSBAC_RC_ROLE_TCNO_OLD_LIST_VERSION 1
00101 
00102 #define RSBAC_RC_TYPE_FD_FILENAME "rc_tfd"
00103 #define RSBAC_RC_TYPE_DEV_FILENAME "rc_tdv"
00104 #define RSBAC_RC_TYPE_IPC_FILENAME "rc_tip"
00105 #define RSBAC_RC_TYPE_USER_FILENAME "rc_tus"
00106 #define RSBAC_RC_TYPE_PROCESS_FILENAME "rc_tpr"
00107 #define RSBAC_RC_TYPE_GROUP_FILENAME "rc_tgr"
00108 #define RSBAC_RC_TYPE_NETDEV_FILENAME "rc_tnd"
00109 #define RSBAC_RC_TYPE_NETTEMP_FILENAME "rc_tnt"
00110 #define RSBAC_RC_TYPE_NETOBJ_FILENAME "rc_tno"
00111 
00112 #define RSBAC_RC_TYPE_FD_LIST_VERSION 1
00113 #define RSBAC_RC_TYPE_DEV_LIST_VERSION 1
00114 #define RSBAC_RC_TYPE_IPC_LIST_VERSION 1
00115 #define RSBAC_RC_TYPE_USER_LIST_VERSION 1
00116 #define RSBAC_RC_TYPE_PROCESS_LIST_VERSION 1
00117 #define RSBAC_RC_TYPE_GROUP_LIST_VERSION 1
00118 #define RSBAC_RC_TYPE_NETDEV_LIST_VERSION 1
00119 #define RSBAC_RC_TYPE_NETTEMP_LIST_VERSION 1
00120 #define RSBAC_RC_TYPE_NETOBJ_LIST_VERSION 1
00121 #endif /* __KERNEL__ */
00122 
00123 /*
00124  * The following structures provide the role model data structures.
00125  * All RSBAC_RC_NR_ROLES roles and RSBAC_RC_NR_TYPES x target-no. types
00126  * and SCD-type definitions are kept in arrays and saved to disk as such.
00127  */
00128 
00129 /***************************************
00130  *               Roles                 *
00131  ***************************************/
00132 
00133 /* Caution: whenever role struct changes, version and old_version must be increased! */
00134 
00135 struct rsbac_rc_role_entry_t            
00136     {
00137       rsbac_enum_t           admin_type; /* role admin: none, system or role admin? */
00138       char                   name[RSBAC_RC_NAME_LEN];
00139       rsbac_rc_type_id_t     def_fd_create_type;
00140       rsbac_rc_type_id_t     def_user_create_type;
00141       rsbac_rc_type_id_t     def_process_create_type;
00142       rsbac_rc_type_id_t     def_process_chown_type;
00143       rsbac_rc_type_id_t     def_process_execute_type;
00144       rsbac_rc_type_id_t     def_ipc_create_type;
00145       rsbac_rc_type_id_t     def_group_create_type;
00146       rsbac_enum_t           boot_role;
00147     };
00148 
00149 struct rsbac_rc_old_role_entry_t            
00150     {
00151       rsbac_enum_t           admin_type; /* role admin: none, system or role admin? */
00152       char                   name[RSBAC_RC_NAME_LEN];
00153       rsbac_rc_type_id_t     def_fd_create_type;
00154       rsbac_rc_type_id_t     def_user_create_type;
00155       rsbac_rc_type_id_t     def_process_create_type;
00156       rsbac_rc_type_id_t     def_process_chown_type;
00157       rsbac_rc_type_id_t     def_process_execute_type;
00158       rsbac_rc_type_id_t     def_ipc_create_type;
00159       rsbac_enum_t           boot_role;
00160     };
00161 
00162 struct rsbac_rc_old_old_role_entry_t            
00163     {
00164       rsbac_enum_t           admin_type; /* role admin: none, system or role admin? */
00165       char                   name[RSBAC_RC_NAME_LEN];
00166       rsbac_rc_type_id_t     def_fd_create_type;
00167       rsbac_rc_type_id_t     def_process_create_type;
00168       rsbac_rc_type_id_t     def_process_chown_type;
00169       rsbac_rc_type_id_t     def_process_execute_type;
00170       rsbac_rc_type_id_t     def_ipc_create_type;
00171     };
00172 
00173 #define RSBAC_RC_NR_ROLE_ENTRY_ITEMS 24
00174 #define RSBAC_RC_ROLE_ENTRY_ITEM_LIST { \
00175       RI_role_comp, \
00176       RI_admin_roles, \
00177       RI_assign_roles, \
00178       RI_type_comp_fd, \
00179       RI_type_comp_dev, \
00180       RI_type_comp_user, \
00181       RI_type_comp_process, \
00182       RI_type_comp_ipc, \
00183       RI_type_comp_scd, \
00184       RI_type_comp_group, \
00185       RI_type_comp_netdev, \
00186       RI_type_comp_nettemp, \
00187       RI_type_comp_netobj, \
00188       RI_admin_type, \
00189       RI_name, \
00190       RI_def_fd_create_type, \
00191       RI_def_fd_ind_create_type, \
00192       RI_def_user_create_type, \
00193       RI_def_process_create_type, \
00194       RI_def_process_chown_type, \
00195       RI_def_process_execute_type, \
00196       RI_def_ipc_create_type, \
00197       RI_def_group_create_type, \
00198       RI_boot_role \
00199       }
00200 
00201 /***************************************
00202  *             Type names              *
00203  ***************************************/
00204 
00205 /* Caution: whenever role struct changes, version and old_version must be increased! */
00206 
00207 /* #define RSBAC_RC_OLD_TYPE_VERSION 1 */
00208 #define RSBAC_RC_TYPE_VERSION 1
00209 
00210 struct rsbac_rc_type_fd_entry_t            
00211     {
00212       char                   name[RSBAC_RC_NAME_LEN];
00213       __u8                   need_secdel;  /* rsbac_boolean_t */
00214     };
00215 
00216 #define RSBAC_RC_NR_TYPE_ENTRY_ITEMS 10
00217 #define RSBAC_RC_TYPE_ENTRY_ITEM_LIST { \
00218       RI_type_fd_name, \
00219       RI_type_dev_name, \
00220       RI_type_ipc_name, \
00221       RI_type_scd_name, \
00222       RI_type_process_name, \
00223       RI_type_group_name, \
00224       RI_type_netdev_name, \
00225       RI_type_nettemp_name, \
00226       RI_type_netobj_name, \
00227       RI_type_fd_need_secdel \
00228       }
00229 
00230 /**********************************************/
00231 /*              Default values                */
00232 /**********************************************/
00233 
00234 #define RSBAC_RC_GENERAL_ROLE_ENTRY \
00235     { \
00236       .admin_type = RC_no_admin, \
00237       .name = "General User", \
00238       .def_fd_create_type = RC_type_inherit_parent, \
00239       .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00240       .def_process_create_type = RC_type_inherit_parent, \
00241       .def_process_chown_type = RC_type_use_new_role_def_create, \
00242       .def_process_execute_type = RC_type_inherit_parent, \
00243       .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00244       .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00245       .boot_role = FALSE, \
00246     }
00247 
00248 #define RSBAC_RC_ROLE_ADMIN_ROLE_ENTRY \
00249     { \
00250       .admin_type = RC_role_admin, \
00251       .name = "Role Admin", \
00252       .def_fd_create_type = RC_type_inherit_parent, \
00253       .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00254       .def_process_create_type = RC_type_inherit_parent, \
00255       .def_process_chown_type = RC_type_use_new_role_def_create, \
00256       .def_process_execute_type = RC_type_inherit_parent, \
00257       .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00258       .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00259       .boot_role = FALSE, \
00260     }
00261 
00262 #define RSBAC_RC_SYSTEM_ADMIN_ROLE_ENTRY \
00263     { \
00264       .admin_type = RC_system_admin, \
00265       .name = "System Admin", \
00266       .def_fd_create_type = RC_type_inherit_parent, \
00267       .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00268       .def_process_create_type = RC_type_inherit_parent, \
00269       .def_process_chown_type = RC_type_use_new_role_def_create, \
00270       .def_process_execute_type = RC_type_inherit_parent, \
00271       .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00272       .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00273       .boot_role = FALSE, \
00274     }
00275 
00276 #define RSBAC_RC_BOOT_ROLE_ENTRY \
00277     { \
00278       .admin_type = RC_no_admin, \
00279       .name = "System Boot", \
00280       .def_fd_create_type = RC_type_inherit_parent, \
00281       .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00282       .def_process_create_type = RC_type_inherit_parent, \
00283       .def_process_chown_type = RC_type_use_new_role_def_create, \
00284       .def_process_execute_type = RC_type_inherit_parent, \
00285       .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00286       .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00287       .boot_role = TRUE, \
00288     }
00289 
00290 #define RSBAC_RC_AUDITOR_ROLE_ENTRY \
00291     { \
00292       .admin_type = RC_no_admin, \
00293       .name = "Auditor", \
00294       .def_fd_create_type = RC_type_inherit_parent, \
00295       .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
00296       .def_process_create_type = RC_type_inherit_parent, \
00297       .def_process_chown_type = RC_type_use_new_role_def_create, \
00298       .def_process_execute_type = RC_type_inherit_parent, \
00299       .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
00300       .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
00301       .boot_role = FALSE, \
00302     }
00303 
00304 /**********************************************/
00305 /*              Declarations                  */
00306 /**********************************************/
00307 
00308 #ifdef __KERNEL__
00309 #endif /* __KERNEL__ */
00310 
00311 #endif /* __RSBAC_RC_DATA_STRUC_H */
Generated on Fri Jun 17 09:45:18 2005 for RSBAC by  doxygen 1.4.2