librsbac-dev 1.4.0-repack-0ubuntu6 / usr / include / rsbac / rc_data_structures.h

This file is indexed.

/usr/include/rsbac/rc_data_structures.h is in librsbac-dev 1.4.0-repack-0ubuntu6.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
/*********************************/
/* Rule Set Based Access Control */
/* Author and (c) 1999-2005:     */
/*   Amon Ott <ao@rsbac.org>     */
/* Data structures for Role      */
/* Compatibility module          */
/* Last modified: 21/Dec/2005    */
/*********************************/


#ifndef __RSBAC_RC_DATA_STRUC_H
#define __RSBAC_RC_DATA_STRUC_H

#ifdef __KERNEL__		/* only include in kernel code */
#include <linux/types.h>
#include <rsbac/types.h>
#endif				/* __KERNEL__ */

/* First of all we define dirname and filenames for saving the roles to disk. */
/* The path must be a valid single dir name! Each mounted device gets its    */
/* own file set, residing in 'DEVICE_ROOT/RSBAC_ACI_PATH/'.                  */
/* All user access to these files will be denied.                            */
/* Backups are kept in FILENAMEb.                                            */

#ifdef __KERNEL__
#define RSBAC_RC_LIST_KEY 77788855

#define RSBAC_RC_NR_ROLE_LISTS 4
#define RSBAC_RC_NR_TYPE_LISTS 4

/* roles */
#define RSBAC_RC_ROLE_FILENAME "rc_r"

/* roles we are compatible with ( = we can change to) */
#define RSBAC_RC_ROLE_RC_FILENAME "rc_rc"

/* roles we may administrate (replaces admin_type) */
#define RSBAC_RC_ROLE_ADR_FILENAME "rc_adr"

/* roles we may read and assign to users, if they were in one of these before. */
#define RSBAC_RC_ROLE_ASR_FILENAME "rc_asr"

/* file/dir/fifo/symlink types for new items, by parent efftype */
/* If not found, use old global value def_fd_create_type */
#define RSBAC_RC_ROLE_DFDC_FILENAME "rc_dfdc"

/* file/dir/fifo/symlink types and requests we are compatible with */
#define RSBAC_RC_ROLE_TCFD_FILENAME "rc_tcfd"

/* dev types and requests we are compatible with */
#define RSBAC_RC_ROLE_TCDV_FILENAME "rc_tcdv"

/* user types and requests we are compatible with */
#define RSBAC_RC_ROLE_TCUS_FILENAME "rc_tcus"

/* process types and requests we are compatible with */
#define RSBAC_RC_ROLE_TCPR_FILENAME "rc_tcpr"

/* IPC types and requests we are compatible with */
#define RSBAC_RC_ROLE_TCIP_FILENAME "rc_tcip"

/* SCD types and requests we are compatible with */
#define RSBAC_RC_ROLE_TCSC_FILENAME "rc_tcsc"

/* group types and requests we are compatible with */
#define RSBAC_RC_ROLE_TCGR_FILENAME "rc_tcgr"

/* NETDEV types and requests we are compatible with */
#define RSBAC_RC_ROLE_TCND_FILENAME "rc_tcnd"

/* NETTEMP types and requests we are compatible with */
#define RSBAC_RC_ROLE_TCNT_FILENAME "rc_tcnt"

/* NETOBJ types and requests we are compatible with */
#define RSBAC_RC_ROLE_TCNO_FILENAME "rc_tcno"

#define RSBAC_RC_ROLE_LIST_VERSION 5
#define RSBAC_RC_ROLE_OLD_LIST_VERSION 4
#define RSBAC_RC_ROLE_OLD_OLD_LIST_VERSION 3
#define RSBAC_RC_ROLE_OLD_OLD_OLD_LIST_VERSION 2
#define RSBAC_RC_ROLE_OLD_OLD_OLD_OLD_LIST_VERSION 1
#define RSBAC_RC_ROLE_RC_LIST_VERSION 1
#define RSBAC_RC_ROLE_ADR_LIST_VERSION 1
#define RSBAC_RC_ROLE_ASR_LIST_VERSION 1
#define RSBAC_RC_ROLE_DFDC_LIST_VERSION 1
#define RSBAC_RC_ROLE_TCFD_LIST_VERSION 2
#define RSBAC_RC_ROLE_TCDV_LIST_VERSION 2
#define RSBAC_RC_ROLE_TCUS_LIST_VERSION 2
#define RSBAC_RC_ROLE_TCPR_LIST_VERSION 2
#define RSBAC_RC_ROLE_TCIP_LIST_VERSION 2
#define RSBAC_RC_ROLE_TCSC_LIST_VERSION 2
#define RSBAC_RC_ROLE_TCGR_LIST_VERSION 2
#define RSBAC_RC_ROLE_TCND_LIST_VERSION 2
#define RSBAC_RC_ROLE_TCNT_LIST_VERSION 2
#define RSBAC_RC_ROLE_TCNO_LIST_VERSION 2
#define RSBAC_RC_ROLE_TCFD_OLD_LIST_VERSION 1
#define RSBAC_RC_ROLE_TCDV_OLD_LIST_VERSION 1
#define RSBAC_RC_ROLE_TCUS_OLD_LIST_VERSION 1
#define RSBAC_RC_ROLE_TCPR_OLD_LIST_VERSION 1
#define RSBAC_RC_ROLE_TCIP_OLD_LIST_VERSION 1
#define RSBAC_RC_ROLE_TCSC_OLD_LIST_VERSION 1
#define RSBAC_RC_ROLE_TCGR_OLD_LIST_VERSION 1
#define RSBAC_RC_ROLE_TCND_OLD_LIST_VERSION 1
#define RSBAC_RC_ROLE_TCNT_OLD_LIST_VERSION 1
#define RSBAC_RC_ROLE_TCNO_OLD_LIST_VERSION 1

#define RSBAC_RC_TYPE_FD_FILENAME "rc_tfd"
#define RSBAC_RC_TYPE_DEV_FILENAME "rc_tdv"
#define RSBAC_RC_TYPE_IPC_FILENAME "rc_tip"
#define RSBAC_RC_TYPE_USER_FILENAME "rc_tus"
#define RSBAC_RC_TYPE_PROCESS_FILENAME "rc_tpr"
#define RSBAC_RC_TYPE_GROUP_FILENAME "rc_tgr"
#define RSBAC_RC_TYPE_NETDEV_FILENAME "rc_tnd"
#define RSBAC_RC_TYPE_NETTEMP_FILENAME "rc_tnt"
#define RSBAC_RC_TYPE_NETOBJ_FILENAME "rc_tno"

#define RSBAC_RC_TYPE_FD_LIST_VERSION 1
#define RSBAC_RC_TYPE_DEV_LIST_VERSION 1
#define RSBAC_RC_TYPE_IPC_LIST_VERSION 1
#define RSBAC_RC_TYPE_USER_LIST_VERSION 1
#define RSBAC_RC_TYPE_PROCESS_LIST_VERSION 1
#define RSBAC_RC_TYPE_GROUP_LIST_VERSION 1
#define RSBAC_RC_TYPE_NETDEV_LIST_VERSION 1
#define RSBAC_RC_TYPE_NETTEMP_LIST_VERSION 1
#define RSBAC_RC_TYPE_NETOBJ_LIST_VERSION 1
#endif				/* __KERNEL__ */

/*
 * The following structures provide the role model data structures.
 * All RSBAC_RC_NR_ROLES roles and RSBAC_RC_NR_TYPES x target-no. types
 * and SCD-type definitions are kept in arrays and saved to disk as such.
 */

/***************************************
 *               Roles                 *
 ***************************************/

/* Caution: whenever role struct changes, version and old_version must be increased! */

struct rsbac_rc_role_entry_t {
	rsbac_enum_t admin_type;	/* role admin: none, system or role admin? */
	char name[RSBAC_RC_NAME_LEN];
	rsbac_rc_type_id_t def_fd_create_type;
	rsbac_rc_type_id_t def_user_create_type;
	rsbac_rc_type_id_t def_process_create_type;
	rsbac_rc_type_id_t def_process_chown_type;
	rsbac_rc_type_id_t def_process_execute_type;
	rsbac_rc_type_id_t def_ipc_create_type;
	rsbac_rc_type_id_t def_group_create_type;
	rsbac_rc_type_id_t def_unixsock_create_type;
	rsbac_enum_t boot_role;
	rsbac_enum_t req_reauth;
};

struct rsbac_rc_old_role_entry_t {
	rsbac_enum_t admin_type;	/* role admin: none, system or role admin? */
	char name[RSBAC_RC_NAME_LEN];
	rsbac_rc_type_id_t def_fd_create_type;
	rsbac_rc_type_id_t def_user_create_type;
	rsbac_rc_type_id_t def_process_create_type;
	rsbac_rc_type_id_t def_process_chown_type;
	rsbac_rc_type_id_t def_process_execute_type;
	rsbac_rc_type_id_t def_ipc_create_type;
	rsbac_rc_type_id_t def_group_create_type;
	rsbac_enum_t boot_role;
	rsbac_enum_t req_reauth;
};

struct rsbac_rc_old_old_role_entry_t {
	rsbac_enum_t admin_type;	/* role admin: none, system or role admin? */
	char name[RSBAC_RC_NAME_LEN];
	rsbac_rc_type_id_t def_fd_create_type;
	rsbac_rc_type_id_t def_user_create_type;
	rsbac_rc_type_id_t def_process_create_type;
	rsbac_rc_type_id_t def_process_chown_type;
	rsbac_rc_type_id_t def_process_execute_type;
	rsbac_rc_type_id_t def_ipc_create_type;
	rsbac_rc_type_id_t def_group_create_type;
	rsbac_enum_t boot_role;
};

struct rsbac_rc_old_old_old_role_entry_t {
	rsbac_enum_t admin_type;	/* role admin: none, system or role admin? */
	char name[RSBAC_RC_NAME_LEN];
	rsbac_rc_type_id_t def_fd_create_type;
	rsbac_rc_type_id_t def_user_create_type;
	rsbac_rc_type_id_t def_process_create_type;
	rsbac_rc_type_id_t def_process_chown_type;
	rsbac_rc_type_id_t def_process_execute_type;
	rsbac_rc_type_id_t def_ipc_create_type;
	rsbac_enum_t boot_role;
};

struct rsbac_rc_old_old_old_old_role_entry_t {
	rsbac_enum_t admin_type;	/* role admin: none, system or role admin? */
	char name[RSBAC_RC_NAME_LEN];
	rsbac_rc_type_id_t def_fd_create_type;
	rsbac_rc_type_id_t def_process_create_type;
	rsbac_rc_type_id_t def_process_chown_type;
	rsbac_rc_type_id_t def_process_execute_type;
	rsbac_rc_type_id_t def_ipc_create_type;
};

#define RSBAC_RC_NR_ROLE_ENTRY_ITEMS 25
#define RSBAC_RC_ROLE_ENTRY_ITEM_LIST { \
      RI_role_comp, \
      RI_admin_roles, \
      RI_assign_roles, \
      RI_type_comp_fd, \
      RI_type_comp_dev, \
      RI_type_comp_user, \
      RI_type_comp_process, \
      RI_type_comp_ipc, \
      RI_type_comp_scd, \
      RI_type_comp_group, \
      RI_type_comp_netdev, \
      RI_type_comp_nettemp, \
      RI_type_comp_netobj, \
      RI_admin_type, \
      RI_name, \
      RI_def_fd_create_type, \
      RI_def_fd_ind_create_type, \
      RI_def_user_create_type, \
      RI_def_process_create_type, \
      RI_def_process_chown_type, \
      RI_def_process_execute_type, \
      RI_def_ipc_create_type, \
      RI_def_group_create_type, \
      RI_boot_role, \
      RI_req_reauth \
      }

/***************************************
 *             Type names              *
 ***************************************/

/* Caution: whenever role struct changes, version and old_version must be increased! */

/* #define RSBAC_RC_OLD_TYPE_VERSION 1 */
#define RSBAC_RC_TYPE_VERSION 1

struct rsbac_rc_type_fd_entry_t {
	char name[RSBAC_RC_NAME_LEN];
	__u8 need_secdel;	/* rsbac_boolean_t */
};

#define RSBAC_RC_NR_TYPE_ENTRY_ITEMS 10
#define RSBAC_RC_TYPE_ENTRY_ITEM_LIST { \
      RI_type_fd_name, \
      RI_type_dev_name, \
      RI_type_ipc_name, \
      RI_type_scd_name, \
      RI_type_process_name, \
      RI_type_group_name, \
      RI_type_netdev_name, \
      RI_type_nettemp_name, \
      RI_type_netobj_name, \
      RI_type_fd_need_secdel \
      }

/**********************************************/
/*              Default values                */
/**********************************************/

#define RSBAC_RC_GENERAL_ROLE_ENTRY \
    { \
      .admin_type = RC_no_admin, \
      .name = "General User", \
      .def_fd_create_type = RC_type_inherit_parent, \
      .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_process_create_type = RC_type_inherit_parent, \
      .def_process_chown_type = RC_type_use_new_role_def_create, \
      .def_process_execute_type = RC_type_inherit_parent, \
      .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_unixsock_create_type = RC_type_use_fd, \
      .boot_role = FALSE, \
      .req_reauth = FALSE, \
    }

#define RSBAC_RC_ROLE_ADMIN_ROLE_ENTRY \
    { \
      .admin_type = RC_role_admin, \
      .name = "Role Admin", \
      .def_fd_create_type = RC_type_inherit_parent, \
      .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_process_create_type = RC_type_inherit_parent, \
      .def_process_chown_type = RC_type_use_new_role_def_create, \
      .def_process_execute_type = RC_type_inherit_parent, \
      .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_unixsock_create_type = RC_type_use_fd, \
      .boot_role = FALSE, \
      .req_reauth = FALSE, \
    }

#define RSBAC_RC_SYSTEM_ADMIN_ROLE_ENTRY \
    { \
      .admin_type = RC_system_admin, \
      .name = "System Admin", \
      .def_fd_create_type = RC_type_inherit_parent, \
      .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_process_create_type = RC_type_inherit_parent, \
      .def_process_chown_type = RC_type_use_new_role_def_create, \
      .def_process_execute_type = RC_type_inherit_parent, \
      .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_unixsock_create_type = RC_type_use_fd, \
      .boot_role = FALSE, \
      .req_reauth = FALSE, \
    }

#define RSBAC_RC_BOOT_ROLE_ENTRY \
    { \
      .admin_type = RC_no_admin, \
      .name = "System Boot", \
      .def_fd_create_type = RC_type_inherit_parent, \
      .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_process_create_type = RC_type_inherit_parent, \
      .def_process_chown_type = RC_type_use_new_role_def_create, \
      .def_process_execute_type = RC_type_inherit_parent, \
      .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_unixsock_create_type = RC_type_use_fd, \
      .boot_role = TRUE, \
      .req_reauth = FALSE, \
    }

#define RSBAC_RC_AUDITOR_ROLE_ENTRY \
    { \
      .admin_type = RC_no_admin, \
      .name = "Auditor", \
      .def_fd_create_type = RC_type_inherit_parent, \
      .def_user_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_process_create_type = RC_type_inherit_parent, \
      .def_process_chown_type = RC_type_use_new_role_def_create, \
      .def_process_execute_type = RC_type_inherit_parent, \
      .def_ipc_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_group_create_type = RSBAC_RC_GENERAL_TYPE, \
      .def_unixsock_create_type = RC_type_use_fd, \
      .boot_role = FALSE, \
      .req_reauth = FALSE, \
    }

/**********************************************/
/*              Declarations                  */
/**********************************************/

#ifdef __KERNEL__
#endif				/* __KERNEL__ */

#endif				/* __RSBAC_RC_DATA_STRUC_H */

APT Browse - Built by Thomas Orozco.