/usr/include/rsbac/reg.h is in librsbac-dev 1.4.0-repack-0ubuntu6.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 | /************************************ */
/* Rule Set Based Access Control */
/* Author and (c) 1999-2005: Amon Ott */
/* API: for REG */
/* Module Registration */
/* Last modified: 09/Feb/2005 */
/************************************ */
#ifndef __RSBAC_REG_H
#define __RSBAC_REG_H
#include <rsbac/types.h>
#include <rsbac/debug.h>
#define RSBAC_REG_VERSION 1
/***************************************************/
/* Types */
/***************************************************/
#define RSBAC_REG_NAME_LEN 30
/* Decision function */
typedef \
int rsbac_reg_request_func_t ( enum rsbac_adf_request_t,
rsbac_pid_t,
enum rsbac_target_t,
union rsbac_target_id_t,
enum rsbac_attribute_t,
union rsbac_attribute_value_t,
rsbac_uid_t); /* process owner */
/* Attribute setting / notification function */
typedef \
int rsbac_reg_set_attr_func_t ( enum rsbac_adf_request_t,
rsbac_pid_t,
enum rsbac_target_t,
union rsbac_target_id_t,
enum rsbac_target_t,
union rsbac_target_id_t,
enum rsbac_attribute_t,
union rsbac_attribute_value_t,
rsbac_uid_t); /* process owner */
/* Whether module wants this file to be overwritten on delete / truncate */
typedef rsbac_boolean_t rsbac_reg_need_overwrite_func_t(struct dentry * dentry_p);
/*
* rsbac_reg_write_func_t
*
* Called by rsbac_write function to save all dirty lists, must return number
* of files written or negative error. If auto_write is active, this function
* will be called regularly and allows for asynchronous data writing to disk.
*
* If need_lock is TRUE, a lock_kernel() / unlock_kernel() pair must be used
* around the write function.
*/
typedef int rsbac_reg_write_func_t(rsbac_boolean_t need_lock);
/* Called on every mount, allows updating of fs based data */
typedef int rsbac_reg_mount_func_t(kdev_t kdev);
/* Called on every umount, allows updating of fs based data */
typedef int rsbac_reg_umount_func_t(kdev_t kdev);
/* Called on rsbac_reg syscalls for handle syscall_handle */
/* Generic Syscall interface - note: data is a user space pointer! */
typedef int rsbac_reg_syscall_func_t(void * data);
/* Status and data structures integrity checking, called from sys_rsbac_check */
/* correct: if TRUE, errors are corrected, else just report */
/* check_inode: for inode number based data, check, if inode still exists */
typedef int rsbac_reg_check_func_t(int correct, int check_inode);
/*********/
struct rsbac_reg_entry_t
{
rsbac_reg_handle_t handle;
char name[RSBAC_REG_NAME_LEN+1];
rsbac_reg_request_func_t * request_func;
rsbac_reg_set_attr_func_t * set_attr_func;
rsbac_reg_need_overwrite_func_t * need_overwrite_func;
rsbac_reg_write_func_t * write_func;
rsbac_reg_mount_func_t * mount_func;
rsbac_reg_umount_func_t * umount_func;
rsbac_reg_check_func_t * check_func;
rsbac_boolean_t switch_on; /* turned on initially? */
};
struct rsbac_reg_syscall_entry_t
{
rsbac_reg_handle_t registration_handle;
rsbac_reg_handle_t dispatcher_handle;
char name[RSBAC_REG_NAME_LEN+1];
rsbac_reg_syscall_func_t * syscall_func;
};
/***************************************************/
/* Prototypes */
/***************************************************/
/* See rsbac/types.h for types */
/*
* Register an ADF decision module
* Returns given positive handle or negative error code from rsbac/error.h
* Errors: -RSBAC_EINVALIDVALUE (all functions are empty or handle is not positive)
* -RSBAC_EEXISTS (handle exists - choose another one)
* -RSBAC_ECOULDNOTADDITEM (no entry available)
* -RSBAC_EINVALIDVERSION (wrong REG version)
*/
rsbac_reg_handle_t rsbac_reg_register( rsbac_version_t version,
struct rsbac_reg_entry_t entry);
/*
* Switch module on or off - for 'normal' modules this is done by general
* function. This is a dummy, if module switching is disabled.
* Returns 0 on success or -EINVALIDTARGET, if handle is invalid.
*/
int rsbac_reg_switch (rsbac_reg_handle_t handle, rsbac_boolean_t value);
/*
* Unregister an ADF decision module
* Returns 0 on success or -EINVALIDTARGET, if handle is invalid.
*/
int rsbac_reg_unregister(rsbac_reg_handle_t handle);
/*
* Register a system call
* Returns given positive handle or negative error code from rsbac/error.h
* Errors: -RSBAC_EINVALIDVALUE (function is empty or handle is not positive)
* -RSBAC_EEXISTS (handle exists - choose another one)
* -RSBAC_ECOULDNOTADDITEM (no entry available)
* -RSBAC_EINVALIDVERSION (wrong REG version)
*/
rsbac_reg_handle_t rsbac_reg_register_syscall( rsbac_version_t version,
struct rsbac_reg_syscall_entry_t entry);
/*
* Unregister a system call
* Returns 0 on success or -EINVALIDTARGET, if handle is invalid.
*/
int rsbac_reg_unregister_syscall(rsbac_reg_handle_t handle);
#endif
|