xref: /freebsd/sys/security/mac_bsdextended/mac_bsdextended.h (revision 6af83ee0d2941d18880b6aaa2b4facd1d30c6106) 
1 /*-
2  * Copyright (c) 1999-2002 Robert N. M. Watson
3  * Copyright (c) 2001-2004 Networks Associates Technology, Inc.
4  * All rights reserved.
5  *
6  * This software was developed by Robert Watson for the TrustedBSD Project.
7  *
8  * This software was developed for the FreeBSD Project in part by Network
9  * Associates Laboratories, the Security Research Division of Network
10  * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
11  * as part of the DARPA CHATS research program.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  *
34  * $FreeBSD$
35  */
36 
37 #ifndef _SYS_SECURITY_MAC_BSDEXTENDED_H
38 #define	_SYS_SECURITY_MAC_BSDEXTENDED_H
39 
40 #define	MBI_UID_DEFINED	0x00000001	/* uid field should be used */
41 #define	MBI_GID_DEFINED	0x00000002	/* gid field should be used */
42 #define	MBI_NEGATED	0x00000004	/* negate uid/gid matches */
43 #define	MBI_BITS	(MBI_UID_DEFINED | MBI_GID_DEFINED | MBI_NEGATED)
44 
45 /*
46  * Rights that can be represented in mbr_mode.  These have the same values
47  * as the V* rights in vnode.h, but in order to avoid sharing user and
48  * kernel constants, we define them here.  That will also improve ABI
49  * stability if the in-kernel values change.
50  */
51 #define	MBI_EXEC	000100
52 #define	MBI_WRITE	000200
53 #define	MBI_READ	000400
54 #define	MBI_ADMIN	010000
55 #define	MBI_STAT	020000
56 #define	MBI_APPEND	040000
57 #define	MBI_ALLPERM	(MBI_EXEC | MBI_WRITE | MBI_READ | MBI_ADMIN | \
58 			    MBI_STAT | MBI_APPEND)
59 
60 struct mac_bsdextended_identity {
61 	int	mbi_flags;
62 	uid_t	mbi_uid;
63 	gid_t	mbi_gid;
64 };
65 
66 struct mac_bsdextended_rule {
67 	struct mac_bsdextended_identity	mbr_subject;
68 	struct mac_bsdextended_identity	mbr_object;
69 	mode_t				mbr_mode;	/* maximum access */
70 };
71 
72 #endif /* _SYS_SECURITY_MAC_BSDEXTENDED_H */
73