1*45916cd2Sjpk /* 2*45916cd2Sjpk * CDDL HEADER START 3*45916cd2Sjpk * 4*45916cd2Sjpk * The contents of this file are subject to the terms of the 5*45916cd2Sjpk * Common Development and Distribution License (the "License"). 6*45916cd2Sjpk * You may not use this file except in compliance with the License. 7*45916cd2Sjpk * 8*45916cd2Sjpk * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*45916cd2Sjpk * or http://www.opensolaris.org/os/licensing. 10*45916cd2Sjpk * See the License for the specific language governing permissions 11*45916cd2Sjpk * and limitations under the License. 12*45916cd2Sjpk * 13*45916cd2Sjpk * When distributing Covered Code, include this CDDL HEADER in each 14*45916cd2Sjpk * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*45916cd2Sjpk * If applicable, add the following below this CDDL HEADER, with the 16*45916cd2Sjpk * fields enclosed by brackets "[]" replaced with your own identifying 17*45916cd2Sjpk * information: Portions Copyright [yyyy] [name of copyright owner] 18*45916cd2Sjpk * 19*45916cd2Sjpk * CDDL HEADER END 20*45916cd2Sjpk */ 21*45916cd2Sjpk 22*45916cd2Sjpk /* 23*45916cd2Sjpk * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24*45916cd2Sjpk * Use is subject to license terms. 25*45916cd2Sjpk */ 26*45916cd2Sjpk 27*45916cd2Sjpk #ifndef _DEVALLOC_H 28*45916cd2Sjpk #define _DEVALLOC_H 29*45916cd2Sjpk 30*45916cd2Sjpk #pragma ident "%Z%%M% %I% %E% SMI" 31*45916cd2Sjpk 32*45916cd2Sjpk #ifdef __cplusplus 33*45916cd2Sjpk extern "C" { 34*45916cd2Sjpk #endif 35*45916cd2Sjpk 36*45916cd2Sjpk #include <stdio.h> 37*45916cd2Sjpk #include <fcntl.h> 38*45916cd2Sjpk #include <sys/param.h> 39*45916cd2Sjpk #include <secdb.h> 40*45916cd2Sjpk 41*45916cd2Sjpk /* 42*45916cd2Sjpk * These are unsupported, SUNWprivate interfaces. 43*45916cd2Sjpk */ 44*45916cd2Sjpk 45*45916cd2Sjpk #define DA_UID (uid_t)0 /* root */ 46*45916cd2Sjpk #define DA_GID (gid_t)3 /* sys */ 47*45916cd2Sjpk #define LOGINDEVPERM "/etc/logindevperm" 48*45916cd2Sjpk #define DA_DB_LOCK "/etc/security/.da_db_lock" 49*45916cd2Sjpk #define DA_DEV_LOCK "/etc/security/.da_dev_lock" 50*45916cd2Sjpk #define DEVALLOC "/etc/security/device_allocate" 51*45916cd2Sjpk #define DEVMAP "/etc/security/device_maps" 52*45916cd2Sjpk #define DEFATTRS "/etc/security/tsol/devalloc_defaults" 53*45916cd2Sjpk #define TMPALLOC "/etc/security/.device_allocate" 54*45916cd2Sjpk #define TMPMAP "/etc/security/.device_maps" 55*45916cd2Sjpk #define TMPATTRS "/etc/security/tsol/.devalloc_defaults" 56*45916cd2Sjpk 57*45916cd2Sjpk #define DA_DEFAULT_MIN "admin_low" 58*45916cd2Sjpk #define DA_DEFAULT_MAX "admin_high" 59*45916cd2Sjpk #define DA_DEFAULT_CLEAN "/bin/true" 60*45916cd2Sjpk #define DA_DEFAULT_AUDIO_CLEAN "/etc/security/lib/audio_clean_wrapper" 61*45916cd2Sjpk #define DA_DEFAULT_DISK_CLEAN "/etc/security/lib/disk_clean" 62*45916cd2Sjpk #define DA_DEFAULT_TAPE_CLEAN "/etc/security/lib/st_clean" 63*45916cd2Sjpk 64*45916cd2Sjpk #define DA_ON_STR "DEVICE_ALLOCATION=ON\n" 65*45916cd2Sjpk #define DA_OFF_STR "DEVICE_ALLOCATION=OFF\n" 66*45916cd2Sjpk #define DA_IS_LABELED "system_labeled" 67*45916cd2Sjpk #define DA_LABEL_CHECK "/usr/bin/plabel" 68*45916cd2Sjpk #define DA_DBMODE 0644 69*45916cd2Sjpk #define DA_COUNT 5 /* allocatable devices suppported */ 70*45916cd2Sjpk /* audio, cd, floppy, rmdisk, tape */ 71*45916cd2Sjpk #define DA_AUTHLEN MAX_CANON /* approx. sum of strlen of all */ 72*45916cd2Sjpk /* device auths in auth_list.h */ 73*45916cd2Sjpk #define DA_MAXNAME 80 74*45916cd2Sjpk #define DA_BUFSIZE 4096 75*45916cd2Sjpk 76*45916cd2Sjpk #define DA_RDWR O_RDWR|O_CREAT|O_NONBLOCK 77*45916cd2Sjpk #define DA_RDONLY O_RDONLY|O_NONBLOCK 78*45916cd2Sjpk 79*45916cd2Sjpk #define DA_ANYUSER "*" 80*45916cd2Sjpk #define DA_NOUSER "@" 81*45916cd2Sjpk 82*45916cd2Sjpk #define ALLOC_UID (uid_t)0 /* root */ 83*45916cd2Sjpk #define ALLOC_GID (gid_t)3 /* sys */ 84*45916cd2Sjpk #define ALLOC_ERRID (uid_t)2 /* bin */ 85*45916cd2Sjpk #define ALLOC_MODE 0600 86*45916cd2Sjpk #define DEALLOC_MODE 0000 87*45916cd2Sjpk 88*45916cd2Sjpk #define DA_SILENT 0x00000001 89*45916cd2Sjpk #define DA_VERBOSE 0x00000002 90*45916cd2Sjpk #define DA_ADD 0x00000004 91*45916cd2Sjpk #define DA_REMOVE 0x00000008 92*45916cd2Sjpk #define DA_UPDATE 0x00000010 93*45916cd2Sjpk #define DA_ADD_ZONE 0x00000020 94*45916cd2Sjpk #define DA_REMOVE_ZONE 0x00000040 95*45916cd2Sjpk #define DA_FORCE 0x00000080 96*45916cd2Sjpk #define DA_ALLOC_ONLY 0x00000100 97*45916cd2Sjpk #define DA_MAPS_ONLY 0x00000200 98*45916cd2Sjpk #define DA_ON 0x00000400 99*45916cd2Sjpk #define DA_OFF 0x00000800 100*45916cd2Sjpk #define DA_NO_OVERRIDE 0x00001000 101*45916cd2Sjpk #define DA_DEFATTRS 0x00002000 102*45916cd2Sjpk 103*45916cd2Sjpk #define DA_AUDIO 0x00001000 104*45916cd2Sjpk #define DA_CD 0x00002000 105*45916cd2Sjpk #define DA_FLOPPY 0x00004000 106*45916cd2Sjpk #define DA_TAPE 0x00008000 107*45916cd2Sjpk #define DA_RMDISK 0x00010000 108*45916cd2Sjpk 109*45916cd2Sjpk #define DA_AUDIO_NAME "audio" 110*45916cd2Sjpk #define DA_SOUND_NAME "sound" 111*45916cd2Sjpk #define DA_AUDIO_TYPE DA_AUDIO_NAME 112*45916cd2Sjpk #define DA_AUDIO_DIR "/dev/sound/" 113*45916cd2Sjpk 114*45916cd2Sjpk #define DA_CD_NAME "cdrom" 115*45916cd2Sjpk #define DA_CD_TYPE "sr" 116*45916cd2Sjpk 117*45916cd2Sjpk #define DA_DISK_DIR "/dev/dsk/" 118*45916cd2Sjpk #define DA_DISK_DIRR "/dev/rdsk/" 119*45916cd2Sjpk #define DA_DISKR_DIR "/dev/(r)dsk" 120*45916cd2Sjpk 121*45916cd2Sjpk #define DA_FLOPPY_NAME "floppy" 122*45916cd2Sjpk #define DA_FLOPPY_TYPE "fd" 123*45916cd2Sjpk 124*45916cd2Sjpk #define DA_RMDISK_NAME "rmdisk" 125*45916cd2Sjpk #define DA_RMDISK_TYPE DA_RMDISK_NAME 126*45916cd2Sjpk 127*45916cd2Sjpk #define DA_TAPE_NAME "tape" 128*45916cd2Sjpk #define DA_TAPE_DIR "/dev/rmt/" 129*45916cd2Sjpk #define DA_TAPE_TYPE "st" 130*45916cd2Sjpk 131*45916cd2Sjpk typedef struct _devinfo_t { 132*45916cd2Sjpk char *devname; 133*45916cd2Sjpk char *devtype; 134*45916cd2Sjpk char *devauths; 135*45916cd2Sjpk char *devexec; 136*45916cd2Sjpk char *devopts; 137*45916cd2Sjpk char *devlist; 138*45916cd2Sjpk int instance; 139*45916cd2Sjpk } devinfo_t; 140*45916cd2Sjpk 141*45916cd2Sjpk typedef struct _deventry_t { 142*45916cd2Sjpk devinfo_t devinfo; 143*45916cd2Sjpk struct _deventry_t *next; 144*45916cd2Sjpk } deventry_t; 145*45916cd2Sjpk 146*45916cd2Sjpk typedef struct _devlist_t { 147*45916cd2Sjpk deventry_t *audio; 148*45916cd2Sjpk deventry_t *cd; 149*45916cd2Sjpk deventry_t *floppy; 150*45916cd2Sjpk deventry_t *tape; 151*45916cd2Sjpk deventry_t *rmdisk; 152*45916cd2Sjpk } devlist_t; 153*45916cd2Sjpk 154*45916cd2Sjpk typedef struct _da_optargs { 155*45916cd2Sjpk int optflag; 156*45916cd2Sjpk char *rootdir; 157*45916cd2Sjpk char **devnames; 158*45916cd2Sjpk devinfo_t *devinfo; 159*45916cd2Sjpk } da_args; 160*45916cd2Sjpk 161*45916cd2Sjpk typedef struct _da_defs { 162*45916cd2Sjpk char *devtype; 163*45916cd2Sjpk kva_t *devopts; 164*45916cd2Sjpk } da_defs_t; 165*45916cd2Sjpk 166*45916cd2Sjpk da_defs_t *getdadefent(void); 167*45916cd2Sjpk da_defs_t *getdadeftype(char *); 168*45916cd2Sjpk void freedadefent(da_defs_t *); 169*45916cd2Sjpk void setdadefent(void); 170*45916cd2Sjpk void enddadefent(void); 171*45916cd2Sjpk int da_is_on(void); 172*45916cd2Sjpk int da_check_logindevperm(char *); 173*45916cd2Sjpk int da_open_devdb(char *, FILE **, FILE **, int); 174*45916cd2Sjpk int da_update_device(da_args *); 175*45916cd2Sjpk int da_update_defattrs(da_args *); 176*45916cd2Sjpk int da_add_list(devlist_t *, char *, int, int); 177*45916cd2Sjpk int da_remove_list(devlist_t *, char *, int, char *, int); 178*45916cd2Sjpk void da_print_device(int, devlist_t *); 179*45916cd2Sjpk 180*45916cd2Sjpk 181*45916cd2Sjpk #ifdef __cplusplus 182*45916cd2Sjpk } 183*45916cd2Sjpk #endif 184*45916cd2Sjpk 185*45916cd2Sjpk #endif /* _DEVALLOC_H */ 186