From 5ec0c01ad6c18fabae1c2fc9947f0af880763dc4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20Jolliton?= Date: Sat, 21 Oct 2006 08:28:48 +0000 Subject: [PATCH 1/1] Initial import --- NOTES.txt | 83 + README.txt | 1 + REQ.txt | 73 + attributes.txt | 235 +++ extra/gen.sh | 34 + rsbac/__init__.py | 52 + rsbac/_data.py | 139 ++ rsbac/_flags.py | 110 ++ rsbac/_misc.py | 321 +++ rsbac/_utils.py | 298 +++ rsbac/acl.py | 740 +++++++ rsbac/adf.py | 37 + rsbac/data.py | 400 ++++ rsbac/errors.py | 85 + rsbac/headers.py | 25 + rsbac/jail.py | 52 + rsbac/lib.py | 832 ++++++++ rsbac/module.py | 162 ++ rsbac/objects.py | 1030 ++++++++++ rsbac/platform.py | 34 + rsbac/rc.py | 1135 +++++++++++ rsbac/rsbac_1_3_0_rc1.py | 4618 +++++++++++++++++++++++++++++++++++++++++++ rsbac/rsbac_auto.py | 1 + rsbac/transaction.py | 113 ++ rsbac/um.py | 911 +++++++++ setup | 1 + setup.py | 16 + tests/_rsbac_test_common.py | 7 + tests/flags.py | 50 + tests/info.py | 52 + tests/various.py | 50 + 31 files changed, 11697 insertions(+) create mode 100644 NOTES.txt create mode 100644 README.txt create mode 100644 REQ.txt create mode 100644 attributes.txt create mode 100644 extra/gen.sh create mode 100644 rsbac/__init__.py create mode 100644 rsbac/_data.py create mode 100644 rsbac/_flags.py create mode 100644 rsbac/_misc.py create mode 100644 rsbac/_utils.py create mode 100644 rsbac/acl.py create mode 100644 rsbac/adf.py create mode 100644 rsbac/data.py create mode 100644 rsbac/errors.py create mode 100644 rsbac/headers.py create mode 100644 rsbac/jail.py create mode 100644 rsbac/lib.py create mode 100644 rsbac/module.py create mode 100644 rsbac/objects.py create mode 100644 rsbac/platform.py create mode 100644 rsbac/rc.py create mode 100644 rsbac/rsbac_1_3_0_rc1.py create mode 100644 rsbac/rsbac_auto.py create mode 100644 rsbac/transaction.py create mode 100644 rsbac/um.py create mode 120000 setup create mode 100755 setup.py create mode 100644 tests/_rsbac_test_common.py create mode 100644 tests/flags.py create mode 100644 tests/info.py create mode 100644 tests/various.py diff --git a/NOTES.txt b/NOTES.txt new file mode 100644 index 0000000..b95bee0 --- /dev/null +++ b/NOTES.txt @@ -0,0 +1,83 @@ +TTL: None = unlimited, otherwise a number of second clamped to 1 (so +any TTL below 1 will define an object that will disappear in the next +second.) + +c_char_p are really a problem. Switch to c_byte_p ? ("c_byte_p = +c_char_p" at top of the header module.) The main problem is a '\x00' +in the middle of the string, and the other problem is that the string +is not always 0 terminated by ctypes. + +Not threadsafe! + +See Crock/py-rsbac.txt + +Attributes can either return a mutable or immutable object. + +If the object is mutable, then the attribute must be reached via +getXXX()/setXXX() methods, and reached via .XXX otherwise. (As a +convention.) + +If the object return a tuple (a value and a TTL for example) then if +must also be reached via getXXX()/setXXX() methods. + +To summarize, only atom whose value depend on the instance, can be +properties. Otherwise, the scheme value = instance.get(); update +value; instance.set(value); is expected. + +Provides both? + +For ff_flags, provides: + + - .getFileFlags() -> FileFlags instance + - .setFileFlags(value) + - .ff_flags [R/W] (the raw value, as an integer.. or a immutable + Flags class.) + +To add a single flag to ff_flags: + + >> Good but not practical + + - f = instance.getFileFlags() + f.foo = True + instance.setFileFlags( f ) + + >> Bad but practical + + - f.ff_flags.foo = True + + « a = f.ff_flags » # Oops, we can forget that 'a' hold flags for + 'f'.. Not a copy of them. + + >> Sort of compromise, but not really practical + + - f.ff_flags_foo = True (note the syntax) + + >> Another way: + + - f.addFileFlags( 'foo' ) + - f.removeFileFlags( 'foo' ) + +If the attribute doesn't depend on the instance, then there are no +such restrictions. (Example: rsbac.objects.FD.rcTypes proxy) + +--------- + +We have: + +def add( role , type , requests ) : + """Allows 'requests' to 'role' for the given 'type'.""" + rights , ttl = role.typeCompatibility[ type ] + rights |= requests + role.typeCompatibility[ type ] = rights , ttl + +.. which is bad. Because we should be able to do that more easily +without the need for this function. + +role.typeCompatibility[ type ] -> TypeCompatibility(role,type) instance. + +t = TypeCompatibility( role , type ) +print t.ttl +t.ttl = 17 + +t.rights |= blabla # read the TTL, update the rights and restore the +TTL? Seems not too bad.. Ask #rsbac about that. diff --git a/README.txt b/README.txt new file mode 100644 index 0000000..9d6cf4b --- /dev/null +++ b/README.txt @@ -0,0 +1 @@ +FIXME diff --git a/REQ.txt b/REQ.txt new file mode 100644 index 0000000..be04be4 --- /dev/null +++ b/REQ.txt @@ -0,0 +1,73 @@ +rsbac_adf_request_auth +---------------------- + +CHANGE_GROUP + USER, PROCESS + +CREATE, DELETE, GET_PERMISSIONS_DATA, RENAME, WRITE + USER, GROUP + +CHANGE_OWNER + PROCESS + +CHANGE_DAC_EFF_OWNER + PROCESS + +CHANGE_DAC_FS_OWNER + PROCESS + +CHANGE_DAC_EFF_GROUP + PROCESS + +CHANGE_DAC_FS_GROUP + PROCESS + +MODIFY_ATTRIBUTE + - + +GET_STATUS_DATA + SCD + +MODIFY_PERMISSIONS_DATA + SCD, USER, GROUP, NONE + +MODIFY_SYSTEM_DATA + SCD + +SWITCH_LOG + NONE + +SWITCH_MODULE + NONE + +rsbac_adf_request_acl +--------------------- + +NONE -> SCD(other) + +READ_ATTRIBUTE, MODIFY_ATTRIBUTE + - + +SWITCH_MODULE + NONE + +* + FD, UNIXSOCK, DEV, IPC, SCD, USER, PROCESS, GROUP, NETDEV, NETTEMP_NT, NETTEMP, NETOBJ + +rsbac_adf_request_cap +--------------------- + +MODIFY_ATTRIBUTE + - + +READ_ATTRIBUTE + - + +SWITCH_LOG + NONE + +SWITCH_MODULE + NONE + +CHANGE_GROUP, GET_STATUS_DATA, MODIFY_SYSTEM_DATA, SEND_SIGNAL, TRACE + PROCESS diff --git a/attributes.txt b/attributes.txt new file mode 100644 index 0000000..eda8252 --- /dev/null +++ b/attributes.txt @@ -0,0 +1,235 @@ +# +# All lines starting with # and blanks lines are discarded. +# +# A line starting at column 1 is a module name. +# A line starting at column 2 is a target name. +# A line starting at column 3 is an attribute name. +# + +FD + GEN + #internal + log_array_low + log_array_high + log_program_based + symlink_add_remote_ip + symlink_add_uid + symlink_add_mac_level + symlink_add_rc_role + linux_dac_disable + fake_root_uid + auid_exempt + MAC + security_level + mac_categories + mac_auto + mac_prop_trusted + mac_file_flags + PM + pm_object_class + pm_tp + pm_object_type + DAZ + daz_scanned + daz_scanner + FF + ff_flags + RC + rc_type_fd + rc_force_role + rc_initial_role + AUTH + auth_may_setuid + auth_may_set_cap + auth_learn + CAP + min_caps + max_caps + cap_ld_env + RES + res_min + res_max + PAX + pax_flags + +DEV + GEN + log_array_low + log_array_high + MAC + security_level + mac_categories + mac_check + PM + pm_object_class + pm_object_type + RC + rc_type + +IPC + MAC + security_level + mac_categories + PM + pm_object_class + pm_ipc_purpose + pm_object_type + RC + rc_type + JAIL + jail_id + +USER + GEN + pseudo + log_user_based + MAC + security_level + initial_security_level + min_security_level + mac_categories + mac_initial_categories + mac_min_categories + #system_role + mac_role + mac_user_flags + PM + pm_task_set + pm_role + DAZ + #system_role + daz_role + FF + #system_role + ff_role + RC + rc_def_role + rc_type + AUTH + #system_role + auth_role + CAP + #system_role + cap_role + min_caps + max_caps + cap_ld_env + JAIL + #system_role + jail_role + RES + #system_role + res_role + res_min + res_max + PAX + #system_role + pax_role + +PROCESS + GEN + log_program_based + fake_root_uid + audit_uid + auid_exempt + remote_ip + #kernel_thread + MAC + security_level + initial_security_level + min_security_level + mac_categories + mac_initial_categories + mac_min_categories + current_sec_level + mac_curr_categories + min_write_open + min_write_categories + max_read_open + max_read_categories + mac_process_flags + mac_auto + PM + pm_tp + pm_current_task + pm_process_type + DAZ + daz_scanner + RC + rc_role + rc_type + rc_select_type + rc_force_role + AUTH + auth_may_setuid + auth_may_set_cap + #auth_program_file + #auth_start_uid + #auth_start_euid + #auth_start_gid + #auth_start_egid + auth_learn + auth_last_auth + CAP + cap_process_hiding + max_caps_user + max_caps_program + cap_ld_env + JAIL + jail_id + jail_parent + jail_ip + jail_flags + jail_max_caps + jail_scd_get + jail_scd_modify + PAX + pax_flags + +GROUP + RC + rc_type + +NETDEV + GEN + log_array_low + log_array_high + RC + rc_type + +NETTEMP + GEN + log_array_low + log_array_high + MAC + security_level + mac_categories + PM + pm_object_class + pm_ipc_purpose + pm_object_type + RC + rc_type + rc_type_nt + +NETOBJ + GEN + local_log_array_low + local_log_array_high + remote_log_array_low + remote_log_array_high + MAC + local_sec_level + local_mac_categories + remote_sec_level + remote_mac_categories + PM + local_pm_object_class + local_pm_ipc_purpose + local_pm_object_type + remote_pm_object_class + remote_pm_ipc_purpose + remote_pm_object_type + RC + local_rc_type + remote_rc_type diff --git a/extra/gen.sh b/extra/gen.sh new file mode 100644 index 0000000..f4f93bb --- /dev/null +++ b/extra/gen.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# This script generate the rsbac_x_y_z.py Python module which contains +# all the types defined in RSBAC include file. + +export LC_ALL=C + +# files +HEADERS=/home/fred/src/rsbac-admin-1.3.0rc1/main/headers +SOURCES=( + "${HEADERS}/rsbac/types.h" + "${HEADERS}/rsbac/syscalls.h" + "${HEADERS}/rsbac/request_groups.h" + ) +TARGET="./rsbac_1_3_0_rc1.py" + +# gccxml +GCCXML=/home/fred/CVS/gccxml-build/bin +export PATH="${GCCXML}:${PATH}" + +# codegen +CODEGEN=/home/fred/CVS/codegen +export PYTHONPATH="$CODEGEN" +H2XML="${CODEGEN}/scripts/h2xml.py" +XML2PY="${CODEGEN}/scripts/xml2py.py" + +TMP="/tmp/.pyrsbac.$$" +python "$H2XML" "${SOURCES[@]}" -I "$HEADERS" -c -o "$TMP" +cat > "$TARGET" <> "$TARGET" +rm "$TMP" diff --git a/rsbac/__init__.py b/rsbac/__init__.py new file mode 100644 index 0000000..5e48d49 --- /dev/null +++ b/rsbac/__init__.py @@ -0,0 +1,52 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ + 'Error' , + 'adf' , 'module' , 'transaction' , 'objects' , 'rc' , 'um' , 'data' , + 'jail' , 'acl' , + 'moduleVersion' , 'headerVersion' , 'kernelVersion' ] + +import sys +if sys.version_info < ( 2 , 4 , 0 ) : + raise ImportError , 'RSBAC Python bindings requires at least Python 2.4' +del sys + +moduleVersion = ( 0 , 0 , 1 , '' ) + +from rsbac.errors import Error +from rsbac._data import * +from rsbac._misc import * +from rsbac import adf, module, transaction, objects, rc, um, data, jail, acl + +__all__ += _data.__all__ +__all__ += _misc.__all__ + +import headers +headerVersion = ( headers.RSBAC_VERSION_MAJOR , + headers.RSBAC_VERSION_MID , + headers.RSBAC_VERSION_MINOR ) + +# Note: overwrite the function with its value +kernelVersion = kernelVersion() + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/_data.py b/rsbac/_data.py new file mode 100644 index 0000000..41d9fb5 --- /dev/null +++ b/rsbac/_data.py @@ -0,0 +1,139 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ 'RequestVector' , 'RcRequestVector' , 'AclRequestVector' , + 'FileFlags' , 'PaxFlags' , 'CapsFlags' , 'JailFlags' ] + +from rsbac import headers +from rsbac._flags import buildFlagsClass + +_g_requests = \ + sorted( ( getattr( headers , name ) , name.split( '_' , 1 )[ -1 ].lower() ) + for name in dir( headers ) + if name.startswith( 'R_' ) and name.upper() != 'R_NONE' ) + +RequestVector = buildFlagsClass( 'RequestVector' , ( object , ) , _g_requests ) + +_g_rcrequests = \ + sorted( ( getattr( headers , name ) , name.split( '_' , 1 )[ -1 ].lower() ) + for name in dir( headers ) + if ( name.startswith( 'R_' ) or name.startswith( 'RCR_' ) ) + and name.upper() not in ( 'R_NONE' , 'RCR_NONE' ) ) + +RcRequestVector = buildFlagsClass( 'RcRequestVector' , ( object , ) , _g_rcrequests ) + +_g_aclrequests = \ + sorted( ( getattr( headers , name ) , name.split( '_' , 1 )[ -1 ].lower() ) + for name in dir( headers ) + if ( name.startswith( 'R_' ) or name.startswith( 'ACLR_' ) ) + and name.upper() not in ( 'R_NONE' , 'ACLR_NONE' ) ) + +AclRequestVector = buildFlagsClass( 'AclRequestVector' , ( object , ) , _g_aclrequests ) + +_g_scds = \ + sorted( ( getattr( headers , name ) , name.split( '_' , 1 )[ -1 ].lower() ) + for name in dir( headers ) + if name.startswith( 'ST_' ) and name.upper() != 'ST_NONE' ) + +ScdVector = buildFlagsClass( 'ScdVector' , ( object , ) , _g_scds ) +JailScdVector = buildFlagsClass( 'JailScdVector' , ( object , ) , _g_scds ) + +_g_fileFlags = [ + ( 0 , 'read_only' ) , + ( 1 , 'execute_only' ) , + ( 2 , 'search_only' ) , + ( 3 , 'write_only' ) , + ( 4 , 'secure_delete' ) , + ( 5 , 'no_execute' ) , + ( 6 , 'no_delete_or_rename' ) , + ( 7 , 'add_inherited' ) , + ( 8 , 'append_only' ) , + ( 9 , 'no_mount' ) , + ( 10 , 'no_search' ) + ] + +FileFlags = buildFlagsClass( 'FileFlags' , ( object , ) , _g_fileFlags ) + +_g_paxFlags = [ + ( 24 , 'pageexec' ) , + ( 25 , 'emutramp' ) , + ( 26 , 'mprotect' ) , + ( 27 , 'randmmap' ) , + ( 28 , 'randexec' ) , + ( 29 , 'segmexec' ) + ] + +PaxFlags = buildFlagsClass( 'PaxFlags' , ( object , ) , _g_paxFlags ) + +_g_capsFlags = [ + ( 0 , 'CHOWN' ) , + ( 1 , 'DAC_OVERRIDE' ) , + ( 2 , 'DAC_READ_SEARCH' ) , + ( 3 , 'FOWNER' ) , + ( 4 , 'FSETID' ) , + ( 5 , 'KILL' ) , + ( 6 , 'SETGID' ) , + ( 7 , 'SETUID' ) , + ( 8 , 'SETPCAP' ) , + ( 9 , 'LINUX_IMMUTABLE' ) , + ( 10 , 'NET_BIND_SERVICE' ) , + ( 11 , 'NET_BROADCAST' ) , + ( 12 , 'NET_ADMIN' ) , + ( 13 , 'NET_RAW' ) , + ( 14 , 'IPC_LOCK' ) , + ( 15 , 'IPC_OWNER' ) , + ( 16 , 'SYS_MODULE' ) , + ( 17 , 'SYS_RAWIO' ) , + ( 18 , 'SYS_CHROOT' ) , + ( 19 , 'SYS_PTRACE' ) , + ( 20 , 'SYS_PACCT' ) , + ( 21 , 'SYS_ADMIN' ) , + ( 22 , 'SYS_BOOT' ) , + ( 23 , 'SYS_NICE' ) , + ( 24 , 'SYS_RESOURCE' ) , + ( 25 , 'SYS_TIME' ) , + ( 26 , 'SYS_TTY_CONFIG' ) , + ( 27 , 'MKNOD' ) , + ( 28 , 'LEASE' ) + ] + +CapsFlags = buildFlagsClass( 'CapsFlags' , ( object , ) , _g_capsFlags ) + +_g_jailFlags = [ + ( 0 , 'allow_external_ipc' ) , + ( 1 , 'allow_all_net_family' ) , + ( 3 , 'allow_inet_raw' ) , + ( 4 , 'auto_adjust_inet_any' ) , + ( 5 , 'allow_inet_localhost' ) , + ( 7 , 'allow_dev_get_status' ) , + ( 8 , 'allow_dev_mod_system' ) , + ( 9 , 'allow_dev_read' ) , + ( 10 , 'allow_dev_write' ) , + ( 11 , 'allow_tty_open' ) , + ( 12 , 'allow_parent_ipc' ) , + ( 13 , 'allow_suid_files' ) , + ( 14 , 'allow_mount' ) + ] + +JailFlags = buildFlagsClass( 'JailFlags' , ( object , ) , _g_jailFlags ) + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/_flags.py b/rsbac/_flags.py new file mode 100644 index 0000000..68a1a8a --- /dev/null +++ b/rsbac/_flags.py @@ -0,0 +1,110 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +import operator + +def buildFlagsClass( className , bases , bits ) : + dbits = dict( bits ) + rdbits = dict( map( reversed , bits ) ) + attrs = {} + def add( fun ) : + attrs[ fun.__name__ ] = fun + return fun + def addTo( cls ) : + def f( fun ) : + setattr( cls , fun.__name__ , fun ) + return fun + return f + def init( value ) : + if isinstance( value , basestring ) : + if value not in rdbits : + raise RuntimeError , 'Unknown flag named %r in class %s' % ( value , className ) + return 1 << rdbits[ value ] + elif isinstance( value , ( tuple , list ) ) : + return reduce( operator.__or__ , map( init , value ) , 0 ) + else : + return int( value ) + @add + def __init__( self , *value ) : + self.value = init( value ) + @add + def __iter__( self ) : + assert self.value >= 0 + left = self.value + for bit , name in bits : + b = 1 << bit + if self.value & b : + yield name + left &= ~b + if left : + bit = 0 + b = 1 + while left : + if left & b : + yield bit + left &= ~b + bit += 1 + b <<= 1 + @add + def __repr__( self ) : + r = [] + for bit in self : + if isinstance( bit , str ) : + r.append( `bit` ) + else : + r.append( '2**%d' % bit ) + return '%s(%s)' % ( className , ', '.join( r ) ) + @add + def __int__( self ) : + return int( self.value ) + @add + def __long__( self ) : + return long( self.value ) + @add + def __cmp__( self , other ) : + return cmp( self.value , other.value ) + def addAttribute( bit , name ) : + mask = 1 << bit + def get( self ) : + return bool( self.value & mask ) + #attrs[ 'get_' + name ] = get + attrs[ name ] = property( get ) + mask = 0 + for bit , name in bits : + addAttribute( bit , name ) + mask |= 1 << bit + t = type( className , bases , attrs ) + @addTo( t ) + def __or__( self , v ) : + return t( self.value | init( v ) ) + @addTo( t ) + def __xor__( self , v ) : + return t( self.value ^ init( v ) ) + @addTo( t) + def __and__( self , v ) : + return t( self.value & init( v ) ) + @addTo( t ) + def __invert__( self ) : + return t( self.value ^ mask ) + return t + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/_misc.py b/rsbac/_misc.py new file mode 100644 index 0000000..ff786d1 --- /dev/null +++ b/rsbac/_misc.py @@ -0,0 +1,321 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [] + +from ctypes import c_char, byref, create_string_buffer + +from rsbac import headers, lib +from rsbac.errors import raiseIfError +from rsbac._utils import aptr + +def export( fun ) : + __all__.append( fun.__name__ ) + return fun + +@export +def kernelVersion() : + """Return the RSBAC kernel version as a 3-tuple. + + """ + v = lib.rsbac_version() + v , z = divmod( v , 256 ) + v , y = divmod( v , 256 ) + x = v + return x , y , z + +@export +def dumpStats() : + """Dump statistics about RSBAC to kernel log. + + """ + return raiseIfError( lib.rsbac_stats() ) + +@export +def checkConsistency( correct , checkInode ) : + """Consistency checking (as far as possible) + + correct = 0: do not correct errors + correct = 1: correct errors + correct = 2: correct more + checkInode = 0: do not check inode numbers + checkInode = 1: also check inode numbers (only ext2/3 on 2.4 kernels) + """ + return raiseIfError( lib.rsbac_check( correct , checkInode ) ) + +@export +def writeDirtyLists() : + """Write all dirty lists to disk. Returns number of lists written. + + """ + return raiseIfError( lib.rsbac_write() ) + +def _rsbacLog( type , size = None ) : + if type in ( 2 , 3 , 4 ) : + if size is None : + size = 4096 + buffer = ( c_char * size )() + raiseIfError( lib.rsbac_log( type , aptr( buffer ) , size ) ) + return buffer.value + else : + return raiseIfError( lib.rsbac_log( type , None , 0 ) ) + +@export +def openLog() : + """Open RSBAC log (Warning: no-op) + + """ + return _rsbacLog( 1 ) + +@export +def closeLog() : + """Close RSBAC log (Warning: no-op) + + """ + return _rsbacLog( 0 ) + +@export +def readLog( size = 4096 ) : + """Read RSBAC log. + + """ + return _rsbacLog( 2 , size ) + +@export +def readRingBuffer( size = 4096 ) : + """Read the ring buffer. + + """ + return _rsbacLog( 3 , size ) + +@export +def readAndClearRingBuffer( size = 4096 ) : + """Read and clear the ring buffer. + + """ + return _rsbacLog( 4 , size ) + +@export +def clearRingBuffer() : + """Clear the ring buffer. + + """ + return _rsbacLog( 5 ) + +@export +def init( path ) : + """Initialize a filesystem with RSBAC. + + """ + return raiseIfError( lib.rsbac_init( path ) ) + +#--[ getname ]---------------------------------------------------------------- + +g_nameBuffer = create_string_buffer( 65536 ) + +# +# This function creates 3 functions to wrap get_XX_name and get_XX_nr +# RSBAC functions. The resulting functions are named getXxxName, +# getXxxNames and getXxxNumber. +# +# __makeGetNameFunctions( 'Foo' , 'foo' , .. ) creates +# getFooName(value), getFooNames(), getFooNumber(name) +# +def __makeGetNameFunctions( name , fname , limit ) : + byName = getattr( lib , 'get_' + fname + '_name' ) + byNumber = getattr( lib , 'get_' + fname + '_nr' ) + names = [] + def getName( value ) : + if 0 <= value < limit : + return byName( g_nameBuffer , value ) + def getNames() : + if not names : + names[ : ] = map( getName , range( limit ) ) + return names + def getNumber( name ) : + result = byNumber( name ) + if getName( result ) == name : + return result + import sys + m = sys.modules[ __name__ ] + a = 'get' + name + 'Name' + b = 'get' + name + 'Names' + c = 'get' + name + 'Number' + setattr( m , a , getName ) + setattr( m , b , getNames ) + setattr( m , c , getNumber ) + __all__.extend( [ a , b , c ] ) + +# getname.c + +__makeGetNameFunctions( 'Request' , 'request' , headers.R_NONE ) +__makeGetNameFunctions( 'Result' , 'result', headers.UNDEFINED + 1 ) + +@export +def getAttributeModule( attribute ) : + if 0 <= attribute <= headers.A_none : + return lib.get_attr_module( attribute ) + +__makeGetNameFunctions( 'Attribute' , 'attribute' , headers.A_none + 1 ) + +# def getAttributeValueName( .. ) : pass + +__makeGetNameFunctions( 'ScdType' , 'scd_type' , headers.ST_none + 1 ) + +# We choose the following mapping: +# get_target_name -> getTargetNameFull +# get_target_name_only -> getTargetName + +# def getTargetNameFull( .. ) : pass + +# FIXME: Update __makeGetNameFunctions to handle this. (Allowing to +# use an alternative suffix.) +@export +def getTargetName( target ) : + if 0 <= target <= headers.T_NONE : + return lib.get_target_name_only( g_nameBuffer , target ) + +@export +def getTargetNames( __r = [] ) : + if not __r : + __r[ : ] = map( getTargetName , range( headers.T_NONE + 1 ) ) + return __r + +@export +def getTargetNumber( name ) : + target = lib.get_target_nr( name ) + if getTargetName( target ) == name : + return target + +__makeGetNameFunctions( 'IpcTarget' , 'ipc_target' , headers.I_none + 1 ) +__makeGetNameFunctions( 'SwitchTarget' , 'switch_target' , headers.SW_NONE + 1 ) + +@export +def getErrorName( error ) : + return lib.get_error_name( g_nameBuffer , error ) + +@export +def getAttributeParameters( attribute ) : + if 0 <= attribute <= headers.A_none : + return lib.get_attribute_param( g_nameBuffer , attribute ) + +__makeGetNameFunctions( 'LogLevel' , 'log_level' , headers.LL_invalid + 1 ) + +@export +def getCapName( value ) : + name = lib.get_cap_name( g_nameBuffer , value ) + if name != 'ERROR!' : + return name + +@export +def getCapNames( __r = [] ) : + if not __r : + i = 0 + while 1 : + name = getCapName( i ) + if not name : + break + __r.append( name ) + i += 1 + return __r + +@export +def getCapNumber( name ) : + value = lib.get_cap_nr( name ) + if getCapName( value ) == name : + return value + +# rc_getname.c + +__makeGetNameFunctions( 'RcTarget' , 'rc_target' , headers.RT_NONE + 1 ) +__makeGetNameFunctions( 'RcAdmin' , 'rc_admin' , headers.RC_none + 1 ) + +@export +def getRcScdTypeName( value ) : + name = lib.get_rc_scd_type_name( g_nameBuffer , value ) + if name != 'ERROR!' : + return name + +@export +def getRcScdTypeNames( __r = [] ) : + if not __r : + __r[ : ] = map( getRcScdTypeName , range( headers.RST_none + 1 ) ) + return __r + +@export +def getRcScdTypeNumber( name ) : + value = lib.get_rc_scd_type_nr( name ) + if getRcScdTypeName( value ) == name : + return value + +__makeGetNameFunctions( 'RcItem' , 'rc_item' , headers.RI_none + 1 ) + +@export +def getRcItemParameters( value ) : + if 0 <= value <= headers.RI_none : + return lib.get_rc_item_param( g_nameBuffer , value ) + +@export +def getRcSpecialRightName( value ) : + name = lib.get_rc_special_right_name( g_nameBuffer , value ) + if name != 'ERROR!' : + return name + +@export +def getRcSpecialRightNames( __r = [] ) : + if not __r : + __r[ : ] = map( getRcSpecialRightName , range( headers.RCR_NONE + 1 ) ) + return __r + +@export +def getRcSpecialRightNumber( name ) : + value = lib.get_rc_special_right_nr( name ) + if getRcSpecialRightName( value ) == name : + return value + +# res_getname.c + +@export +def getResultName( value ) : + name = lib.get_res_name( g_nameBuffer , value ) + if name != 'ERROR!' : + return name + +@export +def getResultNames( __r = [] ) : + if not __r : + i = 0 + while 1 : + name = getResultName( i ) + if not name : + break + __r.append( name ) + i += 1 + return __r + +@export +def getResultNumber( name ) : + value = lib.get_res_nr( name ) + if getResultName( value ) == name : + return value + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/_utils.py b/rsbac/_utils.py new file mode 100644 index 0000000..2ad457e --- /dev/null +++ b/rsbac/_utils.py @@ -0,0 +1,298 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +import socket + +from ctypes import byref, cast, POINTER + +from rsbac.errors import raiseIfError + +#--[ ctypes ]----------------------------------------------------------------- + +def aptr( o ) : + """Return a pointer to base type of ctypes array 'o'.""" + t = o._type_ + return cast( byref( o ) , POINTER( t ) ) + +def slowButCorrectStringAssignation( object , field , data , nul = 1 ) : + """Carefully store a Python string into a ctypes field. + + This function is obviously a temporary solution. We should find a + way to correctly put a string into a c_char array field in a + structure (or union) with always a NUL character at the end of the + string. Currently, ctypes doesn't report error if the string fill + the array completly and if there is no room to put the NUL + character. Also, a NUL character is silently interpreted as the + end of the string! + + """ + if '\x00' in data : + raise RuntimeError , 'a string intended for ctypes cannot contains the NUL character.' + size = getattr( object , '_sz_' + field , None ) + if size is None : + cls = object.__class__ + for name , desc in cls._fields_ : + if name == field : + size = desc._length_ + setattr( cls , '_sz_' + field , size ) + break + else : + raise RuntimeError , 'unknown field %r in object of class %r' % ( field , cls ) + if len( data ) > size - nul : + raise ValueError , '[XXX] string too long (%d, maximum length %d)' % ( len( data ) , size - nul ) + setattr( object , field , data ) + +def stringToByteArray( array , string , fill = 0 , minPadding = 1 ) : + """Copy a string into a ctypes array of character. + + Copy the string 'string' into ctypes array 'array'. An error is + thrown if string is too long. Array if filled with 'fill' value if + string is too short. + + array -- ctypes array of character + string -- string to store in the array + fill -- fill value to use if string is smaller than the array size + minPadding -- mininum number of fill values to store at the end of + the array + + Returns the first parameter. + + """ + a = len( array ) + b = len( string ) + if b > a - minPadding : + raise RuntimeError , \ + 'string of length %d cannot fit in buffer on length %d (%d)' \ + % ( b , a - minPadding , a ) + m = min( a , b ) + i = 0 + while i < m : + array[ i ] = ord( string[ i ] ) + i += 1 + while i < a : + array[ i ] = fill + i += 1 + return array + +def byteArrayToString( array ) : + """Read a string from a ctypes array of character. + + array -- ctypes array of character + + Returns a string. + + """ + end = -1 + for end in range( 0 , len( array ) ) : + if not array[ end ] : + break + else : + end += 1 + if end >= 0 : + return ''.join( map( chr , array[ : end ] ) ) + else : + return ''.join( map( chr , array ) ) + +#--[ rsbac ]------------------------------------------------------------------ + +# The fetch function take care of extracting all the value from a +# RSBAC list. Several attempts are made if the list is updated while +# we try to read it. +# +# Say that L = [a,b,d]. We ask for the length and we get 3, but in the +# meantime, L becomes [a,b,c,d]. Then if we ask for 3 elements, we get +# [a,b,c].. missing one item! +# +# Internall, RSBAC tools prevent this by adding a constant amount of +# place but it's not perfect. +# +# Note that if the list is updated concurrently, then we can't be sure +# that it's up-to-date. Transaction may helps though. +# +# So, the only thing that is guaranteed, is that the list is complete +# according to the state at the time the request was made. + +# FIXME: For multiple type, allows None to don't request a particular +# array? + +def fetch( type , fun , start = None ) : + """Fetch RSBAC array. + + Fetch one or several RSBAC arrays of types specified by 'type', by + calling the function 'fun'. This function should takes several + arguments: the first argument receive the number of items to + retrieve, and the remaining argument are ctypes pointer to already + allocated arrays. This function act as a callback called by fetch, + and may be called an unspecified number of times. + + type -- either a single ctypes type, or a tuple of ctypes type + fun -- function taking at least 2 arguments + start -- None or an integer + + Returns a single list if 'type' was a ctypes type, or a tuple of + list if 'type' was a tuple of ctypes type. + + """ + if start is None : + if not isinstance( type , ( tuple , list ) ) : + n = raiseIfError( fun( 0 , None ) ) + else : + n = raiseIfError( fun( 0 , *( [ None ] * len( type ) ) ) ) + else : + n = max( start , 1 ) + if not isinstance( type , ( tuple , list ) ) : + while 1 : + # The only way to ensure that we got all the items is to ask + # for more and check if the result contains less than asked. + # If not, we increase the buffer size and we try again. + n += 1 + arr = ( type * n )() + m = raiseIfError( fun( n , aptr( arr ) ) ) + if m < n : + # If no items are created while calling rsbac_rc_get_list, + # then we will exit this loop at the first iteration. + break + # Exponentially raise the size of the array. + n += n // 2 + 1 + return arr[ : m ] + else : + types = type + while 1 : + # The only way to ensure that we got all the items is to ask + # for more and check if the result contains less than asked. + # If not, we increase the buffer size and we try again. + n += 1 + arrs = [ ( type * n )() for type in types ] + m = raiseIfError( fun( n , *map( aptr , arrs ) ) ) + if m < n : + # If no items are created while calling rsbac_rc_get_list, + # then we will exit this loop at the first iteration. + break + # Exponentially raise the size of the array. + n += n // 2 + 1 + return tuple( arr[ : m ] for arr in arrs ) + +def ttlToInt( ttl ) : + if ttl is None : + ttl = 0 + else : + ttl = int( ttl ) + if ttl < 1 : + ttl = 1 + return ttl + +def intToTtl( n ) : + if not n : + return None + else : + assert n >= 1 + return int( n ) + +#----------------------------------------------------------------------------- + +# FIXME: endianess? +def intToIp( n ) : + """Convert an IP represented as an integer to a tuple of integer. + + intToIp(3232235821) => (192, 168, 1, 45) + + """ + n = socket.htonl( n ) + return ( int( ( n >> 24 ) & 0xff ) , + int( ( n >> 16 ) & 0xff ) , + int( ( n >> 8 ) & 0xff ) , + int( n & 0xff ) ) + +# FIXME: endianess? +def ipToInt( ip ) : + """Convert an IP represented as a tuple of integer to an integer. + + ipToInt((192, 168, 1, 45)) => 3232235821 + + """ + ip = socket.ntohl( ip ) + if isinstance( ip , tuple ) : + return reduce( lambda a , b : ( a << 8 ) | b , ip , 0 ) + elif isinstance( ip , ( int , long ) ) : + return ip & 0xffffffff + else : + return ip + +def processName( pid ) : + """Get the name of a process. + + Note: Extract the process name from /proc. + + pid -- process ID (PID) + + Returns the name of the process as string. + + """ + if isinstance( pid , int ) and pid > 0 : + try : + f = file( '/proc/%d/stat' % pid ) + line = f.readline() + f.close() + return line[ line.find( '(' ) + 1 : line.rfind( ')' ) ] + except : + pass + +def digits( n , base = 10 , size = None ) : + """Extract the digits from the integer 'n'. + + Extract all digits (unless size is not None) in base 'base' from + integer 'n'. If 'size' is not None, then exactly 'size' digits are + extracted, adding heading 0s if necessary. + + n -- integer + base -- integer (>= 2) + size -- None or an integer + + Returns an array of integer. + + digits(30, 4) => (1, 3, 2) because 30 is written 132 is base 4. + + digits(30, 4, 6) => (0, 0, 0, 1, 3, 2) + + digits(30, 4, 2) => (3, 2) Note that a digit is missing, since we asked + only for 2. + """ + r = [] + if n < 0 : + n = -n + if size is None : + while 1 : + r.append( int( n % base ) ) + n //= base + if not n : + break + else : + for i in range( size ) : + r.append( int( n % base ) ) + n //= base + if not n : + r += ( 0 , ) * ( size - i - 1 ) + break + r.reverse() + return tuple( r ) + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/acl.py b/rsbac/acl.py new file mode 100644 index 0000000..83a6b61 --- /dev/null +++ b/rsbac/acl.py @@ -0,0 +1,740 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ 'Group' , 'groups' ] + +def export( o ) : + if not isinstance( o , basestring ) : + name = o.__name__ + else : + name , o = o , None + if name in __all__ : + raise ImportError , 'duplicate name %r in module %r' % ( name , __name__ ) + __all__.append( name ) + return o + +from ctypes import byref, pointer + +from rsbac import headers, lib, transaction +from rsbac._data import AclRequestVector +from rsbac.errors import raiseIfError, Error +from rsbac._utils import fetch, intToTtl, ttlToInt + +g_aclSyscallArg = headers.rsbac_acl_syscall_arg_t() +g_aclSyscallArgRef = byref( g_aclSyscallArg ) + +g_aclSyscallByNameArg = headers.rsbac_acl_syscall_n_arg_t() +g_aclSyscallByNameArgRef = byref( g_aclSyscallByNameArg ) + +# for acl_remove_user +g_targetId = headers.rsbac_target_id_t() + +def _acl_preset( target , tid , subjectType , subjectId , rights , ttl ) : + g_aclSyscallArg.target = target + g_aclSyscallArg.tid = tid + g_aclSyscallArg.subj_type = subjectType + g_aclSyscallArg.subj_id = subjectId + g_aclSyscallArg.rights = rights + g_aclSyscallArg.ttl = ttl + return g_aclSyscallArgRef + +def _acl_preset_n( target , name , subjectType , subjectId , rights , ttl ) : + g_aclSyscallByNameArg.target = target + g_aclSyscallByNameArg.name = name + g_aclSyscallByNameArg.subj_type = subjectType + g_aclSyscallByNameArg.subj_id = subjectId + g_aclSyscallByNameArg.rights = rights + g_aclSyscallByNameArg.ttl = ttl + return g_aclSyscallByNameArgRef + +def _to_acl_subject( object ) : + from rsbac.objects import User + if isinstance( object , Role ) : + return headers.ACLS_ROLE , object._role + elif isinstance( object , User ) : + return headers.ACLS_USER , object.uid + elif isinstance( object , Group ) : + return headers.ACLS_GROUP , object._id + else : + raise RuntimeError , 'unexpected ACL subject of type %r' % ( object.__class__ , ) + +def _from_acl_subject( type , id ) : + if type == headers.ACLS_USER : + return User( id ) + elif type == headers.ACLS_ROLE : + return Role( id ) + elif type == headers.ACLS_GROUP : + return Group( id ) + else : + raise RuntimeError , 'unexpected subject type %r' % ( type , ) + +# +# set_acl_entry +# + +def setAclEntryById( target , subject , rights , ttl = None ) : + st , si = _to_acl_subject( subject ) + raiseIfError( lib.rsbac_acl( transaction._t , + headers.ACLC_set_acl_entry , + _acl_preset( target.type , target._id._obj , + st , si , + int( rights ) , ttlToInt( ttl ) ) ) ) + +def setAclEntryByName( target , subject , rights , ttl = None ) : + st , si = _to_acl_subject( subject ) + raiseIfError( lib.rsbac_acl_n( transaction._t , + headers.ACLC_set_acl_entry , + _acl_preset_n( target.type , target._id , + st , si , + int( rights ) , ttlToInt( ttl ) ) ) ) + +# +# remove_acl_entry +# + +def removeAclEntryById( target , subject ) : + st , si = _to_acl_subject( subject ) + raiseIfError( lib.rsbac_acl( transaction._t , + headers.ACLC_remove_acl_entry , + _acl_preset( target.type , target._id._obj , + st , si , + 0 , 0 ) ) ) + +def removeAclEntryByName( target , subject ) : + st , si = _to_acl_subject( subject ) + raiseIfError( lib.rsbac_acl_n( transaction._t , + headers.ACLC_remove_acl_entry , + _acl_preset_n( target.type , target._id , + st , si , + 0 , 0 ) ) ) + +# +# remove_acl +# + +def removeAclById( target ) : + raiseIfError( lib.rsbac_acl( transaction._t , + headers.ACLC_remove_acl , + _acl_preset( target.type , target._id._obj , + 0 , 0 , 0 , 0 ) ) ) + +def removeAclByName( target ) : + raiseIfError( lib.rsbac_acl_n( transaction._t , + headers.ACLC_remove_acl , + _acl_preset_n( target.type , target._id , + 0 , 0 , 0 , 0 ) ) ) + +# add_to_acl_entry +# remove_from_acl_entry + +# +# set_mask +# + +def setAclMaskById( target , mask ) : + raiseIfError( lib.rsbac_acl( transaction._t , + headers.ACLC_remove_acl , + _acl_preset( target.type , target._id._obj , + 0 , 0 , + mask , 0 ) ) ) + +def setAclMaskByName( target , mask ) : + raiseIfError( lib.rsbac_acl_n( transaction._t , + headers.ACLC_remove_acl , + _acl_preset_n( target.type , target._id , + 0 , 0 , + mask , 0 ) ) ) + +# +# remove_user +# + +@export +def aclRemoveUser( user ) : + """Remove user from all groups and all ACLs. + + user -- UID as integer + + """ + g_targetId.user = user + raiseIfError( lib.rsbac_acl( transaction._t , + headers.ACLC_remove_user , + _acl_preset( headers.T_USER , g_targetId , + 0 , 0 , 0 , 0 ) ) ) + +# +# get_acl_rights +# + +def getAclRightsById( target , subject , effective = False ) : + st , si = _to_acl_subject( subject ) + rights = headers.rsbac_acl_rights_vector_t() + raiseIfError( lib.rsbac_acl_get_rights( transaction._t , + _acl_preset( target.type , target._id._obj , + st , si , + 0 , 0 ) , + byref( rights ) , + effective ) ) + return AclRequestVector( rights.value ) + +def getAclRightsByName( target , subject , effective = False ) : + st , si = _to_acl_subject( subject ) + rights = headers.rsbac_acl_rights_vector_t() + raiseIfError( lib.rsbac_acl_get_rights_n( transaction._t , + _acl_preset_n( target.type , target._id , + st , si , + 0 , 0 ) , + byref( rights ) , + effective ) ) + return AclRequestVector( rights.value ) + +# +# acl_get_tlist +# + +def _unpackAclTlist( entries , ttls ) : + return [ ( _from_acl_subject( entry.subj_type , entry.subj_id ) , + AclRequestVector( entry.rights ) , + intToTtl( ttl ) ) + for entry , ttl in zip( entries , ttls ) ] + +def getAclTargetListById( target ) : + arrs = fetch( ( headers.rsbac_acl_entry_t , + headers.rsbac_time_t ) , + lambda n , a , b : lib.rsbac_acl_get_tlist( transaction._t , + target.type , + target._id._obj , + a , b , n ) , + 32 ) + return _unpackAclTlist( *arrs ) + +def getAclTargetListByName( target ) : + arrs = fetch( ( headers.rsbac_acl_entry_t , + headers.rsbac_time_t ) , + lambda n , a , b : lib.rsbac_acl_get_tlist_n( transaction._t , + target.type , + target._id , + a , b , n ) , + 32 ) + return _unpackAclTlist( *arrs ) + +# +# acl_get_mask +# + +def getAclMaskById( target ) : + rights = headers.rsbac_acl_rights_vector_t() + raiseIfError( lib.rsbac_acl_get_mask( transaction._t , + target.type , target._id._obj , + byref( rights ) ) ) + return AclRequestVector( rights.value ) + +def getAclMaskByName( target ) : + rights = headers.rsbac_acl_rights_vector_t() + raiseIfError( lib.rsbac_acl_get_mask_n( transaction._t , + target.type , target._id , + byref( rights ) ) ) + return AclRequestVector( rights.value ) + +# +# dispatchers +# + +@export +def setAclEntry( target , subject , rights , ttl = None ) : + """Set an ACL entry for a target-subject couple. + + target -- Object + subject -- either an instance of objects.User, acl.Group or rc.Role. + rights -- AclRequestVector + ttl -- None or a positive integer + + """ + if target._byName : + return setAclEntryByName( target , subject , rights , ttl ) + else : + return setAclEntryById( target , subject , rights , ttl ) + +@export +def removeAclEntry( target , subject ) : + """Remove an ACL entry. + + target -- Object + subject -- either an instance of objects.User, acl.Group or rc.Role. + + """ + if target._byName : + return removeAclEntryByName( target , subject ) + else : + return removeAclEntryById( target , subject ) + +@export +def removeAcl( target ) : + """Remove all ACL entries on a target. + + target -- Object + + """ + if target._byName : + return removeAclByName( target ) + else : + return removeAclById( target ) + +@export +def setAclMask( target , mask ) : + """Set ACL mask on a target. + + target -- Object + mask -- AclRequestVector + + """ + if target._byName : + return setAclMaskByName( target , mask ) + else : + return setAclMaskById( target , mask ) + +@export +def getAclRights( target , subject , effective = False ) : + """Get ACL rights for a target-subject couple. + + target -- Object + subject -- either an instance of objects.User, acl.Group or rc.Role. + effective -- True to retrieve effective rights, False otherwise. + + Returns an AclRequestVector. + + """ + if target._byName : + return getAclRightsByName( target , subject , effective ) + else : + return getAclRightsById( target , subject , effective ) + +@export +def getAclMask( target ) : + """Get ACL mask for a target. + + target -- Object + + Returns an AclRequestVector. + + """ + if target._byName : + return getAclMaskByName( target , mask ) + else : + return getAclMaskById( target , mask ) + +@export +def getAclTargetList( target ) : + """Get all ACL entries for a target. + + target -- Object + + Returns a list of 3-tuple (Object, AclRequestVector, ttl). + + """ + if target._byName : + return getAclTargetListByName( target ) + else : + return getAclTargetListById( target ) + +class AclBase( object ) : + def __init__( self , target ) : + object.__init__( self ) + self.target = target + def __len__( self ) : + return len( self._list() ) + def __iter__( self ) : + return iter( self.keys() ) + def __repr__( self ) : + return '' % ( repr( self.target ).strip( '<>' ) , len( self ) ) + def keys( self ) : + return [ e[ 0 ] for e in self._list() ] + def values( self ) : + return [ ( e[ 1 ] , e[ 2 ] ) for e in self._list() ] + def items( self ) : + return [ ( e[ 0 ] , ( e[ 1 ] , e[ 2 ] ) ) for e in self._list() ] + +class AclById( AclBase ) : + def _list( self ) : + return getAclTargetListById( self.target ) + def __getitem__( self , subject ) : + # FIXME: temporary solution. Waiting for an O(1) way to get + # (right,TTL) couple. + for k , v in self.items() : + if k == subject : + return v + #return AclRequestVector() , None + raise RuntimeError + def __setitem__( self , subject , value ) : + if not isinstance( value , tuple ) : + value = value , None + rights , ttl = value + setAclEntryById( self.target , subject , rights , ttl ) + def __delitem__( self , subject ) : + removeAclEntryById( self.target , subject ) + def clear( self ) : + removeAclById( self.target ) + +class AclByName( AclBase ) : + def _list( self ) : + return getAclTargetListByName( self.target ) + def __iter__( self ) : + return ( n[ 0 ] for n in self.__list() ) + def __getitem__( self , subject ) : + # FIXME: temporary solution. Waiting for an O(1) way to get + # (right,TTL) couple. + for k , v in self.items() : + if k == subject : + return v + #return RequestVector() , None + raise RuntimeError + def __setitem__( self , subject , value ) : + if not isinstance( value , tuple ) : + value = value , None + rights , ttl = value + setAclEntryByName( self.target , subject , rights , ttl ) + def __delitem__( self , subject ) : + removeAclEntryByName( self.target , subject ) + def clear( self ) : + removeAclByName( self.target ) + +#--[ Group ]------------------------------------------------------------------ + +@export +def addGroup( name , type = headers.ACLG_PRIVATE , id = None ) : + """Add an ACL group. + + type -- type of group (either ACLG_GLOBAL or ACLG_PRIVATE) + name -- group name as string + id -- a positive integer or None (automatic ID) + + Returns the ID of the new group. + + """ + if id is None : + id = 0 + id_ = headers.rsbac_acl_group_id_t() + id_.value = id + arg = headers.rsbac_acl_group_syscall_arg_t() + arg.add_group.type = type + arg.add_group.name = name + arg.add_group.group_id_p = pointer( id_ ) + raiseIfError( lib.rsbac_acl_group( transaction._t , + headers.ACLGS_add_group , + byref( arg ) ) ) + return int( id_.value ) + +@export +def addGlobalGroup( name , id = None ) : + """Add an ACL global group. + + name -- group name as string + id -- a positive integer or None (automatic ID) + + Returns the ID of the new group. + + """ + return addGroup( name , headers.ACLG_GLOBAL , id ) + +@export +def addPrivateGroup( name , id = None ) : + """Add an ACL private group. + + name -- group name as string + id -- a positive integer or None (automatic ID) + + Returns the ID of the new group. + + """ + return addGroup( name , headers.ACLG_PRIVATE , id ) + +@export +def changeGroup( id , owner , type , name ) : + """Change ACL group attributes. + + Change the owner, type and name of an existing ACL group. + + id -- ACL group as integer + owner -- user as integer + type -- either headers.ACLG_PRIVATE or headers.ACLG_GLOBAL + name -- group name + + """ + arg = headers.rsbac_acl_group_syscall_arg_t() + arg.change_group.id = id + arg.change_group.owner = owner + arg.change_group.type = type + arg.change_group.name = name + raiseIfError( lib.rsbac_acl_group( transaction._t , + headers.ACLGS_change_group , + byref( arg ) ) ) + +@export +def removeGroup( id ) : + """Remove an ACL group + + id -- ACL group as integer + + """ + arg = headers.rsbac_acl_group_syscall_arg_t() + arg.remove_group.id = id + raiseIfError( lib.rsbac_acl_group( transaction._t , + headers.ACLGS_remove_group , + byref( arg ) ) ) + +def _unpackEntry( entry ) : + return int( entry.id ) , int( entry.owner ) , int( entry.type ) , entry.name + +@export +def getGroupEntry( id ) : + """Get group entry attributes. + + id -- ACL group as integer + + Returns a tuple with 4 attributes: id, owner, type and name. + + """ + entry = headers.rsbac_acl_group_entry_t() + arg = headers.rsbac_acl_group_syscall_arg_t() + arg.get_group_entry.id = id + arg.get_group_entry.entry_p = pointer( entry ) + raiseIfError( lib.rsbac_acl_group( transaction._t , + headers.ACLGS_get_group_entry , + byref( arg ) ) ) + return _unpackEntry( entry ) + +def _listGroups( includeGlobal , arr , n ) : + arg = headers.rsbac_acl_group_syscall_arg_t() + arg.list_groups.include_global = includeGlobal + arg.list_groups.group_entry_array = arr + arg.list_groups.maxnum = n + return raiseIfError( lib.rsbac_acl_group( transaction._t , + headers.ACLGS_list_groups , + byref( arg ) ) ) + +# FIXME: Other groups may be viewed/changed while not listed by +# _listGroups (the groups belonging to other users.) +@export +def getGroupList( includeGlobal = False ) : + """Get the list of ACL group. + + includeGlobal -- boolean. If True, include global groups. + + Returns list of group ID. + + """ + arr = fetch( headers.rsbac_acl_group_entry_t , + lambda n , a : _listGroups( includeGlobal , a , n ) , + 32 ) + return map( _unpackEntry , arr ) + +@export +def addGroupMember( group , user , ttl = None ) : + """Add a member to an ACL group. + + group -- ACL group as integer + user -- user as integer + ttl -- None or a positive integer + + """ + arg = headers.rsbac_acl_group_syscall_arg_t() + arg.add_member.group = int( group ) + arg.add_member.user = int( user ) + arg.add_member.ttl = ttlToInt( ttl ) + return raiseIfError( lib.rsbac_acl_group( transaction._t , + headers.ACLGS_add_member , + byref( arg ) ) ) + +@export +def removeGroupMember( group , user ) : + """Remove a member from an ACL group. + + group -- ACL group as integer + user -- user as integer + + """ + arg = headers.rsbac_acl_group_syscall_arg_t() + arg.remove_member.group = int( group ) + arg.remove_member.user = int( user ) + return raiseIfError( lib.rsbac_acl_group( transaction._t , + headers.ACLGS_remove_member , + byref( arg ) ) ) + +def _getUserGroups( user , groups , ttls , n ) : + arg = headers.rsbac_acl_group_syscall_arg_t() + arg.get_user_groups.user = user + arg.get_user_groups.group_array = groups + arg.get_user_groups.ttl_array = ttls + arg.get_user_groups.maxnum = n + return raiseIfError( lib.rsbac_acl_group( transaction._t , + headers.ACLGS_get_user_groups , + byref( arg ) ) ) + +@export +def getUserGroups( uid ) : + """Get the ACL groups to which a user belong. + + uid -- user as integer + + Returns a list of pair (id,ttl). + + """ + arrs = fetch( ( headers.rsbac_acl_group_id_t , + headers.rsbac_time_t ) , + lambda n , a , b : _getUserGroups( uid , a , b , n ) , + 32 ) + return [ ( int( a ) , int( b ) ) for a , b in zip( *arrs ) ] + +def _getGroupMembers( group , users , ttls , n ) : + arg = headers.rsbac_acl_group_syscall_arg_t() + arg.get_group_members.group = group + arg.get_group_members.user_array = users + arg.get_group_members.ttl_array = ttls + arg.get_group_members.maxnum = n + return raiseIfError( lib.rsbac_acl_group( transaction._t , + headers.ACLGS_get_group_members , + byref( arg ) ) ) + +@export +def getGroupMembers( id ) : + """Get the members of the given ACL group. + + id -- ACL group + + Returns a list of pair (uid,ttl). + + """ + arrs = fetch( ( headers.rsbac_uid_t , + headers.rsbac_time_t ) , + lambda n , a , b : _getGroupMembers( id , a , b , n ) , + 32 ) + return [ ( int( a ) , intToTtl( b ) ) for a , b in zip( *arrs ) ] + +class AclGroupMembersTtlDictProxy( object ) : + def __init__( self , id ) : + self.__group = id + def __getitem__( self , user ) : + for uid , ttl in getGroupMembers( self.__group ) : + if uid == user : + if ttl is None : + ttl = True + return ttl + return False + def __setitem__( self , user , value ) : + addGroupMember( self.__group , user , value ) + def __iter__( self ) : + return ( n[ 0 ] for n in getGroupMembers( self.__group ) ) + def __repr__( self ) : + r = [] + for user , ttl in getGroupMembers( self.__group ) : + if ttl is None : + r.append( str( user ) ) + else : + r.append( '%s(%ds)' % ( user , ttl ) ) + return '' \ + % ( self.__group , ', '.join( r ) or 'none' ) + def add( self , user , ttl = None ) : + addGroupMember( self.__group , user , ttl ) + def discard( self , user ) : + removeGroupMember( self.__group , user ) + def clear( self ) : + map( self.discard , self ) + +# FIXME: Add a note about settings (not settable individually +# normally) +class Group( object ) : + def __init__( self , id ) : + self.id = id + self.members = AclGroupMembersTtlDictProxy( id ) + def __repr__( self ) : + try : + entry = getGroupEntry( self.id ) + assert entry[ 2 ] in ( headers.ACLG_GLOBAL , headers.ACLG_PRIVATE ) + desc = '%r %s' % \ + ( entry[ 3 ] , + ( 'PRIVATE' , 'GLOBAL' )[ entry[ 2 ] == headers.ACLG_GLOBAL ] ) + except Error , e : + if e[ 0 ] != headers.RSBAC_ENOTFOUND : + raise + desc = 'undefined' + return '' % ( self.id , desc ) + # + # members + # + members = None + # + # owner + # + def getOwner( self ) : + return User( getGroupEntry( self.id )[ 1 ] ) + def setOwner( self , value ) : + entry = getGroupEntry( self.id ) + changeGroup( self.id , int( value ) , entry[ 2 ] , entry[ 3 ] ) + owner = property( getOwner , setOwner ) + # + # private (not really a boolean, but let's say it is) + # + def getPrivate( self ) : + entry = getGroupEntry( self.id ) + type = entry[ 2 ] + assert type in ( headers.ACLG_GLOBAL , headers.ACLG_PRIVATE ) + return type == headers.ACLG_PRIVATE + def setPrivate( self , value ) : + entry = getGroupEntry( self.id ) + if value : + value = headers.ACLG_PRIVATE + else : + value = headers.ACLG_GLOBAL + changeGroup( self.id , entry[ 1 ] , value , entry[ 3 ] ) + private = property( getPrivate , setPrivate ) + # + # name + # + def getName( self ) : + return getGroupEntry( self.id )[ 3 ] + def setName( self , value ) : + entry = getGroupEntry( self.id ) + changeGroup( self.id , entry[ 1 ] , entry[ 2 ] , value ) + name = property( getName , setName ) + +class GroupDict( object ) : + def __iter__( self ) : + return ( item[ 0 ] for item in getGroupList( True ) ) + def __getitem__( self , id ) : + return Group( id ) + def __delitem__( self , id ) : + return removeGroup( id ) + def __repr__( self ) : + return '{' + ', '.join( '%s: %s' % ( a , b ) for a , b in self.items() ) + '}' + def keys( self ) : + return list( self ) + def values( self ) : + return map( Group , self ) + def items( self ) : + return [ ( group , Group( group ) ) for group in self ] + +groups = GroupDict() + +from rsbac.rc import Role +from rsbac.objects import User + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/adf.py b/rsbac/adf.py new file mode 100644 index 0000000..57a0e80 --- /dev/null +++ b/rsbac/adf.py @@ -0,0 +1,37 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ 'logSwitch' , 'logGet' ] + +from rsbac import lib +from rsbac.errors import raiseIfError + +# LL_none, LL_denied, LL_full, LL_request, LL_invalid +def logSwitch( request , target , value ) : + raiseIfError( lib.rsbac_adf_log_switch( request , target , value ) ) + +def logGet( request , target ) : + value = ctypes.c_uint() + raiseIfError( lib.rsbac_get_adf_log( request , target , byref( value ) ) ) + return value.value + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/data.py b/rsbac/data.py new file mode 100644 index 0000000..0e2f63a --- /dev/null +++ b/rsbac/data.py @@ -0,0 +1,400 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +from rsbac._data import RequestVector + +# Could be deduced from constant in headers, but gccxml is buggy and +# doesn't allow to correctly interpret integer constants. + +read_requests = RequestVector( + 'chdir' , + 'close' , + 'get_permissions_data' , + 'get_status_data' , + 'read' , + 'read_open' , + 'search' , + 'terminate' , + 'authenticate' ) + +write_requests = RequestVector( + 'alter' , + 'append_open' , + 'change_group' , + 'change_owner' , + 'change_dac_eff_group' , + 'change_dac_fs_group' , + 'change_dac_eff_owner' , + 'change_dac_fs_owner' , + 'clone' , + 'create' , + 'delete' , + 'link_hard' , + 'modify_access_data' , + 'modify_permissions_data' , + 'rename' , + 'send_signal' , + 'trace' , + 'truncate' , + 'write' , + 'write_open' , + 'ioctl' , + 'lock' ) + +read_write_requests = RequestVector( + read_requests , + 'alter' , + 'append_open' , + 'change_group' , + 'change_owner' , + 'change_dac_eff_group' , + 'change_dac_fs_group' , + 'change_dac_eff_owner' , + 'change_dac_fs_owner' , + 'clone' , + 'create' , + 'delete' , + 'link_hard' , + 'modify_access_data' , + 'modify_permissions_data' , + 'modify_system_data' , + 'read_write_open' , + 'rename' , + 'send_signal' , + 'trace' , + 'truncate' , + 'write' , + 'write_open' , + 'bind' , + 'listen' , + 'accept' , + 'connect' , + 'send' , + 'receive' , + 'net_shutdown' , + 'ioctl' , + 'lock' ) + +read_write_open_requests = RequestVector( + 'read_write_open' ) + +execute_requests = RequestVector( + 'execute' , + 'map_exec' ) + +system_requests = RequestVector( + 'add_to_kernel' , + 'modify_system_data' , + 'mount' , + 'read_attribute' , + 'remove_from_kernel' , + 'shutdown' , + 'umount' ) + +security_requests = RequestVector( + 'modify_attribute' , + 'read_attribute' , + 'switch_log' , + 'switch_module' ) + +fd_requests = RequestVector( + 'add_to_kernel' , + 'append_open' , + 'change_owner' , + 'chdir' , + 'close' , + 'create' , + 'delete' , + 'execute' , + 'get_permissions_data' , + 'get_status_data' , + 'link_hard' , + 'modify_access_data' , + 'modify_attribute' , + 'modify_permissions_data' , + 'mount' , + 'read' , + 'read_attribute' , + 'read_open' , + 'read_write_open' , + 'remove_from_kernel' , + 'rename' , + 'search' , + 'truncate' , + 'umount' , + 'write' , + 'write_open' , + 'map_exec' , + 'listen' , + 'accept' , + 'connect' , + 'send' , + 'receive' , + 'net_shutdown' , + 'ioctl' , + 'lock' ) + +dev_requests = RequestVector( + 'add_to_kernel' , + 'append_open' , + 'close' , + 'get_permissions_data' , + 'get_status_data' , + 'modify_attribute' , + 'modify_permissions_data' , + 'modify_system_data' , + 'mount' , + 'read' , + 'read_attribute' , + 'read_open' , + 'read_write_open' , + 'remove_from_kernel' , + 'umount' , + 'write' , + 'write_open' , + 'send' , + 'ioctl' ) + +ipc_requests = RequestVector( + 'alter' , + 'change_group' , + 'change_owner' , + 'close' , + 'create' , + 'delete' , + 'get_permissions_data' , + 'get_status_data' , + 'modify_attribute' , + 'modify_permissions_data' , + 'modify_system_data' , + 'read' , + 'read_attribute' , + 'read_open' , + 'read_write_open' , + 'write' , + 'net_shutdown' , + 'listen' , + 'accept' , + 'connect' , + 'send' , + 'receive' , + 'ioctl' ) + +scd_requests = RequestVector( + 'get_permissions_data' , + 'get_status_data' , + 'modify_attribute' , + 'modify_permissions_data' , + 'modify_system_data' , + 'read_attribute' , + 'write' ) + +user_requests = RequestVector( + 'change_group' , + 'change_owner' , + 'create' , + 'delete' , + 'get_permissions_data' , + 'get_status_data' , + 'modify_attribute' , + 'modify_permissions_data' , + 'read' , + 'read_attribute' , + 'rename' , + 'search' , + 'write' , + 'authenticate' ) + +group_requests = RequestVector( + 'create' , + 'delete' , + 'get_permissions_data' , + 'get_status_data' , + 'modify_permissions_data' , + 'read' , + 'rename' , + 'search' , + 'write' ) + +process_requests = RequestVector( + 'change_group' , + 'change_owner' , + 'change_dac_eff_group' , + 'change_dac_fs_group' , + 'change_dac_eff_owner' , + 'change_dac_fs_owner' , + 'clone' , + 'create' , + 'get_status_data' , + 'modify_attribute' , + 'modify_system_data' , + 'read_attribute' , + 'send_signal' , + 'terminate' , + 'trace' ) + +netdev_requests = RequestVector( + 'get_status_data' , + 'modify_attribute' , + 'modify_system_data' , + 'read_attribute' , + 'bind' ) + +nettemp_requests = RequestVector( + 'create' , + 'delete' , + 'modify_attribute' , + 'read' , + 'read_attribute' , + 'write' ) + +netobj_requests = RequestVector( + 'close' , + 'create' , + 'get_permissions_data' , + 'get_status_data' , + 'modify_attribute' , + 'modify_permissions_data' , + 'modify_system_data' , + 'read' , + 'read_attribute' , + 'net_shutdown' , + 'write' , + 'bind' , + 'listen' , + 'accept' , + 'connect' , + 'send' , + 'receive' , + 'ioctl' ) + +none_requests = RequestVector( + 'add_to_kernel' , + 'modify_attribute' , + 'get_status_data' , + 'modify_permissions_data' , + 'read_attribute' , + 'remove_from_kernel' , + 'shutdown' , + 'switch_log' , + 'switch_module' , + 'map_exec' ) + +all_requests = RequestVector( + 'add_to_kernel' , + 'alter' , + 'append_open' , + 'change_group' , + 'change_owner' , + 'change_dac_eff_group' , + 'change_dac_fs_group' , + 'change_dac_eff_owner' , + 'change_dac_fs_owner' , + 'chdir' , + 'clone' , + 'close' , + 'create' , + 'delete' , + 'execute' , + 'get_permissions_data' , + 'get_status_data' , + 'link_hard' , + 'modify_access_data' , + 'modify_attribute' , + 'modify_permissions_data' , + 'modify_system_data' , + 'mount' , + 'read' , + 'read_attribute' , + 'read_open' , + 'read_write_open' , + 'remove_from_kernel' , + 'rename' , + 'search' , + 'send_signal' , + 'shutdown' , + 'switch_log' , + 'switch_module' , + 'terminate' , + 'trace' , + 'truncate' , + 'umount' , + 'write' , + 'write_open' , + 'map_exec' , + 'bind' , + 'listen' , + 'accept' , + 'connect' , + 'send' , + 'receive' , + 'net_shutdown' , + 'ioctl' , + 'lock' ) + +nwr_requests = RequestVector( + 'close' , + 'execute' , + 'read_open' ) + +nww_requests = RequestVector( + 'alter' , + 'append_open' , + 'change_group' , + 'change_owner' , + 'change_dac_eff_group' , + 'change_dac_fs_group' , + 'change_dac_eff_owner' , + 'change_dac_fs_owner' , + 'close' , + 'truncate' , + 'write' , + 'write_open' ) + +nwc_requests = RequestVector( + 'close' , + 'create' ) + +nwe_requests = RequestVector( + 'delete' ) + +nwf_requests = RequestVector( + 'chdir' , + 'close' , + 'get_permissions_data' , + 'get_status_data' , + 'read' , + 'search' ) + +nwm_requests = RequestVector( + 'change_group' , + 'change_owner' , + 'change_dac_eff_group' , + 'change_dac_fs_group' , + 'change_dac_eff_owner' , + 'change_dac_fs_owner' , + 'link_hard' , + 'modify_access_data' , + 'modify_permissions_data' , + 'rename' ) + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/errors.py b/rsbac/errors.py new file mode 100644 index 0000000..9f55d15 --- /dev/null +++ b/rsbac/errors.py @@ -0,0 +1,85 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ 'Error' , 'raiseError' , 'raiseLastError' , 'raiseIfError' ] + +import os + +from rsbac.platform import getErrno + +class Error( RuntimeError ) : pass + +# FIXME: Build this list using get_error_name? +g_errors = { + 1001 : 'RSBAC_EPERM' + , 1002 : 'RSBAC_EACCESS' + , 1003 : 'RSBAC_EREADFAILED' + , 1004 : 'RSBAC_EWRITEFAILED' + , 1005 : 'RSBAC_EINVALIDPOINTER' + , 1006 : 'RSBAC_ENOROOTDIR' + , 1007 : 'RSBAC_EPATHTOOLONG' + , 1008 : 'RSBAC_ENOROOTDEV' + , 1009 : 'RSBAC_ENOTFOUND' + , 1010 : 'RSBAC_ENOTINITIALIZED' + , 1011 : 'RSBAC_EREINIT' + , 1012 : 'RSBAC_ECOULDNOTADDDEVICE' + , 1013 : 'RSBAC_ECOULDNOTADDITEM' + , 1014 : 'RSBAC_ECOULDNOTCREATEPATH' + , 1015 : 'RSBAC_EINVALIDATTR' + , 1016 : 'RSBAC_EINVALIDDEV' + , 1017 : 'RSBAC_EINVALIDTARGET' + , 1018 : 'RSBAC_EINVALIDVALUE' + , 1019 : 'RSBAC_EEXISTS' + , 1020 : 'RSBAC_EINTERNONLY' + , 1021 : 'RSBAC_EINVALIDREQUEST' + , 1022 : 'RSBAC_ENOTWRITABLE' + , 1023 : 'RSBAC_EMALWAREDETECTED' + , 1024 : 'RSBAC_ENOMEM' + , 1025 : 'RSBAC_EDECISIONMISMATCH' + , 1026 : 'RSBAC_EINVALIDVERSION' + , 1027 : 'RSBAC_EINVALIDMODULE' + , 1028 : 'RSBAC_EEXPIRED' + , 1029 : 'RSBAC_EMUSTCHANGE' + , 1030 : 'RSBAC_EBUSY' + , 1031 : 'RSBAC_EINVALIDTRANSACTION' + , 1032 : 'RSBAC_EWEAKPASSWORD' +} + +def raiseError( n ) : + msg = g_errors.get( n ) + if msg is None : + msg = os.strerror( n ) + raise Error( n , msg ) + +def raiseLastError( error = -1 ) : + if error == -1 : + error = getErrno() + else : + error = -error + raiseError( error ) + +def raiseIfError( n ) : + if n < 0 : + raiseLastError( n ) + return n + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/headers.py b/rsbac/headers.py new file mode 100644 index 0000000..bd800a6 --- /dev/null +++ b/rsbac/headers.py @@ -0,0 +1,25 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +from rsbac_1_3_0_rc1 import * + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/jail.py b/rsbac/jail.py new file mode 100644 index 0000000..a2995a7 --- /dev/null +++ b/rsbac/jail.py @@ -0,0 +1,52 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ 'jail' ] + +import os + +from rsbac import headers, lib, objects +from rsbac import JailFlags +from rsbac.errors import raiseIfError + +# FIXME: default() planned for more elaborate default setting when +# going in jail. +def default( value , default , op = None ) : + if value is None : + return default + elif op is None : + return value + else : + return op( value ) + +def jail( path = None , ip = None , flags = None , + max_caps = None , scd_get = None , scd_modify = None ) : + raiseIfError( lib.rsbac_jail( headers.RSBAC_JAIL_VERSION , + path , + default( ip , 0 , int ) , + default( flags , 0 , int ) , + default( max_caps , 0 , int ) , + default( scd_get , 0 , int ) , + default( scd_modify , 0 , int ) ) ) + return objects.Process( os.getpid() ).jail_id + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/lib.py b/rsbac/lib.py new file mode 100644 index 0000000..4de9489 --- /dev/null +++ b/rsbac/lib.py @@ -0,0 +1,832 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# declareFast allows to skip declarations of arguments or result +# types. However, the program expect no error checking defined here. +g_withArgTypes = False +g_withResType = False +g_withErrorChecking = False + +# For debugging purpose. Note that ctypes doesn't check if extra +# arguments are passed when calling a function. Thus, we need +# argumentChecker wrapper around C functions to ensure we don't pass +# more arguments than expected. +g_checkArgumentCount = True + +# For debugging purpose. When a function is called, print its name and +# all its arguments. Be careful, because it can coredump when printing +# non initialized strings. +g_debug = False + +import sys + +from ctypes import * +from rsbac.headers import * + +g_rsbac = CDLL( 'librsbac.so' ) +# slower, but perhaps more correct: +#from ctypes.util import find_library +#g_rsbac = CDLL( find_library( 'rsbac' ) ) + +def debugVar( var ) : + if isinstance( var , ( Structure , Union ) ) : + return '%s(%s)' \ + % ( var.__class__.__name__ , + ', '.join( [ '%s=%s' % ( name , debugVar( getattr( var , name ) ) ) + for name,desc in var._fields_ ] ) ) + elif "'CArgObject'" in str( type( var ) ) : # ICK! FIXME + return '&' + debugVar( var._obj ) + else : + return repr( var ) + +def debugCall( f ) : + def fun( *args ) : + print '[**] %s(%s) =>' % ( f.__name__ , ', '.join( map( debugVar , args ) ) ) , + sys.stdout.flush() + r = f( *args ) + print debugVar( r ) + return r + fun.__name__ = '[dbg]' + f.__name__ + return fun + +def argumentChecker( f , count ) : + """Wrapper to check argument count. + + This wrapper checks that the function 'f' is called with exactly + 'count' arguments. + + f -- function (or any callable) + count -- argument count as integer + + Returns the wrapped function. + + """ + def fun( *args ) : + if len( args ) != count : + raise TypeError , \ + '%s() takes exactly %d argument%s (%d given)' \ + % ( f.__name__ , count , ( '' , 's' )[ count != 1 ] , len( args ) ) + return f( *args ) + fun.__name__ = '[wrapped]' + f.__name__ + fun.__doc__ = f.__doc__ + return fun + +def declareFast( name , res , args = None , errcheck = None ) : + if args is None : + args = [] + fun = getattr( g_rsbac , name ) + if g_withResType : + setattr( fun , 'restype' , res ) + if g_withArgTypes : + setattr( fun , 'argtypes' , args ) + if g_withErrorChecking and errcheck is not None : + setattr( fun , 'errcheck' , errcheck ) + if g_debug : + fun = debugCall( fun ) + if g_checkArgumentCount and g_withArgTypes : + fun = argumentChecker( fun , len( args ) ) + thisModule = sys.modules[ __name__ ] + setattr( thisModule , name , fun ) + +def declare( name , res , args = None , errcheck = None ) : + if args is None : + args = [] + try : + fun = getattr( g_rsbac , name ) + except AttributeError : + # If the function doesn't exist, just store None. It's up to + # the user to check for None if he want to know if the + # function exist or not before calling it. + fun = None + else : + fun.restype = res + fun.argtypes = args + if errcheck is not None : + fun.errcheck = errcheck + if g_debug : + fun = debugCall( fun ) + if g_checkArgumentCount and fun is not None : + fun = argumentChecker( fun , len( args ) ) + thisModule = sys.modules[ __name__ ] + setattr( thisModule , name , fun ) + +# getname.c + +declare( 'get_request_name' , + c_char_p , + [ c_char_p , + rsbac_adf_request_t ] ) + +declare( 'get_request_nr' , + rsbac_adf_request_t , + [ c_char_p ] ) + +declare( 'get_result_name' , + c_char_p , + [ c_char_p , + rsbac_adf_req_ret_t ] ) + +declare( 'get_result_nr' , + rsbac_adf_req_ret_t , + [ c_char_p ] ) + +declare( 'get_attr_module' , + rsbac_switch_target_t , + [ rsbac_attribute_t ] ) + +declare( 'get_attribute_name' , + c_char_p , + [ c_char_p , + rsbac_attribute_t ] ) + +declare( 'get_attribute_nr' , + rsbac_attribute_t , + [ c_char_p ] ) + +declare( 'get_attribute_value_name' , + c_char_p , + [ c_char_p , + rsbac_attribute_t , + POINTER( rsbac_attribute_value_t ) ] ) + +declare( 'get_scd_type_name' , + c_char_p , + [ c_char_p , + rsbac_scd_type_t ] ) + +declare( 'get_scd_type_nr' , + rsbac_scd_type_t , + [ c_char_p ] ) + +declare( 'get_target_name' , + c_char_p , + [ c_char_p , + rsbac_target_t , + c_char_p , + rsbac_target_id_t ] ) + +declare( 'get_target_name_only' , + c_char_p , + [ c_char_p , + rsbac_target_t ] ) + +declare( 'get_target_nr' , + rsbac_target_t , + [ c_char_p ] ) + +declare( 'get_ipc_target_name' , + c_char_p , + [ c_char_p , + rsbac_ipc_type_t ] ) + +declare( 'get_ipc_target_nr' , + rsbac_ipc_type_t , + [ c_char_p ] ) + +declare( 'get_switch_target_name' , + c_char_p , + [ c_char_p , + rsbac_switch_target_t ] ) + +declare( 'get_switch_target_nr' , + rsbac_switch_target_t , + [ c_char_p ] ) + +declare( 'get_error_name' , + c_char_p , + [ c_char_p , c_int ] ) + +declare( 'get_attribute_param' , + c_char_p , + [ c_char_p , + rsbac_attribute_t ] ) + +declare( 'get_log_level_name' , + c_char_p , + [ c_char_p , + rsbac_log_level_t ] ) + +declare( 'get_log_level_nr' , + rsbac_log_level_t , + [ c_char_p ] ) + +declare( 'get_cap_name' , + c_char_p , + [ c_char_p , c_uint ] ) + +declare( 'get_cap_nr' , + c_int , + [ c_char_p ] ) + +# rc_getname.c + +declare( 'get_rc_target_name' , + c_char_p , + [ c_char_p , + rsbac_rc_target_t ] ) + +declare( 'get_rc_target_nr' , + rsbac_rc_target_t , + [ c_char_p ] ) + +declare( 'get_rc_admin_name' , + c_char_p , + [ c_char_p , + rsbac_rc_admin_type_t ] ) + +declare( 'get_rc_admin_nr' , + rsbac_rc_admin_type_t , + [ c_char_p ] ) + +declare( 'get_rc_scd_type_name' , + c_char_p , + [ c_char_p , + rsbac_rc_scd_type_t ] ) + +declare( 'get_rc_scd_type_nr' , + rsbac_rc_scd_type_t , + [ c_char_p ] ) + +declare( 'get_rc_item_name' , + c_char_p , + [ c_char_p , + rsbac_rc_item_t ] ) + +declare( 'get_rc_item_nr' , + rsbac_rc_item_t , + [ c_char_p ] ) + +declare( 'get_rc_item_param' , + c_char_p , + [ c_char_p , + rsbac_rc_item_t ] ) + +declare( 'get_rc_special_right_name' , + c_char_p , + [ c_char_p , + rsbac_rc_special_rights_t ] ) + +declare( 'get_rc_special_right_nr' , + rsbac_rc_special_rights_t , + [ c_char_p ] ) + +# res_getname.c + +declare( 'get_res_name' , + c_char_p , + [ c_char_p , c_uint ] ) + +declare( 'get_res_nr' , + c_int , + [ c_char_p ] ) + +# syscall_wrapper.c + +declare( 'rsbac_version' , c_int ) + +declare( 'rsbac_stats' , c_int ) + +declare( 'rsbac_check' , c_int , [ c_int , c_int ] ) + +declare( 'rsbac_write' , c_int ) + +declareFast( 'rsbac_get_attr_n' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_switch_target_t , + rsbac_target_t , + c_char_p , + rsbac_attribute_t , + POINTER( rsbac_attribute_value_t ) , + c_int ] ) + +declareFast( 'rsbac_get_attr' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_switch_target_t , + rsbac_target_t , + POINTER( rsbac_target_id_t ) , + rsbac_attribute_t , + POINTER( rsbac_attribute_value_t ) , + c_int ] ) + +declareFast( 'rsbac_set_attr_n' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_switch_target_t , + rsbac_target_t , + c_char_p , + rsbac_attribute_t , + POINTER( rsbac_attribute_value_t ) , + c_int ] ) + +declareFast( 'rsbac_set_attr' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_switch_target_t , + rsbac_target_t , + POINTER( rsbac_target_id_t ) , + rsbac_attribute_t , + POINTER( rsbac_attribute_value_t ) , + c_int ] ) + +declareFast( 'rsbac_remove_target' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_target_t , + POINTER( rsbac_target_id_t ) ] ) + +declareFast( 'rsbac_remove_target_n' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_target_t , + c_char_p ] ) + +declare( 'rsbac_net_list_all_netdev' , + c_int , + [ rsbac_list_ta_number_t , + POINTER( rsbac_netdev_id_t ) , + c_ulong ] ) + +declare( 'rsbac_net_template' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_net_temp_syscall_t , + rsbac_net_temp_id_t , + POINTER( rsbac_net_temp_syscall_data_t ) ] ) + +declare( 'rsbac_net_list_all_template' , + c_int , + [ rsbac_list_ta_number_t , + POINTER( rsbac_net_temp_id_t ) , + c_ulong ] ) + +declare( 'rsbac_switch' , + c_int , + [ rsbac_switch_target_t , c_int ] ) + +declare( 'rsbac_get_switch' , + c_int , + [ rsbac_switch_target_t , + POINTER( c_int ) , + POINTER( c_int ) ] ) + +# MAC + +# PM + +# DAZ + +declare( 'rsbac_daz_flush_cache' , c_int ) + +# RC + +declare( 'rsbac_rc_copy_role' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_rc_role_id_t , + rsbac_rc_role_id_t ] ) + +declare( 'rsbac_rc_copy_type' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_target_t , + rsbac_rc_type_id_t , + rsbac_rc_type_id_t ] ) + +declare( 'rsbac_rc_get_item' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_rc_target_t , + POINTER( rsbac_rc_target_id_t ) , + POINTER( rsbac_rc_target_id_t ) , + rsbac_rc_item_t , + POINTER( rsbac_rc_item_value_t ) , + POINTER( rsbac_time_t ) ] ) + +declare( 'rsbac_rc_set_item' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_rc_target_t , + POINTER( rsbac_rc_target_id_t ) , + POINTER( rsbac_rc_target_id_t ) , + rsbac_rc_item_t , + POINTER( rsbac_rc_item_value_t ) , + rsbac_time_t ] ) + +declare( 'rsbac_rc_get_list' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_rc_target_t , + POINTER( rsbac_rc_target_id_t ) , + rsbac_rc_item_t , + c_uint , + POINTER( c_uint32 ) , + POINTER( rsbac_time_t ) ] ) + +declare( 'rsbac_rc_change_role' , + c_int , + [ rsbac_rc_role_id_t , + c_char_p ] ) + +declare( 'rsbac_rc_get_eff_rights_n' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_target_t , + c_char_p , + POINTER( rsbac_rc_request_vector_t ) , + POINTER( rsbac_time_t ) ] ) + +declare( 'rsbac_rc_get_current_role' , + c_int , + [ POINTER( rsbac_rc_role_id_t ) ] ) + +declare( 'rsbac_rc_select_fd_create_type' , + c_int , + [ rsbac_rc_type_id_t ] ) + +# AUTH + +declare( 'rsbac_auth_add_p_cap' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_pid_t , + rsbac_auth_cap_type_t , + rsbac_auth_cap_range_t , + rsbac_time_t ] ) + +declare( 'rsbac_auth_remove_p_cap' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_pid_t , + rsbac_auth_cap_type_t , + rsbac_auth_cap_range_t ] ) + +declare( 'rsbac_auth_add_f_cap' , + c_int , + [ rsbac_list_ta_number_t , + c_char_p , + rsbac_auth_cap_type_t , + rsbac_auth_cap_range_t , + rsbac_time_t ] ) + +declare( 'rsbac_auth_remove_f_cap' , + c_int , + [ rsbac_list_ta_number_t , + c_char_p , + rsbac_auth_cap_type_t , + rsbac_auth_cap_range_t ] ) + +declare( 'rsbac_auth_get_f_caplist' , + c_int , + [ rsbac_list_ta_number_t , + c_char_p , + rsbac_auth_cap_type_t , + POINTER( rsbac_auth_cap_range_t ) , + POINTER( rsbac_time_t ) , + c_uint ] ) + +declare( 'rsbac_auth_get_p_caplist' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_pid_t , + rsbac_auth_cap_type_t , + POINTER( rsbac_auth_cap_range_t ) , + POINTER( rsbac_time_t ) , + c_uint ] ) + +# REG + +declare( 'rsbac_reg' , + c_int , + [ rsbac_reg_handle_t , c_void_p ] ) + +# ACL + +declare( 'rsbac_acl' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_acl_syscall_type_t , + POINTER( rsbac_acl_syscall_arg_t ) ] ) + +declare( 'rsbac_acl_n' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_acl_syscall_type_t , + POINTER( rsbac_acl_syscall_n_arg_t ) ] ) + +declare( 'rsbac_acl_get_rights' , + c_int , + [ rsbac_list_ta_number_t , + POINTER( rsbac_acl_syscall_arg_t ) , + POINTER( rsbac_acl_rights_vector_t ) , + c_uint ] ) + +declare( 'rsbac_acl_get_rights_n' , + c_int , + [ rsbac_list_ta_number_t , + POINTER( rsbac_acl_syscall_n_arg_t ) , + POINTER( rsbac_acl_rights_vector_t ) , + c_uint ] ) + +declare( 'rsbac_acl_get_tlist' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_target_t , + POINTER( rsbac_target_id_t ) , + POINTER( rsbac_acl_entry_t ) , + POINTER( rsbac_time_t ) , + c_int ] ) + +declare( 'rsbac_acl_get_tlist_n' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_target_t , + c_char_p , + POINTER( rsbac_acl_entry_t ) , + POINTER( rsbac_time_t ) , + c_int ] ) + +declare( 'rsbac_acl_get_mask' , + c_int , + [ rsbac_ta_number_t , + rsbac_target_t , + POINTER( rsbac_target_id_t ) , + POINTER( rsbac_acl_rights_vector_t ) ] ) + +declare( 'rsbac_acl_get_mask_n' , + c_int , + [ rsbac_ta_number_t , + rsbac_target_t , + c_char_p , + POINTER( rsbac_acl_rights_vector_t ) ] ) + +declare( 'rsbac_acl_group' , + c_int , + [ rsbac_ta_number_t , + rsbac_acl_group_syscall_type_t , + POINTER( rsbac_acl_group_syscall_arg_t ) ] ) + +# JAIL + +declare( 'rsbac_jail' , + c_int , + [ rsbac_version_t , + c_char_p , + rsbac_jail_ip_t , + rsbac_jail_flags_t , + rsbac_cap_vector_t , + rsbac_jail_scd_vector_t , + rsbac_jail_scd_vector_t ] ) + +# UM + +declare( 'rsbac_um_auth_name' , + c_int , + [ c_char_p , c_char_p ] ) + +declare( 'rsbac_um_auth_uid' , + c_int , + [ rsbac_uid_t , c_char_p ] ) + +declare( 'rsbac_um_add_user' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_uid_t , + POINTER( rsbac_um_user_entry_t ) , + c_char_p , + rsbac_time_t ] ) + +declare( 'rsbac_um_add_group' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_gid_t , + POINTER( rsbac_um_group_entry_t ) , + c_char_p , + rsbac_time_t ] ) + +declare( 'rsbac_um_add_gm' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_uid_t , + rsbac_gid_t , + rsbac_time_t ] ) + +declare( 'rsbac_um_mod_user' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_uid_t , + rsbac_um_mod_t , + POINTER( rsbac_um_mod_data_t ) ] ) + +declare( 'rsbac_um_mod_group' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_gid_t , + rsbac_um_mod_t , + POINTER( rsbac_um_mod_data_t ) ] ) + +declare( 'rsbac_um_get_user_item' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_uid_t , + rsbac_um_mod_t , + POINTER( rsbac_um_mod_data_t ) ] ) + +declare( 'rsbac_um_get_group_item' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_gid_t , + rsbac_um_mod_t , + POINTER( rsbac_um_mod_data_t ) ] ) + +declare( 'rsbac_um_remove_user' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_uid_t ] ) + +declare( 'rsbac_um_remove_group' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_gid_t ] ) + +declare( 'rsbac_um_remove_gm' , + c_int , + [ rsbac_uid_t , rsbac_gid_t ] ) + +declare( 'rsbac_um_user_exists' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_uid_t ] ) + +declare( 'rsbac_um_group_exists' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_gid_t ] ) + +declare( 'rsbac_um_get_next_user' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_uid_t , + POINTER( rsbac_uid_t ) ] ) + +declare( 'rsbac_um_get_user_list' , + c_int , + [ rsbac_list_ta_number_t , + POINTER( rsbac_uid_t ) , + c_uint ] ) + +declare( 'rsbac_um_get_gm_list' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_uid_t , + POINTER( rsbac_gid_t ) , + c_uint ] ) + +declare( 'rsbac_um_get_gm_user_list' , + c_int , + [ rsbac_list_ta_number_t , + rsbac_gid_t , + POINTER( rsbac_uid_t ) , + c_uint ] ) + +declare( 'rsbac_um_get_group_list' , + c_int , + [ rsbac_list_ta_number_t , + POINTER( rsbac_gid_t ) , + c_uint ] ) + +declare( 'rsbac_um_get_uid' , + c_int , + [ rsbac_list_ta_number_t , + c_char_p , + POINTER( rsbac_uid_t ) ] ) + +declare( 'rsbac_um_get_gid' , + c_int , + [ rsbac_list_ta_number_t , + c_char_p , + POINTER( rsbac_gid_t ) ] ) + +declare( 'rsbac_um_set_pass' , + c_int , + [ rsbac_uid_t , + c_char_p , + c_char_p ] ) + +declare( 'rsbac_um_set_pass_name' , + c_int , + [ c_char_p , + c_char_p , + c_char_p ] ) + +declare( 'rsbac_um_set_group_pass' , + c_int , + [ rsbac_gid_t , + c_char_p ] ) + +declare( 'rsbac_um_check_account' , + c_int , + [ rsbac_uid_t ] ) + +declare( 'rsbac_um_check_account_name' , + c_int , + [ c_char_p ] ) + +# Transaction + +declare( 'rsbac_list_ta_begin' , + c_int , + [ rsbac_time_t , + POINTER( rsbac_list_ta_number_t ) , + rsbac_uid_t , + c_char_p ] ) + +declare( 'rsbac_list_ta_refresh' , + c_int , + [ rsbac_time_t , + rsbac_list_ta_number_t , + c_char_p ] ) + +declare( 'rsbac_list_ta_commit' , + c_int , + [ rsbac_list_ta_number_t , + c_char_p ] ) + +declare( 'rsbac_list_ta_forget' , + c_int , + [ rsbac_list_ta_number_t , + c_char_p ] ) + +# Misc + +declare( 'rsbac_list_all_dev' , + c_int , + [ rsbac_list_ta_number_t , + POINTER( rsbac_dev_desc_t ) , + c_ulong ] ) + +# rsbac_acl_list_all_dev + +declare( 'rsbac_list_all_user' , + c_int , + [ rsbac_list_ta_number_t , + POINTER( rsbac_uid_t ) , + c_ulong ] ) + +# rsbac_acl_list_all_user + +declare( 'rsbac_list_all_group' , + c_int , + [ rsbac_list_ta_number_t , + POINTER( rsbac_gid_t ) , + c_ulong ] ) + +# rsbac_acl_list_all_group + +# rsbac_list_all_ipc + +# DEBUG/LOG + +declare( 'rsbac_adf_log_switch' , + c_int , + [ rsbac_adf_request_t , + rsbac_target_t , + c_uint ] ) + +declare( 'rsbac_get_adf_log' , + c_int , + [ rsbac_adf_request_t , + rsbac_target_t , + POINTER( c_uint ) ] ) + +declare( 'rsbac_log' , + c_int , + [ c_int , + c_char_p , + c_int ] ) + +declare( 'rsbac_init' , + c_int , + [ c_char_p ] ) + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/module.py b/rsbac/module.py new file mode 100644 index 0000000..c2bc6e3 --- /dev/null +++ b/rsbac/module.py @@ -0,0 +1,162 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ 'Module' , 'all' ] # plus instances exported by _createModuleObjects + +from ctypes import c_int, byref + +_g_modules = {} + +from rsbac import lib +from rsbac.errors import Error, raiseIfError + +def switch( module , value ) : + return raiseIfError( lib.rsbac_switch( module , value ) ) + +def isAvailable( module ) : + return lib.rsbac_get_switch( module , None , None ) >= 0 + +def _checkGetSwitch() : + # rsbac_get_switch is only available with a patched RSBAC + if lib.rsbac_get_switch is None : + raise RuntimeError , 'rsbac_get_switch function not available. You need a patch for RSBAC.' + +def getSwitch( module ) : + _checkGetSwitch() + state = c_int() + control = c_int() + raiseIfError( lib.rsbac_get_switch( module , byref( state ) , byref( control ) ) ) + return state.value , control.value + +class Module( object ) : + def __new__( cls , id , *args , **kwargs ) : + instance = _g_modules.get( id ) + if instance is None : + instance = object.__new__( cls ) + instance.__init_singleton__( id , *args , **kwargs ) + _g_modules[ id ] = instance + return instance + def __init_singleton__( self , moduleId , name = None ) : + super( Module , self ).__init__() + self._id = moduleId + self._name = name + self._available = None + def __int__( self ) : + return int( self._id ) + def __long__( self ) : + return long( self._id ) + def __repr__( self ) : + if lib.rsbac_get_switch is None : + return '' % ( self._name , ) + else : + try : + info = [] + if self.getEnabled() : + info.append( 'Enabled' ) + else : + info.append( 'Disabled' ) + if self.getSoftmode() : + info.append( 'Softmode' ) + info = ' [' + ','.join( info ) + ']' + except Error : + info = ' [NOT AVAILABLE]' + return '' % ( self._name , info ) + # + # id + # + def getId( self ) : + return self._id + id = property( getId ) + # + # name + # + def getName( self ) : + return self._name + name = property( getName ) + # + # available + # + def getAvailable( self ) : + return isAvailable( self._id ) + available = property( getAvailable ) + # + # enabled + # + def getEnabled( self ) : + state = getSwitch( self._id )[ 0 ] + return bool( state & 1 ) + def setEnabled( self , value ) : + if value : + switch( self._id , 1 ) + else : + switch( self._id , 0 ) + enabled = property( getEnabled , setEnabled ) + # + # switchable properties + # + def getSwitchableOn( self ) : + return bool( getSwitch( self._id )[ 1 ]&1 ) + switchableOn = property( getSwitchableOn ) + def getSwitchableOff( self ) : + return bool( getSwitch( self._id )[ 1 ]&2 ) + switchableOff = property( getSwitchableOff ) + def getSoftmodeSwitchableOn( self ) : + return bool( getSwitch( self._id )[ 1 ]&4 ) + softmodeSwitchableOn = property( getSoftmodeSwitchableOn ) + def getSoftmodeSwitchableOff( self ) : + return bool( getSwitch( self._id )[ 1 ]&8 ) + softmodeSwitchableOff = property( getSoftmodeSwitchableOff ) + # + # softmode + # + def getSoftmode( self ) : + state = getSwitch( self._id )[ 0 ] + return bool( state & 2 ) + def setSoftmode( self , value ) : + if value : + switch( self._id , 3 ) + else : + switch( self._id , 2 ) + softmode = property( getSoftmode , setSoftmode ) + +def _createModuleObjects() : + import headers, sys + prefix = 'SW_' + m = sys.modules[ __name__ ] + all = [] + for k , v in headers.__dict__.items() : + if k.startswith( prefix ) : + name = k[ len( prefix ) : ] + if name not in ( 'NONE' , ) : + module = Module( v , name ) + setattr( m , name , module ) + all.append( module ) + __all__.append( name ) + setattr( m , 'all' , all ) + +_createModuleObjects() + +del _createModuleObjects + +DAZ.flushCache = lambda : raiseIfError( lib.rsbac_daz_flush_cache() ) + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/objects.py b/rsbac/objects.py new file mode 100644 index 0000000..382c0b1 --- /dev/null +++ b/rsbac/objects.py @@ -0,0 +1,1030 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ + 'Object' , + 'FD' , 'File' , 'Fifo' , 'Symlink' , 'Directory' , 'Device' , + 'User' , 'Group' , 'Process' , + 'Ipc' , 'IpcSem' , 'IpcMsg' , 'IpcShm' , + 'IpcAnonPipe' , 'IpcMqueue' , 'IpcAnonUnix' , + 'NetworkDevice' , 'NetworkTemplate' + ] + +import sys +import new +import pwd, grp +import socket +import re +import operator +from ctypes import byref + +from rsbac import headers, lib, transaction +from rsbac._data import RequestVector, AclRequestVector, JailScdVector +from rsbac._data import FileFlags, PaxFlags, CapsFlags, JailFlags +from rsbac.errors import Error, raiseIfError +from rsbac._utils import aptr, slowButCorrectStringAssignation +from rsbac._utils import stringToByteArray, byteArrayToString, fetch +from rsbac._utils import ipToInt, intToIp, ttlToInt, intToTtl +from rsbac._utils import processName, digits + +# Singleton. Obviously bad for MT. But good for performance.. +g_attributeValue = headers.rsbac_attribute_value_t() +g_attributeValueRef = byref( g_attributeValue ) + +from rsbac_auto import g_attributes + +from rsbac.rc import RcTypeDict, Role, Type + +def buildObjectClass( className , parents , target , byName ) : + if isinstance( target , tuple ) : + target , realTarget = target + else : + target , realTarget = target , target + attrs = {} + if byName : + fget = lib.rsbac_get_attr_n + fset = lib.rsbac_set_attr_n + frem = lib.rsbac_remove_target_n + amget = lib.rsbac_acl_get_mask_n + amset = lib.rsbac_acl_n + else : + fget = lib.rsbac_get_attr + fset = lib.rsbac_set_attr + frem = lib.rsbac_remove_target + amget = lib.rsbac_acl_get_mask + amset = lib.rsbac_acl + def remover( id ) : + raiseIfError( frem( transaction._t , target , id ) ) + def mremove( self ) : + return remover( self._id ) + attrs[ 'remover' ] = staticmethod( remover ) + attrs[ 'remove' ] = mremove + def addAclMaskAttribute() : + rights = headers.rsbac_acl_rights_vector_t() + rightsRef = byref( rights ) + sm = headers.ACLC_set_mask + def getter( id ) : + raiseIfError( amget( transaction._t , target , id , rightsRef ) ) + return rights.value + if byName : + arg = headers.rsbac_acl_syscall_n_arg_t() + else : + arg = headers.rsbac_acl_syscall_arg_t() + arg.type = target + argRef = byref( arg ) + if byName : + def setter( id , mask ) : + arg.name = id + arg.rights = mask + raiseIfError( amset( transaction._t , sm , argRef ) ) + else : + def setter( id , mask ) : + arg.tid = id + arg.rights = mask + raiseIfError( amset( transaction._t , sm , argRef ) ) + def mget( self ) : + return AclRequestVector( getter( self._id ) ) + def mset( self , value ) : + return setter( self._id , int( value ) ) + attrs[ 'getter_acl_mask' ] = staticmethod( getter ) + attrs[ 'setter_acl_mask' ] = staticmethod( setter ) + attrs[ 'get_acl_mask' ] = mget + attrs[ 'set_acl_mask' ] = mset + attrs[ 'acl_mask' ] = property( mget , mset ) + def addLogArrayAttribute() : + module = headers.SW_GEN + attr1 = headers.A_log_array_low + attr2 = headers.A_log_array_high + def getter( id ) : + raiseIfError( fget( transaction._t , module , target , id , attr1 , g_attributeValueRef , 0 ) ) + v1 = g_attributeValue.log_array_low + raiseIfError( fget( transaction._t , module , target , id , attr2 , g_attributeValueRef , 0 ) ) + v2 = g_attributeValue.log_array_high + return tuple( [ int( item[ 0 ] + 2 * item[ 1 ] ) + for item in zip( digits( v1 , 2 , 64 ) , + digits( v2 , 2 , 64 ) ) ] ) + def getterEffective( id ) : + raiseIfError( fget( transaction._t , module , target , + id , attr1 , g_attributeValueRef , 1 ) ) + v1 = g_attributeValue.log_array_low + raiseIfError( fget( transaction._t , module , target , + id , attr2 , g_attributeValueRef , 1 ) ) + v2 = g_attributeValue.log_array_high + return tuple( [ int( item[ 0 ] + 2 * item[ 1 ] ) + for item in zip( digits( v1 , 2 , 64 ) , + digits( v2 , 2 , 64 ) ) ] ) + def setter( id , value ) : + if not isinstance( value , ( tuple , list ) ) or len( value ) != 64 : + raise RuntimeError , 'expected a sequence of 64 elements' + v1 , v2 = 0 , 0 + mask = 1 << 63 + for item in value : + if item & 1 : + v1 |= mask + if item & 2 : + v2 |= mask + mask >>= 1 + g_attributeValue.log_array_low = v1 + raiseIfError( fset( transaction._t , module , target , + id , attr1 , g_attributeValueRef , 0 ) ) + g_attributeValue.log_array_high = v2 + raiseIfError( fset( transaction._t , module , target , + id , attr2 , g_attributeValueRef , 0 ) ) + def mget( self ) : + return getter( self._id ) + def mgetEffective( self ) : + return getterEffective( self._id ) + def mset( self , value ) : + setter( self._id , value ) + attrs[ 'getter_log_array' ] = staticmethod( getter ) + attrs[ 'getter_eff_log_array' ] = staticmethod( getterEffective ) + attrs[ 'setter_log_array' ] = staticmethod( setter ) + attrs[ 'get_log_array' ] = mget + attrs[ 'get_eff_log_array' ] = mgetEffective + attrs[ 'set_log_array' ] = mset + attrs[ 'log_array' ] = property( mget , mset ) + attrs[ 'eff_log_array' ] = property( mgetEffective ) + def addAttribute( module , vid , name , field , + pre = None , post = None , + mpre = None , mpost = None ) : + # + # getter for real value + # + if post is None : + def getter( id ) : + raiseIfError( fget( transaction._t , module , target , + id , vid , g_attributeValueRef , 0 ) ) + return getattr( g_attributeValue , field ) + else : + def getter( id ) : + raiseIfError( fget( transaction._t , module , target , + id , vid , g_attributeValueRef , 0 ) ) + return post( getattr( g_attributeValue , field ) ) + # + # getter for effective value + # + if post is None : + def getterEffective( id ) : + raiseIfError( fget( transaction._t , module , target , + id , vid , g_attributeValueRef , 1 ) ) + return getattr( g_attributeValue , field ) + else : + def getterEffective( id ) : + raiseIfError( fget( transaction._t , module , target , + id , vid , g_attributeValueRef , 1 ) ) + return post( getattr( g_attributeValue , field ) ) + # + # setter + # + if pre is None : + def setter( id , value ) : + setattr( g_attributeValue , field , value ) + raiseIfError( fset( transaction._t , module , target , + id , vid , g_attributeValueRef ) ) + else : + def setter( id , value ) : + setattr( g_attributeValue , field , pre( value ) ) + raiseIfError( fset( transaction._t , module , target , + id , vid , g_attributeValueRef ) ) + # + # member functions + # + if mpost is None : + def mget( self ) : + return getter( self._id ) + def mgetEffective( self ) : + return getterEffective( self._id ) + else : + if isinstance( mpost , tuple ) : + mpost , withSelf = mpost + else : + withSelf = False + if not withSelf : + def mget( self ) : + return mpost( getter( self._id ) ) + def mgetEffective( self ) : + return mpost( getterEffective( self._id ) ) + else : + def mget( self ) : + return mpost( getter( self._id ) , self ) + def mgetEffective( self ) : + return mpost( getterEffective( self._id ) , self ) + if mpre is None : + def mset( self , value ) : + return setter( self._id , value ) + else : + if isinstance( mpre , tuple ) : + mpre , withSelf = mpost + else : + withSelf = False + if not withSelf : + def mset( self , value ) : + return setter( self._id , mpre( value ) ) + else : + def mset( self , value ) : + return setter( self._id , mpre( value , self ) ) + # + attrs[ 'getter_' + name ] = staticmethod( getter ) + attrs[ 'setter_' + name ] = staticmethod( setter ) + attrs[ 'getter_eff_' + name ] = staticmethod( getterEffective ) + # + attrs[ 'get_' + name ] = mget + attrs[ 'set_' + name ] = mset + attrs[ name ] = property( mget , mset ) + # + attrs[ 'get_eff_' + name ] = mgetEffective + attrs[ 'eff_' + name ] = property( mgetEffective ) + attributes = [] + def raUnpack( value ) : + return tuple( map( int , value ) ) + def raPack( value ) : + t = headers.rsbac_res_array_t() + t[ : ] = value + return t + fields = set() + for attribute , module , field , ctype , targets in g_attributes : + module = getattr( headers , 'SW_' + module ) + attributeId = getattr( headers , 'A_' + attribute ) + targets = [ getattr( headers , 'T_' + n ) for n in targets ] + if ( target in targets or realTarget in targets ) \ + and attribute not in [ 'log_array_low' , 'log_array_high' ] : + attributes.append( attribute ) + if ctype == 'rsbac_jail_ip_t' or field == 'remote_ip' : + mpre , mpost = ipToInt , intToIp + elif ctype == 'rsbac_jail_scd_vector_t' : + mpre , mpost = int , JailScdVector + elif ctype == 'rsbac_jail_id_t' : + mpre , mpost = int , int + elif ctype == 'rsbac_jail_flags_t' : + mpre , mpost = int , JailFlags + elif ctype == 'rsbac_boolean_t' : + mpre , mpost = int , bool + elif ctype == 'rsbac_rc_role_id_t' : + mpre , mpost = int , Role + elif ctype == 'rsbac_rc_type_id_t' : + mpre , mpost = int , lambda n : Type( realTarget , n ) + elif ctype == 'rsbac_request_vector_t' : + mpre , mpost = int , RequestVector + elif ctype == 'rsbac_ff_flags_t' : + mpre , mpost = int , FileFlags + elif ctype == 'rsbac_uid_t' : + mpre , mpost = int , lambda n : User( n ) # defer, since User is not yet defined + elif ctype == 'rsbac_pax_flags_t' : + mpre , mpost = int , PaxFlags + elif ctype == 'rsbac_cap_vector_t' : + mpre , mpost = int , CapsFlags + else : + mpre , mpost = None , None + if ctype == 'rsbac_res_array_t' : + pre , post = raPack , raUnpack + else : + pre , post = None , None + addAttribute( module , attributeId , attribute , field , + pre , post , mpre , mpost ) + fields.add( field ) + if 'log_array_low' in fields and 'log_array_high' in fields : + addLogArrayAttribute() + attributes.append( 'log_array' ) + addAclMaskAttribute() + attrs[ 'type' ] = target + attrs[ 'attributes' ] = sorted( attributes ) + attrs[ '_byName' ] = byName + return type( className , parents , attrs ) + +class Object( object ) : + """Base class for all RSBAC objects. + + """ + pass + +class ObjectWithAttributes( Object ) : + """Base class for objects with RSBAC attributes. + + """ + def getAllAttributes( self ) : + r = {} + for name in self.attributes : + try : + r[ name ] = getattr( self , name ) + except Error : + pass + return r + +#--[ FD ]--------------------------------------------------------------------- + +_g_defaultFd = {} + +class FDBase( ObjectWithAttributes ) : + """Base class for FD hierarchy. + + """ + type = headers.T_FD + def __new__( cls , id ) : + if id is None : + instance = _g_defaultFd.get( cls.type ) + if instance is None : + instance = ObjectWithAttributes.__new__( cls ) + instance.__init_singleton__( id ) + _g_defaultFd[ cls.type ] = instance + else : + instance = ObjectWithAttributes.__new__( cls ) + instance.__init_singleton__( id ) + return instance + def __init_singleton__( self , id ) : + if not isinstance( id , str ) and id is not None : + raise TypeError , 'Invalid id %r' % ( id , ) + self._id = id + self.acl = acl.AclByName( self ) + def __eq__( self , other ) : + return self is other or ( isinstance( other , FDBase ) + and self.type == other.type + and self._id == other._id ) + def __str__( self ) : + return self._id + def __repr__( self ) : + if self._id is None : + return '' % self.__class__.__name__ + else : + return '<%s %r>' % ( self.__class__.__name__ , self._id ) + +FD = \ + buildObjectClass( 'FD' , ( FDBase , ) , + headers.T_FD , True ) +File = \ + buildObjectClass( 'File' , ( FDBase , ) , + ( headers.T_FILE , headers.T_FD ) , True ) +Fifo = \ + buildObjectClass( 'Fifo' , ( FDBase , ) , + ( headers.T_FIFO , headers.T_FD ) , True ) +Symlink = \ + buildObjectClass( 'Symlink' , ( FDBase , ) , + ( headers.T_SYMLINK , headers.T_FD ) , True ) +Directory = \ + buildObjectClass( 'Directory' , ( FDBase , ) , + ( headers.T_DIR , headers.T_FD ) , True ) +Device = \ + buildObjectClass( 'Device' , ( FDBase , ) , + ( headers.T_DEV , headers.T_FD ) , True ) + +#--[ Device ]----------------------------------------------------------------- + +class DeviceBase( ObjectWithAttributes ) : + type = headers.T_DEV # Needed for RcTypeDict + +class BlockDeviceBase( DeviceBase ) : + def __init__( self , major , minor = None ) : + super( BlockDeviceBase , self ).__init__() + self._dev = ( major , minor ) + id = headers.rsbac_target_id_t() + if minor is not None : + id.dev.type = headers.D_block + id.dev.major = major + id.dev.minor = minor + else : + id.dev.type = headers.D_block_major + id.dev.major = major + self._id = byref( id ) + self.acl = acl.AclById( self ) + def __eq__( self , other ) : + return self is other or ( isinstance( other , BlockDeviceBase ) + and self._dev == other._dev ) + def __repr__( self ) : + if self._dev[ 1 ] is None : + dev = self._dev[ 0 ] + else : + dev = '%d:%d' % ( self._dev ) + return '' % dev + +BlockDevice = buildObjectClass( 'BlockDevice' , + ( BlockDeviceBase , ) , + headers.T_DEV , False ) + +class CharacterDeviceBase( DeviceBase ) : + def __init__( self , major , minor = None ) : + super( CharacterDeviceBase , self ).__init__() + self._dev = ( major , minor ) + id = headers.rsbac_target_id_t() + if minor is not None : + id.dev.type = headers.D_char + id.dev.major = major + id.dev.minor = minor + else : + id.dev.type = headers.D_char_major + id.dev.major = major + self._id = byref( id ) + self.acl = acl.AclById( self ) + def __eq__( self , other ) : + return self is other or ( isinstance( other , CharacterDeviceBase ) + and self._dev == other._dev ) + def __repr__( self ) : + if self._dev[ 1 ] is None : + dev = self._dev[ 0 ] + else : + dev = '%d:%d' % ( self._dev ) + return '' % dev + +CharacterDevice = buildObjectClass( 'CharacterDevice' , + ( CharacterDeviceBase , ) , + headers.T_DEV , False ) + +#--[ User ]------------------------------------------------------------------- + +_g_user_mod = headers.rsbac_uid_t( -1 ).value + 1 +assert _g_user_mod > 0 +_g_user_max_value = headers.rsbac_uid_t( -32 ).value # FIXME: -32? +def _nuser( n ) : + n %= _g_user_mod + if n >= _g_user_max_value : + return n - _g_user_mod + else : + return n +_g_users = {} +_g_pseudoUsers = { + -3 : 'no_user' , + -4 : 'all_users' , + } + +class UserBase( ObjectWithAttributes ) : + def __new__( cls , user ) : + user = _nuser( user ) + if user < 0 : + instance = _g_users.get( user ) + if instance is None : + instance = ObjectWithAttributes.__new__( cls ) + instance.__init_singleton__( user ) + _g_users[ user ] = instance + return instance + else : + instance = ObjectWithAttributes.__new__( cls ) + instance.__init_singleton__( user ) + return instance + def __init_singleton__( self , user ) : + ObjectWithAttributes.__init__( self ) + id = lib.rsbac_target_id_t() + if isinstance( user , ( int , long ) ) : + uid = user + elif isinstance( user , ( str , unicode ) ) : + uid = pwd.getpwnam( user )[ 2 ] + else : + raise RuntimeError , 'Unexpected user id %r' % ( user , ) + id.user = uid + self.uid = uid + self._id = byref( id ) + self.acl = acl.AclById( self ) + def __int__( self ) : + return int( self.uid ) + def __long__( self ) : + return long( self.uid ) + def __eq__( self , other ) : + return self is other or ( isinstance( other , UserBase ) + and self.uid == other.uid ) + def __repr__( self ) : + if self.uid < 0 : + return '' % ( _g_pseudoUsers.get( self.uid , self.uid ) , ) + else : + return '' % self.uid + def removeFromAcl( self ) : + return acl.aclRemoveUser( self.uid ) + +User = buildObjectClass( 'User' , ( UserBase , ) , headers.T_USER , False ) + +#--[ Group ]------------------------------------------------------------------ + +_g_group_mod = headers.rsbac_gid_t( -1 ).value + 1 +assert _g_group_mod > 0 +_g_group_max_value = headers.rsbac_gid_t( -32 ).value # FIXME: -32? +def _ngroup( n ) : + n %= _g_group_mod + if n >= _g_group_max_value : + return n - _g_group_mod + else : + return n +_g_groups = {} +_g_pseudoGroups = { + -3 : 'no_group' , + -4 : 'all_groups' , + } + +class GroupBase( ObjectWithAttributes ) : + def __new__( cls , group ) : + group = _ngroup( group ) + if group < 0 : + instance = _g_groups.get( group ) + if instance is None : + instance = ObjectWithAttributes.__new__( cls ) + instance.__init_singleton__( group ) + _g_groups[ group ] = instance + return instance + else : + instance = ObjectWithAttributes.__new__( cls ) + instance.__init_singleton__( group ) + return instance + def __init_singleton__( self , group ) : + ObjectWithAttributes.__init__( group ) + id = headers.rsbac_target_id_t() + if isinstance( group , ( int , long ) ) : + gid = group + elif isinstance( group , ( str , unicode ) ) : + gid = grp.getgrnam( group )[ 2 ] + else : + raise RuntimeError , 'Unexpected group id %r' % ( group , ) + id.group = gid + self.gid = gid + self._id = byref( id ) + self.acl = acl.AclById( self ) + def __int__( self ) : + return int( self.gid ) + def __long__( self ) : + return long( self.gid ) + def __eq__( self , other ) : + return self is other or ( isinstance( other , GroupBase ) + and self.gid == other.gid ) + def __repr__( self ) : + if self.gid < 0 : + return '' % ( _g_pseudoGroups.get( self.gid , self.gid ) , ) + else : + return '' % self.gid + +Group = buildObjectClass( 'Group' , ( GroupBase , ) , headers.T_GROUP , False ) + +#--[ Process ]---------------------------------------------------------------- + +class ProcessBase( ObjectWithAttributes ) : + def __init__( self , process ) : + super( ProcessBase , self ).__init__() + id = headers.rsbac_target_id_t() + id.process = process + self.pid = process + self._id = byref( id ) + def __int__( self ) : + return int( self.pid ) + def __long__( self ) : + return long( self.pid ) + def __eq__( self , other ) : + return self is other or ( isinstance( other , ProcessBase ) + and self.pid == other.pid ) + def __repr__( self ) : + return '' % ( self.pid , processName( self.pid ) ) + +Process = buildObjectClass( 'Process' , ( ProcessBase , ) , headers.T_PROCESS , False ) + +#--[ IPC ]-------------------------------------------------------------------- + +class IpcBase( ObjectWithAttributes ) : + ipc = headers.I_none + def __init__( self , ipcId ) : + super( IpcBase , self ).__init__() + id = headers.rsbac_target_id_t() + id.ipc.type = self.ipc + id.ipc.id.id_nr = ipcId + self._id = byref( id ) + self.id = ipcId + def __int__( self ) : + return int( self.id ) + def __long__( self ) : + return long( self.id ) + def __repr__( self ) : + return '<%s %d>' % ( self.__class__.__name__ , self.id ) + +Ipc = buildObjectClass( 'Ipc' , ( IpcBase , ) , headers.T_IPC , False ) + +class IpcSem( Ipc ) : + ipc = headers.I_sem + +class IpcMsg( Ipc ) : + ipc = headers.I_msg + +class IpcShm( Ipc ) : + ipc = headers.I_shm + +class IpcAnonPipe( Ipc ) : + ipc = headers.I_anonpipe + +class IpcMqueue( Ipc ) : + ipc = headers.I_mqueue + +class IpcAnonUnix( Ipc ) : + ipc = headers.I_anonunix + +#--[ SCD ]-------------------------------------------------------------------- + +g_scd = {} + +class Scd( Object ) : + type = headers.T_SCD + def __new__( cls , target , *args , **kwargs ) : + instance = g_scd.get( target ) + if instance is None : + instance = object.__new__( cls ) + instance.__init_singleton__( target , *args , **kwargs ) + g_scd[ target ] = instance + return instance + def __init_singleton__( self , target , name ) : + super( Scd , self ).__init__() + id = lib.rsbac_target_id_t() + id.scd = target + self._id = byref( id ) + self.id = target + self.name = name + def getRcType( self ) : + return Type( self.type , self.id ) + rc_type = property( getRcType ) + def __repr__( self ) : + return '' % self.name + +system = new.module( 'system' ) + +def createScdObject() : + prefix = 'ST_' + for k , v in headers.__dict__.items() : + if k.startswith( prefix ) : + k = k[ len( prefix ) : ] + scd = Scd( v , k ) + setattr( system , k , scd ) + +# Create SystemClock, SystemSysctl, SystemQuota,.. +createScdObject() + +#--[ NetworkObject ]---------------------------------------------------------- + +class NetworkObject( Object ) : + type = headers.T_NETOBJ + def __init__( self , *args , **kwargs ) : raise NotImplementedError + def __repr__( self ) : + return '' + +#--[ NetworkDevice ]---------------------------------------------------------- + +# Not exported. Included in NetworkDevice class. +def getAllNetworkDevice() : + """*Return a list of all network devices involved with RSBAC rules.""" + arr = fetch( headers.rsbac_netdev_id_t , + lambda n , a : lib.rsbac_net_list_all_netdev( transaction._t , a , n ) ) + return sorted( map( byteArrayToString , arr ) ) + +class NetworkDeviceBase( ObjectWithAttributes ) : + def __init__( self , name ) : + super( NetworkDeviceBase , self ).__init__() + id = headers.rsbac_target_id_t() + stringToByteArray( id.netdev , name , minPadding = 1 ) + self._name = name + self._id = byref( id ) + self.acl = acl.AclById( self ) + def __eq__( self , other ) : + return self is other or ( isinstance( other , NetworkDeviceBase ) + and self._name == other._name ) + def __str__( self ) : + return self._name + def __repr__( self ) : + return '' % ( self._name , ) + all = staticmethod( getAllNetworkDevice ) + +NetworkDevice = buildObjectClass( 'NetworkDeviceBase' , + ( NetworkDeviceBase , ) , + headers.T_NETDEV , False ) + +#--[ NetworkTemplate ]-------------------------------------------------------- + +def intToIpv4( n ) : + #assert 0 <= n < 2**32 + n , a = divmod( n , 256 ) + n , b = divmod( n , 256 ) + n , c = divmod( n , 256 ) + d = n + return '.'.join( map( str , ( a , b , c , d ) ) ) + +g_reDigitsOnly = re.compile( r'^\d+$' ) + +def ipv4ToInt( s ) : + ns = s.split( '.' ) + if len( ns ) != 4 : + raise RuntimeError , 'invalid IP' + a = 0 + for n in reversed( ns ) : + if not g_reDigitsOnly.match( n ) : + raise RuntimeError , 'invalid IP' + n = int( n ) + if not 0 <= n <= 255 : + raise RuntimeError , 'invalid IP' + a = 256 * a + n + return a + +def ipv4AndPrefixToInt( s ) : + if '/' not in s : + ip , prefix = s , 32 + else : + ip , prefix = s.split( '/' , 1 ) + if not g_reDigitsOnly.match( prefix ) : + raise RuntimeError, 'invalid prefix' + prefix = int( prefix ) + ip = ipv4ToInt( ip ) + if not 0 <= prefix <= 32 : + raise RuntimeError , 'invalid prefix' + return ip , prefix + +# Not exported. Included in NetworkTemplate class. +def newNetworkTemplate( id , name ) : + data = headers.rsbac_net_temp_syscall_data_t() + data.name = name + raiseIfError( lib.rsbac_net_template( transaction._t , + headers.NTS_new_template , + id , byref( data ) ) ) + nt = NetworkTemplate( id ) + if nt.name != name : + raise RuntimeError , \ + 'error while constructing network template with name %r (got back %r instead)' \ + % ( name , nt.name ) + return nt + +# Not exported. Included in NetworkTemplate class. +def copyNetworkTemplate( source , dest ) : + data = headers.rsbac_net_temp_syscall_data_t() + data.id = source + raiseIfError( lib.rsbac_net_template( transaction._t , + headers.NTS_copy_template , + dest , byref( data ) ) ) + return NetworkTemplate( dest ) + +class NetworkTemplateBase( ObjectWithAttributes ) : + def __init__( self , nt ) : + super( NetworkTemplateBase , self ).__init__() + id = headers.rsbac_target_id_t() + id.nettemp = nt + self._id = byref( id ) + self.nt = nt + self.acl = acl.AclById( self ) + def __repr__( self ) : + try : + name = `self.getName()` + except Error : + name = 'undefined' + return '<%s [%d] %s>' % ( self.__class__.__name__ , self.nt , name ) + def __syscall( self , syscall , data ) : + raiseIfError( lib.rsbac_net_template( transaction._t , syscall , + self.nt , byref( data ) ) ) + return data + def __syscallGet( self , syscall ) : + # FIXME: Use a shared 'data' to prevent building this + # structure too much times? + data = headers.rsbac_net_temp_syscall_data_t() + return self.__syscall( syscall , data ) + # + # addresses + # + def getAddresses( self ) : + family = self.__syscallGet( headers.NTS_get_address_family ).address_family + addr = self.__syscallGet( headers.NTS_get_address ).address + def translate( inet ) : + result = [] + for i in range( inet.nr_addr ) : + result.append( '%s/%s' % ( intToIpv4( inet.addr[ i ] ) , + inet.valid_bits[ i ] ) ) + return result + if family == socket.AF_INET : + return ( family , translate( addr.inet ) ) + elif family == socket.AF_UNIX : + return ( family , addr.other.addr[ : addr.other.valid_len ] ) + else : + if addr.other.addr : + name = str( family ) + #name = rsbac_get_net_family_name( family ) + raise RuntimeError , 'address for family %s not supported' % name + return ( family , ) + def setAddresses( self , addresses ) : + if isinstance( addresses , ( int , long ) ) : + addresses = ( addresses , () ) + if not isinstance( addresses , ( tuple , list ) ) \ + or len( addresses ) != 2 : + raise RuntimeError + family , addrs = addresses + if not isinstance( family , ( int , long ) ) : + raise RuntimeError + data = headers.rsbac_net_temp_syscall_data_t() + data.address_family = family + self.__syscall( headers.NTS_set_address_family , data ) + if family == socket.AF_INET : + for i , addr in enumerate( addrs ) : + a , n = ipv4AndPrefixToInt( addr ) + try : + data.address.inet.addr[ i ] = a + data.address.inet.valid_bits[ i ] = n + except IndexError : + raise IndexError , \ + 'only %d addresses allowed, got %d' \ + % ( i , len( addrs ) ) + data.address.inet.nr_addr = len( addrs ) + self.__syscall( headers.NTS_set_address , data ) + elif family == socket.AF_UNIX : + data.address.other.addr = addrs + data.address.other.valid_len = len( addrs ) + self.__syscall( headers.NTS_set_address , data ) + else : + if addrs : + raise RuntimeError , \ + 'address family %s doesn\'t allows addresses (or is not yet supported)' \ + % family + addresses = property( getAddresses , setAddresses ) + # + # type + # + def getSocketType( self ) : + return self.__syscallGet( headers.NTS_get_type ).type + def setSocketType( self , type ) : + data = headers.rsbac_net_temp_syscall_data_t() + data.type = type + self.__syscall( headers.NTS_set_type , data ) + socketType = property( getSocketType , setSocketType ) + # + # protocol + # + def getProtocol( self ) : + return self.__syscallGet( headers.NTS_get_protocol ).protocol + def setProtocol( self , protocol ) : + data = headers.rsbac_net_temp_syscall_data_t() + data.protocol = protocol + self.__syscall( headers.NTS_set_protocol , data ) + protocol = property( getProtocol , setProtocol ) + # + # netdev + # + def getNetworkDevice( self ) : + return byteArrayToString( self.__syscallGet( headers.NTS_get_netdev ).netdev ) + def setNetworkDevice( self , value ) : + data = headers.rsbac_net_temp_syscall_data_t() + stringToByteArray( data.netdev , str( value ) ) + self.__syscall( headers.NTS_set_netdev , data ) + def delNetworkDevice( self ) : # FIXME + self.setNetworkDevice( '' ) + networkDevice = property( getNetworkDevice , setNetworkDevice , delNetworkDevice ) + # + # ports + # + def getPorts( self ) : + ports = self.__syscallGet( headers.NTS_get_ports ).ports + p = ports.ports + def mkPortRange( p ) : + if p.min == p.max : + return p.min + else : + return ( p.min , p.max ) + return map( mkPortRange , p[ : ports.nr_ports ] ) + def setPorts( self , value ) : + data = headers.rsbac_net_temp_syscall_data_t() + p = data.ports.ports + try : + for i , range in enumerate( value ) : + if not isinstance( range , ( tuple , list ) ) : + min , max = range , range + else : + min , max = range + p[ i ].min = min + p[ i ].max = max + except IndexError : + raise IndexError , 'only %d port ranges allowed, got %d' % ( i , len( value ) ) + data.ports.nr_ports = len( value ) + self.__syscall( headers.NTS_set_ports , data ) + def delPorts( self ) : # FIXME + self.setPorts( () ) + ports = property( getPorts , setPorts , delPorts ) + # + # name + # + def getName( self ) : + return self.__syscallGet( headers.NTS_get_name ).name + def setName( self , value ) : + data = headers.rsbac_net_temp_syscall_data_t() + slowButCorrectStringAssignation( data , 'name' , value ) + try : + raiseIfError( lib.rsbac_net_template( transaction._t , + headers.NTS_set_name , + self.nt , byref( data ) ) ) + except Error , e : + if e[ 0 ] != headers.RSBAC_ENOTFOUND : + raise + newNetworkTemplate( self.nt , value ) + name = property( getName , setName ) + # + # misc + # + create = staticmethod( newNetworkTemplate ) + def checkId( self ) : + data = headers.rsbac_net_temp_syscall_data_t() + return self.__syscall( headers.NTS_check_id , data ).id + def copyTo( self , target ) : + return copyNetworkTemplate( self.nt , target ) + def delete( self ) : + data = headers.rsbac_net_temp_syscall_data_t() + self.__syscall( headers.NTS_delete_template , data ) + +NetworkTemplate = buildObjectClass( 'NetworkTemplate' , + ( NetworkTemplateBase , ) , + headers.T_NETTEMP , False ) + +def getAllNetworkTemplate() : + arr = fetch( headers.rsbac_net_temp_id_t , + lambda n , a : lib.rsbac_net_list_all_template( transaction._t , a , n ) ) + return sorted( map( int , arr ) ) + +class NetworkTemplateDict( object ) : + def __repr__( self ) : + return '{' + ', '.join( [ ': '.join( map( str , item ) ) for item in self.items() ] ) + '}' + def __getitem__( self , nt ) : + return NetworkTemplate( nt ) + def __delitem__( self , nt ) : + NetworkTemplate( nt ).delete() + def keys( self ) : + return getAllNetworkTemplate() + def values( self ) : + return map( NetworkTemplate , self.keys() ) + def items( self ) : + return [ ( i , NetworkTemplate( i ) ) for i in self.keys() ] + +networkTemplates = NetworkTemplateDict() + +#--[ UnixSocket ]------------------------------------------------------------- + +class UnixSocket( Object ) : + type = headers.T_UNIXSOCK + def __init__( self , path ) : + self._id = path + def __repr__( self ) : + return '' % ( self._id , ) + +#----------------------------------------------------------------------------- + +for target in ( FDBase , User , Group , Process , + Ipc , Scd , DeviceBase , + NetworkDevice , NetworkTemplate , NetworkObject ) : + target.rcTypes = RcTypeDict( target.type ) + +def listAllDevices() : + arr = fetch( headers.rsbac_dev_desc_t , + lambda n , a : lib.rsbac_list_all_dev( transaction._t , a , n ) ) + r = [] + def cmp( a , b ) : + return ( a.type < b.type + or ( a.type == b.type + and ( a.major < b.major + or ( a.major == b.major + and a.minor < b.minor ) ) ) ) + for item in sorted( arr , cmp ) : + if item.type == headers.D_block : + dev = BlockDevice( item.major , item.minor ) + elif item.type == headers.D_block_major : + dev = BlockDevice( item.major ) + elif item.type == headers.D_char : + dev = CharacterDevice( item.major , item.minor ) + elif item.type == headers.D_char_major : + dev = CharacterDevice( item.major ) + else : + raise NotReached + r.append( dev ) + return r + +def listAllUsers() : + arr = fetch( headers.rsbac_uid_t , + lambda n , a : lib.rsbac_list_all_user( transaction._t , a , n ) ) + return map( User , sorted( arr ) ) + +def listAllGroups() : + arr = fetch( headers.rsbac_gid_t , + lambda n , a : lib.rsbac_list_all_group( transaction._t , a , n ) ) + return map( User , sorted( arr ) ) + +from rsbac import acl + +defaultFd = FD( None ) +defaultFile = File( None ) +defaultFifo = Fifo( None ) +defaultSymlink = Symlink( None ) +defaultDirectory = Directory( None ) +defaultDevice = Device( None ) + +pseudoUsers = new.module( 'pseudoUsers' ) +for k , v in _g_pseudoUsers.items() : + setattr( pseudoUsers , v , User( k ) ) + +pseudoGroups = new.module( 'pseudoGroups' ) +for k , v in _g_pseudoGroups.items() : + setattr( pseudoGroups , v , Group( k ) ) + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/platform.py b/rsbac/platform.py new file mode 100644 index 0000000..4cd92e4 --- /dev/null +++ b/rsbac/platform.py @@ -0,0 +1,34 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ 'getErrno' ] + +import ctypes + +__errno = ctypes.c_int.in_dll( ctypes.CDLL( 'libc.so.6' ) , 'errno' ) +def getErrno() : + """Retrieve the current errno value from the libc. + + """ + return __errno.value + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/rc.py b/rsbac/rc.py new file mode 100644 index 0000000..18512fa --- /dev/null +++ b/rsbac/rc.py @@ -0,0 +1,1135 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +""" + +This module provides access to RC type and RC role objects for the +RSBAC Python bindings. + +""" + +__all__ = [] + +def export( o ) : + if not isinstance( o , basestring ) : + name = o.__name__ + else : + name , o = o , None + if name in __all__ : + raise ImportError , 'duplicate name %r in module %r' % ( name , __name__ ) + __all__.append( name ) + return o + +import new +import weakref +from ctypes import byref, c_uint32 + +from rsbac import headers, lib, transaction +from rsbac.errors import Error, raiseIfError +from rsbac._utils import aptr, slowButCorrectStringAssignation, fetch + +# Singletons. Obviously bad for MT. But good for performance.. +g_rcItemValue = headers.rsbac_rc_item_value_t() +g_rcItemValueRef = byref( g_rcItemValue ) + +g_rcTargetValue = headers.rsbac_rc_target_id_t() +g_rcTargetValueRef = byref( g_rcTargetValue ) + +g_rcTargetValue2 = headers.rsbac_rc_target_id_t() +g_rcTargetValue2Ref = byref( g_rcTargetValue2 ) + +g_ttl = headers.rsbac_time_t() +g_ttlRef = byref( g_ttl ) + +g_rcNameTargetToItem = { + headers.T_FD : headers.RI_type_fd_name , + headers.T_FILE : headers.RI_type_fd_name , + headers.T_DIR : headers.RI_type_fd_name , + headers.T_FIFO : headers.RI_type_fd_name , + headers.T_DEV : headers.RI_type_dev_name , + headers.T_IPC : headers.RI_type_ipc_name , + headers.T_USER : headers.RI_type_user_name , + headers.T_GROUP : headers.RI_type_group_name , + headers.T_PROCESS : headers.RI_type_process_name , + headers.T_NETDEV : headers.RI_type_netdev_name , + headers.T_NETTEMP : headers.RI_type_nettemp_name , + headers.T_NETOBJ : headers.RI_type_netobj_name , + headers.T_SCD : headers.RI_type_scd_name + } + +g_rcCompatibilityTargetToItem = { + headers.T_FD : headers.RI_type_comp_fd , + headers.T_FILE : headers.RI_type_comp_fd , + headers.T_DIR : headers.RI_type_comp_fd , + headers.T_FIFO : headers.RI_type_comp_fd , + headers.T_DEV : headers.RI_type_comp_dev , + headers.T_IPC : headers.RI_type_comp_ipc , + headers.T_USER : headers.RI_type_comp_user , + headers.T_GROUP : headers.RI_type_comp_group , + headers.T_PROCESS : headers.RI_type_comp_process , + headers.T_NETDEV : headers.RI_type_comp_netdev , + headers.T_NETTEMP : headers.RI_type_comp_nettemp , + headers.T_NETOBJ : headers.RI_type_comp_netobj , + headers.T_SCD : headers.RI_type_comp_scd + } + +g_rcTargetToTypeRemove = { + headers.T_FD : headers.RI_type_fd_remove , + headers.T_FILE : headers.RI_type_fd_remove , + headers.T_DIR : headers.RI_type_fd_remove , + headers.T_FIFO : headers.RI_type_fd_remove , + headers.T_DEV : headers.RI_type_dev_remove , + headers.T_IPC : headers.RI_type_ipc_remove , + headers.T_USER : headers.RI_type_user_remove , + headers.T_GROUP : headers.RI_type_group_remove , + headers.T_PROCESS : headers.RI_type_process_remove , + headers.T_NETDEV : headers.RI_type_netdev_remove , + headers.T_NETTEMP : headers.RI_type_nettemp_remove , + headers.T_NETOBJ : headers.RI_type_netobj_remove + } + +# RC role specific data +_g_role_mod = headers.rsbac_rc_role_id_t( -1 ).value + 1 +assert _g_role_mod > 0 +_g_role_max_value = headers.rsbac_rc_role_id_t( -32 ).value +def _nrole( n ) : + n %= _g_role_mod + if n >= _g_role_max_value : + return int( n - _g_role_mod ) + else : + return int( n ) +_g_roles = weakref.WeakValueDictionary() +_g_pseudoRoles = { + -1 : 'inherit_user' , + -2 : 'inherit_process' , + -3 : 'inherit_parent' , + -4 : 'inherit_up_mixed' , + -5 : 'use_force_role' + } + +# RC type specific data +_g_type_mod = headers.rsbac_rc_type_id_t( -1 ).value + 1 +assert _g_type_mod > 0 +_g_type_max_value = headers.rsbac_rc_type_id_t( -32 ).value +def _ntype( n ) : + n %= _g_type_mod + if n >= _g_type_max_value : + return int( n - _g_type_mod ) + else : + return int( n ) +_g_types = weakref.WeakValueDictionary() +_g_pseudoTypes = { + -1 : 'inherit_process' , + -2 : 'inherit_parent' , + -3 : 'no_create' , + -4 : 'no_execute' , + -5 : 'use_new_role_def_create' , + -6 : 'no_chown' , + -7 : 'use_fd' + } + +@export +def copyRole( source , dest ) : + """Copy a RC role. + + source -- RC role as integer + dest -- RC role as integer + + """ + raiseIfError( lib.rsbac_rc_copy_role( transaction._t , + source , dest ) ) + +@export +def grant( role , type , requests ) : + """Grant 'requests' to 'role' for the given 'type'. + + role -- RC role + type -- RC type + requests -- RequestVector + """ + rights , ttl = role.typeCompatibility[ type ] + rights |= rsbac.RequestVector( requests ) + role.typeCompatibility[ type ] = rights , ttl + +@export +def revoke( role , type , requests ) : + """Revoke 'requests' to 'role' for the given 'type'. + + role -- RC Role + type -- RC type + requests -- RequestVector + """ + rights , ttl = role.typeCompatibility[ type ] + rights &= ~rsbac.RequestVector( requests ) + role.typeCompatibility[ type ] = rights , ttl + +def findUnnamedRole( start = 0 ) : + """Find an unnamed role. + + start -- Minimal RC role id to use, as integer. + + Return an integer. + """ + i = start + while 1 : + try : + getRoleName( i ) + except Error , e : + if e[ 0 ] != headers.RSBAC_ENOTFOUND : + raise + break + i += 1 + return i + +def findUnnamedRoles( n = 1 , start = 0 ) : + """Find a set of unnammed roles. + + n -- Number of unnnamed roles to find. + start -- Minimal RC role id to use, as integer. + + Returns a list of integers. + """ + r = [] + i = start + for j in range( n ) : + role = findUnnamedRole( i ) + r.append( role ) + i = role + 1 + return r + +@export +def newRole( name , start = 0 ) : + """Create a new RC role. + + name -- Name for the new RC role. + + Returns a RC Role. + """ + role = findUnnamedRole( start ) + setRoleName( role , name ) + return Role( role ) + +@export +def cloneRole( source , start = 0 ) : + """Clone a RC role under another name. + + source -- RC role as integer + name -- Name of the new role + + """ + role = findUnnamedRole( start ) + copyRole( source , role ) + return role + +@export +def copyType( target , source , dest ) : + """Copy a RC type. + + The target specify which type of RC type should be copied. + + target -- RSBAC object type as integer + source -- RC type as integer + dest -- RC Type as integer + + """ + raiseIfError( lib.rsbac_rc_copy_type( transaction._t , target , + source , dest ) ) + +@export +def getList( rcTarget , rcId , item ) : + """Retrieve a list of RC items (role or type). + + rcTarget -- RT_ROLE, RT_TYPE or None. + rcId -- role or target as integer. + item -- a value from RI_* defines. + + """ + # FIXME: I'm assuming that all roles are returned when querying + # with RI_name, and that target can be NULL. Is that right? + if rcId is None : + id = None + elif rcTarget == headers.RT_ROLE : + g_rcTargetValue.role = rcId + elif rcTarget == headers.RT_TYPE : + g_rcTargetValue.type = rcId + else : + raise RuntimeError , 'unexpected rc target %d' % ( rcTarget , ) + arr = fetch( c_uint32 , + lambda n , a : lib.rsbac_rc_get_list( transaction._t , + rcTarget , g_rcTargetValueRef , + item , n , a , None ) ) + return sorted( map( int , arr ) ) + +@export +def getRoleList( role , item ) : + """Retrieve a list of items associated with a role. + + role -- RC role as integer or None + item -- a value from RI_* defines. + + """ + return getList( headers.RT_ROLE , role , item ) + +@export +def getTypeList( type , item ) : + """Retrieve a list of items associated with a type. + + type -- RC type as integer (or None?) + item -- a value from RI_* defines. + + """ + return getList( headers.RT_TYPE , type , item ) + +@export +def getRoles() : + """Retrieve a list of all defined roles (those with a name.) + + """ + # FIXME: I'm assuming that all roles are returned when querying + # with RI_name, and that target can be NULL. Is that correct? + return getRoleList( None , headers.RI_name ) + +g_scdRcTypes = None + +@export +def getTypes( target ) : + """Retrieve a list of all defined types (those with a name.) + + target -- RSBAC object type as integer + + """ + if target == headers.T_SCD : + global g_scdRcTypes + if g_scdRcTypes is None : + r = [] + for key in dir( headers ) : + if ( key.startswith( 'ST_' ) or key.startswith( 'AST_' ) ) \ + and not key.endswith( '_none' ) : + r.append( int( getattr( headers , key ) ) ) + r.sort() + g_scdRcTypes = r + return g_scdRcTypes + else : + if target not in g_rcNameTargetToItem : + raise RuntimeError , 'Unexpected target %r' % ( target , ) + return getTypeList( None , g_rcNameTargetToItem[ target ] ) + +@export +def changeRole( role , password = None ) : + """Change the role of the current process. + + role -- RC role as integer + password -- the password as a string or None + + """ + raiseIfError( lib.rsbac_rc_change_role( role , password ) ) + +@export +def getCurrentRole() : + """Return the role of the current process. + + Returns a RC role as an integer. + + """ + role = headers.rsbac_rc_role_id_t() + raiseIfError( lib.rsbac_rc_get_current_role( byref( role ) ) ) + return int( role.value ) + +@export +def getRoleName( role ) : + """Get the name of a RC role. + + role -- RC role as integer + + """ + g_rcTargetValue.role = role + raiseIfError( lib.rsbac_rc_get_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , None , + headers.RI_name , g_rcItemValueRef , + None ) ) + return g_rcItemValue.name + +@export +def setRoleName( role , name ) : + """Set the name of a RC role. + + role -- RC role as integer + name -- the new name as string + + """ + g_rcTargetValue.role = role + slowButCorrectStringAssignation( g_rcItemValue , 'name' , name ) + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , None , + headers.RI_name , g_rcItemValueRef , + 0 ) ) + +@export +def getRoleTypeCompatibility( role , type ) : + """Get RC role compatibility with the given type. + + role -- RC role as integer + type -- RC type as either a tuple (target,type) or an Object class + or instance. + + Returns a tuple (RequestVector,ttl). + + """ + g_rcTargetValue.role = role + target , type = _type( type ) + g_rcTargetValue2.type = type + item = g_rcCompatibilityTargetToItem[ target ] + raiseIfError( lib.rsbac_rc_get_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , g_rcTargetValue2Ref , + item , g_rcItemValueRef , + g_ttlRef ) ) + return RequestVector( g_rcItemValue.rights ) , g_ttl.value + +@export +def setRoleTypeCompatibility( role , type , value ) : + """Set RC role compatibility with the given type. + + role -- RC role as integer + type -- RC type + value -- A tuple (RequestVector,ttl) or a RequestVector (implying + unlimited TTL.) + + """ + g_rcTargetValue.role = role + target , type = _type( type ) + g_rcTargetValue2.type = type + item = g_rcCompatibilityTargetToItem[ target ] + if not isinstance( value , ( tuple , list ) ) : + value = ( value , 0 ) + rights , ttl = value + g_rcItemValue.rights = int( rights ) + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , g_rcTargetValue2Ref , + item , g_rcItemValueRef , + ttl ) ) + +@export +def getRoleDefaultIndividualFdCreateType( role , type ) : + """Get RC role default individual FD create type + + role -- RC role as integer + type -- RC type + + Returns a Type (FIXME.. Returns an integer, and use Type in the + class wrapper instead.) + + """ + g_rcTargetValue.role = role + g_rcTargetValue2.type = int( type ) # FIXME: Check target type + raiseIfError( lib.rsbac_rc_get_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , g_rcTargetValue2Ref , + headers.RI_def_fd_ind_create_type , + g_rcItemValueRef , None ) ) + return Type( headers.T_FD , g_rcItemValue.type_id ) + +@export +def setRoleDefaultIndividualFdCreateType( role , type1 , type2 ) : + """Set RC role default individual FD create type + + role -- RC role as integer + type1 -- RC type + type2 -- RC type + + """ + g_rcTargetValue.role = role + g_rcTargetValue2.type = int( type1 ) # FIXME: Check target type + g_rcItemValue.type_id = int( type2 ) # FIXME: Check target type + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , g_rcTargetValue2Ref , + headers.RI_def_fd_ind_create_type , + g_rcItemValueRef , 0 ) ) + +@export +def delRoleDefaultIndividualFdCreateType( role , type ) : + """Remove RC role default individidual FD create type setting + + role -- RC role as integer + type -- RC type + """ + g_rcTargetValue.role = role + g_rcTargetValue2.type = int( type ) # FIXME: Check target type + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , g_rcTargetValue2Ref , + headers.RI_def_fd_ind_create_type_remove , + None , 0 ) ) + +@export +def getRoleAdminType( role ) : + """Get the RC role admin type. + + role -- RC role as integer + + """ + g_rcTargetValue.role = role + raiseIfError( lib.rsbac_rc_get_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , None , + headers.RI_admin_type , g_rcItemValueRef , + None ) ) + return g_rcItemValue.admin_type + +@export +def setRoleAdminType( role , value ) : + """Set the RC role admin type. + + role -- RC role as integer + value -- RC role admin type (0 [no admin], 1 [role admin] or 2 [system admin]) + + """ + g_rcTargetValue.role = role + g_rcItemValue.admin_type = value + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , None , + headers.RI_admin_type , g_rcItemValueRef , + 0 ) ) + +@export +def getRoleBootRole( role ) : + """Test if the RC role is a boot role. + + role -- RC role as integer + """ + g_rcTargetValue.role = role + raiseIfError( lib.rsbac_rc_get_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , None , + headers.RI_boot_role , + g_rcItemValueRef , None ) ) + return bool( g_rcItemValue.boot_role ) + +@export +def setRoleBootRole( role , value ) : + """Set if the RC role is a boot role. + + role -- RC role as integer + value -- boolean + """ + g_rcTargetValue.role = role + g_rcItemValue.boot_role = value + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , None , + headers.RI_boot_role , + g_rcItemValueRef , 0 ) ) + +@export +def getRoleRequireReauthentication( role ) : + """Test if the role requires reauthentication + + role -- RC role as integer + + """ + g_rcTargetValue.role = role + raiseIfError( lib.rsbac_rc_get_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , None , + headers.RI_req_reauth , + g_rcItemValueRef , None ) ) + return bool( g_rcItemValue.req_reauth ) + +@export +def setRoleRequireReauthentication( role , value ) : + """Set if the role requires reauthentication + + role -- RC role as integer + value -- boolean + + """ + g_rcTargetValue.role = role + g_rcItemValue.req_reauth = value + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , None , + headers.RI_req_reauth , + g_rcItemValueRef , 0 ) ) + +@export +def removeRole( role ) : + """Remove a RC role. + + role -- RC role as integer + + """ + g_rcTargetValue.role = role + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_ROLE , + g_rcTargetValueRef , None , + headers.RI_remove_role , None , 0 ) ) + +def makeGetSetRoles( name , item , docGet = None , docSet = None ) : + import sys + RT_ROLE = headers.RT_ROLE + def get( roleA , roleB ) : + g_rcTargetValue.role = roleA + g_rcTargetValue2.role = roleB + raiseIfError( lib.rsbac_rc_get_item( transaction._t , RT_ROLE , + g_rcTargetValueRef , g_rcTargetValue2Ref , + item , g_rcItemValueRef , g_ttlRef ) ) + return int( g_ttl.value ) or bool( g_rcItemValue.comp ) + if docGet is not None : + get.__doc__ = docGet + """ + + roleA -- RC role as integer + roleB -- RC role as integer + + """ + def set( roleA , roleB , value ) : + g_rcTargetValue.role = roleA + g_rcTargetValue2.role = roleB + if value is True : + flag , ttl = True , 0 + elif not value or value < 1 : + flag , ttl = False , 0 + else : + flag , ttl = True , value + g_rcItemValue.comp = flag + raiseIfError( lib.rsbac_rc_set_item( transaction._t , RT_ROLE , + g_rcTargetValueRef , g_rcTargetValue2Ref , + item , g_rcItemValueRef , ttl ) ) + if docSet is not None : + set.__doc__ = docSet + """ + + roleA -- RC role as integer + roleB -- RC role as integer + value -- False, True or an integer. + + """ + def list( role ) : + return getList( RT_ROLE , role , item ) + m = sys.modules[ __name__ ] + setattr( m , 'get' + name , get ) + setattr( m , 'set' + name , set ) + setattr( m , 'list' + name + 's' , list ) + __all__.append( 'get' + name ) + __all__.append( 'set' + name ) + __all__.append( 'list' + name + 's' ) + +makeGetSetRoles( 'RoleCompatibilityRole' , headers.RI_role_comp , + 'Test if the RC role is compatible with another one.' , + 'Set if the RC role is compatible with another one.' ) + +makeGetSetRoles( 'RoleAdminRole' , headers.RI_admin_roles , + None , # FIXME + None ) # FIXME + +makeGetSetRoles( 'RoleAssignRole' , headers.RI_assign_roles , + None , # FIXME + None ) # FIXME + +# FIXME: dict interface! +class RoleTtlDictProxy( object ) : + def __init__( self , name , role , get , set , list ) : + self.__name = name + self.__role = role + self.__get = get + self.__set = set + self.__list = list + def __iter__( self ) : + return iter( self.__list( self.__role ) ) + def __contains__( self , role ) : + return bool( self.__get( self.__role , role ) ) + def __getitem__( self , role ) : + return self.__get( self.__role , role ) + def __setitem__( self , role , value ) : + # FIXME: __setitem__ = Role( self.role ).setRoleCompatibility? + self.__set( self.__role , role , value ) + def __delitem__( self , role ) : + self.__set( self.__role , role , False ) + def __repr__( self ) : + r = [] + for role in self : + value = self.__get( self.__role , role ) + if value is True : + r.append( str( role ) ) + elif value is False : + pass + else : + r.append( '%s(%ds)' % ( role , value ) ) + try : + name = `getRoleName( self.__role )` + except Error , e : + if e[ 0 ] != headers.RSBAC_ENOTFOUND : + raise + name = 'undefined' + return '<%s for RC Role %d (%s): %s>' \ + % ( self.__name , self.__role , name , + ', '.join( r ) or 'none' ) + def keys( self ) : + return list( self ) + def items( self ) : + r = [] + # Be careful with TTL.. + for role in self : + value = self.__get( self.__role , role ) + if value : + r.append( ( role , value ) ) + return r + def add( self , role ) : + self.__set( self.__role , role , True ) + def discard( self , role ) : + self.__set( self.__role , role , False ) + def clear( self ) : + for role in self : + self.__set( self.__role , role , False ) + +class RoleTypeCompatibility( object ) : + def __init__( self , role ) : + self.role = role + def __getitem__( self , type ) : + return getRoleTypeCompatibility( self.role , type ) + def __setitem__( self , type , value ) : + return setRoleTypeCompatibility( self.role , type , value ) + def __repr__( self ) : + return '' % ( self.role , ) + +class DefaultIndividualFdCreateType( object ) : + def __init__( self , role ) : + self.role = role + def __getitem__( self , type ) : + return self.role.getDefaultIndividualFdCreateType( type ) + def get( self , type ) : + try : + return self[ type ] + except Error , e : + if e[ 0 ] != headers.RSBAC_ENOTFOUND : + raise + def __setitem__( self , type , value ) : + self.role.setDefaultIndividualFdCreateType( type , value ) + def __delitem__( self , type ) : + self.role.delDefaultIndividualFdCreateType( type ) + +class DefaultTypes( object ) : + def __init__( self , role ) : + self.role = role + def __getitem__( self , action ) : + return self.role.getDefaultType( action ) + def __setitem__( self , action , value ) : + self.role.setDefaultType( action , value ) + +def _type( t ) : + from objects import Scd + if isinstance( t , Type ) : + return t.target , t.type + elif isinstance( t , Scd ) : + return t.type , t.id + else : + return t + +class RoleBase( object ) : + __slots__ = [ '_role' , '_id' ] + def __new__( cls , role ) : + role = _nrole( role ) + instance = _g_roles.get( role ) + if instance is None : + instance = object.__new__( cls ) + instance.__init_singleton__( role ) + _g_roles[ role ] = instance + return instance + def __init_singleton__( self , role ) : + self._role = int( role ) + id = headers.rsbac_rc_target_id_t() + id.role = role + self._id = byref( id ) + self.compatibility = \ + RoleTtlDictProxy( 'RoleCompatibility' , self._role , + getRoleCompatibilityRole , + setRoleCompatibilityRole , + listRoleCompatibilityRoles ) + self.adminRoles = \ + RoleTtlDictProxy( 'AdminRoles' , self._role , + getRoleAdminRole , + setRoleAdminRole , + listRoleAdminRoles ) + self.assignRoles = \ + RoleTtlDictProxy( 'AssignRoles' , self._role , + getRoleAssignRole , + setRoleAssignRole , + listRoleAssignRoles ) + self.typeCompatibility = \ + RoleTypeCompatibility( self._role ) + self.defaultIndividualFdCreateType = \ + DefaultIndividualFdCreateType( self._role ) + def __int__( self ) : + return int( self._role ) + def __long__( self ) : + return long( self._role ) + def __repr__( self ) : + if self._role < 0 : + return '' \ + % ( self._role , + _g_pseudoRoles.get( self._role , 'unknown' ) ) + else : + try : + name = `self.getName()` + except Error : + name = 'undefined' + return '' % ( self._role , name ) + def copyTo( self , dest ) : + copyRole( self._role , int( dest ) ) + def clone( self , name = None ) : + role = Role( cloneRole( self._role ) ) + if name is not None : + role.name = name + return role + # + # id + # + def getId( self ) : + return self._role + id = property( getId ) + # + # name + # + def getName( self ) : + return getRoleName( self._role ) + def setName( self , name ) : + return setRoleName( self._role , name ) + name = property( getName , setName ) + # + # role_comp + # + def getRoleCompatibility( self , role ) : + return getRoleRoleCompatibility( self._role , role ) + def setRoleCompatibility( self , role , value ) : + return setRoleRoleCompatibility( self._role , role , value ) + compatibility = None + # + # admin_roles + # + def getAdminRole( self , role ) : + return getRoleAdminRole( self._role , role ) + def setAdminRole( self , role , value ) : + return setRoleAdminRole( self._role , role , value ) + adminRoles = None + # + # assign_roles + # + def getAssignRole( self , role ) : + return getRoleAssignRole( self._role , role ) + def setAssignRole( self , role , value ) : + return setRoleAssignRole( self._role , role , value ) + assignRoles = None + # + # type_comp_* + # + def getTypeCompatibility( self , type ) : + return getRoleTypeCompatibility( self._role , type ) + def setTypeCompatibility( self , type , value ) : + return setRoleTypeCompatibility( self._role , type , value ) + typeCompatibility = None + # + # def_fd_ind_create_type + # + def getDefaultIndividualFdCreateType( self , type ) : + return getRoleDefaultIndividualFdCreateType( self._role , type ) + def setDefaultIndividualFdCreateType( self , type1 , type2 ) : + return setRoleDefaultIndividualFdCreateType( self._role , type1 , type2 ) + def delDefaultIndividualFdCreateType( self , type ) : + return delRoleDefaultIndividualFdCreateType( self._role , type ) + defaultFdType = None + # + # boot_role + # + def getBootRole( self ) : + return getRoleBootRole( self._role ) + def setBootRole( self , value ) : + return setRoleBootRole( self._role , value ) + bootRole = property( getBootRole , setBootRole ) + # + # req_reauth + # + def getRequireReauthentication( self ) : + return getRoleRequireReauthentication( self._role ) + def setRequireReauthentication( self , value ) : + return setRoleRequireReauthentication( self._role , value ) + requireReauthentication = property( getRequireReauthentication , + setRequireReauthentication ) + # + # admin_type + # + def getAdminType( self ) : + return getRoleAdminType( self._role ) + def setAdminType( self , value ) : + return setRoleAdminType( self._role , value ) + adminType = property( getAdminType , setAdminType ) + # + # remove + # + def delete( self ) : + removeRole( self._role ) + +def createRoleClass() : + attrs = {} + def addAttribute( target , name ) : + pname = 'default' + ''.join( [ s.capitalize() for s in name.split( '_' ) ] ) + 'Type' + cpname = pname[ 0 ].upper() + pname[ 1 : ] + #pname = 'def_%s_type' % name + item = getattr( headers , 'RI_def_%s_type' % name ) + def getter( id ) : + raiseIfError( lib.rsbac_rc_get_item( 0 , headers.RT_ROLE , + id , None , + item , g_rcItemValueRef , + None ) ) + return g_rcItemValue.type_id + def setter( id , value ) : + g_rcItemValue.type_id = value + raiseIfError( lib.rsbac_rc_set_item( 0 , headers.RT_ROLE , + id , None , + item , g_rcItemValueRef , + 0 ) ) + def mget( self ) : + return Type( target , getter( self._id ) ) + def mset( self , value ) : + return setter( self._id , int( value ) ) + attrs[ 'getter_' + pname ] = staticmethod( getter ) + attrs[ 'setter_' + pname ] = staticmethod( setter ) + # + attrs[ 'get' + cpname ] = mget + attrs[ 'set' + cpname ] = mset + attrs[ pname ] = property( mget , mset ) + for target , name in ( + ( headers.T_FD , 'fd_create' ) , + ( headers.T_USER , 'user_create' ) , + ( headers.T_GROUP , 'group_create' ) , + ( headers.T_PROCESS , 'process_create' ) , + ( headers.T_PROCESS , 'process_chown' ) , + ( headers.T_PROCESS , 'process_execute' ) , + ( headers.T_IPC , 'ipc_create' ) , + ( headers.T_FD , 'unixsock_create' ) ) : + addAttribute( target , name ) + return type( 'Role' , ( RoleBase , ) , attrs ) + +export( 'Role' ) +Role = createRoleClass() + +#----------------------------------------------------------------------------- + +@export +def getTypeName( type ) : + """Get the name of a RC type + + type -- RC type + + """ + target , type = _type( type ) + g_rcTargetValue.type = type + raiseIfError( lib.rsbac_rc_get_item( transaction._t , headers.RT_TYPE , + g_rcTargetValueRef , None , + g_rcNameTargetToItem[ target ] , + g_rcItemValueRef , None ) ) + return g_rcItemValue.name + +@export +def setTypeName( type , name ) : + """Set the name of a RC type + + type -- RC type + name -- the new name as string + + """ + target , type = _type( type ) + g_rcTargetValue.type = type + slowButCorrectStringAssignation( g_rcItemValue , 'name' , name ) + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_TYPE , + g_rcTargetValueRef , None , + g_rcNameTargetToItem[ target ] , + g_rcItemValueRef , 0 ) ) + +@export +def getTypeNeedSecureDelete( type ) : + """Test if the RC type need secure delete. + + type -- RC type + + """ + target , type = _type( type ) + g_rcTargetValue.type = type + if target != headers.T_FD : + raise RuntimeError , 'attribute available for the FD type only' + raiseIfError( lib.rsbac_rc_get_item( transaction._t , headers.RT_TYPE , + g_rcTargetValueRef , None , + headers.RI_type_fd_need_secdel , + g_rcItemValueRef , None ) ) + return bool( g_rcItemValue.need_secdel ) + +@export +def setTypeNeedSecureDelete( type , value ) : + """Set if the RC type need secure delete. + + type -- RC type + value - boolean + + """ + target , type = _type( type ) + g_rcTargetValue.type = type + if target != headers.T_FD : + raise RuntimeError , 'attribute available for the FD type only' + g_rcItemValue.need_secdel = value + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_TYPE , + g_rcTargetValueRef , None , + headers.RI_type_fd_need_secdel , + g_rcItemValueRef , 0 ) ) + +@export +def removeType( type ) : + """Remove a RC type. + + type -- RC type + + """ + target , type = _type( type ) + g_rcTargetValue.type = type + raiseIfError( lib.rsbac_rc_set_item( transaction._t , headers.RT_TYPE , + g_rcTargetValueRef , None , + g_rcTargetToTypeRemove[ target ] , + None , 0 ) ) + +class Type( object ) : + def __new__( cls , target , type ) : + if hasattr( target , 'type' ) : + target = target.type + type = _ntype( type ) + if type < 0 : + target = None + t = ( target , type ) + instance = _g_types.get( t ) + if instance is None : + instance = object.__new__( cls ) + instance.__init_singleton__( target , type ) + _g_types[ t ] = instance + return instance + def __init_singleton__( self , target , type ) : + self.__id = ( target , type ) + def __eq__( self , other ) : + if isinstance( other , ( int , long ) ) : + return self.type == _ntype( other ) + else : + return ( self is other + or ( isinstance( other , Type ) + and self.__id == other.__id ) ) + def __int__( self ) : + return int( self.__id[ 1 ] ) + def __long__( self ) : + return long( self.__id[ 1 ] ) + def __repr__( self ) : + target , type = self.__id + if type < 0 : + return '' \ + % ( type , + _g_pseudoTypes.get( type , 'unknown' ) , ) + else : + try : + name = `self.getName()` + except Error : + name = 'undefined' + return '' % ( target , type , name ) + # + # target, type + # + target = property( lambda self : self.__id[ 0 ] ) + type = property( lambda self : self.__id[ 1 ] ) + # + # name + # + def getName( self ) : + return getTypeName( self.__id ) + def setName( self , name ) : + return setTypeName( self.__id , name ) + name = property( getName , setName ) + # + # fd_need_secdel + # + def getNeedSecureDelete( self ) : + return getTypeNeedSecureDelete( self.__id ) + def setNeedSecureDelete( self , value ) : + return setTypeNeedSecureDelete( self.__id , value ) + needSecureDelete = property( getNeedSecureDelete , setNeedSecureDelete ) + # + # delete + # + def delete( self ) : + removeType( self.__id ) + +pseudoRoles = new.module( 'pseudoRoles' ) +for k , v in _g_pseudoRoles.items() : + setattr( pseudoRoles , v , Role( k ) ) +pseudoTypes = new.module( 'pseudoTypes' ) +for k , v in _g_pseudoTypes.items() : + setattr( pseudoTypes , v , Type( None , k ) ) + +class RcRoleDict( object ) : + def keys( self ) : + return getRoles() + def items( self ) : + return [ ( id , Role( id ) ) for id in self.keys() ] + def values( self ) : + return [ Role( id ) for id in self.keys() ] + def __iter__( self ) : + return iter( self.keys() ) + def __getitem__( self , id ) : + return Role( id ) + def __setitem__( self , *args ) : + raise RuntimeError + def __delitem__( self , id ) : + Role( id ).delete() + def __repr__( self ) : + return '{' + ', '.join( [ ': '.join( map( repr , item ) ) for item in self.items() ] ) + '}' + +def newType( target , name , start = 0 ) : + i = start + if hasattr( target , 'type' ) : + target = target.type + while 1 : + try : + Type( target , i ).name + except Error , e : + if e[ 0 ] != headers.RSBAC_ENOTFOUND : + raise + t = Type( target , i ) + t.name = name + return t + i += 1 + +class RcTypeDict( object ) : + def __init__( self , target ) : + self.target = target + def keys( self ) : + return getTypes( self.target ) + def items( self ) : + return [ ( id , Type( self.target , id ) ) for id in self.keys() ] + def values( self ) : + return [ Type( self.target , id ) for id in self.keys() ] + def __iter__( self ) : + return iter( self.keys() ) + def __getitem__( self , id ) : + return Type( self.target , id ) + def __setitem__( self , *args ) : + raise RuntimeError + def __delitem__( self , id ) : + Type( self.target , id ).delete() + def __repr__( self ) : + return '{' + ', '.join( [ ': '.join( map( repr , item ) ) for item in self.items() ] ) + '}' + +roles = RcRoleDict() + +from rsbac._data import RequestVector + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/rsbac_1_3_0_rc1.py b/rsbac/rsbac_1_3_0_rc1.py new file mode 100644 index 0000000..5fea810 --- /dev/null +++ b/rsbac/rsbac_1_3_0_rc1.py @@ -0,0 +1,4618 @@ +# Automatically generated by ./gen.sh on Fri Oct 13 11:19:37 CEST 2006 + +# unresolved alias: __INO_T_TYPE = __ULONGWORD_TYPE +# unresolved alias: RSBAC_ACL_GROUP_RIGHTS_VECTOR = RSBAC_GROUP_REQUEST_VECTOR +# unresolved alias: __TIME_T_TYPE = __SLONGWORD_TYPE +# unresolved alias: __GID_T_TYPE = __U32_TYPE +# unresolved alias: __FSFILCNT_T_TYPE = __ULONGWORD_TYPE +# unresolved alias: __USECONDS_T_TYPE = __U32_TYPE +# unresolved alias: __SWBLK_T_TYPE = __SLONGWORD_TYPE +# unresolved alias: __ID_T_TYPE = __U32_TYPE +# unresolved alias: __S32_TYPE = int +# unresolved alias: __MODE_T_TYPE = __U32_TYPE +# unresolved alias: __DADDR_T_TYPE = __S32_TYPE +# unresolved alias: asm = __asm__ +# unresolved alias: __NLINK_T_TYPE = __UWORD_TYPE +# unresolved alias: __SWORD_TYPE = int +# unresolved alias: __SSIZE_T_TYPE = __SWORD_TYPE +# unresolved alias: __RLIM_T_TYPE = __ULONGWORD_TYPE +# unresolved alias: __UID_T_TYPE = __U32_TYPE +# unresolved alias: volatile = __volatile__ +# unresolved alias: __KEY_T_TYPE = __S32_TYPE +# unresolved alias: __CLOCK_T_TYPE = __SLONGWORD_TYPE +# unresolved alias: __SUSECONDS_T_TYPE = __SLONGWORD_TYPE +# unresolved alias: __FSBLKCNT_T_TYPE = __ULONGWORD_TYPE +# unresolved alias: __CLOCKID_T_TYPE = __S32_TYPE +# unresolved alias: __BLKCNT_T_TYPE = __SLONGWORD_TYPE +# unresolved alias: __OFF_T_TYPE = __SLONGWORD_TYPE +# unresolved alias: __BLKSIZE_T_TYPE = __SLONGWORD_TYPE +# unresolved alias: NULL = __null +# unresolved alias: __PID_T_TYPE = __S32_TYPE +from ctypes import * +STRING = c_char_p + + +R_MODIFY_ACCESS_DATA = 14 +RSBAC_RC_DEFAULT_RIGHTS_VECTOR = 0 # Variable c_int +RSBAC_RC_GEN_RIGHTS_VECTOR = RSBAC_RC_DEFAULT_RIGHTS_VECTOR # alias +LL_invalid = 4 +def __STRING(x): return #x # macro +PF_delete_consent = 9 +A_daz_role = 16 +ACLC_remove_from_acl_entry = 4 +R_TRACE = 31 +R_MAP_EXEC = 36 +# def _syscall0(type,name): return type name(void) { long __res; __asm__ volatile ("int $0x80" : "=a" (__res) : "0" (__NR_ ##name)); __syscall_return(type,__res); } # macro +ST_priority = 14 +A_fake_root_uid = 91 +I_shm = 2 +UM_ttl = 12 +T_SYMLINK = 3 +SW_GEN = 0 +ST_host_id = 2 +RSYS_acl_group = 53 +NTS_set_ports = 16 +SW_NONE = 17 +PTF_set_role = 15 +PF_delete_na = 1 +RSYS_um_user_exists = 70 +ACLGS_remove_group = 2 +RI_type_comp_scd = 8 +RSYS_list_ta_forget = 87 +PTF_add_purpose = 10 +RI_req_reauth = 25 +PA_task = 0 +RI_type_user_remove = 42 +LDD_false = 0 +RSYS_switch = 12 +RC_role_admin = 1 +ST_quota = 17 +RSYS_pm_change_current_task = 29 +# def RSBAC_RC_TYPE_VECTOR(x): return ((rsbac_rc_type_vector_t) 1 << (x)) # macro +RCR_NONE = 63 +ACLS_ROLE = 1 +T_PROCESS = 8 +RSYS_acl_n = 46 +# def __LDBL_REDIR1(name,proto,alias): return name proto # macro +PF_add_na = 0 +A_mac_initial_categories = 7 +SL_old_none = 6 +A_max_caps_program = 65 +EOPNOTSUPP = 95 # Variable c_int +ENOTSUP = EOPNOTSUPP # alias +R_READ_OPEN = 22 +# def __chk_user_ptr(x): return (void)0 # macro +PF_switch_pm = 17 +A_min_write_open = 24 +A_remote_log_array_high = 82 +R_ACCEPT = 39 +def major(dev): return gnu_dev_major (dev) # macro +UM_homedir = 3 +D_char = 1 +T_NETOBJ = 11 +ST_other = 10 +PTF_add_authorized_tp = 6 +# def RSBAC_MAC_CAT_VECTOR(x): return ((rsbac_mac_category_vector_t) 1 << (x)) # macro +RSYS_um_add_group = 61 +PTF_delete_authorized_task = 23 +RSYS_um_get_gid = 78 +RI_def_fd_ind_create_type = 16 +# __INO_T_TYPE = __ULONGWORD_TYPE # alias +RSYS_rc_select_fd_create_type = 95 +ACLC_set_mask = 5 +RI_type_nettemp_name = 33 +PA_tp_set = 8 +RSYS_get_attr = 3 +RSYS_mac_get_min_level = 20 +ST_kmem = 11 +A_remote_pm_ipc_purpose = 39 +RSYS_rc_get_eff_rights_n = 37 +# def __FDMASK(d): return (1UL << ((d) % __NFDBITS)) # macro +A_rc_initial_role = 56 +R_LINK_HARD = 13 +# def __REDIRECT_NTH(name,proto,alias): return name proto __THROW __asm__ (__ASMNAME (#alias)) # macro +PF_add_consent = 8 +A_mac_role = 15 +A_pax_flags = 73 +# RSBAC_ACL_GROUP_RIGHTS_VECTOR = RSBAC_GROUP_REQUEST_VECTOR # alias +# def __warndecl(name,msg): return extern void name (void) # macro +PF_delete_tp = 25 +R_CHANGE_DAC_FS_GROUP = 47 +I_msg = 1 +LD_inherit = 3 +UM_expire = 11 +T_FIFO = 2 +ST_clock = 1 +# def _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3): return type name(type1 arg1,type2 arg2,type3 arg3) { long __res; __asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" : "=a" (__res) : "0" (__NR_ ##name),"ri" ((long)(arg1)),"c" ((long)(arg2)), "d" ((long)(arg3)) : "memory"); __syscall_return(type,__res); } # macro +NTS_set_netdev = 15 +RSYS_acl_get_mask_n = 52 +PTF_delete_user_aci = 14 +RSYS_um_remove_gm = 69 +ACLGS_change_group = 1 +RI_type_comp_ipc = 7 +# __TIME_T_TYPE = __SLONGWORD_TYPE # alias +R_CLONE = 6 +# __GID_T_TYPE = __U32_TYPE # alias +RSYS_list_ta_commit = 86 +# __FSFILCNT_T_TYPE = __ULONGWORD_TYPE # alias +RI_type_ipc_remove = 41 +PL_task = 0 +RSYS_net_list_all_template = 11 +RC_no_admin = 0 +ST_rsbac_remote_log = 16 +RT_NONE = 2 +UNDEFINED = 3 +# def RSBAC_RC_ROLE_VECTOR(x): return ((rsbac_rc_role_vector_t) 1 << (x)) # macro +RCR_SELECT = 62 +ACLS_USER = 0 +A_daz_scanner = 47 +RSYS_acl = 45 +# def __LDBL_REDIR(name,proto): return name proto # macro +SL_old_inherit = 5 +A_max_caps_user = 64 +__LITTLE_ENDIAN = 1234 # Variable c_int +__BYTE_ORDER = __LITTLE_ENDIAN # alias +BYTE_ORDER = __BYTE_ORDER # alias +RC_role_inherit_up_mixed = 4294967292L # Variable c_uint +RC_default_root_dir_force_role = RC_role_inherit_up_mixed # alias +# def __chk_io_ptr(x): return (void)0 # macro +PF_set_object_class = 16 +A_mac_curr_categories = 23 +A_ff_flags = 48 +PL_class = 1 +A_local_log_array_high = 81 +RSBAC_ACL_SUPERVISOR_RIGHT_VECTOR = 400000000000000L # Variable c_ulonglong +RSBAC_NWS_REQUEST_VECTOR = RSBAC_ACL_SUPERVISOR_RIGHT_VECTOR # alias +# def cond_syscall(x): return asm(".weak\t" #x "\n\t.set\t" #x ",sys_ni_syscall") # macro +UM_fullname = 2 +T_NETTEMP = 10 +NTS_get_type = 6 +ST_rsbac_log = 9 +RC_role_inherit_parent = 4294967293L # Variable c_uint +RC_default_initial_role = RC_role_inherit_parent # alias +def __attribute_format_strfmon__(a,b): return __attribute__ ((__format__ (__strfmon__, a, b))) # macro +SW_REG = 7 +PTF_delete_object_class = 5 +PTF_add_authorized_task = 22 +RSYS_um_set_pass_name = 80 +RI_type_comp_group = 9 +RI_def_fd_create_type = 15 +# __USECONDS_T_TYPE = __U32_TYPE # alias +PO_dir = 5 +RSYS_list_all_ipc = 94 +RI_type_netdev_name = 32 +PA_task_set = 7 +RSYS_mac_set_curr_level = 17 +A_remote_pm_object_class = 36 +ACLR_FORWARD = 56 +ST_none = 24 +RSYS_rc_change_role = 36 +def __FDELT(d): return ((d) / __NFDBITS) # macro +A_rc_force_role = 55 +LL_full = 2 +NTS_delete_template = 2 +PF_delete_authorized_tp = 7 +A_jail_scd_modify = 72 +R_SWITCH_MODULE = 29 +MAC_override = 1 # Variable c_int +RSBAC_MAC_DEF_SECOFF_U_FLAGS = MAC_override # alias +A_pm_role = 31 +R_CHANGE_DAC_EFF_GROUP = 46 +I_sem = 0 +PF_create_tp = 24 +R_CHDIR = 5 +LD_keep = 2 +UM_inactive = 10 +ST_time_strucs = 0 +NTS_set_protocol = 14 +RSYS_acl_get_mask = 51 +SW_UM = 15 +PTF_delete_responsible_user = 13 +RSYS_um_remove_group = 68 +ACLGS_add_group = 0 +RI_type_comp_process = 6 +# __SWBLK_T_TYPE = __SLONGWORD_TYPE # alias +RSYS_list_ta_refresh = 85 +RI_def_unixsock_create_type = 23 +def FD_SET(fd,fdsetp): return __FD_SET (fd, fdsetp) # macro +RI_type_dev_remove = 40 +PH_off = 0 +RSYS_net_template = 10 +__quad_t = c_longlong +__SQUAD_TYPE = __quad_t # alias +RT_TYPE = 1 +RSYS_stats_pm = 27 +# def RSBAC_RC_RIGHTS_VECTOR(x): return ((rsbac_rc_rights_vector_t) 1 << (x)) # macro +RCR_CHANGE_AUTHED_OWNER = 61 +FR_none = 4 +A_daz_scanned = 46 +RSYS_auth_get_p_caplist = 44 +def __GNUC_PREREQ(maj,min): return ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) # macro +A_min_security_level = 5 +SL_old_rsbac_internal = 4 +A_max_caps = 63 +ST_net_id = 3 +R_READ_ATTRIBUTE = 20 +__u_quad_t = c_ulonglong +__UQUAD_TYPE = __u_quad_t # alias +__FSBLKCNT64_T_TYPE = __UQUAD_TYPE # alias +def __cast__(_to): return (_to) # macro +PF_set_role = 15 +A_current_sec_level = 22 +R_BIND = 37 +__BLKCNT64_T_TYPE = __SQUAD_TYPE # alias +LDD_none = 3 +# def _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,type5,arg5,type6,arg6): return type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,type6 arg6) { long __res; struct { long __a1; long __a6; } __s = { (long)arg1, (long)arg6 }; __asm__ volatile ("push %%ebp ; push %%ebx ; movl 4(%2),%%ebp ; " "movl 0(%2),%%ebx ; movl %1,%%eax ; int $0x80 ; " "pop %%ebx ; pop %%ebp" : "=a" (__res) : "i" (__NR_ ##name),"0" ((long)(&__s)),"c" ((long)(arg2)), "d" ((long)(arg3)),"S" ((long)(arg4)),"D" ((long)(arg5)) : "memory"); __syscall_return(type,__res); } # macro +NTS_get_protocol = 7 +UM_pass = 1 +A_none = 97 +RSYS_auth_remove_f_cap = 42 +T_NETDEV = 9 +NTS_get_address_family = 5 +ST_rsbac = 8 +ACT_group_fs = 5 +A_rc_def_role = 58 +SW_AUTH = 6 +PTF_add_object_class = 4 +RSYS_um_auth_uid = 59 +PF_delete_object_class = 5 +def FD_ZERO(fdsetp): return __FD_ZERO (fdsetp) # macro +PTF_set_auth_may_set_cap = 21 +RSYS_um_get_group_list = 76 +ACLGS_get_group_members = 8 +RI_name = 14 +__U64_TYPE = __u_quad_t # alias +PO_ipc = 4 +# __ID_T_TYPE = __U32_TYPE # alias +RSYS_acl_list_all_group = 93 +ACLC_add_to_acl_entry = 3 +RI_type_group_name = 31 +PH_from_other_users = 1 +PA_tkt = 6 +RSYS_stats = 1 +__FD_SETSIZE = 1024 # Variable c_int +FD_SETSIZE = __FD_SETSIZE # alias +RI_none = 48 +PL_none = 7 +RSYS_mac_get_curr_level = 18 +A_pm_ipc_purpose = 37 +RSYS_rc_set_item = 35 +def __CONCAT(x,y): return x ## y # macro +R_CHANGE_DAC_EFF_OWNER = 44 +SR_none = 4 +A_rc_type_nt = 54 +R_GET_PERMISSIONS_DATA = 11 +LL_denied = 1 +def __PMT(args): return args # macro +PF_add_authorized_tp = 6 +A_mac_file_flags = 13 +A_jail_scd_get = 71 +PF_add_authorized_task = 22 +R_SWITCH_LOG = 28 +FF_add_inherited = 128 # Variable c_int +RSBAC_FF_DEF = FF_add_inherited # alias +# def __syscall_return(type,res): return do { if ((unsigned long)(res) >= (unsigned long)(-(128 + 1))) { errno = -(res); res = -1; } return (type) (res); } while (0) # macro +PF_delete_authorized_task = 23 +A_symlink_add_rc_role = 88 +R_CHANGE_DAC_FS_OWNER = 45 +R_UMOUNT = 33 +PL_pp = 5 +LD_allow = 1 +UM_warnchange = 9 +T_FILE = 0 +AMS_none = 4 +NTS_set_type = 13 +PL_na = 2 +SW_DAC_DISABLE = 14 +PTF_add_responsible_user = 12 +RSYS_um_remove_user = 67 +RI_type_comp_user = 5 +# __S32_TYPE = int # alias +R_CHANGE_OWNER = 4 +RSYS_list_ta_begin = 84 +RI_def_group_create_type = 22 +PR_none = 5 +# __MODE_T_TYPE = __U32_TYPE # alias +RI_type_fd_remove = 39 +def __cond_lock(x): return (x) # macro +RSYS_net_list_all_netdev = 9 +RT_ROLE = 0 +RSYS_mac_get_p_trulist = 26 +PA_in_pp_set = 11 +RCR_MODIFY_AUTH = 60 +FR_both = 3 +A_pm_task_set = 45 +RSYS_auth_get_f_caplist = 43 +SL_top_secret = 3 +A_min_caps = 62 +A_log_array_high = 80 +R_READ = 19 +PF_delete_user_aci = 14 +A_remote_log_array_low = 79 +LDD_inherit = 2 +# def _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,type5,arg5): return type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) { long __res; __asm__ volatile ("push %%ebx ; movl %2,%%ebx ; movl %1,%%eax ; " "int $0x80 ; pop %%ebx" : "=a" (__res) : "i" (__NR_ ##name),"ri" ((long)(arg1)),"c" ((long)(arg2)), "d" ((long)(arg3)),"S" ((long)(arg4)),"D" ((long)(arg5)) : "memory"); __syscall_return(type,__res); } # macro +UM_name = 0 +PH_full = 2 +DAZ_unscanned = 0 # Variable c_int +DEFAULT_DAZ_FD_SCANNED = DAZ_unscanned # alias +NTS_get_address = 4 +ST_syslog = 7 +ACT_group_eff = 4 +SW_RC = 5 +PTF_delete_task = 3 +SW_ACL = 8 +RSBAC_ACL_ACCESS_CONTROL_RIGHT_VECTOR = 200000000000000L # Variable c_ulonglong +RSBAC_NWA_REQUEST_VECTOR = RSBAC_ACL_ACCESS_CONTROL_RIGHT_VECTOR # alias +DO_NOT_CARE = 2 +PTF_set_auth_may_setuid = 20 +# __DADDR_T_TYPE = __S32_TYPE # alias +RSYS_um_get_gm_user_list = 75 +ACLGS_get_user_groups = 7 +# asm = __asm__ # alias +__INO64_T_TYPE = __UQUAD_TYPE # alias +RSYS_list_all_group = 92 +ACLC_remove_acl = 2 +RI_type_process_name = 30 +RSYS_um_add_gm = 62 +# __NLINK_T_TYPE = __UWORD_TYPE # alias +PA_pp = 5 +RSYS_version = 0 +ACLG_NONE = 2 +PL_tkt = 6 +RSYS_um_add_user = 60 +ACLR_ACCESS_CONTROL = 57 +ST_capability = 22 +RSYS_rc_get_item = 34 +# def __ASMNAME2(prefix,cname): return __STRING (prefix) cname # macro +RSYS_um_auth_name = 58 +SR_auditor = 3 +LL_none = 0 +R_GET_STATUS_DATA = 12 +R_SHUTDOWN = 27 +A_mac_check = 29 +R_EXECUTE = 10 +A_mac_user_flags = 11 +# def rsbac_min(a,b): return (((a)<(b))?(a):(b)) # macro +UM_maxchange = 8 +AMS_last_auth_and_gid = 3 +def __bos0(ptr): return __builtin_object_size (ptr, 0) # macro +NTS_set_address_family = 12 +ST_sysfs = 15 +PP_TP = 1 +RSYS_um_get_group_item = 66 +RI_type_comp_dev = 4 +__OFF64_T_TYPE = __SQUAD_TYPE # alias +R_CHANGE_GROUP = 3 +__FLOAT_WORD_ORDER = __BYTE_ORDER # alias +RSYS_um_check_account_name = 83 +RI_def_ipc_create_type = 21 +R_IOCTL = 48 +PR_system_admin = 4 +RI_def_fd_ind_create_type_remove = 38 +__NFDBITS = 32 # Variable c_uint +NFDBITS = __NFDBITS # alias +A_auth_last_auth = 94 +PA_none = 13 +RSYS_remove_target_n = 8 +RST_none = 33 +A_max_read_categories = 27 +PH_none = 3 +RSYS_mac_get_f_trulist = 25 +# def RSBAC_IS_ZERO_DEV_DESC(dev): return ((dev.type == D_none) && !dev.major && !dev.minor) # macro +RCR_SUPERVISOR = 59 +FR_euid_only = 2 +A_pm_tp = 44 +PO_non_personal_data = 3 +R_TERMINATE = 30 +# def __FD_ZERO(fdsp): return do { int __d0, __d1; __asm__ __volatile__ ("cld; rep; stosl" : "=c" (__d0), "=D" (__d1) : "a" (0), "0" (sizeof (fd_set) / sizeof (__fd_mask)), "1" (&__FDS_BITS (fdsp)[0]) : "memory"); } while (0) # macro +A_local_sec_level = 3 +SL_secret = 2 +RSYS_pm = 28 +R_MOUNT = 18 +def __bos(ptr): return __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1) # macro +PF_delete_responsible_user = 13 +A_jail_role = 20 +A_local_log_array_low = 78 +R_WRITE_OPEN = 35 +LDD_true = 1 +# def _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4): return type name (type1 arg1, type2 arg2, type3 arg3, type4 arg4) { long __res; __asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" : "=a" (__res) : "0" (__NR_ ##name),"ri" ((long)(arg1)),"c" ((long)(arg2)), "d" ((long)(arg3)),"S" ((long)(arg4)) : "memory"); __syscall_return(type,__res); } # macro +RSYS_acl_get_tlist = 49 +A_remote_ip = 95 +A_pax_role = 21 +R_SEARCH = 25 +T_USER = 7 +LL_request = 3 +NTS_check_id = 3 +RSYS_rc_get_list = 38 +ST_swap = 6 +ACT_group_real = 3 +SW_FF = 4 +RI_type_netobj_remove = 47 +RSYS_rc_get_current_role = 57 +A_auth_learn = 61 +GRANTED = 1 +PTF_set_device_object_type = 19 +RSYS_um_get_gm_list = 74 +ACLGS_remove_member = 6 +RI_type_comp_netobj = 12 +# __SWORD_TYPE = int # alias +# __SSIZE_T_TYPE = __SWORD_TYPE # alias +PO_personal_data = 2 +RSYS_acl_list_all_user = 91 +ACLC_remove_acl_entry = 1 +RI_type_user_name = 29 +A_system_role = 14 +PA_tp = 4 +RSYS_rc_copy_role = 32 +def FD_CLR(fd,fdsetp): return __FD_CLR (fd, fdsetp) # macro +ACLG_PRIVATE = 1 +RI_type_nettemp_remove = 46 +A_mac_process_flags = 12 +RSYS_log = 16 +SW_CAP = 9 +ST_mlock = 21 +A_local_pm_object_class = 35 +SW_SOFTMODE = 13 +RSYS_rc_copy_type = 33 +def __ASMNAME(cname): return __ASMNAME2 (__USER_LABEL_PREFIX__, cname) # macro +PF_set_tp = 26 +D_block_major = 2 +PF_set_auth_may_setuid = 20 +SR_administrator = 2 +A_remote_rc_type = 52 +R_DELETE = 9 +RSYS_acl_get_tlist_n = 50 +SW_RES = 11 +# def __NTH(fct): return fct throw () # macro +PF_add_object_class = 4 +A_jail_flags = 69 +R_REMOVE_FROM_KERNEL = 23 +R_SEND_SIGNAL = 26 +RC_role_inherit_user = 4294967295L # Variable c_uint +RC_default_init_force_role = RC_role_inherit_user # alias +# def __nonnull(params): return __attribute__ ((__nonnull__ params)) # macro +RI_type_scd_name = 36 +PF_set_auth_may_set_cap = 21 +A_mac_auto = 28 +A_symlink_add_uid = 86 +R_NET_SHUTDOWN = 43 +EAGAIN = 11 # Variable c_int +EWOULDBLOCK = EAGAIN # alias +A_mac_categories = 6 +# def rsbac_max(a,b): return (((a)>(b))?(a):(b)) # macro +UM_minchange = 7 +PTF_switch_pm = 17 +AMS_last_auth_only = 2 +A_remote_sec_level = 4 +T_UNIXSOCK = 15 +NTS_set_address = 11 +SW_PAX = 12 +A_initial_security_level = 2 +RSYS_um_get_user_item = 65 +RI_type_comp_fd = 3 +# __RLIM_T_TYPE = __ULONGWORD_TYPE # alias +A_security_level = 1 +R_APPEND_OPEN = 2 +ST_nfsd = 19 +RSYS_um_check_account = 82 +RSYS_mac_get_max_level = 19 +I_none = 6 +RI_def_process_execute_type = 20 +# __UID_T_TYPE = __U32_TYPE # alias +PR_tp_manager = 3 +PTF_delete_purpose = 11 +RI_remove_role = 37 +PA_out_pp_set = 12 +RSYS_remove_target = 7 +SW_FREEZE = 16 +RST_auth_administration = 32 +PTF_delete_consent = 9 +RSYS_mac_remove_f_tru = 24 +RSYS_write = 15 +# def RSBAC_IS_AUTO_DEV_DESC(dev): return ((dev.type == D_none) && (dev.major == 99) && (dev.minor == 99)) # macro +RCR_ACCESS_CONTROL = 58 +FR_uid_only = 1 +A_pm_program_type = 43 +RI_boot_role = 24 +RSYS_auth_add_f_cap = 41 +MA_inherit = 2 +# def __FD_SET(fd,fdsp): return __asm__ __volatile__ ("btsl %1,%0" : "=m" (__FDS_BITS (fdsp)[__FDELT (fd)]) : "r" (((int) (fd)) % __NFDBITS) : "cc","memory") # macro +SL_confidential = 1 +T_NONE = 16 +A_auth_may_set_cap = 60 +R_MODIFY_SYSTEM_DATA = 17 +PF_add_responsible_user = 12 +A_cap_role = 19 +A_log_array_low = 77 +T_FD = 14 +R_WRITE = 34 +# def __REDIRECT(name,proto,alias): return name proto __asm__ (__ASMNAME (#alias)) # macro +# def offsetof(TYPE,MEMBER): return ((size_t) &((TYPE *)0)->MEMBER) # macro +EDEADLK = 35 # Variable c_int +EDEADLOCK = EDEADLK # alias +R_NONE = 51 +I_anonunix = 5 +RI_def_process_chown_type = 19 +T_SCD = 6 +# def HIPQUAD(addr): return ((unsigned char *)&addr)[3], ((unsigned char *)&addr)[2], ((unsigned char *)&addr)[1], ((unsigned char *)&addr)[0] # macro +ST_rlimit = 5 +ACT_fs = 2 +SW_DAZ = 3 +RI_def_user_create_type = 17 +PTF_delete_na = 1 +RSYS_init = 56 +RSYS_set_attr_n = 6 +NOT_GRANTED = 0 +PTF_switch_auth = 18 +RSYS_um_get_user_list = 73 +RI_type_comp_nettemp = 11 +# volatile = __volatile__ # alias +RSYS_get_attr_n = 4 +PO_TP = 1 +RSYS_list_all_user = 90 +ACLC_set_acl_entry = 0 +RI_type_ipc_name = 28 +RI_admin_type = 13 +PA_cs = 3 +RSYS_check = 2 +ACLG_GLOBAL = 0 +RI_type_netdev_remove = 45 +PL_tp = 4 +ACLR_SUPERVISOR = 58 +I_anonpipe = 3 +ST_ksyms = 20 +A_pm_object_class = 34 +R_LISTEN = 38 +def RSBAC_VERSION_MAKE_NR(x,y,z): return ((x << 16) & (y << 8) & z) # macro +def __P(args): return args # macro +A_remote_pm_object_type = 42 +SR_security_officer = 1 +A_local_rc_type = 51 +R_CREATE = 8 +T_DIR = 1 +def __LONG_LONG_PAIR(HI,LO): return LO, HI # macro +A_mac_min_categories = 10 +A_jail_ip = 68 +# def __u_intN_t(N,MODE): return typedef unsigned int u_int ##N ##_t __attribute__ ((__mode__ (MODE))) # macro +RC_default_force_role = RC_role_inherit_parent # alias +# def __isleap(year): return ((year) % 4 == 0 && ((year) % 100 != 0 || (year) % 400 == 0)) # macro +R_RECEIVE = 42 +# def __release(x): return (void)0 # macro +UM_lastchange = 6 +A_mac_prop_trusted = 30 +D_none = 4 +AST_auth_administration = 32 +A_symlink_add_remote_ip = 85 +NTS_get_name = 10 +ST_firewall = 13 +RSYS_um_mod_group = 64 +RI_assign_roles = 2 +__RLIM64_T_TYPE = __UQUAD_TYPE # alias +RI_role_comp = 0 +R_ALTER = 1 +RSYS_um_set_group_pass = 81 +PR_data_protection_officer = 2 +PP_none = 0 +A_cap_ld_env = 96 +# __KEY_T_TYPE = __S32_TYPE # alias +def FD_ISSET(fd,fdsetp): return __FD_ISSET (fd, fdsetp) # macro +RSYS_mac_add_f_tru = 23 +RCR_ASSIGN = 57 +FR_off = 0 +RSYS_auth_remove_p_cap = 40 +MA_yes = 1 +# def __FD_ISSET(fd,fdsp): return (__extension__ ({register char __result; __asm__ __volatile__ ("btl %1,%2 ; setcb %b0" : "=q" (__result) : "r" (((int) (fd)) % __NFDBITS), "m" (__FDS_BITS (fdsp)[__FDELT (fd)]) : "cc"); __result; })) # macro +A_auth_may_setuid = 59 +R_MODIFY_PERMISSIONS_DATA = 16 +__PDP_ENDIAN = 3412 # Variable c_int +PDP_ENDIAN = __PDP_ENDIAN # alias +A_cap_process_hiding = 90 +def __attribute_format_arg__(x): return __attribute__ ((__format_arg__ (x))) # macro +SL_unclassified = 0 +PF_delete_purpose = 11 +A_auth_role = 18 +A_res_max = 76 +A_linux_dac_disable = 89 +A_log_program_based = 83 +# def _syscall2(type,name,type1,arg1,type2,arg2): return type name(type1 arg1,type2 arg2) { long __res; __asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" : "=a" (__res) : "0" (__NR_ ##name),"ri" ((long)(arg1)),"c" ((long)(arg2)) : "memory"); __syscall_return(type,__res); } # macro +PF_none = 28 +R_AUTHENTICATE = 50 +I_mqueue = 4 +A_symlink_add_mac_level = 87 +UM_none = 14 +T_IPC = 5 +NTS_copy_template = 1 +ST_ioports = 4 +ACT_eff = 1 +SW_PM = 2 +A_auid_exempt = 93 +PTF_add_na = 0 +NTS_none = 18 +RSYS_jail = 55 +# __CLOCK_T_TYPE = __SLONGWORD_TYPE # alias +RSYS_um_get_next_user = 72 +ACLGS_list_groups = 4 +PTF_delete_authorized_tp = 7 +RI_type_comp_netdev = 10 +PO_none = 0 +RSYS_acl_list_all_dev = 89 +__S64_TYPE = __quad_t # alias +ST_kexec = 23 +PA_na = 2 +R_READ_WRITE_OPEN = 21 +LITTLE_ENDIAN = __LITTLE_ENDIAN # alias +RI_type_group_remove = 44 +PL_cs = 3 +RC_none = 3 +AST_none = 33 +A_pm_current_task = 33 +RSYS_daz_flush_cache = 31 +# def RSBAC_SCD_VECTOR(x): return ((rsbac_scd_vector_t) 1 << (x)) # macro +ACLS_NONE = 3 +SR_user = 0 +A_rc_select_type = 50 +R_CLOSE = 7 +RSYS_acl_get_rights_n = 48 +# def __LDBL_REDIR_NTH(name,proto): return name proto __THROW # macro +PF_add_task = 2 +A_remote_mac_categories = 9 +A_jail_parent = 67 +R_RENAME = 24 +# def __intN_t(N,MODE): return typedef int int ##N ##_t __attribute__ ((__mode__ (MODE))) # macro +PF_set_device_object_type = 19 +A_max_read_open = 26 +A_log_user_based = 84 +R_SEND = 41 +# def __FDS_BITS(set): return ((set)->fds_bits) # macro +def minor(dev): return gnu_dev_minor (dev) # macro +UM_group = 5 +D_char_major = 3 +AMS_off = 0 +T_GROUP = 13 +# def RSBAC_ERROR(res): return ((res <= -RSBAC_EPERM) && (res >= -RSBAC_EMAX)) # macro +NTS_get_ports = 9 +A_jail_max_caps = 70 +ST_network = 12 +SW_JAIL = 10 +PTF_add_consent = 8 +RSYS_um_mod_user = 63 +RI_admin_roles = 1 +# __SUSECONDS_T_TYPE = __SLONGWORD_TYPE # alias +R_ADD_TO_KERNEL = 0 +RI_def_process_create_type = 18 +PR_security_officer = 1 +AMS_full = 1 +# __FSBLKCNT_T_TYPE = __ULONGWORD_TYPE # alias +ACLC_none = 7 +RI_type_fd_need_secdel = 35 +ACT_none = 6 +PA_pp_set = 10 +RSYS_set_attr = 5 +RSYS_mac_remove_p_tru = 22 +# def RSBAC_ACL_RIGHTS_VECTOR(x): return ((rsbac_acl_rights_vector_t) 1 << (x)) # macro +RCR_ADMIN = 56 +ACLR_NONE = 59 +A_local_pm_object_type = 41 +RSYS_auth_add_p_cap = 39 +MA_no = 0 +# def __FD_CLR(fd,fdsp): return __asm__ __volatile__ ("btrl %1,%0" : "=m" (__FDS_BITS (fdsp)[__FDELT (fd)]) : "r" (((int) (fd)) % __NFDBITS) : "cc","memory") # macro +A_pseudo = 0 +# __CLOCKID_T_TYPE = __S32_TYPE # alias +__BIG_ENDIAN = 4321 # Variable c_int +BIG_ENDIAN = __BIG_ENDIAN # alias +R_MODIFY_ATTRIBUTE = 15 +MAC_allow_auto = 64 # Variable c_int +RSBAC_MAC_DEF_SYSADM_U_FLAGS = MAC_allow_auto # alias +# def __acquire(x): return (void)0 # macro +PF_add_purpose = 10 +A_ff_role = 17 +A_res_min = 75 +def __GLIBC_PREREQ(maj,min): return ((__GLIBC__ << 16) + __GLIBC_MINOR__ >= ((maj) << 16) + (min)) # macro +R_TRUNCATE = 32 +# __BLKCNT_T_TYPE = __SLONGWORD_TYPE # alias +MAC_auto = 2 # Variable c_int +RSBAC_MAC_DEF_INIT_P_FLAGS = MAC_auto # alias +# def _syscall1(type,name,type1,arg1): return type name(type1 arg1) { long __res; __asm__ volatile ("push %%ebx ; movl %2,%%ebx ; int $0x80 ; pop %%ebx" : "=a" (__res) : "0" (__NR_ ##name),"ri" ((long)(arg1)) : "memory"); __syscall_return(type,__res); } # macro +PF_create_ticket = 27 +# __OFF_T_TYPE = __SLONGWORD_TYPE # alias +A_audit_uid = 92 +R_LOCK = 49 +UM_cryptpass = 13 +T_DEV = 4 +# __BLKSIZE_T_TYPE = __SLONGWORD_TYPE # alias +ACLGS_none = 9 +NTS_new_template = 0 +ACT_real = 0 +SW_MAC = 1 +NTS_set_name = 17 +RSYS_reg = 54 +PTF_set_object_class = 16 +A_rc_type_fd = 53 +RSYS_um_group_exists = 71 +D_block = 0 +ACLGS_get_group_entry = 3 +ACLGS_add_member = 5 +__FSFILCNT64_T_TYPE = __UQUAD_TYPE # alias +RSYS_list_all_dev = 88 +LD_deny = 0 +RI_type_fd_name = 26 +PA_class = 1 +RI_type_process_remove = 43 +__DEV_T_TYPE = __UQUAD_TYPE # alias +RSYS_adf_log_switch = 13 +RC_system_admin = 2 +ST_sysctl = 18 +A_res_role = 74 +RSYS_pm_create_file = 30 +# def RSBAC_REQUEST_VECTOR(x): return ((rsbac_request_vector_t) 1 << (x)) # macro +ACLS_GROUP = 2 +A_rc_type = 49 +CAP_NONE = 29 # Variable c_int +RSBAC_CAP_MAX = CAP_NONE # alias +RSYS_acl_get_rights = 47 +# def __LDBL_REDIR1_NTH(name,proto,alias): return name proto __THROW # macro +A_local_mac_categories = 8 +A_jail_id = 66 +# NULL = __null # alias +PF_switch_auth = 18 +A_min_write_categories = 25 +R_CONNECT = 40 +RC_role_use_force_role = 4294967291L # Variable c_uint +RC_default_root_dir_initial_role = RC_role_use_force_role # alias +def makedev(maj,min): return gnu_dev_makedev (maj, min) # macro +UM_shell = 4 +ACLC_remove_user = 6 +T_NETTEMP_NT = 12 +NTS_get_netdev = 8 +A_pm_object_type = 40 +RSYS_um_get_uid = 77 +# __PID_T_TYPE = __S32_TYPE # alias +A_local_pm_ipc_purpose = 38 +PTF_none = 24 +RSYS_um_set_pass = 79 +PTF_add_task = 2 +PR_user = 0 +RSYS_get_adf_log = 14 +RI_type_dev_name = 27 +RSYS_none = 96 +RI_type_netobj_name = 34 +PF_delete_task = 3 +PA_ru_set = 9 +RSYS_mac_add_p_tru = 21 +# def NIPQUAD(addr): return ((unsigned char *)&addr)[0], ((unsigned char *)&addr)[1], ((unsigned char *)&addr)[2], ((unsigned char *)&addr)[3] # macro +A_pm_process_type = 32 +A_rc_role = 57 + +# values for enumeration 'rsbac_acl_subject_type_t' +rsbac_acl_subject_type_t = c_int # enum +__u8 = c_ubyte +rsbac_acl_int_subject_type_t = __u8 +__u32 = c_uint +rsbac_acl_subject_id_t = __u32 + +# values for enumeration 'rsbac_acl_special_rights_t' +rsbac_acl_special_rights_t = c_int # enum +__u64 = c_ulonglong +rsbac_acl_rights_vector_t = __u64 + +# values for enumeration 'rsbac_acl_scd_type_t' +rsbac_acl_scd_type_t = c_int # enum +class rsbac_acl_entry_t(Structure): + pass +rsbac_acl_entry_t._pack_ = 4 +rsbac_acl_entry_t._fields_ = [ + ('subj_type', rsbac_acl_int_subject_type_t), + ('subj_id', rsbac_acl_subject_id_t), + ('rights', rsbac_acl_rights_vector_t), +] +assert sizeof(rsbac_acl_entry_t) == 16, sizeof(rsbac_acl_entry_t) +assert alignment(rsbac_acl_entry_t) == 4, alignment(rsbac_acl_entry_t) +class rsbac_acl_entry_desc_t(Structure): + pass +rsbac_acl_entry_desc_t._fields_ = [ + ('subj_type', rsbac_acl_int_subject_type_t), + ('subj_id', rsbac_acl_subject_id_t), +] +assert sizeof(rsbac_acl_entry_desc_t) == 8, sizeof(rsbac_acl_entry_desc_t) +assert alignment(rsbac_acl_entry_desc_t) == 4, alignment(rsbac_acl_entry_desc_t) + +# values for enumeration 'rsbac_acl_group_type_t' +rsbac_acl_group_type_t = c_int # enum +rsbac_acl_group_id_t = __u32 +class rsbac_acl_group_entry_t(Structure): + pass +rsbac_uid_t = __u32 +rsbac_acl_group_entry_t._fields_ = [ + ('id', rsbac_acl_group_id_t), + ('owner', rsbac_uid_t), + ('type', rsbac_acl_group_type_t), + ('name', c_char * 16), +] +assert sizeof(rsbac_acl_group_entry_t) == 28, sizeof(rsbac_acl_group_entry_t) +assert alignment(rsbac_acl_group_entry_t) == 4, alignment(rsbac_acl_group_entry_t) + +# values for enumeration 'rsbac_acl_syscall_type_t' +rsbac_acl_syscall_type_t = c_int # enum +class rsbac_acl_syscall_arg_t(Structure): + pass + +# values for enumeration 'rsbac_target_t' +rsbac_target_t = c_int # enum +class rsbac_target_id_t(Union): + pass +class rsbac_dev_desc_t(Structure): + pass +rsbac_dev_desc_t._fields_ = [ + ('type', __u32), + ('major', __u32), + ('minor', __u32), +] +assert sizeof(rsbac_dev_desc_t) == 12, sizeof(rsbac_dev_desc_t) +assert alignment(rsbac_dev_desc_t) == 4, alignment(rsbac_dev_desc_t) +class rsbac_ipc_t(Structure): + pass + +# values for enumeration 'rsbac_ipc_type_t' +rsbac_ipc_type_t = c_int # enum +class rsbac_ipc_id_t(Union): + pass +__u_long = c_ulong +u_long = __u_long +rsbac_ipc_id_t._fields_ = [ + ('id_nr', u_long), +] +assert sizeof(rsbac_ipc_id_t) == 4, sizeof(rsbac_ipc_id_t) +assert alignment(rsbac_ipc_id_t) == 4, alignment(rsbac_ipc_id_t) +rsbac_ipc_t._fields_ = [ + ('type', rsbac_ipc_type_t), + ('id', rsbac_ipc_id_t), +] +assert sizeof(rsbac_ipc_t) == 8, sizeof(rsbac_ipc_t) +assert alignment(rsbac_ipc_t) == 4, alignment(rsbac_ipc_t) +rsbac_enum_t = __u8 +rsbac_gid_t = __u32 +rsbac_pid_t = __u32 +__u_char = c_ubyte +u_char = __u_char +rsbac_netdev_id_t = u_char * 17 +rsbac_net_temp_id_t = __u32 +class rsbac_net_obj_desc_t(Structure): + pass +rsbac_net_obj_id_t = c_void_p +__u_int = c_uint +u_int = __u_int +rsbac_net_obj_desc_t._fields_ = [ + ('sock_p', rsbac_net_obj_id_t), + ('local_addr', c_void_p), + ('local_len', u_int), + ('remote_addr', c_void_p), + ('remote_len', u_int), + ('local_temp', rsbac_net_temp_id_t), + ('remote_temp', rsbac_net_temp_id_t), +] +assert sizeof(rsbac_net_obj_desc_t) == 28, sizeof(rsbac_net_obj_desc_t) +assert alignment(rsbac_net_obj_desc_t) == 4, alignment(rsbac_net_obj_desc_t) +rsbac_target_id_t._fields_ = [ + ('dev', rsbac_dev_desc_t), + ('ipc', rsbac_ipc_t), + ('scd', rsbac_enum_t), + ('user', rsbac_uid_t), + ('group', rsbac_gid_t), + ('process', rsbac_pid_t), + ('netdev', rsbac_netdev_id_t), + ('nettemp', rsbac_net_temp_id_t), + ('netobj', rsbac_net_obj_desc_t), + ('dummy', c_int), +] +assert sizeof(rsbac_target_id_t) == 28, sizeof(rsbac_target_id_t) +assert alignment(rsbac_target_id_t) == 4, alignment(rsbac_target_id_t) +rsbac_time_t = __u32 +rsbac_acl_syscall_arg_t._pack_ = 4 +rsbac_acl_syscall_arg_t._fields_ = [ + ('target', rsbac_target_t), + ('tid', rsbac_target_id_t), + ('subj_type', rsbac_acl_subject_type_t), + ('subj_id', rsbac_acl_subject_id_t), + ('rights', rsbac_acl_rights_vector_t), + ('ttl', rsbac_time_t), +] +assert sizeof(rsbac_acl_syscall_arg_t) == 52, sizeof(rsbac_acl_syscall_arg_t) +assert alignment(rsbac_acl_syscall_arg_t) == 4, alignment(rsbac_acl_syscall_arg_t) +class rsbac_acl_syscall_n_arg_t(Structure): + pass +rsbac_acl_syscall_n_arg_t._pack_ = 4 +rsbac_acl_syscall_n_arg_t._fields_ = [ + ('target', rsbac_target_t), + ('name', STRING), + ('subj_type', rsbac_acl_subject_type_t), + ('subj_id', rsbac_acl_subject_id_t), + ('rights', rsbac_acl_rights_vector_t), + ('ttl', rsbac_time_t), +] +assert sizeof(rsbac_acl_syscall_n_arg_t) == 28, sizeof(rsbac_acl_syscall_n_arg_t) +assert alignment(rsbac_acl_syscall_n_arg_t) == 4, alignment(rsbac_acl_syscall_n_arg_t) + +# values for enumeration 'rsbac_acl_group_syscall_type_t' +rsbac_acl_group_syscall_type_t = c_int # enum +class rsbac_acl_add_group_arg_t(Structure): + pass +rsbac_acl_add_group_arg_t._fields_ = [ + ('type', rsbac_acl_group_type_t), + ('name', STRING), + ('group_id_p', POINTER(rsbac_acl_group_id_t)), +] +assert sizeof(rsbac_acl_add_group_arg_t) == 12, sizeof(rsbac_acl_add_group_arg_t) +assert alignment(rsbac_acl_add_group_arg_t) == 4, alignment(rsbac_acl_add_group_arg_t) +class rsbac_acl_change_group_arg_t(Structure): + pass +rsbac_acl_change_group_arg_t._fields_ = [ + ('id', rsbac_acl_group_id_t), + ('owner', rsbac_uid_t), + ('type', rsbac_acl_group_type_t), + ('name', STRING), +] +assert sizeof(rsbac_acl_change_group_arg_t) == 16, sizeof(rsbac_acl_change_group_arg_t) +assert alignment(rsbac_acl_change_group_arg_t) == 4, alignment(rsbac_acl_change_group_arg_t) +class rsbac_acl_remove_group_arg_t(Structure): + pass +rsbac_acl_remove_group_arg_t._fields_ = [ + ('id', rsbac_acl_group_id_t), +] +assert sizeof(rsbac_acl_remove_group_arg_t) == 4, sizeof(rsbac_acl_remove_group_arg_t) +assert alignment(rsbac_acl_remove_group_arg_t) == 4, alignment(rsbac_acl_remove_group_arg_t) +class rsbac_acl_get_group_entry_arg_t(Structure): + pass +rsbac_acl_get_group_entry_arg_t._fields_ = [ + ('id', rsbac_acl_group_id_t), + ('entry_p', POINTER(rsbac_acl_group_entry_t)), +] +assert sizeof(rsbac_acl_get_group_entry_arg_t) == 8, sizeof(rsbac_acl_get_group_entry_arg_t) +assert alignment(rsbac_acl_get_group_entry_arg_t) == 4, alignment(rsbac_acl_get_group_entry_arg_t) +class rsbac_acl_list_groups_arg_t(Structure): + pass +rsbac_boolean_t = u_int +rsbac_acl_list_groups_arg_t._fields_ = [ + ('include_global', rsbac_boolean_t), + ('group_entry_array', POINTER(rsbac_acl_group_entry_t)), + ('maxnum', u_int), +] +assert sizeof(rsbac_acl_list_groups_arg_t) == 12, sizeof(rsbac_acl_list_groups_arg_t) +assert alignment(rsbac_acl_list_groups_arg_t) == 4, alignment(rsbac_acl_list_groups_arg_t) +class rsbac_acl_add_member_arg_t(Structure): + pass +rsbac_acl_add_member_arg_t._fields_ = [ + ('group', rsbac_acl_group_id_t), + ('user', rsbac_uid_t), + ('ttl', rsbac_time_t), +] +assert sizeof(rsbac_acl_add_member_arg_t) == 12, sizeof(rsbac_acl_add_member_arg_t) +assert alignment(rsbac_acl_add_member_arg_t) == 4, alignment(rsbac_acl_add_member_arg_t) +class rsbac_acl_remove_member_arg_t(Structure): + pass +rsbac_acl_remove_member_arg_t._fields_ = [ + ('group', rsbac_acl_group_id_t), + ('user', rsbac_uid_t), +] +assert sizeof(rsbac_acl_remove_member_arg_t) == 8, sizeof(rsbac_acl_remove_member_arg_t) +assert alignment(rsbac_acl_remove_member_arg_t) == 4, alignment(rsbac_acl_remove_member_arg_t) +class rsbac_acl_get_user_groups_arg_t(Structure): + pass +rsbac_acl_get_user_groups_arg_t._fields_ = [ + ('user', rsbac_uid_t), + ('group_array', POINTER(rsbac_acl_group_id_t)), + ('ttl_array', POINTER(rsbac_time_t)), + ('maxnum', u_int), +] +assert sizeof(rsbac_acl_get_user_groups_arg_t) == 16, sizeof(rsbac_acl_get_user_groups_arg_t) +assert alignment(rsbac_acl_get_user_groups_arg_t) == 4, alignment(rsbac_acl_get_user_groups_arg_t) +class rsbac_acl_get_group_members_arg_t(Structure): + pass +rsbac_acl_get_group_members_arg_t._fields_ = [ + ('group', rsbac_acl_group_id_t), + ('user_array', POINTER(rsbac_uid_t)), + ('ttl_array', POINTER(rsbac_time_t)), + ('maxnum', u_int), +] +assert sizeof(rsbac_acl_get_group_members_arg_t) == 16, sizeof(rsbac_acl_get_group_members_arg_t) +assert alignment(rsbac_acl_get_group_members_arg_t) == 4, alignment(rsbac_acl_get_group_members_arg_t) +class rsbac_acl_group_syscall_arg_t(Union): + pass +rsbac_acl_group_syscall_arg_t._fields_ = [ + ('add_group', rsbac_acl_add_group_arg_t), + ('change_group', rsbac_acl_change_group_arg_t), + ('remove_group', rsbac_acl_remove_group_arg_t), + ('get_group_entry', rsbac_acl_get_group_entry_arg_t), + ('list_groups', rsbac_acl_list_groups_arg_t), + ('add_member', rsbac_acl_add_member_arg_t), + ('remove_member', rsbac_acl_remove_member_arg_t), + ('get_user_groups', rsbac_acl_get_user_groups_arg_t), + ('get_group_members', rsbac_acl_get_group_members_arg_t), +] +assert sizeof(rsbac_acl_group_syscall_arg_t) == 16, sizeof(rsbac_acl_group_syscall_arg_t) +assert alignment(rsbac_acl_group_syscall_arg_t) == 4, alignment(rsbac_acl_group_syscall_arg_t) +class rsbac_net_temp_port_range_t(Structure): + pass +__u16 = c_ushort +rsbac_net_temp_port_range_t._fields_ = [ + ('min', __u16), + ('max', __u16), +] +assert sizeof(rsbac_net_temp_port_range_t) == 4, sizeof(rsbac_net_temp_port_range_t) +assert alignment(rsbac_net_temp_port_range_t) == 2, alignment(rsbac_net_temp_port_range_t) +class rsbac_net_temp_inet_addr_t(Structure): + pass +rsbac_net_temp_inet_addr_t._fields_ = [ + ('addr', __u32 * 25), + ('valid_bits', __u8 * 25), + ('nr_addr', __u8), +] +assert sizeof(rsbac_net_temp_inet_addr_t) == 128, sizeof(rsbac_net_temp_inet_addr_t) +assert alignment(rsbac_net_temp_inet_addr_t) == 4, alignment(rsbac_net_temp_inet_addr_t) +class rsbac_net_temp_other_addr_t(Structure): + pass +rsbac_net_temp_other_addr_t._fields_ = [ + ('addr', c_char * 128), + ('valid_len', __u8), +] +assert sizeof(rsbac_net_temp_other_addr_t) == 129, sizeof(rsbac_net_temp_other_addr_t) +assert alignment(rsbac_net_temp_other_addr_t) == 1, alignment(rsbac_net_temp_other_addr_t) +class rsbac_net_temp_ports_t(Structure): + pass +rsbac_net_temp_ports_t._fields_ = [ + ('ports', rsbac_net_temp_port_range_t * 10), + ('nr_ports', __u8), +] +assert sizeof(rsbac_net_temp_ports_t) == 42, sizeof(rsbac_net_temp_ports_t) +assert alignment(rsbac_net_temp_ports_t) == 2, alignment(rsbac_net_temp_ports_t) +class rsbac_net_temp_addr_t(Union): + pass +rsbac_net_temp_addr_t._fields_ = [ + ('inet', rsbac_net_temp_inet_addr_t), + ('other', rsbac_net_temp_other_addr_t), +] +assert sizeof(rsbac_net_temp_addr_t) == 132, sizeof(rsbac_net_temp_addr_t) +assert alignment(rsbac_net_temp_addr_t) == 4, alignment(rsbac_net_temp_addr_t) +class rsbac_net_temp_data_t(Structure): + pass +rsbac_net_temp_data_t._fields_ = [ + ('address', rsbac_net_temp_addr_t), + ('address_family', __u8), + ('type', __u8), + ('protocol', __u8), + ('netdev', rsbac_netdev_id_t), + ('ports', rsbac_net_temp_ports_t), + ('name', c_char * 16), +] +assert sizeof(rsbac_net_temp_data_t) == 212, sizeof(rsbac_net_temp_data_t) +assert alignment(rsbac_net_temp_data_t) == 4, alignment(rsbac_net_temp_data_t) +class rsbac_net_temp_old_data_t(Structure): + pass +rsbac_net_temp_old_data_t._fields_ = [ + ('address', c_char * 128), + ('address_family', __u8), + ('valid_len', __u8), + ('type', __u8), + ('protocol', __u8), + ('netdev', rsbac_netdev_id_t), + ('min_port', __u16), + ('max_port', __u16), + ('name', c_char * 16), +] +assert sizeof(rsbac_net_temp_old_data_t) == 170, sizeof(rsbac_net_temp_old_data_t) +assert alignment(rsbac_net_temp_old_data_t) == 2, alignment(rsbac_net_temp_old_data_t) +class rsbac_net_description_t(Structure): + pass +rsbac_net_description_t._fields_ = [ + ('address_family', __u8), + ('address', c_void_p), + ('address_len', __u8), + ('type', __u8), + ('protocol', __u8), + ('netdev', rsbac_netdev_id_t), + ('port', __u16), +] +assert sizeof(rsbac_net_description_t) == 32, sizeof(rsbac_net_description_t) +assert alignment(rsbac_net_description_t) == 4, alignment(rsbac_net_description_t) + +# values for enumeration 'rsbac_net_temp_syscall_t' +rsbac_net_temp_syscall_t = c_int # enum +class rsbac_net_temp_syscall_data_t(Union): + pass +rsbac_net_temp_syscall_data_t._fields_ = [ + ('id', rsbac_net_temp_id_t), + ('address', rsbac_net_temp_addr_t), + ('address_family', __u8), + ('type', __u8), + ('protocol', __u8), + ('netdev', rsbac_netdev_id_t), + ('ports', rsbac_net_temp_ports_t), + ('name', c_char * 16), +] +assert sizeof(rsbac_net_temp_syscall_data_t) == 132, sizeof(rsbac_net_temp_syscall_data_t) +assert alignment(rsbac_net_temp_syscall_data_t) == 4, alignment(rsbac_net_temp_syscall_data_t) + +# values for enumeration 'rsbac_pm_tkt_function_type_t' +rsbac_pm_tkt_function_type_t = c_int # enum +class rsbac_pm_add_na_t(Structure): + pass +rsbac_pm_task_id_t = __u32 +rsbac_pm_object_class_id_t = __u32 +rsbac_pm_tp_id_t = __u32 +rsbac_pm_accesses_t = __u8 +rsbac_pm_add_na_t._fields_ = [ + ('task', rsbac_pm_task_id_t), + ('object_class', rsbac_pm_object_class_id_t), + ('tp', rsbac_pm_tp_id_t), + ('accesses', rsbac_pm_accesses_t), +] +assert sizeof(rsbac_pm_add_na_t) == 16, sizeof(rsbac_pm_add_na_t) +assert alignment(rsbac_pm_add_na_t) == 4, alignment(rsbac_pm_add_na_t) +class rsbac_pm_delete_na_t(Structure): + pass +rsbac_pm_delete_na_t._fields_ = [ + ('task', rsbac_pm_task_id_t), + ('object_class', rsbac_pm_object_class_id_t), + ('tp', rsbac_pm_tp_id_t), + ('accesses', rsbac_pm_accesses_t), +] +assert sizeof(rsbac_pm_delete_na_t) == 16, sizeof(rsbac_pm_delete_na_t) +assert alignment(rsbac_pm_delete_na_t) == 4, alignment(rsbac_pm_delete_na_t) +class rsbac_pm_add_task_t(Structure): + pass +rsbac_pm_purpose_id_t = __u32 +rsbac_pm_add_task_t._fields_ = [ + ('id', rsbac_pm_task_id_t), + ('purpose', rsbac_pm_purpose_id_t), +] +assert sizeof(rsbac_pm_add_task_t) == 8, sizeof(rsbac_pm_add_task_t) +assert alignment(rsbac_pm_add_task_t) == 4, alignment(rsbac_pm_add_task_t) +class rsbac_pm_delete_task_t(Structure): + pass +rsbac_pm_delete_task_t._fields_ = [ + ('id', rsbac_pm_task_id_t), +] +assert sizeof(rsbac_pm_delete_task_t) == 4, sizeof(rsbac_pm_delete_task_t) +assert alignment(rsbac_pm_delete_task_t) == 4, alignment(rsbac_pm_delete_task_t) +class rsbac_pm_add_object_class_t(Structure): + pass +class rsbac_pm_purpose_list_item_t(Structure): + pass +rsbac_pm_add_object_class_t._fields_ = [ + ('id', rsbac_pm_object_class_id_t), + ('pp_list_p', POINTER(rsbac_pm_purpose_list_item_t)), +] +assert sizeof(rsbac_pm_add_object_class_t) == 8, sizeof(rsbac_pm_add_object_class_t) +assert alignment(rsbac_pm_add_object_class_t) == 4, alignment(rsbac_pm_add_object_class_t) +class rsbac_pm_delete_object_class_t(Structure): + pass +rsbac_pm_delete_object_class_t._fields_ = [ + ('id', rsbac_pm_object_class_id_t), +] +assert sizeof(rsbac_pm_delete_object_class_t) == 4, sizeof(rsbac_pm_delete_object_class_t) +assert alignment(rsbac_pm_delete_object_class_t) == 4, alignment(rsbac_pm_delete_object_class_t) +class rsbac_pm_add_authorized_tp_t(Structure): + pass +rsbac_pm_add_authorized_tp_t._fields_ = [ + ('task', rsbac_pm_task_id_t), + ('tp', rsbac_pm_tp_id_t), +] +assert sizeof(rsbac_pm_add_authorized_tp_t) == 8, sizeof(rsbac_pm_add_authorized_tp_t) +assert alignment(rsbac_pm_add_authorized_tp_t) == 4, alignment(rsbac_pm_add_authorized_tp_t) +class rsbac_pm_delete_authorized_tp_t(Structure): + pass +rsbac_pm_delete_authorized_tp_t._fields_ = [ + ('task', rsbac_pm_task_id_t), + ('tp', rsbac_pm_tp_id_t), +] +assert sizeof(rsbac_pm_delete_authorized_tp_t) == 8, sizeof(rsbac_pm_delete_authorized_tp_t) +assert alignment(rsbac_pm_delete_authorized_tp_t) == 4, alignment(rsbac_pm_delete_authorized_tp_t) +class rsbac_pm_add_consent_t(Structure): + pass +rsbac_pm_add_consent_t._fields_ = [ + ('filename', STRING), + ('purpose', rsbac_pm_purpose_id_t), +] +assert sizeof(rsbac_pm_add_consent_t) == 8, sizeof(rsbac_pm_add_consent_t) +assert alignment(rsbac_pm_add_consent_t) == 4, alignment(rsbac_pm_add_consent_t) +class rsbac_pm_delete_consent_t(Structure): + pass +rsbac_pm_delete_consent_t._fields_ = [ + ('filename', STRING), + ('purpose', rsbac_pm_purpose_id_t), +] +assert sizeof(rsbac_pm_delete_consent_t) == 8, sizeof(rsbac_pm_delete_consent_t) +assert alignment(rsbac_pm_delete_consent_t) == 4, alignment(rsbac_pm_delete_consent_t) +class rsbac_pm_add_purpose_t(Structure): + pass +rsbac_pm_add_purpose_t._fields_ = [ + ('id', rsbac_pm_purpose_id_t), + ('def_class', rsbac_pm_object_class_id_t), +] +assert sizeof(rsbac_pm_add_purpose_t) == 8, sizeof(rsbac_pm_add_purpose_t) +assert alignment(rsbac_pm_add_purpose_t) == 4, alignment(rsbac_pm_add_purpose_t) +class rsbac_pm_delete_purpose_t(Structure): + pass +rsbac_pm_delete_purpose_t._fields_ = [ + ('id', rsbac_pm_purpose_id_t), +] +assert sizeof(rsbac_pm_delete_purpose_t) == 4, sizeof(rsbac_pm_delete_purpose_t) +assert alignment(rsbac_pm_delete_purpose_t) == 4, alignment(rsbac_pm_delete_purpose_t) +class rsbac_pm_add_responsible_user_t(Structure): + pass +rsbac_pm_add_responsible_user_t._fields_ = [ + ('user', rsbac_uid_t), + ('task', rsbac_pm_task_id_t), +] +assert sizeof(rsbac_pm_add_responsible_user_t) == 8, sizeof(rsbac_pm_add_responsible_user_t) +assert alignment(rsbac_pm_add_responsible_user_t) == 4, alignment(rsbac_pm_add_responsible_user_t) +class rsbac_pm_delete_responsible_user_t(Structure): + pass +rsbac_pm_delete_responsible_user_t._fields_ = [ + ('user', rsbac_uid_t), + ('task', rsbac_pm_task_id_t), +] +assert sizeof(rsbac_pm_delete_responsible_user_t) == 8, sizeof(rsbac_pm_delete_responsible_user_t) +assert alignment(rsbac_pm_delete_responsible_user_t) == 4, alignment(rsbac_pm_delete_responsible_user_t) +class rsbac_pm_delete_user_aci_t(Structure): + pass +rsbac_pm_delete_user_aci_t._fields_ = [ + ('id', rsbac_uid_t), +] +assert sizeof(rsbac_pm_delete_user_aci_t) == 4, sizeof(rsbac_pm_delete_user_aci_t) +assert alignment(rsbac_pm_delete_user_aci_t) == 4, alignment(rsbac_pm_delete_user_aci_t) +class rsbac_pm_set_role_t(Structure): + pass + +# values for enumeration 'rsbac_pm_role_t' +rsbac_pm_role_t = c_int # enum +rsbac_pm_set_role_t._fields_ = [ + ('user', rsbac_uid_t), + ('role', rsbac_pm_role_t), +] +assert sizeof(rsbac_pm_set_role_t) == 8, sizeof(rsbac_pm_set_role_t) +assert alignment(rsbac_pm_set_role_t) == 4, alignment(rsbac_pm_set_role_t) +class rsbac_pm_set_object_class_t(Structure): + pass +rsbac_pm_set_object_class_t._fields_ = [ + ('filename', STRING), + ('object_class', rsbac_pm_object_class_id_t), +] +assert sizeof(rsbac_pm_set_object_class_t) == 8, sizeof(rsbac_pm_set_object_class_t) +assert alignment(rsbac_pm_set_object_class_t) == 4, alignment(rsbac_pm_set_object_class_t) +class rsbac_pm_switch_pm_t(Structure): + pass +rsbac_pm_switch_pm_t._fields_ = [ + ('value', rsbac_boolean_t), +] +assert sizeof(rsbac_pm_switch_pm_t) == 4, sizeof(rsbac_pm_switch_pm_t) +assert alignment(rsbac_pm_switch_pm_t) == 4, alignment(rsbac_pm_switch_pm_t) +class rsbac_pm_switch_auth_t(Structure): + pass +rsbac_pm_switch_auth_t._fields_ = [ + ('value', rsbac_boolean_t), +] +assert sizeof(rsbac_pm_switch_auth_t) == 4, sizeof(rsbac_pm_switch_auth_t) +assert alignment(rsbac_pm_switch_auth_t) == 4, alignment(rsbac_pm_switch_auth_t) +class rsbac_pm_set_device_object_type_t(Structure): + pass + +# values for enumeration 'rsbac_pm_object_type_t' +rsbac_pm_object_type_t = c_int # enum +rsbac_pm_set_device_object_type_t._fields_ = [ + ('filename', STRING), + ('object_type', rsbac_pm_object_type_t), + ('object_class', rsbac_pm_object_class_id_t), +] +assert sizeof(rsbac_pm_set_device_object_type_t) == 12, sizeof(rsbac_pm_set_device_object_type_t) +assert alignment(rsbac_pm_set_device_object_type_t) == 4, alignment(rsbac_pm_set_device_object_type_t) +class rsbac_pm_set_auth_may_setuid_t(Structure): + pass +rsbac_pm_set_auth_may_setuid_t._fields_ = [ + ('filename', STRING), + ('value', rsbac_boolean_t), +] +assert sizeof(rsbac_pm_set_auth_may_setuid_t) == 8, sizeof(rsbac_pm_set_auth_may_setuid_t) +assert alignment(rsbac_pm_set_auth_may_setuid_t) == 4, alignment(rsbac_pm_set_auth_may_setuid_t) +class rsbac_pm_set_auth_may_set_cap_t(Structure): + pass +rsbac_pm_set_auth_may_set_cap_t._fields_ = [ + ('filename', STRING), + ('value', rsbac_boolean_t), +] +assert sizeof(rsbac_pm_set_auth_may_set_cap_t) == 8, sizeof(rsbac_pm_set_auth_may_set_cap_t) +assert alignment(rsbac_pm_set_auth_may_set_cap_t) == 4, alignment(rsbac_pm_set_auth_may_set_cap_t) +class rsbac_pm_add_authorized_task_t(Structure): + pass +rsbac_pm_add_authorized_task_t._fields_ = [ + ('user', rsbac_uid_t), + ('task', rsbac_pm_task_id_t), +] +assert sizeof(rsbac_pm_add_authorized_task_t) == 8, sizeof(rsbac_pm_add_authorized_task_t) +assert alignment(rsbac_pm_add_authorized_task_t) == 4, alignment(rsbac_pm_add_authorized_task_t) +class rsbac_pm_delete_authorized_task_t(Structure): + pass +rsbac_pm_delete_authorized_task_t._fields_ = [ + ('user', rsbac_uid_t), + ('task', rsbac_pm_task_id_t), +] +assert sizeof(rsbac_pm_delete_authorized_task_t) == 8, sizeof(rsbac_pm_delete_authorized_task_t) +assert alignment(rsbac_pm_delete_authorized_task_t) == 4, alignment(rsbac_pm_delete_authorized_task_t) +class rsbac_pm_create_tp_t(Structure): + pass +rsbac_pm_create_tp_t._fields_ = [ + ('id', rsbac_pm_tp_id_t), +] +assert sizeof(rsbac_pm_create_tp_t) == 4, sizeof(rsbac_pm_create_tp_t) +assert alignment(rsbac_pm_create_tp_t) == 4, alignment(rsbac_pm_create_tp_t) +class rsbac_pm_delete_tp_t(Structure): + pass +rsbac_pm_delete_tp_t._fields_ = [ + ('id', rsbac_pm_tp_id_t), +] +assert sizeof(rsbac_pm_delete_tp_t) == 4, sizeof(rsbac_pm_delete_tp_t) +assert alignment(rsbac_pm_delete_tp_t) == 4, alignment(rsbac_pm_delete_tp_t) +class rsbac_pm_set_tp_t(Structure): + pass +rsbac_pm_set_tp_t._fields_ = [ + ('filename', STRING), + ('tp', rsbac_pm_tp_id_t), +] +assert sizeof(rsbac_pm_set_tp_t) == 8, sizeof(rsbac_pm_set_tp_t) +assert alignment(rsbac_pm_set_tp_t) == 4, alignment(rsbac_pm_set_tp_t) +class rsbac_pm_tkt_function_param_t(Union): + pass +rsbac_pm_tkt_function_param_t._fields_ = [ + ('add_na', rsbac_pm_add_na_t), + ('delete_na', rsbac_pm_delete_na_t), + ('add_task', rsbac_pm_add_task_t), + ('delete_task', rsbac_pm_delete_task_t), + ('add_object_class', rsbac_pm_add_object_class_t), + ('delete_object_class', rsbac_pm_delete_object_class_t), + ('add_authorized_tp', rsbac_pm_add_authorized_tp_t), + ('delete_authorized_tp', rsbac_pm_delete_authorized_tp_t), + ('add_consent', rsbac_pm_add_consent_t), + ('delete_consent', rsbac_pm_delete_consent_t), + ('add_purpose', rsbac_pm_add_purpose_t), + ('delete_purpose', rsbac_pm_delete_purpose_t), + ('add_responsible_user', rsbac_pm_add_responsible_user_t), + ('delete_responsible_user', rsbac_pm_delete_responsible_user_t), + ('delete_user_aci', rsbac_pm_delete_user_aci_t), + ('set_role', rsbac_pm_set_role_t), + ('set_object_class', rsbac_pm_set_object_class_t), + ('switch_pm', rsbac_pm_switch_pm_t), + ('switch_auth', rsbac_pm_switch_pm_t), + ('set_device_object_type', rsbac_pm_set_device_object_type_t), + ('set_auth_may_setuid', rsbac_pm_set_auth_may_setuid_t), + ('set_auth_may_set_cap', rsbac_pm_set_auth_may_set_cap_t), + ('add_authorized_task', rsbac_pm_add_authorized_task_t), + ('delete_authorized_task', rsbac_pm_delete_authorized_task_t), + ('dummy', c_int), +] +assert sizeof(rsbac_pm_tkt_function_param_t) == 16, sizeof(rsbac_pm_tkt_function_param_t) +assert alignment(rsbac_pm_tkt_function_param_t) == 4, alignment(rsbac_pm_tkt_function_param_t) + +# values for enumeration 'rsbac_pm_function_type_t' +rsbac_pm_function_type_t = c_int # enum +class rsbac_pm_create_ticket_t(Structure): + pass +rsbac_pm_tkt_id_t = __u32 +rsbac_pm_time_stamp_t = rsbac_time_t +rsbac_pm_create_ticket_t._fields_ = [ + ('id', rsbac_pm_tkt_id_t), + ('valid_for', rsbac_pm_time_stamp_t), + ('function_type', rsbac_pm_tkt_function_type_t), + ('function_param', rsbac_pm_tkt_function_param_t), +] +assert sizeof(rsbac_pm_create_ticket_t) == 28, sizeof(rsbac_pm_create_ticket_t) +assert alignment(rsbac_pm_create_ticket_t) == 4, alignment(rsbac_pm_create_ticket_t) +class rsbac_pm_function_param_t(Union): + pass +rsbac_pm_function_param_t._fields_ = [ + ('add_na', rsbac_pm_add_na_t), + ('delete_na', rsbac_pm_delete_na_t), + ('add_task', rsbac_pm_add_task_t), + ('delete_task', rsbac_pm_delete_task_t), + ('add_object_class', rsbac_pm_add_object_class_t), + ('delete_object_class', rsbac_pm_delete_object_class_t), + ('add_authorized_tp', rsbac_pm_add_authorized_tp_t), + ('delete_authorized_tp', rsbac_pm_delete_authorized_tp_t), + ('add_consent', rsbac_pm_add_consent_t), + ('delete_consent', rsbac_pm_delete_consent_t), + ('add_purpose', rsbac_pm_add_purpose_t), + ('delete_purpose', rsbac_pm_delete_purpose_t), + ('add_responsible_user', rsbac_pm_add_responsible_user_t), + ('delete_responsible_user', rsbac_pm_delete_responsible_user_t), + ('delete_user_aci', rsbac_pm_delete_user_aci_t), + ('set_role', rsbac_pm_set_role_t), + ('set_object_class', rsbac_pm_set_object_class_t), + ('switch_pm', rsbac_pm_switch_pm_t), + ('switch_auth', rsbac_pm_switch_pm_t), + ('set_device_object_type', rsbac_pm_set_device_object_type_t), + ('set_auth_may_setuid', rsbac_pm_set_auth_may_setuid_t), + ('set_auth_may_set_cap', rsbac_pm_set_auth_may_set_cap_t), + ('add_authorized_task', rsbac_pm_add_authorized_task_t), + ('delete_authorized_task', rsbac_pm_delete_authorized_task_t), + ('create_tp', rsbac_pm_create_tp_t), + ('delete_tp', rsbac_pm_delete_tp_t), + ('set_tp', rsbac_pm_set_tp_t), + ('create_ticket', rsbac_pm_create_ticket_t), + ('dummy', c_int), +] +assert sizeof(rsbac_pm_function_param_t) == 28, sizeof(rsbac_pm_function_param_t) +assert alignment(rsbac_pm_function_param_t) == 4, alignment(rsbac_pm_function_param_t) +rsbac_pm_task_set_id_t = __u32 +rsbac_pm_tp_set_id_t = __u32 +rsbac_pm_ru_set_id_t = __u32 +__s32 = c_int +rsbac_pm_pp_set_id_t = __s32 +rsbac_pm_in_pp_set_id_t = rsbac_pid_t +rsbac_pm_out_pp_set_id_t = rsbac_pm_in_pp_set_id_t + +# values for enumeration 'rsbac_pm_list_t' +rsbac_pm_list_t = c_int # enum + +# values for enumeration 'rsbac_pm_all_list_t' +rsbac_pm_all_list_t = c_int # enum +rsbac_pm_role_int_t = rsbac_enum_t + +# values for enumeration 'rsbac_pm_process_type_t' +rsbac_pm_process_type_t = c_int # enum +rsbac_pm_process_type_int_t = rsbac_enum_t +rsbac_pm_object_type_int_t = rsbac_enum_t +rsbac_pm_program_type_int_t = rsbac_pm_process_type_int_t +rsbac_pm_purpose_list_item_t._fields_ = [ + ('id', rsbac_pm_purpose_id_t), + ('next', POINTER(rsbac_pm_purpose_list_item_t)), +] +assert sizeof(rsbac_pm_purpose_list_item_t) == 8, sizeof(rsbac_pm_purpose_list_item_t) +assert alignment(rsbac_pm_purpose_list_item_t) == 4, alignment(rsbac_pm_purpose_list_item_t) + +# values for enumeration 'rsbac_rc_special_rights_t' +rsbac_rc_special_rights_t = c_int # enum +rsbac_rc_rights_vector_t = __u64 +rsbac_rc_role_vector_t = __u64 +rsbac_rc_role_id_t = __u32 +rsbac_rc_type_id_t = __u32 +rsbac_request_vector_t = __u64 +rsbac_rc_request_vector_t = rsbac_request_vector_t + +# values for enumeration 'rsbac_rc_admin_type_t' +rsbac_rc_admin_type_t = c_int # enum + +# values for enumeration 'rsbac_rc_scd_type_t' +rsbac_rc_scd_type_t = c_int # enum + +# values for enumeration 'rsbac_rc_target_t' +rsbac_rc_target_t = c_int # enum +class rsbac_rc_target_id_t(Union): + pass +rsbac_rc_target_id_t._fields_ = [ + ('role', rsbac_rc_role_id_t), + ('type', rsbac_rc_type_id_t), +] +assert sizeof(rsbac_rc_target_id_t) == 4, sizeof(rsbac_rc_target_id_t) +assert alignment(rsbac_rc_target_id_t) == 4, alignment(rsbac_rc_target_id_t) + +# values for enumeration 'rsbac_rc_item_t' +rsbac_rc_item_t = c_int # enum +class rsbac_rc_item_value_t(Union): + pass +rsbac_rc_item_value_t._pack_ = 4 +rsbac_rc_item_value_t._fields_ = [ + ('rights', rsbac_rc_rights_vector_t), + ('admin_type', rsbac_rc_admin_type_t), + ('name', c_char * 16), + ('role_id', rsbac_rc_role_id_t), + ('type_id', rsbac_rc_type_id_t), + ('need_secdel', rsbac_boolean_t), + ('comp', rsbac_boolean_t), + ('boot_role', rsbac_boolean_t), + ('req_reauth', rsbac_boolean_t), + ('u_char_dummy', u_char), + ('dummy', c_int), + ('u_dummy', u_int), + ('long_dummy', c_long), + ('long_long_dummy', c_longlong), +] +assert sizeof(rsbac_rc_item_value_t) == 16, sizeof(rsbac_rc_item_value_t) +assert alignment(rsbac_rc_item_value_t) == 4, alignment(rsbac_rc_item_value_t) + +# values for enumeration 'rsbac_syscall_t' +rsbac_syscall_t = c_int # enum +class rsys_check_t(Structure): + pass +rsys_check_t._fields_ = [ + ('correct', c_int), + ('check_inode', c_int), +] +assert sizeof(rsys_check_t) == 8, sizeof(rsys_check_t) +assert alignment(rsys_check_t) == 4, alignment(rsys_check_t) +class rsys_get_attr_t(Structure): + pass +rsbac_list_ta_number_t = __u32 +class rsbac_attribute_value_t(Union): + pass +rsys_get_attr_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('module', rsbac_enum_t), + ('target', rsbac_enum_t), + ('tid', POINTER(rsbac_target_id_t)), + ('attr', rsbac_enum_t), + ('value', POINTER(rsbac_attribute_value_t)), + ('inherit', c_int), +] +assert sizeof(rsys_get_attr_t) == 24, sizeof(rsys_get_attr_t) +assert alignment(rsys_get_attr_t) == 4, alignment(rsys_get_attr_t) +class rsys_get_attr_n_t(Structure): + pass +rsys_get_attr_n_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('module', rsbac_enum_t), + ('target', rsbac_enum_t), + ('t_name', STRING), + ('attr', rsbac_enum_t), + ('value', POINTER(rsbac_attribute_value_t)), + ('inherit', c_int), +] +assert sizeof(rsys_get_attr_n_t) == 24, sizeof(rsys_get_attr_n_t) +assert alignment(rsys_get_attr_n_t) == 4, alignment(rsys_get_attr_n_t) +class rsys_set_attr_t(Structure): + pass +rsys_set_attr_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('module', rsbac_enum_t), + ('target', rsbac_enum_t), + ('tid', POINTER(rsbac_target_id_t)), + ('attr', rsbac_enum_t), + ('value', POINTER(rsbac_attribute_value_t)), +] +assert sizeof(rsys_set_attr_t) == 20, sizeof(rsys_set_attr_t) +assert alignment(rsys_set_attr_t) == 4, alignment(rsys_set_attr_t) +class rsys_set_attr_n_t(Structure): + pass +rsys_set_attr_n_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('module', rsbac_enum_t), + ('target', rsbac_enum_t), + ('t_name', STRING), + ('attr', rsbac_enum_t), + ('value', POINTER(rsbac_attribute_value_t)), +] +assert sizeof(rsys_set_attr_n_t) == 20, sizeof(rsys_set_attr_n_t) +assert alignment(rsys_set_attr_n_t) == 4, alignment(rsys_set_attr_n_t) +class rsys_remove_target_t(Structure): + pass +rsys_remove_target_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('tid', POINTER(rsbac_target_id_t)), +] +assert sizeof(rsys_remove_target_t) == 12, sizeof(rsys_remove_target_t) +assert alignment(rsys_remove_target_t) == 4, alignment(rsys_remove_target_t) +class rsys_remove_target_n_t(Structure): + pass +rsys_remove_target_n_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('t_name', STRING), +] +assert sizeof(rsys_remove_target_n_t) == 12, sizeof(rsys_remove_target_n_t) +assert alignment(rsys_remove_target_n_t) == 4, alignment(rsys_remove_target_n_t) +class rsys_net_list_all_netdev_t(Structure): + pass +rsys_net_list_all_netdev_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('id_p', POINTER(rsbac_netdev_id_t)), + ('maxnum', u_long), +] +assert sizeof(rsys_net_list_all_netdev_t) == 12, sizeof(rsys_net_list_all_netdev_t) +assert alignment(rsys_net_list_all_netdev_t) == 4, alignment(rsys_net_list_all_netdev_t) +class rsys_net_template_t(Structure): + pass +rsys_net_template_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('call', rsbac_enum_t), + ('id', rsbac_net_temp_id_t), + ('data_p', POINTER(rsbac_net_temp_syscall_data_t)), +] +assert sizeof(rsys_net_template_t) == 16, sizeof(rsys_net_template_t) +assert alignment(rsys_net_template_t) == 4, alignment(rsys_net_template_t) +class rsys_net_list_all_template_t(Structure): + pass +rsys_net_list_all_template_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('id_p', POINTER(rsbac_net_temp_id_t)), + ('maxnum', u_long), +] +assert sizeof(rsys_net_list_all_template_t) == 12, sizeof(rsys_net_list_all_template_t) +assert alignment(rsys_net_list_all_template_t) == 4, alignment(rsys_net_list_all_template_t) +class rsys_switch_t(Structure): + pass +rsys_switch_t._fields_ = [ + ('target', rsbac_enum_t), + ('value', c_int), +] +assert sizeof(rsys_switch_t) == 8, sizeof(rsys_switch_t) +assert alignment(rsys_switch_t) == 4, alignment(rsys_switch_t) +class rsys_adf_log_switch_t(Structure): + pass +rsys_adf_log_switch_t._fields_ = [ + ('request', rsbac_enum_t), + ('target', rsbac_enum_t), + ('value', u_int), +] +assert sizeof(rsys_adf_log_switch_t) == 8, sizeof(rsys_adf_log_switch_t) +assert alignment(rsys_adf_log_switch_t) == 4, alignment(rsys_adf_log_switch_t) +class rsys_get_adf_log_t(Structure): + pass +rsys_get_adf_log_t._fields_ = [ + ('request', rsbac_enum_t), + ('target', rsbac_enum_t), + ('value_p', POINTER(u_int)), +] +assert sizeof(rsys_get_adf_log_t) == 8, sizeof(rsys_get_adf_log_t) +assert alignment(rsys_get_adf_log_t) == 4, alignment(rsys_get_adf_log_t) +class rsys_log_t(Structure): + pass +rsys_log_t._fields_ = [ + ('type', c_int), + ('buf', STRING), + ('len', c_int), +] +assert sizeof(rsys_log_t) == 12, sizeof(rsys_log_t) +assert alignment(rsys_log_t) == 4, alignment(rsys_log_t) +class rsys_mac_set_curr_level_t(Structure): + pass +rsbac_security_level_t = __u8 +rsbac_mac_category_vector_t = __u64 +rsys_mac_set_curr_level_t._fields_ = [ + ('level', rsbac_security_level_t), + ('categories_p', POINTER(rsbac_mac_category_vector_t)), +] +assert sizeof(rsys_mac_set_curr_level_t) == 8, sizeof(rsys_mac_set_curr_level_t) +assert alignment(rsys_mac_set_curr_level_t) == 4, alignment(rsys_mac_set_curr_level_t) +class rsys_mac_get_curr_level_t(Structure): + pass +rsys_mac_get_curr_level_t._fields_ = [ + ('level_p', POINTER(rsbac_security_level_t)), + ('categories_p', POINTER(rsbac_mac_category_vector_t)), +] +assert sizeof(rsys_mac_get_curr_level_t) == 8, sizeof(rsys_mac_get_curr_level_t) +assert alignment(rsys_mac_get_curr_level_t) == 4, alignment(rsys_mac_get_curr_level_t) +class rsys_mac_get_max_level_t(Structure): + pass +rsys_mac_get_max_level_t._fields_ = [ + ('level_p', POINTER(rsbac_security_level_t)), + ('categories_p', POINTER(rsbac_mac_category_vector_t)), +] +assert sizeof(rsys_mac_get_max_level_t) == 8, sizeof(rsys_mac_get_max_level_t) +assert alignment(rsys_mac_get_max_level_t) == 4, alignment(rsys_mac_get_max_level_t) +class rsys_mac_get_min_level_t(Structure): + pass +rsys_mac_get_min_level_t._fields_ = [ + ('level_p', POINTER(rsbac_security_level_t)), + ('categories_p', POINTER(rsbac_mac_category_vector_t)), +] +assert sizeof(rsys_mac_get_min_level_t) == 8, sizeof(rsys_mac_get_min_level_t) +assert alignment(rsys_mac_get_min_level_t) == 4, alignment(rsys_mac_get_min_level_t) +class rsys_mac_add_p_tru_t(Structure): + pass +rsys_mac_add_p_tru_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('pid', rsbac_pid_t), + ('uid', rsbac_uid_t), + ('ttl', rsbac_time_t), +] +assert sizeof(rsys_mac_add_p_tru_t) == 16, sizeof(rsys_mac_add_p_tru_t) +assert alignment(rsys_mac_add_p_tru_t) == 4, alignment(rsys_mac_add_p_tru_t) +class rsys_mac_remove_p_tru_t(Structure): + pass +rsys_mac_remove_p_tru_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('pid', rsbac_pid_t), + ('uid', rsbac_uid_t), +] +assert sizeof(rsys_mac_remove_p_tru_t) == 12, sizeof(rsys_mac_remove_p_tru_t) +assert alignment(rsys_mac_remove_p_tru_t) == 4, alignment(rsys_mac_remove_p_tru_t) +class rsys_mac_add_f_tru_t(Structure): + pass +rsys_mac_add_f_tru_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('filename', STRING), + ('uid', rsbac_uid_t), + ('ttl', rsbac_time_t), +] +assert sizeof(rsys_mac_add_f_tru_t) == 16, sizeof(rsys_mac_add_f_tru_t) +assert alignment(rsys_mac_add_f_tru_t) == 4, alignment(rsys_mac_add_f_tru_t) +class rsys_mac_remove_f_tru_t(Structure): + pass +rsys_mac_remove_f_tru_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('filename', STRING), + ('uid', rsbac_uid_t), +] +assert sizeof(rsys_mac_remove_f_tru_t) == 12, sizeof(rsys_mac_remove_f_tru_t) +assert alignment(rsys_mac_remove_f_tru_t) == 4, alignment(rsys_mac_remove_f_tru_t) +class rsys_mac_get_f_trulist_t(Structure): + pass +rsys_mac_get_f_trulist_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('filename', STRING), + ('trulist', POINTER(rsbac_uid_t)), + ('ttllist', POINTER(rsbac_time_t)), + ('maxnum', u_int), +] +assert sizeof(rsys_mac_get_f_trulist_t) == 20, sizeof(rsys_mac_get_f_trulist_t) +assert alignment(rsys_mac_get_f_trulist_t) == 4, alignment(rsys_mac_get_f_trulist_t) +class rsys_mac_get_p_trulist_t(Structure): + pass +rsys_mac_get_p_trulist_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('pid', rsbac_pid_t), + ('trulist', POINTER(rsbac_uid_t)), + ('ttllist', POINTER(rsbac_time_t)), + ('maxnum', u_int), +] +assert sizeof(rsys_mac_get_p_trulist_t) == 20, sizeof(rsys_mac_get_p_trulist_t) +assert alignment(rsys_mac_get_p_trulist_t) == 4, alignment(rsys_mac_get_p_trulist_t) +class rsys_pm_t(Structure): + pass +rsys_pm_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('function', rsbac_enum_t), + ('param_p', POINTER(rsbac_pm_function_param_t)), + ('ticket', rsbac_pm_tkt_id_t), +] +assert sizeof(rsys_pm_t) == 16, sizeof(rsys_pm_t) +assert alignment(rsys_pm_t) == 4, alignment(rsys_pm_t) +class rsys_pm_change_current_task_t(Structure): + pass +rsys_pm_change_current_task_t._fields_ = [ + ('task', rsbac_pm_task_id_t), +] +assert sizeof(rsys_pm_change_current_task_t) == 4, sizeof(rsys_pm_change_current_task_t) +assert alignment(rsys_pm_change_current_task_t) == 4, alignment(rsys_pm_change_current_task_t) +class rsys_pm_create_file_t(Structure): + pass +rsys_pm_create_file_t._fields_ = [ + ('filename', STRING), + ('mode', c_int), + ('object_class', rsbac_pm_object_class_id_t), +] +assert sizeof(rsys_pm_create_file_t) == 12, sizeof(rsys_pm_create_file_t) +assert alignment(rsys_pm_create_file_t) == 4, alignment(rsys_pm_create_file_t) +class rsys_rc_copy_role_t(Structure): + pass +rsys_rc_copy_role_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('from_role', rsbac_rc_role_id_t), + ('to_role', rsbac_rc_role_id_t), +] +assert sizeof(rsys_rc_copy_role_t) == 12, sizeof(rsys_rc_copy_role_t) +assert alignment(rsys_rc_copy_role_t) == 4, alignment(rsys_rc_copy_role_t) +class rsys_rc_copy_type_t(Structure): + pass +rsys_rc_copy_type_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('from_type', rsbac_rc_type_id_t), + ('to_type', rsbac_rc_type_id_t), +] +assert sizeof(rsys_rc_copy_type_t) == 16, sizeof(rsys_rc_copy_type_t) +assert alignment(rsys_rc_copy_type_t) == 4, alignment(rsys_rc_copy_type_t) +class rsys_rc_get_item_t(Structure): + pass +rsys_rc_get_item_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('tid_p', POINTER(rsbac_rc_target_id_t)), + ('subtid_p', POINTER(rsbac_rc_target_id_t)), + ('item', rsbac_enum_t), + ('value_p', POINTER(rsbac_rc_item_value_t)), + ('ttl_p', POINTER(rsbac_time_t)), +] +assert sizeof(rsys_rc_get_item_t) == 28, sizeof(rsys_rc_get_item_t) +assert alignment(rsys_rc_get_item_t) == 4, alignment(rsys_rc_get_item_t) +class rsys_rc_set_item_t(Structure): + pass +rsys_rc_set_item_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('tid_p', POINTER(rsbac_rc_target_id_t)), + ('subtid_p', POINTER(rsbac_rc_target_id_t)), + ('item', rsbac_enum_t), + ('value_p', POINTER(rsbac_rc_item_value_t)), + ('ttl', rsbac_time_t), +] +assert sizeof(rsys_rc_set_item_t) == 28, sizeof(rsys_rc_set_item_t) +assert alignment(rsys_rc_set_item_t) == 4, alignment(rsys_rc_set_item_t) +class rsys_rc_get_list_t(Structure): + pass +rsys_rc_get_list_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('tid_p', POINTER(rsbac_rc_target_id_t)), + ('item', rsbac_enum_t), + ('maxnum', u_int), + ('array_p', POINTER(__u32)), + ('ttl_array_p', POINTER(rsbac_time_t)), +] +assert sizeof(rsys_rc_get_list_t) == 28, sizeof(rsys_rc_get_list_t) +assert alignment(rsys_rc_get_list_t) == 4, alignment(rsys_rc_get_list_t) +class rsys_rc_change_role_t(Structure): + pass +rsys_rc_change_role_t._fields_ = [ + ('role', rsbac_rc_role_id_t), + ('pass', STRING), +] +assert sizeof(rsys_rc_change_role_t) == 8, sizeof(rsys_rc_change_role_t) +assert alignment(rsys_rc_change_role_t) == 4, alignment(rsys_rc_change_role_t) +class rsys_rc_get_eff_rights_n_t(Structure): + pass +rsys_rc_get_eff_rights_n_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('t_name', STRING), + ('request_vector_p', POINTER(rsbac_rc_request_vector_t)), + ('ttl_p', POINTER(rsbac_time_t)), +] +assert sizeof(rsys_rc_get_eff_rights_n_t) == 20, sizeof(rsys_rc_get_eff_rights_n_t) +assert alignment(rsys_rc_get_eff_rights_n_t) == 4, alignment(rsys_rc_get_eff_rights_n_t) +class rsys_rc_get_current_role_t(Structure): + pass +rsys_rc_get_current_role_t._fields_ = [ + ('role_p', POINTER(rsbac_rc_role_id_t)), +] +assert sizeof(rsys_rc_get_current_role_t) == 4, sizeof(rsys_rc_get_current_role_t) +assert alignment(rsys_rc_get_current_role_t) == 4, alignment(rsys_rc_get_current_role_t) +class rsys_auth_add_p_cap_t(Structure): + pass +class rsbac_auth_cap_range_t(Structure): + pass +rsbac_auth_cap_range_t._fields_ = [ + ('first', rsbac_uid_t), + ('last', rsbac_uid_t), +] +assert sizeof(rsbac_auth_cap_range_t) == 8, sizeof(rsbac_auth_cap_range_t) +assert alignment(rsbac_auth_cap_range_t) == 4, alignment(rsbac_auth_cap_range_t) +rsys_auth_add_p_cap_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('pid', rsbac_pid_t), + ('cap_type', rsbac_enum_t), + ('cap_range', rsbac_auth_cap_range_t), + ('ttl', rsbac_time_t), +] +assert sizeof(rsys_auth_add_p_cap_t) == 24, sizeof(rsys_auth_add_p_cap_t) +assert alignment(rsys_auth_add_p_cap_t) == 4, alignment(rsys_auth_add_p_cap_t) +class rsys_auth_remove_p_cap_t(Structure): + pass +rsys_auth_remove_p_cap_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('pid', rsbac_pid_t), + ('cap_type', rsbac_enum_t), + ('cap_range', rsbac_auth_cap_range_t), +] +assert sizeof(rsys_auth_remove_p_cap_t) == 20, sizeof(rsys_auth_remove_p_cap_t) +assert alignment(rsys_auth_remove_p_cap_t) == 4, alignment(rsys_auth_remove_p_cap_t) +class rsys_auth_add_f_cap_t(Structure): + pass +rsys_auth_add_f_cap_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('filename', STRING), + ('cap_type', rsbac_enum_t), + ('cap_range', rsbac_auth_cap_range_t), + ('ttl', rsbac_time_t), +] +assert sizeof(rsys_auth_add_f_cap_t) == 24, sizeof(rsys_auth_add_f_cap_t) +assert alignment(rsys_auth_add_f_cap_t) == 4, alignment(rsys_auth_add_f_cap_t) +class rsys_auth_remove_f_cap_t(Structure): + pass +rsys_auth_remove_f_cap_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('filename', STRING), + ('cap_type', rsbac_enum_t), + ('cap_range', rsbac_auth_cap_range_t), +] +assert sizeof(rsys_auth_remove_f_cap_t) == 20, sizeof(rsys_auth_remove_f_cap_t) +assert alignment(rsys_auth_remove_f_cap_t) == 4, alignment(rsys_auth_remove_f_cap_t) +class rsys_auth_get_f_caplist_t(Structure): + pass +rsys_auth_get_f_caplist_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('filename', STRING), + ('cap_type', rsbac_enum_t), + ('caplist', POINTER(rsbac_auth_cap_range_t)), + ('ttllist', POINTER(rsbac_time_t)), + ('maxnum', u_int), +] +assert sizeof(rsys_auth_get_f_caplist_t) == 24, sizeof(rsys_auth_get_f_caplist_t) +assert alignment(rsys_auth_get_f_caplist_t) == 4, alignment(rsys_auth_get_f_caplist_t) +class rsys_auth_get_p_caplist_t(Structure): + pass +rsys_auth_get_p_caplist_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('pid', rsbac_pid_t), + ('cap_type', rsbac_enum_t), + ('caplist', POINTER(rsbac_auth_cap_range_t)), + ('ttllist', POINTER(rsbac_time_t)), + ('maxnum', u_int), +] +assert sizeof(rsys_auth_get_p_caplist_t) == 24, sizeof(rsys_auth_get_p_caplist_t) +assert alignment(rsys_auth_get_p_caplist_t) == 4, alignment(rsys_auth_get_p_caplist_t) +class rsys_acl_t(Structure): + pass +rsys_acl_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('call', rsbac_enum_t), + ('arg', POINTER(rsbac_acl_syscall_arg_t)), +] +assert sizeof(rsys_acl_t) == 12, sizeof(rsys_acl_t) +assert alignment(rsys_acl_t) == 4, alignment(rsys_acl_t) +class rsys_acl_n_t(Structure): + pass +rsys_acl_n_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('call', rsbac_enum_t), + ('arg', POINTER(rsbac_acl_syscall_n_arg_t)), +] +assert sizeof(rsys_acl_n_t) == 12, sizeof(rsys_acl_n_t) +assert alignment(rsys_acl_n_t) == 4, alignment(rsys_acl_n_t) +class rsys_acl_get_rights_t(Structure): + pass +rsys_acl_get_rights_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('arg', POINTER(rsbac_acl_syscall_arg_t)), + ('rights_p', POINTER(rsbac_acl_rights_vector_t)), + ('effective', u_int), +] +assert sizeof(rsys_acl_get_rights_t) == 16, sizeof(rsys_acl_get_rights_t) +assert alignment(rsys_acl_get_rights_t) == 4, alignment(rsys_acl_get_rights_t) +class rsys_acl_get_rights_n_t(Structure): + pass +rsys_acl_get_rights_n_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('arg', POINTER(rsbac_acl_syscall_n_arg_t)), + ('rights_p', POINTER(rsbac_acl_rights_vector_t)), + ('effective', u_int), +] +assert sizeof(rsys_acl_get_rights_n_t) == 16, sizeof(rsys_acl_get_rights_n_t) +assert alignment(rsys_acl_get_rights_n_t) == 4, alignment(rsys_acl_get_rights_n_t) +class rsys_acl_get_tlist_t(Structure): + pass +rsys_acl_get_tlist_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('tid', POINTER(rsbac_target_id_t)), + ('entry_array', POINTER(rsbac_acl_entry_t)), + ('ttl_array', POINTER(rsbac_time_t)), + ('maxnum', u_int), +] +assert sizeof(rsys_acl_get_tlist_t) == 24, sizeof(rsys_acl_get_tlist_t) +assert alignment(rsys_acl_get_tlist_t) == 4, alignment(rsys_acl_get_tlist_t) +class rsys_acl_get_tlist_n_t(Structure): + pass +rsys_acl_get_tlist_n_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('t_name', STRING), + ('entry_array', POINTER(rsbac_acl_entry_t)), + ('ttl_array', POINTER(rsbac_time_t)), + ('maxnum', u_int), +] +assert sizeof(rsys_acl_get_tlist_n_t) == 24, sizeof(rsys_acl_get_tlist_n_t) +assert alignment(rsys_acl_get_tlist_n_t) == 4, alignment(rsys_acl_get_tlist_n_t) +class rsys_acl_get_mask_t(Structure): + pass +rsys_acl_get_mask_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('tid', POINTER(rsbac_target_id_t)), + ('mask_p', POINTER(rsbac_acl_rights_vector_t)), +] +assert sizeof(rsys_acl_get_mask_t) == 16, sizeof(rsys_acl_get_mask_t) +assert alignment(rsys_acl_get_mask_t) == 4, alignment(rsys_acl_get_mask_t) +class rsys_acl_get_mask_n_t(Structure): + pass +rsys_acl_get_mask_n_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('target', rsbac_enum_t), + ('t_name', STRING), + ('mask_p', POINTER(rsbac_acl_rights_vector_t)), +] +assert sizeof(rsys_acl_get_mask_n_t) == 16, sizeof(rsys_acl_get_mask_n_t) +assert alignment(rsys_acl_get_mask_n_t) == 4, alignment(rsys_acl_get_mask_n_t) +class rsys_acl_group_t(Structure): + pass +rsys_acl_group_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('call', rsbac_enum_t), + ('arg_p', POINTER(rsbac_acl_group_syscall_arg_t)), +] +assert sizeof(rsys_acl_group_t) == 12, sizeof(rsys_acl_group_t) +assert alignment(rsys_acl_group_t) == 4, alignment(rsys_acl_group_t) +class rsys_reg_t(Structure): + pass +rsys_reg_t._fields_ = [ + ('handle', c_long), + ('arg', c_void_p), +] +assert sizeof(rsys_reg_t) == 8, sizeof(rsys_reg_t) +assert alignment(rsys_reg_t) == 4, alignment(rsys_reg_t) +class rsys_jail_t(Structure): + pass +rsbac_version_t = __u32 +rsbac_jail_ip_t = __u32 +rsbac_jail_flags_t = __u32 +rsbac_cap_vector_t = __u32 +rsbac_jail_scd_vector_t = __u32 +rsys_jail_t._fields_ = [ + ('version', rsbac_version_t), + ('path', STRING), + ('ip', rsbac_jail_ip_t), + ('flags', rsbac_jail_flags_t), + ('max_caps', rsbac_cap_vector_t), + ('scd_get', rsbac_jail_scd_vector_t), + ('scd_modify', rsbac_jail_scd_vector_t), +] +assert sizeof(rsys_jail_t) == 28, sizeof(rsys_jail_t) +assert alignment(rsys_jail_t) == 4, alignment(rsys_jail_t) +class rsys_init_t(Structure): + pass +rsys_init_t._fields_ = [ + ('root_dev', STRING), +] +assert sizeof(rsys_init_t) == 4, sizeof(rsys_init_t) +assert alignment(rsys_init_t) == 4, alignment(rsys_init_t) +class rsys_um_auth_name_t(Structure): + pass +rsys_um_auth_name_t._fields_ = [ + ('name', STRING), + ('pass', STRING), +] +assert sizeof(rsys_um_auth_name_t) == 8, sizeof(rsys_um_auth_name_t) +assert alignment(rsys_um_auth_name_t) == 4, alignment(rsys_um_auth_name_t) +class rsys_um_auth_uid_t(Structure): + pass +rsys_um_auth_uid_t._fields_ = [ + ('uid', rsbac_uid_t), + ('pass', STRING), +] +assert sizeof(rsys_um_auth_uid_t) == 8, sizeof(rsys_um_auth_uid_t) +assert alignment(rsys_um_auth_uid_t) == 4, alignment(rsys_um_auth_uid_t) +class rsys_um_add_user_t(Structure): + pass +class rsbac_um_user_entry_t(Structure): + pass +rsys_um_add_user_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('uid', rsbac_uid_t), + ('entry_p', POINTER(rsbac_um_user_entry_t)), + ('pass', STRING), + ('ttl', rsbac_time_t), +] +assert sizeof(rsys_um_add_user_t) == 20, sizeof(rsys_um_add_user_t) +assert alignment(rsys_um_add_user_t) == 4, alignment(rsys_um_add_user_t) +class rsys_um_add_group_t(Structure): + pass +class rsbac_um_group_entry_t(Structure): + pass +rsys_um_add_group_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('gid', rsbac_gid_t), + ('entry_p', POINTER(rsbac_um_group_entry_t)), + ('pass', STRING), + ('ttl', rsbac_time_t), +] +assert sizeof(rsys_um_add_group_t) == 20, sizeof(rsys_um_add_group_t) +assert alignment(rsys_um_add_group_t) == 4, alignment(rsys_um_add_group_t) +class rsys_um_add_gm_t(Structure): + pass +rsys_um_add_gm_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('uid', rsbac_uid_t), + ('gid', rsbac_gid_t), + ('ttl', rsbac_time_t), +] +assert sizeof(rsys_um_add_gm_t) == 16, sizeof(rsys_um_add_gm_t) +assert alignment(rsys_um_add_gm_t) == 4, alignment(rsys_um_add_gm_t) +class rsys_um_mod_user_t(Structure): + pass +class rsbac_um_mod_data_t(Union): + pass +rsys_um_mod_user_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('uid', rsbac_uid_t), + ('mod', rsbac_enum_t), + ('data_p', POINTER(rsbac_um_mod_data_t)), +] +assert sizeof(rsys_um_mod_user_t) == 16, sizeof(rsys_um_mod_user_t) +assert alignment(rsys_um_mod_user_t) == 4, alignment(rsys_um_mod_user_t) +class rsys_um_mod_group_t(Structure): + pass +rsys_um_mod_group_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('gid', rsbac_gid_t), + ('mod', rsbac_enum_t), + ('data_p', POINTER(rsbac_um_mod_data_t)), +] +assert sizeof(rsys_um_mod_group_t) == 16, sizeof(rsys_um_mod_group_t) +assert alignment(rsys_um_mod_group_t) == 4, alignment(rsys_um_mod_group_t) +class rsys_um_get_user_item_t(Structure): + pass +rsys_um_get_user_item_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('uid', rsbac_uid_t), + ('mod', rsbac_enum_t), + ('data_p', POINTER(rsbac_um_mod_data_t)), +] +assert sizeof(rsys_um_get_user_item_t) == 16, sizeof(rsys_um_get_user_item_t) +assert alignment(rsys_um_get_user_item_t) == 4, alignment(rsys_um_get_user_item_t) +class rsys_um_get_group_item_t(Structure): + pass +rsys_um_get_group_item_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('gid', rsbac_gid_t), + ('mod', rsbac_enum_t), + ('data_p', POINTER(rsbac_um_mod_data_t)), +] +assert sizeof(rsys_um_get_group_item_t) == 16, sizeof(rsys_um_get_group_item_t) +assert alignment(rsys_um_get_group_item_t) == 4, alignment(rsys_um_get_group_item_t) +class rsys_um_remove_user_t(Structure): + pass +rsys_um_remove_user_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('uid', rsbac_uid_t), +] +assert sizeof(rsys_um_remove_user_t) == 8, sizeof(rsys_um_remove_user_t) +assert alignment(rsys_um_remove_user_t) == 4, alignment(rsys_um_remove_user_t) +class rsys_um_remove_group_t(Structure): + pass +rsys_um_remove_group_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('gid', rsbac_gid_t), +] +assert sizeof(rsys_um_remove_group_t) == 8, sizeof(rsys_um_remove_group_t) +assert alignment(rsys_um_remove_group_t) == 4, alignment(rsys_um_remove_group_t) +class rsys_um_remove_gm_t(Structure): + pass +rsys_um_remove_gm_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('uid', rsbac_uid_t), + ('gid', rsbac_gid_t), +] +assert sizeof(rsys_um_remove_gm_t) == 12, sizeof(rsys_um_remove_gm_t) +assert alignment(rsys_um_remove_gm_t) == 4, alignment(rsys_um_remove_gm_t) +class rsys_um_user_exists_t(Structure): + pass +rsys_um_user_exists_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('uid', rsbac_uid_t), +] +assert sizeof(rsys_um_user_exists_t) == 8, sizeof(rsys_um_user_exists_t) +assert alignment(rsys_um_user_exists_t) == 4, alignment(rsys_um_user_exists_t) +class rsys_um_group_exists_t(Structure): + pass +rsys_um_group_exists_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('gid', rsbac_gid_t), +] +assert sizeof(rsys_um_group_exists_t) == 8, sizeof(rsys_um_group_exists_t) +assert alignment(rsys_um_group_exists_t) == 4, alignment(rsys_um_group_exists_t) +class rsys_um_get_next_user_t(Structure): + pass +rsys_um_get_next_user_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('old_user', rsbac_uid_t), + ('next_user_p', POINTER(rsbac_uid_t)), +] +assert sizeof(rsys_um_get_next_user_t) == 12, sizeof(rsys_um_get_next_user_t) +assert alignment(rsys_um_get_next_user_t) == 4, alignment(rsys_um_get_next_user_t) +class rsys_um_get_user_list_t(Structure): + pass +rsys_um_get_user_list_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('user_array', POINTER(rsbac_uid_t)), + ('maxnum', u_int), +] +assert sizeof(rsys_um_get_user_list_t) == 12, sizeof(rsys_um_get_user_list_t) +assert alignment(rsys_um_get_user_list_t) == 4, alignment(rsys_um_get_user_list_t) +class rsys_um_get_gm_list_t(Structure): + pass +rsys_um_get_gm_list_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('user', rsbac_uid_t), + ('group_array', POINTER(rsbac_gid_t)), + ('maxnum', u_int), +] +assert sizeof(rsys_um_get_gm_list_t) == 16, sizeof(rsys_um_get_gm_list_t) +assert alignment(rsys_um_get_gm_list_t) == 4, alignment(rsys_um_get_gm_list_t) +class rsys_um_get_gm_user_list_t(Structure): + pass +rsys_um_get_gm_user_list_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('group', rsbac_gid_t), + ('user_array', POINTER(rsbac_uid_t)), + ('maxnum', u_int), +] +assert sizeof(rsys_um_get_gm_user_list_t) == 16, sizeof(rsys_um_get_gm_user_list_t) +assert alignment(rsys_um_get_gm_user_list_t) == 4, alignment(rsys_um_get_gm_user_list_t) +class rsys_um_get_group_list_t(Structure): + pass +rsys_um_get_group_list_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('group_array', POINTER(rsbac_gid_t)), + ('maxnum', u_int), +] +assert sizeof(rsys_um_get_group_list_t) == 12, sizeof(rsys_um_get_group_list_t) +assert alignment(rsys_um_get_group_list_t) == 4, alignment(rsys_um_get_group_list_t) +class rsys_um_get_uid_t(Structure): + pass +rsys_um_get_uid_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('name', STRING), + ('uid_p', POINTER(rsbac_uid_t)), +] +assert sizeof(rsys_um_get_uid_t) == 12, sizeof(rsys_um_get_uid_t) +assert alignment(rsys_um_get_uid_t) == 4, alignment(rsys_um_get_uid_t) +class rsys_um_get_gid_t(Structure): + pass +rsys_um_get_gid_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('name', STRING), + ('gid_p', POINTER(rsbac_gid_t)), +] +assert sizeof(rsys_um_get_gid_t) == 12, sizeof(rsys_um_get_gid_t) +assert alignment(rsys_um_get_gid_t) == 4, alignment(rsys_um_get_gid_t) +class rsys_um_set_pass_t(Structure): + pass +rsys_um_set_pass_t._fields_ = [ + ('uid', rsbac_uid_t), + ('old_pass', STRING), + ('new_pass', STRING), +] +assert sizeof(rsys_um_set_pass_t) == 12, sizeof(rsys_um_set_pass_t) +assert alignment(rsys_um_set_pass_t) == 4, alignment(rsys_um_set_pass_t) +class rsys_um_set_pass_name_t(Structure): + pass +rsys_um_set_pass_name_t._fields_ = [ + ('name', STRING), + ('old_pass', STRING), + ('new_pass', STRING), +] +assert sizeof(rsys_um_set_pass_name_t) == 12, sizeof(rsys_um_set_pass_name_t) +assert alignment(rsys_um_set_pass_name_t) == 4, alignment(rsys_um_set_pass_name_t) +class rsys_um_set_group_pass_t(Structure): + pass +rsys_um_set_group_pass_t._fields_ = [ + ('gid', rsbac_gid_t), + ('new_pass', STRING), +] +assert sizeof(rsys_um_set_group_pass_t) == 8, sizeof(rsys_um_set_group_pass_t) +assert alignment(rsys_um_set_group_pass_t) == 4, alignment(rsys_um_set_group_pass_t) +class rsys_um_check_account_t(Structure): + pass +rsys_um_check_account_t._fields_ = [ + ('uid', rsbac_uid_t), +] +assert sizeof(rsys_um_check_account_t) == 4, sizeof(rsys_um_check_account_t) +assert alignment(rsys_um_check_account_t) == 4, alignment(rsys_um_check_account_t) +class rsys_um_check_account_name_t(Structure): + pass +rsys_um_check_account_name_t._fields_ = [ + ('name', STRING), +] +assert sizeof(rsys_um_check_account_name_t) == 4, sizeof(rsys_um_check_account_name_t) +assert alignment(rsys_um_check_account_name_t) == 4, alignment(rsys_um_check_account_name_t) +class rsys_list_ta_begin_t(Structure): + pass +rsys_list_ta_begin_t._fields_ = [ + ('ttl', rsbac_time_t), + ('ta_number_p', POINTER(rsbac_list_ta_number_t)), + ('commit_uid', rsbac_uid_t), + ('password', STRING), +] +assert sizeof(rsys_list_ta_begin_t) == 16, sizeof(rsys_list_ta_begin_t) +assert alignment(rsys_list_ta_begin_t) == 4, alignment(rsys_list_ta_begin_t) +class rsys_list_ta_refresh_t(Structure): + pass +rsys_list_ta_refresh_t._fields_ = [ + ('ttl', rsbac_time_t), + ('ta_number', rsbac_list_ta_number_t), + ('password', STRING), +] +assert sizeof(rsys_list_ta_refresh_t) == 12, sizeof(rsys_list_ta_refresh_t) +assert alignment(rsys_list_ta_refresh_t) == 4, alignment(rsys_list_ta_refresh_t) +class rsys_list_ta_commit_t(Structure): + pass +rsys_list_ta_commit_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('password', STRING), +] +assert sizeof(rsys_list_ta_commit_t) == 8, sizeof(rsys_list_ta_commit_t) +assert alignment(rsys_list_ta_commit_t) == 4, alignment(rsys_list_ta_commit_t) +class rsys_list_ta_forget_t(Structure): + pass +rsys_list_ta_forget_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('password', STRING), +] +assert sizeof(rsys_list_ta_forget_t) == 8, sizeof(rsys_list_ta_forget_t) +assert alignment(rsys_list_ta_forget_t) == 4, alignment(rsys_list_ta_forget_t) +class rsys_list_all_dev_t(Structure): + pass +rsys_list_all_dev_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('id_p', POINTER(rsbac_dev_desc_t)), + ('maxnum', u_long), +] +assert sizeof(rsys_list_all_dev_t) == 12, sizeof(rsys_list_all_dev_t) +assert alignment(rsys_list_all_dev_t) == 4, alignment(rsys_list_all_dev_t) +class rsys_acl_list_all_dev_t(Structure): + pass +rsys_acl_list_all_dev_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('id_p', POINTER(rsbac_dev_desc_t)), + ('maxnum', u_long), +] +assert sizeof(rsys_acl_list_all_dev_t) == 12, sizeof(rsys_acl_list_all_dev_t) +assert alignment(rsys_acl_list_all_dev_t) == 4, alignment(rsys_acl_list_all_dev_t) +class rsys_list_all_user_t(Structure): + pass +rsys_list_all_user_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('id_p', POINTER(rsbac_uid_t)), + ('maxnum', u_long), +] +assert sizeof(rsys_list_all_user_t) == 12, sizeof(rsys_list_all_user_t) +assert alignment(rsys_list_all_user_t) == 4, alignment(rsys_list_all_user_t) +class rsys_acl_list_all_user_t(Structure): + pass +rsys_acl_list_all_user_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('id_p', POINTER(rsbac_uid_t)), + ('maxnum', u_long), +] +assert sizeof(rsys_acl_list_all_user_t) == 12, sizeof(rsys_acl_list_all_user_t) +assert alignment(rsys_acl_list_all_user_t) == 4, alignment(rsys_acl_list_all_user_t) +class rsys_list_all_group_t(Structure): + pass +rsys_list_all_group_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('id_p', POINTER(rsbac_gid_t)), + ('maxnum', u_long), +] +assert sizeof(rsys_list_all_group_t) == 12, sizeof(rsys_list_all_group_t) +assert alignment(rsys_list_all_group_t) == 4, alignment(rsys_list_all_group_t) +class rsys_acl_list_all_group_t(Structure): + pass +rsys_acl_list_all_group_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('id_p', POINTER(rsbac_gid_t)), + ('maxnum', u_long), +] +assert sizeof(rsys_acl_list_all_group_t) == 12, sizeof(rsys_acl_list_all_group_t) +assert alignment(rsys_acl_list_all_group_t) == 4, alignment(rsys_acl_list_all_group_t) +class rsys_list_all_ipc_t(Structure): + pass +rsys_list_all_ipc_t._fields_ = [ + ('ta_number', rsbac_list_ta_number_t), + ('id_p', POINTER(rsbac_ipc_t)), + ('maxnum', u_long), +] +assert sizeof(rsys_list_all_ipc_t) == 12, sizeof(rsys_list_all_ipc_t) +assert alignment(rsys_list_all_ipc_t) == 4, alignment(rsys_list_all_ipc_t) +class rsys_rc_select_fd_create_type_t(Structure): + pass +rsys_rc_select_fd_create_type_t._fields_ = [ + ('type', rsbac_rc_type_id_t), +] +assert sizeof(rsys_rc_select_fd_create_type_t) == 4, sizeof(rsys_rc_select_fd_create_type_t) +assert alignment(rsys_rc_select_fd_create_type_t) == 4, alignment(rsys_rc_select_fd_create_type_t) +class rsbac_syscall_arg_t(Union): + pass +rsbac_syscall_arg_t._fields_ = [ + ('check', rsys_check_t), + ('get_attr', rsys_get_attr_t), + ('get_attr_n', rsys_get_attr_n_t), + ('set_attr', rsys_set_attr_t), + ('set_attr_n', rsys_set_attr_n_t), + ('remove_target', rsys_remove_target_t), + ('remove_target_n', rsys_remove_target_n_t), + ('net_list_all_netdev', rsys_net_list_all_netdev_t), + ('net_template', rsys_net_template_t), + ('net_list_all_template', rsys_net_list_all_template_t), + ('switch_module', rsys_switch_t), + ('adf_log_switch', rsys_adf_log_switch_t), + ('get_adf_log', rsys_get_adf_log_t), + ('log', rsys_log_t), + ('mac_set_curr_level', rsys_mac_set_curr_level_t), + ('mac_get_curr_level', rsys_mac_get_curr_level_t), + ('mac_get_max_level', rsys_mac_get_max_level_t), + ('mac_get_min_level', rsys_mac_get_min_level_t), + ('mac_add_p_tru', rsys_mac_add_p_tru_t), + ('mac_remove_p_tru', rsys_mac_remove_p_tru_t), + ('mac_add_f_tru', rsys_mac_add_f_tru_t), + ('mac_remove_f_tru', rsys_mac_remove_f_tru_t), + ('mac_get_f_trulist', rsys_mac_get_f_trulist_t), + ('mac_get_p_trulist', rsys_mac_get_p_trulist_t), + ('pm', rsys_pm_t), + ('pm_change_current_task', rsys_pm_change_current_task_t), + ('pm_create_file', rsys_pm_create_file_t), + ('rc_copy_role', rsys_rc_copy_role_t), + ('rc_copy_type', rsys_rc_copy_type_t), + ('rc_get_item', rsys_rc_get_item_t), + ('rc_set_item', rsys_rc_set_item_t), + ('rc_get_list', rsys_rc_get_list_t), + ('rc_change_role', rsys_rc_change_role_t), + ('rc_get_eff_rights_n', rsys_rc_get_eff_rights_n_t), + ('rc_get_current_role', rsys_rc_get_current_role_t), + ('auth_add_p_cap', rsys_auth_add_p_cap_t), + ('auth_remove_p_cap', rsys_auth_remove_p_cap_t), + ('auth_add_f_cap', rsys_auth_add_f_cap_t), + ('auth_remove_f_cap', rsys_auth_remove_f_cap_t), + ('auth_get_f_caplist', rsys_auth_get_f_caplist_t), + ('auth_get_p_caplist', rsys_auth_get_p_caplist_t), + ('acl', rsys_acl_t), + ('acl_n', rsys_acl_n_t), + ('acl_get_rights', rsys_acl_get_rights_t), + ('acl_get_rights_n', rsys_acl_get_rights_n_t), + ('acl_get_tlist', rsys_acl_get_tlist_t), + ('acl_get_tlist_n', rsys_acl_get_tlist_n_t), + ('acl_get_mask', rsys_acl_get_mask_t), + ('acl_get_mask_n', rsys_acl_get_mask_n_t), + ('acl_group', rsys_acl_group_t), + ('reg', rsys_reg_t), + ('jail', rsys_jail_t), + ('init', rsys_init_t), + ('um_auth_name', rsys_um_auth_name_t), + ('um_auth_uid', rsys_um_auth_uid_t), + ('um_add_user', rsys_um_add_user_t), + ('um_add_group', rsys_um_add_group_t), + ('um_add_gm', rsys_um_add_gm_t), + ('um_mod_user', rsys_um_mod_user_t), + ('um_mod_group', rsys_um_mod_group_t), + ('um_get_user_item', rsys_um_get_user_item_t), + ('um_get_group_item', rsys_um_get_group_item_t), + ('um_remove_user', rsys_um_remove_user_t), + ('um_remove_group', rsys_um_remove_group_t), + ('um_remove_gm', rsys_um_remove_gm_t), + ('um_user_exists', rsys_um_user_exists_t), + ('um_group_exists', rsys_um_group_exists_t), + ('um_get_next_user', rsys_um_get_next_user_t), + ('um_get_user_list', rsys_um_get_user_list_t), + ('um_get_gm_list', rsys_um_get_gm_list_t), + ('um_get_gm_user_list', rsys_um_get_gm_user_list_t), + ('um_get_group_list', rsys_um_get_group_list_t), + ('um_get_uid', rsys_um_get_uid_t), + ('um_get_gid', rsys_um_get_gid_t), + ('um_set_pass', rsys_um_set_pass_t), + ('um_set_pass_name', rsys_um_set_pass_name_t), + ('um_set_group_pass', rsys_um_set_group_pass_t), + ('um_check_account', rsys_um_check_account_t), + ('um_check_account_name', rsys_um_check_account_name_t), + ('list_ta_begin', rsys_list_ta_begin_t), + ('list_ta_refresh', rsys_list_ta_refresh_t), + ('list_ta_commit', rsys_list_ta_commit_t), + ('list_ta_forget', rsys_list_ta_forget_t), + ('list_all_dev', rsys_list_all_dev_t), + ('acl_list_all_dev', rsys_acl_list_all_dev_t), + ('list_all_user', rsys_list_all_user_t), + ('acl_list_all_user', rsys_acl_list_all_user_t), + ('list_all_group', rsys_list_all_group_t), + ('acl_list_all_group', rsys_acl_list_all_group_t), + ('list_all_ipc', rsys_list_all_ipc_t), + ('rc_select_fd_create_type', rsys_rc_select_fd_create_type_t), + ('dummy', c_int), +] +assert sizeof(rsbac_syscall_arg_t) == 28, sizeof(rsbac_syscall_arg_t) +assert alignment(rsbac_syscall_arg_t) == 4, alignment(rsbac_syscall_arg_t) +rsbac_old_uid_t = __u16 +rsbac_old_gid_t = __u16 +class rsbac_nanotime_t(Structure): + pass +rsbac_nanotime_t._fields_ = [ + ('sec', rsbac_time_t), + ('nsec', __u32), +] +assert sizeof(rsbac_nanotime_t) == 8, sizeof(rsbac_nanotime_t) +assert alignment(rsbac_nanotime_t) == 4, alignment(rsbac_nanotime_t) +rsbac_boolean_int_t = __u8 +rsbac_pseudo_t = __u32 +rsbac_ta_number_t = __u32 + +# values for enumeration 'rsbac_old_security_level_t' +rsbac_old_security_level_t = c_int # enum +rsbac_cwi_relation_id_t = u_int + +# values for enumeration 'rsbac_system_role_t' +rsbac_system_role_t = c_int # enum +rsbac_system_role_int_t = rsbac_enum_t + +# values for enumeration 'rsbac_fake_root_uid_t' +rsbac_fake_root_uid_t = c_int # enum +rsbac_fake_root_uid_int_t = rsbac_enum_t + +# values for enumeration 'rsbac_scd_type_t' +rsbac_scd_type_t = c_int # enum +rsbac_scd_vector_t = __u32 + +# values for enumeration 'rsbac_dev_type_t' +rsbac_dev_type_t = c_int # enum +rsbac_inode_nr_t = __u32 + +# values for enumeration 'rsbac_linux_dac_disable_t' +rsbac_linux_dac_disable_t = c_int # enum +rsbac_linux_dac_disable_int_t = rsbac_enum_t + +# values for enumeration 'rsbac_log_level_t' +rsbac_log_level_t = c_int # enum +rsbac_log_array_t = __u64 +rsbac_mac_user_flags_t = __u8 +rsbac_mac_process_flags_t = __u16 +rsbac_mac_file_flags_t = __u8 +class rsbac_fs_file_t(Structure): + pass +rsbac_mac_file_t = rsbac_fs_file_t +rsbac_fs_file_t._fields_ = [ +] +rsbac_mac_auto_int_t = rsbac_enum_t + +# values for enumeration 'rsbac_mac_auto_t' +rsbac_mac_auto_t = c_int # enum +rsbac_daz_scanned_t = __u8 +rsbac_daz_scanner_t = __u8 +rsbac_ff_flags_t = __u16 +rsbac_auth_file_t = rsbac_fs_file_t + +# values for enumeration 'rsbac_auth_cap_type_t' +rsbac_auth_cap_type_t = c_int # enum +rsbac_auth_cap_type_int_t = rsbac_enum_t + +# values for enumeration 'rsbac_auth_may_setuid_t' +rsbac_auth_may_setuid_t = c_int # enum +rsbac_auth_may_setuid_int_t = rsbac_enum_t + +# values for enumeration 'rsbac_cap_process_hiding_t' +rsbac_cap_process_hiding_t = c_int # enum +rsbac_cap_process_hiding_int_t = rsbac_enum_t + +# values for enumeration 'rsbac_cap_ld_env_t' +rsbac_cap_ld_env_t = c_int # enum +rsbac_cap_ld_env_int_t = rsbac_enum_t +rsbac_jail_id_t = __u32 +rsbac_pax_flags_t = c_ulong +rsbac_res_limit_t = __u32 +rsbac_res_array_t = rsbac_res_limit_t * 11 +rsbac_reg_handle_t = __s32 + +# values for enumeration 'rsbac_adf_request_t' +rsbac_adf_request_t = c_int # enum +rsbac_adf_request_int_t = rsbac_enum_t + +# values for enumeration 'rsbac_adf_req_ret_t' +rsbac_adf_req_ret_t = c_int # enum + +# values for enumeration 'rsbac_switch_target_t' +rsbac_switch_target_t = c_int # enum +rsbac_switch_target_int_t = rsbac_enum_t + +# values for enumeration 'rsbac_attribute_t' +rsbac_attribute_t = c_int # enum +__u_short = c_ushort +u_short = __u_short +rsbac_attribute_value_t._pack_ = 4 +rsbac_attribute_value_t._fields_ = [ + ('owner', rsbac_uid_t), + ('pseudo', rsbac_pseudo_t), + ('security_level', rsbac_security_level_t), + ('mac_categories', rsbac_mac_category_vector_t), + ('system_role', rsbac_system_role_int_t), + ('current_sec_level', rsbac_security_level_t), + ('min_write_open', rsbac_security_level_t), + ('max_read_open', rsbac_security_level_t), + ('mac_user_flags', rsbac_mac_user_flags_t), + ('mac_process_flags', rsbac_mac_process_flags_t), + ('mac_file_flags', rsbac_mac_file_flags_t), + ('mac_auto', rsbac_mac_auto_int_t), + ('mac_check', rsbac_boolean_t), + ('mac_prop_trusted', rsbac_boolean_t), + ('pm_role', rsbac_pm_role_int_t), + ('pm_process_type', rsbac_pm_process_type_int_t), + ('pm_current_task', rsbac_pm_task_id_t), + ('pm_object_class', rsbac_pm_object_class_id_t), + ('pm_ipc_purpose', rsbac_pm_purpose_id_t), + ('pm_object_type', rsbac_pm_object_type_int_t), + ('pm_program_type', rsbac_pm_program_type_int_t), + ('pm_tp', rsbac_pm_tp_id_t), + ('pm_task_set', rsbac_pm_task_set_id_t), + ('daz_scanned', rsbac_daz_scanned_t), + ('daz_scanner', rsbac_daz_scanner_t), + ('ff_flags', rsbac_ff_flags_t), + ('rc_type', rsbac_rc_type_id_t), + ('rc_type_fd', rsbac_rc_type_id_t), + ('rc_force_role', rsbac_rc_role_id_t), + ('rc_initial_role', rsbac_rc_role_id_t), + ('rc_role', rsbac_rc_role_id_t), + ('rc_def_role', rsbac_rc_role_id_t), + ('auth_may_setuid', rsbac_auth_may_setuid_int_t), + ('auth_may_set_cap', rsbac_boolean_t), + ('auth_p_capset', rsbac_pid_t), + ('auth_f_capset', rsbac_inode_nr_t), + ('auth_learn', rsbac_boolean_t), + ('min_caps', rsbac_cap_vector_t), + ('max_caps', rsbac_cap_vector_t), + ('max_caps_user', rsbac_cap_vector_t), + ('max_caps_program', rsbac_cap_vector_t), + ('jail_id', rsbac_jail_id_t), + ('jail_parent', rsbac_jail_id_t), + ('jail_ip', rsbac_jail_ip_t), + ('jail_flags', rsbac_jail_flags_t), + ('jail_max_caps', rsbac_cap_vector_t), + ('jail_scd_get', rsbac_jail_scd_vector_t), + ('jail_scd_modify', rsbac_jail_scd_vector_t), + ('pax_flags', rsbac_pax_flags_t), + ('res_array', rsbac_res_array_t), + ('log_array_low', rsbac_log_array_t), + ('log_array_high', rsbac_log_array_t), + ('log_program_based', rsbac_request_vector_t), + ('log_user_based', rsbac_request_vector_t), + ('symlink_add_remote_ip', rsbac_enum_t), + ('symlink_add_uid', rsbac_boolean_t), + ('symlink_add_mac_level', rsbac_boolean_t), + ('symlink_add_rc_role', rsbac_boolean_t), + ('linux_dac_disable', rsbac_linux_dac_disable_int_t), + ('cap_process_hiding', rsbac_cap_process_hiding_int_t), + ('fake_root_uid', rsbac_fake_root_uid_int_t), + ('audit_uid', rsbac_uid_t), + ('auid_exempt', rsbac_uid_t), + ('auth_last_auth', rsbac_uid_t), + ('remote_ip', __u32), + ('cap_ld_env', rsbac_cap_ld_env_int_t), + ('rc_select_type', rsbac_rc_type_id_t), + ('u_char_dummy', u_char), + ('u_short_dummy', u_short), + ('dummy', c_int), + ('u_dummy', u_int), + ('long_dummy', c_long), + ('u_long_dummy', u_long), +] +assert sizeof(rsbac_attribute_value_t) == 44, sizeof(rsbac_attribute_value_t) +assert alignment(rsbac_attribute_value_t) == 4, alignment(rsbac_attribute_value_t) +rsbac_um_days_t = __s32 + +# values for enumeration 'rsbac_um_mod_t' +rsbac_um_mod_t = c_int # enum +rsbac_um_mod_data_t._fields_ = [ + ('string', c_char * 256), + ('group', rsbac_gid_t), + ('days', rsbac_um_days_t), + ('ttl', rsbac_time_t), +] +assert sizeof(rsbac_um_mod_data_t) == 256, sizeof(rsbac_um_mod_data_t) +assert alignment(rsbac_um_mod_data_t) == 4, alignment(rsbac_um_mod_data_t) +rsbac_um_user_entry_t._fields_ = [ + ('name', c_char * 16), + ('pass', c_char * 24), + ('fullname', c_char * 30), + ('homedir', c_char * 50), + ('shell', c_char * 24), + ('group', rsbac_gid_t), + ('lastchange', rsbac_um_days_t), + ('minchange', rsbac_um_days_t), + ('maxchange', rsbac_um_days_t), + ('warnchange', rsbac_um_days_t), + ('inactive', rsbac_um_days_t), + ('expire', rsbac_um_days_t), +] +assert sizeof(rsbac_um_user_entry_t) == 172, sizeof(rsbac_um_user_entry_t) +assert alignment(rsbac_um_user_entry_t) == 4, alignment(rsbac_um_user_entry_t) +rsbac_um_group_entry_t._fields_ = [ + ('name', c_char * 16), + ('pass', c_char * 24), +] +assert sizeof(rsbac_um_group_entry_t) == 40, sizeof(rsbac_um_group_entry_t) +assert alignment(rsbac_um_group_entry_t) == 1, alignment(rsbac_um_group_entry_t) +_ATFILE_SOURCE = 1 # Variable c_int +RSBAC_VERSION_MAJOR = 1 # Variable c_int +__NR_clock_settime = 264 # Variable c_int +ETOOMANYREFS = 109 # Variable c_int +__NR_lsetxattr = 227 # Variable c_int +RSBAC_AUTH_GROUP_F_CAP = 4294967293L # Variable c_uint +RSBAC_ACL_DEFAULT_NETDEV_MASK = 700002000129000L # Variable c_ulonglong +__NR_prctl = 172 # Variable c_int +RSBAC_EWEAKPASSWORD = 1032 # Variable c_int +__NR_vfork = 190 # Variable c_int +ENAMETOOLONG = 36 # Variable c_int +__NR_olduname = 109 # Variable c_int +ETXTBSY = 26 # Variable c_int +__clockid_t_defined = 1 # Variable c_int +RSBAC_JAIL_LOCALHOST = 16777343 # Variable c_int +PF_PAX_SEGMEXEC = 536870912 # Variable c_int +__NR_prof = 44 # Variable c_int +RSBAC_ENOTFOUND = 1009 # Variable c_int +EL3HLT = 46 # Variable c_int +CAP_AUDIT_CONTROL = 30 # Variable c_int +RSBAC_DATAPROT_UID = 401 # Variable c_int +RSBAC_CAP_DEFAULT_MIN = 0 # Variable c_uint +RSBAC_ECOULDNOTCREATEPATH = 1014 # Variable c_int +RSBAC_PAX_ALL_FLAGS = 4278190080L # Variable c_ulong +__timer_t_defined = 1 # Variable c_int +__NR_mpx = 56 # Variable c_int +__NR_truncate = 92 # Variable c_int +__SIZEOF_PTHREAD_CONDATTR_T = 4 # Variable c_int +__NR_sync_file_range = 314 # Variable c_int +__NR_mq_open = 277 # Variable c_int +__NR_getdents64 = 220 # Variable c_int +__NR_settimeofday = 79 # Variable c_int +__NR_vserver = 273 # Variable c_int +_LINUX_CAPABILITY_VERSION = 429392688 # Variable c_int +EFBIG = 27 # Variable c_int +RSBAC_EACCESS = 1002 # Variable c_int +__NR_epoll_wait = 256 # Variable c_int +__NR_getresgid = 171 # Variable c_int +__NR_sync = 36 # Variable c_int +RSBAC_AUTH_MAX_RANGE_GID = 4294967286L # Variable c_uint +ENOLINK = 67 # Variable c_int +RSBAC_ENOROOTDEV = 1008 # Variable c_int +MAC_trusted = 4 # Variable c_int +RSBAC_NET_TEMP_INET_ID = 100110 # Variable c_int +RSBAC_AUTH_MAX_RANGE_UID = 4294967286L # Variable c_uint +__NR_create_module = 127 # Variable c_int +EL3RST = 47 # Variable c_int +RSBAC_UM_USER_LIST_NAME = 'um_user' # Variable STRING +EREMOTEIO = 121 # Variable c_int +__SIZEOF_PTHREAD_MUTEXATTR_T = 4 # Variable c_int +CAP_NET_BROADCAST = 11 # Variable c_int +__NR_setresuid = 164 # Variable c_int +RSBAC_UM_PASS_LEN = 24 # Variable c_int +RST_min = 32 # Variable c_int +__NR_swapoff = 115 # Variable c_int +RSBAC_NET_MAX_ADDRESS_LEN = 128 # Variable c_int +RC_type_no_execute = 4294967292L # Variable c_uint +JAIL_allow_dev_write = 1024 # Variable c_int +ENOTUNIQ = 76 # Variable c_int +__NR_readahead = 225 # Variable c_int +RSBAC_NET_TEMP_LAN_ADDRESS = '192.168.0.0' # Variable STRING +RSBAC_UM_FULLNAME_LEN = 30 # Variable c_int +__NR_sysinfo = 116 # Variable c_int +__NR_stat64 = 195 # Variable c_int +RSBAC_PM_A_WRITE = 2 # Variable c_int +__NR_unlink = 10 # Variable c_int +RSBAC_PAX_DEF_FLAGS = 754974720 # Variable c_int +ERESTART = 85 # Variable c_int +__NR_getppid = 64 # Variable c_int +__USE_LARGEFILE64 = 1 # Variable c_int +RSBAC_ALL_USERS = 4294967292L # Variable c_uint +__NR_ugetrlimit = 191 # Variable c_int +__NR_removexattr = 235 # Variable c_int +RSBAC_ACL_MAX_MAXNUM = 1000000 # Variable c_int +__NR_getgid = 47 # Variable c_int +__NR_fremovexattr = 237 # Variable c_int +RSBAC_MAC_NR_CATS = 64 # Variable c_int +EUCLEAN = 117 # Variable c_int +ENOPROTOOPT = 92 # Variable c_int +_SVID_SOURCE = 1 # Variable c_int +__NR_setgid32 = 214 # Variable c_int +RSBAC_UM_USER_LIST_VERSION = 1 # Variable c_int +__NR_waitpid = 7 # Variable c_int +__NR_readlinkat = 305 # Variable c_int +CAP_SYS_RAWIO = 17 # Variable c_int +__NR_uname = 122 # Variable c_int +__NR_setfsgid = 139 # Variable c_int +__SIZEOF_PTHREAD_BARRIER_T = 20 # Variable c_int +__NR_poll = 168 # Variable c_int +__NR_fsync = 118 # Variable c_int +__NR_io_destroy = 246 # Variable c_int +__NR_sched_getscheduler = 157 # Variable c_int +__NR_ioctl = 54 # Variable c_int +RSBAC_PM_DEV_OBJECT_CLASS_ID = 60001 # Variable c_uint +EHOSTDOWN = 112 # Variable c_int +__NR_ftruncate64 = 194 # Variable c_int +_LARGEFILE_SOURCE = 1 # Variable c_int +__NR_timer_gettime = 261 # Variable c_int +__NR_fstat64 = 197 # Variable c_int +EPIPE = 32 # Variable c_int +__NR_sigpending = 73 # Variable c_int +RSBAC_RC_KERNEL_P_TYPE = 999999 # Variable c_int +SL_max = 252 # Variable c_int +__NR_setitimer = 104 # Variable c_int +__NR_tee = 315 # Variable c_int +__NR_restart_syscall = 0 # Variable c_int +__NR_timer_getoverrun = 262 # Variable c_int +EINPROGRESS = 115 # Variable c_int +__NR_exit = 1 # Variable c_int +RSBAC_SEC_DEL_CHUNK_SIZE = 65536 # Variable c_int +RSBAC_MAC_MAX_MAXNUM = 1000000 # Variable c_int +EADDRINUSE = 98 # Variable c_int +RSBAC_NO_USER = 4294967293L # Variable c_uint +RSBAC_MAC_DEF_CAT_VECTOR = 1 # Variable c_ulonglong +FF_no_delete_or_rename = 64 # Variable c_int +__NR_unlinkat = 301 # Variable c_int +__NR_fchown = 95 # Variable c_int +RSBAC_RES_MAX = 10 # Variable c_int +__NR_writev = 146 # Variable c_int +RSBAC_RC_SPECIAL_RIGHT_BASE = 56 # Variable c_int +RSBAC_ALL_GROUPS = 4294967292L # Variable c_uint +__NR_mknod = 14 # Variable c_int +__NR_time = 13 # Variable c_int +RSBAC_ACL_SYSADM_RIGHTS_VECTOR = 0 # Variable c_int +RSBAC_NETDEV_REQUEST_VECTOR = 2000129000 # Variable c_ulonglong +__NR_vm86old = 113 # Variable c_int +_ENDIAN_H = 1 # Variable c_int +__NR_openat = 295 # Variable c_int +__NR_getresgid32 = 211 # Variable c_int +ELIBACC = 79 # Variable c_int +__NR_epoll_create = 254 # Variable c_int +__NR_rename = 38 # Variable c_int +__USE_FORTIFY_LEVEL = 0 # Variable c_int +__NR_idle = 112 # Variable c_int +__NR_sendfile = 187 # Variable c_int +__NR_rt_sigaction = 174 # Variable c_int +EDQUOT = 122 # Variable c_int +ENOENT = 2 # Variable c_int +__NR_socketcall = 102 # Variable c_int +__NR_mount = 21 # Variable c_int +RSBAC_UM_USER_PWHISTORY_LIST_KEY = 8854687 # Variable c_int +__NR_profil = 98 # Variable c_int +__USE_XOPEN_EXTENDED = 1 # Variable c_int +__NR_get_mempolicy = 275 # Variable c_int +__USE_POSIX = 1 # Variable c_int +__NR_inotify_rm_watch = 293 # Variable c_int +ECOMM = 70 # Variable c_int +__NR_flock = 143 # Variable c_int +RSBAC_VERSION = '1.3.0rc1' # Variable STRING +__NR_getpgrp = 65 # Variable c_int +EXFULL = 54 # Variable c_int +__NR_sched_setscheduler = 156 # Variable c_int +RSBAC_ACL_GEN_RIGHTS_VECTOR = 0 # Variable c_int +ENOTDIR = 20 # Variable c_int +__NR_sigreturn = 119 # Variable c_int +RSBAC_AUTH_LOGIN_PATH = '/bin/login' # Variable STRING +RSBAC_PM_A_APPEND = 16 # Variable c_int +__NR_getgroups = 80 # Variable c_int +__NR_mmap2 = 192 # Variable c_int +RSBAC_UM_OLD_USER_PWHISTORY_LIST_NAME = 'um_pwh.' # Variable STRING +__NR_flistxattr = 234 # Variable c_int +__NR_oldfstat = 28 # Variable c_int +__NR_get_thread_area = 244 # Variable c_int +CAP_CHOWN = 0 # Variable c_int +__NR_mq_timedsend = 279 # Variable c_int +__NR_sched_get_priority_max = 159 # Variable c_int +__NR_mprotect = 125 # Variable c_int +__WORDSIZE = 32 # Variable c_int +RSBAC_RC_AUDITOR_ROLE = 3 # Variable c_int +__NR_setgroups = 81 # Variable c_int +EAFNOSUPPORT = 97 # Variable c_int +__NR_setuid32 = 213 # Variable c_int +CAP_LEASE = 28 # Variable c_int +CAP_FSETID = 4 # Variable c_int +ENOPKG = 65 # Variable c_int +__NR_ftime = 35 # Variable c_int +PF_PAX_RANDEXEC = 268435456 # Variable c_int +_XOPEN_SOURCE = 600 # Variable c_int +RSBAC_UM_MAX_MAXNUM = 1000000 # Variable c_int +__NR__newselect = 142 # Variable c_int +__NR_inotify_add_watch = 292 # Variable c_int +__GLIBC__ = 2 # Variable c_int +__USE_ISOC99 = 1 # Variable c_int +EINVAL = 22 # Variable c_int +JAIL_allow_dev_get_status = 128 # Variable c_int +EMEDIUMTYPE = 124 # Variable c_int +__NR_sendfile64 = 239 # Variable c_int +EBFONT = 59 # Variable c_int +DAZ_infected = 1 # Variable c_int +RC_role_min_special = 4294967291L # Variable c_uint +CAP_AUDIT_WRITE = 29 # Variable c_int +RSBAC_SCD_REQUEST_VECTOR = 400139800 # Variable c_ulonglong +RSBAC_OLD_NO_USER = 65533 # Variable c_int +ENOKEY = 126 # Variable c_int +__NR_getpid = 20 # Variable c_int +__NR_setpgid = 57 # Variable c_int +_XLOCALE_H = 1 # Variable c_int +ENODEV = 19 # Variable c_int +__NR_sched_setparam = 154 # Variable c_int +__NR_fdatasync = 148 # Variable c_int +EPROTONOSUPPORT = 93 # Variable c_int +__NR_chroot = 61 # Variable c_int +_POSIX_C_SOURCE = 199506 # Variable c_long +__NR_sgetmask = 68 # Variable c_int +RSBAC_MAX_MOD = 12 # Variable c_int +RSBAC_RC_SYS_TYPE = 2 # Variable c_int +RC_type_min_special = 4294967289L # Variable c_uint +ETIME = 62 # Variable c_int +__NR__llseek = 140 # Variable c_int +__NR_oldlstat = 84 # Variable c_int +ENETRESET = 102 # Variable c_int +__NR_rt_sigreturn = 173 # Variable c_int +__error_t_defined = 1 # Variable c_int +__NR_llistxattr = 233 # Variable c_int +TRUE = 1 # Variable c_int +__time_t_defined = 1 # Variable c_int +RSBAC_RC_OLD_SPECIAL_RIGHT_BASE = 48 # Variable c_int +SL_inherit = 254 # Variable c_int +__NR_waitid = 284 # Variable c_int +EISCONN = 106 # Variable c_int +__USE_POSIX2 = 1 # Variable c_int +ELIBEXEC = 83 # Variable c_int +MAC_read_up = 16 # Variable c_int +EMLINK = 31 # Variable c_int +__NR_execve = 11 # Variable c_int +__NR_creat = 8 # Variable c_int +__NR_sched_getparam = 155 # Variable c_int +__NR_mlock = 150 # Variable c_int +RSBAC_MAC_MAX_CAT = 63 # Variable c_int +__NR_pause = 29 # Variable c_int +FF_no_search = 1024 # Variable c_int +ECANCELED = 125 # Variable c_int +RSBAC_MAC_INHERIT_CAT_VECTOR = 0 # Variable c_ulonglong +__NR_setregid32 = 204 # Variable c_int +RC_type_inherit_process = 4294967295L # Variable c_uint +RSBAC_NET_TEMP_NAMELEN = 16 # Variable c_int +__USE_ATFILE = 1 # Variable c_int +RC_type_use_fd = 4294967289L # Variable c_uint +PF_PAX_EMUTRAMP = 33554432 # Variable c_int +__NR_lstat = 107 # Variable c_int +__NR_lchown = 16 # Variable c_int +FF_append_only = 256 # Variable c_int +RSBAC_NET_TEMP_LNET_ADDRESS = '127.0.0.0' # Variable STRING +__NR_migrate_pages = 294 # Variable c_int +__NR_fstat = 108 # Variable c_int +CAP_SYS_TTY_CONFIG = 26 # Variable c_int +AST_min = 32 # Variable c_int +EIDRM = 43 # Variable c_int +EADDRNOTAVAIL = 99 # Variable c_int +RSBAC_PM_A_ALL = 31 # Variable c_int +__NR_utime = 30 # Variable c_int +__NR_mincore = 218 # Variable c_int +__NR_mremap = 163 # Variable c_int +RSBAC_RC_SEC_TYPE = 1 # Variable c_int +RSBAC_MAC_U_FLAGS = 125 # Variable c_int +CLOCK_THREAD_CPUTIME_ID = 3 # Variable c_int +_POSIX_SOURCE = 1 # Variable c_int +CAP_MKNOD = 27 # Variable c_int +__NR_set_robust_list = 311 # Variable c_int +__NR_setresgid = 170 # Variable c_int +__NR_add_key = 286 # Variable c_int +__NR_stat = 106 # Variable c_int +EPROTOTYPE = 91 # Variable c_int +ENOMEDIUM = 123 # Variable c_int +__NR_ppoll = 309 # Variable c_int +__NR_oldolduname = 59 # Variable c_int +__GLIBC_MINOR__ = 4 # Variable c_int +RSBAC_PM_IPC_OBJECT_CLASS_ID = 60000 # Variable c_uint +RSBAC_MAC_DEF_P_FLAGS = 0 # Variable c_int +RSBAC_AUTH_LOGIN_PATH_DIR = 'bin' # Variable STRING +RC_type_no_chown = 4294967290L # Variable c_uint +__NR_chdir = 12 # Variable c_int +CLOCK_PROCESS_CPUTIME_ID = 2 # Variable c_int +RSBAC_EPERM = 1001 # Variable c_int +RSBAC_EREINIT = 1011 # Variable c_int +RSBAC_UM_USER_PWHISTORY_LIST_NAME = 'um_pwh' # Variable STRING +__NR_readv = 145 # Variable c_int +RSBAC_CAP_DEFAULT_MAX = 4294967295L # Variable c_uint +__NR_renameat = 302 # Variable c_int +ELOOP = 40 # Variable c_int +__NR_swapon = 87 # Variable c_int +RSBAC_ENOTWRITABLE = 1022 # Variable c_int +RSBAC_SYSADM_UID = 0 # Variable c_int +__NR_personality = 136 # Variable c_int +EREMOTE = 66 # Variable c_int +__NR_sigprocmask = 126 # Variable c_int +RSBAC_ENOMEM = 1024 # Variable c_int +__NR_adjtimex = 124 # Variable c_int +_SYS_TYPES_H = 1 # Variable c_int +FF_search_only = 4 # Variable c_int +__NR_clock_getres = 266 # Variable c_int +RSBAC_NETTEMP_REQUEST_VECTOR = 400188300 # Variable c_ulonglong +JAIL_allow_inet_raw = 8 # Variable c_int +FF_read_only = 1 # Variable c_int +__NR_mkdirat = 296 # Variable c_int +RSBAC_NONE_REQUEST_VECTOR = 1038919001 # Variable c_ulonglong +__NR_getxattr = 229 # Variable c_int +__USE_GNU = 1 # Variable c_int +__NR_unshare = 310 # Variable c_int +__NR_io_cancel = 249 # Variable c_int +RSBAC_RC_GENERAL_TYPE = 0 # Variable c_int +__NR_setfsuid = 138 # Variable c_int +__NR_gettid = 224 # Variable c_int +__NR_write = 4 # Variable c_int +CAP_FOWNER = 3 # Variable c_int +ELIBMAX = 82 # Variable c_int +__NR_uselib = 86 # Variable c_int +__NR_ipc = 117 # Variable c_int +__NR_fchdir = 133 # Variable c_int +EMULTIHOP = 72 # Variable c_int +__NR_access = 33 # Variable c_int +__NR_lseek = 19 # Variable c_int +__NR_keyctl = 288 # Variable c_int +RSBAC_PM_A_CREATE = 8 # Variable c_int +RSBAC_EINVALIDVERSION = 1026 # Variable c_int +__USE_SVID = 1 # Variable c_int +RSBAC_UM_HOMEDIR_LEN = 50 # Variable c_int +__NR_madvise = 219 # Variable c_int +__NR_fcntl = 55 # Variable c_int +__USE_ANSI = 1 # Variable c_int +__NR_utimes = 271 # Variable c_int +RSBAC_ADF_REQUEST_ARRAY_VERSION = 2 # Variable c_int +CAP_NET_BIND_SERVICE = 10 # Variable c_int +__NR_epoll_ctl = 255 # Variable c_int +CAP_SYS_TIME = 25 # Variable c_int +EDOTDOT = 73 # Variable c_int +__NR_sigaltstack = 186 # Variable c_int +__NR_fork = 2 # Variable c_int +__NR_setfsgid32 = 216 # Variable c_int +ECONNABORTED = 103 # Variable c_int +EISNAM = 120 # Variable c_int +RSBAC_IFNAMSIZ = 16 # Variable c_int +RSBAC_EINVALIDMODULE = 1027 # Variable c_int +__NR_pread64 = 180 # Variable c_int +RSBAC_NET_NR_PORTS = 10 # Variable c_int +RSBAC_LIST_TTL_KEEP = 4294967295L # Variable c_uint +__NR_pipe = 42 # Variable c_int +__SIZEOF_PTHREAD_RWLOCK_T = 32 # Variable c_int +__NR_vmsplice = 316 # Variable c_int +__STDC_ISO_10646__ = 200009 # Variable c_long +__NR_reboot = 88 # Variable c_int +JAIL_allow_dev_read = 512 # Variable c_int +ELNRNG = 48 # Variable c_int +__NR_capget = 184 # Variable c_int +FALSE = 0 # Variable c_int +RSBAC_RC_NAME_LEN = 16 # Variable c_int +RSBAC_RES_UNSET = 0 # Variable c_int +__NR_kexec_load = 283 # Variable c_int +__NR_getegid32 = 202 # Variable c_int +__USE_LARGEFILE = 1 # Variable c_int +__NR_setuid = 23 # Variable c_int +__NR_fstatfs64 = 269 # Variable c_int +RSBAC_UM_GROUP_LIST_VERSION = 1 # Variable c_int +_FEATURES_H = 1 # Variable c_int +__NR_syslog = 103 # Variable c_int +RC_role_inherit_process = 4294967294L # Variable c_uint +__NR_sched_rr_get_interval = 161 # Variable c_int +__NR_getgroups32 = 205 # Variable c_int +NR_syscalls = 317 # Variable c_int +__NR_mq_notify = 281 # Variable c_int +RSBAC_SECOFF_UID = 400 # Variable c_int +CAP_IPC_OWNER = 15 # Variable c_int +_BITS_TYPES_H = 1 # Variable c_int +__NR_setpriority = 97 # Variable c_int +EILSEQ = 84 # Variable c_int +TIMER_ABSTIME = 1 # Variable c_int +__NR_getcwd = 183 # Variable c_int +__NR_setdomainname = 121 # Variable c_int +EPFNOSUPPORT = 96 # Variable c_int +EFAULT = 14 # Variable c_int +ENONET = 64 # Variable c_int +__NR_link = 9 # Variable c_int +ECHRNG = 44 # Variable c_int +__NR_init_module = 128 # Variable c_int +RSBAC_ACL_GROUP_EVERYONE = 0 # Variable c_int +_XOPEN_SOURCE_EXTENDED = 1 # Variable c_int +__NR_set_tid_address = 258 # Variable c_int +__NR_capset = 185 # Variable c_int +__USE_POSIX199309 = 1 # Variable c_int +CLOCKS_PER_SEC = 1000000 # Variable c_long +RSBAC_NET_TEMP_NAME = 'nettemp' # Variable STRING +RSBAC_EINVALIDPOINTER = 1005 # Variable c_int +__NR_stty = 31 # Variable c_int +__NR_io_getevents = 247 # Variable c_int +__NR_setreuid32 = 203 # Variable c_int +ESRCH = 3 # Variable c_int +__NR_msync = 144 # Variable c_int +__NR_sysfs = 135 # Variable c_int +__USE_XOPEN = 1 # Variable c_int +__NR_getdents = 141 # Variable c_int +RSBAC_AUTH_LOGIN_PATH_FILE = 'login' # Variable STRING +__NR_fgetxattr = 231 # Variable c_int +EKEYREVOKED = 128 # Variable c_int +__NR_open = 5 # Variable c_int +RSBAC_EMALWAREDETECTED = 1023 # Variable c_int +__NR_rt_sigtimedwait = 177 # Variable c_int +RSBAC_NET_TEMP_AUTO_ADDRESS = '0.0.0.0' # Variable STRING +JAIL_allow_dev_mod_system = 256 # Variable c_int +ECONNRESET = 104 # Variable c_int +__NR_wait4 = 114 # Variable c_int +__NR_setregid = 71 # Variable c_int +SL_min = 0 # Variable c_int +EHOSTUNREACH = 113 # Variable c_int +RSBAC_ACL_ACMAN_RIGHTS_VECTOR = 700000000000000L # Variable c_ulonglong +CAP_SYS_BOOT = 22 # Variable c_int +EL2NSYNC = 45 # Variable c_int +ERANGE = 34 # Variable c_int +__NR_madvise1 = 219 # Variable c_int +_BSD_SOURCE = 1 # Variable c_int +ENOMSG = 42 # Variable c_int +RSBAC_ACL_DEFAULT_SCD_MASK = 700000400139800L # Variable c_ulonglong +ENOANO = 55 # Variable c_int +__NR_sethostname = 74 # Variable c_int +__NR_timer_delete = 263 # Variable c_int +EISDIR = 21 # Variable c_int +RSBAC_ACL_GROUP_VERSION = 2 # Variable c_int +__NR_sigaction = 67 # Variable c_int +__NR_sched_get_priority_min = 160 # Variable c_int +__NR_afs_syscall = 137 # Variable c_int +__NR_set_thread_area = 243 # Variable c_int +__GNU_LIBRARY__ = 6 # Variable c_int +_BITS_TYPESIZES_H = 1 # Variable c_int +RSBAC_EEXPIRED = 1028 # Variable c_int +__NR_munlockall = 153 # Variable c_int +__NR_pselect6 = 308 # Variable c_int +__NR_fstatat64 = 300 # Variable c_int +__NR_mq_unlink = 278 # Variable c_int +__NR_readlink = 85 # Variable c_int +CAP_SETPCAP = 8 # Variable c_int +__NR_ioprio_get = 290 # Variable c_int +__NR_pivot_root = 217 # Variable c_int +ESTRPIPE = 86 # Variable c_int +ESHUTDOWN = 108 # Variable c_int +__NR_fstatfs = 100 # Variable c_int +__NR_stime = 25 # Variable c_int +__NR_kill = 37 # Variable c_int +RSBAC_UM_USER_PWHISTORY_LIST_VERSION = 1 # Variable c_int +FF_secure_delete = 16 # Variable c_int +__NR_readdir = 89 # Variable c_int +__NR_rt_sigpending = 176 # Variable c_int +RSBAC_UM_USER_LIST_KEY = 6363636 # Variable c_int +EBADRQC = 56 # Variable c_int +CAP_DAC_READ_SEARCH = 2 # Variable c_int +__NR_geteuid32 = 201 # Variable c_int +CAP_SYS_PACCT = 20 # Variable c_int +RSBAC_NWR_REQUEST_VECTOR = 4195456 # Variable c_ulonglong +EUNATCH = 49 # Variable c_int +__NR_setsid = 66 # Variable c_int +CAP_SYS_ADMIN = 21 # Variable c_int +__GLIBC_HAVE_LONG_LONG = 1 # Variable c_int +JAIL_allow_suid_files = 8192 # Variable c_int +__NR_getpmsg = 188 # Variable c_int +__NR_vhangup = 111 # Variable c_int +JAIL_allow_all_net_family = 2 # Variable c_int +__NR_statfs = 99 # Variable c_int +RSBAC_EREADFAILED = 1003 # Variable c_int +RSBAC_JAIL_DEF_ID = 0 # Variable c_int +EBUSY = 16 # Variable c_int +__NR_symlinkat = 304 # Variable c_int +__NR_ulimit = 58 # Variable c_int +__NR_modify_ldt = 123 # Variable c_int +ENOTTY = 25 # Variable c_int +EKEYEXPIRED = 127 # Variable c_int +RSBAC_ACL_SPECIAL_RIGHT_BASE = 56 # Variable c_int +RSBAC_RC_GENERAL_ROLE = 0 # Variable c_int +__NR_gtty = 32 # Variable c_int +__NR_delete_module = 129 # Variable c_int +__NR_setresuid32 = 208 # Variable c_int +MAC_program_auto = 256 # Variable c_int +RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE = 48 # Variable c_int +FF_no_execute = 32 # Variable c_int +__NR_get_kernel_syms = 130 # Variable c_int +CAP_NET_ADMIN = 12 # Variable c_int +RSBAC_NET_TEMP_LNET_ID = 100101 # Variable c_int +__NR_rt_sigsuspend = 179 # Variable c_int +ENOTNAM = 118 # Variable c_int +__NR_signal = 48 # Variable c_int +MAC_write_down = 32 # Variable c_int +__SIZEOF_PTHREAD_COND_T = 48 # Variable c_int +__NR_fchmodat = 306 # Variable c_int +ENOTSOCK = 88 # Variable c_int +__NR_getuid = 24 # Variable c_int +RSBAC_NET_UNKNOWN = 0 # Variable c_int +RC_role_max_value = 4294967264L # Variable c_uint +FF_write_only = 8 # Variable c_int +__NR_fcntl64 = 221 # Variable c_int +__NR_clock_nanosleep = 267 # Variable c_int +MAC_write_up = 8 # Variable c_int +RC_type_inherit_parent = 4294967294L # Variable c_uint +ECHILD = 10 # Variable c_int +PF_PAX_RANDMMAP = 134217728 # Variable c_int +__NR_io_setup = 245 # Variable c_int +MAC_prop_trusted = 128 # Variable c_int +RSBAC_EDECISIONMISMATCH = 1025 # Variable c_int +__USE_XOPEN2K = 1 # Variable c_int +RSBAC_UM_SHELL_LEN = 24 # Variable c_int +__NR_chown32 = 212 # Variable c_int +__NR_lremovexattr = 236 # Variable c_int +RSBAC_PM_A_READ = 1 # Variable c_int +ETIMEDOUT = 110 # Variable c_int +__timespec_defined = 1 # Variable c_int +RSBAC_AUDITOR_UID = 404 # Variable c_int +RSBAC_ENOTINITIALIZED = 1010 # Variable c_int +__NR__sysctl = 149 # Variable c_int +__NR_getegid = 50 # Variable c_int +__NR_timer_create = 259 # Variable c_int +EALREADY = 114 # Variable c_int +CAP_NET_RAW = 13 # Variable c_int +__SIZEOF_PTHREAD_BARRIERATTR_T = 4 # Variable c_int +__NR_rt_sigprocmask = 175 # Variable c_int +EMFILE = 24 # Variable c_int +__NR_getgid32 = 200 # Variable c_int +RSBAC_ACL_SPECIAL_RIGHTS_VECTOR = 700000000000000L # Variable c_ulonglong +ENOTEMPTY = 39 # Variable c_int +RSBAC_ACL_DEFAULT_NETTEMP_MASK = 700000400188300L # Variable c_ulonglong +__NR_io_submit = 248 # Variable c_int +EDOM = 33 # Variable c_int +RSBAC_OLD_ALL_USERS = 65532 # Variable c_int +CAP_FS_MASK = 31 # Variable c_int +RSBAC_NET_NR_INET_ADDR = 25 # Variable c_int +ENFILE = 23 # Variable c_int +EREMCHG = 78 # Variable c_int +__NR_inotify_init = 291 # Variable c_int +__USE_MISC = 1 # Variable c_int +__NR_faccessat = 307 # Variable c_int +__BIT_TYPES_DEFINED__ = 1 # Variable c_int +__NR_splice = 313 # Variable c_int +CAP_SYS_MODULE = 16 # Variable c_int +RSBAC_MAC_P_FLAGS = 447 # Variable c_int +ENOMEM = 12 # Variable c_int +ENOSR = 63 # Variable c_int +EOWNERDEAD = 130 # Variable c_int +ELIBSCN = 81 # Variable c_int +RSBAC_EWRITEFAILED = 1004 # Variable c_int +RSBAC_UM_GROUP_LIST_KEY = 9847298 # Variable c_int +__NR_lgetxattr = 230 # Variable c_int +JAIL_allow_external_ipc = 1 # Variable c_int +EBADSLT = 57 # Variable c_int +CAP_LINUX_IMMUTABLE = 9 # Variable c_int +RSBAC_AUTH_OWNER_F_CAP = 4294967293L # Variable c_uint +RSBAC_PM_A_DELETE = 4 # Variable c_int +__NR_close = 6 # Variable c_int +_SYS_SYSMACROS_H = 1 # Variable c_int +__NR_brk = 45 # Variable c_int +RSBAC_EINVALIDTRANSACTION = 1031 # Variable c_int +JAIL_allow_parent_ipc = 4096 # Variable c_int +__NR_fadvise64_64 = 272 # Variable c_int +__NR_lock = 53 # Variable c_int +__NR_fsetxattr = 228 # Variable c_int +__NR_rt_sigqueueinfo = 178 # Variable c_int +JAIL_auto_adjust_inet_any = 16 # Variable c_int +__NR_chmod = 15 # Variable c_int +__NR_geteuid = 49 # Variable c_int +__USE_POSIX199506 = 1 # Variable c_int +__NR_fchownat = 298 # Variable c_int +__NR_lookup_dcookie = 253 # Variable c_int +RSBAC_MAC_GENERAL_CATEGORY = 0 # Variable c_int +__NR_linkat = 303 # Variable c_int +RSBAC_RC_SYSTEM_ADMIN_ROLE = 2 # Variable c_int +EACCES = 13 # Variable c_int +RSBAC_EMAX = 1032 # Variable c_int +RSBAC_MAC_DEF_U_FLAGS = 0 # Variable c_int +__NR_getsid = 147 # Variable c_int +RSBAC_LIST_TA_MAX_PASSLEN = 36 # Variable c_int +RSBAC_EEXISTS = 1019 # Variable c_int +__NR_fadvise64 = 250 # Variable c_int +EIO = 5 # Variable c_int +RSBAC_NET_TEMP_KEY = 135639038 # Variable c_int +__SIZEOF_PTHREAD_COND_COMPAT_T = 12 # Variable c_int +__NR_sched_getaffinity = 242 # Variable c_int +FF_execute_only = 2 # Variable c_int +RC_type_use_new_role_def_create = 4294967291L # Variable c_uint +_SYS_CDEFS_H = 1 # Variable c_int +CAP_DAC_OVERRIDE = 1 # Variable c_int +__NR_setxattr = 226 # Variable c_int +__SIZEOF_PTHREAD_ATTR_T = 36 # Variable c_int +ENOCSI = 50 # Variable c_int +__NR_statfs64 = 268 # Variable c_int +__NR_futex = 240 # Variable c_int +__NR_tgkill = 270 # Variable c_int +__NR_lchown32 = 198 # Variable c_int +RSBAC_ACL_GROUP_NAMELEN = 16 # Variable c_int +RSBAC_EINVALIDATTR = 1015 # Variable c_int +ENODATA = 61 # Variable c_int +__NR_gettimeofday = 78 # Variable c_int +_BITS_TIME_H = 1 # Variable c_int +CAP_SYS_NICE = 23 # Variable c_int +RSBAC_UM_OLD_GROUP_LIST_NAME = 'um_g.' # Variable STRING +__NR_iopl = 110 # Variable c_int +ENOSTR = 60 # Variable c_int +__NR_set_mempolicy = 276 # Variable c_int +__NR_symlink = 83 # Variable c_int +CAP_SYS_RESOURCE = 24 # Variable c_int +E2BIG = 7 # Variable c_int +__NR_clone = 120 # Variable c_int +_TIME_H = 1 # Variable c_int +CAP_IPC_LOCK = 14 # Variable c_int +__NR_munmap = 91 # Variable c_int +__NR_mkdir = 39 # Variable c_int +ENXIO = 6 # Variable c_int +__NR_futimesat = 299 # Variable c_int +ESOCKTNOSUPPORT = 94 # Variable c_int +__NR_query_module = 167 # Variable c_int +EBADFD = 77 # Variable c_int +__NR_nfsservctl = 169 # Variable c_int +RSBAC_NET_ANY = 0 # Variable c_int +_STRUCT_TIMEVAL = 1 # Variable c_int +__NR_getuid32 = 199 # Variable c_int +CAP_SETGID = 6 # Variable c_int +RSBAC_NO_GROUP = 4294967293L # Variable c_uint +__NR_munlock = 151 # Variable c_int +ENOLCK = 37 # Variable c_int +PF_PAX_MPROTECT = 67108864 # Variable c_int +__NR_mlockall = 152 # Variable c_int +RSBAC_NWF_REQUEST_VECTOR = 34085024 # Variable c_ulonglong +RSBAC_VERSION_MINOR = 0 # Variable c_int +__STDC_IEC_559__ = 1 # Variable c_int +__NR_umount2 = 52 # Variable c_int +_BITS_PTHREADTYPES_H = 1 # Variable c_int +__FDSET_LONGS = 32 # Variable c_uint +EEXIST = 17 # Variable c_int +__NR_ssetmask = 69 # Variable c_int +__NR_nice = 34 # Variable c_int +__NR_umount = 22 # Variable c_int +__NR_oldstat = 18 # Variable c_int +EPROTO = 71 # Variable c_int +__NR_ftruncate = 93 # Variable c_int +_SYS_SELECT_H = 1 # Variable c_int +__NR_ustat = 62 # Variable c_int +__NR_lstat64 = 196 # Variable c_int +ESRMNT = 69 # Variable c_int +__NR_exit_group = 252 # Variable c_int +PF_PAX_PAGEEXEC = 16777216 # Variable c_int +RSBAC_TPMAN_UID = 402 # Variable c_int +RSBAC_PM_A_WRITE_TO_FILE = 18 # Variable c_int +RSBAC_READ_WRITE_OPEN_REQUEST_VECTOR = 2097152 # Variable c_ulonglong +__NR_dup = 41 # Variable c_int +RSBAC_AUTH_DAC_GROUP_F_CAP = 4294967292L # Variable c_uint +__NR_sched_yield = 158 # Variable c_int +__NR_ioprio_set = 289 # Variable c_int +RSBAC_PM_ROOT_TASK_SET_ID = 4294967295L # Variable c_uint +RSBAC_AUTH_DAC_OWNER_F_CAP = 4294967292L # Variable c_uint +RSBAC_NWC_REQUEST_VECTOR = 384 # Variable c_ulonglong +__NR_clock_gettime = 265 # Variable c_int +RSBAC_VERSION_MID = 3 # Variable c_int +__NR_setresgid32 = 210 # Variable c_int +RSBAC_NET_TEMP_LAN_ID = 100102 # Variable c_int +__NR_break = 17 # Variable c_int +__clock_t_defined = 1 # Variable c_int +__NR_putpmsg = 189 # Variable c_int +ENOSPC = 28 # Variable c_int +__NR_getpriority = 96 # Variable c_int +EBADMSG = 74 # Variable c_int +RSBAC_UM_OLD_USER_LIST_NAME = 'um_u.' # Variable STRING +ELIBBAD = 80 # Variable c_int +JAIL_allow_tty_open = 2048 # Variable c_int +ESTALE = 116 # Variable c_int +RSBAC_EINVALIDDEV = 1016 # Variable c_int +RSBAC_EXECUTE_REQUEST_VECTOR = 1000000400 # Variable c_ulonglong +__NR_setrlimit = 75 # Variable c_int +RSBAC_RC_ROLE_ADMIN_ROLE = 1 # Variable c_int +RSBAC_EINVALIDVALUE = 1018 # Variable c_int +CLOCK_MONOTONIC = 1 # Variable c_int +__NR_getresuid = 165 # Variable c_int +RSBAC_ECOULDNOTADDDEVICE = 1012 # Variable c_int +__NR_rmdir = 40 # Variable c_int +__NR_tkill = 238 # Variable c_int +ENOTRECOVERABLE = 131 # Variable c_int +ENOBUFS = 105 # Variable c_int +EDESTADDRREQ = 89 # Variable c_int +__NR_chown = 182 # Variable c_int +__NR_setfsuid32 = 215 # Variable c_int +EINTR = 4 # Variable c_int +EADV = 68 # Variable c_int +__NR_quotactl = 131 # Variable c_int +__NR_remap_file_pages = 257 # Variable c_int +RSBAC_EINVALIDREQUEST = 1021 # Variable c_int +ENOSYS = 38 # Variable c_int +DAZ_clean = 2 # Variable c_int +RSBAC_ECOULDNOTADDITEM = 1013 # Variable c_int +RSBAC_SECURITY_REQUEST_VECTOR = 806387712 # Variable c_ulonglong +__USE_BSD = 1 # Variable c_int +RSBAC_SYSTEM_REQUEST_VECTOR = 208960001 # Variable c_ulonglong +EUSERS = 87 # Variable c_int +__NR_getrlimit = 76 # Variable c_int +CLOCK_REALTIME = 0 # Variable c_int +__NR_sched_setaffinity = 241 # Variable c_int +CAP_SETUID = 7 # Variable c_int +_SIGSET_H_types = 1 # Variable c_int +RSBAC_VERSION_NR = 66304 # Variable c_int +RSBAC_NET_MAX_PORT = 65535 # Variable c_int +__NR_get_robust_list = 312 # Variable c_int +RSBAC_NET_TEMP_OLD_VERSION = 1 # Variable c_int +RSBAC_NET_TEMP_ALL_ID = 4294967295L # Variable c_uint +RSBAC_MAC_F_FLAGS = 62 # Variable c_int +_ERRNO_H = 1 # Variable c_int +__SIZEOF_PTHREAD_MUTEX_T = 24 # Variable c_int +__USE_UNIX98 = 1 # Variable c_int +RSBAC_BIN_UID = 1 # Variable c_int +__NR_timer_settime = 260 # Variable c_int +SL_none = 255 # Variable c_int +__NR_nanosleep = 162 # Variable c_int +__NR_pwrite64 = 181 # Variable c_int +__NR_umask = 60 # Variable c_int +EPERM = 1 # Variable c_int +RSBAC_RES_NONE = 11 # Variable c_int +__NR_sigsuspend = 72 # Variable c_int +RSBAC_JAIL_VERSION = 1 # Variable c_int +EKEYREJECTED = 129 # Variable c_int +__NR_acct = 51 # Variable c_int +__NR_select = 82 # Variable c_int +RSBAC_UM_GROUP_LIST_NAME = 'um_grp' # Variable STRING +ENOTCONN = 107 # Variable c_int +__NR_times = 43 # Variable c_int +ENETUNREACH = 101 # Variable c_int +RSBAC_ENOROOTDIR = 1006 # Variable c_int +_ISOC99_SOURCE = 1 # Variable c_int +RSBAC_MAC_MIN_CAT_VECTOR = 0 # Variable c_ulonglong +JAIL_allow_mount = 16384 # Variable c_int +RSBAC_EMUSTCHANGE = 1029 # Variable c_int +__STDC_IEC_559_COMPLEX__ = 1 # Variable c_int +ESPIPE = 29 # Variable c_int +RSBAC_EBUSY = 1030 # Variable c_int +__NR_dup2 = 63 # Variable c_int +__NR_mq_getsetattr = 282 # Variable c_int +RSBAC_FF_ROOT_DEF = 0 # Variable c_int +__NR_request_key = 287 # Variable c_int +RSBAC_NET_TEMP_VERSION = 2 # Variable c_int +EMSGSIZE = 90 # Variable c_int +__NR_bdflush = 134 # Variable c_int +__NR_vm86 = 166 # Variable c_int +CAP_SYS_CHROOT = 18 # Variable c_int +__NR_read = 3 # Variable c_int +RSBAC_UM_NR_GROUP_LISTS = 8 # Variable c_int +EROFS = 30 # Variable c_int +ECONNREFUSED = 111 # Variable c_int +__NR_mmap = 90 # Variable c_int +RSBAC_ACL_ROLE_EVERYROLE = 64 # Variable c_int +__NR_alarm = 27 # Variable c_int +RSBAC_RC_BOOT_ROLE = 999999 # Variable c_int +__NR_getresuid32 = 209 # Variable c_int +EOVERFLOW = 75 # Variable c_int +ENETDOWN = 100 # Variable c_int +ENOEXEC = 8 # Variable c_int +RC_type_no_create = 4294967293L # Variable c_uint +__NR_mq_timedreceive = 280 # Variable c_int +EBADF = 9 # Variable c_int +EBADE = 52 # Variable c_int +RSBAC_EINVALIDTARGET = 1017 # Variable c_int +RSBAC_NWE_REQUEST_VECTOR = 512 # Variable c_ulonglong +RSBAC_AUTH_MAX_MAXNUM = 1000000 # Variable c_int +RC_type_max_value = 4294967264L # Variable c_uint +RSBAC_PM_A_WRITING = 30 # Variable c_int +JAIL_allow_inet_localhost = 32 # Variable c_int +RSBAC_UM_NAME_LEN = 16 # Variable c_int +__NR_truncate64 = 193 # Variable c_int +FF_no_mount = 512 # Variable c_int +__SIZEOF_PTHREAD_RWLOCKATTR_T = 8 # Variable c_int +EBADR = 53 # Variable c_int +__NR_getrusage = 77 # Variable c_int +EXDEV = 18 # Variable c_int +_LARGEFILE64_SOURCE = 1 # Variable c_int +__NR_ioperm = 101 # Variable c_int +ENAVAIL = 119 # Variable c_int +__NR_mknodat = 297 # Variable c_int +RSBAC_AUTH_OLD_OWNER_F_CAP = 65533 # Variable c_ushort +__NR_listxattr = 232 # Variable c_int +RSBAC_EPATHTOOLONG = 1007 # Variable c_int +__NR_getitimer = 105 # Variable c_int +_SIGSET_NWORDS = 32 # Variable c_uint +RSBAC_UM_NR_USER_LISTS = 8 # Variable c_int +__NR_mbind = 274 # Variable c_int +CAP_SYS_PTRACE = 19 # Variable c_int +__NR_fchown32 = 207 # Variable c_int +CAP_KILL = 5 # Variable c_int +__NR_setreuid = 70 # Variable c_int +DAZ_max = 2 # Variable c_int +RSBAC_MAXNAMELEN = 256 # Variable c_int +ENOTBLK = 15 # Variable c_int +RSBAC_UM_NR_USER_PWHISTORY_LISTS = 8 # Variable c_int +__NR_ptrace = 26 # Variable c_int +__NR_setgroups32 = 206 # Variable c_int +RSBAC_NET_TEMP_AUTO_ID = 100105 # Variable c_int +__NR_fchmod = 94 # Variable c_int +__NR_getpgid = 132 # Variable c_int +EL2HLT = 51 # Variable c_int +RSBAC_EINTERNONLY = 1020 # Variable c_int +__NR_setgid = 46 # Variable c_int +__kernel_ino_t = c_ulong +__kernel_mode_t = c_ushort +__kernel_nlink_t = c_ushort +__kernel_off_t = c_long +__kernel_pid_t = c_int +__kernel_ipc_pid_t = c_ushort +__kernel_uid_t = c_ushort +__kernel_gid_t = c_ushort +__kernel_size_t = c_uint +__kernel_ssize_t = c_int +__kernel_ptrdiff_t = c_int +__kernel_time_t = c_long +__kernel_suseconds_t = c_long +__kernel_clock_t = c_long +__kernel_timer_t = c_int +__kernel_clockid_t = c_int +__kernel_daddr_t = c_int +__kernel_caddr_t = STRING +__kernel_uid16_t = c_ushort +__kernel_gid16_t = c_ushort +__kernel_uid32_t = c_uint +__kernel_gid32_t = c_uint +__kernel_old_uid_t = c_ushort +__kernel_old_gid_t = c_ushort +__kernel_old_dev_t = c_ushort +__kernel_loff_t = c_longlong +class __kernel_fsid_t(Structure): + pass +__kernel_fsid_t._fields_ = [ + ('__val', c_int * 2), +] +assert sizeof(__kernel_fsid_t) == 8, sizeof(__kernel_fsid_t) +assert alignment(__kernel_fsid_t) == 4, alignment(__kernel_fsid_t) +umode_t = c_ushort +__s8 = c_byte +__s16 = c_short +__s64 = c_longlong +pthread_t = c_ulong +class pthread_attr_t(Union): + pass +pthread_attr_t._fields_ = [ + ('__size', c_char * 36), + ('__align', c_long), +] +assert sizeof(pthread_attr_t) == 36, sizeof(pthread_attr_t) +assert alignment(pthread_attr_t) == 4, alignment(pthread_attr_t) +class __pthread_internal_slist(Structure): + pass +__pthread_internal_slist._fields_ = [ + ('__next', POINTER(__pthread_internal_slist)), +] +assert sizeof(__pthread_internal_slist) == 4, sizeof(__pthread_internal_slist) +assert alignment(__pthread_internal_slist) == 4, alignment(__pthread_internal_slist) +__pthread_slist_t = __pthread_internal_slist +class __pthread_mutex_s(Structure): + pass +class N15pthread_mutex_t17__pthread_mutex_s3DOT_5E(Union): + pass +N15pthread_mutex_t17__pthread_mutex_s3DOT_5E._fields_ = [ + ('__spins', c_int), + ('__list', __pthread_slist_t), +] +assert sizeof(N15pthread_mutex_t17__pthread_mutex_s3DOT_5E) == 4, sizeof(N15pthread_mutex_t17__pthread_mutex_s3DOT_5E) +assert alignment(N15pthread_mutex_t17__pthread_mutex_s3DOT_5E) == 4, alignment(N15pthread_mutex_t17__pthread_mutex_s3DOT_5E) +__pthread_mutex_s._anonymous_ = ['_0'] +__pthread_mutex_s._fields_ = [ + ('__lock', c_int), + ('__count', c_uint), + ('__owner', c_int), + ('__kind', c_int), + ('__nusers', c_uint), + ('_0', N15pthread_mutex_t17__pthread_mutex_s3DOT_5E), +] +assert sizeof(__pthread_mutex_s) == 24, sizeof(__pthread_mutex_s) +assert alignment(__pthread_mutex_s) == 4, alignment(__pthread_mutex_s) +class pthread_mutex_t(Union): + pass +pthread_mutex_t._fields_ = [ + ('__data', __pthread_mutex_s), + ('__size', c_char * 24), + ('__align', c_long), +] +assert sizeof(pthread_mutex_t) == 24, sizeof(pthread_mutex_t) +assert alignment(pthread_mutex_t) == 4, alignment(pthread_mutex_t) +class pthread_mutexattr_t(Union): + pass +pthread_mutexattr_t._fields_ = [ + ('__size', c_char * 4), + ('__align', c_long), +] +assert sizeof(pthread_mutexattr_t) == 4, sizeof(pthread_mutexattr_t) +assert alignment(pthread_mutexattr_t) == 4, alignment(pthread_mutexattr_t) +class N14pthread_cond_t3DOT_8E(Structure): + pass +N14pthread_cond_t3DOT_8E._pack_ = 4 +N14pthread_cond_t3DOT_8E._fields_ = [ + ('__lock', c_int), + ('__futex', c_uint), + ('__total_seq', c_ulonglong), + ('__wakeup_seq', c_ulonglong), + ('__woken_seq', c_ulonglong), + ('__mutex', c_void_p), + ('__nwaiters', c_uint), + ('__broadcast_seq', c_uint), +] +assert sizeof(N14pthread_cond_t3DOT_8E) == 44, sizeof(N14pthread_cond_t3DOT_8E) +assert alignment(N14pthread_cond_t3DOT_8E) == 4, alignment(N14pthread_cond_t3DOT_8E) +class pthread_cond_t(Union): + pass +pthread_cond_t._pack_ = 4 +pthread_cond_t._fields_ = [ + ('__data', N14pthread_cond_t3DOT_8E), + ('__size', c_char * 48), + ('__align', c_longlong), +] +assert sizeof(pthread_cond_t) == 48, sizeof(pthread_cond_t) +assert alignment(pthread_cond_t) == 4, alignment(pthread_cond_t) +class pthread_condattr_t(Union): + pass +pthread_condattr_t._fields_ = [ + ('__size', c_char * 4), + ('__align', c_long), +] +assert sizeof(pthread_condattr_t) == 4, sizeof(pthread_condattr_t) +assert alignment(pthread_condattr_t) == 4, alignment(pthread_condattr_t) +pthread_key_t = c_uint +pthread_once_t = c_int +class N16pthread_rwlock_t4DOT_11E(Structure): + pass +N16pthread_rwlock_t4DOT_11E._fields_ = [ + ('__lock', c_int), + ('__nr_readers', c_uint), + ('__readers_wakeup', c_uint), + ('__writer_wakeup', c_uint), + ('__nr_readers_queued', c_uint), + ('__nr_writers_queued', c_uint), + ('__flags', c_uint), + ('__writer', c_int), +] +assert sizeof(N16pthread_rwlock_t4DOT_11E) == 32, sizeof(N16pthread_rwlock_t4DOT_11E) +assert alignment(N16pthread_rwlock_t4DOT_11E) == 4, alignment(N16pthread_rwlock_t4DOT_11E) +class pthread_rwlock_t(Union): + pass +pthread_rwlock_t._fields_ = [ + ('__data', N16pthread_rwlock_t4DOT_11E), + ('__size', c_char * 32), + ('__align', c_long), +] +assert sizeof(pthread_rwlock_t) == 32, sizeof(pthread_rwlock_t) +assert alignment(pthread_rwlock_t) == 4, alignment(pthread_rwlock_t) +class pthread_rwlockattr_t(Union): + pass +pthread_rwlockattr_t._fields_ = [ + ('__size', c_char * 8), + ('__align', c_long), +] +assert sizeof(pthread_rwlockattr_t) == 8, sizeof(pthread_rwlockattr_t) +assert alignment(pthread_rwlockattr_t) == 4, alignment(pthread_rwlockattr_t) +pthread_spinlock_t = c_int +class pthread_barrier_t(Union): + pass +pthread_barrier_t._fields_ = [ + ('__size', c_char * 20), + ('__align', c_long), +] +assert sizeof(pthread_barrier_t) == 20, sizeof(pthread_barrier_t) +assert alignment(pthread_barrier_t) == 4, alignment(pthread_barrier_t) +class pthread_barrierattr_t(Union): + pass +pthread_barrierattr_t._fields_ = [ + ('__size', c_char * 4), + ('__align', c_int), +] +assert sizeof(pthread_barrierattr_t) == 4, sizeof(pthread_barrierattr_t) +assert alignment(pthread_barrierattr_t) == 4, alignment(pthread_barrierattr_t) +__sig_atomic_t = c_int +class __sigset_t(Structure): + pass +__sigset_t._fields_ = [ + ('__val', c_ulong * 32), +] +assert sizeof(__sigset_t) == 128, sizeof(__sigset_t) +assert alignment(__sigset_t) == 4, alignment(__sigset_t) +class timeval(Structure): + pass +__time_t = c_long +__suseconds_t = c_long +timeval._fields_ = [ + ('tv_sec', __time_t), + ('tv_usec', __suseconds_t), +] +assert sizeof(timeval) == 8, sizeof(timeval) +assert alignment(timeval) == 4, alignment(timeval) +__int8_t = c_byte +__uint8_t = c_ubyte +__int16_t = c_short +__uint16_t = c_ushort +__int32_t = c_int +__uint32_t = c_uint +__int64_t = c_longlong +__uint64_t = c_ulonglong +__dev_t = __u_quad_t +__uid_t = c_uint +__gid_t = c_uint +__ino_t = c_ulong +__ino64_t = __u_quad_t +__mode_t = c_uint +__nlink_t = c_uint +__off_t = c_long +__off64_t = __quad_t +__pid_t = c_int +class __fsid_t(Structure): + pass +__fsid_t._fields_ = [ + ('__val', c_int * 2), +] +assert sizeof(__fsid_t) == 8, sizeof(__fsid_t) +assert alignment(__fsid_t) == 4, alignment(__fsid_t) +__clock_t = c_long +__rlim_t = c_ulong +__rlim64_t = __u_quad_t +__id_t = c_uint +__useconds_t = c_uint +__daddr_t = c_int +__swblk_t = c_long +__key_t = c_int +__clockid_t = c_int +__timer_t = c_void_p +__blksize_t = c_long +__blkcnt_t = c_long +__blkcnt64_t = __quad_t +__fsblkcnt_t = c_ulong +__fsblkcnt64_t = __u_quad_t +__fsfilcnt_t = c_ulong +__fsfilcnt64_t = __u_quad_t +__ssize_t = c_int +__loff_t = __off64_t +__qaddr_t = POINTER(__quad_t) +__caddr_t = STRING +__intptr_t = c_int +__socklen_t = c_uint +error_t = c_int +class __user_cap_header_struct(Structure): + pass +__user_cap_header_struct._fields_ = [ + ('version', __u32), + ('pid', c_int), +] +assert sizeof(__user_cap_header_struct) == 8, sizeof(__user_cap_header_struct) +assert alignment(__user_cap_header_struct) == 4, alignment(__user_cap_header_struct) +cap_user_header_t = POINTER(__user_cap_header_struct) +class __user_cap_data_struct(Structure): + pass +__user_cap_data_struct._fields_ = [ + ('effective', __u32), + ('permitted', __u32), + ('inheritable', __u32), +] +assert sizeof(__user_cap_data_struct) == 12, sizeof(__user_cap_data_struct) +assert alignment(__user_cap_data_struct) == 4, alignment(__user_cap_data_struct) +cap_user_data_t = POINTER(__user_cap_data_struct) +class __kernel_fd_set(Structure): + pass +__kernel_fd_set._fields_ = [ + ('fds_bits', c_ulong * 32), +] +assert sizeof(__kernel_fd_set) == 128, sizeof(__kernel_fd_set) +assert alignment(__kernel_fd_set) == 4, alignment(__kernel_fd_set) +__kernel_sighandler_t = CFUNCTYPE(None, c_int) +__kernel_key_t = c_int +__kernel_mqd_t = c_int +__le16 = __u16 +__be16 = __u16 +__le32 = __u32 +__be32 = __u32 +__le64 = __u64 +__be64 = __u64 +sigset_t = __sigset_t +__fd_mask = c_long +class fd_set(Structure): + pass +fd_set._fields_ = [ + ('fds_bits', __fd_mask * 32), +] +assert sizeof(fd_set) == 128, sizeof(fd_set) +assert alignment(fd_set) == 4, alignment(fd_set) +fd_mask = __fd_mask +quad_t = __quad_t +u_quad_t = __u_quad_t +fsid_t = __fsid_t +loff_t = __loff_t +ino_t = __ino_t +ino64_t = __ino64_t +dev_t = __dev_t +gid_t = __gid_t +mode_t = __mode_t +nlink_t = __nlink_t +uid_t = __uid_t +off_t = __off_t +off64_t = __off64_t +pid_t = __pid_t +id_t = __id_t +ssize_t = __ssize_t +daddr_t = __daddr_t +caddr_t = __caddr_t +key_t = __key_t +useconds_t = __useconds_t +suseconds_t = __suseconds_t +ulong = c_ulong +ushort = c_ushort +uint = c_uint +int8_t = c_byte +int16_t = c_short +int32_t = c_int +int64_t = c_longlong +u_int8_t = c_ubyte +u_int16_t = c_ushort +u_int32_t = c_uint +u_int64_t = c_ulonglong +register_t = c_int +blksize_t = __blksize_t +blkcnt_t = __blkcnt_t +fsblkcnt_t = __fsblkcnt_t +fsfilcnt_t = __fsfilcnt_t +blkcnt64_t = __blkcnt64_t +fsblkcnt64_t = __fsblkcnt64_t +fsfilcnt64_t = __fsfilcnt64_t +clock_t = __clock_t +time_t = __time_t +clockid_t = __clockid_t +timer_t = __timer_t +class timespec(Structure): + pass +timespec._fields_ = [ + ('tv_sec', __time_t), + ('tv_nsec', c_long), +] +assert sizeof(timespec) == 8, sizeof(timespec) +assert alignment(timespec) == 4, alignment(timespec) +class tm(Structure): + pass +tm._fields_ = [ + ('tm_sec', c_int), + ('tm_min', c_int), + ('tm_hour', c_int), + ('tm_mday', c_int), + ('tm_mon', c_int), + ('tm_year', c_int), + ('tm_wday', c_int), + ('tm_yday', c_int), + ('tm_isdst', c_int), + ('tm_gmtoff', c_long), + ('tm_zone', STRING), +] +assert sizeof(tm) == 44, sizeof(tm) +assert alignment(tm) == 4, alignment(tm) +class itimerspec(Structure): + pass +itimerspec._fields_ = [ + ('it_interval', timespec), + ('it_value', timespec), +] +assert sizeof(itimerspec) == 16, sizeof(itimerspec) +assert alignment(itimerspec) == 4, alignment(itimerspec) +class sigevent(Structure): + pass +sigevent._fields_ = [ +] +class __locale_struct(Structure): + pass +class locale_data(Structure): + pass +__locale_struct._fields_ = [ + ('__locales', POINTER(locale_data) * 13), + ('__ctype_b', POINTER(c_ushort)), + ('__ctype_tolower', POINTER(c_int)), + ('__ctype_toupper', POINTER(c_int)), + ('__names', STRING * 13), +] +assert sizeof(__locale_struct) == 116, sizeof(__locale_struct) +assert alignment(__locale_struct) == 4, alignment(__locale_struct) +locale_data._fields_ = [ +] +__locale_t = POINTER(__locale_struct) +size_t = c_uint +__all__ = ['rsbac_rc_special_rights_t', 'ACLC_remove_user', + 'rsbac_acl_remove_group_arg_t', 'RSBAC_EWEAKPASSWORD', + '__OFF64_T_TYPE', '__off64_t', 'ETXTBSY', + 'RSBAC_RC_DEFAULT_RIGHTS_VECTOR', 'rsbac_request_vector_t', + 'EL3HLT', 'RSBAC_PAX_ALL_FLAGS', 'RSBAC_TPMAN_UID', + 'ACLC_remove_from_acl_entry', 'A_max_read_categories', + 'EFBIG', 'RSBAC_EACCESS', '__NR_epoll_wait', '__NR_sync', + 'ENOLINK', 'rsbac_mac_file_flags_t', 'RSYS_um_remove_user', + '__NFDBITS', 'RI_type_nettemp_name', 'AMS_last_auth_only', + 'RSBAC_AUTH_MAX_RANGE_UID', 'umode_t', 'rsbac_log_array_t', + 'A_log_user_based', '__NR_rt_sigtimedwait', + 'pthread_once_t', 'NTS_get_netdev', '__NR_setfsuid', + 'I_mqueue', '__NR_swapoff', 'RSBAC_NET_MAX_ADDRESS_LEN', + 'cap_user_header_t', '__NR_readahead', '__NR_stat64', + '__NR_getcwd', 'u_int32_t', 'RSBAC_ALL_USERS', + 'RSBAC_EMALWAREDETECTED', '__NR_getgid', + 'rsys_rc_change_role_t', '__NR_fsync', 'rsys_init_t', + 'RI_boot_role', 'RI_type_ipc_name', + 'RSYS_acl_list_all_group', 'A_local_log_array_low', + 'RI_def_ipc_create_type', 'rsbac_pm_task_id_t', + 'A_daz_role', 'E2BIG', 'EHOSTDOWN', 'SL_max', + '__NR_setitimer', 'rsbac_pm_tkt_function_param_t', + '__NR_restart_syscall', 'EBUSY', + 'PTF_delete_authorized_tp', 'rsbac_pm_delete_na_t', + 'A_pm_role', 'RSBAC_NO_USER', '__NR_unlinkat', 'ENOSTR', + 'SW_JAIL', 'RSYS_get_attr', 'A_remote_mac_categories', + 'RSBAC_ACL_SYSADM_RIGHTS_VECTOR', + 'rsbac_pm_delete_responsible_user_t', 'PL_none', + 'CAP_IPC_OWNER', 'FF_read_only', 'RSYS_list_all_ipc', + '__NR_get_kernel_syms', '__NR_linkat', 'EDQUOT', + 'SL_old_none', '__NR_sethostname', '__NR_sync_file_range', + 'PL_pp', '__kernel_loff_t', 'RSYS_um_get_gm_list', + 'rsbac_net_temp_inet_addr_t', 'UM_ttl', 'EXFULL', 'T_USER', + 'T_SCD', 'off_t', 'NTS_none', 'RI_none', + 'rsys_mac_set_curr_level_t', 'RCR_ASSIGN', '__fsblkcnt_t', + 'RSBAC_PM_A_APPEND', '__NR_flistxattr', '__NR_chroot', + 'ACLGS_list_groups', 'LL_full', 'EIO', + 'rsbac_pm_set_object_class_t', + 'rsbac_pm_set_auth_may_set_cap_t', '_XOPEN_SOURCE', + 'A_symlink_add_rc_role', 'rsbac_rc_role_vector_t', '__s64', + '__NR_inotify_add_watch', '__GLIBC__', + 'pthread_rwlockattr_t', '__NR_setfsgid32', + 'rsbac_acl_syscall_arg_t', 'DAZ_infected', + 'CAP_AUDIT_WRITE', 'D_block', 'PH_none', '_XLOCALE_H', + 'R_NONE', '__NR_sgetmask', '__kernel_pid_t', + 'R_CHANGE_DAC_EFF_OWNER', 'ST_kmem', 'A_res_min', 'ENOTTY', + 'pthread_mutexattr_t', 'ACT_fs', '__NR_signal', 'TRUE', + '__NR_clock_nanosleep', '__cast__', 'rsbac_rc_target_id_t', + 'blkcnt_t', 'R_WRITE_OPEN', 'RSBAC_MAC_MAX_CAT', + 'rsbac_acl_syscall_type_t', 'ECANCELED', + 'RC_type_inherit_process', 'u_char', 'ACLGS_add_member', + 'PF_set_auth_may_set_cap', 'uid_t', 'u_int64_t', + 'u_int16_t', 'PF_PAX_EMUTRAMP', 'RSYS_stats', + '__NR_lchown', 'rsbac_pm_switch_pm_t', 'NTS_copy_template', + 'ACLC_set_acl_entry', '__be64', 'A_fake_root_uid', + '__NR_epoll_create', '__NR_utime', + 'RSBAC_RC_GEN_RIGHTS_VECTOR', 'sigevent', + 'ACLR_ACCESS_CONTROL', '__NR_mq_timedreceive', 'R_CONNECT', + 'AMS_none', 'rsbac_pm_process_type_t', + 'RSBAC_PM_IPC_OBJECT_CLASS_ID', '__INO64_T_TYPE', + 'RSBAC_AUTH_LOGIN_PATH_DIR', 'ACLC_none', + 'RSBAC_UM_USER_PWHISTORY_LIST_NAME', 'PTF_switch_auth', + 'R_TERMINATE', 'ELOOP', 'rsbac_dev_type_t', 'RSBAC_ENOMEM', + 'rsys_check_t', 'PTF_add_task', 'A_mac_user_flags', + '__NR_clock_getres', 'ST_ksyms', '__NR_unshare', + 'MAC_allow_auto', '__rlim64_t', 'ino_t', 'CAP_SYS_TIME', + '__kernel_daddr_t', '__NR_fchdir', '__NR_access', + '__NR_sched_getparam', 'rsys_um_remove_group_t', + 'RC_type_use_fd', '__blksize_t', '__NR_fcntl', + '__USE_ANSI', 'fsblkcnt_t', 'rsys_um_get_group_list_t', + 'RSBAC_ADF_REQUEST_ARRAY_VERSION', 'CAP_NET_BIND_SERVICE', + 'A_pm_process_type', 'rsbac_cwi_relation_id_t', + 'SL_unclassified', 'ino64_t', 'RCR_MODIFY_AUTH', 'EISNAM', + 'EDOM', '__NR_break', '__NR_setreuid32', 'A_mac_auto', + 'ST_sysctl', '__STDC_ISO_10646__', 'rsys_um_get_uid_t', + 'JAIL_allow_dev_read', 'FALSE', 'rsbac_scd_vector_t', + '__s16', '__NR_getegid32', 'NTS_new_template', + 'rsys_um_user_exists_t', 'SL_secret', + '__NR_sched_rr_get_interval', '_BITS_TYPES_H', 'GRANTED', + 'rsys_acl_t', '__kernel_ptrdiff_t', 'EILSEQ', 'PDP_ENDIAN', + '__NR_setdomainname', '__rlim_t', '__FLOAT_WORD_ORDER', + 'RSBAC_AUDITOR_UID', 'ENONET', '__kernel_off_t', 'ECHRNG', + '__NR_set_tid_address', 'RSYS_um_get_uid', 'FR_off', + 'A_jail_scd_get', '__SIZEOF_PTHREAD_RWLOCK_T', 'ESRCH', + 'RI_remove_role', '__NR_getdents', 'rsys_um_remove_user_t', + 'RSYS_acl_n', 'RSBAC_NET_TEMP_AUTO_ADDRESS', + 'RSYS_um_get_next_user', 'JAIL_allow_dev_mod_system', + 'RSBAC_ACL_ACMAN_RIGHTS_VECTOR', 'PL_tp', + 'RSYS_rc_copy_type', 'suseconds_t', '__key_t', + 'JAIL_allow_suid_files', 'ENOMSG', 'EISDIR', 'rsbac_gid_t', + '__GNU_LIBRARY__', '_BITS_TYPESIZES_H', '__NR_munlockall', + 'RI_type_user_remove', 'R_LISTEN', 'PA_ru_set', '__NR_tee', + '__NR_stime', '__NR_kill', 'PF_add_object_class', + '__kernel_mode_t', 'T_FILE', 'EBADRQC', + 'RC_default_root_dir_initial_role', + 'rsbac_rc_request_vector_t', '__NR_vhangup', + 'RSBAC_EREADFAILED', 'EMEDIUMTYPE', + 'rsys_list_all_group_t', 'RI_type_process_remove', + 'D_none', 'rsys_log_t', 'RSYS_acl_get_tlist', '__timer_t', + 'RSBAC_RC_GENERAL_ROLE', '__NR_gtty', '__NR_delete_module', + 'A_auth_role', 'RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE', + 'CAP_NET_ADMIN', 'ENOTNAM', 'MAC_write_down', + '__NR_setuid', '__NR_fchmodat', 'PH_full', + 'rsbac_ta_number_t', 'RC_role_max_value', + '__NR_ioprio_get', 'rsys_list_ta_commit_t', + 'PF_add_authorized_task', 'A_symlink_add_uid', + 'RC_default_initial_role', 'PH_off', '__u16', + '__FD_SETSIZE', 'rsbac_pm_delete_consent_t', + 'RSBAC_PM_A_READ', 'A_local_rc_type', '__NR_waitpid', + '__NR__sysctl', '__NR_getegid', 'RSYS_list_ta_commit', + 'rsys_acl_get_mask_t', 'A_jail_role', 'CAP_NET_RAW', + '__NR_rt_sigprocmask', 'EMFILE', 'int32_t', 'off64_t', + 'RSBAC_ACL_DEFAULT_NETTEMP_MASK', '__NR_exit_group', + 'ACT_real', 'RSBAC_OLD_ALL_USERS', 'ST_rsbac_remote_log', + 'rsys_rc_get_current_role_t', 'A_ff_flags', 'UM_name', + 'rsbac_pm_set_device_object_type_t', 'rsbac_res_limit_t', + 'A_rc_type_fd', 'A_mac_check', '__NR_mbind', + 'A_auth_may_set_cap', 'A_local_log_array_high', + '__NR_sched_getscheduler', 'rsbac_mac_category_vector_t', + '__suseconds_t', 'PTF_set_device_object_type', + 'rsbac_pm_tkt_function_type_t', 'PTF_delete_purpose', + '__NR_geteuid', 'ACLGS_remove_group', + 'rsbac_pm_delete_object_class_t', + 'rsbac_cap_process_hiding_int_t', 'RSYS_mac_add_p_tru', + 'LD_deny', 'rsys_um_get_gm_list_t', 'A_mac_prop_trusted', + 'RSYS_list_all_user', 'FF_execute_only', 'u_short', + 'A_cap_process_hiding', '__NR_sched_getaffinity', + 'ACLR_SUPERVISOR', 'RI_type_netdev_remove', + 'RSYS_rc_get_item', '__SIZEOF_PTHREAD_ATTR_T', 'MAC_auto', + 'pthread_mutex_t', 'RSYS_version', '__NR_clone', + '__NR_sigaction', 'pthread_condattr_t', 'I_msg', + '__NR_query_module', '__fsid_t', '__NR_nfsservctl', + '__uint32_t', 'RSBAC_NET_ANY', 'rsbac_old_uid_t', + 'ST_network', 'CAP_SETGID', 'PTF_set_role', + 'RSBAC_NO_GROUP', 'R_CLONE', 'A_jail_scd_modify', 'loff_t', + 'rsbac_ipc_type_t', 'blksize_t', '__kernel_time_t', + 'rsys_acl_list_all_user_t', 'RI_admin_roles', + 'rsys_um_get_user_list_t', '__NR_umount2', 'dev_t', + '__NR_ssetmask', '__NR_ustat', 'PP_none', 'MA_yes', + 'A_local_pm_ipc_purpose', '_ISOC99_SOURCE', '__NR_dup', + 'R_CHDIR', 'R_UMOUNT', 'ESRMNT', 'RSYS_um_set_pass_name', + '__kernel_caddr_t', 'rsys_acl_n_t', 'RI_type_user_name', + 'rsbac_adf_req_ret_t', '__id_t', 'RSBAC_FF_DEF', + 'rsbac_mac_file_t', 'RSBAC_EINTERNONLY', + 'RSYS_um_get_user_list', 'ESTALE', '__kernel_clock_t', + '__timer_t_defined', 'rsbac_acl_syscall_n_arg_t', + '__NR_rmdir', '__NR_tkill', 'FD_ISSET', '__NR_chown', + 'RSBAC_ECOULDNOTADDITEM', 'RI_def_process_chown_type', + 'LL_invalid', '__kernel_old_uid_t', 'NTS_set_ports', + 'RSBAC_SYSTEM_REQUEST_VECTOR', '_SIGSET_H_types', + 'RSBAC_VERSION_NR', 'rsys_mac_get_max_level_t', + '__kernel_ssize_t', '__kernel_suseconds_t', + 'RSYS_mac_add_f_tru', 'RSBAC_MAC_F_FLAGS', '__NR_mincore', + 'RSBAC_NWC_REQUEST_VECTOR', 'rsbac_security_level_t', + 'SW_DAC_DISABLE', 'SL_none', '__NR_read', 'FR_both', + 'I_anonpipe', 'ST_rsbac_log', 'EKEYREJECTED', + '__NR_setresgid32', 'ENOTCONN', 'PTF_add_na', + 'ENETUNREACH', 'rsys_auth_add_p_cap_t', + 'rsbac_cap_process_hiding_t', 'RI_type_fd_name', + 'LL_request', '__kernel_old_gid_t', 'RSBAC_FF_ROOT_DEF', + 'RSYS_set_attr', 'RSBAC_NET_TEMP_VERSION', '_ENDIAN_H', + 'CAP_SYS_CHROOT', 'A_pm_ipc_purpose', + 'RSYS_um_group_exists', '__NR_timer_create', + 'rsys_auth_get_p_caplist_t', '__NR_mmap', + 'rsbac_pm_add_object_class_t', + 'RI_def_unixsock_create_type', '__NR_fchownat', + 'RSYS_auth_get_p_caplist', 'BYTE_ORDER', 'NTS_get_type', + 'RSBAC_NWE_REQUEST_VECTOR', 'ACT_eff', 'RC_type_max_value', + 'RSBAC_PM_A_WRITING', '__quad_t', 'rsbac_nanotime_t', + '__SIZEOF_PTHREAD_RWLOCKATTR_T', '__u_quad_t', '__u_short', + '__NR_sendfile', 'rsys_auth_remove_f_cap_t', + '_LARGEFILE64_SOURCE', 'D_char_major', + 'rsbac_pm_object_type_t', 'A_remote_log_array_high', + 'RSYS_auth_remove_p_cap', 'PA_pp_set', 'useconds_t', + '__bos0', 'PF_delete_task', 'ENOTBLK', + 'rsys_remove_target_n_t', 'rsys_mac_add_p_tru_t', + 'PA_task', '__NR_fchmod', 'NFDBITS', 'A_pax_flags', + 'ENOPKG', '__NR_mq_open', 'rsbac_net_description_t', + '__NR_getgid32', 'rsys_net_template_t', + 'RSBAC_JAIL_LOCALHOST', 'PF_delete_object_class', '__s8', + 'RSYS_net_list_all_netdev', 'rsys_um_get_gid_t', + 'RSBAC_EXECUTE_REQUEST_VECTOR', '__NR_mount', + '__NR_vserver', 'rsbac_jail_id_t', + 'PF_add_responsible_user', '__NR_keyctl', 'R_RECEIVE', + 'NTS_set_address', '__time_t', 'RSBAC_ENOROOTDEV', + '__GLIBC_PREREQ', 'RSYS_mac_get_p_trulist', + 'CAP_NET_BROADCAST', 'RSBAC_UM_PASS_LEN', + 'pthread_rwlock_t', 'fsfilcnt_t', 'RSYS_jail', + 'PF_create_tp', 'JAIL_allow_dev_write', 'LD_keep', + 'rsys_um_auth_uid_t', '__NR_pipe', 'ELNRNG', '__NR_unlink', + 'RSYS_um_remove_group', 'ERESTART', + 'RSBAC_ACL_GROUP_EVERYONE', 'PA_task_set', + 'rsbac_pm_object_class_id_t', '__NR_fremovexattr', + 'UM_homedir', 'ENOPROTOOPT', '__NR_geteuid32', 'T_PROCESS', + '__attribute_format_strfmon__', 'RC_default_force_role', + 'CAP_SYS_RAWIO', '__NR_setfsgid', '__NR_poll', 'A_pm_tp', + 'PR_data_protection_officer', '__u_long', 'RCR_NONE', + '__NR_ioctl', 'A_max_read_open', 'NTS_get_name', + 'CLOCK_THREAD_CPUTIME_ID', 'RI_type_scd_name', + '__kernel_sighandler_t', + 'rsbac_pm_delete_authorized_task_t', '__NR_ftruncate64', + '_LARGEFILE_SOURCE', '__NR_timer_gettime', '__NR_fstat64', + 'JAIL_allow_all_net_family', 'rsbac_pm_delete_tp_t', + '__off_t', 'u_quad_t', 'daddr_t', 'rsbac_time_t', + 'PL_task', 'RSBAC_MAC_MIN_CAT_VECTOR', 'PF_switch_auth', + 'rsys_acl_get_rights_t', 'rsbac_rc_target_t', 'ELIBACC', + '__NR_rename', '__u32', 'R_CHANGE_DAC_EFF_GROUP', + '__FSFILCNT64_T_TYPE', 'RSYS_auth_add_f_cap', + '__NR_mlockall', 'RSYS_um_get_user_item', + '__NR_socketcall', 'RSBAC_UM_USER_PWHISTORY_LIST_KEY', + '_LINUX_CAPABILITY_VERSION', 'rsys_um_mod_user_t', + '__NR_inotify_rm_watch', 'A_jail_flags', + 'rsys_acl_get_rights_n_t', '__locale_struct', 'u_int8_t', + 'rsbac_cap_vector_t', 'PF_add_purpose', '__USE_BSD', + 'ENOTDIR', 'rsbac_acl_change_group_arg_t', + '__NR_sigreturn', 'FD_ZERO', 'T_IPC', + 'R_MODIFY_ACCESS_DATA', 'rsbac_acl_list_groups_arg_t', + '__locale_t', 'LL_none', + 'RSBAC_UM_OLD_USER_PWHISTORY_LIST_NAME', + 'rsbac_pm_delete_authorized_tp_t', 'ACT_none', 'ENETRESET', + '__kernel_old_dev_t', 'RI_type_comp_dev', + 'rsys_um_get_next_user_t', '__NR_setuid32', + '__kernel_fd_set', 'RSYS_um_auth_name', 'rsys_reg_t', + 'RSBAC_UM_NAME_LEN', 'AMS_full', 'rsys_get_attr_t', + 'rsys_auth_remove_p_cap_t', 'rsbac_um_days_t', 'EINVAL', + 'rsbac_mac_user_flags_t', '__NR_setgroups32', + 'PTF_add_authorized_tp', 'RC_role_min_special', + 'rsys_adf_log_switch_t', 'R_LOCK', 'EHOSTUNREACH', + 'rsys_acl_group_t', 'RSYS_um_set_group_pass', + 'rsys_mac_get_curr_level_t', '__cond_lock', + '__NR_oldlstat', 'size_t', 'RSYS_um_get_gid', + 'RSBAC_NWA_REQUEST_VECTOR', 'SL_inherit', + 'RSBAC_NET_MAX_PORT', 'rsbac_log_level_t', 'MAC_read_up', + 'rsbac_pm_add_na_t', '__WORDSIZE', + 'rsbac_pm_delete_purpose_t', 'rsbac_pm_create_ticket_t', + '__NR_pause', 'PR_none', 'ACLGS_get_group_members', + 'RSBAC_MAC_DEF_INIT_P_FLAGS', 'rsys_mac_get_min_level_t', + 'rsbac_pseudo_t', 'RSYS_acl_get_rights_n', 'MA_inherit', + 'RSYS_auth_get_f_caplist', 'R_IOCTL', 'AST_min', + '__USE_POSIX', 'R_TRUNCATE', 'ST_firewall', 'ST_other', + '__NR_mremap', '__fd_mask', 'RSBAC_UM_NR_GROUP_LISTS', + 'RSBAC_VERSION_MAKE_NR', '__useconds_t', + '__clockid_t_defined', '__NR_pselect6', 'RSBAC_EPERM', + 'RSBAC_UM_MAX_MAXNUM', '__SQUAD_TYPE', + 'RSBAC_CAP_DEFAULT_MAX', '__NR_swapon', 'EKEYEXPIRED', + 'EREMOTE', '__NR_sigprocmask', '_SYS_TYPES_H', '__P', + 'FF_search_only', 'ACLR_FORWARD', 'PF_delete_consent', + '__USE_GNU', '__NR_io_cancel', 'RSBAC_RC_GENERAL_TYPE', + 'pthread_attr_t', '__attribute_format_arg__', + 'rsbac_syscall_t', 'CAP_FOWNER', 'ACLR_NONE', '__NR_ipc', + 'RSYS_um_check_account', '__NR_lseek', + 'PF_delete_authorized_tp', 'RSBAC_NET_TEMP_KEY', + 'RSBAC_UM_HOMEDIR_LEN', 'I_shm', '__NR_utimes', + 'RSYS_init', 'pthread_t', '__NR_fork', 'RSYS_net_template', + 'rsbac_pm_role_t', 'RSBAC_MAC_DEF_SYSADM_U_FLAGS', + 'cap_user_data_t', 'rsys_set_attr_n_t', + 'RSBAC_ACL_GROUP_VERSION', '__NR_msync', 'RSBAC_RES_UNSET', + '__NR_kexec_load', 'quad_t', 'RI_type_netdev_name', + 'RSBAC_UM_GROUP_LIST_NAME', 'rsbac_pm_purpose_list_item_t', + 'rsbac_pm_list_t', 'PF_set_object_class', 'A_auid_exempt', + 'RSYS_um_add_group', 'pthread_cond_t', 'SL_confidential', + 'RI_type_comp_netdev', 'CAP_LINUX_IMMUTABLE', + 'TIMER_ABSTIME', 'FR_uid_only', '__u_int', + 'RSBAC_RC_SYSTEM_ADMIN_ROLE', + 'rsbac_acl_get_group_entry_arg_t', 'SR_security_officer', + 'RSYS_check', 'nlink_t', 'T_NETTEMP', '__UQUAD_TYPE', + 'RSBAC_CAP_MAX', 'rsys_mac_remove_f_tru_t', + 'CLOCKS_PER_SEC', 'RSBAC_EINVALIDPOINTER', + 'rsys_rc_get_eff_rights_n_t', 'ACLC_remove_acl_entry', + '__NR_io_getevents', 'RC_system_admin', + 'rsbac_pm_set_auth_may_setuid_t', + 'RSYS_rc_get_eff_rights_n', 'ulong', 'PF_switch_pm', + '__NR_fgetxattr', '__NR_open', 'int8_t', + 'PTF_add_object_class', 'CAP_SYS_BOOT', '__fsfilcnt_t', + 'R_CHANGE_DAC_FS_OWNER', 'ENOCSI', 'A_min_caps', + 'A_log_array_high', 'ACLS_ROLE', 'A_symlink_add_mac_level', + '__NR_timer_delete', '__uint16_t', '__NR_getuid', + 'EDEADLOCK', 'rsys_rc_copy_type_t', + 'rsbac_old_security_level_t', '__swblk_t', + 'rsbac_pm_out_pp_set_id_t', '__NR_fstatat64', + '__NR_mq_unlink', 'ECONNRESET', 'rsys_um_set_pass_name_t', + 'A_daz_scanner', 'uint', + 'RSBAC_UM_USER_PWHISTORY_LIST_VERSION', 'A_rc_select_type', + 'A_daz_scanned', '__NR_readdir', 'RSBAC_UM_USER_LIST_KEY', + 'A_system_role', '__GLIBC_HAVE_LONG_LONG', '__NR_vfork', + 'DAZ_unscanned', 'FR_euid_only', '__NR_symlinkat', + '__NR_ulimit', + 'N15pthread_mutex_t17__pthread_mutex_s3DOT_5E', + 'ACLGS_get_user_groups', 'rsbac_pm_set_role_t', + 'MAC_write_up', 'RSBAC_ACL_SPECIAL_RIGHT_BASE', + 'MAC_program_auto', 'A_auth_may_setuid', + 'ACLGS_remove_member', 'RSYS_um_auth_uid', + 'rsbac_um_user_entry_t', 'rsys_rc_select_fd_create_type_t', + 'RI_req_reauth', 'ECHILD', '__NR_io_setup', + '__USE_XOPEN2K', 'RSBAC_UM_SHELL_LEN', + 'rsys_um_group_exists_t', 'rsbac_net_temp_syscall_data_t', + 'rsbac_rc_rights_vector_t', 'RST_none', + 'rsys_um_add_group_t', 'rsbac_rc_type_id_t', + 'rsbac_acl_group_type_t', '__USE_POSIX2', '__blkcnt_t', + 'NOT_GRANTED', 'R_BIND', '__kernel_mqd_t', 'EMLINK', + 'RSYS_log', 'RSYS_switch', 'A_jail_parent', + '__NR_io_submit', '__NR_ppoll', 'RSBAC_NET_TEMP_LAN_ID', + '__NR_settimeofday', '__NR_inotify_init', + 'PTF_add_consent', 'A_pax_role', '__NR_splice', + 'RSYS_acl_group', 'rsbac_acl_group_entry_t', + 'A_mac_min_categories', 'rsys_um_set_pass_t', + 'rsbac_acl_subject_type_t', 'R_SWITCH_LOG', + 'A_log_array_low', 'PTF_none', 'rsbac_net_temp_syscall_t', + 'RSBAC_PM_A_DELETE', '__NR_close', 'rsbac_um_mod_t', + 'rsbac_pm_all_list_t', 'RSBAC_EINVALIDTRANSACTION', + 'rsys_switch_t', 'SR_user', 'A_log_program_based', + '__NR_lock', 'CAP_NONE', 'ACLS_USER', 'RI_type_comp_scd', + 'RSBAC_ENOTINITIALIZED', '__NR_lookup_dcookie', + 'NTS_check_id', 'ST_rsbac', 'RSBAC_EMAX', + 'rsys_rc_get_item_t', '__NR_getsid', + 'PTF_add_authorized_task', 'RSBAC_EEXISTS', + 'rsbac_acl_get_user_groups_arg_t', 'time_t', 'DO_NOT_CARE', + 'fsblkcnt64_t', '__kernel_timer_t', '__NR_fstat', + 'RSYS_list_all_group', 'CAP_DAC_OVERRIDE', + 'FF_secure_delete', 'RSYS_um_get_gm_user_list', + '__NR_iopl', '__NR_symlink', '__int64_t', 'R_SEARCH', + 'rsbac_ff_flags_t', '__LITTLE_ENDIAN', + 'CAP_DAC_READ_SEARCH', 'A_mac_file_flags', 'R_SHUTDOWN', + 'rsys_rc_get_list_t', 'PTF_delete_na', '_STRUCT_TIMEVAL', + 'rsbac_pm_process_type_int_t', 'rsbac_jail_flags_t', + 'PTF_delete_user_aci', 'RSYS_um_check_account_name', + 'ACT_group_real', 'rsbac_rc_role_id_t', + 'PF_delete_purpose', 'rsbac_pm_object_type_int_t', + 'RI_type_comp_user', 'RSBAC_VERSION_MINOR', + '_BITS_PTHREADTYPES_H', 'RSYS_rc_copy_role', '__NR_umount', + 'rsbac_net_temp_ports_t', '__NR_munlock', + 'RSYS_acl_get_tlist_n', 'RI_type_fd_need_secdel', '__le32', + 'NTS_set_name', 'RSBAC_PM_A_WRITE_TO_FILE', '__nlink_t', + 'rsbac_mac_auto_int_t', 'RSBAC_AUTH_DAC_GROUP_F_CAP', + 'PTF_delete_responsible_user', 'rsbac_dev_desc_t', + 'RSBAC_VERSION_MID', '__U64_TYPE', 'RSBAC_EINVALIDATTR', + 'ENOSPC', '__NR_getpriority', + 'rsbac_net_temp_port_range_t', 'EBADMSG', + 'R_MODIFY_SYSTEM_DATA', 'RSBAC_UM_OLD_USER_LIST_NAME', + 'ELIBBAD', 'CAP_SYS_TTY_CONFIG', 'ERANGE', + 'RSYS_auth_add_p_cap', 'RSYS_mac_remove_p_tru', + '__NR_setrlimit', 'rsbac_acl_remove_member_arg_t', + 'R_APPEND_OPEN', 'RSBAC_RC_ROLE_ADMIN_ROLE', + 'rsbac_rc_item_value_t', 'R_RENAME', 'PF_add_task', + '_SVID_SOURCE', 'A_mac_categories', 'EDESTADDRREQ', + 'rsbac_cap_ld_env_int_t', 'RSBAC_RC_KERNEL_P_TYPE', + 'RSBAC_RC_SPECIAL_RIGHT_BASE', 'rsbac_net_obj_id_t', + 'rsbac_jail_scd_vector_t', '__NR_sched_get_priority_max', + 'EUSERS', '__NR_getrlimit', 'CLOCK_REALTIME', 'ENODEV', + 'PF_delete_na', '__NR_waitid', '__NR_get_robust_list', + 'RSBAC_NET_TEMP_OLD_VERSION', 'CAP_SYS_PTRACE', '_ERRNO_H', + '__SIZEOF_PTHREAD_MUTEX_T', '__NR_umask', + '__NR_sigsuspend', 'RSBAC_MAC_U_FLAGS', 'rsbac_scd_type_t', + '__sig_atomic_t', 'rsbac_pm_accesses_t', + 'RSYS_get_adf_log', 'rsbac_pm_add_authorized_tp_t', + 'RCR_ADMIN', 'T_UNIXSOCK', + 'RSBAC_ACL_SUPERVISOR_RIGHT_VECTOR', 'RSBAC_EMUSTCHANGE', + 'ESHUTDOWN', 'RI_def_process_execute_type', + 'UM_lastchange', '__NR_dup2', 'R_EXECUTE', '__NR_vm86', + 'RI_type_comp_nettemp', 'ECONNREFUSED', + 'RSBAC_ACL_ROLE_EVERYROLE', 'FD_SET', + 'RSYS_list_ta_refresh', 'RSBAC_RC_BOOT_ROLE', + 'ACT_group_eff', '__STRING', 'ENOEXEC', 'ST_priority', + 'rsbac_uid_t', '__GNUC_PREREQ', 'EBADF', + 'RSYS_um_mod_group', '__BLKCNT64_T_TYPE', + 'RSBAC_EINVALIDTARGET', 'JAIL_allow_inet_localhost', + '__NR_futimesat', 'FF_no_mount', 'R_MOUNT', '__PDP_ENDIAN', + 'EBADR', '__NR_getrusage', 'EXDEV', '__pid_t', + '__NR_ioperm', '__NR_mknodat', 'SW_GEN', '__NR_getitimer', + '_SIGSET_NWORDS', 'ACLGS_add_group', 'CAP_KILL', + 'RSYS_rc_change_role', 'DAZ_max', 'RSBAC_MAXNAMELEN', + 'RSBAC_UM_NR_USER_PWHISTORY_LISTS', '__NR_ptrace', + 'RSYS_rc_set_item', 'R_SEND', 'A_auth_learn', + 'rsbac_pm_tkt_id_t', 'PH_from_other_users', 'MAC_override', + '__NR_clock_settime', 'ETOOMANYREFS', 'PR_system_admin', + 'RSBAC_AUTH_GROUP_F_CAP', 'RSBAC_ACL_DEFAULT_NETDEV_MASK', + '__NR_prctl', '__NR_olduname', 'PR_security_officer', + 'RSBAC_VERSION_MAJOR', 'EINPROGRESS', + 'RSBAC_ECOULDNOTCREATEPATH', 'tm', '__NR_truncate', + 'RSYS_um_user_exists', 'makedev', '__NR_getdents64', + 'RSBAC_EREINIT', 'ENOTSUP', 'rsbac_mac_auto_t', + 'PTF_delete_authorized_task', '__NR_getpgid', + 'rsys_um_get_gm_user_list_t', 'RCR_ACCESS_CONTROL', + 'RSBAC_ACL_ACCESS_CONTROL_RIGHT_VECTOR', 'EL3RST', + '__SIZEOF_PTHREAD_MUTEXATTR_T', 'R_ALTER', '_POSIX_SOURCE', + 'PP_TP', 'RST_min', '__uint64_t', 'RI_type_comp_group', + '__NR_renameat', 'MA_no', 'A_max_caps_user', + 'RI_def_fd_ind_create_type_remove', 'RSBAC_PAX_DEF_FLAGS', + 'RSYS_none', '__NR_getppid', '__clockid_t', 'LDD_inherit', + 'RSBAC_ACL_MAX_MAXNUM', 'RSYS_list_ta_forget', + '__NR_personality', 'rsys_um_check_account_t', 'PL_tkt', + '__NR_uname', 'R_READ_OPEN', 'SR_auditor', + '__NR_io_destroy', '__NR_prof', 'rsbac_res_array_t', + 'ST_kexec', 'UNDEFINED', 'rsbac_pm_add_task_t', '__mode_t', + 'A_rc_type', 'RSYS_get_attr_n', 'PA_none', '__NR_exit', + 'RSBAC_SEC_DEL_CHUNK_SIZE', + 'rsys_pm_change_current_task_t', + 'RSBAC_MAC_DEF_CAT_VECTOR', '__NR_fchown', '__NR_writev', + 'R_CLOSE', 'RSBAC_ALL_GROUPS', '__NR_mknod', '__NR_time', + 'RI_assign_roles', 'A_linux_dac_disable', 'minor', + 'PF_set_role', '__kernel_uid16_t', '__USE_FORTIFY_LEVEL', + '__NR_idle', 'NTS_delete_template', + 'pthread_barrierattr_t', 'rsbac_auth_cap_range_t', + '__FSBLKCNT64_T_TYPE', 'rsbac_pm_set_tp_t', 'pid_t', + 'EACCES', '__fsfilcnt64_t', 'RSBAC_VERSION', + 'NTS_set_address_family', 'RST_auth_administration', + 'R_ACCEPT', 'ST_capability', '__NR_sched_setscheduler', + 'RC_role_inherit_user', '__NR_ftruncate', '__NR_mmap2', + 'RSYS_acl', 'A_remote_ip', '__NR_oldfstat', + '__NR_get_thread_area', 'ST_host_id', + 'RI_type_group_remove', 'ST_swap', 'EAFNOSUPPORT', + 'CAP_LEASE', 'CAP_MKNOD', 'rsbac_pm_add_authorized_task_t', + 'rsbac_inode_nr_t', 'A_mac_initial_categories', + 'JAIL_allow_dev_get_status', '__NR_sendfile64', + 'AST_auth_administration', '__pthread_internal_slist', + 'RSBAC_SCD_REQUEST_VECTOR', 'LD_inherit', '__NR_getpid', + '__NR_setpgid', '__clock_t', 'RSYS_rc_get_current_role', + 'rsbac_pm_delete_task_t', '__NR_sched_setparam', + 'rsbac_net_temp_old_data_t', 'PF_add_na', 'RSBAC_MAX_MOD', + 'RC_type_min_special', '__LONG_LONG_PAIR', + 'A_current_sec_level', '__NR_rt_sigreturn', 'EAGAIN', + '__error_t_defined', '__NR_llistxattr', '__time_t_defined', + 'I_sem', 'ELIBEXEC', 'RI_name', 'RI_type_dev_remove', + 'ACLG_GLOBAL', '__NR_mlock', 'FF_no_search', + 'RSBAC_MAC_INHERIT_CAT_VECTOR', '__NR_setregid32', + 'A_max_caps_program', '__ASMNAME', '__NR_lstat', + 'NTS_get_address_family', 'RSBAC_NET_TEMP_LNET_ADDRESS', + 'rsys_get_adf_log_t', '__NR_rt_sigsuspend', + 'RSBAC_UM_USER_LIST_NAME', 'RC_role_inherit_up_mixed', + 'R_REMOVE_FROM_KERNEL', '__NR_getresgid', + 'RSBAC_RC_SEC_TYPE', 'PA_pp', 'SW_NONE', + '__pthread_slist_t', 'RC_default_root_dir_force_role', + '__NR_oldolduname', '__GLIBC_MINOR__', '__NR_setresuid', + 'RSBAC_MAC_DEF_P_FLAGS', '__NR_creat', 'RC_type_no_chown', + '__NR_chdir', 'rsys_acl_get_mask_n_t', + 'RI_type_comp_netobj', 'pthread_barrier_t', 'SW_REG', + 'RSYS_um_get_group_list', 'rsbac_target_t', + '__NR_adjtimex', 'SW_RES', 'RSBAC_NETTEMP_REQUEST_VECTOR', + 'R_CHANGE_GROUP', 'RSBAC_NONE_REQUEST_VECTOR', + '__NR_getxattr', 'rsbac_boolean_t', + 'rsbac_acl_add_member_arg_t', 'rsbac_um_group_entry_t', + '__NR_futex', 'RC_no_admin', '__kernel_uid_t', + 'rsbac_fs_file_t', 'major', 'RT_NONE', + 'rsys_acl_list_all_group_t', 'ST_nfsd', + 'RSBAC_EINVALIDVERSION', 'rsbac_syscall_arg_t', + 'pthread_spinlock_t', 'RSBAC_NET_TEMP_LAN_ADDRESS', + 'timespec', 'ENOTUNIQ', 'SL_old_rsbac_internal', 'SW_UM', + 'A_rc_type_nt', 'RSBAC_EINVALIDMODULE', 'RI_type_comp_fd', + 'EFAULT', 'ENOKEY', 'RSBAC_LIST_TTL_KEEP', '__NR_reboot', + '__NR_sysinfo', 'T_NONE', '__USE_LARGEFILE', + '__NR_fstatfs64', '_FEATURES_H', 'RC_role_inherit_process', + 'NR_syscalls', 'rsbac_adf_request_t', 'RSBAC_SECOFF_UID', + 'itimerspec', 'EPFNOSUPPORT', 'rsbac_mac_process_flags_t', + '__NR_link', '__NR_init_module', + 'RSYS_pm_change_current_task', '__USE_POSIX199309', + 'R_AUTHENTICATE', 'RSBAC_NET_TEMP_NAME', + '__user_cap_data_struct', '__NR_stty', 'R_NET_SHUTDOWN', + 'RI_type_netobj_name', '__NR_sysfs', + 'RSBAC_AUTH_LOGIN_PATH_FILE', 'RSBAC_EINVALIDVALUE', + '__NR_quotactl', '__NR_vmsplice', 'RSYS_mac_get_min_level', + 'SL_min', 'rsbac_auth_cap_type_int_t', 'EL2NSYNC', + '__STDC_IEC_559__', '__blkcnt64_t', + 'RSBAC_ACL_DEFAULT_SCD_MASK', '__pthread_mutex_s', + 'ACLGS_change_group', '__NR_set_thread_area', + 'rsys_um_add_user_t', 'rsbac_daz_scanner_t', 'mode_t', + 'RI_def_fd_ind_create_type', '__NR_add_key', + 'rsys_mac_remove_p_tru_t', '__NR_readlink', + 'RSYS_auth_remove_f_cap', 'I_anonunix', + 'rsbac_pm_switch_auth_t', '__NR_pivot_root', '__NR_execve', + '__NR_openat', '__NR_getresgid32', '__loff_t', 'EDEADLK', + 'FD_CLR', 'RI_def_process_create_type', 'SW_ACL', + 'rsys_acl_get_tlist_n_t', 'RSBAC_NWR_REQUEST_VECTOR', + '__NR_setsid', 'RSBAC_NET_TEMP_NAMELEN', + 'A_pm_current_task', '__NR_statfs', + 'RSBAC_UM_USER_LIST_VERSION', 'LDD_false', 'fd_mask', + 'ushort', '__int16_t', '__NR_setresuid32', + '__kernel_clockid_t', 'UM_pass', 'RSYS_um_mod_user', + 'rsbac_system_role_t', '__FDELT', 'R_CHANGE_OWNER', + 'rsbac_switch_target_int_t', '__kernel_gid32_t', + 'RSBAC_NET_UNKNOWN', 'RSBAC_UM_GROUP_LIST_VERSION', + '__NR_fcntl64', 'A_security_level', + 'RC_type_inherit_parent', 'RSYS_um_add_user', + 'MAC_prop_trusted', '__NR_chown32', + 'RC_default_init_force_role', '__intptr_t', + '__timespec_defined', 'UM_fullname', '__u64', 'UM_group', + 'SW_MAC', 'UM_maxchange', 'RSBAC_MAC_DEF_SECOFF_U_FLAGS', + 'RSBAC_ACL_SPECIAL_RIGHTS_VECTOR', 'RI_type_group_name', + 'RSBAC_MAC_NR_CATS', 'RSYS_mac_set_curr_level', + 'CAP_FS_MASK', 'RSBAC_NET_NR_INET_ADDR', 'ENFILE', + 'EREMCHG', '__BIT_TYPES_DEFINED__', 'CAP_SYS_MODULE', + 'RSBAC_MAC_P_FLAGS', 'SW_FF', 'RSYS_acl_list_all_user', + 'ENOMEM', 'NTS_set_netdev', 'rsys_acl_get_tlist_t', + 'EOWNERDEAD', 'T_DIR', 'RSBAC_EWRITEFAILED', 'R_DELETE', + 'PO_non_personal_data', 'RI_type_process_name', + 'rsbac_pm_add_responsible_user_t', + 'rsbac_adf_request_int_t', 'rsbac_daz_scanned_t', + '__NR_brk', 'A_min_security_level', 'R_LINK_HARD', + 'rsbac_pm_delete_user_aci_t', 'rsys_um_auth_name_t', + '__NR_fadvise64_64', 'A_remote_log_array_low', + 'PF_add_consent', 'u_long', 'RSYS_daz_flush_cache', + 'A_mac_process_flags', 'PO_ipc', '__NR_readlinkat', + 'R_CHANGE_DAC_FS_GROUP', 'rsbac_target_id_t', + 'A_jail_max_caps', 'RSBAC_MAC_GENERAL_CATEGORY', + '__DEV_T_TYPE', 'RSYS_stats_pm', 'RSBAC_MAC_DEF_U_FLAGS', + 'PF_delete_responsible_user', 'RI_type_ipc_remove', + 'PF_set_tp', 'error_t', 'rsbac_pm_ru_set_id_t', + 'EWOULDBLOCK', 'RI_type_netobj_remove', + 'RI_type_nettemp_remove', '_SYS_CDEFS_H', + 'RSBAC_LIST_TA_MAX_PASSLEN', 'rsbac_jail_ip_t', + 'rsbac_pm_create_tp_t', '__NR_statfs64', '__NR_tgkill', + 'RSBAC_ACL_GROUP_NAMELEN', '__u8', 'PA_cs', + '__FDSET_LONGS', '_BITS_TIME_H', 'CAP_SYS_RESOURCE', + 'CAP_IPC_LOCK', '__NR_munmap', 'rsys_set_attr_t', + 'PO_personal_data', 'LDD_true', 'RSYS_pm', 'timeval', + 'RSBAC_RC_SYS_TYPE', '__NR_request_key', + 'rsbac_acl_group_id_t', 'ST_mlock', '__NR_getuid32', + 'A_audit_uid', 'rsbac_auth_cap_type_t', 'EPROTO', 'ENOLCK', + 'PF_PAX_MPROTECT', 'rsbac_acl_special_rights_t', 'PO_TP', + 'R_MODIFY_PERMISSIONS_DATA', 'UM_expire', '__NR_nice', + 'register_t', 'ACLGS_none', '__NR_lstat64', 'PL_na', + 'A_symlink_add_remote_ip', 'rsys_um_remove_gm_t', + 'PF_PAX_PAGEEXEC', 'RSBAC_READ_WRITE_OPEN_REQUEST_VECTOR', + 'RSYS_mac_remove_f_tru', 'rsys_mac_add_f_tru_t', + 'RSYS_mac_get_f_trulist', 'rsys_net_list_all_netdev_t', + 'RSBAC_AUTH_DAC_OWNER_F_CAP', '__NR_clock_gettime', + 'rsbac_system_role_int_t', 'rsys_list_all_dev_t', + 'R_SEND_SIGNAL', 'rsbac_version_t', + 'rsbac_rc_admin_type_t', 'RC_role_admin', 'UM_cryptpass', + 'RSBAC_DATAPROT_UID', 'RSBAC_MAC_MAX_MAXNUM', '__be32', + 'ENOBUFS', '__NR_setfsuid32', 'A_initial_security_level', + 'RSBAC_EINVALIDREQUEST', 'rsys_remove_target_t', + 'RSBAC_SECURITY_REQUEST_VECTOR', 'RSBAC_RC_NAME_LEN', + 'rsys_list_ta_refresh_t', 'rsbac_pm_pp_set_id_t', + '__CONCAT', 'SW_PAX', 'ST_ioports', + 'RSBAC_NET_TEMP_ALL_ID', 'EOPNOTSUPP', 'RSBAC_BIN_UID', + '__NR_timer_settime', 'rsbac_ipc_id_t', '__NR_gettid', + 'RI_type_comp_process', 'RSYS_um_add_gm', 'RI_role_comp', + '__NR_acct', 'R_TRACE', 'u_int', 'T_SYMLINK', 'gid_t', + '__STDC_IEC_559_COMPLEX__', 'ESPIPE', + 'rsbac_pm_function_param_t', '__kernel_fsid_t', + 'A_rc_initial_role', 'EROFS', 'A_local_pm_object_type', + 'blkcnt64_t', '__NR_alarm', 'A_res_role', + 'rsbac_old_gid_t', '__NR_getresuid32', 'RC_type_no_create', + 'ACT_group_fs', 'rsbac_pm_purpose_id_t', + 'RSBAC_AUTH_MAX_MAXNUM', 'R_READ_WRITE_OPEN', + 'PTF_set_object_class', 'EPROTOTYPE', 'ENAVAIL', + 'rsbac_um_mod_data_t', 'rsbac_pm_tp_set_id_t', + '__NR_listxattr', 'N16pthread_rwlock_t4DOT_11E', + 'rsys_list_ta_begin_t', 'NTS_set_type', + 'A_remote_pm_object_class', 'RSBAC_UM_NR_USER_LISTS', + 'T_GROUP', 'RSBAC_AUTH_OWNER_F_CAP', 'RC_none', + '__socklen_t', 'rsbac_acl_entry_desc_t', 'EOVERFLOW', + 'PO_dir', '__kernel_uid32_t', 'A_ff_role', + '_ATFILE_SOURCE', 'ACLS_NONE', 'T_NETDEV', + '__NR_lsetxattr', 'ENAMETOOLONG', + 'rsbac_acl_add_group_arg_t', 'RSBAC_ENOTFOUND', + 'CAP_AUDIT_CONTROL', 'RSBAC_EINVALIDDEV', + 'RSBAC_CAP_DEFAULT_MIN', '__kernel_size_t', + 'rsbac_acl_subject_id_t', '__SIZEOF_PTHREAD_CONDATTR_T', + 'A_remote_pm_ipc_purpose', 'rsbac_net_temp_id_t', + '__NR__llseek', '__le64', 'RSYS_rc_get_list', + 'RC_role_inherit_parent', 'RSBAC_AUTH_MAX_RANGE_GID', + 'EMSGSIZE', 'MAC_trusted', 'RSBAC_NET_TEMP_INET_ID', + '__NR_create_module', 'ST_quota', 'EREMOTEIO', + 'rsbac_acl_int_subject_type_t', 'R_CREATE', + 'RSYS_um_get_group_item', 'rsys_list_all_user_t', + 'A_max_caps', 'RC_type_no_execute', 'D_char', + 'RSBAC_UM_FULLNAME_LEN', 'rsbac_reg_handle_t', + 'RSBAC_PM_A_WRITE', '__NR_setpriority', + 'RSYS_list_all_dev', '__NR_ugetrlimit', '__NR_removexattr', + 'ENOANO', 'SL_top_secret', 'EUCLEAN', 'PR_tp_manager', + 'id_t', '__NR_setgid32', 'rsbac_acl_rights_vector_t', + 'RCR_CHANGE_AUTHED_OWNER', 'A_pseudo', + 'PF_set_device_object_type', 'R_GET_PERMISSIONS_DATA', + '__SIZEOF_PTHREAD_BARRIER_T', 'PL_cs', 'pthread_key_t', + 'rsbac_linux_dac_disable_int_t', 'AMS_off', 'UM_shell', + 'CAP_SETPCAP', 'RSYS_um_set_pass', 'RT_TYPE', '__PMT', + 'EPIPE', '__NR_sigpending', 'RSBAC_NWF_REQUEST_VECTOR', + 'EBFONT', 'rsbac_pax_flags_t', '__NR_timer_getoverrun', + 'ESTRPIPE', 'PA_tp', 'EADDRINUSE', 'fsid_t', + 'NTS_set_protocol', 'CAP_SYS_PACCT', 'RSBAC_RES_MAX', + 'SR_none', 'fsfilcnt64_t', 'RSBAC_NETDEV_REQUEST_VECTOR', + 'rsys_um_mod_group_t', '__NR_fstatfs', 'SW_DAZ', + 'DAZ_clean', '__NR_rt_sigaction', 'PF_delete_user_aci', + 'ENOENT', 'BIG_ENDIAN', '__NR_mpx', + 'rsbac_attribute_value_t', 'rsbac_acl_entry_t', + '__USE_XOPEN_EXTENDED', '__NR_get_mempolicy', + 'rsbac_auth_may_setuid_t', 'timer_t', 'ECOMM', 'PR_user', + 'RSBAC_NWS_REQUEST_VECTOR', '__NR_getpgrp', 'ENOTEMPTY', + 'N14pthread_cond_t3DOT_8E', 'ST_time_strucs', + 'A_local_mac_categories', 'RSYS_acl_get_mask', + 'RSBAC_AUTH_LOGIN_PATH', 'ACLG_PRIVATE', '__NR_getgroups', + 'RSYS_reg', 'rsys_um_check_account_name_t', '__NR_ftime', + 'rsbac_rc_scd_type_t', 'CAP_CHOWN', '__NR_mq_timedsend', + '__NR_mprotect', 'rsbac_pm_in_pp_set_id_t', 'CAP_FSETID', + 'R_MAP_EXEC', 'RSYS_mac_get_max_level', 'FF_add_inherited', + 'A_cap_role', '__NR__newselect', 'A_mac_role', + 'rsys_um_get_group_item_t', '__USE_ISOC99', + 'DEFAULT_DAZ_FD_SCANNED', 'rsys_list_all_ipc_t', 'ssize_t', + 'CAP_SETUID', '__NR_fdatasync', 'SW_RC', 'EPROTONOSUPPORT', + 'rsbac_cap_ld_env_t', 'A_jail_ip', 'RSYS_remove_target_n', + 'ETIME', 'T_DEV', '__USE_XOPEN', 'A_jail_id', + 'RSBAC_RC_OLD_SPECIAL_RIGHT_BASE', 'A_rc_force_role', + '__NR_getpmsg', 'RSBAC_PM_DEV_OBJECT_CLASS_ID', + 'A_pm_program_type', 'rsbac_ipc_t', + 'RSBAC_RC_AUDITOR_ROLE', 'I_none', '__NR_rt_sigqueueinfo', + '__NR_setgroups', 'A_local_sec_level', 'LITTLE_ENDIAN', + 'rsbac_net_obj_desc_t', '__USE_ATFILE', + 'RSYS_adf_log_switch', 'ACLGS_get_group_entry', + '__int32_t', 'rsbac_pm_function_type_t', 'rsbac_rc_item_t', + 'EIDRM', 'EADDRNOTAVAIL', 'RSBAC_PM_A_ALL', + 'rsys_auth_add_f_cap_t', 'RSBAC_JAIL_VERSION', 'EPERM', + 'rsys_acl_list_all_dev_t', 'PF_PAX_RANDEXEC', + '__NR_set_robust_list', '__NR_setresgid', 'clock_t', + '__NR_stat', 'EISCONN', 'RI_def_fd_create_type', 'A_none', + '__NR_modify_ldt', 'SL_old_inherit', 'R_READ_ATTRIBUTE', + 'ST_clock', '__NR_wait4', '__BYTE_ORDER', '__NR_readv', + 'rsys_mac_get_f_trulist_t', 'RSBAC_SYSADM_UID', + 'PA_in_pp_set', 'RCR_SELECT', 'T_FIFO', + 'JAIL_allow_inet_raw', '__NR_mkdirat', 'ST_rlimit', + 'key_t', 'RSBAC_ACL_GEN_RIGHTS_VECTOR', 'A_rc_def_role', + 'R_READ', '__NR_write', 'rsbac_attribute_t', 'ELIBMAX', + '__NR_uselib', '_POSIX_C_SOURCE', 'EMULTIHOP', + 'RSBAC_PM_A_CREATE', 'R_SWITCH_MODULE', '__USE_SVID', + '__NR_madvise', 'rsbac_pm_tp_id_t', '__NR_epoll_ctl', + 'RSYS_acl_get_rights', '__NR_sigaltstack', 'ECONNABORTED', + 'RSBAC_IFNAMSIZ', 'rsys_net_list_all_template_t', + 'rsys_mac_get_p_trulist_t', '__NR_pread64', '__uint8_t', + 'RSBAC_NET_NR_PORTS', 'ACLC_remove_acl', '__u_char', + '__be16', '__caddr_t', 'PA_tkt', 'PA_out_pp_set', + 'rsys_pm_create_file_t', '__NR_capget', + '__SIZEOF_PTHREAD_COND_T', 'NTS_get_ports', '__NR_syslog', + 'rsys_jail_t', 'A_pm_object_type', '__NR_getgroups32', + '__NR_mq_notify', 'RSBAC_NET_TEMP_LNET_ID', + 'RSYS_list_ta_begin', 'D_block_major', + '__kernel_ipc_pid_t', 'A_mac_curr_categories', + 'A_remote_rc_type', '__kernel_gid16_t', + '_XOPEN_SOURCE_EXTENDED', 'PTF_set_auth_may_setuid', + '__NR_capset', '__s32', 'A_min_write_open', 'EKEYREVOKED', + 'T_FD', '__NR_pwrite64', 'rsbac_fake_root_uid_int_t', + 'PF_none', 'EL2HLT', 'rsbac_list_ta_number_t', + 'RSBAC_RES_NONE', 'rsbac_enum_t', '_BSD_SOURCE', '__uid_t', + '__int8_t', 'ACLC_set_mask', '__NR_sched_get_priority_min', + '__NR_afs_syscall', '__NR_bdflush', 'rsbac_pid_t', + 'RSBAC_EEXPIRED', '__USE_LARGEFILE64', + 'A_remote_sec_level', 'RSYS_acl_get_mask_n', 'T_NETOBJ', + 'NTS_get_protocol', '__NR_putpmsg', 'PA_na', 'LDD_none', + 'FF_append_only', '__NR_rt_sigpending', 'PF_PAX_SEGMEXEC', + 'RCR_SUPERVISOR', 'ST_net_id', '__RLIM64_T_TYPE', + 'rsys_rc_set_item_t', 'CAP_SYS_ADMIN', + 'rsbac_acl_get_group_members_arg_t', 'rsbac_pm_role_int_t', + '__NR_migrate_pages', 'RSBAC_JAIL_DEF_ID', + 'RSBAC_ENOTWRITABLE', 'AMS_last_auth_and_gid', '__bos', + 'PF_delete_tp', '__ssize_t', 'RSYS_pm_create_file', + 'FF_no_execute', 'int16_t', 'EUNATCH', '__sigset_t', + 'PA_tp_set', 'ENOTSOCK', 'PF_create_ticket', + 'RI_type_comp_ipc', 'FF_write_only', + 'RSYS_rc_select_fd_create_type', 'PA_class', + 'PTF_delete_task', 'PF_PAX_RANDMMAP', + 'RSBAC_EDECISIONMISMATCH', 'SW_CAP', + 'rsbac_acl_group_syscall_arg_t', + 'rsbac_auth_may_setuid_int_t', '__NR_lremovexattr', + '__kernel_nlink_t', 'PF_add_authorized_tp', + 'RSYS_net_list_all_template', 'NTS_get_address', + 'ETIMEDOUT', 'PTF_add_responsible_user', 'RSYS_write', + 'clockid_t', 'caddr_t', 'EALREADY', 'ACLG_NONE', 'ENXIO', + 'rsbac_net_temp_data_t', 'PF_set_auth_may_setuid', + '__USE_MISC', 'R_WRITE', '__NR_faccessat', + 'RC_role_use_force_role', '__le16', 'ENOSR', 'ST_none', + 'ELIBSCN', 'rsbac_pm_program_type_int_t', + 'rsys_um_set_group_pass_t', 'PTF_set_auth_may_set_cap', + 'RSBAC_UM_GROUP_LIST_KEY', '__NR_lgetxattr', + 'A_cap_ld_env', 'JAIL_allow_external_ipc', + 'rsbac_fake_root_uid_t', 'EBADSLT', 'rsbac_acl_scd_type_t', + '__dev_t', '__qaddr_t', '_SYS_SYSMACROS_H', + 'RSYS_um_remove_gm', 'JAIL_allow_parent_ipc', + 'UM_inactive', '__NR_fsetxattr', + 'rsbac_net_temp_other_addr_t', 'rsys_um_add_gm_t', + 'PF_delete_authorized_task', 'JAIL_auto_adjust_inet_any', + '__NR_chmod', 'R_ADD_TO_KERNEL', '__USE_POSIX199506', + 'ENETDOWN', '__S64_TYPE', '__BIG_ENDIAN', 'UM_minchange', + '__NR_flock', 'rsys_auth_get_f_caplist_t', + 'rsbac_pm_time_stamp_t', '__NR_setregid', '__NR_fadvise64', + 'rsbac_pm_task_set_id_t', '__NR_madvise1', + '__SIZEOF_PTHREAD_COND_COMPAT_T', '__fsblkcnt64_t', + 'RC_type_use_new_role_def_create', 'rsbac_netdev_id_t', + 'EBADE', 'rsbac_acl_group_syscall_type_t', + 'RI_type_fd_remove', '__ino_t', '__NR_lchown32', 'ENODATA', + '__NR_gettimeofday', 'A_res_max', 'CAP_SYS_NICE', + 'RSBAC_UM_OLD_GROUP_LIST_NAME', '__NR_set_mempolicy', + 'A_auth_last_auth', '__user_cap_header_struct', + 'RSYS_set_attr_n', '_TIME_H', + '__SIZEOF_PTHREAD_BARRIERATTR_T', 'LL_denied', + '__NR_mkdir', 'ESOCKTNOSUPPORT', '__NR_profil', + 'A_pm_task_set', 'PTF_delete_object_class', + '__NR_truncate64', '__kernel_ino_t', 'UM_warnchange', + 'rsbac_switch_target_t', 'RSYS_mac_get_curr_level', + '__ino64_t', 'PTF_add_purpose', 'T_NETTEMP_NT', 'PL_class', + 'EEXIST', '__NR_oldstat', 'A_local_pm_object_class', + '_SYS_SELECT_H', 'sigset_t', '__NR_sched_yield', + '__NR_ioprio_set', 'RSBAC_PM_ROOT_TASK_SET_ID', 'SW_AUTH', + 'SW_PM', 'fd_set', 'rsbac_pm_add_consent_t', + '__clock_t_defined', 'UM_none', 'R_GET_STATUS_DATA', + 'RSBAC_EPATHTOOLONG', 'JAIL_allow_tty_open', + 'ACLC_add_to_acl_entry', 'SW_SOFTMODE', 'rsys_pm_t', + 'rsys_rc_copy_role_t', 'ACLS_GROUP', 'CLOCK_MONOTONIC', + '__NR_getresuid', 'RSBAC_ECOULDNOTADDDEVICE', + 'rsbac_pm_add_purpose_t', 'ENOTRECOVERABLE', + 'PTF_switch_pm', 'A_rc_role', 'RI_type_dev_name', + 'LD_allow', 'EINTR', 'EADV', 'FF_no_delete_or_rename', + '__NR_remap_file_pages', 'RSYS_remove_target', + '__NR_vm86old', 'ENOSYS', 'rsys_get_attr_n_t', + '__kernel_gid_t', 'RI_def_group_create_type', + '__kernel_key_t', '__NR_sched_setaffinity', + 'A_pm_object_class', 'FR_none', '__USE_UNIX98', '__gid_t', + '__NR_nanosleep', 'rsys_list_ta_forget_t', '__daddr_t', + 'RI_admin_type', '__NR_select', 'SR_administrator', + 'rsbac_net_temp_addr_t', '__NR_times', 'rsbac_auth_file_t', + 'RSBAC_ENOROOTDIR', 'ST_sysfs', '__NR_setreuid', + 'JAIL_allow_mount', 'A_remote_pm_object_type', + 'RSBAC_EBUSY', 'rsbac_linux_dac_disable_t', 'locale_data', + 'SW_FREEZE', '__NR_mq_getsetattr', 'R_MODIFY_ATTRIBUTE', + 'RSBAC_OLD_NO_USER', 'ST_syslog', 'int64_t', + '__NR_setxattr', 'RT_ROLE', 'A_min_write_categories', + 'RI_def_user_create_type', 'CLOCK_PROCESS_CPUTIME_ID', + 'EDOTDOT', 'EBADFD', 'AST_none', 'ENOMEDIUM', 'PO_none', + 'FD_SETSIZE', 'RSBAC_AUTH_OLD_OWNER_F_CAP', + 'rsbac_boolean_int_t', 'RSYS_acl_list_all_dev', + '__NR_fchown32', 'RSBAC_NET_TEMP_AUTO_ID', + 'rsys_um_get_user_item_t', '__NR_setgid', + 'PTF_delete_consent'] diff --git a/rsbac/rsbac_auto.py b/rsbac/rsbac_auto.py new file mode 100644 index 0000000..388e1bb --- /dev/null +++ b/rsbac/rsbac_auto.py @@ -0,0 +1 @@ +g_attributes = [('auth_last_auth', 'AUTH', 'auth_last_auth', 'rsbac_uid_t', ['PROCESS']), ('auth_learn', 'AUTH', 'auth_learn', 'rsbac_boolean_t', ['FD', 'PROCESS']), ('auth_may_set_cap', 'AUTH', 'auth_may_set_cap', 'rsbac_boolean_t', ['FD', 'PROCESS']), ('auth_may_setuid', 'AUTH', 'auth_may_setuid', 'rsbac_auth_may_setuid_int_t', ['FD', 'PROCESS']), ('auth_role', 'AUTH', 'system_role', 'rsbac_system_role_int_t', ['USER']), ('cap_ld_env', 'CAP', 'cap_ld_env', 'rsbac_cap_ld_env_int_t', ['FD', 'USER', 'PROCESS']), ('cap_process_hiding', 'CAP', 'cap_process_hiding', 'rsbac_cap_process_hiding_int_t', ['PROCESS']), ('cap_role', 'CAP', 'system_role', 'rsbac_system_role_int_t', ['USER']), ('max_caps', 'CAP', 'max_caps', 'rsbac_cap_vector_t', ['FD', 'USER']), ('max_caps_program', 'CAP', 'max_caps_program', 'rsbac_cap_vector_t', ['PROCESS']), ('max_caps_user', 'CAP', 'max_caps_user', 'rsbac_cap_vector_t', ['PROCESS']), ('min_caps', 'CAP', 'min_caps', 'rsbac_cap_vector_t', ['FD', 'USER']), ('daz_role', 'DAZ', 'system_role', 'rsbac_system_role_int_t', ['USER']), ('daz_scanned', 'DAZ', 'daz_scanned', 'rsbac_daz_scanned_t', ['FD']), ('daz_scanner', 'DAZ', 'daz_scanner', 'rsbac_daz_scanner_t', ['FD', 'PROCESS']), ('ff_flags', 'FF', 'ff_flags', 'rsbac_ff_flags_t', ['FD']), ('ff_role', 'FF', 'system_role', 'rsbac_system_role_int_t', ['USER']), ('audit_uid', 'GEN', 'audit_uid', 'rsbac_uid_t', ['PROCESS']), ('auid_exempt', 'GEN', 'auid_exempt', 'rsbac_uid_t', ['FD', 'PROCESS']), ('fake_root_uid', 'GEN', 'fake_root_uid', 'rsbac_fake_root_uid_int_t', ['FD', 'PROCESS']), ('linux_dac_disable', 'GEN', 'linux_dac_disable', 'rsbac_linux_dac_disable_int_t', ['FD']), ('local_log_array_high', 'GEN', 'log_array_high', 'rsbac_log_array_t', ['NETOBJ']), ('local_log_array_low', 'GEN', 'log_array_low', 'rsbac_log_array_t', ['NETOBJ']), ('log_array_high', 'GEN', 'log_array_high', 'rsbac_log_array_t', ['FD', 'DEV', 'NETDEV', 'NETTEMP']), ('log_array_low', 'GEN', 'log_array_low', 'rsbac_log_array_t', ['FD', 'DEV', 'NETDEV', 'NETTEMP']), ('log_program_based', 'GEN', 'log_program_based', 'rsbac_request_vector_t', ['FD', 'PROCESS']), ('log_user_based', 'GEN', 'log_user_based', 'rsbac_request_vector_t', ['USER']), ('pseudo', 'GEN', 'pseudo', 'rsbac_pseudo_t', ['USER']), ('remote_ip', 'GEN', 'remote_ip', '__u32', ['PROCESS']), ('remote_log_array_high', 'GEN', 'log_array_high', 'rsbac_log_array_t', ['NETOBJ']), ('remote_log_array_low', 'GEN', 'log_array_low', 'rsbac_log_array_t', ['NETOBJ']), ('symlink_add_mac_level', 'GEN', 'symlink_add_mac_level', 'rsbac_boolean_t', ['FD']), ('symlink_add_rc_role', 'GEN', 'symlink_add_rc_role', 'rsbac_boolean_t', ['FD']), ('symlink_add_remote_ip', 'GEN', 'symlink_add_remote_ip', 'rsbac_enum_t', ['FD']), ('symlink_add_uid', 'GEN', 'symlink_add_uid', 'rsbac_boolean_t', ['FD']), ('jail_flags', 'JAIL', 'jail_flags', 'rsbac_jail_flags_t', ['PROCESS']), ('jail_id', 'JAIL', 'jail_id', 'rsbac_jail_id_t', ['IPC', 'PROCESS']), ('jail_ip', 'JAIL', 'jail_ip', 'rsbac_jail_ip_t', ['PROCESS']), ('jail_max_caps', 'JAIL', 'jail_max_caps', 'rsbac_cap_vector_t', ['PROCESS']), ('jail_parent', 'JAIL', 'jail_parent', 'rsbac_jail_id_t', ['PROCESS']), ('jail_role', 'JAIL', 'system_role', 'rsbac_system_role_int_t', ['USER']), ('jail_scd_get', 'JAIL', 'jail_scd_get', 'rsbac_jail_scd_vector_t', ['PROCESS']), ('jail_scd_modify', 'JAIL', 'jail_scd_modify', 'rsbac_jail_scd_vector_t', ['PROCESS']), ('current_sec_level', 'MAC', 'current_sec_level', 'rsbac_security_level_t', ['PROCESS']), ('initial_security_level', 'MAC', 'security_level', 'rsbac_security_level_t', ['USER', 'PROCESS']), ('local_mac_categories', 'MAC', 'mac_categories', 'rsbac_mac_category_vector_t', ['NETOBJ']), ('local_sec_level', 'MAC', 'security_level', 'rsbac_security_level_t', ['NETOBJ']), ('mac_auto', 'MAC', 'mac_auto', 'rsbac_mac_auto_int_t', ['FD', 'PROCESS']), ('mac_categories', 'MAC', 'mac_categories', 'rsbac_mac_category_vector_t', ['FD', 'DEV', 'IPC', 'USER', 'PROCESS', 'NETTEMP']), ('mac_check', 'MAC', 'mac_check', 'rsbac_boolean_t', ['DEV']), ('mac_curr_categories', 'MAC', 'mac_categories', 'rsbac_mac_category_vector_t', ['PROCESS']), ('mac_file_flags', 'MAC', 'mac_file_flags', 'rsbac_mac_file_flags_t', ['FD']), ('mac_initial_categories', 'MAC', 'mac_categories', 'rsbac_mac_category_vector_t', ['USER', 'PROCESS']), ('mac_min_categories', 'MAC', 'mac_categories', 'rsbac_mac_category_vector_t', ['USER', 'PROCESS']), ('mac_process_flags', 'MAC', 'mac_process_flags', 'rsbac_mac_process_flags_t', ['PROCESS']), ('mac_prop_trusted', 'MAC', 'mac_prop_trusted', 'rsbac_boolean_t', ['FD']), ('mac_role', 'MAC', 'system_role', 'rsbac_system_role_int_t', ['USER']), ('mac_user_flags', 'MAC', 'mac_user_flags', 'rsbac_mac_user_flags_t', ['USER']), ('max_read_categories', 'MAC', 'mac_categories', 'rsbac_mac_category_vector_t', ['PROCESS']), ('max_read_open', 'MAC', 'max_read_open', 'rsbac_security_level_t', ['PROCESS']), ('min_security_level', 'MAC', 'security_level', 'rsbac_security_level_t', ['USER', 'PROCESS']), ('min_write_categories', 'MAC', 'mac_categories', 'rsbac_mac_category_vector_t', ['PROCESS']), ('min_write_open', 'MAC', 'min_write_open', 'rsbac_security_level_t', ['PROCESS']), ('remote_mac_categories', 'MAC', 'mac_categories', 'rsbac_mac_category_vector_t', ['NETOBJ']), ('remote_sec_level', 'MAC', 'security_level', 'rsbac_security_level_t', ['NETOBJ']), ('security_level', 'MAC', 'security_level', 'rsbac_security_level_t', ['FD', 'DEV', 'IPC', 'USER', 'PROCESS', 'NETTEMP']), ('pax_flags', 'PAX', 'pax_flags', 'rsbac_pax_flags_t', ['FD', 'PROCESS']), ('pax_role', 'PAX', 'system_role', 'rsbac_system_role_int_t', ['USER']), ('local_pm_ipc_purpose', 'PM', 'pm_ipc_purpose', 'rsbac_pm_purpose_id_t', ['NETOBJ']), ('local_pm_object_class', 'PM', 'pm_object_class', 'rsbac_pm_object_class_id_t', ['NETOBJ']), ('local_pm_object_type', 'PM', 'pm_object_type', 'rsbac_pm_object_type_int_t', ['NETOBJ']), ('pm_current_task', 'PM', 'pm_current_task', 'rsbac_pm_task_id_t', ['PROCESS']), ('pm_ipc_purpose', 'PM', 'pm_ipc_purpose', 'rsbac_pm_purpose_id_t', ['IPC', 'NETTEMP']), ('pm_object_class', 'PM', 'pm_object_class', 'rsbac_pm_object_class_id_t', ['FD', 'DEV', 'IPC', 'NETTEMP']), ('pm_object_type', 'PM', 'pm_object_type', 'rsbac_pm_object_type_int_t', ['FD', 'DEV', 'IPC', 'NETTEMP']), ('pm_process_type', 'PM', 'pm_process_type', 'rsbac_pm_process_type_int_t', ['PROCESS']), ('pm_role', 'PM', 'pm_role', 'rsbac_pm_role_int_t', ['USER']), ('pm_task_set', 'PM', 'pm_task_set', 'rsbac_pm_task_set_id_t', ['USER']), ('pm_tp', 'PM', 'pm_tp', 'rsbac_pm_tp_id_t', ['FD', 'PROCESS']), ('remote_pm_ipc_purpose', 'PM', 'pm_ipc_purpose', 'rsbac_pm_purpose_id_t', ['NETOBJ']), ('remote_pm_object_class', 'PM', 'pm_object_class', 'rsbac_pm_object_class_id_t', ['NETOBJ']), ('remote_pm_object_type', 'PM', 'pm_object_type', 'rsbac_pm_object_type_int_t', ['NETOBJ']), ('local_rc_type', 'RC', 'rc_type', 'rsbac_rc_type_id_t', ['NETOBJ']), ('rc_def_role', 'RC', 'rc_def_role', 'rsbac_rc_role_id_t', ['USER']), ('rc_force_role', 'RC', 'rc_force_role', 'rsbac_rc_role_id_t', ['FD', 'PROCESS']), ('rc_initial_role', 'RC', 'rc_initial_role', 'rsbac_rc_role_id_t', ['FD']), ('rc_role', 'RC', 'rc_role', 'rsbac_rc_role_id_t', ['PROCESS']), ('rc_select_type', 'RC', 'rc_select_type', 'rsbac_rc_type_id_t', ['PROCESS']), ('rc_type', 'RC', 'rc_type', 'rsbac_rc_type_id_t', ['DEV', 'IPC', 'USER', 'PROCESS', 'GROUP', 'NETDEV', 'NETTEMP']), ('rc_type_fd', 'RC', 'rc_type_fd', 'rsbac_rc_type_id_t', ['FD']), ('rc_type_nt', 'RC', 'rc_type', 'rsbac_rc_type_id_t', ['NETTEMP']), ('remote_rc_type', 'RC', 'rc_type', 'rsbac_rc_type_id_t', ['NETOBJ']), ('res_max', 'RES', 'res_array', 'rsbac_res_array_t', ['FD', 'USER']), ('res_min', 'RES', 'res_array', 'rsbac_res_array_t', ['FD', 'USER']), ('res_role', 'RES', 'system_role', 'rsbac_system_role_int_t', ['USER'])] diff --git a/rsbac/transaction.py b/rsbac/transaction.py new file mode 100644 index 0000000..769ad36 --- /dev/null +++ b/rsbac/transaction.py @@ -0,0 +1,113 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ 'CurrentTransaction' , 'Transaction' , + 'withCurrentTransaction' , 'withTransaction' ] + +# Duplicated in um.py +g_NO_USER = -3 +g_ALL_USERS = -4 +g_NO_GROUP = -3 +g_ALL_GROUPS = -4 + +from ctypes import byref + +from rsbac import headers, lib +from rsbac.errors import raiseIfError + +# Minimal transaction support. FIXME: Integrate transactions into the +# rest of the modules. For example, as a global (g_transaction +# imported from a common module) then used everywhere a transaction is +# needed. See Python 2.5 'with' statement that could help to run a +# transaction and finish it cleanly. (Emulating Common Lisp special +# variable.) -> Update: see _t below. + +# The current transaction +_t = 0 + +# With Python 2.5 or above: +# ... +# with CurrentTransaction( n ) : +# BLOCK +# ... +class CurrentTransaction( object ) : + def __init__( self , transaction ) : + self._t = transaction + self._old = None + def __enter__( self ) : + global _t + self._old = _t + _t = self._t + def __exit__( self , a , b , c ) : + global _t + assert self._old is not None + _t = self._old + +# For Python 2.4: +def _with( o , fun , args = () ) : + o.__enter__() + try : + return fun( *args ) + finally : + o.__exit__( None , None , None ) + +def withCurrentTransaction( n , fun ) : + return _with( CurrentTransaction( n ) , fun ) + +def withTransaction( fun , uid = g_ALL_USERS , password = None , ttl = 0 ) : + n = begin( uid , password , ttl ) + try : + _with( CurrentTransaction( n ) , fun , ( Transaction( n ) , ) ) + finally : + # If the transaction still exist, cancel it inconditionnaly. + lib.rsbac_list_ta_forget( n , password ) + +def begin( uid = g_ALL_USERS , password = None , ttl = 0 ) : + value = headers.rsbac_list_ta_number_t() + raiseIfError( lib.rsbac_list_ta_begin( ttl , byref( value ) , + uid , password ) ) + return int( value.value ) + +def refresh( transaction , password = None , ttl = 0 ) : + raiseIfError( lib.rsbac_list_ta_refresh( ttl , transaction , + password ) ) + +def commit( transaction , password = None ) : + raiseIfError( lib.rsbac_list_ta_commit( transaction , password ) ) + +def forget( transaction , password = None ) : + raiseIfError( lib.rsbac_list_ta_forget( transaction , password ) ) + +class Transaction( object ) : + def __init__( self , id , password = None ) : + self.id = id + self.password = password + def __repr__( self ) : + return '' % ( self.id , ) + def refresh( self , ttl = None ) : + return refresh( self.id , self.password , ttlToInt( ttl ) ) + def commit( self ) : + return commit( self.id , self.password ) + def forget( self ) : + return forget( self.id , self.password ) + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/rsbac/um.py b/rsbac/um.py new file mode 100644 index 0000000..12bbb8a --- /dev/null +++ b/rsbac/um.py @@ -0,0 +1,911 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +__all__ = [ + 'User' , 'users' , + 'Group' , 'groups' ] + +def export( o ) : + if not isinstance( o , basestring ) : + name = o.__name__ + else : + name , o = o , None + if name in __all__ : + raise ImportError , 'duplicate name %r in module %r' % ( name , __name__ ) + __all__.append( name ) + return o + +from ctypes import byref + +from rsbac import lib, headers, transaction +from rsbac._utils import stringToByteArray, aptr, slowButCorrectStringAssignation +from rsbac._utils import fetch, intToTtl, ttlToInt +from rsbac.errors import Error, raiseIfError + +g_umModData = headers.rsbac_um_mod_data_t() +g_umModDataRef = byref( g_umModData ) + +# Duplicated in transaction.py +g_NO_USER = -3 +g_ALL_USERS = -4 +g_NO_GROUP = -3 +g_ALL_GROUPS = -4 + +@export +def auth( user , password ) : + """Authenticate. + + user -- username as string + password -- password as string + + """ + if isinstance( user , ( int , long ) ) : + raiseIfError( lib.rsbac_um_auth_uid( user , password ) ) + else : + raiseIfError( lib.rsbac_um_auth_name( user , password ) ) + +def _makeDefaultUserEntry() : + userEntry = headers.rsbac_um_user_entry_t() + for field , value in [ + ( 'name' , '' ) , + ( 'pass' , '' ) , + ( 'fullname' , '' ) , + ( 'homedir' , '/home' ) , + ( 'shell' , '/bin/sh' ) , + ] : + slowButCorrectStringAssignation( userEntry , field , value ) + userEntry.group = 65534 + userEntry.lastchange = 100000 + userEntry.minchange = 0 + userEntry.maxchange = 365 + userEntry.warnchange = 10 + userEntry.inactive = 3 + userEntry.expire = 100000 + return userEntry + +def _makeDefaultGroupEntry() : + groupEntry = headers.rsbac_um_group_entry_t() + groupEntry.name = '' + setattr( groupEntry , 'pass' , '' ) # because 'pass' is a keyword + return groupEntry + +@export +def addUser( name , uid = None , password = None , ttl = None ) : + """Add a user to the UM module. + + name -- username as string + uid -- None or a prefered UID as integer + password -- None or a default password as string + ttl -- None or an integer + + Returns the UID of the newly created user. + + """ + if uid is None : + uid = g_NO_USER + ttl = ttlToInt( ttl ) + userEntry = _makeDefaultUserEntry() + slowButCorrectStringAssignation( userEntry , 'name' , name ) + raiseIfError( lib.rsbac_um_add_user( transaction._t , uid , + byref( userEntry ) , password , + ttl ) ) + # Let's hope that there are no race conditions at this point. + return getUid( name ) + +@export +def addGroup( name , gid = None , password = None , ttl = None ) : + """Add a group to the UM module. + + name -- group name as string + gid -- None or a prefered GID as integer + password -- None or a default password as string + ttl -- None or an integer + + """ + if gid is None : + gid = g_NO_GROUP + ttl = ttlToInt( ttl ) + groupEntry = _makeDefaultGroupEntry() + slowButCorrectStringAssignation( groupEntry , 'name' , name ) + raiseIfError( lib.rsbac_um_add_group( transaction._t , gid , + byref( groupEntry ) , password , + ttl ) ) + # Let's hope that there are no race conditions at this point. + return getGid( name ) + +@export +def addToGroups( uid , gid , ttl = None ) : + """Add an UM user to an UM group. + + uid -- UID as integer + gid -- GID as integer + ttl -- None or an integer + + """ + ttl = ttlToInt( ttl ) + raiseIfError( lib.rsbac_um_add_gm( transaction._t , uid , gid , ttl ) ) + +@export +def removeUser( uid ) : + """Remove an UM user. + + uid -- UID as integer + + """ + raiseIfError( lib.rsbac_um_remove_user( transaction._t , uid ) ) + +@export +def removeGroup( gid ) : + """Remove an UM group. + + gid -- GID as integer + + """ + raiseIfError( lib.rsbac_um_remove_group( transaction._t , gid ) ) + +@export +def removeFromGroups( uid , gid ) : + """Remove an UM user from an UM group. + + uid -- UID as integer + gid -- GID as integer + + """ + raiseIfError( lib.rsbac_um_remove_gm( transaction._t , uid , gid ) ) + +@export +def userExists( uid ) : + """Test if an UM user exists. + + uid -- UID as integer + + Returns a boolean. + + """ + return bool( raiseIfError( lib.rsbac_um_user_exists( transaction._t , uid ) ) ) + +@export +def groupExists( gid ) : + """Test if an UM group exists. + + gid -- GID as integer + + Returns a boolean. + + """ + return bool( raiseIfError( lib.rsbac_um_group_exists( transaction._t , gid ) ) ) + +@export +def getNextUser( uid = None ) : + """Get the user following the one given in argument. + + uid -- None (to get the first user) or an UID as integer + + Returns an UID as integer. + + """ + if uid is None : + uid = g_NO_USER + value = headers.rsbac_uid_t() + raiseIfError( lib.rsbac_um_get_next_user( transaction._t , uid , byref( value ) ) ) + return int( value.value ) + +@export +def getUserList() : + """Get the list of all UM users. + + Returns a list of UID. + + """ + arr = fetch( headers.rsbac_uid_t , + lambda n , a : lib.rsbac_um_get_user_list( transaction._t , a , n ) ) + return sorted( map( int , arr ) ) + +@export +def getGroupsList( uid ) : + """Get the extra groups to which an UM user belong. + + uid -- an UID as integer + + Returns a list of GID. + + """ + arr = fetch( headers.rsbac_gid_t , + lambda n , a : lib.rsbac_um_get_gm_list( transaction._t , uid , a , n ) ) + return sorted( map( int , arr ) ) + +@export +def getGroupsUserList( gid ) : + """Get the users which are in an extra group. + + gid -- GID as integer + + Returns a list of UID. + + """ + arr = fetch( headers.rsbac_uid_t , + lambda n , a : lib.rsbac_um_get_gm_user_list( transaction._t , gid , a , n ) ) + return sorted( map( int , arr ) ) + +@export +def getGroupList() : + """Get the list of all UM groups. + + Returns a list of GID. + + """ + arr = fetch( headers.rsbac_gid_t , + lambda n , a : lib.rsbac_um_get_group_list( transaction._t , a , n ) ) + return sorted( map( int , arr ) ) + +@export +def getUid( name ) : + """Get the UID from the username. + + name -- username as string + + Returns the UID as integer. + + """ + value = headers.rsbac_uid_t() + raiseIfError( lib.rsbac_um_get_uid( transaction._t , name , byref( value ) ) ) + return int( value.value ) + +@export +def getGid( name ) : + """Get the GID from the group name. + + name -- group name as string + + """ + value = headers.rsbac_gid_t() + raiseIfError( lib.rsbac_um_get_gid( transaction._t , name , byref( value ) ) ) + return int( value.value ) + +@export +def getUserName( uid ) : + """Get the name of an UM user. + + uid -- UID as integer + + Returns the username as string. + + """ + raiseIfError( lib.rsbac_um_get_user_item( transaction._t , uid , + headers.UM_name , + g_umModDataRef ) ) + return g_umModData.string + +@export +def setUserName( uid , name ) : + """Set the name of an UM user. + + uid -- UID as integer + name -- username as string + + """ + g_umModData.string = name + raiseIfError( lib.rsbac_um_mod_user( transaction._t , uid , + headers.UM_name , + g_umModDataRef ) ) + +@export +def getUserHashedPassword( uid ) : + """Get the user hashed password. + + uid -- UID as integer + + Returns the hashed password. + + """ + raiseIfError( lib.rsbac_um_get_user_item( transaction._t , uid , + headers.UM_pass , + g_umModDataRef ) ) + return g_umModData.string + +@export +def setUserHashedPassword( uid , password ) : + """Set the user hashed password. + + uid -- UID as integer + password -- hashed password as string + + """ + slowButCorrectStringAssignation( g_umModData , 'string' , password ) + raiseIfError( lib.rsbac_um_mod_user( transaction._t , uid , + headers.UM_cryptpass , + g_umModDataRef ) ) + +@export +def setUserPassword( uid , password ) : + """Set the user password. + + uid -- UID as integer + password -- password as string + + """ + slowButCorrectStringAssignation( g_umModData , 'string' , password ) + raiseIfError( lib.rsbac_um_mod_user( transaction._t , uid , + headers.UM_pass , + g_umModDataRef ) ) + +@export +def getUserFullname( uid ) : + """Get the full name of an UM user. + + uid -- UID as integer + + Returns the full name as string. + + """ + data = headers.rsbac_um_mod_data_t() + raiseIfError( lib.rsbac_um_get_user_item( transaction._t , uid , + headers.UM_fullname , + g_umModDataRef ) ) + return g_umModData.string + +@export +def setUserFullname( uid , name ) : + """Set the full name of an UM user. + + uid -- UID as integer + name -- full name as string + + """ + slowButCorrectStringAssignation( g_umModData , 'string' , name ) + raiseIfError( lib.rsbac_um_mod_user( transaction._t , uid , + headers.UM_fullname , + g_umModDataRef ) ) + +@export +def getUserHomeDirectory( uid ) : + """Get the home directory of an UM user. + + uid -- UID as integer + + Returns the home directory as string. + + """ + raiseIfError( lib.rsbac_um_get_user_item( transaction._t , uid , + headers.UM_homedir , + g_umModDataRef ) ) + return g_umModData.string + +@export +def setUserHomeDirectory( uid , directory ) : + """Set the home directory of an UM user. + + uid -- UID as integer + directory -- directory as string + + """ + data = headers.rsbac_um_mod_data_t() + slowButCorrectStringAssignation( g_umModData , 'string' , directory ) + raiseIfError( lib.rsbac_um_mod_user( transaction._t , uid , + headers.UM_homedir , + g_umModDataRef ) ) + +@export +def getUserShell( uid ) : + """Get the shell of an UM user. + + uid -- UID as integer + + Returns the shell path as string. + + """ + raiseIfError( lib.rsbac_um_get_user_item( transaction._t , uid , + headers.UM_shell , + g_umModDataRef ) ) + return g_umModData.string + +@export +def setUserShell( uid , shell ) : + """Set the shell of an UM user. + + uid -- UID as integer + shell -- shell path as string + + """ + slowButCorrectStringAssignation( g_umModData , 'string' , shell ) + raiseIfError( lib.rsbac_um_mod_user( transaction._t , uid , + headers.UM_shell , + g_umModDataRef ) ) + +@export +def getUserGroup( uid ) : + """Get the group of an UM user. + + uid -- UID as integer + + Returns the GID as integer. + + """ + raiseIfError( lib.rsbac_um_get_user_item( transaction._t , uid , + headers.UM_group , + g_umModDataRef ) ) + return int( g_umModData.group ) + +@export +def setUserGroup( uid , group ) : + """Set the group of an UM user. + + uid -- UID as integer + group -- GID as integer + + """ + g_umModData.group = int( group ) + raiseIfError( lib.rsbac_um_mod_user( transaction._t , uid , + headers.UM_group , + g_umModDataRef ) ) + +@export +def getUserTtl( uid ) : + """Get the TTL of an UM user. + + uid -- UID as integer + + Returns either None (no TTL) or a non-negative integer. + + """ + raiseIfError( lib.rsbac_um_get_user_item( transaction._t , uid , + headers.UM_ttl , + g_umModDataRef ) ) + return intToTtl( g_umModData.ttl ) + +@export +def setUserTtl( uid , ttl ) : + """Set the TTL of an UM user. + + uid -- UID as integer + ttl -- None or an integer. + + """ + g_umModData.ttl = ttl + raiseIfError( lib.rsbac_um_mod_user( transaction._t , uid , + headers.UM_ttl , + g_umModDataRef ) ) + +@export +def updateUserPassword( uid , old , new ) : + """Update the password of an UM user. + + uid -- UID as integer + old -- previous password as string + new -- new password as string + + """ + raiseIfError( lib.rsbac_um_set_pass( uid , old , new ) ) + +@export +def updateUserPasswordByName( name , old , new ) : + """Update the password of an UM user. + + name -- username as string + old -- previous password as string + new -- new password as string + + """ + raiseIfError( lib.rsbac_um_set_pass( name , old , new ) ) + +@export +def checkAccount( uid ) : + """Check an UM user account. + + Check if an account password is still valid and have not + expired. If not, an exception is thrown. + + uid -- UID as integer + + """ + raiseIfError( lib.rsbac_um_check_account( uid ) ) + +@export +def checkAccountByName( name ) : + """Check an UM user account. + + Check if an account password is still valid and have not + expired. If not, an exception is thrown. + + name -- username as string + + """ + raiseIfError( lib.rsbac_um_check_account_name( name ) ) + +@export +def getGroupName( gid ) : + """Get the name of an UM group. + + gid -- GID as integer + + Returns the group name as string. + + """ + raiseIfError( lib.rsbac_um_get_group_item( transaction._t , gid , + headers.UM_name , + g_umModDataRef ) ) + return g_umModData.string + +@export +def setGroupName( gid , name ) : + """Set the name of an UM group. + + gid -- GID as integer + name -- group name as string + + """ + slowButCorrectStringAssignation( g_umModData , 'string' , name ) + raiseIfError( lib.rsbac_um_mod_group( transaction._t , gid , + headers.UM_name , + g_umModDataRef ) ) + +@export +def getGroupHashedPassword( gid ) : + """Get the hashed password of an UM group. + + gid -- GID as integer + + Returns the hashed password as string. + + """ + raiseIfError( lib.rsbac_um_get_group_item( transaction._t , self.id , + headers.UM_pass , + g_umModDataRef ) ) + return g_umModData.string + +@export +def setGroupHashedPassword( gid , password ) : + """Set the hashed password of an UM group. + + gid -- GID as integer + password -- hashed password as string + + """ + slowButCorrectStringAssignation( g_umModData , 'string' , password ) + raiseIfError( lib.rsbac_um_mod_group( transaction._t , gid , + headers.UM_cryptpass , + g_umModDataRef ) ) + +@export +def setGroupPassword( gid , password ) : + """Set the password of an UM group. + + gid -- GID as integer + passowrd -- password as string + + """ + raiseIfError( lib.rsbac_um_set_group_pass( gid , password ) ) + +@export +def setGroupPasswordItem( gid , password ) : + """Set the password of an UM group. + + gid -- GID as integer + password -- password as string + + """ + slowButCorrectStringAssignation( g_umModData , 'string' , password ) + raiseIfError( lib.rsbac_um_mod_group( transaction._t , gid , + headers.UM_pass , + g_umModDataRef ) ) + +@export +def getGroupTtl( gid ) : + """Get the TTL of an UM group + + gid -- GID as integer + + Returns None or a positive integer. + + """ + raiseIfError( lib.rsbac_um_get_group_item( transaction._t , gid , + headers.UM_ttl , + g_umModDataRef ) ) + return intToTtl( g_umModData.ttl ) + +@export +def setGroupTtl( gid , ttl ) : + """Set the TTL of an UM group + + gid -- GID as integer + ttl -- None or an integer. + + """ + g_umModData.ttl = ttl + raiseIfError( lib.rsbac_um_mod_group( transaction._t , gid , + headers.UM_ttl , + g_umModDataRef ) ) + + +class UserGroups( object ) : + def __init__( self , uid ) : + self._uid = uid + def __iter__( self ) : + return iter( getGroupsList( self._uid ) ) + def __repr__( self ) : + return '' % ( self._uid , list( self ) or 'none' ) + def add( self , gid , ttl = None ) : + addToGroups( self._uid , gid , ttl ) + def discard( self , gid ) : + removeFromGroups( self._uid , gid ) + def clear( self ) : + map( self.discard , self ) + +class UserBase( object ) : + def __init__( self , uid ) : + self.id = uid + self.groups = UserGroups( self.id ) + def __int__( self ) : + return int( self.id ) + def __long__( self ) : + return long( self.id ) + def __repr__( self ) : + try : + name = `self.getName()` + except Error , e : + if e[ 0 ] != headers.RSBAC_ENOTFOUND : + raise + name = 'undefined' + try : + ttl = self.getTtl() + if ttl is not None : + ttl = ' (%ds)' % ttl + else : + ttl = '' + except Error , e : + if e[ 0 ] != headers.RSBAC_ENOTFOUND : + raise + ttl = ' (?)' + return '' % ( self.id , ttl , name ) + # + # name + # + def getName( self ) : + return getUserName( self.id ) + def setName( self , name ) : + try : + return setUserName( self.id , name ) + except Error , e : + if e[ 0 ] != 1009 : + raise + addUser( name , self.id ) + name = property( getName , setName ) + # + # password (hashed) + # + # UT: get(UM_pass) == set(UM_pass)? + def getHashedPassword( self ) : + return getUserHashedPassword( self.id ) + def setHashedPassword( self , password ) : + return setUserHashedPassword( self.id , password ) + hashedPassword = property( getHashedPassword , setHashedPassword ) + # + # password + # + def setPassword( self , password ) : + return setUserPassword( self.id , password ) + password = property( fset = setPassword ) + # + # fullname + # + def getFullname( self ) : + return getUserFullname( self.id ) + def setFullname( self , name ) : + return setUserFullname( self.id , name ) + fullname = property( getFullname , setFullname ) + # + # homedir + # + def getHomeDirectory( self ) : + return getUserHomeDirectory( self.id ) + def setHomeDirectory( self , directory ) : + return setUserHomeDirectory( self.id , directory ) + homeDirectory = property( getHomeDirectory , setHomeDirectory ) + # + # shell + # + def getShell( self ) : + return getUserShell( self.id ) + def setShell( self , shell ) : + return setUserShell( self.id , shell ) + shell = property( getShell , setShell ) + # + # group + # + def getGroup( self ) : + return Group( getUserGroup( self.id ) ) + def setGroup( self , gid ) : + return setUserGroup( self.id , int( gid ) ) + group = property( getGroup , setGroup ) + # + # TTL + # + def getTtl( self ) : + return getUserTtl( self.id ) + def setTtl( self , ttl ) : + return setUserTtl( self.id , ttl ) + ttl = property( getTtl , setTtl ) + # + # groups + # + groups = None + # + # exists + # + def getExists( self ) : + return userExists( self.id ) + exists = property( getExists ) + # + # misc + # + def updatePassword( self , old , new ) : + updateUserPassword( self.id , old , new ) + def delete( self ) : + removeUser( self.id ) + +def buildUserClass() : + attrs = {} + def addDaysField( name ) : + cname = name[ 0 ].upper() + name[ 1 : ] + item = getattr( headers , 'UM_' + name.lower() ) + def get( self ) : + raiseIfError( lib.rsbac_um_get_user_item( transaction._t , self.id , + item , + g_umModDataRef ) ) + return g_umModData.days + def set( self , value ) : + g_umModData.days = value + raiseIfError( lib.rsbac_um_mod_user( transaction._t , self.id , + item , + g_umModDataRef ) ) + attrs[ 'get' + cname ] = get + attrs[ 'set' + cname ] = set + attrs[ name ] = property( get , set ) + for name in 'lastChange' , 'minChange' , 'maxChange' , 'warnChange' , 'inactive' , 'expire' : + addDaysField( name ) + return type( 'User' , ( UserBase , ) , attrs ) + +User = buildUserClass() + +class Group( object ) : + def __init__( self , gid ) : + self.id = gid + def __int__( self ) : + return int( self.id ) + def __long__( self ) : + return long( self.id ) + def __repr__( self ) : + try : + name = `self.getName()` + except Error , e : + if e[ 0 ] != headers.RSBAC_ENOTFOUND : + raise + name = 'undefined' + try : + ttl = self.getTtl() + if ttl is not None : + ttl = ' (%d)' % ttl + else : + ttl = '' + except Error , e : + if e[ 0 ] != headers.RSBAC_ENOTFOUND : + raise + ttl = ' (?)' + return '' % ( self.id , ttl , name ) + # + # name + # + def getName( self ) : + return getGroupName( self.id ) + def setName( self , name ) : + return setGroupName( self.id , name ) + name = property( getName , setName ) + # + # password (hashed) + # + def getHashedPassword( self ) : + return getGroupHashedPassword( self.id ) + def setHashedPassword( self , password ) : + return setGroupHashedPassword( self.id , password ) + hashedPassword = property( getHashedPassword , setHashedPassword ) + # + # password + # + def setPassword( self , password ) : + return setGroupPassword( self.id , password ) + password = property( fset = setPassword ) + # + # TTL + # + def getTtl( self ) : + return getGroupTtl( self.id ) + def setTtl( self , ttl ) : + return setGroupTtl( self.id , ttl ) + ttl = property( getTtl , setTtl ) + # + # Extra members + # + def getExtraMembers( self ) : + return tuple( map( User , getGroupsUserList( self.id ) ) ) + extraMembers = property( getExtraMembers ) + # + # Members + # + def getMembers( self ) : + return tuple( [ User( uid ) for uid in getUserList() + if getUserGroup( uid ) == self.id ] ) + members = property( getMembers ) + # + # exists + # + def getExists( self ) : + return groupExists( self.id ) + exists = property( getExists ) + # + # misc + # + def updatePassword( self , password ) : + setGroupPassword( self.id , password ) + def delete( self ) : + removeGroup( self.id ) + +class UmUserDict( object ) : + def __iter__( self ) : + return iter( getUserList() ) + def __delitem__( self , uid ) : + removeUser( uid ) + def __getitem__( self , uid ) : + return User( uid ) + def __repr__( self ) : + return '{' + ', '.join( [ ': '.join( map( repr , item ) ) for item in self.items() ] ) + '}' + def keys( self ) : + return getUserList() + def values( self ) : + return map( User , self.keys() ) + def items( self ) : + return [ ( uid , User( uid ) ) for uid in self.keys() ] + def clear( self ) : + map( self.__delitem__ , self ) + +users = UmUserDict() + +class UmGroupDict( object ) : + def __iter__( self ) : + return iter( getGroupList() ) + def __delitem__( self , gid ) : + removeGroup( gid ) + def __getitem__( self , gid ) : + return Group( gid ) + def __repr__( self ) : + return '{' + ', '.join( [ ': '.join( map( repr , item ) ) for item in self.items() ] ) + '}' + def keys( self ) : + return getGroupList() + def values( self ) : + return map( Group , self.keys() ) + def items( self ) : + return [ ( gid , Group( gid ) ) for gid in self.keys() ] + def clear( self ) : + map( self.__delitem__ , self ) + +groups = UmGroupDict() + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/setup b/setup new file mode 120000 index 0000000..27f63ea --- /dev/null +++ b/setup @@ -0,0 +1 @@ +setup.py \ No newline at end of file diff --git a/setup.py b/setup.py new file mode 100755 index 0000000..6f2fb8d --- /dev/null +++ b/setup.py @@ -0,0 +1,16 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import sys +if sys.version_info < ( 2 , 4 ) : + print 'WARNING: py-rsbac needs at least Python 2.4' + +from distutils.core import setup + +setup( name = 'py-rsbac' , + version = '0.1' , + description = 'RSBAC Python bindings' , + packages = [ 'rsbac' ] , + license = 'GPL' , + author = 'Frédéric Jolliton' , + author_email = 'frederic@jolliton.com' ) diff --git a/tests/_rsbac_test_common.py b/tests/_rsbac_test_common.py new file mode 100644 index 0000000..c0d66ce --- /dev/null +++ b/tests/_rsbac_test_common.py @@ -0,0 +1,7 @@ +import sys +import os + +for p in ( '.' , '..' ) : + if os.path.exists( p + '/rsbac/__init__.py' ) : + sys.path.insert( 0 , p ) + break diff --git a/tests/flags.py b/tests/flags.py new file mode 100644 index 0000000..5cd8113 --- /dev/null +++ b/tests/flags.py @@ -0,0 +1,50 @@ +# -*- coding:utf-8 -*- + +# +# Copyright (C) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +import _rsbac_test_common +import rsbac + +def main() : + bits = [ + ( 0 , 'x' ) , + ( 1 , 'y' ) , + ( 2 , 'z' ) + ] + Attribute = rsbac._flags.buildFlagsClass( 'Attribute' , ( object , ) , bits ) + a = Attribute( 5 ) + a |= Attribute( 2 ) + a &= ~Attribute( 'y' , 'z' ) + print ~Attribute() + print a + print a.x + print a.y + print a.z + print a , ~a + a = ~a + print a + print ~a + print int( a ) + +if __name__ == '__main__' : + main() + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/tests/info.py b/tests/info.py new file mode 100644 index 0000000..d6cda64 --- /dev/null +++ b/tests/info.py @@ -0,0 +1,52 @@ +# -*- coding:utf-8 -*- + +# py-rsbac - Tests for RSBAC Python bindings +# Copyright (C) 2006 Frederic Jolliton +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +import os +import sys +import time + +import _rsbac_test_common + +_load_time = time.time() +import rsbac +_load_time = time.time() - _load_time + +def versionToString( v ) : + if len( v ) == 3 : + a , b , c = v + extra = '' + elif len( v ) == 4 : + a , b , c , extra = v + else : + raise RuntimeError , 'Unexpected version %r' % ( v , ) + return '%d.%d.%d%s' % ( a , b , c , extra ) + +def main() : + print 'RSBAC Python bindings (Loaded in %.2fs)' % _load_time + print ' Binding version:' , versionToString( rsbac.moduleVersion ) + print ' Kernel version:' , versionToString( rsbac.kernelVersion ) + print ' Header version:' , versionToString( rsbac.headerVersion ) + +if __name__ == '__main__' : + main() + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: diff --git a/tests/various.py b/tests/various.py new file mode 100644 index 0000000..b960745 --- /dev/null +++ b/tests/various.py @@ -0,0 +1,50 @@ +# -*- coding:utf-8 -*- + +# +# Copyright (C) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +import _rsbac_test_common +import rsbac + +def main() : + objs = [ + rsbac.objects.FD( '/' ) , + rsbac.objects.NetworkDevice( 'eth0' ) , + rsbac.objects.NetworkTemplate( 100101 ) , + rsbac.objects.BlockDevice( 1 , 1 ) , + rsbac.objects.CharacterDevice( 1 , 1 ) , + rsbac.objects.Process( 1 ) , + rsbac.objects.User( 0 ) , + rsbac.objects.Group( 0 ) , + rsbac.objects.system.Firewall , + rsbac.objects.IpcSem( 1 ) + ] + for obj in objs : + print str( obj ) + print '-' * 40 + if not isinstance( obj , rsbac.objects.Scd ) : + print obj.getAllAttributes() + print obj.acl_mask + print + +if __name__ == '__main__' : + main() + +# Local Variables: +# indent-tabs-mode: nil +# python-indent: 4 +# End: -- 2.11.0