mac_framework.h (102115) | mac_framework.h (102123) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * |
37 * $FreeBSD: head/sys/security/mac/mac_framework.h 102115 2002-08-19 16:59:37Z rwatson $ | 37 * $FreeBSD: head/sys/security/mac/mac_framework.h 102123 2002-08-19 17:59:48Z rwatson $ |
38 */ 39/* 40 * Userland/kernel interface for Mandatory Access Control. 41 * 42 * The POSIX.1e implementation page may be reached at: 43 * http://www.trustedbsd.org/ 44 */ 45#ifndef _SYS_MAC_H --- 9 unchanged lines hidden (view full) --- 55 * XXXMAC: The single MAC extended attribute will be deprecated once 56 * compound EA writes on a single target file can be performed cleanly 57 * with UFS2. 58 */ 59#define FREEBSD_MAC_EXTATTR_NAME "freebsd.mac" 60#define FREEBSD_MAC_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM 61 62/* | 38 */ 39/* 40 * Userland/kernel interface for Mandatory Access Control. 41 * 42 * The POSIX.1e implementation page may be reached at: 43 * http://www.trustedbsd.org/ 44 */ 45#ifndef _SYS_MAC_H --- 9 unchanged lines hidden (view full) --- 55 * XXXMAC: The single MAC extended attribute will be deprecated once 56 * compound EA writes on a single target file can be performed cleanly 57 * with UFS2. 58 */ 59#define FREEBSD_MAC_EXTATTR_NAME "freebsd.mac" 60#define FREEBSD_MAC_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM 61 62/* |
63 * MAC framework-related constants and limits. 64 */ 65#define MAC_MAX_POLICY_NAME 32 66 67/* |
|
63 * XXXMAC: Per-policy structures will be moved from mac.h to per-policy 64 * include files once the revised user interface is available. 65 */ 66 67/* 68 * Structures and constants associated with a Biba Integrity policy. 69 * mac_biba represents a Biba label, with mb_type determining its properties, 70 * and mb_grade represents the hierarchal grade if valid for the current --- 90 unchanged lines hidden (view full) --- 161ssize_t mac_size(mac_t _label); 162char * mac_to_text(const mac_t _label, size_t *_len_p); 163int mac_valid(const mac_t _label); 164 165/* 166 * Extensions to POSIX.1e visible in the application namespace. 167 */ 168int mac_is_present_np(const char *_policyname); | 68 * XXXMAC: Per-policy structures will be moved from mac.h to per-policy 69 * include files once the revised user interface is available. 70 */ 71 72/* 73 * Structures and constants associated with a Biba Integrity policy. 74 * mac_biba represents a Biba label, with mb_type determining its properties, 75 * and mb_grade represents the hierarchal grade if valid for the current --- 90 unchanged lines hidden (view full) --- 166ssize_t mac_size(mac_t _label); 167char * mac_to_text(const mac_t _label, size_t *_len_p); 168int mac_valid(const mac_t _label); 169 170/* 171 * Extensions to POSIX.1e visible in the application namespace. 172 */ 173int mac_is_present_np(const char *_policyname); |
169int mac_policy(const char *_policyname, int call, void *arg); | 174int mac_syscall(const char *_policyname, int call, void *arg); |
170 171/* 172 * System calls wrapped by some POSIX.1e functions. 173 */ 174int __mac_get_fd(int _fd, struct mac *_mac_p); 175int __mac_get_file(const char *_path_p, struct mac *_mac_p); 176int __mac_get_proc(struct mac *_mac_p); 177int __mac_set_fd(int fd, struct mac *_mac_p); --- 206 unchanged lines hidden --- | 175 176/* 177 * System calls wrapped by some POSIX.1e functions. 178 */ 179int __mac_get_fd(int _fd, struct mac *_mac_p); 180int __mac_get_file(const char *_path_p, struct mac *_mac_p); 181int __mac_get_proc(struct mac *_mac_p); 182int __mac_set_fd(int fd, struct mac *_mac_p); --- 206 unchanged lines hidden --- |