| mac_net.c (104268) | mac_net.c (104269) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
| 39 * $FreeBSD: head/sys/security/mac/mac_net.c 104268 2002-10-01 03:24:20Z rwatson $ | 39 * $FreeBSD: head/sys/security/mac/mac_net.c 104269 2002-10-01 04:30:19Z rwatson $ |
| 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 2519 unchanged lines hidden (view full) --- 2567} 2568 2569int 2570mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd, 2571 void *data) 2572{ 2573 int error; 2574 | 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 2519 unchanged lines hidden (view full) --- 2567} 2568 2569int 2570mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd, 2571 void *data) 2572{ 2573 int error; 2574 |
| 2575 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2576 2577 if (!mac_enforce_pipe) 2578 return (0); 2579 |
|
| 2575 MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data); 2576 2577 return (error); 2578} 2579 2580int 2581mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe) 2582{ 2583 int error; 2584 | 2580 MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data); 2581 2582 return (error); 2583} 2584 2585int 2586mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe) 2587{ 2588 int error; 2589 |
| 2590 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2591 2592 if (!mac_enforce_pipe) 2593 return (0); 2594 |
|
| 2585 MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label); 2586 2587 return (error); 2588} 2589 2590int 2591mac_check_pipe_read(struct ucred *cred, struct pipe *pipe) 2592{ 2593 int error; 2594 | 2595 MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label); 2596 2597 return (error); 2598} 2599 2600int 2601mac_check_pipe_read(struct ucred *cred, struct pipe *pipe) 2602{ 2603 int error; 2604 |
| 2605 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2606 2607 if (!mac_enforce_pipe) 2608 return (0); 2609 |
|
| 2595 MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label); 2596 2597 return (error); 2598} 2599 2600static int 2601mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 2602 struct label *newlabel) 2603{ 2604 int error; 2605 | 2610 MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label); 2611 2612 return (error); 2613} 2614 2615static int 2616mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 2617 struct label *newlabel) 2618{ 2619 int error; 2620 |
| 2621 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2622 2623 if (!mac_enforce_pipe) 2624 return (0); 2625 |
|
| 2606 MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel); 2607 2608 return (error); 2609} 2610 2611int 2612mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe) 2613{ 2614 int error; 2615 | 2626 MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel); 2627 2628 return (error); 2629} 2630 2631int 2632mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe) 2633{ 2634 int error; 2635 |
| 2636 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2637 2638 if (!mac_enforce_pipe) 2639 return (0); 2640 |
|
| 2616 MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label); 2617 2618 return (error); 2619} 2620 2621int 2622mac_check_pipe_write(struct ucred *cred, struct pipe *pipe) 2623{ 2624 int error; 2625 | 2641 MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label); 2642 2643 return (error); 2644} 2645 2646int 2647mac_check_pipe_write(struct ucred *cred, struct pipe *pipe) 2648{ 2649 int error; 2650 |
| 2651 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2652 2653 if (!mac_enforce_pipe) 2654 return (0); 2655 |
|
| 2626 MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label); 2627 2628 return (error); 2629} 2630 2631int 2632mac_check_proc_debug(struct ucred *cred, struct proc *proc) 2633{ --- 250 unchanged lines hidden (view full) --- 2884 return (0); 2885} 2886 2887int 2888mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label) 2889{ 2890 int error; 2891 | 2656 MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label); 2657 2658 return (error); 2659} 2660 2661int 2662mac_check_proc_debug(struct ucred *cred, struct proc *proc) 2663{ --- 250 unchanged lines hidden (view full) --- 2914 return (0); 2915} 2916 2917int 2918mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label) 2919{ 2920 int error; 2921 |
| 2922 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2923 |
|
| 2892 error = mac_check_pipe_relabel(cred, pipe, label); 2893 if (error) 2894 return (error); 2895 2896 mac_relabel_pipe(cred, pipe, label); 2897 2898 return (0); 2899} --- 287 unchanged lines hidden (view full) --- 3187 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); 3188 error = vn_setlabel(vp, &intlabel, td->td_ucred); 3189 VOP_UNLOCK(vp, 0, td); 3190 vn_finished_write(mp); 3191 mac_destroy_temp(&intlabel); 3192 break; 3193 case DTYPE_PIPE: 3194 pipe = (struct pipe *)fp->f_data; | 2924 error = mac_check_pipe_relabel(cred, pipe, label); 2925 if (error) 2926 return (error); 2927 2928 mac_relabel_pipe(cred, pipe, label); 2929 2930 return (0); 2931} --- 287 unchanged lines hidden (view full) --- 3219 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); 3220 error = vn_setlabel(vp, &intlabel, td->td_ucred); 3221 VOP_UNLOCK(vp, 0, td); 3222 vn_finished_write(mp); 3223 mac_destroy_temp(&intlabel); 3224 break; 3225 case DTYPE_PIPE: 3226 pipe = (struct pipe *)fp->f_data; |
| 3227 PIPE_LOCK(pipe); |
|
| 3195 error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel); | 3228 error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel); |
| 3229 PIPE_UNLOCK(pipe); |
|
| 3196 break; 3197 default: 3198 error = EINVAL; 3199 } 3200 3201out2: 3202 fdrop(fp, td); 3203out1: --- 128 unchanged lines hidden --- | 3230 break; 3231 default: 3232 error = EINVAL; 3233 } 3234 3235out2: 3236 fdrop(fp, td); 3237out1: --- 128 unchanged lines hidden --- |