mac_framework.h (122810) | mac_framework.h (122875) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac/mac_framework.h 122810 2003-11-16 20:18:24Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac/mac_framework.h 122875 2003-11-18 00:39:07Z rwatson $ |
35 */ 36/* 37 * Userland/kernel interface for Mandatory Access Control. 38 * 39 * The POSIX.1e implementation page may be reached at: 40 * http://www.trustedbsd.org/ 41 */ 42#ifndef _SYS_MAC_H --- 62 unchanged lines hidden (view full) --- 105/* 106 * Kernel functions to manage and evaluate labels. 107 */ 108struct bpf_d; 109struct componentname; 110struct devfs_dirent; 111struct ifnet; 112struct ifreq; | 35 */ 36/* 37 * Userland/kernel interface for Mandatory Access Control. 38 * 39 * The POSIX.1e implementation page may be reached at: 40 * http://www.trustedbsd.org/ 41 */ 42#ifndef _SYS_MAC_H --- 62 unchanged lines hidden (view full) --- 105/* 106 * Kernel functions to manage and evaluate labels. 107 */ 108struct bpf_d; 109struct componentname; 110struct devfs_dirent; 111struct ifnet; 112struct ifreq; |
113struct inpcb; |
|
113struct image_params; | 114struct image_params; |
115struct inpcb; |
|
114struct ipq; 115struct m_tag; 116struct mbuf; 117struct mount; 118struct proc; 119struct sockaddr; 120struct socket; 121struct pipe; --- 10 unchanged lines hidden (view full) --- 132 133/* 134 * Label operations. 135 */ 136void mac_init_bpfdesc(struct bpf_d *); 137void mac_init_cred(struct ucred *); 138void mac_init_devfsdirent(struct devfs_dirent *); 139void mac_init_ifnet(struct ifnet *); | 116struct ipq; 117struct m_tag; 118struct mbuf; 119struct mount; 120struct proc; 121struct sockaddr; 122struct socket; 123struct pipe; --- 10 unchanged lines hidden (view full) --- 134 135/* 136 * Label operations. 137 */ 138void mac_init_bpfdesc(struct bpf_d *); 139void mac_init_cred(struct ucred *); 140void mac_init_devfsdirent(struct devfs_dirent *); 141void mac_init_ifnet(struct ifnet *); |
142int mac_init_inpcb(struct inpcb *, int flag); |
|
140int mac_init_ipq(struct ipq *, int flag); 141int mac_init_socket(struct socket *, int flag); 142void mac_init_pipe(struct pipe *); 143int mac_init_mbuf(struct mbuf *mbuf, int flag); 144int mac_init_mbuf_tag(struct m_tag *, int flag); 145void mac_init_mount(struct mount *); 146void mac_init_proc(struct proc *); 147void mac_init_vnode(struct vnode *); 148void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *); 149void mac_copy_vnode_label(struct label *, struct label *label); 150void mac_destroy_bpfdesc(struct bpf_d *); 151void mac_destroy_cred(struct ucred *); 152void mac_destroy_devfsdirent(struct devfs_dirent *); 153void mac_destroy_ifnet(struct ifnet *); | 143int mac_init_ipq(struct ipq *, int flag); 144int mac_init_socket(struct socket *, int flag); 145void mac_init_pipe(struct pipe *); 146int mac_init_mbuf(struct mbuf *mbuf, int flag); 147int mac_init_mbuf_tag(struct m_tag *, int flag); 148void mac_init_mount(struct mount *); 149void mac_init_proc(struct proc *); 150void mac_init_vnode(struct vnode *); 151void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *); 152void mac_copy_vnode_label(struct label *, struct label *label); 153void mac_destroy_bpfdesc(struct bpf_d *); 154void mac_destroy_cred(struct ucred *); 155void mac_destroy_devfsdirent(struct devfs_dirent *); 156void mac_destroy_ifnet(struct ifnet *); |
157void mac_destroy_inpcb(struct inpcb *); |
|
154void mac_destroy_ipq(struct ipq *); 155void mac_destroy_socket(struct socket *); 156void mac_destroy_pipe(struct pipe *); 157void mac_destroy_proc(struct proc *); 158void mac_destroy_mbuf_tag(struct m_tag *); 159void mac_destroy_mount(struct mount *); 160void mac_destroy_vnode(struct vnode *); 161 --- 38 unchanged lines hidden (view full) --- 200 struct socket *newsocket); 201void mac_create_pipe(struct ucred *cred, struct pipe *pipe); 202 203/* 204 * Labeling event operations: network objects. 205 */ 206void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d); 207void mac_create_ifnet(struct ifnet *ifp); | 158void mac_destroy_ipq(struct ipq *); 159void mac_destroy_socket(struct socket *); 160void mac_destroy_pipe(struct pipe *); 161void mac_destroy_proc(struct proc *); 162void mac_destroy_mbuf_tag(struct m_tag *); 163void mac_destroy_mount(struct mount *); 164void mac_destroy_vnode(struct vnode *); 165 --- 38 unchanged lines hidden (view full) --- 204 struct socket *newsocket); 205void mac_create_pipe(struct ucred *cred, struct pipe *pipe); 206 207/* 208 * Labeling event operations: network objects. 209 */ 210void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d); 211void mac_create_ifnet(struct ifnet *ifp); |
212void mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp); |
|
208void mac_create_ipq(struct mbuf *fragment, struct ipq *ipq); 209void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram); 210void mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment); 211void mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf); 212void mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m); 213void mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m); 214void mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m); 215void mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 216 struct ifnet *ifnet, struct mbuf *newmbuf); 217void mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf); 218int mac_fragment_match(struct mbuf *fragment, struct ipq *ipq); 219void mac_reflect_mbuf_icmp(struct mbuf *m); 220void mac_reflect_mbuf_tcp(struct mbuf *m); 221void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); | 213void mac_create_ipq(struct mbuf *fragment, struct ipq *ipq); 214void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram); 215void mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment); 216void mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf); 217void mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m); 218void mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m); 219void mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m); 220void mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 221 struct ifnet *ifnet, struct mbuf *newmbuf); 222void mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf); 223int mac_fragment_match(struct mbuf *fragment, struct ipq *ipq); 224void mac_reflect_mbuf_icmp(struct mbuf *m); 225void mac_reflect_mbuf_tcp(struct mbuf *m); 226void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); |
227void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); |
|
222 223/* 224 * Labeling event operations: processes. 225 */ 226void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child); 227int mac_execve_enter(struct image_params *imgp, struct mac *mac_p); 228void mac_execve_exit(struct image_params *imgp); 229void mac_execve_transition(struct ucred *old, struct ucred *new, --- 4 unchanged lines hidden (view full) --- 234void mac_create_proc0(struct ucred *cred); 235void mac_create_proc1(struct ucred *cred); 236void mac_thread_userret(struct thread *td); 237 238/* Access control checks. */ 239int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); 240int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); 241int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); | 228 229/* 230 * Labeling event operations: processes. 231 */ 232void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child); 233int mac_execve_enter(struct image_params *imgp, struct mac *mac_p); 234void mac_execve_exit(struct image_params *imgp); 235void mac_execve_transition(struct ucred *old, struct ucred *new, --- 4 unchanged lines hidden (view full) --- 240void mac_create_proc0(struct ucred *cred); 241void mac_create_proc1(struct ucred *cred); 242void mac_thread_userret(struct thread *td); 243 244/* Access control checks. */ 245int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); 246int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); 247int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); |
248int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m); |
|
242int mac_check_kenv_dump(struct ucred *cred); 243int mac_check_kenv_get(struct ucred *cred, char *name); 244int mac_check_kenv_set(struct ucred *cred, char *name, char *value); 245int mac_check_kenv_unset(struct ucred *cred, char *name); 246int mac_check_kld_load(struct ucred *cred, struct vnode *vp); 247int mac_check_kld_stat(struct ucred *cred); 248int mac_check_kld_unload(struct ucred *cred); 249int mac_check_mount_stat(struct ucred *cred, struct mount *mp); --- 109 unchanged lines hidden --- | 249int mac_check_kenv_dump(struct ucred *cred); 250int mac_check_kenv_get(struct ucred *cred, char *name); 251int mac_check_kenv_set(struct ucred *cred, char *name, char *value); 252int mac_check_kenv_unset(struct ucred *cred, char *name); 253int mac_check_kld_load(struct ucred *cred, struct vnode *vp); 254int mac_check_kld_stat(struct ucred *cred); 255int mac_check_kld_unload(struct ucred *cred); 256int mac_check_mount_stat(struct ucred *cred, struct mount *mp); --- 109 unchanged lines hidden --- |