| mac_framework.h (172953) | mac_framework.h (172957) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
| 38 * $FreeBSD: head/sys/security/mac/mac_framework.h 172953 2007-10-25 07:49:47Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac/mac_framework.h 172957 2007-10-25 12:34:14Z rwatson $ |
| 39 */ 40 41/* 42 * Kernel interface for Mandatory Access Control -- how kernel services 43 * interact with the TrustedBSD MAC Framework. 44 */ 45 46#ifndef _SYS_SECURITY_MAC_MAC_FRAMEWORK_H_ --- 172 unchanged lines hidden (view full) --- 219void mac_vnode_execve_transition(struct ucred *oldcred, 220 struct ucred *newcred, struct vnode *vp, 221 struct label *interpvplabel, struct image_params *imgp); 222int mac_vnode_execve_will_transition(struct ucred *cred, 223 struct vnode *vp, struct label *interpvplabel, 224 struct image_params *imgp); 225void mac_proc_create_swapper(struct ucred *cred); 226void mac_proc_create_init(struct ucred *cred); | 39 */ 40 41/* 42 * Kernel interface for Mandatory Access Control -- how kernel services 43 * interact with the TrustedBSD MAC Framework. 44 */ 45 46#ifndef _SYS_SECURITY_MAC_MAC_FRAMEWORK_H_ --- 172 unchanged lines hidden (view full) --- 219void mac_vnode_execve_transition(struct ucred *oldcred, 220 struct ucred *newcred, struct vnode *vp, 221 struct label *interpvplabel, struct image_params *imgp); 222int mac_vnode_execve_will_transition(struct ucred *cred, 223 struct vnode *vp, struct label *interpvplabel, 224 struct image_params *imgp); 225void mac_proc_create_swapper(struct ucred *cred); 226void mac_proc_create_init(struct ucred *cred); |
| 227void mac_proc_associate_nfsd(struct ucred *cred); |
|
| 227void mac_thread_userret(struct thread *td); 228 229/* 230 * Label cleanup operation: This is the inverse complement for the mac_create 231 * and associate type of hooks. This hook lets the policy module(s) perform a 232 * cleanup/flushing operation on the label associated with the objects, 233 * without freeing up the space allocated. This hook is useful in cases 234 * where it is desirable to remove any labeling reference when recycling any --- 174 unchanged lines hidden (view full) --- 409 struct ifnet *ifp); 410int mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr, 411 struct ifnet *ifp); 412int mac_setsockopt_label(struct ucred *cred, struct socket *so, 413 struct mac *extmac); 414int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, 415 struct label *label); 416void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); | 228void mac_thread_userret(struct thread *td); 229 230/* 231 * Label cleanup operation: This is the inverse complement for the mac_create 232 * and associate type of hooks. This hook lets the policy module(s) perform a 233 * cleanup/flushing operation on the label associated with the objects, 234 * without freeing up the space allocated. This hook is useful in cases 235 * where it is desirable to remove any labeling reference when recycling any --- 174 unchanged lines hidden (view full) --- 410 struct ifnet *ifp); 411int mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr, 412 struct ifnet *ifp); 413int mac_setsockopt_label(struct ucred *cred, struct socket *so, 414 struct mac *extmac); 415int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, 416 struct label *label); 417void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); |
| 417void mac_associate_nfsd_label(struct ucred *cred); | |
| 418int mac_priv_check(struct ucred *cred, int priv); 419int mac_priv_grant(struct ucred *cred, int priv); 420 421/* 422 * Calls to help various file systems implement labeling functionality using 423 * their existing EA implementation. 424 */ 425int vop_stdsetlabel_ea(struct vop_setlabel_args *ap); 426 427#endif /* !_SYS_SECURITY_MAC_MAC_FRAMEWORK_H_ */ | 418int mac_priv_check(struct ucred *cred, int priv); 419int mac_priv_grant(struct ucred *cred, int priv); 420 421/* 422 * Calls to help various file systems implement labeling functionality using 423 * their existing EA implementation. 424 */ 425int vop_stdsetlabel_ea(struct vop_setlabel_args *ap); 426 427#endif /* !_SYS_SECURITY_MAC_MAC_FRAMEWORK_H_ */ |