| mac_policy.h (122820) | mac_policy.h (122875) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac/mac_policy.h 122820 2003-11-16 23:31:45Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac/mac_policy.h 122875 2003-11-18 00:39:07Z rwatson $ |
| 35 */ 36/* 37 * Kernel interface for MAC policy modules. 38 */ 39#ifndef _SYS_MAC_POLICY_H 40#define _SYS_MAC_POLICY_H 41 42/*- --- 6 unchanged lines hidden (view full) --- 49 * during evaluation of that event or check. 50 * 51 * Operations are sorted first by general class of operation, then 52 * alphabetically. 53 */ 54struct acl; 55struct componentname; 56struct devfs_dirent; | 35 */ 36/* 37 * Kernel interface for MAC policy modules. 38 */ 39#ifndef _SYS_MAC_POLICY_H 40#define _SYS_MAC_POLICY_H 41 42/*- --- 6 unchanged lines hidden (view full) --- 49 * during evaluation of that event or check. 50 * 51 * Operations are sorted first by general class of operation, then 52 * alphabetically. 53 */ 54struct acl; 55struct componentname; 56struct devfs_dirent; |
| 57struct inpcb; |
|
| 57struct ipq; 58struct label; 59struct mac_policy_conf; 60struct mbuf; 61struct mount; 62struct pipe; 63struct sbuf; 64struct socket; --- 16 unchanged lines hidden (view full) --- 81 82 /* 83 * Label operations. 84 */ 85 void (*mpo_init_bpfdesc_label)(struct label *label); 86 void (*mpo_init_cred_label)(struct label *label); 87 void (*mpo_init_devfsdirent_label)(struct label *label); 88 void (*mpo_init_ifnet_label)(struct label *label); | 58struct ipq; 59struct label; 60struct mac_policy_conf; 61struct mbuf; 62struct mount; 63struct pipe; 64struct sbuf; 65struct socket; --- 16 unchanged lines hidden (view full) --- 82 83 /* 84 * Label operations. 85 */ 86 void (*mpo_init_bpfdesc_label)(struct label *label); 87 void (*mpo_init_cred_label)(struct label *label); 88 void (*mpo_init_devfsdirent_label)(struct label *label); 89 void (*mpo_init_ifnet_label)(struct label *label); |
| 90 int (*mpo_init_inpcb_label)(struct label *label, int flag); |
|
| 89 int (*mpo_init_ipq_label)(struct label *label, int flag); 90 int (*mpo_init_mbuf_label)(struct label *label, int flag); 91 void (*mpo_init_mount_label)(struct label *label); 92 void (*mpo_init_mount_fs_label)(struct label *label); 93 int (*mpo_init_socket_label)(struct label *label, int flag); 94 int (*mpo_init_socket_peer_label)(struct label *label, int flag); 95 void (*mpo_init_pipe_label)(struct label *label); 96 void (*mpo_init_proc_label)(struct label *label); 97 void (*mpo_init_vnode_label)(struct label *label); 98 void (*mpo_destroy_bpfdesc_label)(struct label *label); 99 void (*mpo_destroy_cred_label)(struct label *label); 100 void (*mpo_destroy_devfsdirent_label)(struct label *label); 101 void (*mpo_destroy_ifnet_label)(struct label *label); | 91 int (*mpo_init_ipq_label)(struct label *label, int flag); 92 int (*mpo_init_mbuf_label)(struct label *label, int flag); 93 void (*mpo_init_mount_label)(struct label *label); 94 void (*mpo_init_mount_fs_label)(struct label *label); 95 int (*mpo_init_socket_label)(struct label *label, int flag); 96 int (*mpo_init_socket_peer_label)(struct label *label, int flag); 97 void (*mpo_init_pipe_label)(struct label *label); 98 void (*mpo_init_proc_label)(struct label *label); 99 void (*mpo_init_vnode_label)(struct label *label); 100 void (*mpo_destroy_bpfdesc_label)(struct label *label); 101 void (*mpo_destroy_cred_label)(struct label *label); 102 void (*mpo_destroy_devfsdirent_label)(struct label *label); 103 void (*mpo_destroy_ifnet_label)(struct label *label); |
| 104 void (*mpo_destroy_inpcb_label)(struct label *label); |
|
| 102 void (*mpo_destroy_ipq_label)(struct label *label); 103 void (*mpo_destroy_mbuf_label)(struct label *label); 104 void (*mpo_destroy_mount_label)(struct label *label); 105 void (*mpo_destroy_mount_fs_label)(struct label *label); 106 void (*mpo_destroy_socket_label)(struct label *label); 107 void (*mpo_destroy_socket_peer_label)(struct label *label); 108 void (*mpo_destroy_pipe_label)(struct label *label); 109 void (*mpo_destroy_proc_label)(struct label *label); --- 97 unchanged lines hidden (view full) --- 207 208 /* 209 * Labeling event operations: network objects. 210 */ 211 void (*mpo_create_bpfdesc)(struct ucred *cred, struct bpf_d *bpf_d, 212 struct label *bpflabel); 213 void (*mpo_create_ifnet)(struct ifnet *ifnet, 214 struct label *ifnetlabel); | 105 void (*mpo_destroy_ipq_label)(struct label *label); 106 void (*mpo_destroy_mbuf_label)(struct label *label); 107 void (*mpo_destroy_mount_label)(struct label *label); 108 void (*mpo_destroy_mount_fs_label)(struct label *label); 109 void (*mpo_destroy_socket_label)(struct label *label); 110 void (*mpo_destroy_socket_peer_label)(struct label *label); 111 void (*mpo_destroy_pipe_label)(struct label *label); 112 void (*mpo_destroy_proc_label)(struct label *label); --- 97 unchanged lines hidden (view full) --- 210 211 /* 212 * Labeling event operations: network objects. 213 */ 214 void (*mpo_create_bpfdesc)(struct ucred *cred, struct bpf_d *bpf_d, 215 struct label *bpflabel); 216 void (*mpo_create_ifnet)(struct ifnet *ifnet, 217 struct label *ifnetlabel); |
| 218 void (*mpo_create_inpcb_from_socket)(struct socket *so, 219 struct label *solabel, struct inpcb *inp, 220 struct label *inplabel); |
|
| 215 void (*mpo_create_ipq)(struct mbuf *fragment, 216 struct label *fragmentlabel, struct ipq *ipq, 217 struct label *ipqlabel); 218 void (*mpo_create_datagram_from_ipq) 219 (struct ipq *ipq, struct label *ipqlabel, 220 struct mbuf *datagram, struct label *datagramlabel); 221 void (*mpo_create_fragment)(struct mbuf *datagram, 222 struct label *datagramlabel, struct mbuf *fragment, --- 23 unchanged lines hidden (view full) --- 246 void (*mpo_reflect_mbuf_icmp)(struct mbuf *m, 247 struct label *mlabel); 248 void (*mpo_reflect_mbuf_tcp)(struct mbuf *m, struct label *mlabel); 249 void (*mpo_relabel_ifnet)(struct ucred *cred, struct ifnet *ifnet, 250 struct label *ifnetlabel, struct label *newlabel); 251 void (*mpo_update_ipq)(struct mbuf *fragment, 252 struct label *fragmentlabel, struct ipq *ipq, 253 struct label *ipqlabel); | 221 void (*mpo_create_ipq)(struct mbuf *fragment, 222 struct label *fragmentlabel, struct ipq *ipq, 223 struct label *ipqlabel); 224 void (*mpo_create_datagram_from_ipq) 225 (struct ipq *ipq, struct label *ipqlabel, 226 struct mbuf *datagram, struct label *datagramlabel); 227 void (*mpo_create_fragment)(struct mbuf *datagram, 228 struct label *datagramlabel, struct mbuf *fragment, --- 23 unchanged lines hidden (view full) --- 252 void (*mpo_reflect_mbuf_icmp)(struct mbuf *m, 253 struct label *mlabel); 254 void (*mpo_reflect_mbuf_tcp)(struct mbuf *m, struct label *mlabel); 255 void (*mpo_relabel_ifnet)(struct ucred *cred, struct ifnet *ifnet, 256 struct label *ifnetlabel, struct label *newlabel); 257 void (*mpo_update_ipq)(struct mbuf *fragment, 258 struct label *fragmentlabel, struct ipq *ipq, 259 struct label *ipqlabel); |
| 260 void (*mpo_inpcb_sosetlabel)(struct socket *so, 261 struct label *label, struct inpcb *inp, 262 struct label *inplabel); |
|
| 254 255 /* 256 * Labeling event operations: processes. 257 */ 258 void (*mpo_create_cred)(struct ucred *parent_cred, 259 struct ucred *child_cred); 260 void (*mpo_execve_transition)(struct ucred *old, struct ucred *new, 261 struct vnode *vp, struct label *vnodelabel, --- 19 unchanged lines hidden (view full) --- 281 struct label *newlabel); 282 int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2); 283 int (*mpo_check_ifnet_relabel)(struct ucred *cred, 284 struct ifnet *ifnet, struct label *ifnetlabel, 285 struct label *newlabel); 286 int (*mpo_check_ifnet_transmit)(struct ifnet *ifnet, 287 struct label *ifnetlabel, struct mbuf *m, 288 struct label *mbuflabel); | 263 264 /* 265 * Labeling event operations: processes. 266 */ 267 void (*mpo_create_cred)(struct ucred *parent_cred, 268 struct ucred *child_cred); 269 void (*mpo_execve_transition)(struct ucred *old, struct ucred *new, 270 struct vnode *vp, struct label *vnodelabel, --- 19 unchanged lines hidden (view full) --- 290 struct label *newlabel); 291 int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2); 292 int (*mpo_check_ifnet_relabel)(struct ucred *cred, 293 struct ifnet *ifnet, struct label *ifnetlabel, 294 struct label *newlabel); 295 int (*mpo_check_ifnet_transmit)(struct ifnet *ifnet, 296 struct label *ifnetlabel, struct mbuf *m, 297 struct label *mbuflabel); |
| 298 int (*mpo_check_inpcb_deliver)(struct inpcb *inp, 299 struct label *inplabel, struct mbuf *m, 300 struct label *mlabel); |
|
| 289 int (*mpo_check_kenv_dump)(struct ucred *cred); 290 int (*mpo_check_kenv_get)(struct ucred *cred, char *name); 291 int (*mpo_check_kenv_set)(struct ucred *cred, char *name, 292 char *value); 293 int (*mpo_check_kenv_unset)(struct ucred *cred, char *name); 294 int (*mpo_check_kld_load)(struct ucred *cred, struct vnode *vp, 295 struct label *vlabel); 296 int (*mpo_check_kld_stat)(struct ucred *cred); --- 184 unchanged lines hidden --- | 301 int (*mpo_check_kenv_dump)(struct ucred *cred); 302 int (*mpo_check_kenv_get)(struct ucred *cred, char *name); 303 int (*mpo_check_kenv_set)(struct ucred *cred, char *name, 304 char *value); 305 int (*mpo_check_kenv_unset)(struct ucred *cred, char *name); 306 int (*mpo_check_kld_load)(struct ucred *cred, struct vnode *vp, 307 struct label *vlabel); 308 int (*mpo_check_kld_stat)(struct ucred *cred); --- 184 unchanged lines hidden --- |