| mac_biba.c (111119) | mac_biba.c (112574) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 111119 2003-02-19 05:47:46Z imp $ | 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 112574 2003-03-25 01:10:54Z rwatson $ |
| 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 1830 unchanged lines hidden (view full) --- 1873 1874 if (!mac_biba_dominate_single(obj, subj)) 1875 return (ENOENT); 1876 1877 return (0); 1878} 1879 1880static int | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 1830 unchanged lines hidden (view full) --- 1873 1874 if (!mac_biba_dominate_single(obj, subj)) 1875 return (ENOENT); 1876 1877 return (0); 1878} 1879 1880static int |
| 1881mac_biba_check_sysarch_ioperm(struct ucred *cred) 1882{ 1883 struct mac_biba *subj; 1884 int error; 1885 1886 if (!mac_biba_enabled) 1887 return (0); 1888 1889 subj = SLOT(&cred->cr_label); 1890 1891 error = mac_biba_subject_privileged(subj); 1892 if (error) 1893 return (error); 1894 1895 return (0); 1896} 1897 1898static int |
|
| 1881mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, 1882 struct label *label) 1883{ 1884 struct mac_biba *subj, *obj; 1885 int error; 1886 1887 if (!mac_biba_enabled) 1888 return (0); --- 51 unchanged lines hidden (view full) --- 1940 1941 if (!mac_biba_high_single(obj)) 1942 return (EACCES); 1943 1944 return (0); 1945} 1946 1947static int | 1899mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, 1900 struct label *label) 1901{ 1902 struct mac_biba *subj, *obj; 1903 int error; 1904 1905 if (!mac_biba_enabled) 1906 return (0); --- 51 unchanged lines hidden (view full) --- 1958 1959 if (!mac_biba_high_single(obj)) 1960 return (EACCES); 1961 1962 return (0); 1963} 1964 1965static int |
| 1966mac_biba_check_system_swapoff(struct ucred *cred, struct vnode *vp, 1967 struct label *label) 1968{ 1969 struct mac_biba *subj, *obj; 1970 int error; 1971 1972 if (!mac_biba_enabled) 1973 return (0); 1974 1975 subj = SLOT(&cred->cr_label); 1976 obj = SLOT(label); 1977 1978 error = mac_biba_subject_privileged(subj); 1979 if (error) 1980 return (error); 1981 1982 return (0); 1983} 1984 1985static int |
|
| 1948mac_biba_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 1949 void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 1950{ 1951 struct mac_biba *subj; 1952 int error; 1953 1954 if (!mac_biba_enabled) 1955 return (0); --- 713 unchanged lines hidden (view full) --- 2669 .mpo_check_pipe_stat = mac_biba_check_pipe_stat, 2670 .mpo_check_pipe_write = mac_biba_check_pipe_write, 2671 .mpo_check_proc_debug = mac_biba_check_proc_debug, 2672 .mpo_check_proc_sched = mac_biba_check_proc_sched, 2673 .mpo_check_proc_signal = mac_biba_check_proc_signal, 2674 .mpo_check_socket_deliver = mac_biba_check_socket_deliver, 2675 .mpo_check_socket_relabel = mac_biba_check_socket_relabel, 2676 .mpo_check_socket_visible = mac_biba_check_socket_visible, | 1986mac_biba_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 1987 void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 1988{ 1989 struct mac_biba *subj; 1990 int error; 1991 1992 if (!mac_biba_enabled) 1993 return (0); --- 713 unchanged lines hidden (view full) --- 2707 .mpo_check_pipe_stat = mac_biba_check_pipe_stat, 2708 .mpo_check_pipe_write = mac_biba_check_pipe_write, 2709 .mpo_check_proc_debug = mac_biba_check_proc_debug, 2710 .mpo_check_proc_sched = mac_biba_check_proc_sched, 2711 .mpo_check_proc_signal = mac_biba_check_proc_signal, 2712 .mpo_check_socket_deliver = mac_biba_check_socket_deliver, 2713 .mpo_check_socket_relabel = mac_biba_check_socket_relabel, 2714 .mpo_check_socket_visible = mac_biba_check_socket_visible, |
| 2715 .mpo_check_sysarch_ioperm = mac_biba_check_sysarch_ioperm, |
|
| 2677 .mpo_check_system_acct = mac_biba_check_system_acct, 2678 .mpo_check_system_settime = mac_biba_check_system_settime, 2679 .mpo_check_system_swapon = mac_biba_check_system_swapon, | 2716 .mpo_check_system_acct = mac_biba_check_system_acct, 2717 .mpo_check_system_settime = mac_biba_check_system_settime, 2718 .mpo_check_system_swapon = mac_biba_check_system_swapon, |
| 2719 .mpo_check_system_swapoff = mac_biba_check_system_swapoff, |
|
| 2680 .mpo_check_system_sysctl = mac_biba_check_system_sysctl, 2681 .mpo_check_vnode_access = mac_biba_check_vnode_open, 2682 .mpo_check_vnode_chdir = mac_biba_check_vnode_chdir, 2683 .mpo_check_vnode_chroot = mac_biba_check_vnode_chroot, 2684 .mpo_check_vnode_create = mac_biba_check_vnode_create, 2685 .mpo_check_vnode_delete = mac_biba_check_vnode_delete, 2686 .mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl, 2687 .mpo_check_vnode_exec = mac_biba_check_vnode_exec, --- 27 unchanged lines hidden --- | 2720 .mpo_check_system_sysctl = mac_biba_check_system_sysctl, 2721 .mpo_check_vnode_access = mac_biba_check_vnode_open, 2722 .mpo_check_vnode_chdir = mac_biba_check_vnode_chdir, 2723 .mpo_check_vnode_chroot = mac_biba_check_vnode_chroot, 2724 .mpo_check_vnode_create = mac_biba_check_vnode_create, 2725 .mpo_check_vnode_delete = mac_biba_check_vnode_delete, 2726 .mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl, 2727 .mpo_check_vnode_exec = mac_biba_check_vnode_exec, --- 27 unchanged lines hidden --- |