mac_biba.c (172955) | mac_biba.c (172957) |
---|---|
1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
38 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 172955 2007-10-25 11:31:11Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 172957 2007-10-25 12:34:14Z rwatson $ |
39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Biba fixed label mandatory integrity policy. 45 */ 46 --- 1358 unchanged lines hidden (view full) --- 1405 dest = SLOT(cred->cr_label); 1406 1407 biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 1408 biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1409 0, NULL); 1410} 1411 1412static void | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Biba fixed label mandatory integrity policy. 45 */ 46 --- 1358 unchanged lines hidden (view full) --- 1405 dest = SLOT(cred->cr_label); 1406 1407 biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 1408 biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1409 0, NULL); 1410} 1411 1412static void |
1413biba_proc_associate_nfsd(struct ucred *cred) 1414{ 1415 struct mac_biba *label; 1416 1417 label = SLOT(cred->cr_label); 1418 biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); 1419 biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1420 0, NULL); 1421} 1422 1423static void |
|
1413biba_cred_relabel(struct ucred *cred, struct label *newlabel) 1414{ 1415 struct mac_biba *source, *dest; 1416 1417 source = SLOT(newlabel); 1418 dest = SLOT(cred->cr_label); 1419 1420 biba_copy(source, dest); --- 1774 unchanged lines hidden (view full) --- 3195 3196 if (!biba_dominate_effective(subj, obj)) 3197 return (EACCES); 3198 3199 return (0); 3200} 3201 3202static void | 1424biba_cred_relabel(struct ucred *cred, struct label *newlabel) 1425{ 1426 struct mac_biba *source, *dest; 1427 1428 source = SLOT(newlabel); 1429 dest = SLOT(cred->cr_label); 1430 1431 biba_copy(source, dest); --- 1774 unchanged lines hidden (view full) --- 3206 3207 if (!biba_dominate_effective(subj, obj)) 3208 return (EACCES); 3209 3210 return (0); 3211} 3212 3213static void |
3203biba_associate_nfsd_label(struct ucred *cred) 3204{ 3205 struct mac_biba *label; 3206 3207 label = SLOT(cred->cr_label); 3208 biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); 3209 biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 3210 0, NULL); 3211} 3212 3213static void | |
3214biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) 3215{ 3216 struct mac_biba *source, *dest; 3217 3218 source = SLOT(inp->inp_label); 3219 dest = SLOT(label); 3220 biba_copy_effective(source, dest); 3221} --- 104 unchanged lines hidden (view full) --- 3326 .mpo_mbuf_create_multicast_encap = biba_mbuf_create_multicast_encap, 3327 .mpo_mbuf_create_netlayer = biba_mbuf_create_netlayer, 3328 .mpo_ipq_match = biba_ipq_match, 3329 .mpo_ifnet_relabel = biba_ifnet_relabel, 3330 .mpo_ipq_update = biba_ipq_update, 3331 .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, 3332 .mpo_proc_create_swapper = biba_proc_create_swapper, 3333 .mpo_proc_create_init = biba_proc_create_init, | 3214biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) 3215{ 3216 struct mac_biba *source, *dest; 3217 3218 source = SLOT(inp->inp_label); 3219 dest = SLOT(label); 3220 biba_copy_effective(source, dest); 3221} --- 104 unchanged lines hidden (view full) --- 3326 .mpo_mbuf_create_multicast_encap = biba_mbuf_create_multicast_encap, 3327 .mpo_mbuf_create_netlayer = biba_mbuf_create_netlayer, 3328 .mpo_ipq_match = biba_ipq_match, 3329 .mpo_ifnet_relabel = biba_ifnet_relabel, 3330 .mpo_ipq_update = biba_ipq_update, 3331 .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, 3332 .mpo_proc_create_swapper = biba_proc_create_swapper, 3333 .mpo_proc_create_init = biba_proc_create_init, |
3334 .mpo_proc_associate_nfsd = biba_proc_associate_nfsd, |
|
3334 .mpo_cred_relabel = biba_cred_relabel, 3335 .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, 3336 .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, 3337 .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, 3338 .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, 3339 .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, 3340 .mpo_cred_check_relabel = biba_cred_check_relabel, 3341 .mpo_cred_check_visible = biba_cred_check_visible, --- 64 unchanged lines hidden (view full) --- 3406 .mpo_vnode_check_setextattr = biba_vnode_check_setextattr, 3407 .mpo_vnode_check_setflags = biba_vnode_check_setflags, 3408 .mpo_vnode_check_setmode = biba_vnode_check_setmode, 3409 .mpo_vnode_check_setowner = biba_vnode_check_setowner, 3410 .mpo_vnode_check_setutimes = biba_vnode_check_setutimes, 3411 .mpo_vnode_check_stat = biba_vnode_check_stat, 3412 .mpo_vnode_check_unlink = biba_vnode_check_unlink, 3413 .mpo_vnode_check_write = biba_vnode_check_write, | 3335 .mpo_cred_relabel = biba_cred_relabel, 3336 .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, 3337 .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, 3338 .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, 3339 .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, 3340 .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, 3341 .mpo_cred_check_relabel = biba_cred_check_relabel, 3342 .mpo_cred_check_visible = biba_cred_check_visible, --- 64 unchanged lines hidden (view full) --- 3407 .mpo_vnode_check_setextattr = biba_vnode_check_setextattr, 3408 .mpo_vnode_check_setflags = biba_vnode_check_setflags, 3409 .mpo_vnode_check_setmode = biba_vnode_check_setmode, 3410 .mpo_vnode_check_setowner = biba_vnode_check_setowner, 3411 .mpo_vnode_check_setutimes = biba_vnode_check_setutimes, 3412 .mpo_vnode_check_stat = biba_vnode_check_stat, 3413 .mpo_vnode_check_unlink = biba_vnode_check_unlink, 3414 .mpo_vnode_check_write = biba_vnode_check_write, |
3414 .mpo_associate_nfsd_label = biba_associate_nfsd_label, | |
3415 .mpo_mbuf_create_from_firewall = biba_mbuf_create_from_firewall, 3416 .mpo_priv_check = biba_priv_check, 3417}; 3418 3419MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3420 MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &biba_slot); | 3415 .mpo_mbuf_create_from_firewall = biba_mbuf_create_from_firewall, 3416 .mpo_priv_check = biba_priv_check, 3417}; 3418 3419MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3420 MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &biba_slot); |