| mac_biba.c (179963) | mac_biba.c (180059) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
| 38 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 179963 2008-06-23 21:37:53Z jhb $ | 38 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 180059 2008-06-27 05:39:04Z jhb $ |
| 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Biba fixed label mandatory integrity policy. 45 */ 46 --- 1452 unchanged lines hidden (view full) --- 1499 1500 source = SLOT(newlabel); 1501 dest = SLOT(pplabel); 1502 1503 biba_copy(source, dest); 1504} 1505 1506static int | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Biba fixed label mandatory integrity policy. 45 */ 46 --- 1452 unchanged lines hidden (view full) --- 1499 1500 source = SLOT(newlabel); 1501 dest = SLOT(pplabel); 1502 1503 biba_copy(source, dest); 1504} 1505 1506static int |
| 1507biba_posixsem_check_write(struct ucred *cred, struct ksem *ks, | 1507biba_posixsem_check_openunlink(struct ucred *cred, struct ksem *ks, |
| 1508 struct label *kslabel) 1509{ 1510 struct mac_biba *subj, *obj; 1511 1512 if (!biba_enabled) 1513 return (0); 1514 1515 subj = SLOT(cred->cr_label); 1516 obj = SLOT(kslabel); 1517 1518 if (!biba_dominate_effective(subj, obj)) 1519 return (EACCES); 1520 1521 return (0); 1522} 1523 1524static int | 1508 struct label *kslabel) 1509{ 1510 struct mac_biba *subj, *obj; 1511 1512 if (!biba_enabled) 1513 return (0); 1514 1515 subj = SLOT(cred->cr_label); 1516 obj = SLOT(kslabel); 1517 1518 if (!biba_dominate_effective(subj, obj)) 1519 return (EACCES); 1520 1521 return (0); 1522} 1523 1524static int |
| 1525biba_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, 1526 struct label *kslabel) | 1525biba_posixsem_check_write(struct ucred *active_cred, struct ucred *file_cred, 1526 struct ksem *ks, struct label *kslabel) |
| 1527{ 1528 struct mac_biba *subj, *obj; 1529 1530 if (!biba_enabled) 1531 return (0); 1532 | 1527{ 1528 struct mac_biba *subj, *obj; 1529 1530 if (!biba_enabled) 1531 return (0); 1532 |
| 1533 subj = SLOT(cred->cr_label); | 1533 subj = SLOT(active_cred->cr_label); |
| 1534 obj = SLOT(kslabel); 1535 | 1534 obj = SLOT(kslabel); 1535 |
| 1536 if (!biba_dominate_effective(subj, obj)) 1537 return (EACCES); 1538 1539 return (0); 1540} 1541 1542static int 1543biba_posixsem_check_rdonly(struct ucred *active_cred, struct ucred *file_cred, 1544 struct ksem *ks, struct label *kslabel) 1545{ 1546 struct mac_biba *subj, *obj; 1547 1548 if (!biba_enabled) 1549 return (0); 1550 1551 subj = SLOT(active_cred->cr_label); 1552 obj = SLOT(kslabel); 1553 |
|
| 1536 if (!biba_dominate_effective(obj, subj)) 1537 return (EACCES); 1538 1539 return (0); 1540} 1541 1542static void 1543biba_posixsem_create(struct ucred *cred, struct ksem *ks, --- 1786 unchanged lines hidden (view full) --- 3330 .mpo_pipe_create = biba_pipe_create, 3331 .mpo_pipe_destroy_label = biba_destroy_label, 3332 .mpo_pipe_externalize_label = biba_externalize_label, 3333 .mpo_pipe_init_label = biba_init_label, 3334 .mpo_pipe_internalize_label = biba_internalize_label, 3335 .mpo_pipe_relabel = biba_pipe_relabel, 3336 3337 .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, | 1554 if (!biba_dominate_effective(obj, subj)) 1555 return (EACCES); 1556 1557 return (0); 1558} 1559 1560static void 1561biba_posixsem_create(struct ucred *cred, struct ksem *ks, --- 1786 unchanged lines hidden (view full) --- 3348 .mpo_pipe_create = biba_pipe_create, 3349 .mpo_pipe_destroy_label = biba_destroy_label, 3350 .mpo_pipe_externalize_label = biba_externalize_label, 3351 .mpo_pipe_init_label = biba_init_label, 3352 .mpo_pipe_internalize_label = biba_internalize_label, 3353 .mpo_pipe_relabel = biba_pipe_relabel, 3354 3355 .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, |
| 3338 .mpo_posixsem_check_open = biba_posixsem_check_write, | 3356 .mpo_posixsem_check_open = biba_posixsem_check_openunlink, |
| 3339 .mpo_posixsem_check_post = biba_posixsem_check_write, | 3357 .mpo_posixsem_check_post = biba_posixsem_check_write, |
| 3340 .mpo_posixsem_check_unlink = biba_posixsem_check_write, | 3358 .mpo_posixsem_check_stat = biba_posixsem_check_rdonly, 3359 .mpo_posixsem_check_unlink = biba_posixsem_check_openunlink, |
| 3341 .mpo_posixsem_check_wait = biba_posixsem_check_write, 3342 .mpo_posixsem_create = biba_posixsem_create, 3343 .mpo_posixsem_destroy_label = biba_destroy_label, 3344 .mpo_posixsem_init_label = biba_init_label, 3345 3346 .mpo_priv_check = biba_priv_check, 3347 3348 .mpo_proc_associate_nfsd = biba_proc_associate_nfsd, --- 114 unchanged lines hidden --- | 3360 .mpo_posixsem_check_wait = biba_posixsem_check_write, 3361 .mpo_posixsem_create = biba_posixsem_create, 3362 .mpo_posixsem_destroy_label = biba_destroy_label, 3363 .mpo_posixsem_init_label = biba_init_label, 3364 3365 .mpo_priv_check = biba_priv_check, 3366 3367 .mpo_proc_associate_nfsd = biba_proc_associate_nfsd, --- 114 unchanged lines hidden --- |