| mac_mls.c (172955) | mac_mls.c (172957) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
| 38 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 172955 2007-10-25 11:31:11Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 172957 2007-10-25 12:34:14Z rwatson $ |
| 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * MLS fixed label mandatory confidentiality policy. 45 */ 46 --- 1303 unchanged lines hidden (view full) --- 1350 dest = SLOT(cred->cr_label); 1351 1352 mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); 1353 mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, 1354 NULL); 1355} 1356 1357static void | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * MLS fixed label mandatory confidentiality policy. 45 */ 46 --- 1303 unchanged lines hidden (view full) --- 1350 dest = SLOT(cred->cr_label); 1351 1352 mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); 1353 mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, 1354 NULL); 1355} 1356 1357static void |
| 1358mls_proc_associate_nfsd(struct ucred *cred) 1359{ 1360 struct mac_mls *label; 1361 1362 label = SLOT(cred->cr_label); 1363 mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL); 1364 mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, 1365 NULL); 1366} 1367 1368static void |
|
| 1358mls_cred_relabel(struct ucred *cred, struct label *newlabel) 1359{ 1360 struct mac_mls *source, *dest; 1361 1362 source = SLOT(newlabel); 1363 dest = SLOT(cred->cr_label); 1364 1365 mls_copy(source, dest); --- 1476 unchanged lines hidden (view full) --- 2842 obj = SLOT(vplabel); 2843 2844 if (!mls_dominate_effective(obj, subj)) 2845 return (EACCES); 2846 2847 return (0); 2848} 2849 | 1369mls_cred_relabel(struct ucred *cred, struct label *newlabel) 1370{ 1371 struct mac_mls *source, *dest; 1372 1373 source = SLOT(newlabel); 1374 dest = SLOT(cred->cr_label); 1375 1376 mls_copy(source, dest); --- 1476 unchanged lines hidden (view full) --- 2853 obj = SLOT(vplabel); 2854 2855 if (!mls_dominate_effective(obj, subj)) 2856 return (EACCES); 2857 2858 return (0); 2859} 2860 |
| 2850static void 2851mls_associate_nfsd_label(struct ucred *cred) 2852{ 2853 struct mac_mls *label; 2854 2855 label = SLOT(cred->cr_label); 2856 mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL); 2857 mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, 2858 NULL); 2859} 2860 | |
| 2861static struct mac_policy_ops mls_ops = 2862{ 2863 .mpo_init = mls_init, 2864 .mpo_bpfdesc_init_label = mls_init_label, 2865 .mpo_cred_init_label = mls_init_label, 2866 .mpo_devfs_init_label = mls_init_label, 2867 .mpo_ifnet_init_label = mls_init_label, 2868 .mpo_inpcb_init_label = mls_init_label_waitcheck, --- 84 unchanged lines hidden (view full) --- 2953 .mpo_mbuf_create_multicast_encap = mls_mbuf_create_multicast_encap, 2954 .mpo_mbuf_create_netlayer = mls_mbuf_create_netlayer, 2955 .mpo_ipq_match = mls_ipq_match, 2956 .mpo_ifnet_relabel = mls_ifnet_relabel, 2957 .mpo_ipq_update = mls_ipq_update, 2958 .mpo_inpcb_sosetlabel = mls_inpcb_sosetlabel, 2959 .mpo_proc_create_swapper = mls_proc_create_swapper, 2960 .mpo_proc_create_init = mls_proc_create_init, | 2861static struct mac_policy_ops mls_ops = 2862{ 2863 .mpo_init = mls_init, 2864 .mpo_bpfdesc_init_label = mls_init_label, 2865 .mpo_cred_init_label = mls_init_label, 2866 .mpo_devfs_init_label = mls_init_label, 2867 .mpo_ifnet_init_label = mls_init_label, 2868 .mpo_inpcb_init_label = mls_init_label_waitcheck, --- 84 unchanged lines hidden (view full) --- 2953 .mpo_mbuf_create_multicast_encap = mls_mbuf_create_multicast_encap, 2954 .mpo_mbuf_create_netlayer = mls_mbuf_create_netlayer, 2955 .mpo_ipq_match = mls_ipq_match, 2956 .mpo_ifnet_relabel = mls_ifnet_relabel, 2957 .mpo_ipq_update = mls_ipq_update, 2958 .mpo_inpcb_sosetlabel = mls_inpcb_sosetlabel, 2959 .mpo_proc_create_swapper = mls_proc_create_swapper, 2960 .mpo_proc_create_init = mls_proc_create_init, |
| 2961 .mpo_proc_associate_nfsd = mls_proc_associate_nfsd, |
|
| 2961 .mpo_cred_relabel = mls_cred_relabel, 2962 .mpo_sysvmsg_cleanup = mls_sysvmsg_cleanup, 2963 .mpo_sysvmsq_cleanup = mls_sysvmsq_cleanup, 2964 .mpo_sysvsem_cleanup = mls_sysvsem_cleanup, 2965 .mpo_sysvshm_cleanup = mls_sysvshm_cleanup, 2966 .mpo_bpfdesc_check_receive = mls_bpfdesc_check_receive, 2967 .mpo_cred_check_relabel = mls_cred_check_relabel, 2968 .mpo_cred_check_visible = mls_cred_check_visible, --- 60 unchanged lines hidden (view full) --- 3029 .mpo_vnode_check_setextattr = mls_vnode_check_setextattr, 3030 .mpo_vnode_check_setflags = mls_vnode_check_setflags, 3031 .mpo_vnode_check_setmode = mls_vnode_check_setmode, 3032 .mpo_vnode_check_setowner = mls_vnode_check_setowner, 3033 .mpo_vnode_check_setutimes = mls_vnode_check_setutimes, 3034 .mpo_vnode_check_stat = mls_vnode_check_stat, 3035 .mpo_vnode_check_unlink = mls_vnode_check_unlink, 3036 .mpo_vnode_check_write = mls_vnode_check_write, | 2962 .mpo_cred_relabel = mls_cred_relabel, 2963 .mpo_sysvmsg_cleanup = mls_sysvmsg_cleanup, 2964 .mpo_sysvmsq_cleanup = mls_sysvmsq_cleanup, 2965 .mpo_sysvsem_cleanup = mls_sysvsem_cleanup, 2966 .mpo_sysvshm_cleanup = mls_sysvshm_cleanup, 2967 .mpo_bpfdesc_check_receive = mls_bpfdesc_check_receive, 2968 .mpo_cred_check_relabel = mls_cred_check_relabel, 2969 .mpo_cred_check_visible = mls_cred_check_visible, --- 60 unchanged lines hidden (view full) --- 3030 .mpo_vnode_check_setextattr = mls_vnode_check_setextattr, 3031 .mpo_vnode_check_setflags = mls_vnode_check_setflags, 3032 .mpo_vnode_check_setmode = mls_vnode_check_setmode, 3033 .mpo_vnode_check_setowner = mls_vnode_check_setowner, 3034 .mpo_vnode_check_setutimes = mls_vnode_check_setutimes, 3035 .mpo_vnode_check_stat = mls_vnode_check_stat, 3036 .mpo_vnode_check_unlink = mls_vnode_check_unlink, 3037 .mpo_vnode_check_write = mls_vnode_check_write, |
| 3037 .mpo_associate_nfsd_label = mls_associate_nfsd_label, | |
| 3038 .mpo_mbuf_create_from_firewall = mls_mbuf_create_from_firewall, 3039}; 3040 3041MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS", 3042 MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &mls_slot); | 3038 .mpo_mbuf_create_from_firewall = mls_mbuf_create_from_firewall, 3039}; 3040 3041MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS", 3042 MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &mls_slot); |