mac_framework.h (102123) | mac_framework.h (102129) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * |
37 * $FreeBSD: head/sys/security/mac/mac_framework.h 102123 2002-08-19 17:59:48Z rwatson $ | 37 * $FreeBSD: head/sys/security/mac/mac_framework.h 102129 2002-08-19 19:04:53Z rwatson $ |
38 */ 39/* 40 * Userland/kernel interface for Mandatory Access Control. 41 * 42 * The POSIX.1e implementation page may be reached at: 43 * http://www.trustedbsd.org/ 44 */ 45#ifndef _SYS_MAC_H --- 287 unchanged lines hidden (view full) --- 333 int attrnamespace, const char *name, struct uio *uio); 334int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 335 struct componentname *cnp); 336/* XXX This u_char should be vm_prot_t! */ 337u_char mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp, 338 int newmapping); 339int mac_check_vnode_open(struct ucred *cred, struct vnode *vp, 340 mode_t acc_mode); | 38 */ 39/* 40 * Userland/kernel interface for Mandatory Access Control. 41 * 42 * The POSIX.1e implementation page may be reached at: 43 * http://www.trustedbsd.org/ 44 */ 45#ifndef _SYS_MAC_H --- 287 unchanged lines hidden (view full) --- 333 int attrnamespace, const char *name, struct uio *uio); 334int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 335 struct componentname *cnp); 336/* XXX This u_char should be vm_prot_t! */ 337u_char mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp, 338 int newmapping); 339int mac_check_vnode_open(struct ucred *cred, struct vnode *vp, 340 mode_t acc_mode); |
341int mac_check_vnode_poll(struct ucred *cred, struct vnode *vp); 342int mac_check_vnode_read(struct ucred *cred, struct vnode *vp); | 341int mac_check_vnode_poll(struct ucred *active_cred, 342 struct ucred *file_cred, struct vnode *vp); 343int mac_check_vnode_read(struct ucred *active_cred, 344 struct ucred *file_cred, struct vnode *vp); |
343int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp); 344int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp); 345int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 346 struct vnode *vp, struct componentname *cnp); 347int mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 348 struct vnode *vp, int samedir, struct componentname *cnp); 349int mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp); 350int mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 351 acl_type_t type, struct acl *acl); 352int mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 353 int attrnamespace, const char *name, struct uio *uio); 354int mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 355 u_long flags); 356int mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 357 mode_t mode); 358int mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 359 uid_t uid, gid_t gid); 360int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 361 struct timespec atime, struct timespec mtime); | 345int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp); 346int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp); 347int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 348 struct vnode *vp, struct componentname *cnp); 349int mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 350 struct vnode *vp, int samedir, struct componentname *cnp); 351int mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp); 352int mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 353 acl_type_t type, struct acl *acl); 354int mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 355 int attrnamespace, const char *name, struct uio *uio); 356int mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 357 u_long flags); 358int mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 359 mode_t mode); 360int mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 361 uid_t uid, gid_t gid); 362int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 363 struct timespec atime, struct timespec mtime); |
362int mac_check_vnode_stat(struct ucred *cred, struct vnode *vp); 363int mac_check_vnode_write(struct ucred *cred, struct vnode *vp); | 364int mac_check_vnode_stat(struct ucred *active_cred, 365 struct ucred *file_cred, struct vnode *vp); 366int mac_check_vnode_write(struct ucred *active_cred, 367 struct ucred *file_cred, struct vnode *vp); |
364int mac_getsockopt_label_get(struct ucred *cred, struct socket *so, 365 struct mac *extmac); 366int mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so, 367 struct mac *extmac); 368int mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr, 369 struct ifnet *ifnet); 370int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, 371 struct ifnet *ifnet); --- 17 unchanged lines hidden --- | 368int mac_getsockopt_label_get(struct ucred *cred, struct socket *so, 369 struct mac *extmac); 370int mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so, 371 struct mac *extmac); 372int mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr, 373 struct ifnet *ifnet); 374int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, 375 struct ifnet *ifnet); --- 17 unchanged lines hidden --- |