1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 19 unchanged lines hidden (view full) --- 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * |
36 * $FreeBSD: head/sys/security/mac/mac_internal.h 107105 2002-11-20 15:41:25Z rwatson $ |
37 */ 38/* 39 * Developed by the TrustedBSD Project. 40 * 41 * Framework for extensible kernel access control. Kernel and userland 42 * interface to the framework, policy registration and composition. 43 */ 44 --- 135 unchanged lines hidden (view full) --- 180TUNABLE_INT("security.mac.debug_label_fallback", 181 &mac_debug_label_fallback); 182 183SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0, 184 "TrustedBSD MAC object counters"); 185 186static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, 187 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, |
188 nmacipqs, nmacpipes, nmacprocs; |
189 190SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD, 191 &nmacmbufs, 0, "number of mbufs in use"); 192SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD, 193 &nmaccreds, 0, "number of ucreds in use"); 194SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ifnets, CTLFLAG_RD, 195 &nmacifnets, 0, "number of ifnets in use"); 196SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipqs, CTLFLAG_RD, 197 &nmacipqs, 0, "number of ipqs in use"); 198SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, bpfdescs, CTLFLAG_RD, 199 &nmacbpfdescs, 0, "number of bpfdescs in use"); 200SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, sockets, CTLFLAG_RD, 201 &nmacsockets, 0, "number of sockets in use"); 202SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, pipes, CTLFLAG_RD, 203 &nmacpipes, 0, "number of pipes in use"); |
204SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, procs, CTLFLAG_RD, 205 &nmacprocs, 0, "number of procs in use"); |
206SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD, 207 &nmacmounts, 0, "number of mounts in use"); 208SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD, 209 &nmactemp, 0, "number of temporary labels in use"); 210SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD, 211 &nmacvnodes, 0, "number of vnodes in use"); 212SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD, 213 &nmacdevfsdirents, 0, "number of devfs dirents inuse"); --- 545 unchanged lines hidden (view full) --- 759 struct label *label; 760 761 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK); 762 pipe->pipe_label = label; 763 pipe->pipe_peer->pipe_label = label; 764 mac_init_pipe_label(label); 765} 766 |
767void 768mac_init_proc(struct proc *p) 769{ 770 771 mac_init_label(&p->p_label); 772 MAC_PERFORM(init_proc_label, &p->p_label); 773#ifdef MAC_DEBUG 774 atomic_add_int(&nmacprocs, 1); 775#endif 776} 777 |
778static int 779mac_init_socket_label(struct label *label, int flag) 780{ 781 int error; 782 783 mac_init_label(label); 784 785 MAC_CHECK(init_socket_label, label, flag); --- 167 unchanged lines hidden (view full) --- 953void 954mac_destroy_pipe(struct pipe *pipe) 955{ 956 957 mac_destroy_pipe_label(pipe->pipe_label); 958 free(pipe->pipe_label, M_MACPIPELABEL); 959} 960 |
961void 962mac_destroy_proc(struct proc *p) 963{ 964 965 MAC_PERFORM(destroy_proc_label, &p->p_label); 966 mac_destroy_label(&p->p_label); 967#ifdef MAC_DEBUG 968 atomic_subtract_int(&nmacprocs, 1); 969#endif 970} 971 |
972static void 973mac_destroy_socket_label(struct label *label) 974{ 975 976 MAC_PERFORM(destroy_socket_label, label); 977 mac_destroy_label(label); 978#ifdef MAC_DEBUG 979 atomic_subtract_int(&nmacsockets, 1); --- 2700 unchanged lines hidden --- |