Cross Reference: /freebsd-10.1-release/sys/security/mac/mac

Deleted Added

sdiff udiff text old ( 102123 ) new ( 102129 )

full compact

mac_internal.h (102123)	mac_internal.h (102129)
1/- 2 Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 *	1/- 2 Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 *
39 * $FreeBSD: head/sys/security/mac/mac_internal.h 102123 2002-08-19 17:59:48Z rwatson $	39 * $FreeBSD: head/sys/security/mac/mac_internal.h 102129 2002-08-19 19:04:53Z rwatson $
40 / 41/ 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 / 47 --- 1751 unchanged lines hidden* (view full) --- 1799 if (error) 1800 return (error); 1801 1802 MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode); 1803 return (error); 1804} 1805 1806int	40 / 41/ 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 / 47 --- 1751 unchanged lines hidden* (view full) --- 1799 if (error) 1800 return (error); 1801 1802 MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode); 1803 return (error); 1804} 1805 1806int
1807mac_check_vnode_poll(struct ucred cred, struct vnode vp)	1807mac_check_vnode_poll(struct ucred active_cred, struct ucred file_cred, 1808 struct vnode *vp)
1808{ 1809 int error; 1810 1811 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_poll"); 1812 1813 if (!mac_enforce_fs) 1814 return (0); 1815	1809{ 1810 int error; 1811 1812 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_poll"); 1813 1814 if (!mac_enforce_fs) 1815 return (0); 1816
1816 error = vn_refreshlabel(vp, cred);	1817 error = vn_refreshlabel(vp, active_cred);
1817 if (error) 1818 return (error); 1819	1818 if (error) 1819 return (error); 1820
1820 MAC_CHECK(check_vnode_poll, cred, vp, &vp->v_label);	1821 MAC_CHECK(check_vnode_poll, active_cred, file_cred, vp, 1822 &vp->v_label);
1821 1822 return (error); 1823} 1824 1825int	1823 1824 return (error); 1825} 1826 1827int
1826mac_check_vnode_read(struct ucred cred, struct vnode vp)	1828mac_check_vnode_read(struct ucred active_cred, struct ucred file_cred, 1829 struct vnode *vp)
1827{ 1828 int error; 1829 1830 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_read"); 1831 1832 if (!mac_enforce_fs) 1833 return (0); 1834	1830{ 1831 int error; 1832 1833 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_read"); 1834 1835 if (!mac_enforce_fs) 1836 return (0); 1837
1835 error = vn_refreshlabel(vp, cred);	1838 error = vn_refreshlabel(vp, active_cred);
1836 if (error) 1837 return (error); 1838	1839 if (error) 1840 return (error); 1841
1839 MAC_CHECK(check_vnode_read, cred, vp, &vp->v_label);	1842 MAC_CHECK(check_vnode_read, active_cred, file_cred, vp, 1843 &vp->v_label);
1840 1841 return (error); 1842} 1843 1844int 1845mac_check_vnode_readdir(struct ucred cred, struct vnode dvp) 1846{ 1847 int error; --- 223 unchanged lines hidden (view full) --- 2071 return (error); 2072 2073 MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime, 2074 mtime); 2075 return (error); 2076} 2077 2078int	1844 1845 return (error); 1846} 1847 1848int 1849mac_check_vnode_readdir(struct ucred cred, struct vnode dvp) 1850{ 1851 int error; --- 223 unchanged lines hidden (view full) --- 2075 return (error); 2076 2077 MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime, 2078 mtime); 2079 return (error); 2080} 2081 2082int
2079mac_check_vnode_stat(struct ucred cred, struct vnode vp)	2083mac_check_vnode_stat(struct ucred active_cred, struct ucred file_cred, 2084 struct vnode *vp)
2080{ 2081 int error; 2082 2083 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_stat"); 2084 2085 if (!mac_enforce_fs) 2086 return (0); 2087	2085{ 2086 int error; 2087 2088 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_stat"); 2089 2090 if (!mac_enforce_fs) 2091 return (0); 2092
2088 error = vn_refreshlabel(vp, cred);	2093 error = vn_refreshlabel(vp, active_cred);
2089 if (error) 2090 return (error); 2091	2094 if (error) 2095 return (error); 2096
2092 MAC_CHECK(check_vnode_stat, cred, vp, &vp->v_label);	2097 MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp, 2098 &vp->v_label);
2093 return (error); 2094} 2095 2096int	2099 return (error); 2100} 2101 2102int
2097mac_check_vnode_write(struct ucred cred, struct vnode vp)	2103mac_check_vnode_write(struct ucred active_cred, struct ucred file_cred, 2104 struct vnode *vp)
2098{ 2099 int error; 2100 2101 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write"); 2102 2103 if (!mac_enforce_fs) 2104 return (0); 2105	2105{ 2106 int error; 2107 2108 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write"); 2109 2110 if (!mac_enforce_fs) 2111 return (0); 2112
2106 error = vn_refreshlabel(vp, cred);	2113 error = vn_refreshlabel(vp, active_cred);
2107 if (error) 2108 return (error); 2109	2114 if (error) 2115 return (error); 2116
2110 MAC_CHECK(check_vnode_write, cred, vp, &vp->v_label);	2117 MAC_CHECK(check_vnode_write, active_cred, file_cred, vp, 2118 &vp->v_label);
2111 2112 return (error); 2113} 2114 2115 2116/* 2117 * When relabeling a process, call out to the policies for the maximum 2118 * permission allowed for each object type we know about in its --- 1183 unchanged lines hidden ---	2119 2120 return (error); 2121} 2122 2123 2124/* 2125 * When relabeling a process, call out to the policies for the maximum 2126 * permission allowed for each object type we know about in its --- 1183 unchanged lines hidden ---