| mac_policy.h (102123) | mac_policy.h (102129) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * |
| 37 * $FreeBSD: head/sys/security/mac/mac_policy.h 102123 2002-08-19 17:59:48Z rwatson $ | 37 * $FreeBSD: head/sys/security/mac/mac_policy.h 102129 2002-08-19 19:04:53Z rwatson $ |
| 38 */ 39/* 40 * Kernel interface for MAC policy modules. 41 */ 42#ifndef _SYS_MAC_POLICY_H 43#define _SYS_MAC_POLICY_H 44 45/*- --- 250 unchanged lines hidden (view full) --- 296 const char *name, struct uio *uio); 297 int (*mpo_check_vnode_lookup)(struct ucred *cred, 298 struct vnode *dvp, struct label *dlabel, 299 struct componentname *cnp); 300 vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred, 301 struct vnode *vp, struct label *label, int newmapping); 302 int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp, 303 struct label *label, mode_t acc_mode); | 38 */ 39/* 40 * Kernel interface for MAC policy modules. 41 */ 42#ifndef _SYS_MAC_POLICY_H 43#define _SYS_MAC_POLICY_H 44 45/*- --- 250 unchanged lines hidden (view full) --- 296 const char *name, struct uio *uio); 297 int (*mpo_check_vnode_lookup)(struct ucred *cred, 298 struct vnode *dvp, struct label *dlabel, 299 struct componentname *cnp); 300 vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred, 301 struct vnode *vp, struct label *label, int newmapping); 302 int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp, 303 struct label *label, mode_t acc_mode); |
| 304 int (*mpo_check_vnode_poll)(struct ucred *cred, struct vnode *vp, | 304 int (*mpo_check_vnode_poll)(struct ucred *active_cred, 305 struct ucred *file_cred, struct vnode *vp, |
| 305 struct label *label); | 306 struct label *label); |
| 306 int (*mpo_check_vnode_read)(struct ucred *cred, struct vnode *vp, | 307 int (*mpo_check_vnode_read)(struct ucred *active_cred, 308 struct ucred *file_cred, struct vnode *vp, |
| 307 struct label *label); 308 int (*mpo_check_vnode_readdir)(struct ucred *cred, 309 struct vnode *dvp, struct label *dlabel); 310 int (*mpo_check_vnode_readlink)(struct ucred *cred, 311 struct vnode *vp, struct label *label); 312 int (*mpo_check_vnode_relabel)(struct ucred *cred, 313 struct vnode *vp, struct label *vnodelabel, 314 struct label *newlabel); --- 17 unchanged lines hidden (view full) --- 332 int (*mpo_check_vnode_setmode)(struct ucred *cred, 333 struct vnode *vp, struct label *label, mode_t mode); 334 int (*mpo_check_vnode_setowner)(struct ucred *cred, 335 struct vnode *vp, struct label *label, uid_t uid, 336 gid_t gid); 337 int (*mpo_check_vnode_setutimes)(struct ucred *cred, 338 struct vnode *vp, struct label *label, 339 struct timespec atime, struct timespec mtime); | 309 struct label *label); 310 int (*mpo_check_vnode_readdir)(struct ucred *cred, 311 struct vnode *dvp, struct label *dlabel); 312 int (*mpo_check_vnode_readlink)(struct ucred *cred, 313 struct vnode *vp, struct label *label); 314 int (*mpo_check_vnode_relabel)(struct ucred *cred, 315 struct vnode *vp, struct label *vnodelabel, 316 struct label *newlabel); --- 17 unchanged lines hidden (view full) --- 334 int (*mpo_check_vnode_setmode)(struct ucred *cred, 335 struct vnode *vp, struct label *label, mode_t mode); 336 int (*mpo_check_vnode_setowner)(struct ucred *cred, 337 struct vnode *vp, struct label *label, uid_t uid, 338 gid_t gid); 339 int (*mpo_check_vnode_setutimes)(struct ucred *cred, 340 struct vnode *vp, struct label *label, 341 struct timespec atime, struct timespec mtime); |
| 340 int (*mpo_check_vnode_stat)(struct ucred *cred, struct vnode *vp, | 342 int (*mpo_check_vnode_stat)(struct ucred *active_cred, 343 struct ucred *file_cred, struct vnode *vp, |
| 341 struct label *label); | 344 struct label *label); |
| 342 int (*mpo_check_vnode_write)(struct ucred *cred, struct vnode *vp, | 345 int (*mpo_check_vnode_write)(struct ucred *active_cred, 346 struct ucred *file_cred, struct vnode *vp, |
| 343 struct label *label); 344}; 345 346typedef const void *macop_t; 347 348enum mac_op_constant { 349 MAC_OP_LAST, 350 MAC_DESTROY, --- 165 unchanged lines hidden --- | 347 struct label *label); 348}; 349 350typedef const void *macop_t; 351 352enum mac_op_constant { 353 MAC_OP_LAST, 354 MAC_DESTROY, --- 165 unchanged lines hidden --- |