1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
39 * $FreeBSD: head/sys/security/mac/mac_process.c 102129 2002-08-19 19:04:53Z rwatson $ |
40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 1751 unchanged lines hidden (view full) --- 1799 if (error) 1800 return (error); 1801 1802 MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode); 1803 return (error); 1804} 1805 1806int |
1807mac_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 1808 struct vnode *vp) |
1809{ 1810 int error; 1811 1812 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_poll"); 1813 1814 if (!mac_enforce_fs) 1815 return (0); 1816 |
1817 error = vn_refreshlabel(vp, active_cred); |
1818 if (error) 1819 return (error); 1820 |
1821 MAC_CHECK(check_vnode_poll, active_cred, file_cred, vp, 1822 &vp->v_label); |
1823 1824 return (error); 1825} 1826 1827int |
1828mac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 1829 struct vnode *vp) |
1830{ 1831 int error; 1832 1833 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_read"); 1834 1835 if (!mac_enforce_fs) 1836 return (0); 1837 |
1838 error = vn_refreshlabel(vp, active_cred); |
1839 if (error) 1840 return (error); 1841 |
1842 MAC_CHECK(check_vnode_read, active_cred, file_cred, vp, 1843 &vp->v_label); |
1844 1845 return (error); 1846} 1847 1848int 1849mac_check_vnode_readdir(struct ucred *cred, struct vnode *dvp) 1850{ 1851 int error; --- 223 unchanged lines hidden (view full) --- 2075 return (error); 2076 2077 MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime, 2078 mtime); 2079 return (error); 2080} 2081 2082int |
2083mac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 2084 struct vnode *vp) |
2085{ 2086 int error; 2087 2088 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_stat"); 2089 2090 if (!mac_enforce_fs) 2091 return (0); 2092 |
2093 error = vn_refreshlabel(vp, active_cred); |
2094 if (error) 2095 return (error); 2096 |
2097 MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp, 2098 &vp->v_label); |
2099 return (error); 2100} 2101 2102int |
2103mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, 2104 struct vnode *vp) |
2105{ 2106 int error; 2107 2108 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write"); 2109 2110 if (!mac_enforce_fs) 2111 return (0); 2112 |
2113 error = vn_refreshlabel(vp, active_cred); |
2114 if (error) 2115 return (error); 2116 |
2117 MAC_CHECK(check_vnode_write, active_cred, file_cred, vp, 2118 &vp->v_label); |
2119 2120 return (error); 2121} 2122 2123 2124/* 2125 * When relabeling a process, call out to the policies for the maximum 2126 * permission allowed for each object type we know about in its --- 1183 unchanged lines hidden --- |