| mac_biba.c (102115) | mac_biba.c (102129) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * |
| 37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 102115 2002-08-19 16:59:37Z rwatson $ | 37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 102129 2002-08-19 19:04:53Z rwatson $ |
| 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Biba fixed label mandatory integrity policy. 43 */ 44 45#include <sys/types.h> --- 1680 unchanged lines hidden (view full) --- 1726 if (!mac_biba_dominate_single(subj, obj)) 1727 return (EACCES); 1728 } 1729 1730 return (0); 1731} 1732 1733static int | 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Biba fixed label mandatory integrity policy. 43 */ 44 45#include <sys/types.h> --- 1680 unchanged lines hidden (view full) --- 1726 if (!mac_biba_dominate_single(subj, obj)) 1727 return (EACCES); 1728 } 1729 1730 return (0); 1731} 1732 1733static int |
| 1734mac_biba_check_vnode_poll(struct ucred *cred, struct vnode *vp, 1735 struct label *label) | 1734mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 1735 struct vnode *vp, struct label *label) |
| 1736{ 1737 struct mac_biba *subj, *obj; 1738 1739 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1740 return (0); 1741 | 1736{ 1737 struct mac_biba *subj, *obj; 1738 1739 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1740 return (0); 1741 |
| 1742 subj = SLOT(&cred->cr_label); | 1742 subj = SLOT(&active_cred->cr_label); |
| 1743 obj = SLOT(label); 1744 1745 if (!mac_biba_dominate_single(obj, subj)) 1746 return (EACCES); 1747 1748 return (0); 1749} 1750 1751static int | 1743 obj = SLOT(label); 1744 1745 if (!mac_biba_dominate_single(obj, subj)) 1746 return (EACCES); 1747 1748 return (0); 1749} 1750 1751static int |
| 1752mac_biba_check_vnode_read(struct ucred *cred, struct vnode *vp, 1753 struct label *label) | 1752mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 1753 struct vnode *vp, struct label *label) |
| 1754{ 1755 struct mac_biba *subj, *obj; 1756 1757 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1758 return (0); 1759 | 1754{ 1755 struct mac_biba *subj, *obj; 1756 1757 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1758 return (0); 1759 |
| 1760 subj = SLOT(&cred->cr_label); | 1760 subj = SLOT(&active_cred->cr_label); |
| 1761 obj = SLOT(label); 1762 1763 if (!mac_biba_dominate_single(obj, subj)) 1764 return (EACCES); 1765 1766 return (0); 1767} 1768 --- 242 unchanged lines hidden (view full) --- 2011 2012 if (!mac_biba_dominate_single(subj, obj)) 2013 return (EACCES); 2014 2015 return (0); 2016} 2017 2018static int | 1761 obj = SLOT(label); 1762 1763 if (!mac_biba_dominate_single(obj, subj)) 1764 return (EACCES); 1765 1766 return (0); 1767} 1768 --- 242 unchanged lines hidden (view full) --- 2011 2012 if (!mac_biba_dominate_single(subj, obj)) 2013 return (EACCES); 2014 2015 return (0); 2016} 2017 2018static int |
| 2019mac_biba_check_vnode_stat(struct ucred *cred, struct vnode *vp, 2020 struct label *vnodelabel) | 2019mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 2020 struct vnode *vp, struct label *vnodelabel) |
| 2021{ 2022 struct mac_biba *subj, *obj; 2023 2024 if (!mac_biba_enabled) 2025 return (0); 2026 | 2021{ 2022 struct mac_biba *subj, *obj; 2023 2024 if (!mac_biba_enabled) 2025 return (0); 2026 |
| 2027 subj = SLOT(&cred->cr_label); | 2027 subj = SLOT(&active_cred->cr_label); |
| 2028 obj = SLOT(vnodelabel); 2029 2030 if (!mac_biba_dominate_single(obj, subj)) 2031 return (EACCES); 2032 2033 return (0); 2034} 2035 2036static int | 2028 obj = SLOT(vnodelabel); 2029 2030 if (!mac_biba_dominate_single(obj, subj)) 2031 return (EACCES); 2032 2033 return (0); 2034} 2035 2036static int |
| 2037mac_biba_check_vnode_write(struct ucred *cred, struct vnode *vp, 2038 struct label *label) | 2037mac_biba_check_vnode_write(struct ucred *active_cred, 2038 struct ucred *file_cred, struct vnode *vp, struct label *label) |
| 2039{ 2040 struct mac_biba *subj, *obj; 2041 2042 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 2043 return (0); 2044 | 2039{ 2040 struct mac_biba *subj, *obj; 2041 2042 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 2043 return (0); 2044 |
| 2045 subj = SLOT(&cred->cr_label); | 2045 subj = SLOT(&active_cred->cr_label); |
| 2046 obj = SLOT(label); 2047 2048 if (!mac_biba_dominate_single(subj, obj)) 2049 return (EACCES); 2050 2051 return (0); 2052} 2053 --- 249 unchanged lines hidden --- | 2046 obj = SLOT(label); 2047 2048 if (!mac_biba_dominate_single(subj, obj)) 2049 return (EACCES); 2050 2051 return (0); 2052} 2053 --- 249 unchanged lines hidden --- |