ugidfw_vnode.c (134132) | ugidfw_vnode.c (135039) |
---|---|
1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 134132 2004-08-21 20:19:19Z trhodes $ | 34 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 135039 2004-09-10 15:14:50Z trhodes $ |
35 */ 36/* 37 * Developed by the TrustedBSD Project. 38 * "BSD Extended" MAC policy, allowing the administrator to impose 39 * mandatory rules regarding users and some system objects. 40 * 41 * XXX: Much locking support required here. 42 */ --- 46 unchanged lines hidden (view full) --- 89static int rule_slots = 0; 90 91SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_count, CTLFLAG_RD, 92 &rule_count, 0, "Number of defined rules\n"); 93SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_slots, CTLFLAG_RD, 94 &rule_slots, 0, "Number of used rule slots\n"); 95 96/* | 35 */ 36/* 37 * Developed by the TrustedBSD Project. 38 * "BSD Extended" MAC policy, allowing the administrator to impose 39 * mandatory rules regarding users and some system objects. 40 * 41 * XXX: Much locking support required here. 42 */ --- 46 unchanged lines hidden (view full) --- 89static int rule_slots = 0; 90 91SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_count, CTLFLAG_RD, 92 &rule_count, 0, "Number of defined rules\n"); 93SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_slots, CTLFLAG_RD, 94 &rule_slots, 0, "Number of used rule slots\n"); 95 96/* |
97 * This tunable spits out information about what is going on which 98 * would be more suited for a log file. Eventually 99 * this will go away as we do not currently use it. 100 */ 101static int mac_bsdextended_debugging; 102SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, debugging, CTLFLAG_RW, 103 &mac_bsdextended_debugging, 0, "Enable debugging on failure"); 104 105/* | |
106 * This is just used for logging purposes as eventually we would like 107 * to log much more then failed requests. 108 */ 109static int mac_bsdextended_logging; 110SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, logging, CTLFLAG_RW, 111 &mac_bsdextended_logging, 0, "Log failed authorization requests"); 112 113/* 114 * This tunable is here for compatibility. It will allow the user 115 * to switch between the new mode (first rule matches) and the old 116 * functionality (all rules match). 117 */ 118static int 119mac_bsdextended_firstmatch_enabled; 120SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, firstmatch_enabled, | 97 * This is just used for logging purposes as eventually we would like 98 * to log much more then failed requests. 99 */ 100static int mac_bsdextended_logging; 101SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, logging, CTLFLAG_RW, 102 &mac_bsdextended_logging, 0, "Log failed authorization requests"); 103 104/* 105 * This tunable is here for compatibility. It will allow the user 106 * to switch between the new mode (first rule matches) and the old 107 * functionality (all rules match). 108 */ 109static int 110mac_bsdextended_firstmatch_enabled; 111SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, firstmatch_enabled, |
121 CTLFLAG_RW, &mac_bsdextended_firstmatch_enabled, 0, | 112 CTLFLAG_RW, &mac_bsdextended_firstmatch_enabled, 1, |
122 "Disable/enable match first rule functionality"); 123 124static int 125mac_bsdextended_rule_valid(struct mac_bsdextended_rule *rule) 126{ 127 128 if ((rule->mbr_subject.mbi_flags | MBI_BITS) != MBI_BITS) 129 return (EINVAL); --- 717 unchanged lines hidden --- | 113 "Disable/enable match first rule functionality"); 114 115static int 116mac_bsdextended_rule_valid(struct mac_bsdextended_rule *rule) 117{ 118 119 if ((rule->mbr_subject.mbi_flags | MBI_BITS) != MBI_BITS) 120 return (EINVAL); --- 717 unchanged lines hidden --- |