1/*-
2 * Copyright (c) 1999-2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
5 * Copyright (c) 2005 Samy Al Bahra
6 * All rights reserved.
7 *
8 * This software was developed by Robert Watson and Ilmar Habibulin for the
--- 22 unchanged lines hidden (view full) ---
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 */
37
38#include <sys/cdefs.h>
39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 165469 2006-12-22 23:34:47Z rwatson $");
40
41#include "opt_mac.h"
42
43#include <sys/param.h>
44#include <sys/condvar.h>
45#include <sys/imgact.h>
46#include <sys/kernel.h>
47#include <sys/lock.h>
--- 393 unchanged lines hidden (view full) ---
441 int error;
442
443 MAC_CHECK(check_cred_relabel, cred, newlabel);
444
445 return (error);
446}
447
448int
449mac_check_cred_visible(struct ucred *u1, struct ucred *u2)
450{
451 int error;
452
453 MAC_CHECK(check_cred_visible, u1, u2);
454
455 return (error);
456}
457
458int
459mac_check_proc_debug(struct ucred *cred, struct proc *proc)
460{
461 int error;
462
463 PROC_LOCK_ASSERT(proc, MA_OWNED);
464
465 MAC_CHECK(check_proc_debug, cred, proc);
466
467 return (error);
468}
469
470int
471mac_check_proc_sched(struct ucred *cred, struct proc *proc)
472{
473 int error;
474
475 PROC_LOCK_ASSERT(proc, MA_OWNED);
476
477 MAC_CHECK(check_proc_sched, cred, proc);
478
479 return (error);
480}
481
482int
483mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
484{
485 int error;
486
487 PROC_LOCK_ASSERT(proc, MA_OWNED);
488
489 MAC_CHECK(check_proc_signal, cred, proc, signum);
490
491 return (error);
492}
493
494int
495mac_check_proc_setuid(struct proc *proc, struct ucred *cred, uid_t uid)
496{
497 int error;
498
499 PROC_LOCK_ASSERT(proc, MA_OWNED);
500
501 MAC_CHECK(check_proc_setuid, cred, uid);
502 return (error);
503}
504
505int
506mac_check_proc_seteuid(struct proc *proc, struct ucred *cred, uid_t euid)
507{
508 int error;
509
510 PROC_LOCK_ASSERT(proc, MA_OWNED);
511
512 MAC_CHECK(check_proc_seteuid, cred, euid);
513 return (error);
514}
515
516int
517mac_check_proc_setgid(struct proc *proc, struct ucred *cred, gid_t gid)
518{
519 int error;
520
521 PROC_LOCK_ASSERT(proc, MA_OWNED);
522
523 MAC_CHECK(check_proc_setgid, cred, gid);
524 return (error);
525}
526
527int
528mac_check_proc_setegid(struct proc *proc, struct ucred *cred, gid_t egid)
529{
530 int error;
531
532 PROC_LOCK_ASSERT(proc, MA_OWNED);
533
534 MAC_CHECK(check_proc_setegid, cred, egid);
535 return (error);
536}
537
538int
539mac_check_proc_setgroups(struct proc *proc, struct ucred *cred,
540 int ngroups, gid_t *gidset)
541{
542 int error;
543
544 PROC_LOCK_ASSERT(proc, MA_OWNED);
545
546 MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset);
547 return (error);
548}
549
550int
551mac_check_proc_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid,
552 uid_t euid)
553{
554 int error;
555
556 PROC_LOCK_ASSERT(proc, MA_OWNED);
557
558 MAC_CHECK(check_proc_setreuid, cred, ruid, euid);
559 return (error);
560}
561
562int
563mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid,
564 gid_t egid)
565{
566 int error;
567
568 PROC_LOCK_ASSERT(proc, MA_OWNED);
569
570 MAC_CHECK(check_proc_setregid, cred, rgid, egid);
571 return (error);
572}
573
574int
575mac_check_proc_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid,
576 uid_t euid, uid_t suid)
577{
578 int error;
579
580 PROC_LOCK_ASSERT(proc, MA_OWNED);
581
582 MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid);
583 return (error);
584}
585
586int
587mac_check_proc_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid,
588 gid_t egid, gid_t sgid)
589{
590 int error;
591
592 PROC_LOCK_ASSERT(proc, MA_OWNED);
593
594 MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid);
595 return (error);
596}
597
598int
599mac_check_proc_wait(struct ucred *cred, struct proc *proc)
600{
601 int error;
602
603 PROC_LOCK_ASSERT(proc, MA_OWNED);
604
605 MAC_CHECK(check_proc_wait, cred, proc);
606
607 return (error);
608}
2 * Copyright (c) 1999-2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
5 * Copyright (c) 2005 Samy Al Bahra
6 * All rights reserved.
7 *
8 * This software was developed by Robert Watson and Ilmar Habibulin for the
--- 22 unchanged lines hidden (view full) ---
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 */
37
38#include <sys/cdefs.h>
39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 165469 2006-12-22 23:34:47Z rwatson $");
40
41#include "opt_mac.h"
42
43#include <sys/param.h>
44#include <sys/condvar.h>
45#include <sys/imgact.h>
46#include <sys/kernel.h>
47#include <sys/lock.h>
--- 393 unchanged lines hidden (view full) ---
441 int error;
442
443 MAC_CHECK(check_cred_relabel, cred, newlabel);
444
445 return (error);
446}
447
448int
449mac_check_cred_visible(struct ucred *u1, struct ucred *u2)
450{
451 int error;
452
453 MAC_CHECK(check_cred_visible, u1, u2);
454
455 return (error);
456}
457
458int
459mac_check_proc_debug(struct ucred *cred, struct proc *proc)
460{
461 int error;
462
463 PROC_LOCK_ASSERT(proc, MA_OWNED);
464
465 MAC_CHECK(check_proc_debug, cred, proc);
466
467 return (error);
468}
469
470int
471mac_check_proc_sched(struct ucred *cred, struct proc *proc)
472{
473 int error;
474
475 PROC_LOCK_ASSERT(proc, MA_OWNED);
476
477 MAC_CHECK(check_proc_sched, cred, proc);
478
479 return (error);
480}
481
482int
483mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
484{
485 int error;
486
487 PROC_LOCK_ASSERT(proc, MA_OWNED);
488
489 MAC_CHECK(check_proc_signal, cred, proc, signum);
490
491 return (error);
492}
493
494int
495mac_check_proc_setuid(struct proc *proc, struct ucred *cred, uid_t uid)
496{
497 int error;
498
499 PROC_LOCK_ASSERT(proc, MA_OWNED);
500
501 MAC_CHECK(check_proc_setuid, cred, uid);
502 return (error);
503}
504
505int
506mac_check_proc_seteuid(struct proc *proc, struct ucred *cred, uid_t euid)
507{
508 int error;
509
510 PROC_LOCK_ASSERT(proc, MA_OWNED);
511
512 MAC_CHECK(check_proc_seteuid, cred, euid);
513 return (error);
514}
515
516int
517mac_check_proc_setgid(struct proc *proc, struct ucred *cred, gid_t gid)
518{
519 int error;
520
521 PROC_LOCK_ASSERT(proc, MA_OWNED);
522
523 MAC_CHECK(check_proc_setgid, cred, gid);
524 return (error);
525}
526
527int
528mac_check_proc_setegid(struct proc *proc, struct ucred *cred, gid_t egid)
529{
530 int error;
531
532 PROC_LOCK_ASSERT(proc, MA_OWNED);
533
534 MAC_CHECK(check_proc_setegid, cred, egid);
535 return (error);
536}
537
538int
539mac_check_proc_setgroups(struct proc *proc, struct ucred *cred,
540 int ngroups, gid_t *gidset)
541{
542 int error;
543
544 PROC_LOCK_ASSERT(proc, MA_OWNED);
545
546 MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset);
547 return (error);
548}
549
550int
551mac_check_proc_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid,
552 uid_t euid)
553{
554 int error;
555
556 PROC_LOCK_ASSERT(proc, MA_OWNED);
557
558 MAC_CHECK(check_proc_setreuid, cred, ruid, euid);
559 return (error);
560}
561
562int
563mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid,
564 gid_t egid)
565{
566 int error;
567
568 PROC_LOCK_ASSERT(proc, MA_OWNED);
569
570 MAC_CHECK(check_proc_setregid, cred, rgid, egid);
571 return (error);
572}
573
574int
575mac_check_proc_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid,
576 uid_t euid, uid_t suid)
577{
578 int error;
579
580 PROC_LOCK_ASSERT(proc, MA_OWNED);
581
582 MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid);
583 return (error);
584}
585
586int
587mac_check_proc_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid,
588 gid_t egid, gid_t sgid)
589{
590 int error;
591
592 PROC_LOCK_ASSERT(proc, MA_OWNED);
593
594 MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid);
595 return (error);
596}
597
598int
599mac_check_proc_wait(struct ucred *cred, struct proc *proc)
600{
601 int error;
602
603 PROC_LOCK_ASSERT(proc, MA_OWNED);
604
605 MAC_CHECK(check_proc_wait, cred, proc);
606
607 return (error);
608}