mac_cred.c (165469) | mac_cred.c (168955) |
---|---|
1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 22 unchanged lines hidden (view full) --- 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 22 unchanged lines hidden (view full) --- 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38#include <sys/cdefs.h> |
39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 165469 2006-12-22 23:34:47Z rwatson $"); | 39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 168955 2007-04-22 19:55:56Z rwatson $"); |
40 41#include "opt_mac.h" 42 43#include <sys/param.h> 44#include <sys/condvar.h> 45#include <sys/imgact.h> 46#include <sys/kernel.h> 47#include <sys/lock.h> --- 393 unchanged lines hidden (view full) --- 441 int error; 442 443 MAC_CHECK(check_cred_relabel, cred, newlabel); 444 445 return (error); 446} 447 448int | 40 41#include "opt_mac.h" 42 43#include <sys/param.h> 44#include <sys/condvar.h> 45#include <sys/imgact.h> 46#include <sys/kernel.h> 47#include <sys/lock.h> --- 393 unchanged lines hidden (view full) --- 441 int error; 442 443 MAC_CHECK(check_cred_relabel, cred, newlabel); 444 445 return (error); 446} 447 448int |
449mac_check_cred_visible(struct ucred *u1, struct ucred *u2) | 449mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2) |
450{ 451 int error; 452 | 450{ 451 int error; 452 |
453 MAC_CHECK(check_cred_visible, u1, u2); | 453 MAC_CHECK(check_cred_visible, cr1, cr2); |
454 455 return (error); 456} 457 458int | 454 455 return (error); 456} 457 458int |
459mac_check_proc_debug(struct ucred *cred, struct proc *proc) | 459mac_check_proc_debug(struct ucred *cred, struct proc *p) |
460{ 461 int error; 462 | 460{ 461 int error; 462 |
463 PROC_LOCK_ASSERT(proc, MA_OWNED); | 463 PROC_LOCK_ASSERT(p, MA_OWNED); |
464 | 464 |
465 MAC_CHECK(check_proc_debug, cred, proc); | 465 MAC_CHECK(check_proc_debug, cred, p); |
466 467 return (error); 468} 469 470int | 466 467 return (error); 468} 469 470int |
471mac_check_proc_sched(struct ucred *cred, struct proc *proc) | 471mac_check_proc_sched(struct ucred *cred, struct proc *p) |
472{ 473 int error; 474 | 472{ 473 int error; 474 |
475 PROC_LOCK_ASSERT(proc, MA_OWNED); | 475 PROC_LOCK_ASSERT(p, MA_OWNED); |
476 | 476 |
477 MAC_CHECK(check_proc_sched, cred, proc); | 477 MAC_CHECK(check_proc_sched, cred, p); |
478 479 return (error); 480} 481 482int | 478 479 return (error); 480} 481 482int |
483mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) | 483mac_check_proc_signal(struct ucred *cred, struct proc *p, int signum) |
484{ 485 int error; 486 | 484{ 485 int error; 486 |
487 PROC_LOCK_ASSERT(proc, MA_OWNED); | 487 PROC_LOCK_ASSERT(p, MA_OWNED); |
488 | 488 |
489 MAC_CHECK(check_proc_signal, cred, proc, signum); | 489 MAC_CHECK(check_proc_signal, cred, p, signum); |
490 491 return (error); 492} 493 494int | 490 491 return (error); 492} 493 494int |
495mac_check_proc_setuid(struct proc *proc, struct ucred *cred, uid_t uid) | 495mac_check_proc_setuid(struct proc *p, struct ucred *cred, uid_t uid) |
496{ 497 int error; 498 | 496{ 497 int error; 498 |
499 PROC_LOCK_ASSERT(proc, MA_OWNED); | 499 PROC_LOCK_ASSERT(p, MA_OWNED); |
500 501 MAC_CHECK(check_proc_setuid, cred, uid); 502 return (error); 503} 504 505int | 500 501 MAC_CHECK(check_proc_setuid, cred, uid); 502 return (error); 503} 504 505int |
506mac_check_proc_seteuid(struct proc *proc, struct ucred *cred, uid_t euid) | 506mac_check_proc_seteuid(struct proc *p, struct ucred *cred, uid_t euid) |
507{ 508 int error; 509 | 507{ 508 int error; 509 |
510 PROC_LOCK_ASSERT(proc, MA_OWNED); | 510 PROC_LOCK_ASSERT(p, MA_OWNED); |
511 512 MAC_CHECK(check_proc_seteuid, cred, euid); 513 return (error); 514} 515 516int | 511 512 MAC_CHECK(check_proc_seteuid, cred, euid); 513 return (error); 514} 515 516int |
517mac_check_proc_setgid(struct proc *proc, struct ucred *cred, gid_t gid) | 517mac_check_proc_setgid(struct proc *p, struct ucred *cred, gid_t gid) |
518{ 519 int error; 520 | 518{ 519 int error; 520 |
521 PROC_LOCK_ASSERT(proc, MA_OWNED); | 521 PROC_LOCK_ASSERT(p, MA_OWNED); |
522 523 MAC_CHECK(check_proc_setgid, cred, gid); | 522 523 MAC_CHECK(check_proc_setgid, cred, gid); |
524 |
|
524 return (error); 525} 526 527int | 525 return (error); 526} 527 528int |
528mac_check_proc_setegid(struct proc *proc, struct ucred *cred, gid_t egid) | 529mac_check_proc_setegid(struct proc *p, struct ucred *cred, gid_t egid) |
529{ 530 int error; 531 | 530{ 531 int error; 532 |
532 PROC_LOCK_ASSERT(proc, MA_OWNED); | 533 PROC_LOCK_ASSERT(p, MA_OWNED); |
533 534 MAC_CHECK(check_proc_setegid, cred, egid); | 534 535 MAC_CHECK(check_proc_setegid, cred, egid); |
536 |
|
535 return (error); 536} 537 538int | 537 return (error); 538} 539 540int |
539mac_check_proc_setgroups(struct proc *proc, struct ucred *cred, 540 int ngroups, gid_t *gidset) | 541mac_check_proc_setgroups(struct proc *p, struct ucred *cred, int ngroups, 542 gid_t *gidset) |
541{ 542 int error; 543 | 543{ 544 int error; 545 |
544 PROC_LOCK_ASSERT(proc, MA_OWNED); | 546 PROC_LOCK_ASSERT(p, MA_OWNED); |
545 546 MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset); 547 return (error); 548} 549 550int | 547 548 MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset); 549 return (error); 550} 551 552int |
551mac_check_proc_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid, 552 uid_t euid) | 553mac_check_proc_setreuid(struct proc *p, struct ucred *cred, uid_t ruid, 554 uid_t euid) |
553{ 554 int error; 555 | 555{ 556 int error; 557 |
556 PROC_LOCK_ASSERT(proc, MA_OWNED); | 558 PROC_LOCK_ASSERT(p, MA_OWNED); |
557 558 MAC_CHECK(check_proc_setreuid, cred, ruid, euid); | 559 560 MAC_CHECK(check_proc_setreuid, cred, ruid, euid); |
561 |
|
559 return (error); 560} 561 562int 563mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid, | 562 return (error); 563} 564 565int 566mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid, |
564 gid_t egid) | 567 gid_t egid) |
565{ 566 int error; 567 568 PROC_LOCK_ASSERT(proc, MA_OWNED); 569 570 MAC_CHECK(check_proc_setregid, cred, rgid, egid); | 568{ 569 int error; 570 571 PROC_LOCK_ASSERT(proc, MA_OWNED); 572 573 MAC_CHECK(check_proc_setregid, cred, rgid, egid); |
574 |
|
571 return (error); 572} 573 574int | 575 return (error); 576} 577 578int |
575mac_check_proc_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid, 576 uid_t euid, uid_t suid) | 579mac_check_proc_setresuid(struct proc *p, struct ucred *cred, uid_t ruid, 580 uid_t euid, uid_t suid) |
577{ 578 int error; 579 | 581{ 582 int error; 583 |
580 PROC_LOCK_ASSERT(proc, MA_OWNED); | 584 PROC_LOCK_ASSERT(p, MA_OWNED); |
581 582 MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid); 583 return (error); 584} 585 586int | 585 586 MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid); 587 return (error); 588} 589 590int |
587mac_check_proc_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid, 588 gid_t egid, gid_t sgid) | 591mac_check_proc_setresgid(struct proc *p, struct ucred *cred, gid_t rgid, 592 gid_t egid, gid_t sgid) |
589{ 590 int error; 591 | 593{ 594 int error; 595 |
592 PROC_LOCK_ASSERT(proc, MA_OWNED); | 596 PROC_LOCK_ASSERT(p, MA_OWNED); |
593 594 MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid); | 597 598 MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid); |
599 |
|
595 return (error); 596} 597 598int | 600 return (error); 601} 602 603int |
599mac_check_proc_wait(struct ucred *cred, struct proc *proc) | 604mac_check_proc_wait(struct ucred *cred, struct proc *p) |
600{ 601 int error; 602 | 605{ 606 int error; 607 |
603 PROC_LOCK_ASSERT(proc, MA_OWNED); | 608 PROC_LOCK_ASSERT(p, MA_OWNED); |
604 | 609 |
605 MAC_CHECK(check_proc_wait, cred, proc); | 610 MAC_CHECK(check_proc_wait, cred, p); |
606 607 return (error); 608} | 611 612 return (error); 613} |