| mac_cred.c (165469) | mac_cred.c (168955) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 22 unchanged lines hidden (view full) --- 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 22 unchanged lines hidden (view full) --- 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38#include <sys/cdefs.h> |
| 39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 165469 2006-12-22 23:34:47Z rwatson $"); | 39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 168955 2007-04-22 19:55:56Z rwatson $"); |
| 40 41#include "opt_mac.h" 42 43#include <sys/param.h> 44#include <sys/condvar.h> 45#include <sys/imgact.h> 46#include <sys/kernel.h> 47#include <sys/lock.h> --- 393 unchanged lines hidden (view full) --- 441 int error; 442 443 MAC_CHECK(check_cred_relabel, cred, newlabel); 444 445 return (error); 446} 447 448int | 40 41#include "opt_mac.h" 42 43#include <sys/param.h> 44#include <sys/condvar.h> 45#include <sys/imgact.h> 46#include <sys/kernel.h> 47#include <sys/lock.h> --- 393 unchanged lines hidden (view full) --- 441 int error; 442 443 MAC_CHECK(check_cred_relabel, cred, newlabel); 444 445 return (error); 446} 447 448int |
| 449mac_check_cred_visible(struct ucred *u1, struct ucred *u2) | 449mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2) |
| 450{ 451 int error; 452 | 450{ 451 int error; 452 |
| 453 MAC_CHECK(check_cred_visible, u1, u2); | 453 MAC_CHECK(check_cred_visible, cr1, cr2); |
| 454 455 return (error); 456} 457 458int | 454 455 return (error); 456} 457 458int |
| 459mac_check_proc_debug(struct ucred *cred, struct proc *proc) | 459mac_check_proc_debug(struct ucred *cred, struct proc *p) |
| 460{ 461 int error; 462 | 460{ 461 int error; 462 |
| 463 PROC_LOCK_ASSERT(proc, MA_OWNED); | 463 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 464 | 464 |
| 465 MAC_CHECK(check_proc_debug, cred, proc); | 465 MAC_CHECK(check_proc_debug, cred, p); |
| 466 467 return (error); 468} 469 470int | 466 467 return (error); 468} 469 470int |
| 471mac_check_proc_sched(struct ucred *cred, struct proc *proc) | 471mac_check_proc_sched(struct ucred *cred, struct proc *p) |
| 472{ 473 int error; 474 | 472{ 473 int error; 474 |
| 475 PROC_LOCK_ASSERT(proc, MA_OWNED); | 475 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 476 | 476 |
| 477 MAC_CHECK(check_proc_sched, cred, proc); | 477 MAC_CHECK(check_proc_sched, cred, p); |
| 478 479 return (error); 480} 481 482int | 478 479 return (error); 480} 481 482int |
| 483mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) | 483mac_check_proc_signal(struct ucred *cred, struct proc *p, int signum) |
| 484{ 485 int error; 486 | 484{ 485 int error; 486 |
| 487 PROC_LOCK_ASSERT(proc, MA_OWNED); | 487 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 488 | 488 |
| 489 MAC_CHECK(check_proc_signal, cred, proc, signum); | 489 MAC_CHECK(check_proc_signal, cred, p, signum); |
| 490 491 return (error); 492} 493 494int | 490 491 return (error); 492} 493 494int |
| 495mac_check_proc_setuid(struct proc *proc, struct ucred *cred, uid_t uid) | 495mac_check_proc_setuid(struct proc *p, struct ucred *cred, uid_t uid) |
| 496{ 497 int error; 498 | 496{ 497 int error; 498 |
| 499 PROC_LOCK_ASSERT(proc, MA_OWNED); | 499 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 500 501 MAC_CHECK(check_proc_setuid, cred, uid); 502 return (error); 503} 504 505int | 500 501 MAC_CHECK(check_proc_setuid, cred, uid); 502 return (error); 503} 504 505int |
| 506mac_check_proc_seteuid(struct proc *proc, struct ucred *cred, uid_t euid) | 506mac_check_proc_seteuid(struct proc *p, struct ucred *cred, uid_t euid) |
| 507{ 508 int error; 509 | 507{ 508 int error; 509 |
| 510 PROC_LOCK_ASSERT(proc, MA_OWNED); | 510 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 511 512 MAC_CHECK(check_proc_seteuid, cred, euid); 513 return (error); 514} 515 516int | 511 512 MAC_CHECK(check_proc_seteuid, cred, euid); 513 return (error); 514} 515 516int |
| 517mac_check_proc_setgid(struct proc *proc, struct ucred *cred, gid_t gid) | 517mac_check_proc_setgid(struct proc *p, struct ucred *cred, gid_t gid) |
| 518{ 519 int error; 520 | 518{ 519 int error; 520 |
| 521 PROC_LOCK_ASSERT(proc, MA_OWNED); | 521 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 522 523 MAC_CHECK(check_proc_setgid, cred, gid); | 522 523 MAC_CHECK(check_proc_setgid, cred, gid); |
| 524 |
|
| 524 return (error); 525} 526 527int | 525 return (error); 526} 527 528int |
| 528mac_check_proc_setegid(struct proc *proc, struct ucred *cred, gid_t egid) | 529mac_check_proc_setegid(struct proc *p, struct ucred *cred, gid_t egid) |
| 529{ 530 int error; 531 | 530{ 531 int error; 532 |
| 532 PROC_LOCK_ASSERT(proc, MA_OWNED); | 533 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 533 534 MAC_CHECK(check_proc_setegid, cred, egid); | 534 535 MAC_CHECK(check_proc_setegid, cred, egid); |
| 536 |
|
| 535 return (error); 536} 537 538int | 537 return (error); 538} 539 540int |
| 539mac_check_proc_setgroups(struct proc *proc, struct ucred *cred, 540 int ngroups, gid_t *gidset) | 541mac_check_proc_setgroups(struct proc *p, struct ucred *cred, int ngroups, 542 gid_t *gidset) |
| 541{ 542 int error; 543 | 543{ 544 int error; 545 |
| 544 PROC_LOCK_ASSERT(proc, MA_OWNED); | 546 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 545 546 MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset); 547 return (error); 548} 549 550int | 547 548 MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset); 549 return (error); 550} 551 552int |
| 551mac_check_proc_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid, 552 uid_t euid) | 553mac_check_proc_setreuid(struct proc *p, struct ucred *cred, uid_t ruid, 554 uid_t euid) |
| 553{ 554 int error; 555 | 555{ 556 int error; 557 |
| 556 PROC_LOCK_ASSERT(proc, MA_OWNED); | 558 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 557 558 MAC_CHECK(check_proc_setreuid, cred, ruid, euid); | 559 560 MAC_CHECK(check_proc_setreuid, cred, ruid, euid); |
| 561 |
|
| 559 return (error); 560} 561 562int 563mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid, | 562 return (error); 563} 564 565int 566mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid, |
| 564 gid_t egid) | 567 gid_t egid) |
| 565{ 566 int error; 567 568 PROC_LOCK_ASSERT(proc, MA_OWNED); 569 570 MAC_CHECK(check_proc_setregid, cred, rgid, egid); | 568{ 569 int error; 570 571 PROC_LOCK_ASSERT(proc, MA_OWNED); 572 573 MAC_CHECK(check_proc_setregid, cred, rgid, egid); |
| 574 |
|
| 571 return (error); 572} 573 574int | 575 return (error); 576} 577 578int |
| 575mac_check_proc_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid, 576 uid_t euid, uid_t suid) | 579mac_check_proc_setresuid(struct proc *p, struct ucred *cred, uid_t ruid, 580 uid_t euid, uid_t suid) |
| 577{ 578 int error; 579 | 581{ 582 int error; 583 |
| 580 PROC_LOCK_ASSERT(proc, MA_OWNED); | 584 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 581 582 MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid); 583 return (error); 584} 585 586int | 585 586 MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid); 587 return (error); 588} 589 590int |
| 587mac_check_proc_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid, 588 gid_t egid, gid_t sgid) | 591mac_check_proc_setresgid(struct proc *p, struct ucred *cred, gid_t rgid, 592 gid_t egid, gid_t sgid) |
| 589{ 590 int error; 591 | 593{ 594 int error; 595 |
| 592 PROC_LOCK_ASSERT(proc, MA_OWNED); | 596 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 593 594 MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid); | 597 598 MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid); |
| 599 |
|
| 595 return (error); 596} 597 598int | 600 return (error); 601} 602 603int |
| 599mac_check_proc_wait(struct ucred *cred, struct proc *proc) | 604mac_check_proc_wait(struct ucred *cred, struct proc *p) |
| 600{ 601 int error; 602 | 605{ 606 int error; 607 |
| 603 PROC_LOCK_ASSERT(proc, MA_OWNED); | 608 PROC_LOCK_ASSERT(p, MA_OWNED); |
| 604 | 609 |
| 605 MAC_CHECK(check_proc_wait, cred, proc); | 610 MAC_CHECK(check_proc_wait, cred, p); |
| 606 607 return (error); 608} | 611 612 return (error); 613} |