mac_framework.h (168951) | mac_framework.h (168955) |
---|---|
1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
38 * $FreeBSD: head/sys/security/mac/mac_framework.h 168951 2007-04-22 15:31:22Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac/mac_framework.h 168955 2007-04-22 19:55:56Z rwatson $ |
39 */ 40 41/* 42 * Kernel interface for Mandatory Access Control -- how kernel services 43 * interact with the TrustedBSD MAC Framework. 44 */ 45 46#ifndef _SYS_SECURITY_MAC_MAC_FRAMEWORK_H_ --- 41 unchanged lines hidden (view full) --- 88 89/* 90 * Kernel functions to manage and evaluate labels. 91 */ 92void mac_init_bpfdesc(struct bpf_d *); 93void mac_init_cred(struct ucred *); 94void mac_init_devfsdirent(struct devfs_dirent *); 95void mac_init_ifnet(struct ifnet *); | 39 */ 40 41/* 42 * Kernel interface for Mandatory Access Control -- how kernel services 43 * interact with the TrustedBSD MAC Framework. 44 */ 45 46#ifndef _SYS_SECURITY_MAC_MAC_FRAMEWORK_H_ --- 41 unchanged lines hidden (view full) --- 88 89/* 90 * Kernel functions to manage and evaluate labels. 91 */ 92void mac_init_bpfdesc(struct bpf_d *); 93void mac_init_cred(struct ucred *); 94void mac_init_devfsdirent(struct devfs_dirent *); 95void mac_init_ifnet(struct ifnet *); |
96int mac_init_inpcb(struct inpcb *, int flag); | 96int mac_init_inpcb(struct inpcb *, int); |
97void mac_init_sysv_msgmsg(struct msg *); | 97void mac_init_sysv_msgmsg(struct msg *); |
98void mac_init_sysv_msgqueue(struct msqid_kernel*); 99void mac_init_sysv_sem(struct semid_kernel*); 100void mac_init_sysv_shm(struct shmid_kernel*); 101int mac_init_ipq(struct ipq *, int flag); 102int mac_init_socket(struct socket *, int flag); | 98void mac_init_sysv_msgqueue(struct msqid_kernel *); 99void mac_init_sysv_sem(struct semid_kernel *); 100void mac_init_sysv_shm(struct shmid_kernel *); 101int mac_init_ipq(struct ipq *, int); 102int mac_init_socket(struct socket *, int); |
103void mac_init_pipe(struct pipepair *); 104void mac_init_posix_sem(struct ksem *); | 103void mac_init_pipe(struct pipepair *); 104void mac_init_posix_sem(struct ksem *); |
105int mac_init_mbuf(struct mbuf *mbuf, int flag); 106int mac_init_mbuf_tag(struct m_tag *, int flag); | 105int mac_init_mbuf(struct mbuf *, int); 106int mac_init_mbuf_tag(struct m_tag *, int); |
107void mac_init_mount(struct mount *); 108void mac_init_proc(struct proc *); 109void mac_init_vnode(struct vnode *); | 107void mac_init_mount(struct mount *); 108void mac_init_proc(struct proc *); 109void mac_init_vnode(struct vnode *); |
110void mac_copy_mbuf(struct mbuf *m_from, struct mbuf *m_to); | 110void mac_copy_mbuf(struct mbuf *, struct mbuf *); |
111void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *); | 111void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *); |
112void mac_copy_vnode_label(struct label *, struct label *label); | 112void mac_copy_vnode_label(struct label *, struct label *); |
113void mac_destroy_bpfdesc(struct bpf_d *); 114void mac_destroy_cred(struct ucred *); 115void mac_destroy_devfsdirent(struct devfs_dirent *); 116void mac_destroy_ifnet(struct ifnet *); 117void mac_destroy_inpcb(struct inpcb *); 118void mac_destroy_sysv_msgmsg(struct msg *); 119void mac_destroy_sysv_msgqueue(struct msqid_kernel *); 120void mac_destroy_sysv_sem(struct semid_kernel *); 121void mac_destroy_sysv_shm(struct shmid_kernel *); 122void mac_destroy_ipq(struct ipq *); 123void mac_destroy_socket(struct socket *); 124void mac_destroy_pipe(struct pipepair *); 125void mac_destroy_posix_sem(struct ksem *); 126void mac_destroy_proc(struct proc *); 127void mac_destroy_mbuf_tag(struct m_tag *); 128void mac_destroy_mount(struct mount *); 129void mac_destroy_vnode(struct vnode *); 130 131struct label *mac_cred_label_alloc(void); | 113void mac_destroy_bpfdesc(struct bpf_d *); 114void mac_destroy_cred(struct ucred *); 115void mac_destroy_devfsdirent(struct devfs_dirent *); 116void mac_destroy_ifnet(struct ifnet *); 117void mac_destroy_inpcb(struct inpcb *); 118void mac_destroy_sysv_msgmsg(struct msg *); 119void mac_destroy_sysv_msgqueue(struct msqid_kernel *); 120void mac_destroy_sysv_sem(struct semid_kernel *); 121void mac_destroy_sysv_shm(struct shmid_kernel *); 122void mac_destroy_ipq(struct ipq *); 123void mac_destroy_socket(struct socket *); 124void mac_destroy_pipe(struct pipepair *); 125void mac_destroy_posix_sem(struct ksem *); 126void mac_destroy_proc(struct proc *); 127void mac_destroy_mbuf_tag(struct m_tag *); 128void mac_destroy_mount(struct mount *); 129void mac_destroy_vnode(struct vnode *); 130 131struct label *mac_cred_label_alloc(void); |
132void mac_cred_label_free(struct label *label); | 132void mac_cred_label_free(struct label *); |
133struct label *mac_vnode_label_alloc(void); | 133struct label *mac_vnode_label_alloc(void); |
134void mac_vnode_label_free(struct label *label); | 134void mac_vnode_label_free(struct label *); |
135 136/* 137 * Labeling event operations: file system objects, and things that look a lot 138 * like file system objects. 139 */ 140void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de, 141 struct vnode *vp); 142int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp); --- 11 unchanged lines hidden (view full) --- 154 struct label *newlabel); 155void mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, 156 struct vnode *vp); 157 158/* 159 * Labeling event operations: IPC objects. 160 */ 161void mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m); | 135 136/* 137 * Labeling event operations: file system objects, and things that look a lot 138 * like file system objects. 139 */ 140void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de, 141 struct vnode *vp); 142int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp); --- 11 unchanged lines hidden (view full) --- 154 struct label *newlabel); 155void mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, 156 struct vnode *vp); 157 158/* 159 * Labeling event operations: IPC objects. 160 */ 161void mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m); |
162void mac_create_socket(struct ucred *cred, struct socket *socket); 163void mac_create_socket_from_socket(struct socket *oldsocket, 164 struct socket *newsocket); 165void mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, 166 struct socket *socket); 167void mac_set_socket_peer_from_socket(struct socket *oldsocket, 168 struct socket *newsocket); | 162void mac_create_socket(struct ucred *cred, struct socket *so); 163void mac_create_socket_from_socket(struct socket *oldso, 164 struct socket *newso); 165void mac_set_socket_peer_from_mbuf(struct mbuf *m, struct socket *so); 166void mac_set_socket_peer_from_socket(struct socket *oldso, 167 struct socket *newso); |
169void mac_create_pipe(struct ucred *cred, struct pipepair *pp); 170 171/* 172 * Labeling event operations: System V IPC primitives 173 */ 174void mac_create_sysv_msgmsg(struct ucred *cred, 175 struct msqid_kernel *msqkptr, struct msg *msgptr); 176void mac_create_sysv_msgqueue(struct ucred *cred, --- 6 unchanged lines hidden (view full) --- 183/* 184 * Labeling event operations: POSIX (global/inter-process) semaphores. 185 */ 186void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr); 187 188/* 189 * Labeling event operations: network objects. 190 */ | 168void mac_create_pipe(struct ucred *cred, struct pipepair *pp); 169 170/* 171 * Labeling event operations: System V IPC primitives 172 */ 173void mac_create_sysv_msgmsg(struct ucred *cred, 174 struct msqid_kernel *msqkptr, struct msg *msgptr); 175void mac_create_sysv_msgqueue(struct ucred *cred, --- 6 unchanged lines hidden (view full) --- 182/* 183 * Labeling event operations: POSIX (global/inter-process) semaphores. 184 */ 185void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr); 186 187/* 188 * Labeling event operations: network objects. 189 */ |
191void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d); | 190void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *d); |
192void mac_create_ifnet(struct ifnet *ifp); 193void mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp); | 191void mac_create_ifnet(struct ifnet *ifp); 192void mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp); |
194void mac_create_ipq(struct mbuf *fragment, struct ipq *ipq); 195void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram); 196void mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment); | 193void mac_create_ipq(struct mbuf *m, struct ipq *ipq); 194void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *m); 195void mac_create_fragment(struct mbuf *m, struct mbuf *frag); |
197void mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m); | 196void mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m); |
198void mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m); 199void mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m); 200void mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m); 201void mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 202 struct ifnet *ifnet, struct mbuf *newmbuf); 203void mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf); 204int mac_fragment_match(struct mbuf *fragment, struct ipq *ipq); | 197void mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m); 198void mac_create_mbuf_from_bpfdesc(struct bpf_d *d, struct mbuf *m); 199void mac_create_mbuf_from_ifnet(struct ifnet *ifp, struct mbuf *m); 200void mac_create_mbuf_multicast_encap(struct mbuf *m, struct ifnet *ifp, 201 struct mbuf *mnew); 202void mac_create_mbuf_netlayer(struct mbuf *m, struct mbuf *mnew); 203int mac_fragment_match(struct mbuf *m, struct ipq *ipq); |
205void mac_reflect_mbuf_icmp(struct mbuf *m); 206void mac_reflect_mbuf_tcp(struct mbuf *m); | 204void mac_reflect_mbuf_icmp(struct mbuf *m); 205void mac_reflect_mbuf_tcp(struct mbuf *m); |
207void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); | 206void mac_update_ipq(struct mbuf *m, struct ipq *ipq); |
208void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); 209void mac_create_mbuf_from_firewall(struct mbuf *m); | 207void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); 208void mac_create_mbuf_from_firewall(struct mbuf *m); |
210void mac_destroy_syncache(struct label **label); 211int mac_init_syncache(struct label **label); 212void mac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp); 213void mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m); | 209void mac_destroy_syncache(struct label **l); 210int mac_init_syncache(struct label **l); 211void mac_init_syncache_from_inpcb(struct label *l, struct inpcb *inp); 212void mac_create_mbuf_from_syncache(struct label *l, struct mbuf *m); |
214 215/* 216 * Labeling event operations: processes. 217 */ 218void mac_copy_cred(struct ucred *cr1, struct ucred *cr2); 219int mac_execve_enter(struct image_params *imgp, struct mac *mac_p); 220void mac_execve_exit(struct image_params *imgp); | 213 214/* 215 * Labeling event operations: processes. 216 */ 217void mac_copy_cred(struct ucred *cr1, struct ucred *cr2); 218int mac_execve_enter(struct image_params *imgp, struct mac *mac_p); 219void mac_execve_exit(struct image_params *imgp); |
221void mac_execve_transition(struct ucred *old, struct ucred *new, | 220void mac_execve_transition(struct ucred *oldcred, struct ucred *newcred, |
222 struct vnode *vp, struct label *interpvnodelabel, 223 struct image_params *imgp); | 221 struct vnode *vp, struct label *interpvnodelabel, 222 struct image_params *imgp); |
224int mac_execve_will_transition(struct ucred *old, struct vnode *vp, | 223int mac_execve_will_transition(struct ucred *cred, struct vnode *vp, |
225 struct label *interpvnodelabel, struct image_params *imgp); 226void mac_create_proc0(struct ucred *cred); 227void mac_create_proc1(struct ucred *cred); 228void mac_thread_userret(struct thread *td); 229 230/* 231 * Label cleanup operation: This is the inverse complement for the mac_create 232 * and associate type of hooks. This hook lets the policy module(s) perform a --- 8 unchanged lines hidden (view full) --- 241void mac_cleanup_sysv_msgmsg(struct msg *msgptr); 242void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr); 243void mac_cleanup_sysv_sem(struct semid_kernel *semakptr); 244void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr); 245 246/* 247 * Access control checks. 248 */ | 224 struct label *interpvnodelabel, struct image_params *imgp); 225void mac_create_proc0(struct ucred *cred); 226void mac_create_proc1(struct ucred *cred); 227void mac_thread_userret(struct thread *td); 228 229/* 230 * Label cleanup operation: This is the inverse complement for the mac_create 231 * and associate type of hooks. This hook lets the policy module(s) perform a --- 8 unchanged lines hidden (view full) --- 240void mac_cleanup_sysv_msgmsg(struct msg *msgptr); 241void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr); 242void mac_cleanup_sysv_sem(struct semid_kernel *semakptr); 243void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr); 244 245/* 246 * Access control checks. 247 */ |
249int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); 250int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); 251int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); | 248int mac_check_bpfdesc_receive(struct bpf_d *d, struct ifnet *ifp); 249int mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2); 250int mac_check_ifnet_transmit(struct ifnet *ifp, struct mbuf *m); |
252int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m); 253int mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, 254 struct msqid_kernel *msqkptr); 255int mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr); 256int mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr); 257int mac_check_sysv_msqget(struct ucred *cred, 258 struct msqid_kernel *msqkptr); 259int mac_check_sysv_msqsnd(struct ucred *cred, --- 30 unchanged lines hidden (view full) --- 290int mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp); 291int mac_check_pipe_write(struct ucred *cred, struct pipepair *pp); 292int mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr); 293int mac_check_posix_sem_getvalue(struct ucred *cred,struct ksem *ksemptr); 294int mac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr); 295int mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr); 296int mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr); 297int mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr); | 251int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m); 252int mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, 253 struct msqid_kernel *msqkptr); 254int mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr); 255int mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr); 256int mac_check_sysv_msqget(struct ucred *cred, 257 struct msqid_kernel *msqkptr); 258int mac_check_sysv_msqsnd(struct ucred *cred, --- 30 unchanged lines hidden (view full) --- 289int mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp); 290int mac_check_pipe_write(struct ucred *cred, struct pipepair *pp); 291int mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr); 292int mac_check_posix_sem_getvalue(struct ucred *cred,struct ksem *ksemptr); 293int mac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr); 294int mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr); 295int mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr); 296int mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr); |
298int mac_check_proc_debug(struct ucred *cred, struct proc *proc); 299int mac_check_proc_sched(struct ucred *cred, struct proc *proc); | 297int mac_check_proc_debug(struct ucred *cred, struct proc *p); 298int mac_check_proc_sched(struct ucred *cred, struct proc *p); |
300int mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai); 301int mac_check_proc_setauid(struct ucred *cred, uid_t auid); | 299int mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai); 300int mac_check_proc_setauid(struct ucred *cred, uid_t auid); |
302int mac_check_proc_setuid(struct proc *proc, struct ucred *cred, | 301int mac_check_proc_setuid(struct proc *p, struct ucred *cred, |
303 uid_t uid); | 302 uid_t uid); |
304int mac_check_proc_seteuid(struct proc *proc, struct ucred *cred, | 303int mac_check_proc_seteuid(struct proc *p, struct ucred *cred, |
305 uid_t euid); | 304 uid_t euid); |
306int mac_check_proc_setgid(struct proc *proc, struct ucred *cred, | 305int mac_check_proc_setgid(struct proc *p, struct ucred *cred, |
307 gid_t gid); | 306 gid_t gid); |
308int mac_check_proc_setegid(struct proc *proc, struct ucred *cred, | 307int mac_check_proc_setegid(struct proc *p, struct ucred *cred, |
309 gid_t egid); | 308 gid_t egid); |
310int mac_check_proc_setgroups(struct proc *proc, struct ucred *cred, | 309int mac_check_proc_setgroups(struct proc *p, struct ucred *cred, |
311 int ngroups, gid_t *gidset); | 310 int ngroups, gid_t *gidset); |
312int mac_check_proc_setreuid(struct proc *proc, struct ucred *cred, | 311int mac_check_proc_setreuid(struct proc *p, struct ucred *cred, |
313 uid_t ruid, uid_t euid); | 312 uid_t ruid, uid_t euid); |
314int mac_check_proc_setregid(struct proc *proc, struct ucred *cred, | 313int mac_check_proc_setregid(struct proc *p, struct ucred *cred, |
315 gid_t rgid, gid_t egid); | 314 gid_t rgid, gid_t egid); |
316int mac_check_proc_setresuid(struct proc *proc, struct ucred *cred, | 315int mac_check_proc_setresuid(struct proc *p, struct ucred *cred, |
317 uid_t ruid, uid_t euid, uid_t suid); | 316 uid_t ruid, uid_t euid, uid_t suid); |
318int mac_check_proc_setresgid(struct proc *proc, struct ucred *cred, | 317int mac_check_proc_setresgid(struct proc *p, struct ucred *cred, |
319 gid_t rgid, gid_t egid, gid_t sgid); | 318 gid_t rgid, gid_t egid, gid_t sgid); |
320int mac_check_proc_signal(struct ucred *cred, struct proc *proc, | 319int mac_check_proc_signal(struct ucred *cred, struct proc *p, |
321 int signum); | 320 int signum); |
322int mac_check_proc_wait(struct ucred *cred, struct proc *proc); | 321int mac_check_proc_wait(struct ucred *cred, struct proc *p); |
323int mac_check_socket_accept(struct ucred *cred, struct socket *so); 324int mac_check_socket_bind(struct ucred *cred, struct socket *so, | 322int mac_check_socket_accept(struct ucred *cred, struct socket *so); 323int mac_check_socket_bind(struct ucred *cred, struct socket *so, |
325 struct sockaddr *sockaddr); | 324 struct sockaddr *sa); |
326int mac_check_socket_connect(struct ucred *cred, struct socket *so, | 325int mac_check_socket_connect(struct ucred *cred, struct socket *so, |
327 struct sockaddr *sockaddr); | 326 struct sockaddr *sa); |
328int mac_check_socket_create(struct ucred *cred, int domain, int type, | 327int mac_check_socket_create(struct ucred *cred, int domain, int type, |
329 int protocol); | 328 int proto); |
330int mac_check_socket_deliver(struct socket *so, struct mbuf *m); 331int mac_check_socket_listen(struct ucred *cred, struct socket *so); 332int mac_check_socket_poll(struct ucred *cred, struct socket *so); 333int mac_check_socket_receive(struct ucred *cred, struct socket *so); 334int mac_check_socket_send(struct ucred *cred, struct socket *so); 335int mac_check_socket_stat(struct ucred *cred, struct socket *so); 336int mac_check_socket_visible(struct ucred *cred, struct socket *so); 337int mac_check_system_acct(struct ucred *cred, struct vnode *vp); --- 24 unchanged lines hidden (view full) --- 362int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 363 int attrnamespace, const char *name, struct uio *uio); 364int mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, 365 struct vnode *vp, struct componentname *cnp); 366int mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 367 int attrnamespace); 368int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 369 struct componentname *cnp); | 329int mac_check_socket_deliver(struct socket *so, struct mbuf *m); 330int mac_check_socket_listen(struct ucred *cred, struct socket *so); 331int mac_check_socket_poll(struct ucred *cred, struct socket *so); 332int mac_check_socket_receive(struct ucred *cred, struct socket *so); 333int mac_check_socket_send(struct ucred *cred, struct socket *so); 334int mac_check_socket_stat(struct ucred *cred, struct socket *so); 335int mac_check_socket_visible(struct ucred *cred, struct socket *so); 336int mac_check_system_acct(struct ucred *cred, struct vnode *vp); --- 24 unchanged lines hidden (view full) --- 361int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 362 int attrnamespace, const char *name, struct uio *uio); 363int mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, 364 struct vnode *vp, struct componentname *cnp); 365int mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 366 int attrnamespace); 367int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 368 struct componentname *cnp); |
370int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 371 int prot, int flags); | 369int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int prot, 370 int flags); |
372int mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 373 int prot); 374int mac_check_vnode_open(struct ucred *cred, struct vnode *vp, 375 int acc_mode); 376int mac_check_vnode_poll(struct ucred *active_cred, 377 struct ucred *file_cred, struct vnode *vp); 378int mac_check_vnode_read(struct ucred *active_cred, 379 struct ucred *file_cred, struct vnode *vp); --- 20 unchanged lines hidden (view full) --- 400 struct ucred *file_cred, struct vnode *vp); 401int mac_check_vnode_write(struct ucred *active_cred, 402 struct ucred *file_cred, struct vnode *vp); 403int mac_getsockopt_label(struct ucred *cred, struct socket *so, 404 struct mac *extmac); 405int mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so, 406 struct mac *extmac); 407int mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr, | 371int mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 372 int prot); 373int mac_check_vnode_open(struct ucred *cred, struct vnode *vp, 374 int acc_mode); 375int mac_check_vnode_poll(struct ucred *active_cred, 376 struct ucred *file_cred, struct vnode *vp); 377int mac_check_vnode_read(struct ucred *active_cred, 378 struct ucred *file_cred, struct vnode *vp); --- 20 unchanged lines hidden (view full) --- 399 struct ucred *file_cred, struct vnode *vp); 400int mac_check_vnode_write(struct ucred *active_cred, 401 struct ucred *file_cred, struct vnode *vp); 402int mac_getsockopt_label(struct ucred *cred, struct socket *so, 403 struct mac *extmac); 404int mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so, 405 struct mac *extmac); 406int mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr, |
408 struct ifnet *ifnet); | 407 struct ifnet *ifp); |
409int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, | 408int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, |
410 struct ifnet *ifnet); | 409 struct ifnet *ifp); |
411int mac_setsockopt_label(struct ucred *cred, struct socket *so, 412 struct mac *extmac); 413int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, 414 struct label *label); 415void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); 416void mac_associate_nfsd_label(struct ucred *cred); 417int mac_priv_check(struct ucred *cred, int priv); 418int mac_priv_grant(struct ucred *cred, int priv); 419 420/* 421 * Calls to help various file systems implement labeling functionality using 422 * their existing EA implementation. 423 */ 424int vop_stdsetlabel_ea(struct vop_setlabel_args *ap); 425 426#endif /* !_SYS_SECURITY_MAC_MAC_FRAMEWORK_H_ */ | 410int mac_setsockopt_label(struct ucred *cred, struct socket *so, 411 struct mac *extmac); 412int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, 413 struct label *label); 414void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); 415void mac_associate_nfsd_label(struct ucred *cred); 416int mac_priv_check(struct ucred *cred, int priv); 417int mac_priv_grant(struct ucred *cred, int priv); 418 419/* 420 * Calls to help various file systems implement labeling functionality using 421 * their existing EA implementation. 422 */ 423int vop_stdsetlabel_ea(struct vop_setlabel_args *ap); 424 425#endif /* !_SYS_SECURITY_MAC_MAC_FRAMEWORK_H_ */ |