mac_policy.h (168954) | mac_policy.h (168955) |
---|---|
1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
38 * $FreeBSD: head/sys/security/mac/mac_policy.h 168954 2007-04-22 16:18:10Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac/mac_policy.h 168955 2007-04-22 19:55:56Z rwatson $ |
39 */ 40/* 41 * Kernel interface for MAC policy modules. 42 */ 43#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_ 44#define _SYS_SECURITY_MAC_MAC_POLICY_H_ 45 46#ifndef _KERNEL --- 144 unchanged lines hidden (view full) --- 191typedef int (*mpo_internalize_vnode_label_t)(struct label *label, 192 char *element_name, char *element_data, int *claimed); 193 194/* 195 * Labeling event operations: file system objects, and things that look a lot 196 * like file system objects. 197 */ 198typedef void (*mpo_associate_vnode_devfs_t)(struct mount *mp, | 39 */ 40/* 41 * Kernel interface for MAC policy modules. 42 */ 43#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_ 44#define _SYS_SECURITY_MAC_MAC_POLICY_H_ 45 46#ifndef _KERNEL --- 144 unchanged lines hidden (view full) --- 191typedef int (*mpo_internalize_vnode_label_t)(struct label *label, 192 char *element_name, char *element_data, int *claimed); 193 194/* 195 * Labeling event operations: file system objects, and things that look a lot 196 * like file system objects. 197 */ 198typedef void (*mpo_associate_vnode_devfs_t)(struct mount *mp, |
199 struct label *mntlabel, struct devfs_dirent *de, | 199 struct label *mplabel, struct devfs_dirent *de, |
200 struct label *delabel, struct vnode *vp, | 200 struct label *delabel, struct vnode *vp, |
201 struct label *vlabel); | 201 struct label *vplabel); |
202typedef int (*mpo_associate_vnode_extattr_t)(struct mount *mp, | 202typedef int (*mpo_associate_vnode_extattr_t)(struct mount *mp, |
203 struct label *mntlabel, struct vnode *vp, 204 struct label *vlabel); | 203 struct label *mplabel, struct vnode *vp, 204 struct label *vplabel); |
205typedef void (*mpo_associate_vnode_singlelabel_t)(struct mount *mp, | 205typedef void (*mpo_associate_vnode_singlelabel_t)(struct mount *mp, |
206 struct label *mntlabel, struct vnode *vp, 207 struct label *vlabel); | 206 struct label *mplabel, struct vnode *vp, 207 struct label *vplabel); |
208typedef void (*mpo_create_devfs_device_t)(struct ucred *cred, 209 struct mount *mp, struct cdev *dev, | 208typedef void (*mpo_create_devfs_device_t)(struct ucred *cred, 209 struct mount *mp, struct cdev *dev, |
210 struct devfs_dirent *de, struct label *label); | 210 struct devfs_dirent *de, struct label *delabel); |
211typedef void (*mpo_create_devfs_directory_t)(struct mount *mp, 212 char *dirname, int dirnamelen, struct devfs_dirent *de, | 211typedef void (*mpo_create_devfs_directory_t)(struct mount *mp, 212 char *dirname, int dirnamelen, struct devfs_dirent *de, |
213 struct label *label); | 213 struct label *delabel); |
214typedef void (*mpo_create_devfs_symlink_t)(struct ucred *cred, 215 struct mount *mp, struct devfs_dirent *dd, 216 struct label *ddlabel, struct devfs_dirent *de, 217 struct label *delabel); 218typedef int (*mpo_create_vnode_extattr_t)(struct ucred *cred, | 214typedef void (*mpo_create_devfs_symlink_t)(struct ucred *cred, 215 struct mount *mp, struct devfs_dirent *dd, 216 struct label *ddlabel, struct devfs_dirent *de, 217 struct label *delabel); 218typedef int (*mpo_create_vnode_extattr_t)(struct ucred *cred, |
219 struct mount *mp, struct label *mntlabel, 220 struct vnode *dvp, struct label *dlabel, 221 struct vnode *vp, struct label *vlabel, | 219 struct mount *mp, struct label *mplabel, 220 struct vnode *dvp, struct label *dvplabel, 221 struct vnode *vp, struct label *vplabel, |
222 struct componentname *cnp); 223typedef void (*mpo_create_mount_t)(struct ucred *cred, struct mount *mp, | 222 struct componentname *cnp); 223typedef void (*mpo_create_mount_t)(struct ucred *cred, struct mount *mp, |
224 struct label *mntlabel); | 224 struct label *mplabel); |
225typedef void (*mpo_relabel_vnode_t)(struct ucred *cred, struct vnode *vp, | 225typedef void (*mpo_relabel_vnode_t)(struct ucred *cred, struct vnode *vp, |
226 struct label *vnodelabel, struct label *label); | 226 struct label *vplabel, struct label *label); |
227typedef int (*mpo_setlabel_vnode_extattr_t)(struct ucred *cred, | 227typedef int (*mpo_setlabel_vnode_extattr_t)(struct ucred *cred, |
228 struct vnode *vp, struct label *vlabel, | 228 struct vnode *vp, struct label *vplabel, |
229 struct label *intlabel); 230typedef void (*mpo_update_devfsdirent_t)(struct mount *mp, | 229 struct label *intlabel); 230typedef void (*mpo_update_devfsdirent_t)(struct mount *mp, |
231 struct devfs_dirent *devfs_dirent, 232 struct label *direntlabel, struct vnode *vp, 233 struct label *vnodelabel); | 231 struct devfs_dirent *de, struct label *delabel, 232 struct vnode *vp, struct label *vplabel); |
234 235/* 236 * Labeling event operations: IPC objects. 237 */ 238typedef void (*mpo_create_mbuf_from_socket_t)(struct socket *so, | 233 234/* 235 * Labeling event operations: IPC objects. 236 */ 237typedef void (*mpo_create_mbuf_from_socket_t)(struct socket *so, |
239 struct label *socketlabel, struct mbuf *m, 240 struct label *mbuflabel); | 238 struct label *solabel, struct mbuf *m, 239 struct label *mlabel); |
241typedef void (*mpo_create_socket_t)(struct ucred *cred, struct socket *so, | 240typedef void (*mpo_create_socket_t)(struct ucred *cred, struct socket *so, |
242 struct label *socketlabel); 243typedef void (*mpo_create_socket_from_socket_t)(struct socket *oldsocket, 244 struct label *oldsocketlabel, struct socket *newsocket, 245 struct label *newsocketlabel); | 241 struct label *solabel); 242typedef void (*mpo_create_socket_from_socket_t)(struct socket *oldso, 243 struct label *oldsolabel, struct socket *newso, 244 struct label *newsolabel); |
246typedef void (*mpo_relabel_socket_t)(struct ucred *cred, struct socket *so, 247 struct label *oldlabel, struct label *newlabel); 248typedef void (*mpo_relabel_pipe_t)(struct ucred *cred, struct pipepair *pp, 249 struct label *oldlabel, struct label *newlabel); | 245typedef void (*mpo_relabel_socket_t)(struct ucred *cred, struct socket *so, 246 struct label *oldlabel, struct label *newlabel); 247typedef void (*mpo_relabel_pipe_t)(struct ucred *cred, struct pipepair *pp, 248 struct label *oldlabel, struct label *newlabel); |
250typedef void (*mpo_set_socket_peer_from_mbuf_t)(struct mbuf *mbuf, 251 struct label *mbuflabel, struct socket *so, 252 struct label *socketpeerlabel); 253typedef void (*mpo_set_socket_peer_from_socket_t)(struct socket *oldsocket, 254 struct label *oldsocketlabel, struct socket *newsocket, 255 struct label *newsocketpeerlabel); | 249typedef void (*mpo_set_socket_peer_from_mbuf_t)(struct mbuf *m, 250 struct label *mlabel, struct socket *so, 251 struct label *sopeerlabel); 252typedef void (*mpo_set_socket_peer_from_socket_t)(struct socket *oldso, 253 struct label *oldsolabel, struct socket *newso, 254 struct label *newsopeerlabel); |
256typedef void (*mpo_create_pipe_t)(struct ucred *cred, struct pipepair *pp, | 255typedef void (*mpo_create_pipe_t)(struct ucred *cred, struct pipepair *pp, |
257 struct label *pipelabel); | 256 struct label *pplabel); |
258 259/* 260 * Labeling event operations: System V IPC primitives. 261 */ 262typedef void (*mpo_create_sysv_msgmsg_t)(struct ucred *cred, 263 struct msqid_kernel *msqkptr, struct label *msqlabel, 264 struct msg *msgptr, struct label *msglabel); 265typedef void (*mpo_create_sysv_msgqueue_t)(struct ucred *cred, --- 8 unchanged lines hidden (view full) --- 274 */ 275typedef void (*mpo_create_posix_sem_t)(struct ucred *cred, 276 struct ksem *ksemptr, struct label *ks_label); 277 278/* 279 * Labeling event operations: network objects. 280 */ 281typedef void (*mpo_create_bpfdesc_t)(struct ucred *cred, | 257 258/* 259 * Labeling event operations: System V IPC primitives. 260 */ 261typedef void (*mpo_create_sysv_msgmsg_t)(struct ucred *cred, 262 struct msqid_kernel *msqkptr, struct label *msqlabel, 263 struct msg *msgptr, struct label *msglabel); 264typedef void (*mpo_create_sysv_msgqueue_t)(struct ucred *cred, --- 8 unchanged lines hidden (view full) --- 273 */ 274typedef void (*mpo_create_posix_sem_t)(struct ucred *cred, 275 struct ksem *ksemptr, struct label *ks_label); 276 277/* 278 * Labeling event operations: network objects. 279 */ 280typedef void (*mpo_create_bpfdesc_t)(struct ucred *cred, |
282 struct bpf_d *bpf_d, struct label *bpflabel); 283typedef void (*mpo_create_ifnet_t)(struct ifnet *ifnet, 284 struct label *ifnetlabel); | 281 struct bpf_d *d, struct label *dlabel); 282typedef void (*mpo_create_ifnet_t)(struct ifnet *ifp, 283 struct label *ifplabel); |
285typedef void (*mpo_create_inpcb_from_socket_t)(struct socket *so, 286 struct label *solabel, struct inpcb *inp, 287 struct label *inplabel); | 284typedef void (*mpo_create_inpcb_from_socket_t)(struct socket *so, 285 struct label *solabel, struct inpcb *inp, 286 struct label *inplabel); |
288typedef void (*mpo_create_ipq_t)(struct mbuf *fragment, 289 struct label *fragmentlabel, struct ipq *ipq, 290 struct label *ipqlabel); | 287typedef void (*mpo_create_ipq_t)(struct mbuf *m, struct label *mlabel, 288 struct ipq *ipq, struct label *ipqlabel); |
291typedef void (*mpo_create_datagram_from_ipq) | 289typedef void (*mpo_create_datagram_from_ipq) |
292 (struct ipq *ipq, struct label *ipqlabel, 293 struct mbuf *datagram, struct label *datagramlabel); 294typedef void (*mpo_create_fragment_t)(struct mbuf *datagram, 295 struct label *datagramlabel, struct mbuf *fragment, 296 struct label *fragmentlabel); | 290 (struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, 291 struct label *mlabel); 292typedef void (*mpo_create_fragment_t)(struct mbuf *m, 293 struct label *mlabel, struct mbuf *frag, 294 struct label *fraglabel); |
297typedef void (*mpo_create_mbuf_from_inpcb_t)(struct inpcb *inp, 298 struct label *inplabel, struct mbuf *m, 299 struct label *mlabel); | 295typedef void (*mpo_create_mbuf_from_inpcb_t)(struct inpcb *inp, 296 struct label *inplabel, struct mbuf *m, 297 struct label *mlabel); |
300typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifnet, 301 struct label *ifnetlabel, struct mbuf *mbuf, 302 struct label *mbuflabel); 303typedef void (*mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d *bpf_d, 304 struct label *bpflabel, struct mbuf *mbuf, 305 struct label *mbuflabel); 306typedef void (*mpo_create_mbuf_from_ifnet_t)(struct ifnet *ifnet, 307 struct label *ifnetlabel, struct mbuf *mbuf, 308 struct label *mbuflabel); 309typedef void (*mpo_create_mbuf_multicast_encap_t)(struct mbuf *oldmbuf, 310 struct label *oldmbuflabel, struct ifnet *ifnet, 311 struct label *ifnetlabel, struct mbuf *newmbuf, 312 struct label *newmbuflabel); 313typedef void (*mpo_create_mbuf_netlayer_t)(struct mbuf *oldmbuf, 314 struct label *oldmbuflabel, struct mbuf *newmbuf, 315 struct label *newmbuflabel); 316typedef int (*mpo_fragment_match_t)(struct mbuf *fragment, 317 struct label *fragmentlabel, struct ipq *ipq, 318 struct label *ipqlabel); | 298typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp, 299 struct label *ifplabel, struct mbuf *m, 300 struct label *mlabel); 301typedef void (*mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d *d, 302 struct label *dlabel, struct mbuf *m, 303 struct label *mlabel); 304typedef void (*mpo_create_mbuf_from_ifnet_t)(struct ifnet *ifp, 305 struct label *ifplabel, struct mbuf *m, 306 struct label *mlabel); 307typedef void (*mpo_create_mbuf_multicast_encap_t)(struct mbuf *m, 308 struct label *mlabel, struct ifnet *ifp, 309 struct label *ifplabel, struct mbuf *mnew, 310 struct label *mnewlabel); 311typedef void (*mpo_create_mbuf_netlayer_t)(struct mbuf *m, 312 struct label *mlabel, struct mbuf *mnew, 313 struct label *mnewlabel); 314typedef int (*mpo_fragment_match_t)(struct mbuf *m, struct label *mlabel, 315 struct ipq *ipq, struct label *ipqlabel); |
319typedef void (*mpo_reflect_mbuf_icmp_t)(struct mbuf *m, 320 struct label *mlabel); 321typedef void (*mpo_reflect_mbuf_tcp_t)(struct mbuf *m, 322 struct label *mlabel); | 316typedef void (*mpo_reflect_mbuf_icmp_t)(struct mbuf *m, 317 struct label *mlabel); 318typedef void (*mpo_reflect_mbuf_tcp_t)(struct mbuf *m, 319 struct label *mlabel); |
323typedef void (*mpo_relabel_ifnet_t)(struct ucred *cred, 324 struct ifnet *ifnet, struct label *ifnetlabel, 325 struct label *newlabel); 326typedef void (*mpo_update_ipq_t)(struct mbuf *fragment, 327 struct label *fragmentlabel, struct ipq *ipq, 328 struct label *ipqlabel); | 320typedef void (*mpo_relabel_ifnet_t)(struct ucred *cred, struct ifnet *ifp, 321 struct label *ifplabel, struct label *newlabel); 322typedef void (*mpo_update_ipq_t)(struct mbuf *m, struct label *mlabel, 323 struct ipq *ipq, struct label *ipqlabel); |
329typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so, 330 struct label *label, struct inpcb *inp, 331 struct label *inplabel); 332 333typedef void (*mpo_create_mbuf_from_firewall_t)(struct mbuf *m, 334 struct label *label); 335typedef void (*mpo_destroy_syncache_label_t)(struct label *label); 336typedef int (*mpo_init_syncache_label_t)(struct label *label, int flag); 337typedef void (*mpo_init_syncache_from_inpcb_t)(struct label *label, 338 struct inpcb *inp); 339typedef void (*mpo_create_mbuf_from_syncache_t)(struct label *sc_label, | 324typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so, 325 struct label *label, struct inpcb *inp, 326 struct label *inplabel); 327 328typedef void (*mpo_create_mbuf_from_firewall_t)(struct mbuf *m, 329 struct label *label); 330typedef void (*mpo_destroy_syncache_label_t)(struct label *label); 331typedef int (*mpo_init_syncache_label_t)(struct label *label, int flag); 332typedef void (*mpo_init_syncache_from_inpcb_t)(struct label *label, 333 struct inpcb *inp); 334typedef void (*mpo_create_mbuf_from_syncache_t)(struct label *sc_label, |
340 struct mbuf *m, struct label *mbuf_label); | 335 struct mbuf *m, struct label *mlabel); |
341/* 342 * Labeling event operations: processes. 343 */ 344typedef void (*mpo_execve_transition_t)(struct ucred *old, 345 struct ucred *new, struct vnode *vp, | 336/* 337 * Labeling event operations: processes. 338 */ 339typedef void (*mpo_execve_transition_t)(struct ucred *old, 340 struct ucred *new, struct vnode *vp, |
346 struct label *vnodelabel, struct label *interpvnodelabel, | 341 struct label *vplabel, struct label *interpvnodelabel, |
347 struct image_params *imgp, struct label *execlabel); 348typedef int (*mpo_execve_will_transition_t)(struct ucred *old, | 342 struct image_params *imgp, struct label *execlabel); 343typedef int (*mpo_execve_will_transition_t)(struct ucred *old, |
349 struct vnode *vp, struct label *vnodelabel, | 344 struct vnode *vp, struct label *vplabel, |
350 struct label *interpvnodelabel, 351 struct image_params *imgp, struct label *execlabel); 352typedef void (*mpo_create_proc0_t)(struct ucred *cred); 353typedef void (*mpo_create_proc1_t)(struct ucred *cred); 354typedef void (*mpo_relabel_cred_t)(struct ucred *cred, 355 struct label *newlabel); 356typedef void (*mpo_thread_userret_t)(struct thread *thread); 357 358/* 359 * Access control checks. 360 */ | 345 struct label *interpvnodelabel, 346 struct image_params *imgp, struct label *execlabel); 347typedef void (*mpo_create_proc0_t)(struct ucred *cred); 348typedef void (*mpo_create_proc1_t)(struct ucred *cred); 349typedef void (*mpo_relabel_cred_t)(struct ucred *cred, 350 struct label *newlabel); 351typedef void (*mpo_thread_userret_t)(struct thread *thread); 352 353/* 354 * Access control checks. 355 */ |
361typedef int (*mpo_check_bpfdesc_receive_t)(struct bpf_d *bpf_d, 362 struct label *bpflabel, struct ifnet *ifnet, 363 struct label *ifnetlabel); | 356typedef int (*mpo_check_bpfdesc_receive_t)(struct bpf_d *d, 357 struct label *dlabel, struct ifnet *ifp, 358 struct label *ifplabel); |
364typedef int (*mpo_check_cred_relabel_t)(struct ucred *cred, 365 struct label *newlabel); | 359typedef int (*mpo_check_cred_relabel_t)(struct ucred *cred, 360 struct label *newlabel); |
366typedef int (*mpo_check_cred_visible_t)(struct ucred *u1, 367 struct ucred *u2); | 361typedef int (*mpo_check_cred_visible_t)(struct ucred *cr1, 362 struct ucred *cr2); |
368typedef int (*mpo_check_ifnet_relabel_t)(struct ucred *cred, | 363typedef int (*mpo_check_ifnet_relabel_t)(struct ucred *cred, |
369 struct ifnet *ifnet, struct label *ifnetlabel, | 364 struct ifnet *ifp, struct label *ifplabel, |
370 struct label *newlabel); | 365 struct label *newlabel); |
371typedef int (*mpo_check_ifnet_transmit_t)(struct ifnet *ifnet, 372 struct label *ifnetlabel, struct mbuf *m, 373 struct label *mbuflabel); | 366typedef int (*mpo_check_ifnet_transmit_t)(struct ifnet *ifp, 367 struct label *ifplabel, struct mbuf *m, 368 struct label *mlabel); |
374typedef int (*mpo_check_inpcb_deliver_t)(struct inpcb *inp, 375 struct label *inplabel, struct mbuf *m, 376 struct label *mlabel); 377typedef int (*mpo_check_sysv_msgmsq_t)(struct ucred *cred, 378 struct msg *msgptr, struct label *msglabel, 379 struct msqid_kernel *msqkptr, struct label *msqklabel); 380typedef int (*mpo_check_sysv_msgrcv_t)(struct ucred *cred, 381 struct msg *msgptr, struct label *msglabel); --- 29 unchanged lines hidden (view full) --- 411 struct shmid_kernel *shmsegptr, 412 struct label *shmseglabel, int shmflg); 413typedef int (*mpo_check_kenv_dump_t)(struct ucred *cred); 414typedef int (*mpo_check_kenv_get_t)(struct ucred *cred, char *name); 415typedef int (*mpo_check_kenv_set_t)(struct ucred *cred, char *name, 416 char *value); 417typedef int (*mpo_check_kenv_unset_t)(struct ucred *cred, char *name); 418typedef int (*mpo_check_kld_load_t)(struct ucred *cred, struct vnode *vp, | 369typedef int (*mpo_check_inpcb_deliver_t)(struct inpcb *inp, 370 struct label *inplabel, struct mbuf *m, 371 struct label *mlabel); 372typedef int (*mpo_check_sysv_msgmsq_t)(struct ucred *cred, 373 struct msg *msgptr, struct label *msglabel, 374 struct msqid_kernel *msqkptr, struct label *msqklabel); 375typedef int (*mpo_check_sysv_msgrcv_t)(struct ucred *cred, 376 struct msg *msgptr, struct label *msglabel); --- 29 unchanged lines hidden (view full) --- 406 struct shmid_kernel *shmsegptr, 407 struct label *shmseglabel, int shmflg); 408typedef int (*mpo_check_kenv_dump_t)(struct ucred *cred); 409typedef int (*mpo_check_kenv_get_t)(struct ucred *cred, char *name); 410typedef int (*mpo_check_kenv_set_t)(struct ucred *cred, char *name, 411 char *value); 412typedef int (*mpo_check_kenv_unset_t)(struct ucred *cred, char *name); 413typedef int (*mpo_check_kld_load_t)(struct ucred *cred, struct vnode *vp, |
419 struct label *vlabel); | 414 struct label *vplabel); |
420typedef int (*mpo_check_kld_stat_t)(struct ucred *cred); 421typedef int (*mpo_mpo_placeholder19_t)(void); 422typedef int (*mpo_mpo_placeholder20_t)(void); 423typedef int (*mpo_check_mount_stat_t)(struct ucred *cred, | 415typedef int (*mpo_check_kld_stat_t)(struct ucred *cred); 416typedef int (*mpo_mpo_placeholder19_t)(void); 417typedef int (*mpo_mpo_placeholder20_t)(void); 418typedef int (*mpo_check_mount_stat_t)(struct ucred *cred, |
424 struct mount *mp, struct label *mntlabel); | 419 struct mount *mp, struct label *mplabel); |
425typedef int (*mpo_mpo_placeholder21_t)(void); 426typedef int (*mpo_check_pipe_ioctl_t)(struct ucred *cred, | 420typedef int (*mpo_mpo_placeholder21_t)(void); 421typedef int (*mpo_check_pipe_ioctl_t)(struct ucred *cred, |
427 struct pipepair *pp, struct label *pipelabel, | 422 struct pipepair *pp, struct label *pplabel, |
428 unsigned long cmd, void *data); 429typedef int (*mpo_check_pipe_poll_t)(struct ucred *cred, | 423 unsigned long cmd, void *data); 424typedef int (*mpo_check_pipe_poll_t)(struct ucred *cred, |
430 struct pipepair *pp, struct label *pipelabel); | 425 struct pipepair *pp, struct label *pplabel); |
431typedef int (*mpo_check_pipe_read_t)(struct ucred *cred, | 426typedef int (*mpo_check_pipe_read_t)(struct ucred *cred, |
432 struct pipepair *pp, struct label *pipelabel); | 427 struct pipepair *pp, struct label *pplabel); |
433typedef int (*mpo_check_pipe_relabel_t)(struct ucred *cred, | 428typedef int (*mpo_check_pipe_relabel_t)(struct ucred *cred, |
434 struct pipepair *pp, struct label *pipelabel, | 429 struct pipepair *pp, struct label *pplabel, |
435 struct label *newlabel); 436typedef int (*mpo_check_pipe_stat_t)(struct ucred *cred, | 430 struct label *newlabel); 431typedef int (*mpo_check_pipe_stat_t)(struct ucred *cred, |
437 struct pipepair *pp, struct label *pipelabel); | 432 struct pipepair *pp, struct label *pplabel); |
438typedef int (*mpo_check_pipe_write_t)(struct ucred *cred, | 433typedef int (*mpo_check_pipe_write_t)(struct ucred *cred, |
439 struct pipepair *pp, struct label *pipelabel); | 434 struct pipepair *pp, struct label *pplabel); |
440typedef int (*mpo_check_posix_sem_destroy_t)(struct ucred *cred, 441 struct ksem *ksemptr, struct label *ks_label); 442typedef int (*mpo_check_posix_sem_getvalue_t)(struct ucred *cred, 443 struct ksem *ksemptr, struct label *ks_label); 444typedef int (*mpo_check_posix_sem_open_t)(struct ucred *cred, 445 struct ksem *ksemptr, struct label *ks_label); 446typedef int (*mpo_check_posix_sem_post_t)(struct ucred *cred, 447 struct ksem *ksemptr, struct label *ks_label); 448typedef int (*mpo_check_posix_sem_unlink_t)(struct ucred *cred, 449 struct ksem *ksemptr, struct label *ks_label); 450typedef int (*mpo_check_posix_sem_wait_t)(struct ucred *cred, 451 struct ksem *ksemptr, struct label *ks_label); 452typedef int (*mpo_check_proc_debug_t)(struct ucred *cred, | 435typedef int (*mpo_check_posix_sem_destroy_t)(struct ucred *cred, 436 struct ksem *ksemptr, struct label *ks_label); 437typedef int (*mpo_check_posix_sem_getvalue_t)(struct ucred *cred, 438 struct ksem *ksemptr, struct label *ks_label); 439typedef int (*mpo_check_posix_sem_open_t)(struct ucred *cred, 440 struct ksem *ksemptr, struct label *ks_label); 441typedef int (*mpo_check_posix_sem_post_t)(struct ucred *cred, 442 struct ksem *ksemptr, struct label *ks_label); 443typedef int (*mpo_check_posix_sem_unlink_t)(struct ucred *cred, 444 struct ksem *ksemptr, struct label *ks_label); 445typedef int (*mpo_check_posix_sem_wait_t)(struct ucred *cred, 446 struct ksem *ksemptr, struct label *ks_label); 447typedef int (*mpo_check_proc_debug_t)(struct ucred *cred, |
453 struct proc *proc); | 448 struct proc *p); |
454typedef int (*mpo_check_proc_sched_t)(struct ucred *cred, | 449typedef int (*mpo_check_proc_sched_t)(struct ucred *cred, |
455 struct proc *proc); | 450 struct proc *p); |
456typedef int (*mpo_check_proc_setaudit_t)(struct ucred *cred, 457 struct auditinfo *ai); 458typedef int (*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid); 459typedef int (*mpo_check_proc_setuid_t)(struct ucred *cred, uid_t uid); 460typedef int (*mpo_check_proc_seteuid_t)(struct ucred *cred, uid_t euid); 461typedef int (*mpo_check_proc_setgid_t)(struct ucred *cred, gid_t gid); 462typedef int (*mpo_check_proc_setegid_t)(struct ucred *cred, gid_t egid); 463typedef int (*mpo_check_proc_setgroups_t)(struct ucred *cred, int ngroups, --- 6 unchanged lines hidden (view full) --- 470 uid_t euid, uid_t suid); 471typedef int (*mpo_check_proc_setresgid_t)(struct ucred *cred, gid_t rgid, 472 gid_t egid, gid_t sgid); 473typedef int (*mpo_check_proc_signal_t)(struct ucred *cred, 474 struct proc *proc, int signum); 475typedef int (*mpo_check_proc_wait_t)(struct ucred *cred, 476 struct proc *proc); 477typedef int (*mpo_check_socket_accept_t)(struct ucred *cred, | 451typedef int (*mpo_check_proc_setaudit_t)(struct ucred *cred, 452 struct auditinfo *ai); 453typedef int (*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid); 454typedef int (*mpo_check_proc_setuid_t)(struct ucred *cred, uid_t uid); 455typedef int (*mpo_check_proc_seteuid_t)(struct ucred *cred, uid_t euid); 456typedef int (*mpo_check_proc_setgid_t)(struct ucred *cred, gid_t gid); 457typedef int (*mpo_check_proc_setegid_t)(struct ucred *cred, gid_t egid); 458typedef int (*mpo_check_proc_setgroups_t)(struct ucred *cred, int ngroups, --- 6 unchanged lines hidden (view full) --- 465 uid_t euid, uid_t suid); 466typedef int (*mpo_check_proc_setresgid_t)(struct ucred *cred, gid_t rgid, 467 gid_t egid, gid_t sgid); 468typedef int (*mpo_check_proc_signal_t)(struct ucred *cred, 469 struct proc *proc, int signum); 470typedef int (*mpo_check_proc_wait_t)(struct ucred *cred, 471 struct proc *proc); 472typedef int (*mpo_check_socket_accept_t)(struct ucred *cred, |
478 struct socket *so, struct label *socketlabel); | 473 struct socket *so, struct label *solabel); |
479typedef int (*mpo_check_socket_bind_t)(struct ucred *cred, | 474typedef int (*mpo_check_socket_bind_t)(struct ucred *cred, |
480 struct socket *so, struct label *socketlabel, 481 struct sockaddr *sockaddr); | 475 struct socket *so, struct label *solabel, 476 struct sockaddr *sa); |
482typedef int (*mpo_check_socket_connect_t)(struct ucred *cred, | 477typedef int (*mpo_check_socket_connect_t)(struct ucred *cred, |
483 struct socket *so, struct label *socketlabel, 484 struct sockaddr *sockaddr); | 478 struct socket *so, struct label *solabel, 479 struct sockaddr *sa); |
485typedef int (*mpo_check_socket_create_t)(struct ucred *cred, int domain, 486 int type, int protocol); 487typedef int (*mpo_check_socket_deliver_t)(struct socket *so, | 480typedef int (*mpo_check_socket_create_t)(struct ucred *cred, int domain, 481 int type, int protocol); 482typedef int (*mpo_check_socket_deliver_t)(struct socket *so, |
488 struct label *socketlabel, struct mbuf *m, 489 struct label *mbuflabel); | 483 struct label *solabel, struct mbuf *m, 484 struct label *mlabel); |
490typedef int (*mpo_check_socket_listen_t)(struct ucred *cred, | 485typedef int (*mpo_check_socket_listen_t)(struct ucred *cred, |
491 struct socket *so, struct label *socketlabel); | 486 struct socket *so, struct label *solabel); |
492typedef int (*mpo_check_socket_poll_t)(struct ucred *cred, | 487typedef int (*mpo_check_socket_poll_t)(struct ucred *cred, |
493 struct socket *so, struct label *socketlabel); | 488 struct socket *so, struct label *solabel); |
494typedef int (*mpo_check_socket_receive_t)(struct ucred *cred, | 489typedef int (*mpo_check_socket_receive_t)(struct ucred *cred, |
495 struct socket *so, struct label *socketlabel); | 490 struct socket *so, struct label *solabel); |
496typedef int (*mpo_check_socket_relabel_t)(struct ucred *cred, | 491typedef int (*mpo_check_socket_relabel_t)(struct ucred *cred, |
497 struct socket *so, struct label *socketlabel, | 492 struct socket *so, struct label *solabel, |
498 struct label *newlabel); 499typedef int (*mpo_check_socket_send_t)(struct ucred *cred, | 493 struct label *newlabel); 494typedef int (*mpo_check_socket_send_t)(struct ucred *cred, |
500 struct socket *so, struct label *socketlabel); | 495 struct socket *so, struct label *solabel); |
501typedef int (*mpo_check_socket_stat_t)(struct ucred *cred, | 496typedef int (*mpo_check_socket_stat_t)(struct ucred *cred, |
502 struct socket *so, struct label *socketlabel); | 497 struct socket *so, struct label *solabel); |
503typedef int (*mpo_check_socket_visible_t)(struct ucred *cred, | 498typedef int (*mpo_check_socket_visible_t)(struct ucred *cred, |
504 struct socket *so, struct label *socketlabel); | 499 struct socket *so, struct label *solabel); |
505typedef int (*mpo_check_system_acct_t)(struct ucred *cred, | 500typedef int (*mpo_check_system_acct_t)(struct ucred *cred, |
506 struct vnode *vp, struct label *vlabel); | 501 struct vnode *vp, struct label *vplabel); |
507typedef int (*mpo_check_system_audit_t)(struct ucred *cred, void *record, 508 int length); 509typedef int (*mpo_check_system_auditctl_t)(struct ucred *cred, 510 struct vnode *vp, struct label *vplabel); 511typedef int (*mpo_check_system_auditon_t)(struct ucred *cred, int cmd); 512typedef int (*mpo_check_system_reboot_t)(struct ucred *cred, int howto); 513typedef int (*mpo_check_system_swapon_t)(struct ucred *cred, | 502typedef int (*mpo_check_system_audit_t)(struct ucred *cred, void *record, 503 int length); 504typedef int (*mpo_check_system_auditctl_t)(struct ucred *cred, 505 struct vnode *vp, struct label *vplabel); 506typedef int (*mpo_check_system_auditon_t)(struct ucred *cred, int cmd); 507typedef int (*mpo_check_system_reboot_t)(struct ucred *cred, int howto); 508typedef int (*mpo_check_system_swapon_t)(struct ucred *cred, |
514 struct vnode *vp, struct label *label); | 509 struct vnode *vp, struct label *vplabel); |
515typedef int (*mpo_check_system_swapoff_t)(struct ucred *cred, | 510typedef int (*mpo_check_system_swapoff_t)(struct ucred *cred, |
516 struct vnode *vp, struct label *label); | 511 struct vnode *vp, struct label *vplabel); |
517typedef int (*mpo_check_system_sysctl_t)(struct ucred *cred, 518 struct sysctl_oid *oidp, void *arg1, int arg2, 519 struct sysctl_req *req); 520typedef int (*mpo_check_vnode_access_t)(struct ucred *cred, | 512typedef int (*mpo_check_system_sysctl_t)(struct ucred *cred, 513 struct sysctl_oid *oidp, void *arg1, int arg2, 514 struct sysctl_req *req); 515typedef int (*mpo_check_vnode_access_t)(struct ucred *cred, |
521 struct vnode *vp, struct label *label, int acc_mode); | 516 struct vnode *vp, struct label *vplabel, int acc_mode); |
522typedef int (*mpo_check_vnode_chdir_t)(struct ucred *cred, | 517typedef int (*mpo_check_vnode_chdir_t)(struct ucred *cred, |
523 struct vnode *dvp, struct label *dlabel); | 518 struct vnode *dvp, struct label *dvplabel); |
524typedef int (*mpo_check_vnode_chroot_t)(struct ucred *cred, | 519typedef int (*mpo_check_vnode_chroot_t)(struct ucred *cred, |
525 struct vnode *dvp, struct label *dlabel); | 520 struct vnode *dvp, struct label *dvplabel); |
526typedef int (*mpo_check_vnode_create_t)(struct ucred *cred, | 521typedef int (*mpo_check_vnode_create_t)(struct ucred *cred, |
527 struct vnode *dvp, struct label *dlabel, | 522 struct vnode *dvp, struct label *dvplabel, |
528 struct componentname *cnp, struct vattr *vap); 529typedef int (*mpo_check_vnode_delete_t)(struct ucred *cred, | 523 struct componentname *cnp, struct vattr *vap); 524typedef int (*mpo_check_vnode_delete_t)(struct ucred *cred, |
530 struct vnode *dvp, struct label *dlabel, 531 struct vnode *vp, struct label *label, | 525 struct vnode *dvp, struct label *dvplabel, 526 struct vnode *vp, struct label *vplabel, |
532 struct componentname *cnp); 533typedef int (*mpo_check_vnode_deleteacl_t)(struct ucred *cred, | 527 struct componentname *cnp); 528typedef int (*mpo_check_vnode_deleteacl_t)(struct ucred *cred, |
534 struct vnode *vp, struct label *label, acl_type_t type); | 529 struct vnode *vp, struct label *vplabel, 530 acl_type_t type); |
535typedef int (*mpo_check_vnode_deleteextattr_t)(struct ucred *cred, | 531typedef int (*mpo_check_vnode_deleteextattr_t)(struct ucred *cred, |
536 struct vnode *vp, struct label *label, int attrnamespace, 537 const char *name); | 532 struct vnode *vp, struct label *vplabel, 533 int attrnamespace, const char *name); |
538typedef int (*mpo_check_vnode_exec_t)(struct ucred *cred, | 534typedef int (*mpo_check_vnode_exec_t)(struct ucred *cred, |
539 struct vnode *vp, struct label *label, | 535 struct vnode *vp, struct label *vplabel, |
540 struct image_params *imgp, struct label *execlabel); 541typedef int (*mpo_check_vnode_getacl_t)(struct ucred *cred, | 536 struct image_params *imgp, struct label *execlabel); 537typedef int (*mpo_check_vnode_getacl_t)(struct ucred *cred, |
542 struct vnode *vp, struct label *label, acl_type_t type); | 538 struct vnode *vp, struct label *vplabel, 539 acl_type_t type); |
543typedef int (*mpo_check_vnode_getextattr_t)(struct ucred *cred, | 540typedef int (*mpo_check_vnode_getextattr_t)(struct ucred *cred, |
544 struct vnode *vp, struct label *label, int attrnamespace, 545 const char *name, struct uio *uio); | 541 struct vnode *vp, struct label *vplabel, 542 int attrnamespace, const char *name, struct uio *uio); |
546typedef int (*mpo_check_vnode_link_t)(struct ucred *cred, | 543typedef int (*mpo_check_vnode_link_t)(struct ucred *cred, |
547 struct vnode *dvp, struct label *dlabel, struct vnode *vp, 548 struct label *label, struct componentname *cnp); | 544 struct vnode *dvp, struct label *dvplabel, 545 struct vnode *vp, struct label *vplabel, 546 struct componentname *cnp); |
549typedef int (*mpo_check_vnode_listextattr_t)(struct ucred *cred, | 547typedef int (*mpo_check_vnode_listextattr_t)(struct ucred *cred, |
550 struct vnode *vp, struct label *label, | 548 struct vnode *vp, struct label *vplabel, |
551 int attrnamespace); 552typedef int (*mpo_check_vnode_lookup_t)(struct ucred *cred, | 549 int attrnamespace); 550typedef int (*mpo_check_vnode_lookup_t)(struct ucred *cred, |
553 struct vnode *dvp, struct label *dlabel, | 551 struct vnode *dvp, struct label *dvplabel, |
554 struct componentname *cnp); 555typedef int (*mpo_check_vnode_mmap_t)(struct ucred *cred, 556 struct vnode *vp, struct label *label, int prot, 557 int flags); 558typedef void (*mpo_check_vnode_mmap_downgrade_t)(struct ucred *cred, | 552 struct componentname *cnp); 553typedef int (*mpo_check_vnode_mmap_t)(struct ucred *cred, 554 struct vnode *vp, struct label *label, int prot, 555 int flags); 556typedef void (*mpo_check_vnode_mmap_downgrade_t)(struct ucred *cred, |
559 struct vnode *vp, struct label *label, int *prot); | 557 struct vnode *vp, struct label *vplabel, int *prot); |
560typedef int (*mpo_check_vnode_mprotect_t)(struct ucred *cred, | 558typedef int (*mpo_check_vnode_mprotect_t)(struct ucred *cred, |
561 struct vnode *vp, struct label *label, int prot); | 559 struct vnode *vp, struct label *vplabel, int prot); |
562typedef int (*mpo_check_vnode_open_t)(struct ucred *cred, | 560typedef int (*mpo_check_vnode_open_t)(struct ucred *cred, |
563 struct vnode *vp, struct label *label, int acc_mode); | 561 struct vnode *vp, struct label *vplabel, int acc_mode); |
564typedef int (*mpo_check_vnode_poll_t)(struct ucred *active_cred, 565 struct ucred *file_cred, struct vnode *vp, | 562typedef int (*mpo_check_vnode_poll_t)(struct ucred *active_cred, 563 struct ucred *file_cred, struct vnode *vp, |
566 struct label *label); | 564 struct label *vplabel); |
567typedef int (*mpo_check_vnode_read_t)(struct ucred *active_cred, 568 struct ucred *file_cred, struct vnode *vp, | 565typedef int (*mpo_check_vnode_read_t)(struct ucred *active_cred, 566 struct ucred *file_cred, struct vnode *vp, |
569 struct label *label); | 567 struct label *vplabel); |
570typedef int (*mpo_check_vnode_readdir_t)(struct ucred *cred, | 568typedef int (*mpo_check_vnode_readdir_t)(struct ucred *cred, |
571 struct vnode *dvp, struct label *dlabel); | 569 struct vnode *dvp, struct label *dvplabel); |
572typedef int (*mpo_check_vnode_readlink_t)(struct ucred *cred, | 570typedef int (*mpo_check_vnode_readlink_t)(struct ucred *cred, |
573 struct vnode *vp, struct label *label); | 571 struct vnode *vp, struct label *vplabel); |
574typedef int (*mpo_check_vnode_relabel_t)(struct ucred *cred, | 572typedef int (*mpo_check_vnode_relabel_t)(struct ucred *cred, |
575 struct vnode *vp, struct label *vnodelabel, | 573 struct vnode *vp, struct label *vplabel, |
576 struct label *newlabel); 577typedef int (*mpo_check_vnode_rename_from_t)(struct ucred *cred, | 574 struct label *newlabel); 575typedef int (*mpo_check_vnode_rename_from_t)(struct ucred *cred, |
578 struct vnode *dvp, struct label *dlabel, 579 struct vnode *vp, struct label *label, | 576 struct vnode *dvp, struct label *dvplabel, 577 struct vnode *vp, struct label *vplabel, |
580 struct componentname *cnp); 581typedef int (*mpo_check_vnode_rename_to_t)(struct ucred *cred, | 578 struct componentname *cnp); 579typedef int (*mpo_check_vnode_rename_to_t)(struct ucred *cred, |
582 struct vnode *dvp, struct label *dlabel, 583 struct vnode *vp, struct label *label, int samedir, | 580 struct vnode *dvp, struct label *dvplabel, 581 struct vnode *vp, struct label *vplabel, int samedir, |
584 struct componentname *cnp); 585typedef int (*mpo_check_vnode_revoke_t)(struct ucred *cred, | 582 struct componentname *cnp); 583typedef int (*mpo_check_vnode_revoke_t)(struct ucred *cred, |
586 struct vnode *vp, struct label *label); | 584 struct vnode *vp, struct label *vplabel); |
587typedef int (*mpo_check_vnode_setacl_t)(struct ucred *cred, | 585typedef int (*mpo_check_vnode_setacl_t)(struct ucred *cred, |
588 struct vnode *vp, struct label *label, acl_type_t type, | 586 struct vnode *vp, struct label *vplabel, acl_type_t type, |
589 struct acl *acl); 590typedef int (*mpo_check_vnode_setextattr_t)(struct ucred *cred, | 587 struct acl *acl); 588typedef int (*mpo_check_vnode_setextattr_t)(struct ucred *cred, |
591 struct vnode *vp, struct label *label, int attrnamespace, 592 const char *name, struct uio *uio); | 589 struct vnode *vp, struct label *vplabel, 590 int attrnamespace, const char *name, struct uio *uio); |
593typedef int (*mpo_check_vnode_setflags_t)(struct ucred *cred, | 591typedef int (*mpo_check_vnode_setflags_t)(struct ucred *cred, |
594 struct vnode *vp, struct label *label, u_long flags); | 592 struct vnode *vp, struct label *vplabel, u_long flags); |
595typedef int (*mpo_check_vnode_setmode_t)(struct ucred *cred, | 593typedef int (*mpo_check_vnode_setmode_t)(struct ucred *cred, |
596 struct vnode *vp, struct label *label, mode_t mode); | 594 struct vnode *vp, struct label *vplabel, mode_t mode); |
597typedef int (*mpo_check_vnode_setowner_t)(struct ucred *cred, | 595typedef int (*mpo_check_vnode_setowner_t)(struct ucred *cred, |
598 struct vnode *vp, struct label *label, uid_t uid, | 596 struct vnode *vp, struct label *vplabel, uid_t uid, |
599 gid_t gid); 600typedef int (*mpo_check_vnode_setutimes_t)(struct ucred *cred, | 597 gid_t gid); 598typedef int (*mpo_check_vnode_setutimes_t)(struct ucred *cred, |
601 struct vnode *vp, struct label *label, | 599 struct vnode *vp, struct label *vplabel, |
602 struct timespec atime, struct timespec mtime); 603typedef int (*mpo_check_vnode_stat_t)(struct ucred *active_cred, 604 struct ucred *file_cred, struct vnode *vp, | 600 struct timespec atime, struct timespec mtime); 601typedef int (*mpo_check_vnode_stat_t)(struct ucred *active_cred, 602 struct ucred *file_cred, struct vnode *vp, |
605 struct label *label); | 603 struct label *vplabel); |
606typedef int (*mpo_check_vnode_write_t)(struct ucred *active_cred, 607 struct ucred *file_cred, struct vnode *vp, | 604typedef int (*mpo_check_vnode_write_t)(struct ucred *active_cred, 605 struct ucred *file_cred, struct vnode *vp, |
608 struct label *label); | 606 struct label *vplabel); |
609typedef void (*mpo_associate_nfsd_label_t)(struct ucred *cred); 610typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv); 611typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv); 612 613struct mac_policy_ops { 614 /* 615 * Policy module operations. 616 */ --- 362 unchanged lines hidden --- | 607typedef void (*mpo_associate_nfsd_label_t)(struct ucred *cred); 608typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv); 609typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv); 610 611struct mac_policy_ops { 612 /* 613 * Policy module operations. 614 */ --- 362 unchanged lines hidden --- |