Cross Reference: /freebsd-10.3-release/sys/security/mac/mac

Deleted Added

sdiff udiff text old ( 168954 ) new ( 168955 )

full compact

mac_policy.h (168954)	mac_policy.h (168955)
1/- 2 Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 *	1/- 2 Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 *
38 * $FreeBSD: head/sys/security/mac/mac_policy.h 168954 2007-04-22 16:18:10Z rwatson $	38 * $FreeBSD: head/sys/security/mac/mac_policy.h 168955 2007-04-22 19:55:56Z rwatson $
39 / 40/ 41 * Kernel interface for MAC policy modules. 42 / 43#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_ 44#define _SYS_SECURITY_MAC_MAC_POLICY_H_ 45 46#ifndef _KERNEL --- 144 unchanged lines hidden* (view full) --- 191typedef int (mpo_internalize_vnode_label_t)(struct label label, 192 char element_name, char element_data, int claimed); 193* 194/* 195 * Labeling event operations: file system objects, and things that look a lot 196 * like file system objects. 197 / 198typedef void (mpo_associate_vnode_devfs_t)(struct mount *mp,	39 / 40/ 41 * Kernel interface for MAC policy modules. 42 / 43#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_ 44#define _SYS_SECURITY_MAC_MAC_POLICY_H_ 45 46#ifndef _KERNEL --- 144 unchanged lines hidden* (view full) --- 191typedef int (mpo_internalize_vnode_label_t)(struct label label, 192 char element_name, char element_data, int claimed); 193* 194/* 195 * Labeling event operations: file system objects, and things that look a lot 196 * like file system objects. 197 / 198typedef void (mpo_associate_vnode_devfs_t)(struct mount *mp,
199 struct label mntlabel, struct devfs_dirent de,	199 struct label mplabel, struct devfs_dirent de,
200 struct label delabel, struct vnode vp,	200 struct label delabel, struct vnode vp,
201 struct label *vlabel);	201 struct label *vplabel);
202typedef int (mpo_associate_vnode_extattr_t)(struct mount mp,	202typedef int (mpo_associate_vnode_extattr_t)(struct mount mp,
203 struct label mntlabel, struct vnode vp, 204 struct label *vlabel);	203 struct label mplabel, struct vnode vp, 204 struct label *vplabel);
205typedef void (mpo_associate_vnode_singlelabel_t)(struct mount mp,	205typedef void (mpo_associate_vnode_singlelabel_t)(struct mount mp,
206 struct label mntlabel, struct vnode vp, 207 struct label *vlabel);	206 struct label mplabel, struct vnode vp, 207 struct label *vplabel);
208typedef void (mpo_create_devfs_device_t)(struct ucred cred, 209 struct mount mp, struct cdev dev,	208typedef void (mpo_create_devfs_device_t)(struct ucred cred, 209 struct mount mp, struct cdev dev,
210 struct devfs_dirent de, struct label label);	210 struct devfs_dirent de, struct label delabel);
211typedef void (mpo_create_devfs_directory_t)(struct mount mp, 212 char dirname, int dirnamelen, struct devfs_dirent de,	211typedef void (mpo_create_devfs_directory_t)(struct mount mp, 212 char dirname, int dirnamelen, struct devfs_dirent de,
213 struct label *label);	213 struct label *delabel);
214typedef void (mpo_create_devfs_symlink_t)(struct ucred cred, 215 struct mount mp, struct devfs_dirent dd, 216 struct label ddlabel, struct devfs_dirent de, 217 struct label delabel); 218typedef int (mpo_create_vnode_extattr_t)(struct ucred *cred,	214typedef void (mpo_create_devfs_symlink_t)(struct ucred cred, 215 struct mount mp, struct devfs_dirent dd, 216 struct label ddlabel, struct devfs_dirent de, 217 struct label delabel); 218typedef int (mpo_create_vnode_extattr_t)(struct ucred *cred,
219 struct mount mp, struct label mntlabel, 220 struct vnode dvp, struct label dlabel, 221 struct vnode vp, struct label vlabel,	219 struct mount mp, struct label mplabel, 220 struct vnode dvp, struct label dvplabel, 221 struct vnode vp, struct label vplabel,
222 struct componentname cnp); 223typedef void (mpo_create_mount_t)(struct ucred cred, struct mount mp,	222 struct componentname cnp); 223typedef void (mpo_create_mount_t)(struct ucred cred, struct mount mp,
224 struct label *mntlabel);	224 struct label *mplabel);
225typedef void (mpo_relabel_vnode_t)(struct ucred cred, struct vnode *vp,	225typedef void (mpo_relabel_vnode_t)(struct ucred cred, struct vnode *vp,
226 struct label vnodelabel, struct label label);	226 struct label vplabel, struct label label);
227typedef int (mpo_setlabel_vnode_extattr_t)(struct ucred cred,	227typedef int (mpo_setlabel_vnode_extattr_t)(struct ucred cred,
228 struct vnode vp, struct label vlabel,	228 struct vnode vp, struct label vplabel,
229 struct label intlabel); 230typedef void (mpo_update_devfsdirent_t)(struct mount *mp,	229 struct label intlabel); 230typedef void (mpo_update_devfsdirent_t)(struct mount *mp,
231 struct devfs_dirent devfs_dirent, 232* struct label direntlabel, struct vnode vp, 233 struct label *vnodelabel);	231 struct devfs_dirent de, struct label delabel, 232 struct vnode vp, struct label vplabel);
234 235/* 236 * Labeling event operations: IPC objects. 237 / 238typedef void (mpo_create_mbuf_from_socket_t)(struct socket *so,	233 234/* 235 * Labeling event operations: IPC objects. 236 / 237typedef void (mpo_create_mbuf_from_socket_t)(struct socket *so,
239 struct label socketlabel, struct mbuf m, 240 struct label *mbuflabel);	238 struct label solabel, struct mbuf m, 239 struct label *mlabel);
241typedef void (mpo_create_socket_t)(struct ucred cred, struct socket *so,	240typedef void (mpo_create_socket_t)(struct ucred cred, struct socket *so,
242 struct label socketlabel); 243typedef void (mpo_create_socket_from_socket_t)(struct socket oldsocket, 244* struct label oldsocketlabel, struct socket newsocket, 245 struct label *newsocketlabel);	241 struct label solabel); 242typedef void (mpo_create_socket_from_socket_t)(struct socket oldso, 243* struct label oldsolabel, struct socket newso, 244 struct label *newsolabel);
246typedef void (mpo_relabel_socket_t)(struct ucred cred, struct socket so, 247* struct label oldlabel, struct label newlabel); 248typedef void (mpo_relabel_pipe_t)(struct ucred cred, struct pipepair pp, 249* struct label oldlabel, struct label newlabel);	245typedef void (mpo_relabel_socket_t)(struct ucred cred, struct socket so, 246* struct label oldlabel, struct label newlabel); 247typedef void (mpo_relabel_pipe_t)(struct ucred cred, struct pipepair pp, 248* struct label oldlabel, struct label newlabel);
250typedef void (mpo_set_socket_peer_from_mbuf_t)(struct mbuf mbuf, 251 struct label mbuflabel, struct socket so, 252 struct label socketpeerlabel); 253typedef void (mpo_set_socket_peer_from_socket_t)(struct socket oldsocket, 254* struct label oldsocketlabel, struct socket newsocket, 255 struct label *newsocketpeerlabel);	249typedef void (mpo_set_socket_peer_from_mbuf_t)(struct mbuf m, 250 struct label mlabel, struct socket so, 251 struct label sopeerlabel); 252typedef void (mpo_set_socket_peer_from_socket_t)(struct socket oldso, 253* struct label oldsolabel, struct socket newso, 254 struct label *newsopeerlabel);
256typedef void (mpo_create_pipe_t)(struct ucred cred, struct pipepair *pp,	255typedef void (mpo_create_pipe_t)(struct ucred cred, struct pipepair *pp,
257 struct label *pipelabel);	256 struct label *pplabel);
258 259/* 260 * Labeling event operations: System V IPC primitives. 261 / 262typedef void (mpo_create_sysv_msgmsg_t)(struct ucred cred, 263* struct msqid_kernel msqkptr, struct label msqlabel, 264 struct msg msgptr, struct label msglabel); 265typedef void (mpo_create_sysv_msgqueue_t)(struct ucred cred, --- 8 unchanged lines hidden (view full) --- 274 / 275typedef void (mpo_create_posix_sem_t)(struct ucred cred, 276* struct ksem ksemptr, struct label ks_label); 277 278/* 279 * Labeling event operations: network objects. 280 / 281typedef void (mpo_create_bpfdesc_t)(struct ucred *cred,	257 258/* 259 * Labeling event operations: System V IPC primitives. 260 / 261typedef void (mpo_create_sysv_msgmsg_t)(struct ucred cred, 262* struct msqid_kernel msqkptr, struct label msqlabel, 263 struct msg msgptr, struct label msglabel); 264typedef void (mpo_create_sysv_msgqueue_t)(struct ucred cred, --- 8 unchanged lines hidden (view full) --- 273 / 274typedef void (mpo_create_posix_sem_t)(struct ucred cred, 275* struct ksem ksemptr, struct label ks_label); 276 277/* 278 * Labeling event operations: network objects. 279 / 280typedef void (mpo_create_bpfdesc_t)(struct ucred *cred,
282 struct bpf_d bpf_d, struct label bpflabel); 283typedef void (mpo_create_ifnet_t)(struct ifnet ifnet, 284 struct label *ifnetlabel);	281 struct bpf_d d, struct label dlabel); 282typedef void (mpo_create_ifnet_t)(struct ifnet ifp, 283 struct label *ifplabel);
285typedef void (mpo_create_inpcb_from_socket_t)(struct socket so, 286 struct label solabel, struct inpcb inp, 287 struct label *inplabel);	284typedef void (mpo_create_inpcb_from_socket_t)(struct socket so, 285 struct label solabel, struct inpcb inp, 286 struct label *inplabel);
288typedef void (mpo_create_ipq_t)(struct mbuf fragment, 289 struct label fragmentlabel, struct ipq ipq, 290 struct label *ipqlabel);	287typedef void (mpo_create_ipq_t)(struct mbuf m, struct label mlabel, 288* struct ipq ipq, struct label ipqlabel);
291typedef void (*mpo_create_datagram_from_ipq)	289typedef void (*mpo_create_datagram_from_ipq)
292 (struct ipq ipq, struct label ipqlabel, 293 struct mbuf datagram, struct label datagramlabel); 294typedef void (mpo_create_fragment_t)(struct mbuf datagram, 295 struct label datagramlabel, struct mbuf fragment, 296 struct label *fragmentlabel);	290 (struct ipq ipq, struct label ipqlabel, struct mbuf m, 291* struct label mlabel); 292typedef void (mpo_create_fragment_t)(struct mbuf m, 293* struct label mlabel, struct mbuf frag, 294 struct label *fraglabel);
297typedef void (mpo_create_mbuf_from_inpcb_t)(struct inpcb inp, 298 struct label inplabel, struct mbuf m, 299 struct label *mlabel);	295typedef void (mpo_create_mbuf_from_inpcb_t)(struct inpcb inp, 296 struct label inplabel, struct mbuf m, 297 struct label *mlabel);
300typedef void (mpo_create_mbuf_linklayer_t)(struct ifnet ifnet, 301 struct label ifnetlabel, struct mbuf mbuf, 302 struct label mbuflabel); 303typedef void (mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d bpf_d, 304* struct label bpflabel, struct mbuf mbuf, 305 struct label mbuflabel); 306typedef void (mpo_create_mbuf_from_ifnet_t)(struct ifnet ifnet, 307* struct label ifnetlabel, struct mbuf mbuf, 308 struct label mbuflabel); 309typedef void (mpo_create_mbuf_multicast_encap_t)(struct mbuf oldmbuf, 310* struct label oldmbuflabel, struct ifnet ifnet, 311 struct label ifnetlabel, struct mbuf newmbuf, 312 struct label newmbuflabel); 313typedef void (mpo_create_mbuf_netlayer_t)(struct mbuf oldmbuf, 314* struct label oldmbuflabel, struct mbuf newmbuf, 315 struct label newmbuflabel); 316typedef int (mpo_fragment_match_t)(struct mbuf fragment, 317* struct label fragmentlabel, struct ipq ipq, 318 struct label *ipqlabel);	298typedef void (mpo_create_mbuf_linklayer_t)(struct ifnet ifp, 299 struct label ifplabel, struct mbuf m, 300 struct label mlabel); 301typedef void (mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d d, 302* struct label dlabel, struct mbuf m, 303 struct label mlabel); 304typedef void (mpo_create_mbuf_from_ifnet_t)(struct ifnet ifp, 305* struct label ifplabel, struct mbuf m, 306 struct label mlabel); 307typedef void (mpo_create_mbuf_multicast_encap_t)(struct mbuf m, 308* struct label mlabel, struct ifnet ifp, 309 struct label ifplabel, struct mbuf mnew, 310 struct label mnewlabel); 311typedef void (mpo_create_mbuf_netlayer_t)(struct mbuf m, 312* struct label mlabel, struct mbuf mnew, 313 struct label mnewlabel); 314typedef int (mpo_fragment_match_t)(struct mbuf m, struct label mlabel, 315 struct ipq ipq, struct label ipqlabel);
319typedef void (mpo_reflect_mbuf_icmp_t)(struct mbuf m, 320 struct label mlabel); 321typedef void (mpo_reflect_mbuf_tcp_t)(struct mbuf m, 322* struct label *mlabel);	316typedef void (mpo_reflect_mbuf_icmp_t)(struct mbuf m, 317 struct label mlabel); 318typedef void (mpo_reflect_mbuf_tcp_t)(struct mbuf m, 319* struct label *mlabel);
323typedef void (mpo_relabel_ifnet_t)(struct ucred cred, 324 struct ifnet ifnet, struct label ifnetlabel, 325 struct label newlabel); 326typedef void (mpo_update_ipq_t)(struct mbuf fragment, 327* struct label fragmentlabel, struct ipq ipq, 328 struct label *ipqlabel);	320typedef void (mpo_relabel_ifnet_t)(struct ucred cred, struct ifnet ifp, 321* struct label ifplabel, struct label newlabel); 322typedef void (mpo_update_ipq_t)(struct mbuf m, struct label mlabel, 323* struct ipq ipq, struct label ipqlabel);
329typedef void (mpo_inpcb_sosetlabel_t)(struct socket so, 330 struct label label, struct inpcb inp, 331 struct label inplabel); 332* 333typedef void (mpo_create_mbuf_from_firewall_t)(struct mbuf m, 334 struct label label); 335typedef void (mpo_destroy_syncache_label_t)(struct label label); 336typedef int (mpo_init_syncache_label_t)(struct label label, int flag); 337typedef void (mpo_init_syncache_from_inpcb_t)(struct label label, 338* struct inpcb inp); 339typedef void (mpo_create_mbuf_from_syncache_t)(struct label *sc_label,	324typedef void (mpo_inpcb_sosetlabel_t)(struct socket so, 325 struct label label, struct inpcb inp, 326 struct label inplabel); 327* 328typedef void (mpo_create_mbuf_from_firewall_t)(struct mbuf m, 329 struct label label); 330typedef void (mpo_destroy_syncache_label_t)(struct label label); 331typedef int (mpo_init_syncache_label_t)(struct label label, int flag); 332typedef void (mpo_init_syncache_from_inpcb_t)(struct label label, 333* struct inpcb inp); 334typedef void (mpo_create_mbuf_from_syncache_t)(struct label *sc_label,
340 struct mbuf m, struct label mbuf_label);	335 struct mbuf m, struct label mlabel);
341/* 342 * Labeling event operations: processes. 343 / 344typedef void (mpo_execve_transition_t)(struct ucred old, 345* struct ucred new, struct vnode vp,	336/* 337 * Labeling event operations: processes. 338 / 339typedef void (mpo_execve_transition_t)(struct ucred old, 340* struct ucred new, struct vnode vp,
346 struct label vnodelabel, struct label interpvnodelabel,	341 struct label vplabel, struct label interpvnodelabel,
347 struct image_params imgp, struct label execlabel); 348typedef int (mpo_execve_will_transition_t)(struct ucred old,	342 struct image_params imgp, struct label execlabel); 343typedef int (mpo_execve_will_transition_t)(struct ucred old,
349 struct vnode vp, struct label vnodelabel,	344 struct vnode vp, struct label vplabel,
350 struct label interpvnodelabel, 351* struct image_params imgp, struct label execlabel); 352typedef void (mpo_create_proc0_t)(struct ucred cred); 353typedef void (mpo_create_proc1_t)(struct ucred cred); 354typedef void (mpo_relabel_cred_t)(struct ucred cred, 355 struct label newlabel); 356typedef void (mpo_thread_userret_t)(struct thread thread); 357* 358/* 359 * Access control checks. 360 */	345 struct label interpvnodelabel, 346* struct image_params imgp, struct label execlabel); 347typedef void (mpo_create_proc0_t)(struct ucred cred); 348typedef void (mpo_create_proc1_t)(struct ucred cred); 349typedef void (mpo_relabel_cred_t)(struct ucred cred, 350 struct label newlabel); 351typedef void (mpo_thread_userret_t)(struct thread thread); 352* 353/* 354 * Access control checks. 355 */
361typedef int (mpo_check_bpfdesc_receive_t)(struct bpf_d bpf_d, 362 struct label bpflabel, struct ifnet ifnet, 363 struct label *ifnetlabel);	356typedef int (mpo_check_bpfdesc_receive_t)(struct bpf_d d, 357 struct label dlabel, struct ifnet ifp, 358 struct label *ifplabel);
364typedef int (mpo_check_cred_relabel_t)(struct ucred cred, 365 struct label *newlabel);	359typedef int (mpo_check_cred_relabel_t)(struct ucred cred, 360 struct label *newlabel);
366typedef int (mpo_check_cred_visible_t)(struct ucred u1, 367 struct ucred *u2);	361typedef int (mpo_check_cred_visible_t)(struct ucred cr1, 362 struct ucred *cr2);
368typedef int (mpo_check_ifnet_relabel_t)(struct ucred cred,	363typedef int (mpo_check_ifnet_relabel_t)(struct ucred cred,
369 struct ifnet ifnet, struct label ifnetlabel,	364 struct ifnet ifp, struct label ifplabel,
370 struct label *newlabel);	365 struct label *newlabel);
371typedef int (mpo_check_ifnet_transmit_t)(struct ifnet ifnet, 372 struct label ifnetlabel, struct mbuf m, 373 struct label *mbuflabel);	366typedef int (mpo_check_ifnet_transmit_t)(struct ifnet ifp, 367 struct label ifplabel, struct mbuf m, 368 struct label *mlabel);
374typedef int (mpo_check_inpcb_deliver_t)(struct inpcb inp, 375 struct label inplabel, struct mbuf m, 376 struct label mlabel); 377typedef int (mpo_check_sysv_msgmsq_t)(struct ucred cred, 378* struct msg msgptr, struct label msglabel, 379 struct msqid_kernel msqkptr, struct label msqklabel); 380typedef int (mpo_check_sysv_msgrcv_t)(struct ucred cred, 381 struct msg msgptr, struct label msglabel); --- 29 unchanged lines hidden (view full) --- 411 struct shmid_kernel shmsegptr, 412* struct label shmseglabel, int shmflg); 413typedef int (mpo_check_kenv_dump_t)(struct ucred cred); 414typedef int (mpo_check_kenv_get_t)(struct ucred cred, char name); 415typedef int (mpo_check_kenv_set_t)(struct ucred cred, char name, 416* char value); 417typedef int (mpo_check_kenv_unset_t)(struct ucred cred, char name); 418typedef int (mpo_check_kld_load_t)(struct ucred cred, struct vnode *vp,	369typedef int (mpo_check_inpcb_deliver_t)(struct inpcb inp, 370 struct label inplabel, struct mbuf m, 371 struct label mlabel); 372typedef int (mpo_check_sysv_msgmsq_t)(struct ucred cred, 373* struct msg msgptr, struct label msglabel, 374 struct msqid_kernel msqkptr, struct label msqklabel); 375typedef int (mpo_check_sysv_msgrcv_t)(struct ucred cred, 376 struct msg msgptr, struct label msglabel); --- 29 unchanged lines hidden (view full) --- 406 struct shmid_kernel shmsegptr, 407* struct label shmseglabel, int shmflg); 408typedef int (mpo_check_kenv_dump_t)(struct ucred cred); 409typedef int (mpo_check_kenv_get_t)(struct ucred cred, char name); 410typedef int (mpo_check_kenv_set_t)(struct ucred cred, char name, 411* char value); 412typedef int (mpo_check_kenv_unset_t)(struct ucred cred, char name); 413typedef int (mpo_check_kld_load_t)(struct ucred cred, struct vnode *vp,
419 struct label *vlabel);	414 struct label *vplabel);
420typedef int (mpo_check_kld_stat_t)(struct ucred cred); 421typedef int (mpo_mpo_placeholder19_t)(void); 422typedef int (mpo_mpo_placeholder20_t)(void); 423typedef int (mpo_check_mount_stat_t)(struct ucred cred,	415typedef int (mpo_check_kld_stat_t)(struct ucred cred); 416typedef int (mpo_mpo_placeholder19_t)(void); 417typedef int (mpo_mpo_placeholder20_t)(void); 418typedef int (mpo_check_mount_stat_t)(struct ucred cred,
424 struct mount mp, struct label mntlabel);	419 struct mount mp, struct label mplabel);
425typedef int (mpo_mpo_placeholder21_t)(void); 426typedef int (mpo_check_pipe_ioctl_t)(struct ucred *cred,	420typedef int (mpo_mpo_placeholder21_t)(void); 421typedef int (mpo_check_pipe_ioctl_t)(struct ucred *cred,
427 struct pipepair pp, struct label pipelabel,	422 struct pipepair pp, struct label pplabel,
428 unsigned long cmd, void data); 429typedef int (mpo_check_pipe_poll_t)(struct ucred *cred,	423 unsigned long cmd, void data); 424typedef int (mpo_check_pipe_poll_t)(struct ucred *cred,
430 struct pipepair pp, struct label pipelabel);	425 struct pipepair pp, struct label pplabel);
431typedef int (mpo_check_pipe_read_t)(struct ucred cred,	426typedef int (mpo_check_pipe_read_t)(struct ucred cred,
432 struct pipepair pp, struct label pipelabel);	427 struct pipepair pp, struct label pplabel);
433typedef int (mpo_check_pipe_relabel_t)(struct ucred cred,	428typedef int (mpo_check_pipe_relabel_t)(struct ucred cred,
434 struct pipepair pp, struct label pipelabel,	429 struct pipepair pp, struct label pplabel,
435 struct label newlabel); 436typedef int (mpo_check_pipe_stat_t)(struct ucred *cred,	430 struct label newlabel); 431typedef int (mpo_check_pipe_stat_t)(struct ucred *cred,
437 struct pipepair pp, struct label pipelabel);	432 struct pipepair pp, struct label pplabel);
438typedef int (mpo_check_pipe_write_t)(struct ucred cred,	433typedef int (mpo_check_pipe_write_t)(struct ucred cred,
439 struct pipepair pp, struct label pipelabel);	434 struct pipepair pp, struct label pplabel);
440typedef int (mpo_check_posix_sem_destroy_t)(struct ucred cred, 441 struct ksem ksemptr, struct label ks_label); 442typedef int (mpo_check_posix_sem_getvalue_t)(struct ucred cred, 443 struct ksem ksemptr, struct label ks_label); 444typedef int (mpo_check_posix_sem_open_t)(struct ucred cred, 445 struct ksem ksemptr, struct label ks_label); 446typedef int (mpo_check_posix_sem_post_t)(struct ucred cred, 447 struct ksem ksemptr, struct label ks_label); 448typedef int (mpo_check_posix_sem_unlink_t)(struct ucred cred, 449 struct ksem ksemptr, struct label ks_label); 450typedef int (mpo_check_posix_sem_wait_t)(struct ucred cred, 451 struct ksem ksemptr, struct label ks_label); 452typedef int (mpo_check_proc_debug_t)(struct ucred cred,	435typedef int (mpo_check_posix_sem_destroy_t)(struct ucred cred, 436 struct ksem ksemptr, struct label ks_label); 437typedef int (mpo_check_posix_sem_getvalue_t)(struct ucred cred, 438 struct ksem ksemptr, struct label ks_label); 439typedef int (mpo_check_posix_sem_open_t)(struct ucred cred, 440 struct ksem ksemptr, struct label ks_label); 441typedef int (mpo_check_posix_sem_post_t)(struct ucred cred, 442 struct ksem ksemptr, struct label ks_label); 443typedef int (mpo_check_posix_sem_unlink_t)(struct ucred cred, 444 struct ksem ksemptr, struct label ks_label); 445typedef int (mpo_check_posix_sem_wait_t)(struct ucred cred, 446 struct ksem ksemptr, struct label ks_label); 447typedef int (mpo_check_proc_debug_t)(struct ucred cred,
453 struct proc *proc);	448 struct proc *p);
454typedef int (mpo_check_proc_sched_t)(struct ucred cred,	449typedef int (mpo_check_proc_sched_t)(struct ucred cred,
455 struct proc *proc);	450 struct proc *p);
456typedef int (mpo_check_proc_setaudit_t)(struct ucred cred, 457 struct auditinfo ai); 458typedef int (mpo_check_proc_setauid_t)(struct ucred cred, uid_t auid); 459typedef int (mpo_check_proc_setuid_t)(struct ucred cred, uid_t uid); 460typedef int (mpo_check_proc_seteuid_t)(struct ucred cred, uid_t euid); 461typedef int (mpo_check_proc_setgid_t)(struct ucred cred, gid_t gid); 462typedef int (mpo_check_proc_setegid_t)(struct ucred cred, gid_t egid); 463typedef int (mpo_check_proc_setgroups_t)(struct ucred cred, int ngroups, --- 6 unchanged lines hidden* (view full) --- 470 uid_t euid, uid_t suid); 471typedef int (mpo_check_proc_setresgid_t)(struct ucred cred, gid_t rgid, 472 gid_t egid, gid_t sgid); 473typedef int (mpo_check_proc_signal_t)(struct ucred cred, 474 struct proc proc, int signum); 475typedef int (mpo_check_proc_wait_t)(struct ucred cred, 476* struct proc proc); 477typedef int (mpo_check_socket_accept_t)(struct ucred *cred,	451typedef int (mpo_check_proc_setaudit_t)(struct ucred cred, 452 struct auditinfo ai); 453typedef int (mpo_check_proc_setauid_t)(struct ucred cred, uid_t auid); 454typedef int (mpo_check_proc_setuid_t)(struct ucred cred, uid_t uid); 455typedef int (mpo_check_proc_seteuid_t)(struct ucred cred, uid_t euid); 456typedef int (mpo_check_proc_setgid_t)(struct ucred cred, gid_t gid); 457typedef int (mpo_check_proc_setegid_t)(struct ucred cred, gid_t egid); 458typedef int (mpo_check_proc_setgroups_t)(struct ucred cred, int ngroups, --- 6 unchanged lines hidden* (view full) --- 465 uid_t euid, uid_t suid); 466typedef int (mpo_check_proc_setresgid_t)(struct ucred cred, gid_t rgid, 467 gid_t egid, gid_t sgid); 468typedef int (mpo_check_proc_signal_t)(struct ucred cred, 469 struct proc proc, int signum); 470typedef int (mpo_check_proc_wait_t)(struct ucred cred, 471* struct proc proc); 472typedef int (mpo_check_socket_accept_t)(struct ucred *cred,
478 struct socket so, struct label socketlabel);	473 struct socket so, struct label solabel);
479typedef int (mpo_check_socket_bind_t)(struct ucred cred,	474typedef int (mpo_check_socket_bind_t)(struct ucred cred,
480 struct socket so, struct label socketlabel, 481 struct sockaddr *sockaddr);	475 struct socket so, struct label solabel, 476 struct sockaddr *sa);
482typedef int (mpo_check_socket_connect_t)(struct ucred cred,	477typedef int (mpo_check_socket_connect_t)(struct ucred cred,
483 struct socket so, struct label socketlabel, 484 struct sockaddr *sockaddr);	478 struct socket so, struct label solabel, 479 struct sockaddr *sa);
485typedef int (mpo_check_socket_create_t)(struct ucred cred, int domain, 486 int type, int protocol); 487typedef int (mpo_check_socket_deliver_t)(struct socket so,	480typedef int (mpo_check_socket_create_t)(struct ucred cred, int domain, 481 int type, int protocol); 482typedef int (mpo_check_socket_deliver_t)(struct socket so,
488 struct label socketlabel, struct mbuf m, 489 struct label *mbuflabel);	483 struct label solabel, struct mbuf m, 484 struct label *mlabel);
490typedef int (mpo_check_socket_listen_t)(struct ucred cred,	485typedef int (mpo_check_socket_listen_t)(struct ucred cred,
491 struct socket so, struct label socketlabel);	486 struct socket so, struct label solabel);
492typedef int (mpo_check_socket_poll_t)(struct ucred cred,	487typedef int (mpo_check_socket_poll_t)(struct ucred cred,
493 struct socket so, struct label socketlabel);	488 struct socket so, struct label solabel);
494typedef int (mpo_check_socket_receive_t)(struct ucred cred,	489typedef int (mpo_check_socket_receive_t)(struct ucred cred,
495 struct socket so, struct label socketlabel);	490 struct socket so, struct label solabel);
496typedef int (mpo_check_socket_relabel_t)(struct ucred cred,	491typedef int (mpo_check_socket_relabel_t)(struct ucred cred,
497 struct socket so, struct label socketlabel,	492 struct socket so, struct label solabel,
498 struct label newlabel); 499typedef int (mpo_check_socket_send_t)(struct ucred *cred,	493 struct label newlabel); 494typedef int (mpo_check_socket_send_t)(struct ucred *cred,
500 struct socket so, struct label socketlabel);	495 struct socket so, struct label solabel);
501typedef int (mpo_check_socket_stat_t)(struct ucred cred,	496typedef int (mpo_check_socket_stat_t)(struct ucred cred,
502 struct socket so, struct label socketlabel);	497 struct socket so, struct label solabel);
503typedef int (mpo_check_socket_visible_t)(struct ucred cred,	498typedef int (mpo_check_socket_visible_t)(struct ucred cred,
504 struct socket so, struct label socketlabel);	499 struct socket so, struct label solabel);
505typedef int (mpo_check_system_acct_t)(struct ucred cred,	500typedef int (mpo_check_system_acct_t)(struct ucred cred,
506 struct vnode vp, struct label vlabel);	501 struct vnode vp, struct label vplabel);
507typedef int (mpo_check_system_audit_t)(struct ucred cred, void record, 508* int length); 509typedef int (mpo_check_system_auditctl_t)(struct ucred cred, 510 struct vnode vp, struct label vplabel); 511typedef int (mpo_check_system_auditon_t)(struct ucred cred, int cmd); 512typedef int (mpo_check_system_reboot_t)(struct ucred cred, int howto); 513typedef int (mpo_check_system_swapon_t)(struct ucred cred,	502typedef int (mpo_check_system_audit_t)(struct ucred cred, void record, 503* int length); 504typedef int (mpo_check_system_auditctl_t)(struct ucred cred, 505 struct vnode vp, struct label vplabel); 506typedef int (mpo_check_system_auditon_t)(struct ucred cred, int cmd); 507typedef int (mpo_check_system_reboot_t)(struct ucred cred, int howto); 508typedef int (mpo_check_system_swapon_t)(struct ucred cred,
514 struct vnode vp, struct label label);	509 struct vnode vp, struct label vplabel);
515typedef int (mpo_check_system_swapoff_t)(struct ucred cred,	510typedef int (mpo_check_system_swapoff_t)(struct ucred cred,
516 struct vnode vp, struct label label);	511 struct vnode vp, struct label vplabel);
517typedef int (mpo_check_system_sysctl_t)(struct ucred cred, 518 struct sysctl_oid oidp, void arg1, int arg2, 519 struct sysctl_req req); 520typedef int (mpo_check_vnode_access_t)(struct ucred *cred,	512typedef int (mpo_check_system_sysctl_t)(struct ucred cred, 513 struct sysctl_oid oidp, void arg1, int arg2, 514 struct sysctl_req req); 515typedef int (mpo_check_vnode_access_t)(struct ucred *cred,
521 struct vnode vp, struct label label, int acc_mode);	516 struct vnode vp, struct label vplabel, int acc_mode);
522typedef int (mpo_check_vnode_chdir_t)(struct ucred cred,	517typedef int (mpo_check_vnode_chdir_t)(struct ucred cred,
523 struct vnode dvp, struct label dlabel);	518 struct vnode dvp, struct label dvplabel);
524typedef int (mpo_check_vnode_chroot_t)(struct ucred cred,	519typedef int (mpo_check_vnode_chroot_t)(struct ucred cred,
525 struct vnode dvp, struct label dlabel);	520 struct vnode dvp, struct label dvplabel);
526typedef int (mpo_check_vnode_create_t)(struct ucred cred,	521typedef int (mpo_check_vnode_create_t)(struct ucred cred,
527 struct vnode dvp, struct label dlabel,	522 struct vnode dvp, struct label dvplabel,
528 struct componentname cnp, struct vattr vap); 529typedef int (mpo_check_vnode_delete_t)(struct ucred cred,	523 struct componentname cnp, struct vattr vap); 524typedef int (mpo_check_vnode_delete_t)(struct ucred cred,
530 struct vnode dvp, struct label dlabel, 531 struct vnode vp, struct label label,	525 struct vnode dvp, struct label dvplabel, 526 struct vnode vp, struct label vplabel,
532 struct componentname cnp); 533typedef int (mpo_check_vnode_deleteacl_t)(struct ucred *cred,	527 struct componentname cnp); 528typedef int (mpo_check_vnode_deleteacl_t)(struct ucred *cred,
534 struct vnode vp, struct label label, acl_type_t type);	529 struct vnode vp, struct label vplabel, 530 acl_type_t type);
535typedef int (mpo_check_vnode_deleteextattr_t)(struct ucred cred,	531typedef int (mpo_check_vnode_deleteextattr_t)(struct ucred cred,
536 struct vnode vp, struct label label, int attrnamespace, 537 const char *name);	532 struct vnode vp, struct label vplabel, 533 int attrnamespace, const char *name);
538typedef int (mpo_check_vnode_exec_t)(struct ucred cred,	534typedef int (mpo_check_vnode_exec_t)(struct ucred cred,
539 struct vnode vp, struct label label,	535 struct vnode vp, struct label vplabel,
540 struct image_params imgp, struct label execlabel); 541typedef int (mpo_check_vnode_getacl_t)(struct ucred cred,	536 struct image_params imgp, struct label execlabel); 537typedef int (mpo_check_vnode_getacl_t)(struct ucred cred,
542 struct vnode vp, struct label label, acl_type_t type);	538 struct vnode vp, struct label vplabel, 539 acl_type_t type);
543typedef int (mpo_check_vnode_getextattr_t)(struct ucred cred,	540typedef int (mpo_check_vnode_getextattr_t)(struct ucred cred,
544 struct vnode vp, struct label label, int attrnamespace, 545 const char name, struct uio uio);	541 struct vnode vp, struct label vplabel, 542 int attrnamespace, const char name, struct uio uio);
546typedef int (mpo_check_vnode_link_t)(struct ucred cred,	543typedef int (mpo_check_vnode_link_t)(struct ucred cred,
547 struct vnode dvp, struct label dlabel, struct vnode vp, 548* struct label label, struct componentname cnp);	544 struct vnode dvp, struct label dvplabel, 545 struct vnode vp, struct label vplabel, 546 struct componentname *cnp);
549typedef int (mpo_check_vnode_listextattr_t)(struct ucred cred,	547typedef int (mpo_check_vnode_listextattr_t)(struct ucred cred,
550 struct vnode vp, struct label label,	548 struct vnode vp, struct label vplabel,
551 int attrnamespace); 552typedef int (mpo_check_vnode_lookup_t)(struct ucred cred,	549 int attrnamespace); 550typedef int (mpo_check_vnode_lookup_t)(struct ucred cred,
553 struct vnode dvp, struct label dlabel,	551 struct vnode dvp, struct label dvplabel,
554 struct componentname cnp); 555typedef int (mpo_check_vnode_mmap_t)(struct ucred cred, 556* struct vnode vp, struct label label, int prot, 557 int flags); 558typedef void (mpo_check_vnode_mmap_downgrade_t)(struct ucred cred,	552 struct componentname cnp); 553typedef int (mpo_check_vnode_mmap_t)(struct ucred cred, 554* struct vnode vp, struct label label, int prot, 555 int flags); 556typedef void (mpo_check_vnode_mmap_downgrade_t)(struct ucred cred,
559 struct vnode vp, struct label label, int *prot);	557 struct vnode vp, struct label vplabel, int *prot);
560typedef int (mpo_check_vnode_mprotect_t)(struct ucred cred,	558typedef int (mpo_check_vnode_mprotect_t)(struct ucred cred,
561 struct vnode vp, struct label label, int prot);	559 struct vnode vp, struct label vplabel, int prot);
562typedef int (mpo_check_vnode_open_t)(struct ucred cred,	560typedef int (mpo_check_vnode_open_t)(struct ucred cred,
563 struct vnode vp, struct label label, int acc_mode);	561 struct vnode vp, struct label vplabel, int acc_mode);
564typedef int (mpo_check_vnode_poll_t)(struct ucred active_cred, 565 struct ucred file_cred, struct vnode vp,	562typedef int (mpo_check_vnode_poll_t)(struct ucred active_cred, 563 struct ucred file_cred, struct vnode vp,
566 struct label *label);	564 struct label *vplabel);
567typedef int (mpo_check_vnode_read_t)(struct ucred active_cred, 568 struct ucred file_cred, struct vnode vp,	565typedef int (mpo_check_vnode_read_t)(struct ucred active_cred, 566 struct ucred file_cred, struct vnode vp,
569 struct label *label);	567 struct label *vplabel);
570typedef int (mpo_check_vnode_readdir_t)(struct ucred cred,	568typedef int (mpo_check_vnode_readdir_t)(struct ucred cred,
571 struct vnode dvp, struct label dlabel);	569 struct vnode dvp, struct label dvplabel);
572typedef int (mpo_check_vnode_readlink_t)(struct ucred cred,	570typedef int (mpo_check_vnode_readlink_t)(struct ucred cred,
573 struct vnode vp, struct label label);	571 struct vnode vp, struct label vplabel);
574typedef int (mpo_check_vnode_relabel_t)(struct ucred cred,	572typedef int (mpo_check_vnode_relabel_t)(struct ucred cred,
575 struct vnode vp, struct label vnodelabel,	573 struct vnode vp, struct label vplabel,
576 struct label newlabel); 577typedef int (mpo_check_vnode_rename_from_t)(struct ucred *cred,	574 struct label newlabel); 575typedef int (mpo_check_vnode_rename_from_t)(struct ucred *cred,
578 struct vnode dvp, struct label dlabel, 579 struct vnode vp, struct label label,	576 struct vnode dvp, struct label dvplabel, 577 struct vnode vp, struct label vplabel,
580 struct componentname cnp); 581typedef int (mpo_check_vnode_rename_to_t)(struct ucred *cred,	578 struct componentname cnp); 579typedef int (mpo_check_vnode_rename_to_t)(struct ucred *cred,
582 struct vnode dvp, struct label dlabel, 583 struct vnode vp, struct label label, int samedir,	580 struct vnode dvp, struct label dvplabel, 581 struct vnode vp, struct label vplabel, int samedir,
584 struct componentname cnp); 585typedef int (mpo_check_vnode_revoke_t)(struct ucred *cred,	582 struct componentname cnp); 583typedef int (mpo_check_vnode_revoke_t)(struct ucred *cred,
586 struct vnode vp, struct label label);	584 struct vnode vp, struct label vplabel);
587typedef int (mpo_check_vnode_setacl_t)(struct ucred cred,	585typedef int (mpo_check_vnode_setacl_t)(struct ucred cred,
588 struct vnode vp, struct label label, acl_type_t type,	586 struct vnode vp, struct label vplabel, acl_type_t type,
589 struct acl acl); 590typedef int (mpo_check_vnode_setextattr_t)(struct ucred *cred,	587 struct acl acl); 588typedef int (mpo_check_vnode_setextattr_t)(struct ucred *cred,
591 struct vnode vp, struct label label, int attrnamespace, 592 const char name, struct uio uio);	589 struct vnode vp, struct label vplabel, 590 int attrnamespace, const char name, struct uio uio);
593typedef int (mpo_check_vnode_setflags_t)(struct ucred cred,	591typedef int (mpo_check_vnode_setflags_t)(struct ucred cred,
594 struct vnode vp, struct label label, u_long flags);	592 struct vnode vp, struct label vplabel, u_long flags);
595typedef int (mpo_check_vnode_setmode_t)(struct ucred cred,	593typedef int (mpo_check_vnode_setmode_t)(struct ucred cred,
596 struct vnode vp, struct label label, mode_t mode);	594 struct vnode vp, struct label vplabel, mode_t mode);
597typedef int (mpo_check_vnode_setowner_t)(struct ucred cred,	595typedef int (mpo_check_vnode_setowner_t)(struct ucred cred,
598 struct vnode vp, struct label label, uid_t uid,	596 struct vnode vp, struct label vplabel, uid_t uid,
599 gid_t gid); 600typedef int (mpo_check_vnode_setutimes_t)(struct ucred cred,	597 gid_t gid); 598typedef int (mpo_check_vnode_setutimes_t)(struct ucred cred,
601 struct vnode vp, struct label label,	599 struct vnode vp, struct label vplabel,
602 struct timespec atime, struct timespec mtime); 603typedef int (mpo_check_vnode_stat_t)(struct ucred active_cred, 604 struct ucred file_cred, struct vnode vp,	600 struct timespec atime, struct timespec mtime); 601typedef int (mpo_check_vnode_stat_t)(struct ucred active_cred, 602 struct ucred file_cred, struct vnode vp,
605 struct label *label);	603 struct label *vplabel);
606typedef int (mpo_check_vnode_write_t)(struct ucred active_cred, 607 struct ucred file_cred, struct vnode vp,	604typedef int (mpo_check_vnode_write_t)(struct ucred active_cred, 605 struct ucred file_cred, struct vnode vp,
608 struct label *label);	606 struct label *vplabel);
609typedef void (mpo_associate_nfsd_label_t)(struct ucred cred); 610typedef int (mpo_priv_check_t)(struct ucred cred, int priv); 611typedef int (mpo_priv_grant_t)(struct ucred cred, int priv); 612 613struct mac_policy_ops { 614 /* 615 * Policy module operations. 616 / --- 362 unchanged lines hidden* ---	607typedef void (mpo_associate_nfsd_label_t)(struct ucred cred); 608typedef int (mpo_priv_check_t)(struct ucred cred, int priv); 609typedef int (mpo_priv_grant_t)(struct ucred cred, int priv); 610 611struct mac_policy_ops { 612 /* 613 * Policy module operations. 614 / --- 362 unchanged lines hidden* ---

mac_policy.h (168954)	mac_policy.h (168955)
1/- 2 Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 *	1/- 2 Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 *
38 * $FreeBSD: head/sys/security/mac/mac_policy.h 168954 2007-04-22 16:18:10Z rwatson $	38 * $FreeBSD: head/sys/security/mac/mac_policy.h 168955 2007-04-22 19:55:56Z rwatson $
39 / 40/ 41 * Kernel interface for MAC policy modules. 42 / 43#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_ 44#define _SYS_SECURITY_MAC_MAC_POLICY_H_ 45 46#ifndef _KERNEL --- 144 unchanged lines hidden* (view full) --- 191typedef int (mpo_internalize_vnode_label_t)(struct label label, 192 char element_name, char element_data, int claimed); 193* 194/* 195 * Labeling event operations: file system objects, and things that look a lot 196 * like file system objects. 197 / 198typedef void (mpo_associate_vnode_devfs_t)(struct mount *mp,	39 / 40/ 41 * Kernel interface for MAC policy modules. 42 / 43#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_ 44#define _SYS_SECURITY_MAC_MAC_POLICY_H_ 45 46#ifndef _KERNEL --- 144 unchanged lines hidden* (view full) --- 191typedef int (mpo_internalize_vnode_label_t)(struct label label, 192 char element_name, char element_data, int claimed); 193* 194/* 195 * Labeling event operations: file system objects, and things that look a lot 196 * like file system objects. 197 / 198typedef void (mpo_associate_vnode_devfs_t)(struct mount *mp,
199 struct label mntlabel, struct devfs_dirent de,	199 struct label mplabel, struct devfs_dirent de,
200 struct label delabel, struct vnode vp,	200 struct label delabel, struct vnode vp,
201 struct label *vlabel);	201 struct label *vplabel);
202typedef int (mpo_associate_vnode_extattr_t)(struct mount mp,	202typedef int (mpo_associate_vnode_extattr_t)(struct mount mp,
203 struct label mntlabel, struct vnode vp, 204 struct label *vlabel);	203 struct label mplabel, struct vnode vp, 204 struct label *vplabel);
205typedef void (mpo_associate_vnode_singlelabel_t)(struct mount mp,	205typedef void (mpo_associate_vnode_singlelabel_t)(struct mount mp,
206 struct label mntlabel, struct vnode vp, 207 struct label *vlabel);	206 struct label mplabel, struct vnode vp, 207 struct label *vplabel);
208typedef void (mpo_create_devfs_device_t)(struct ucred cred, 209 struct mount mp, struct cdev dev,	208typedef void (mpo_create_devfs_device_t)(struct ucred cred, 209 struct mount mp, struct cdev dev,
210 struct devfs_dirent de, struct label label);	210 struct devfs_dirent de, struct label delabel);
211typedef void (mpo_create_devfs_directory_t)(struct mount mp, 212 char dirname, int dirnamelen, struct devfs_dirent de,	211typedef void (mpo_create_devfs_directory_t)(struct mount mp, 212 char dirname, int dirnamelen, struct devfs_dirent de,
213 struct label *label);	213 struct label *delabel);
214typedef void (mpo_create_devfs_symlink_t)(struct ucred cred, 215 struct mount mp, struct devfs_dirent dd, 216 struct label ddlabel, struct devfs_dirent de, 217 struct label delabel); 218typedef int (mpo_create_vnode_extattr_t)(struct ucred *cred,	214typedef void (mpo_create_devfs_symlink_t)(struct ucred cred, 215 struct mount mp, struct devfs_dirent dd, 216 struct label ddlabel, struct devfs_dirent de, 217 struct label delabel); 218typedef int (mpo_create_vnode_extattr_t)(struct ucred *cred,
219 struct mount mp, struct label mntlabel, 220 struct vnode dvp, struct label dlabel, 221 struct vnode vp, struct label vlabel,	219 struct mount mp, struct label mplabel, 220 struct vnode dvp, struct label dvplabel, 221 struct vnode vp, struct label vplabel,
222 struct componentname cnp); 223typedef void (mpo_create_mount_t)(struct ucred cred, struct mount mp,	222 struct componentname cnp); 223typedef void (mpo_create_mount_t)(struct ucred cred, struct mount mp,
224 struct label *mntlabel);	224 struct label *mplabel);
225typedef void (mpo_relabel_vnode_t)(struct ucred cred, struct vnode *vp,	225typedef void (mpo_relabel_vnode_t)(struct ucred cred, struct vnode *vp,
226 struct label vnodelabel, struct label label);	226 struct label vplabel, struct label label);
227typedef int (mpo_setlabel_vnode_extattr_t)(struct ucred cred,	227typedef int (mpo_setlabel_vnode_extattr_t)(struct ucred cred,
228 struct vnode vp, struct label vlabel,	228 struct vnode vp, struct label vplabel,
229 struct label intlabel); 230typedef void (mpo_update_devfsdirent_t)(struct mount *mp,	229 struct label intlabel); 230typedef void (mpo_update_devfsdirent_t)(struct mount *mp,
231 struct devfs_dirent devfs_dirent, 232* struct label direntlabel, struct vnode vp, 233 struct label *vnodelabel);	231 struct devfs_dirent de, struct label delabel, 232 struct vnode vp, struct label vplabel);
234 235/* 236 * Labeling event operations: IPC objects. 237 / 238typedef void (mpo_create_mbuf_from_socket_t)(struct socket *so,	233 234/* 235 * Labeling event operations: IPC objects. 236 / 237typedef void (mpo_create_mbuf_from_socket_t)(struct socket *so,
239 struct label socketlabel, struct mbuf m, 240 struct label *mbuflabel);	238 struct label solabel, struct mbuf m, 239 struct label *mlabel);
241typedef void (mpo_create_socket_t)(struct ucred cred, struct socket *so,	240typedef void (mpo_create_socket_t)(struct ucred cred, struct socket *so,
242 struct label socketlabel); 243typedef void (mpo_create_socket_from_socket_t)(struct socket oldsocket, 244* struct label oldsocketlabel, struct socket newsocket, 245 struct label *newsocketlabel);	241 struct label solabel); 242typedef void (mpo_create_socket_from_socket_t)(struct socket oldso, 243* struct label oldsolabel, struct socket newso, 244 struct label *newsolabel);
246typedef void (mpo_relabel_socket_t)(struct ucred cred, struct socket so, 247* struct label oldlabel, struct label newlabel); 248typedef void (mpo_relabel_pipe_t)(struct ucred cred, struct pipepair pp, 249* struct label oldlabel, struct label newlabel);	245typedef void (mpo_relabel_socket_t)(struct ucred cred, struct socket so, 246* struct label oldlabel, struct label newlabel); 247typedef void (mpo_relabel_pipe_t)(struct ucred cred, struct pipepair pp, 248* struct label oldlabel, struct label newlabel);
250typedef void (mpo_set_socket_peer_from_mbuf_t)(struct mbuf mbuf, 251 struct label mbuflabel, struct socket so, 252 struct label socketpeerlabel); 253typedef void (mpo_set_socket_peer_from_socket_t)(struct socket oldsocket, 254* struct label oldsocketlabel, struct socket newsocket, 255 struct label *newsocketpeerlabel);	249typedef void (mpo_set_socket_peer_from_mbuf_t)(struct mbuf m, 250 struct label mlabel, struct socket so, 251 struct label sopeerlabel); 252typedef void (mpo_set_socket_peer_from_socket_t)(struct socket oldso, 253* struct label oldsolabel, struct socket newso, 254 struct label *newsopeerlabel);
256typedef void (mpo_create_pipe_t)(struct ucred cred, struct pipepair *pp,	255typedef void (mpo_create_pipe_t)(struct ucred cred, struct pipepair *pp,
257 struct label *pipelabel);	256 struct label *pplabel);
258 259/* 260 * Labeling event operations: System V IPC primitives. 261 / 262typedef void (mpo_create_sysv_msgmsg_t)(struct ucred cred, 263* struct msqid_kernel msqkptr, struct label msqlabel, 264 struct msg msgptr, struct label msglabel); 265typedef void (mpo_create_sysv_msgqueue_t)(struct ucred cred, --- 8 unchanged lines hidden (view full) --- 274 / 275typedef void (mpo_create_posix_sem_t)(struct ucred cred, 276* struct ksem ksemptr, struct label ks_label); 277 278/* 279 * Labeling event operations: network objects. 280 / 281typedef void (mpo_create_bpfdesc_t)(struct ucred *cred,	257 258/* 259 * Labeling event operations: System V IPC primitives. 260 / 261typedef void (mpo_create_sysv_msgmsg_t)(struct ucred cred, 262* struct msqid_kernel msqkptr, struct label msqlabel, 263 struct msg msgptr, struct label msglabel); 264typedef void (mpo_create_sysv_msgqueue_t)(struct ucred cred, --- 8 unchanged lines hidden (view full) --- 273 / 274typedef void (mpo_create_posix_sem_t)(struct ucred cred, 275* struct ksem ksemptr, struct label ks_label); 276 277/* 278 * Labeling event operations: network objects. 279 / 280typedef void (mpo_create_bpfdesc_t)(struct ucred *cred,
282 struct bpf_d bpf_d, struct label bpflabel); 283typedef void (mpo_create_ifnet_t)(struct ifnet ifnet, 284 struct label *ifnetlabel);	281 struct bpf_d d, struct label dlabel); 282typedef void (mpo_create_ifnet_t)(struct ifnet ifp, 283 struct label *ifplabel);
285typedef void (mpo_create_inpcb_from_socket_t)(struct socket so, 286 struct label solabel, struct inpcb inp, 287 struct label *inplabel);	284typedef void (mpo_create_inpcb_from_socket_t)(struct socket so, 285 struct label solabel, struct inpcb inp, 286 struct label *inplabel);
288typedef void (mpo_create_ipq_t)(struct mbuf fragment, 289 struct label fragmentlabel, struct ipq ipq, 290 struct label *ipqlabel);	287typedef void (mpo_create_ipq_t)(struct mbuf m, struct label mlabel, 288* struct ipq ipq, struct label ipqlabel);
291typedef void (*mpo_create_datagram_from_ipq)	289typedef void (*mpo_create_datagram_from_ipq)
292 (struct ipq ipq, struct label ipqlabel, 293 struct mbuf datagram, struct label datagramlabel); 294typedef void (mpo_create_fragment_t)(struct mbuf datagram, 295 struct label datagramlabel, struct mbuf fragment, 296 struct label *fragmentlabel);	290 (struct ipq ipq, struct label ipqlabel, struct mbuf m, 291* struct label mlabel); 292typedef void (mpo_create_fragment_t)(struct mbuf m, 293* struct label mlabel, struct mbuf frag, 294 struct label *fraglabel);
297typedef void (mpo_create_mbuf_from_inpcb_t)(struct inpcb inp, 298 struct label inplabel, struct mbuf m, 299 struct label *mlabel);	295typedef void (mpo_create_mbuf_from_inpcb_t)(struct inpcb inp, 296 struct label inplabel, struct mbuf m, 297 struct label *mlabel);
300typedef void (mpo_create_mbuf_linklayer_t)(struct ifnet ifnet, 301 struct label ifnetlabel, struct mbuf mbuf, 302 struct label mbuflabel); 303typedef void (mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d bpf_d, 304* struct label bpflabel, struct mbuf mbuf, 305 struct label mbuflabel); 306typedef void (mpo_create_mbuf_from_ifnet_t)(struct ifnet ifnet, 307* struct label ifnetlabel, struct mbuf mbuf, 308 struct label mbuflabel); 309typedef void (mpo_create_mbuf_multicast_encap_t)(struct mbuf oldmbuf, 310* struct label oldmbuflabel, struct ifnet ifnet, 311 struct label ifnetlabel, struct mbuf newmbuf, 312 struct label newmbuflabel); 313typedef void (mpo_create_mbuf_netlayer_t)(struct mbuf oldmbuf, 314* struct label oldmbuflabel, struct mbuf newmbuf, 315 struct label newmbuflabel); 316typedef int (mpo_fragment_match_t)(struct mbuf fragment, 317* struct label fragmentlabel, struct ipq ipq, 318 struct label *ipqlabel);	298typedef void (mpo_create_mbuf_linklayer_t)(struct ifnet ifp, 299 struct label ifplabel, struct mbuf m, 300 struct label mlabel); 301typedef void (mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d d, 302* struct label dlabel, struct mbuf m, 303 struct label mlabel); 304typedef void (mpo_create_mbuf_from_ifnet_t)(struct ifnet ifp, 305* struct label ifplabel, struct mbuf m, 306 struct label mlabel); 307typedef void (mpo_create_mbuf_multicast_encap_t)(struct mbuf m, 308* struct label mlabel, struct ifnet ifp, 309 struct label ifplabel, struct mbuf mnew, 310 struct label mnewlabel); 311typedef void (mpo_create_mbuf_netlayer_t)(struct mbuf m, 312* struct label mlabel, struct mbuf mnew, 313 struct label mnewlabel); 314typedef int (mpo_fragment_match_t)(struct mbuf m, struct label mlabel, 315 struct ipq ipq, struct label ipqlabel);
319typedef void (mpo_reflect_mbuf_icmp_t)(struct mbuf m, 320 struct label mlabel); 321typedef void (mpo_reflect_mbuf_tcp_t)(struct mbuf m, 322* struct label *mlabel);	316typedef void (mpo_reflect_mbuf_icmp_t)(struct mbuf m, 317 struct label mlabel); 318typedef void (mpo_reflect_mbuf_tcp_t)(struct mbuf m, 319* struct label *mlabel);
323typedef void (mpo_relabel_ifnet_t)(struct ucred cred, 324 struct ifnet ifnet, struct label ifnetlabel, 325 struct label newlabel); 326typedef void (mpo_update_ipq_t)(struct mbuf fragment, 327* struct label fragmentlabel, struct ipq ipq, 328 struct label *ipqlabel);	320typedef void (mpo_relabel_ifnet_t)(struct ucred cred, struct ifnet ifp, 321* struct label ifplabel, struct label newlabel); 322typedef void (mpo_update_ipq_t)(struct mbuf m, struct label mlabel, 323* struct ipq ipq, struct label ipqlabel);
329typedef void (mpo_inpcb_sosetlabel_t)(struct socket so, 330 struct label label, struct inpcb inp, 331 struct label inplabel); 332* 333typedef void (mpo_create_mbuf_from_firewall_t)(struct mbuf m, 334 struct label label); 335typedef void (mpo_destroy_syncache_label_t)(struct label label); 336typedef int (mpo_init_syncache_label_t)(struct label label, int flag); 337typedef void (mpo_init_syncache_from_inpcb_t)(struct label label, 338* struct inpcb inp); 339typedef void (mpo_create_mbuf_from_syncache_t)(struct label *sc_label,	324typedef void (mpo_inpcb_sosetlabel_t)(struct socket so, 325 struct label label, struct inpcb inp, 326 struct label inplabel); 327* 328typedef void (mpo_create_mbuf_from_firewall_t)(struct mbuf m, 329 struct label label); 330typedef void (mpo_destroy_syncache_label_t)(struct label label); 331typedef int (mpo_init_syncache_label_t)(struct label label, int flag); 332typedef void (mpo_init_syncache_from_inpcb_t)(struct label label, 333* struct inpcb inp); 334typedef void (mpo_create_mbuf_from_syncache_t)(struct label *sc_label,
340 struct mbuf m, struct label mbuf_label);	335 struct mbuf m, struct label mlabel);
341/* 342 * Labeling event operations: processes. 343 / 344typedef void (mpo_execve_transition_t)(struct ucred old, 345* struct ucred new, struct vnode vp,	336/* 337 * Labeling event operations: processes. 338 / 339typedef void (mpo_execve_transition_t)(struct ucred old, 340* struct ucred new, struct vnode vp,
346 struct label vnodelabel, struct label interpvnodelabel,	341 struct label vplabel, struct label interpvnodelabel,
347 struct image_params imgp, struct label execlabel); 348typedef int (mpo_execve_will_transition_t)(struct ucred old,	342 struct image_params imgp, struct label execlabel); 343typedef int (mpo_execve_will_transition_t)(struct ucred old,
349 struct vnode vp, struct label vnodelabel,	344 struct vnode vp, struct label vplabel,
350 struct label interpvnodelabel, 351* struct image_params imgp, struct label execlabel); 352typedef void (mpo_create_proc0_t)(struct ucred cred); 353typedef void (mpo_create_proc1_t)(struct ucred cred); 354typedef void (mpo_relabel_cred_t)(struct ucred cred, 355 struct label newlabel); 356typedef void (mpo_thread_userret_t)(struct thread thread); 357* 358/* 359 * Access control checks. 360 */	345 struct label interpvnodelabel, 346* struct image_params imgp, struct label execlabel); 347typedef void (mpo_create_proc0_t)(struct ucred cred); 348typedef void (mpo_create_proc1_t)(struct ucred cred); 349typedef void (mpo_relabel_cred_t)(struct ucred cred, 350 struct label newlabel); 351typedef void (mpo_thread_userret_t)(struct thread thread); 352* 353/* 354 * Access control checks. 355 */
361typedef int (mpo_check_bpfdesc_receive_t)(struct bpf_d bpf_d, 362 struct label bpflabel, struct ifnet ifnet, 363 struct label *ifnetlabel);	356typedef int (mpo_check_bpfdesc_receive_t)(struct bpf_d d, 357 struct label dlabel, struct ifnet ifp, 358 struct label *ifplabel);
364typedef int (mpo_check_cred_relabel_t)(struct ucred cred, 365 struct label *newlabel);	359typedef int (mpo_check_cred_relabel_t)(struct ucred cred, 360 struct label *newlabel);
366typedef int (mpo_check_cred_visible_t)(struct ucred u1, 367 struct ucred *u2);	361typedef int (mpo_check_cred_visible_t)(struct ucred cr1, 362 struct ucred *cr2);
368typedef int (mpo_check_ifnet_relabel_t)(struct ucred cred,	363typedef int (mpo_check_ifnet_relabel_t)(struct ucred cred,
369 struct ifnet ifnet, struct label ifnetlabel,	364 struct ifnet ifp, struct label ifplabel,
370 struct label *newlabel);	365 struct label *newlabel);
371typedef int (mpo_check_ifnet_transmit_t)(struct ifnet ifnet, 372 struct label ifnetlabel, struct mbuf m, 373 struct label *mbuflabel);	366typedef int (mpo_check_ifnet_transmit_t)(struct ifnet ifp, 367 struct label ifplabel, struct mbuf m, 368 struct label *mlabel);
374typedef int (mpo_check_inpcb_deliver_t)(struct inpcb inp, 375 struct label inplabel, struct mbuf m, 376 struct label mlabel); 377typedef int (mpo_check_sysv_msgmsq_t)(struct ucred cred, 378* struct msg msgptr, struct label msglabel, 379 struct msqid_kernel msqkptr, struct label msqklabel); 380typedef int (mpo_check_sysv_msgrcv_t)(struct ucred cred, 381 struct msg msgptr, struct label msglabel); --- 29 unchanged lines hidden (view full) --- 411 struct shmid_kernel shmsegptr, 412* struct label shmseglabel, int shmflg); 413typedef int (mpo_check_kenv_dump_t)(struct ucred cred); 414typedef int (mpo_check_kenv_get_t)(struct ucred cred, char name); 415typedef int (mpo_check_kenv_set_t)(struct ucred cred, char name, 416* char value); 417typedef int (mpo_check_kenv_unset_t)(struct ucred cred, char name); 418typedef int (mpo_check_kld_load_t)(struct ucred cred, struct vnode *vp,	369typedef int (mpo_check_inpcb_deliver_t)(struct inpcb inp, 370 struct label inplabel, struct mbuf m, 371 struct label mlabel); 372typedef int (mpo_check_sysv_msgmsq_t)(struct ucred cred, 373* struct msg msgptr, struct label msglabel, 374 struct msqid_kernel msqkptr, struct label msqklabel); 375typedef int (mpo_check_sysv_msgrcv_t)(struct ucred cred, 376 struct msg msgptr, struct label msglabel); --- 29 unchanged lines hidden (view full) --- 406 struct shmid_kernel shmsegptr, 407* struct label shmseglabel, int shmflg); 408typedef int (mpo_check_kenv_dump_t)(struct ucred cred); 409typedef int (mpo_check_kenv_get_t)(struct ucred cred, char name); 410typedef int (mpo_check_kenv_set_t)(struct ucred cred, char name, 411* char value); 412typedef int (mpo_check_kenv_unset_t)(struct ucred cred, char name); 413typedef int (mpo_check_kld_load_t)(struct ucred cred, struct vnode *vp,
419 struct label *vlabel);	414 struct label *vplabel);
420typedef int (mpo_check_kld_stat_t)(struct ucred cred); 421typedef int (mpo_mpo_placeholder19_t)(void); 422typedef int (mpo_mpo_placeholder20_t)(void); 423typedef int (mpo_check_mount_stat_t)(struct ucred cred,	415typedef int (mpo_check_kld_stat_t)(struct ucred cred); 416typedef int (mpo_mpo_placeholder19_t)(void); 417typedef int (mpo_mpo_placeholder20_t)(void); 418typedef int (mpo_check_mount_stat_t)(struct ucred cred,
424 struct mount mp, struct label mntlabel);	419 struct mount mp, struct label mplabel);
425typedef int (mpo_mpo_placeholder21_t)(void); 426typedef int (mpo_check_pipe_ioctl_t)(struct ucred *cred,	420typedef int (mpo_mpo_placeholder21_t)(void); 421typedef int (mpo_check_pipe_ioctl_t)(struct ucred *cred,
427 struct pipepair pp, struct label pipelabel,	422 struct pipepair pp, struct label pplabel,
428 unsigned long cmd, void data); 429typedef int (mpo_check_pipe_poll_t)(struct ucred *cred,	423 unsigned long cmd, void data); 424typedef int (mpo_check_pipe_poll_t)(struct ucred *cred,
430 struct pipepair pp, struct label pipelabel);	425 struct pipepair pp, struct label pplabel);
431typedef int (mpo_check_pipe_read_t)(struct ucred cred,	426typedef int (mpo_check_pipe_read_t)(struct ucred cred,
432 struct pipepair pp, struct label pipelabel);	427 struct pipepair pp, struct label pplabel);
433typedef int (mpo_check_pipe_relabel_t)(struct ucred cred,	428typedef int (mpo_check_pipe_relabel_t)(struct ucred cred,
434 struct pipepair pp, struct label pipelabel,	429 struct pipepair pp, struct label pplabel,
435 struct label newlabel); 436typedef int (mpo_check_pipe_stat_t)(struct ucred *cred,	430 struct label newlabel); 431typedef int (mpo_check_pipe_stat_t)(struct ucred *cred,
437 struct pipepair pp, struct label pipelabel);	432 struct pipepair pp, struct label pplabel);
438typedef int (mpo_check_pipe_write_t)(struct ucred cred,	433typedef int (mpo_check_pipe_write_t)(struct ucred cred,
439 struct pipepair pp, struct label pipelabel);	434 struct pipepair pp, struct label pplabel);
440typedef int (mpo_check_posix_sem_destroy_t)(struct ucred cred, 441 struct ksem ksemptr, struct label ks_label); 442typedef int (mpo_check_posix_sem_getvalue_t)(struct ucred cred, 443 struct ksem ksemptr, struct label ks_label); 444typedef int (mpo_check_posix_sem_open_t)(struct ucred cred, 445 struct ksem ksemptr, struct label ks_label); 446typedef int (mpo_check_posix_sem_post_t)(struct ucred cred, 447 struct ksem ksemptr, struct label ks_label); 448typedef int (mpo_check_posix_sem_unlink_t)(struct ucred cred, 449 struct ksem ksemptr, struct label ks_label); 450typedef int (mpo_check_posix_sem_wait_t)(struct ucred cred, 451 struct ksem ksemptr, struct label ks_label); 452typedef int (mpo_check_proc_debug_t)(struct ucred cred,	435typedef int (mpo_check_posix_sem_destroy_t)(struct ucred cred, 436 struct ksem ksemptr, struct label ks_label); 437typedef int (mpo_check_posix_sem_getvalue_t)(struct ucred cred, 438 struct ksem ksemptr, struct label ks_label); 439typedef int (mpo_check_posix_sem_open_t)(struct ucred cred, 440 struct ksem ksemptr, struct label ks_label); 441typedef int (mpo_check_posix_sem_post_t)(struct ucred cred, 442 struct ksem ksemptr, struct label ks_label); 443typedef int (mpo_check_posix_sem_unlink_t)(struct ucred cred, 444 struct ksem ksemptr, struct label ks_label); 445typedef int (mpo_check_posix_sem_wait_t)(struct ucred cred, 446 struct ksem ksemptr, struct label ks_label); 447typedef int (mpo_check_proc_debug_t)(struct ucred cred,
453 struct proc *proc);	448 struct proc *p);
454typedef int (mpo_check_proc_sched_t)(struct ucred cred,	449typedef int (mpo_check_proc_sched_t)(struct ucred cred,
455 struct proc *proc);	450 struct proc *p);
456typedef int (mpo_check_proc_setaudit_t)(struct ucred cred, 457 struct auditinfo ai); 458typedef int (mpo_check_proc_setauid_t)(struct ucred cred, uid_t auid); 459typedef int (mpo_check_proc_setuid_t)(struct ucred cred, uid_t uid); 460typedef int (mpo_check_proc_seteuid_t)(struct ucred cred, uid_t euid); 461typedef int (mpo_check_proc_setgid_t)(struct ucred cred, gid_t gid); 462typedef int (mpo_check_proc_setegid_t)(struct ucred cred, gid_t egid); 463typedef int (mpo_check_proc_setgroups_t)(struct ucred cred, int ngroups, --- 6 unchanged lines hidden* (view full) --- 470 uid_t euid, uid_t suid); 471typedef int (mpo_check_proc_setresgid_t)(struct ucred cred, gid_t rgid, 472 gid_t egid, gid_t sgid); 473typedef int (mpo_check_proc_signal_t)(struct ucred cred, 474 struct proc proc, int signum); 475typedef int (mpo_check_proc_wait_t)(struct ucred cred, 476* struct proc proc); 477typedef int (mpo_check_socket_accept_t)(struct ucred *cred,	451typedef int (mpo_check_proc_setaudit_t)(struct ucred cred, 452 struct auditinfo ai); 453typedef int (mpo_check_proc_setauid_t)(struct ucred cred, uid_t auid); 454typedef int (mpo_check_proc_setuid_t)(struct ucred cred, uid_t uid); 455typedef int (mpo_check_proc_seteuid_t)(struct ucred cred, uid_t euid); 456typedef int (mpo_check_proc_setgid_t)(struct ucred cred, gid_t gid); 457typedef int (mpo_check_proc_setegid_t)(struct ucred cred, gid_t egid); 458typedef int (mpo_check_proc_setgroups_t)(struct ucred cred, int ngroups, --- 6 unchanged lines hidden* (view full) --- 465 uid_t euid, uid_t suid); 466typedef int (mpo_check_proc_setresgid_t)(struct ucred cred, gid_t rgid, 467 gid_t egid, gid_t sgid); 468typedef int (mpo_check_proc_signal_t)(struct ucred cred, 469 struct proc proc, int signum); 470typedef int (mpo_check_proc_wait_t)(struct ucred cred, 471* struct proc proc); 472typedef int (mpo_check_socket_accept_t)(struct ucred *cred,
478 struct socket so, struct label socketlabel);	473 struct socket so, struct label solabel);
479typedef int (mpo_check_socket_bind_t)(struct ucred cred,	474typedef int (mpo_check_socket_bind_t)(struct ucred cred,
480 struct socket so, struct label socketlabel, 481 struct sockaddr *sockaddr);	475 struct socket so, struct label solabel, 476 struct sockaddr *sa);
482typedef int (mpo_check_socket_connect_t)(struct ucred cred,	477typedef int (mpo_check_socket_connect_t)(struct ucred cred,
483 struct socket so, struct label socketlabel, 484 struct sockaddr *sockaddr);	478 struct socket so, struct label solabel, 479 struct sockaddr *sa);
485typedef int (mpo_check_socket_create_t)(struct ucred cred, int domain, 486 int type, int protocol); 487typedef int (mpo_check_socket_deliver_t)(struct socket so,	480typedef int (mpo_check_socket_create_t)(struct ucred cred, int domain, 481 int type, int protocol); 482typedef int (mpo_check_socket_deliver_t)(struct socket so,
488 struct label socketlabel, struct mbuf m, 489 struct label *mbuflabel);	483 struct label solabel, struct mbuf m, 484 struct label *mlabel);
490typedef int (mpo_check_socket_listen_t)(struct ucred cred,	485typedef int (mpo_check_socket_listen_t)(struct ucred cred,
491 struct socket so, struct label socketlabel);	486 struct socket so, struct label solabel);
492typedef int (mpo_check_socket_poll_t)(struct ucred cred,	487typedef int (mpo_check_socket_poll_t)(struct ucred cred,
493 struct socket so, struct label socketlabel);	488 struct socket so, struct label solabel);
494typedef int (mpo_check_socket_receive_t)(struct ucred cred,	489typedef int (mpo_check_socket_receive_t)(struct ucred cred,
495 struct socket so, struct label socketlabel);	490 struct socket so, struct label solabel);
496typedef int (mpo_check_socket_relabel_t)(struct ucred cred,	491typedef int (mpo_check_socket_relabel_t)(struct ucred cred,
497 struct socket so, struct label socketlabel,	492 struct socket so, struct label solabel,
498 struct label newlabel); 499typedef int (mpo_check_socket_send_t)(struct ucred *cred,	493 struct label newlabel); 494typedef int (mpo_check_socket_send_t)(struct ucred *cred,
500 struct socket so, struct label socketlabel);	495 struct socket so, struct label solabel);
501typedef int (mpo_check_socket_stat_t)(struct ucred cred,	496typedef int (mpo_check_socket_stat_t)(struct ucred cred,
502 struct socket so, struct label socketlabel);	497 struct socket so, struct label solabel);
503typedef int (mpo_check_socket_visible_t)(struct ucred cred,	498typedef int (mpo_check_socket_visible_t)(struct ucred cred,
504 struct socket so, struct label socketlabel);	499 struct socket so, struct label solabel);
505typedef int (mpo_check_system_acct_t)(struct ucred cred,	500typedef int (mpo_check_system_acct_t)(struct ucred cred,
506 struct vnode vp, struct label vlabel);	501 struct vnode vp, struct label vplabel);
507typedef int (mpo_check_system_audit_t)(struct ucred cred, void record, 508* int length); 509typedef int (mpo_check_system_auditctl_t)(struct ucred cred, 510 struct vnode vp, struct label vplabel); 511typedef int (mpo_check_system_auditon_t)(struct ucred cred, int cmd); 512typedef int (mpo_check_system_reboot_t)(struct ucred cred, int howto); 513typedef int (mpo_check_system_swapon_t)(struct ucred cred,	502typedef int (mpo_check_system_audit_t)(struct ucred cred, void record, 503* int length); 504typedef int (mpo_check_system_auditctl_t)(struct ucred cred, 505 struct vnode vp, struct label vplabel); 506typedef int (mpo_check_system_auditon_t)(struct ucred cred, int cmd); 507typedef int (mpo_check_system_reboot_t)(struct ucred cred, int howto); 508typedef int (mpo_check_system_swapon_t)(struct ucred cred,
514 struct vnode vp, struct label label);	509 struct vnode vp, struct label vplabel);
515typedef int (mpo_check_system_swapoff_t)(struct ucred cred,	510typedef int (mpo_check_system_swapoff_t)(struct ucred cred,
516 struct vnode vp, struct label label);	511 struct vnode vp, struct label vplabel);
517typedef int (mpo_check_system_sysctl_t)(struct ucred cred, 518 struct sysctl_oid oidp, void arg1, int arg2, 519 struct sysctl_req req); 520typedef int (mpo_check_vnode_access_t)(struct ucred *cred,	512typedef int (mpo_check_system_sysctl_t)(struct ucred cred, 513 struct sysctl_oid oidp, void arg1, int arg2, 514 struct sysctl_req req); 515typedef int (mpo_check_vnode_access_t)(struct ucred *cred,
521 struct vnode vp, struct label label, int acc_mode);	516 struct vnode vp, struct label vplabel, int acc_mode);
522typedef int (mpo_check_vnode_chdir_t)(struct ucred cred,	517typedef int (mpo_check_vnode_chdir_t)(struct ucred cred,
523 struct vnode dvp, struct label dlabel);	518 struct vnode dvp, struct label dvplabel);
524typedef int (mpo_check_vnode_chroot_t)(struct ucred cred,	519typedef int (mpo_check_vnode_chroot_t)(struct ucred cred,
525 struct vnode dvp, struct label dlabel);	520 struct vnode dvp, struct label dvplabel);
526typedef int (mpo_check_vnode_create_t)(struct ucred cred,	521typedef int (mpo_check_vnode_create_t)(struct ucred cred,
527 struct vnode dvp, struct label dlabel,	522 struct vnode dvp, struct label dvplabel,
528 struct componentname cnp, struct vattr vap); 529typedef int (mpo_check_vnode_delete_t)(struct ucred cred,	523 struct componentname cnp, struct vattr vap); 524typedef int (mpo_check_vnode_delete_t)(struct ucred cred,
530 struct vnode dvp, struct label dlabel, 531 struct vnode vp, struct label label,	525 struct vnode dvp, struct label dvplabel, 526 struct vnode vp, struct label vplabel,
532 struct componentname cnp); 533typedef int (mpo_check_vnode_deleteacl_t)(struct ucred *cred,	527 struct componentname cnp); 528typedef int (mpo_check_vnode_deleteacl_t)(struct ucred *cred,
534 struct vnode vp, struct label label, acl_type_t type);	529 struct vnode vp, struct label vplabel, 530 acl_type_t type);
535typedef int (mpo_check_vnode_deleteextattr_t)(struct ucred cred,	531typedef int (mpo_check_vnode_deleteextattr_t)(struct ucred cred,
536 struct vnode vp, struct label label, int attrnamespace, 537 const char *name);	532 struct vnode vp, struct label vplabel, 533 int attrnamespace, const char *name);
538typedef int (mpo_check_vnode_exec_t)(struct ucred cred,	534typedef int (mpo_check_vnode_exec_t)(struct ucred cred,
539 struct vnode vp, struct label label,	535 struct vnode vp, struct label vplabel,
540 struct image_params imgp, struct label execlabel); 541typedef int (mpo_check_vnode_getacl_t)(struct ucred cred,	536 struct image_params imgp, struct label execlabel); 537typedef int (mpo_check_vnode_getacl_t)(struct ucred cred,
542 struct vnode vp, struct label label, acl_type_t type);	538 struct vnode vp, struct label vplabel, 539 acl_type_t type);
543typedef int (mpo_check_vnode_getextattr_t)(struct ucred cred,	540typedef int (mpo_check_vnode_getextattr_t)(struct ucred cred,
544 struct vnode vp, struct label label, int attrnamespace, 545 const char name, struct uio uio);	541 struct vnode vp, struct label vplabel, 542 int attrnamespace, const char name, struct uio uio);
546typedef int (mpo_check_vnode_link_t)(struct ucred cred,	543typedef int (mpo_check_vnode_link_t)(struct ucred cred,
547 struct vnode dvp, struct label dlabel, struct vnode vp, 548* struct label label, struct componentname cnp);	544 struct vnode dvp, struct label dvplabel, 545 struct vnode vp, struct label vplabel, 546 struct componentname *cnp);
549typedef int (mpo_check_vnode_listextattr_t)(struct ucred cred,	547typedef int (mpo_check_vnode_listextattr_t)(struct ucred cred,
550 struct vnode vp, struct label label,	548 struct vnode vp, struct label vplabel,
551 int attrnamespace); 552typedef int (mpo_check_vnode_lookup_t)(struct ucred cred,	549 int attrnamespace); 550typedef int (mpo_check_vnode_lookup_t)(struct ucred cred,
553 struct vnode dvp, struct label dlabel,	551 struct vnode dvp, struct label dvplabel,
554 struct componentname cnp); 555typedef int (mpo_check_vnode_mmap_t)(struct ucred cred, 556* struct vnode vp, struct label label, int prot, 557 int flags); 558typedef void (mpo_check_vnode_mmap_downgrade_t)(struct ucred cred,	552 struct componentname cnp); 553typedef int (mpo_check_vnode_mmap_t)(struct ucred cred, 554* struct vnode vp, struct label label, int prot, 555 int flags); 556typedef void (mpo_check_vnode_mmap_downgrade_t)(struct ucred cred,
559 struct vnode vp, struct label label, int *prot);	557 struct vnode vp, struct label vplabel, int *prot);
560typedef int (mpo_check_vnode_mprotect_t)(struct ucred cred,	558typedef int (mpo_check_vnode_mprotect_t)(struct ucred cred,
561 struct vnode vp, struct label label, int prot);	559 struct vnode vp, struct label vplabel, int prot);
562typedef int (mpo_check_vnode_open_t)(struct ucred cred,	560typedef int (mpo_check_vnode_open_t)(struct ucred cred,
563 struct vnode vp, struct label label, int acc_mode);	561 struct vnode vp, struct label vplabel, int acc_mode);
564typedef int (mpo_check_vnode_poll_t)(struct ucred active_cred, 565 struct ucred file_cred, struct vnode vp,	562typedef int (mpo_check_vnode_poll_t)(struct ucred active_cred, 563 struct ucred file_cred, struct vnode vp,
566 struct label *label);	564 struct label *vplabel);
567typedef int (mpo_check_vnode_read_t)(struct ucred active_cred, 568 struct ucred file_cred, struct vnode vp,	565typedef int (mpo_check_vnode_read_t)(struct ucred active_cred, 566 struct ucred file_cred, struct vnode vp,
569 struct label *label);	567 struct label *vplabel);
570typedef int (mpo_check_vnode_readdir_t)(struct ucred cred,	568typedef int (mpo_check_vnode_readdir_t)(struct ucred cred,
571 struct vnode dvp, struct label dlabel);	569 struct vnode dvp, struct label dvplabel);
572typedef int (mpo_check_vnode_readlink_t)(struct ucred cred,	570typedef int (mpo_check_vnode_readlink_t)(struct ucred cred,
573 struct vnode vp, struct label label);	571 struct vnode vp, struct label vplabel);
574typedef int (mpo_check_vnode_relabel_t)(struct ucred cred,	572typedef int (mpo_check_vnode_relabel_t)(struct ucred cred,
575 struct vnode vp, struct label vnodelabel,	573 struct vnode vp, struct label vplabel,
576 struct label newlabel); 577typedef int (mpo_check_vnode_rename_from_t)(struct ucred *cred,	574 struct label newlabel); 575typedef int (mpo_check_vnode_rename_from_t)(struct ucred *cred,
578 struct vnode dvp, struct label dlabel, 579 struct vnode vp, struct label label,	576 struct vnode dvp, struct label dvplabel, 577 struct vnode vp, struct label vplabel,
580 struct componentname cnp); 581typedef int (mpo_check_vnode_rename_to_t)(struct ucred *cred,	578 struct componentname cnp); 579typedef int (mpo_check_vnode_rename_to_t)(struct ucred *cred,
582 struct vnode dvp, struct label dlabel, 583 struct vnode vp, struct label label, int samedir,	580 struct vnode dvp, struct label dvplabel, 581 struct vnode vp, struct label vplabel, int samedir,
584 struct componentname cnp); 585typedef int (mpo_check_vnode_revoke_t)(struct ucred *cred,	582 struct componentname cnp); 583typedef int (mpo_check_vnode_revoke_t)(struct ucred *cred,
586 struct vnode vp, struct label label);	584 struct vnode vp, struct label vplabel);
587typedef int (mpo_check_vnode_setacl_t)(struct ucred cred,	585typedef int (mpo_check_vnode_setacl_t)(struct ucred cred,
588 struct vnode vp, struct label label, acl_type_t type,	586 struct vnode vp, struct label vplabel, acl_type_t type,
589 struct acl acl); 590typedef int (mpo_check_vnode_setextattr_t)(struct ucred *cred,	587 struct acl acl); 588typedef int (mpo_check_vnode_setextattr_t)(struct ucred *cred,
591 struct vnode vp, struct label label, int attrnamespace, 592 const char name, struct uio uio);	589 struct vnode vp, struct label vplabel, 590 int attrnamespace, const char name, struct uio uio);
593typedef int (mpo_check_vnode_setflags_t)(struct ucred cred,	591typedef int (mpo_check_vnode_setflags_t)(struct ucred cred,
594 struct vnode vp, struct label label, u_long flags);	592 struct vnode vp, struct label vplabel, u_long flags);
595typedef int (mpo_check_vnode_setmode_t)(struct ucred cred,	593typedef int (mpo_check_vnode_setmode_t)(struct ucred cred,
596 struct vnode vp, struct label label, mode_t mode);	594 struct vnode vp, struct label vplabel, mode_t mode);
597typedef int (mpo_check_vnode_setowner_t)(struct ucred cred,	595typedef int (mpo_check_vnode_setowner_t)(struct ucred cred,
598 struct vnode vp, struct label label, uid_t uid,	596 struct vnode vp, struct label vplabel, uid_t uid,
599 gid_t gid); 600typedef int (mpo_check_vnode_setutimes_t)(struct ucred cred,	597 gid_t gid); 598typedef int (mpo_check_vnode_setutimes_t)(struct ucred cred,
601 struct vnode vp, struct label label,	599 struct vnode vp, struct label vplabel,
602 struct timespec atime, struct timespec mtime); 603typedef int (mpo_check_vnode_stat_t)(struct ucred active_cred, 604 struct ucred file_cred, struct vnode vp,	600 struct timespec atime, struct timespec mtime); 601typedef int (mpo_check_vnode_stat_t)(struct ucred active_cred, 602 struct ucred file_cred, struct vnode vp,
605 struct label *label);	603 struct label *vplabel);
606typedef int (mpo_check_vnode_write_t)(struct ucred active_cred, 607 struct ucred file_cred, struct vnode vp,	604typedef int (mpo_check_vnode_write_t)(struct ucred active_cred, 605 struct ucred file_cred, struct vnode vp,
608 struct label *label);	606 struct label *vplabel);
609typedef void (mpo_associate_nfsd_label_t)(struct ucred cred); 610typedef int (mpo_priv_check_t)(struct ucred cred, int priv); 611typedef int (mpo_priv_grant_t)(struct ucred cred, int priv); 612 613struct mac_policy_ops { 614 /* 615 * Policy module operations. 616 / --- 362 unchanged lines hidden* ---	607typedef void (mpo_associate_nfsd_label_t)(struct ucred cred); 608typedef int (mpo_priv_check_t)(struct ucred cred, int priv); 609typedef int (mpo_priv_grant_t)(struct ucred cred, int priv); 610 611struct mac_policy_ops { 612 /* 613 * Policy module operations. 614 / --- 362 unchanged lines hidden* ---