1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 22 unchanged lines hidden (view full) --- 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38#include <sys/cdefs.h> |
39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 168955 2007-04-22 19:55:56Z rwatson $"); |
40 41#include "opt_mac.h" 42 43#include <sys/param.h> 44#include <sys/condvar.h> 45#include <sys/imgact.h> 46#include <sys/kernel.h> 47#include <sys/lock.h> --- 393 unchanged lines hidden (view full) --- 441 int error; 442 443 MAC_CHECK(check_cred_relabel, cred, newlabel); 444 445 return (error); 446} 447 448int |
449mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2) |
450{ 451 int error; 452 |
453 MAC_CHECK(check_cred_visible, cr1, cr2); |
454 455 return (error); 456} 457 458int |
459mac_check_proc_debug(struct ucred *cred, struct proc *p) |
460{ 461 int error; 462 |
463 PROC_LOCK_ASSERT(p, MA_OWNED); |
464 |
465 MAC_CHECK(check_proc_debug, cred, p); |
466 467 return (error); 468} 469 470int |
471mac_check_proc_sched(struct ucred *cred, struct proc *p) |
472{ 473 int error; 474 |
475 PROC_LOCK_ASSERT(p, MA_OWNED); |
476 |
477 MAC_CHECK(check_proc_sched, cred, p); |
478 479 return (error); 480} 481 482int |
483mac_check_proc_signal(struct ucred *cred, struct proc *p, int signum) |
484{ 485 int error; 486 |
487 PROC_LOCK_ASSERT(p, MA_OWNED); |
488 |
489 MAC_CHECK(check_proc_signal, cred, p, signum); |
490 491 return (error); 492} 493 494int |
495mac_check_proc_setuid(struct proc *p, struct ucred *cred, uid_t uid) |
496{ 497 int error; 498 |
499 PROC_LOCK_ASSERT(p, MA_OWNED); |
500 501 MAC_CHECK(check_proc_setuid, cred, uid); 502 return (error); 503} 504 505int |
506mac_check_proc_seteuid(struct proc *p, struct ucred *cred, uid_t euid) |
507{ 508 int error; 509 |
510 PROC_LOCK_ASSERT(p, MA_OWNED); |
511 512 MAC_CHECK(check_proc_seteuid, cred, euid); 513 return (error); 514} 515 516int |
517mac_check_proc_setgid(struct proc *p, struct ucred *cred, gid_t gid) |
518{ 519 int error; 520 |
521 PROC_LOCK_ASSERT(p, MA_OWNED); |
522 523 MAC_CHECK(check_proc_setgid, cred, gid); |
524 |
525 return (error); 526} 527 528int |
529mac_check_proc_setegid(struct proc *p, struct ucred *cred, gid_t egid) |
530{ 531 int error; 532 |
533 PROC_LOCK_ASSERT(p, MA_OWNED); |
534 535 MAC_CHECK(check_proc_setegid, cred, egid); |
536 |
537 return (error); 538} 539 540int |
541mac_check_proc_setgroups(struct proc *p, struct ucred *cred, int ngroups, 542 gid_t *gidset) |
543{ 544 int error; 545 |
546 PROC_LOCK_ASSERT(p, MA_OWNED); |
547 548 MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset); 549 return (error); 550} 551 552int |
553mac_check_proc_setreuid(struct proc *p, struct ucred *cred, uid_t ruid, 554 uid_t euid) |
555{ 556 int error; 557 |
558 PROC_LOCK_ASSERT(p, MA_OWNED); |
559 560 MAC_CHECK(check_proc_setreuid, cred, ruid, euid); |
561 |
562 return (error); 563} 564 565int 566mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid, |
567 gid_t egid) |
568{ 569 int error; 570 571 PROC_LOCK_ASSERT(proc, MA_OWNED); 572 573 MAC_CHECK(check_proc_setregid, cred, rgid, egid); |
574 |
575 return (error); 576} 577 578int |
579mac_check_proc_setresuid(struct proc *p, struct ucred *cred, uid_t ruid, 580 uid_t euid, uid_t suid) |
581{ 582 int error; 583 |
584 PROC_LOCK_ASSERT(p, MA_OWNED); |
585 586 MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid); 587 return (error); 588} 589 590int |
591mac_check_proc_setresgid(struct proc *p, struct ucred *cred, gid_t rgid, 592 gid_t egid, gid_t sgid) |
593{ 594 int error; 595 |
596 PROC_LOCK_ASSERT(p, MA_OWNED); |
597 598 MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid); |
599 |
600 return (error); 601} 602 603int |
604mac_check_proc_wait(struct ucred *cred, struct proc *p) |
605{ 606 int error; 607 |
608 PROC_LOCK_ASSERT(p, MA_OWNED); |
609 |
610 MAC_CHECK(check_proc_wait, cred, p); |
611 612 return (error); 613} |