Deleted Added
sdiff udiff text old ( 165469 ) new ( 168955 )
full compact
1/*-
2 * Copyright (c) 1999-2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
5 * Copyright (c) 2005 Samy Al Bahra
6 * All rights reserved.
7 *
8 * This software was developed by Robert Watson and Ilmar Habibulin for the

--- 22 unchanged lines hidden (view full) ---

31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 */
37
38#include <sys/cdefs.h>
39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 165469 2006-12-22 23:34:47Z rwatson $");
39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 168955 2007-04-22 19:55:56Z rwatson $");
40
41#include "opt_mac.h"
42
43#include <sys/param.h>
44#include <sys/condvar.h>
45#include <sys/imgact.h>
46#include <sys/kernel.h>
47#include <sys/lock.h>

--- 393 unchanged lines hidden (view full) ---

441 int error;
442
443 MAC_CHECK(check_cred_relabel, cred, newlabel);
444
445 return (error);
446}
447
448int
449mac_check_cred_visible(struct ucred *u1, struct ucred *u2)
449mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2)
450{
451 int error;
452
453 MAC_CHECK(check_cred_visible, u1, u2);
453 MAC_CHECK(check_cred_visible, cr1, cr2);
454
455 return (error);
456}
457
458int
459mac_check_proc_debug(struct ucred *cred, struct proc *proc)
459mac_check_proc_debug(struct ucred *cred, struct proc *p)
460{
461 int error;
462
463 PROC_LOCK_ASSERT(proc, MA_OWNED);
463 PROC_LOCK_ASSERT(p, MA_OWNED);
464
465 MAC_CHECK(check_proc_debug, cred, proc);
465 MAC_CHECK(check_proc_debug, cred, p);
466
467 return (error);
468}
469
470int
471mac_check_proc_sched(struct ucred *cred, struct proc *proc)
471mac_check_proc_sched(struct ucred *cred, struct proc *p)
472{
473 int error;
474
475 PROC_LOCK_ASSERT(proc, MA_OWNED);
475 PROC_LOCK_ASSERT(p, MA_OWNED);
476
477 MAC_CHECK(check_proc_sched, cred, proc);
477 MAC_CHECK(check_proc_sched, cred, p);
478
479 return (error);
480}
481
482int
483mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
483mac_check_proc_signal(struct ucred *cred, struct proc *p, int signum)
484{
485 int error;
486
487 PROC_LOCK_ASSERT(proc, MA_OWNED);
487 PROC_LOCK_ASSERT(p, MA_OWNED);
488
489 MAC_CHECK(check_proc_signal, cred, proc, signum);
489 MAC_CHECK(check_proc_signal, cred, p, signum);
490
491 return (error);
492}
493
494int
495mac_check_proc_setuid(struct proc *proc, struct ucred *cred, uid_t uid)
495mac_check_proc_setuid(struct proc *p, struct ucred *cred, uid_t uid)
496{
497 int error;
498
499 PROC_LOCK_ASSERT(proc, MA_OWNED);
499 PROC_LOCK_ASSERT(p, MA_OWNED);
500
501 MAC_CHECK(check_proc_setuid, cred, uid);
502 return (error);
503}
504
505int
506mac_check_proc_seteuid(struct proc *proc, struct ucred *cred, uid_t euid)
506mac_check_proc_seteuid(struct proc *p, struct ucred *cred, uid_t euid)
507{
508 int error;
509
510 PROC_LOCK_ASSERT(proc, MA_OWNED);
510 PROC_LOCK_ASSERT(p, MA_OWNED);
511
512 MAC_CHECK(check_proc_seteuid, cred, euid);
513 return (error);
514}
515
516int
517mac_check_proc_setgid(struct proc *proc, struct ucred *cred, gid_t gid)
517mac_check_proc_setgid(struct proc *p, struct ucred *cred, gid_t gid)
518{
519 int error;
520
521 PROC_LOCK_ASSERT(proc, MA_OWNED);
521 PROC_LOCK_ASSERT(p, MA_OWNED);
522
523 MAC_CHECK(check_proc_setgid, cred, gid);
524
525 return (error);
526}
527
528int
528mac_check_proc_setegid(struct proc *proc, struct ucred *cred, gid_t egid)
529mac_check_proc_setegid(struct proc *p, struct ucred *cred, gid_t egid)
530{
531 int error;
532
532 PROC_LOCK_ASSERT(proc, MA_OWNED);
533 PROC_LOCK_ASSERT(p, MA_OWNED);
534
535 MAC_CHECK(check_proc_setegid, cred, egid);
536
537 return (error);
538}
539
540int
539mac_check_proc_setgroups(struct proc *proc, struct ucred *cred,
540 int ngroups, gid_t *gidset)
541mac_check_proc_setgroups(struct proc *p, struct ucred *cred, int ngroups,
542 gid_t *gidset)
543{
544 int error;
545
544 PROC_LOCK_ASSERT(proc, MA_OWNED);
546 PROC_LOCK_ASSERT(p, MA_OWNED);
547
548 MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset);
549 return (error);
550}
551
552int
551mac_check_proc_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid,
552 uid_t euid)
553mac_check_proc_setreuid(struct proc *p, struct ucred *cred, uid_t ruid,
554 uid_t euid)
555{
556 int error;
557
556 PROC_LOCK_ASSERT(proc, MA_OWNED);
558 PROC_LOCK_ASSERT(p, MA_OWNED);
559
560 MAC_CHECK(check_proc_setreuid, cred, ruid, euid);
561
562 return (error);
563}
564
565int
566mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid,
564 gid_t egid)
567 gid_t egid)
568{
569 int error;
570
571 PROC_LOCK_ASSERT(proc, MA_OWNED);
572
573 MAC_CHECK(check_proc_setregid, cred, rgid, egid);
574
575 return (error);
576}
577
578int
575mac_check_proc_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid,
576 uid_t euid, uid_t suid)
579mac_check_proc_setresuid(struct proc *p, struct ucred *cred, uid_t ruid,
580 uid_t euid, uid_t suid)
581{
582 int error;
583
580 PROC_LOCK_ASSERT(proc, MA_OWNED);
584 PROC_LOCK_ASSERT(p, MA_OWNED);
585
586 MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid);
587 return (error);
588}
589
590int
587mac_check_proc_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid,
588 gid_t egid, gid_t sgid)
591mac_check_proc_setresgid(struct proc *p, struct ucred *cred, gid_t rgid,
592 gid_t egid, gid_t sgid)
593{
594 int error;
595
592 PROC_LOCK_ASSERT(proc, MA_OWNED);
596 PROC_LOCK_ASSERT(p, MA_OWNED);
597
598 MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid);
599
600 return (error);
601}
602
603int
599mac_check_proc_wait(struct ucred *cred, struct proc *proc)
604mac_check_proc_wait(struct ucred *cred, struct proc *p)
605{
606 int error;
607
603 PROC_LOCK_ASSERT(proc, MA_OWNED);
608 PROC_LOCK_ASSERT(p, MA_OWNED);
609
605 MAC_CHECK(check_proc_wait, cred, proc);
610 MAC_CHECK(check_proc_wait, cred, p);
611
612 return (error);
613}