| mac_bsdextended.c (166531) | mac_bsdextended.c (166843) |
|---|---|
| 1/*- 2 * Copyright (c) 2005 Tom Rhodes 3 * Copyright (c) 1999-2002 Robert N. M. Watson 4 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * It was later enhanced by Tom Rhodes for the TrustedBSD Project. --- 19 unchanged lines hidden (view full) --- 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * | 1/*- 2 * Copyright (c) 2005 Tom Rhodes 3 * Copyright (c) 1999-2002 Robert N. M. Watson 4 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * It was later enhanced by Tom Rhodes for the TrustedBSD Project. --- 19 unchanged lines hidden (view full) --- 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * |
| 36 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 166531 2007-02-06 10:59:23Z rwatson $ | 36 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 166843 2007-02-20 10:21:27Z rwatson $ |
| 37 */ 38 39/* 40 * Developed by the TrustedBSD Project. 41 * "BSD Extended" MAC policy, allowing the administrator to impose 42 * mandatory rules regarding users and some system objects. 43 */ 44 --- 410 unchanged lines hidden (view full) --- 455 int error, i; 456 457 /* 458 * XXXRW: More specific privilege selection needed? 459 */ 460 if (suser_cred(cred, 0) == 0) 461 return (0); 462 | 37 */ 38 39/* 40 * Developed by the TrustedBSD Project. 41 * "BSD Extended" MAC policy, allowing the administrator to impose 42 * mandatory rules regarding users and some system objects. 43 */ 44 --- 410 unchanged lines hidden (view full) --- 455 int error, i; 456 457 /* 458 * XXXRW: More specific privilege selection needed? 459 */ 460 if (suser_cred(cred, 0) == 0) 461 return (0); 462 |
| 463 /* 464 * Since we do not separately handle append, map append to write. 465 */ 466 if (acc_mode & MBI_APPEND) { 467 acc_mode &= ~MBI_APPEND; 468 acc_mode |= MBI_WRITE; 469 } 470 |
|
| 463 mtx_lock(&mac_bsdextended_mtx); 464 for (i = 0; i < rule_slots; i++) { 465 if (rules[i] == NULL) 466 continue; 467 | 471 mtx_lock(&mac_bsdextended_mtx); 472 for (i = 0; i < rule_slots; i++) { 473 if (rules[i] == NULL) 474 continue; 475 |
| 468 /* 469 * Since we do not separately handle append, map append to 470 * write. 471 */ 472 if (acc_mode & MBI_APPEND) { 473 acc_mode &= ~MBI_APPEND; 474 acc_mode |= MBI_WRITE; 475 } 476 | |
| 477 error = mac_bsdextended_rulecheck(rules[i], cred, 478 vp, vap, acc_mode); 479 if (error == EJUSTRETURN) 480 break; 481 if (error) { 482 mtx_unlock(&mac_bsdextended_mtx); 483 return (error); 484 } --- 304 unchanged lines hidden --- | 476 error = mac_bsdextended_rulecheck(rules[i], cred, 477 vp, vap, acc_mode); 478 if (error == EJUSTRETURN) 479 break; 480 if (error) { 481 mtx_unlock(&mac_bsdextended_mtx); 482 return (error); 483 } --- 304 unchanged lines hidden --- |