Cross Reference: /freebsd-10.3-release/sys/security/mac_bsdextended/mac

Deleted Added

sdiff udiff text old ( 182371 ) new ( 182905 )

full compact

mac_bsdextended.c (182371)	mac_bsdextended.c (182905)
1/- 2 Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005 Tom Rhodes 5 * Copyright (c) 2006 SPARTA, Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. --- 23 unchanged lines hidden (view full) --- 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 *	1/- 2 Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005 Tom Rhodes 5 * Copyright (c) 2006 SPARTA, Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. --- 23 unchanged lines hidden (view full) --- 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 *
40 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 182371 2008-08-28 15:23:18Z attilio $	40 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 182905 2008-09-10 13:16:41Z trasz $
41 / 42 43/ 44 * Developed by the TrustedBSD Project. 45 * 46 * "BSD Extended" MAC policy, allowing the administrator to impose mandatory 47 * firewall-like rules regarding users and file system objects. 48 / --- 7 unchanged lines hidden* (view full) --- 56#include <sys/module.h> 57#include <sys/mount.h> 58#include <sys/mutex.h> 59#include <sys/priv.h> 60#include <sys/systm.h> 61#include <sys/vnode.h> 62#include <sys/sysctl.h> 63#include <sys/syslog.h>	41 / 42 43/ 44 * Developed by the TrustedBSD Project. 45 * 46 * "BSD Extended" MAC policy, allowing the administrator to impose mandatory 47 * firewall-like rules regarding users and file system objects. 48 / --- 7 unchanged lines hidden* (view full) --- 56#include <sys/module.h> 57#include <sys/mount.h> 58#include <sys/mutex.h> 59#include <sys/priv.h> 60#include <sys/systm.h> 61#include <sys/vnode.h> 62#include <sys/sysctl.h> 63#include <sys/syslog.h>
	64#include <sys/stat.h>
64 65#include <security/mac/mac_policy.h> 66#include <security/mac_bsdextended/mac_bsdextended.h> 67 68static struct mtx ugidfw_mtx; 69 70SYSCTL_DECL(_security_mac); 71 --- 226 unchanged lines hidden (view full) --- 298 sizeof(rule->mbr_object.mbo_fsid)) == 0); 299 if (rule->mbr_object.mbo_neg & MBO_FSID_DEFINED) 300 match = !match; 301 if (!match) 302 return (0); 303 } 304 305 if (rule->mbr_object.mbo_flags & MBO_SUID) {	65 66#include <security/mac/mac_policy.h> 67#include <security/mac_bsdextended/mac_bsdextended.h> 68 69static struct mtx ugidfw_mtx; 70 71SYSCTL_DECL(_security_mac); 72 --- 226 unchanged lines hidden (view full) --- 299 sizeof(rule->mbr_object.mbo_fsid)) == 0); 300 if (rule->mbr_object.mbo_neg & MBO_FSID_DEFINED) 301 match = !match; 302 if (!match) 303 return (0); 304 } 305 306 if (rule->mbr_object.mbo_flags & MBO_SUID) {
306 match = (vap->va_mode & VSUID);	307 match = (vap->va_mode & S_ISUID);
307 if (rule->mbr_object.mbo_neg & MBO_SUID) 308 match = !match; 309 if (!match) 310 return (0); 311 } 312 313 if (rule->mbr_object.mbo_flags & MBO_SGID) {	308 if (rule->mbr_object.mbo_neg & MBO_SUID) 309 match = !match; 310 if (!match) 311 return (0); 312 } 313 314 if (rule->mbr_object.mbo_flags & MBO_SGID) {
314 match = (vap->va_mode & VSGID);	315 match = (vap->va_mode & S_ISGID);
315 if (rule->mbr_object.mbo_neg & MBO_SGID) 316 match = !match; 317 if (!match) 318 return (0); 319 } 320 321 if (rule->mbr_object.mbo_flags & MBO_UID_SUBJECT) { 322 match = (vap->va_uid == cred->cr_uid \|\| --- 429 unchanged lines hidden ---	316 if (rule->mbr_object.mbo_neg & MBO_SGID) 317 match = !match; 318 if (!match) 319 return (0); 320 } 321 322 if (rule->mbr_object.mbo_flags & MBO_UID_SUBJECT) { 323 match = (vap->va_uid == cred->cr_uid \|\| --- 429 unchanged lines hidden ---