| ugidfw_system.c (112717) | ugidfw_system.c (117247) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 112717 2003-03-27 19:26:39Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 117247 2003-07-05 01:24:36Z rwatson $ |
| 35 */ 36/* 37 * Developed by the TrustedBSD Project. 38 * "BSD Extended" MAC policy, allowing the administrator to impose 39 * mandatory rules regarding users and some system objects. 40 * 41 * XXX: Much locking support required here. 42 */ --- 364 unchanged lines hidden (view full) --- 407{ 408 struct vattr vap; 409 int error; 410 411 if (!mac_bsdextended_enabled) 412 return (0); 413 414 error = VOP_GETATTR(vp, &vap, cred, curthread); | 35 */ 36/* 37 * Developed by the TrustedBSD Project. 38 * "BSD Extended" MAC policy, allowing the administrator to impose 39 * mandatory rules regarding users and some system objects. 40 * 41 * XXX: Much locking support required here. 42 */ --- 364 unchanged lines hidden (view full) --- 407{ 408 struct vattr vap; 409 int error; 410 411 if (!mac_bsdextended_enabled) 412 return (0); 413 414 error = VOP_GETATTR(vp, &vap, cred, curthread); |
| 415 if (error) | 415 if (error) |
| 416 return (error); 417 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 418} 419 420static int 421mac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp, 422 struct label *label, struct image_params *imgp, 423 struct label *execlabel) --- 71 unchanged lines hidden (view full) --- 495} 496 497static int 498mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 499 struct label *dlabel, struct componentname *cnp) 500{ 501 struct vattr vap; 502 int error; | 416 return (error); 417 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 418} 419 420static int 421mac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp, 422 struct label *label, struct image_params *imgp, 423 struct label *execlabel) --- 71 unchanged lines hidden (view full) --- 495} 496 497static int 498mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 499 struct label *dlabel, struct componentname *cnp) 500{ 501 struct vattr vap; 502 int error; |
| 503 | 503 |
| 504 if (!mac_bsdextended_enabled) 505 return (0); | 504 if (!mac_bsdextended_enabled) 505 return (0); |
| 506 | 506 |
| 507 error = VOP_GETATTR(dvp, &vap, cred, curthread); 508 if (error) 509 return (error); 510 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 511} 512 513static int 514mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp, --- 262 unchanged lines hidden --- | 507 error = VOP_GETATTR(dvp, &vap, cred, curthread); 508 if (error) 509 return (error); 510 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 511} 512 513static int 514mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp, --- 262 unchanged lines hidden --- |