| mac_portacl.c (166531) | mac_portacl.c (166905) |
|---|---|
| 1/*- 2 * Copyright (c) 2003-2004 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by Network 6 * Associates Laboratories, the Security Research Division of Network 7 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 8 * as part of the DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * | 1/*- 2 * Copyright (c) 2003-2004 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by Network 6 * Associates Laboratories, the Security Research Division of Network 7 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 8 * as part of the DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * |
| 31 * $FreeBSD: head/sys/security/mac_portacl/mac_portacl.c 166531 2007-02-06 10:59:23Z rwatson $ | 31 * $FreeBSD: head/sys/security/mac_portacl/mac_portacl.c 166905 2007-02-23 14:39:04Z rwatson $ |
| 32 */ 33 34/* 35 * Developed by the TrustedBSD Project. 36 * 37 * Administratively limit access to local UDP/TCP ports for binding purposes. 38 * Intended to be combined with net.inet.ip.portrange.reservedhigh to allow 39 * specific uids and gids to bind specific ports for specific purposes, --- 10 unchanged lines hidden (view full) --- 50 * 51 * # sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79" 52 * 53 * This ruleset, for example, permits uid 425 to bind TCP ports 80 (http) 54 * and 79 (finger). User names and group names can't be used directly 55 * because the kernel only knows about uids and gids. 56 */ 57 | 32 */ 33 34/* 35 * Developed by the TrustedBSD Project. 36 * 37 * Administratively limit access to local UDP/TCP ports for binding purposes. 38 * Intended to be combined with net.inet.ip.portrange.reservedhigh to allow 39 * specific uids and gids to bind specific ports for specific purposes, --- 10 unchanged lines hidden (view full) --- 50 * 51 * # sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79" 52 * 53 * This ruleset, for example, permits uid 425 to bind TCP ports 80 (http) 54 * and 79 (finger). User names and group names can't be used directly 55 * because the kernel only knows about uids and gids. 56 */ 57 |
| 58#include <sys/types.h> | |
| 59#include <sys/param.h> | 58#include <sys/param.h> |
| 60#include <sys/conf.h> | |
| 61#include <sys/domain.h> 62#include <sys/kernel.h> | 59#include <sys/domain.h> 60#include <sys/kernel.h> |
| 63#include <sys/libkern.h> | |
| 64#include <sys/lock.h> 65#include <sys/malloc.h> | 61#include <sys/lock.h> 62#include <sys/malloc.h> |
| 66#include <sys/mount.h> | 63#include <sys/module.h> |
| 67#include <sys/mutex.h> 68#include <sys/priv.h> 69#include <sys/proc.h> 70#include <sys/protosw.h> 71#include <sys/queue.h> 72#include <sys/systm.h> | 64#include <sys/mutex.h> 65#include <sys/priv.h> 66#include <sys/proc.h> 67#include <sys/protosw.h> 68#include <sys/queue.h> 69#include <sys/systm.h> |
| 73#include <sys/sysproto.h> 74#include <sys/sysent.h> 75#include <sys/file.h> | |
| 76#include <sys/sbuf.h> 77#include <sys/socket.h> 78#include <sys/socketvar.h> 79#include <sys/sysctl.h> 80 81#include <netinet/in.h> 82#include <netinet/in_pcb.h> 83 | 70#include <sys/sbuf.h> 71#include <sys/socket.h> 72#include <sys/socketvar.h> 73#include <sys/sysctl.h> 74 75#include <netinet/in.h> 76#include <netinet/in_pcb.h> 77 |
| 84#include <vm/vm.h> 85 | |
| 86#include <security/mac/mac_policy.h> 87 88SYSCTL_DECL(_security_mac); 89 90SYSCTL_NODE(_security_mac, OID_AUTO, portacl, CTLFLAG_RW, 0, 91 "TrustedBSD mac_portacl policy controls"); 92 93static int mac_portacl_enabled = 1; --- 406 unchanged lines hidden --- | 78#include <security/mac/mac_policy.h> 79 80SYSCTL_DECL(_security_mac); 81 82SYSCTL_NODE(_security_mac, OID_AUTO, portacl, CTLFLAG_RW, 0, 83 "TrustedBSD mac_portacl policy controls"); 84 85static int mac_portacl_enabled = 1; --- 406 unchanged lines hidden --- |