Cross Reference: /freebsd-11-stable/sys/security/mac/mac

Deleted Added

sdiff udiff text old ( 106212 ) new ( 106217 )

full compact

mac_framework.c (106212)	mac_framework.c (106217)
1/- 2 Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 *	1/- 2 Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 *
39 * $FreeBSD: head/sys/security/mac/mac_framework.c 106212 2002-10-30 17:56:57Z rwatson $	39 * $FreeBSD: head/sys/security/mac/mac_framework.c 106217 2002-10-30 18:48:51Z rwatson $
40 / 41/ 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 / 47 --- 418 unchanged lines hidden* (view full) --- 466 467 return (error); 468} 469 470static int 471mac_policy_register(struct mac_policy_conf mpc) 472{ 473* struct mac_policy_conf *tmpc;	40 / 41/ 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 / 47 --- 418 unchanged lines hidden* (view full) --- 466 467 return (error); 468} 469 470static int 471mac_policy_register(struct mac_policy_conf mpc) 472{ 473* struct mac_policy_conf *tmpc;
474 struct mac_policy_op_entry *mpe;
475 int slot; 476	474 int slot; 475
477 MALLOC(mpc->mpc_ops, struct mac_policy_ops , sizeof(mpc->mpc_ops), 478 M_MACOPVEC, M_WAITOK \| M_ZERO); 479 for (mpe = mpc->mpc_entries; mpe->mpe_constant != MAC_OP_LAST; mpe++) { 480 switch (mpe->mpe_constant) { 481 case MAC_OP_LAST: 482 /* 483 * Doesn't actually happen, but this allows checking 484 * that all enumerated values are handled. 485 / 486* break; 487 case MAC_DESTROY: 488 mpc->mpc_ops->mpo_destroy = 489 mpe->mpe_function; 490 break; 491 case MAC_INIT: 492 mpc->mpc_ops->mpo_init = 493 mpe->mpe_function; 494 break; 495 case MAC_SYSCALL: 496 mpc->mpc_ops->mpo_syscall = 497 mpe->mpe_function; 498 break; 499 case MAC_INIT_BPFDESC_LABEL: 500 mpc->mpc_ops->mpo_init_bpfdesc_label = 501 mpe->mpe_function; 502 break; 503 case MAC_INIT_CRED_LABEL: 504 mpc->mpc_ops->mpo_init_cred_label = 505 mpe->mpe_function; 506 break; 507 case MAC_INIT_DEVFSDIRENT_LABEL: 508 mpc->mpc_ops->mpo_init_devfsdirent_label = 509 mpe->mpe_function; 510 break; 511 case MAC_INIT_IFNET_LABEL: 512 mpc->mpc_ops->mpo_init_ifnet_label = 513 mpe->mpe_function; 514 break; 515 case MAC_INIT_IPQ_LABEL: 516 mpc->mpc_ops->mpo_init_ipq_label = 517 mpe->mpe_function; 518 break; 519 case MAC_INIT_MBUF_LABEL: 520 mpc->mpc_ops->mpo_init_mbuf_label = 521 mpe->mpe_function; 522 break; 523 case MAC_INIT_MOUNT_LABEL: 524 mpc->mpc_ops->mpo_init_mount_label = 525 mpe->mpe_function; 526 break; 527 case MAC_INIT_MOUNT_FS_LABEL: 528 mpc->mpc_ops->mpo_init_mount_fs_label = 529 mpe->mpe_function; 530 break; 531 case MAC_INIT_PIPE_LABEL: 532 mpc->mpc_ops->mpo_init_pipe_label = 533 mpe->mpe_function; 534 break; 535 case MAC_INIT_SOCKET_LABEL: 536 mpc->mpc_ops->mpo_init_socket_label = 537 mpe->mpe_function; 538 break; 539 case MAC_INIT_SOCKET_PEER_LABEL: 540 mpc->mpc_ops->mpo_init_socket_peer_label = 541 mpe->mpe_function; 542 break; 543 case MAC_INIT_VNODE_LABEL: 544 mpc->mpc_ops->mpo_init_vnode_label = 545 mpe->mpe_function; 546 break; 547 case MAC_DESTROY_BPFDESC_LABEL: 548 mpc->mpc_ops->mpo_destroy_bpfdesc_label = 549 mpe->mpe_function; 550 break; 551 case MAC_DESTROY_CRED_LABEL: 552 mpc->mpc_ops->mpo_destroy_cred_label = 553 mpe->mpe_function; 554 break; 555 case MAC_DESTROY_DEVFSDIRENT_LABEL: 556 mpc->mpc_ops->mpo_destroy_devfsdirent_label = 557 mpe->mpe_function; 558 break; 559 case MAC_DESTROY_IFNET_LABEL: 560 mpc->mpc_ops->mpo_destroy_ifnet_label = 561 mpe->mpe_function; 562 break; 563 case MAC_DESTROY_IPQ_LABEL: 564 mpc->mpc_ops->mpo_destroy_ipq_label = 565 mpe->mpe_function; 566 break; 567 case MAC_DESTROY_MBUF_LABEL: 568 mpc->mpc_ops->mpo_destroy_mbuf_label = 569 mpe->mpe_function; 570 break; 571 case MAC_DESTROY_MOUNT_LABEL: 572 mpc->mpc_ops->mpo_destroy_mount_label = 573 mpe->mpe_function; 574 break; 575 case MAC_DESTROY_MOUNT_FS_LABEL: 576 mpc->mpc_ops->mpo_destroy_mount_fs_label = 577 mpe->mpe_function; 578 break; 579 case MAC_DESTROY_PIPE_LABEL: 580 mpc->mpc_ops->mpo_destroy_pipe_label = 581 mpe->mpe_function; 582 break; 583 case MAC_DESTROY_SOCKET_LABEL: 584 mpc->mpc_ops->mpo_destroy_socket_label = 585 mpe->mpe_function; 586 break; 587 case MAC_DESTROY_SOCKET_PEER_LABEL: 588 mpc->mpc_ops->mpo_destroy_socket_peer_label = 589 mpe->mpe_function; 590 break; 591 case MAC_DESTROY_VNODE_LABEL: 592 mpc->mpc_ops->mpo_destroy_vnode_label = 593 mpe->mpe_function; 594 break; 595 case MAC_COPY_PIPE_LABEL: 596 mpc->mpc_ops->mpo_copy_pipe_label = 597 mpe->mpe_function; 598 break; 599 case MAC_COPY_VNODE_LABEL: 600 mpc->mpc_ops->mpo_copy_vnode_label = 601 mpe->mpe_function; 602 break; 603 case MAC_EXTERNALIZE_CRED_LABEL: 604 mpc->mpc_ops->mpo_externalize_cred_label = 605 mpe->mpe_function; 606 break; 607 case MAC_EXTERNALIZE_IFNET_LABEL: 608 mpc->mpc_ops->mpo_externalize_ifnet_label = 609 mpe->mpe_function; 610 break; 611 case MAC_EXTERNALIZE_PIPE_LABEL: 612 mpc->mpc_ops->mpo_externalize_pipe_label = 613 mpe->mpe_function; 614 break; 615 case MAC_EXTERNALIZE_SOCKET_LABEL: 616 mpc->mpc_ops->mpo_externalize_socket_label = 617 mpe->mpe_function; 618 break; 619 case MAC_EXTERNALIZE_SOCKET_PEER_LABEL: 620 mpc->mpc_ops->mpo_externalize_socket_peer_label = 621 mpe->mpe_function; 622 break; 623 case MAC_EXTERNALIZE_VNODE_LABEL: 624 mpc->mpc_ops->mpo_externalize_vnode_label = 625 mpe->mpe_function; 626 break; 627 case MAC_INTERNALIZE_CRED_LABEL: 628 mpc->mpc_ops->mpo_internalize_cred_label = 629 mpe->mpe_function; 630 break; 631 case MAC_INTERNALIZE_IFNET_LABEL: 632 mpc->mpc_ops->mpo_internalize_ifnet_label = 633 mpe->mpe_function; 634 break; 635 case MAC_INTERNALIZE_PIPE_LABEL: 636 mpc->mpc_ops->mpo_internalize_pipe_label = 637 mpe->mpe_function; 638 break; 639 case MAC_INTERNALIZE_SOCKET_LABEL: 640 mpc->mpc_ops->mpo_internalize_socket_label = 641 mpe->mpe_function; 642 break; 643 case MAC_INTERNALIZE_VNODE_LABEL: 644 mpc->mpc_ops->mpo_internalize_vnode_label = 645 mpe->mpe_function; 646 break; 647 case MAC_CREATE_DEVFS_DEVICE: 648 mpc->mpc_ops->mpo_create_devfs_device = 649 mpe->mpe_function; 650 break; 651 case MAC_CREATE_DEVFS_DIRECTORY: 652 mpc->mpc_ops->mpo_create_devfs_directory = 653 mpe->mpe_function; 654 break; 655 case MAC_CREATE_DEVFS_SYMLINK: 656 mpc->mpc_ops->mpo_create_devfs_symlink = 657 mpe->mpe_function; 658 break; 659 case MAC_CREATE_DEVFS_VNODE: 660 mpc->mpc_ops->mpo_create_devfs_vnode = 661 mpe->mpe_function; 662 break; 663 case MAC_CREATE_MOUNT: 664 mpc->mpc_ops->mpo_create_mount = 665 mpe->mpe_function; 666 break; 667 case MAC_CREATE_ROOT_MOUNT: 668 mpc->mpc_ops->mpo_create_root_mount = 669 mpe->mpe_function; 670 break; 671 case MAC_RELABEL_VNODE: 672 mpc->mpc_ops->mpo_relabel_vnode = 673 mpe->mpe_function; 674 break; 675 case MAC_UPDATE_DEVFSDIRENT: 676 mpc->mpc_ops->mpo_update_devfsdirent = 677 mpe->mpe_function; 678 break; 679 case MAC_ASSOCIATE_VNODE_DEVFS: 680 mpc->mpc_ops->mpo_associate_vnode_devfs = 681 mpe->mpe_function; 682 break; 683 case MAC_ASSOCIATE_VNODE_EXTATTR: 684 mpc->mpc_ops->mpo_associate_vnode_extattr = 685 mpe->mpe_function; 686 break; 687 case MAC_ASSOCIATE_VNODE_SINGLELABEL: 688 mpc->mpc_ops->mpo_associate_vnode_singlelabel = 689 mpe->mpe_function; 690 break; 691 case MAC_CREATE_VNODE_EXTATTR: 692 mpc->mpc_ops->mpo_create_vnode_extattr = 693 mpe->mpe_function; 694 break; 695 case MAC_SETLABEL_VNODE_EXTATTR: 696 mpc->mpc_ops->mpo_setlabel_vnode_extattr = 697 mpe->mpe_function; 698 break; 699 case MAC_CREATE_MBUF_FROM_SOCKET: 700 mpc->mpc_ops->mpo_create_mbuf_from_socket = 701 mpe->mpe_function; 702 break; 703 case MAC_CREATE_PIPE: 704 mpc->mpc_ops->mpo_create_pipe = 705 mpe->mpe_function; 706 break; 707 case MAC_CREATE_SOCKET: 708 mpc->mpc_ops->mpo_create_socket = 709 mpe->mpe_function; 710 break; 711 case MAC_CREATE_SOCKET_FROM_SOCKET: 712 mpc->mpc_ops->mpo_create_socket_from_socket = 713 mpe->mpe_function; 714 break; 715 case MAC_RELABEL_PIPE: 716 mpc->mpc_ops->mpo_relabel_pipe = 717 mpe->mpe_function; 718 break; 719 case MAC_RELABEL_SOCKET: 720 mpc->mpc_ops->mpo_relabel_socket = 721 mpe->mpe_function; 722 break; 723 case MAC_SET_SOCKET_PEER_FROM_MBUF: 724 mpc->mpc_ops->mpo_set_socket_peer_from_mbuf = 725 mpe->mpe_function; 726 break; 727 case MAC_SET_SOCKET_PEER_FROM_SOCKET: 728 mpc->mpc_ops->mpo_set_socket_peer_from_socket = 729 mpe->mpe_function; 730 break; 731 case MAC_CREATE_BPFDESC: 732 mpc->mpc_ops->mpo_create_bpfdesc = 733 mpe->mpe_function; 734 break; 735 case MAC_CREATE_DATAGRAM_FROM_IPQ: 736 mpc->mpc_ops->mpo_create_datagram_from_ipq = 737 mpe->mpe_function; 738 break; 739 case MAC_CREATE_FRAGMENT: 740 mpc->mpc_ops->mpo_create_fragment = 741 mpe->mpe_function; 742 break; 743 case MAC_CREATE_IFNET: 744 mpc->mpc_ops->mpo_create_ifnet = 745 mpe->mpe_function; 746 break; 747 case MAC_CREATE_IPQ: 748 mpc->mpc_ops->mpo_create_ipq = 749 mpe->mpe_function; 750 break; 751 case MAC_CREATE_MBUF_FROM_MBUF: 752 mpc->mpc_ops->mpo_create_mbuf_from_mbuf = 753 mpe->mpe_function; 754 break; 755 case MAC_CREATE_MBUF_LINKLAYER: 756 mpc->mpc_ops->mpo_create_mbuf_linklayer = 757 mpe->mpe_function; 758 break; 759 case MAC_CREATE_MBUF_FROM_BPFDESC: 760 mpc->mpc_ops->mpo_create_mbuf_from_bpfdesc = 761 mpe->mpe_function; 762 break; 763 case MAC_CREATE_MBUF_FROM_IFNET: 764 mpc->mpc_ops->mpo_create_mbuf_from_ifnet = 765 mpe->mpe_function; 766 break; 767 case MAC_CREATE_MBUF_MULTICAST_ENCAP: 768 mpc->mpc_ops->mpo_create_mbuf_multicast_encap = 769 mpe->mpe_function; 770 break; 771 case MAC_CREATE_MBUF_NETLAYER: 772 mpc->mpc_ops->mpo_create_mbuf_netlayer = 773 mpe->mpe_function; 774 break; 775 case MAC_FRAGMENT_MATCH: 776 mpc->mpc_ops->mpo_fragment_match = 777 mpe->mpe_function; 778 break; 779 case MAC_RELABEL_IFNET: 780 mpc->mpc_ops->mpo_relabel_ifnet = 781 mpe->mpe_function; 782 break; 783 case MAC_UPDATE_IPQ: 784 mpc->mpc_ops->mpo_update_ipq = 785 mpe->mpe_function; 786 break; 787 case MAC_CREATE_CRED: 788 mpc->mpc_ops->mpo_create_cred = 789 mpe->mpe_function; 790 break; 791 case MAC_EXECVE_TRANSITION: 792 mpc->mpc_ops->mpo_execve_transition = 793 mpe->mpe_function; 794 break; 795 case MAC_EXECVE_WILL_TRANSITION: 796 mpc->mpc_ops->mpo_execve_will_transition = 797 mpe->mpe_function; 798 break; 799 case MAC_CREATE_PROC0: 800 mpc->mpc_ops->mpo_create_proc0 = 801 mpe->mpe_function; 802 break; 803 case MAC_CREATE_PROC1: 804 mpc->mpc_ops->mpo_create_proc1 = 805 mpe->mpe_function; 806 break; 807 case MAC_RELABEL_CRED: 808 mpc->mpc_ops->mpo_relabel_cred = 809 mpe->mpe_function; 810 break; 811 case MAC_THREAD_USERRET: 812 mpc->mpc_ops->mpo_thread_userret = 813 mpe->mpe_function; 814 break; 815 case MAC_CHECK_BPFDESC_RECEIVE: 816 mpc->mpc_ops->mpo_check_bpfdesc_receive = 817 mpe->mpe_function; 818 break; 819 case MAC_CHECK_CRED_RELABEL: 820 mpc->mpc_ops->mpo_check_cred_relabel = 821 mpe->mpe_function; 822 break; 823 case MAC_CHECK_CRED_VISIBLE: 824 mpc->mpc_ops->mpo_check_cred_visible = 825 mpe->mpe_function; 826 break; 827 case MAC_CHECK_IFNET_RELABEL: 828 mpc->mpc_ops->mpo_check_ifnet_relabel = 829 mpe->mpe_function; 830 break; 831 case MAC_CHECK_IFNET_TRANSMIT: 832 mpc->mpc_ops->mpo_check_ifnet_transmit = 833 mpe->mpe_function; 834 break; 835 case MAC_CHECK_MOUNT_STAT: 836 mpc->mpc_ops->mpo_check_mount_stat = 837 mpe->mpe_function; 838 break; 839 case MAC_CHECK_PIPE_IOCTL: 840 mpc->mpc_ops->mpo_check_pipe_ioctl = 841 mpe->mpe_function; 842 break; 843 case MAC_CHECK_PIPE_POLL: 844 mpc->mpc_ops->mpo_check_pipe_poll = 845 mpe->mpe_function; 846 break; 847 case MAC_CHECK_PIPE_READ: 848 mpc->mpc_ops->mpo_check_pipe_read = 849 mpe->mpe_function; 850 break; 851 case MAC_CHECK_PIPE_RELABEL: 852 mpc->mpc_ops->mpo_check_pipe_relabel = 853 mpe->mpe_function; 854 break; 855 case MAC_CHECK_PIPE_STAT: 856 mpc->mpc_ops->mpo_check_pipe_stat = 857 mpe->mpe_function; 858 break; 859 case MAC_CHECK_PIPE_WRITE: 860 mpc->mpc_ops->mpo_check_pipe_write = 861 mpe->mpe_function; 862 break; 863 case MAC_CHECK_PROC_DEBUG: 864 mpc->mpc_ops->mpo_check_proc_debug = 865 mpe->mpe_function; 866 break; 867 case MAC_CHECK_PROC_SCHED: 868 mpc->mpc_ops->mpo_check_proc_sched = 869 mpe->mpe_function; 870 break; 871 case MAC_CHECK_PROC_SIGNAL: 872 mpc->mpc_ops->mpo_check_proc_signal = 873 mpe->mpe_function; 874 break; 875 case MAC_CHECK_SOCKET_BIND: 876 mpc->mpc_ops->mpo_check_socket_bind = 877 mpe->mpe_function; 878 break; 879 case MAC_CHECK_SOCKET_CONNECT: 880 mpc->mpc_ops->mpo_check_socket_connect = 881 mpe->mpe_function; 882 break; 883 case MAC_CHECK_SOCKET_DELIVER: 884 mpc->mpc_ops->mpo_check_socket_deliver = 885 mpe->mpe_function; 886 break; 887 case MAC_CHECK_SOCKET_LISTEN: 888 mpc->mpc_ops->mpo_check_socket_listen = 889 mpe->mpe_function; 890 break; 891 case MAC_CHECK_SOCKET_RECEIVE: 892 mpc->mpc_ops->mpo_check_socket_receive = 893 mpe->mpe_function; 894 break; 895 case MAC_CHECK_SOCKET_RELABEL: 896 mpc->mpc_ops->mpo_check_socket_relabel = 897 mpe->mpe_function; 898 break; 899 case MAC_CHECK_SOCKET_SEND: 900 mpc->mpc_ops->mpo_check_socket_send = 901 mpe->mpe_function; 902 break; 903 case MAC_CHECK_SOCKET_VISIBLE: 904 mpc->mpc_ops->mpo_check_socket_visible = 905 mpe->mpe_function; 906 break; 907 case MAC_CHECK_SYSTEM_REBOOT: 908 mpc->mpc_ops->mpo_check_system_reboot = 909 mpe->mpe_function; 910 break; 911 case MAC_CHECK_SYSTEM_SWAPON: 912 mpc->mpc_ops->mpo_check_system_swapon = 913 mpe->mpe_function; 914 break; 915 case MAC_CHECK_SYSTEM_SYSCTL: 916 mpc->mpc_ops->mpo_check_system_sysctl = 917 mpe->mpe_function; 918 break; 919 case MAC_CHECK_VNODE_ACCESS: 920 mpc->mpc_ops->mpo_check_vnode_access = 921 mpe->mpe_function; 922 break; 923 case MAC_CHECK_VNODE_CHDIR: 924 mpc->mpc_ops->mpo_check_vnode_chdir = 925 mpe->mpe_function; 926 break; 927 case MAC_CHECK_VNODE_CHROOT: 928 mpc->mpc_ops->mpo_check_vnode_chroot = 929 mpe->mpe_function; 930 break; 931 case MAC_CHECK_VNODE_CREATE: 932 mpc->mpc_ops->mpo_check_vnode_create = 933 mpe->mpe_function; 934 break; 935 case MAC_CHECK_VNODE_DELETE: 936 mpc->mpc_ops->mpo_check_vnode_delete = 937 mpe->mpe_function; 938 break; 939 case MAC_CHECK_VNODE_DELETEACL: 940 mpc->mpc_ops->mpo_check_vnode_deleteacl = 941 mpe->mpe_function; 942 break; 943 case MAC_CHECK_VNODE_EXEC: 944 mpc->mpc_ops->mpo_check_vnode_exec = 945 mpe->mpe_function; 946 break; 947 case MAC_CHECK_VNODE_GETACL: 948 mpc->mpc_ops->mpo_check_vnode_getacl = 949 mpe->mpe_function; 950 break; 951 case MAC_CHECK_VNODE_GETEXTATTR: 952 mpc->mpc_ops->mpo_check_vnode_getextattr = 953 mpe->mpe_function; 954 break; 955 case MAC_CHECK_VNODE_LINK: 956 mpc->mpc_ops->mpo_check_vnode_link = 957 mpe->mpe_function; 958 break; 959 case MAC_CHECK_VNODE_LOOKUP: 960 mpc->mpc_ops->mpo_check_vnode_lookup = 961 mpe->mpe_function; 962 break; 963 case MAC_CHECK_VNODE_MMAP: 964 mpc->mpc_ops->mpo_check_vnode_mmap = 965 mpe->mpe_function; 966 break; 967 case MAC_CHECK_VNODE_MMAP_DOWNGRADE: 968 mpc->mpc_ops->mpo_check_vnode_mmap_downgrade = 969 mpe->mpe_function; 970 break; 971 case MAC_CHECK_VNODE_MPROTECT: 972 mpc->mpc_ops->mpo_check_vnode_mprotect = 973 mpe->mpe_function; 974 break; 975 case MAC_CHECK_VNODE_OPEN: 976 mpc->mpc_ops->mpo_check_vnode_open = 977 mpe->mpe_function; 978 break; 979 case MAC_CHECK_VNODE_POLL: 980 mpc->mpc_ops->mpo_check_vnode_poll = 981 mpe->mpe_function; 982 break; 983 case MAC_CHECK_VNODE_READ: 984 mpc->mpc_ops->mpo_check_vnode_read = 985 mpe->mpe_function; 986 break; 987 case MAC_CHECK_VNODE_READDIR: 988 mpc->mpc_ops->mpo_check_vnode_readdir = 989 mpe->mpe_function; 990 break; 991 case MAC_CHECK_VNODE_READLINK: 992 mpc->mpc_ops->mpo_check_vnode_readlink = 993 mpe->mpe_function; 994 break; 995 case MAC_CHECK_VNODE_RELABEL: 996 mpc->mpc_ops->mpo_check_vnode_relabel = 997 mpe->mpe_function; 998 break; 999 case MAC_CHECK_VNODE_RENAME_FROM: 1000 mpc->mpc_ops->mpo_check_vnode_rename_from = 1001 mpe->mpe_function; 1002 break; 1003 case MAC_CHECK_VNODE_RENAME_TO: 1004 mpc->mpc_ops->mpo_check_vnode_rename_to = 1005 mpe->mpe_function; 1006 break; 1007 case MAC_CHECK_VNODE_REVOKE: 1008 mpc->mpc_ops->mpo_check_vnode_revoke = 1009 mpe->mpe_function; 1010 break; 1011 case MAC_CHECK_VNODE_SETACL: 1012 mpc->mpc_ops->mpo_check_vnode_setacl = 1013 mpe->mpe_function; 1014 break; 1015 case MAC_CHECK_VNODE_SETEXTATTR: 1016 mpc->mpc_ops->mpo_check_vnode_setextattr = 1017 mpe->mpe_function; 1018 break; 1019 case MAC_CHECK_VNODE_SETFLAGS: 1020 mpc->mpc_ops->mpo_check_vnode_setflags = 1021 mpe->mpe_function; 1022 break; 1023 case MAC_CHECK_VNODE_SETMODE: 1024 mpc->mpc_ops->mpo_check_vnode_setmode = 1025 mpe->mpe_function; 1026 break; 1027 case MAC_CHECK_VNODE_SETOWNER: 1028 mpc->mpc_ops->mpo_check_vnode_setowner = 1029 mpe->mpe_function; 1030 break; 1031 case MAC_CHECK_VNODE_SETUTIMES: 1032 mpc->mpc_ops->mpo_check_vnode_setutimes = 1033 mpe->mpe_function; 1034 break; 1035 case MAC_CHECK_VNODE_STAT: 1036 mpc->mpc_ops->mpo_check_vnode_stat = 1037 mpe->mpe_function; 1038 break; 1039 case MAC_CHECK_VNODE_WRITE: 1040 mpc->mpc_ops->mpo_check_vnode_write = 1041 mpe->mpe_function; 1042 break; 1043/* 1044 default: 1045 printf("MAC policy `%s': unknown operation %d\n", 1046 mpc->mpc_name, mpe->mpe_constant); 1047 return (EINVAL); 1048/ 1049* } 1050 }
1051 MAC_POLICY_LIST_LOCK(); 1052 if (mac_policy_list_busy > 0) { 1053 MAC_POLICY_LIST_UNLOCK();	476 MAC_POLICY_LIST_LOCK(); 477 if (mac_policy_list_busy > 0) { 478 MAC_POLICY_LIST_UNLOCK();
1054 FREE(mpc->mpc_ops, M_MACOPVEC); 1055 mpc->mpc_ops = NULL;
1056 return (EBUSY); 1057 } 1058 LIST_FOREACH(tmpc, &mac_policy_list, mpc_list) { 1059 if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) { 1060 MAC_POLICY_LIST_UNLOCK();	479 return (EBUSY); 480 } 481 LIST_FOREACH(tmpc, &mac_policy_list, mpc_list) { 482 if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) { 483 MAC_POLICY_LIST_UNLOCK();
1061 FREE(mpc->mpc_ops, M_MACOPVEC); 1062 mpc->mpc_ops = NULL;
1063 return (EEXIST); 1064 } 1065 } 1066 if (mpc->mpc_field_off != NULL) { 1067 slot = ffs(mac_policy_offsets_free); 1068 if (slot == 0) { 1069 MAC_POLICY_LIST_UNLOCK();	484 return (EEXIST); 485 } 486 } 487 if (mpc->mpc_field_off != NULL) { 488 slot = ffs(mac_policy_offsets_free); 489 if (slot == 0) { 490 MAC_POLICY_LIST_UNLOCK();
1070 FREE(mpc->mpc_ops, M_MACOPVEC); 1071 mpc->mpc_ops = NULL;
1072 return (ENOMEM); 1073 } 1074 slot--; 1075 mac_policy_offsets_free &= ~(1 << slot); 1076 mpc->mpc_field_off = slot; 1077* } 1078 mpc->mpc_runtime_flags \|= MPC_RUNTIME_FLAG_REGISTERED; 1079 LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list); --- 50 unchanged lines hidden (view full) --- 1130 return (EBUSY); 1131 } 1132 if (mpc->mpc_ops->mpo_destroy != NULL) 1133 ((mpc->mpc_ops->mpo_destroy))(mpc); 1134* 1135 LIST_REMOVE(mpc, mpc_list); 1136 MAC_POLICY_LIST_UNLOCK(); 1137	491 return (ENOMEM); 492 } 493 slot--; 494 mac_policy_offsets_free &= ~(1 << slot); 495 mpc->mpc_field_off = slot; 496* } 497 mpc->mpc_runtime_flags \|= MPC_RUNTIME_FLAG_REGISTERED; 498 LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list); --- 50 unchanged lines hidden (view full) --- 549 return (EBUSY); 550 } 551 if (mpc->mpc_ops->mpo_destroy != NULL) 552 ((mpc->mpc_ops->mpo_destroy))(mpc); 553* 554 LIST_REMOVE(mpc, mpc_list); 555 MAC_POLICY_LIST_UNLOCK(); 556
1138 FREE(mpc->mpc_ops, M_MACOPVEC); 1139 mpc->mpc_ops = NULL;
1140 mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED; 1141 1142 printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname, 1143 mpc->mpc_name); 1144 1145 return (0); 1146} 1147 --- 2885 unchanged lines hidden ---	557 mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED; 558 559 printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname, 560 mpc->mpc_name); 561 562 return (0); 563} 564 --- 2885 unchanged lines hidden ---