| mac_framework.c (165591) | mac_framework.c (165593) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2006 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 5 * Copyright (c) 2005-2006 SPARTA, Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 49 unchanged lines hidden (view full) --- 58 * and set label state on objects. 59 * 60 * The majority of the MAC Framework implementation may be found in 61 * src/sys/security/mac. Sample policy modules may be found in 62 * src/sys/security/mac_*. 63 */ 64 65#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999-2002, 2006 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 5 * Copyright (c) 2005-2006 SPARTA, Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 49 unchanged lines hidden (view full) --- 58 * and set label state on objects. 59 * 60 * The majority of the MAC Framework implementation may be found in 61 * src/sys/security/mac. Sample policy modules may be found in 62 * src/sys/security/mac_*. 63 */ 64 65#include <sys/cdefs.h> |
| 66__FBSDID("$FreeBSD: head/sys/security/mac/mac_framework.c 165591 2006-12-28 21:07:45Z rwatson $"); | 66__FBSDID("$FreeBSD: head/sys/security/mac/mac_framework.c 165593 2006-12-28 21:15:37Z rwatson $"); |
| 67 68#include <sys/param.h> 69#include <sys/condvar.h> 70#include <sys/kernel.h> 71#include <sys/lock.h> 72#include <sys/mutex.h> 73#include <sys/mac.h> 74#include <sys/module.h> --- 479 unchanged lines hidden (view full) --- 554 return (EPERM); 555 556 /* Precedence goes to error over success; otherwise, arbitrary. */ 557 if (error1 != 0) 558 return (error1); 559 return (error2); 560} 561 | 67 68#include <sys/param.h> 69#include <sys/condvar.h> 70#include <sys/kernel.h> 71#include <sys/lock.h> 72#include <sys/mutex.h> 73#include <sys/mac.h> 74#include <sys/module.h> --- 479 unchanged lines hidden (view full) --- 554 return (EPERM); 555 556 /* Precedence goes to error over success; otherwise, arbitrary. */ 557 if (error1 != 0) 558 return (error1); 559 return (error2); 560} 561 |
| 562void 563mac_init_label(struct label *label) 564{ 565 566 bzero(label, sizeof(*label)); 567 label->l_flags = MAC_FLAG_INITIALIZED; 568} 569 570void 571mac_destroy_label(struct label *label) 572{ 573 574 KASSERT(label->l_flags & MAC_FLAG_INITIALIZED, 575 ("destroying uninitialized label")); 576 577 bzero(label, sizeof(*label)); 578 /* implicit: label->l_flags &= ~MAC_FLAG_INITIALIZED; */ 579} 580 | |
| 581int 582mac_check_structmac_consistent(struct mac *mac) 583{ 584 585 if (mac->m_buflen < 0 || 586 mac->m_buflen > MAC_MAX_LABEL_BUF_LEN) 587 return (EINVAL); 588 589 return (0); 590} 591 592SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL); 593SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL); | 562int 563mac_check_structmac_consistent(struct mac *mac) 564{ 565 566 if (mac->m_buflen < 0 || 567 mac->m_buflen > MAC_MAX_LABEL_BUF_LEN) 568 return (EINVAL); 569 570 return (0); 571} 572 573SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL); 574SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL); |