mac_framework.c (105988) | mac_framework.c (106023) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
39 * $FreeBSD: head/sys/security/mac/mac_framework.c 105988 2002-10-26 14:38:24Z rwatson $ | 39 * $FreeBSD: head/sys/security/mac/mac_framework.c 106023 2002-10-27 06:54:06Z rwatson $ |
40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 846 unchanged lines hidden (view full) --- 894 case MAC_CHECK_SOCKET_SEND: 895 mpc->mpc_ops->mpo_check_socket_send = 896 mpe->mpe_function; 897 break; 898 case MAC_CHECK_SOCKET_VISIBLE: 899 mpc->mpc_ops->mpo_check_socket_visible = 900 mpe->mpe_function; 901 break; | 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 846 unchanged lines hidden (view full) --- 894 case MAC_CHECK_SOCKET_SEND: 895 mpc->mpc_ops->mpo_check_socket_send = 896 mpe->mpe_function; 897 break; 898 case MAC_CHECK_SOCKET_VISIBLE: 899 mpc->mpc_ops->mpo_check_socket_visible = 900 mpe->mpe_function; 901 break; |
902 case MAC_CHECK_SYSTEM_SWAPON: 903 mpc->mpc_ops->mpo_check_system_swapon = 904 mpe->mpe_function; 905 break; |
|
902 case MAC_CHECK_VNODE_ACCESS: 903 mpc->mpc_ops->mpo_check_vnode_access = 904 mpe->mpe_function; 905 break; 906 case MAC_CHECK_VNODE_CHDIR: 907 mpc->mpc_ops->mpo_check_vnode_chdir = 908 mpe->mpe_function; 909 break; --- 104 unchanged lines hidden (view full) --- 1014 case MAC_CHECK_VNODE_SETUTIMES: 1015 mpc->mpc_ops->mpo_check_vnode_setutimes = 1016 mpe->mpe_function; 1017 break; 1018 case MAC_CHECK_VNODE_STAT: 1019 mpc->mpc_ops->mpo_check_vnode_stat = 1020 mpe->mpe_function; 1021 break; | 906 case MAC_CHECK_VNODE_ACCESS: 907 mpc->mpc_ops->mpo_check_vnode_access = 908 mpe->mpe_function; 909 break; 910 case MAC_CHECK_VNODE_CHDIR: 911 mpc->mpc_ops->mpo_check_vnode_chdir = 912 mpe->mpe_function; 913 break; --- 104 unchanged lines hidden (view full) --- 1018 case MAC_CHECK_VNODE_SETUTIMES: 1019 mpc->mpc_ops->mpo_check_vnode_setutimes = 1020 mpe->mpe_function; 1021 break; 1022 case MAC_CHECK_VNODE_STAT: 1023 mpc->mpc_ops->mpo_check_vnode_stat = 1024 mpe->mpe_function; 1025 break; |
1022 case MAC_CHECK_VNODE_SWAPON: 1023 mpc->mpc_ops->mpo_check_vnode_swapon = 1024 mpe->mpe_function; 1025 break; | |
1026 case MAC_CHECK_VNODE_WRITE: 1027 mpc->mpc_ops->mpo_check_vnode_write = 1028 mpe->mpe_function; 1029 break; 1030/* 1031 default: 1032 printf("MAC policy `%s': unknown operation %d\n", 1033 mpc->mpc_name, mpe->mpe_constant); --- 1265 unchanged lines hidden (view full) --- 2299 return (0); 2300 2301 MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp, 2302 &vp->v_label); 2303 return (error); 2304} 2305 2306int | 1026 case MAC_CHECK_VNODE_WRITE: 1027 mpc->mpc_ops->mpo_check_vnode_write = 1028 mpe->mpe_function; 1029 break; 1030/* 1031 default: 1032 printf("MAC policy `%s': unknown operation %d\n", 1033 mpc->mpc_name, mpe->mpe_constant); --- 1265 unchanged lines hidden (view full) --- 2299 return (0); 2300 2301 MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp, 2302 &vp->v_label); 2303 return (error); 2304} 2305 2306int |
2307mac_check_vnode_swapon(struct ucred *cred, struct vnode *vp) 2308{ 2309 int error; 2310 2311 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_swapon"); 2312 2313 if (!mac_enforce_fs) 2314 return (0); 2315 2316 MAC_CHECK(check_vnode_swapon, cred, vp, &vp->v_label); 2317 return (error); 2318} 2319 2320int | |
2321mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, 2322 struct vnode *vp) 2323{ 2324 int error; 2325 2326 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write"); 2327 2328 if (!mac_enforce_fs) --- 677 unchanged lines hidden (view full) --- 3006 return (0); 3007 3008 MAC_CHECK(check_socket_visible, cred, socket, &socket->so_label); 3009 3010 return (error); 3011} 3012 3013int | 2307mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, 2308 struct vnode *vp) 2309{ 2310 int error; 2311 2312 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write"); 2313 2314 if (!mac_enforce_fs) --- 677 unchanged lines hidden (view full) --- 2992 return (0); 2993 2994 MAC_CHECK(check_socket_visible, cred, socket, &socket->so_label); 2995 2996 return (error); 2997} 2998 2999int |
3000mac_check_system_swapon(struct ucred *cred, struct vnode *vp) 3001{ 3002 int error; 3003 3004 ASSERT_VOP_LOCKED(vp, "mac_check_system_swapon"); 3005 3006 if (!mac_enforce_fs) 3007 return (0); 3008 3009 MAC_CHECK(check_system_swapon, cred, vp, &vp->v_label); 3010 return (error); 3011} 3012 3013int |
|
3014mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr, 3015 struct ifnet *ifnet) 3016{ 3017 char *elements, *buffer; 3018 struct mac mac; 3019 int error; 3020 3021 error = copyin(ifr->ifr_ifru.ifru_data, &mac, sizeof(mac)); --- 966 unchanged lines hidden --- | 3014mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr, 3015 struct ifnet *ifnet) 3016{ 3017 char *elements, *buffer; 3018 struct mac mac; 3019 int error; 3020 3021 error = copyin(ifr->ifr_ifru.ifru_data, &mac, sizeof(mac)); --- 966 unchanged lines hidden --- |