mac_bsdextended.c (111119) | mac_bsdextended.c (112575) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 111119 2003-02-19 05:47:46Z imp $ | 34 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 112575 2003-03-25 01:14:03Z rwatson $ |
35 */ 36/* 37 * Developed by the TrustedBSD Project. 38 * "BSD Extended" MAC policy, allowing the administrator to impose 39 * mandatory rules regarding users and some system objects. 40 * 41 * XXX: Much locking support required here. 42 */ --- 250 unchanged lines hidden (view full) --- 293 if (error) 294 return (error); 295 } 296 297 return (0); 298} 299 300static int | 35 */ 36/* 37 * Developed by the TrustedBSD Project. 38 * "BSD Extended" MAC policy, allowing the administrator to impose 39 * mandatory rules regarding users and some system objects. 40 * 41 * XXX: Much locking support required here. 42 */ --- 250 unchanged lines hidden (view full) --- 293 if (error) 294 return (error); 295 } 296 297 return (0); 298} 299 300static int |
301mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp, 302 struct label *label) 303{ 304 struct vattr vap; 305 int error; 306 307 if (!mac_bsdextended_enabled) 308 return (0); 309 310 error = VOP_GETATTR(vp, &vap, cred, curthread); 311 if (error) 312 return (error); 313 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); 314} 315 316static int |
|
301mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, 302 struct label *label, int acc_mode) 303{ 304 struct vattr vap; 305 int error; 306 307 if (!mac_bsdextended_enabled) 308 return (0); --- 415 unchanged lines hidden (view full) --- 724 return (mac_bsdextended_check(active_cred, vap.va_uid, vap.va_gid, 725 VSTAT)); 726} 727 728static struct mac_policy_ops mac_bsdextended_ops = 729{ 730 .mpo_destroy = mac_bsdextended_destroy, 731 .mpo_init = mac_bsdextended_init, | 317mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, 318 struct label *label, int acc_mode) 319{ 320 struct vattr vap; 321 int error; 322 323 if (!mac_bsdextended_enabled) 324 return (0); --- 415 unchanged lines hidden (view full) --- 740 return (mac_bsdextended_check(active_cred, vap.va_uid, vap.va_gid, 741 VSTAT)); 742} 743 744static struct mac_policy_ops mac_bsdextended_ops = 745{ 746 .mpo_destroy = mac_bsdextended_destroy, 747 .mpo_init = mac_bsdextended_init, |
748 .mpo_check_system_swapon = mac_bsdextended_check_system_swapon, |
|
732 .mpo_check_vnode_access = mac_bsdextended_check_vnode_access, 733 .mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir, 734 .mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot, 735 .mpo_check_vnode_create = mac_bsdextended_check_create_vnode, 736 .mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete, 737 .mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl, 738 .mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec, 739 .mpo_check_vnode_getacl = mac_bsdextended_check_vnode_getacl, --- 20 unchanged lines hidden --- | 749 .mpo_check_vnode_access = mac_bsdextended_check_vnode_access, 750 .mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir, 751 .mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot, 752 .mpo_check_vnode_create = mac_bsdextended_check_create_vnode, 753 .mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete, 754 .mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl, 755 .mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec, 756 .mpo_check_vnode_getacl = mac_bsdextended_check_vnode_getacl, --- 20 unchanged lines hidden --- |