| mac_bsdextended.c (171253) | mac_bsdextended.c (172107) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005 Tom Rhodes 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * It was later enhanced by Tom Rhodes for the TrustedBSD Project. --- 19 unchanged lines hidden (view full) --- 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005 Tom Rhodes 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * It was later enhanced by Tom Rhodes for the TrustedBSD Project. --- 19 unchanged lines hidden (view full) --- 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * |
| 36 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 171253 2007-07-05 13:16:04Z rwatson $ | 36 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 172107 2007-09-10 00:00:18Z rwatson $ |
| 37 */ 38 39/* 40 * Developed by the TrustedBSD Project. 41 * 42 * "BSD Extended" MAC policy, allowing the administrator to impose mandatory 43 * firewall-like rules regarding users and file system objects. 44 */ --- 454 unchanged lines hidden (view full) --- 499mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp, 500 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 501{ 502 503 return (mac_bsdextended_check_vp(cred, dvp, MBI_WRITE)); 504} 505 506static int | 37 */ 38 39/* 40 * Developed by the TrustedBSD Project. 41 * 42 * "BSD Extended" MAC policy, allowing the administrator to impose mandatory 43 * firewall-like rules regarding users and file system objects. 44 */ --- 454 unchanged lines hidden (view full) --- 499mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp, 500 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 501{ 502 503 return (mac_bsdextended_check_vp(cred, dvp, MBI_WRITE)); 504} 505 506static int |
| 507mac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 508 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 509 struct componentname *cnp) 510{ 511 int error; 512 513 error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE); 514 if (error) 515 return (error); 516 return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); 517} 518 519static int | |
| 520mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 521 struct label *vplabel, acl_type_t type) 522{ 523 524 return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); 525} 526 527static int --- 175 unchanged lines hidden (view full) --- 703static int 704mac_bsdextended_check_vnode_stat(struct ucred *active_cred, 705 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 706{ 707 708 return (mac_bsdextended_check_vp(active_cred, vp, MBI_STAT)); 709} 710 | 507mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 508 struct label *vplabel, acl_type_t type) 509{ 510 511 return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); 512} 513 514static int --- 175 unchanged lines hidden (view full) --- 690static int 691mac_bsdextended_check_vnode_stat(struct ucred *active_cred, 692 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 693{ 694 695 return (mac_bsdextended_check_vp(active_cred, vp, MBI_STAT)); 696} 697 |
| 698static int 699mac_bsdextended_check_vnode_unlink(struct ucred *cred, struct vnode *dvp, 700 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 701 struct componentname *cnp) 702{ 703 int error; 704 705 error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE); 706 if (error) 707 return (error); 708 return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); 709} 710 |
|
| 711static struct mac_policy_ops mac_bsdextended_ops = 712{ 713 .mpo_destroy = mac_bsdextended_destroy, 714 .mpo_init = mac_bsdextended_init, 715 .mpo_check_system_acct = mac_bsdextended_check_system_acct, 716 .mpo_check_system_auditctl = mac_bsdextended_check_system_auditctl, 717 .mpo_check_system_swapoff = mac_bsdextended_check_system_swapoff, 718 .mpo_check_system_swapon = mac_bsdextended_check_system_swapon, 719 .mpo_check_vnode_access = mac_bsdextended_check_vnode_access, 720 .mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir, 721 .mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot, 722 .mpo_check_vnode_create = mac_bsdextended_check_create_vnode, | 711static struct mac_policy_ops mac_bsdextended_ops = 712{ 713 .mpo_destroy = mac_bsdextended_destroy, 714 .mpo_init = mac_bsdextended_init, 715 .mpo_check_system_acct = mac_bsdextended_check_system_acct, 716 .mpo_check_system_auditctl = mac_bsdextended_check_system_auditctl, 717 .mpo_check_system_swapoff = mac_bsdextended_check_system_swapoff, 718 .mpo_check_system_swapon = mac_bsdextended_check_system_swapon, 719 .mpo_check_vnode_access = mac_bsdextended_check_vnode_access, 720 .mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir, 721 .mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot, 722 .mpo_check_vnode_create = mac_bsdextended_check_create_vnode, |
| 723 .mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete, | |
| 724 .mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl, 725 .mpo_check_vnode_deleteextattr = mac_bsdextended_check_vnode_deleteextattr, 726 .mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec, 727 .mpo_check_vnode_getacl = mac_bsdextended_check_vnode_getacl, 728 .mpo_check_vnode_getextattr = mac_bsdextended_check_vnode_getextattr, 729 .mpo_check_vnode_link = mac_bsdextended_check_vnode_link, 730 .mpo_check_vnode_listextattr = mac_bsdextended_check_vnode_listextattr, 731 .mpo_check_vnode_lookup = mac_bsdextended_check_vnode_lookup, --- 5 unchanged lines hidden (view full) --- 737 .mpo_check_vnode_revoke = mac_bsdextended_check_vnode_revoke, 738 .mpo_check_vnode_setacl = mac_bsdextended_check_setacl_vnode, 739 .mpo_check_vnode_setextattr = mac_bsdextended_check_vnode_setextattr, 740 .mpo_check_vnode_setflags = mac_bsdextended_check_vnode_setflags, 741 .mpo_check_vnode_setmode = mac_bsdextended_check_vnode_setmode, 742 .mpo_check_vnode_setowner = mac_bsdextended_check_vnode_setowner, 743 .mpo_check_vnode_setutimes = mac_bsdextended_check_vnode_setutimes, 744 .mpo_check_vnode_stat = mac_bsdextended_check_vnode_stat, | 723 .mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl, 724 .mpo_check_vnode_deleteextattr = mac_bsdextended_check_vnode_deleteextattr, 725 .mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec, 726 .mpo_check_vnode_getacl = mac_bsdextended_check_vnode_getacl, 727 .mpo_check_vnode_getextattr = mac_bsdextended_check_vnode_getextattr, 728 .mpo_check_vnode_link = mac_bsdextended_check_vnode_link, 729 .mpo_check_vnode_listextattr = mac_bsdextended_check_vnode_listextattr, 730 .mpo_check_vnode_lookup = mac_bsdextended_check_vnode_lookup, --- 5 unchanged lines hidden (view full) --- 736 .mpo_check_vnode_revoke = mac_bsdextended_check_vnode_revoke, 737 .mpo_check_vnode_setacl = mac_bsdextended_check_setacl_vnode, 738 .mpo_check_vnode_setextattr = mac_bsdextended_check_vnode_setextattr, 739 .mpo_check_vnode_setflags = mac_bsdextended_check_vnode_setflags, 740 .mpo_check_vnode_setmode = mac_bsdextended_check_vnode_setmode, 741 .mpo_check_vnode_setowner = mac_bsdextended_check_vnode_setowner, 742 .mpo_check_vnode_setutimes = mac_bsdextended_check_vnode_setutimes, 743 .mpo_check_vnode_stat = mac_bsdextended_check_vnode_stat, |
| 744 .mpo_check_vnode_unlink = mac_bsdextended_check_vnode_unlink, |
|
| 745}; 746 747MAC_POLICY_SET(&mac_bsdextended_ops, mac_bsdextended, 748 "TrustedBSD MAC/BSD Extended", MPC_LOADTIME_FLAG_UNLOADOK, NULL); | 745}; 746 747MAC_POLICY_SET(&mac_bsdextended_ops, mac_bsdextended, 748 "TrustedBSD MAC/BSD Extended", MPC_LOADTIME_FLAG_UNLOADOK, NULL); |