| mac_framework.h (145855) | mac_framework.h (147091) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac/mac_framework.h 145855 2005-05-04 10:39:15Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac/mac_framework.h 147091 2005-06-07 05:03:28Z rwatson $ |
| 35 */ 36/* 37 * Userland/kernel interface for Mandatory Access Control. 38 * 39 * The POSIX.1e implementation page may be reached at: 40 * http://www.trustedbsd.org/ 41 */ 42 --- 103 unchanged lines hidden (view full) --- 146 */ 147void mac_init_bpfdesc(struct bpf_d *); 148void mac_init_cred(struct ucred *); 149void mac_init_devfsdirent(struct devfs_dirent *); 150void mac_init_ifnet(struct ifnet *); 151int mac_init_inpcb(struct inpcb *, int flag); 152void mac_init_sysv_msgmsg(struct msg *); 153void mac_init_sysv_msgqueue(struct msqid_kernel*); | 35 */ 36/* 37 * Userland/kernel interface for Mandatory Access Control. 38 * 39 * The POSIX.1e implementation page may be reached at: 40 * http://www.trustedbsd.org/ 41 */ 42 --- 103 unchanged lines hidden (view full) --- 146 */ 147void mac_init_bpfdesc(struct bpf_d *); 148void mac_init_cred(struct ucred *); 149void mac_init_devfsdirent(struct devfs_dirent *); 150void mac_init_ifnet(struct ifnet *); 151int mac_init_inpcb(struct inpcb *, int flag); 152void mac_init_sysv_msgmsg(struct msg *); 153void mac_init_sysv_msgqueue(struct msqid_kernel*); |
| 154void mac_init_sysv_sema(struct semid_kernel*); | 154void mac_init_sysv_sem(struct semid_kernel*); |
| 155void mac_init_sysv_shm(struct shmid_kernel*); 156int mac_init_ipq(struct ipq *, int flag); 157int mac_init_socket(struct socket *, int flag); 158void mac_init_pipe(struct pipepair *); 159void mac_init_posix_sem(struct ksem *); 160int mac_init_mbuf(struct mbuf *mbuf, int flag); 161int mac_init_mbuf_tag(struct m_tag *, int flag); 162void mac_init_mount(struct mount *); 163void mac_init_proc(struct proc *); 164void mac_init_vnode(struct vnode *); 165void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *); 166void mac_copy_vnode_label(struct label *, struct label *label); 167void mac_destroy_bpfdesc(struct bpf_d *); 168void mac_destroy_cred(struct ucred *); 169void mac_destroy_devfsdirent(struct devfs_dirent *); 170void mac_destroy_ifnet(struct ifnet *); 171void mac_destroy_inpcb(struct inpcb *); 172void mac_destroy_sysv_msgmsg(struct msg *); 173void mac_destroy_sysv_msgqueue(struct msqid_kernel *); | 155void mac_init_sysv_shm(struct shmid_kernel*); 156int mac_init_ipq(struct ipq *, int flag); 157int mac_init_socket(struct socket *, int flag); 158void mac_init_pipe(struct pipepair *); 159void mac_init_posix_sem(struct ksem *); 160int mac_init_mbuf(struct mbuf *mbuf, int flag); 161int mac_init_mbuf_tag(struct m_tag *, int flag); 162void mac_init_mount(struct mount *); 163void mac_init_proc(struct proc *); 164void mac_init_vnode(struct vnode *); 165void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *); 166void mac_copy_vnode_label(struct label *, struct label *label); 167void mac_destroy_bpfdesc(struct bpf_d *); 168void mac_destroy_cred(struct ucred *); 169void mac_destroy_devfsdirent(struct devfs_dirent *); 170void mac_destroy_ifnet(struct ifnet *); 171void mac_destroy_inpcb(struct inpcb *); 172void mac_destroy_sysv_msgmsg(struct msg *); 173void mac_destroy_sysv_msgqueue(struct msqid_kernel *); |
| 174void mac_destroy_sysv_sema(struct semid_kernel *); | 174void mac_destroy_sysv_sem(struct semid_kernel *); |
| 175void mac_destroy_sysv_shm(struct shmid_kernel *); 176void mac_destroy_ipq(struct ipq *); 177void mac_destroy_socket(struct socket *); 178void mac_destroy_pipe(struct pipepair *); 179void mac_destroy_posix_sem(struct ksem *); 180void mac_destroy_proc(struct proc *); 181void mac_destroy_mbuf_tag(struct m_tag *); 182void mac_destroy_mount(struct mount *); --- 42 unchanged lines hidden (view full) --- 225 226/* 227 * Labeling event operations: System V IPC primitives 228 */ 229void mac_create_sysv_msgmsg(struct ucred *cred, 230 struct msqid_kernel *msqkptr, struct msg *msgptr); 231void mac_create_sysv_msgqueue(struct ucred *cred, 232 struct msqid_kernel *msqkptr); | 175void mac_destroy_sysv_shm(struct shmid_kernel *); 176void mac_destroy_ipq(struct ipq *); 177void mac_destroy_socket(struct socket *); 178void mac_destroy_pipe(struct pipepair *); 179void mac_destroy_posix_sem(struct ksem *); 180void mac_destroy_proc(struct proc *); 181void mac_destroy_mbuf_tag(struct m_tag *); 182void mac_destroy_mount(struct mount *); --- 42 unchanged lines hidden (view full) --- 225 226/* 227 * Labeling event operations: System V IPC primitives 228 */ 229void mac_create_sysv_msgmsg(struct ucred *cred, 230 struct msqid_kernel *msqkptr, struct msg *msgptr); 231void mac_create_sysv_msgqueue(struct ucred *cred, 232 struct msqid_kernel *msqkptr); |
| 233void mac_create_sysv_sema(struct ucred *cred, | 233void mac_create_sysv_sem(struct ucred *cred, |
| 234 struct semid_kernel *semakptr); 235void mac_create_sysv_shm(struct ucred *cred, 236 struct shmid_kernel *shmsegptr); 237 238/* 239 * Labeling event operations: POSIX (global/inter-process) semaphores. 240 */ 241void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr); --- 43 unchanged lines hidden (view full) --- 285 * module(s) perform a cleanup/flushing operation on the label 286 * associated with the objects, without freeing up the space allocated. 287 * This hook is useful in cases where it is desirable to remove any 288 * labeling reference when recycling any object to a pool. This hook 289 * does not replace the mac_destroy hooks. 290 */ 291void mac_cleanup_sysv_msgmsg(struct msg *msgptr); 292void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr); | 234 struct semid_kernel *semakptr); 235void mac_create_sysv_shm(struct ucred *cred, 236 struct shmid_kernel *shmsegptr); 237 238/* 239 * Labeling event operations: POSIX (global/inter-process) semaphores. 240 */ 241void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr); --- 43 unchanged lines hidden (view full) --- 285 * module(s) perform a cleanup/flushing operation on the label 286 * associated with the objects, without freeing up the space allocated. 287 * This hook is useful in cases where it is desirable to remove any 288 * labeling reference when recycling any object to a pool. This hook 289 * does not replace the mac_destroy hooks. 290 */ 291void mac_cleanup_sysv_msgmsg(struct msg *msgptr); 292void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr); |
| 293void mac_cleanup_sysv_sema(struct semid_kernel *semakptr); | 293void mac_cleanup_sysv_sem(struct semid_kernel *semakptr); |
| 294void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr); 295 296/* Access control checks. */ 297int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); 298int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); 299int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); 300int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m); 301int mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, --- 169 unchanged lines hidden --- | 294void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr); 295 296/* Access control checks. */ 297int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); 298int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); 299int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); 300int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m); 301int mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, --- 169 unchanged lines hidden --- |