1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson and Ilmar Habibulin for the
8 * TrustedBSD Project.
--- 22 unchanged lines hidden (view full) ---
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 *
39 * $FreeBSD: head/sys/security/mac/mac_pipe.c 104533 2002-10-05 18:40:10Z rwatson $
40 */
41/*
42 * Developed by the TrustedBSD Project.
43 *
44 * Framework for extensible kernel access control. Kernel and userland
45 * interface to the framework, policy registration and composition.
46 */
47
--- 168 unchanged lines hidden (view full) ---
216static int mac_policy_unregister(struct mac_policy_conf *mpc);
217
218static int mac_stdcreatevnode_ea(struct vnode *vp);
219static void mac_cred_mmapped_drop_perms(struct thread *td,
220 struct ucred *cred);
221static void mac_cred_mmapped_drop_perms_recurse(struct thread *td,
222 struct ucred *cred, struct vm_map *map);
223
224MALLOC_DEFINE(M_MACOPVEC, "macopvec", "MAC policy operation vector");
225MALLOC_DEFINE(M_MACPIPELABEL, "macpipelabel", "MAC labels for pipes");
226
227/*
228 * mac_policy_list_lock protects the consistency of 'mac_policy_list',
229 * the linked list of attached policy modules. Read-only consumers of
230 * the list must acquire a shared lock for the duration of their use;
231 * writers must acquire an exclusive lock. Note that for compound
--- 919 unchanged lines hidden (view full) ---
1151 pipe->pipe_label = label;
1152 pipe->pipe_peer->pipe_label = label;
1153 MAC_PERFORM(init_pipe_label, pipe->pipe_label);
1154#ifdef MAC_DEBUG
1155 atomic_add_int(&nmacpipes, 1);
1156#endif
1157}
1158
1159void
1160mac_init_socket(struct socket *socket)
1161{
1162
1163 mac_init_label(&socket->so_label);
1164 mac_init_label(&socket->so_peerlabel);
1165 MAC_PERFORM(init_socket_label, &socket->so_label);
1166 MAC_PERFORM(init_socket_peer_label, &socket->so_peerlabel);
1167#ifdef MAC_DEBUG
1168 atomic_add_int(&nmacsockets, 1);
1169#endif
1170}
1171
1172static void
1173mac_init_temp(struct label *label)
1174{
1175
1176 mac_init_label(label);
1177 MAC_PERFORM(init_temp_label, label);
1178#ifdef MAC_DEBUG
1179 atomic_add_int(&nmactemp, 1);
--- 97 unchanged lines hidden (view full) ---
1277 MAC_PERFORM(destroy_pipe_label, pipe->pipe_label);
1278 mac_destroy_label(pipe->pipe_label);
1279 free(pipe->pipe_label, M_MACPIPELABEL);
1280#ifdef MAC_DEBUG
1281 atomic_subtract_int(&nmacpipes, 1);
1282#endif
1283}
1284
1285void
1286mac_destroy_socket(struct socket *socket)
1287{
1288
1289 MAC_PERFORM(destroy_socket_label, &socket->so_label);
1290 MAC_PERFORM(destroy_socket_peer_label, &socket->so_peerlabel);
1291 mac_destroy_label(&socket->so_label);
1292 mac_destroy_label(&socket->so_peerlabel);
1293#ifdef MAC_DEBUG
1294 atomic_subtract_int(&nmacsockets, 1);
1295#endif
1296}
1297
1298static void
1299mac_destroy_temp(struct label *label)
1300{
1301
1302 MAC_PERFORM(destroy_temp_label, label);
1303 mac_destroy_label(label);
1304#ifdef MAC_DEBUG
1305 atomic_subtract_int(&nmactemp, 1);
1306#endif
--- 2169 unchanged lines hidden ---
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson and Ilmar Habibulin for the
8 * TrustedBSD Project.
--- 22 unchanged lines hidden (view full) ---
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 *
39 * $FreeBSD: head/sys/security/mac/mac_pipe.c 104533 2002-10-05 18:40:10Z rwatson $
40 */
41/*
42 * Developed by the TrustedBSD Project.
43 *
44 * Framework for extensible kernel access control. Kernel and userland
45 * interface to the framework, policy registration and composition.
46 */
47
--- 168 unchanged lines hidden (view full) ---
216static int mac_policy_unregister(struct mac_policy_conf *mpc);
217
218static int mac_stdcreatevnode_ea(struct vnode *vp);
219static void mac_cred_mmapped_drop_perms(struct thread *td,
220 struct ucred *cred);
221static void mac_cred_mmapped_drop_perms_recurse(struct thread *td,
222 struct ucred *cred, struct vm_map *map);
223
224MALLOC_DEFINE(M_MACOPVEC, "macopvec", "MAC policy operation vector");
225MALLOC_DEFINE(M_MACPIPELABEL, "macpipelabel", "MAC labels for pipes");
226
227/*
228 * mac_policy_list_lock protects the consistency of 'mac_policy_list',
229 * the linked list of attached policy modules. Read-only consumers of
230 * the list must acquire a shared lock for the duration of their use;
231 * writers must acquire an exclusive lock. Note that for compound
--- 919 unchanged lines hidden (view full) ---
1151 pipe->pipe_label = label;
1152 pipe->pipe_peer->pipe_label = label;
1153 MAC_PERFORM(init_pipe_label, pipe->pipe_label);
1154#ifdef MAC_DEBUG
1155 atomic_add_int(&nmacpipes, 1);
1156#endif
1157}
1158
1159void
1160mac_init_socket(struct socket *socket)
1161{
1162
1163 mac_init_label(&socket->so_label);
1164 mac_init_label(&socket->so_peerlabel);
1165 MAC_PERFORM(init_socket_label, &socket->so_label);
1166 MAC_PERFORM(init_socket_peer_label, &socket->so_peerlabel);
1167#ifdef MAC_DEBUG
1168 atomic_add_int(&nmacsockets, 1);
1169#endif
1170}
1171
1172static void
1173mac_init_temp(struct label *label)
1174{
1175
1176 mac_init_label(label);
1177 MAC_PERFORM(init_temp_label, label);
1178#ifdef MAC_DEBUG
1179 atomic_add_int(&nmactemp, 1);
--- 97 unchanged lines hidden (view full) ---
1277 MAC_PERFORM(destroy_pipe_label, pipe->pipe_label);
1278 mac_destroy_label(pipe->pipe_label);
1279 free(pipe->pipe_label, M_MACPIPELABEL);
1280#ifdef MAC_DEBUG
1281 atomic_subtract_int(&nmacpipes, 1);
1282#endif
1283}
1284
1285void
1286mac_destroy_socket(struct socket *socket)
1287{
1288
1289 MAC_PERFORM(destroy_socket_label, &socket->so_label);
1290 MAC_PERFORM(destroy_socket_peer_label, &socket->so_peerlabel);
1291 mac_destroy_label(&socket->so_label);
1292 mac_destroy_label(&socket->so_peerlabel);
1293#ifdef MAC_DEBUG
1294 atomic_subtract_int(&nmacsockets, 1);
1295#endif
1296}
1297
1298static void
1299mac_destroy_temp(struct label *label)
1300{
1301
1302 MAC_PERFORM(destroy_temp_label, label);
1303 mac_destroy_label(label);
1304#ifdef MAC_DEBUG
1305 atomic_subtract_int(&nmactemp, 1);
1306#endif
--- 2169 unchanged lines hidden ---