1/*- 2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2006 SPARTA, Inc. 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project in part by Network 7 * Associates Laboratories, the Security Research Division of Network 8 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 9 * as part of the DARPA CHATS research program. 10 * 11 * This software was enhanced by SPARTA ISSO under SPAWAR contract 12 * N66001-04-C-6019 ("SEFOS"). 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include <sys/cdefs.h>
| 1/*- 2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2006 SPARTA, Inc. 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project in part by Network 7 * Associates Laboratories, the Security Research Division of Network 8 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 9 * as part of the DARPA CHATS research program. 10 * 11 * This software was enhanced by SPARTA ISSO under SPAWAR contract 12 * N66001-04-C-6019 ("SEFOS"). 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include <sys/cdefs.h>
|
88} 89 90void 91mac_pipe_copy_label(struct label *src, struct label *dest) 92{ 93 94 MAC_PERFORM(pipe_copy_label, src, dest); 95} 96 97int 98mac_pipe_externalize_label(struct label *label, char *elements, 99 char *outbuf, size_t outbuflen) 100{ 101 int error; 102 103 MAC_EXTERNALIZE(pipe, label, elements, outbuf, outbuflen); 104 105 return (error); 106} 107 108int 109mac_pipe_internalize_label(struct label *label, char *string) 110{ 111 int error; 112 113 MAC_INTERNALIZE(pipe, label, string); 114 115 return (error); 116} 117 118void 119mac_pipe_create(struct ucred *cred, struct pipepair *pp) 120{ 121 122 MAC_PERFORM(pipe_create, cred, pp, pp->pp_label); 123} 124 125static void 126mac_pipe_relabel(struct ucred *cred, struct pipepair *pp, 127 struct label *newlabel) 128{ 129 130 MAC_PERFORM(pipe_relabel, cred, pp, pp->pp_label, newlabel); 131} 132 133int 134mac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 135 unsigned long cmd, void *data) 136{ 137 int error; 138 139 mtx_assert(&pp->pp_mtx, MA_OWNED); 140 141 MAC_CHECK(pipe_check_ioctl, cred, pp, pp->pp_label, cmd, data); 142 143 return (error); 144} 145 146int 147mac_pipe_check_poll(struct ucred *cred, struct pipepair *pp) 148{ 149 int error; 150 151 mtx_assert(&pp->pp_mtx, MA_OWNED); 152 153 MAC_CHECK(pipe_check_poll, cred, pp, pp->pp_label); 154 155 return (error); 156} 157 158int 159mac_pipe_check_read(struct ucred *cred, struct pipepair *pp) 160{ 161 int error; 162 163 mtx_assert(&pp->pp_mtx, MA_OWNED); 164 165 MAC_CHECK(pipe_check_read, cred, pp, pp->pp_label); 166 167 return (error); 168} 169 170static int 171mac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 172 struct label *newlabel) 173{ 174 int error; 175 176 mtx_assert(&pp->pp_mtx, MA_OWNED); 177 178 MAC_CHECK(pipe_check_relabel, cred, pp, pp->pp_label, newlabel); 179 180 return (error); 181} 182 183int 184mac_pipe_check_stat(struct ucred *cred, struct pipepair *pp) 185{ 186 int error; 187 188 mtx_assert(&pp->pp_mtx, MA_OWNED); 189 190 MAC_CHECK(pipe_check_stat, cred, pp, pp->pp_label); 191 192 return (error); 193} 194 195int 196mac_pipe_check_write(struct ucred *cred, struct pipepair *pp) 197{ 198 int error; 199 200 mtx_assert(&pp->pp_mtx, MA_OWNED); 201 202 MAC_CHECK(pipe_check_write, cred, pp, pp->pp_label); 203 204 return (error); 205} 206 207int 208mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, 209 struct label *label) 210{ 211 int error; 212 213 mtx_assert(&pp->pp_mtx, MA_OWNED); 214 215 error = mac_pipe_check_relabel(cred, pp, label); 216 if (error) 217 return (error); 218 219 mac_pipe_relabel(cred, pp, label); 220 221 return (0); 222}
| 93} 94 95void 96mac_pipe_copy_label(struct label *src, struct label *dest) 97{ 98 99 MAC_PERFORM(pipe_copy_label, src, dest); 100} 101 102int 103mac_pipe_externalize_label(struct label *label, char *elements, 104 char *outbuf, size_t outbuflen) 105{ 106 int error; 107 108 MAC_EXTERNALIZE(pipe, label, elements, outbuf, outbuflen); 109 110 return (error); 111} 112 113int 114mac_pipe_internalize_label(struct label *label, char *string) 115{ 116 int error; 117 118 MAC_INTERNALIZE(pipe, label, string); 119 120 return (error); 121} 122 123void 124mac_pipe_create(struct ucred *cred, struct pipepair *pp) 125{ 126 127 MAC_PERFORM(pipe_create, cred, pp, pp->pp_label); 128} 129 130static void 131mac_pipe_relabel(struct ucred *cred, struct pipepair *pp, 132 struct label *newlabel) 133{ 134 135 MAC_PERFORM(pipe_relabel, cred, pp, pp->pp_label, newlabel); 136} 137 138int 139mac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 140 unsigned long cmd, void *data) 141{ 142 int error; 143 144 mtx_assert(&pp->pp_mtx, MA_OWNED); 145 146 MAC_CHECK(pipe_check_ioctl, cred, pp, pp->pp_label, cmd, data); 147 148 return (error); 149} 150 151int 152mac_pipe_check_poll(struct ucred *cred, struct pipepair *pp) 153{ 154 int error; 155 156 mtx_assert(&pp->pp_mtx, MA_OWNED); 157 158 MAC_CHECK(pipe_check_poll, cred, pp, pp->pp_label); 159 160 return (error); 161} 162 163int 164mac_pipe_check_read(struct ucred *cred, struct pipepair *pp) 165{ 166 int error; 167 168 mtx_assert(&pp->pp_mtx, MA_OWNED); 169 170 MAC_CHECK(pipe_check_read, cred, pp, pp->pp_label); 171 172 return (error); 173} 174 175static int 176mac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 177 struct label *newlabel) 178{ 179 int error; 180 181 mtx_assert(&pp->pp_mtx, MA_OWNED); 182 183 MAC_CHECK(pipe_check_relabel, cred, pp, pp->pp_label, newlabel); 184 185 return (error); 186} 187 188int 189mac_pipe_check_stat(struct ucred *cred, struct pipepair *pp) 190{ 191 int error; 192 193 mtx_assert(&pp->pp_mtx, MA_OWNED); 194 195 MAC_CHECK(pipe_check_stat, cred, pp, pp->pp_label); 196 197 return (error); 198} 199 200int 201mac_pipe_check_write(struct ucred *cred, struct pipepair *pp) 202{ 203 int error; 204 205 mtx_assert(&pp->pp_mtx, MA_OWNED); 206 207 MAC_CHECK(pipe_check_write, cred, pp, pp->pp_label); 208 209 return (error); 210} 211 212int 213mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, 214 struct label *label) 215{ 216 int error; 217 218 mtx_assert(&pp->pp_mtx, MA_OWNED); 219 220 error = mac_pipe_check_relabel(cred, pp, label); 221 if (error) 222 return (error); 223 224 mac_pipe_relabel(cred, pp, label); 225 226 return (0); 227}
|