| mac_process.c (189503) | mac_process.c (189529) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2008-2009 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. | 1/*- 2 * Copyright (c) 1999-2002, 2008-2009 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. |
| 5 * Copyright (c) 2005 Samy Al Bahra | |
| 6 * Copyright (c) 2006 SPARTA, Inc. 7 * Copyright (c) 2008 Apple Inc. 8 * All rights reserved. 9 * 10 * This software was developed by Robert Watson and Ilmar Habibulin for the 11 * TrustedBSD Project. 12 * 13 * This software was developed for the FreeBSD Project in part by Network --- 25 unchanged lines hidden (view full) --- 39 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 41 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 42 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 43 * SUCH DAMAGE. 44 */ 45 46#include <sys/cdefs.h> | 5 * Copyright (c) 2006 SPARTA, Inc. 6 * Copyright (c) 2008 Apple Inc. 7 * All rights reserved. 8 * 9 * This software was developed by Robert Watson and Ilmar Habibulin for the 10 * TrustedBSD Project. 11 * 12 * This software was developed for the FreeBSD Project in part by Network --- 25 unchanged lines hidden (view full) --- 38 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 40 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 41 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 42 * SUCH DAMAGE. 43 */ 44 45#include <sys/cdefs.h> |
| 47__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 189503 2009-03-08 00:50:37Z rwatson $"); | 46__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 189529 2009-03-08 10:58:37Z rwatson $"); |
| 48 49#include "opt_kdtrace.h" 50#include "opt_mac.h" 51 52#include <sys/param.h> 53#include <sys/condvar.h> 54#include <sys/imgact.h> 55#include <sys/kernel.h> --- 363 unchanged lines hidden (view full) --- 419 PROC_LOCK_ASSERT(p, MA_OWNED); 420 421 MAC_CHECK(proc_check_signal, cred, p, signum); 422 MAC_CHECK_PROBE3(proc_check_signal, error, cred, p, signum); 423 424 return (error); 425} 426 | 47 48#include "opt_kdtrace.h" 49#include "opt_mac.h" 50 51#include <sys/param.h> 52#include <sys/condvar.h> 53#include <sys/imgact.h> 54#include <sys/kernel.h> --- 363 unchanged lines hidden (view full) --- 418 PROC_LOCK_ASSERT(p, MA_OWNED); 419 420 MAC_CHECK(proc_check_signal, cred, p, signum); 421 MAC_CHECK_PROBE3(proc_check_signal, error, cred, p, signum); 422 423 return (error); 424} 425 |
| 427MAC_CHECK_PROBE_DEFINE2(proc_check_setuid, "struct ucred *", "uid_t"); 428 429int 430mac_proc_check_setuid(struct proc *p, struct ucred *cred, uid_t uid) 431{ 432 int error; 433 434 PROC_LOCK_ASSERT(p, MA_OWNED); 435 436 MAC_CHECK(proc_check_setuid, cred, uid); 437 MAC_CHECK_PROBE2(proc_check_setuid, error, cred, uid); 438 439 return (error); 440} 441 442MAC_CHECK_PROBE_DEFINE2(proc_check_seteuid, "struct ucred *", "uid_t"); 443 444int 445mac_proc_check_seteuid(struct proc *p, struct ucred *cred, uid_t euid) 446{ 447 int error; 448 449 PROC_LOCK_ASSERT(p, MA_OWNED); 450 451 MAC_CHECK(proc_check_seteuid, cred, euid); 452 MAC_CHECK_PROBE2(proc_check_seteuid, error, cred, euid); 453 454 return (error); 455} 456 457MAC_CHECK_PROBE_DEFINE2(proc_check_setgid, "struct ucred *", "gid_t"); 458 459int 460mac_proc_check_setgid(struct proc *p, struct ucred *cred, gid_t gid) 461{ 462 int error; 463 464 PROC_LOCK_ASSERT(p, MA_OWNED); 465 466 MAC_CHECK(proc_check_setgid, cred, gid); 467 MAC_CHECK_PROBE2(proc_check_setgid, error, cred, gid); 468 469 return (error); 470} 471 472MAC_CHECK_PROBE_DEFINE2(proc_check_setegid, "struct ucred *", "gid_t"); 473 474int 475mac_proc_check_setegid(struct proc *p, struct ucred *cred, gid_t egid) 476{ 477 int error; 478 479 PROC_LOCK_ASSERT(p, MA_OWNED); 480 481 MAC_CHECK(proc_check_setegid, cred, egid); 482 MAC_CHECK_PROBE2(proc_check_setegid, error, cred, egid); 483 484 return (error); 485} 486 487MAC_CHECK_PROBE_DEFINE3(proc_check_setgroups, "struct ucred *", "int", 488 "gid_t *"); 489 490int 491mac_proc_check_setgroups(struct proc *p, struct ucred *cred, int ngroups, 492 gid_t *gidset) 493{ 494 int error; 495 496 PROC_LOCK_ASSERT(p, MA_OWNED); 497 498 MAC_CHECK(proc_check_setgroups, cred, ngroups, gidset); 499 MAC_CHECK_PROBE3(proc_check_setgroups, error, cred, ngroups, gidset); 500 501 return (error); 502} 503 504MAC_CHECK_PROBE_DEFINE3(proc_check_setreuid, "struct ucred *", "uid_t", 505 "uid_t"); 506 507int 508mac_proc_check_setreuid(struct proc *p, struct ucred *cred, uid_t ruid, 509 uid_t euid) 510{ 511 int error; 512 513 PROC_LOCK_ASSERT(p, MA_OWNED); 514 515 MAC_CHECK(proc_check_setreuid, cred, ruid, euid); 516 MAC_CHECK_PROBE3(proc_check_setreuid, error, cred, ruid, euid); 517 518 return (error); 519} 520 521MAC_CHECK_PROBE_DEFINE3(proc_check_setregid, "struct ucred *", "gid_t", 522 "gid_t"); 523 524int 525mac_proc_check_setregid(struct proc *proc, struct ucred *cred, gid_t rgid, 526 gid_t egid) 527{ 528 int error; 529 530 PROC_LOCK_ASSERT(proc, MA_OWNED); 531 532 MAC_CHECK(proc_check_setregid, cred, rgid, egid); 533 MAC_CHECK_PROBE3(proc_check_setregid, error, cred, rgid, egid); 534 535 return (error); 536} 537 538MAC_CHECK_PROBE_DEFINE4(proc_check_setresuid, "struct ucred *", "uid_t", 539 "uid_t", "uid_t"); 540 541int 542mac_proc_check_setresuid(struct proc *p, struct ucred *cred, uid_t ruid, 543 uid_t euid, uid_t suid) 544{ 545 int error; 546 547 PROC_LOCK_ASSERT(p, MA_OWNED); 548 549 MAC_CHECK(proc_check_setresuid, cred, ruid, euid, suid); 550 MAC_CHECK_PROBE4(proc_check_setresuid, error, cred, ruid, euid, 551 suid); 552 553 return (error); 554} 555 556MAC_CHECK_PROBE_DEFINE4(proc_check_setresgid, "struct ucred *", "gid_t", 557 "gid_t", "gid_t"); 558 559int 560mac_proc_check_setresgid(struct proc *p, struct ucred *cred, gid_t rgid, 561 gid_t egid, gid_t sgid) 562{ 563 int error; 564 565 PROC_LOCK_ASSERT(p, MA_OWNED); 566 567 MAC_CHECK(proc_check_setresgid, cred, rgid, egid, sgid); 568 MAC_CHECK_PROBE4(proc_check_setresgid, error, cred, rgid, egid, 569 sgid); 570 571 return (error); 572} 573 | |
| 574MAC_CHECK_PROBE_DEFINE2(proc_check_wait, "struct ucred *", "struct proc *"); 575 576int 577mac_proc_check_wait(struct ucred *cred, struct proc *p) 578{ 579 int error; 580 581 PROC_LOCK_ASSERT(p, MA_OWNED); 582 583 MAC_CHECK(proc_check_wait, cred, p); 584 MAC_CHECK_PROBE2(proc_check_wait, error, cred, p); 585 586 return (error); 587} | 426MAC_CHECK_PROBE_DEFINE2(proc_check_wait, "struct ucred *", "struct proc *"); 427 428int 429mac_proc_check_wait(struct ucred *cred, struct proc *p) 430{ 431 int error; 432 433 PROC_LOCK_ASSERT(p, MA_OWNED); 434 435 MAC_CHECK(proc_check_wait, cred, p); 436 MAC_CHECK_PROBE2(proc_check_wait, error, cred, p); 437 438 return (error); 439} |