Cross Reference: /freebsd-11.0-release/sys/security/mac_biba/mac

Deleted Added

sdiff udiff text old ( 106416 ) new ( 106418 )

full compact

mac_biba.c (106416)	mac_biba.c (106418)
1/- 2 Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 *	1/- 2 Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 *
34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 106416 2002-11-04 17:36:47Z rwatson $	34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 106418 2002-11-04 17:50:52Z rwatson $
35 / 36 37/ 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 / 41 42#include <sys/types.h> --- 1819 unchanged lines hidden* (view full) --- 1862 1863 if (!mac_biba_dominate_single(obj, subj)) 1864 return (ENOENT); 1865 1866 return (0); 1867} 1868 1869static int	35 / 36 37/ 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 / 41 42#include <sys/types.h> --- 1819 unchanged lines hidden* (view full) --- 1862 1863 if (!mac_biba_dominate_single(obj, subj)) 1864 return (ENOENT); 1865 1866 return (0); 1867} 1868 1869static int
	1870mac_biba_check_system_acct(struct ucred cred, struct vnode vp, 1871 struct label label) 1872{ 1873* struct mac_biba subj, obj; 1874 int error; 1875 1876 if (!mac_biba_enabled) 1877 return (0); 1878 1879 subj = SLOT(&cred->cr_label); 1880 1881 error = mac_biba_subject_privileged(subj); 1882 if (error) 1883 return (error); 1884 1885 if (label == NULL) 1886 return (0); 1887 1888 obj = SLOT(label); 1889 if (!mac_biba_high_single(obj)) 1890 return (EACCES); 1891 1892 return (0); 1893} 1894 1895static int 1896mac_biba_check_system_settime(struct ucred cred) 1897{ 1898* struct mac_biba subj; 1899* int error; 1900 1901 if (!mac_biba_enabled) 1902 return (0); 1903 1904 subj = SLOT(&cred->cr_label); 1905 1906 error = mac_biba_subject_privileged(subj); 1907 if (error) 1908 return (error); 1909 1910 return (0); 1911} 1912 1913static int
1870mac_biba_check_system_swapon(struct ucred cred, struct vnode vp, 1871 struct label label) 1872{ 1873* struct mac_biba subj, obj; 1874 int error; 1875 1876 if (!mac_biba_enabled) 1877 return (0); --- 723 unchanged lines hidden (view full) --- 2601 .mpo_check_pipe_stat = mac_biba_check_pipe_stat, 2602 .mpo_check_pipe_write = mac_biba_check_pipe_write, 2603 .mpo_check_proc_debug = mac_biba_check_proc_debug, 2604 .mpo_check_proc_sched = mac_biba_check_proc_sched, 2605 .mpo_check_proc_signal = mac_biba_check_proc_signal, 2606 .mpo_check_socket_deliver = mac_biba_check_socket_deliver, 2607 .mpo_check_socket_relabel = mac_biba_check_socket_relabel, 2608 .mpo_check_socket_visible = mac_biba_check_socket_visible,	1914mac_biba_check_system_swapon(struct ucred cred, struct vnode vp, 1915 struct label label) 1916{ 1917* struct mac_biba subj, obj; 1918 int error; 1919 1920 if (!mac_biba_enabled) 1921 return (0); --- 723 unchanged lines hidden (view full) --- 2645 .mpo_check_pipe_stat = mac_biba_check_pipe_stat, 2646 .mpo_check_pipe_write = mac_biba_check_pipe_write, 2647 .mpo_check_proc_debug = mac_biba_check_proc_debug, 2648 .mpo_check_proc_sched = mac_biba_check_proc_sched, 2649 .mpo_check_proc_signal = mac_biba_check_proc_signal, 2650 .mpo_check_socket_deliver = mac_biba_check_socket_deliver, 2651 .mpo_check_socket_relabel = mac_biba_check_socket_relabel, 2652 .mpo_check_socket_visible = mac_biba_check_socket_visible,
	2653 .mpo_check_system_acct = mac_biba_check_system_acct, 2654 .mpo_check_system_settime = mac_biba_check_system_settime,
2609 .mpo_check_system_swapon = mac_biba_check_system_swapon, 2610 .mpo_check_system_sysctl = mac_biba_check_system_sysctl, 2611 .mpo_check_vnode_access = mac_biba_check_vnode_open, 2612 .mpo_check_vnode_chdir = mac_biba_check_vnode_chdir, 2613 .mpo_check_vnode_chroot = mac_biba_check_vnode_chroot, 2614 .mpo_check_vnode_create = mac_biba_check_vnode_create, 2615 .mpo_check_vnode_delete = mac_biba_check_vnode_delete, 2616 .mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl, --- 28 unchanged lines hidden ---	2655 .mpo_check_system_swapon = mac_biba_check_system_swapon, 2656 .mpo_check_system_sysctl = mac_biba_check_system_sysctl, 2657 .mpo_check_vnode_access = mac_biba_check_vnode_open, 2658 .mpo_check_vnode_chdir = mac_biba_check_vnode_chdir, 2659 .mpo_check_vnode_chroot = mac_biba_check_vnode_chroot, 2660 .mpo_check_vnode_create = mac_biba_check_vnode_create, 2661 .mpo_check_vnode_delete = mac_biba_check_vnode_delete, 2662 .mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl, --- 28 unchanged lines hidden ---