mac_biba.c (106416) | mac_biba.c (106418) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 106416 2002-11-04 17:36:47Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 106418 2002-11-04 17:50:52Z rwatson $ |
35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 1819 unchanged lines hidden (view full) --- 1862 1863 if (!mac_biba_dominate_single(obj, subj)) 1864 return (ENOENT); 1865 1866 return (0); 1867} 1868 1869static int | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 1819 unchanged lines hidden (view full) --- 1862 1863 if (!mac_biba_dominate_single(obj, subj)) 1864 return (ENOENT); 1865 1866 return (0); 1867} 1868 1869static int |
1870mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, 1871 struct label *label) 1872{ 1873 struct mac_biba *subj, *obj; 1874 int error; 1875 1876 if (!mac_biba_enabled) 1877 return (0); 1878 1879 subj = SLOT(&cred->cr_label); 1880 1881 error = mac_biba_subject_privileged(subj); 1882 if (error) 1883 return (error); 1884 1885 if (label == NULL) 1886 return (0); 1887 1888 obj = SLOT(label); 1889 if (!mac_biba_high_single(obj)) 1890 return (EACCES); 1891 1892 return (0); 1893} 1894 1895static int 1896mac_biba_check_system_settime(struct ucred *cred) 1897{ 1898 struct mac_biba *subj; 1899 int error; 1900 1901 if (!mac_biba_enabled) 1902 return (0); 1903 1904 subj = SLOT(&cred->cr_label); 1905 1906 error = mac_biba_subject_privileged(subj); 1907 if (error) 1908 return (error); 1909 1910 return (0); 1911} 1912 1913static int |
|
1870mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, 1871 struct label *label) 1872{ 1873 struct mac_biba *subj, *obj; 1874 int error; 1875 1876 if (!mac_biba_enabled) 1877 return (0); --- 723 unchanged lines hidden (view full) --- 2601 .mpo_check_pipe_stat = mac_biba_check_pipe_stat, 2602 .mpo_check_pipe_write = mac_biba_check_pipe_write, 2603 .mpo_check_proc_debug = mac_biba_check_proc_debug, 2604 .mpo_check_proc_sched = mac_biba_check_proc_sched, 2605 .mpo_check_proc_signal = mac_biba_check_proc_signal, 2606 .mpo_check_socket_deliver = mac_biba_check_socket_deliver, 2607 .mpo_check_socket_relabel = mac_biba_check_socket_relabel, 2608 .mpo_check_socket_visible = mac_biba_check_socket_visible, | 1914mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, 1915 struct label *label) 1916{ 1917 struct mac_biba *subj, *obj; 1918 int error; 1919 1920 if (!mac_biba_enabled) 1921 return (0); --- 723 unchanged lines hidden (view full) --- 2645 .mpo_check_pipe_stat = mac_biba_check_pipe_stat, 2646 .mpo_check_pipe_write = mac_biba_check_pipe_write, 2647 .mpo_check_proc_debug = mac_biba_check_proc_debug, 2648 .mpo_check_proc_sched = mac_biba_check_proc_sched, 2649 .mpo_check_proc_signal = mac_biba_check_proc_signal, 2650 .mpo_check_socket_deliver = mac_biba_check_socket_deliver, 2651 .mpo_check_socket_relabel = mac_biba_check_socket_relabel, 2652 .mpo_check_socket_visible = mac_biba_check_socket_visible, |
2653 .mpo_check_system_acct = mac_biba_check_system_acct, 2654 .mpo_check_system_settime = mac_biba_check_system_settime, |
|
2609 .mpo_check_system_swapon = mac_biba_check_system_swapon, 2610 .mpo_check_system_sysctl = mac_biba_check_system_sysctl, 2611 .mpo_check_vnode_access = mac_biba_check_vnode_open, 2612 .mpo_check_vnode_chdir = mac_biba_check_vnode_chdir, 2613 .mpo_check_vnode_chroot = mac_biba_check_vnode_chroot, 2614 .mpo_check_vnode_create = mac_biba_check_vnode_create, 2615 .mpo_check_vnode_delete = mac_biba_check_vnode_delete, 2616 .mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl, --- 28 unchanged lines hidden --- | 2655 .mpo_check_system_swapon = mac_biba_check_system_swapon, 2656 .mpo_check_system_sysctl = mac_biba_check_system_sysctl, 2657 .mpo_check_vnode_access = mac_biba_check_vnode_open, 2658 .mpo_check_vnode_chdir = mac_biba_check_vnode_chdir, 2659 .mpo_check_vnode_chroot = mac_biba_check_vnode_chroot, 2660 .mpo_check_vnode_create = mac_biba_check_vnode_create, 2661 .mpo_check_vnode_delete = mac_biba_check_vnode_delete, 2662 .mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl, --- 28 unchanged lines hidden --- |