| mac_bsdextended.c (184367) | mac_bsdextended.c (184467) |
|---|---|
| 1/*- | 1/*- |
| 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson | 2 * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson |
| 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005 Tom Rhodes 5 * Copyright (c) 2006 SPARTA, Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * It was later enhanced by Tom Rhodes for the TrustedBSD Project. 10 * --- 21 unchanged lines hidden (view full) --- 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * | 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005 Tom Rhodes 5 * Copyright (c) 2006 SPARTA, Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * It was later enhanced by Tom Rhodes for the TrustedBSD Project. 10 * --- 21 unchanged lines hidden (view full) --- 32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 * |
| 40 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 184367 2008-10-27 18:08:12Z rwatson $ | 40 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 184467 2008-10-30 10:13:53Z rwatson $ |
| 41 */ 42 43/* 44 * Developed by the TrustedBSD Project. 45 * 46 * "BSD Extended" MAC policy, allowing the administrator to impose mandatory 47 * firewall-like rules regarding users and file system objects. 48 */ --- 411 unchanged lines hidden (view full) --- 460 if (!ugidfw_enabled) 461 return (0); 462 error = VOP_GETATTR(vp, &vap, cred); 463 if (error) 464 return (error); 465 return (ugidfw_check(cred, vp, &vap, acc_mode)); 466} 467 | 41 */ 42 43/* 44 * Developed by the TrustedBSD Project. 45 * 46 * "BSD Extended" MAC policy, allowing the administrator to impose mandatory 47 * firewall-like rules regarding users and file system objects. 48 */ --- 411 unchanged lines hidden (view full) --- 460 if (!ugidfw_enabled) 461 return (0); 462 error = VOP_GETATTR(vp, &vap, cred); 463 if (error) 464 return (error); 465 return (ugidfw_check(cred, vp, &vap, acc_mode)); 466} 467 |
| 468int 469ugidfw_accmode2mbi(accmode_t accmode) 470{ 471 int mbi; 472 473 mbi = 0; 474 if (accmode & VEXEC) 475 mbi |= MBI_EXEC; 476 if (accmode & VWRITE) 477 mbi |= MBI_WRITE; 478 if (accmode & VREAD) 479 mbi |= MBI_READ; 480 if (accmode & VADMIN) 481 mbi |= MBI_ADMIN; 482 if (accmode & VSTAT) 483 mbi |= MBI_STAT; 484 if (accmode & VAPPEND) 485 mbi |= MBI_APPEND; 486 return (mbi); 487} 488 |
|
| 468static struct mac_policy_ops ugidfw_ops = 469{ 470 .mpo_destroy = ugidfw_destroy, 471 .mpo_init = ugidfw_init, 472 .mpo_system_check_acct = ugidfw_system_check_acct, 473 .mpo_system_check_auditctl = ugidfw_system_check_auditctl, 474 .mpo_system_check_swapon = ugidfw_system_check_swapon, 475 .mpo_vnode_check_access = ugidfw_vnode_check_access, --- 29 unchanged lines hidden --- | 489static struct mac_policy_ops ugidfw_ops = 490{ 491 .mpo_destroy = ugidfw_destroy, 492 .mpo_init = ugidfw_init, 493 .mpo_system_check_acct = ugidfw_system_check_acct, 494 .mpo_system_check_auditctl = ugidfw_system_check_auditctl, 495 .mpo_system_check_swapon = ugidfw_system_check_swapon, 496 .mpo_vnode_check_access = ugidfw_vnode_check_access, --- 29 unchanged lines hidden --- |