66 secpolicy_zfs(kauth_cred_t cred)
69 	return kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL);
73 secpolicy_sys_config(kauth_cred_t cred, int checkonly __unused)
76 	return kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL);
80 secpolicy_zinject(kauth_cred_t cred)
83 	return kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL);
87 secpolicy_fs_mount(kauth_cred_t cred, vnode_t *mvp, struct mount *vfsp)
90 	return kauth_authorize_system(cred, KAUTH_SYSTEM_MOUNT,
95 secpolicy_fs_unmount(kauth_cred_t cred, struct mount *vfsp)
98 	return kauth_authorize_system(cred, KAUTH_SYSTEM_MOUNT,
106 secpolicy_basic_link(kauth_cred_t cred)
109 	return kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL);
113 secpolicy_vnode_stky_modify(kauth_cred_t cred)
120 secpolicy_vnode_remove(kauth_cred_t cred)
123 	return kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL);
128 secpolicy_vnode_owner(cred_t *cred, uid_t owner)
132 	uid = crgetuid(cred);
138 //	return kauth_authorize_system(cred, KAUTH_SYSTEM_MOUNT,
143 secpolicy_vnode_access(kauth_cred_t cred, struct vnode *vp, uint64_t owner,
149 	error = VOP_ACCESS(vp, mode, cred);
160 /*	return kauth_authorize_system(cred, KAUTH_SYSTEM_MOUNT,
166 secpolicy_vnode_setid_retain(kauth_cred_t cred, boolean_t issuidroot __unused)
169 	return  (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL));
173 secpolicy_vnode_setids_setgids(kauth_cred_t cred, gid_t gid)
176 	if (!groupmember(gid, cred))
177 		return  (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
183 secpolicy_vnode_chown(struct kauth_cred *cred, boolean_t check_self)
186 	return  (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
188 	/* return (priv_check_cred(cred, PRIV_VFS_CHOWN, 0)); */
192 secpolicy_vnode_create_gid(struct kauth_cred *cred)
199 secpolicy_vnode_setdac(struct kauth_cred *cred, uid_t owner)
203 	/*return (priv_check_cred(cred, PRIV_VFS_ADMIN, 0));*/
208     const struct vattr *ovap, kauth_cred_t cred)
216 		if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0)
224 		return (secpolicy_vnode_setids_setgids(cred, ovap->va_gid));
230 secpolicy_vnode_setattr(kauth_cred_t cred, struct vnode *vp, struct vattr *vap,
239 secpolicy_setid_clear(struct vattr *vap, kauth_cred_t cred)
241 	if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0)
254 secpolicy_vnode_setdac(kauth_cred_t cred, uid_t owner)
257 	if (owner == cred->cr_uid)
259 	return (priv_check_cred(cred, PRIV_VFS_ADMIN, 0));
263 secpolicy_vnode_setattr(kauth_cred_t cred, struct vnode *vp, struct vattr *vap,
273 		error = unlocked_access(node, VWRITE, cred);
286 		error = secpolicy_vnode_setdac(cred, ovap->va_uid);
289 		error = secpolicy_setid_setsticky_clear(vp, vap, ovap, cred);
296 		error = secpolicy_vnode_setdac(cred, ovap->va_uid);
307 		     !groupmember(vap->va_gid, cred))) {
308 			error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
315 			secpolicy_setid_clear(vap, cred);
327 		error = secpolicy_vnode_setdac(cred, ovap->va_uid);
329 			error = unlocked_access(node, VWRITE, cred);
337 secpolicy_vnode_create_gid(kauth_cred_t cred)
344 secpolicy_vnode_setid_retain(kauth_cred_t cred, boolean_t issuidroot __unused)
347 	return (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0));
351 secpolicy_setid_clear(struct vattr *vap, kauth_cred_t cred)
354 	if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL))
358 		if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) {

Indexes created Sun Jun 16 09:41:23 MDT 2024