1135912Strhodes#!/bin/sh 2135912Strhodes# 3135912Strhodes# $FreeBSD$ 4135912Strhodes 5135912Strhodes# PROVIDE: ugidfw 6288390Sbdrewery# REQUIRE: FILESYSTEMS 7135912Strhodes# BEFORE: LOGIN 8180564Sdougb# KEYWORD: nojail shutdown 9135912Strhodes 10135912Strhodes. /etc/rc.subr 11135912Strhodes 12135912Strhodesname="ugidfw" 13298514Slmedesc="Firewall-like access controls for file system objects" 14135912Strhodesrcvar="ugidfw_enable" 15135912Strhodesstart_cmd="ugidfw_start" 16135912Strhodesstop_cmd="ugidfw_stop" 17165683Syarrequired_modules="mac_bsdextended" 18135912Strhodes 19144515Strhodesugidfw_load() 20144515Strhodes{ 21144515Strhodes if [ -r "${bsdextended_script}" ]; then 22144515Strhodes . "${bsdextended_script}" 23144515Strhodes fi 24144515Strhodes} 25144515Strhodes 26135912Strhodesugidfw_start() 27135912Strhodes{ 28150800Smaxim [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended 29135912Strhodes 30150800Smaxim if [ -r "${bsdextended_script}" ]; then 31150800Smaxim ugidfw_load 32150800Smaxim echo "MAC bsdextended rules loaded." 33150800Smaxim fi 34135912Strhodes} 35135912Strhodes 36135912Strhodesugidfw_stop() 37135912Strhodes{ 38288390Sbdrewery local rulecount 39288390Sbdrewery 40135912Strhodes # Disable the policy 41135912Strhodes # 42288390Sbdrewery # Check for the existence of rules and flush them if needed. 43288390Sbdrewery rulecount=$(sysctl -in security.mac.bsdextended.rule_count) 44288390Sbdrewery if [ ${rulecount:-0} -gt 0 ]; then 45288390Sbdrewery ugidfw list | sed -n '2,$p' | cut -d ' ' -f 1 | sort -r -n | 46288390Sbdrewery xargs -n 1 ugidfw remove 47288390Sbdrewery echo "MAC bsdextended rules flushed." 48288390Sbdrewery fi 49135912Strhodes} 50135912Strhodes 51135912Strhodesload_rc_config $name 52135912Strhodesrun_rc_command "$1" 53