mac_framework.h revision 180059
1100978Srwatson/*- 2173095Srwatson * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3145167Srwatson * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4163606Srwatson * Copyright (c) 2005-2006 SPARTA, Inc. 5100978Srwatson * All rights reserved. 6100978Srwatson * 7100978Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 8100978Srwatson * 9106392Srwatson * This software was developed for the FreeBSD Project in part by Network 10106392Srwatson * Associates Laboratories, the Security Research Division of Network 11106392Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 12106392Srwatson * as part of the DARPA CHATS research program. 13100978Srwatson * 14147784Srwatson * This software was enhanced by SPARTA ISSO under SPAWAR contract 15147784Srwatson * N66001-04-C-6019 ("SEFOS"). 16147784Srwatson * 17100978Srwatson * Redistribution and use in source and binary forms, with or without 18100978Srwatson * modification, are permitted provided that the following conditions 19100978Srwatson * are met: 20100978Srwatson * 1. Redistributions of source code must retain the above copyright 21100978Srwatson * notice, this list of conditions and the following disclaimer. 22100978Srwatson * 2. Redistributions in binary form must reproduce the above copyright 23100978Srwatson * notice, this list of conditions and the following disclaimer in the 24100978Srwatson * documentation and/or other materials provided with the distribution. 25100978Srwatson * 26100978Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27100978Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28100978Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29100978Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30100978Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31100978Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32100978Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33100978Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34100978Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35100978Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36100978Srwatson * SUCH DAMAGE. 37100978Srwatson * 38100978Srwatson * $FreeBSD: head/sys/security/mac/mac_framework.h 180059 2008-06-27 05:39:04Z jhb $ 39100978Srwatson */ 40145167Srwatson 41100978Srwatson/* 42163606Srwatson * Kernel interface for Mandatory Access Control -- how kernel services 43163606Srwatson * interact with the TrustedBSD MAC Framework. 44102123Srwatson */ 45102123Srwatson 46178184Srwatson#ifndef _SECURITY_MAC_MAC_FRAMEWORK_H_ 47178184Srwatson#define _SECURITY_MAC_MAC_FRAMEWORK_H_ 48105693Srwatson 49105693Srwatson#ifndef _KERNEL 50163606Srwatson#error "no user-serviceable parts inside" 51163606Srwatson#endif 52105693Srwatson 53168933Srwatsonstruct auditinfo; 54171047Srwatsonstruct auditinfo_addr; 55100978Srwatsonstruct bpf_d; 56130585Sphkstruct cdev; 57100978Srwatsonstruct componentname; 58100978Srwatsonstruct devfs_dirent; 59100978Srwatsonstruct ifnet; 60100978Srwatsonstruct ifreq; 61106468Srwatsonstruct image_params; 62122875Srwatsonstruct inpcb; 63100978Srwatsonstruct ipq; 64145855Srwatsonstruct ksem; 65166533Srwatsonstruct label; 66113487Srwatsonstruct m_tag; 67163606Srwatsonstruct mac; 68100978Srwatsonstruct mbuf; 69100978Srwatsonstruct mount; 70137815Srwatsonstruct msg; 71137815Srwatsonstruct msqid_kernel; 72100978Srwatsonstruct proc; 73137815Srwatsonstruct semid_kernel; 74175164Sjhbstruct shmfd; 75137815Srwatsonstruct shmid_kernel; 76100978Srwatsonstruct sockaddr; 77100978Srwatsonstruct socket; 78126121Spjdstruct sysctl_oid; 79126121Spjdstruct sysctl_req; 80125293Srwatsonstruct pipepair; 81104338Srwatsonstruct thread; 82100978Srwatsonstruct timespec; 83100978Srwatsonstruct ucred; 84100978Srwatsonstruct uio; 85100978Srwatsonstruct vattr; 86100978Srwatsonstruct vnode; 87163606Srwatsonstruct vop_setlabel_args; 88100978Srwatson 89100978Srwatson#include <sys/acl.h> /* XXX acl_type_t */ 90100978Srwatson 91100978Srwatson/* 92173042Srwatson * Entry points to the TrustedBSD MAC Framework from the remainder of the 93173042Srwatson * kernel: entry points are named based on a principle object type and an 94173042Srwatson * action relating to it. They are sorted alphabetically first by object 95173042Srwatson * type and then action. In some situations, the principle object type is 96173042Srwatson * obvious, and in other cases, less so as multiple objects may be inolved 97173042Srwatson * in the operation. 98100978Srwatson */ 99172990Srwatsonint mac_bpfdesc_check_receive(struct bpf_d *d, struct ifnet *ifp); 100172990Srwatsonvoid mac_bpfdesc_create(struct ucred *cred, struct bpf_d *d); 101172990Srwatsonvoid mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m); 102172990Srwatsonvoid mac_bpfdesc_destroy(struct bpf_d *); 103172930Srwatsonvoid mac_bpfdesc_init(struct bpf_d *); 104172990Srwatson 105172990Srwatsonint mac_cred_check_visible(struct ucred *cr1, struct ucred *cr2); 106172990Srwatsonvoid mac_cred_copy(struct ucred *cr1, struct ucred *cr2); 107172990Srwatsonvoid mac_cred_destroy(struct ucred *); 108172930Srwatsonvoid mac_cred_init(struct ucred *); 109100978Srwatson 110172930Srwatsonvoid mac_devfs_create_device(struct ucred *cred, struct mount *mp, 111147982Srwatson struct cdev *dev, struct devfs_dirent *de); 112172930Srwatsonvoid mac_devfs_create_directory(struct mount *mp, char *dirname, 113107698Srwatson int dirnamelen, struct devfs_dirent *de); 114172930Srwatsonvoid mac_devfs_create_symlink(struct ucred *cred, struct mount *mp, 115107698Srwatson struct devfs_dirent *dd, struct devfs_dirent *de); 116172990Srwatsonvoid mac_devfs_destroy(struct devfs_dirent *); 117172990Srwatsonvoid mac_devfs_init(struct devfs_dirent *); 118172930Srwatsonvoid mac_devfs_update(struct mount *mp, struct devfs_dirent *de, 119107698Srwatson struct vnode *vp); 120172990Srwatsonvoid mac_devfs_vnode_associate(struct mount *mp, struct devfs_dirent *de, 121172990Srwatson struct vnode *vp); 122100978Srwatson 123172990Srwatsonint mac_ifnet_check_transmit(struct ifnet *ifp, struct mbuf *m); 124172990Srwatsonvoid mac_ifnet_create(struct ifnet *ifp); 125172990Srwatsonvoid mac_ifnet_create_mbuf(struct ifnet *ifp, struct mbuf *m); 126172990Srwatsonvoid mac_ifnet_destroy(struct ifnet *); 127172990Srwatsonvoid mac_ifnet_init(struct ifnet *); 128172990Srwatsonint mac_ifnet_ioctl_get(struct ucred *cred, struct ifreq *ifr, 129172990Srwatson struct ifnet *ifp); 130172990Srwatsonint mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr, 131172990Srwatson struct ifnet *ifp); 132100978Srwatson 133172990Srwatsonint mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m); 134172990Srwatsonvoid mac_inpcb_create(struct socket *so, struct inpcb *inp); 135172990Srwatsonvoid mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m); 136172990Srwatsonvoid mac_inpcb_destroy(struct inpcb *); 137172990Srwatsonint mac_inpcb_init(struct inpcb *, int); 138172990Srwatsonvoid mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); 139137815Srwatson 140179781Srwatsonvoid mac_ipq_create(struct mbuf *m, struct ipq *q); 141179781Srwatsonvoid mac_ipq_destroy(struct ipq *q); 142179781Srwatsonint mac_ipq_init(struct ipq *q, int); 143179781Srwatsonint mac_ipq_match(struct mbuf *m, struct ipq *q); 144179781Srwatsonvoid mac_ipq_reassemble(struct ipq *q, struct mbuf *m); 145179781Srwatsonvoid mac_ipq_update(struct mbuf *m, struct ipq *q); 146165414Srwatson 147172930Srwatsonint mac_kenv_check_dump(struct ucred *cred); 148172930Srwatsonint mac_kenv_check_get(struct ucred *cred, char *name); 149172930Srwatsonint mac_kenv_check_set(struct ucred *cred, char *name, char *value); 150172930Srwatsonint mac_kenv_check_unset(struct ucred *cred, char *name); 151172990Srwatson 152172930Srwatsonint mac_kld_check_load(struct ucred *cred, struct vnode *vp); 153172930Srwatsonint mac_kld_check_stat(struct ucred *cred); 154172990Srwatson 155172990Srwatsonvoid mac_mbuf_copy(struct mbuf *, struct mbuf *); 156172990Srwatsonint mac_mbuf_init(struct mbuf *, int); 157172990Srwatson 158172990Srwatsonvoid mac_mbuf_tag_copy(struct m_tag *, struct m_tag *); 159172990Srwatsonvoid mac_mbuf_tag_destroy(struct m_tag *); 160172990Srwatsonint mac_mbuf_tag_init(struct m_tag *, int); 161172990Srwatson 162172930Srwatsonint mac_mount_check_stat(struct ucred *cred, struct mount *mp); 163172990Srwatsonvoid mac_mount_create(struct ucred *cred, struct mount *mp); 164172990Srwatsonvoid mac_mount_destroy(struct mount *); 165172990Srwatsonvoid mac_mount_init(struct mount *); 166172990Srwatson 167173095Srwatsonvoid mac_netatalk_aarp_send(struct ifnet *ifp, struct mbuf *m); 168173095Srwatson 169173095Srwatsonvoid mac_netinet_arp_send(struct ifnet *ifp, struct mbuf *m); 170173102Srwatsonvoid mac_netinet_firewall_reply(struct mbuf *mrecv, struct mbuf *msend); 171173018Srwatsonvoid mac_netinet_firewall_send(struct mbuf *m); 172172990Srwatsonvoid mac_netinet_fragment(struct mbuf *m, struct mbuf *frag); 173173102Srwatsonvoid mac_netinet_icmp_reply(struct mbuf *mrecv, struct mbuf *msend); 174173102Srwatsonvoid mac_netinet_icmp_replyinplace(struct mbuf *m); 175173095Srwatsonvoid mac_netinet_igmp_send(struct ifnet *ifp, struct mbuf *m); 176172990Srwatsonvoid mac_netinet_tcp_reply(struct mbuf *m); 177172990Srwatson 178173095Srwatsonvoid mac_netinet6_nd6_send(struct ifnet *ifp, struct mbuf *m); 179173095Srwatson 180172930Srwatsonint mac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 181100978Srwatson unsigned long cmd, void *data); 182172930Srwatsonint mac_pipe_check_poll(struct ucred *cred, struct pipepair *pp); 183172930Srwatsonint mac_pipe_check_read(struct ucred *cred, struct pipepair *pp); 184172930Srwatsonint mac_pipe_check_stat(struct ucred *cred, struct pipepair *pp); 185172930Srwatsonint mac_pipe_check_write(struct ucred *cred, struct pipepair *pp); 186172990Srwatsonvoid mac_pipe_create(struct ucred *cred, struct pipepair *pp); 187172990Srwatsonvoid mac_pipe_destroy(struct pipepair *); 188172990Srwatsonvoid mac_pipe_init(struct pipepair *); 189172990Srwatsonint mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, 190172990Srwatson struct label *label); 191172990Srwatson 192180059Sjhbint mac_posixsem_check_getvalue(struct ucred *active_cred, 193180059Sjhb struct ucred *file_cred, struct ksem *ks); 194172930Srwatsonint mac_posixsem_check_open(struct ucred *cred, struct ksem *ks); 195180059Sjhbint mac_posixsem_check_post(struct ucred *active_cred, 196180059Sjhb struct ucred *file_cred, struct ksem *ks); 197180059Sjhbint mac_posixsem_check_stat(struct ucred *active_cred, 198180059Sjhb struct ucred *file_cred, struct ksem *ks); 199172930Srwatsonint mac_posixsem_check_unlink(struct ucred *cred, struct ksem *ks); 200180059Sjhbint mac_posixsem_check_wait(struct ucred *active_cred, 201180059Sjhb struct ucred *file_cred, struct ksem *ks); 202172990Srwatsonvoid mac_posixsem_create(struct ucred *cred, struct ksem *ks); 203172990Srwatsonvoid mac_posixsem_destroy(struct ksem *); 204172990Srwatsonvoid mac_posixsem_init(struct ksem *); 205172990Srwatson 206175164Sjhbint mac_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 207175164Sjhb int prot, int flags); 208175164Sjhbint mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd); 209175164Sjhbint mac_posixshm_check_stat(struct ucred *active_cred, 210175164Sjhb struct ucred *file_cred, struct shmfd *shmfd); 211175164Sjhbint mac_posixshm_check_truncate(struct ucred *active_cred, 212175164Sjhb struct ucred *file_cred, struct shmfd *shmfd); 213175164Sjhbint mac_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd); 214175164Sjhbvoid mac_posixshm_create(struct ucred *cred, struct shmfd *shmfd); 215175164Sjhbvoid mac_posixshm_destroy(struct shmfd *); 216175164Sjhbvoid mac_posixshm_init(struct shmfd *); 217175164Sjhb 218172990Srwatsonint mac_priv_check(struct ucred *cred, int priv); 219172990Srwatsonint mac_priv_grant(struct ucred *cred, int priv); 220172990Srwatson 221172990Srwatsonvoid mac_proc_associate_nfsd(struct ucred *cred); 222172930Srwatsonint mac_proc_check_debug(struct ucred *cred, struct proc *p); 223172930Srwatsonint mac_proc_check_sched(struct ucred *cred, struct proc *p); 224172930Srwatsonint mac_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai); 225172930Srwatsonint mac_proc_check_setaudit_addr(struct ucred *cred, 226171047Srwatson struct auditinfo_addr *aia); 227172930Srwatsonint mac_proc_check_setauid(struct ucred *cred, uid_t auid); 228172990Srwatsonint mac_proc_check_setegid(struct proc *p, struct ucred *cred, 229172990Srwatson gid_t egid); 230172930Srwatsonint mac_proc_check_seteuid(struct proc *p, struct ucred *cred, 231145147Srwatson uid_t euid); 232172930Srwatsonint mac_proc_check_setgid(struct proc *p, struct ucred *cred, 233145147Srwatson gid_t gid); 234172930Srwatsonint mac_proc_check_setgroups(struct proc *p, struct ucred *cred, 235145147Srwatson int ngroups, gid_t *gidset); 236172930Srwatsonint mac_proc_check_setregid(struct proc *p, struct ucred *cred, 237145147Srwatson gid_t rgid, gid_t egid); 238172990Srwatsonint mac_proc_check_setresgid(struct proc *p, struct ucred *cred, 239172990Srwatson gid_t rgid, gid_t egid, gid_t sgid); 240172930Srwatsonint mac_proc_check_setresuid(struct proc *p, struct ucred *cred, 241145147Srwatson uid_t ruid, uid_t euid, uid_t suid); 242172990Srwatsonint mac_proc_check_setreuid(struct proc *p, struct ucred *cred, 243172990Srwatson uid_t ruid, uid_t euid); 244172990Srwatsonint mac_proc_check_setuid(struct proc *p, struct ucred *cred, 245172990Srwatson uid_t uid); 246172930Srwatsonint mac_proc_check_signal(struct ucred *cred, struct proc *p, 247100978Srwatson int signum); 248172930Srwatsonint mac_proc_check_wait(struct ucred *cred, struct proc *p); 249172990Srwatsonvoid mac_proc_create_init(struct ucred *cred); 250172990Srwatsonvoid mac_proc_create_swapper(struct ucred *cred); 251172990Srwatsonvoid mac_proc_destroy(struct proc *); 252172990Srwatsonint mac_execve_enter(struct image_params *imgp, struct mac *mac_p); 253172990Srwatsonvoid mac_execve_exit(struct image_params *imgp); 254172990Srwatsonvoid mac_proc_init(struct proc *); 255172990Srwatson 256172930Srwatsonint mac_socket_check_accept(struct ucred *cred, struct socket *so); 257172930Srwatsonint mac_socket_check_bind(struct ucred *cred, struct socket *so, 258168955Srwatson struct sockaddr *sa); 259172930Srwatsonint mac_socket_check_connect(struct ucred *cred, struct socket *so, 260168955Srwatson struct sockaddr *sa); 261172930Srwatsonint mac_socket_check_create(struct ucred *cred, int domain, int type, 262168955Srwatson int proto); 263172930Srwatsonint mac_socket_check_deliver(struct socket *so, struct mbuf *m); 264172930Srwatsonint mac_socket_check_listen(struct ucred *cred, struct socket *so); 265172930Srwatsonint mac_socket_check_poll(struct ucred *cred, struct socket *so); 266172930Srwatsonint mac_socket_check_receive(struct ucred *cred, struct socket *so); 267172930Srwatsonint mac_socket_check_send(struct ucred *cred, struct socket *so); 268172930Srwatsonint mac_socket_check_stat(struct ucred *cred, struct socket *so); 269172930Srwatsonint mac_socket_check_visible(struct ucred *cred, struct socket *so); 270172990Srwatsonvoid mac_socket_create_mbuf(struct socket *so, struct mbuf *m); 271172990Srwatsonvoid mac_socket_create(struct ucred *cred, struct socket *so); 272172990Srwatsonvoid mac_socket_destroy(struct socket *); 273172990Srwatsonint mac_socket_init(struct socket *, int); 274172990Srwatsonvoid mac_socket_newconn(struct socket *oldso, struct socket *newso); 275172990Srwatsonint mac_getsockopt_label(struct ucred *cred, struct socket *so, 276172990Srwatson struct mac *extmac); 277172990Srwatsonint mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so, 278172990Srwatson struct mac *extmac); 279172990Srwatsonint mac_setsockopt_label(struct ucred *cred, struct socket *so, 280172990Srwatson struct mac *extmac); 281172990Srwatson 282172990Srwatsonvoid mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so); 283172990Srwatsonvoid mac_socketpeer_set_from_socket(struct socket *oldso, 284172990Srwatson struct socket *newso); 285172990Srwatson 286172990Srwatsonvoid mac_syncache_create(struct label *l, struct inpcb *inp); 287172990Srwatsonvoid mac_syncache_create_mbuf(struct label *l, struct mbuf *m); 288172990Srwatsonvoid mac_syncache_destroy(struct label **l); 289172990Srwatsonint mac_syncache_init(struct label **l); 290172990Srwatson 291172930Srwatsonint mac_system_check_acct(struct ucred *cred, struct vnode *vp); 292172930Srwatsonint mac_system_check_audit(struct ucred *cred, void *record, int length); 293172930Srwatsonint mac_system_check_auditctl(struct ucred *cred, struct vnode *vp); 294172930Srwatsonint mac_system_check_auditon(struct ucred *cred, int cmd); 295172930Srwatsonint mac_system_check_reboot(struct ucred *cred, int howto); 296172930Srwatsonint mac_system_check_swapon(struct ucred *cred, struct vnode *vp); 297172930Srwatsonint mac_system_check_swapoff(struct ucred *cred, struct vnode *vp); 298172930Srwatsonint mac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 299126121Spjd void *arg1, int arg2, struct sysctl_req *req); 300172990Srwatson 301172990Srwatsonvoid mac_sysvmsg_cleanup(struct msg *msgptr); 302172990Srwatsonvoid mac_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 303172990Srwatson struct msg *msgptr); 304172990Srwatsonvoid mac_sysvmsg_destroy(struct msg *); 305172990Srwatsonvoid mac_sysvmsg_init(struct msg *); 306172990Srwatson 307172990Srwatsonint mac_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 308172990Srwatson struct msqid_kernel *msqkptr); 309172990Srwatsonint mac_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr); 310172990Srwatsonint mac_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr); 311172990Srwatsonint mac_sysvmsq_check_msqctl(struct ucred *cred, 312172990Srwatson struct msqid_kernel *msqkptr, int cmd); 313172990Srwatsonint mac_sysvmsq_check_msqget(struct ucred *cred, 314172990Srwatson struct msqid_kernel *msqkptr); 315172990Srwatsonint mac_sysvmsq_check_msqrcv(struct ucred *cred, 316172990Srwatson struct msqid_kernel *msqkptr); 317172990Srwatsonint mac_sysvmsq_check_msqsnd(struct ucred *cred, 318172990Srwatson struct msqid_kernel *msqkptr); 319172990Srwatsonvoid mac_sysvmsq_cleanup(struct msqid_kernel *msqkptr); 320172990Srwatsonvoid mac_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr); 321172990Srwatsonvoid mac_sysvmsq_destroy(struct msqid_kernel *); 322172990Srwatsonvoid mac_sysvmsq_init(struct msqid_kernel *); 323172990Srwatson 324172990Srwatsonint mac_sysvsem_check_semctl(struct ucred *cred, 325172990Srwatson struct semid_kernel *semakptr, int cmd); 326172990Srwatsonint mac_sysvsem_check_semget(struct ucred *cred, 327172990Srwatson struct semid_kernel *semakptr); 328172990Srwatsonint mac_sysvsem_check_semop(struct ucred *cred, 329172990Srwatson struct semid_kernel *semakptr, size_t accesstype); 330172990Srwatsonvoid mac_sysvsem_cleanup(struct semid_kernel *semakptr); 331172990Srwatsonvoid mac_sysvsem_create(struct ucred *cred, 332172990Srwatson struct semid_kernel *semakptr); 333172990Srwatsonvoid mac_sysvsem_destroy(struct semid_kernel *); 334172990Srwatsonvoid mac_sysvsem_init(struct semid_kernel *); 335172990Srwatson 336172990Srwatsonint mac_sysvshm_check_shmat(struct ucred *cred, 337172990Srwatson struct shmid_kernel *shmsegptr, int shmflg); 338172990Srwatsonint mac_sysvshm_check_shmctl(struct ucred *cred, 339172990Srwatson struct shmid_kernel *shmsegptr, int cmd); 340172990Srwatsonint mac_sysvshm_check_shmdt(struct ucred *cred, 341172990Srwatson struct shmid_kernel *shmsegptr); 342172990Srwatsonint mac_sysvshm_check_shmget(struct ucred *cred, 343172990Srwatson struct shmid_kernel *shmsegptr, int shmflg); 344172990Srwatsonvoid mac_sysvshm_cleanup(struct shmid_kernel *shmsegptr); 345172990Srwatsonvoid mac_sysvshm_create(struct ucred *cred, 346172990Srwatson struct shmid_kernel *shmsegptr); 347172990Srwatsonvoid mac_sysvshm_destroy(struct shmid_kernel *); 348172990Srwatsonvoid mac_sysvshm_init(struct shmid_kernel *); 349172990Srwatson 350172990Srwatsonvoid mac_thread_userret(struct thread *td); 351172990Srwatson 352172990Srwatsonint mac_vnode_associate_extattr(struct mount *mp, struct vnode *vp); 353172990Srwatsonvoid mac_vnode_associate_singlelabel(struct mount *mp, struct vnode *vp); 354172930Srwatsonint mac_vnode_check_access(struct ucred *cred, struct vnode *vp, 355106212Srwatson int acc_mode); 356172930Srwatsonint mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp); 357172930Srwatsonint mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp); 358172930Srwatsonint mac_vnode_check_create(struct ucred *cred, struct vnode *dvp, 359100978Srwatson struct componentname *cnp, struct vattr *vap); 360172930Srwatsonint mac_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 361100978Srwatson acl_type_t type); 362172930Srwatsonint mac_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 363119198Srwatson int attrnamespace, const char *name); 364172930Srwatsonint mac_vnode_check_exec(struct ucred *cred, struct vnode *vp, 365106468Srwatson struct image_params *imgp); 366172930Srwatsonint mac_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 367100978Srwatson acl_type_t type); 368172930Srwatsonint mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 369100978Srwatson int attrnamespace, const char *name, struct uio *uio); 370172930Srwatsonint mac_vnode_check_link(struct ucred *cred, struct vnode *dvp, 371104529Srwatson struct vnode *vp, struct componentname *cnp); 372172930Srwatsonint mac_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 373119198Srwatson int attrnamespace); 374172930Srwatsonint mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 375100978Srwatson struct componentname *cnp); 376172930Srwatsonint mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, int prot, 377168955Srwatson int flags); 378172930Srwatsonint mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp, 379104546Srwatson int prot); 380172930Srwatsonint mac_vnode_check_open(struct ucred *cred, struct vnode *vp, 381106212Srwatson int acc_mode); 382172930Srwatsonint mac_vnode_check_poll(struct ucred *active_cred, 383102129Srwatson struct ucred *file_cred, struct vnode *vp); 384172930Srwatsonint mac_vnode_check_read(struct ucred *active_cred, 385102129Srwatson struct ucred *file_cred, struct vnode *vp); 386172930Srwatsonint mac_vnode_check_readdir(struct ucred *cred, struct vnode *vp); 387172930Srwatsonint mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp); 388172930Srwatsonint mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 389100978Srwatson struct vnode *vp, struct componentname *cnp); 390172930Srwatsonint mac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 391100978Srwatson struct vnode *vp, int samedir, struct componentname *cnp); 392172930Srwatsonint mac_vnode_check_revoke(struct ucred *cred, struct vnode *vp); 393172930Srwatsonint mac_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 394100978Srwatson acl_type_t type, struct acl *acl); 395172930Srwatsonint mac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 396100978Srwatson int attrnamespace, const char *name, struct uio *uio); 397172930Srwatsonint mac_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 398100978Srwatson u_long flags); 399172930Srwatsonint mac_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 400100978Srwatson mode_t mode); 401172930Srwatsonint mac_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 402100978Srwatson uid_t uid, gid_t gid); 403172930Srwatsonint mac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 404100978Srwatson struct timespec atime, struct timespec mtime); 405172930Srwatsonint mac_vnode_check_stat(struct ucred *active_cred, 406102129Srwatson struct ucred *file_cred, struct vnode *vp); 407172930Srwatsonint mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 408172107Srwatson struct vnode *vp, struct componentname *cnp); 409172930Srwatsonint mac_vnode_check_write(struct ucred *active_cred, 410102129Srwatson struct ucred *file_cred, struct vnode *vp); 411172990Srwatsonvoid mac_vnode_copy_label(struct label *, struct label *); 412172990Srwatsonvoid mac_vnode_init(struct vnode *); 413172990Srwatsonint mac_vnode_create_extattr(struct ucred *cred, struct mount *mp, 414172990Srwatson struct vnode *dvp, struct vnode *vp, struct componentname *cnp); 415172990Srwatsonvoid mac_vnode_destroy(struct vnode *); 416172990Srwatsonvoid mac_vnode_execve_transition(struct ucred *oldcred, 417172990Srwatson struct ucred *newcred, struct vnode *vp, 418172990Srwatson struct label *interpvplabel, struct image_params *imgp); 419172990Srwatsonint mac_vnode_execve_will_transition(struct ucred *cred, 420172990Srwatson struct vnode *vp, struct label *interpvplabel, 421172990Srwatson struct image_params *imgp); 422172990Srwatsonvoid mac_vnode_relabel(struct ucred *cred, struct vnode *vp, 423172990Srwatson struct label *newlabel); 424172990Srwatson 425172990Srwatsonstruct label *mac_cred_label_alloc(void); 426172990Srwatsonvoid mac_cred_label_free(struct label *); 427172990Srwatsonstruct label *mac_vnode_label_alloc(void); 428172990Srwatsonvoid mac_vnode_label_free(struct label *); 429172990Srwatson 430107271Srwatsonvoid mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); 431100978Srwatson 432100978Srwatson/* 433165414Srwatson * Calls to help various file systems implement labeling functionality using 434165414Srwatson * their existing EA implementation. 435100978Srwatson */ 436100978Srwatsonint vop_stdsetlabel_ea(struct vop_setlabel_args *ap); 437100978Srwatson 438178184Srwatson#endif /* !_SECURITY_MAC_MAC_FRAMEWORK_H_ */ 439