Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/mac/mac_priv.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 2006 nCircle Network Security, Inc. 3 * All rights reserved. 4 * 5 * This software was developed by Robert N. M. Watson for the TrustedBSD 6 * Project under contract to nCircle Network Security, Inc. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 21 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 23 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 24 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 25 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 26 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30 /* 31 * MAC checks for system privileges. 32 */ 33 34 #include "sys/cdefs.h" 35 __FBSDID("$FreeBSD$"); 36 37 #include "opt_mac.h" 38 39 #include <sys/param.h> 40 #include <sys/priv.h> 41 #include <sys/module.h> 42 43 #include <security/mac/mac_framework.h> 44 #include <security/mac/mac_internal.h> 45 #include <security/mac/mac_policy.h> 46 47 /* 48 * The MAC Framework interacts with kernel privilege checks in two ways: it 49 * may restrict the granting of privilege to a subject, and it may grant 50 * additional privileges to the subject. Policies may implement none, one, 51 * or both of these entry points. Restriction of privilege by any policy 52 * always overrides granting of privilege by any policy or other privilege 53 * mechanism. See kern_priv.c:priv_check_cred() for details of the 54 * composition. 55 */ 56 57 /* 58 * Restrict access to a privilege for a credential. Return failure if any 59 * policy denies access. 60 */ 61 int 62 mac_priv_check(struct ucred *cred, int priv) 63 { 64 int error; 65 66 MAC_CHECK(priv_check, cred, priv); 67 68 return (error); 69 } 70 71 /* 72 * Grant access to a privilege for a credential. Return success if any 73 * policy grants access. 74 */ 75 int 76 mac_priv_grant(struct ucred *cred, int priv) 77 { 78 int error; 79 80 MAC_GRANT(priv_grant, cred, priv); 81 82 return (error); 83 }
Cache object: ea0604888b811664fefbd7b3aa80be5e
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]