The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_bsdextended/ugidfw_vnode.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson
    3  * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
    4  * Copyright (c) 2005 Tom Rhodes
    5  * Copyright (c) 2006 SPARTA, Inc.
    6  * All rights reserved.
    7  *
    8  * This software was developed by Robert Watson for the TrustedBSD Project.
    9  * It was later enhanced by Tom Rhodes for the TrustedBSD Project.
   10  *
   11  * This software was developed for the FreeBSD Project in part by Network
   12  * Associates Laboratories, the Security Research Division of Network
   13  * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
   14  * as part of the DARPA CHATS research program.
   15  *
   16  * This software was enhanced by SPARTA ISSO under SPAWAR contract
   17  * N66001-04-C-6019 ("SEFOS").
   18  *
   19  * Redistribution and use in source and binary forms, with or without
   20  * modification, are permitted provided that the following conditions
   21  * are met:
   22  * 1. Redistributions of source code must retain the above copyright
   23  *    notice, this list of conditions and the following disclaimer.
   24  * 2. Redistributions in binary form must reproduce the above copyright
   25  *    notice, this list of conditions and the following disclaimer in the
   26  *    documentation and/or other materials provided with the distribution.
   27  *
   28  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   29  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   30  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   31  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   32  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   33  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   34  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   35  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   36  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   37  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   38  * SUCH DAMAGE.
   39  *
   40  * $FreeBSD: releng/11.0/sys/security/mac_bsdextended/ugidfw_vnode.c 189533 2009-03-08 12:32:06Z rwatson $
   41  */
   42 
   43 #include <sys/param.h>
   44 #include <sys/acl.h>
   45 #include <sys/kernel.h>
   46 #include <sys/jail.h>
   47 #include <sys/lock.h>
   48 #include <sys/malloc.h>
   49 #include <sys/module.h>
   50 #include <sys/mount.h>
   51 #include <sys/mutex.h>
   52 #include <sys/priv.h>
   53 #include <sys/systm.h>
   54 #include <sys/vnode.h>
   55 #include <sys/sysctl.h>
   56 #include <sys/syslog.h>
   57 #include <sys/stat.h>
   58 
   59 #include <security/mac/mac_policy.h>
   60 #include <security/mac_bsdextended/mac_bsdextended.h>
   61 #include <security/mac_bsdextended/ugidfw_internal.h>
   62 
   63 int
   64 ugidfw_vnode_check_access(struct ucred *cred, struct vnode *vp,
   65     struct label *vplabel, accmode_t accmode)
   66 {
   67 
   68         return (ugidfw_check_vp(cred, vp, ugidfw_accmode2mbi(accmode)));
   69 }
   70 
   71 int
   72 ugidfw_vnode_check_chdir(struct ucred *cred, struct vnode *dvp,
   73     struct label *dvplabel)
   74 {
   75 
   76         return (ugidfw_check_vp(cred, dvp, MBI_EXEC));
   77 }
   78 
   79 int
   80 ugidfw_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
   81     struct label *dvplabel)
   82 {
   83 
   84         return (ugidfw_check_vp(cred, dvp, MBI_EXEC));
   85 }
   86 
   87 int
   88 ugidfw_check_create_vnode(struct ucred *cred, struct vnode *dvp,
   89     struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
   90 {
   91 
   92         return (ugidfw_check_vp(cred, dvp, MBI_WRITE));
   93 }
   94 
   95 int
   96 ugidfw_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
   97     struct label *vplabel, acl_type_t type)
   98 {
   99 
  100         return (ugidfw_check_vp(cred, vp, MBI_ADMIN));
  101 }
  102 
  103 int
  104 ugidfw_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,
  105     struct label *vplabel, int attrnamespace, const char *name)
  106 {
  107 
  108         return (ugidfw_check_vp(cred, vp, MBI_WRITE));
  109 }
  110 
  111 int
  112 ugidfw_vnode_check_exec(struct ucred *cred, struct vnode *vp,
  113     struct label *vplabel, struct image_params *imgp,
  114     struct label *execlabel)
  115 {
  116 
  117         return (ugidfw_check_vp(cred, vp, MBI_READ|MBI_EXEC));
  118 }
  119 
  120 int
  121 ugidfw_vnode_check_getacl(struct ucred *cred, struct vnode *vp,
  122     struct label *vplabel, acl_type_t type)
  123 {
  124 
  125         return (ugidfw_check_vp(cred, vp, MBI_STAT));
  126 }
  127 
  128 int
  129 ugidfw_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
  130     struct label *vplabel, int attrnamespace, const char *name)
  131 {
  132 
  133         return (ugidfw_check_vp(cred, vp, MBI_READ));
  134 }
  135 
  136 int
  137 ugidfw_vnode_check_link(struct ucred *cred, struct vnode *dvp,
  138     struct label *dvplabel, struct vnode *vp, struct label *label,
  139     struct componentname *cnp)
  140 {
  141         int error;
  142 
  143         error = ugidfw_check_vp(cred, dvp, MBI_WRITE);
  144         if (error)
  145                 return (error);
  146         error = ugidfw_check_vp(cred, vp, MBI_WRITE);
  147         if (error)
  148                 return (error);
  149         return (0);
  150 }
  151 
  152 int
  153 ugidfw_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
  154     struct label *vplabel, int attrnamespace)
  155 {
  156 
  157         return (ugidfw_check_vp(cred, vp, MBI_READ));
  158 }
  159 
  160 int
  161 ugidfw_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
  162     struct label *dvplabel, struct componentname *cnp)
  163 {
  164 
  165         return (ugidfw_check_vp(cred, dvp, MBI_EXEC));
  166 }
  167 
  168 int
  169 ugidfw_vnode_check_open(struct ucred *cred, struct vnode *vp,
  170     struct label *vplabel, accmode_t accmode)
  171 {
  172 
  173         return (ugidfw_check_vp(cred, vp, ugidfw_accmode2mbi(accmode)));
  174 }
  175 
  176 int
  177 ugidfw_vnode_check_readdir(struct ucred *cred, struct vnode *dvp,
  178     struct label *dvplabel)
  179 {
  180 
  181         return (ugidfw_check_vp(cred, dvp, MBI_READ));
  182 }
  183 
  184 int
  185 ugidfw_vnode_check_readdlink(struct ucred *cred, struct vnode *vp,
  186     struct label *vplabel)
  187 {
  188 
  189         return (ugidfw_check_vp(cred, vp, MBI_READ));
  190 }
  191 
  192 int
  193 ugidfw_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
  194     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
  195     struct componentname *cnp)
  196 {
  197         int error;
  198 
  199         error = ugidfw_check_vp(cred, dvp, MBI_WRITE);
  200         if (error)
  201                 return (error);
  202         return (ugidfw_check_vp(cred, vp, MBI_WRITE));
  203 }
  204 
  205 int
  206 ugidfw_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
  207     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
  208     int samedir, struct componentname *cnp)
  209 {
  210         int error;
  211 
  212         error = ugidfw_check_vp(cred, dvp, MBI_WRITE);
  213         if (error)
  214                 return (error);
  215         if (vp != NULL)
  216                 error = ugidfw_check_vp(cred, vp, MBI_WRITE);
  217         return (error);
  218 }
  219 
  220 int
  221 ugidfw_vnode_check_revoke(struct ucred *cred, struct vnode *vp,
  222     struct label *vplabel)
  223 {
  224 
  225         return (ugidfw_check_vp(cred, vp, MBI_ADMIN));
  226 }
  227 
  228 int
  229 ugidfw_check_setacl_vnode(struct ucred *cred, struct vnode *vp,
  230     struct label *vplabel, acl_type_t type, struct acl *acl)
  231 {
  232 
  233         return (ugidfw_check_vp(cred, vp, MBI_ADMIN));
  234 }
  235 
  236 int
  237 ugidfw_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
  238     struct label *vplabel, int attrnamespace, const char *name)
  239 {
  240 
  241         return (ugidfw_check_vp(cred, vp, MBI_WRITE));
  242 }
  243 
  244 int
  245 ugidfw_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
  246     struct label *vplabel, u_long flags)
  247 {
  248 
  249         return (ugidfw_check_vp(cred, vp, MBI_ADMIN));
  250 }
  251 
  252 int
  253 ugidfw_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
  254     struct label *vplabel, mode_t mode)
  255 {
  256 
  257         return (ugidfw_check_vp(cred, vp, MBI_ADMIN));
  258 }
  259 
  260 int
  261 ugidfw_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
  262     struct label *vplabel, uid_t uid, gid_t gid)
  263 {
  264 
  265         return (ugidfw_check_vp(cred, vp, MBI_ADMIN));
  266 }
  267 
  268 int
  269 ugidfw_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
  270     struct label *vplabel, struct timespec atime, struct timespec utime)
  271 {
  272 
  273         return (ugidfw_check_vp(cred, vp, MBI_ADMIN));
  274 }
  275 
  276 int
  277 ugidfw_vnode_check_stat(struct ucred *active_cred,
  278     struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
  279 {
  280 
  281         return (ugidfw_check_vp(active_cred, vp, MBI_STAT));
  282 }
  283 
  284 int
  285 ugidfw_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
  286     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
  287     struct componentname *cnp)
  288 {
  289         int error;
  290 
  291         error = ugidfw_check_vp(cred, dvp, MBI_WRITE);
  292         if (error)
  293                 return (error);
  294         return (ugidfw_check_vp(cred, vp, MBI_WRITE));
  295 }

Cache object: cfdbc488620416c06a5b8483f679f731


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.