The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_framework.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*
    2  * Copyright (c) 2007 Apple Inc. All rights reserved.
    3  *
    4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
    5  * 
    6  * This file contains Original Code and/or Modifications of Original Code
    7  * as defined in and that are subject to the Apple Public Source License
    8  * Version 2.0 (the 'License'). You may not use this file except in
    9  * compliance with the License. The rights granted to you under the License
   10  * may not be used to create, or enable the creation or redistribution of,
   11  * unlawful or unlicensed copies of an Apple operating system, or to
   12  * circumvent, violate, or enable the circumvention or violation of, any
   13  * terms of an Apple operating system software license agreement.
   14  * 
   15  * Please obtain a copy of the License at
   16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
   17  * 
   18  * The Original Code and all software distributed under the License are
   19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
   20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
   21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
   22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
   23  * Please see the License for the specific language governing rights and
   24  * limitations under the License.
   25  * 
   26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
   27  */
   28 /*-
   29  * Copyright (c) 1999-2002 Robert N. M. Watson
   30  * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
   31  * Copyright (c) 2005-2007 SPARTA, Inc.
   32  * All rights reserved.
   33  *
   34  * This software was developed by Robert Watson for the TrustedBSD Project.
   35  *
   36  * This software was developed for the FreeBSD Project in part by Network
   37  * Associates Laboratories, the Security Research Division of Network
   38  * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
   39  * as part of the DARPA CHATS research program.
   40  *
   41  * This software was enhanced by SPARTA ISSO under SPAWAR contract
   42  * N66001-04-C-6019 ("SEFOS").
   43  *
   44  * Redistribution and use in source and binary forms, with or without
   45  * modification, are permitted provided that the following conditions
   46  * are met:
   47  * 1. Redistributions of source code must retain the above copyright
   48  *    notice, this list of conditions and the following disclaimer.
   49  * 2. Redistributions in binary form must reproduce the above copyright
   50  *    notice, this list of conditions and the following disclaimer in the
   51  *    documentation and/or other materials provided with the distribution.
   52  *
   53  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   54  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   55  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   56  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   57  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   58  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   59  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   60  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   61  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   62  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   63  * SUCH DAMAGE.
   64  *
   65  * $FreeBSD: src/sys/sys/mac.h,v 1.40 2003/04/18 19:57:37 rwatson Exp $
   66  *
   67  */
   68 /*
   69  * Kernel interface for Mandatory Access Control -- how kernel services
   70  * interact with the TrustedBSD MAC Framework.
   71  */
   72 
   73 #ifndef _SECURITY_MAC_FRAMEWORK_H_
   74 #define _SECURITY_MAC_FRAMEWORK_H_
   75 
   76 #ifndef KERNEL
   77 #error "no user-serviceable parts inside"
   78 #endif
   79 
   80 #if CONFIG_MACF
   81 
   82 struct attrlist;
   83 struct auditinfo;
   84 struct bpf_d;
   85 struct componentname;
   86 struct devnode;
   87 struct flock;
   88 struct fdescnode;
   89 struct fileglob;
   90 struct fileproc;
   91 struct ifnet;
   92 struct ifreq;
   93 struct image_params;
   94 struct inpcb;
   95 struct ipq;
   96 struct knote;
   97 struct lctx;
   98 struct m_tag;
   99 struct mac;
  100 struct mac_module_data;
  101 struct mbuf;
  102 struct msg;
  103 struct msqid_kernel;
  104 struct mount;
  105 struct pipe;
  106 struct proc;
  107 struct pseminfo;
  108 struct pshminfo;
  109 struct semid_kernel;
  110 struct shmid_kernel;
  111 struct sockaddr;
  112 struct sockopt;
  113 struct socket;
  114 struct task;
  115 struct thread;
  116 struct timespec;
  117 struct ucred;
  118 struct uio;
  119 struct vfs_attr;
  120 struct vfs_context;
  121 struct vnode;
  122 struct vnode_attr;
  123 struct vop_setlabel_args;
  124 
  125 /*@ macros */
  126 #define VNODE_LABEL_CREATE      1
  127 
  128 #if CONFIG_MACF_MACH
  129 #define mac_task_label_update_cred(cred, task)                          \
  130         mac_task_label_update_internal(((cred)->cr_label), task)
  131 #else
  132 #define mac_task_label_update_cred(cred, task)
  133 #endif
  134 
  135 /*@ === */
  136 int     mac_audit_check_postselect(kauth_cred_t cred, unsigned short syscode,
  137             void *args, int error, int retval, int mac_forced);
  138 int     mac_audit_check_preselect(kauth_cred_t cred, unsigned short syscode,
  139             void *args);
  140 int     mac_bpfdesc_check_receive(struct bpf_d *bpf_d, struct ifnet *ifp);
  141 void    mac_bpfdesc_label_destroy(struct bpf_d *bpf_d);
  142 void    mac_bpfdesc_label_init(struct bpf_d *bpf_d);
  143 void    mac_bpfdesc_label_associate(kauth_cred_t cred, struct bpf_d *bpf_d);
  144 int     mac_cred_check_label_update(kauth_cred_t cred,
  145             struct label *newlabel);
  146 int     mac_cred_check_label_update_execve(vfs_context_t ctx,
  147             struct vnode *vp, struct label *scriptvnodelabel, 
  148             struct label *execlabel, proc_t proc);
  149 int     mac_cred_check_visible(kauth_cred_t u1, kauth_cred_t u2);
  150 struct label    *mac_cred_label_alloc(void);
  151 void    mac_cred_label_associate(kauth_cred_t cred_parent,
  152             kauth_cred_t cred_child);
  153 void    mac_cred_label_associate_fork(kauth_cred_t cred, proc_t child);
  154 void    mac_cred_label_associate_kernel(kauth_cred_t cred);
  155 void    mac_cred_label_associate_user(kauth_cred_t cred);
  156 void    mac_cred_label_destroy(kauth_cred_t cred);
  157 int     mac_cred_label_externalize_audit(proc_t p, struct mac *mac);
  158 void    mac_cred_label_free(struct label *label);
  159 void    mac_cred_label_init(kauth_cred_t cred);
  160 void    mac_cred_label_update(kauth_cred_t cred, struct label *newlabel);
  161 int     mac_cred_label_update_execve(vfs_context_t ctx, kauth_cred_t newcred,
  162             struct vnode *vp, struct label *scriptvnodelabel,
  163             struct label *execlabel);
  164 void    mac_devfs_label_associate_device(dev_t dev, struct devnode *de,
  165             const char *fullpath);
  166 void    mac_devfs_label_associate_directory(const char *dirname, int dirnamelen,
  167             struct devnode *de, const char *fullpath);
  168 void    mac_devfs_label_copy(struct label *, struct label *label);
  169 void    mac_devfs_label_destroy(struct devnode *de);
  170 void    mac_devfs_label_init(struct devnode *de);
  171 void    mac_devfs_label_update(struct mount *mp, struct devnode *de,
  172             struct vnode *vp);
  173 int     mac_execve_enter(user_addr_t mac_p, struct image_params *imgp);
  174 int     mac_file_check_change_offset(kauth_cred_t cred, struct fileglob *fg);
  175 int     mac_file_check_create(kauth_cred_t cred);
  176 int     mac_file_check_dup(kauth_cred_t cred, struct fileglob *fg, int newfd);
  177 int     mac_file_check_fcntl(kauth_cred_t cred, struct fileglob *fg, int cmd,
  178             user_long_t arg);
  179 int     mac_file_check_get(kauth_cred_t cred, struct fileglob *fg,
  180             char *elements, int len);
  181 int     mac_file_check_get_offset(kauth_cred_t cred, struct fileglob *fg);
  182 int     mac_file_check_inherit(kauth_cred_t cred, struct fileglob *fg);
  183 int     mac_file_check_ioctl(kauth_cred_t cred, struct fileglob *fg,
  184             unsigned int cmd);
  185 int     mac_file_check_lock(kauth_cred_t cred, struct fileglob *fg, int op,
  186             struct flock *fl);
  187 int     mac_file_check_mmap(kauth_cred_t cred, struct fileglob *fg,
  188             int prot, int flags, int *maxprot);
  189 void    mac_file_check_mmap_downgrade(kauth_cred_t cred, struct fileglob *fg,
  190             int *prot);
  191 int     mac_file_check_receive(kauth_cred_t cred, struct fileglob *fg);
  192 int     mac_file_check_set(kauth_cred_t cred, struct fileglob *fg,
  193             char *bufp, int buflen);
  194 void    mac_file_label_associate(kauth_cred_t cred, struct fileglob *fg);
  195 void    mac_file_label_destroy(struct fileglob *fg);
  196 void    mac_file_label_init(struct fileglob *fg);
  197 int     mac_ifnet_check_transmit(struct ifnet *ifp, struct mbuf *mbuf,
  198             int family, int type);
  199 void    mac_ifnet_label_associate(struct ifnet *ifp);
  200 void    mac_ifnet_label_destroy(struct ifnet *ifp);
  201 int     mac_ifnet_label_get(kauth_cred_t cred, struct ifreq *ifr,
  202             struct ifnet *ifp);
  203 void    mac_ifnet_label_init(struct ifnet *ifp);
  204 void    mac_ifnet_label_recycle(struct ifnet *ifp);
  205 int     mac_ifnet_label_set(kauth_cred_t cred, struct ifreq *ifr,
  206             struct ifnet *ifp);
  207 int     mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *mbuf,
  208             int family, int type);
  209 void    mac_inpcb_label_associate(struct socket *so, struct inpcb *inp);
  210 void    mac_inpcb_label_destroy(struct inpcb *inp);
  211 int     mac_inpcb_label_init(struct inpcb *inp, int flag);
  212 void    mac_inpcb_label_recycle(struct inpcb *inp);
  213 void    mac_inpcb_label_update(struct socket *so);
  214 int     mac_iokit_check_device(char *devtype, struct mac_module_data *mdata);
  215 void    mac_ipq_label_associate(struct mbuf *fragment, struct ipq *ipq);
  216 int     mac_ipq_label_compare(struct mbuf *fragment, struct ipq *ipq);
  217 void    mac_ipq_label_destroy(struct ipq *ipq);
  218 int     mac_ipq_label_init(struct ipq *ipq, int flag);
  219 void    mac_ipq_label_update(struct mbuf *fragment, struct ipq *ipq);
  220 struct label    *mac_lctx_label_alloc(void);
  221 void    mac_lctx_label_free(struct label *label);
  222 void    mac_lctx_label_update(struct lctx *l, struct label *newlabel);
  223 int     mac_lctx_check_label_update(struct lctx *l, struct label *newlabel);
  224 void    mac_lctx_notify_create(proc_t proc, struct lctx *l);
  225 void    mac_lctx_notify_join(proc_t proc, struct lctx *l);
  226 void    mac_lctx_notify_leave(proc_t proc, struct lctx *l);
  227 void    mac_mbuf_label_associate_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
  228 void    mac_mbuf_label_associate_ifnet(struct ifnet *ifp, struct mbuf *m);
  229 void    mac_mbuf_label_associate_inpcb(struct inpcb *inp, struct mbuf *m);
  230 void    mac_mbuf_label_associate_ipq(struct ipq *ipq, struct mbuf *mbuf);
  231 void    mac_mbuf_label_associate_linklayer(struct ifnet *ifp, struct mbuf *m);
  232 void    mac_mbuf_label_associate_multicast_encap(struct mbuf *oldmbuf,
  233             struct ifnet *ifp, struct mbuf *newmbuf);
  234 void    mac_mbuf_label_associate_netlayer(struct mbuf *oldmbuf,
  235             struct mbuf *newmbuf);
  236 void    mac_mbuf_label_associate_socket(struct socket *so, struct mbuf *m);
  237 void    mac_mbuf_label_copy(struct mbuf *m_from, struct mbuf *m_to);
  238 void    mac_mbuf_label_destroy(struct mbuf *m);
  239 int     mac_mbuf_label_init(struct mbuf *m, int flag);
  240 void    mac_mbuf_tag_copy(struct m_tag *m, struct m_tag *mtag);
  241 void    mac_mbuf_tag_destroy(struct m_tag *mtag);
  242 int     mac_mbuf_tag_init(struct m_tag *, int how);
  243 int     mac_mount_check_fsctl(vfs_context_t ctx, struct mount *mp,
  244             unsigned int cmd);
  245 int     mac_mount_check_getattr(vfs_context_t ctx, struct mount *mp,
  246             struct vfs_attr *vfa);
  247 int     mac_mount_check_label_update(vfs_context_t ctx, struct mount *mp);
  248 int     mac_mount_check_mount(vfs_context_t ctx, struct vnode *vp,
  249             struct componentname *cnp, const char *vfc_name);
  250 int     mac_mount_check_remount(vfs_context_t ctx, struct mount *mp);
  251 int     mac_mount_check_setattr(vfs_context_t ctx, struct mount *mp,
  252             struct vfs_attr *vfa);
  253 int     mac_mount_check_stat(vfs_context_t ctx, struct mount *mp);
  254 int     mac_mount_check_umount(vfs_context_t ctx, struct mount *mp);
  255 void    mac_mount_label_associate(vfs_context_t ctx, struct mount *mp);
  256 void    mac_mount_label_destroy(struct mount *mp);
  257 int     mac_mount_label_externalize(struct label *label, char *elements,
  258             char *outbuf, size_t outbuflen);
  259 int     mac_mount_label_get(struct mount *mp, user_addr_t mac_p);
  260 void    mac_mount_label_init(struct mount *);
  261 int     mac_mount_label_internalize(struct label *, char *string);
  262 void    mac_netinet_fragment(struct mbuf *datagram, struct mbuf *fragment);
  263 void    mac_netinet_icmp_reply(struct mbuf *m);
  264 void    mac_netinet_tcp_reply(struct mbuf *m);
  265 int     mac_pipe_check_ioctl(kauth_cred_t cred, struct pipe *cpipe,
  266             unsigned int cmd);
  267 int     mac_pipe_check_kqfilter(kauth_cred_t cred, struct knote *kn,
  268             struct pipe *cpipe);
  269 int     mac_pipe_check_read(kauth_cred_t cred, struct pipe *cpipe);
  270 int     mac_pipe_check_select(kauth_cred_t cred, struct pipe *cpipe,
  271             int which);
  272 int     mac_pipe_check_stat(kauth_cred_t cred, struct pipe *cpipe);
  273 int     mac_pipe_check_write(kauth_cred_t cred, struct pipe *cpipe);
  274 struct label    *mac_pipe_label_alloc(void);
  275 void    mac_pipe_label_associate(kauth_cred_t cred, struct pipe *cpipe);
  276 void    mac_pipe_label_copy(struct label *src, struct label *dest);
  277 void    mac_pipe_label_destroy(struct pipe *cpipe);
  278 void    mac_pipe_label_free(struct label *label);
  279 void    mac_pipe_label_init(struct pipe *cpipe);
  280 int     mac_pipe_label_update(kauth_cred_t cred, struct pipe *cpipe,
  281             struct label *label);
  282 void    mac_policy_initbsd(void);
  283 int     mac_posixsem_check_create(kauth_cred_t cred, const char *name);
  284 int     mac_posixsem_check_open(kauth_cred_t cred, struct pseminfo *psem);
  285 int     mac_posixsem_check_post(kauth_cred_t cred, struct pseminfo *psem);
  286 int     mac_posixsem_check_unlink(kauth_cred_t cred, struct pseminfo *psem,
  287             const char *name);
  288 int     mac_posixsem_check_wait(kauth_cred_t cred, struct pseminfo *psem);
  289 void    mac_posixsem_vnode_label_associate(kauth_cred_t cred,
  290             struct pseminfo *psem, struct label *plabel,
  291             vnode_t vp, struct label *vlabel);
  292 void    mac_posixsem_label_associate(kauth_cred_t cred,
  293             struct pseminfo *psem, const char *name);
  294 void    mac_posixsem_label_destroy(struct pseminfo *psem);
  295 void    mac_posixsem_label_init(struct pseminfo *psem);
  296 int     mac_posixshm_check_create(kauth_cred_t cred, const char *name);
  297 int     mac_posixshm_check_mmap(kauth_cred_t cred, struct pshminfo *pshm,
  298             int prot, int flags);
  299 int     mac_posixshm_check_open(kauth_cred_t cred, struct pshminfo *pshm);
  300 int     mac_posixshm_check_stat(kauth_cred_t cred, struct pshminfo *pshm);
  301 int     mac_posixshm_check_truncate(kauth_cred_t cred, struct pshminfo *pshm,
  302             size_t s);
  303 int     mac_posixshm_check_unlink(kauth_cred_t cred, struct pshminfo *pshm,
  304             const char *name);
  305 void    mac_posixshm_vnode_label_associate(kauth_cred_t cred,
  306             struct pshminfo *pshm, struct label *plabel,
  307             vnode_t vp, struct label *vlabel);
  308 void    mac_posixshm_label_associate(kauth_cred_t cred,
  309             struct pshminfo *pshm, const char *name);
  310 void    mac_posixshm_label_destroy(struct pshminfo *pshm);
  311 void    mac_posixshm_label_init(struct pshminfo *pshm);
  312 int     mac_proc_check_debug(proc_t proc1, proc_t proc2);
  313 int     mac_proc_check_fork(proc_t proc);
  314 int     mac_proc_check_get_task_name(kauth_cred_t cred, struct proc *p);
  315 int     mac_proc_check_get_task(kauth_cred_t cred, struct proc *p);
  316 int     mac_proc_check_getaudit(proc_t proc);
  317 int     mac_proc_check_getauid(proc_t proc);
  318 int     mac_proc_check_getlcid(proc_t proc1, proc_t proc2,
  319             pid_t pid);
  320 int     mac_proc_check_mprotect(proc_t proc,
  321             user_addr_t addr, user_size_t size, int prot);
  322 int     mac_proc_check_run_cs_invalid(proc_t proc);
  323 int     mac_proc_check_sched(proc_t proc, proc_t proc2);
  324 int     mac_proc_check_setaudit(proc_t proc, struct auditinfo_addr *ai);
  325 int     mac_proc_check_setauid(proc_t proc, uid_t auid);
  326 int     mac_proc_check_setlcid(proc_t proc1, proc_t proc2,
  327             pid_t pid1, pid_t pid2);
  328 int     mac_proc_check_signal(proc_t proc1, proc_t proc2,
  329             int signum);
  330 int     mac_proc_check_wait(proc_t proc1, proc_t proc2);
  331 void    mac_proc_set_enforce(proc_t p, int enforce_flags);
  332 int     mac_setsockopt_label(kauth_cred_t cred, struct socket *so,
  333             struct mac *extmac);
  334 int     mac_socket_check_accept(kauth_cred_t cred, struct socket *so);
  335 int     mac_socket_check_accepted(kauth_cred_t cred, struct socket *so);
  336 int     mac_socket_check_bind(kauth_cred_t cred, struct socket *so,
  337             struct sockaddr *addr);
  338 int     mac_socket_check_connect(kauth_cred_t cred, struct socket *so,
  339             struct sockaddr *addr);
  340 int     mac_socket_check_create(kauth_cred_t cred, int domain,
  341             int type, int protocol);
  342 int     mac_socket_check_deliver(struct socket *so, struct mbuf *m);
  343 int     mac_socket_check_kqfilter(kauth_cred_t cred, struct knote *kn,
  344             struct socket *so);
  345 int     mac_socket_check_listen(kauth_cred_t cred, struct socket *so);
  346 int     mac_socket_check_receive(kauth_cred_t cred, struct socket *so);
  347 int     mac_socket_check_received(kauth_cred_t cred, struct socket *so, 
  348             struct sockaddr *saddr);
  349 int     mac_socket_check_select(kauth_cred_t cred, struct socket *so,
  350             int which);
  351 int     mac_socket_check_send(kauth_cred_t cred, struct socket *so,
  352             struct sockaddr *addr);
  353 int     mac_socket_check_getsockopt(kauth_cred_t cred, struct socket *so,
  354             struct sockopt *sopt);
  355 int     mac_socket_check_setsockopt(kauth_cred_t cred, struct socket *so,
  356             struct sockopt *sopt);
  357 int     mac_socket_check_stat(kauth_cred_t cred, struct socket *so);
  358 void    mac_socket_label_associate(kauth_cred_t cred, struct socket *so);
  359 void    mac_socket_label_associate_accept(struct socket *oldsocket,
  360             struct socket *newsocket);
  361 void    mac_socket_label_copy(struct label *from, struct label *to);
  362 void    mac_socket_label_destroy(struct socket *);
  363 int     mac_socket_label_get(kauth_cred_t cred, struct socket *so,
  364             struct mac *extmac);
  365 int     mac_socket_label_init(struct socket *, int waitok);
  366 void    mac_socketpeer_label_associate_mbuf(struct mbuf *m, struct socket *so);
  367 void    mac_socketpeer_label_associate_socket(struct socket *peersocket,
  368             struct socket *socket_to_modify);
  369 int     mac_socketpeer_label_get(kauth_cred_t cred, struct socket *so,
  370             struct mac *extmac);
  371 int     mac_system_check_acct(kauth_cred_t cred, struct vnode *vp);
  372 int     mac_system_check_audit(kauth_cred_t cred, void *record, int length);
  373 int     mac_system_check_auditctl(kauth_cred_t cred, struct vnode *vp);
  374 int     mac_system_check_auditon(kauth_cred_t cred, int cmd);
  375 int     mac_system_check_host_priv(kauth_cred_t cred);
  376 int     mac_system_check_nfsd(kauth_cred_t cred);
  377 int     mac_system_check_reboot(kauth_cred_t cred, int howto);
  378 int     mac_system_check_settime(kauth_cred_t cred);
  379 int     mac_system_check_swapoff(kauth_cred_t cred, struct vnode *vp);
  380 int     mac_system_check_swapon(kauth_cred_t cred, struct vnode *vp);
  381 int     mac_system_check_sysctl(kauth_cred_t cred, int *name,
  382             u_int namelen, user_addr_t oldctl, user_addr_t oldlenp, int inkernel,
  383             user_addr_t newctl, size_t newlen);
  384 void    mac_sysvmsg_label_associate(kauth_cred_t cred,
  385             struct msqid_kernel *msqptr, struct msg *msgptr);
  386 void    mac_sysvmsg_label_init(struct msg *msgptr);
  387 void    mac_sysvmsg_label_recycle(struct msg *msgptr);
  388 int     mac_sysvmsq_check_enqueue(kauth_cred_t cred, struct msg *msgptr,
  389             struct msqid_kernel *msqptr);
  390 int     mac_sysvmsq_check_msgrcv(kauth_cred_t cred, struct msg *msgptr);
  391 int     mac_sysvmsq_check_msgrmid(kauth_cred_t cred, struct msg *msgptr);
  392 int     mac_sysvmsq_check_msqctl(kauth_cred_t cred,
  393             struct msqid_kernel *msqptr, int cmd);
  394 int     mac_sysvmsq_check_msqget(kauth_cred_t cred,
  395             struct msqid_kernel *msqptr);
  396 int     mac_sysvmsq_check_msqrcv(kauth_cred_t cred,
  397             struct msqid_kernel *msqptr);
  398 int     mac_sysvmsq_check_msqsnd(kauth_cred_t cred,
  399             struct msqid_kernel *msqptr);
  400 void    mac_sysvmsq_label_associate(kauth_cred_t cred,
  401             struct msqid_kernel *msqptr);
  402 void    mac_sysvmsq_label_init(struct msqid_kernel *msqptr);
  403 void    mac_sysvmsq_label_recycle(struct msqid_kernel *msqptr);
  404 int     mac_sysvsem_check_semctl(kauth_cred_t cred,
  405             struct semid_kernel *semakptr, int cmd);
  406 int     mac_sysvsem_check_semget(kauth_cred_t cred,
  407             struct semid_kernel *semakptr);
  408 int     mac_sysvsem_check_semop(kauth_cred_t cred,
  409             struct semid_kernel *semakptr, size_t accesstype);
  410 void    mac_sysvsem_label_associate(kauth_cred_t cred,
  411             struct semid_kernel *semakptr);
  412 void    mac_sysvsem_label_destroy(struct semid_kernel *semakptr);
  413 void    mac_sysvsem_label_init(struct semid_kernel *semakptr);
  414 void    mac_sysvsem_label_recycle(struct semid_kernel *semakptr);
  415 int     mac_sysvshm_check_shmat(kauth_cred_t cred,
  416             struct shmid_kernel *shmsegptr, int shmflg);
  417 int     mac_sysvshm_check_shmctl(kauth_cred_t cred,
  418             struct shmid_kernel *shmsegptr, int cmd);
  419 int     mac_sysvshm_check_shmdt(kauth_cred_t cred,
  420             struct shmid_kernel *shmsegptr);
  421 int     mac_sysvshm_check_shmget(kauth_cred_t cred,
  422             struct shmid_kernel *shmsegptr, int shmflg);
  423 void    mac_sysvshm_label_associate(kauth_cred_t cred,
  424             struct shmid_kernel *shmsegptr);
  425 void    mac_sysvshm_label_destroy(struct shmid_kernel *shmsegptr);
  426 void    mac_sysvshm_label_init(struct shmid_kernel* shmsegptr);
  427 void    mac_sysvshm_label_recycle(struct shmid_kernel *shmsegptr);
  428 void    mac_thread_userret(int code, int error, struct thread *thread);
  429 int     mac_vnode_check_access(vfs_context_t ctx, struct vnode *vp,
  430             int acc_mode);
  431 int     mac_vnode_check_chdir(vfs_context_t ctx, struct vnode *dvp);
  432 int     mac_vnode_check_chroot(vfs_context_t ctx, struct vnode *dvp,
  433             struct componentname *cnp);
  434 int     mac_vnode_check_create(vfs_context_t ctx, struct vnode *dvp,
  435             struct componentname *cnp, struct vnode_attr *vap);
  436 int     mac_vnode_check_deleteextattr(vfs_context_t ctx, struct vnode *vp,
  437             const char *name);
  438 int     mac_vnode_check_exchangedata(vfs_context_t ctx, struct vnode *v1,
  439             struct vnode *v2);
  440 int     mac_vnode_check_exec(vfs_context_t ctx, struct vnode *vp,
  441             struct image_params *imgp);
  442 int     mac_vnode_check_signature(struct vnode *vp, unsigned char *sha1,
  443             void * signature, size_t size);
  444 int     mac_vnode_check_getattrlist(vfs_context_t ctx, struct vnode *vp,
  445             struct attrlist *alist);
  446 int     mac_vnode_check_getextattr(vfs_context_t ctx, struct vnode *vp,
  447             const char *name, struct uio *uio);
  448 int     mac_vnode_check_ioctl(vfs_context_t ctx, struct vnode *vp,
  449             unsigned int cmd);
  450 int     mac_vnode_check_kqfilter(vfs_context_t ctx,
  451             kauth_cred_t file_cred, struct knote *kn, struct vnode *vp);
  452 int     mac_vnode_check_label_update(vfs_context_t ctx, struct vnode *vp,
  453             struct label *newlabel);
  454 int     mac_vnode_check_link(vfs_context_t ctx, struct vnode *dvp,
  455             struct vnode *vp, struct componentname *cnp);
  456 int     mac_vnode_check_listextattr(vfs_context_t ctx, struct vnode *vp);
  457 int     mac_vnode_check_lookup(vfs_context_t ctx, struct vnode *dvp,
  458             struct componentname *cnp);
  459 int     mac_vnode_check_open(vfs_context_t ctx, struct vnode *vp,
  460             int acc_mode);
  461 int     mac_vnode_check_read(vfs_context_t ctx,
  462             kauth_cred_t file_cred, struct vnode *vp);
  463 int     mac_vnode_check_readdir(vfs_context_t ctx, struct vnode *vp);
  464 int     mac_vnode_check_readlink(vfs_context_t ctx, struct vnode *vp);
  465 int     mac_vnode_check_rename_from(vfs_context_t ctx, struct vnode *dvp,
  466             struct vnode *vp, struct componentname *cnp);
  467 int     mac_vnode_check_rename_to(vfs_context_t ctx, struct vnode *dvp,
  468             struct vnode *vp, int samedir, struct componentname *cnp);
  469 int     mac_vnode_check_revoke(vfs_context_t ctx, struct vnode *vp);
  470 int     mac_vnode_check_select(vfs_context_t ctx, struct vnode *vp,
  471             int which);
  472 int     mac_vnode_check_setattrlist(vfs_context_t ctxd, struct vnode *vp,
  473             struct attrlist *alist);
  474 int     mac_vnode_check_setextattr(vfs_context_t ctx, struct vnode *vp,
  475             const char *name, struct uio *uio);
  476 int     mac_vnode_check_setflags(vfs_context_t ctx, struct vnode *vp,
  477             u_long flags);
  478 int     mac_vnode_check_setmode(vfs_context_t ctx, struct vnode *vp,
  479             mode_t mode);
  480 int     mac_vnode_check_setowner(vfs_context_t ctx, struct vnode *vp,
  481             uid_t uid, gid_t gid);
  482 int     mac_vnode_check_setutimes(vfs_context_t ctx, struct vnode *vp,
  483             struct timespec atime, struct timespec mtime);
  484 int     mac_vnode_check_stat(vfs_context_t ctx,
  485             kauth_cred_t file_cred, struct vnode *vp);
  486 int     mac_vnode_check_truncate(vfs_context_t ctx,
  487             kauth_cred_t file_cred, struct vnode *vp);
  488 int     mac_vnode_check_uipc_bind(vfs_context_t ctx, struct vnode *dvp,
  489             struct componentname *cnp, struct vnode_attr *vap);
  490 int     mac_vnode_check_uipc_connect(vfs_context_t ctx, struct vnode *vp);
  491 int     mac_vnode_check_unlink(vfs_context_t ctx, struct vnode *dvp,
  492             struct vnode *vp, struct componentname *cnp);
  493 int     mac_vnode_check_write(vfs_context_t ctx,
  494             kauth_cred_t file_cred, struct vnode *vp);
  495 struct label    *mac_vnode_label_alloc(void);
  496 int     mac_vnode_label_associate(struct mount *mp, struct vnode *vp,
  497             vfs_context_t ctx);
  498 void    mac_vnode_label_associate_devfs(struct mount *mp, struct devnode *de,
  499             struct vnode *vp);
  500 int     mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp);
  501 int     mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp,
  502             struct vnode *vp, vfs_context_t ctx);
  503 void    mac_vnode_label_associate_singlelabel(struct mount *mp,
  504             struct vnode *vp);
  505 void    mac_vnode_label_copy(struct label *l1, struct label *l2);
  506 void    mac_vnode_label_destroy(struct vnode *vp);
  507 int     mac_vnode_label_externalize_audit(struct vnode *vp, struct mac *mac);
  508 void    mac_vnode_label_free(struct label *label);
  509 void    mac_vnode_label_init(struct vnode *vp);
  510 int     mac_vnode_label_init_needed(struct vnode *vp);
  511 void    mac_vnode_label_recycle(struct vnode *vp);
  512 void    mac_vnode_label_update(vfs_context_t ctx, struct vnode *vp,
  513             struct label *newlabel);
  514 void    mac_vnode_label_update_extattr(struct mount *mp, struct vnode *vp,
  515             const char *name);
  516 int     mac_vnode_notify_create(vfs_context_t ctx, struct mount *mp,
  517             struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
  518 int     vnode_label(struct mount *mp, struct vnode *dvp, struct vnode *vp,
  519             struct componentname *cnp, int flags, vfs_context_t ctx);
  520 void    vnode_relabel(struct vnode *vp);
  521 
  522 void psem_label_associate(struct fileproc *fp, struct vnode *vp, struct vfs_context *ctx);
  523 void pshm_label_associate(struct fileproc *fp, struct vnode *vp, struct vfs_context *ctx);
  524 
  525 #if CONFIG_MACF_NET
  526 struct label *mac_bpfdesc_label_get(struct bpf_d *d);
  527 void mac_bpfdesc_label_set(struct bpf_d *d, struct label *label);
  528 #endif
  529 
  530 #endif  /* CONFIG_MACF */
  531 
  532 #endif /* !_SECURITY_MAC_FRAMEWORK_H_ */

Cache object: 3e66052e5197f7189ebcfa6c6e83c964


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.