The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_framework.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*
    2  * Copyright (c) 2007 Apple Inc. All rights reserved.
    3  *
    4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
    5  * 
    6  * This file contains Original Code and/or Modifications of Original Code
    7  * as defined in and that are subject to the Apple Public Source License
    8  * Version 2.0 (the 'License'). You may not use this file except in
    9  * compliance with the License. The rights granted to you under the License
   10  * may not be used to create, or enable the creation or redistribution of,
   11  * unlawful or unlicensed copies of an Apple operating system, or to
   12  * circumvent, violate, or enable the circumvention or violation of, any
   13  * terms of an Apple operating system software license agreement.
   14  * 
   15  * Please obtain a copy of the License at
   16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
   17  * 
   18  * The Original Code and all software distributed under the License are
   19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
   20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
   21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
   22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
   23  * Please see the License for the specific language governing rights and
   24  * limitations under the License.
   25  * 
   26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
   27  */
   28 /*-
   29  * Copyright (c) 1999-2002 Robert N. M. Watson
   30  * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
   31  * Copyright (c) 2005-2007 SPARTA, Inc.
   32  * All rights reserved.
   33  *
   34  * This software was developed by Robert Watson for the TrustedBSD Project.
   35  *
   36  * This software was developed for the FreeBSD Project in part by Network
   37  * Associates Laboratories, the Security Research Division of Network
   38  * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
   39  * as part of the DARPA CHATS research program.
   40  *
   41  * This software was enhanced by SPARTA ISSO under SPAWAR contract
   42  * N66001-04-C-6019 ("SEFOS").
   43  *
   44  * Redistribution and use in source and binary forms, with or without
   45  * modification, are permitted provided that the following conditions
   46  * are met:
   47  * 1. Redistributions of source code must retain the above copyright
   48  *    notice, this list of conditions and the following disclaimer.
   49  * 2. Redistributions in binary form must reproduce the above copyright
   50  *    notice, this list of conditions and the following disclaimer in the
   51  *    documentation and/or other materials provided with the distribution.
   52  *
   53  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   54  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   55  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   56  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   57  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   58  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   59  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   60  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   61  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   62  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   63  * SUCH DAMAGE.
   64  *
   65  * $FreeBSD: src/sys/sys/mac.h,v 1.40 2003/04/18 19:57:37 rwatson Exp $
   66  *
   67  */
   68 /*
   69  * Kernel interface for Mandatory Access Control -- how kernel services
   70  * interact with the TrustedBSD MAC Framework.
   71  */
   72 
   73 #ifndef _SECURITY_MAC_FRAMEWORK_H_
   74 #define _SECURITY_MAC_FRAMEWORK_H_
   75 
   76 #ifndef KERNEL
   77 #error "no user-serviceable parts inside"
   78 #endif
   79 
   80 #if CONFIG_MACF
   81 
   82 struct attrlist;
   83 struct auditinfo;
   84 struct bpf_d;
   85 struct componentname;
   86 struct devnode;
   87 struct flock;
   88 struct fdescnode;
   89 struct fileglob;
   90 struct fileproc;
   91 struct ifnet;
   92 struct ifreq;
   93 struct image_params;
   94 struct inpcb;
   95 struct ipq;
   96 struct knote;
   97 struct lctx;
   98 struct m_tag;
   99 struct mac;
  100 struct mac_module_data;
  101 struct mbuf;
  102 struct msg;
  103 struct msqid_kernel;
  104 struct mount;
  105 struct pipe;
  106 struct proc;
  107 struct pseminfo;
  108 struct pshminfo;
  109 struct semid_kernel;
  110 struct shmid_kernel;
  111 struct sockaddr;
  112 struct sockopt;
  113 struct socket;
  114 struct task;
  115 struct thread;
  116 struct timespec;
  117 struct ucred;
  118 struct uio;
  119 struct vfs_attr;
  120 struct vfs_context;
  121 struct vnode;
  122 struct vnode_attr;
  123 struct vop_setlabel_args;
  124 
  125 #ifndef __IOKIT_PORTS_DEFINED__
  126 #define __IOKIT_PORTS_DEFINED__
  127 #ifdef __cplusplus
  128 class OSObject;
  129 typedef OSObject *io_object_t;
  130 #else
  131 struct OSObject;
  132 typedef struct OSObject *io_object_t;
  133 #endif
  134 #endif /* __IOKIT_PORTS_DEFINED__ */
  135 
  136 /*@ macros */
  137 #define VNODE_LABEL_CREATE      1
  138 
  139 #if CONFIG_MACF_MACH
  140 #define mac_task_label_update_cred(cred, task)                          \
  141         mac_task_label_update_internal(((cred)->cr_label), task)
  142 #else
  143 #define mac_task_label_update_cred(cred, task)
  144 #endif
  145 
  146 /*@ === */
  147 int     mac_audit_check_postselect(kauth_cred_t cred, unsigned short syscode,
  148             void *args, int error, int retval, int mac_forced);
  149 int     mac_audit_check_preselect(kauth_cred_t cred, unsigned short syscode,
  150             void *args);
  151 int     mac_bpfdesc_check_receive(struct bpf_d *bpf_d, struct ifnet *ifp);
  152 void    mac_bpfdesc_label_destroy(struct bpf_d *bpf_d);
  153 void    mac_bpfdesc_label_init(struct bpf_d *bpf_d);
  154 void    mac_bpfdesc_label_associate(kauth_cred_t cred, struct bpf_d *bpf_d);
  155 int     mac_cred_check_label_update(kauth_cred_t cred,
  156             struct label *newlabel);
  157 int     mac_cred_check_label_update_execve(vfs_context_t ctx,
  158             struct vnode *vp, struct label *scriptvnodelabel, 
  159             struct label *execlabel, proc_t proc);
  160 int     mac_cred_check_visible(kauth_cred_t u1, kauth_cred_t u2);
  161 struct label    *mac_cred_label_alloc(void);
  162 void    mac_cred_label_associate(kauth_cred_t cred_parent,
  163             kauth_cred_t cred_child);
  164 void    mac_cred_label_associate_fork(kauth_cred_t cred, proc_t child);
  165 void    mac_cred_label_associate_kernel(kauth_cred_t cred);
  166 void    mac_cred_label_associate_user(kauth_cred_t cred);
  167 void    mac_cred_label_destroy(kauth_cred_t cred);
  168 int     mac_cred_label_externalize_audit(proc_t p, struct mac *mac);
  169 void    mac_cred_label_free(struct label *label);
  170 void    mac_cred_label_init(kauth_cred_t cred);
  171 void    mac_cred_label_update(kauth_cred_t cred, struct label *newlabel);
  172 int     mac_cred_label_update_execve(vfs_context_t ctx, kauth_cred_t newcred,
  173             struct vnode *vp, struct label *scriptvnodelabel,
  174             struct label *execlabel);
  175 void    mac_devfs_label_associate_device(dev_t dev, struct devnode *de,
  176             const char *fullpath);
  177 void    mac_devfs_label_associate_directory(const char *dirname, int dirnamelen,
  178             struct devnode *de, const char *fullpath);
  179 void    mac_devfs_label_copy(struct label *, struct label *label);
  180 void    mac_devfs_label_destroy(struct devnode *de);
  181 void    mac_devfs_label_init(struct devnode *de);
  182 void    mac_devfs_label_update(struct mount *mp, struct devnode *de,
  183             struct vnode *vp);
  184 int     mac_execve_enter(user_addr_t mac_p, struct image_params *imgp);
  185 int     mac_file_check_change_offset(kauth_cred_t cred, struct fileglob *fg);
  186 int     mac_file_check_create(kauth_cred_t cred);
  187 int     mac_file_check_dup(kauth_cred_t cred, struct fileglob *fg, int newfd);
  188 int     mac_file_check_fcntl(kauth_cred_t cred, struct fileglob *fg, int cmd,
  189             user_long_t arg);
  190 int     mac_file_check_get(kauth_cred_t cred, struct fileglob *fg,
  191             char *elements, int len);
  192 int     mac_file_check_get_offset(kauth_cred_t cred, struct fileglob *fg);
  193 int     mac_file_check_inherit(kauth_cred_t cred, struct fileglob *fg);
  194 int     mac_file_check_ioctl(kauth_cred_t cred, struct fileglob *fg,
  195             unsigned int cmd);
  196 int     mac_file_check_lock(kauth_cred_t cred, struct fileglob *fg, int op,
  197             struct flock *fl);
  198 int     mac_file_check_mmap(kauth_cred_t cred, struct fileglob *fg,
  199             int prot, int flags, int *maxprot);
  200 void    mac_file_check_mmap_downgrade(kauth_cred_t cred, struct fileglob *fg,
  201             int *prot);
  202 int     mac_file_check_receive(kauth_cred_t cred, struct fileglob *fg);
  203 int     mac_file_check_set(kauth_cred_t cred, struct fileglob *fg,
  204             char *bufp, int buflen);
  205 void    mac_file_label_associate(kauth_cred_t cred, struct fileglob *fg);
  206 void    mac_file_label_destroy(struct fileglob *fg);
  207 void    mac_file_label_init(struct fileglob *fg);
  208 int     mac_ifnet_check_transmit(struct ifnet *ifp, struct mbuf *mbuf,
  209             int family, int type);
  210 void    mac_ifnet_label_associate(struct ifnet *ifp);
  211 void    mac_ifnet_label_destroy(struct ifnet *ifp);
  212 int     mac_ifnet_label_get(kauth_cred_t cred, struct ifreq *ifr,
  213             struct ifnet *ifp);
  214 void    mac_ifnet_label_init(struct ifnet *ifp);
  215 void    mac_ifnet_label_recycle(struct ifnet *ifp);
  216 int     mac_ifnet_label_set(kauth_cred_t cred, struct ifreq *ifr,
  217             struct ifnet *ifp);
  218 int     mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *mbuf,
  219             int family, int type);
  220 void    mac_inpcb_label_associate(struct socket *so, struct inpcb *inp);
  221 void    mac_inpcb_label_destroy(struct inpcb *inp);
  222 int     mac_inpcb_label_init(struct inpcb *inp, int flag);
  223 void    mac_inpcb_label_recycle(struct inpcb *inp);
  224 void    mac_inpcb_label_update(struct socket *so);
  225 int     mac_iokit_check_device(char *devtype, struct mac_module_data *mdata);
  226 int     mac_iokit_check_open(kauth_cred_t cred, io_object_t user_client, unsigned int user_client_type);
  227 int     mac_iokit_check_set_properties(kauth_cred_t cred, io_object_t registry_entry, io_object_t properties);
  228 int     mac_iokit_check_hid_control(kauth_cred_t cred);
  229 void    mac_ipq_label_associate(struct mbuf *fragment, struct ipq *ipq);
  230 int     mac_ipq_label_compare(struct mbuf *fragment, struct ipq *ipq);
  231 void    mac_ipq_label_destroy(struct ipq *ipq);
  232 int     mac_ipq_label_init(struct ipq *ipq, int flag);
  233 void    mac_ipq_label_update(struct mbuf *fragment, struct ipq *ipq);
  234 struct label    *mac_lctx_label_alloc(void);
  235 void    mac_lctx_label_free(struct label *label);
  236 void    mac_lctx_label_update(struct lctx *l, struct label *newlabel);
  237 int     mac_lctx_check_label_update(struct lctx *l, struct label *newlabel);
  238 void    mac_lctx_notify_create(proc_t proc, struct lctx *l);
  239 void    mac_lctx_notify_join(proc_t proc, struct lctx *l);
  240 void    mac_lctx_notify_leave(proc_t proc, struct lctx *l);
  241 void    mac_mbuf_label_associate_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
  242 void    mac_mbuf_label_associate_ifnet(struct ifnet *ifp, struct mbuf *m);
  243 void    mac_mbuf_label_associate_inpcb(struct inpcb *inp, struct mbuf *m);
  244 void    mac_mbuf_label_associate_ipq(struct ipq *ipq, struct mbuf *mbuf);
  245 void    mac_mbuf_label_associate_linklayer(struct ifnet *ifp, struct mbuf *m);
  246 void    mac_mbuf_label_associate_multicast_encap(struct mbuf *oldmbuf,
  247             struct ifnet *ifp, struct mbuf *newmbuf);
  248 void    mac_mbuf_label_associate_netlayer(struct mbuf *oldmbuf,
  249             struct mbuf *newmbuf);
  250 void    mac_mbuf_label_associate_socket(struct socket *so, struct mbuf *m);
  251 void    mac_mbuf_label_copy(struct mbuf *m_from, struct mbuf *m_to);
  252 void    mac_mbuf_label_destroy(struct mbuf *m);
  253 int     mac_mbuf_label_init(struct mbuf *m, int flag);
  254 void    mac_mbuf_tag_copy(struct m_tag *m, struct m_tag *mtag);
  255 void    mac_mbuf_tag_destroy(struct m_tag *mtag);
  256 int     mac_mbuf_tag_init(struct m_tag *, int how);
  257 int     mac_mount_check_fsctl(vfs_context_t ctx, struct mount *mp,
  258             unsigned int cmd);
  259 int     mac_mount_check_getattr(vfs_context_t ctx, struct mount *mp,
  260             struct vfs_attr *vfa);
  261 int     mac_mount_check_label_update(vfs_context_t ctx, struct mount *mp);
  262 int     mac_mount_check_mount(vfs_context_t ctx, struct vnode *vp,
  263             struct componentname *cnp, const char *vfc_name);
  264 int     mac_mount_check_remount(vfs_context_t ctx, struct mount *mp);
  265 int     mac_mount_check_setattr(vfs_context_t ctx, struct mount *mp,
  266             struct vfs_attr *vfa);
  267 int     mac_mount_check_stat(vfs_context_t ctx, struct mount *mp);
  268 int     mac_mount_check_umount(vfs_context_t ctx, struct mount *mp);
  269 void    mac_mount_label_associate(vfs_context_t ctx, struct mount *mp);
  270 void    mac_mount_label_destroy(struct mount *mp);
  271 int     mac_mount_label_externalize(struct label *label, char *elements,
  272             char *outbuf, size_t outbuflen);
  273 int     mac_mount_label_get(struct mount *mp, user_addr_t mac_p);
  274 void    mac_mount_label_init(struct mount *);
  275 int     mac_mount_label_internalize(struct label *, char *string);
  276 void    mac_netinet_fragment(struct mbuf *datagram, struct mbuf *fragment);
  277 void    mac_netinet_icmp_reply(struct mbuf *m);
  278 void    mac_netinet_tcp_reply(struct mbuf *m);
  279 int     mac_pipe_check_ioctl(kauth_cred_t cred, struct pipe *cpipe,
  280             unsigned int cmd);
  281 int     mac_pipe_check_kqfilter(kauth_cred_t cred, struct knote *kn,
  282             struct pipe *cpipe);
  283 int     mac_pipe_check_read(kauth_cred_t cred, struct pipe *cpipe);
  284 int     mac_pipe_check_select(kauth_cred_t cred, struct pipe *cpipe,
  285             int which);
  286 int     mac_pipe_check_stat(kauth_cred_t cred, struct pipe *cpipe);
  287 int     mac_pipe_check_write(kauth_cred_t cred, struct pipe *cpipe);
  288 struct label    *mac_pipe_label_alloc(void);
  289 void    mac_pipe_label_associate(kauth_cred_t cred, struct pipe *cpipe);
  290 void    mac_pipe_label_copy(struct label *src, struct label *dest);
  291 void    mac_pipe_label_destroy(struct pipe *cpipe);
  292 void    mac_pipe_label_free(struct label *label);
  293 void    mac_pipe_label_init(struct pipe *cpipe);
  294 int     mac_pipe_label_update(kauth_cred_t cred, struct pipe *cpipe,
  295             struct label *label);
  296 void    mac_policy_initbsd(void);
  297 int     mac_posixsem_check_create(kauth_cred_t cred, const char *name);
  298 int     mac_posixsem_check_open(kauth_cred_t cred, struct pseminfo *psem);
  299 int     mac_posixsem_check_post(kauth_cred_t cred, struct pseminfo *psem);
  300 int     mac_posixsem_check_unlink(kauth_cred_t cred, struct pseminfo *psem,
  301             const char *name);
  302 int     mac_posixsem_check_wait(kauth_cred_t cred, struct pseminfo *psem);
  303 void    mac_posixsem_vnode_label_associate(kauth_cred_t cred,
  304             struct pseminfo *psem, struct label *plabel,
  305             vnode_t vp, struct label *vlabel);
  306 void    mac_posixsem_label_associate(kauth_cred_t cred,
  307             struct pseminfo *psem, const char *name);
  308 void    mac_posixsem_label_destroy(struct pseminfo *psem);
  309 void    mac_posixsem_label_init(struct pseminfo *psem);
  310 int     mac_posixshm_check_create(kauth_cred_t cred, const char *name);
  311 int     mac_posixshm_check_mmap(kauth_cred_t cred, struct pshminfo *pshm,
  312             int prot, int flags);
  313 int     mac_posixshm_check_open(kauth_cred_t cred, struct pshminfo *pshm);
  314 int     mac_posixshm_check_stat(kauth_cred_t cred, struct pshminfo *pshm);
  315 int     mac_posixshm_check_truncate(kauth_cred_t cred, struct pshminfo *pshm,
  316             off_t s);
  317 int     mac_posixshm_check_unlink(kauth_cred_t cred, struct pshminfo *pshm,
  318             const char *name);
  319 void    mac_posixshm_vnode_label_associate(kauth_cred_t cred,
  320             struct pshminfo *pshm, struct label *plabel,
  321             vnode_t vp, struct label *vlabel);
  322 void    mac_posixshm_label_associate(kauth_cred_t cred,
  323             struct pshminfo *pshm, const char *name);
  324 void    mac_posixshm_label_destroy(struct pshminfo *pshm);
  325 void    mac_posixshm_label_init(struct pshminfo *pshm);
  326 int     mac_priv_check(kauth_cred_t cred, int priv);
  327 int     mac_priv_grant(kauth_cred_t cred, int priv);
  328 int     mac_proc_check_debug(proc_t proc1, proc_t proc2);
  329 int     mac_proc_check_fork(proc_t proc);
  330 int     mac_proc_check_suspend_resume(proc_t proc, int sr);
  331 int     mac_proc_check_get_task_name(kauth_cred_t cred, struct proc *p);
  332 int     mac_proc_check_get_task(kauth_cred_t cred, struct proc *p);
  333 int     mac_proc_check_getaudit(proc_t proc);
  334 int     mac_proc_check_getauid(proc_t proc);
  335 int     mac_proc_check_getlcid(proc_t proc1, proc_t proc2,
  336             pid_t pid);
  337 int     mac_proc_check_map_anon(proc_t proc, user_addr_t u_addr,
  338             user_size_t u_size, int prot, int flags, int *maxprot);
  339 int     mac_proc_check_mprotect(proc_t proc,
  340             user_addr_t addr, user_size_t size, int prot);
  341 int     mac_proc_check_run_cs_invalid(proc_t proc);
  342 int     mac_proc_check_sched(proc_t proc, proc_t proc2);
  343 int     mac_proc_check_setaudit(proc_t proc, struct auditinfo_addr *ai);
  344 int     mac_proc_check_setauid(proc_t proc, uid_t auid);
  345 int     mac_proc_check_setlcid(proc_t proc1, proc_t proc2,
  346             pid_t pid1, pid_t pid2);
  347 int     mac_proc_check_signal(proc_t proc1, proc_t proc2,
  348             int signum);
  349 int     mac_proc_check_wait(proc_t proc1, proc_t proc2);
  350 void    mac_proc_set_enforce(proc_t p, int enforce_flags);
  351 int     mac_setsockopt_label(kauth_cred_t cred, struct socket *so,
  352             struct mac *extmac);
  353 int     mac_socket_check_accept(kauth_cred_t cred, struct socket *so);
  354 int     mac_socket_check_accepted(kauth_cred_t cred, struct socket *so);
  355 int     mac_socket_check_bind(kauth_cred_t cred, struct socket *so,
  356             struct sockaddr *addr);
  357 int     mac_socket_check_connect(kauth_cred_t cred, struct socket *so,
  358             struct sockaddr *addr);
  359 int     mac_socket_check_create(kauth_cred_t cred, int domain,
  360             int type, int protocol);
  361 int     mac_socket_check_deliver(struct socket *so, struct mbuf *m);
  362 int     mac_socket_check_kqfilter(kauth_cred_t cred, struct knote *kn,
  363             struct socket *so);
  364 int     mac_socket_check_listen(kauth_cred_t cred, struct socket *so);
  365 int     mac_socket_check_receive(kauth_cred_t cred, struct socket *so);
  366 int     mac_socket_check_received(kauth_cred_t cred, struct socket *so, 
  367             struct sockaddr *saddr);
  368 int     mac_socket_check_select(kauth_cred_t cred, struct socket *so,
  369             int which);
  370 int     mac_socket_check_send(kauth_cred_t cred, struct socket *so,
  371             struct sockaddr *addr);
  372 int     mac_socket_check_getsockopt(kauth_cred_t cred, struct socket *so,
  373             struct sockopt *sopt);
  374 int     mac_socket_check_setsockopt(kauth_cred_t cred, struct socket *so,
  375             struct sockopt *sopt);
  376 int     mac_socket_check_stat(kauth_cred_t cred, struct socket *so);
  377 void    mac_socket_label_associate(kauth_cred_t cred, struct socket *so);
  378 void    mac_socket_label_associate_accept(struct socket *oldsocket,
  379             struct socket *newsocket);
  380 void    mac_socket_label_copy(struct label *from, struct label *to);
  381 void    mac_socket_label_destroy(struct socket *);
  382 int     mac_socket_label_get(kauth_cred_t cred, struct socket *so,
  383             struct mac *extmac);
  384 int     mac_socket_label_init(struct socket *, int waitok);
  385 void    mac_socketpeer_label_associate_mbuf(struct mbuf *m, struct socket *so);
  386 void    mac_socketpeer_label_associate_socket(struct socket *peersocket,
  387             struct socket *socket_to_modify);
  388 int     mac_socketpeer_label_get(kauth_cred_t cred, struct socket *so,
  389             struct mac *extmac);
  390 int     mac_system_check_acct(kauth_cred_t cred, struct vnode *vp);
  391 int     mac_system_check_audit(kauth_cred_t cred, void *record, int length);
  392 int     mac_system_check_auditctl(kauth_cred_t cred, struct vnode *vp);
  393 int     mac_system_check_auditon(kauth_cred_t cred, int cmd);
  394 int     mac_system_check_chud(kauth_cred_t cred);
  395 int     mac_system_check_host_priv(kauth_cred_t cred);
  396 int     mac_system_check_nfsd(kauth_cred_t cred);
  397 int     mac_system_check_reboot(kauth_cred_t cred, int howto);
  398 int     mac_system_check_settime(kauth_cred_t cred);
  399 int     mac_system_check_swapoff(kauth_cred_t cred, struct vnode *vp);
  400 int     mac_system_check_swapon(kauth_cred_t cred, struct vnode *vp);
  401 int     mac_system_check_sysctl(kauth_cred_t cred, int *name,
  402             u_int namelen, user_addr_t oldctl, user_addr_t oldlenp, int inkernel,
  403             user_addr_t newctl, size_t newlen);
  404 void    mac_sysvmsg_label_associate(kauth_cred_t cred,
  405             struct msqid_kernel *msqptr, struct msg *msgptr);
  406 void    mac_sysvmsg_label_init(struct msg *msgptr);
  407 void    mac_sysvmsg_label_recycle(struct msg *msgptr);
  408 int     mac_sysvmsq_check_enqueue(kauth_cred_t cred, struct msg *msgptr,
  409             struct msqid_kernel *msqptr);
  410 int     mac_sysvmsq_check_msgrcv(kauth_cred_t cred, struct msg *msgptr);
  411 int     mac_sysvmsq_check_msgrmid(kauth_cred_t cred, struct msg *msgptr);
  412 int     mac_sysvmsq_check_msqctl(kauth_cred_t cred,
  413             struct msqid_kernel *msqptr, int cmd);
  414 int     mac_sysvmsq_check_msqget(kauth_cred_t cred,
  415             struct msqid_kernel *msqptr);
  416 int     mac_sysvmsq_check_msqrcv(kauth_cred_t cred,
  417             struct msqid_kernel *msqptr);
  418 int     mac_sysvmsq_check_msqsnd(kauth_cred_t cred,
  419             struct msqid_kernel *msqptr);
  420 void    mac_sysvmsq_label_associate(kauth_cred_t cred,
  421             struct msqid_kernel *msqptr);
  422 void    mac_sysvmsq_label_init(struct msqid_kernel *msqptr);
  423 void    mac_sysvmsq_label_recycle(struct msqid_kernel *msqptr);
  424 int     mac_sysvsem_check_semctl(kauth_cred_t cred,
  425             struct semid_kernel *semakptr, int cmd);
  426 int     mac_sysvsem_check_semget(kauth_cred_t cred,
  427             struct semid_kernel *semakptr);
  428 int     mac_sysvsem_check_semop(kauth_cred_t cred,
  429             struct semid_kernel *semakptr, size_t accesstype);
  430 void    mac_sysvsem_label_associate(kauth_cred_t cred,
  431             struct semid_kernel *semakptr);
  432 void    mac_sysvsem_label_destroy(struct semid_kernel *semakptr);
  433 void    mac_sysvsem_label_init(struct semid_kernel *semakptr);
  434 void    mac_sysvsem_label_recycle(struct semid_kernel *semakptr);
  435 int     mac_sysvshm_check_shmat(kauth_cred_t cred,
  436             struct shmid_kernel *shmsegptr, int shmflg);
  437 int     mac_sysvshm_check_shmctl(kauth_cred_t cred,
  438             struct shmid_kernel *shmsegptr, int cmd);
  439 int     mac_sysvshm_check_shmdt(kauth_cred_t cred,
  440             struct shmid_kernel *shmsegptr);
  441 int     mac_sysvshm_check_shmget(kauth_cred_t cred,
  442             struct shmid_kernel *shmsegptr, int shmflg);
  443 void    mac_sysvshm_label_associate(kauth_cred_t cred,
  444             struct shmid_kernel *shmsegptr);
  445 void    mac_sysvshm_label_destroy(struct shmid_kernel *shmsegptr);
  446 void    mac_sysvshm_label_init(struct shmid_kernel* shmsegptr);
  447 void    mac_sysvshm_label_recycle(struct shmid_kernel *shmsegptr);
  448 int     mac_vnode_check_access(vfs_context_t ctx, struct vnode *vp,
  449             int acc_mode);
  450 int     mac_vnode_check_chdir(vfs_context_t ctx, struct vnode *dvp);
  451 int     mac_vnode_check_chroot(vfs_context_t ctx, struct vnode *dvp,
  452             struct componentname *cnp);
  453 int     mac_vnode_check_create(vfs_context_t ctx, struct vnode *dvp,
  454             struct componentname *cnp, struct vnode_attr *vap);
  455 int     mac_vnode_check_deleteextattr(vfs_context_t ctx, struct vnode *vp,
  456             const char *name);
  457 int     mac_vnode_check_exchangedata(vfs_context_t ctx, struct vnode *v1,
  458             struct vnode *v2);
  459 int     mac_vnode_check_exec(vfs_context_t ctx, struct vnode *vp,
  460             struct image_params *imgp);
  461 int     mac_vnode_check_fsgetpath(vfs_context_t ctx, struct vnode *vp);
  462 int     mac_vnode_check_signature(struct vnode *vp, unsigned char *sha1,
  463             void * signature, size_t size);
  464 int     mac_vnode_check_getattrlist(vfs_context_t ctx, struct vnode *vp,
  465             struct attrlist *alist);
  466 int     mac_vnode_check_getextattr(vfs_context_t ctx, struct vnode *vp,
  467             const char *name, struct uio *uio);
  468 int     mac_vnode_check_ioctl(vfs_context_t ctx, struct vnode *vp,
  469             unsigned int cmd);
  470 int     mac_vnode_check_kqfilter(vfs_context_t ctx,
  471             kauth_cred_t file_cred, struct knote *kn, struct vnode *vp);
  472 int     mac_vnode_check_label_update(vfs_context_t ctx, struct vnode *vp,
  473             struct label *newlabel);
  474 int     mac_vnode_check_link(vfs_context_t ctx, struct vnode *dvp,
  475             struct vnode *vp, struct componentname *cnp);
  476 int     mac_vnode_check_listextattr(vfs_context_t ctx, struct vnode *vp);
  477 int     mac_vnode_check_lookup(vfs_context_t ctx, struct vnode *dvp,
  478             struct componentname *cnp);
  479 int     mac_vnode_check_open(vfs_context_t ctx, struct vnode *vp,
  480             int acc_mode);
  481 int     mac_vnode_check_read(vfs_context_t ctx,
  482             kauth_cred_t file_cred, struct vnode *vp);
  483 int     mac_vnode_check_readdir(vfs_context_t ctx, struct vnode *vp);
  484 int     mac_vnode_check_readlink(vfs_context_t ctx, struct vnode *vp);
  485 int     mac_vnode_check_rename_from(vfs_context_t ctx, struct vnode *dvp,
  486             struct vnode *vp, struct componentname *cnp);
  487 int     mac_vnode_check_rename_to(vfs_context_t ctx, struct vnode *dvp,
  488             struct vnode *vp, int samedir, struct componentname *cnp);
  489 int     mac_vnode_check_revoke(vfs_context_t ctx, struct vnode *vp);
  490 int     mac_vnode_check_searchfs(vfs_context_t ctx, struct vnode *vp,
  491             struct attrlist *alist);
  492 int     mac_vnode_check_select(vfs_context_t ctx, struct vnode *vp,
  493             int which);
  494 int     mac_vnode_check_setattrlist(vfs_context_t ctxd, struct vnode *vp,
  495             struct attrlist *alist);
  496 int     mac_vnode_check_setextattr(vfs_context_t ctx, struct vnode *vp,
  497             const char *name, struct uio *uio);
  498 int     mac_vnode_check_setflags(vfs_context_t ctx, struct vnode *vp,
  499             u_long flags);
  500 int     mac_vnode_check_setmode(vfs_context_t ctx, struct vnode *vp,
  501             mode_t mode);
  502 int     mac_vnode_check_setowner(vfs_context_t ctx, struct vnode *vp,
  503             uid_t uid, gid_t gid);
  504 int     mac_vnode_check_setutimes(vfs_context_t ctx, struct vnode *vp,
  505             struct timespec atime, struct timespec mtime);
  506 int     mac_vnode_check_stat(vfs_context_t ctx,
  507             kauth_cred_t file_cred, struct vnode *vp);
  508 int     mac_vnode_check_truncate(vfs_context_t ctx,
  509             kauth_cred_t file_cred, struct vnode *vp);
  510 int     mac_vnode_check_uipc_bind(vfs_context_t ctx, struct vnode *dvp,
  511             struct componentname *cnp, struct vnode_attr *vap);
  512 int     mac_vnode_check_uipc_connect(vfs_context_t ctx, struct vnode *vp);
  513 int     mac_vnode_check_unlink(vfs_context_t ctx, struct vnode *dvp,
  514             struct vnode *vp, struct componentname *cnp);
  515 int     mac_vnode_check_write(vfs_context_t ctx,
  516             kauth_cred_t file_cred, struct vnode *vp);
  517 struct label    *mac_vnode_label_alloc(void);
  518 int     mac_vnode_label_associate(struct mount *mp, struct vnode *vp,
  519             vfs_context_t ctx);
  520 void    mac_vnode_label_associate_devfs(struct mount *mp, struct devnode *de,
  521             struct vnode *vp);
  522 int     mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp);
  523 int     mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp,
  524             struct vnode *vp, vfs_context_t ctx);
  525 void    mac_vnode_label_associate_singlelabel(struct mount *mp,
  526             struct vnode *vp);
  527 void    mac_vnode_label_copy(struct label *l1, struct label *l2);
  528 void    mac_vnode_label_destroy(struct vnode *vp);
  529 int     mac_vnode_label_externalize_audit(struct vnode *vp, struct mac *mac);
  530 void    mac_vnode_label_free(struct label *label);
  531 void    mac_vnode_label_init(struct vnode *vp);
  532 int     mac_vnode_label_init_needed(struct vnode *vp);
  533 void    mac_vnode_label_recycle(struct vnode *vp);
  534 void    mac_vnode_label_update(vfs_context_t ctx, struct vnode *vp,
  535             struct label *newlabel);
  536 void    mac_vnode_label_update_extattr(struct mount *mp, struct vnode *vp,
  537             const char *name);
  538 int     mac_vnode_notify_create(vfs_context_t ctx, struct mount *mp,
  539             struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
  540 void    mac_vnode_notify_rename(vfs_context_t ctx, struct vnode *vp,
  541             struct vnode *dvp, struct componentname *cnp);
  542 int     vnode_label(struct mount *mp, struct vnode *dvp, struct vnode *vp,
  543             struct componentname *cnp, int flags, vfs_context_t ctx);
  544 void    vnode_relabel(struct vnode *vp);
  545 
  546 void psem_label_associate(struct fileproc *fp, struct vnode *vp, struct vfs_context *ctx);
  547 void pshm_label_associate(struct fileproc *fp, struct vnode *vp, struct vfs_context *ctx);
  548 
  549 #if CONFIG_MACF_NET
  550 struct label *mac_bpfdesc_label_get(struct bpf_d *d);
  551 void mac_bpfdesc_label_set(struct bpf_d *d, struct label *label);
  552 #endif
  553 
  554 #endif  /* CONFIG_MACF */
  555 
  556 #endif /* !_SECURITY_MAC_FRAMEWORK_H_ */

Cache object: 75b6f777598541efeb64af024de41017


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.