Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/mac_framework.h
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Copyright (c) 2007 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 /*- 29 * Copyright (c) 1999-2002 Robert N. M. Watson 30 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 31 * Copyright (c) 2005-2007 SPARTA, Inc. 32 * All rights reserved. 33 * 34 * This software was developed by Robert Watson for the TrustedBSD Project. 35 * 36 * This software was developed for the FreeBSD Project in part by Network 37 * Associates Laboratories, the Security Research Division of Network 38 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 39 * as part of the DARPA CHATS research program. 40 * 41 * This software was enhanced by SPARTA ISSO under SPAWAR contract 42 * N66001-04-C-6019 ("SEFOS"). 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * $FreeBSD: src/sys/sys/mac.h,v 1.40 2003/04/18 19:57:37 rwatson Exp $ 66 * 67 */ 68 /* 69 * Kernel interface for Mandatory Access Control -- how kernel services 70 * interact with the TrustedBSD MAC Framework. 71 */ 72 73 #ifndef _SECURITY_MAC_FRAMEWORK_H_ 74 #define _SECURITY_MAC_FRAMEWORK_H_ 75 76 #ifndef KERNEL 77 #error "no user-serviceable parts inside" 78 #endif 79 80 #if CONFIG_MACF 81 82 struct attrlist; 83 struct auditinfo; 84 struct bpf_d; 85 struct componentname; 86 struct devnode; 87 struct flock; 88 struct fdescnode; 89 struct fileglob; 90 struct fileproc; 91 struct ifnet; 92 struct ifreq; 93 struct image_params; 94 struct inpcb; 95 struct ipq; 96 struct knote; 97 struct lctx; 98 struct m_tag; 99 struct mac; 100 struct mac_module_data; 101 struct mbuf; 102 struct msg; 103 struct msqid_kernel; 104 struct mount; 105 struct pipe; 106 struct proc; 107 struct pseminfo; 108 struct pshminfo; 109 struct semid_kernel; 110 struct shmid_kernel; 111 struct sockaddr; 112 struct sockopt; 113 struct socket; 114 struct task; 115 struct thread; 116 struct timespec; 117 struct ucred; 118 struct uio; 119 struct uthread; 120 struct vfs_attr; 121 struct vfs_context; 122 struct vnode; 123 struct vnode_attr; 124 struct vop_setlabel_args; 125 126 #ifndef __IOKIT_PORTS_DEFINED__ 127 #define __IOKIT_PORTS_DEFINED__ 128 #ifdef __cplusplus 129 class OSObject; 130 typedef OSObject *io_object_t; 131 #else 132 struct OSObject; 133 typedef struct OSObject *io_object_t; 134 #endif 135 #endif /* __IOKIT_PORTS_DEFINED__ */ 136 137 /*@ macros */ 138 #define VNODE_LABEL_CREATE 1 139 140 #if CONFIG_MACF_MACH 141 #define mac_task_label_update_cred(cred, task) \ 142 mac_task_label_update_internal(((cred)->cr_label), task) 143 #else 144 #define mac_task_label_update_cred(cred, task) 145 #endif 146 147 /*@ === */ 148 int mac_audit_check_postselect(kauth_cred_t cred, unsigned short syscode, 149 void *args, int error, int retval, int mac_forced); 150 int mac_audit_check_preselect(kauth_cred_t cred, unsigned short syscode, 151 void *args); 152 int mac_bpfdesc_check_receive(struct bpf_d *bpf_d, struct ifnet *ifp); 153 void mac_bpfdesc_label_destroy(struct bpf_d *bpf_d); 154 void mac_bpfdesc_label_init(struct bpf_d *bpf_d); 155 void mac_bpfdesc_label_associate(kauth_cred_t cred, struct bpf_d *bpf_d); 156 int mac_cred_check_label_update(kauth_cred_t cred, 157 struct label *newlabel); 158 int mac_cred_check_label_update_execve(vfs_context_t ctx, 159 struct vnode *vp, struct label *scriptvnodelabel, 160 struct label *execlabel, proc_t proc); 161 int mac_cred_check_visible(kauth_cred_t u1, kauth_cred_t u2); 162 struct label *mac_cred_label_alloc(void); 163 void mac_cred_label_associate(kauth_cred_t cred_parent, 164 kauth_cred_t cred_child); 165 void mac_cred_label_associate_fork(kauth_cred_t cred, proc_t child); 166 void mac_cred_label_associate_kernel(kauth_cred_t cred); 167 void mac_cred_label_associate_user(kauth_cred_t cred); 168 void mac_cred_label_destroy(kauth_cred_t cred); 169 int mac_cred_label_externalize_audit(proc_t p, struct mac *mac); 170 void mac_cred_label_free(struct label *label); 171 void mac_cred_label_init(kauth_cred_t cred); 172 int mac_cred_label_compare(struct label *a, struct label *b); 173 void mac_cred_label_update(kauth_cred_t cred, struct label *newlabel); 174 int mac_cred_label_update_execve(vfs_context_t ctx, kauth_cred_t newcred, 175 struct vnode *vp, struct label *scriptvnodelabel, 176 struct label *execlabel); 177 void mac_devfs_label_associate_device(dev_t dev, struct devnode *de, 178 const char *fullpath); 179 void mac_devfs_label_associate_directory(const char *dirname, int dirnamelen, 180 struct devnode *de, const char *fullpath); 181 void mac_devfs_label_copy(struct label *, struct label *label); 182 void mac_devfs_label_destroy(struct devnode *de); 183 void mac_devfs_label_init(struct devnode *de); 184 void mac_devfs_label_update(struct mount *mp, struct devnode *de, 185 struct vnode *vp); 186 int mac_execve_enter(user_addr_t mac_p, struct image_params *imgp); 187 int mac_file_check_change_offset(kauth_cred_t cred, struct fileglob *fg); 188 int mac_file_check_create(kauth_cred_t cred); 189 int mac_file_check_dup(kauth_cred_t cred, struct fileglob *fg, int newfd); 190 int mac_file_check_fcntl(kauth_cred_t cred, struct fileglob *fg, int cmd, 191 user_long_t arg); 192 int mac_file_check_get(kauth_cred_t cred, struct fileglob *fg, 193 char *elements, int len); 194 int mac_file_check_get_offset(kauth_cred_t cred, struct fileglob *fg); 195 int mac_file_check_inherit(kauth_cred_t cred, struct fileglob *fg); 196 int mac_file_check_ioctl(kauth_cred_t cred, struct fileglob *fg, 197 unsigned int cmd); 198 int mac_file_check_lock(kauth_cred_t cred, struct fileglob *fg, int op, 199 struct flock *fl); 200 int mac_file_check_mmap(kauth_cred_t cred, struct fileglob *fg, 201 int prot, int flags, int *maxprot); 202 void mac_file_check_mmap_downgrade(kauth_cred_t cred, struct fileglob *fg, 203 int *prot); 204 int mac_file_check_receive(kauth_cred_t cred, struct fileglob *fg); 205 int mac_file_check_set(kauth_cred_t cred, struct fileglob *fg, 206 char *bufp, int buflen); 207 void mac_file_label_associate(kauth_cred_t cred, struct fileglob *fg); 208 void mac_file_label_destroy(struct fileglob *fg); 209 void mac_file_label_init(struct fileglob *fg); 210 int mac_ifnet_check_transmit(struct ifnet *ifp, struct mbuf *mbuf, 211 int family, int type); 212 void mac_ifnet_label_associate(struct ifnet *ifp); 213 void mac_ifnet_label_destroy(struct ifnet *ifp); 214 int mac_ifnet_label_get(kauth_cred_t cred, struct ifreq *ifr, 215 struct ifnet *ifp); 216 void mac_ifnet_label_init(struct ifnet *ifp); 217 void mac_ifnet_label_recycle(struct ifnet *ifp); 218 int mac_ifnet_label_set(kauth_cred_t cred, struct ifreq *ifr, 219 struct ifnet *ifp); 220 int mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *mbuf, 221 int family, int type); 222 void mac_inpcb_label_associate(struct socket *so, struct inpcb *inp); 223 void mac_inpcb_label_destroy(struct inpcb *inp); 224 int mac_inpcb_label_init(struct inpcb *inp, int flag); 225 void mac_inpcb_label_recycle(struct inpcb *inp); 226 void mac_inpcb_label_update(struct socket *so); 227 int mac_iokit_check_device(char *devtype, struct mac_module_data *mdata); 228 int mac_iokit_check_open(kauth_cred_t cred, io_object_t user_client, unsigned int user_client_type); 229 int mac_iokit_check_set_properties(kauth_cred_t cred, io_object_t registry_entry, io_object_t properties); 230 int mac_iokit_check_hid_control(kauth_cred_t cred); 231 void mac_ipq_label_associate(struct mbuf *fragment, struct ipq *ipq); 232 int mac_ipq_label_compare(struct mbuf *fragment, struct ipq *ipq); 233 void mac_ipq_label_destroy(struct ipq *ipq); 234 int mac_ipq_label_init(struct ipq *ipq, int flag); 235 void mac_ipq_label_update(struct mbuf *fragment, struct ipq *ipq); 236 struct label *mac_lctx_label_alloc(void); 237 void mac_lctx_label_free(struct label *label); 238 void mac_lctx_label_update(struct lctx *l, struct label *newlabel); 239 int mac_lctx_check_label_update(struct lctx *l, struct label *newlabel); 240 void mac_lctx_notify_create(proc_t proc, struct lctx *l); 241 void mac_lctx_notify_join(proc_t proc, struct lctx *l); 242 void mac_lctx_notify_leave(proc_t proc, struct lctx *l); 243 void mac_mbuf_label_associate_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m); 244 void mac_mbuf_label_associate_ifnet(struct ifnet *ifp, struct mbuf *m); 245 void mac_mbuf_label_associate_inpcb(struct inpcb *inp, struct mbuf *m); 246 void mac_mbuf_label_associate_ipq(struct ipq *ipq, struct mbuf *mbuf); 247 void mac_mbuf_label_associate_linklayer(struct ifnet *ifp, struct mbuf *m); 248 void mac_mbuf_label_associate_multicast_encap(struct mbuf *oldmbuf, 249 struct ifnet *ifp, struct mbuf *newmbuf); 250 void mac_mbuf_label_associate_netlayer(struct mbuf *oldmbuf, 251 struct mbuf *newmbuf); 252 void mac_mbuf_label_associate_socket(struct socket *so, struct mbuf *m); 253 void mac_mbuf_label_copy(struct mbuf *m_from, struct mbuf *m_to); 254 void mac_mbuf_label_destroy(struct mbuf *m); 255 int mac_mbuf_label_init(struct mbuf *m, int flag); 256 void mac_mbuf_tag_copy(struct m_tag *m, struct m_tag *mtag); 257 void mac_mbuf_tag_destroy(struct m_tag *mtag); 258 int mac_mbuf_tag_init(struct m_tag *, int how); 259 int mac_mount_check_fsctl(vfs_context_t ctx, struct mount *mp, 260 unsigned int cmd); 261 int mac_mount_check_getattr(vfs_context_t ctx, struct mount *mp, 262 struct vfs_attr *vfa); 263 int mac_mount_check_label_update(vfs_context_t ctx, struct mount *mp); 264 int mac_mount_check_mount(vfs_context_t ctx, struct vnode *vp, 265 struct componentname *cnp, const char *vfc_name); 266 int mac_mount_check_remount(vfs_context_t ctx, struct mount *mp); 267 int mac_mount_check_setattr(vfs_context_t ctx, struct mount *mp, 268 struct vfs_attr *vfa); 269 int mac_mount_check_stat(vfs_context_t ctx, struct mount *mp); 270 int mac_mount_check_umount(vfs_context_t ctx, struct mount *mp); 271 void mac_mount_label_associate(vfs_context_t ctx, struct mount *mp); 272 void mac_mount_label_destroy(struct mount *mp); 273 int mac_mount_label_externalize(struct label *label, char *elements, 274 char *outbuf, size_t outbuflen); 275 int mac_mount_label_get(struct mount *mp, user_addr_t mac_p); 276 void mac_mount_label_init(struct mount *); 277 int mac_mount_label_internalize(struct label *, char *string); 278 void mac_netinet_fragment(struct mbuf *datagram, struct mbuf *fragment); 279 void mac_netinet_icmp_reply(struct mbuf *m); 280 void mac_netinet_tcp_reply(struct mbuf *m); 281 int mac_pipe_check_ioctl(kauth_cred_t cred, struct pipe *cpipe, 282 unsigned int cmd); 283 int mac_pipe_check_kqfilter(kauth_cred_t cred, struct knote *kn, 284 struct pipe *cpipe); 285 int mac_pipe_check_read(kauth_cred_t cred, struct pipe *cpipe); 286 int mac_pipe_check_select(kauth_cred_t cred, struct pipe *cpipe, 287 int which); 288 int mac_pipe_check_stat(kauth_cred_t cred, struct pipe *cpipe); 289 int mac_pipe_check_write(kauth_cred_t cred, struct pipe *cpipe); 290 struct label *mac_pipe_label_alloc(void); 291 void mac_pipe_label_associate(kauth_cred_t cred, struct pipe *cpipe); 292 void mac_pipe_label_copy(struct label *src, struct label *dest); 293 void mac_pipe_label_destroy(struct pipe *cpipe); 294 void mac_pipe_label_free(struct label *label); 295 void mac_pipe_label_init(struct pipe *cpipe); 296 int mac_pipe_label_update(kauth_cred_t cred, struct pipe *cpipe, 297 struct label *label); 298 void mac_policy_initbsd(void); 299 int mac_posixsem_check_create(kauth_cred_t cred, const char *name); 300 int mac_posixsem_check_open(kauth_cred_t cred, struct pseminfo *psem); 301 int mac_posixsem_check_post(kauth_cred_t cred, struct pseminfo *psem); 302 int mac_posixsem_check_unlink(kauth_cred_t cred, struct pseminfo *psem, 303 const char *name); 304 int mac_posixsem_check_wait(kauth_cred_t cred, struct pseminfo *psem); 305 void mac_posixsem_vnode_label_associate(kauth_cred_t cred, 306 struct pseminfo *psem, struct label *plabel, 307 vnode_t vp, struct label *vlabel); 308 void mac_posixsem_label_associate(kauth_cred_t cred, 309 struct pseminfo *psem, const char *name); 310 void mac_posixsem_label_destroy(struct pseminfo *psem); 311 void mac_posixsem_label_init(struct pseminfo *psem); 312 int mac_posixshm_check_create(kauth_cred_t cred, const char *name); 313 int mac_posixshm_check_mmap(kauth_cred_t cred, struct pshminfo *pshm, 314 int prot, int flags); 315 int mac_posixshm_check_open(kauth_cred_t cred, struct pshminfo *pshm, 316 int fflags); 317 int mac_posixshm_check_stat(kauth_cred_t cred, struct pshminfo *pshm); 318 int mac_posixshm_check_truncate(kauth_cred_t cred, struct pshminfo *pshm, 319 off_t s); 320 int mac_posixshm_check_unlink(kauth_cred_t cred, struct pshminfo *pshm, 321 const char *name); 322 void mac_posixshm_vnode_label_associate(kauth_cred_t cred, 323 struct pshminfo *pshm, struct label *plabel, 324 vnode_t vp, struct label *vlabel); 325 void mac_posixshm_label_associate(kauth_cred_t cred, 326 struct pshminfo *pshm, const char *name); 327 void mac_posixshm_label_destroy(struct pshminfo *pshm); 328 void mac_posixshm_label_init(struct pshminfo *pshm); 329 int mac_priv_check(kauth_cred_t cred, int priv); 330 int mac_priv_grant(kauth_cred_t cred, int priv); 331 int mac_proc_check_debug(proc_t proc1, proc_t proc2); 332 int mac_proc_check_fork(proc_t proc); 333 int mac_proc_check_suspend_resume(proc_t proc, int sr); 334 int mac_proc_check_get_task_name(kauth_cred_t cred, struct proc *p); 335 int mac_proc_check_get_task(kauth_cred_t cred, struct proc *p); 336 int mac_proc_check_getaudit(proc_t proc); 337 int mac_proc_check_getauid(proc_t proc); 338 int mac_proc_check_getlcid(proc_t proc1, proc_t proc2, 339 pid_t pid); 340 int mac_proc_check_ledger(proc_t curp, proc_t target, int op); 341 int mac_proc_check_map_anon(proc_t proc, user_addr_t u_addr, 342 user_size_t u_size, int prot, int flags, int *maxprot); 343 int mac_proc_check_mprotect(proc_t proc, 344 user_addr_t addr, user_size_t size, int prot); 345 int mac_proc_check_run_cs_invalid(proc_t proc); 346 int mac_proc_check_sched(proc_t proc, proc_t proc2); 347 int mac_proc_check_setaudit(proc_t proc, struct auditinfo_addr *ai); 348 int mac_proc_check_setauid(proc_t proc, uid_t auid); 349 int mac_proc_check_setlcid(proc_t proc1, proc_t proc2, 350 pid_t pid1, pid_t pid2); 351 int mac_proc_check_signal(proc_t proc1, proc_t proc2, 352 int signum); 353 int mac_proc_check_wait(proc_t proc1, proc_t proc2); 354 void mac_proc_set_enforce(proc_t p, int enforce_flags); 355 int mac_setsockopt_label(kauth_cred_t cred, struct socket *so, 356 struct mac *extmac); 357 int mac_socket_check_accept(kauth_cred_t cred, struct socket *so); 358 int mac_socket_check_accepted(kauth_cred_t cred, struct socket *so); 359 int mac_socket_check_bind(kauth_cred_t cred, struct socket *so, 360 struct sockaddr *addr); 361 int mac_socket_check_connect(kauth_cred_t cred, struct socket *so, 362 struct sockaddr *addr); 363 int mac_socket_check_create(kauth_cred_t cred, int domain, 364 int type, int protocol); 365 int mac_socket_check_deliver(struct socket *so, struct mbuf *m); 366 int mac_socket_check_kqfilter(kauth_cred_t cred, struct knote *kn, 367 struct socket *so); 368 int mac_socket_check_listen(kauth_cred_t cred, struct socket *so); 369 int mac_socket_check_receive(kauth_cred_t cred, struct socket *so); 370 int mac_socket_check_received(kauth_cred_t cred, struct socket *so, 371 struct sockaddr *saddr); 372 int mac_socket_check_select(kauth_cred_t cred, struct socket *so, 373 int which); 374 int mac_socket_check_send(kauth_cred_t cred, struct socket *so, 375 struct sockaddr *addr); 376 int mac_socket_check_getsockopt(kauth_cred_t cred, struct socket *so, 377 struct sockopt *sopt); 378 int mac_socket_check_setsockopt(kauth_cred_t cred, struct socket *so, 379 struct sockopt *sopt); 380 int mac_socket_check_stat(kauth_cred_t cred, struct socket *so); 381 void mac_socket_label_associate(kauth_cred_t cred, struct socket *so); 382 void mac_socket_label_associate_accept(struct socket *oldsocket, 383 struct socket *newsocket); 384 void mac_socket_label_copy(struct label *from, struct label *to); 385 void mac_socket_label_destroy(struct socket *); 386 int mac_socket_label_get(kauth_cred_t cred, struct socket *so, 387 struct mac *extmac); 388 int mac_socket_label_init(struct socket *, int waitok); 389 void mac_socketpeer_label_associate_mbuf(struct mbuf *m, struct socket *so); 390 void mac_socketpeer_label_associate_socket(struct socket *peersocket, 391 struct socket *socket_to_modify); 392 int mac_socketpeer_label_get(kauth_cred_t cred, struct socket *so, 393 struct mac *extmac); 394 int mac_system_check_acct(kauth_cred_t cred, struct vnode *vp); 395 int mac_system_check_audit(kauth_cred_t cred, void *record, int length); 396 int mac_system_check_auditctl(kauth_cred_t cred, struct vnode *vp); 397 int mac_system_check_auditon(kauth_cred_t cred, int cmd); 398 int mac_system_check_chud(kauth_cred_t cred); 399 int mac_system_check_host_priv(kauth_cred_t cred); 400 int mac_system_check_nfsd(kauth_cred_t cred); 401 int mac_system_check_reboot(kauth_cred_t cred, int howto); 402 int mac_system_check_settime(kauth_cred_t cred); 403 int mac_system_check_swapoff(kauth_cred_t cred, struct vnode *vp); 404 int mac_system_check_swapon(kauth_cred_t cred, struct vnode *vp); 405 int mac_system_check_sysctl(kauth_cred_t cred, int *name, 406 u_int namelen, user_addr_t oldctl, user_addr_t oldlenp, int inkernel, 407 user_addr_t newctl, size_t newlen); 408 int mac_system_check_kas_info(kauth_cred_t cred, int selector); 409 void mac_sysvmsg_label_associate(kauth_cred_t cred, 410 struct msqid_kernel *msqptr, struct msg *msgptr); 411 void mac_sysvmsg_label_init(struct msg *msgptr); 412 void mac_sysvmsg_label_recycle(struct msg *msgptr); 413 int mac_sysvmsq_check_enqueue(kauth_cred_t cred, struct msg *msgptr, 414 struct msqid_kernel *msqptr); 415 int mac_sysvmsq_check_msgrcv(kauth_cred_t cred, struct msg *msgptr); 416 int mac_sysvmsq_check_msgrmid(kauth_cred_t cred, struct msg *msgptr); 417 int mac_sysvmsq_check_msqctl(kauth_cred_t cred, 418 struct msqid_kernel *msqptr, int cmd); 419 int mac_sysvmsq_check_msqget(kauth_cred_t cred, 420 struct msqid_kernel *msqptr); 421 int mac_sysvmsq_check_msqrcv(kauth_cred_t cred, 422 struct msqid_kernel *msqptr); 423 int mac_sysvmsq_check_msqsnd(kauth_cred_t cred, 424 struct msqid_kernel *msqptr); 425 void mac_sysvmsq_label_associate(kauth_cred_t cred, 426 struct msqid_kernel *msqptr); 427 void mac_sysvmsq_label_init(struct msqid_kernel *msqptr); 428 void mac_sysvmsq_label_recycle(struct msqid_kernel *msqptr); 429 int mac_sysvsem_check_semctl(kauth_cred_t cred, 430 struct semid_kernel *semakptr, int cmd); 431 int mac_sysvsem_check_semget(kauth_cred_t cred, 432 struct semid_kernel *semakptr); 433 int mac_sysvsem_check_semop(kauth_cred_t cred, 434 struct semid_kernel *semakptr, size_t accesstype); 435 void mac_sysvsem_label_associate(kauth_cred_t cred, 436 struct semid_kernel *semakptr); 437 void mac_sysvsem_label_destroy(struct semid_kernel *semakptr); 438 void mac_sysvsem_label_init(struct semid_kernel *semakptr); 439 void mac_sysvsem_label_recycle(struct semid_kernel *semakptr); 440 int mac_sysvshm_check_shmat(kauth_cred_t cred, 441 struct shmid_kernel *shmsegptr, int shmflg); 442 int mac_sysvshm_check_shmctl(kauth_cred_t cred, 443 struct shmid_kernel *shmsegptr, int cmd); 444 int mac_sysvshm_check_shmdt(kauth_cred_t cred, 445 struct shmid_kernel *shmsegptr); 446 int mac_sysvshm_check_shmget(kauth_cred_t cred, 447 struct shmid_kernel *shmsegptr, int shmflg); 448 void mac_sysvshm_label_associate(kauth_cred_t cred, 449 struct shmid_kernel *shmsegptr); 450 void mac_sysvshm_label_destroy(struct shmid_kernel *shmsegptr); 451 void mac_sysvshm_label_init(struct shmid_kernel* shmsegptr); 452 void mac_sysvshm_label_recycle(struct shmid_kernel *shmsegptr); 453 struct label * mac_thread_label_alloc(void); 454 void mac_thread_label_destroy(struct uthread *uthread); 455 void mac_thread_label_free(struct label *label); 456 void mac_thread_label_init(struct uthread *uthread); 457 int mac_vnode_check_access(vfs_context_t ctx, struct vnode *vp, 458 int acc_mode); 459 int mac_vnode_check_chdir(vfs_context_t ctx, struct vnode *dvp); 460 int mac_vnode_check_chroot(vfs_context_t ctx, struct vnode *dvp, 461 struct componentname *cnp); 462 int mac_vnode_check_create(vfs_context_t ctx, struct vnode *dvp, 463 struct componentname *cnp, struct vnode_attr *vap); 464 int mac_vnode_check_deleteextattr(vfs_context_t ctx, struct vnode *vp, 465 const char *name); 466 int mac_vnode_check_exchangedata(vfs_context_t ctx, struct vnode *v1, 467 struct vnode *v2); 468 int mac_vnode_check_exec(vfs_context_t ctx, struct vnode *vp, 469 struct image_params *imgp); 470 int mac_vnode_check_fsgetpath(vfs_context_t ctx, struct vnode *vp); 471 int mac_vnode_check_signature(struct vnode *vp, unsigned char *sha1, 472 void * signature, size_t size); 473 int mac_vnode_check_getattrlist(vfs_context_t ctx, struct vnode *vp, 474 struct attrlist *alist); 475 int mac_vnode_check_getextattr(vfs_context_t ctx, struct vnode *vp, 476 const char *name, struct uio *uio); 477 int mac_vnode_check_ioctl(vfs_context_t ctx, struct vnode *vp, 478 unsigned int cmd); 479 int mac_vnode_check_kqfilter(vfs_context_t ctx, 480 kauth_cred_t file_cred, struct knote *kn, struct vnode *vp); 481 int mac_vnode_check_label_update(vfs_context_t ctx, struct vnode *vp, 482 struct label *newlabel); 483 int mac_vnode_check_link(vfs_context_t ctx, struct vnode *dvp, 484 struct vnode *vp, struct componentname *cnp); 485 int mac_vnode_check_listextattr(vfs_context_t ctx, struct vnode *vp); 486 int mac_vnode_check_lookup(vfs_context_t ctx, struct vnode *dvp, 487 struct componentname *cnp); 488 int mac_vnode_check_open(vfs_context_t ctx, struct vnode *vp, 489 int acc_mode); 490 int mac_vnode_check_read(vfs_context_t ctx, 491 kauth_cred_t file_cred, struct vnode *vp); 492 int mac_vnode_check_readdir(vfs_context_t ctx, struct vnode *vp); 493 int mac_vnode_check_readlink(vfs_context_t ctx, struct vnode *vp); 494 int mac_vnode_check_rename_from(vfs_context_t ctx, struct vnode *dvp, 495 struct vnode *vp, struct componentname *cnp); 496 int mac_vnode_check_rename_to(vfs_context_t ctx, struct vnode *dvp, 497 struct vnode *vp, int samedir, struct componentname *cnp); 498 int mac_vnode_check_revoke(vfs_context_t ctx, struct vnode *vp); 499 int mac_vnode_check_searchfs(vfs_context_t ctx, struct vnode *vp, 500 struct attrlist *alist); 501 int mac_vnode_check_select(vfs_context_t ctx, struct vnode *vp, 502 int which); 503 int mac_vnode_check_setattrlist(vfs_context_t ctxd, struct vnode *vp, 504 struct attrlist *alist); 505 int mac_vnode_check_setextattr(vfs_context_t ctx, struct vnode *vp, 506 const char *name, struct uio *uio); 507 int mac_vnode_check_setflags(vfs_context_t ctx, struct vnode *vp, 508 u_long flags); 509 int mac_vnode_check_setmode(vfs_context_t ctx, struct vnode *vp, 510 mode_t mode); 511 int mac_vnode_check_setowner(vfs_context_t ctx, struct vnode *vp, 512 uid_t uid, gid_t gid); 513 int mac_vnode_check_setutimes(vfs_context_t ctx, struct vnode *vp, 514 struct timespec atime, struct timespec mtime); 515 int mac_vnode_check_stat(vfs_context_t ctx, 516 kauth_cred_t file_cred, struct vnode *vp); 517 int mac_vnode_check_truncate(vfs_context_t ctx, 518 kauth_cred_t file_cred, struct vnode *vp); 519 int mac_vnode_check_uipc_bind(vfs_context_t ctx, struct vnode *dvp, 520 struct componentname *cnp, struct vnode_attr *vap); 521 int mac_vnode_check_uipc_connect(vfs_context_t ctx, struct vnode *vp); 522 int mac_vnode_check_unlink(vfs_context_t ctx, struct vnode *dvp, 523 struct vnode *vp, struct componentname *cnp); 524 int mac_vnode_check_write(vfs_context_t ctx, 525 kauth_cred_t file_cred, struct vnode *vp); 526 struct label *mac_vnode_label_alloc(void); 527 int mac_vnode_label_associate(struct mount *mp, struct vnode *vp, 528 vfs_context_t ctx); 529 void mac_vnode_label_associate_devfs(struct mount *mp, struct devnode *de, 530 struct vnode *vp); 531 int mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp); 532 int mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp, 533 struct vnode *vp, vfs_context_t ctx); 534 void mac_vnode_label_associate_singlelabel(struct mount *mp, 535 struct vnode *vp); 536 void mac_vnode_label_copy(struct label *l1, struct label *l2); 537 void mac_vnode_label_destroy(struct vnode *vp); 538 int mac_vnode_label_externalize_audit(struct vnode *vp, struct mac *mac); 539 void mac_vnode_label_free(struct label *label); 540 void mac_vnode_label_init(struct vnode *vp); 541 int mac_vnode_label_init_needed(struct vnode *vp); 542 void mac_vnode_label_recycle(struct vnode *vp); 543 void mac_vnode_label_update(vfs_context_t ctx, struct vnode *vp, 544 struct label *newlabel); 545 void mac_vnode_label_update_extattr(struct mount *mp, struct vnode *vp, 546 const char *name); 547 int mac_vnode_notify_create(vfs_context_t ctx, struct mount *mp, 548 struct vnode *dvp, struct vnode *vp, struct componentname *cnp); 549 void mac_vnode_notify_rename(vfs_context_t ctx, struct vnode *vp, 550 struct vnode *dvp, struct componentname *cnp); 551 int vnode_label(struct mount *mp, struct vnode *dvp, struct vnode *vp, 552 struct componentname *cnp, int flags, vfs_context_t ctx); 553 void vnode_relabel(struct vnode *vp); 554 555 void psem_label_associate(struct fileproc *fp, struct vnode *vp, struct vfs_context *ctx); 556 void pshm_label_associate(struct fileproc *fp, struct vnode *vp, struct vfs_context *ctx); 557 558 #if CONFIG_MACF_NET 559 struct label *mac_bpfdesc_label_get(struct bpf_d *d); 560 void mac_bpfdesc_label_set(struct bpf_d *d, struct label *label); 561 #endif 562 563 #endif /* CONFIG_MACF */ 564 565 #endif /* !_SECURITY_MAC_FRAMEWORK_H_ */
Cache object: 1cecc8232f31e74a3a9411e51aabca7f
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]