The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_system.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*
    2  * Copyright (c) 2007 Apple Inc. All rights reserved.
    3  *
    4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
    5  * 
    6  * This file contains Original Code and/or Modifications of Original Code
    7  * as defined in and that are subject to the Apple Public Source License
    8  * Version 2.0 (the 'License'). You may not use this file except in
    9  * compliance with the License. The rights granted to you under the License
   10  * may not be used to create, or enable the creation or redistribution of,
   11  * unlawful or unlicensed copies of an Apple operating system, or to
   12  * circumvent, violate, or enable the circumvention or violation of, any
   13  * terms of an Apple operating system software license agreement.
   14  * 
   15  * Please obtain a copy of the License at
   16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
   17  * 
   18  * The Original Code and all software distributed under the License are
   19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
   20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
   21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
   22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
   23  * Please see the License for the specific language governing rights and
   24  * limitations under the License.
   25  * 
   26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
   27  */
   28 
   29 /*-
   30  * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
   31  * Copyright (c) 2001 Ilmar S. Habibulin
   32  * Copyright (c) 2001, 2002, 2003, 2004 Networks Associates Technology, Inc.
   33  *
   34  * This software was developed by Robert Watson and Ilmar Habibulin for the
   35  * TrustedBSD Project.
   36  *
   37  * This software was developed for the FreeBSD Project in part by Network
   38  * Associates Laboratories, the Security Research Division of Network
   39  * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
   40  * as part of the DARPA CHATS research program.
   41  *
   42  * Redistribution and use in source and binary forms, with or without
   43  * modification, are permitted provided that the following conditions
   44  * are met:
   45  * 1. Redistributions of source code must retain the above copyright
   46  *    notice, this list of conditions and the following disclaimer.
   47  * 2. Redistributions in binary form must reproduce the above copyright
   48  *    notice, this list of conditions and the following disclaimer in the
   49  *    documentation and/or other materials provided with the distribution.
   50  *
   51  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   52  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   53  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   54  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   55  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   56  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   57  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   58  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   59  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   60  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   61  * SUCH DAMAGE.
   62  *
   63  */
   64 
   65 #include <sys/param.h>
   66 #include <sys/vnode.h>
   67 #include <sys/vnode_internal.h>
   68 
   69 #include <security/mac_internal.h>
   70 
   71 
   72 int
   73 mac_system_check_acct(kauth_cred_t cred, struct vnode *vp)
   74 {
   75         int error;
   76 
   77         if (!mac_system_enforce)
   78                 return (0);
   79 
   80         MAC_CHECK(system_check_acct, cred, vp,
   81             vp != NULL ? vp->v_label : NULL);
   82 
   83         return (error);
   84 }
   85 
   86 int
   87 mac_system_check_host_priv(kauth_cred_t cred)
   88 {
   89         int error;
   90 
   91         if (!mac_system_enforce)
   92                 return (0);
   93 
   94         MAC_CHECK(system_check_host_priv, cred);
   95 
   96         return (error);
   97 }
   98 
   99 int
  100 mac_system_check_nfsd(kauth_cred_t cred)
  101 {
  102         int error;
  103 
  104         if (!mac_system_enforce)
  105                 return (0);
  106 
  107         MAC_CHECK(system_check_nfsd, cred);
  108 
  109         return (error);
  110 }
  111 
  112 int
  113 mac_system_check_reboot(kauth_cred_t cred, int howto)
  114 {
  115         int error;
  116 
  117         if (!mac_system_enforce)
  118                 return (0);
  119 
  120         MAC_CHECK(system_check_reboot, cred, howto);
  121 
  122         return (error);
  123 }
  124 
  125 int
  126 mac_system_check_settime(kauth_cred_t cred)
  127 {
  128         int error;
  129 
  130         if (!mac_system_enforce)
  131                 return (0);
  132 
  133         MAC_CHECK(system_check_settime, cred);
  134 
  135         return (error);
  136 }
  137 
  138 int
  139 mac_system_check_swapon(kauth_cred_t cred, struct vnode *vp)
  140 {
  141         int error;
  142 
  143         if (!mac_system_enforce)
  144                 return (0);
  145 
  146         MAC_CHECK(system_check_swapon, cred, vp, vp->v_label);
  147         return (error);
  148 }
  149 
  150 int
  151 mac_system_check_swapoff(kauth_cred_t cred, struct vnode *vp)
  152 {
  153         int error;
  154 
  155 
  156 
  157         if (!mac_system_enforce)
  158                 return (0);
  159 
  160         MAC_CHECK(system_check_swapoff, cred, vp, vp->v_label);
  161         return (error);
  162 }
  163 
  164 int
  165 mac_system_check_sysctl(kauth_cred_t cred, int *name, u_int namelen,
  166     user_addr_t old, user_addr_t oldlenp, int inkernel, user_addr_t new, size_t newlen)
  167 {
  168         int error;
  169 
  170         /*
  171          * XXXMAC: We're very much like to assert the SYSCTL_LOCK here,
  172          * but since it's not exported from kern_sysctl.c, we can't.
  173          */
  174         if (!mac_system_enforce)
  175                 return (0);
  176 
  177         MAC_CHECK(system_check_sysctl, cred, name, namelen, old, oldlenp,
  178             inkernel, new, newlen);
  179 
  180         return (error);
  181 }

Cache object: 88031ebca39e33a3f89a00721e1570a6


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.